TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-06 13:57:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: V2 docs / error messages (#3611)

Browse Source 
* docs: rewrite concept section

* docs: add instance to guides

* chore: error messages

* fix: scenarios

* docs: urls

* docs: change images

* docs: change images

* docs: change images

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi 2022-05-16 14:00:33 +02:00 committed by GitHub
parent d401439427
commit c53d5251a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
66 changed files with 2117 additions and 1790 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
docs/docs/apis/introduction.mdx
View File

@ -7,7 +7,7 @@ import Column from "../../src/components/column";
## APIs
ZITADEL provides four APIs for different use cases. Three of these APIs are built with GRPC and generate a REST service.
ZITADEL provides five APIs for different use cases. Four of these APIs are built with GRPC and generate a REST service.
Each service's proto definition is located in the source control on GitHub.
As we generate the REST services and Swagger file out of the proto definition we recommend that you rely on the proto file.
We annotate the corresponding REST methods on each possible call as well as the AuthN and AuthZ requirements.
@ -15,7 +15,7 @@ The last API (assets) is only a REST API because ZITADEL uses multipart form dat
### Proto
All of our APIs are generated by proto defintions. You can find all the proto definitions in the [Proto API Definitions](proto/auth).
All of our APIs are generated by proto definitions. You can find all the proto definitions in the [Proto API Definitions](proto/auth).
> More about [Protocol Buffer](https://developers.google.com/protocol-buffers)
@ -74,7 +74,7 @@ To identify the current organization you can send a header `x-zitadel-orgid` or
### GRPC
Endpoint:
[https://api.zitadel.ch/caos.zitadel.auth.api.v1.AuthService/](https://api.zitadel.ch/caos.zitadel.auth.api.v1.AuthService)
[https://api.zitadel.ch/caos.zitadel.management.api.v1.ManagementService/](https://api.zitadel.ch/caos.zitadel.management.api.v1.ManagementService)
Definition:
[Management Proto](/docs/apis/proto/management)
@ -100,7 +100,7 @@ Definition:
## Administration
This API is intended to configure and manage the IAM itself.
This API is intended to configure and manage one ZITADEL instance itself.
</div>
<div class="apicard-right">
@ -108,10 +108,10 @@ This API is intended to configure and manage the IAM itself.
### GRPC
Endpoint:
[https://api.zitadel.ch/caos.zitadel.auth.api.v1.AuthService/](https://api.zitadel.ch/caos.zitadel.auth.api.v1.AuthService)
[https://api.zitadel.ch/caos.zitadel.admin.api.v1.AdminService/](https://api.zitadel.ch/caos.zitadel.admin.api.v1.AdminService)
Definition:
[Admin Proto](/docs/apis/proto/auth)
[Admin Proto](/docs/apis/proto/admin)
### REST
@ -128,6 +128,40 @@ Definition:
</Column>
</ApiCard>
<ApiCard title="Administration" type="SYSTEM">
<Column>
<div>
## System
This API is intended to manage the different ZITADEL instances within the system.
</div>
<div class="apicard-right">
### GRPC
Endpoint:
[https://api.zitadel.ch/caos.zitadel.system.api.v1.SystemService/](https://api.zitadel.ch/caos.zitadel.system.api.v1.SystemService)
Definition:
[System Proto](/docs/apis/proto/system)
### REST
Endpoint:
[https://api.zitadel.ch/system/v1/](https://api.zitadel.ch/system/v1/)
Swagger Editor:
[editor.swagger.io](https://editor.swagger.io/?url=https://api.zitadel.ch/openapi/v2/swagger/admin.swagger.json)
Definition:
[Swagger Definition](https://api.zitadel.ch/openapi/v2/swagger/system.swagger.json)
</div>
</Column>
</ApiCard>
<ApiCard title="Assets" type="ASSET">
<Column>
<div>
@ -174,14 +208,15 @@ In the table below you can see the URI of those calls.
| Service | URI |
| :------ | :--------------------------------------------------------------------------------------------------------------------------------------------- |
| REST | [https://api.zitadel.ch/auth/v1/users/me](https://api.zitadel.ch/auth/v1/users/me) |
| GRPC | [https://api.zitadel.ch/caos.zitadel.auth.api.v1.AuthService/GetMyUser](https://api.zitadel.ch/caos.zitadel.auth.api.v1.AuthService/GetMyUser) |
| REST | [{your_domain}/auth/v1/users/me]({your_domain}/auth/v1/users/me) |
| GRPC | [{your_domain}/caos.zitadel.auth.api.v1.AuthService/GetMyUser]({your_domain}/caos.zitadel.auth.api.v1.AuthService/GetMyUser) |
## Domains
| Domain Name | Example | Description |
| :---------- | :-------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| base_url | `{instance}.zitadel.cloud` or custom domain {your_domain} | ZITADEL has only one url, the different apis will be found under different paths. |
| issuer | `issuer.zitadel.ch` | Provides the [OpenID Connect 1.0 Discovery Endpoint](openidoauth/endpoints#openid-connect-10-discovery) |
| api | `api.zitadel.ch` | All ZITADEL API's are located under this domain. |
| login | `accounts.zitadel.ch` | The accounts.\* page provides server renderer pages like login and register and as well the authorization_endpoint for OpenID Connect |
| console | `console.zitadel.ch` | With the console.\* domain we serve the assets for the management gui |
| api | `{base_rul}/api` | All ZITADEL API's are located under this domain. |
| login | `{base_url}/ui/login` | The accounts.\* page provides server renderer pages like login and register and as well the authorization_endpoint for OpenID Connect |
| console | `{base_url}/ui/console` | With the console.\* domain we serve the assets for the management gui |

4
docs/docs/apis/openidoauth/authn-methods.md
View File

@ -45,7 +45,7 @@ JWT
| Claim | Example | Description |
|:------|:------------------------------|:----------------------------------------------------------------------------------------------------------------|
| aud | `"https://issuer.zitadel.ch"` | String or Array of intended audiences MUST include ZITADEL's issuing domain |
| aud | `"{your_domain}"` | String or Array of intended audiences MUST include ZITADEL's issuing domain |
| exp | `1605183582` | Unix timestamp of the expiry |
| iat | `1605179982` | Unix timestamp of the creation singing time of the JWT, MUST NOT be older than 1h |
| iss | `"78366401571920522@acme"` | String which represents the requesting party (owner of the key), normally the `clientID` from the json key file |
@ -55,7 +55,7 @@ JWT
{
"iss": "78366401571920522@acme",
"sub": "78366401571920522@acme",
"aud": "https://issuer.zitadel.ch",
"aud": "{your_domain}",
"exp": 1605183582,
"iat": 1605179982
}

