From 63bf5b93b4b14d4ce205a0acf9e98f61caa1f0c0 Mon Sep 17 00:00:00 2001 From: Fabi <38692350+hifabienne@users.noreply.github.com> Date: Tue, 28 Feb 2023 16:43:51 +0700 Subject: [PATCH] docs: Management api documentation (#5301) * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * docs: management api documentation * wording and typos --------- Co-authored-by: Florian Forster --- proto/zitadel/admin.proto | 99 +- proto/zitadel/auth.proto | 4 +- proto/zitadel/auth_n_key.proto | 1 + proto/zitadel/idp.proto | 1 + proto/zitadel/management.proto | 3874 ++++++++++++++++++++++++++++---- proto/zitadel/member.proto | 6 +- proto/zitadel/policy.proto | 8 +- proto/zitadel/project.proto | 4 +- 8 files changed, 3565 insertions(+), 432 deletions(-) diff --git a/proto/zitadel/admin.proto b/proto/zitadel/admin.proto index 2384d28dcc..eb0e9493f6 100644 --- a/proto/zitadel/admin.proto +++ b/proto/zitadel/admin.proto @@ -1895,7 +1895,7 @@ service AdminService { tags: "Settings"; tags: "Login Settings"; tags: "Identity Providers" - summary: "Add Linked Identity Providers"; + summary: "Add Linked Identity Provider"; description: "Add/link a pre-configured identity provider to the login settings of the instance. This means that it will be shown to the users on the login page. It affects all organizations, without custom login settings." responses: { key: "200"; @@ -1919,7 +1919,7 @@ service AdminService { tags: "Settings"; tags: "Login Settings"; tags: "Identity Providers" - summary: "Remove Linked Identity Providers"; + summary: "Remove Linked Identity Provider"; description: "Remove an identity provider from the login settings of the instance. This means that it will not be shown to the users on the login page. It affects all organizations, without custom login settings." responses: { key: "200"; @@ -2591,7 +2591,7 @@ service AdminService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "Message Texts"; - summary: "Set Default Verify Email Reset Message Text"; + summary: "Set Default Verify Email Message Text"; description: "Set the custom text of the verify email user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user adds a new nonverified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}" }; } @@ -2608,7 +2608,7 @@ service AdminService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "Message Texts"; summary: "Reset Custom Verify Email Message Text to Default"; - description: "Removes the custom text of the email verify user message/email that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured." + description: "Removes the custom text of the email verify message/email that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured." }; } @@ -2884,7 +2884,7 @@ service AdminService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "Login Texts"; summary: "Get Default Login Text"; - description: "Get the default texts for the login and register U of ZITADEL, which are stored as translation files in ZITADEL itself. The text will be shown to the users of all organizations, that do not have a custom text configured." + description: "Get the default texts for the login and register UI of ZITADEL, which are stored as translation files in ZITADEL itself. The text will be shown to the users of all organizations, that do not have a custom text configured." }; } @@ -4017,7 +4017,11 @@ message AddOIDCIDPRequest { message AddOIDCIDPResponse { zitadel.v1.ObjectDetails details = 1; - string idp_id = 2; + string idp_id = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"53829026806489455\""; + } + ]; } message AddJWTIDPRequest { @@ -4763,13 +4767,62 @@ message UpdateLabelPolicyRequest { description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set"; } ]; - string warn_color = 4 [(validate.rules).string = {max_len: 50}]; - string background_color = 5 [(validate.rules).string = {max_len: 50}]; - string font_color = 6 [(validate.rules).string = {max_len: 50}]; - string primary_color_dark = 7 [(validate.rules).string = {max_len: 50}]; - string background_color_dark = 8 [(validate.rules).string = { max_len: 50}]; - string warn_color_dark = 9 [(validate.rules).string = { max_len: 50}]; - string font_color_dark = 10 [(validate.rules).string = { max_len: 50}]; + string warn_color = 4 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for warn color"; + example: "\"#CD3D56\""; + max_length: 50; + } + ]; + string background_color = 5 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for background color"; + example: "\"#FAFAFA\""; + max_length: 50; + } + ]; + string font_color = 6 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for font color"; + example: "\"#000000\""; + max_length: 50; + } + ]; + string primary_color_dark = 7 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for the primary color dark theme"; + example: "\"#BBBAFA\""; + max_length: 50; + } + ]; + string background_color_dark = 8 [ + (validate.rules).string = { max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for background color dark theme"; + example: "\"#111827\""; + max_length: 50; + } + ]; + string warn_color_dark = 9 [ + (validate.rules).string = { max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for warning color dark theme"; + example: "\"#FF3B5B\""; + max_length: 50; + } + ]; + string font_color_dark = 10 [ + (validate.rules).string = { max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for font color dark theme"; + example: "\"#FFFFFF\""; + max_length: 50; + } + ]; bool disable_watermark = 11; } @@ -5034,22 +5087,22 @@ message UpdatePasswordComplexityPolicyRequest { ]; bool has_uppercase = 2 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "defines if the password MUST contain an upper case letter" + description: "Defines if the password MUST contain an upper case letter" } ]; bool has_lowercase = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "defines if the password MUST contain a lowercase letter" + description: "Defines if the password MUST contain a lowercase letter" } ]; bool has_number = 4 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "defines if the password MUST contain a number" + description: "Defines if the password MUST contain a number" } ]; bool has_symbol = 5 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "defines if the password MUST contain a symbol. E.g. \"$\"" + description: "Defines if the password MUST contain a symbol. E.g. \"$\"" } ]; } @@ -5135,7 +5188,11 @@ message UpdatePrivacyPolicyResponse { } message AddNotificationPolicyRequest { - bool password_change = 1; + bool password_change = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If set to true the users will get a notification whenever their password has been changed."; + } + ]; } message AddNotificationPolicyResponse { @@ -5150,7 +5207,11 @@ message GetNotificationPolicyResponse { } message UpdateNotificationPolicyRequest { - bool password_change = 1; + bool password_change = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If set to true the users will get a notification whenever their password has been changed."; + } + ]; } message UpdateNotificationPolicyResponse { diff --git a/proto/zitadel/auth.proto b/proto/zitadel/auth.proto index d9ee2d105a..2bb8488261 100644 --- a/proto/zitadel/auth.proto +++ b/proto/zitadel/auth.proto @@ -562,7 +562,7 @@ service AuthService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "User Social Login" summary: "List Social Logins"; - description: "Returns a list of all liked identity providers/social logins of the user. (e. Google, Microsoft, AzureAD, etc.)" + description: "Returns a list of all linked identity providers/social logins of the user. (e. Google, Microsoft, AzureAD, etc.)" }; } @@ -870,7 +870,7 @@ service AuthService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "User Memberships" summary: "List My ZITADEL Permissions"; - description: "Show all the permissions my user has in ZITADEL (ZITADEL Manager). The limit should always be set, there is a default limit set by the service" + description: "Show all the permissions my user has in ZITADEL (ZITADEL Manager)." }; } diff --git a/proto/zitadel/auth_n_key.proto b/proto/zitadel/auth_n_key.proto index 887ab664ff..f5656354da 100644 --- a/proto/zitadel/auth_n_key.proto +++ b/proto/zitadel/auth_n_key.proto @@ -17,6 +17,7 @@ message Key { zitadel.v1.ObjectDetails details = 2; KeyType type = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"KEY_TYPE_JSON\""; description: "the file type of the key"; } ]; diff --git a/proto/zitadel/idp.proto b/proto/zitadel/idp.proto index 3cb50afbbf..1594afa752 100644 --- a/proto/zitadel/idp.proto +++ b/proto/zitadel/idp.proto @@ -95,6 +95,7 @@ message IDPLoginPolicyLink { ]; IDPType idp_type = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"IDP_TYPE_OIDC\"]" description: "the authorization framework of the identity provider"; } ]; diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto index 1c9c57ae59..482402d43e 100644 --- a/proto/zitadel/management.proto +++ b/proto/zitadel/management.proto @@ -44,19 +44,49 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { } }; tags: [ + { + name: "Actions" + }, { name: "Applications", description: "Applications are the entry point to your project. Users either login into one of your clients and interact with them directly or use one of your APIs. All applications share the roles and authorizations of their project." }, + { + name: "Authentication Methods" + }, { name: "Authorization" }, + { + name: "Branding" + }, + { + name: "Domain Settings" + }, { name: "General" }, + { + name: "Identity Providers" + }, { name: "Global" }, + { + name: "Login Settings" + }, + { + name: "Login Texts" + }, + { + name: "Members" + }, + { + name: "Message Texts" + }, + { + name: "Notification Settings" + }, { name: "Organizations" }, @@ -64,12 +94,19 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { name: "Organization Metadata" }, { - name: "Policies" + name: "Password Settings" + }, + { + name: "Privacy Settings" }, { name: "Projects", description: "Projects are vessels for different applications/clients sharing the same role context." }, + { + name: "Project Grants", + description: "A project that is granted to another organization, so the other organization has access to it and can manage the user authorizations, is called a project grant." + }, { name: "Project Roles" }, @@ -80,6 +117,10 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { name: "Users", description: "ZITADEL knows two different types of users: Users (Human) and Service Users (Machine Accounts)" }, + { + name: "User Grants", + description: "User grants are the roles a user has for a specific project and organization." + }, { name: "User Human" }, @@ -89,6 +130,9 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { { name: "User Metadata", description: "Metadata is a key/value list to enrich the user object with any data needed. The data is not interpreted by ZITADEL itself." + }, + { + name: "ZITADEL Administrators" } ]; schemes: HTTPS; @@ -1723,7 +1767,7 @@ service ManagementService { parameters: { headers: { name: "x-zitadel-orgid"; - description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization."; + description: "The default is always the organization of the requesting user. If you like to get a result from another organization include the header. Make sure the requesting user has permission in the requested organization."; type: STRING, required: false; }; @@ -1731,8 +1775,6 @@ service ManagementService { }; } - // Lists all identity providers (social logins) that a human has configured (e.g Google, Microsoft, AD, etc..) - // Limit should always be set, there is a default limit set by the service rpc ListHumanLinkedIDPs(ListHumanLinkedIDPsRequest) returns (ListHumanLinkedIDPsResponse) { option (google.api.http) = { post: "/users/{user_id}/idps/_search" @@ -1742,9 +1784,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Users" + summary: "List Social Logins"; + description: "Returns a list of all linked identity providers/social logins of the user. (e. Google, Microsoft, AzureAD, etc.)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get the result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removed a configured identity provider (social login) of a human rpc RemoveHumanLinkedIDP(RemoveHumanLinkedIDPRequest) returns (RemoveHumanLinkedIDPResponse) { option (google.api.http) = { delete: "/users/{user_id}/idps/{idp_id}/{linked_user_id}" @@ -1753,10 +1808,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Users" + summary: "Remove Social Login"; + description: "Remove a configured social logins/identity providers of the user (e.g. Google, Microsoft, AzureAD, etc.). The user will not be able to log in with the given provider afterward. Make sure the user does have other possibilities to authenticate." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get the result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Show all the permissions a user has in ZITADEL (ZITADEL Manager) - // Limit should always be set, there is a default limit set by the service rpc ListUserMemberships(ListUserMembershipsRequest) returns (ListUserMembershipsResponse) { option (google.api.http) = { post: "/users/{user_id}/memberships/_search" @@ -1766,6 +1833,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.membership.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Users" + summary: "List ZITADEL Permissions"; + description: "Show all the permissions the user has in ZITADEL (ZITADEL Manager)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get the result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc GetMyOrg(GetMyOrgRequest) returns (GetMyOrgResponse) { @@ -2103,7 +2184,7 @@ service ManagementService { parameters: { headers: { name: "x-zitadel-orgid"; - description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; type: STRING, required: false; }; @@ -2111,8 +2192,6 @@ service ManagementService { }; } - // Returns all registered domains of my organization - // Limit should always be set, there is a default limit set by the service rpc ListOrgDomains(ListOrgDomainsRequest) returns (ListOrgDomainsResponse) { option (google.api.http) = { post: "/orgs/me/domains/_search" @@ -2122,9 +2201,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + summary: "Search Domains"; + description: "Returns the list of registered domains of an organization. The domains are used to identify to which organization a user belongs." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Adds a new domain to my organization rpc AddOrgDomain(AddOrgDomainRequest) returns (AddOrgDomainResponse) { option (google.api.http) = { post: "/orgs/me/domains" @@ -2134,9 +2226,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + summary: "Add Domain"; + description: "Add a new domain to an organization. The domains are used to identify to which organization a user belongs." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removed the domain from my organization rpc RemoveOrgDomain(RemoveOrgDomainRequest) returns (RemoveOrgDomainResponse) { option (google.api.http) = { delete: "/orgs/me/domains/{domain}" @@ -2145,9 +2250,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + summary: "Remove Domain"; + description: "Delete a new domain from an organization. The domains are used to identify to which organization a user belongs. If the uses use the domain for login, this will not be possible afterwards. They have to use another domain instead." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Generates a new file to validate your domain rpc GenerateOrgDomainValidation(GenerateOrgDomainValidationRequest) returns (GenerateOrgDomainValidationResponse) { option (google.api.http) = { post: "/orgs/me/domains/{domain}/validation/_generate" @@ -2157,10 +2275,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + summary: "Generate Domain Verification"; + description: "Generate a new file to be able to verify your domain with DNS or HTTP challenge." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Validates your domain with the chosen method - // Validated domains must be unique rpc ValidateOrgDomain(ValidateOrgDomainRequest) returns (ValidateOrgDomainResponse) { option (google.api.http) = { post: "/orgs/me/domains/{domain}/validation/_validate" @@ -2170,10 +2300,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + summary: "Verify Domain"; + description: "Make sure you have added the required verification to your domain, depending on the method you have chosen (HTTP or DNS challenge). ZITADEL will check it and set the domain as verified if it was successful. A verify domain has to be unique." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the domain as the primary - // Primary domain is shown as a suffix on the preferred username of the users of the organization rpc SetPrimaryOrgDomain(SetPrimaryOrgDomainRequest) returns (SetPrimaryOrgDomainResponse) { option (google.api.http) = { post: "/orgs/me/domains/{domain}/_set_primary" @@ -2182,9 +2324,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + summary: "Set Primary Domain"; + description: "Set a domain as primary. It has to be verified to be able to be set as primary. The primary domain will be shown as suffix on the usernames as preferred loginname on this organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all ZITADEL roles which are for organization managers rpc ListOrgMemberRoles(ListOrgMemberRolesRequest) returns (ListOrgMemberRolesResponse) { option (google.api.http) = { post: "/orgs/members/roles/_search" @@ -2193,10 +2348,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.member.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations" + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "List Organization Member Roles"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all roles possible for a ZITADEL member on the organization level." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all ZITADEL managers of this organization (Project and Project Grant managers not included) - // Limit should always be set, there is a default limit set by the service rpc ListOrgMembers(ListOrgMembersRequest) returns (ListOrgMembersResponse) { option (google.api.http) = { post: "/orgs/me/members/_search" @@ -2206,9 +2375,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.member.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations" + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "List Organization Members"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all users with memberships on the organization level, matching the search queries. The search queries will be AND linked." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Adds a new organization manager, which is allowed to administrate ZITADEL rpc AddOrgMember(AddOrgMemberRequest) returns (AddOrgMemberResponse) { option (google.api.http) = { post: "/orgs/me/members" @@ -2218,9 +2402,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.member.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Add Organization Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request adds a new user to the members list on the organization level with one or multiple roles." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Changes the organization manager rpc UpdateOrgMember(UpdateOrgMemberRequest) returns (UpdateOrgMemberResponse) { option (google.api.http) = { put: "/orgs/me/members/{user_id}" @@ -2230,9 +2429,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.member.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Update Organization Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request changes the roles of an existing member. The whole roles list will be updated. Make sure to include roles that you don't want to change (remove)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes an organization manager rpc RemoveOrgMember(RemoveOrgMemberRequest) returns (RemoveOrgMemberResponse) { option (google.api.http) = { delete: "/orgs/me/members/{user_id}" @@ -2241,10 +2455,25 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.member.