fix(api): naming cleanup in user and session service (#6379)

* fix(api): rename first and last name to given and family name, intent to idp_intent, remove _ actions

* fix merge

* fully rename intent to idp intent in api

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

README.md

@@ -32,11 +32,11 @@
 
 Do you look for a user management that's quickly set up like Auth0 and open source like Keycloak?
 
-Do you have project that requires a multi-tenant user management with self-service for your customers?
+Do you have a project that requires multi-tenant user management with self-service for your customers?
 
 Look no further — ZITADEL combines the ease of Auth0 with the versatility of Keycloak.
 
-We provide you with a wide range of out of the box features to accelerate your project.
+We provide you with a wide range of out-of-the-box features to accelerate your project.
 Multi-tenancy with branding customization, secure login, self-service, OpenID Connect, OAuth2.x, SAML2, LDAP, Passwordless with FIDO2 (including Passkeys), OTP, U2F, and an unlimited audit trail is there for you, ready to use.
 
 With ZITADEL you can rely on a hardened and extensible turnkey solution to solve all of your authentication and authorization needs.

docs/docs/guides/integrate/login-ui/_select-account.mdx

@@ -9,7 +9,7 @@ The list of session IDs can be sent in the “search sessions” request to get
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2alpha/sessions/_search \
+  --url https://$ZITADEL_DOMAIN/v2alpha/sessions/search \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/external-login.mdx

@@ -20,17 +20,18 @@ Send the following two URLs in the request body:
 2. ErrorURL: Page that should be shown when an error happens during the authentication
 
 In the response, you will get an authentication URL of the provider you like.
-[Start Identity Provider Flow Documentation](/docs/apis/resources/user_service/user-service-start-identity-provider-flow)
+[Start Identity Provider Intent Documentation](/docs/apis/resources/user_service/user-service-start-identity-provider-intent)
 
 ### Request
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2alpha/users/idps/$IDP_ID/start \
+  --url https://$ZITADEL_DOMAIN/v2alpha/idp_intents/start \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
   --data '{
+  "idp_id": "$IDP_ID",
   "successUrl": "https://custom.com/login/idp/success",
   "failureUrl": "https://custom.com/login/idp/fail"
 }'
@@ -62,15 +63,15 @@ After the user has successfully authenticated, a redirect to the ZITADEL backend
 
 ## Get Provider Information
 
-ZITADEL will take the information of the provider. After this, a redirect will be made to either the success page in case of a successful login or to the error page in case of a failure will be performed. In the parameters, you will provide the intentID, a token, and optionally, if a user could be found, a user ID.
+ZITADEL will take the information of the provider. After this, a redirect will be made to either the success page in case of a successful login or to the error page in case of a failure will be performed. In the parameters, you will provide the IDP intentID, a token, and optionally, if a user could be found, a user ID.
 
 To get the information of the provider, make a request to ZITADEL.
-[Get Identity Provider Information Documentation](/docs/apis/resources/user_service/user-service-retrieve-identity-provider-information)
+[Retrieve Identity Provider Intent Documentation](/docs/apis/resources/user_service/user-service-retrieve-identity-provider-intent)
 
 ### Request
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2alpha/users/intents/$INTENT_ID/information \
+  --url https://$ZITADEL_DOMAIN/v2alpha/idp_intents/$INTENT_ID \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''\
   --header 'Content-Type: application/json' \
@@ -120,7 +121,7 @@ After successfully authenticating using your identity provider, you have three p
 ### Login
 
 If you did get a user ID in the parameters when calling your success page, you know that a user is already linked with the used identity provider and you are ready to perform the login.
-Create a new session and include the intent ID and the token in the checks.
+Create a new session and include the IDP intent ID and the token in the checks.
 This check requires that the previous step ended on the successful page and didn't’t result in an error.
 
