diff --git a/README.md b/README.md index d929274373..14f4dd5560 100644 --- a/README.md +++ b/README.md @@ -30,11 +30,11 @@ Do you look for a user management that's quickly set up like Auth0 and open source like Keycloak? -Do you have project that requires a multi-tenant user management with self-service for your customers? +Do you have a project that requires multi-tenant user management with self-service for your customers? Look no further — ZITADEL combines the ease of Auth0 with the versatility of Keycloak. -We provide you with a wide range of out of the box features to accelerate your project. +We provide you with a wide range of out-of-the-box features to accelerate your project. Multi-tenancy with branding customization, secure login, self-service, OpenID Connect, OAuth2.x, SAML2, LDAP, Passwordless with FIDO2 (including Passkeys), OTP, U2F, and an unlimited audit trail is there for you, ready to use. With ZITADEL you can rely on a hardened and extensible turnkey solution to solve all of your authentication and authorization needs. diff --git a/docs/docs/guides/integrate/login-ui/_select-account.mdx b/docs/docs/guides/integrate/login-ui/_select-account.mdx index 7bf31174c6..ad83eb4e21 100644 --- a/docs/docs/guides/integrate/login-ui/_select-account.mdx +++ b/docs/docs/guides/integrate/login-ui/_select-account.mdx @@ -9,7 +9,7 @@ The list of session IDs can be sent in the “search sessions” request to get ```bash curl --request POST \ - --url https://$ZITADEL_DOMAIN/v2alpha/sessions/_search \ + --url https://$ZITADEL_DOMAIN/v2alpha/sessions/search \ --header 'Accept: application/json' \ --header 'Authorization: Bearer '"$TOKEN"''\ --header 'Content-Type: application/json' \ @@ -77,4 +77,4 @@ curl --request POST \ } ] } -``` \ No newline at end of file +``` diff --git a/docs/docs/guides/integrate/login-ui/external-login.mdx b/docs/docs/guides/integrate/login-ui/external-login.mdx index d92f5b3a1c..74fe7c7f00 100644 --- a/docs/docs/guides/integrate/login-ui/external-login.mdx +++ b/docs/docs/guides/integrate/login-ui/external-login.mdx @@ -20,17 +20,18 @@ Send the following two URLs in the request body: 2. ErrorURL: Page that should be shown when an error happens during the authentication In the response, you will get an authentication URL of the provider you like. -[Start Identity Provider Flow Documentation](/docs/apis/resources/user_service/user-service-start-identity-provider-flow) +[Start Identity Provider Intent Documentation](/docs/apis/resources/user_service/user-service-start-identity-provider-intent) ### Request ```bash curl --request POST \ - --url https://$ZITADEL_DOMAIN/v2alpha/users/idps/$IDP_ID/start \ + --url https://$ZITADEL_DOMAIN/v2alpha/idp_intents/start \ --header 'Accept: application/json' \ --header 'Authorization: Bearer '"$TOKEN"''\ --header 'Content-Type: application/json' \ --data '{ + "idp_id": "$IDP_ID", "successUrl": "https://custom.com/login/idp/success", "failureUrl": "https://custom.com/login/idp/fail" }' @@ -62,15 +63,15 @@ After the user has successfully authenticated, a redirect to the ZITADEL backend ## Get Provider Information -ZITADEL will take the information of the provider. After this, a redirect will be made to either the success page in case of a successful login or to the error page in case of a failure will be performed. In the parameters, you will provide the intentID, a token, and optionally, if a user could be found, a user ID. +ZITADEL will take the information of the provider. After this, a redirect will be made to either the success page in case of a successful login or to the error page in case of a failure will be performed. In the parameters, you will provide the IDP intentID, a token, and optionally, if a user could be found, a user ID. To get the information of the provider, make a request to ZITADEL. -[Get Identity Provider Information Documentation](/docs/apis/resources/user_service/user-service-retrieve-identity-provider-information) +[Retrieve Identity Provider Intent Documentation](/docs/apis/resources/user_service/user-service-retrieve-identity-provider-intent) ### Request ```bash curl --request POST \ - --url https://$ZITADEL_DOMAIN/v2alpha/users/intents/$INTENT_ID/information \ + --url https://$ZITADEL_DOMAIN/v2alpha/idp_intents/$INTENT_ID \ --header 'Accept: application/json' \ --header 'Authorization: Bearer '"$TOKEN"''\ --header 'Content-Type: application/json' \ @@ -120,7 +121,7 @@ After successfully authenticating using your identity provider, you have three p ### Login If you did get a user ID in the parameters when calling your success page, you know that a user is already linked with the used identity provider and you are ready to perform the login. -Create a new session and include the intent ID and the token in the checks. +Create a new session and include the IDP intent ID and the token in the checks. This check requires that the previous step ended on the successful page and didn't’t result in an error. #### Request @@ -136,9 +137,9 @@ curl --request POST \ "user": { "userId": "218662596918640897" }, - "intent": { - "intentId": "219647325729980673", - "token": "k86ihn-VLMMUGKy1q1b5i_foECspKYqei1l4mS8LT7Xzjw" + "idpIntent": { + "idpIntentId": "219647325729980673", + "idpIntentToken": "k86ihn-VLMMUGKy1q1b5i_foECspKYqei1l4mS8LT7Xzjw" } } }' @@ -164,8 +165,8 @@ curl --request POST \ --data '{ "username": "minni-mouse@mouse.com", "profile": { - "firstName": "Minnie", - "lastName": "Mouse", + "givenName": "Minnie", + "familyName": "Mouse", "nickName": "Mini", "displayName": "Minnie Mouse", "preferredLanguage": "en", @@ -206,4 +207,4 @@ curl --request POST \ "displayName": "Minnie Mouse" } }' -``` \ No newline at end of file +``` diff --git a/docs/docs/guides/integrate/login-ui/mfa.mdx b/docs/docs/guides/integrate/login-ui/mfa.mdx index c2ae9d80e0..05f2a5fe82 100644 --- a/docs/docs/guides/integrate/login-ui/mfa.mdx +++ b/docs/docs/guides/integrate/login-ui/mfa.mdx @@ -69,7 +69,7 @@ Request Example: ```bash curl --request POST \ - --url https://$ZITADEL_DOMAIN/v2alpha/users/$USER_ID/totp/_verify \ + --url https://$ZITADEL_DOMAIN/v2alpha/users/$USER_ID/totp/verify \ --header 'Accept: application/json' \ --header 'Authorization: Bearer '"$TOKEN"'' --header 'Content-Type: application/json' \ @@ -188,4 +188,4 @@ curl --request POST \ }' ``` -You have successfully registered a new U2F to the user. \ No newline at end of file +You have successfully registered a new U2F to the user. diff --git a/docs/docs/guides/integrate/login-ui/username-password.mdx b/docs/docs/guides/integrate/login-ui/username-password.mdx index 95f68d1748..6729760ce2 100644 --- a/docs/docs/guides/integrate/login-ui/username-password.mdx +++ b/docs/docs/guides/integrate/login-ui/username-password.mdx @@ -24,8 +24,8 @@ curl --request POST \ "userId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a", "username": "minnie-mouse", "profile": { - "firstName": "Minnie", - "lastName": "Mouse", + "givenName": "Minnie", + "familyName": "Mouse", "nickName": "Mini", "displayName": "Minnie Mouse", "preferredLanguage": "en", diff --git a/internal/api/grpc/org/v2/org_integration_test.go b/internal/api/grpc/org/v2/org_integration_test.go index 570b0afa13..c8dbcff81f 100644 --- a/internal/api/grpc/org/v2/org_integration_test.go +++ b/internal/api/grpc/org/v2/org_integration_test.go @@ -89,8 +89,8 @@ func TestServer_AddOrganization(t *testing.T) { UserType: &org.AddOrganizationRequest_Admin_Human{ Human: &user.AddHumanUserRequest{ Profile: &user.SetHumanProfile{ - FirstName: "firstname", - LastName: "lastname", + GivenName: "firstname", + FamilyName: "lastname", }, Email: &user.SetHumanEmail{ Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()), @@ -127,8 +127,8 @@ func TestServer_AddOrganization(t *testing.T) { UserType: &org.AddOrganizationRequest_Admin_Human{ Human: &user.AddHumanUserRequest{ Profile: &user.SetHumanProfile{ - FirstName: "firstname", - LastName: "lastname", + GivenName: "firstname", + FamilyName: "lastname", }, Email: &user.SetHumanEmail{ Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()), diff --git a/internal/api/grpc/org/v2/org_test.go