TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 18:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: improve api docs (#5158)

Browse Source 
* integrate docs into nav

* generator for local use, production needs to be set by env

* fix typo

* local dev

* docs: annotate the first user endpoints in the management api

* docs: annotate the first user endpoints in the management api

* docs: annotate the first user endpoints in the management api

* docs: annotate the first user endpoints in the management api

* docs: add header params

* rewrite docs links and improve ci

* tweak build command

* fix path

* Update docs/docusaurus.config.js

Co-authored-by: Max Peintner <max@caos.ch>

* fix docker

* docs: add header params

* docs: Add tags to management api. add some descriptions

* docs: more descriptions

* docs: more descriptions

* docs: required fields

* docs: example request

* docs: example request

* docs: example request

* docs: example request

* docs: example request

* docs: user metadata requests

* docs: user requests

* docs: user requests

* docs: user requests

* docs: user requests

* docs: change nav add first methods to authentication api

* docs: auth api

* docs: auth api

* docs: auth api

* docs: auth api

* docs: auth api

* docs: api sidenav

* chore: use buf without docker

* fix deploy

* fix ci

* fix vercel

* docs: admin

* docs: admin api docs

* docs: admin api docs

* docs: admin api docs

* docs: admin api docs

* docs: security

* docs: security

* docs: admin api

* docs: change to env vars

* docs: auth api

* docs: remove assets, deprecated requests, menu

* reworked page with PaloAltoNetworks/docusaurus-openapi-docs

* works with the resolutions

* fix broken build by adding assets again

* add tags to menu

* chore: improve build speed

* no-minify

* test ssr

* ssr 20

* use lazy

* increase mem

* use default mem

* change names

* docs: remove assets, deprecated requests, menu

* docs: management api

* docs: management api

* docs: management api

* docs: sidebar

* not the best word smithing but it is ;-)

* more typos

* merge main

* fix some error

* trial

* update grpc gateway

* trigger vercel build

* docs: deprecated requests

* docs: deprecated requests

---------

Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
This commit is contained in:
Florian Forster
2023-02-23 12:08:06 +01:00
committed by GitHub
parent 50728129ee
commit aa9518ac02
68 changed files with 7570 additions and 23543 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
proto/zitadel/action.proto
View File

@@ -74,7 +74,7 @@ message ActionNameQuery {
];
}
//ActionStateQuery is always equals
//ActionStateQuery always equals
message ActionStateQuery {
ActionState state = 1 [
(validate.rules).enum.defined_only = true,

1965
proto/zitadel/admin.proto
View File

File diff suppressed because it is too large Load Diff

18
proto/zitadel/app.proto
View File

@@ -106,17 +106,17 @@ message OIDCConfig {
];
OIDCVersion version = 9 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the oidc version used by the application";
description: "the OIDC version used by the application";
}
];
bool none_compliant = 10 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "specifies wheter the config is oidc compliant. A production configuration SHOULD be compliant";
description: "specifies whether the config is OIDC compliant. A production configuration SHOULD be compliant";
}
];
repeated zitadel.v1.LocalizedMessage compliance_problems = 11 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "lists the problems for non compliancy";
description: "lists the problems for non-compliancy";
}
];
bool dev_mode = 12 [
@@ -131,7 +131,7 @@ message OIDCConfig {
];
bool access_token_role_assertion = 14 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "adds roles to the claims of the access token (only if type == jwt) even if they are not requested by scopes";
description: "adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes";
}
];
bool id_token_role_assertion = 15 [
@@ -141,12 +141,12 @@ message OIDCConfig {
];
bool id_token_userinfo_assertion = 16 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the oidc specification";
description: "claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification";
}
];
google.protobuf.Duration clock_skew = 17 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and substracted from \"iat\", \"auth_time\" and \"nbf\" claims";
description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims";
// min: "0s";
// max: "5s";
}
@@ -154,13 +154,13 @@ message OIDCConfig {
repeated string additional_origins = 18 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"https://console.zitadel.ch/auth/callback\"]";
description: "additional origins (other than the redirect_uris) from where the api can be used";
description: "additional origins (other than the redirect_uris) from where the API can be used";
}
];
repeated string allowed_origins = 19 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"https://console.zitadel.ch/auth/callback\"]";
description: "all allowed origins from where the api can be used";
description: "all allowed origins from where the API can be used";
}
];
}
@@ -222,7 +222,7 @@ message APIConfig {
];
APIAuthMethodType auth_method_type = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines how the api passes the login credentials";
description: "defines how the API passes the login credentials";
}
];
}