2
docs/docs/apis/openidoauth/claims.md
View File

@ -52,7 +52,7 @@ Please check below the matrix for an overview where which scope is asserted.
| gender | `other` | Gender of the subject |
| given_name | `Road` | Given name of the subject |
| iat | `1311280970` | Issued at time of the token as unix time |
| iss | `https://issuer.zitadel.ch` | Issuing domain of a token |
| iss | `{your_domain}` | Issuing domain of a token |
| locale | `en` | Language from the subject |
| name | `Road Runner` | The subjects full name |
| nonce | `blQtVEJHNTF0WHhFQmhqZ0RqeHJsdzdkd2d...` | The nonce provided by the client |

24
docs/docs/apis/openidoauth/endpoints.md
View File

@ -8,13 +8,13 @@ import TabItem from '@theme/TabItem';
## OpenID Connect 1.0 Discovery
The OpenID Connect Discovery Endpoint is located within the issuer domain.
For example with [zitadel.ch](https://zitadel.ch), issuer.zitadel.ch would be the domain. This would give us [https://issuer.zitadel.ch/.well-known/openid-configuration](https://issuer.zitadel.ch/.well-known/openid-configuration).
This would give us [{your_domain}/.well-known/openid-configuration]({your_domain}/.well-known/openid-configuration).
**Link to spec.** [OpenID Connect Discovery 1.0 incorporating errata set 1](https://openid.net/specs/openid-connect-discovery-1_0.html)
## authorization_endpoint
[https://accounts.zitadel.ch/oauth/v2/authorize](https://accounts.zitadel.ch/oauth/v2/authorize)
[https://accounts.zitadel.ch/oauth/v2/authorize]({your_domain}/oauth/v2/authorize)
:::note
The authorization_endpoint is located with the login page, due to the need of accessing the same cookie domain
@ -142,7 +142,7 @@ the error will be display directly to the user on the auth server
## token_endpoint
[https://api.zitadel.ch/oauth/v2/token](https://api.zitadel.ch/oauth/v2/token)
[{your_domain}/oauth/v2/token]({your_domain}/oauth/v2/token)
The token_endpoint will as the name suggests return various tokens (access, id and refresh) depending on the used `grant_type`.
When using [`authorization_code`](#authorization-code-grant-code-exchange) flow call this endpoint after receiving the code from the authorization_endpoint.
@ -231,7 +231,7 @@ Send a client assertion as JWT for us to validate the signature against the regi
```BASH
curl --request POST \
--url https://api.zitadel.ch/oauth/v2/token \
--url {your_domain}/oauth/v2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
--data assertion=eyJhbGciOiJSUzI1Ni...
@ -321,7 +321,7 @@ Send a `client_assertion` as JWT for us to validate the signature against the re
## introspection_endpoint
[https://api.zitadel.ch/oauth/v2/introspect](https://api.zitadel.ch/oauth/v2/introspect)
[{your_domain}/oauth/v2/introspect]({your_domain}/oauth/v2/introspect)
This endpoint enables client to validate an `acccess_token`, either opaque or JWT. Unlike client side JWT validation,
this endpoint will check if the token is not revoked (by client or logout).
@ -357,7 +357,7 @@ Send a `client_assertion` as JWT for us to validate the signature against the re
```BASH
curl --request POST \
--url https://api.zitadel.ch/oauth/v2/introspect \
--url {your_domain}/oauth/v2/introspect \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
--data client_assertion=eyJhbGciOiJSUzI1Ni... \
@ -387,14 +387,14 @@ If the authorization fails, an HTTP 401 with `invalid_client` will be returned.
## userinfo_endpoint
[https://api.zitadel.ch/oauth/v2/userinfo](https://api.zitadel.ch/oauth/v2/userinfo)
[{your_domain}/oauth/v2/userinfo]({your_domain}/oauth/v2/userinfo)
This endpoint will return information about the authorized user.
Send the `access_token` of the **user** (not the client) as Bearer Token in the `authorization` header:
```BASH
curl --request GET \
--url https://api.zitadel.ch/oauth/v2/userinfo
--url {your_domain}/oauth/v2/userinfo
--header 'Authorization: Bearer dsfdsjk29fm2as...'
```
@ -409,7 +409,7 @@ If the token is invalid or expired, an HTTP 401 will be returned.
## revocation_endpoint
[https://api.zitadel.ch/oauth/v2/revoke](https://api.zitadel.ch/oauth/v2/revoke)
[{your_domain}/oauth/v2/revoke]({your_domain}/oauth/v2/revoke)
This endpoint enables clients to revoke an `access_token` or `refresh_token` they have been granted.
@ -470,7 +470,7 @@ Send a `client_assertion` as JWT for ZITADEL to verify the signature against the
```BASH
curl --request POST \
--url https://api.zitadel.ch/oauth/v2/revoke \
--url {your_domain}/oauth/v2/revoke \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
--data client_assertion=eyJhbGciOiJSUzI1Ni... \
@ -482,13 +482,13 @@ curl --request POST \
## end_session_endpoint
[https://accounts.zitadel.ch/oauth/v2/endsession](https://accounts.zitadel.ch/oauth/v2/endsession)
[{your_domain}/oauth/v2/endsession]({your_domain}/oauth/v2/endsession)
> The end_session_endpoint is located with the login page, due to the need of accessing the same cookie domain
## jwks_uri
[https://api.zitadel.ch/oauth/v2/keys](https://api.zitadel.ch/oauth/v2/keys)
[{your_domain}/oauth/v2/keys]({your_domain}/oauth/v2/keys)
> Be aware that these keys can be rotated without any prior notice. We will however make sure that a proper `kid` is set with each key!

4
docs/docs/apis/openidoauth/grant-types.md
View File

@ -77,7 +77,7 @@ JWT
| Claim | Example | Description |
|:------|:------------------------------|:--------------------------------------------------------------------------------------------------------------|
| aud | `"https://issuer.zitadel.ch"` | String or Array of intended audiences MUST include ZITADEL's issuing domain |
| aud | `"{your_domain}"` | String or Array of intended audiences MUST include ZITADEL's issuing domain |
| exp | `1605183582` | Unix timestamp of the expiry |
| iat | `1605179982` | Unix timestamp of the creation singing time of the JWT, MUST NOT be older than 1h |
| iss | `"77479219772321307"` | String which represents the requesting party (owner of the key), normally the `userId` from the json key file |
@ -87,7 +87,7 @@ JWT
{
"iss": "77479219772321307",
"sub": "77479219772321307",
"aud": "https://issuer.zitadel.ch",
"aud": "{your_domain}",
"exp": 1605183582,
"iat": 1605179982
}

5
docs/docs/concepts/structure/_instance_description.mdx Normal file