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Organizations"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Remove Organization Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request removes a user from the members list on an instance level. The user can still have roles on another level (iam, project)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns a project from my organization (no granted projects) - rpc GetProjectByID(GetProjectByIDRequest) returns (GetProjectByIDResponse) { + rpc GetProjectByID(GetProjectByIDRequest) returns (GetProjectByIDResponse) { option (google.api.http) = { get: "/projects/{id}" }; @@ -2253,9 +2482,22 @@ service ManagementService { permission: "project.read" check_field_name: "Id" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + summary: "Get Project By ID"; + description: "Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // returns a project my organization got granted from another organization rpc GetGrantedProjectByID(GetGrantedProjectByIDRequest) returns (GetGrantedProjectByIDResponse) { option (google.api.http) = { get: "/granted_projects/{project_id}/grants/{grant_id}" @@ -2265,6 +2507,20 @@ service ManagementService { permission: "project.read" check_field_name: "GrantId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + summary: "Get Granted Project By ID"; + description: "Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse) { @@ -2280,7 +2536,7 @@ service ManagementService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "Projects"; summary: "Search Project"; - description: "Lists all projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context." + description: "Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context." parameters: { headers: { name: "x-zitadel-orgid"; @@ -2292,8 +2548,6 @@ service ManagementService { }; } - // returns all projects my organization got granted from another organization - // Limit should always be set, there is a default limit set by the service rpc ListGrantedProjects(ListGrantedProjectsRequest) returns (ListGrantedProjectsResponse) { option (google.api.http) = { post: "/granted_projects/_search" @@ -2303,10 +2557,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + summary: "Search Granted Project"; + description: "Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // returns all roles of a project grant - // Limit should always be set, there is a default limit set by the service rpc ListGrantedProjectRoles(ListGrantedProjectRolesRequest) returns (ListGrantedProjectRolesResponse) { option (google.api.http) = { get: "/granted_projects/{project_id}/grants/{grant_id}/roles/_search" @@ -2316,10 +2582,22 @@ service ManagementService { permission: "project.role.read" check_field_name: "GrantId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + summary: "Search Granted Project Roles"; + description: "Lists the roles a granted projects has. These are the roles, that have been granted by the owner organization to my organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the history of the project (each event) - // Limit should always be set, there is a default limit set by the service rpc ListProjectChanges(ListProjectChangesRequest) returns (ListProjectChangesResponse) { option (google.api.http) = { post: "/projects/{project_id}/changes/_search" @@ -2329,6 +2607,20 @@ service ManagementService { permission: "project.read" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + summary: "Project History"; + description: "Returns a list of changes/events that have happened on the project. It's the history of the project. Make sure to send a limit." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc AddProject(AddProjectRequest) returns (AddProjectResponse) { @@ -2588,7 +2880,6 @@ service ManagementService { }; } - // Returns all ZITADEL roles which are for project managers rpc ListProjectMemberRoles(ListProjectMemberRolesRequest) returns (ListProjectMemberRolesResponse) { option (google.api.http) = { post: "/projects/members/roles/_search" @@ -2597,10 +2888,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.member.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects" + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "List Project Member Roles"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all roles possible for a ZITADEL member on the project level." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all ZITADEL managers of a projects - // Limit should always be set, there is a default limit set by the service rpc ListProjectMembers(ListProjectMembersRequest) returns (ListProjectMembersResponse) { option (google.api.http) = { post: "/projects/{project_id}/members/_search" @@ -2611,9 +2916,24 @@ service ManagementService { permission: "project.member.read" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects" + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "List Project Members"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all users with memberships on the project level, matching the search queries. The search queries will be AND linked." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Adds a new project manager, which is allowed to administrate in ZITADEL rpc AddProjectMember(AddProjectMemberRequest) returns (AddProjectMemberResponse) { option (google.api.http) = { post: "/projects/{project_id}/members" @@ -2624,9 +2944,24 @@ service ManagementService { permission: "project.member.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Add Project Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request adds a new user to the members list on the project level with one or multiple roles." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Change project manager, which is allowed to administrate in ZITADEL rpc UpdateProjectMember(UpdateProjectMemberRequest) returns (UpdateProjectMemberResponse) { option (google.api.http) = { put: "/projects/{project_id}/members/{user_id}" @@ -2637,9 +2972,24 @@ service ManagementService { permission: "project.member.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Update Project Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request changes the roles of an existing member. The whole roles list will be updated. Make sure to include roles that you don't want to change (remove)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Remove project manager, which is allowed to administrate in ZITADEL rpc RemoveProjectMember(RemoveProjectMemberRequest) returns (RemoveProjectMemberResponse) { option (google.api.http) = { delete: "/projects/{project_id}/members/{user_id}" @@ -2649,9 +2999,24 @@ service ManagementService { permission: "project.member.delete" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Remove Project Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request removes a user from the members list on an project level. The user can still have roles on another level (iam, organization)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns an application (OIDC or API) rpc GetAppByID(GetAppByIDRequest) returns (GetAppByIDResponse) { option (google.api.http) = { get: "/projects/{project_id}/apps/{app_id}" @@ -2661,6 +3026,20 @@ service ManagementService { permission: "project.app.read" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Get Application By ID"; + description: "Get an application of any type (OIDC, API, SAML)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc ListApps(ListAppsRequest) returns (ListAppsResponse) { @@ -2689,8 +3068,6 @@ service ManagementService { }; } - // Returns the history of the application (each event) - // Limit should always be set, there is a default limit set by the service rpc ListAppChanges(ListAppChangesRequest) returns (ListAppChangesResponse) { option (google.api.http) = { post: "/projects/{project_id}/apps/{app_id}/changes/_search" @@ -2700,6 +3077,20 @@ service ManagementService { permission: "project.app.read" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Application History"; + description: "Returns a list of changes/events that have happened on the application. It's the history of the app. Make sure to send a limit." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc AddOIDCApp(AddOIDCAppRequest) returns (AddOIDCAppResponse) { @@ -2716,7 +3107,7 @@ service ManagementService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "Applications"; summary: "Create Application (OIDC)"; - description: "Create a new OIDC client. A client id you can use will be generated and returned in the response. Depending on the chosen configuration also a secret will be returned." + description: "Create a new OIDC client. The client id will be generated and returned in the response. Depending on the chosen configuration also a secret will be returned." parameters: { headers: { name: "x-zitadel-orgid"; @@ -2728,8 +3119,6 @@ service ManagementService { }; } - // Adds a new SAML service provider - // Returns an entityID rpc AddSAMLApp(AddSAMLAppRequest) returns (AddSAMLAppResponse) { option (google.api.http) = { post: "/projects/{project_id}/apps/saml" @@ -2740,11 +3129,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Create Application (SAML)"; + description: "Create a new SAML client. Returns an entity ID" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Adds a new API application - // Returns a client id - // Returns a newly generated secret if needed (Depending on the configuration) rpc AddAPIApp(AddAPIAppRequest) returns (AddAPIAppResponse) { option (google.api.http) = { post: "/projects/{project_id}/apps/api" @@ -2755,6 +3155,20 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Create Application (API)"; + description: "Create a new API client. The client id will be generated and returned in the response. Depending on the chosen configuration also a secret will be generated and returned." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } // Changes application @@ -2768,9 +3182,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Update Application"; + description: "Update the basic information of an application. This doesn't include information that are dependent on the application type (OIDC, API, SAML)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Changes the configuration of the OIDC client rpc UpdateOIDCAppConfig(UpdateOIDCAppConfigRequest) returns (UpdateOIDCAppConfigResponse) { option (google.api.http) = { put: "/projects/{project_id}/apps/{app_id}/oidc_config" @@ -2781,9 +3208,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Update OIDC Application Config"; + description: "Update the OIDC specific configuration of an application." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Changes the configuration of the SAML application rpc UpdateSAMLAppConfig(UpdateSAMLAppConfigRequest) returns (UpdateSAMLAppConfigResponse) { option (google.api.http) = { put: "/projects/{project_id}/apps/{app_id}/saml_config" @@ -2794,9 +3234,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Update SAML Application Config"; + description: "Update the SAML specific configuration of an application." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Changes the configuration of the API application rpc UpdateAPIAppConfig(UpdateAPIAppConfigRequest) returns (UpdateAPIAppConfigResponse) { option (google.api.http) = { put: "/projects/{project_id}/apps/{app_id}/api_config" @@ -2807,11 +3260,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Update API Application Config"; + description: "Update the OIDC-specific configuration of an application." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Set the state to deactivated - // Its not possible to request tokens for deactivated apps - // Returns an error if already deactivated rpc DeactivateApp(DeactivateAppRequest) returns (DeactivateAppResponse) { option (google.api.http) = { post: "/projects/{project_id}/apps/{app_id}/_deactivate" @@ -2822,10 +3286,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Deactivate Application"; + description: "Set the state of an application to deactivated. It is not possible to request tokens for deactivated apps. Request returns an error if the application is already deactivated." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Set the state to active - // Returns an error if not deactivated rpc ReactivateApp(ReactivateAppRequest) returns (ReactivateAppResponse) { option (google.api.http) = { post: "/projects/{project_id}/apps/{app_id}/_reactivate" @@ -2836,9 +3312,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Reactivate Application"; + description: "Set the state of an application to active. Request returns an error if the application is not deactivated." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removed the application rpc RemoveApp(RemoveAppRequest) returns (RemoveAppResponse) { option (google.api.http) = { delete: "/projects/{project_id}/apps/{app_id}" @@ -2848,9 +3337,22 @@ service ManagementService { permission: "project.app.delete" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Remove Application"; + description: "Remove an application. It is not possible to request tokens for removed apps. Request returns an error if the application is already deactivated." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Generates a new client secret for the OIDC client, make sure to save the response rpc RegenerateOIDCClientSecret(RegenerateOIDCClientSecretRequest) returns (RegenerateOIDCClientSecretResponse) { option (google.api.http) = { post: "/projects/{project_id}/apps/{app_id}/oidc_config/_generate_client_secret" @@ -2861,9 +3363,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Generate New OIDC Client Secret"; + description: "Generates a new client secret for the OIDC application, make sure to save the response" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Generates a new client secret for the API application, make sure to save the response rpc RegenerateAPIClientSecret(RegenerateAPIClientSecretRequest) returns (RegenerateAPIClientSecretResponse) { option (google.api.http) = { post: "/projects/{project_id}/apps/{app_id}/api_config/_generate_client_secret" @@ -2874,9 +3389,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Generate New API Client Secret"; + description: "Generates a new client secret for the API application, make sure to save the response" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns an application key rpc GetAppKey(GetAppKeyRequest) returns (GetAppKeyResponse) { option (google.api.http) = { get: "/projects/{project_id}/apps/{app_id}/keys/{key_id}" @@ -2886,10 +3414,22 @@ service ManagementService { permission: "project.app.read" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Get Application Key By ID"; + description: "Returns an application key. Keys are used for authorizing API Applications." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all application keys matching the result - // Limit should always be set, there is a default limit set by the service rpc ListAppKeys(ListAppKeysRequest) returns (ListAppKeysResponse) { option (google.api.http) = { post: "/projects/{project_id}/apps/{app_id}/keys/_search" @@ -2900,10 +3440,22 @@ service ManagementService { permission: "project.app.read" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "List Application Keys"; + description: "Search application keys. Keys are used for authorizing API Applications." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Creates a new app key - // Will return key details in the result, make sure to save it rpc AddAppKey(AddAppKeyRequest) returns (AddAppKeyResponse){ option (google.api.http) = { post: "/projects/{project_id}/apps/{app_id}/keys" @@ -2914,9 +3466,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Create Application Key"; + description: "Create a new application key, they are used for authorizing API Applications. Key details will be returned in the response, make sure to save it." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes an app key rpc RemoveAppKey(RemoveAppKeyRequest) returns (RemoveAppKeyResponse) { option (google.api.http) = { delete: "/projects/{project_id}/apps/{app_id}/keys/{key_id}" @@ -2926,10 +3491,22 @@ service ManagementService { permission: "project.app.write" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Applications"; + summary: "Delete Application Key"; + description: "Remove an application key. The API application will not be able to authorize with the key anymore." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the history of the project grant (each event) - // Limit should always be set, there is a default limit set by the service rpc ListProjectGrantChanges(ListProjectGrantChangesRequest) returns (ListProjectGrantChangesResponse) { option (google.api.http) = { post: "/projects/{project_id}/grants/{grant_id}/changes/_search" @@ -2939,9 +3516,22 @@ service ManagementService { permission: "project.grant.read" check_field_name: "GrantId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + summary: "Project Grant History"; + description: "Returns a list of changes/events that have happened on the project grant. It's the history of the project. Make sure to send a limit." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns a project grant (ProjectGrant = Grant another organization for my project) rpc GetProjectGrantByID(GetProjectGrantByIDRequest) returns (GetProjectGrantByIDResponse) { option (google.api.http) = { get: "/projects/{project_id}/grants/{grant_id}" @@ -2950,10 +3540,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Projects"; + summary: "Project Grant By ID"; + description: "Returns a project grant. A project grant is when the organization grants its project to another organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all project grants matching the query, (ProjectGrant = Grant another organization for my project) - // Limit should always be set, there is a default limit set by the service rpc ListProjectGrants(ListProjectGrantsRequest) returns (ListProjectGrantsResponse) { option (google.api.http) = { post: "/projects/{project_id}/grants/_search" @@ -2964,10 +3566,22 @@ service ManagementService { permission: "project.grant.read" check_field_name: "ProjectId" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + summary: "Search Project Grants from Project"; + description: "Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all project grants matching the query, (ProjectGrant = Grant another organization for my project) - // Limit should always be set, there is a default limit set by the service rpc ListAllProjectGrants(ListAllProjectGrantsRequest) returns (ListAllProjectGrantsResponse) { option (google.api.http) = { post: "/projectgrants/_search" @@ -2977,10 +3591,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + summary: "Search Project Grants"; + description: "Returns a list of project grants. A project grant is when the organization grants its project to another organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a new project grant (ProjectGrant = Grant another organization for my project) - // Project Grant will be listed in the granted project of the other organization rpc AddProjectGrant(AddProjectGrantRequest) returns (AddProjectGrantResponse) { option (google.api.http) = { post: "/projects/{project_id}/grants" @@ -2990,10 +3616,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + summary: "Add Project Grant"; + description: "Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Change project grant (ProjectGrant = Grant another organization for my project) - // Project Grant will be listed in the granted project of the other organization rpc UpdateProjectGrant(UpdateProjectGrantRequest) returns (UpdateProjectGrantResponse) { option (google.api.http) = { put: "/projects/{project_id}/grants/{grant_id}" @@ -3003,10 +3641,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + summary: "Change Project Grant"; + description: "Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Set state of project grant to deactivated (ProjectGrant = Grant another organization for my project) - // Returns error if project not active rpc DeactivateProjectGrant(DeactivateProjectGrantRequest) returns (DeactivateProjectGrantResponse) { option (google.api.http) = { post: "/projects/{project_id}/grants/{grant_id}/_deactivate" @@ -3016,10 +3666,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + summary: "Deactivate Project Grant"; + description: "Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Set state of project grant to active (ProjectGrant = Grant another organization for my project) - // Returns error if project not deactivated rpc ReactivateProjectGrant(ReactivateProjectGrantRequest) returns (ReactivateProjectGrantResponse) { option (google.api.http) = { post: "/projects/{project_id}/grants/{grant_id}/_reactivate" @@ -3029,9 +3691,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + summary: "Reactivate Project Grant"; + description: "Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes project grant and all user grants for this project grant rpc RemoveProjectGrant(RemoveProjectGrantRequest) returns (RemoveProjectGrantResponse) { option (google.api.http) = { delete: "/projects/{project_id}/grants/{grant_id}" @@ -3040,9 +3715,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + summary: "Remove Project Grant"; + description: "Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all ZITADEL roles which are for project grant managers rpc ListProjectGrantMemberRoles(ListProjectGrantMemberRolesRequest) returns (ListProjectGrantMemberRolesResponse) { option (google.api.http) = { post: "/projects/grants/members/roles/_search" @@ -3051,10 +3739,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.member.