TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-10-23 08:24:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(api): add oidc and jwt provider template (#5290)

Browse Source 
Adds possibility to manage OIDC and JWT template based providers
This commit is contained in:
Livio Spring
2023-02-27 16:32:18 +01:00
committed by GitHub
parent 9396e8b2f5
commit 80003939ad
29 changed files with 4338 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
proto/zitadel/admin.proto
View File

@@ -1272,6 +1272,54 @@ service AdminService {
};
}
// Add a new OIDC identity provider on the instance
rpc AddGenericOIDCProvider(AddGenericOIDCProviderRequest) returns (AddGenericOIDCProviderResponse) {
option (google.api.http) = {
post: "/idps/generic_oidc"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
}
// Change an existing OIDC identity provider on the instance
rpc UpdateGenericOIDCProvider(UpdateGenericOIDCProviderRequest) returns (UpdateGenericOIDCProviderResponse) {
option (google.api.http) = {
put: "/idps/generic_oidc/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
}
// Add a new JWT identity provider on the instance
rpc AddJWTProvider(AddJWTProviderRequest) returns (AddJWTProviderResponse) {
option (google.api.http) = {
post: "/idps/generic_jwt"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
}
// Change an existing JWT identity provider on the instance
rpc UpdateJWTProvider(UpdateJWTProviderRequest) returns (UpdateJWTProviderResponse) {
option (google.api.http) = {
put: "/idps/generic_jwt/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
}
// Add a new Google identity provider on the instance
rpc AddGoogleProvider(AddGoogleProviderRequest) returns (AddGoogleProviderResponse) {
option (google.api.http) = {
@@ -4316,6 +4364,63 @@ message UpdateGenericOAuthProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGenericOIDCProviderRequest {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
zitadel.idp.v1.Options provider_options = 6;
}
message AddGenericOIDCProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGenericOIDCProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_id = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
// client_secret will only be updated if provided
string client_secret = 5 [(validate.rules).string = {max_len: 200}];
repeated string scopes = 6 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
zitadel.idp.v1.Options provider_options = 7;
}
message UpdateGenericOIDCProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddJWTProviderRequest {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string jwt_endpoint = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string keys_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string header_name = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
zitadel.idp.v1.Options provider_options = 6 [(validate.rules).message = {required: true}];
}
message AddJWTProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateJWTProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string jwt_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string keys_endpoint = 5 [(validate.rules).string = {max_len: 200}];
string header_name = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
zitadel.idp.v1.Options provider_options = 7 [(validate.rules).message = {required: true}];
}
message UpdateJWTProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGoogleProviderRequest {
// Google will be used as default, if no name is provided
string name = 1 [(validate.rules).string = {max_len: 200}];

8
proto/zitadel/idp.proto
View File

@@ -264,6 +264,8 @@ message ProviderConfig {
LDAPConfig ldap = 2;
GoogleConfig google = 3;
OAuthConfig oauth = 4;
GenericOIDCConfig oidc = 5;
JWTConfig jwt = 6;
}
}
message OAuthConfig {
@@ -274,6 +276,12 @@ message OAuthConfig {
repeated string scopes = 5;
}
message GenericOIDCConfig {
string issuer = 1;
string client_id = 2;
repeated string scopes = 3;
}
message GoogleConfig {
string client_id = 1;
repeated string scopes = 2;

105
proto/zitadel/management.proto
View File

@@ -4393,6 +4393,54 @@ service ManagementService {
};
}
// Add a new OIDC identity provider in the organisation
rpc AddGenericOIDCProvider(AddGenericOIDCProviderRequest) returns (AddGenericOIDCProviderResponse) {
option (google.api.http) = {
post: "/idps/generic_oidc"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
};
}
// Change an existing OIDC identity provider in the organisation
rpc UpdateGenericOIDCProvider(UpdateGenericOIDCProviderRequest) returns (UpdateGenericOIDCProviderResponse) {
option (google.api.http) = {
put: "/idps/generic_oidc/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
};
}
// Add a new JWT identity provider in the organisation
rpc AddJWTProvider(AddJWTProviderRequest) returns (AddJWTProviderResponse) {
option (google.api.http) = {
post: "/idps/generic_jwt"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
};
}
// Change an existing JWT identity provider in the organisation
rpc UpdateJWTProvider(UpdateJWTProviderRequest) returns (UpdateJWTProviderResponse) {
option (google.api.http) = {
put: "/idps/generic_jwt/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
};
}
// Add a new Google identity provider in the organisation
rpc AddGoogleProvider(AddGoogleProviderRequest) returns (AddGoogleProviderResponse) {
option (google.api.http) = {
@@ -7930,6 +7978,63 @@ message UpdateGenericOAuthProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGenericOIDCProviderRequest {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
zitadel.idp.v1.Options provider_options = 6;
}
message AddGenericOIDCProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGenericOIDCProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_id = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
// client_secret will only be updated if provided
string client_secret = 5 [(validate.rules).string = {max_len: 200}];
repeated string scopes = 6 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
zitadel.idp.v1.Options provider_options = 7;
}
message UpdateGenericOIDCProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddJWTProviderRequest {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string jwt_endpoint = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string keys_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string header_name = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
zitadel.idp.v1.Options provider_options = 6;
}
message AddJWTProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateJWTProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string jwt_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string keys_endpoint = 5 [(validate.rules).string = {max_len: 200}];
string header_name = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
zitadel.idp.v1.Options provider_options = 7;
}
message UpdateJWTProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGoogleProviderRequest {
// Google will be used as default, if no name is provided
string name = 1 [(validate.rules).string = {max_len: 200}];