View File

@ -0,0 +1,5 @@
An instance is the top hierarchy in the ZITADEL.
Within an instance all the default [settings](./policies), such as branding, login policy, password policy, etc. for the system can be configured.
One instance normally runs on one domain and has one issuer. (e.g login.customer.com)
One instance can contain multiple [organizations](./organizations). Which can represent the own company or the customers.

2
docs/docs/concepts/structure/_org_description.mdx
View File

@ -1,6 +1,6 @@
ZITADEL is organized around the idea that:
* Multiple organizations share the same system. In this case multiple organizations share the same service, zitadel.ch
* Multiple organizations can be managed within one [instance](./instance).
* organizations can grant each other rights to self-manage certain aspects of the IAM (eg, roles for access management)
* organizations are vessels for users and projects

8
docs/docs/concepts/structure/instance.md Normal file
View File

@ -0,0 +1,8 @@
---
title: Instance
---
import InstanceDescription from './_instance_description.mdx';
<InstanceDescription name="InstanceDescription" />

5
docs/docs/concepts/structure/overview.md
View File

@ -6,10 +6,11 @@ This overview shows the general structure of ZITADEL.
![Overview](/img/concepts/objects/object_overview.png)
More details on the specific objets:
More details on the specific objects:
- [Instance](./instance)
- [Organizations](./organizations)
- [Policies](./policies)
- [Policies/Settings](./policies)
- [Projects](./projects)
- [Applications](./applications)
- [Granted Projects](./granted_projects)

14
docs/docs/concepts/structure/policies.md
View File

@ -1,13 +1,13 @@
---
title: Policies
title: Settings/Policies
---
Policies are configurations of all the different parts of the IAM. For all parts we have a suitable default in the IAM.
Settings and policies are configurations of all the different parts of the Instance or an organization. For all parts we have a suitable default in the Instance.
The default configuration can be overridden for each organization.
## General
You can find these settings in the menu organization in the section polcies.
You can find these settings in the instance page under settings, or on a specific organization menu organization in the section polycies.
Each policy can be overridden and reset to the default.
## Password Complexity
@ -88,3 +88,11 @@ Make sure you click the "Set preview as current configuration" button after you
Each organization is able to configure its own privacy policy and terms of service.
A link to the current policies can be provided. On register each user has to accept these policies.
## Domain policy
In the domain policy you have two different settings.
One is the "user_login_must_be_domain", by setting this all the users within an organisation will be suffixed with the domain of the organisation.
The second is "validate_org_domains" if this is set to true all created domains on an organisation must be verified per acme challenge. [Verify Domain] (../../guides/basics/organizations#domain-verification-and-primary-domain)
If it is set to false, all registered domain will automatically be created as verified and the users will be able to use the domain for login.

12
docs/docs/concepts/usecases/saas.md
View File

@ -19,15 +19,7 @@ This means that the users and also their authorizations will be managed within Z
An organization is the ZITADEL resource which contains users, projects, applications, policies and so on.
In an organization projects and users are managed by the organization.
You need at least one organization for your own company in our case "The Timing Company".
For your customers you have different possibilities:
1. Your customer already owns an organization in ZITADEL
2. Your customer creates a new organization in ZITADEL by itself
3. You create an organization for your customer (If you like to verify the domain, the customer has to do it)
:::info
Subscriptions are organization based. This means, that each organization can choose their own tier based on the needed features.
:::
As next step grate an organization for each of your costumers.
## Project
@ -70,7 +62,7 @@ More about the [Scopes](../../apis/openidoauth/scopes)
2. Show private labeling (branding) of the project organization
You can configure on project-level which branding should be shown to users.
In the default the design of ZITADEL will be shown, but as soon as the user is identified, the policy of the users organization will be triggered.
In the default the design of the instance will be shown, but as soon as the user is identified, the policy of the users organization (if specified) will be triggered.
If the setting is set to `Ensure Project Resource Owner Setting`, the private labeling of the project organization will always be triggered.
The last possibility is to show the private labeling of the project organization and as soon as the user is identitfied the user organization settings will be triggered.
For this the Allow User Resource Owner Setting should be set.

4
docs/docs/guides/api/access-zitadel-apis.md
View File

@ -32,7 +32,7 @@ title: Access ZITADEL APIs
ZITADEL Managers are Users who have permission to manage ZITADEL itself. There are some different levels for managers.
- **IAM Managers**: This is the highest level. Users with IAM Manager roles are able to manage the whole IAM.
- **IAM Managers**: This is the highest level. Users with IAM Manager roles are able to manage the whole instance.
- **Org Managers**: Managers in the Organization Level are able to manage everything within the granted Organization.
- **Project Mangers**: In this level the user is able to manage a project.
- **Project Grant Manager**: The project grant manager is for projects, which are granted of another organization.
@ -69,7 +69,7 @@ Use the scope `urn:zitadel:iam:org:project:id:{projectid}:aud` to include the pr
```bash
curl --request POST \
--url https://api.zitadel.ch/oauth/v2/token \
--url {your_domain}/oauth/v2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
--data scope='openid profile email urn:zitadel:iam:org:project:id:69234237810729019:aud' \

