mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-07 08:07:46 +00:00
docs: standardize multi-factor spelling and related string updates (#8752)
Some checks are pending
Code Scanning / CodeQL-Build (javascript) (push) Waiting to run
ZITADEL CI/CD / core (push) Waiting to run
ZITADEL CI/CD / console (push) Waiting to run
ZITADEL CI/CD / version (push) Waiting to run
ZITADEL CI/CD / compile (push) Blocked by required conditions
ZITADEL CI/CD / core-unit-test (push) Blocked by required conditions
ZITADEL CI/CD / core-integration-test (push) Blocked by required conditions
ZITADEL CI/CD / lint (push) Blocked by required conditions
ZITADEL CI/CD / container (push) Blocked by required conditions
ZITADEL CI/CD / e2e (push) Blocked by required conditions
ZITADEL CI/CD / release (push) Blocked by required conditions
Code Scanning / CodeQL-Build (go) (push) Waiting to run
Some checks are pending
Code Scanning / CodeQL-Build (javascript) (push) Waiting to run
ZITADEL CI/CD / core (push) Waiting to run
ZITADEL CI/CD / console (push) Waiting to run
ZITADEL CI/CD / version (push) Waiting to run
ZITADEL CI/CD / compile (push) Blocked by required conditions
ZITADEL CI/CD / core-unit-test (push) Blocked by required conditions
ZITADEL CI/CD / core-integration-test (push) Blocked by required conditions
ZITADEL CI/CD / lint (push) Blocked by required conditions
ZITADEL CI/CD / container (push) Blocked by required conditions
ZITADEL CI/CD / e2e (push) Blocked by required conditions
ZITADEL CI/CD / release (push) Blocked by required conditions
Code Scanning / CodeQL-Build (go) (push) Waiting to run
- **docs: s/Secondfactor/Second factor/** - **docs: s/IDP/IdP/** - **docs: s/Hardwaretokens/Hardware tokens/** - **docs: standardize multi-factor vs multi factor vs multifactor** # Which Problems Are Solved - English strings are improved # How the Problems Are Solved - With better strings --------- Co-authored-by: Fabi <fabienne@zitadel.com>
This commit is contained in:
parent
79fb4cc1cc
commit
70449caafb
@ -189,7 +189,7 @@
|
||||
[title]="'DESCRIPTIONS.SETTINGS.LOGIN.LIFETIMES.MULTI_FACTOR_CHECK.TITLE' | translate"
|
||||
[description]="'DESCRIPTIONS.SETTINGS.LOGIN.LIFETIMES.MULTI_FACTOR_CHECK.DESCRIPTION' | translate"
|
||||
>
|
||||
<cnsl-form-field class="lifetime-form-field" label="Multi Factor Check Lifetime" required="true">
|
||||
<cnsl-form-field class="lifetime-form-field" label="Multi-factor Check Lifetime" required="true">
|
||||
<cnsl-label>{{ 'DESCRIPTIONS.SETTINGS.LOGIN.LIFETIMES.LABEL' | translate }}</cnsl-label>
|
||||
<input cnslInput type="number" name="multiFactorCheckLifetime" formControlName="multiFactorCheckLifetime" />
|
||||
</cnsl-form-field>
|
||||
|
@ -773,9 +773,9 @@
|
||||
"IDPNAME": "IDP Name",
|
||||
"USERDISPLAYNAME": "External Name",
|
||||
"EXTERNALUSERID": "External User ID",
|
||||
"EMPTY": "No external IDP found",
|
||||
"EMPTY": "No external IdP found",
|
||||
"DIALOG": {
|
||||
"DELETE_TITLE": "Remove IDP",
|
||||
"DELETE_TITLE": "Remove IdP",
|
||||
"DELETE_DESCRIPTION": "You are about to delete an Identity Provider from a user. Do you really want to continue?"