623
proto/zitadel/auth.proto
View File

File diff suppressed because it is too large Load Diff

14
proto/zitadel/change.proto
View File

@@ -35,7 +35,7 @@ message Change {
];
string resource_owner_id = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the organisation the event belongs to";
description: "the organization the event belongs to";
example: "\"69629023906488334\"";
}
];
@@ -47,23 +47,29 @@ message Change {
];
string editor_avatar_url = 8 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "avatar url of the editor";
description: "avatar URL of the editor";
example: "\"https://api.zitadel.ch/assets/v1/avatar-32432jkh4kj32\"";
}
];
}
message ChangeQuery {
//sequence represents the order of events. It's always upcounting
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
title: "Query for Changes of an Object"
description: "Filter possibility for the changes/history of an Object."
}
};
uint64 sequence = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2\"";
description: "sequence represents the order of events. It's always counting";
}
];
uint32 limit = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "20";
description: "Maximum amount of events returned. Default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If no limit is set or the limit exeeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.";
description: "Maximum amount of events returned. The default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If no limit is set or the limit exceeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.";
}
];
bool asc = 3 [

51
proto/zitadel/event.proto
View File

@@ -15,34 +15,67 @@ message Event {
Editor editor = 1;
Aggregate aggregate = 2;
uint64 sequence = 3;
// The timestamp the event occurred
google.protobuf.Timestamp creation_date = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2019-04-01T08:45:00.000000Z\"";
description: "The timestamp the event occurred";
}
];
google.protobuf.Struct payload = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "{\"firstName\": \"Gigi\", \"lastName\": \"Giraffe\", \"userName\": \"gigi@zitadel.com\", \"displayName\": \"Gigi\"}";
description: "Payload contains the data of the event.";
}
];
google.protobuf.Struct payload = 5;
EventType type = 6;
}
message Editor {
string user_id = 1;
string display_name = 2;
string service = 3;
string user_id = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"165617389845094785\"";
}
];
string display_name = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Minnie Mouse\"";
}
];
string service = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Management-API\"";
}
];
}
message Aggregate {
string id = 1;
string id = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"165617850743094785\"";
}
];
AggregateType type = 2;
string resource_owner = 3;
string resource_owner = 3[
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"165617850930497249\"";
}
];
}
message EventType {
string type = 1;
string type = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"user.human.added\"";
}
];
zitadel.v1.LocalizedMessage localized = 2;
}
message AggregateType {
string type = 1;
string type = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"user\"";
}
];
zitadel.v1.LocalizedMessage localized = 2;
}

10
proto/zitadel/idp.proto
View File

@@ -124,7 +124,7 @@ enum IDPOwnerType {
IDP_OWNER_TYPE_UNSPECIFIED = 0;
// system is managed by the ZITADEL administrators
IDP_OWNER_TYPE_SYSTEM = 1;
// org is managed by de organisation administrators
// org is managed by de organization administrators
IDP_OWNER_TYPE_ORG = 2;
}
@@ -137,7 +137,7 @@ message OIDCConfig {
string issuer = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the oidc issuer of the identity provider";
description: "the OIDC issuer of the identity provider";
}
];
repeated string scopes = 3 [
@@ -170,21 +170,21 @@ message JWTConfig {
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the endpoint where the jwt can be extracted";
description: "the endpoint where the JWT can be extracted";
}
];
string issuer = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the issuer of the jwt (for validation)";
description: "the issuer of the JWT (for validation)";
}
];
string keys_endpoint = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/keys\"";
description: "the endpoint to the key (JWK) which are used to sign the JWT with";
description: "the endpoint to the key (JWK) which is used to sign the JWT with";
}
];
string header_name = 4 [

2
proto/zitadel/instance.proto
View File

@@ -74,7 +74,7 @@ message Query {
}
}
//IdQuery is always equals
//IdQuery always equals
message IdsQuery {
repeated string ids = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {

2553
proto/zitadel/management.proto
View File

File diff suppressed because it is too large Load Diff

6
proto/zitadel/member.proto
View File

@@ -17,7 +17,7 @@ message Member {
zitadel.v1.ObjectDetails details = 2;
repeated string roles = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"role.super.man\"]";
example: "[\"IAM_OWNER\"]";
description: "the role keys granted to the user"
}
];
@@ -36,7 +36,7 @@ message Member {
string first_name = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Gigi\"";
description: "first name of the user"
description: "the first name of the user"
}
];
string last_name = 7 [
@@ -53,7 +53,7 @@ message Member {
];
string avatar_url = 9 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "avatar url of the user"
description: "avatar URL of the user"
example: "\"https://api.zitadel.ch/assets/v1/avatar-32432jkh4kj32\"";
}
];

6
proto/zitadel/metadata.proto
View File

@@ -12,12 +12,14 @@ message Metadata {
zitadel.v1.ObjectDetails details = 1;
string key = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "metadata key"
description: "metadata key",
example: "\"key1\"";
}
];
bytes value = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "metadata value"
description: "metadata value is base64 encoded, make sure to decode to get the value",
example: "\"VGhpcyBpcyBteSBmaXJzdCB2YWx1ZQ==\"";
}
];
}

12
proto/zitadel/object.proto
View File

@@ -8,7 +8,7 @@ package zitadel.v1;
option go_package ="github.com/zitadel/zitadel/pkg/grpc/object";
message ObjectDetails {
//sequence represents the order of events. It's always upcounting
//sequence represents the order of events. It's always counting
//
// on read: the sequence of the last event reduced by the projection
//
@@ -30,7 +30,7 @@ message ObjectDetails {
//
// on manipulation: the
google.protobuf.Timestamp change_date = 3;
//resource_owner is the organisation an object belongs to
//resource_owner is the organization an object belongs to
string resource_owner = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
@@ -39,6 +39,12 @@ message ObjectDetails {
}
message ListQuery {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
title: "General List Query"
description: "Object unspecific list filters like offset, limit and asc/desc."
}
};
uint64 offset = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"10\"";
@@ -47,7 +53,7 @@ message ListQuery {
uint32 limit = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "20";
description: "Maximum amount of events returned. Default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If limit exeeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.";
description: "Maximum amount of events returned. The default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If the limit exceeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.";
}
];
bool asc = 3 [

16
proto/zitadel/org.proto
View File

@@ -17,17 +17,17 @@ message Org {
zitadel.v1.ObjectDetails details = 2;
OrgState state = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "current state of the organisation";
description: "current state of the organization";
}
];
string name = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"CAOS AG\"";
example: "\"ZITADEL\"";
}
];
string primary_domain = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"caos.ch\"";
example: "\"zitadel.cloud\"";
}
];
}
@@ -48,7 +48,7 @@ message Domain {
zitadel.v1.ObjectDetails details = 2;
string domain_name = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"caos.ch\"";
example: "\"zitadel.com\"";
}
];
bool is_verified = 4 [
@@ -88,7 +88,7 @@ message OrgNameQuery {
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"caos ag\"";
example: "\"ZITADEL\"";
}
];
zitadel.v1.TextQueryMethod method = 2 [
@@ -103,7 +103,7 @@ message OrgDomainQuery {
string domain = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"CAOS.C\"";
example: "\"citadel.cloud\"";
}
];
zitadel.v1.TextQueryMethod method = 2 [
@@ -118,7 +118,7 @@ message OrgStateQuery {
OrgState state = 1 [
(validate.rules).enum.defined_only = true,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "current state of the organisation";
description: "current state of the organization";
}
];
}
@@ -140,7 +140,7 @@ message DomainNameQuery {
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"caos.ch\"";
example: "\"zitadel.cloud\"";
}
];
zitadel.v1.TextQueryMethod method = 2 [