8
docs/docs/guides/authentication/identity-brokering.md
View File

@ -66,11 +66,13 @@ Google Example:
![Add new oAuth credentials in Google Console](/img/google_add_credentials.gif)
### 2. Add custom login policy on your organization
### 2. Add custom login policy
The login policy can be configured on two levels. Once as default on the instance and this can be overwritten for each organization.
This case describes how to change it on the organization.
1. Go to your organization settings by clicking on "Organization" in the menu or using the following link: <https://console.zitadel.ch/org>
2. Modify your login policy
3. As long as you have the default policy, you can't change the policy. Click create custom policy to set your on settings.
2. Modify your login policy in the menu "Login Behaviour and Security"
![Add custom login policy](/img/console_org_custom_login_policy.gif)

90
docs/docs/guides/basics/instance.mdx Normal file
View File

@ -0,0 +1,90 @@
---
title: Instance
---
| | |
| --- | --- |
| Description | Learn what an instance in ZITADEL is and what kind of configurations you are able to do. |
| Learning Outcomes | In this module you will: <ul><li>Learn about the instance</li><li>Create a new instance</li><li>Add a custom domain</li><li>configure some settings</li></ul> |
|Prerequisites|None|
## What is an instance?
import InstanceDescription from '../../concepts/structure/_instance_description.mdx';
import Column from '../../../src/components/column';
<InstanceDescription name="InstanceDescription" />
## Exercise - Create a new instance
The creation and management of an instance takes place in the Customer Portal.
To manage your existing instances you need login with your Customer Portal user. Be aware that this is not the same user as in the instance itself.
![Create new instance](/img/console_org_register.png)
## Exercise - Add a custom domain
1. Browse to your instance
2. Click **Add custom domain**
3. To start the domain verification click the domain name and a dialog will appear, where you can choose between DNS or HTTP challenge methods.
4. For example, create a TXT record with your DNS provider for the used domain and click verify. ZITADEL will then proceed an check your DNS.
5. When the verification is successful you have the option to activate the domain by clicking **Set as primary**
![Verify Domain](/img/console_verify_domain.gif)
> **_Please note:_** Do not delete the verification code, as ZITADEL Customer Portal will re-check the ownership of your domain from time to time
## Exercise - Change default settings of the instance
Redirect to your instance and login with your generated user ???
Go to the settings with the button at the top right of the header.
You will find all different kind of default settings here.
From password policy, to branding to texts of the login ui.
For this case we will change the branding.
Choose modify on the setting "branding".
You can switch between the light and the dark mode. Upload your logo and define the colors you like to have.
Make sure to click the button "apply configuration" after you are finish to trigger your settings.
## Knowledge Check
* Instance has to be configured in the Customer Portal
- [ ] yes
- [ ] no
* I can use the same user for the Customer Portal as for my created instance
- [ ] yes
- [ ] no
* I will find the default settings in the Customer Portal
- [ ] yes
- [ ] no
<details>
<summary>
Solutions
</summary>
* Users exist only within projects or clients
- [x] yes
- [ ] no
* I can use the same user for the Customer Portal as for my created instance
- [ ] yes
- [x] no (Due to separation of concern you will not be able to use the same user for both)
* I will find the default settings in the Customer Portal
- [ ] yes
- [x] no (The default settings are after login to you instance on the settings page)
</details>
## Summary
* Create your instance in the customer portal
* Verify your domain in the Customer Portal to improve user experience; remember to not delete the verification code to allow recheck of ownership
* You can manage all your default settings in the instance itself
Where to go from here:
* Create an organization
* Create a project
* Setup Passwordless MFA
* Manage ZITADEL Roles

5
docs/docs/guides/basics/organizations.mdx
View File

@ -7,7 +7,7 @@ title: Organizations
| --- | --- |
| Description | Learn how ZITADEL is structured around Organizations and how to create your organization and verify a domain to use with that new organization. |
| Learning Outcomes | In this module you will: <ul><li>Learn about organizations</li><li>Create a new organization</li><li>Verify your domain name </li></ul> |
|Prerequisites|None|
|Prerequisites|Existing instance|
## What is an organization?
@ -44,7 +44,8 @@ When you verify your domain name, then ZITADEL will generate additional logoname
Once you have successfully registered your organization, ZITADEL will automatically generate a domain name for your organization (eg, acme.zitadel.ch). Users that you create within your organization will be suffixed with this domain name.
You can improve the user experience, by suffixing users with a domain name that is in your control. For that you can prove the ownership of your domain, by DNS or HTTP challenge.
You can improve the user experience, by suffixing users with a domain name that is in your control. If the "validate ord domains" settings in the [Domain Policy](../../concepts/structure/policies) is set to true, you have to prove the ownership of your domain, by DNS or HTTP challenge.
If the settings is set to false, the created domain will automatically be set to verifed.
An organization can have multiple domain names, but only one domain can be primary. The primary domain defines which login name ZITADEL displays to the user, and what information gets asserted in access_tokens (`preferred_username`).

6
docs/docs/guides/customization/branding.md
View File

@ -2,8 +2,10 @@
title: Brand Customization
---
ZITADEL offers various customization options for your projects brand design.
Head over to the Private Labeling Policy on your Organization Page.
ZITADEL offers various customization options for your projects brand design. The branding can be configured on two different levels.
The configuration on the instance level will set the default settings, which are triggered for all users if not overwritten on an organization specifically.
The second possibility is to configure it on each organization. This guide will describe the second possibility.
For this head over to the Branding Setting on your Organization Page.
## How it works
You are able to customize the light and a dark mode separately.

2
docs/docs/guides/customization/texts.md
View File

@ -2,7 +2,7 @@
title: Customized Texts
---
You are able to customize the texts used from ZITADEL.
You are able to customize the texts used from ZITADEL. This is possibly on the instance or organization level.
## Message Texts
Sometimes the users will get an email or phone message from ZITADEL (e.g Password Reset Request).

4
docs/docs/guides/installation/shared-cloud.md
View File

@ -6,6 +6,8 @@ title: Shared Cloud at zitadel.ch
I'd like to simply use ZITADEL without having to take care of any operational tasks.
:::
Just register your [Organization](../basics/organizations) at [zitadel.ch](https://console.zitadel.ch) and start by using [ZITADEL Free](https://zitadel.ch/pricing). You will immediately be able to integrate as many applications with as many users as you want. Serve your users multiple secure login methods for free.
Just register your ZITADEL instance in the ZITADEL Customer Portal //TODO: AddLink
Per default you will start in the [ZITADEL Free](https://zitadel.com/pricing) Tier, which already includes all the features.
You will immediately be able to integrate as many applications with as many users as you want. Serve your users multiple secure login methods for free.
[Jump](../basics/get-started) to the more detailed docs.

5
docs/docs/guides/solution-scenarios/b2c.mdx
View File

@ -12,14 +12,15 @@ When planning your applications, investing time in researching your apps archite
This guide introduces you to the grouping and structuring of ZITADEL projects which forms the base for all projects. This can be used as a quick start to the [B2B scenario](./b2b), which is merely focused on planning considerations if you are having projects with multiple organizations.
The journey of this guide starts with creating an Organization, the outermost layer of ZITADEL, as it is the vessel for projects, roles, applications and users.
The journey of this guide starts with creating an Organization, the outermost layer of ZITADEL within your instance, as it is the vessel for projects, roles, applications and users.
Creation can be done from [ZITADEL Console](https://console.zitadel.ch/org/create). You can choose your current account for the organization owner or create a new one.
Depending on your Software Development Life Cycle (SDLC) you can create multiple organizations or projects to keep your applications environments seperated.
### Custom domain
Right after org creation you'll be greeted with the domain section of your organization. ZITADEL automatically creates a custom domain of the form `[orgname].zitadel.ch`, but you can set your own by saving a verification file on the specified location.
Right after org creation you'll be greeted with the domain section of your organization.
ZITADEL automatically creates a custom domain of the form `[orgname].zitadel.ch`, but you can create your own. Depending on the settings on the [Domain Policy](../../concepts/structure/policies) it has to be verified by saving a verification file on the specified location.
We recommend that you create your domains early as they create a sense of confidence and trust for your application and changes later on might create additional migration effort.
You can read more about how ZITADEL handles usernames [here](../basics/organizations#how-zitadel-handles-usernames).