|
||||
}
|
||||
},
|
||||
@ -1691,7 +1691,7 @@
|
||||
"username": "Username",
|
||||
"tempUsername": "Temp username",
|
||||
"otp": "One-time password",
|
||||
"verifyUrl": "Verify One-time-password URL",
|
||||
"verifyUrl": "Verify One-time password URL",
|
||||
"expiry": "Expiry",
|
||||
"applicationName": "Application name"
|
||||
},
|
||||
@ -2154,7 +2154,7 @@
|
||||
"PREFERREDLANGUAGEATTRIBUTE": "Preferred language attribute",
|
||||
"PREFERREDUSERNAMEATTRIBUTE": "Preferred username attribute",
|
||||
"PROFILEATTRIBUTE": "Profile attribute",
|
||||
"IDPDISPLAYNAMMAPPING": "IDP Display Name Mapping",
|
||||
"IDPDISPLAYNAMMAPPING": "IdP Display Name Mapping",
|
||||
"USERNAMEMAPPING": "Username Mapping",
|
||||
"DATES": "Dates",
|
||||
"CREATIONDATE": "Created At",
|
||||
@ -2162,13 +2162,13 @@
|
||||
"DEACTIVATE": "Deactivate",
|
||||
"ACTIVATE": "Activate",
|
||||
"DELETE": "Delete",
|
||||
"DELETE_TITLE": "Delete IDP",
|
||||
"DELETE_TITLE": "Delete IdP",
|
||||
"DELETE_DESCRIPTION": "You are about to delete an identity provider. The resulting changes are irrevocable. Do you really want to do this?",
|
||||
"REMOVE_WARN_TITLE": "Remove IDP",
|
||||
"REMOVE_WARN_DESCRIPTION": "You are about to remove an identity provider. This will remove the selection of the available IDP for your users and already registered users won't be able to login again. Are you sure to continue?",
|
||||
"DELETE_SELECTION_TITLE": "Delete IDP",
|
||||
"REMOVE_WARN_TITLE": "Remove IdP",
|
||||
"REMOVE_WARN_DESCRIPTION": "You are about to remove an identity provider. This will remove the selection of the available IdP for your users and already registered users won't be able to login again. Are you sure to continue?",
|
||||
"DELETE_SELECTION_TITLE": "Delete IdP",
|
||||
"DELETE_SELECTION_DESCRIPTION": "You are about to delete an identity provider. The resulting changes are irrevocable. Do you really want to do this?",
|
||||
"EMPTY": "No IDP available",
|
||||
"EMPTY": "No IdP available",
|
||||
"OIDC": {
|
||||
"GENERAL": "General Information",
|
||||
"TITLE": "OIDC Configuration",
|
||||
|
@ -92,7 +92,7 @@ Some secrets cannot be hashed because they need to be used in their raw form. Th
|
||||
|
||||
- Federation
|
||||
- Client Secrets of Identity Providers (IdPs)
|
||||
- Multi Factor Authentication
|
||||
- Multi-factor Authentication
|
||||
- TOTP Seed Values
|
||||
- Validation Secrets
|
||||
- Verifying contact information like eMail, Phonenumbers
|
||||
|
@ -14,7 +14,7 @@ curl --request GET \
|
||||
```
|
||||
|
||||
Response Example:
|
||||
The relevant part for the list is the second factor and multi factor list.
|
||||
The relevant part for the list is the second factor and multi-factor list.
|
||||
|
||||
```bash
|
||||
{
|
||||
|
@ -30,7 +30,7 @@ ZITADEL supports different Methods:
|
||||
|
||||
### Start TOTP Registration
|
||||
|
||||
The user has selected to setup Time-based One-Time-Password (TOTP).
|
||||
The user has selected to setup Time-based One-Time Password (TOTP).
|
||||
To show the user the QR to register TOTP with his Authenticator App like Google/Microsoft Authenticator or Authy you have to start the registration on the ZITADEL API.
|
||||
Generate the QR Code with the URI from the response.
|
||||
For users that do not have a QR Code reader make sure to also show the secret, to enable manual configuration.
|
||||
@ -485,7 +485,7 @@ You have successfully registered a new U2F to the user.
|
||||
|
||||
### Check User
|
||||
|
||||
To be able to check the Universal-Second-Factor (U2F) you need a user check and a webAuthN challenge.
|
||||
To be able to check the Universal Second Factor (U2F) you need a user check and a webAuthN challenge.
|
||||
In the creat session request you can check for the user and directly initiate the webAuthN challenge.
|
||||
|
||||
For U2F you can choose between "USER_VERIFICATION_REQUIREMENT_PREFERRED" and "USER_VERIFICATION_REQUIREMENT_DISCOURAGED" for the challenge.
|
||||
|
@ -139,10 +139,10 @@ curl --request POST \
|
||||
|
||||
The following example shows you how you could use the events search to find out the failed login attempts of your users.
|
||||
You have to include all the event types that tell you that a login attempt has failed.
|
||||
In this case this are the following events:
|
||||
In this case these are the following events:
|
||||
- Password verification failed
|
||||
- One-time-password (OTP) check failed (Authenticator Apps like Authy, Google Authenticator, etc)
|
||||
- Universal-Second-Factor (U2F) check failed (FaceID, WindowsHello, FingerPrint, etc)
|
||||
- One-time password (OTP) check failed (Authenticator Apps like Authy, Google Authenticator, etc)
|
||||
- Universal Second Factor (U2F) check failed (FaceID, WindowsHello, FingerPrint, etc)
|
||||
- Passwordless/Passkey check failed (FaceID, WindowsHello, FingerPrint, etc)
|
||||
|
||||
```bash
|
||||
|
@ -195,9 +195,9 @@ Configure the different lifetimes checks for the login process:
|
||||
|
||||
- **Password Check Lifetime** specifies after which period a user has to reenter his password during the login process
|
||||
- **External Login Check Lifetime** specifies after which period a user will be redirected to the IDP during the login process
|
||||
- **Multifactor Init Lifetime** specifies after which period a user will be prompted to setup a 2-Factor / Multi Factor during the login process (value 0 will deactivate the prompt)
|
||||
- **Multi-factor Init Lifetime** specifies after which period a user will be prompted to setup a 2-Factor / Multi-factor during the login process (value 0 will deactivate the prompt)
|
||||
- **Second Factor Check Lifetime** specifies after which period a user has to revalidate the 2-Factor during the login process
|
||||
- **Multifactor Login Check Lifetime** specifies after which period a user has to revalidate the Multi Factor during the login process
|
||||
- **Multi-factor Login Check Lifetime** specifies after which period a user has to revalidate the Multi-factor during the login process
|
||||
|
||||
## Identity Providers
|
||||
|
||||
|
@ -16,7 +16,7 @@ The following scripts don't include:
|
||||
- Global policies
|
||||
- IAM members
|
||||
- Global IDPs
|
||||
- Global second/multi factors
|
||||
- Global second factor / multi-factors
|
||||
- Machine keys
|
||||
- Personal Access Tokens
|
||||
- Application keys
|
||||
|
@ -173,7 +173,7 @@ In case the hashes can't be transferred directly, you always have the option to
|
||||
If your legacy system receives the passwords in clear text (eg, login form) you could also directly create users via ZITADEL API.