 #### Request
@@ -136,9 +137,9 @@ curl --request POST \
 	"user": {
       		"userId": "218662596918640897"
     	},
-	"intent": {
+	"idpIntent": {
-      		"intentId": "219647325729980673",
+      		"idpIntentId": "219647325729980673",
-      		"token": "k86ihn-VLMMUGKy1q1b5i_foECspKYqei1l4mS8LT7Xzjw"
+      		"idpIntentToken": "k86ihn-VLMMUGKy1q1b5i_foECspKYqei1l4mS8LT7Xzjw"
     	}
   }
 }'
@@ -164,8 +165,8 @@ curl --request POST \
   --data '{
   "username": "minni-mouse@mouse.com",
   "profile": {
-    "firstName": "Minnie",
+    "givenName": "Minnie",
-    "lastName": "Mouse",
+    "familyName": "Mouse",
     "nickName": "Mini",
     "displayName": "Minnie Mouse",
     "preferredLanguage": "en",

docs/docs/guides/integrate/login-ui/mfa.mdx

@@ -69,7 +69,7 @@ Request Example:
 
 ```bash
 curl --request POST \
-  --url https://$ZITADEL_DOMAIN/v2alpha/users/$USER_ID/totp/_verify \
+  --url https://$ZITADEL_DOMAIN/v2alpha/users/$USER_ID/totp/verify \
   --header 'Accept: application/json' \
   --header 'Authorization: Bearer '"$TOKEN"''
   --header 'Content-Type: application/json' \

docs/docs/guides/integrate/login-ui/username-password.mdx

@@ -24,8 +24,8 @@ curl --request POST \
   "userId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
   "username": "minnie-mouse",
   "profile": {
-    "firstName": "Minnie",
+    "givenName": "Minnie",
-    "lastName": "Mouse",
+    "familyName": "Mouse",
     "nickName": "Mini",
     "displayName": "Minnie Mouse",
     "preferredLanguage": "en",

internal/api/grpc/org/v2/org_integration_test.go

@@ -89,8 +89,8 @@ func TestServer_AddOrganization(t *testing.T) {
 						UserType: &org.AddOrganizationRequest_Admin_Human{
 							Human: &user.AddHumanUserRequest{
 								Profile: &user.SetHumanProfile{
-									FirstName: "firstname",
+									GivenName:  "firstname",
-									LastName:  "lastname",
+									FamilyName: "lastname",
 								},
 								Email: &user.SetHumanEmail{
 									Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()),
@@ -127,8 +127,8 @@ func TestServer_AddOrganization(t *testing.T) {
 						UserType: &org.AddOrganizationRequest_Admin_Human{
 							Human: &user.AddHumanUserRequest{
 								Profile: &user.SetHumanProfile{
-									FirstName: "firstname",
+									GivenName:  "firstname",
-									LastName:  "lastname",
+									FamilyName: "lastname",
 								},
 								Email: &user.SetHumanEmail{
 									Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()),

internal/api/grpc/org/v2/org_test.go

@@ -74,8 +74,8 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
 							UserType: &org.AddOrganizationRequest_Admin_Human{
 								Human: &user.AddHumanUserRequest{
 									Profile: &user.SetHumanProfile{
-										FirstName: "firstname",
+										GivenName:  "firstname",
-										LastName:  "lastname",
+										FamilyName: "lastname",
 									},
 									Email: &user.SetHumanEmail{
 										Email: "email@test.com",

internal/api/grpc/session/v2/session.go

@@ -251,8 +251,8 @@ func (s *Server) checksToCommand(ctx context.Context, checks *session.Checks) ([
 	if password := checks.GetPassword(); password != nil {
 		sessionChecks = append(sessionChecks, command.CheckPassword(password.GetPassword()))
 	}
-	if intent := checks.GetIntent(); intent != nil {
+	if intent := checks.GetIdpIntent(); intent != nil {
-		sessionChecks = append(sessionChecks, command.CheckIntent(intent.GetIntentId(), intent.GetToken()))
+		sessionChecks = append(sessionChecks, command.CheckIntent(intent.GetIdpIntentId(), intent.GetIdpIntentToken()))
 	}
 	if passkey := checks.GetWebAuthN(); passkey != nil {
 		sessionChecks = append(sessionChecks, s.command.CheckWebAuthN(passkey.GetCredentialAssertionData()))

internal/api/grpc/session/v2/session_integration_test.go