149
proto/zitadel/policy.proto
View File

@@ -14,12 +14,12 @@ message OrgIAMPolicy {
zitadel.v1.ObjectDetails details = 1;
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of it's organisation"
description: "the username has to end with the domain of its organization"
}
];
bool is_default = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the organisation's admin changed the policy"
description: "defines if the organization's admin changed the policy"
}
];
}
@@ -28,22 +28,22 @@ message DomainPolicy {
zitadel.v1.ObjectDetails details = 1;
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of it's organisation"
description: "the username has to end with the domain of its organization"
}
];
bool is_default = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the organisation's admin changed the policy"
description: "defines if the organization's admin changed the policy"
}
];
bool validate_org_domains = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if organisation domains should be validated org count as validated automatically"
description: "defines if organization domains should be validated org count as validated automatically"
}
];
bool smtp_sender_address_matches_instance_domain = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the smtp sender address domain should match an existing domain on the instance"
description: "defines if the SMTP sender address domain should match an existing domain on the instance"
}
];
}
@@ -53,13 +53,14 @@ message LabelPolicy {
// hex value for primary color
string primary_color = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for primary color"
description: "hex value for primary color";
example: "\"#5469d4\"";
}
];
// defines if the organisation's admin changed the policy
// defines if the organization's admin changed the policy
bool is_default = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the organisation's admin changed the policy"
description: "defines if the organization's admin changed the policy"
}
];
// hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set
@@ -71,50 +72,77 @@ message LabelPolicy {
// hex value for secondary color
string warn_color = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for warn color"
description: "hex value for warn color";
example: "\"#CD3D56\"";
}
];
// hex value for background color
string background_color = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for background color"
description: "hex value for background color";
example: "\"#FAFAFA\"";
}
];
// hex value for font color
string font_color = 8 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for font color"
description: "hex value for font color";
example: "\"#000000\"";
}
];
// hex value for primary color dark theme
string primary_color_dark = 9 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for primary color dark theme"
description: "hex value for the primary color dark theme";
example: "\"#BBBAFA\"";
}
];
// hex value for background color dark theme
string background_color_dark = 10 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for background color dark theme"
description: "hex value for background color dark theme";
example: "\"#111827\"";
}
];
// hex value for warn color dark theme
// hex value for warning color dark theme
string warn_color_dark = 11 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for warn color dark theme"
description: "hex value for warning color dark theme";
example: "\"#FF3B5B\"";
}
];
// hex value for font color dark theme
string font_color_dark = 12 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for font color dark theme"
description: "hex value for font color dark theme";
example: "\"#FFFFFF\"";
}
];
bool disable_watermark = 13;
string logo_url = 14;
string icon_url = 15;
string logo_url_dark = 16;
string icon_url_dark = 17;
string logo_url = 14 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for font color dark theme";
example: "\"https://acme.com/assets/v1/165617850692654601/policy/label/logo-180950416321494657\"";
}
];
string icon_url = 15 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for font color dark theme";
example: "\"https://acme.com/assets/v1/165617850692654601/policy/label/icon-180950498874178817\"";
}
];
string logo_url_dark = 16 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for font color dark theme";
example: "\"https://acme.com/assets/v1/165617850692654601/policy/label/logo-dark-180950229376461345\"";
}
];
string icon_url_dark = 17 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for font color dark theme";
example: "\"https://acme.com/assets/v1/165617850692654601/policy/label/icon-dark-180950243237405441\"";
}
];
string font_url = 18;
}
@@ -122,12 +150,12 @@ message LoginPolicy {
zitadel.v1.ObjectDetails details = 1;
bool allow_username_password = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a user is allowed to login with his username and password"
description: "defines if a user is allowed to log in with his username and password"
}
];
bool allow_register = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a person is allowed to register a user on this organisation"