|
||||
We will explain this pattern in more detail in this guide.
|
||||
|
||||
### One-time-passwords (OTP)
|
||||
### One-time passwords (OTP)
|
||||
|
||||
You can pass the OTP secret when creating users:
|
||||
|
||||
|
@ -46,7 +46,7 @@ type Server struct {
|
||||
}
|
||||
|
||||
func endpoints(endpointConfig *EndpointConfig) op.Endpoints {
|
||||
// some defaults. The new Server will disable enpoints that are nil.
|
||||
// some defaults. The new Server will disable endpoints that are nil.
|
||||
endpoints := op.Endpoints{
|
||||
Authorization: op.NewEndpoint("/oauth/v2/authorize"),
|
||||
Token: op.NewEndpoint("/oauth/v2/token"),
|
||||
|
@ -173,7 +173,7 @@ func (repo *TokenVerifierRepo) verifySessionToken(ctx context.Context, sessionID
|
||||
}
|
||||
|
||||
// checkAuthentication ensures the session or token was authenticated (at least a single [domain.UserAuthMethodType]).
|
||||
// It will also check if there was a multi factor authentication, if either MFA is forced by the login policy or if the user has set up any second factor
|
||||
// It will also check if there was a multi-factor authentication, if either MFA is forced by the login policy or if the user has set up any second factor
|
||||
func (repo *TokenVerifierRepo) checkAuthentication(ctx context.Context, authMethods []domain.UserAuthMethodType, userID string) error {
|
||||
if len(authMethods) == 0 {
|
||||
return zerrors.ThrowPermissionDenied(nil, "AUTHZ-Kl3p0", "authentication required")
|
||||
|
@ -1469,7 +1469,7 @@ func Test_userNotifier_reduceOTPSMSChallenged(t *testing.T) {
|
||||
givenTemplate := "{{.LogoURL}}"
|
||||
testCode := ""
|
||||
expiry := 0 * time.Hour
|
||||
expectContent := fmt.Sprintf(`%[1]s is your one-time-password for %[2]s. Use it within the next %[3]s.
|
||||
expectContent := fmt.Sprintf(`%[1]s is your one-time password for %[2]s. Use it within the next %[3]s.
|
||||
@%[2]s #%[1]s`, testCode, eventOriginDomain, expiry)
|
||||
w.messageSMS = &messages.SMS{
|
||||
SenderPhoneNumber: "senderNumber",
|
||||
@ -1506,7 +1506,7 @@ func Test_userNotifier_reduceOTPSMSChallenged(t *testing.T) {
|
||||
givenTemplate := "{{.LogoURL}}"
|
||||
testCode := ""
|
||||
expiry := 0 * time.Hour
|
||||
expectContent := fmt.Sprintf(`%[1]s is your one-time-password for %[2]s. Use it within the next %[3]s.
|
||||
expectContent := fmt.Sprintf(`%[1]s is your one-time password for %[2]s. Use it within the next %[3]s.
|
||||
@%[2]s #%[1]s`, testCode, instancePrimaryDomain, expiry)
|
||||
w.messageSMS = &messages.SMS{
|
||||
SenderPhoneNumber: "senderNumber",
|
||||
|
@ -35,7 +35,7 @@ VerifyEmailOTP:
|
||||
ButtonText: Authenticate
|
||||
VerifySMSOTP:
|
||||
Text: >-
|
||||
{{.OTP}} is your one-time-password for {{ .Domain }}. Use it within the next {{.Expiry}}.
|
||||
{{.OTP}} is your one-time password for {{ .Domain }}. Use it within the next {{.Expiry}}.
