fix: proto (#260)

* fix: global search calls

* fix: management proto

* fix: management proto mock

* fix: remove unused request

* fix: add mock file

* fix: remove unused objects

* fix: unique username

internal/user/repository/eventsourcing/user.go

@@ -106,7 +106,7 @@ func UserCreateAggregate(ctx context.Context, aggCreator *es_models.AggregateCre
 			return nil, err
 		}
 	}
-	uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner)
+	uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner, userLoginMustBeDomain)
 	if err != nil {
 		return nil, err
 	}
@@ -143,7 +143,7 @@ func UserRegisterAggregate(ctx context.Context, aggCreator *es_models.AggregateC
 	if err != nil {
 		return nil, err
 	}
-	uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner)
+	uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner, userLoginMustBeDomain)
 	if err != nil {
 		return nil, err
 	}
@@ -154,8 +154,8 @@ func UserRegisterAggregate(ctx context.Context, aggCreator *es_models.AggregateC
 	}, nil
 }
 
-func getUniqueUserAggregates(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, resourceOwner string) ([]*es_models.Aggregate, error) {
+func getUniqueUserAggregates(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, resourceOwner string, userLoginMustBeDomain bool) ([]*es_models.Aggregate, error) {
-	userNameAggregate, err := reservedUniqueUserNameAggregate(ctx, aggCreator, resourceOwner, user.UserName)
+	userNameAggregate, err := reservedUniqueUserNameAggregate(ctx, aggCreator, resourceOwner, user.UserName, userLoginMustBeDomain)
 	if err != nil {
 		return nil, err
 	}
@@ -169,10 +169,14 @@ func getUniqueUserAggregates(ctx context.Context, aggCreator *es_models.Aggregat
 		emailAggregate,
 	}, nil
 }
-func reservedUniqueUserNameAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, userName string) (*es_models.Aggregate, error) {
+func reservedUniqueUserNameAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, userName string, userLoginMustBeDomain bool) (*es_models.Aggregate, error) {
-	aggregate, err := aggCreator.NewAggregate(ctx, userName+resourceOwner, model.UserUserNameAggregate, model.UserVersion, 0)
+	uniqueUserName := userName
+	if userLoginMustBeDomain {
+		uniqueUserName = userName + resourceOwner
+	}
+	aggregate, err := aggCreator.NewAggregate(ctx, uniqueUserName, model.UserUserNameAggregate, model.UserVersion, 0)
 	if resourceOwner != "" {
-		aggregate, err = aggCreator.NewAggregate(ctx, userName+resourceOwner, model.UserUserNameAggregate, model.UserVersion, 0, es_models.OverwriteResourceOwner(resourceOwner))
+		aggregate, err = aggCreator.NewAggregate(ctx, uniqueUserName, model.UserUserNameAggregate, model.UserVersion, 0, es_models.OverwriteResourceOwner(resourceOwner))
 	}
 	if err != nil {
 		return nil, err
@@ -182,7 +186,7 @@ func reservedUniqueUserNameAggregate(ctx context.Context, aggCreator *es_models.
 		return nil, err
 	}
 
-	return aggregate.SetPrecondition(UserUserNameUniqueQuery(userName), isEventValidation(aggregate, model.UserUserNameReserved)), nil
+	return aggregate.SetPrecondition(UserUserNameUniqueQuery(uniqueUserName), isEventValidation(aggregate, model.UserUserNameReserved)), nil
 }
 
 func reservedUniqueEmailAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, email string) (aggregate *es_models.Aggregate, err error) {

pkg/management/api/grpc/auth_grant.go

@@ -1,10 +0,0 @@
-package grpc
-
-import (
-	"context"
-	"github.com/caos/zitadel/internal/errors"
-)
-
-func (s *Server) SearchAuthGrant(ctx context.Context, grantSearch *AuthGrantSearchRequest) (*AuthGrantSearchResponse, error) {
-	return nil, errors.ThrowUnimplemented(nil, "GRPC-dkwd5", "Not implemented")
-}

pkg/management/api/grpc/management.pb.authoptions.go

@@ -215,7 +215,7 @@ var ManagementService_AuthMethods = utils_auth.MethodMapping{
 		CheckParam: "",
 	},
 
-	"/caos.zitadel.management.api.v1.ManagementService/GetOrgByID": utils_auth.Option{
+	"/caos.zitadel.management.api.v1.ManagementService/GetMyOrg": utils_auth.Option{
 		Permission: "org.read",
 		CheckParam: "",
 	},
@@ -225,12 +225,12 @@ var ManagementService_AuthMethods = utils_auth.MethodMapping{
 		CheckParam: "",
 	},
 
-	"/caos.zitadel.management.api.v1.ManagementService/DeactivateOrg": utils_auth.Option{
+	"/caos.zitadel.management.api.v1.ManagementService/DeactivateMyOrg": utils_auth.Option{
 		Permission: "org.write",
 		CheckParam: "",
 	},
 
-	"/caos.zitadel.management.api.v1.ManagementService/ReactivateOrg": utils_auth.Option{
+	"/caos.zitadel.management.api.v1.ManagementService/ReactivateMyOrg": utils_auth.Option{
 		Permission: "org.write",
 		CheckParam: "",
 	},

pkg/management/api/grpc/management.pb.gw.go

@@ -92,26 +92,16 @@ func request_ManagementService_GetUserByID_0(ctx context.Context, marshaler runt
 
 }
 
+var (
+	filter_ManagementService_GetUserByEmailGlobal_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
+)
+
 func request_ManagementService_GetUserByEmailGlobal_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq UserEmailID
+	var protoReq Email
 	var metadata runtime.ServerMetadata
 
-	var (
+	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_ManagementService_GetUserByEmailGlobal_0); err != nil {
-		val string
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["email"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "email")
-	}
-
-	protoReq.Email, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "email", err)
 	}
 
 	msg, err := client.GetUserByEmailGlobal(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
@@ -1083,59 +1073,23 @@ func request_ManagementService_DeletePasswordLockoutPolicy_0(ctx context.Context
 
 }
 
-func request_ManagementService_GetOrgByID_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func request_ManagementService_GetMyOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq OrgID
+	var protoReq empty.Empty
 	var metadata runtime.ServerMetadata
 
-	var (
+	msg, err := client.GetMyOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["id"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
-	}
-
-	protoReq.Id, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
-	}
-
-	msg, err := client.GetOrgByID(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 
 }
 
 var (
-	filter_ManagementService_GetOrgByDomainGlobal_0 = &utilities.DoubleArray{Encoding: map[string]int{"domain": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
+	filter_ManagementService_GetOrgByDomainGlobal_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
 )
 
 func request_ManagementService_GetOrgByDomainGlobal_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq OrgDomain
+	var protoReq Domain
 	var metadata runtime.ServerMetadata
 
-	var (
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["domain"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "domain")
-	}
-
-	protoReq.Domain, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "domain", err)
-	}
-
 	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_ManagementService_GetOrgByDomainGlobal_0); err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
@@ -1145,8 +1099,8 @@ func request_ManagementService_GetOrgByDomainGlobal_0(ctx context.Context, marsh
 
 }
 
-func request_ManagementService_DeactivateOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func request_ManagementService_DeactivateMyOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq OrgID
+	var protoReq empty.Empty
 	var metadata runtime.ServerMetadata
 
 	newReader, berr := utilities.IOReaderFactory(req.Body)
@@ -1157,31 +1111,13 @@ func request_ManagementService_DeactivateOrg_0(ctx context.Context, marshaler ru
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
 
-	var (
+	msg, err := client.DeactivateMyOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["id"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
-	}
-
-	protoReq.Id, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
-	}
-
-	msg, err := client.DeactivateOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 
 }
 
-func request_ManagementService_ReactivateOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func request_ManagementService_ReactivateMyOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq OrgID
+	var protoReq empty.Empty
 	var metadata runtime.ServerMetadata
 
 	newReader, berr := utilities.IOReaderFactory(req.Body)
@@ -1192,25 +1128,7 @@ func request_ManagementService_ReactivateOrg_0(ctx context.Context, marshaler ru
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
 
-	var (
+	msg, err := client.ReactivateMyOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["id"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
-	}
-
-	protoReq.Id, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
-	}
-
-	msg, err := client.ReactivateOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 
 }
@@ -3749,23 +3667,6 @@ func request_ManagementService_ReactivateProjectGrantUserGrant_0(ctx context.Con
 