4
docs/docs/guides/trainings/supportservice/application.md
View File

@ -19,7 +19,7 @@ In this session your second level support will gain an understanding on how to e
* Validation of tokens
* Q&A
**Price**: [Get a quote](https://zitadel.ch/contact)
**Price**: [Get a quote](https://zitadel.com/contact)
## ZITADEL Administrator
@ -37,4 +37,4 @@ In this hands-on training your employees will get a complete overview of the sys
* Client integration best-practices
* Q&A
**Price**: [Get a quote](https://zitadel.ch/contact)
**Price**: [Get a quote](https://zitadel.com/contact)

6
docs/docs/guides/trainings/supportservice/operations.md
View File

@ -22,7 +22,7 @@ In this hands-on training you will gain an understanding about GitOps and ORBOS
* Configuration
* Q&A
**Price**: [Get a quote](https://zitadel.ch/contact)
**Price**: [Get a quote](https://zitadel.com/contact)
## ZITADEL and DB Operator
@ -43,7 +43,7 @@ In this hands-on training you will gain an in-depth understanding of the ZITADEL
* Common root cause analysis
* Q&A
**Price**: [Get a quote](https://zitadel.ch/contact)
**Price**: [Get a quote](https://zitadel.com/contact)
## ORBOS Tooling
@ -60,4 +60,4 @@ In this training you will learn how to customize tooling or more detailed aspect
* Alerting
* Ingress/API-Gateway
**Price**: [Get a quote](https://zitadel.ch/contact)
**Price**: [Get a quote](https://zitadel.com/contact)

4
docs/docs/legal/data-processing-agreement.md
View File

@ -140,9 +140,9 @@ The technical and organizational security measures are described in more detail
### Involvement of subcontracted processors
A current and complete list of involved and approved sub-processors can be found at [https://zitadel.ch/trust/](https://zitadel.ch/trust/).
A current and complete list of involved and approved sub-processors can be found at [https://zitadel.com/trust/](https://zitadel.com/trust/).
The Processor is entitled to involve additional sub-processors. In this case, the Processor shall inform the Responsible Party about any intended change regarding sub-processors and update the list at <https://zitadel.ch/trust>. The Customer has the right to object to such changes. If the Parties are unable to reach a mutual agreement within 90 days of receipt of the objection by the Processor, the Customer may terminate the Agreement extraordinarily.
The Processor is entitled to involve additional sub-processors. In this case, the Processor shall inform the Responsible Party about any intended change regarding sub-processors and update the list at <https://zitadel.com/trust>. The Customer has the right to object to such changes. If the Parties are unable to reach a mutual agreement within 90 days of receipt of the objection by the Processor, the Customer may terminate the Agreement extraordinarily.
The Processor obligates itself to impose on all sub-processors, by means of a contract (or in another appropriate manner), the same data protection obligations as are imposed on it by this Annex. In particular, sufficient guarantees shall be provided that the appropriate technical and organizational measures are implemented in such a way that the processing by the sub-processor is carried out in accordance with the legal requirements. If the sub-processor fails to comply with its data protection obligations, the processor shall be liable to the customer for this as for its own conduct.

4
docs/docs/legal/privacy-policy.md
View File

@ -5,7 +5,7 @@ custom_edit_url: null
## Introduction
This privacy policy applies to CAOS Ltd., the websites it operates (including caos.ch and zitadel.ch) and the services and products it provides (including ZITADEL). This privacy policy describes how we process personal data for the provision of this websites and our products.
This privacy policy applies to CAOS Ltd., the websites it operates (including caos.ch, zitadel.ch, zitadel.cloud and zitadel.com) and the services and products it provides (including ZITADEL). This privacy policy describes how we process personal data for the provision of this websites and our products.
If any inconsistencies arise between this Privacy Policy and the otherwise applicable contractual terms, framework agreement, or general terms of service, the provisions of this Privacy Policy shall prevail. This privacy policy covers both existing personal data and personal data collected from you in the future.
@ -176,7 +176,7 @@ The fulfillment of the contract includes in particular, but is not limited to, t
## Disclosure to third parties
We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our "[Trust Page](https://zitadel.ch/trust)".
We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our "[Trust Page](https://zitadel.com/trust)".
This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via

4
docs/docs/legal/support-services.md
View File

@ -55,7 +55,7 @@ If we fail to provide the initial response time objective, you will be entitled
Support Feature | Contact information
--- | ---
eMail Support | support@zitadel.ch
eMail Support | support@zitadel.com
Chat Support | Private chat channel between CAOS and Customer that is opened when Subscription becomes active
Phone Support | +41 43 215 27 34
@ -70,7 +70,7 @@ CAOS will enhance its support offering by providing eligible clients with a Tech
- Provide support and advice regarding best practices on platform, product and configuration covered by the applicable Support Services;
- Participate in review calls every other week at mutually agreed times addressing customers operational issues.
We offer TAM services only bundled with specific subscription plans, and the option to add more TAM hours to these plans. If you require consulting for your projects, please request a quote via our [website](https://zitadel.ch/contact).
We offer TAM services only bundled with specific subscription plans, and the option to add more TAM hours to these plans. If you require consulting for your projects, please request a quote via our [website](https://zitadel.com/contact).
## Support

2
docs/docs/legal/terms-of-service-dedicated.md
View File

@ -20,7 +20,7 @@ Each Dedicated Instance consists, except agreed otherwise in writing, of a multi
CAOS will install and manage the Dedicated Instance on infracstructure provided by preferred cloud providers. Costs for infrastructure or cloud providers are not included in the Subscription, if not agreed otherwise in writing.
You may choose to provide the required infrastructure yourself. You must comply with the [requirements and prerequisites](https://docs.zitadel.ch/docs/guides/installation/managed-dedicated-instance) as documented.
You may choose to provide the required infrastructure yourself. You must comply with the [requirements and prerequisites](https://docs.zitadel.com/docs/guides/installation/managed-dedicated-instance) as documented.
Please refer to the [annex](dedicated-instance-annex) with regards to limitations of the deployment options, especially when using an own infrastructure provider. By accepting these terms you also accept the terms in the annex.