|
||||
|
||||
@{{.Domain}} #{{.OTP}}
|
||||
DomainClaimed:
|
||||
|
@ -938,8 +938,8 @@ EventTypes:
|
||||
added: Second factor added to Login Policy
|
||||
removed: Second factor removed from Login Policy
|
||||
multifactor:
|
||||
added: Multi factor added to Login Policy
|
||||
removed: Multi factor removed from Login Policy
|
||||
added: Multi-factor added to Login Policy
|
||||
removed: Multi-factor removed from Login Policy
|
||||
password:
|
||||
complexity:
|
||||
added: Password complexity policy added
|
||||
|
@ -937,8 +937,8 @@ EventTypes:
|
||||
added: Doble factor añadido a la política de inicio de sesión
|
||||
removed: Doble factor eliminado de la política de inicio de sesión
|
||||
multifactor:
|
||||
added: Multi factor añadido a la política de inicio de sesión
|
||||
removed: Multi factor eliminado de la política de inicio de sesión
|
||||
added: Multi-factor añadido a la política de inicio de sesión
|
||||
removed: Multi-factor eliminado de la política de inicio de sesión
|
||||
password:
|
||||
complexity:
|
||||
added: Política de complejidad de la contraseña añadida
|
||||
|
@ -2827,7 +2827,7 @@ service AdminService {
|
||||
responses: {
|
||||
key: "400";
|
||||
value: {
|
||||
description: "invalid second-factor type";
|
||||
description: "invalid second factor type";
|
||||
schema: {
|
||||
json_schema: {
|
||||
ref: "#/definitions/rpcStatus";
|
||||
@ -2862,7 +2862,7 @@ service AdminService {
|
||||
responses: {
|
||||
key: "400";
|
||||
value: {
|
||||
description: "Invalid second-factor type";
|
||||
description: "Invalid second factor type";
|
||||
schema: {
|
||||
json_schema: {
|
||||
ref: "#/definitions/rpcStatus";
|
||||
@ -2886,12 +2886,12 @@ service AdminService {
|
||||
tags: "Settings";
|
||||
tags: "Login Settings";
|
||||
tags: "Authentication Methods"
|
||||
summary: "List Multi Factors (MFA)";
|
||||
description: "Returns a list of multi factors (MFA) configured on the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multifactor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
||||
summary: "List Multi-factors (MFA)";
|
||||
description: "Returns a list of multi-factors (MFA) configured on the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multifactor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
||||
responses: {
|
||||
key: "200";
|
||||
value: {
|
||||
description: "multi factors of default login policy";
|
||||
description: "multi-factors of default login policy";
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -2946,7 +2946,7 @@ service AdminService {
|
||||
tags: "Settings";
|
||||
tags: "Login Settings";
|
||||
tags: "Authentication Methods"
|
||||
summary: "Remove Multi Factor (MFA)";
|
||||
summary: "Remove Multi-factor (MFA)";
|
||||
description: "Remove a multi-factor (MFA) from the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
||||
responses: {
|
||||
key: "200";
|
||||
|
@ -597,7 +597,7 @@ service AuthService {
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "List Authentication Factors";
|
||||
description: "Returns a list of possible authentication factors, multi-factor (MFA), second-factor (2FA)"
|
||||
description: "Returns a list of possible authentication factors, multi-factor (MFA), second factor (2FA)"
|
||||
};
|
||||
}
|
||||
|
||||
@ -612,8 +612,8 @@ service AuthService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Add One-Time-Password (OTP)";
|
||||
description: "Add a new One-Time-Password (OTP) factor to the authenticated user. OTP is an authenticator app like Google/Microsoft Authenticator, Authy, etc. Only one OTP per user is allowed. After adding a new OTP it has to be verified."
|
||||
summary: "Add One-Time Password (OTP)";
|
||||
description: "Add a new One-Time Password (OTP) factor to the authenticated user. OTP is an authenticator app like Google/Microsoft Authenticator, Authy, etc. Only one OTP per user is allowed. After adding a new OTP it has to be verified."
|
||||
};
|
||||
}
|
||||
|
||||
@ -629,8 +629,8 @@ service AuthService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Verify One-Time-Password (OTP)";
|
||||
description: "Verify the last added One-Time-Password (OTP) factor of the authenticated user. OTP is an authenticator app like Google/Microsoft Authenticator, Authy, etc. Only one OTP per user is allowed."
|
||||
summary: "Verify One-Time Password (OTP)";
|
||||
description: "Verify the last added One-Time Password (OTP) factor of the authenticated user. OTP is an authenticator app like Google/Microsoft Authenticator, Authy, etc. Only one OTP per user is allowed."
|
||||
};
|
||||
}
|
||||
|
||||
@ -645,8 +645,8 @@ service AuthService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Remove One-Time-Password (OTP)";
|
||||
description: "Remove the configured One-Time-Password (OTP) factor of the authenticated user. OTP is an authenticator app like Google/Microsoft Authenticator, Authy, etc. As only one OTP per user is allowed, the user will not have OTP as a second-factor afterward."
|
||||
summary: "Remove One-Time Password (OTP)";
|
||||
description: "Remove the configured One-Time Password (OTP) factor of the authenticated user. OTP is an authenticator app like Google/Microsoft Authenticator, Authy, etc. As only one OTP per user is allowed, the user will not have OTP as a second factor afterward."
|
||||
};
|
||||
}
|
||||
|
||||
@ -661,8 +661,8 @@ service AuthService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Add One-Time-Password (OTP) SMS";
|
||||
description: "Add a new One-Time-Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor."
|
||||
summary: "Add One-Time Password (OTP) SMS";
|
||||
description: "Add a new One-Time Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor."
|
||||
};
|
||||
}
|
||||
|
||||
@ -677,8 +677,8 @@ service AuthService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Remove One-Time-Password (OTP) SMS";
|
||||
description: "Remove the configured One-Time-Password (OTP) SMS factor of the authenticated user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward."