 }
 
-func request_ManagementService_SearchAuthGrant_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq AuthGrantSearchRequest
-	var metadata runtime.ServerMetadata
-
-	newReader, berr := utilities.IOReaderFactory(req.Body)
-	if berr != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
-	}
-	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.SearchAuthGrant(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
 // RegisterManagementServiceHandlerFromEndpoint is same as RegisterManagementServiceHandler but
 // automatically dials to "endpoint" and closes the connection when "ctx" gets done.
 func RegisterManagementServiceHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) {
@@ -4664,7 +4565,7 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
 
 	})
 
-	mux.Handle("GET", pattern_ManagementService_GetOrgByID_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle("GET", pattern_ManagementService_GetMyOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
@@ -4673,14 +4574,14 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_ManagementService_GetOrgByID_0(rctx, inboundMarshaler, client, req, pathParams)
+		resp, md, err := request_ManagementService_GetMyOrg_0(rctx, inboundMarshaler, client, req, pathParams)
 		ctx = runtime.NewServerMetadataContext(ctx, md)
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
 
-		forward_ManagementService_GetOrgByID_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_ManagementService_GetMyOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 
 	})
 
@@ -4704,7 +4605,7 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
 
 	})
 
-	mux.Handle("PUT", pattern_ManagementService_DeactivateOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle("PUT", pattern_ManagementService_DeactivateMyOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
@@ -4713,18 +4614,18 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_ManagementService_DeactivateOrg_0(rctx, inboundMarshaler, client, req, pathParams)
+		resp, md, err := request_ManagementService_DeactivateMyOrg_0(rctx, inboundMarshaler, client, req, pathParams)
 		ctx = runtime.NewServerMetadataContext(ctx, md)
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
 
-		forward_ManagementService_DeactivateOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_ManagementService_DeactivateMyOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 
 	})
 
-	mux.Handle("PUT", pattern_ManagementService_ReactivateOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle("PUT", pattern_ManagementService_ReactivateMyOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
@@ -4733,14 +4634,14 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_ManagementService_ReactivateOrg_0(rctx, inboundMarshaler, client, req, pathParams)
+		resp, md, err := request_ManagementService_ReactivateMyOrg_0(rctx, inboundMarshaler, client, req, pathParams)
 		ctx = runtime.NewServerMetadataContext(ctx, md)
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
 
-		forward_ManagementService_ReactivateOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_ManagementService_ReactivateMyOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 
 	})
 
@@ -6144,26 +6045,6 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
 
 	})
 
-	mux.Handle("POST", pattern_ManagementService_SearchAuthGrant_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(req.Context())
-		defer cancel()
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, mux, req)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-		resp, md, err := request_ManagementService_SearchAuthGrant_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_ManagementService_SearchAuthGrant_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
 	return nil
 }
 
@@ -6178,7 +6059,7 @@ var (
 
 	pattern_ManagementService_GetUserByID_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1}, []string{"users", "id"}, ""))
 
-	pattern_ManagementService_GetUserByEmailGlobal_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 2}, []string{"global", "users", "email"}, ""))
+	pattern_ManagementService_GetUserByEmailGlobal_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"global", "users", "_byemail"}, ""))
 
 	pattern_ManagementService_SearchUsers_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"users", "_search"}, ""))
 
@@ -6226,9 +6107,9 @@ var (
 
 	pattern_ManagementService_GetUserMfas_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"users", "id", "mfas"}, ""))
 
-	pattern_ManagementService_SendSetPasswordNotification_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"users", "id", "_sendsetpwnotify"}, ""))
+	pattern_ManagementService_SendSetPasswordNotification_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2, 2, 3}, []string{"users", "id", "password", "_sendsetnotification"}, ""))
 
-	pattern_ManagementService_SetInitialPassword_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"users", "id", "_setinitialpw"}, ""))
+	pattern_ManagementService_SetInitialPassword_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2, 2, 3}, []string{"users", "id", "password", "_initialize"}, ""))
 
 	pattern_ManagementService_GetPasswordComplexityPolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"policies", "passwords", "complexity"}, ""))
 
@@ -6254,13 +6135,13 @@ var (
 
 	pattern_ManagementService_DeletePasswordLockoutPolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"policies", "passwords", "lockout"}, ""))
 
-	pattern_ManagementService_GetOrgByID_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1}, []string{"orgs", "id"}, ""))
+	pattern_ManagementService_GetMyOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"orgs", "me"}, ""))
 
-	pattern_ManagementService_GetOrgByDomainGlobal_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 2}, []string{"global", "orgs", "domain"}, ""))
+	pattern_ManagementService_GetOrgByDomainGlobal_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"global", "orgs", "_bydomain"}, ""))
 
-	pattern_ManagementService_DeactivateOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"orgs", "id", "_deactivate"}, ""))
+	pattern_ManagementService_DeactivateMyOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"orgs", "me", "_deactivate"}, ""))
 
-	pattern_ManagementService_ReactivateOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"orgs", "id", "_reactivate"}, ""))
+	pattern_ManagementService_ReactivateMyOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"orgs", "me", "_reactivate"}, ""))
 
 	pattern_ManagementService_SearchMyOrgDomains_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"orgs", "me", "domains", "_search"}, ""))
 
@@ -6401,8 +6282,6 @@ var (
 	pattern_ManagementService_DeactivateProjectGrantUserGrant_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"projectgrants", "project_grant_id", "users", "user_id", "grants", "id", "_deactivate"}, ""))
 
 	pattern_ManagementService_ReactivateProjectGrantUserGrant_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"projectgrants", "project_grant_id", "users", "user_id", "grants", "id", "_reactivate"}, ""))
-
-	pattern_ManagementService_SearchAuthGrant_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"authgrants", "_search"}, ""))
 )
 
 var (
@@ -6492,13 +6371,13 @@ var (
 
 	forward_ManagementService_DeletePasswordLockoutPolicy_0 = runtime.ForwardResponseMessage
 
-	forward_ManagementService_GetOrgByID_0 = runtime.ForwardResponseMessage
+	forward_ManagementService_GetMyOrg_0 = runtime.ForwardResponseMessage
 
 	forward_ManagementService_GetOrgByDomainGlobal_0 = runtime.ForwardResponseMessage
 
-	forward_ManagementService_DeactivateOrg_0 = runtime.ForwardResponseMessage
+	forward_ManagementService_DeactivateMyOrg_0 = runtime.ForwardResponseMessage
 
-	forward_ManagementService_ReactivateOrg_0 = runtime.ForwardResponseMessage
+	forward_ManagementService_ReactivateMyOrg_0 = runtime.ForwardResponseMessage
 
 	forward_ManagementService_SearchMyOrgDomains_0 = runtime.ForwardResponseMessage
 
@@ -6639,6 +6518,4 @@ var (
 	forward_ManagementService_DeactivateProjectGrantUserGrant_0 = runtime.ForwardResponseMessage
 
 	forward_ManagementService_ReactivateProjectGrantUserGrant_0 = runtime.ForwardResponseMessage
-
-	forward_ManagementService_SearchAuthGrant_0 = runtime.ForwardResponseMessage
 )