@@ -263,9 +263,9 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
 		SessionId:    createResp.GetSessionId(),
 		SessionToken: createResp.GetSessionToken(),
 		Checks: &session.Checks{
-			Intent: &session.CheckIntent{
+			IdpIntent: &session.CheckIDPIntent{
-				IntentId: intentID,
+				IdpIntentId:    intentID,
-				Token:    token,
+				IdpIntentToken: token,
 			},
 		},
 	})
@@ -294,9 +294,9 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
 		SessionId:    createResp.GetSessionId(),
 		SessionToken: createResp.GetSessionToken(),
 		Checks: &session.Checks{
-			Intent: &session.CheckIntent{
+			IdpIntent: &session.CheckIDPIntent{
-				IntentId: intentID,
+				IdpIntentId:    intentID,
-				Token:    token,
+				IdpIntentToken: token,
 			},
 		},
 	})
@@ -306,9 +306,9 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
 		SessionId:    createResp.GetSessionId(),
 		SessionToken: createResp.GetSessionToken(),
 		Checks: &session.Checks{
-			Intent: &session.CheckIntent{
+			IdpIntent: &session.CheckIDPIntent{
-				IntentId: intentID,
+				IdpIntentId:    intentID,
-				Token:    token,
+				IdpIntentToken: token,
 			},
 		},
 	})
@@ -336,9 +336,9 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
 		SessionId:    createResp.GetSessionId(),
 		SessionToken: createResp.GetSessionToken(),
 		Checks: &session.Checks{
-			Intent: &session.CheckIntent{
+			IdpIntent: &session.CheckIDPIntent{
-				IntentId: intentID,
+				IdpIntentId:    intentID,
-				Token:    "false",
+				IdpIntentToken: "false",
 			},
 		},
 	})

internal/api/grpc/user/v2/user.go

@@ -72,8 +72,8 @@ func AddUserRequestToAddHuman(req *user.AddHumanUserRequest) (*command.AddHuman,
 	return &command.AddHuman{
 		ID:          req.GetUserId(),
 		Username:    username,
-		FirstName:   req.GetProfile().GetFirstName(),
+		FirstName:   req.GetProfile().GetGivenName(),
-		LastName:    req.GetProfile().GetLastName(),
+		LastName:    req.GetProfile().GetFamilyName(),
 		NickName:    req.GetProfile().GetNickName(),
 		DisplayName: req.GetProfile().GetDisplayName(),
 		Email: command.Email{
@@ -129,18 +129,18 @@ func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_
 	}, nil
 }
 
-func (s *Server) StartIdentityProviderFlow(ctx context.Context, req *user.StartIdentityProviderFlowRequest) (_ *user.StartIdentityProviderFlowResponse, err error) {
+func (s *Server) StartIdentityProviderIntent(ctx context.Context, req *user.StartIdentityProviderIntentRequest) (_ *user.StartIdentityProviderIntentResponse, err error) {
 	switch t := req.GetContent().(type) {
-	case *user.StartIdentityProviderFlowRequest_Urls:
+	case *user.StartIdentityProviderIntentRequest_Urls:
 		return s.startIDPIntent(ctx, req.GetIdpId(), t.Urls)
-	case *user.StartIdentityProviderFlowRequest_Ldap:
+	case *user.StartIdentityProviderIntentRequest_Ldap:
 		return s.startLDAPIntent(ctx, req.GetIdpId(), t.Ldap)
 	default:
-		return nil, errors.ThrowUnimplementedf(nil, "USERv2-S2g21", "type oneOf %T in method StartIdentityProviderFlow not implemented", t)
+		return nil, errors.ThrowUnimplementedf(nil, "USERv2-S2g21", "type oneOf %T in method StartIdentityProviderIntent not implemented", t)
 	}
 }
 
-func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.RedirectURLs) (*user.StartIdentityProviderFlowResponse, error) {
+func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.RedirectURLs) (*user.StartIdentityProviderIntentResponse, error) {
 	intentWriteModel, details, err := s.command.CreateIntent(ctx, idpID, urls.GetSuccessUrl(), urls.GetFailureUrl(), authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
@@ -149,13 +149,13 @@ func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.Re
 	if err != nil {
 		return nil, err
 	}
-	return &user.StartIdentityProviderFlowResponse{
+	return &user.StartIdentityProviderIntentResponse{
