From 5541e0170c61b717d629d786a1f3ca45692b44e6 Mon Sep 17 00:00:00 2001 From: mffap Date: Tue, 5 Sep 2023 08:32:47 +0200 Subject: [PATCH] docs(api): restructure overview (#6485) * update sdks * restructure * resource based * headings * docs: add sdks * docs: build your own login sidebar * Apply suggestions from code review Co-authored-by: Fabi * add info * move custom login guide inline --------- Co-authored-by: Fabienne Co-authored-by: Fabi --- docs/docs/apis/introduction.mdx | 128 +++++++++++++++++++++++--------- docs/docs/examples/sdks.md | 26 ++++--- docs/sidebars.js | 14 ++++ 3 files changed, 122 insertions(+), 46 deletions(-) diff --git a/docs/docs/apis/introduction.mdx b/docs/docs/apis/introduction.mdx index c17048083e..7db6f98410 100644 --- a/docs/docs/apis/introduction.mdx +++ b/docs/docs/apis/introduction.mdx @@ -6,38 +6,72 @@ sidebar_label: Overview import { ApiCard } from "../../src/components/apicard"; import Column from "../../src/components/column"; -## APIs +ZITADEL exposes all features via different gRPC and REST APIs and provides SDKs for popular languages and frameworks. -ZITADEL provides five APIs for different use cases. Four of these APIs are built with GRPC and generate a REST service. -Each service's proto definition is located in the source control on GitHub. -As we generate the REST services and Swagger file out of the proto definition we recommend that you rely on the proto file. -We annotate the corresponding REST methods on each possible call as well as the AuthN and AuthZ requirements. -The last API (assets) is only a REST API because ZITADEL uses multipart form data for certain elements. +The [OpenID Connect & OAuth endpoints](/docs/apis/openidoauth/endpoints) and [SAML 2.0 endpoints](/docs/apis/saml/endpoints) are implemented and exposed according to the specific standards. Managing resources such as users, organizations, instances, or settings must be done with the different [ZITADEL APIs](#zitadel-apis-resource-based). -### Proto +[Actions](/docs/apis/actions/introduction) allow to extend ZITADEL with custom code to change default behaviors or calling external systems. -All of our APIs are generated by proto definitions. You can find all the proto definitions in the [Proto API Definitions](https://github.com/zitadel/zitadel/tree/main/proto/zitadel). +## Authentication & authorization -> More about [Protocol Buffer](https://developers.google.com/protocol-buffers) +ZITADEL implements industry standards such as OpenID Connect, OAuth 2.0, or SAML for authentication. +Please refer to our guides how to [authenticate users](/docs/guides/integrate/human-users) through an interactive authentication process and how to [authenticate service users](/docs/guides/integrate/serviceusers) with a programmatic authentication. -### Swagger Documentation +### OpenID Connect & OAuth -We provide some json files for the swagger documentation of our APIs with the following link: [https://zitadel.cloud/openapi/v2/swagger/](https://zitadel.cloud/openapi/v2/swagger/) +- [OpenID Connect endpoints](/docs/apis/openidoauth/endpoints) definition +- Standard and reserved [scopes reference](/docs/apis/openidoauth/scopes) +- Standard, custom, and reserved [claims reference](/docs/apis/openidoauth/claims) -The easiest way to have a look at them is, to import them in the [Swagger Editor](https://editor.swagger.io/) +The [OIDC Playground](/docs/apis/openidoauth/authrequest) is for testing OpenID authentication requests and their parameters. + +### SAML 2.0 + +- [SAML 2.0 endpoints](/docs/apis/saml/endpoints) definition +- [Custom attributes](https://github.com/zitadel/actions/blob/main/examples/set_custom_attribute.js) can be added with an action + +### Custom + +ZITADEL allows to authenticate users by creating a session with the [Session API](/docs/apis/resources/session_service) or get OIDC authentication request details with the [OIDC service API](/docs/apis/resources/oidc_service). +User authorizations can be [retrieved as roles from our APIs](/docs/guides/integrate/retrieve-user-roles). + +Refer to our guide to learn how to [build your own login UI](/docs/guides/integrate/login-ui) + +## ZITADEL APIs (resource-based) + +ZITADEL provides APIs for each [core resource](/docs/apis/resources): + +- [User](/docs/apis/resources/user_service) +- [Session](/docs/apis/resources/session_service) +- [Settings](/docs/apis/resources/settings_service) + +:::info +We are migrating to a resource-based API approach. +You might need to use the existing [service-based](#zitadel-apis-service-based) APIs for now to manage Organizations, Instances, Assets etc. +::: + +## ZITADEL APIs (service-based) + +:::info Prefer resource-based API +ZITADEL APIs were organized by UseCase/Context, such as Auth API for authenticated users and Management API for organization managers. +This led to confusion about which API to use, particularly for requests that could be useful across multiple APIs but with different filters. +For instance, SearchUsers on an Instance Level or on an Organization Level. + +To address this issue, ZITADEL is migrating to a [resource-based API](#zitadel-apis-resource-based). +:::
-## Authentication +### Authentication The authentication API (aka Auth API) is used for all operations on the currently logged in user. The user id is taken from the sub claim in the token.