pkg/management/api/grpc/management.swagger.json

@@ -19,35 +19,9 @@
     "application/grpc"
   ],
   "paths": {
-    "/authgrants/_search": {
+    "/global/orgs/_bydomain": {
-      "post": {
-        "summary": "Grant",
-        "operationId": "SearchAuthGrant",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v1AuthGrantSearchResponse"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v1AuthGrantSearchRequest"
-            }
-          }
-        ],
-        "tags": [
-          "ManagementService"
-        ]
-      }
-    },
-    "/global/orgs/domain/{domain}": {
       "get": {
+        "summary": "search a organisation by its domain overall organisations",
         "operationId": "GetOrgByDomainGlobal",
         "responses": {
           "200": {
@@ -60,50 +34,9 @@
         "parameters": [
           {
             "name": "domain",
-            "in": "path",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "name": "org_id",
             "in": "query",
             "required": false,
             "type": "string"
-          },
-          {
-            "name": "creation_date",
-            "in": "query",
-            "required": false,
-            "type": "string",
-            "format": "date-time"
-          },
-          {
-            "name": "change_date",
-            "in": "query",
-            "required": false,
-            "type": "string",
-            "format": "date-time"
-          },
-          {
-            "name": "verified",
-            "in": "query",
-            "required": false,
-            "type": "boolean",
-            "format": "boolean"
-          },
-          {
-            "name": "primary",
-            "in": "query",
-            "required": false,
-            "type": "boolean",
-            "format": "boolean"
-          },
-          {
-            "name": "sequence",
-            "in": "query",
-            "required": false,
-            "type": "string",
-            "format": "uint64"
           }
         ],
         "tags": [
@@ -111,8 +44,9 @@
         ]
       }
     },
-    "/global/users/email/{email}": {
+    "/global/users/_byemail": {
       "get": {
+        "summary": "GetUserByEmailGlobal returns User, global search is overall organisations",
         "operationId": "GetUserByEmailGlobal",
         "responses": {
           "200": {
@@ -125,8 +59,8 @@
         "parameters": [
           {
             "name": "email",
-            "in": "path",
+            "in": "query",
-            "required": true,
+            "required": false,
             "type": "string"
           }
         ],
@@ -137,7 +71,7 @@
     },
     "/grantedprojects/_search": {
       "post": {
-        "summary": "GRANTED_PROJECT_GRANTS",
+        "summary": "returns all projects my organisation got granted from another organisation",
         "operationId": "SearchGrantedProjects",
         "responses": {
           "200": {
@@ -164,6 +98,7 @@
     },
     "/grantedprojects/{project_id}/grants/{id}": {
       "get": {
+        "summary": "returns a project my organisation got granted from another organisation",
         "operationId": "GetGrantedProjectByID",
         "responses": {
           "200": {
@@ -211,7 +146,7 @@
     },
     "/iam": {
       "get": {
-        "summary": "IAM",
+        "summary": "GetIam returns some needed settings of the iam (Global Organisation ID, Zitadel Project ID)",
         "operationId": "GetIam",
         "responses": {
           "200": {
@@ -226,6 +161,74 @@
         ]
       }
     },
+    "/orgs/me": {
+      "get": {
+        "operationId": "GetMyOrg",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1OrgView"
+            }
+          }
+        },
+        "tags": [
+          "ManagementService"
+        ]
+      }
+    },
+    "/orgs/me/_deactivate": {
+      "put": {
+        "operationId": "DeactivateMyOrg",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1Org"
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "properties": {}
+            }
+          }
+        ],
+        "tags": [
+          "ManagementService"
+        ]
+      }
+    },
+    "/orgs/me/_reactivate": {
+      "put": {
+        "operationId": "ReactivateMyOrg",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1Org"
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "properties": {}
+            }
+          }
+        ],
+        "tags": [
+          "ManagementService"
+        ]
+      }
+    },
     "/orgs/me/domains": {
       "post": {
         "operationId": "AddMyOrgDomain",
@@ -304,7 +307,6 @@
     },
     "/orgs/me/iampolicy": {
       "get": {
-        "summary": "ORG_IAM_POLICY",
         "operationId": "GetMyOrgIamPolicy",
         "responses": {
           "200": {
@@ -427,7 +429,6 @@
     },
     "/orgs/members/roles": {
       "get": {
-        "summary": "ORG_MEMBERS",
         "operationId": "GetOrgMemberRoles",
         "responses": {
           "200": {
@@ -442,97 +443,9 @@
         ]
       }
     },
-    "/orgs/{id}": {
-      "get": {
-        "summary": "ORG",
-        "operationId": "GetOrgByID",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v1OrgView"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "id",
-            "in": "path",
-            "required": true,
-            "type": "string"
-          }
-        ],
-        "tags": [
-          "ManagementService"
-        ]
-      }
-    },
-    "/orgs/{id}/_deactivate": {
-      "put": {
-        "operationId": "DeactivateOrg",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v1Org"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "id",
-            "in": "path",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v1OrgID"
-            }
-          }
-        ],
-        "tags": [
-          "ManagementService"
-        ]
-      }
-    },
-    "/orgs/{id}/_reactivate": {
-      "put": {
-        "operationId": "ReactivateOrg",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v1Org"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "id",
-            "in": "path",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v1OrgID"
-            }
-          }
-        ],
-        "tags": [
-          "ManagementService"
-        ]
-      }
-    },
     "/orgs/{id}/changes": {
       "get": {
+        "summary": "OrgChanges returns the event stream of the org object",
         "operationId": "OrgChanges",
         "responses": {
           "200": {
@@ -577,7 +490,7 @@
     },
     "/policies/passwords/age": {
       "get": {
-        "summary": "PASSWORD_AGE_POLICY",
+        "summary": "returns default if nothing other set on organisation",
         "operationId": "GetPasswordAgePolicy",
         "responses": {
           "200": {
@@ -664,7 +577,7 @@
     },
     "/policies/passwords/complexity": {
       "get": {
-        "summary": "PASSWORD_COMPLEXITY_POLICY",
+        "summary": "returns default policy if nothing other set on organisation",
         "operationId": "GetPasswordComplexityPolicy",
         "responses": {
           "200": {
@@ -751,7 +664,7 @@
     },
     "/policies/passwords/lockout": {
       "get": {
-        "summary": "PASSWORD_LOCKOUT_POLICY",
+        "summary": "returns default if nothing other set on organisation",
         "operationId": "GetPasswordLockoutPolicy",
         "responses": {
           "200": {
@@ -838,7 +751,7 @@
     },
     "/projectgrants/{project_grant_id}/users/grants/_search": {
       "post": {
-        "summary": "PROJECT_GRANT_USER_GRANT",
+        "summary": "search user grants based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "SearchProjectGrantUserGrants",
         "responses": {
           "200": {
@@ -871,6 +784,7 @@
     },
     "/projectgrants/{project_grant_id}/users/{user_id}/grants": {
       "post": {
+        "summary": "create user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "CreateProjectGrantUserGrant",
         "responses": {
           "200": {
@@ -909,6 +823,7 @@
     },
     "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}": {
       "get": {
+        "summary": "get user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "ProjectGrantUserGrantByID",
         "responses": {
           "200": {
@@ -943,6 +858,7 @@
         ]
       },
       "put": {
+        "summary": "update user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "UpdateProjectGrantUserGrant",
         "responses": {
           "200": {
@@ -987,6 +903,7 @@
     },
     "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}/_deactivate": {
       "put": {
+        "summary": "deactivate user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "DeactivateProjectGrantUserGrant",
         "responses": {
           "200": {
@@ -1031,6 +948,7 @@
     },
     "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}/_reactivate": {
       "put": {
+        "summary": "reactivate user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "ReactivateProjectGrantUserGrant",
         "responses": {
           "200": {
@@ -1101,7 +1019,6 @@
     },
     "/projects/_search": {
       "post": {
-        "summary": "PROJECTS",
         "operationId": "SearchProjects",
         "responses": {
           "200": {
@@ -1128,7 +1045,6 @@
     },
     "/projects/grants/members/roles": {
       "get": {
-        "summary": "PROJECT_GRANT_MEMBER",
         "operationId": "GetProjectGrantMemberRoles",
         "responses": {
           "200": {
@@ -1145,7 +1061,6 @@
     },
     "/projects/members/roles": {
       "get": {
-        "summary": "PROJECT_MEMBERS",
         "operationId": "GetProjectMemberRoles",
         "responses": {
           "200": {
@@ -1280,6 +1195,7 @@
     },
     "/projects/{id}/applications/{sec_id}/changes": {
       "get": {
+        "summary": "ApplicationChanges returns the event stream of the application object",
         "operationId": "ApplicationChanges",
         "responses": {
           "200": {
@@ -1324,6 +1240,7 @@
     },
     "/projects/{id}/changes": {
       "get": {
+        "summary": "ProjectChanges returns the event stream of the project object",
         "operationId": "ProjectChanges",
         "responses": {
           "200": {