2
docs/docs/legal/terms-of-service.md
View File

@ -163,7 +163,7 @@ In the event of the termination of the contract, we reserve the right to irrevoc
## Data protection
Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](privacy-policy) and [Data Processing Agreement](data-processing-agreement), or our [Trust Site](https://zitadel.ch/trust/) for more information about how we process and protect your data.
Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](privacy-policy) and [Data Processing Agreement](data-processing-agreement), or our [Trust Site](https://zitadel.com/trust/) for more information about how we process and protect your data.
## Liability

2
docs/docs/legal/terms-support-service.md
View File

@ -180,7 +180,7 @@ In the event of the termination of the contract, we reserve the right to irrevoc
## Data protection
Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](privacy-policy) and [Data Processing Agreement](data-processing-agreement), or our [Trust Site](https://zitadel.ch/trust/) for more information about how we process and protect your data.
Please consult the annex to this Framework Agreement, specifically our [Privacy Policy](privacy-policy) and [Data Processing Agreement](data-processing-agreement), or our [Trust Site](https://zitadel.com/trust/) for more information about how we process and protect your data.
## Liability

2
docs/docs/manuals/user-register.md
View File

@ -20,7 +20,7 @@ C. Enable selfregistration for User
1. Create an organization as above
2. Create custom policy
3. Enable the "Register allowed" flag in the Login Policy
4. Connect your application and add the applications [scope](https://docs.zitadel.ch/architecture/#Custom_Scopes) to the redirect URL.
4. Connect your application and add the applications [scope](https://docs.zitadel.com/architecture/#Custom_Scopes) to the redirect URL.
This will enable the register option in the login dialog and will register the user within your organization if he does not already have an account.

145
docs/package.json
View File

@ -14,16 +14,155 @@
"write-heading-ids": "docusaurus write-heading-ids"
},
"dependencies": {
"@docusaurus/core": "^2.0.0-beta.15",
"@docusaurus/preset-classic": "^2.0.0-beta.15",
"@algolia/autocomplete-core": "1.5.2",
"@algolia/autocomplete-preset-algolia": "1.5.2",
"@ampproject/remapping": "2.2.0",
"@babel/core": "7.17.10",
"@babel/plugin-proposal-async-generator-functions": "7.16.8",
"@babel/plugin-proposal-class-static-block": "7.17.6",
"@babel/plugin-proposal-object-rest-spread": "7.17.3",
"@babel/plugin-proposal-private-methods": "7.16.11",
"@babel/plugin-transform-async-to-generator": "7.16.8",
"@babel/plugin-transform-destructuring": "7.17.7",
"@babel/plugin-transform-modules-commonjs": "7.17.9",
"@babel/plugin-transform-modules-systemjs": "7.17.8",
"@babel/plugin-transform-named-capturing-groups-regex": "7.17.10",
"@babel/plugin-transform-regenerator": "7.17.9",
"@babel/plugin-transform-runtime": "7.17.10",
"@babel/preset-env": "7.17.10",
"@babel/preset-react": "7.16.7",
"@babel/preset-typescript": "7.16.7",
"@babel/runtime-corejs3": "7.17.9",
"@colors/colors": "1.5.0",
"@docsearch/css": "3.0.0",
"@docsearch/react": "3.0.0",
"@docusaurus/core": "^2.0.0-beta.20",
"@docusaurus/cssnano-preset": "2.0.0-beta.20",
"@docusaurus/module-type-aliases": "2.0.0-beta.20",
"@docusaurus/plugin-debug": "2.0.0-beta.20",
"@docusaurus/plugin-google-analytics": "2.0.0-beta.20",
"@docusaurus/plugin-google-gtag": "2.0.0-beta.20",
"@docusaurus/plugin-sitemap": "2.0.0-beta.20",
"@docusaurus/preset-classic": "2.0.0-beta.20",
"@docusaurus/theme-classic": "2.0.0-beta.20",
"@docusaurus/theme-search-algolia": "2.0.0-beta.20",
"@docusaurus/types": "2.0.0-beta.20",
"@jridgewell/resolve-uri": "3.0.7",
"@jridgewell/set-array": "1.1.1",
"@jridgewell/trace-mapping": "0.3.11",
"@leichtgewicht/ip-codec": "2.0.4",
"@mdx-js/mdx": "1.6.22",
"@mdx-js/react": "^1.6.22",
"@slorber/static-site-generator-webpack-plugin": "4.0.4",
"@svgr/core": "6.2.1",
"@svgr/hast-util-to-babel-ast": "6.2.1",
"@svgr/plugin-svgo": "6.2.0",
"@types/eslint-scope": "3.7.3",
"@types/http-proxy": "1.17.9",
"@types/react-router-config": "5.0.6",
"@types/react-router-dom": "5.3.3",
"@types/ws": "8.5.3",
"autoprefixer": "10.4.7",
"axios": "0.25.0",
"babel-loader": "8.2.5",
"body-parser": "1.20.0",
"bonjour-service": "1.0.12",
"boxen": "6.2.1",
"clean-css": "5.3.0",
"cli-boxes": "3.0.0",
"cli-table3": "0.6.2",
"clsx": "^1.1.1",
"cookie": "0.5.0",
"copy-webpack-plugin": "10.2.4",
"core-js": "3.22.5",
"core-js-pure": "3.22.5",
"css-declaration-sorter": "6.2.2",
"css-loader": "6.7.1",
"css-minimizer-webpack-plugin": "3.4.1",
"cssnano": "5.1.7",
"cssnano-preset-advanced": "5.3.3",
"dns-packet": "5.3.1",
"docusaurus-plugin-plausible": "^0.0.5",
"eastasianwidth": "0.2.0",
"enhanced-resolve": "5.9.3",
"eval": "0.1.8",
"express": "4.18.1",
"finalhandler": "1.2.0",
"follow-redirects": "1.15.0",
"fraction.js": "4.2.0",
"html-minifier-terser": "6.1.0",
"html-tags": "3.2.0",
"html-webpack-plugin": "5.5.0",
"http-proxy-middleware": "2.0.6",
"infima": "0.2.0-alpha.39",
"invariant": "2.2.4",
"mdx-mermaid": "^1.1.0",
"mermaid": "^8.12.1",
"mini-css-extract-plugin": "2.6.0",
"multicast-dns": "7.2.4",
"nanoid": "3.3.4",
"node-forge": "1.3.1",
"object-inspect": "1.12.0",
"plugin-image-zoom": "ataft/plugin-image-zoom",
"postcss-calc": "8.2.4",
"postcss-colormin": "5.3.0",
"postcss-convert-values": "5.1.0",
"postcss-discard-comments": "5.1.1",
"postcss-discard-duplicates": "5.1.0",
"postcss-discard-empty": "5.1.1",
"postcss-discard-overridden": "5.1.0",
"postcss-discard-unused": "5.1.0",
"postcss-loader": "6.2.1",
"postcss-merge-idents": "5.1.1",
"postcss-merge-longhand": "5.1.4",
"postcss-merge-rules": "5.1.1",
"postcss-minify-font-values": "5.1.0",
"postcss-minify-gradients": "5.1.1",
"postcss-minify-params": "5.1.2",
"postcss-minify-selectors": "5.2.0",
"postcss-normalize-charset": "5.1.0",
"postcss-normalize-display-values": "5.1.0",
"postcss-normalize-positions": "5.1.0",
"postcss-normalize-repeat-style": "5.1.0",
"postcss-normalize-string": "5.1.0",
"postcss-normalize-timing-functions": "5.1.0",
"postcss-normalize-unicode": "5.1.0",
"postcss-normalize-url": "5.1.0",
"postcss-normalize-whitespace": "5.1.1",
"postcss-ordered-values": "5.1.1",
"postcss-reduce-idents": "5.2.0",
"postcss-reduce-initial": "5.1.0",
"postcss-reduce-transforms": "5.1.0",
"postcss-sort-media-queries": "4.2.1",
"postcss-svgo": "5.1.0",
"postcss-unique-selectors": "5.1.1",
"postcss-zindex": "5.1.0",
"prismjs": "1.28.0",
"raw-body": "2.5.1",
"react": "^17.0.2",
"react-dom": "^17.0.2"
"react-dev-utils": "12.0.1",
"react-dom": "^17.0.2",
"react-error-overlay": "6.0.11",
"react-fast-compare": "3.2.0",
"regenerator-transform": "0.15.0",
"remark-emoji": "2.2.0",
"rtlcss": "3.5.0",
"rxjs": "7.5.5",
"selfsigned": "2.0.1",
"serve-static": "1.15.0",
"shallowequal": "1.1.0",
"side-channel": "1.0.4",
"sitemap": "7.1.1",
"source-map-js": "1.0.2",
"stylehacks": "5.1.0",
"terser-webpack-plugin": "5.3.1",
"type-fest": "2.12.2",
"wait-on": "6.0.1",
"webpack-bundle-analyzer": "4.5.0",
"webpack-dev-middleware": "5.3.1",
"webpack-dev-server": "4.9.0",
"widest-line": "4.0.1",
"wrap-ansi": "8.0.1"
},
"browserslist": {
"production": [