 		Details:  object.DomainToDetailsPb(details),
-		NextStep: &user.StartIdentityProviderFlowResponse_AuthUrl{AuthUrl: authURL},
+		NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{AuthUrl: authURL},
 	}, nil
 }
 
-func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*user.StartIdentityProviderFlowResponse, error) {
+func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*user.StartIdentityProviderIntentResponse, error) {
 	intentWriteModel, details, err := s.command.CreateIntent(ctx, idpID, "", "", authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
@@ -171,9 +171,9 @@ func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredenti
 	if err != nil {
 		return nil, err
 	}
-	return &user.StartIdentityProviderFlowResponse{
+	return &user.StartIdentityProviderIntentResponse{
 		Details:  object.DomainToDetailsPb(details),
-		NextStep: &user.StartIdentityProviderFlowResponse_Intent{Intent: &user.Intent{IntentId: intentWriteModel.AggregateID, Token: token}},
+		NextStep: &user.StartIdentityProviderIntentResponse_IdpIntent{IdpIntent: &user.IDPIntent{IdpIntentId: intentWriteModel.AggregateID, IdpIntentToken: token}},
 	}, nil
 }
 
@@ -228,27 +228,27 @@ func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string
 	return externalUser, userID, attributes, nil
 }
 
-func (s *Server) RetrieveIdentityProviderInformation(ctx context.Context, req *user.RetrieveIdentityProviderInformationRequest) (_ *user.RetrieveIdentityProviderInformationResponse, err error) {
+func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.RetrieveIdentityProviderIntentRequest) (_ *user.RetrieveIdentityProviderIntentResponse, err error) {
-	intent, err := s.command.GetIntentWriteModel(ctx, req.GetIntentId(), authz.GetCtxData(ctx).OrgID)
+	intent, err := s.command.GetIntentWriteModel(ctx, req.GetIdpIntentId(), authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
-	if err := s.checkIntentToken(req.GetToken(), intent.AggregateID); err != nil {
+	if err := s.checkIntentToken(req.GetIdpIntentToken(), intent.AggregateID); err != nil {
 		return nil, err
 	}
 	if intent.State != domain.IDPIntentStateSucceeded {
 		return nil, errors.ThrowPreconditionFailed(nil, "IDP-Hk38e", "Errors.Intent.NotSucceeded")
 	}
-	return intentToIDPInformationPb(intent, s.idpAlg)
+	return idpIntentToIDPIntentPb(intent, s.idpAlg)
 }
 
-func intentToIDPInformationPb(intent *command.IDPIntentWriteModel, alg crypto.EncryptionAlgorithm) (_ *user.RetrieveIdentityProviderInformationResponse, err error) {
+func idpIntentToIDPIntentPb(intent *command.IDPIntentWriteModel, alg crypto.EncryptionAlgorithm) (_ *user.RetrieveIdentityProviderIntentResponse, err error) {
 	rawInformation := new(structpb.Struct)
 	err = rawInformation.UnmarshalJSON(intent.IDPUser)
 	if err != nil {
 		return nil, err
 	}
-	information := &user.RetrieveIdentityProviderInformationResponse{
+	information := &user.RetrieveIdentityProviderIntentResponse{
 		Details: intentToDetailsPb(intent),
 		IdpInformation: &user.IDPInformation{
 			IdpId:          intent.IDPID,

internal/api/grpc/user/v2/user_integration_test.go

@@ -67,8 +67,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -108,8 +108,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -153,8 +153,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -199,8 +199,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -246,8 +246,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -318,8 +318,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -352,8 +352,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -399,8 +399,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -451,8 +451,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -490,8 +490,8 @@ func TestServer_AddHumanUser(t *testing.T) {
 						},
 					},
 					Profile: &user.SetHumanProfile{
-						FirstName:         "Donald",