b/internal/api/grpc/org/v2/org_test.go index c48421d666..2f2797ac75 100644 --- a/internal/api/grpc/org/v2/org_test.go +++ b/internal/api/grpc/org/v2/org_test.go @@ -74,8 +74,8 @@ func Test_addOrganizationRequestToCommand(t *testing.T) { UserType: &org.AddOrganizationRequest_Admin_Human{ Human: &user.AddHumanUserRequest{ Profile: &user.SetHumanProfile{ - FirstName: "firstname", - LastName: "lastname", + GivenName: "firstname", + FamilyName: "lastname", }, Email: &user.SetHumanEmail{ Email: "email@test.com", diff --git a/internal/api/grpc/session/v2/session.go b/internal/api/grpc/session/v2/session.go index 54e01ae64c..b1a443a0d5 100644 --- a/internal/api/grpc/session/v2/session.go +++ b/internal/api/grpc/session/v2/session.go @@ -251,8 +251,8 @@ func (s *Server) checksToCommand(ctx context.Context, checks *session.Checks) ([ if password := checks.GetPassword(); password != nil { sessionChecks = append(sessionChecks, command.CheckPassword(password.GetPassword())) } - if intent := checks.GetIntent(); intent != nil { - sessionChecks = append(sessionChecks, command.CheckIntent(intent.GetIntentId(), intent.GetToken())) + if intent := checks.GetIdpIntent(); intent != nil { + sessionChecks = append(sessionChecks, command.CheckIntent(intent.GetIdpIntentId(), intent.GetIdpIntentToken())) } if passkey := checks.GetWebAuthN(); passkey != nil { sessionChecks = append(sessionChecks, s.command.CheckWebAuthN(passkey.GetCredentialAssertionData())) diff --git a/internal/api/grpc/session/v2/session_integration_test.go b/internal/api/grpc/session/v2/session_integration_test.go index a8368f5c60..6c322bc281 100644 --- a/internal/api/grpc/session/v2/session_integration_test.go +++ b/internal/api/grpc/session/v2/session_integration_test.go @@ -263,9 +263,9 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) { SessionId: createResp.GetSessionId(), SessionToken: createResp.GetSessionToken(), Checks: &session.Checks{ - Intent: &session.CheckIntent{ - IntentId: intentID, - Token: token, + IdpIntent: &session.CheckIDPIntent{ + IdpIntentId: intentID, + IdpIntentToken: token, }, }, }) @@ -294,9 +294,9 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) { SessionId: createResp.GetSessionId(), SessionToken: createResp.GetSessionToken(), Checks: &session.Checks{ - Intent: &session.CheckIntent{ - IntentId: intentID, - Token: token, + IdpIntent: &session.CheckIDPIntent{ + IdpIntentId: intentID, + IdpIntentToken: token, }, }, }) @@ -306,9 +306,9 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) { SessionId: createResp.GetSessionId(), SessionToken: createResp.GetSessionToken(), Checks: &session.Checks{ - Intent: &session.CheckIntent{ - IntentId: intentID, - Token: token, + IdpIntent: &session.CheckIDPIntent{ + IdpIntentId: intentID, + IdpIntentToken: token, }, }, }) @@ -336,9 +336,9 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) { SessionId: createResp.GetSessionId(), SessionToken: createResp.GetSessionToken(), Checks: &session.Checks{ - Intent: &session.CheckIntent{ - IntentId: intentID, - Token: "false", + IdpIntent: &session.CheckIDPIntent{ + IdpIntentId: intentID, + IdpIntentToken: "false", }, }, }) diff --git a/internal/api/grpc/user/v2/user.go b/internal/api/grpc/user/v2/user.go index 78df98a90e..cc24e05ada 100644 --- a/internal/api/grpc/user/v2/user.go +++ b/internal/api/grpc/user/v2/user.go @@ -72,8 +72,8 @@ func AddUserRequestToAddHuman(req *user.AddHumanUserRequest) (*command.AddHuman, return &command.AddHuman{ ID: req.GetUserId(), Username: username, - FirstName: req.GetProfile().GetFirstName(), - LastName: req.GetProfile().GetLastName(), + FirstName: req.GetProfile().GetGivenName(), + LastName: req.GetProfile().GetFamilyName(), NickName: req.GetProfile().GetNickName(), DisplayName: req.GetProfile().GetDisplayName(), Email: command.Email{ @@ -129,18 +129,18 @@ func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_ }, nil } -func (s *Server) StartIdentityProviderFlow(ctx context.Context, req *user.StartIdentityProviderFlowRequest) (_ *user.StartIdentityProviderFlowResponse, err error) { +func (s *Server) StartIdentityProviderIntent(ctx context.Context, req *user.StartIdentityProviderIntentRequest) (_ *user.StartIdentityProviderIntentResponse, err error) { switch t := req.GetContent().