description: "defines if a person is allowed to register a user on this organization"
}
];
bool allow_external_idp = 4 [
@@ -137,7 +165,7 @@ message LoginPolicy {
];
bool force_mfa = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a user MUST use a multi factor to log in"
description: "defines if a user MUST use a multi-factor to log in"
}
];
PasswordlessType passwordless_type = 6 [
@@ -147,7 +175,7 @@ message LoginPolicy {
];
bool is_default = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the organisation's admin changed the policy"
description: "defines if the organization's admin changed the policy"
}
];
bool hide_password_reset = 8 [
@@ -157,36 +185,57 @@ message LoginPolicy {
];
bool ignore_unknown_usernames = 9 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if unknown username on login screen directly return an error or always display the password screen"
description: "defines if unknown username on login screen directly returns an error or always displays the password screen"
}
];
string default_redirect_uri = 10 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines where the user will be redirected to if the login is started without app context (e.g. from mail)"
description: "defines where the user will be redirected to if the login is started without app context (e.g. from mail)";
example: "\"https://acme.com/ui/console\"";
}
];
google.protobuf.Duration password_check_lifetime = 11 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"864000s\"";
}
];
google.protobuf.Duration external_login_check_lifetime = 12 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"864000s\"";
}
];
google.protobuf.Duration mfa_init_skip_lifetime = 13 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2592000s\"";
}
];
google.protobuf.Duration second_factor_check_lifetime = 14 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"64800s\"";
}
];
google.protobuf.Duration multi_factor_check_lifetime = 15 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"43200s\"";
}
];
google.protobuf.Duration password_check_lifetime = 11;
google.protobuf.Duration external_login_check_lifetime = 12;
google.protobuf.Duration mfa_init_skip_lifetime = 13;
google.protobuf.Duration second_factor_check_lifetime = 14;
google.protobuf.Duration multi_factor_check_lifetime = 15;
repeated SecondFactorType second_factors = 16;
repeated MultiFactorType multi_factors = 17;
repeated zitadel.idp.v1.IDPLoginPolicyLink idps = 18;
// If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success.
// If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
bool allow_domain_discovery = 19 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organisation on success."
description: "If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success."
}
];
bool disable_login_with_email = 20 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if user can additionally (to the loginname) be identified by their verified email address"
description: "defines if the user can additionally (to the login name) be identified by their verified email address"
}
];
bool disable_login_with_phone = 21 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if user can additionally (to the loginname) be identified by their verified phone number"
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
}
];
}
@@ -222,7 +271,7 @@ message PasswordComplexityPolicy {
];
bool has_lowercase = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the password MUST contain a lower case letter"
description: "defines if the password MUST contain a lowercase letter"
}
];
bool has_number = 5 [
@@ -237,7 +286,7 @@ message PasswordComplexityPolicy {
];
bool is_default = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the organisation's admin changed the policy"
description: "defines if the organization's admin changed the policy"
}
];
}
@@ -258,7 +307,7 @@ message PasswordAgePolicy {
];
bool is_default = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the organisation's admin changed the policy"
description: "defines if the organization's admin changed the policy"
}
];
}
@@ -267,23 +316,35 @@ message LockoutPolicy {
zitadel.v1.ObjectDetails details = 1;
uint64 max_password_attempts = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correct or the password is reset."
description: "Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correctly or the password is reset."
example: "\"10\""
}
];
bool is_default = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the organisation's admin changed the policy"
description: "defines if the organization's admin changed the policy"
}
];
}
message PrivacyPolicy {
zitadel.v1.ObjectDetails details = 1;
string tos_link = 2;
string privacy_link = 3;
string tos_link = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://zitadel.com/docs/legal/terms-of-service\"";
}
];
string privacy_link = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://zitadel.com/docs/legal/privacy-policy\"";
}
];
bool is_default = 4;
string help_link = 5;
string help_link = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://zitadel.com/docs/manuals/introduction\"";
}
];
}
message NotificationPolicy {