+						GivenName:         "Donald",
-						LastName:          "Duck",
+						FamilyName:        "Duck",
 						NickName:          gu.Ptr("Dukkie"),
 						DisplayName:       gu.Ptr("Donald Duck"),
 						PreferredLanguage: gu.Ptr("en"),
@@ -622,23 +622,23 @@ func TestServer_AddIDPLink(t *testing.T) {
 	}
 }
 
-func TestServer_StartIdentityProviderFlow(t *testing.T) {
+func TestServer_StartIdentityProviderIntent(t *testing.T) {
 	idpID := Tester.AddGenericOAuthProvider(t)
 	type args struct {
 		ctx context.Context
-		req *user.StartIdentityProviderFlowRequest
+		req *user.StartIdentityProviderIntentRequest
 	}
 	tests := []struct {
 		name    string
 		args    args
-		want    *user.StartIdentityProviderFlowResponse
+		want    *user.StartIdentityProviderIntentResponse
 		wantErr bool
 	}{
 		{
 			name: "missing urls",
 			args: args{
 				CTX,
-				&user.StartIdentityProviderFlowRequest{
+				&user.StartIdentityProviderIntentRequest{
 					IdpId: idpID,
 				},
 			},
@@ -649,9 +649,9 @@ func TestServer_StartIdentityProviderFlow(t *testing.T) {
 			name: "next step auth url",
 			args: args{
 				CTX,
-				&user.StartIdentityProviderFlowRequest{
+				&user.StartIdentityProviderIntentRequest{
 					IdpId: idpID,
-					Content: &user.StartIdentityProviderFlowRequest_Urls{
+					Content: &user.StartIdentityProviderIntentRequest_Urls{
 						Urls: &user.RedirectURLs{
 							SuccessUrl: "https://example.com/success",
 							FailureUrl: "https://example.com/failure",
@@ -659,12 +659,12 @@ func TestServer_StartIdentityProviderFlow(t *testing.T) {
 					},
 				},
 			},
-			want: &user.StartIdentityProviderFlowResponse{
+			want: &user.StartIdentityProviderIntentResponse{
 				Details: &object.Details{
 					ChangeDate:    timestamppb.Now(),
 					ResourceOwner: Tester.Organisation.ID,
 				},
-				NextStep: &user.StartIdentityProviderFlowResponse_AuthUrl{
+				NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{
 					AuthUrl: "https://example.com/oauth/v2/authorize?client_id=clientID&prompt=select_account&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=",
 				},
 			},
@@ -673,7 +673,7 @@ func TestServer_StartIdentityProviderFlow(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := Client.StartIdentityProviderFlow(tt.args.ctx, tt.args.req)
+			got, err := Client.StartIdentityProviderIntent(tt.args.ctx, tt.args.req)
 			if tt.wantErr {
 				require.Error(t, err)
 			} else {
@@ -690,28 +690,28 @@ func TestServer_StartIdentityProviderFlow(t *testing.T) {
 	}
 }
 
-func TestServer_RetrieveIdentityProviderInformation(t *testing.T) {
+func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 	idpID := Tester.AddGenericOAuthProvider(t)
 	intentID := Tester.CreateIntent(t, idpID)
 	successfulID, token, changeDate, sequence := Tester.CreateSuccessfulOAuthIntent(t, idpID, "", "id")
 	ldapSuccessfulID, ldapToken, ldapChangeDate, ldapSequence := Tester.CreateSuccessfulLDAPIntent(t, idpID, "", "id")
 	type args struct {
 		ctx context.Context
-		req *user.RetrieveIdentityProviderInformationRequest
+		req *user.RetrieveIdentityProviderIntentRequest
 	}
 	tests := []struct {
 		name    string
 		args    args
-		want    *user.RetrieveIdentityProviderInformationResponse
+		want    *user.RetrieveIdentityProviderIntentResponse
 		wantErr bool
 	}{
 		{
 			name: "failed intent",
 			args: args{
 				CTX,
-				&user.RetrieveIdentityProviderInformationRequest{
+				&user.RetrieveIdentityProviderIntentRequest{
-					IntentId: intentID,
+					IdpIntentId:    intentID,
-					Token:    "",
+					IdpIntentToken: "",
 				},
 			},
 			wantErr: true,
@@ -720,9 +720,9 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) {
 			name: "wrong token",
 			args: args{
 				CTX,
-				&user.RetrieveIdentityProviderInformationRequest{
+				&user.RetrieveIdentityProviderIntentRequest{