@@ -1498,6 +1415,7 @@
     },
     "/projects/{id}/roles/_bulk": {
       "post": {
+        "summary": "add a list of project roles in one request",
         "operationId": "BulkAddProjectRole",
         "responses": {
           "200": {
@@ -1597,7 +1515,6 @@
     },
     "/projects/{project_id}/applications/_search": {
       "post": {
-        "summary": "APPLICATIONS",
         "operationId": "SearchApplications",
         "responses": {
           "200": {
@@ -1908,7 +1825,6 @@
     },
     "/projects/{project_id}/grants/_search": {
       "post": {
-        "summary": "PROJECT_GRANT",
         "operationId": "SearchProjectGrants",
         "responses": {
           "200": {
@@ -2123,6 +2039,7 @@
         ]
       },
       "delete": {
+        "summary": "RemoveProjectGrant removes project grant and all user grants for this project grant",
         "operationId": "RemoveProjectGrant",
         "responses": {
           "200": {
@@ -2329,7 +2246,6 @@
     },
     "/projects/{project_id}/roles/_search": {
       "post": {
-        "summary": "PROJECT_ROLES",
         "operationId": "SearchProjectRoles",
         "responses": {
           "200": {
@@ -2362,7 +2278,7 @@
     },
     "/projects/{project_id}/users/grants/_search": {
       "post": {
-        "summary": "PROJECT_USER_GRANT",
+        "summary": "search user grants based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "SearchProjectUserGrants",
         "responses": {
           "200": {
@@ -2395,6 +2311,7 @@
     },
     "/projects/{project_id}/users/{user_id}/grants": {
       "post": {
+        "summary": "create user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "CreateProjectUserGrant",
         "responses": {
           "200": {
@@ -2433,6 +2350,7 @@
     },
     "/projects/{project_id}/users/{user_id}/grants/{id}": {
       "get": {
+        "summary": "get user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "ProjectUserGrantByID",
         "responses": {
           "200": {
@@ -2467,6 +2385,7 @@
         ]
       },
       "put": {
+        "summary": "update user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "UpdateProjectUserGrant",
         "responses": {
           "200": {
@@ -2511,6 +2430,7 @@
     },
     "/projects/{project_id}/users/{user_id}/grants/{id}/_deactivate": {
       "put": {
+        "summary": "deactivate user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "DeactivateProjectUserGrant",
         "responses": {
           "200": {
@@ -2555,6 +2475,7 @@
     },
     "/projects/{project_id}/users/{user_id}/grants/{id}/_reactivate": {
       "put": {
+        "summary": "reactivate user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
         "operationId": "ReactivateProjectUserGrant",
         "responses": {
           "200": {
@@ -2615,6 +2536,7 @@
     },
     "/usergrants/_bulk": {
       "post": {
+        "summary": "add a list of user grants in one request",
         "operationId": "BulkCreateUserGrant",
         "responses": {
           "200": {
@@ -2639,6 +2561,7 @@
         ]
       },
       "put": {
+        "summary": "update a list of user grants in one request",
         "operationId": "BulkUpdateUserGrant",
         "responses": {
           "200": {
@@ -2721,6 +2644,7 @@
     },
     "/users/_search": {
       "post": {
+        "summary": "Limit should always be set, there is a default limit set by the service",
         "operationId": "SearchUsers",
         "responses": {
           "200": {
@@ -2747,7 +2671,6 @@
     },
     "/users/grants/_search": {
       "post": {
-        "summary": "USER_GRANT",
         "operationId": "SearchUserGrants",
         "responses": {
           "200": {
@@ -2774,7 +2697,6 @@
     },
     "/users/{id}": {
       "get": {
-        "summary": "USER",
         "operationId": "GetUserByID",
         "responses": {
           "200": {
@@ -2915,72 +2837,6 @@
         ]
       }
     },
-    "/users/{id}/_sendsetpwnotify": {
-      "post": {
-        "summary": "PASSWORD\nSends an Notification (Email/SMS) with a password reset Link",
-        "operationId": "SendSetPasswordNotification",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "properties": {}
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "id",
-            "in": "path",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v1SetPasswordNotificationRequest"
-            }
-          }
-        ],
-        "tags": [
-          "ManagementService"
-        ]
-      }
-    },
-    "/users/{id}/_setinitialpw": {
-      "post": {
-        "summary": "A Manager is only allowed to set an initial password, on the next login the user has to change his password",
-        "operationId": "SetInitialPassword",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "properties": {}
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "id",
-            "in": "path",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v1PasswordRequest"
-            }
-          }
-        ],
-        "tags": [
-          "ManagementService"
-        ]
-      }
-    },
     "/users/{id}/_unlock": {
       "put": {
         "operationId": "UnlockUser",
@@ -3015,7 +2871,6 @@
     },
     "/users/{id}/address": {
       "get": {
-        "summary": "USER_ADDRESS",
         "operationId": "GetUserAddress",
         "responses": {
           "200": {
@@ -3070,6 +2925,7 @@
     },
     "/users/{id}/changes": {
       "get": {
+        "summary": "UserChanges returns the event stream of the user object",
         "operationId": "UserChanges",
         "responses": {
           "200": {
@@ -3114,7 +2970,6 @@
     },
     "/users/{id}/email": {
       "get": {
-        "summary": "USER_EMAIL",
         "operationId": "GetUserEmail",
         "responses": {
           "200": {
@@ -3201,7 +3056,6 @@
     },
     "/users/{id}/mfas": {
       "get": {
-        "summary": "MFA",
         "operationId": "GetUserMfas",
         "responses": {
           "200": {
@@ -3224,9 +3078,74 @@
         ]
       }
     },
+    "/users/{id}/password/_initialize": {
+      "post": {
+        "summary": "A Manager is only allowed to set an initial password, on the next login the user has to change his password",
+        "operationId": "SetInitialPassword",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "properties": {}
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "id",
+            "in": "path",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/v1PasswordRequest"
+            }
+          }
+        ],
+        "tags": [
+          "ManagementService"
+        ]
+      }
+    },
+    "/users/{id}/password/_sendsetnotification": {
+      "post": {
+        "summary": "Sends an Notification (Email/SMS) with a password reset Link",
+        "operationId": "SendSetPasswordNotification",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "properties": {}
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "id",
+            "in": "path",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/v1SetPasswordNotificationRequest"
+            }
+          }
+        ],
+        "tags": [
+          "ManagementService"
+        ]
+      }
+    },
     "/users/{id}/phone": {
       "get": {
-        "summary": "USER_PHONE",
         "operationId": "GetUserPhone",
         "responses": {
           "200": {
@@ -3313,7 +3232,6 @@
     },
     "/users/{id}/profile": {
       "get": {
-        "summary": "USER_PROFILE",
         "operationId": "GetUserProfile",
         "responses": {
           "200": {
@@ -3570,6 +3488,7 @@
     },
     "/usersgrants/_bulk": {
       "delete": {
+        "summary": "remove a list of user grants in one request",
         "operationId": "BulkRemoveUserGrant",
         "responses": {
           "200": {
@@ -3859,99 +3778,6 @@
         }
       }
     },
-    "v1AuthGrant": {
-      "type": "object",
-      "properties": {
-        "orgId": {
-          "type": "string"
-        },
-        "projectId": {
-          "type": "string"
-        },
-        "userId": {
-          "type": "string"
-        },
-        "roles": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      }
-    },
-    "v1AuthGrantSearchKey": {
-      "type": "string",
-      "enum": [
-        "AUTHGRANTSEARCHKEY_UNSPECIFIED",
-        "AUTHGRANTSEARCHKEY_ORG_ID",
-        "AUTHGRANTSEARCHKEY_PROJECT_ID",
-        "AUTHGRANTSEARCHKEY_USER_ID"
-      ],
-      "default": "AUTHGRANTSEARCHKEY_UNSPECIFIED"
-    },
-    "v1AuthGrantSearchQuery": {
-      "type": "object",
-      "properties": {
-        "key": {
-          "$ref": "#/definitions/v1AuthGrantSearchKey"
-        },
-        "method": {
-          "$ref": "#/definitions/v1SearchMethod"
-        },
-        "value": {
-          "type": "string"
-        }
-      }
-    },
-    "v1AuthGrantSearchRequest": {
-      "type": "object",
-      "properties": {
-        "offset": {
-          "type": "string",
-          "format": "uint64"
-        },
-        "limit": {
-          "type": "string",
-          "format": "uint64"
-        },
-        "sorting_column": {
-          "$ref": "#/definitions/v1AuthGrantSearchKey"
-        },
-        "asc": {
-          "type": "boolean",
-          "format": "boolean"
-        },
-        "queries": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/v1AuthGrantSearchQuery"
-          }
-        }
-      }
-    },
-    "v1AuthGrantSearchResponse": {
-      "type": "object",
-      "properties": {
-        "offset": {
-          "type": "string",
-          "format": "uint64"
-        },
-        "limit": {
-          "type": "string",
-          "format": "uint64"
-        },
-        "total_result": {
-          "type": "string",
-          "format": "uint64"
-        },
-        "result": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/v1AuthGrant"
-          }
-        }
-      }
-    },
     "v1Change": {
       "type": "object",
       "properties": {
@@ -4478,14 +4304,6 @@
         }
       }
     },
-    "v1OrgID": {
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "string"
-        }
-      }
-    },
     "v1OrgIamPolicy": {
       "type": "object",
       "properties": {