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants" + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "List Project Grant Member Roles"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all roles possible for a ZITADEL member on the project grant level." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all ZITADEL managers of this project grant - // Limit should always be set, there is a default limit set by the service rpc ListProjectGrantMembers(ListProjectGrantMembersRequest) returns (ListProjectGrantMembersResponse) { option (google.api.http) = { post: "/projects/{project_id}/grants/{grant_id}/members/_search" @@ -3064,9 +3766,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.member.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants" + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "List Project Members"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all users with memberships on the project grant level, matching the search queries. The search queries will be AND linked." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Adds a new project grant manager, which is allowed to administrate in ZITADEL rpc AddProjectGrantMember(AddProjectGrantMemberRequest) returns (AddProjectGrantMemberResponse) { option (google.api.http) = { post: "/projects/{project_id}/grants/{grant_id}/members" @@ -3076,9 +3793,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.member.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Add Project Grant Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request adds a new user to the members list on the project grant level with one or multiple roles." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Changes project grant manager, which is allowed to administrate in ZITADEL rpc UpdateProjectGrantMember(UpdateProjectGrantMemberRequest) returns (UpdateProjectGrantMemberResponse) { option (google.api.http) = { put: "/projects/{project_id}/grants/{grant_id}/members/{user_id}" @@ -3088,9 +3820,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.member.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Update Project Grant Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request changes the roles of an existing member. The whole roles list will be updated. Make sure to include roles that you don't want to change (remove)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removed project grant manager rpc RemoveProjectGrantMember(RemoveProjectGrantMemberRequest) returns (RemoveProjectGrantMemberResponse) { option (google.api.http) = { delete: "/projects/{project_id}/grants/{grant_id}/members/{user_id}" @@ -3099,9 +3846,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "project.grant.member.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project Grants"; + tags: "Members"; + tags: "ZITADEL Administrators"; + summary: "Remove Project Grant Member"; + description: "Members are users with permission to administrate ZITADEL on different levels. This request removes a user from the members list on a project grant level. The user can still have roles on another level (iam, organization, project)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns a user grant (authorization of a user for a project) rpc GetUserGrantByID(GetUserGrantByIDRequest) returns (GetUserGrantByIDResponse) { option (google.api.http) = { get: "/users/{user_id}/grants/{grant_id}" @@ -3110,10 +3872,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.grant.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Grants"; + summary: "User Grant By ID"; + description: "Returns a user grant per ID. A user grant is a role a user has for a specific project and organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all user grants matching the query (authorizations of a user for the projects) - // Limit should always be set, there is a default limit set by the service rpc ListUserGrants(ListUserGrantRequest) returns (ListUserGrantResponse) { option (google.api.http) = { post: "/users/grants/_search" @@ -3123,9 +3897,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.grant.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Grants"; + summary: "Search User Grants"; + description: "Returns a list of user grants that match the search queries. User grants are the roles users have for a specific project and organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Creates a new user grant (authorization of a user for a project with specified roles) rpc AddUserGrant(AddUserGrantRequest) returns (AddUserGrantResponse) { option (google.api.http) = { post: "/users/{user_id}/grants" @@ -3135,9 +3922,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.grant.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Grants"; + summary: "Add User Grant"; + description: "Add a user grant for a specific user. User grants are the roles users have for a specific project and organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Changes a user grant (authorization of a user for a project with specified roles) rpc UpdateUserGrant(UpdateUserGrantRequest) returns (UpdateUserGrantResponse) { option (google.api.http) = { put: "/users/{user_id}/grants/{grant_id}" @@ -3147,11 +3947,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.grant.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Grants"; + summary: "Update User Grants"; + description: "Update the roles of a user grant. User grants are the roles users have for a specific project and organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the state of a user grant to deactivated - // User will not be able to use the granted project anymore - // Returns an error if the user grant is already deactivated rpc DeactivateUserGrant(DeactivateUserGrantRequest) returns (DeactivateUserGrantResponse) { option (google.api.http) = { post: "/users/{user_id}/grants/{grant_id}/_deactivate" @@ -3161,10 +3972,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.grant.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Grants"; + summary: "Deactivate User Grant"; + description: "Deactivate the user grant. The user will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested. An error will be returned if the user grant is already deactivated." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the state of a user grant to active - // Returns an error if the user grant is not deactivated rpc ReactivateUserGrant(ReactivateUserGrantRequest) returns (ReactivateUserGrantResponse) { option (google.api.http) = { post: "/users/{user_id}/grants/{grant_id}/_reactivate" @@ -3174,9 +3997,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.grant.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Grants"; + summary: "Reactivate User Grant"; + description: "Reactivate a deactivated user grant. The user will be able to use the granted project again. An error will be returned if the user grant is not deactivated." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes a user grant rpc RemoveUserGrant(RemoveUserGrantRequest) returns (RemoveUserGrantResponse) { option (google.api.http) = { delete: "/users/{user_id}/grants/{grant_id}" @@ -3185,9 +4021,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.grant.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Grants"; + summary: "Remove User Grant"; + description: "Removes the user grant from the user. The user will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // remove a list of user grants in one request rpc BulkRemoveUserGrant(BulkRemoveUserGrantRequest) returns (BulkRemoveUserGrantResponse) { option (google.api.http) = { delete: "/user_grants/_bulk" @@ -3197,10 +4046,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "user.grant.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Grants"; + summary: "Bulk Remove User Grants"; + description: "Remove a list of user grants. The users will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } //deprecated: please use DomainPolicy instead - // Returns the domain policy (this policy is managed by the IAM administrator) rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) { option (google.api.http) = { get: "/policies/orgiam" @@ -3211,9 +4073,10 @@ service ManagementService { }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - tags: "Policies"; - summary: "Get Organziation IAM Policy"; - description: "Use Get Domain Policy instead" + tags: "Settings"; + tags: "Domain Settings"; + summary: "Get Org IAM Policy"; + description: "Use Get Domain Settings instead" deprecated: true; }; } @@ -3228,15 +4091,21 @@ service ManagementService { }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { - tags: "Policies"; + tags: "Settings"; + tags: "Domain Settings"; summary: "Get Domain Policy"; description: "Returns the domain policy (this policy is managed by the IAM administrator)"; - deprecated: true; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; }; } - // Returns the login policy of the organization - // With this policy the login UI can be configured rpc GetLoginPolicy(GetLoginPolicyRequest) returns (GetLoginPolicyResponse) { option (google.api.http) = { get: "/policies/login" @@ -3245,9 +4114,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + summary: "Get Login Settings"; + description: "Returns the login settings defined on the organization level. It will trigger as soon as the organization is identified (scope, user identification). The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the default login policy configured in the IAM rpc GetDefaultLoginPolicy(GetDefaultLoginPolicyRequest) returns (GetDefaultLoginPolicyResponse) { option (google.api.http) = { get: "/policies/default/login" @@ -3256,10 +4139,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + summary: "Get Default Login Settings"; + description: "Returns the default login settings defined on the instance level. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a custom login policy for the organization - // With this policy the login UI can be configured rpc AddCustomLoginPolicy(AddCustomLoginPolicyRequest) returns (AddCustomLoginPolicyResponse) { option (google.api.http) = { post: "/policies/login" @@ -3269,10 +4165,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + summary: "Create Custom Login Settings"; + description: "Create login settings for the organization and therefore overwrite the default settings for this organization. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Change the custom login policy for the organization - // With this policy the login UI can be configured rpc UpdateCustomLoginPolicy(UpdateCustomLoginPolicyRequest) returns (UpdateCustomLoginPolicyResponse) { option (google.api.http) = { put: "/policies/login" @@ -3282,10 +4191,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + summary: "Update Custom Login Settings"; + description: "Change the login settings for the organization, that overwrites the default settings for this organization. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom login policy of the organization - // The default policy of the IAM will trigger after rpc ResetLoginPolicyToDefault(ResetLoginPolicyToDefaultRequest) returns (ResetLoginPolicyToDefaultResponse) { option (google.api.http) = { delete: "/policies/login" @@ -3294,10 +4216,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + summary: "Reset Custom Login Settings to Default"; + description: "Remove the custom settings from the organization. The default settings of the instance will be triggered afterward. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Lists all possible identity providers configured on the organization - // Limit should always be set, there is a default limit set by the service rpc ListLoginPolicyIDPs(ListLoginPolicyIDPsRequest) returns (ListLoginPolicyIDPsResponse) { option (google.api.http) = { post: "/policies/login/idps/_search" @@ -3307,9 +4242,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Identity Providers" + summary: "List Linked Identity Providers"; + description: "Returns a list of identity providers that are linked in the login policy. This means, that they are configured for the organization and will be shown to the users. They will be shown if the organization is identified (per scope or user)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a (preconfigured) identity provider to the custom login policy rpc AddIDPToLoginPolicy(AddIDPToLoginPolicyRequest) returns (AddIDPToLoginPolicyResponse) { option (google.api.http) = { post: "/policies/login/idps" @@ -3319,9 +4269,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Identity Providers" + summary: "Add Linked Identity Provider"; + description: "Add/link a pre-configured identity provider to the login settings of the organization. This means that it will be shown to the users on the login page. They will be shown if the organization is identified (per scope or user)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Remove a identity provider from the custom login policy rpc RemoveIDPFromLoginPolicy(RemoveIDPFromLoginPolicyRequest) returns (RemoveIDPFromLoginPolicyResponse) { option (google.api.http) = { delete: "/policies/login/idps/{idp_id}" @@ -3330,9 +4295,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Identity Providers" + summary: "Remove Linked Identity Provider"; + description: "Remove an identity provider from the login settings of the organization. This means that it will not be shown to the users on the login page." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all configured second factors of the custom login policy rpc ListLoginPolicySecondFactors(ListLoginPolicySecondFactorsRequest) returns (ListLoginPolicySecondFactorsResponse) { option (google.api.http) = { post: "/policies/login/second_factors/_search" @@ -3341,9 +4321,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Authentication Methods" + summary: "List Second Factors (2FA)"; + description: "Returns a list of second factors (2FA) configured on the login settings of the organization. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called the second factor as it is used after a password. In the UI we generalize it as multi-factor." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Adds a new second factor to the custom login policy rpc AddSecondFactorToLoginPolicy(AddSecondFactorToLoginPolicyRequest) returns (AddSecondFactorToLoginPolicyResponse) { option (google.api.http) = { post: "/policies/login/second_factors" @@ -3353,9 +4348,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Authentication Methods" + summary: "Add Second Factor (2FA)"; + description: "Add a new second factor (2FA) to the login settings of the organization. Users will have the possibility to authenticate with the configured factor afterward. Authentication factors are used as an additional factor to add more security to your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called a second factor as it is used as an additional authentication after a password. In the UI we generalize this as multi-factor." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Remove a second factor from the custom login policy rpc RemoveSecondFactorFromLoginPolicy(RemoveSecondFactorFromLoginPolicyRequest) returns (RemoveSecondFactorFromLoginPolicyResponse) { option (google.api.http) = { delete: "/policies/login/second_factors/{type}" @@ -3364,9 +4374,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Authentication Methods" + summary: "Remove Second Factor (2FA)"; + description: "Remove a configured second factor (2FA) from the login settings of the organization. Users will not be able to authenticate with the configured factor afterward. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called the second factor as it is used after a password. In the UI we generalize it as multi-factor." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all configured multi factors of the custom login policy rpc ListLoginPolicyMultiFactors(ListLoginPolicyMultiFactorsRequest) returns (ListLoginPolicyMultiFactorsResponse) { option (google.api.http) = { post: "/policies/login/auth_factors/_search" @@ -3375,9 +4400,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Authentication Methods" + summary: "List Multi Factors (MFA)"; + description: "Returns a list of multi factors (MFA) configured on the login settings of the organization. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multifactor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Adds a new multi-factor to the custom login policy rpc AddMultiFactorToLoginPolicy(AddMultiFactorToLoginPolicyRequest) returns (AddMultiFactorToLoginPolicyResponse) { option (google.api.http) = { post: "/policies/login/multi_factors" @@ -3387,9 +4427,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Authentication Methods" + summary: "Add Multi-Factor (MFA)"; + description: "Add a multi-factor (MFA) to the login settings of the organization. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Remove a multi-factor from the custom login policy rpc RemoveMultiFactorFromLoginPolicy(RemoveMultiFactorFromLoginPolicyRequest) returns (RemoveMultiFactorFromLoginPolicyResponse) { option (google.api.http) = { delete: "/policies/login/multi_factors/{type}" @@ -3398,10 +4453,24 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Login Settings"; + tags: "Authentication Methods" + summary: "Remove Multi Factor (MFA)"; + description: "Remove a multi-factor (MFA) from the login settings of the organization. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the password complexity policy of the organization - // With this policy the password strength can be configured rpc GetPasswordComplexityPolicy(GetPasswordComplexityPolicyRequest) returns (GetPasswordComplexityPolicyResponse) { option (google.api.http) = { get: "/policies/password/complexity" @@ -3410,10 +4479,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Get Password Complexity Settings"; + description: "Returns the password complexity settings configured on the organization. The settings specify how a password should look (characters, length, etc.)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the default password complexity policy of the IAM - // With this policy the password strength can be configured rpc GetDefaultPasswordComplexityPolicy(GetDefaultPasswordComplexityPolicyRequest) returns (GetDefaultPasswordComplexityPolicyResponse) { option (google.api.http) = { get: "/policies/default/password/complexity" @@ -3422,10 +4504,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Get Default Password Complexity Settings"; + description: "Returns the default password complexity settings configured on the instance. The settings specify how a password should look (characters, length, etc.)