-					IntentId: successfulID,
+					IdpIntentId:    successfulID,
-					Token:    "wrong token",
+					IdpIntentToken: "wrong token",
 				},
 			},
 			wantErr: true,
@@ -731,12 +731,12 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) {
 			name: "retrieve successful intent",
 			args: args{
 				CTX,
-				&user.RetrieveIdentityProviderInformationRequest{
+				&user.RetrieveIdentityProviderIntentRequest{
-					IntentId: successfulID,
+					IdpIntentId:    successfulID,
-					Token:    token,
+					IdpIntentToken: token,
 				},
 			},
-			want: &user.RetrieveIdentityProviderInformationResponse{
+			want: &user.RetrieveIdentityProviderIntentResponse{
 				Details: &object.Details{
 					ChangeDate:    timestamppb.New(changeDate),
 					ResourceOwner: Tester.Organisation.ID,
@@ -768,12 +768,12 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) {
 			name: "retrieve successful ldap intent",
 			args: args{
 				CTX,
-				&user.RetrieveIdentityProviderInformationRequest{
+				&user.RetrieveIdentityProviderIntentRequest{
-					IntentId: ldapSuccessfulID,
+					IdpIntentId:    ldapSuccessfulID,
-					Token:    ldapToken,
+					IdpIntentToken: ldapToken,
 				},
 			},
-			want: &user.RetrieveIdentityProviderInformationResponse{
+			want: &user.RetrieveIdentityProviderIntentResponse{
 				Details: &object.Details{
 					ChangeDate:    timestamppb.New(ldapChangeDate),
 					ResourceOwner: Tester.Organisation.ID,
@@ -812,7 +812,7 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := Client.RetrieveIdentityProviderInformation(tt.args.ctx, tt.args.req)
+			got, err := Client.RetrieveIdentityProviderIntent(tt.args.ctx, tt.args.req)
 			if tt.wantErr {
 				require.Error(t, err)
 			} else {

internal/api/grpc/user/v2/user_test.go

@@ -24,7 +24,7 @@ import (
 
 var ignoreTypes = []protoreflect.FullName{"google.protobuf.Duration", "google.protobuf.Struct"}
 
-func Test_intentToIDPInformationPb(t *testing.T) {
+func Test_idpIntentToIDPIntentPb(t *testing.T) {
 	decryption := func(err error) crypto.EncryptionAlgorithm {
 		mCrypto := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t))
 		mCrypto.EXPECT().Algorithm().Return("enc")
@@ -44,7 +44,7 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 		alg    crypto.EncryptionAlgorithm
 	}
 	type res struct {
-		resp *user.RetrieveIdentityProviderInformationResponse
+		resp *user.RetrieveIdentityProviderIntentResponse
 		err  error
 	}
 	tests := []struct {
@@ -113,7 +113,7 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 				alg: decryption(nil),
 			},
 			res{
-				resp: &user.RetrieveIdentityProviderInformationResponse{
+				resp: &user.RetrieveIdentityProviderIntentResponse{
 					Details: &object_pb.Details{
 						Sequence:      123,
 						ChangeDate:    timestamppb.New(time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local)),
@@ -166,7 +166,7 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 				},
 			},
 			res{
-				resp: &user.RetrieveIdentityProviderInformationResponse{
+				resp: &user.RetrieveIdentityProviderIntentResponse{
 					Details: &object_pb.Details{
 						Sequence:      123,
 						ChangeDate:    timestamppb.New(time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local)),
@@ -205,7 +205,7 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := intentToIDPInformationPb(tt.args.intent, tt.args.alg)
+			got, err := idpIntentToIDPIntentPb(tt.args.intent, tt.args.alg)
 			require.ErrorIs(t, err, tt.res.err)
 			grpc.AllFieldsEqual(t, tt.res.resp.ProtoReflect(), got.ProtoReflect(), grpc.CustomMappers)
 		})

internal/integration/client.go

@@ -87,8 +87,8 @@ func (s *Tester) CreateHumanUser(ctx context.Context) *user.AddHumanUserResponse
 			},
 		},
 		Profile: &user.SetHumanProfile{
-			FirstName: "Mickey",
+			GivenName:  "Mickey",
-			LastName:  "Mouse",