pkg/management/api/grpc/mock/management.proto.mock.go

@@ -138,14 +138,14 @@ func (mr *MockManagementServiceClientMockRecorder) AddProjectRole(arg0, arg1 int
 }
 
 // ApplicationByID mocks base method
-func (m *MockManagementServiceClient) ApplicationByID(arg0 context.Context, arg1 *grpc.ApplicationID, arg2 ...grpc0.CallOption) (*grpc.Application, error) {
+func (m *MockManagementServiceClient) ApplicationByID(arg0 context.Context, arg1 *grpc.ApplicationID, arg2 ...grpc0.CallOption) (*grpc.ApplicationView, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "ApplicationByID", varargs...)
-	ret0, _ := ret[0].(*grpc.Application)
+	ret0, _ := ret[0].(*grpc.ApplicationView)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -597,24 +597,24 @@ func (mr *MockManagementServiceClientMockRecorder) DeactivateApplication(arg0, a
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeactivateApplication", reflect.TypeOf((*MockManagementServiceClient)(nil).DeactivateApplication), varargs...)
 }
 
-// DeactivateOrg mocks base method
+// DeactivateMyOrg mocks base method
-func (m *MockManagementServiceClient) DeactivateOrg(arg0 context.Context, arg1 *grpc.OrgID, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
+func (m *MockManagementServiceClient) DeactivateMyOrg(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
-	ret := m.ctrl.Call(m, "DeactivateOrg", varargs...)
+	ret := m.ctrl.Call(m, "DeactivateMyOrg", varargs...)
 	ret0, _ := ret[0].(*grpc.Org)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
-// DeactivateOrg indicates an expected call of DeactivateOrg
+// DeactivateMyOrg indicates an expected call of DeactivateMyOrg
-func (mr *MockManagementServiceClientMockRecorder) DeactivateOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+func (mr *MockManagementServiceClientMockRecorder) DeactivateMyOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	varargs := append([]interface{}{arg0, arg1}, arg2...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeactivateOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).DeactivateOrg), varargs...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeactivateMyOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).DeactivateMyOrg), varargs...)
 }
 
 // DeactivateProject mocks base method
@@ -857,6 +857,26 @@ func (mr *MockManagementServiceClientMockRecorder) GetIam(arg0, arg1 interface{}
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetIam", reflect.TypeOf((*MockManagementServiceClient)(nil).GetIam), varargs...)
 }
 
+// GetMyOrg mocks base method
+func (m *MockManagementServiceClient) GetMyOrg(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.OrgView, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyOrg", varargs...)
+	ret0, _ := ret[0].(*grpc.OrgView)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyOrg indicates an expected call of GetMyOrg
+func (mr *MockManagementServiceClientMockRecorder) GetMyOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).GetMyOrg), varargs...)
+}
+
 // GetMyOrgIamPolicy mocks base method
 func (m *MockManagementServiceClient) GetMyOrgIamPolicy(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.OrgIamPolicy, error) {
 	m.ctrl.T.Helper()
@@ -878,14 +898,14 @@ func (mr *MockManagementServiceClientMockRecorder) GetMyOrgIamPolicy(arg0, arg1
 }
 
 // GetOrgByDomainGlobal mocks base method
-func (m *MockManagementServiceClient) GetOrgByDomainGlobal(arg0 context.Context, arg1 *grpc.OrgDomain, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
+func (m *MockManagementServiceClient) GetOrgByDomainGlobal(arg0 context.Context, arg1 *grpc.Domain, arg2 ...grpc0.CallOption) (*grpc.OrgView, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "GetOrgByDomainGlobal", varargs...)
-	ret0, _ := ret[0].(*grpc.Org)
+	ret0, _ := ret[0].(*grpc.OrgView)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -897,26 +917,6 @@ func (mr *MockManagementServiceClientMockRecorder) GetOrgByDomainGlobal(arg0, ar
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOrgByDomainGlobal", reflect.TypeOf((*MockManagementServiceClient)(nil).GetOrgByDomainGlobal), varargs...)
 }
 
-// GetOrgByID mocks base method
-func (m *MockManagementServiceClient) GetOrgByID(arg0 context.Context, arg1 *grpc.OrgID, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0, arg1}
-	for _, a := range arg2 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "GetOrgByID", varargs...)
-	ret0, _ := ret[0].(*grpc.Org)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// GetOrgByID indicates an expected call of GetOrgByID
-func (mr *MockManagementServiceClientMockRecorder) GetOrgByID(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0, arg1}, arg2...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOrgByID", reflect.TypeOf((*MockManagementServiceClient)(nil).GetOrgByID), varargs...)
-}
-
 // GetOrgMemberRoles mocks base method
 func (m *MockManagementServiceClient) GetOrgMemberRoles(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.OrgMemberRoles, error) {
 	m.ctrl.T.Helper()
@@ -1058,7 +1058,7 @@ func (mr *MockManagementServiceClientMockRecorder) GetUserAddress(arg0, arg1 int
 }
 
 // GetUserByEmailGlobal mocks base method
-func (m *MockManagementServiceClient) GetUserByEmailGlobal(arg0 context.Context, arg1 *grpc.UserEmailID, arg2 ...grpc0.CallOption) (*grpc.UserView, error) {
+func (m *MockManagementServiceClient) GetUserByEmailGlobal(arg0 context.Context, arg1 *grpc.Email, arg2 ...grpc0.CallOption) (*grpc.UserView, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
@@ -1258,14 +1258,14 @@ func (mr *MockManagementServiceClientMockRecorder) OrgChanges(arg0, arg1 interfa
 }
 
 // ProjectByID mocks base method
-func (m *MockManagementServiceClient) ProjectByID(arg0 context.Context, arg1 *grpc.ProjectID, arg2 ...grpc0.CallOption) (*grpc.Project, error) {
+func (m *MockManagementServiceClient) ProjectByID(arg0 context.Context, arg1 *grpc.ProjectID, arg2 ...grpc0.CallOption) (*grpc.ProjectView, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "ProjectByID", varargs...)
-	ret0, _ := ret[0].(*grpc.Project)
+	ret0, _ := ret[0].(*grpc.ProjectView)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1298,14 +1298,14 @@ func (mr *MockManagementServiceClientMockRecorder) ProjectChanges(arg0, arg1 int
 }
 
 // ProjectGrantByID mocks base method
-func (m *MockManagementServiceClient) ProjectGrantByID(arg0 context.Context, arg1 *grpc.ProjectGrantID, arg2 ...grpc0.CallOption) (*grpc.ProjectGrant, error) {
+func (m *MockManagementServiceClient) ProjectGrantByID(arg0 context.Context, arg1 *grpc.ProjectGrantID, arg2 ...grpc0.CallOption) (*grpc.ProjectGrantView, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "ProjectGrantByID", varargs...)
-	ret0, _ := ret[0].(*grpc.ProjectGrant)
+	ret0, _ := ret[0].(*grpc.ProjectGrantView)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1318,14 +1318,14 @@ func (mr *MockManagementServiceClientMockRecorder) ProjectGrantByID(arg0, arg1 i
 }
 
 // ProjectGrantUserGrantByID mocks base method
-func (m *MockManagementServiceClient) ProjectGrantUserGrantByID(arg0 context.Context, arg1 *grpc.ProjectGrantUserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrant, error) {
+func (m *MockManagementServiceClient) ProjectGrantUserGrantByID(arg0 context.Context, arg1 *grpc.ProjectGrantUserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrantView, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "ProjectGrantUserGrantByID", varargs...)
-	ret0, _ := ret[0].(*grpc.UserGrant)
+	ret0, _ := ret[0].(*grpc.UserGrantView)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1338,14 +1338,14 @@ func (mr *MockManagementServiceClientMockRecorder) ProjectGrantUserGrantByID(arg
 }
 