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a custom password complexity policy for the organization - // With this policy the password strength can be configured rpc AddCustomPasswordComplexityPolicy(AddCustomPasswordComplexityPolicyRequest) returns (AddCustomPasswordComplexityPolicyResponse) { option (google.api.http) = { post: "/policies/password/complexity" @@ -3435,10 +4530,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Create Password Complexity Settings"; + description: "Create new password complexity settings for the organization. This will overwrite the settings of the instance for this organization. The settings specify how a password should look (characters, length, etc.)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Update the custom password complexity policy for the organization - // With this policy the password strength can be configured rpc UpdateCustomPasswordComplexityPolicy(UpdateCustomPasswordComplexityPolicyRequest) returns (UpdateCustomPasswordComplexityPolicyResponse) { option (google.api.http) = { put: "/policies/password/complexity" @@ -3448,10 +4556,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Update Password Complexity Settings"; + description: "Update the password complexity settings of the organization. The settings specify how a password should look (characters, length, etc.)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom password complexity policy of the organization - // The default policy of the IAM will trigger after rpc ResetPasswordComplexityPolicyToDefault(ResetPasswordComplexityPolicyToDefaultRequest) returns (ResetPasswordComplexityPolicyToDefaultResponse) { option (google.api.http) = { delete: "/policies/password/complexity" @@ -3460,6 +4581,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Reset Password Complexity Settings to Default"; + description: "Remove the password complexity settings of the organization and therefore use the default settings on the instance. The settings specify how a password should look (characters, length, etc.)" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } // The password age policy is not used at the moment @@ -3471,6 +4607,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Get Password Age Settings"; + description: "Not implemented"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } // The password age policy is not used at the moment @@ -3482,6 +4633,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Get Default Password Age Settings"; + description: "Not implemented"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } // The password age policy is not used at the moment @@ -3494,6 +4660,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Add Password Age Settings"; + description: "Not implemented"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } // The password age policy is not used at the moment @@ -3506,6 +4687,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Update Password Age Settings"; + description: "Not implemented"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } // The password age policy is not used at the moment @@ -3517,6 +4713,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Reset Password Age Settings to Default"; + description: "Not implemented"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc GetLockoutPolicy(GetLockoutPolicyRequest) returns (GetLockoutPolicyResponse) { @@ -3527,6 +4738,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Get Password Lockout Settings"; + description: "Returns the password lockout settings configured on the organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc GetDefaultLockoutPolicy(GetDefaultLockoutPolicyRequest) returns (GetDefaultLockoutPolicyResponse) { @@ -3537,6 +4763,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Get Default Password Lockout Settings"; + description: "Returns the default password lockout settings configured on the instance. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc AddCustomLockoutPolicy(AddCustomLockoutPolicyRequest) returns (AddCustomLockoutPolicyResponse) { @@ -3548,6 +4789,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Add Password Lockout Settings"; + description: "Add new password lockout settings on the organization level. This will overwrite the settings set on the instance for this organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc UpdateCustomLockoutPolicy(UpdateCustomLockoutPolicyRequest) returns (UpdateCustomLockoutPolicyResponse) { @@ -3559,6 +4815,21 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Update Password Lockout Settings"; + description: "Update the password lockout settings configured on the organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc ResetLockoutPolicyToDefault(ResetLockoutPolicyToDefaultRequest) returns (ResetLockoutPolicyToDefaultResponse) { @@ -3569,10 +4840,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Password Settings"; + summary: "Reset Password Lockout Settings to Default"; + description: "Remove the password lockout settings from the organization. The settings configured on the instance will trigger afterward for this organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the privacy policy of the organization - // With this policy privacy relevant things can be configured (e.g. TOS link) rpc GetPrivacyPolicy(GetPrivacyPolicyRequest) returns (GetPrivacyPolicyResponse) { option (google.api.http) = { get: "/policies/privacy" @@ -3581,10 +4865,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Privacy Settings"; + summary: "Get Privacy Settings"; + description: "Returns the privacy settings configured on the organization. To be able to trigger the correct policy make sure to identify which organization should be requested on the login/register (organization scope). The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the default privacy policy of the IAM - // With this policy the privacy-relevant things can be configured (e.g TOS link) rpc GetDefaultPrivacyPolicy(GetDefaultPrivacyPolicyRequest) returns (GetDefaultPrivacyPolicyResponse) { option (google.api.http) = { get: "/policies/default/privacy" @@ -3593,11 +4890,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Privacy Settings"; + summary: "Get Default Privacy Settings"; + description: "Returns the default privacy settings configured on the instance. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a custom privacy policy for the organization - // With this policy privacy relevant things can be configured (e.g. TOS link) - // Variable {{.Lang}} can be set to have different links based on the language rpc AddCustomPrivacyPolicy(AddCustomPrivacyPolicyRequest) returns (AddCustomPrivacyPolicyResponse) { option (google.api.http) = { post: "/policies/privacy" @@ -3607,11 +4916,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Privacy Settings"; + summary: "Add Privacy Settings"; + description: "Add a custom privacy policy for the organization. The configuration of the instance will be overwritten. Variable {{.Lang}} can be set to have different links based on the language. Make sure to identify which settings should be triggered by sending the organization scope. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Update the privacy policy for the organization - // With this policy privacy relevant things can be configured (e.g. TOS link) - // Variable {{.Lang}} can be set to have different links based on the language rpc UpdateCustomPrivacyPolicy(UpdateCustomPrivacyPolicyRequest) returns (UpdateCustomPrivacyPolicyResponse) { option (google.api.http) = { put: "/policies/privacy" @@ -3621,10 +4942,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Privacy Settings"; + summary: "Update Privacy Settings"; + description: "Update the custom privacy policy for the organization. Variable {{.Lang}} can be set to have different links based on the language. Make sure to identify which settings should be triggered by sending the organization scope. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the privacy policy of the organization - // The default policy of the IAM will trigger after rpc ResetPrivacyPolicyToDefault(ResetPrivacyPolicyToDefaultRequest) returns (ResetPrivacyPolicyToDefaultResponse) { option (google.api.http) = { delete: "/policies/privacy" @@ -3633,10 +4967,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Privacy Settings"; + summary: "Reset Privacy Settings to Default"; + description: "The settings from the organization will be removed and therefore the default settings configured on the instance will be triggered. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the notification policy of the organization - // With this notification policy it can be configured how users should be notified rpc GetNotificationPolicy(GetNotificationPolicyRequest) returns (GetNotificationPolicyResponse) { option (google.api.http) = { get: "/policies/notification" @@ -3645,10 +4992,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Notification Settings"; + summary: "Get Notification Settings"; + description: "Return the notification settings configured on the organization. It overwrites the default settings configured on the instance for this organization. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the default notification policy of the IAM - // With this notification privacy it can be configured how users should be notified rpc GetDefaultNotificationPolicy(GetDefaultNotificationPolicyRequest) returns (GetDefaultNotificationPolicyResponse) { option (google.api.http) = { get: "/policies/default/notification" @@ -3657,10 +5017,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Notification Settings"; + summary: "Get Default Notification Settings"; + description: "Return the default notification settings configured on the instance. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a custom notification policy for the organization - // With this notification privacy it can be configured how users should be notified rpc AddCustomNotificationPolicy(AddCustomNotificationPolicyRequest) returns (AddCustomNotificationPolicyResponse) { option (google.api.http) = { post: "/policies/notification" @@ -3670,10 +5043,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Notification Settings"; + summary: "Add Notification Settings"; + description: "Create notification settings for the organization and therefore overwrite the default settings for this organization. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Update the notification policy for the organization - // With this notification privacy it can be configured how users should be notified rpc UpdateCustomNotificationPolicy(UpdateCustomNotificationPolicyRequest) returns (UpdateCustomNotificationPolicyResponse) { option (google.api.http) = { put: "/policies/notification" @@ -3683,10 +5069,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Notification Settings"; + summary: "Update Notification Settings"; + description: "Update notification settings configured for the organization. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the notification policy of the organization - // The default policy of the IAM will trigger after rpc ResetNotificationPolicyToDefault(ResetNotificationPolicyToDefaultRequest) returns (ResetNotificationPolicyToDefaultResponse) { option (google.api.http) = { delete: "/policies/notification" @@ -3695,10 +5094,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Notification Settings"; + summary: "Reset Notification Settings to Default"; + description: "The settings configured will be removed from the organization. Therefore the settings from the instance will trigger for the users of this organization afterward. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the active label policy of the organization - // With this policy private labeling can be configured (colors, etc.) rpc GetLabelPolicy(GetLabelPolicyRequest) returns (GetLabelPolicyResponse) { option (google.api.http) = { get: "/policies/label" @@ -3707,10 +5119,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Get Private Labeling/Branding Settings"; + description: "Returns the currently active private labeling/branding configured on the organization. The settings will trigger if the organization has been identified (organization scope, user). Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the preview label policy of the organization - // With this policy private labeling can be configured (colors, etc.) rpc GetPreviewLabelPolicy(GetPreviewLabelPolicyRequest) returns (GetPreviewLabelPolicyResponse) { option (google.api.http) = { get: "/policies/label/_preview" @@ -3719,10 +5144,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Get Preview Private Labeling/Branding Settings"; + description: "Returns the preview private labeling/branding configured on the organization. The preview is used to show you how it will look like, and not activate it directly for your users. In the future, it should be possible to send a preview mail and have a look at the preview login. The settings will trigger if the organization has been identified (organization scope, user). Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns the default label policy of the IAM - // With this policy private labeling can be configured (colors, etc.) rpc GetDefaultLabelPolicy(GetDefaultLabelPolicyRequest) returns (GetDefaultLabelPolicyResponse) { option (google.api.http) = { get: "/policies/default/label" @@ -3731,10 +5169,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Get Default Private Labeling/Branding Settings"; + description: "Returns the default private labeling/branding configured on the instance. Defines what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a custom label policy for the organization - // With this policy private labeling can be configured (colors, etc.) rpc AddCustomLabelPolicy(AddCustomLabelPolicyRequest) returns (AddCustomLabelPolicyResponse) { option (google.api.http) = { post: "/policies/label" @@ -3744,10 +5195,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Create Labeling/Branding Settings"; + description: "Create the private labeling/branding configured on the organization. Make sure to activate it so it will be shown to the users. The settings will trigger if the organization has been identified (organization scope, user). Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Changes the custom label policy for the organization - // With this policy private labeling can be configured (colors, etc.) rpc UpdateCustomLabelPolicy(UpdateCustomLabelPolicyRequest) returns (UpdateCustomLabelPolicyResponse) { option (google.api.http) = { put: "/policies/label" @@ -3757,9 +5221,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Update Labeling/Branding Settings"; + description: "Update the preview private labeling/branding configured on the organization. The settings will trigger if the organization has been identified (organization scope, user). The preview is used to show you how it will look like, make sure to activate it as soon as you are happy with the configuration. Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Activates all changes to the label policy rpc ActivateCustomLabelPolicy(ActivateCustomLabelPolicyRequest) returns (ActivateCustomLabelPolicyResponse) { option (google.api.http) = { post: "/policies/label/_activate" @@ -3770,9 +5248,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Activate Labeling/Branding Settings"; + description: "Activates the preview private labeling/branding configured on the organization. It will be shown to the users afterward. The settings will trigger if the organization has been identified (organization scope, user). Defines what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the logo of the label policy rpc RemoveCustomLabelPolicyLogo(RemoveCustomLabelPolicyLogoRequest) returns (RemoveCustomLabelPolicyLogoResponse) { option (google.api.http) = { delete: "/policies/label/logo" @@ -3781,9 +5273,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Remove Logo Light"; + description: "Removes the logo of the light theme from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the logo dark of the label policy rpc RemoveCustomLabelPolicyLogoDark(RemoveCustomLabelPolicyLogoDarkRequest) returns (RemoveCustomLabelPolicyLogoDarkResponse) { option (google.api.http) = { delete: "/policies/label/logo_dark" @@ -3792,9 +5298,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Remove Logo Dark"; + description: "Removes the logo of the dark theme from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the icon of the label policy rpc RemoveCustomLabelPolicyIcon(RemoveCustomLabelPolicyIconRequest) returns (RemoveCustomLabelPolicyIconResponse) { option (google.api.http) = { delete: "/policies/label/icon" @@ -3803,9 +5323,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Remove Icon Light"; + description: "Removes the icon of the light theme from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the logo dark of the label policy rpc RemoveCustomLabelPolicyIconDark(RemoveCustomLabelPolicyIconDarkRequest) returns (RemoveCustomLabelPolicyIconDarkResponse) { option (google.api.http) = { delete: "/policies/label/icon_dark" @@ -3814,9 +5348,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Remove Icon Dark"; + description: "Removes the icon of the dark theme from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the font of the label policy rpc RemoveCustomLabelPolicyFont(RemoveCustomLabelPolicyFontRequest) returns (RemoveCustomLabelPolicyFontResponse) { option (google.api.http) = { delete: "/policies/label/font" @@ -3825,10 +5373,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Remove Font"; + description: "Removes the font from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom label policy of the organization - // The default policy of the IAM will trigger after rpc ResetLabelPolicyToDefault(ResetLabelPolicyToDefaultRequest) returns (ResetLabelPolicyToDefaultResponse) { option (google.api.http) = { delete: "/policies/label" @@ -3837,9 +5398,23 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Settings"; + tags: "Branding"; + summary: "Reset Labeling/Branding Settings"; + description: "Removes the label policy/branding of the organization and therefore the default settings from the instance will be shown to the users." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for initial message rpc GetCustomInitMessageText(GetCustomInitMessageTextRequest) returns (GetCustomInitMessageTextResponse) { option (google.api.http) = { get: "/text/message/init/{language}"; @@ -3848,9 +5423,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Custom Init Message Text"; + description: "Get the custom text of the initialize-user message/email that is set on the organization. The email is sent when a user is created and has either no password or a non-verified email address." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the default text for initial message rpc GetDefaultInitMessageText(GetDefaultInitMessageTextRequest) returns (GetDefaultInitMessageTextResponse) { option (google.api.http) = { get: "/text/default/message/init/{language}"; @@ -3859,11 +5447,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Default Init Message Text"; + description: "Get the default text of the initialize-user message/email that is set either on the instance or in the filesystem of ZITADEL. The email is sent when a user is created and has either no password or a non-verified email address." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the custom text for the initial message - // The Following Variables can be used: - // {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} rpc SetCustomInitMessageText(SetCustomInitMessageTextRequest) returns (SetCustomInitMessageTextResponse) { option (google.api.http) = { put: "/text/message/init/{language}"; @@ -3873,10 +5472,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Set Custom Init Message Text"; + description: "Set the custom text of the initialize-user message/email the default texts will be overwritten for the organization. The email is sent when a user is created and has either no password or a non-verified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom init message text of the organization - // The default text of the IAM will trigger after rpc ResetCustomInitMessageTextToDefault(ResetCustomInitMessageTextToDefaultRequest) returns (ResetCustomInitMessageTextToDefaultResponse) { option (google.api.http) = { delete: "/text/message/init/{language}" @@ -3885,8 +5496,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Reset Custom Init Message Text to Default"; + description: "Removes the custom text of the initialize-user message/email that is overwritten on the organization and triggers the default text instead." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for password reset message + rpc GetCustomPasswordResetMessageText(GetCustomPasswordResetMessageTextRequest) returns (GetCustomPasswordResetMessageTextResponse) { option (google.api.http) = { get: "/text/message/passwordreset/{language}"; @@ -3895,9 +5520,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Custom Password Reset Message Text"; + description: "Get the custom text of the password reset message/email that is set on the organization. The email is sent when a user triggers the password forgot-request." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the default text for password reset message rpc GetDefaultPasswordResetMessageText(GetDefaultPasswordResetMessageTextRequest) returns (GetDefaultPasswordResetMessageTextResponse) { option (google.api.http) = { get: "/text/default/message/passwordreset/{language}"; @@ -3906,11 +5544,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Default Password Reset Message Text"; + description: "Get the default text of the password reset message/email that is set on the instance or in the files of ZITADEL. The email is sent when a user triggers the password forgot-request." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the custom text for password reset message - // The Following Variables can be used: - // {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}} rpc SetCustomPasswordResetMessageText(SetCustomPasswordResetMessageTextRequest) returns (SetCustomPasswordResetMessageTextResponse) { option (google.api.http) = { put: "/text/message/passwordreset/{language}"; @@ -3920,10 +5569,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Set Custom Password Reset Message Text"; + description: "Set the custom text of the password reset user message/email for the organization. The email is sent when a user triggers the password forgot-request. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom password reset message text of the organization - // The default text of the IAM will trigger after rpc ResetCustomPasswordResetMessageTextToDefault(ResetCustomPasswordResetMessageTextToDefaultRequest) returns (ResetCustomPasswordResetMessageTextToDefaultResponse) { option (google.api.http) = { delete: "/text/message/verifyemail/{language}" @@ -3932,9 +5593,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Reset Custom Password Reset Message Text to Default"; + description: "Removes the custom text of the password reset user message/email and the default will trigger afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for verify email message rpc GetCustomVerifyEmailMessageText(GetCustomVerifyEmailMessageTextRequest) returns (GetCustomVerifyEmailMessageTextResponse) { option (google.api.http) = { get: "/text/message/verifyemail/{language}"; @@ -3943,9 +5617,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Custom Verify Email Message Text"; + description: "Get the custom text of the verify-email message/email that is set on the organization. The email is sent when a user adds a new non-verified email address." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the default text for verify email message rpc GetDefaultVerifyEmailMessageText(GetDefaultVerifyEmailMessageTextRequest) returns (GetDefaultVerifyEmailMessageTextResponse) { option (google.api.http) = { get: "/text/default/message/verifyemail/{language}"; @@ -3954,11 +5641,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Default Verify Email Message Text"; + description: "Get the default text of the verify-email message/email that is set on the instance or as translation files in ZITADEL itself. The email is sent when a user adds a new non-verified email address." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the custom text for verifying email messages - // The Following Variables can be used: - // {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}} rpc SetCustomVerifyEmailMessageText(SetCustomVerifyEmailMessageTextRequest) returns (SetCustomVerifyEmailMessageTextResponse) { option (google.api.http) = { put: "/text/message/verifyemail/{language}"; @@ -3968,10 +5666,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Set Default Verify Email Message Text"; + description: "Set the custom text of the verify-email user message/email for the organization. The email is sent when a user adds a new nonverified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom verify email message text of the organization - // The default text of the IAM will trigger after rpc ResetCustomVerifyEmailMessageTextToDefault(ResetCustomVerifyEmailMessageTextToDefaultRequest) returns (ResetCustomVerifyEmailMessageTextToDefaultResponse) { option (google.api.http) = { delete: "/text/message/verifyemail/{language}" @@ -3980,9 +5690,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Reset Custom Verify Email Message Text to Default"; + description: "Removes the custom text of the email verify message/email and therefore the default settings will trigger afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for verify email message rpc GetCustomVerifyPhoneMessageText(GetCustomVerifyPhoneMessageTextRequest) returns (GetCustomVerifyPhoneMessageTextResponse) { option (google.api.http) = { get: "/text/message/verifyphone/{language}"; @@ -3991,9 +5714,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Custom Verify Phone Message Text"; + description: "Get the custom text of the verify-phone message that is set on the organization. The message is sent when a user adds a new non-verified phone number and a notification provider is configured." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for verify email message rpc GetDefaultVerifyPhoneMessageText(GetDefaultVerifyPhoneMessageTextRequest) returns (GetDefaultVerifyPhoneMessageTextResponse) { option (google.api.http) = { get: "/text/default/message/verifyphone/{language}"; @@ -4002,11 +5738,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Default Verify Phone Message Text"; + description: "Get the default text of the verify-phone message that is set on the instance or as translation files in ZITADEL itself. The message is sent when a user adds a new non-verified phone number and a notification provider is configured." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the default custom text for verifying email messages - // The Following Variables can be used: - // {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}} rpc SetCustomVerifyPhoneMessageText(SetCustomVerifyPhoneMessageTextRequest) returns (SetCustomVerifyPhoneMessageTextResponse) { option (google.api.http) = { put: "/text/message/verifyphone/{language}"; @@ -4016,10 +5763,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Set Custom Verify Phone Reset Message Text"; + description: "Set the custom text of the verify-phone message for the organization. The message is sent when a user adds a new non-verified phone number and a notification provider is configured. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom verify phone text of the organization - // The default text of the IAM will trigger after rpc ResetCustomVerifyPhoneMessageTextToDefault(ResetCustomVerifyPhoneMessageTextToDefaultRequest) returns (ResetCustomVerifyPhoneMessageTextToDefaultResponse) { option (google.api.http) = { delete: "/text/message/verifyphone/{language}" @@ -4028,9 +5787,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Reset Custom Verify Phone Message Text to Default"; + description: "Removes the custom text of the verify-phone message from the organization and therefore the default texts will trigger for the users afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for domain claimed message rpc GetCustomDomainClaimedMessageText(GetCustomDomainClaimedMessageTextRequest) returns (GetCustomDomainClaimedMessageTextResponse) { option (google.api.http) = { get: "/text/message/domainclaimed/{language}"; @@ -4039,9 +5811,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Custom Domain Claimed Message Text"; + description: "Get the custom text of the domain claimed message/email that is configured on the organization. The message is sent when an organization claims a domain and a user of this domain exists in another organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for domain claimed message rpc GetDefaultDomainClaimedMessageText(GetDefaultDomainClaimedMessageTextRequest) returns (GetDefaultDomainClaimedMessageTextResponse) { option (google.api.http) = { get: "/text/default/message/domainclaimed/{language}"; @@ -4050,11 +5835,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Default Domain Claimed Message Text"; + description: "Get the default text of the domain claimed message/email that is set on the instance or as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an organization claims a domain and a user of this domain exists in another organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the custom text for domain claimed message - // The Following Variables can be used: - // {{.Domain}} {{.TempUsername}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}} rpc SetCustomDomainClaimedMessageCustomText(SetCustomDomainClaimedMessageTextRequest) returns (SetCustomDomainClaimedMessageTextResponse) { option (google.api.http) = { put: "/text/message/domainclaimed/{language}"; @@ -4064,10 +5860,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Set Custom Domain Claimed Message Text"; + description: "Set the custom text of the domain claimed message/email for the organization. The message/email is sent when an organization claims a domain and a user of this domain exists in another organization. The Following Variables can be used: {{.Domain}} {{.TempUsername}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom domain claimed message text of the organization - // The default text of the IAM will trigger after rpc ResetCustomDomainClaimedMessageTextToDefault(ResetCustomDomainClaimedMessageTextToDefaultRequest) returns (ResetCustomDomainClaimedMessageTextToDefaultResponse) { option (google.api.http) = { delete: "/text/message/domainclaimed/{language}" @@ -4076,9 +5884,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Reset Custom Domain Claimed Message Text to Default"; + description: "Removes the custom text of the domain claimed message that is configured on the organization and triggers the text from the instance or translation files in ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for passwordless link message rpc GetCustomPasswordlessRegistrationMessageText(GetCustomPasswordlessRegistrationMessageTextRequest) returns (GetCustomPasswordlessRegistrationMessageTextResponse) { option (google.api.http) = { get: "/text/message/passwordless_registration/{language}"; @@ -4087,9 +5908,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Custom Passwordless Registration Message Text"; + description: "Get the custom text of the passwordless/passkey registration message/email that is configured on the organization. The message is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for passwordless link message rpc GetDefaultPasswordlessRegistrationMessageText(GetDefaultPasswordlessRegistrationMessageTextRequest) returns (GetDefaultPasswordlessRegistrationMessageTextResponse) { option (google.api.http) = { get: "/text/default/message/passwordless_registration/{language}"; @@ -4098,11 +5932,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Default Passwordless Registration Message Text"; + description: "Get the default text of the domain claimed message/email that is configured on the instance or as translation files in ZITADEL. The message is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the custom text for passwordless link message - // The Following Variables can be used: - // {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}} rpc SetCustomPasswordlessRegistrationMessageCustomText(SetCustomPasswordlessRegistrationMessageTextRequest) returns (SetCustomPasswordlessRegistrationMessageTextResponse) { option (google.api.http) = { put: "/text/message/passwordless_registration/{language}"; @@ -4112,10 +5957,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Set Default Passwordless Registration Message Text"; + description: "Set the custom text of the passwordless/passkey registration message/email for the organization. The message/email is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom passwordless link message text of the organization - // The default text of the IAM will trigger after rpc ResetCustomPasswordlessRegistrationMessageTextToDefault(ResetCustomPasswordlessRegistrationMessageTextToDefaultRequest) returns (ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse) { option (google.api.http) = { delete: "/text/message/passwordless_registration/{language}" @@ -4124,9 +5981,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Reset Custom Passwordless Registration Message Text to Default"; + description: "Removes the custom text of the passwordless/passkey registration from the organization and therefore the default configuration from the instance or translation files will be triggered for the users." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for password change message rpc GetCustomPasswordChangeMessageText(GetCustomPasswordChangeMessageTextRequest) returns (GetCustomPasswordChangeMessageTextResponse) { option (google.api.http) = { get: "/text/message/password_change/{language}"; @@ -4135,9 +6005,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Custom Password Change Message Text"; + description: "Get the custom text of the password-changed message/email that is configured on the organization. The message is sent when the password of a user has been changed." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom text for password change link message rpc GetDefaultPasswordChangeMessageText(GetDefaultPasswordChangeMessageTextRequest) returns (GetDefaultPasswordChangeMessageTextResponse) { option (google.api.http) = { get: "/text/default/message/password_change/{language}"; @@ -4146,11 +6029,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Get Default Password Change Message Text"; + description: "Get the default text of the password-changed message/email that is configured on the instance or as translation files in ZITADEL itself. The message is sent when the password of a user has been changed." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Sets the custom text for password change message - // The Following Variables can be used: - // {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}} rpc SetCustomPasswordChangeMessageCustomText(SetCustomPasswordChangeMessageTextRequest) returns (SetCustomPasswordChangeMessageTextResponse) { option (google.api.http) = { put: "/text/message/password_change/{language}"; @@ -4160,10 +6054,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Set Custom Password Changed Message Text"; + description: "Set the custom text of the password-changed message/email for the organization. The message/email is sent when the password of a user has been changed. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}" + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom password change message text of the organization - // The default text of the IAM will trigger after rpc ResetCustomPasswordChangeMessageTextToDefault(ResetCustomPasswordChangeMessageTextToDefaultRequest) returns (ResetCustomPasswordChangeMessageTextToDefaultResponse) { option (google.api.http) = { delete: "/text/message/password_change/{language}" @@ -4172,9 +6078,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Message Texts"; + summary: "Reset Custom Password Changed Message Text to Default"; + description: "Removes the custom text of the password-changed message from the organization and therefore the default texts from the instance or translation files will be triggered for the users." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom texts for login ui rpc GetCustomLoginTexts(GetCustomLoginTextsRequest) returns (GetCustomLoginTextsResponse) { option (google.api.http) = { get: "/text/login/{language}"; @@ -4183,9 +6102,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Login Texts"; + summary: "Get Custom Login Text"; + description: "Get the custom texts for the login and register UI of ZITADEL, which are configured on the organization. The text from the organization will trigger as soon as the organization is identified (organization scope or user)." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Returns the custom texts for login ui rpc GetDefaultLoginTexts(GetDefaultLoginTextsRequest) returns (GetDefaultLoginTextsResponse) { option (google.api.http) = { get: "/text/default/login/{language}"; @@ -4194,10 +6126,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.read"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Login Texts"; + summary: "Get Default Login Text"; + description: "Get the default texts for the login and register UI of ZITADEL, which are configured on the instance or as translation files in ZITADEL itself. The text will be shown to the users of all organizations, that do not have a custom text configured. Or if the organization context is not given." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - //Sets the default custom text for login UI - //it impacts all organizations without customized login UI texts rpc SetCustomLoginText(SetCustomLoginTextsRequest) returns (SetCustomLoginTextsResponse) { option (google.api.http) = { put: "/text/login/{language}"; @@ -4207,10 +6151,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.write"; }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Login Texts"; + summary: "Set Default Login Text"; + description: "Set the custom texts for the login and register UI of ZITADEL for the organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes the custom login text of the organization - // The default text of the IAM will trigger after rpc ResetCustomLoginTextToDefault(ResetCustomLoginTextsToDefaultRequest) returns (ResetCustomLoginTextsToDefaultResponse) { option (google.api.http) = { delete: "/text/login/{language}" @@ -4219,9 +6175,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "policy.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Login Texts"; + summary: "Reset Custom Login Text to Default"; + description: "Removes the custom texts for the login and register UI from the organization and therefore the configuration of the instance or the translation files in ZITADEL itself will trigger." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns a identity provider configuration of the organization rpc GetOrgIDPByID(GetOrgIDPByIDRequest) returns (GetOrgIDPByIDResponse) { option (google.api.http) = { get: "/idps/{id}" @@ -4230,10 +6199,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Get Identity Provider (IDP) by ID"; + description: "Returns an identity provider (social/enterprise login) by its ID e.g Google, AzureAD, etc that is configured on the organization." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Returns all identity provider configurations in the organization, which match the query - // Limit should always be set, there is a default limit set by the service rpc ListOrgIDPs(ListOrgIDPsRequest) returns (ListOrgIDPsResponse) { option (google.api.http) = { post: "/idps/_search" @@ -4243,10 +6224,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Search Identity Providers (IDPs)"; + description: "Returns a list of identity providers (social/enterprise login) configured on the organization. e.g Google, AzureAD, etc." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a new identity provider configuration in the organization - // Provider must be OIDC compliant rpc AddOrgOIDCIDP(AddOrgOIDCIDPRequest) returns (AddOrgOIDCIDPResponse) { option (google.api.http) = { post: "/idps/oidc" @@ -4256,9 +6249,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Add OIDC Identity Provider (IDP)"; + description: "Create a new identity provider configuration on the organization to enable your users to log in with social/enterprise login. The provider has to be OIDC-compliant. This configuration can only be used by the organization itself." