docs: identity provider docs (#5565)

* docs: add github identity provider

* docs: add github identity provider

* docs: add github identity provider

* docs: github identity provider

* docs: google provider

* docs: google provider

* docs: gitlab identity provider

* docs: gitlab identity provider

* docs: general information identity providers

* docs: general information identity providers

* docs: add ldap and openldap identity provider docs

* docs: azure ad

* docs: azure ad

* docs: rename attribute for azure ad

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/azure-ad.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* docs: general config in one file

* docs: add ldap and openldap identity provider docs

* docs: general describtion add missing providers

* docs: typos and rewriting

* Update docs/docs/guides/integrate/identity-providers/gitlab.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/github.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/github.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/github.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* docs: add api idp docs

* docs: reuse idp content (#5656)

* docs: reuse idp content

* docs: generalize prefill action

* docs: eliminate prerequisites

* Update docs/docs/guides/integrate/identity-providers/github.mdx

Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>

* replace zitadel google login

* outdent optional action

---------

Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>

---------

Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Elio Bischof <elio@zitadel.com>

proto/zitadel/idp.proto

@@ -237,10 +237,18 @@ enum IDPFieldName {
 }
 
 message Provider {
-    string id = 1;
+    string id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\"";
+        }
+    ];
     zitadel.v1.ObjectDetails details = 2;
     IDPState state = 3;
-    string name = 4;
+    string name = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"Google\"";
+        }
+    ];
     IDPOwnerType owner = 5;
     ProviderType type = 6;
     ProviderConfig config = 7;
@@ -277,48 +285,143 @@ message ProviderConfig {
 }
 
 message OAuthConfig {
-    string client_id = 1;
-    string authorization_endpoint = 2;
-    string token_endpoint = 3;
-    string user_endpoint = 4;
-    repeated string scopes = 5;
-    string id_attribute = 6;
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"client-id\"";
+            description: "client id generated by the identity provider";
+        }
+    ];
+    string authorization_endpoint = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"https://accounts.google.com/o/oauth2/v2/auth\"";
+            description: "the endpoint where ZITADEL send the user to authenticate";
+        }
+    ];
+    string token_endpoint = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"https://oauth2.googleapis.com/token\"";
+            description: "the endpoint where ZITADEL can get the token";
+        }
+    ];
+    string user_endpoint = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"https://openidconnect.googleapis.com/v1/userinfo\"";
+            description: "the endpoint where ZITADEL can get the user information";
+        }
+    ];
+    repeated string scopes = 5 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"openid\", \"profile\", \"email\"]";
+            description: "the scopes requested by ZITADEL during the request on the identity provider";
+        }
+    ];
+    string id_attribute = 6 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"user_id\"";
+            description: "defines how the attribute is called where ZITADEL can get the id of the user";
+        }
+    ];
 }
 
 message GenericOIDCConfig {
-    string issuer = 1;
-    string client_id = 2;
-    repeated string scopes = 3;
+    string issuer = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"https://accounts.google.com/\"";
+            description: "the OIDC issuer of the identity provider";
+        }
+    ];
+    string client_id = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"client-id\"";
+            description: "client id generated by the identity provider";
+        }
+    ];
+    repeated string scopes = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"openid\", \"profile\", \"email\"]";
+            description: "the scopes requested by ZITADEL during the request on the identity provider";
+        }
+    ];
     bool is_id_token_mapping = 4;
 }
 
 message GitHubConfig {
-    string client_id = 1;
-    repeated string scopes = 2;
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"client-id\"";
+            description: "the client ID of the GitHub App";
+        }
+    ];
+    repeated string scopes = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"openid\", \"profile\", \"email\"]";
+            description: "the scopes requested by ZITADEL during the request to GitHub";
+        }
+    ];
 }
 
 message GitHubEnterpriseServerConfig {
-    string client_id = 1;
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"client-id\"";
+            description: "the client ID of the GitHub App";
+        }
+    ];
     string authorization_endpoint = 2;
     string token_endpoint = 3;
     string user_endpoint = 4;
-    repeated string scopes = 5;
+    repeated string scopes = 5 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"openid\", \"profile\", \"email\"]";
+            description: "the scopes requested by ZITADEL during the request to GitHub";
+        }
+    ];
 }
 
 message GoogleConfig {
-    string client_id = 1;
-    repeated string scopes = 2;
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"client-id\"";
+            description: "client id of the Google application";
+        }
+    ];
+    repeated string scopes = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"openid\", \"profile\", \"email\"]";
+            description: "the scopes requested by ZITADEL during the request to Google";
+        }
+    ];
 }
 
 message GitLabConfig {
-    string client_id = 1;
-    repeated string scopes = 2;
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"client-id\"";
+            description: "client id of the GitLab application";
+        }
+    ];
+    repeated string scopes = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"openid\", \"profile\", \"email\"]";
+            description: "the scopes requested by ZITADEL during the request to GitLab";
+        }
+    ];
 }
 
 message GitLabSelfHostedConfig {
     string issuer = 1;
-    string client_id = 2;
-    repeated string scopes = 3;
+    string client_id = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"client-id\"";
+            description: "client id of the GitLab application";
+        }
+    ];
+    repeated string scopes = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"openid\", \"profile\", \"email\"]";
+            description: "the scopes requested by ZITADEL during the request to GitLab";
+        }
+    ];
 }
 
 message LDAPConfig {
@@ -334,17 +437,51 @@ message LDAPConfig {
 }
 
 message AzureADConfig {
-    string client_id = 1;
-    AzureADTenant tenant = 2;
-    bool email_verified = 3;
-    repeated string scopes = 4;
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"client-id\"";
+            description: "client id of the Azure AD application";
+        }
+    ];
+    AzureADTenant tenant = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Defines what user accounts should be able to login (Personal, Organizational, All)";
+        }
+    ];
+    bool email_verified = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)";
+        }
+    ];
+    repeated string scopes = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"openid\", \"profile\", \"email\", \"User.Read\"]";
+            description: "the scopes requested by ZITADEL during the request to Azure AD";
+        }
+    ];
 }
 
 message Options {
-    bool is_linking_allowed = 1;
-    bool is_creation_allowed = 2;
-    bool is_auto_creation = 3;
-    bool is_auto_update = 4;
+    bool is_linking_allowed = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Enable if users should be able to link an existing ZITADEL user with an external account.";
+        }
+    ];
+    bool is_creation_allowed = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Enable if users should be able to create a new account in ZITADEL when using an external account.";
+        }
+    ];
+    bool is_auto_creation = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Enable if a new account in ZITADEL should be created automatically when login with an external account.";
+        }
+    ];
+    bool is_auto_update = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Enable if a the ZITADEL account fields should be updated automatically on each login.";
+        }
+    ];
 }
 
 message LDAPAttributes {