+			FamilyName: "Mouse",
 		},
 		Email: &user.SetHumanEmail{
 			Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()),

proto/zitadel/session/v2alpha/session_service.proto

@@ -79,7 +79,7 @@ service SessionService {
   // Search sessions
   rpc ListSessions (ListSessionsRequest) returns (ListSessionsResponse) {
     option (google.api.http) = {
-      post: "/v2alpha/sessions/_search"
+      post: "/v2alpha/sessions/search"
       body: "*"
     };
 
@@ -341,9 +341,9 @@ message Checks {
       description: "\"Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request.\"";
     }
   ];
-  optional CheckIntent intent = 4 [
+  optional CheckIDPIntent idp_intent = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "\"Checks the intent. Requires that the userlink is already checked and a successful intent.\"";
+      description: "\"Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent.\"";
     }
   ];
   optional CheckTOTP totp = 5 [
@@ -397,20 +397,20 @@ message CheckWebAuthN {
   ];
 }
 
-message CheckIntent {
+message CheckIDPIntent {
-  string intent_id = 1 [
+  string idp_intent_id = 1 [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "ID of the intent, previously returned on the success response of the IDP callback"
+      description: "ID of the idp intent, previously returned on the success response of the IDP callback"
       min_length: 1;
       max_length: 200;
       example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
     }
   ];
-  string token = 2 [
+  string idp_intent_token = 2 [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "token of the intent, previously returned on the success response of the IDP callback"
+      description: "token of the idp intent, previously returned on the success response of the IDP callback"
       min_length: 1;
       max_length: 200;
       example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\"";

proto/zitadel/user/v2alpha/idp.proto

@@ -51,18 +51,18 @@ message RedirectURLs {
   ];
 }
 
-message Intent {
+message IDPIntent {
-  string intent_id = 1 [
+  string idp_intent_id = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "ID of the intent"
+      description: "ID of the IDP intent"
       min_length: 1;
       max_length: 200;
       example: "\"163840776835432705=\"";
     }
   ];
-  string token = 2 [
+  string idp_intent_token = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "token of the intent"
+      description: "token of the IDP intent"
       min_length: 1;
       max_length: 200;
       example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\"";

proto/zitadel/user/v2alpha/user.proto

@@ -20,7 +20,7 @@ enum Gender {
 }
 
 message SetHumanProfile {
-  string first_name = 1  [
+  string given_name = 1  [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (google.api.field_behavior) = REQUIRED,
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -29,7 +29,7 @@ message SetHumanProfile {
       example: "\"Minnie\"";
     }
   ];
-  string last_name = 2  [
+  string family_name = 2  [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (google.api.field_behavior) = REQUIRED,
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {

proto/zitadel/user/v2alpha/user_service.proto

@@ -137,7 +137,7 @@ service UserService {
   // Verify the email with the provided code
   rpc VerifyEmail (VerifyEmailRequest) returns (VerifyEmailResponse) {
     option (google.api.http) = {
-      post: "/v2alpha/users/{user_id}/email/_verify"
+      post: "/v2alpha/users/{user_id}/email/verify"
       body: "*"
     };
 
@@ -187,7 +187,7 @@ service UserService {
   // Verify the phone with the provided code
   rpc VerifyPhone (VerifyPhoneRequest) returns (VerifyPhoneResponse) {
     option (google.api.http) = {
-      post: "/v2alpha/users/{user_id}/phone/_verify"
