feat(auth api): expose login policy of authenticated user (#4979)

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2025-08-11 20:47:32 +00:00 · 2023-01-05 14:04:38 +01:00
parent f34611d675
commit 5651f98600
3 changed files with 57 additions and 0 deletions
--- a/docs/docs/apis/proto/auth.md
+++ b/docs/docs/apis/proto/auth.md
@@ -594,6 +594,18 @@ Returns the privacy policy of the current organisation
    GET: /policies/privacy


+### GetMyLoginPolicy
+
+> **rpc** GetMyLoginPolicy([GetMyLoginPolicyRequest](#getmyloginpolicyrequest))
+[GetMyLoginPolicyResponse](#getmyloginpolicyresponse)
+
+Returns the login policy of the current organisation
+
+
+
+    GET: /policies/login
+
+



@@ -767,6 +779,23 @@ This is an empty request



+### GetMyLoginPolicyRequest
+This is an empty request
+
+
+
+
+### GetMyLoginPolicyResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| policy |  zitadel.policy.v1.LoginPolicy | - |  |
+
+
+
+
 ### GetMyMetadataRequest


--- a/internal/api/grpc/auth/policy.go
+++ b/internal/api/grpc/auth/policy.go
@@ -27,3 +27,13 @@ func (s *Server) GetMyPrivacyPolicy(ctx context.Context, _ *auth_pb.GetMyPrivacy
 		Policy: policy_grpc.ModelPrivacyPolicyToPb(policy),
 	}, nil
 }
+
+func (s *Server) GetMyLoginPolicy(ctx context.Context, _ *auth_pb.GetMyLoginPolicyRequest) (*auth_pb.GetMyLoginPolicyResponse, error) {
+	policy, err := s.query.LoginPolicyByID(ctx, true, authz.GetCtxData(ctx).OrgID, false)
+	if err != nil {
+		return nil, err
+	}
+	return &auth_pb.GetMyLoginPolicyResponse{
+		Policy: policy_grpc.ModelLoginPolicyToPb(policy),
+	}, nil
+}
--- a/proto/zitadel/auth.proto
+++ b/proto/zitadel/auth.proto
@@ -607,6 +607,17 @@ service AuthService {
            permission: "authenticated"
        };
    }
+
+    // Returns the login policy of the current organisation
+    rpc GetMyLoginPolicy(GetMyLoginPolicyRequest) returns (GetMyLoginPolicyResponse) {
+        option (google.api.http) = {
+            get: "/policies/login"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "authenticated"
+        };
+    }
 }

 //This is an empty request
@@ -1053,3 +1064,10 @@ message GetMyPrivacyPolicyRequest {}
 message GetMyPrivacyPolicyResponse {
    zitadel.policy.v1.PrivacyPolicy policy = 1;
 }
+
+//This is an empty request
+message GetMyLoginPolicyRequest {}
+
+message GetMyLoginPolicyResponse {
+    zitadel.policy.v1.LoginPolicy policy = 1;
+}