 // ProjectUserGrantByID mocks base method
-func (m *MockManagementServiceClient) ProjectUserGrantByID(arg0 context.Context, arg1 *grpc.ProjectUserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrant, error) {
+func (m *MockManagementServiceClient) ProjectUserGrantByID(arg0 context.Context, arg1 *grpc.ProjectUserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrantView, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "ProjectUserGrantByID", varargs...)
-	ret0, _ := ret[0].(*grpc.UserGrant)
+	ret0, _ := ret[0].(*grpc.UserGrantView)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1377,24 +1377,24 @@ func (mr *MockManagementServiceClientMockRecorder) ReactivateApplication(arg0, a
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReactivateApplication", reflect.TypeOf((*MockManagementServiceClient)(nil).ReactivateApplication), varargs...)
 }
 
-// ReactivateOrg mocks base method
+// ReactivateMyOrg mocks base method
-func (m *MockManagementServiceClient) ReactivateOrg(arg0 context.Context, arg1 *grpc.OrgID, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
+func (m *MockManagementServiceClient) ReactivateMyOrg(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
-	ret := m.ctrl.Call(m, "ReactivateOrg", varargs...)
+	ret := m.ctrl.Call(m, "ReactivateMyOrg", varargs...)
 	ret0, _ := ret[0].(*grpc.Org)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
-// ReactivateOrg indicates an expected call of ReactivateOrg
+// ReactivateMyOrg indicates an expected call of ReactivateMyOrg
-func (mr *MockManagementServiceClientMockRecorder) ReactivateOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+func (mr *MockManagementServiceClientMockRecorder) ReactivateMyOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	varargs := append([]interface{}{arg0, arg1}, arg2...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReactivateOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).ReactivateOrg), varargs...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReactivateMyOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).ReactivateMyOrg), varargs...)
 }
 
 // ReactivateProject mocks base method
@@ -1777,26 +1777,6 @@ func (mr *MockManagementServiceClientMockRecorder) SearchApplications(arg0, arg1
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchApplications", reflect.TypeOf((*MockManagementServiceClient)(nil).SearchApplications), varargs...)
 }
 
-// SearchAuthGrant mocks base method
-func (m *MockManagementServiceClient) SearchAuthGrant(arg0 context.Context, arg1 *grpc.AuthGrantSearchRequest, arg2 ...grpc0.CallOption) (*grpc.AuthGrantSearchResponse, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0, arg1}
-	for _, a := range arg2 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "SearchAuthGrant", varargs...)
-	ret0, _ := ret[0].(*grpc.AuthGrantSearchResponse)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// SearchAuthGrant indicates an expected call of SearchAuthGrant
-func (mr *MockManagementServiceClientMockRecorder) SearchAuthGrant(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0, arg1}, arg2...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchAuthGrant", reflect.TypeOf((*MockManagementServiceClient)(nil).SearchAuthGrant), varargs...)
-}
-
 // SearchGrantedProjects mocks base method
 func (m *MockManagementServiceClient) SearchGrantedProjects(arg0 context.Context, arg1 *grpc.GrantedProjectSearchRequest, arg2 ...grpc0.CallOption) (*grpc.ProjectGrantSearchResponse, error) {
 	m.ctrl.T.Helper()
@@ -2358,14 +2338,14 @@ func (mr *MockManagementServiceClientMockRecorder) UserChanges(arg0, arg1 interf
 }
 
 // UserGrantByID mocks base method
-func (m *MockManagementServiceClient) UserGrantByID(arg0 context.Context, arg1 *grpc.UserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrant, error) {
+func (m *MockManagementServiceClient) UserGrantByID(arg0 context.Context, arg1 *grpc.UserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrantView, error) {
 	m.ctrl.T.Helper()
 	varargs := []interface{}{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "UserGrantByID", varargs...)
-	ret0, _ := ret[0].(*grpc.UserGrant)
+	ret0, _ := ret[0].(*grpc.UserGrantView)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

pkg/management/api/grpc/org.go

@@ -2,18 +2,19 @@ package grpc
 
 import (
 	"context"
+	"github.com/caos/zitadel/internal/api/auth"
 	"github.com/golang/protobuf/ptypes/empty"
 )
 
-func (s *Server) GetOrgByID(ctx context.Context, orgID *OrgID) (*OrgView, error) {
+func (s *Server) GetMyOrg(ctx context.Context, _ *empty.Empty) (*OrgView, error) {
-	org, err := s.org.OrgByID(ctx, orgID.Id)
+	org, err := s.org.OrgByID(ctx, auth.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
 	return orgViewFromModel(org), nil
 }
 
-func (s *Server) GetOrgByDomainGlobal(ctx context.Context, in *OrgDomain) (*OrgView, error) {
+func (s *Server) GetOrgByDomainGlobal(ctx context.Context, in *Domain) (*OrgView, error) {
 	org, err := s.org.OrgByDomainGlobal(ctx, in.Domain)
 	if err != nil {
 		return nil, err
@@ -21,16 +22,16 @@ func (s *Server) GetOrgByDomainGlobal(ctx context.Context, in *OrgDomain) (*OrgV
 	return orgViewFromModel(org), nil
 }
 
-func (s *Server) DeactivateOrg(ctx context.Context, in *OrgID) (*Org, error) {
+func (s *Server) DeactivateMyOrg(ctx context.Context, _ *empty.Empty) (*Org, error) {
-	org, err := s.org.DeactivateOrg(ctx, in.Id)
+	org, err := s.org.DeactivateOrg(ctx, auth.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
 	return orgFromModel(org), nil
 }
 
-func (s *Server) ReactivateOrg(ctx context.Context, in *OrgID) (*Org, error) {
+func (s *Server) ReactivateMyOrg(ctx context.Context, _ *empty.Empty) (*Org, error) {
-	org, err := s.org.ReactivateOrg(ctx, in.Id)
+	org, err := s.org.ReactivateOrg(ctx, auth.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}

pkg/management/api/grpc/user.go

@@ -17,7 +17,7 @@ func (s *Server) GetUserByID(ctx context.Context, id *UserID) (*UserView, error)
 	return userViewFromModel(user), nil
 }
 
-func (s *Server) GetUserByEmailGlobal(ctx context.Context, email *UserEmailID) (*UserView, error) {
+func (s *Server) GetUserByEmailGlobal(ctx context.Context, email *Email) (*UserView, error) {
 	user, err := s.user.GetGlobalUserByEmail(ctx, email.Email)
 	if err != nil {
 		return nil, err

pkg/management/api/proto/management.proto

@@ -31,7 +31,10 @@ option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
     produces: "application/grpc";
 };
 
+// All requests are based on your context if nothing other is specified
+// Requests which have /me in the url get the parameter from the context
 service ManagementService {
+
     //READINESS
     rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) {
         option (google.api.http) = {
@@ -51,7 +54,7 @@ service ManagementService {
         };
     }
 
-    //IAM
+    // GetIam returns some needed settings of the iam (Global Organisation ID, Zitadel Project ID)
     rpc GetIam(google.protobuf.Empty) returns (Iam) {
         option (google.api.http) = {
             get: "/iam"
@@ -62,7 +65,6 @@ service ManagementService {
         };
     }
 
-    //USER
     rpc GetUserByID(UserID) returns (UserView) {
         option (google.api.http) = {
             get: "/users/{id}"
@@ -73,9 +75,10 @@ service ManagementService {
         };
     }
 
-    rpc GetUserByEmailGlobal(UserEmailID) returns (UserView) {
+    // GetUserByEmailGlobal returns User, global search is overall organisations
+    rpc GetUserByEmailGlobal(Email) returns (UserView) {
         option (google.api.http) = {
-            get: "/global/users/email/{email}"
+            get: "/global/users/_byemail"
         };
 
         option (caos.zitadel.utils.v1.auth_option) = {
@@ -83,6 +86,7 @@ service ManagementService {
         };
     }
 
+    // Limit should always be set, there is a default limit set by the service
     rpc SearchUsers(UserSearchRequest) returns (UserSearchResponse) {
         option (google.api.http) = {
             post: "/users/_search"
@@ -169,6 +173,7 @@ service ManagementService {
         };
     }
 
+    // UserChanges returns the event stream of the user object
     rpc UserChanges(ChangeRequest) returns (Changes) {
         option (google.api.http) = {
             get: "/users/{id}/changes"
@@ -179,6 +184,7 @@ service ManagementService {
         };
     }
 
+    // ApplicationChanges returns the event stream of the application object
     rpc ApplicationChanges(ChangeRequest) returns (Changes) {
         option (google.api.http) = {
             get: "/projects/{id}/applications/{sec_id}/changes"
@@ -189,6 +195,7 @@ service ManagementService {
         };
     }
 