4
proto/zitadel/project.proto
View File

@@ -25,11 +25,11 @@ message Project {
description: "current state of the project";
}
];
// describes if roles of user should be added in token
// describes if the roles of the user should be added to the token
bool project_role_assertion = 5;
// ZITADEL checks if the user has at least one on this project
bool project_role_check = 6;
// ZITADEL checks if the org of the user has permission to this project
// ZITADEL checks if the org of the user has permission for this project
bool has_project_check = 7;
// Defines from where the private labeling should be triggered
PrivateLabelingSetting private_labeling_setting = 8;

39
proto/zitadel/settings.proto
View File

@@ -3,6 +3,7 @@ syntax = "proto3";
import "zitadel/object.proto";
import "validate/validate.proto";
import "google/protobuf/duration.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
package zitadel.settings.v1;
@@ -11,8 +12,16 @@ option go_package ="github.com/zitadel/zitadel/pkg/grpc/settings";
message SecretGenerator {
SecretGeneratorType generator_type = 1;
zitadel.v1.ObjectDetails details = 2;
uint32 length = 3;
google.protobuf.Duration expiry = 4;
uint32 length = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "6";
}
];
google.protobuf.Duration expiry = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"3600s\"";
}
];
bool include_lower_letters = 5;
bool include_upper_letters = 6;
bool include_digits = 7;
@@ -43,11 +52,27 @@ enum SecretGeneratorType {
message SMTPConfig {
zitadel.v1.ObjectDetails details = 1;
string sender_address = 2;
string sender_name = 3;
string sender_address = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
}
];
string sender_name = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
}
];
bool tls = 4;
string host = 5;
string user = 6;
string host = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"smtp.postmarkapp.com:587\"";
}
];
string user = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
}
];
}
message SMSProvider {
@@ -88,6 +113,6 @@ message SecurityPolicy {
zitadel.v1.ObjectDetails details = 1;
// states if iframe embedding is enabled or disabled
bool enable_iframe_embedding = 2;
// origins allowed to load ZITADEL in an iframe if enable_iframe_embedding is true
// origins allowed loading ZITADEL in an iframe if enable_iframe_embedding is true
repeated string allowed_origins = 3;
}

10
proto/zitadel/system.proto
View File

@@ -32,7 +32,11 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
url: "https://github.com/zitadel/zitadel/blob/main/LICENSE";
};
};
tags: [
{
name: "General"
}
];
schemes: HTTPS;
schemes: HTTP;
@@ -45,7 +49,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
consumes: "application/grpc-web+proto";
produces: "application/grpc-web+proto";
host: "api.zitadel.ch";
host: "$ZITADEL_DOMAIN";
base_path: "/system/v1";
external_docs: {
@@ -86,7 +90,7 @@ service SystemService {
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "probes";
tags: "General";
responses: {
key: "200";
value: {

19
proto/zitadel/text.proto
View File

@@ -12,37 +12,44 @@ message MessageCustomText {
zitadel.v1.ObjectDetails details = 1;
string title = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "custom text for email title"
description: "custom text for email title";
example: "\"ZITADEL - Message Title\"";
}
];
string pre_header = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "custom text for email pre header"
description: "custom text for email pre-header";
example: "\"User Message\"";
}
];
string subject = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "custom text for email subject"
description: "custom text for email subject";
example: "\"Message Subject\"";
}
];
string greeting = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "custom text for email greeting"
example: "\"Hello {{.FirstName}} {{.LastName}},\"";
}
];
string text = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "custom text for email text"
example: "\"This is my custom message Text. I can also include some fields, depending on the message type I want to send. {{.FirstName}} {{.LastName}},\"";
}
];
string button_text = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "custom text for email button_text"
description: "custom text for email button_text";
example: "\"Call to action\"";
}
];
string footer_text = 8 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "custom text for email footer_text"
description: "custom text for email footer_text";
example: "\"\"";
}
];
bool is_default = 9;
@@ -373,7 +380,7 @@ message ExternalUserNotFoundScreenText {
message SuccessLoginScreenText {
string title = 1 [(validate.rules).string = {max_len: 200}];
// Text to describe that auto redirect should happen after successful login
// Text to describe that auto-redirect should happen after successful login
string auto_redirect_description = 2 [(validate.rules).string = {max_len: 500}];
// Text to describe that the window can be closed after redirect
string redirected_description = 3 [(validate.rules).string = {max_len: 100}];

