feat: OIDC setting (#3245)

* feat: add oidc config struct * feat: oidc config command side * feat: oidc configuration query side * feat: add translations * feat: add tests * feat: add translations * feat: rename oidc config to oidc settings * feat: rename oidc config to oidc settings
2025-08-11 19:17:32 +00:00 · 2022-02-25 16:05:06 +01:00
parent f05d4063bf
commit 7d6c933485
57 changed files with 1440 additions and 40 deletions
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -313,6 +313,28 @@ service AdminService {
        };
    }

+    // Get OIDC settings (e.g token lifetimes, etc.)
+    rpc GetOIDCSettings(GetOIDCSettingsRequest) returns (GetOIDCSettingsResponse) {
+        option (google.api.http) = {
+            get: "/settings/oidc";
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "iam.read";
+        };
+    }
+
+    // Update oidc settings (e.g token lifetimes, etc)
+    rpc UpdateOIDCSettings(UpdateOIDCSettingsRequest) returns (UpdateOIDCSettingsResponse) {
+        option (google.api.http) = {
+            put: "/settings/oidc";
+            body: "*"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "iam.write";
+        };
+    }

    // Returns an organisation by id
    rpc GetOrgByID(GetOrgByIDRequest) returns (GetOrgByIDResponse) {
@@ -2539,6 +2561,24 @@ message UpdateSMSProviderTwilioTokenResponse {
    zitadel.v1.ObjectDetails details = 1;
 }

+// This is an empty request
+message GetOIDCSettingsRequest {}
+
+message GetOIDCSettingsResponse {
+    zitadel.settings.v1.OIDCSettings settings = 1;
+}
+
+message UpdateOIDCSettingsRequest {
+    google.protobuf.Duration  access_token_lifetime   = 1;
+    google.protobuf.Duration  id_token_lifetime   = 2;
+    google.protobuf.Duration  refresh_token_idle_expiration   = 3;
+    google.protobuf.Duration  refresh_token_expiration   = 4;
+}
+
+message UpdateOIDCSettingsResponse {
+    zitadel.v1.ObjectDetails details = 1;
+}
+
 // if name or domain is already in use, org is not unique
 message IsOrgUniqueRequest {
    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
--- a/proto/zitadel/settings.proto
+++ b/proto/zitadel/settings.proto
@@ -20,7 +20,6 @@ message SecretGenerator {
  bool include_symbols = 8;
 }

-
 message SecretGeneratorQuery {
  oneof query {
    option (validate.required) = true;
@@ -67,9 +66,16 @@ message TwilioConfig {
  string sender_number = 2;
 }

-
 enum SMSProviderConfigState {
  SMS_PROVIDER_CONFIG_STATE_UNSPECIFIED = 0;
  SMS_PROVIDER_CONFIG_ACTIVE = 1;
  SMS_PROVIDER_CONFIG_INACTIVE = 2;
 }
+
+message OIDCSettings {
+  zitadel.v1.ObjectDetails details = 1;
+  google.protobuf.Duration  access_token_lifetime = 2;
+  google.protobuf.Duration  id_token_lifetime = 3;
+  google.protobuf.Duration  refresh_token_idle_expiration = 4;
+  google.protobuf.Duration  refresh_token_expiration = 5;
+}