+    // OrgChanges returns the event stream of the org object
     rpc OrgChanges(ChangeRequest) returns (Changes) {
         option (google.api.http) = {
             get: "/orgs/{id}/changes"
@@ -199,6 +206,7 @@ service ManagementService {
         };
     }
 
+    // ProjectChanges returns the event stream of the project object
     rpc ProjectChanges(ChangeRequest) returns (Changes) {
         option (google.api.http) = {
             get: "/projects/{id}/changes"
@@ -209,7 +217,6 @@ service ManagementService {
         };
     }
 
-    //USER_PROFILE
     rpc GetUserProfile(UserID) returns (UserProfileView) {
         option (google.api.http) = {
             get: "/users/{id}/profile"
@@ -231,7 +238,6 @@ service ManagementService {
         };
     }
 
-    //USER_EMAIL
     rpc GetUserEmail(UserID) returns (UserEmailView) {
         option (google.api.http) = {
             get: "/users/{id}/email"
@@ -264,7 +270,6 @@ service ManagementService {
         };
     }
 
-    //USER_PHONE
     rpc GetUserPhone(UserID) returns (UserPhoneView) {
         option (google.api.http) = {
             get: "/users/{id}/phone"
@@ -297,7 +302,6 @@ service ManagementService {
         };
     }
 
-    //USER_ADDRESS
     rpc GetUserAddress(UserID) returns (UserAddressView) {
         option (google.api.http) = {
             get: "/users/{id}/address"
@@ -318,7 +322,7 @@ service ManagementService {
             permission: "user.write"
         };
     }
-    //MFA
+
     rpc GetUserMfas(UserID) returns (MultiFactors) {
         option (google.api.http) = {
             get: "/users/{id}/mfas"
@@ -329,11 +333,10 @@ service ManagementService {
         };
     }
 
-    //PASSWORD
     // Sends an Notification (Email/SMS) with a password reset Link
     rpc SendSetPasswordNotification(SetPasswordNotificationRequest) returns (google.protobuf.Empty) {
         option (google.api.http) = {
-            post: "/users/{id}/_sendsetpwnotify"
+            post: "/users/{id}/password/_sendsetnotification"
             body: "*"
         };
 
@@ -345,7 +348,7 @@ service ManagementService {
     // A Manager is only allowed to set an initial password, on the next login the user has to change his password
     rpc SetInitialPassword(PasswordRequest) returns (google.protobuf.Empty) {
         option (google.api.http) = {
-            post: "/users/{id}/_setinitialpw"
+            post: "/users/{id}/password/_initialize"
             body: "*"
         };
 
@@ -354,8 +357,7 @@ service ManagementService {
         };
     }
 
-
+    // returns default policy if nothing other set on organisation
-    //PASSWORD_COMPLEXITY_POLICY
     rpc GetPasswordComplexityPolicy(google.protobuf.Empty) returns (PasswordComplexityPolicy) {
         option (google.api.http) = {
             get: "/policies/passwords/complexity"
@@ -398,7 +400,7 @@ service ManagementService {
         };
     }
 
-    //PASSWORD_AGE_POLICY
+    // returns default if nothing other set on organisation
     rpc GetPasswordAgePolicy(google.protobuf.Empty) returns (PasswordAgePolicy) {
         option (google.api.http) = {
             get: "/policies/passwords/age"
@@ -441,7 +443,7 @@ service ManagementService {
         };
     }
 
-    //PASSWORD_LOCKOUT_POLICY
+    // returns default if nothing other set on organisation
     rpc GetPasswordLockoutPolicy(google.protobuf.Empty) returns (PasswordLockoutPolicy) {
         option (google.api.http) = {
             get: "/policies/passwords/lockout"
@@ -484,10 +486,9 @@ service ManagementService {
         };
     }
 
-    //ORG
+    rpc GetMyOrg(google.protobuf.Empty) returns (OrgView) {
-    rpc GetOrgByID(OrgID) returns (OrgView) {
         option (google.api.http) = {
-            get: "/orgs/{id}"
+            get: "/orgs/me"
         };
 
         option (caos.zitadel.utils.v1.auth_option) = {
@@ -495,9 +496,10 @@ service ManagementService {
         };
     }
 
-    rpc GetOrgByDomainGlobal(OrgDomain) returns (OrgView) {
+    // search a organisation by its domain overall organisations
+    rpc GetOrgByDomainGlobal(Domain) returns (OrgView) {
         option (google.api.http) = {
-            get: "/global/orgs/domain/{domain}"
+            get: "/global/orgs/_bydomain"
         };
 
         option (caos.zitadel.utils.v1.auth_option) = {
@@ -505,9 +507,9 @@ service ManagementService {
         };
     }
 
-    rpc DeactivateOrg(OrgID) returns (Org) {
+    rpc DeactivateMyOrg(google.protobuf.Empty) returns (Org) {
         option (google.api.http) = {
-            put: "/orgs/{id}/_deactivate"
+            put: "/orgs/me/_deactivate"
             body: "*"
         };
 
@@ -516,9 +518,9 @@ service ManagementService {
         };
     }
 
-    rpc ReactivateOrg(OrgID) returns (Org) {
+    rpc ReactivateMyOrg(google.protobuf.Empty) returns (Org) {
         option (google.api.http) = {
-            put: "/orgs/{id}/_reactivate"
+            put: "/orgs/me/_reactivate"
             body: "*"
         };
 
@@ -559,7 +561,6 @@ service ManagementService {
         };
     }
 
-    //ORG_IAM_POLICY
     rpc GetMyOrgIamPolicy(google.protobuf.Empty) returns (OrgIamPolicy) {
         option (google.api.http) = {
             get: "/orgs/me/iampolicy"
@@ -570,7 +571,6 @@ service ManagementService {
         };
     }
 
-    //ORG_MEMBERS
     rpc GetOrgMemberRoles(google.protobuf.Empty) returns (OrgMemberRoles) {
         option (google.api.http) = {
             get: "/orgs/members/roles"
@@ -624,7 +624,6 @@ service ManagementService {
         };
     }
 
-    //PROJECTS
     rpc SearchProjects(ProjectSearchRequest) returns (ProjectSearchResponse) {
         option (google.api.http) = {
             post: "/projects/_search"
@@ -694,7 +693,7 @@ service ManagementService {
         };
     }
 
-    //GRANTED_PROJECT_GRANTS
+    // returns all projects my organisation got granted from another organisation
     rpc SearchGrantedProjects(GrantedProjectSearchRequest) returns (ProjectGrantSearchResponse) {
         option (google.api.http) = {
             post: "/grantedprojects/_search"
@@ -707,6 +706,7 @@ service ManagementService {
         };
     }
 
+    // returns a project my organisation got granted from another organisation
     rpc GetGrantedProjectByID(ProjectGrantID) returns (ProjectGrantView) {
         option (google.api.http) = {
             get: "/grantedprojects/{project_id}/grants/{id}"
@@ -717,7 +717,6 @@ service ManagementService {
         };
     }
 
-    //PROJECT_MEMBERS
     rpc GetProjectMemberRoles(google.protobuf.Empty) returns (ProjectMemberRoles) {
         option (google.api.http) = {
             get: "/projects/members/roles"
@@ -775,7 +774,6 @@ service ManagementService {
         };
     }
 
-    //PROJECT_ROLES
     rpc SearchProjectRoles(ProjectRoleSearchRequest) returns (ProjectRoleSearchResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/roles/_search"
@@ -800,6 +798,7 @@ service ManagementService {
         };
     }
 
+    // add a list of project roles in one request
     rpc BulkAddProjectRole(ProjectRoleAddBulk) returns (google.protobuf.Empty) {
         option (google.api.http) = {
             post: "/projects/{id}/roles/_bulk"
@@ -824,7 +823,7 @@ service ManagementService {
         };
     }
 
-    /* RemoveProjectRole removes role from UserGrants, ProjectGrants and from Project */
+    // RemoveProjectRole removes role from UserGrants, ProjectGrants and from Project
     rpc RemoveProjectRole(ProjectRoleRemove) returns (google.protobuf.Empty) {
         option (google.api.http) = {
             delete: "/projects/{id}/roles/{key}"
@@ -836,7 +835,6 @@ service ManagementService {
         };
     }
 
-    //APPLICATIONS
     rpc SearchApplications(ApplicationSearchRequest) returns (ApplicationSearchResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/applications/_search"
@@ -943,7 +941,6 @@ service ManagementService {
         };
     }
 