5
docs/sidebars.js
View File

@ -42,6 +42,7 @@ module.exports = {
collapsed: false,
items: [
"guides/basics/get-started",
"guides/basics/instance",
"guides/basics/organizations",
"guides/basics/projects",
],
@ -164,6 +165,8 @@ module.exports = {
"apis/proto/auth",
"apis/proto/management",
"apis/proto/admin",
"apis/proto/system",
"apis/proto/instance",
"apis/proto/org",
"apis/proto/user",
"apis/proto/app",
@ -175,6 +178,7 @@ module.exports = {
"apis/proto/metadata",
"apis/proto/message",
"apis/proto/text",
"apis/proto/action",
"apis/proto/object",
"apis/proto/options",
],
@ -221,6 +225,7 @@ module.exports = {
collapsed: true,
items: [
"concepts/structure/overview",
"concepts/structure/instance",
"concepts/structure/organizations",
"concepts/structure/policies",
"concepts/structure/projects",

3
docs/src/components/apicard.jsx
View File

@ -14,6 +14,9 @@ export function ApiCard({ title, type, label, children}) {
case 'ADMIN':
style = styles.apiadmin;
break;
case 'SYSTEM':
style = styles.apisystem;
break;
case 'ASSET':
style = styles.apiasset;
break;

4
docs/src/css/apicard.module.css
View File

@ -22,6 +22,10 @@
background: var(--apiadminbackground);
}
.apisystem {
background: var(--apisystembackground);
}
.apiasset {
background: var(--apiassetbackground);
}

2
docs/src/css/custom.css
View File

@ -118,6 +118,7 @@
--apiauthbackground: linear-gradient(40deg, #a9d9ca 30%, #b4d5cb);
--apimgmtbackground: linear-gradient(40deg, #c6d7f3 30%, #c7c6e3);
--apiadminbackground: linear-gradient(40deg, #c192c790, #c192c790);
--apisystembackground: linear-gradient(40deg, #C7A6928E, #C7A6928E);
--apiassetbackground: linear-gradient(40deg, #e4eaf1, #eef2f9);
--overlaycolor: #6c90b420;
--ifm-hero-text-color: #ffffff;
@ -281,6 +282,7 @@ h2 {
--apiauthbackground: linear-gradient(40deg, #506e6e90 30%, #506e6e90);
--apimgmtbackground: linear-gradient(40deg, #595d8090 30%, #595d8090);
--apiadminbackground: linear-gradient(40deg, #6a506e90, #6a506e90);
--apisystembackground: linear-gradient(40deg, #6E695090, #6E695090);
--apiassetbackground: linear-gradient(40deg, #3c4257, #3c4257);
--overlaycolor: #ffffff15;
--ifm-hero-text-color: #023c2a;

BIN
docs/static/img/concepts/objects/object_overview.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 646 KiB

After

Width:  |  Height:  |  Size: 1.0 MiB

BIN
docs/static/img/concepts/usecase/saas.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 625 KiB

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
docs/static/img/console_login_texts.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 190 KiB

After

Width:  |  Height:  |  Size: 309 KiB

BIN
docs/static/img/console_message_texts.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 170 KiB

After

Width:  |  Height:  |  Size: 295 KiB

BIN
docs/static/img/console_org_custom_login_policy.gif vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 4.5 MiB

After

Width:  |  Height:  |  Size: 4.7 MiB

BIN
docs/static/img/console_org_select.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 64 KiB

BIN
docs/static/img/console_projects_authorization_created.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 111 KiB

BIN
docs/static/img/console_projects_create_authorization.gif vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.7 MiB

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
docs/static/img/console_projects_empty.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 162 KiB

BIN
docs/static/img/console_projects_overview.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 48 KiB

After

Width:  |  Height:  |  Size: 376 KiB

BIN
docs/static/img/console_serviceusers_create.gif vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.6 MiB

After

Width:  |  Height:  |  Size: 1.7 MiB

BIN
docs/static/img/console_serviceusers_new_key.gif vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.9 MiB

After

Width:  |  Height:  |  Size: 4.1 MiB

BIN
docs/static/img/console_users_create_new_user.gif vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.6 MiB

After

Width:  |  Height:  |  Size: 3.7 MiB

BIN
docs/static/img/integrations/mongodb-charts-app-create-light.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 86 KiB

After

Width:  |  Height:  |  Size: 301 KiB

BIN
docs/static/img/manuals/policies/console_org_login.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 155 KiB

After

Width:  |  Height:  |  Size: 374 KiB

BIN
docs/static/img/manuals/policies/console_org_pw_complexity.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 109 KiB

After

Width:  |  Height:  |  Size: 270 KiB

3417
docs/yarn.lock
View File

File diff suppressed because it is too large Load Diff

2
internal/command/instance_idp_config.go
View File

@ -92,7 +92,7 @@ func (c *Commands) ChangeDefaultIDPConfig(ctx context.Context, config *domain.ID
instanceAgg := InstanceAggregateFromWriteModel(&existingIDP.WriteModel)
changedEvent, hasChanged := existingIDP.NewChangedEvent(ctx, instanceAgg, config.IDPConfigID, config.Name, config.StylingType, config.AutoRegister)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-3k0fs", "Errors.IAM.IDPConfig.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
if err != nil {