|
||||
summary: "Remove One-Time Password (OTP) SMS";
|
||||
description: "Remove the configured One-Time Password (OTP) SMS factor of the authenticated user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second factor afterward."
|
||||
};
|
||||
}
|
||||
|
||||
@ -693,8 +693,8 @@ service AuthService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Add One-Time-Password (OTP) Email";
|
||||
description: "Add a new One-Time-Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor."
|
||||
summary: "Add One-Time Password (OTP) Email";
|
||||
description: "Add a new One-Time Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor."
|
||||
};
|
||||
}
|
||||
|
||||
@ -709,8 +709,8 @@ service AuthService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Remove One-Time-Password (OTP) Email";
|
||||
description: "Remove the configured One-Time-Password (OTP) Email factor of the authenticated user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward."
|
||||
summary: "Remove One-Time Password (OTP) Email";
|
||||
description: "Remove the configured One-Time Password (OTP) Email factor of the authenticated user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second factor afterward."
|
||||
};
|
||||
}
|
||||
|
||||
@ -726,7 +726,7 @@ service AuthService {
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Add Universal Second Factor (U2F)";
|
||||
description: "Add a new Universal-Second-Factor (U2F) to the authenticated user. U2F is a device-dependent authentication like FingerScan, FaceID, WindowHello, etc. The factor has to be verified after adding. Multiple factors can be added."
|
||||
description: "Add a new Universal Second Factor (U2F) to the authenticated user. U2F is a device-dependent authentication like FingerScan, FaceID, WindowHello, etc. The factor has to be verified after adding. Multiple factors can be added."
|
||||
};
|
||||
}
|
||||
|
||||
@ -743,7 +743,7 @@ service AuthService {
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Add Universal Second Factor (U2F)";
|
||||
description: "Verify the last added new Universal-Second-Factor (U2F) to the authenticated user."
|
||||
description: "Verify the last added new Universal Second Factor (U2F) to the authenticated user."
|
||||
};
|
||||
}
|
||||
|
||||
@ -759,7 +759,7 @@ service AuthService {
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
tags: "User Authentication Factor"
|
||||
summary: "Remove Universal Second Factor (U2F)";
|
||||
description: "Remove a specific Universal-Second-Factor (U2F) from the authenticated user by sending the id."
|
||||
description: "Remove a specific Universal Second Factor (U2F) from the authenticated user by sending the id."
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -1345,7 +1345,7 @@ service ManagementService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
summary: "Get User Authentication Factors (2FA/MFA)";
|
||||
description: "Get a list of authentication factors the user has set. Including Second-Factors (2FA) and Multi-Factors (MFA).\n\nDeprecated: please use user service v2 ListAuthenticationMethodTypes"
|
||||
description: "Get a list of authentication factors the user has set. Including Second Factors (2FA) and Multi-Factors (MFA).\n\nDeprecated: please use user service v2 ListAuthenticationMethodTypes"
|
||||
tags: "Users";
|
||||
tags: "User Human";
|
||||
deprecated: true;
|
||||
@ -1378,7 +1378,7 @@ service ManagementService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
summary: "Remove Multi-Factor OTP";
|
||||
description: "Remove the configured One-Time-Password (OTP) as a factor from the user. OTP is an authentication app, like Authy or Google/Microsoft Authenticator.\n\nDeprecated: please use user service v2 RemoveTOTP"
|
||||
description: "Remove the configured One-Time Password (OTP) as a factor from the user. OTP is an authentication app, like Authy or Google/Microsoft Authenticator.\n\nDeprecated: please use user service v2 RemoveTOTP"
|
||||
tags: "Users";
|
||||
tags: "User Human";
|
||||
deprecated: true;
|
||||
@ -1412,7 +1412,7 @@ service ManagementService {
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
summary: "Remove Multi-Factor U2F";
|
||||
deprecated: true;
|
||||
description: "Remove the configured Universal-Second-Factor (U2F) as a factor from the user. U2F is a device-dependent factor like FingerPrint, Windows-Hello, etc.\n\nDeprecated: please use user service v2 RemoveU2F"
|
||||
description: "Remove the configured Universal Second Factor (U2F) as a factor from the user. U2F is a device-dependent factor like FingerPrint, Windows-Hello, etc.\n\nDeprecated: please use user service v2 RemoveU2F"
|
||||
tags: "Users";
|
||||
tags: "User Human";
|
||||
responses: {
|
||||
@ -1444,7 +1444,7 @@ service ManagementService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
summary: "Remove Multi-Factor OTP SMS";
|
||||
description: "Remove the configured One-Time-Password (OTP) SMS as a factor from the user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward.\n\nDeprecated: please use user service v2 RemoveOTPSMS"
|
||||
description: "Remove the configured One-Time Password (OTP) SMS as a factor from the user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second factor afterward.\n\nDeprecated: please use user service v2 RemoveOTPSMS"
|
||||
tags: "Users";
|
||||
tags: "User Human";