-### GRPC +#### GRPC Endpoint: $ZITADEL_DOMAIN/zitadel.auth.v1.AuthService/ @@ -45,7 +79,7 @@ $ZITADEL_DOMAIN/zitadel.auth.v1.AuthService/ Definition: [Auth Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/auth.proto) -### REST +#### REST Endpoint: $ZITADEL_DOMAIN/auth/v1/ @@ -62,7 +96,7 @@ API Reference:
-## Management +### Management The management API is as the name states the interface where systems can mutate IAM objects like, organizations, projects, clients, users and so on if they have the necessary access rights. To identify the current organization you can send a header `x-zitadel-orgid` or if no header is set, the organization of the authenticated user is set. @@ -70,7 +104,7 @@ To identify the current organization you can send a header `x-zitadel-orgid` or
-### GRPC +#### GRPC Endpoint: $ZITADEL_DOMAIN/zitadel.management.v1.ManagementService/ @@ -78,7 +112,7 @@ $ZITADEL_DOMAIN/zitadel.management.v1.ManagementService/ Definition: [Management Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/management.proto) -### REST +#### REST Endpoint: $ZITADEL_DOMAIN/management/v1/ @@ -94,14 +128,14 @@ API Reference:
-## Administration +### Administration This API is intended to configure and manage one ZITADEL instance itself.
-### GRPC +#### GRPC Endpoint: $ZITADEL_DOMAIN/zitadel.admin.v1.AdminService/ @@ -109,7 +143,7 @@ $ZITADEL_DOMAIN/zitadel.admin.v1.AdminService/ Definition: [Admin Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/admin.proto) -### REST +#### REST Endpoint: $ZITADEL_DOMAIN/admin/v1/ @@ -125,7 +159,7 @@ API Reference:
-## System +### System This API is intended to manage the different ZITADEL instances within the system. @@ -134,7 +168,7 @@ Checkout the guide how to [access the ZITADEL System API](/guides/integrate/acce
-### GRPC +#### GRPC Endpoint: $ZITADEL_DOMAIN/zitadel.system.v1.SystemService/ @@ -142,7 +176,7 @@ $ZITADEL_DOMAIN/zitadel.system.v1.SystemService/ Definition: [System Proto](https://github.com/zitadel/zitadel/blob/main/proto/zitadel/system.proto) -### REST +#### REST Endpoint: $ZITADEL_DOMAIN/system/v1/ @@ -158,14 +192,14 @@ API Reference:
-## Assets +### Assets The Assets API allows you to up- and download all kinds of assets. This can be files such as logos, fonts or user avatar.
-### REST +#### REST Endpoint: $ZITADEL_DOMAIN/assets/v1/ @@ -177,11 +211,36 @@ Definition: -## Example + +## API definitions + +Each service's proto definition is located in the source control on GitHub. +As we generate the REST services and Swagger file out of the proto definition we recommend that you rely on the proto file. +We annotate the corresponding REST methods on each possible call as well as the AuthN and AuthZ requirements. +The last API (assets) is only a REST API because ZITADEL uses multipart form data for certain elements. + +### SDKs + +ZITADEL provides some [official and community supported SDKs](/docs/examples/sdks) for multiple languages and frameworks. +Most languages allow you to build a client from proto definitions, which allows you to build your own client in case an SDK is missing. + +### Proto + +All of our APIs are generated by proto definitions. You can find all the proto definitions in the [Proto API Definitions](https://github.com/zitadel/zitadel/tree/main/proto/zitadel). + +> More about [Protocol Buffer](https://developers.google.com/protocol-buffers) + +### Swagger documentation + +We provide some json files for the swagger documentation of our APIs with the following link: [https://zitadel.cloud/openapi/v2/swagger/](https://zitadel.cloud/openapi/v2/swagger/) + +The easiest way to have a look at them is, to import them in the [Swagger Editor](https://editor.swagger.io/) + +### Example See below for an example with the call **GetMyUser**. -```Go +```go //User rpc GetMyUser(google.protobuf.Empty) returns (UserView) { option (google.api.http) = { @@ -207,19 +266,14 @@ In the table below you can see the URI of those calls. ZITADEL hosts everything under a single domain: `{instance}.zitadel.cloud` or your custom domain `$ZITADEL_DOMAIN` -:::note -Changes from ZITADEL V1: -Be aware that issuer, api, accounts and console domains do not exist anymore. -::: - The domain is used as the OIDC issuer and as the base url for the gRPC and REST APIs, the Login and Console UI, which you'll find under `{your_domain}/ui/console/`. -## ZITADEL