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Add a new jwt identity provider configuration in the organization rpc AddOrgJWTIDP(AddOrgJWTIDPRequest) returns (AddOrgJWTIDPResponse) { option (google.api.http) = { post: "/idps/jwt" @@ -4268,11 +6274,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Add JWT Identity Provider (IDP)"; + description: "Create a new identity provider configuration on the organization to enable your users to log in with social/enterprise login. JSON Web Token Identity Provider (JWT IDP) gives you the possibility to use an (existing) JWT as a federated identity. You have to provide an endpoint where ZITADEL can get the existing JWT token." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Deactivate identity provider configuration - // Users will not be able to use this provider for login (e.g Google, Microsoft, AD, etc) - // Returns error if already deactivated rpc DeactivateOrgIDP(DeactivateOrgIDPRequest) returns (DeactivateOrgIDPResponse) { option (google.api.http) = { post: "/idps/{idp_id}/_deactivate" @@ -4282,10 +6299,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Deactivate Identity Provider (IDP)"; + description: "Sets the state of the provider to inactive. It can only be called for the provider with the state active. Users will not be able to log in with the given provider afterward. It might cause troubles if it is the only authentication method of the user." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Activate identity provider configuration - // Returns error if not deactivated rpc ReactivateOrgIDP(ReactivateOrgIDPRequest) returns (ReactivateOrgIDPResponse) { option (google.api.http) = { post: "/idps/{idp_id}/_reactivate" @@ -4295,10 +6324,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Reactivate Identity Provider (IDP)"; + description: "Sets the state of the provider to active. It can only be called for providers with the state inactive. Users will not be able to log in again with the given provider." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Removes identity provider configuration - // Will remove all linked providers of this configuration on the users rpc RemoveOrgIDP(RemoveOrgIDPRequest) returns (RemoveOrgIDPResponse) { option (google.api.http) = { delete: "/idps/{idp_id}" @@ -4307,9 +6348,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Remove Identity Provider (IDP)"; + description: "Removes the identity provider permanently. All links to the given IDP on users will be deleted as well. They will not be able to log in with the provider afterward. If it is their only authentication possibility it might cause problems." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Change the identity provider configuration of the organization rpc UpdateOrgIDP(UpdateOrgIDPRequest) returns (UpdateOrgIDPResponse) { option (google.api.http) = { put: "/idps/{idp_id}" @@ -4319,9 +6373,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Update Identity Provider (IDP)"; + description: "Update an existing IDP. All fields are updated. If you do not send a value in a field, it will be empty afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Change the OIDC identity provider configuration of the organization rpc UpdateOrgIDPOIDCConfig(UpdateOrgIDPOIDCConfigRequest) returns (UpdateOrgIDPOIDCConfigResponse) { option (google.api.http) = { put: "/idps/{idp_id}/oidc_config" @@ -4331,9 +6398,22 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Update OIDC Identity Provider (IDP)"; + description: "Update the OIDC-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } - // Change the JWT identity provider configuration of the organization rpc UpdateOrgIDPJWTConfig(UpdateOrgIDPJWTConfigRequest) returns (UpdateOrgIDPJWTConfigResponse) { option (google.api.http) = { put: "/idps/{idp_id}/jwt_config" @@ -4343,6 +6423,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.idp.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Identity Providers"; + summary: "Update JWT Identity Provider (IDP)"; + description: "Update the JWT-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } // Returns all identity providers, which match the query @@ -4358,7 +6452,7 @@ service ManagementService { }; } - // Returns an identity provider of the organisation + // Returns an identity provider of the organization rpc GetProviderByID(GetProviderByIDRequest) returns (GetProviderByIDResponse) { option (google.api.http) = { get: "/idps/templates/{id}" @@ -4369,7 +6463,7 @@ service ManagementService { }; } - // Add a new OAuth2 identity provider in the organisation + // Add a new OAuth2 identity provider in the organization rpc AddGenericOAuthProvider(AddGenericOAuthProviderRequest) returns (AddGenericOAuthProviderResponse) { option (google.api.http) = { post: "/idps/oauth" @@ -4381,7 +6475,7 @@ service ManagementService { }; } - // Change an existing OAuth2 identity provider in the organisation + // Change an existing OAuth2 identity provider in the organization rpc UpdateGenericOAuthProvider(UpdateGenericOAuthProviderRequest) returns (UpdateGenericOAuthProviderResponse) { option (google.api.http) = { put: "/idps/oauth/{id}" @@ -4453,7 +6547,7 @@ service ManagementService { }; } - // Change an existing Google identity provider in the organisation + // Change an existing Google identity provider in the organization rpc UpdateGoogleProvider(UpdateGoogleProviderRequest) returns (UpdateGoogleProviderResponse) { option (google.api.http) = { put: "/idps/google/{id}" @@ -4465,7 +6559,7 @@ service ManagementService { }; } - // Add a new LDAP identity provider in the organisation + // Add a new LDAP identity provider in the organization rpc AddLDAPProvider(AddLDAPProviderRequest) returns (AddLDAPProviderResponse) { option (google.api.http) = { post: "/idps/ldap" @@ -4477,7 +6571,7 @@ service ManagementService { }; } - // Change an existing LDAP identity provider in the organisation + // Change an existing LDAP identity provider in the organization rpc UpdateLDAPProvider(UpdateLDAPProviderRequest) returns (UpdateLDAPProviderResponse) { option (google.api.http) = { put: "/idps/ldap/{id}" @@ -4510,6 +6604,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.action.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Search Actions"; + description: "Returns a list of actions matching the query. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc GetAction(GetActionRequest) returns (GetActionResponse) { @@ -4520,6 +6628,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.action.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Get Action By ID"; + description: "Returns an action by id. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc CreateAction(CreateActionRequest) returns (CreateActionResponse) { @@ -4531,6 +6653,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.action.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Create Action"; + description: "Create a new ZITADEL action. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc UpdateAction(UpdateActionRequest) returns (UpdateActionResponse) { @@ -4542,6 +6678,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.action.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Update Action"; + description: "Update an existing ZITADEL action. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc DeactivateAction(DeactivateActionRequest) returns (DeactivateActionResponse) { @@ -4553,6 +6703,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.action.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Deactivate Action"; + description: "Deactivate an existing action. The action will not be executed if configured in a flow. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc ReactivateAction(ReactivateActionRequest) returns (ReactivateActionResponse) { @@ -4564,6 +6728,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.action.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Reactivate Action"; + description: "Reactivate an existing action that is deactivated. The action will be executed again if configured in a flow. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc DeleteAction(DeleteActionRequest) returns (DeleteActionResponse) { @@ -4575,6 +6753,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.action.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Delete Action"; + description: "Remove an existing action. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc ListFlowTypes(ListFlowTypesRequest) returns (ListFlowTypesResponse) { @@ -4585,6 +6777,19 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.flow.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Search Flow Types"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc ListFlowTriggerTypes(ListFlowTriggerTypesRequest) returns (ListFlowTriggerTypesResponse) { @@ -4595,6 +6800,19 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.flow.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "List Flow Trigger Types"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc GetFlow(GetFlowRequest) returns (GetFlowResponse) { @@ -4605,6 +6823,20 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.flow.read" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Get Flow"; + description: "Returns a flow. Flows are the links between an action and a specific point during a user interaction with ZITADEL." + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc ClearFlow(ClearFlowRequest) returns (ClearFlowResponse) { @@ -4615,6 +6847,19 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.flow.delete" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Clear Flow"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } rpc SetTriggerActions(SetTriggerActionsRequest) returns (SetTriggerActionsResponse) { @@ -4626,6 +6871,19 @@ service ManagementService { option (zitadel.v1.auth_option) = { permission: "org.flow.write" }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Actions"; + summary: "Set Trigger Actions"; + parameters: { + headers: { + name: "x-zitadel-orgid"; + description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data."; + type: STRING, + required: false; + }; + }; + }; } } @@ -5707,7 +7965,15 @@ message ListOrgDomainsResponse { } message AddOrgDomainRequest { - string domain = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + string domain = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"testdomain.com\""; + } + ]; } message AddOrgDomainResponse { @@ -5728,12 +7994,28 @@ message GenerateOrgDomainValidationRequest { } message GenerateOrgDomainValidationResponse { - string token = 1; - string url = 2; + string token = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ofSBHsSAVHAoTIE4Iv2gwhaYhTjcY5QX\""; + } + ]; + string url = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"https://testdomain.com/.well-known/zitadel-challenge/ofSBHsSAVHAoTIE4Iv2gwhaYhTjcY5QX\""; + } + ]; } + message ValidateOrgDomainRequest { - string domain = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + string domain = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"testdomain.com\""; + } + ]; } message ValidateOrgDomainResponse { @@ -5752,7 +8034,11 @@ message SetPrimaryOrgDomainResponse { message ListOrgMemberRolesRequest {} message ListOrgMemberRolesResponse { - repeated string result = 1; + repeated string result = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"ORG_OWNER\", \"ORG_OWNER_VIEWER\", \"...\"]"; + } + ]; } message ListOrgMembersRequest { @@ -5771,7 +8057,12 @@ message ListOrgMembersResponse { message AddOrgMemberRequest { string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string roles = 2; + repeated string roles = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"IAM_OWNER\"]"; + description: "If no roles are provided the user won't have any rights" + } + ]; } message AddOrgMemberResponse { zitadel.v1.ObjectDetails details = 1; @@ -5779,7 +8070,12 @@ message AddOrgMemberResponse { message UpdateOrgMemberRequest { string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string roles = 2; + repeated string roles = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"IAM_OWNER\"]"; + description: "If no roles are provided the user won't have any rights" + } + ]; } message UpdateOrgMemberResponse { @@ -5799,7 +8095,7 @@ message ListOrgMetadataRequest { repeated zitadel.metadata.v1.MetadataQuery queries = 2 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { title: "Medata Query" - description: "Metadata object specific queries." + description: "Metadata object-specific queries." }]; } @@ -5875,7 +8171,12 @@ message BulkRemoveOrgMetadataResponse { } message GetProjectByIDRequest { - string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + string id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629026806489455\""; + } + ]; } message GetProjectByIDResponse { @@ -6039,7 +8340,11 @@ message ListProjectMemberRolesRequest {} message ListProjectMemberRolesResponse { zitadel.v1.ListDetails details = 1; - repeated string result = 2; + repeated string result = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"PROJECT_OWNER\", \"PROJECT_OWNER_VIEWER\", \"...\"]"; + } + ]; } message AddProjectRoleRequest { @@ -6186,7 +8491,12 @@ message ListProjectMembersResponse { message AddProjectMemberRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string user_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string roles = 3; + repeated string roles = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"PROJECT_OWNER\"]"; + description: "If no roles are provided the user won't have any rights" + } + ]; } message AddProjectMemberResponse { @@ -6196,7 +8506,12 @@ message AddProjectMemberResponse { message UpdateProjectMemberRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string user_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string roles = 3; + repeated string roles = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"PROJECT_OWNER\"]"; + description: "If no roles are provided the user won't have any rights" + } + ]; } message UpdateProjectMemberResponse { @@ -6262,25 +8577,77 @@ message AddOIDCAppRequest { repeated string redirect_uris = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "[\"http://localhost:4200/auth/callback\"]"; + description: "Callback URI of the authorization request where the code or tokens will be sent to"; + } + ]; + repeated zitadel.app.v1.OIDCResponseType response_types = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Determines whether a code, id_token token or just id_token will be returned" + } + ]; + repeated zitadel.app.v1.OIDCGrantType grant_types = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "The flow type the application uses to gain access"; + } + ]; + zitadel.app.v1.OIDCAppType app_type = 6 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Determines the paradigm of the application"; + } + ]; + zitadel.app.v1.OIDCAuthMethodType auth_method_type = 7 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines how the application passes login credentials"; } ]; - repeated zitadel.app.v1.OIDCResponseType response_types = 4; - repeated zitadel.app.v1.OIDCGrantType grant_types = 5; - zitadel.app.v1.OIDCAppType app_type = 6 [(validate.rules).enum = {defined_only: true}]; - zitadel.app.v1.OIDCAuthMethodType auth_method_type = 7 [(validate.rules).enum = {defined_only: true}]; repeated string post_logout_redirect_uris = 8 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "[\"http://localhost:4200/signedout\"]"; + description: "ZITADEL will redirect to this link after a successful logout"; } ]; zitadel.app.v1.OIDCVersion version = 9 [(validate.rules).enum = {defined_only: true}]; - bool dev_mode = 10; - zitadel.app.v1.OIDCTokenType access_token_type = 11 [(validate.rules).enum = {defined_only: true}]; - bool access_token_role_assertion = 12; - bool id_token_role_assertion = 13; - bool id_token_userinfo_assertion = 14; - google.protobuf.Duration clock_skew = 15 [(validate.rules).duration = {gte: {}, lte: {seconds: 5}}]; - repeated string additional_origins = 16; + bool dev_mode = 10 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Used for development, some checks of the OIDC specification will not be checked."; + } + ]; + zitadel.app.v1.OIDCTokenType access_token_type = 11 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Type of the access token returned from ZITADEL"; + } + ]; + bool access_token_role_assertion = 12 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes"; + } + ]; + bool id_token_role_assertion = 13 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Adds roles to the claims of the id token even if they are not requested by scopes"; + } + ]; + bool id_token_userinfo_assertion = 14 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification"; + } + ]; + google.protobuf.Duration clock_skew = 15 [ + (validate.rules).duration = {gte: {}, lte: {seconds: 5}}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims"; + example: "\"1s\""; + } + ]; + repeated string additional_origins = 16 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"https://console.zitadel.ch/auth/callback\"]"; + description: "Additional origins (other than the redirect_uris) from where the API can be used"; + } + ]; } message AddOIDCAppResponse { @@ -6288,13 +8655,13 @@ message AddOIDCAppResponse { zitadel.v1.ObjectDetails details = 2; string client_id = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"gjöq34589uasgh\""; - description: "generated secret for this config"; + example: "\"1035496534033449\""; + description: "generated client id for this config"; } ]; string client_secret = 4 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"gjöq34589uasgh\""; + example: "\"gjoq34589uasgh\""; description: "generated secret for this config"; } ]; @@ -6304,7 +8671,15 @@ message AddOIDCAppResponse { message AddSAMLAppRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; + string name = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"MySAMLApp\""; + } + ]; oneof metadata { option (validate.required) = true; bytes metadata_xml = 3 [(validate.rules).bytes.max_len = 500000]; @@ -6319,7 +8694,15 @@ message AddSAMLAppResponse { message AddAPIAppRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; + string name = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"MyAPIApp\""; + } + ]; zitadel.app.v1.APIAuthMethodType auth_method_type = 3 [(validate.rules).enum = {defined_only: true}]; } @@ -6328,13 +8711,13 @@ message AddAPIAppResponse { zitadel.v1.ObjectDetails details = 2; string client_id = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"gjöq34589uasgh\""; + example: "\"3950723409029374\""; description: "generated secret for this config"; } ]; string client_secret = 4 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"gjöq34589uasgh\""; + example: "\"gjoq34589uasgh\""; description: "generated secret for this config"; } ]; @@ -6343,7 +8726,15 @@ message AddAPIAppResponse { message UpdateAppRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string name = 5 [(validate.rules).string = {min_len: 1, max_len: 200}]; + string name = 5 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"MyApplicationName\""; + min_length: 1; + max_length: 200; + } + ]; } message UpdateAppResponse { @@ -6354,19 +8745,79 @@ message UpdateOIDCAppConfigRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string redirect_uris = 3; - repeated zitadel.app.v1.OIDCResponseType response_types = 4; - repeated zitadel.app.v1.OIDCGrantType grant_types = 5; - zitadel.app.v1.OIDCAppType app_type = 6 [(validate.rules).enum = {defined_only: true}]; - zitadel.app.v1.OIDCAuthMethodType auth_method_type = 7 [(validate.rules).enum = {defined_only: true}]; - repeated string post_logout_redirect_uris = 8; - bool dev_mode = 9; - zitadel.app.v1.OIDCTokenType access_token_type = 10 [(validate.rules).enum = {defined_only: true}]; - bool access_token_role_assertion = 11; - bool id_token_role_assertion = 12; - bool id_token_userinfo_assertion = 13; - google.protobuf.Duration clock_skew = 14 [(validate.rules).duration = {gte: {}, lte: {seconds: 5}}]; - repeated string additional_origins = 15; + repeated string redirect_uris = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"http://localhost:4200/auth/callback\"]"; + description: "Callback URI of the authorization request where the code or tokens will be sent to"; + } + ]; + repeated zitadel.app.v1.OIDCResponseType response_types = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Determines whether a code, id_token token or just id_token will be returned" + } + ]; + repeated zitadel.app.v1.OIDCGrantType grant_types = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "The flow type the application uses to gain access"; + } + ]; + zitadel.app.v1.OIDCAppType app_type = 6 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Determines the paradigm of the application"; + } + ]; + zitadel.app.v1.OIDCAuthMethodType auth_method_type = 7 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines how the application passes login credentials"; + } + ]; + repeated string post_logout_redirect_uris = 8 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"http://localhost:4200/signedout\"]"; + description: "ZITADEL will redirect to this link after a successful logout"; + } + ]; + bool dev_mode = 9 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Used for development, some checks of the OIDC specification will not be checked."; + } + ]; + zitadel.app.v1.OIDCTokenType access_token_type = 10 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Type of the access token returned from ZITADEL"; + } + ]; + bool access_token_role_assertion = 11 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes"; + } + ]; + bool id_token_role_assertion = 12 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Adds roles to the claims of the id token even if they are not requested by scopes"; + } + ]; + bool id_token_userinfo_assertion = 13 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification"; + } + ]; + google.protobuf.Duration clock_skew = 14 [ + (validate.rules).duration = {gte: {}, lte: {seconds: 5}}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims"; + example: "\"1s\""; + } + ]; + repeated string additional_origins = 15 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"https://console.zitadel.ch/auth/callback\"]"; + description: "Additional origins (other than the redirect_uris) from where the API can be used"; + } + ]; } message UpdateOIDCAppConfigResponse { @@ -6433,7 +8884,7 @@ message RegenerateOIDCClientSecretRequest { message RegenerateOIDCClientSecretResponse { string client_secret = 1 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"gjöq34589uasgh\""; + example: "\"gjoq34589uasgh\""; description: "generated secret for the client"; } ]; @@ -6446,7 +8897,12 @@ message RegenerateAPIClientSecretRequest { } message RegenerateAPIClientSecretResponse { - string client_secret = 1; + string client_secret = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"k3n0fnslei93nps9\""; + description: "generated secret for the client"; + } + ]; zitadel.v1.ObjectDetails details = 2; } @@ -6474,7 +8930,12 @@ message ListAppKeysResponse { message AddAppKeyRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - zitadel.authn.v1.KeyType type = 3 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; + zitadel.authn.v1.KeyType type = 3 [ + (validate.rules).enum = {defined_only: true, not_in: [0]}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"KEY_TYPE_JSON\""; + } + ]; google.protobuf.Timestamp expiration_date = 4 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"2519-04-01T08:45:00.000000Z\""; @@ -6484,9 +8945,17 @@ message AddAppKeyRequest { } message AddAppKeyResponse { - string id = 1; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"28746028909593987\""; + } + ]; zitadel.v1.ObjectDetails details = 2; - bytes key_details = 3; + bytes key_details = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"eyJ0eXBlIjoiYXBwbGljYXRpb24iLCJrZXlJZCI6IjIwMjcxMDE4NjYyMjcxNDExMyIsImtleSI6Ii0tLS0tQkVHSU4gUlNBIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUVvd0lCQUFLQ0FRRUFuMUxyNStTV0pGRllURU1kaXQ2U0dNY0E2Yks5dG0xMmhlcm55V0wrZm9PWnA3eEVcbk9wcmsvWE81QVplSU5NY0x0ZVhxckJlK1NPdVVNMFpLU2xCMHFTNzNjVStDVTVMTGoycVB0UzhNOFI0N3BGdFhcbjJXRTFJNjNhZHB1N01TejA2SXduQ2lyNnJYOTVPQ2ZneHA3VU1Dd0pSTUZmYXJqdjVBRXY3NXpsSS9lYUV6bUJcbkxKWU1xanZFRmZoN2x3M2lPT3VsWW9kNjNpN3RDNWl5czNlYjNLZW4yWU0rN1FSbXB2dE5qcTJMVmlIMnkrUGJcbk9ESlI3MU9ib05TYVJDNTZDUFpWVytoWDByYXI3VzMwUjI2eGtIQ09oSytQbUpSeGtOY0g1VTdja0xXMEw0WEVcbnNNZkVUSmszeDR3Q0psbisxbElXUzkrNmw0R1E2TWRzWURyOU5RSURBUUFCQW9JQkFCSkx6WGQxMHFBZEQwekNcbnNGUFFOMnJNLzVmV3hONThONDR0YWF6QXg0VHp5K050UlZDTmxScGQvYkxuR2VjbHJIeVpDSmYycWcxcHNEMHJcbkowRGRlR2d0VXBFYWxsYk9scjNEZVBsUGkrYnNsK0RKOUk2c0VSUWwxTjZtQjVzZ0ZJZllBR3UwZjlFSXdIem9cblozR25yNnBRaEVmM0JPUVdsTVhVTlJNSksyOHp3M2E1L01nRmtKVUZUSTUzeXFwbGRtZ2hLajRZR1hLRk1LUGhcbkV3RkxrRncwK2s3K0xuSjFQNGp1ZVd1RXo3WlAyaFpvUWxCcXdSajVyTG9QZ05RbUU4UytFVDRuczlUYzByOFFcbnFyaHlacDZBczJrTDhGTytCZnF3SVpDZnpnWHN2cC9PLzRaSHIzVTB2Ymp3UW1sSzdVSm42U0J6T2hpWFpNU0lcbk5Wc0V5VUVDZ1lFQTFEaktkRGo3NTM1MWQzdlRNQlRFd2JSQ3hoUVZOdENFMnMwVUw4ckJQZ1I0K1dlblNUWmFcbnprWUprcEV0bE54VGxzYnN1Y0RTUXZqeWRYYk5nSHFBeDYzMm1vdTVkak9lR0VTUDFWVGtUdElsZFZQZWszQWxcbjVYbkpQa1dqWGVyVVJZNm5KeUQ5UWhlREx3MVp4NEFYVzNHWURiTFkrT05XV0VKUlJaQUloNjBDZ1lFQXdEQ2xcbnc1MHc4dkcvbEJ4RzNSYW9FaHdLOWNna1VXOHk2T25DekNwcEtjOEZUUmY1VE5iWjl5TzNXUmdYajhkeHRCakFcbkl5VGlzYk9NQk1VaFZKUUtGZHRQaDhoVDBwRkRjeE9ndzY0aHBtYzhyY2RTbXVKNzlYSVRTaHUySjA0N0UvNFZcbnJOTThpWVk5ZGR3VGdGUUlsdFNZL0l0RnFxWERmdjhqK1dVY25La0NnWUVBaENOUU80bDNuNjRucWR2WnBTaHBcblVrclJBTkJrWFJyOGZkZ1BaNnFSSS9KWStNSEhjVmg4dGM3NkN0NkdTUmZlbkJVRU5LeVF2czZPK1FDZCtBOU9cbnZBWGZkRjduZldlcVdtWG1RT2g0dDNNMWk1WkxFZlpVUWt2UU9BdllLcFFhMDZ4OCsyb1pCdHZvL0pVTmY2Q0xcbjZvNFNKUVZrLzZOZGtkckpDODBnNG9rQ2dZQkZsNWYrbkVYa1F0dWZVeG5wNXRGWE5XWldsM0ZuTjMvVXpRaW5cbmkxZm5OcnB4cnhPcjJrUzA4KzdwU1FzSEdpNDNDNXRQWG9UajJlTUN1eXNWaUVHYXBuNUc2YWhJb0NjdlhWVWlcblprUnpFQUR0NERZdU5ZS3pYdXBUTkhPaUNmYmtoMlhyM2RXVzZ0QUloSGRmU1k2T3AwNzZhNmYvWWVUSGNMWGpcbkVkVHBlUUtCZ0FPdnBqcDQ4TzRUWEZkU0JLSnYya005OHVhUjlSQURtdGxTWHd2cTlyQkhTV084NFk4bzE0L1Bcbkl1UmxUOHhROGRYKzhMR21UUCtjcUtiOFFRQ1grQk1YUWxMSEVtWnpnb0xFa0pGMUVIMm4vZEZ5bngxS3prdFNcbm9UZUdsRzZhbXhVOVh4eW9RVFlEVGJCbERwc2FZUlFBZ2FUQzM3UVZRUjhmK1ZoRzFHSFFcbi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tXG4iLCJhcHBJZCI6IjIwMjcwNjM5ODgxMzg4MDU3NyIsImNsaWVudElkIjoiMjAyNzA2Mzk4ODEzOTQ2MTEzQG15dGVzdHByb2plY3QifQ==\""; + } + ]; } message RemoveAppKeyRequest { @@ -6549,19 +9018,36 @@ message ListAllProjectGrantsResponse { message AddProjectGrantRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string granted_org_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string role_keys = 3; + string granted_org_id = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"28746028909593987\"" + } + ]; + repeated string role_keys = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"RoleKey1\", \"RoleKey2\"]"; + } + ]; } message AddProjectGrantResponse { - string grant_id = 1; + string grant_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"28746028909593987\"" + } + ]; zitadel.v1.ObjectDetails details = 2; } message UpdateProjectGrantRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string role_keys = 3; + repeated string role_keys = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"RoleKey1\", \"RoleKey2\"]"; + } + ]; } message UpdateProjectGrantResponse { @@ -6600,7 +9086,11 @@ message ListProjectGrantMemberRolesRequest { message ListProjectGrantMemberRolesResponse { zitadel.v1.ListDetails details = 1; - repeated string result = 2; + repeated string result = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"PROJECT_GRANT_OWNER\", \"PROJECT_GRANT_OWNER_VIEWER\", \"...\"]"; + } + ]; } message ListProjectGrantMembersRequest { @@ -6620,8 +9110,21 @@ message ListProjectGrantMembersResponse { message AddProjectGrantMemberRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string user_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string roles = 4; + string user_id = 3 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629012906488334\""; + } + ]; + repeated string roles = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"PROJECT_GRANT_OWNER\"]"; + description: "If no roles are provided the user won't have any rights" + } + ]; } message AddProjectGrantMemberResponse { @@ -6631,8 +9134,21 @@ message AddProjectGrantMemberResponse { message UpdateProjectGrantMemberRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string user_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string roles = 4; + string user_id = 3 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629012906488334\""; + } + ]; + repeated string roles = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"PROJECT_GRANT_OWNER\"]"; + description: "If no roles are provided the user won't have any rights" + } + ]; } message UpdateProjectGrantMemberResponse { @@ -6671,10 +9187,36 @@ message ListUserGrantResponse { } message AddUserGrantRequest { - string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string project_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string project_grant_id = 3 [(validate.rules).string = {max_len: 200}]; - repeated string role_keys = 4; + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + example: "\"69629026806489455\""; + } + ]; + string project_id = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"58949026806489455\""; + } + ]; + string project_grant_id = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"9847026806489455\""; + description: "Make sure to fill in the project grant id if the user grant is for a granted project and the organization is not the owner of the project."; + } + ]; + repeated string role_keys = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"RoleKey1\", \"RoleKey2\"]" + } + ]; } message AddUserGrantResponse { @@ -6685,7 +9227,11 @@ message AddUserGrantResponse { message UpdateUserGrantRequest { string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string role_keys = 3; + repeated string role_keys = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"RoleKey1\", \"RoleKey2\"]" + } + ]; } message UpdateUserGrantResponse { @@ -6720,7 +9266,11 @@ message RemoveUserGrantResponse { } message BulkRemoveUserGrantRequest { - repeated string grant_id = 1; + repeated string grant_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"9384786806489455\", \"2984754806489455\"]" + } + ]; } message BulkRemoveUserGrantResponse {} @@ -6864,7 +9414,13 @@ message ListLoginPolicyIDPsResponse { message AddIDPToLoginPolicyRequest { string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - zitadel.idp.v1.IDPOwnerType ownerType = 2 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; + zitadel.idp.v1.IDPOwnerType ownerType = 2 [ + (validate.rules).enum = {defined_only: true, not_in: [0]}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"IDP_OWNER_TYPE_SYSTEM\"]"; + description: "Choose IDP_OWNER_TYPE_SYSTEM if the configuration is made on the instance and IDP_OWNER_TYPE_ORG if the configuration is made on the organization." + } + ]; } message AddIDPToLoginPolicyResponse { @@ -6883,11 +9439,20 @@ message ListLoginPolicySecondFactorsRequest {} message ListLoginPolicySecondFactorsResponse { zitadel.v1.ListDetails details = 1; - repeated zitadel.policy.v1.SecondFactorType result = 2; + repeated zitadel.policy.v1.SecondFactorType result = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"SECOND_FACTOR_TYPE_OTP\"]" + } + ]; } message AddSecondFactorToLoginPolicyRequest { - zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; + zitadel.policy.v1.SecondFactorType type = 1 [ + (validate.rules).enum = {defined_only: true, not_in: [0]}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"SECOND_FACTOR_TYPE_OTP\""; + } + ]; } message AddSecondFactorToLoginPolicyResponse { zitadel.v1.ObjectDetails details = 1; @@ -6905,11 +9470,20 @@ message ListLoginPolicyMultiFactorsRequest {} message ListLoginPolicyMultiFactorsResponse { zitadel.v1.ListDetails details = 1; - repeated zitadel.policy.v1.MultiFactorType result = 2; + repeated zitadel.policy.v1.MultiFactorType result = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION\"]" + } + ]; } message AddMultiFactorToLoginPolicyRequest { - zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; + zitadel.policy.v1.MultiFactorType type = 1 [ + (validate.rules).enum = {defined_only: true, not_in: [0]}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION\""; + } + ]; } message AddMultiFactorToLoginPolicyResponse { @@ -6929,7 +9503,11 @@ message GetPasswordComplexityPolicyRequest {} message GetPasswordComplexityPolicyResponse { zitadel.policy.v1.PasswordComplexityPolicy policy = 1; //deprecated: is_default is also defined in zitadel.policy.v1.PasswordComplexityPolicy - bool is_default = 2; + bool is_default = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Deprecated: Is defined in the policy itself" + } + ]; } //This is an empty request @@ -6940,11 +9518,31 @@ message GetDefaultPasswordComplexityPolicyResponse { } message AddCustomPasswordComplexityPolicyRequest { - uint64 min_length = 1; - bool has_uppercase = 2; - bool has_lowercase = 3; - bool has_number = 4; - bool has_symbol = 5; + uint64 min_length = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"8\"" + } + ]; + bool has_uppercase = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines if the password MUST contain an upper case letter" + } + ]; + bool has_lowercase = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines if the password MUST contain a lowercase letter" + } + ]; + bool has_number = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines if the password MUST contain a number" + } + ]; + bool has_symbol = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines if the password MUST contain a symbol. E.g. \"$\"" + } + ]; } message AddCustomPasswordComplexityPolicyResponse { @@ -6952,11 +9550,31 @@ message AddCustomPasswordComplexityPolicyResponse { } message UpdateCustomPasswordComplexityPolicyRequest { - uint64 min_length = 1; - bool has_uppercase = 2; - bool has_lowercase = 3; - bool has_number = 4; - bool has_symbol = 5; + uint64 min_length = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"8\"" + } + ]; + bool has_uppercase = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines if the password MUST contain an upper case letter" + } + ]; + bool has_lowercase = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines if the password MUST contain a lowercase letter" + } + ]; + bool has_number = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Defines if the password MUST contain a number" + } + ]; + bool has_symbol = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain a symbol. E.g. \"$\"" + } + ]; } message UpdateCustomPasswordComplexityPolicyResponse { @@ -7028,7 +9646,11 @@ message GetDefaultLockoutPolicyResponse { } message AddCustomLockoutPolicyRequest { - uint32 max_password_attempts = 1; + uint32 max_password_attempts = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "When the user has reached the maximum password attempts the account will be locked, If this is set to 0 the lockout will not trigger." + } + ]; } message AddCustomLockoutPolicyResponse { @@ -7036,7 +9658,11 @@ message AddCustomLockoutPolicyResponse { } message UpdateCustomLockoutPolicyRequest { - uint32 max_password_attempts = 1; + uint32 max_password_attempts = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "When the user has reached the maximum password attempts the account will be locked, If this is set to 0 the lockout will not trigger." + } + ]; } message UpdateCustomLockoutPolicyResponse { @@ -7065,9 +9691,24 @@ message GetDefaultPrivacyPolicyResponse { } message AddCustomPrivacyPolicyRequest { - string tos_link = 1; - string privacy_link = 2; - string help_link = 3; + string tos_link = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If registration is enabled, the user has to accept the TOS. Variable {{.Lang}} can be set to have different links based on the language."; + example: "\"https://zitadel.com/docs/legal/terms-of-service\""; + } + ]; + string privacy_link = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If registration is enabled, the user has to accept the privacy terms. Variable {{.Lang}} can be set to have different links based on the language."; + example: "\"https://zitadel.com/docs/legal/privacy-policy\""; + } + ]; + string help_link = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Variable {{.Lang}} can be set to have different links based on the language."; + example: "\"https://zitadel.com/docs/manuals/introduction\""; + } + ]; } message AddCustomPrivacyPolicyResponse { @@ -7075,9 +9716,24 @@ message AddCustomPrivacyPolicyResponse { } message UpdateCustomPrivacyPolicyRequest { - string tos_link = 1; - string privacy_link = 2; - string help_link = 3; + string tos_link = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If registration is enabled, the user has to accept the TOS. Variable {{.Lang}} can be set to have different links based on the language."; + example: "\"https://zitadel.com/docs/legal/terms-of-service\""; + } + ]; + string privacy_link = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If registration is enabled, the user has to accept the privacy terms. Variable {{.Lang}} can be set to have different links based on the language."; + example: "\"https://zitadel.com/docs/legal/privacy-policy\""; + } + ]; + string help_link = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Variable {{.Lang}} can be set to have different links based on the language."; + example: "\"https://zitadel.com/docs/manuals/introduction\""; + } + ]; } message UpdateCustomPrivacyPolicyResponse { @@ -7106,7 +9762,11 @@ message GetDefaultNotificationPolicyResponse { } message AddCustomNotificationPolicyRequest { - bool password_change = 1; + bool password_change = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If set to true the users will get a notification whenever their password has been changed."; + } + ]; } message AddCustomNotificationPolicyResponse { @@ -7114,7 +9774,11 @@ message AddCustomNotificationPolicyResponse { } message UpdateCustomNotificationPolicyRequest { - bool password_change = 1; + bool password_change = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If set to true the users will get a notification whenever their password has been changed."; + } + ]; } message UpdateCustomNotificationPolicyResponse { @@ -7154,20 +9818,76 @@ message GetDefaultLabelPolicyResponse { } message AddCustomLabelPolicyRequest { - string primary_color = 1 [(validate.rules).string = {max_len: 50}]; + string primary_color = 1 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Represents a color scheme" + example: "\"#353535\""; + max_length: 50; + } + ]; // hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set bool hide_login_name_suffix = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set"; } ]; - string warn_color = 4 [(validate.rules).string = {max_len: 50}]; - string background_color = 5 [(validate.rules).string = {max_len: 50}]; - string font_color = 6 [(validate.rules).string = {max_len: 50}]; - string primary_color_dark = 7 [(validate.rules).string = {max_len: 50}]; - string background_color_dark = 8 [(validate.rules).string = {max_len: 50}]; - string warn_color_dark = 9 [(validate.rules).string = {max_len: 50}]; - string font_color_dark = 10 [(validate.rules).string = {max_len: 50}]; + string warn_color = 4 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for warn color"; + example: "\"#CD3D56\""; + max_length: 50; + } + ]; + string background_color = 5 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for background color"; + example: "\"#FAFAFA\""; + max_length: 50; + } + ]; + string font_color = 6 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for font color"; + example: "\"#000000\""; + max_length: 50; + } + ]; + string primary_color_dark = 7 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for the primary color dark theme"; + example: "\"#BBBAFA\""; + max_length: 50; + } + ]; + string background_color_dark = 8 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for background color dark theme"; + example: "\"#111827\""; + max_length: 50; + } + ]; + string warn_color_dark = 9 