|
||||
deprecated: true;
|
||||
@ -1477,7 +1477,7 @@ service ManagementService {
|
||||
|
||||
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
||||
summary: "Remove Multi-Factor OTP SMS";
|
||||
description: "Remove the configured One-Time-Password (OTP) Email as a factor from the user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward.\n\nDeprecated: please use user service v2 RemoveOTPEmail"
|
||||
description: "Remove the configured One-Time Password (OTP) Email as a factor from the user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second factor afterward.\n\nDeprecated: please use user service v2 RemoveOTPEmail"
|
||||
tags: "Users";
|
||||
tags: "User Human";
|
||||
deprecated: true;
|
||||
@ -4618,8 +4618,8 @@ service ManagementService {
|
||||
tags: "Settings";
|
||||
tags: "Login Settings";
|
||||
tags: "Authentication Methods"
|
||||
summary: "List Multi Factors (MFA)";
|
||||
description: "Returns a list of multi factors (MFA) configured on the login settings of the organization. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multifactor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
||||
summary: "List Multi-factors (MFA)";
|
||||
description: "Returns a list of multi-factors (MFA) configured on the login settings of the organization. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multifactor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
||||
parameters: {
|
||||
headers: {
|
||||
name: "x-zitadel-orgid";
|
||||
@ -4671,7 +4671,7 @@ service ManagementService {
|
||||
tags: "Settings";
|
||||
tags: "Login Settings";
|
||||
tags: "Authentication Methods"
|
||||
summary: "Remove Multi Factor (MFA)";
|
||||
summary: "Remove Multi-factor (MFA)";
|
||||
description: "Remove a multi-factor (MFA) from the login settings of the organization. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
||||
parameters: {
|
||||
headers: {
|
||||
|
@ -18,12 +18,12 @@ message Authenticators {
|
||||
Password password = 2;
|
||||
// Meta information about the user's WebAuthN authenticators.
|
||||
repeated WebAuthN web_auth_n = 3;
|
||||
// A list of the user's time-based one-time-password (TOTP) authenticators,
|
||||
// A list of the user's time-based one-time password (TOTP) authenticators,
|
||||
// incl. the name for identification.
|
||||
repeated TOTP totps = 4;
|
||||
// A list of the user's one-time-password (OTP) SMS authenticators.
|
||||
// A list of the user's one-time password (OTP) SMS authenticators.
|
||||
repeated OTPSMS otp_sms = 5;
|
||||
// A list of the user's one-time-password (OTP) Email authenticators.
|
||||
// A list of the user's one-time password (OTP) Email authenticators.
|
||||
repeated OTPEmail otp_email = 6;
|
||||
// A list of the user's authentication keys. They can be used to authenticate e.g. by JWT Profile.
|
||||
repeated AuthenticationKey authentication_keys = 7;
|
||||
@ -100,7 +100,7 @@ message WebAuthN {
|
||||
// State whether the WebAuthN registration has been completed.
|
||||
bool is_verified = 3;
|
||||
// States if the user has been verified during the registration. Authentication with this device
|
||||
// will be considered as multi factor authentication (MFA) without the need to check a password
|
||||
// will be considered as multi-factor authentication (MFA) without the need to check a password
|
||||
// (typically known as Passkeys).
|
||||
// Without user verification it will be a second factor authentication (2FA), typically done
|
||||
// after a password check.
|
||||
@ -154,7 +154,7 @@ message VerifyWebAuthNRegistration {
|
||||
}
|
||||
|
||||
message OTPSMS {
|
||||
// unique identifier of the one-time-password (OTP) SMS authenticator.
|
||||
// unique identifier of the one-time password (OTP) SMS authenticator.
|
||||
string otp_sms_id = 1 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
example: "\"69629023906488334\""
|
||||
@ -171,7 +171,7 @@ message OTPSMS {
|
||||
}
|
||||
|
||||
message OTPEmail {
|
||||
// unique identifier of the one-time-password (OTP) Email authenticator.
|
||||
// unique identifier of the one-time password (OTP) Email authenticator.
|
||||
string otp_email_id = 1 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
example: "\"69629023906488334\""
|
||||
@ -188,7 +188,7 @@ message OTPEmail {
|
||||
}
|
||||
|
||||
message TOTP {
|
||||
// unique identifier of the time-based one-time-password (TOTP) authenticator.
|
||||
// unique identifier of the time-based one-time password (TOTP) authenticator.
|
||||
string totp_id = 1 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
example: "\"69629023906488334\""
|
||||
|
@ -719,7 +719,7 @@ service ZITADELUsers {
|
||||
|
||||
// Start a TOTP registration
|
||||
//
|
||||
// Start the registration of a new time-based one-time-password (TOTP) generator for a user.
|
||||
// Start the registration of a new time-based one-time password (TOTP) generator for a user.
|
||||
// As a response a secret is returned, which is used to initialize a TOTP app or device.
|
||||
rpc StartTOTPRegistration (StartTOTPRegistrationRequest) returns (StartTOTPRegistrationResponse) {
|
||||
option (google.api.http) = {
|
||||
@ -743,7 +743,7 @@ service ZITADELUsers {
|
||||
|
||||
// Verify a TOTP registration
|
||||
//
|
||||
// Verify the time-based one-time-password (TOTP) registration with the generated code.