-    //PROJECT_GRANT
     rpc SearchProjectGrants(ProjectGrantSearchRequest) returns (ProjectGrantSearchResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants/_search"
@@ -1010,6 +1007,7 @@ service ManagementService {
         };
     }
 
+    // RemoveProjectGrant removes project grant and all user grants for this project grant
     rpc RemoveProjectGrant(ProjectGrantID) returns (google.protobuf.Empty) {
         option (google.api.http) = {
             delete: "/projects/{project_id}/grants/{id}"
@@ -1020,7 +1018,6 @@ service ManagementService {
         };
     }
 
-    //PROJECT_GRANT_MEMBER
     rpc GetProjectGrantMemberRoles(google.protobuf.Empty) returns (ProjectGrantMemberRoles) {
         option (google.api.http) = {
             get: "/projects/grants/members/roles"
@@ -1030,6 +1027,7 @@ service ManagementService {
             permission: "project.grant.member.read"
         };
     }
+
     rpc SearchProjectGrantMembers(ProjectGrantMemberSearchRequest) returns (ProjectGrantMemberSearchResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants/{grant_id}/members/_search"
@@ -1073,7 +1071,6 @@ service ManagementService {
         };
     }
 
-    //USER_GRANT
     rpc SearchUserGrants(UserGrantSearchRequest) returns (UserGrantSearchResponse) {
         option (google.api.http) = {
             post: "/users/grants/_search"
@@ -1149,6 +1146,7 @@ service ManagementService {
         };
     }
 
+    // add a list of user grants in one request
     rpc BulkCreateUserGrant(UserGrantCreateBulk) returns (google.protobuf.Empty) {
         option (google.api.http) = {
             post: "/usergrants/_bulk"
@@ -1160,6 +1158,7 @@ service ManagementService {
         };
     }
 
+    // update a list of user grants in one request
     rpc BulkUpdateUserGrant(UserGrantUpdateBulk) returns (google.protobuf.Empty) {
         option (google.api.http) = {
             put: "/usergrants/_bulk"
@@ -1171,6 +1170,7 @@ service ManagementService {
         };
     }
 
+    // remove a list of user grants in one request
     rpc BulkRemoveUserGrant(UserGrantRemoveBulk) returns (google.protobuf.Empty) {
         option (google.api.http) = {
             delete: "/usersgrants/_bulk"
@@ -1182,7 +1182,8 @@ service ManagementService {
         };
     }
 
-    //PROJECT_USER_GRANT
+    // search user grants based on a project
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc SearchProjectUserGrants(ProjectUserGrantSearchRequest) returns (UserGrantSearchResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/users/grants/_search"
@@ -1195,6 +1196,8 @@ service ManagementService {
         };
     }
 
+    // get user grant based on a project
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc ProjectUserGrantByID(ProjectUserGrantID) returns (UserGrantView) {
         option (google.api.http) = {
             get: "/projects/{project_id}/users/{user_id}/grants/{id}"
@@ -1206,6 +1209,8 @@ service ManagementService {
         };
     }
 
+    // create user grant based on a project
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc CreateProjectUserGrant(UserGrantCreate) returns (UserGrant) {
         option (google.api.http) = {
             post: "/projects/{project_id}/users/{user_id}/grants"
@@ -1218,6 +1223,8 @@ service ManagementService {
         };
     }
 
+    // update user grant based on a project
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc UpdateProjectUserGrant(ProjectUserGrantUpdate) returns (UserGrant) {
         option (google.api.http) = {
             put: "/projects/{project_id}/users/{user_id}/grants/{id}"
@@ -1230,6 +1237,8 @@ service ManagementService {
         };
     }
 
+    // deactivate user grant based on a project
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc DeactivateProjectUserGrant(ProjectUserGrantID) returns (UserGrant) {
         option (google.api.http) = {
             put: "/projects/{project_id}/users/{user_id}/grants/{id}/_deactivate"
@@ -1242,6 +1251,8 @@ service ManagementService {
         };
     }
 
+    // reactivate user grant based on a project
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc ReactivateProjectUserGrant(ProjectUserGrantID) returns (UserGrant) {
         option (google.api.http) = {
             put: "/projects/{project_id}/users/{user_id}/grants/{id}/_reactivate"
@@ -1253,7 +1264,9 @@ service ManagementService {
             check_field_name: "ProjectId"
         };
     }
-    //PROJECT_GRANT_USER_GRANT
+
+    // search user grants based on a projectgrant
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc SearchProjectGrantUserGrants(ProjectGrantUserGrantSearchRequest) returns (UserGrantSearchResponse) {
         option (google.api.http) = {
             post: "/projectgrants/{project_grant_id}/users/grants/_search"
@@ -1266,6 +1279,8 @@ service ManagementService {
         };
     }
 
+    // get user grant based on a projectgrant
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc ProjectGrantUserGrantByID(ProjectGrantUserGrantID) returns (UserGrantView) {
         option (google.api.http) = {
             get: "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}"
@@ -1277,6 +1292,8 @@ service ManagementService {
         };
     }
 
+    // create user grant based on a projectgrant
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc CreateProjectGrantUserGrant(ProjectGrantUserGrantCreate) returns (UserGrant) {
         option (google.api.http) = {
             post: "/projectgrants/{project_grant_id}/users/{user_id}/grants"
@@ -1289,6 +1306,8 @@ service ManagementService {
         };
     }
 
+    // update user grant based on a projectgrant
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc UpdateProjectGrantUserGrant(ProjectGrantUserGrantUpdate) returns (UserGrant) {
         option (google.api.http) = {
             put: "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}"
@@ -1301,6 +1320,8 @@ service ManagementService {
         };
     }
 
+    // deactivate user grant based on a projectgrant
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc DeactivateProjectGrantUserGrant(ProjectGrantUserGrantID) returns (UserGrant) {
         option (google.api.http) = {
             put: "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}/_deactivate"
@@ -1313,6 +1334,8 @@ service ManagementService {
         };
     }
 
+    // reactivate user grant based on a projectgrant
+    // This request is required that the user authorizations of zitadel can be differentiated
     rpc ReactivateProjectGrantUserGrant(ProjectGrantUserGrantID) returns (UserGrant) {
         option (google.api.http) = {
             put: "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}/_reactivate"
@@ -1324,13 +1347,6 @@ service ManagementService {
             check_field_name: "ProjectGrantId"
         };
     }
-    //Grant
-    rpc SearchAuthGrant(AuthGrantSearchRequest) returns (AuthGrantSearchResponse) {
-        option (google.api.http) = {
-            post: "/authgrants/_search"
-            body: "*"
-        };
-    }
 }
 
 message Iam {
@@ -1374,7 +1390,7 @@ message UserID {
     string id = 1;
 }
 
-message UserEmailID {
+message Email {
     string email = 1;
 }
 
@@ -1826,6 +1842,10 @@ enum OrgState {
     ORGSTATE_INACTIVE = 2;
 }
 
+message Domain {
+    string domain = 1;
+}
+
 message OrgDomains {
     repeated OrgDomain domains = 1;
 }
@@ -2574,38 +2594,3 @@ message ProjectGrantUserGrantSearchRequest {
     uint64 limit = 3;
     repeated UserGrantSearchQuery queries = 4;
 }
-
-message AuthGrantSearchRequest {
-    uint64 offset = 1;
-    uint64 limit = 2;
-    AuthGrantSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];
-    bool asc = 4;
-    repeated AuthGrantSearchQuery queries = 5;
-}
-
-message AuthGrantSearchQuery {
-    AuthGrantSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
-    SearchMethod method = 2 [(validate.rules).enum = {in: [0]}];
-    string value = 3;
-}
-
-enum AuthGrantSearchKey {
-    AUTHGRANTSEARCHKEY_UNSPECIFIED = 0;
-    AUTHGRANTSEARCHKEY_ORG_ID = 1;
-    AUTHGRANTSEARCHKEY_PROJECT_ID = 2;
-    AUTHGRANTSEARCHKEY_USER_ID = 3;
-}
-
-message AuthGrantSearchResponse {
-    uint64 offset = 1;
-    uint64 limit = 2;
-    uint64 total_result = 3;
-    repeated AuthGrant result = 4;
-}
-
-message AuthGrant {
-    string orgId = 1;
-    string projectId = 2;
-    string userId = 3;
-    repeated string roles = 4;
-}