64
proto/zitadel/user.proto
View File

@@ -24,17 +24,17 @@ message User {
];
string user_name = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"mr_long_neck\"";
example: "\"gigi-giraffe\"";
}
];
repeated string login_names = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"gigi@caos.ch\", \"gigi@caos-ag.zitadel.ch\"]";
example: "[\"gigi@zitadel.com\", \"gigi@zitadel.zitadel.ch\"]";
}
];
string preferred_login_name = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"gigi@caos.ch\"";
example: "\"gigi@zitadel.com\"";
}
];
oneof type {
@@ -103,7 +103,7 @@ message Profile {
];
string nick_name = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"long_neck\"";
example: "\"gigi-giraffe\"";
}
];
string display_name = 4 [
@@ -125,7 +125,7 @@ message Profile {
];
string avatar_url = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "avatar url of the user"
description: "avatar URL of the user"
example: "\"https://api.zitadel.ch/assets/v1/avatar-32432jkh4kj32\"";
}
];
@@ -135,7 +135,7 @@ message Email {
string email = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)"
example: "\"gigi@caos.ch\"";
example: "\"gigi@zitadel.com\"";
}
];
bool is_email_verified = 2 [
@@ -192,7 +192,7 @@ message UserNameQuery {
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_length: 200;
example: "\"mr_long_neck\"";
example: "\"gigi-giraffe\"";
}
];
zitadel.v1.TextQueryMethod method = 2 [
@@ -267,7 +267,7 @@ message EmailQuery {
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)"
max_length: 200;
example: "\"gigi@caos.ch\"";
example: "\"gigi@zitadel.com\"";
}
];
zitadel.v1.TextQueryMethod method = 2 [
@@ -294,7 +294,7 @@ message LoginNameQuery {
];
}
//UserStateQuery is always equals
//UserStateQuery always equals
message StateQuery {
UserState state = 1 [
(validate.rules).enum.defined_only = true,
@@ -304,7 +304,7 @@ message StateQuery {
];
}
//UserTypeQuery is always equals
//UserTypeQuery always equals
message TypeQuery {
Type type = 1 [
(validate.rules).enum.defined_only = true,
@@ -342,12 +342,12 @@ message AuthFactor {
oneof type {
AuthFactorOTP otp = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "one of type use otp or u2f"
description: "one type use OTP or U2F"
}
];
AuthFactorU2F u2f = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "one of type use otp or u2f"
description: "one type use OTP or U2F"
}
];
}
@@ -379,6 +379,7 @@ message WebAuthNKey {
bytes public_key = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "json representation of public key credential creation options used by the webauthn client"
example: "\"eyJwdWJsaWNLZXkiOnsiY2hhbGxlbmdlIoplfZm4vM21qSzBPdjltN2x6VWhnclYyejFJSlVzZnpLd0Z1TytWTWtzRW1Icz0iLCJycCI6eyJuYW1lIjoiWklUQURFTCIsImlkIjoiYWNtZS1nem9lNHgueml0YWRlbC5jbG91ZCJ9LCJ1c2VyIjp7Im5hbWUiOiJ0ZXN0dXNlcjU1QGFjbWUueml0YWRlbC5jbG91ZCIsImRpc3BsYXlOYW1lIjoiVGVzdCBUZXN0IiwiaWQiOiJNVGd5TVRVMk1qWTBNakk1TXpBMk5qSTEifSwicHViS2V5Q3JlZFBhcmFtcyI6W3sidHlwZSI6InB1YmxpYy1rZXkiLCJhbGciOi03fSx7InR5cGUiOiJwdWJsaWMta2V5IiwiYWxnIjotMzV9LHsidHlwZSI6InB1YmxpYy1rZXkiLCJhbGciOi0zNn0seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTI1N30seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTI1OH0seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTI1OX0seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTM3fSx7InR5cGUiOiJwdWJsaWMta2V5IiwiYWxnIjotMzh9LHsidHlwZSI6InB1YmxpYy1rZXkiLCJhbGciOi0zOX0seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTh9XSwiYXV0aGVudGljYXRvclNlbGVjdGlvbiI6eyJ1c2VyVmVyaWZpY2F0aW9uIjoiZGlzY291cmFnZWQifn2ilGltZW91dCI6NjAwMDAsImF0dGVzdGF0aW9uIjoibm9uZSJ9fQ==\""
}
];
}
@@ -387,9 +388,9 @@ message WebAuthNVerification {
bytes public_key_credential = 1 [
(validate.rules).bytes.min_len = 55,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "json representation of public key credential issued by the webauthn client";
description: "JSON representation of public key credential issued by the webauthn client";
min_length: 55;
max_length: 1048576; //1 mb
max_length: 1048576; //1 MB
}
];
string token_name = 2 [
@@ -475,7 +476,7 @@ message MembershipQuery {
}
}
// this query is always equals
// this query always equals
message MembershipOrgQuery {