|
||||
// Verify the time-based one-time password (TOTP) registration with the generated code.
|
||||
rpc VerifyTOTPRegistration (VerifyTOTPRegistrationRequest) returns (VerifyTOTPRegistrationResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/resources/v3alpha/users/{id}/totp/{totp_id}/_verify"
|
||||
@ -767,7 +767,7 @@ service ZITADELUsers {
|
||||
|
||||
// Remove a TOTP authenticator
|
||||
//
|
||||
// Remove an existing time-based one-time-password (TOTP) authenticator from a user, so it cannot be used for authentication anymore.
|
||||
// Remove an existing time-based one-time password (TOTP) authenticator from a user, so it cannot be used for authentication anymore.
|
||||
rpc RemoveTOTPAuthenticator (RemoveTOTPAuthenticatorRequest) returns (RemoveTOTPAuthenticatorResponse) {
|
||||
option (google.api.http) = {
|
||||
delete: "/resources/v3alpha/users/{id}/totp/{totp_id}"
|
||||
@ -790,7 +790,7 @@ service ZITADELUsers {
|
||||
|
||||
// Add a OTP SMS authenticator
|
||||
//
|
||||
// Add a new one-time-password (OTP) SMS authenticator to a user.
|
||||
// Add a new one-time password (OTP) SMS authenticator to a user.
|
||||
// If the phone is not passed as verified, a verification code will be generated,
|
||||
// which can be either returned or will be sent to the user by SMS.
|
||||
rpc AddOTPSMSAuthenticator (AddOTPSMSAuthenticatorRequest) returns (AddOTPSMSAuthenticatorResponse) {
|
||||
@ -841,7 +841,7 @@ service ZITADELUsers {
|
||||
|
||||
// Remove a OTP SMS authenticator
|
||||
//
|
||||
// Remove an existing one-time-password (OTP) SMS authenticator from a user, so it cannot be used for authentication anymore.
|
||||
// Remove an existing one-time password (OTP) SMS authenticator from a user, so it cannot be used for authentication anymore.
|
||||
rpc RemoveOTPSMSAuthenticator (RemoveOTPSMSAuthenticatorRequest) returns (RemoveOTPSMSAuthenticatorResponse) {
|
||||
option (google.api.http) = {
|
||||
delete: "/resources/v3alpha/users/{id}/otp_sms/{otp_sms_id}"
|
||||
@ -864,7 +864,7 @@ service ZITADELUsers {
|
||||
|
||||
// Add a OTP Email authenticator
|
||||
//
|
||||
// Add a new one-time-password (OTP) Email authenticator to a user.
|
||||
// Add a new one-time password (OTP) Email authenticator to a user.
|
||||
// If the email is not passed as verified, a verification code will be generated,
|
||||
// which can be either returned or will be sent to the user by email.
|
||||
rpc AddOTPEmailAuthenticator (AddOTPEmailAuthenticatorRequest) returns (AddOTPEmailAuthenticatorResponse) {
|
||||
@ -915,7 +915,7 @@ service ZITADELUsers {
|
||||
|
||||
// Remove a OTP Email authenticator
|
||||
//
|
||||
// Remove an existing one-time-password (OTP) Email authenticator from a user, so it cannot be used for authentication anymore.
|
||||
// Remove an existing one-time password (OTP) Email authenticator from a user, so it cannot be used for authentication anymore.
|
||||
rpc RemoveOTPEmailAuthenticator (RemoveOTPEmailAuthenticatorRequest) returns (RemoveOTPEmailAuthenticatorResponse) {
|
||||
option (google.api.http) = {
|
||||
delete: "/resources/v3alpha/users/{id}/otp_email/{otp_email_id}"
|
||||
|
@ -70,7 +70,7 @@ message LoginSettings {
|
||||
];
|
||||
google.protobuf.Duration second_factor_check_lifetime = 12 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "Defines after how long the second-factor check is valid.";
|
||||
description: "Defines after how long the second factor check is valid.";
|
||||
example: "\"64800s\"";
|
||||
}
|
||||
];
|
||||
|
@ -70,7 +70,7 @@ message LoginSettings {
|
||||
];
|
||||
google.protobuf.Duration second_factor_check_lifetime = 12 [
|
||||
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||
description: "Defines after how long the second-factor check is valid.";
|
||||
description: "Defines after how long the second factor check is valid.";
|
||||
example: "\"64800s\"";
|
||||
}
|
||||
];
|
||||
|
@ -771,7 +771,7 @@ service UserService {
|
||||
|
||||
// Remove TOTP generator from a user
|
||||
//
|
||||
// Remove the configured TOTP generator of a user. As only one TOTP generator per user is allowed, the user will not have TOTP as a second-factor afterward..
|
||||
// Remove the configured TOTP generator of a user. As only one TOTP generator per user is allowed, the user will not have TOTP as a second factor afterward.