+      post: "/v2alpha/users/{user_id}/phone/verify"
       body: "*"
     };
 
@@ -347,7 +347,7 @@ service UserService {
 
   rpc VerifyTOTPRegistration (VerifyTOTPRegistrationRequest) returns (VerifyTOTPRegistrationResponse) {
     option (google.api.http) = {
-      post: "/v2alpha/users/{user_id}/totp/_verify"
+      post: "/v2alpha/users/{user_id}/totp/verify"
       body: "*"
     };
 
@@ -459,9 +459,9 @@ service UserService {
   }
 
   // Start an IDP authentication (for external login, registration or linking)
-  rpc StartIdentityProviderFlow (StartIdentityProviderFlowRequest) returns (StartIdentityProviderFlowResponse) {
+  rpc StartIdentityProviderIntent (StartIdentityProviderIntentRequest) returns (StartIdentityProviderIntentResponse) {
     option (google.api.http) = {
-      post: "/v2alpha/users/idps/{idp_id}/start"
+      post: "/v2alpha/idp_intents/start"
       body: "*"
     };
 
@@ -483,9 +483,9 @@ service UserService {
     };
   }
 
-  rpc RetrieveIdentityProviderInformation (RetrieveIdentityProviderInformationRequest) returns (RetrieveIdentityProviderInformationResponse) {
+  rpc RetrieveIdentityProviderIntent (RetrieveIdentityProviderIntentRequest) returns (RetrieveIdentityProviderIntentResponse) {
     option (google.api.http) = {
-      post: "/v2alpha/users/intents/{intent_id}/information"
+      post: "/v2alpha/idp_intents/{idp_intent_id}"
       body: "*"
     };
 
@@ -510,7 +510,7 @@ service UserService {
   // Link an IDP to an existing user
   rpc AddIDPLink (AddIDPLinkRequest) returns (AddIDPLinkResponse) {
     option (google.api.http) = {
-      post: "/v2alpha/users/users/{user_id}/links"
+      post: "/v2alpha/users/{user_id}/links"
       body: "*"
     };
 
@@ -1072,7 +1072,7 @@ message CreatePasskeyRegistrationLinkResponse{
   ];
 }
 
-message StartIdentityProviderFlowRequest{
+message StartIdentityProviderIntentRequest{
   string idp_id = 1 [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -1089,7 +1089,7 @@ message StartIdentityProviderFlowRequest{
   }
 }
 
-message StartIdentityProviderFlowResponse{
+message StartIdentityProviderIntentResponse{
   zitadel.object.v2alpha.Details details = 1;
   oneof next_step {
     string auth_url = 2 [
@@ -1098,28 +1098,28 @@ message StartIdentityProviderFlowResponse{
         example: "\"https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback\"";
       }
     ];
-    Intent intent = 3 [
+    IDPIntent idp_intent = 3 [
       (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-        description: "Intent information"
+        description: "IDP Intent information"
       }
     ];
   }
 }
 
-message RetrieveIdentityProviderInformationRequest{
+message RetrieveIdentityProviderIntentRequest{
-  string intent_id = 1 [
+  string idp_intent_id = 1 [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "ID of the intent, previously returned on the success response of the IDP callback"
+      description: "ID of the idp intent, previously returned on the success response of the IDP callback"
       min_length: 1;
       max_length: 200;
       example: "\"163840776835432705\"";
     }
   ];
-  string token = 2 [
+  string idp_intent_token = 2 [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "token of the intent, previously returned on the success response of the IDP callback"
+      description: "token of the idp intent, previously returned on the success response of the IDP callback"
       min_length: 1;
       max_length: 200;
       example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\"";
@@ -1127,7 +1127,7 @@ message RetrieveIdentityProviderInformationRequest{
   ];
 }
 
-message RetrieveIdentityProviderInformationResponse{
+message RetrieveIdentityProviderIntentResponse{
   zitadel.object.v2alpha.Details details = 1;
   IDPInformation idp_information = 2;
 }