(type) { - case *user.StartIdentityProviderFlowRequest_Urls: + case *user.StartIdentityProviderIntentRequest_Urls: return s.startIDPIntent(ctx, req.GetIdpId(), t.Urls) - case *user.StartIdentityProviderFlowRequest_Ldap: + case *user.StartIdentityProviderIntentRequest_Ldap: return s.startLDAPIntent(ctx, req.GetIdpId(), t.Ldap) default: - return nil, errors.ThrowUnimplementedf(nil, "USERv2-S2g21", "type oneOf %T in method StartIdentityProviderFlow not implemented", t) + return nil, errors.ThrowUnimplementedf(nil, "USERv2-S2g21", "type oneOf %T in method StartIdentityProviderIntent not implemented", t) } } -func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.RedirectURLs) (*user.StartIdentityProviderFlowResponse, error) { +func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.RedirectURLs) (*user.StartIdentityProviderIntentResponse, error) { intentWriteModel, details, err := s.command.CreateIntent(ctx, idpID, urls.GetSuccessUrl(), urls.GetFailureUrl(), authz.GetCtxData(ctx).OrgID) if err != nil { return nil, err @@ -149,13 +149,13 @@ func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.Re if err != nil { return nil, err } - return &user.StartIdentityProviderFlowResponse{ + return &user.StartIdentityProviderIntentResponse{ Details: object.DomainToDetailsPb(details), - NextStep: &user.StartIdentityProviderFlowResponse_AuthUrl{AuthUrl: authURL}, + NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{AuthUrl: authURL}, }, nil } -func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*user.StartIdentityProviderFlowResponse, error) { +func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*user.StartIdentityProviderIntentResponse, error) { intentWriteModel, details, err := s.command.CreateIntent(ctx, idpID, "", "", authz.GetCtxData(ctx).OrgID) if err != nil { return nil, err @@ -171,9 +171,9 @@ func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredenti if err != nil { return nil, err } - return &user.StartIdentityProviderFlowResponse{ + return &user.StartIdentityProviderIntentResponse{ Details: object.DomainToDetailsPb(details), - NextStep: &user.StartIdentityProviderFlowResponse_Intent{Intent: &user.Intent{IntentId: intentWriteModel.AggregateID, Token: token}}, + NextStep: &user.StartIdentityProviderIntentResponse_IdpIntent{IdpIntent: &user.IDPIntent{IdpIntentId: intentWriteModel.AggregateID, IdpIntentToken: token}}, }, nil } @@ -228,27 +228,27 @@ func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string return externalUser, userID, attributes, nil } -func (s *Server) RetrieveIdentityProviderInformation(ctx context.Context, req *user.RetrieveIdentityProviderInformationRequest) (_ *user.RetrieveIdentityProviderInformationResponse, err error) { - intent, err := s.command.GetIntentWriteModel(ctx, req.GetIntentId(), authz.GetCtxData(ctx).OrgID) +func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.RetrieveIdentityProviderIntentRequest) (_ *user.RetrieveIdentityProviderIntentResponse, err error) { + intent, err := s.command.GetIntentWriteModel(ctx, req.GetIdpIntentId(), authz.GetCtxData(ctx).OrgID) if err != nil { return nil, err } - if err := s.checkIntentToken(req.GetToken(), intent.AggregateID); err != nil { + if err := s.checkIntentToken(req.GetIdpIntentToken(), intent.AggregateID); err != nil { return nil, err } if intent.State != domain.IDPIntentStateSucceeded { return nil, errors.ThrowPreconditionFailed(nil, "IDP-Hk38e", "Errors.Intent.NotSucceeded") } - return intentToIDPInformationPb(intent, s.idpAlg) + return idpIntentToIDPIntentPb(intent, s.idpAlg) } -func intentToIDPInformationPb(intent *command.IDPIntentWriteModel, alg crypto.EncryptionAlgorithm) (_ *user.RetrieveIdentityProviderInformationResponse, err error) { +func idpIntentToIDPIntentPb(intent *command.IDPIntentWriteModel, alg crypto.EncryptionAlgorithm) (_ *user.RetrieveIdentityProviderIntentResponse, err error) { rawInformation := new(structpb.Struct) err = rawInformation.UnmarshalJSON(intent.IDPUser) if err != nil { return nil, err } - information := &user.RetrieveIdentityProviderInformationResponse{ + information := &user.RetrieveIdentityProviderIntentResponse{ Details: intentToDetailsPb(intent), IdpInformation: &user.IDPInformation{ IdpId: intent.IDPID, diff --git a/internal/api/grpc/user/v2/user_integration_test.go b/internal/api/grpc/user/v2/user_integration_test.go index 18d97f98ab..61ce038ff8 100644 --- a/internal/api/grpc/user/v2/user_integration_test.go +++ b/internal/api/grpc/user/v2/user_integration_test.go @@ -67,8 +67,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -108,8 +108,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -153,8 +153,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -199,8 +199,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -246,8 +246,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -318,8 +318,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -352,8 +352,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -399,8 +399,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -451,8 +451,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -490,8 +490,8 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, Profile: &user.SetHumanProfile{ - FirstName: "Donald", - LastName: "Duck", + GivenName: "Donald", + FamilyName: "Duck", NickName: gu.Ptr("Dukkie"), DisplayName: gu.Ptr("Donald Duck"), PreferredLanguage: gu.Ptr("en"), @@ -622,23 +622,23 @@ func TestServer_AddIDPLink(t *testing.T) { } } -func TestServer_StartIdentityProviderFlow(t *testing.T) { +func TestServer_StartIdentityProviderIntent(t *testing.T) { idpID := Tester.AddGenericOAuthProvider(t) type args struct { ctx context.Context - req *user.StartIdentityProviderFlowRequest + req *user.StartIdentityProviderIntentRequest } tests := []struct { name string args args - want *user.StartIdentityProviderFlowResponse + want *user.StartIdentityProviderIntentResponse wantErr bool }{ { name: "missing urls", args: args{ CTX, - &user.StartIdentityProviderFlowRequest{ + &user.StartIdentityProviderIntentRequest{ IdpId: idpID, }, }, @@ -649,9 +649,9 @@ func TestServer_StartIdentityProviderFlow(t *testing.T) { name: "next step auth url", args: args{ CTX, - &user.StartIdentityProviderFlowRequest{ + &user.StartIdentityProviderIntentRequest{ IdpId: idpID, - Content: &user.StartIdentityProviderFlowRequest_Urls{ + Content: &user.StartIdentityProviderIntentRequest_Urls{ Urls: &user.RedirectURLs{ SuccessUrl: "https://example.com/success", FailureUrl: "https://example.com/failure", @@ -659,12 +659,12 @@ func TestServer_StartIdentityProviderFlow(t *testing.T) { }, }, }, - want: &user.StartIdentityProviderFlowResponse{ + want: &user.StartIdentityProviderIntentResponse{ Details: &object.Details{ ChangeDate: timestamppb.Now(), ResourceOwner: Tester.Organisation.ID, }, - NextStep: &user.StartIdentityProviderFlowResponse_AuthUrl{ + NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{ AuthUrl: "https://example.com/oauth/v2/authorize?client_id=clientID&prompt=select_account&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=", }, }, @@ -673,7 +673,7 @@ func TestServer_StartIdentityProviderFlow(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := Client.StartIdentityProviderFlow(tt.args.ctx, tt.args.req) + got, err := Client.StartIdentityProviderIntent(tt.args.ctx, tt.args.req) if tt.wantErr { require.Error(t, err) } else { @@ -690,28 +690,28 @@ func TestServer_StartIdentityProviderFlow(t *testing.T) { } } -func TestServer_RetrieveIdentityProviderInformation(t *testing.T) { +func TestServer_RetrieveIdentityProviderIntent(t *testing.T) { idpID := Tester.AddGenericOAuthProvider(t) intentID := Tester.CreateIntent(t, idpID) successfulID, token, changeDate, sequence := Tester.CreateSuccessfulOAuthIntent(t, idpID, "", "id") ldapSuccessfulID, ldapToken, ldapChangeDate, ldapSequence := Tester.CreateSuccessfulLDAPIntent(t, idpID, "", "id") type args struct { ctx context.Context - req *user.RetrieveIdentityProviderInformationRequest + req *user.RetrieveIdentityProviderIntentRequest } tests := []struct { name string args args - want *user.RetrieveIdentityProviderInformationResponse + want *user.RetrieveIdentityProviderIntentResponse wantErr bool }{ { name: "failed intent", args: args{ CTX, - &user.RetrieveIdentityProviderInformationRequest{ - IntentId: intentID, - Token: "", + &user.RetrieveIdentityProviderIntentRequest{ + IdpIntentId: intentID, + IdpIntentToken: "", }, }, wantErr: true, @@ -720,9 +720,9 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) { name: "wrong token", args: args{ CTX, - &user.RetrieveIdentityProviderInformationRequest{ - IntentId: successfulID, - Token: "wrong token", + &user.RetrieveIdentityProviderIntentRequest{ + IdpIntentId: successfulID, + IdpIntentToken: "wrong token", }, }, wantErr: true, @@ -731,12 +731,12 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) { name: "retrieve successful intent", args: args{ CTX, - &user.RetrieveIdentityProviderInformationRequest{ - IntentId: successfulID, - Token: token, + &user.RetrieveIdentityProviderIntentRequest{ + IdpIntentId: successfulID, + IdpIntentToken: token, }, }, - want: &user.RetrieveIdentityProviderInformationResponse{ + want: &user.RetrieveIdentityProviderIntentResponse{ Details: &object.Details{ ChangeDate: timestamppb.New(changeDate), ResourceOwner: Tester.Organisation.ID, @@ -768,12 +768,12 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) { name: "retrieve successful ldap intent", args: args{ CTX, - &user.RetrieveIdentityProviderInformationRequest{ - IntentId: ldapSuccessfulID, - Token: ldapToken, + &user.RetrieveIdentityProviderIntentRequest{ + IdpIntentId: ldapSuccessfulID, + IdpIntentToken: ldapToken, }, }, - want: &user.RetrieveIdentityProviderInformationResponse{ + want: &user.RetrieveIdentityProviderIntentResponse{ Details: &object.Details{ ChangeDate: timestamppb.New(ldapChangeDate), ResourceOwner: Tester.Organisation.ID, @@ -812,7 +812,7 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := Client.RetrieveIdentityProviderInformation(tt.args.ctx, tt.args.req) + got, err := Client.RetrieveIdentityProviderIntent(tt.args.ctx, tt.args.req) if tt.wantErr { require.Error(t, err) } else { diff --git a/internal/api/grpc/user/v2/user_test.go b/internal/api/grpc/user/v2/user_test.go index a56e641079..768edad39a 100644 --- a/internal/api/grpc/user/v2/user_test.go +++ b/internal/api/grpc/user/v2/user_test.go @@ -24,7 +24,7 @@ import ( var ignoreTypes = []protoreflect.FullName{"google.protobuf.Duration", "google.protobuf.Struct"} -func Test_intentToIDPInformationPb(t *testing.T) { +func Test_idpIntentToIDPIntentPb(t *testing.T) { decryption := func(err error) crypto.EncryptionAlgorithm { mCrypto := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t)) mCrypto.EXPECT().Algorithm().Return("enc") @@ -44,7 +44,7 @@ func Test_intentToIDPInformationPb(t *testing.T) { alg crypto.EncryptionAlgorithm } type res struct { - resp *user.RetrieveIdentityProviderInformationResponse + resp *user.RetrieveIdentityProviderIntentResponse err error } tests := []struct { @@ -113,7 +113,7 @@ func Test_intentToIDPInformationPb(t *testing.T) { alg: decryption(nil), }, res{ - resp: &user.RetrieveIdentityProviderInformationResponse{ + resp: &user.RetrieveIdentityProviderIntentResponse{ Details: &object_pb.Details{ Sequence: 123, ChangeDate: timestamppb.New(time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local)), @@ -166,7 +166,7 @@ func Test_intentToIDPInformationPb(t *testing.T) { }, }, res{ - resp: &user.RetrieveIdentityProviderInformationResponse{ + resp: &user.RetrieveIdentityProviderIntentResponse{ Details: &object_pb.Details{ Sequence: 123, ChangeDate: timestamppb.New(time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local)), @@ -205,7 +205,7 @@ func Test_intentToIDPInformationPb(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := intentToIDPInformationPb(tt.args.intent, tt.args.alg) + got, err := idpIntentToIDPIntentPb(tt.args.intent, tt.args.alg) require.ErrorIs(t, err, tt.res.err) grpc.AllFieldsEqual(t, tt.res.resp.ProtoReflect(), got.ProtoReflect(), grpc.CustomMappers) }) diff --git