string org_id = 1 [
(validate.rules).string = {max_len: 200},
@@ -485,7 +486,7 @@ message MembershipOrgQuery {
];
}
// this query is always equals
// this query always equals
message MembershipProjectQuery {
string project_id = 1 [
(validate.rules).string = {max_len: 200},
@@ -495,7 +496,7 @@ message MembershipProjectQuery {
];
}
// this query is always equals
// this query always equals
message MembershipProjectGrantQuery {
string project_grant_id = 1 [
(validate.rules).string = {max_len: 200},
@@ -505,7 +506,7 @@ message MembershipProjectGrantQuery {
];
}
// this query is always equals
// this query always equals
message MembershipIAMQuery {
bool iam = 1;
}
@@ -533,12 +534,12 @@ message Session {
];
string user_name = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"mr_long_neck\"";
example: "\"gigi-giraffe\"";
}
];
string login_name = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"gigi@caos.ch\"";
example: "\"gigi@zitadel.com\"";
}
];
string display_name = 8 [
@@ -550,7 +551,7 @@ message Session {
zitadel.v1.ObjectDetails details = 9;
string avatar_url = 10 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "avatar url of the user"
description: "avatar URL of the user"
example: "\"https://api.zitadel.ch/assets/v1/avatar-32432jkh4kj32\"";
}
];
@@ -577,16 +578,19 @@ message RefreshToken {
];
google.protobuf.Timestamp auth_time = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2023-02-13T08:45:00.000000Z\"";
description: "\"time when the user authenticated, does not have to be the same time the token was created\""
}
];
google.protobuf.Timestamp idle_expiration = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2023-02-14T08:45:00.000000Z\"";
description: "\"time the refresh token will expire if not used, the user will have to reauthenticate\""
}
];
google.protobuf.Timestamp expiration = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2023-02-14T08:45:00.000000Z\"";
description: "\"time the refresh token will expire, the user will have to reauthenticate\""
}
];
@@ -651,7 +655,7 @@ message UserGrant {
];
string user_name = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"mr_long_neck\"";
example: "\"gigi-giraffe\"";
}
];
string first_name = 7 [
@@ -668,7 +672,7 @@ message UserGrant {
(validate.rules).string.email = true,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)"
example: "\"gigi@caos.ch\"";
example: "\"gigi@zitadel.com\"";
}
];
string display_name = 10 [
@@ -685,12 +689,12 @@ message UserGrant {
];
string org_name = 12 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"CAOS AG\"";
example: "\"ZITADEL\"";
}
];
string org_domain = 13 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"caos.ch\"";
example: "\"zitadel.cloud\"";
}
];
string project_id = 14 [
@@ -710,13 +714,13 @@ message UserGrant {
];
string avatar_url = 17 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "avatar url of the user"
example: "\"https://api.zitadel.ch/assets/v1/avatar-32432jkh4kj32\"";
description: "avatar URL of the user"
example: "\"{your-domain}/assets/v1/avatar-32432jkh4kj32\"";
}
];
string preferred_login_name = 18 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"gigi@caos.ch\"";
example: "\"gigi@zitadel.com\"";
}
];
}
@@ -798,7 +802,7 @@ message UserGrantUserNameQuery {
string user_name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"mr_long_neck\""
example: "\"gigi-giraffe\""
}
];
zitadel.v1.TextQueryMethod method = 2 [
@@ -843,7 +847,7 @@ message UserGrantEmailQuery {
string email = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"gigi@caos.ch\""
example: "\"gigi@zitadel.com\""
}
];
zitadel.v1.TextQueryMethod method = 2 [

4
proto/zitadel/v1.proto
View File

@@ -33,9 +33,9 @@ message AddCustomOrgIAMPolicyRequest {
];
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of it's organisation"
description: "the username has to end with the domain of its organization"
}
]; // the username has to end with the domain of it's organisation (uniqueness is organisation based)
]; // the username has to end with the domain of its organization (uniqueness is organization based)
}
message ImportDataOrg {
repeated DataOrg orgs = 1;