2
internal/command/instance_idp_oidc_config.go
View File

@ -39,7 +39,7 @@ func (c *Commands) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *domai
return nil, err
}
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-d8kwF", "Errors.IAM.IDPConfig.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

2
internal/command/instance_policy_domain.go
View File

@ -52,7 +52,7 @@ func (c *Commands) ChangeDefaultDomainPolicy(ctx context.Context, policy *domain
instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PolicyDomainWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.UserLoginMustBeDomain, policy.ValidateOrgDomains)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-pl9fN", "Errors.IAM.DomainPolicy.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

2
internal/command/instance_policy_label.go
View File

@ -87,7 +87,7 @@ func (c *Commands) ChangeDefaultLabelPolicy(ctx context.Context, policy *domain.
policy.ErrorMsgPopup,
policy.DisableWatermark)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-28fHe", "Errors.IAM.LabelPolicy.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

2
internal/command/instance_policy_password_age.go
View File

@ -54,7 +54,7 @@ func (c *Commands) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *d
instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PasswordAgePolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.ExpireWarnDays, policy.MaxAgeDays)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-180sf", "Errors.IAM.PasswordAgePolicy.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

4
internal/command/instance_policy_password_complexity.go
View File

@ -69,13 +69,13 @@ func (c *Commands) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, po
return nil, err
}
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound")
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PasswordComplexityPolicy.NotFound")
}
instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PasswordComplexityPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-9jlsf", "Errors.IAM.PasswordComplexityPolicy.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
if err != nil {

2
internal/command/instance_policy_password_lockout.go
View File

@ -53,7 +53,7 @@ func (c *Commands) ChangeDefaultLockoutPolicy(ctx context.Context, policy *domai
instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LockoutPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.MaxPasswordAttempts, policy.ShowLockOutFailures)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LockoutPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-0psjF", "Errors.IAM.LockoutPolicy.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

6
internal/command/instance_policy_privacy.go
View File

@ -17,7 +17,7 @@ func (c *Commands) getDefaultPrivacyPolicy(ctx context.Context) (*domain.Privacy
return nil, err
}
if !policyWriteModel.State.Exists() {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-559os", "Errors.IAM.PasswordAgePolicy.NotFound")
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-559os", "Errors.IAM.PrivacyPolicy.NotFound")
}
policy := writeModelToPrivacyPolicy(&policyWriteModel.PrivacyPolicyWriteModel)
policy.Default = true
@ -61,13 +61,13 @@ func (c *Commands) ChangeDefaultPrivacyPolicy(ctx context.Context, policy *domai
return nil, err
}
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound")
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PrivacyPolicy.NotFound")
}
instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PrivacyPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.TOSLink, policy.PrivacyLink, policy.HelpLink)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-9jJfs", "Errors.IAM.PrivacyPolicy.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
if err != nil {

2
internal/command/org_idp_config.go
View File

@ -100,7 +100,7 @@ func (c *Commands) ChangeIDPConfig(ctx context.Context, config *domain.IDPConfig
config.AutoRegister)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-jf9w", "Errors.Org.IDPConfig.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
if err != nil {

2
internal/command/org_idp_oidc_config.go
View File

@ -42,7 +42,7 @@ func (c *Commands) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OIDCI
return nil, err
}
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-10ods", "Errors.Org.IDPConfig.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

2
internal/command/org_policy_label.go
View File

@ -82,7 +82,7 @@ func (c *Commands) ChangeLabelPolicy(ctx context.Context, resourceOwner string,
policy.ErrorMsgPopup,
policy.DisableWatermark)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-8nfSr", "Errors.Org.LabelPolicy.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

2
internal/command/org_policy_lockout.go
View File

@ -47,7 +47,7 @@ func (c *Commands) ChangeLockoutPolicy(ctx context.Context, resourceOwner string
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LockoutPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.MaxPasswordAttempts, policy.ShowLockOutFailures)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-4M9vs", "Errors.Org.LockoutPolicy.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-0JFSr", "Errors.Org.LockoutPolicy.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

2
internal/command/org_policy_mail_template.go
View File

@ -55,7 +55,7 @@ func (c *Commands) ChangeMailTemplate(ctx context.Context, resourceOwner string,
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.MailTemplateWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.Template)
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.MailTemplate.NotChanged")
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-49hfj", "Errors.Org.MailTemplate.NotChanged")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)

2
internal/command/project.go
View File

@ -197,7 +197,7 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso
func (c *Commands) ReactivateProject(ctx context.Context, projectID string, resourceOwner string) (*domain.ObjectDetails, error) {
if projectID == "" || resourceOwner == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.ProjectIDMissing")
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3ihsF", "Errors.Project.ProjectIDMissing")
}
existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)

4
internal/command/project_role.go
View File

@ -78,7 +78,7 @@ func (c *Commands) addProjectRoles(ctx context.Context, projectAgg *eventstore.A
func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) {
if !projectRole.IsValid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-2ilfW", "Errors.Project.Invalid")
}
err = c.checkProjectExists(ctx, projectRole.AggregateID, resourceOwner)
if err != nil {
@ -116,7 +116,7 @@ func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *domain.Pr
func (c *Commands) RemoveProjectRole(ctx context.Context, projectID, key, resourceOwner string, cascadingProjectGrantIds []string, cascadeUserGrantIDs ...string) (details *domain.ObjectDetails, err error) {
if projectID == "" || key == "" {
return details, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Role.Invalid")
return details, caos_errs.ThrowInvalidArgument(nil, "COMMAND-fl9eF", "Errors.Project.Role.Invalid")
}
existingRole, err := c.getProjectRoleWriteModelByID(ctx, key, projectID, resourceOwner)
if err != nil {

2
internal/command/user_model.go
View File

@ -131,7 +131,7 @@ func CheckDomainPolicyForUserName(userName string, policy *domain.DomainPolicy)
return caos_errors.ThrowPreconditionFailed(nil, "COMMAND-3Mb9s", "Errors.Users.DomainPolicyNil")
}
if policy.UserLoginMustBeDomain && strings.Contains(userName, "@") {
return caos_errors.ThrowPreconditionFailed(nil, "COMMAND-4M9vs", "Errors.User.EmailAsUsernameNotAllowed")
return caos_errors.ThrowPreconditionFailed(nil, "COMMAND-2k9fD", "Errors.User.EmailAsUsernameNotAllowed")
}
return nil
}