a/internal/integration/client.go b/internal/integration/client.go index da7e0fb781..ab18c64524 100644 --- a/internal/integration/client.go +++ b/internal/integration/client.go @@ -87,8 +87,8 @@ func (s *Tester) CreateHumanUser(ctx context.Context) *user.AddHumanUserResponse }, }, Profile: &user.SetHumanProfile{ - FirstName: "Mickey", - LastName: "Mouse", + GivenName: "Mickey", + FamilyName: "Mouse", }, Email: &user.SetHumanEmail{ Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()), diff --git a/proto/zitadel/session/v2alpha/session_service.proto b/proto/zitadel/session/v2alpha/session_service.proto index 693d6a7103..4105413f40 100644 --- a/proto/zitadel/session/v2alpha/session_service.proto +++ b/proto/zitadel/session/v2alpha/session_service.proto @@ -79,7 +79,7 @@ service SessionService { // Search sessions rpc ListSessions (ListSessionsRequest) returns (ListSessionsResponse) { option (google.api.http) = { - post: "/v2alpha/sessions/_search" + post: "/v2alpha/sessions/search" body: "*" }; @@ -341,9 +341,9 @@ message Checks { description: "\"Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request.\""; } ]; - optional CheckIntent intent = 4 [ + optional CheckIDPIntent idp_intent = 4 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "\"Checks the intent. Requires that the userlink is already checked and a successful intent.\""; + description: "\"Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent.\""; } ]; optional CheckTOTP totp = 5 [ @@ -397,20 +397,20 @@ message CheckWebAuthN { ]; } -message CheckIntent { - string intent_id = 1 [ +message CheckIDPIntent { + string idp_intent_id = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "ID of the intent, previously returned on the success response of the IDP callback" + description: "ID of the idp intent, previously returned on the success response of the IDP callback" min_length: 1; max_length: 200; example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\""; } ]; - string token = 2 [ + string idp_intent_token = 2 [ (validate.rules).string = {min_len: 1, max_len: 200}, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "token of the intent, previously returned on the success response of the IDP callback" + description: "token of the idp intent, previously returned on the success response of the IDP callback" min_length: 1; max_length: 200; example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\""; diff --git a/proto/zitadel/user/v2alpha/idp.proto b/proto/zitadel/user/v2alpha/idp.proto index 07cce881c2..2ced1ebb4c 100644 --- a/proto/zitadel/user/v2alpha/idp.proto +++ b/proto/zitadel/user/v2alpha/idp.proto @@ -51,18 +51,18 @@ message RedirectURLs { ]; } -message Intent { - string intent_id = 1 [ +message IDPIntent { + string idp_intent_id = 1 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "ID of the intent" + description: "ID of the IDP intent" min_length: 1; max_length: 200; example: "\"163840776835432705=\""; } ]; - string token = 2 [ + string idp_intent_token = 2 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "token of the intent" + description: "token of the IDP intent" min_length: 1; max_length: 200; example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\""; diff --git a/proto/zitadel/user/v2alpha/user.proto b/proto/zitadel/user/v2alpha/user.proto index d6312eb3e1..e82f3f968e 100644 --- a/proto/zitadel/user/v2alpha/user.proto +++ b/proto/zitadel/user/v2alpha/user.proto @@ -20,7 +20,7 @@ enum Gender { } message SetHumanProfile { - string first_name = 1 [ + string given_name = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { @@ -29,7 +29,7 @@ message SetHumanProfile { example: "\"Minnie\""; } ]; - string last_name = 2 [ + string family_name = 2 [ (validate.rules).string = {min_len: 1, max_len: 200}, (google.api.field_behavior) = REQUIRED, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { diff --git a/proto/zitadel/user/v2alpha/user_service.proto b/proto/zitadel/user/v2alpha/user_service.proto index 19dea55de4..908009134b 100644 --- a/proto/zitadel/user/v2alpha/user_service.proto +++ b/proto/zitadel/user/v2alpha/user_service.proto @@ -137,7 +137,7 @@ service UserService { // Verify the email with the provided code rpc VerifyEmail (VerifyEmailRequest) returns (VerifyEmailResponse) { option (google.api.http) = { - post: "/v2alpha/users/{user_id}/email/_verify" + post: "/v2alpha/users/{user_id}/email/verify" body: "*" }; @@ -187,7 +187,7 @@ service UserService { // Verify the phone with the provided code rpc VerifyPhone (VerifyPhoneRequest) returns (VerifyPhoneResponse) { option (google.api.http) = { - post: "/v2alpha/users/{user_id}/phone/_verify" + post: "/v2alpha/users/{user_id}/phone/verify" body: "*" }; @@ -347,7 +347,7 @@ service UserService { rpc VerifyTOTPRegistration (VerifyTOTPRegistrationRequest) returns (VerifyTOTPRegistrationResponse) { option (google.api.http) = { - post: "/v2alpha/users/{user_id}/totp/_verify" + post: "/v2alpha/users/{user_id}/totp/verify" body: "*" }; @@ -459,9 +459,9 @@ service UserService { } // Start an IDP authentication (for external login, registration or linking) - rpc StartIdentityProviderFlow (StartIdentityProviderFlowRequest) returns (StartIdentityProviderFlowResponse) { + rpc StartIdentityProviderIntent (StartIdentityProviderIntentRequest) returns (StartIdentityProviderIntentResponse) { option (google.api.http) = { - post: "/v2alpha/users/idps/{idp_id}/start" + post: "/v2alpha/idp_intents/start" body: "*" }; @@ -483,9 +483,9 @@ service UserService { }; } - rpc RetrieveIdentityProviderInformation (RetrieveIdentityProviderInformationRequest) returns (RetrieveIdentityProviderInformationResponse) { + rpc RetrieveIdentityProviderIntent (RetrieveIdentityProviderIntentRequest) returns (RetrieveIdentityProviderIntentResponse) { option (google.api.http) = { - post: "/v2alpha/users/intents/{intent_id}/information" + post: "/v2alpha/idp_intents/{idp_intent_id}" body: "*" }; @@ -510,7 +510,7 @@ service UserService { // Link an IDP to an existing user rpc AddIDPLink (AddIDPLinkRequest) returns (AddIDPLinkResponse) { option (google.api.http) = { - post: "/v2alpha/users/users/{user_id}/links" + post: "/v2alpha/users/{user_id}/links" body: "*" }; @@ -1072,7 +1072,7 @@ message CreatePasskeyRegistrationLinkResponse{ ]; } -message StartIdentityProviderFlowRequest{ +message StartIdentityProviderIntentRequest{ string idp_id = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { @@ -1089,7 +1089,7 @@ message StartIdentityProviderFlowRequest{ } } -message StartIdentityProviderFlowResponse{ +message StartIdentityProviderIntentResponse{ zitadel.object.v2alpha.Details details = 1; oneof next_step { string auth_url = 2 [ @@ -1098,28 +1098,28 @@ message StartIdentityProviderFlowResponse{ example: "\"https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback\""; } ]; - Intent intent = 3 [ + IDPIntent idp_intent = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "Intent information" + description: "IDP Intent information" } ]; } } -message RetrieveIdentityProviderInformationRequest{ - string intent_id = 1 [ +message RetrieveIdentityProviderIntentRequest{ + string idp_intent_id = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "ID of the intent, previously returned on the success response of the IDP callback" + description: "ID of the idp intent, previously returned on the success response of the IDP callback" min_length: 1; max_length: 200; example: "\"163840776835432705\""; } ]; - string token = 2 [ + string idp_intent_token = 2 [ (validate.rules).string = {min_len: 1, max_len: 200}, (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "token of the intent, previously returned on the success response of the IDP callback" + description: "token of the idp intent, previously returned on the success response of the IDP callback" min_length: 1; max_length: 200; example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\""; @@ -1127,7 +1127,7 @@ message RetrieveIdentityProviderInformationRequest{ ]; } -message RetrieveIdentityProviderInformationResponse{ +message RetrieveIdentityProviderIntentResponse{ zitadel.object.v2alpha.Details details = 1; IDPInformation idp_information = 2; }