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for warning color dark theme"; + example: "\"#FF3B5B\""; + max_length: 50; + } + ]; + string font_color_dark = 10 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for font color dark theme"; + example: "\"#FFFFFF\""; + max_length: 50; + } + ]; bool disable_watermark = 11; } @@ -7182,13 +9902,62 @@ message UpdateCustomLabelPolicyRequest { description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set"; } ]; - string warn_color = 4 [(validate.rules).string = {max_len: 50}]; - string background_color = 5 [(validate.rules).string = {max_len: 50}]; - string font_color = 6 [(validate.rules).string = {max_len: 50}]; - string primary_color_dark = 7 [(validate.rules).string = {max_len: 50}]; - string background_color_dark = 8 [(validate.rules).string = {max_len: 50}]; - string warn_color_dark = 9 [(validate.rules).string = {max_len: 50}]; - string font_color_dark = 10 [(validate.rules).string = {max_len: 50}]; + string warn_color = 4 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for warn color"; + example: "\"#CD3D56\""; + max_length: 50; + } + ]; + string background_color = 5 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for background color"; + example: "\"#FAFAFA\""; + max_length: 50; + } + ]; + string font_color = 6 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for font color"; + example: "\"#000000\""; + max_length: 50; + } + ]; + string primary_color_dark = 7 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for the primary color dark theme"; + example: "\"#BBBAFA\""; + max_length: 50; + } + ]; + string background_color_dark = 8 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for background color dark theme"; + example: "\"#111827\""; + max_length: 50; + } + ]; + string warn_color_dark = 9 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for warning color dark theme"; + example: "\"#FF3B5B\""; + max_length: 50; + } + ]; + string font_color_dark = 10 [ + (validate.rules).string = {max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for font color dark theme"; + example: "\"#FFFFFF\""; + max_length: 50; + } + ]; bool disable_watermark = 11; } @@ -7268,12 +10037,48 @@ message SetCustomInitMessageTextRequest { example: "\"de\"" } ]; - string title = 2 [(validate.rules).string = {max_len: 200}]; - string pre_header = 3 [(validate.rules).string = {max_len: 200}]; - string subject = 4 [(validate.rules).string = {max_len: 200}]; - string greeting = 5 [(validate.rules).string = {max_len: 200}]; - string text = 6 [(validate.rules).string = {max_len: 800}]; - string button_text = 7 [(validate.rules).string = {max_len: 200}]; + string title = 2 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL - Initialize User\"" + max_length: 200; + } + ]; + string pre_header = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Initialize User\"" + max_length: 200; + } + ]; + string subject = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Initialize User\"" + max_length: 200; + } + ]; + string greeting = 5 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Hello {{.FirstName}} {{.LastName}},\"" + max_length: 200; + } + ]; + string text = 6 [ + (validate.rules).string = {max_len: 800}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"This user was created in Zitadel. Use the username {{.PreferredLoginName}} to log in. Please click the button below to finish the initialization process. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.\"" + max_length: 800; + } + ]; + string button_text = 7 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Finish initialization\"" + max_length: 200; + } + ]; string footer_text = 8 [(validate.rules).string = {max_len: 200}]; } @@ -7382,12 +10187,48 @@ message SetCustomPasswordResetMessageTextRequest { example: "\"de\"" } ]; - string title = 2 [(validate.rules).string = {max_len: 200}]; - string pre_header = 3 [(validate.rules).string = {max_len: 200}]; - string subject = 4 [(validate.rules).string = {max_len: 200}]; - string greeting = 5 [(validate.rules).string = {max_len: 200}]; - string text = 6 [(validate.rules).string = {max_len: 800}]; - string button_text = 7 [(validate.rules).string = {max_len: 200}]; + string title = 2 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL - Reset Password\"" + max_length: 200; + } + ]; + string pre_header = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Reset Password\"" + max_length: 200; + } + ]; + string subject = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Reset Password\"" + max_length: 200; + } + ]; + string greeting = 5 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Hello {{.FirstName}} {{.LastName}},\"" + max_length: 200; + } + ]; + string text = 6 [ + (validate.rules).string = {max_len: 800}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"We received a password reset request. Please use the button below to reset your password. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.\"" + max_length: 800; + } + ]; + string button_text = 7 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Reset Password\"" + max_length: 200; + } + ]; string footer_text = 8 [(validate.rules).string = {max_len: 200}]; } @@ -7426,12 +10267,48 @@ message SetCustomVerifyEmailMessageTextRequest { example: "\"de\"" } ]; - string title = 2 [(validate.rules).string = {max_len: 200}]; - string pre_header = 3 [(validate.rules).string = {max_len: 200}]; - string subject = 4 [(validate.rules).string = {max_len: 200}]; - string greeting = 5 [(validate.rules).string = {max_len: 200}]; - string text = 6 [(validate.rules).string = {max_len: 800}]; - string button_text = 7 [(validate.rules).string = {max_len: 200}]; + string title = 2 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL - Verify Email\"" + max_length: 200; + } + ]; + string pre_header = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Verify Email\"" + max_length: 200; + } + ]; + string subject = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Verify Email\"" + max_length: 200; + } + ]; + string greeting = 5 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Hello {{.FirstName}} {{.LastName}},\"" + max_length: 200; + } + ]; + string text = 6 [ + (validate.rules).string = {max_len: 800}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"A new email has been added. Please use the button below to verify your mail. (Code {{.Code}}) If you didn't add a new email, please ignore this email.\"" + max_length: 800; + } + ]; + string button_text = 7 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Verify Email\"" + max_length: 200; + } + ]; string footer_text = 8 [(validate.rules).string = {max_len: 200}]; } @@ -7470,12 +10347,48 @@ message SetCustomVerifyPhoneMessageTextRequest { example: "\"de\"" } ]; - string title = 2 [(validate.rules).string = {max_len: 200}]; - string pre_header = 3 [(validate.rules).string = {max_len: 200}]; - string subject = 4 [(validate.rules).string = {max_len: 200}]; - string greeting = 5 [(validate.rules).string = {max_len: 200}]; - string text = 6 [(validate.rules).string = {max_len: 800}]; - string button_text = 7 [(validate.rules).string = {max_len: 200}]; + string title = 2 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL - Verify Phone\"" + max_length: 200; + } + ]; + string pre_header = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Verify Phone\"" + max_length: 200; + } + ]; + string subject = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Verify Phone\"" + max_length: 200; + } + ]; + string greeting = 5 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Hello {{.FirstName}} {{.LastName}},\"" + max_length: 200; + } + ]; + string text = 6 [ + (validate.rules).string = {max_len: 800}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"A new phone number has been added. Please use the following code to verify it {{.Code}}.\"" + max_length: 800; + } + ]; + string button_text = 7 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Verify Phone\"" + max_length: 200; + } + ]; string footer_text = 8 [(validate.rules).string = {max_len: 200}]; } @@ -7514,12 +10427,48 @@ message SetCustomDomainClaimedMessageTextRequest { example: "\"de\"" } ]; - string title = 2 [(validate.rules).string = {max_len: 200}]; - string pre_header = 3 [(validate.rules).string = {max_len: 200}]; - string subject = 4 [(validate.rules).string = {max_len: 200}]; - string greeting = 5 [(validate.rules).string = {max_len: 200}]; - string text = 6 [(validate.rules).string = {max_len: 800}]; - string button_text = 7 [(validate.rules).string = {max_len: 200}]; + string title = 2 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL - Domain has been claimed\"" + max_length: 200; + } + ]; + string pre_header = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Change email / username\"" + max_length: 200; + } + ]; + string subject = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Domain has been claimed\"" + max_length: 200; + } + ]; + string greeting = 5 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Hello {{.FirstName}} {{.LastName}},\"" + max_length: 200; + } + ]; + string text = 6 [ + (validate.rules).string = {max_len: 800}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"The domain {{.Domain}} has been claimed by an organization. Your current user {{.UserName}} is not part of this organization. Therefore you'll have to change your email when you log in. We have created a temporary username ({{.TempUsername}}) for this login.\"" + max_length: 800; + } + ]; + string button_text = 7 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Login\"" + max_length: 200; + } + ]; string footer_text = 8 [(validate.rules).string = {max_len: 200}]; } @@ -7559,12 +10508,48 @@ message SetCustomPasswordlessRegistrationMessageTextRequest { example: "\"de\"" } ]; - string title = 2 [(validate.rules).string = {max_len: 200}]; - string pre_header = 3 [(validate.rules).string = {max_len: 200}]; - string subject = 4 [(validate.rules).string = {max_len: 200}]; - string greeting = 5 [(validate.rules).string = {max_len: 200}]; - string text = 6 [(validate.rules).string = {max_len: 800}]; - string button_text = 7 [(validate.rules).string = {max_len: 200}]; + string title = 2 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL - Password of the user has changed\"" + max_length: 200; + } + ]; + string pre_header = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Password Changed\"" + max_length: 200; + } + ]; + string subject = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Password of user has changed\"" + max_length: 200; + } + ]; + string greeting = 5 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Hello {{.FirstName}} {{.LastName}},\"" + max_length: 200; + } + ]; + string text = 6 [ + (validate.rules).string = {max_len: 800}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"The password of your user has changed, if this change was not done by you, please be advised to immediately reset your password.\"" + max_length: 800; + } + ]; + string button_text = 7 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Login\"" + max_length: 200; + } + ]; string footer_text = 8 [(validate.rules).string = {max_len: 200}]; } @@ -7580,7 +10565,6 @@ message ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse { zitadel.v1.ObjectDetails details = 1; } - message GetCustomPasswordChangeMessageTextRequest { string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; } @@ -7604,12 +10588,48 @@ message SetCustomPasswordChangeMessageTextRequest { example: "\"de\"" } ]; - string title = 2 [(validate.rules).string = {max_len: 200}]; - string pre_header = 3 [(validate.rules).string = {max_len: 200}]; - string subject = 4 [(validate.rules).string = {max_len: 200}]; - string greeting = 5 [(validate.rules).string = {max_len: 200}]; - string text = 6 [(validate.rules).string = {max_len: 800}]; - string button_text = 7 [(validate.rules).string = {max_len: 200}]; + string title = 2 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL - Add Passwordless Login\"" + max_length: 200; + } + ]; + string pre_header = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Add Passwordless Login\"" + max_length: 200; + } + ]; + string subject = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Add Passwordless Login\"" + max_length: 200; + } + ]; + string greeting = 5 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Hello {{.FirstName}} {{.LastName}},\"" + max_length: 200; + } + ]; + string text = 6 [ + (validate.rules).string = {max_len: 800}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"We received a request to add a token for passwordless login. Please use the button below to add your token or device for passwordless login.\"" + max_length: 800; + } + ]; + string button_text = 7 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Add Passwordless Login\"" + max_length: 200; + } + ]; string footer_text = 8 [(validate.rules).string = {max_len: 200}]; } @@ -7661,8 +10681,11 @@ message ListOrgIDPsResponse { message AddOrgOIDCIDPRequest { string name = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"google\""; + min_length: 1; + max_length: 200; } ]; zitadel.idp.v1.IDPStylingType styling_type = 2 [ @@ -7674,18 +10697,25 @@ message AddOrgOIDCIDPRequest { string client_id = 3 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { description: "client id generated by the identity provider"; + min_length: 1; + max_length: 200; } ]; string client_secret = 4 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { description: "client secret generated by the identity provider"; + min_length: 1; + max_length: 200; } ]; string issuer = 5 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"https://accounts.google.com\""; description: "the OIDC issuer of the identity provider"; @@ -7714,14 +10744,21 @@ message AddOrgOIDCIDPRequest { message AddOrgOIDCIDPResponse { zitadel.v1.ObjectDetails details = 1; - string idp_id = 2; + string idp_id = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69234230193872955\""; + } + ]; } message AddOrgJWTIDPRequest { string name = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"google\""; + min_length: 1; + max_length: 200; } ]; zitadel.idp.v1.IDPStylingType styling_type = 2 [ @@ -7732,6 +10769,7 @@ message AddOrgJWTIDPRequest { ]; string jwt_endpoint = 3 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"https://accounts.google.com\""; description: "the endpoint where the JWT can be extracted"; @@ -7741,6 +10779,7 @@ message AddOrgJWTIDPRequest { ]; string issuer = 4 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"https://accounts.google.com\""; description: "the issuer of the JWT (for validation)"; @@ -7750,6 +10789,7 @@ message AddOrgJWTIDPRequest { ]; string keys_endpoint = 5 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"https://accounts.google.com/keys\""; description: "the endpoint to the key (JWK) which is used to sign the JWT with"; @@ -7759,9 +10799,11 @@ message AddOrgJWTIDPRequest { ]; string header_name = 6 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"x-auth-token\""; description: "the name of the header where the JWT is sent in, default is authorization"; + min_length: 1; max_length: 200; } ]; @@ -7770,7 +10812,11 @@ message AddOrgJWTIDPRequest { message AddOrgJWTIDPResponse { zitadel.v1.ObjectDetails details = 1; - string idp_id = 2; + string idp_id = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69234230193872955\""; + } + ]; } message DeactivateOrgIDPRequest { @@ -7800,8 +10846,11 @@ message UpdateOrgIDPRequest { string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string name = 2 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"google\""; + min_length: 1; + max_length: 200; } ]; zitadel.idp.v1.IDPStylingType styling_type = 3 [ @@ -7827,8 +10876,11 @@ message UpdateOrgIDPOIDCConfigRequest { string client_id = 2 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { description: "client id generated by the identity provider"; + min_length: 1; + max_length: 200; } ]; string client_secret = 3 [ @@ -7839,9 +10891,12 @@ message UpdateOrgIDPOIDCConfigRequest { ]; string issuer = 4 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"https://accounts.google.com\""; description: "the OIDC issuer of the identity provider"; + min_length: 1; + max_length: 200; } ]; repeated string scopes = 5 [ @@ -7878,6 +10933,7 @@ message UpdateOrgIDPJWTConfigRequest { ]; string jwt_endpoint = 2 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"https://accounts.google.com\""; description: "the endpoint where the JWT can be extracted"; @@ -7887,6 +10943,7 @@ message UpdateOrgIDPJWTConfigRequest { ]; string issuer = 3 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"https://accounts.google.com\""; description: "the issuer of the JWT (for validation)"; @@ -7896,6 +10953,7 @@ message UpdateOrgIDPJWTConfigRequest { ]; string keys_endpoint = 4 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"https://accounts.google.com/keys\""; description: "the endpoint to the key (JWK) which is used to sign the JWT with"; @@ -7905,6 +10963,7 @@ message UpdateOrgIDPJWTConfigRequest { ]; string header_name = 5 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"x-auth-token\""; description: "the name of the header where the JWT is sent in, default is authorization"; @@ -8137,15 +11196,22 @@ message ListActionsResponse { message CreateActionRequest { string name = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { example: "\"log context\""; + min_length: 1; + max_length: 200; } ]; string script = 2 [ (validate.rules).string = {min_len: 1, max_len: 2000}, - (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"function log(context, calls){console.log(context)}\""; - } + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"function log(context, calls){console.log(context)}\""; + description: "Javascript code that should be executed" + min_length: 1; + max_length: 2000; + } ]; google.protobuf.Duration timeout = 3 [ (validate.rules).duration = {gte: {}, lte: {seconds: 20}}, diff --git a/proto/zitadel/member.proto b/proto/zitadel/member.proto index 3831c70526..82e99c23fa 100644 --- a/proto/zitadel/member.proto +++ b/proto/zitadel/member.proto @@ -23,13 +23,13 @@ message Member { ]; string preferred_login_name = 4 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"gigi@caos.ch\""; + example: "\"gigi@zitadel.com\""; description: "preferred login name of the user" } ]; string email = 5 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"gigi@caos.ch\""; + example: "\"gigi@zitadel.com\""; description: "preferred login name of the user" } ]; @@ -108,7 +108,7 @@ message EmailQuery { (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)" max_length: 200; - example: "\"gigi@caos.ch\""; + example: "\"gigi@zitadel.com\""; } ]; zitadel.v1.TextQueryMethod method = 2 [ diff --git a/proto/zitadel/policy.proto b/proto/zitadel/policy.proto index 7a689606d9..c7d87d092c 100644 --- a/proto/zitadel/policy.proto +++ b/proto/zitadel/policy.proto @@ -316,7 +316,7 @@ message LockoutPolicy { zitadel.v1.ObjectDetails details = 1; uint64 max_password_attempts = 2 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correctly or the password is reset." + description: "Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correctly or the password is reset. If set to 0 the account will never be locked." example: "\"10\"" } ]; @@ -350,5 +350,9 @@ message PrivacyPolicy { message NotificationPolicy { zitadel.v1.ObjectDetails details = 1; bool is_default = 2; - bool password_change = 3; + bool password_change = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "If set to true the users will get a notification whenever their password has been changed."; + } + ]; } diff --git a/proto/zitadel/project.proto b/proto/zitadel/project.proto index c1c5f3f3ff..e050ba3dfa 100644 --- a/proto/zitadel/project.proto +++ b/proto/zitadel/project.proto @@ -17,7 +17,7 @@ message Project { zitadel.v1.ObjectDetails details = 2; string name = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"ZITADEL\"" + example: "\"MyProject\"" } ]; ProjectState state = 4 [ @@ -79,7 +79,7 @@ message GrantedProject { ]; string project_owner_name = 9 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - example: "\"CAOS AG\"" + example: "\"ZITADEL\"" } ];