|
||||
rpc RemoveTOTP (RemoveTOTPRequest) returns (RemoveTOTPResponse) {
|
||||
option (google.api.http) = {
|
||||
delete: "/v2/users/{user_id}/totp"
|
||||
@ -794,7 +794,7 @@ service UserService {
|
||||
|
||||
// Add OTP SMS for a user
|
||||
//
|
||||
// Add a new One-Time-Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor..
|
||||
// Add a new One-Time Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor..
|
||||
rpc AddOTPSMS (AddOTPSMSRequest) returns (AddOTPSMSResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/v2/users/{user_id}/otp_sms"
|
||||
@ -816,9 +816,9 @@ service UserService {
|
||||
};
|
||||
}
|
||||
|
||||
// Remove One-Time-Password (OTP) SMS from a user
|
||||
// Remove One-Time Password (OTP) SMS from a user
|
||||
//
|
||||
// Remove the configured One-Time-Password (OTP) SMS factor of a user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward..
|
||||
// Remove the configured One-Time Password (OTP) SMS factor of a user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second factor afterward.
|
||||
rpc RemoveOTPSMS (RemoveOTPSMSRequest) returns (RemoveOTPSMSResponse) {
|
||||
option (google.api.http) = {
|
||||
delete: "/v2/users/{user_id}/otp_sms"
|
||||
@ -841,7 +841,7 @@ service UserService {
|
||||
|
||||
// Add OTP Email for a user
|
||||
//
|
||||
// Add a new One-Time-Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor..
|
||||
// Add a new One-Time Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor..
|
||||
rpc AddOTPEmail (AddOTPEmailRequest) returns (AddOTPEmailResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/v2/users/{user_id}/otp_email"
|
||||
@ -863,9 +863,9 @@ service UserService {
|
||||
};
|
||||
}
|
||||
|
||||
// Remove One-Time-Password (OTP) Email from a user
|
||||
// Remove One-Time Password (OTP) Email from a user
|
||||
//
|
||||
// Remove the configured One-Time-Password (OTP) Email factor of a user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward..
|
||||
// Remove the configured One-Time Password (OTP) Email factor of a user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second factor afterward.
|
||||
rpc RemoveOTPEmail (RemoveOTPEmailRequest) returns (RemoveOTPEmailResponse) {
|
||||
option (google.api.http) = {
|
||||
delete: "/v2/users/{user_id}/otp_email"
|
||||
|
@ -769,7 +769,7 @@ service UserService {
|
||||
|
||||
// Remove TOTP generator from a user
|
||||
//
|
||||
// Remove the configured TOTP generator of a user. As only one TOTP generator per user is allowed, the user will not have TOTP as a second-factor afterward.
|
||||
// Remove the configured TOTP generator of a user. As only one TOTP generator per user is allowed, the user will not have TOTP as a second factor afterward.
|
||||
//
|
||||
// Deprecated: please move to the corresponding endpoint under user service v2 (GA).
|
||||
rpc RemoveTOTP (RemoveTOTPRequest) returns (RemoveTOTPResponse) {
|
||||
@ -795,7 +795,7 @@ service UserService {
|
||||
|
||||
// Add OTP SMS for a user
|
||||
//
|
||||
// Add a new One-Time-Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor.
|
||||
// Add a new One-Time Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor.
|
||||
//
|
||||
// Deprecated: please move to the corresponding endpoint under user service v2 (GA).
|
||||
rpc AddOTPSMS (AddOTPSMSRequest) returns (AddOTPSMSResponse) {
|
||||
@ -820,9 +820,9 @@ service UserService {
|
||||
};
|
||||
}
|
||||
|
||||
// Remove One-Time-Password (OTP) SMS from a user
|
||||
// Remove One-Time Password (OTP) SMS from a user
|
||||
//
|
||||
// Remove the configured One-Time-Password (OTP) SMS factor of a user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward.
|
||||
// Remove the configured One-Time Password (OTP) SMS factor of a user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second factor afterward.
|
||||
//
|
||||
// Deprecated: please move to the corresponding endpoint under user service v2 (GA).
|
||||
rpc RemoveOTPSMS (RemoveOTPSMSRequest) returns (RemoveOTPSMSResponse) {
|
||||
@ -848,7 +848,7 @@ service UserService {
|
||||
|
||||
// Add OTP Email for a user
|
||||
//
|
||||
// Add a new One-Time-Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor.
|
||||
// Add a new One-Time Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor.
|
||||
//
|
||||
// Deprecated: please move to the corresponding endpoint under user service v2 (GA).
|
||||
rpc AddOTPEmail (AddOTPEmailRequest) returns (AddOTPEmailResponse) {
|
||||
@ -873,9 +873,9 @@ service UserService {
|
||||
};
|
||||
}
|
||||
|
||||
// Remove One-Time-Password (OTP) Email from a user
|
||||
// Remove One-Time Password (OTP) Email from a user
|
||||
//
|
||||
// Remove the configured One-Time-Password (OTP) Email factor of a user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward.
|
||||
// Remove the configured One-Time Password (OTP) Email factor of a user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second factor afterward.
|
||||
//
|
||||
// Deprecated: please move to the corresponding endpoint under user service v2 (GA).
|
||||
rpc RemoveOTPEmail (RemoveOTPEmailRequest) returns (RemoveOTPEmailResponse) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user