Path Prefixes +## API path prefixes If you run ZITADEL on a custom domain, you may want to reuse that domain for other applications. For easy copying to your reverse proxy configuration, here is the list of URL path prefixes, ZITADEL uses. -``` +```yaml /zitadel.admin.v1.AdminService/ /admin/v1/ /zitadel.auth.v1.AuthService/ @@ -235,4 +289,8 @@ For easy copying to your reverse proxy configuration, here is the list of URL pa /oauth/v2/ /.well-known/openid-configuration /openapi/ +/v2alpha/ +/zitadel.user.v2alpha.UserService/ +/zitadel.session.v2alpha.SessionService/ +/zitadel.settings.v2alpha.SettingsService/ ``` diff --git a/docs/docs/examples/sdks.md b/docs/docs/examples/sdks.md index fc868a08a3..4c56c5053a 100644 --- a/docs/docs/examples/sdks.md +++ b/docs/docs/examples/sdks.md @@ -2,18 +2,23 @@ title: SDKs --- -## ZITADEL SDK +On this page you find our official SDKs, links to supporting frameworks and providers, and resources to help with SDKs. +The SDKs wrap either our [gRPC or REST APIs](/docs/apis/introduction) to provide the client with User Authentication and Management for resources. -| Language / Framework | Link Github | User Authentication | Manage resources | Notes | -|--- | --- | --- | --- | --- | -| .NET | [zitadel-net](https://github.com/smartive/zitadel-net) | ✔️ | ✔️ | `community` | -| Elixir | [zitadel_api](https://github.com/jshmrtn/zitadel_api) | ✔️ | ✔️ | `community` | -| Go | [zitadel-go](https://github.com/zitadel/zitadel-go) | ❌ | ✔️ | `official` | -| JVM | 🚧 [WIP](https://github.com/zitadel/zitadel/discussions/3650) | ❓ | ❓ | TBD | -| Python | 🚧 [WIP](https://github.com/zitadel/zitadel/issues/3675) | ❓ | ❓ | TBD | -| NodeJS | [@zitadel/node](https://www.npmjs.com/package/@zitadel/node) | ❌ | ✔️ | `community` | +## ZITADEL SDKs -## Missing an SDK +| Language / Framework | Link Github | User Authentication | Manage resources | Notes | +|----------------------|---------------------------------------------------------------| --- | --- | --- | +| .NET | [zitadel-net](https://github.com/smartive/zitadel-net) | ✔️ | ✔️ | `community` | +| Elixir | [zitadel_api](https://github.com/jshmrtn/zitadel_api) | ✔️ | ✔️ | `community` | +| Go | [zitadel-go](https://github.com/zitadel/zitadel-go) | ❌ | ✔️ | `official` | +| JVM | 🚧 [WIP](https://github.com/zitadel/zitadel/discussions/3650) | ❓ | ❓ | TBD | +| Python | 🚧 [WIP](https://github.com/zitadel/zitadel/issues/3675) | ❓ | ❓ | TBD | +| NodeJS | [@zitadel/node](https://www.npmjs.com/package/@zitadel/node) | ❌ | ✔️ | `community` | +| Dart | [zitadel-dart](https://github.com/smartive/zitadel-dart) | ❌ | ✔️ | `community` | +| Rust | [zitadel-rust](https://github.com/smartive/zitadel-rust) | ✔️ | ✔️ | `community` | + +## Missing SDK Is your language/framework missing? Fear not, you can generate your gRPC API Client with ease. @@ -83,7 +88,6 @@ Import these files into your project to start interacting with ZITADEL's APIs. While we are not actively maintaining the following projects, it is worth checking out if you're interested in exploring ZITADEL in different programming languages or frameworks. - [NodeJS passport](https://github.com/buehler/node-passport-zitadel) authentication helper -- [Dart library for ZITADEL](https://github.com/smartive/zitadel-dart), contains gRPC and API access elements - [NextAuth Provider for ZITADEL](https://next-auth.js.org/providers/zitadel) If we do not provide an example, SDK or guide, we strongly recommend using existing authentication libraries for your language or framework instead of building your own. diff --git a/docs/sidebars.js b/docs/sidebars.js index 8ddf32ca67..0280adbcfd 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -144,6 +144,13 @@ module.exports = { type: "category", label: "Authenticate users", collapsed: true, + link: { + type: "generated-index", + title: "Authenticate human users", + slug: "guides/integrate/human-users", + description: + "How to authenticate human users with OpenID Connect", + }, items: [ "guides/integrate/login-users", "guides/integrate/oauth-recommended-flows", @@ -439,6 +446,13 @@ module.exports = { type: "category", label: "Core Resources", collapsed: false, + link: { + type: "generated-index", + title: "Core Resources", + slug: "/apis/resources/", + description: + "Resource based API definitions", + }, items: [ { type: "category",