TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 17:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Extend oidc idp with oauth endpoints (#1980)

Browse Source 
* feat: add oauth attributes to oidc idp configuration

* feat: return idpconfig id on create idp

* feat: tests

* feat: descriptions

* feat: docs

* feat: tests
This commit is contained in:
Fabi
2021-07-06 16:39:48 +02:00
committed by GitHub
parent 5349d96ce4
commit ff9af1704f
39 changed files with 419 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
proto/zitadel/admin.proto
View File

@@ -2281,12 +2281,13 @@ message AddOIDCIDPRequest {
max_length: 200;
}
];
// Fill the issuer if the identity provider is oidc discovery compliant
// If the identity provider is only oauth2 compliant or does not serve a openid configuration, fill the authorization and token endpoint instead
string issuer = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the oidc issuer of the identity provider";
min_length: 1;
max_length: 200;
}
];
@@ -2308,6 +2309,24 @@ message AddOIDCIDPRequest {
description: "definition which field is mapped to the email of the user";
}
];
// If the identity provider does not serve an openid configuration, fill the authorization and token endpoint instead of the issuer
string authorization_endpoint = 9 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/o/oauth2/v2/auth\"";
description: "the oauth2 authorization endpoint of the identity provider";
max_length: 500;
}
];
// If the identity provider does not serve an openid configuration, fill the authorization and token endpoint instead of the issuer
string token_endpoint = 10 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://oauth2.googleapis.com/token\"";
description: "the oauth2 token endpoint of the identity provider";
max_length: 500;
}
];
}
message AddOIDCIDPResponse {
@@ -2420,6 +2439,8 @@ message UpdateIDPOIDCConfigRequest {
max_length: 200;
}
];
// Fill the issuer if the identity provider is oidc discovery compliant
// If the identity provider is only oauth2 compliant or does not serve a openid configuration, fill the authorization and token endpoint instead
string issuer = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -2462,6 +2483,24 @@ message UpdateIDPOIDCConfigRequest {
description: "definition which field is mapped to the email of the user";
}
];
// If the identity provider does not serve an openid configuration, fill the authorization and token endpoint instead of the issuer
string authorization_endpoint = 8 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/o/oauth2/v2/auth\"";
description: "the oauth2 authorization endpoint of the identity provider";
max_length: 500;
}
];
// If the identity provider does not serve an openid configuration, fill the authorization and token endpoint instead of the issuer
string token_endpoint = 9 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://oauth2.googleapis.com/token\"";
description: "the oauth2 token endpoint of the identity provider";
max_length: 500;
}
];
}
message UpdateIDPOIDCConfigResponse {

16
proto/zitadel/idp.proto
View File

@@ -153,6 +153,22 @@ message OIDCConfig {
description: "definition which field is mapped to the email of the user";
}
];
string authorization_endpoint = 6 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/o/oauth2/v2/auth\"";
description: "the oauth2 authorization endpoint of the identity provider";
max_length: 500;
}
];
string token_endpoint = 7 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://oauth2.googleapis.com/token\"";
description: "the oauth2 token endpoint of the identity provider";
max_length: 500;
}
];
}
enum OIDCMappingField {

42
proto/zitadel/management.proto
View File

@@ -4585,8 +4585,10 @@ message AddOrgOIDCIDPRequest {
description: "client secret generated by the identity provider";
}
];
// Fill the issuer if the identity provider is oidc discovery compliant
// If the identity provider is only oauth2 compliant or does not serve a openid configuration, fill the authorization and token endpoint instead
string issuer = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the oidc issuer of the identity provider";
@@ -4610,6 +4612,24 @@ message AddOrgOIDCIDPRequest {
description: "definition which field is mapped to the email of the user";
}
];
// If the identity provider does not serve an openid configuration, fill the authorization and token endpoint instead of the issuer
string authorization_endpoint = 9 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/o/oauth2/v2/auth\"";
description: "the oauth2 authorization endpoint of the identity provider";
max_length: 500;
}
];
// If the identity provider does not serve an openid configuration, fill the authorization and token endpoint instead of the issuer
string token_endpoint = 10 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://oauth2.googleapis.com/token\"";
description: "the oauth2 token endpoint of the identity provider";
max_length: 500;
}
];
}
message AddOrgOIDCIDPResponse {
@@ -4680,6 +4700,8 @@ message UpdateOrgIDPOIDCConfigRequest {
description: "client secret generated by the identity provider. If empty the secret is not overwritten";
}
];
// Fill the issuer if the identity provider is oidc discovery compliant
// If the identity provider is only oauth2 compliant or does not serve a openid configuration, fill the authorization and token endpoint instead
string issuer = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -4705,6 +4727,24 @@ message UpdateOrgIDPOIDCConfigRequest {
description: "definition which field is mapped to the email of the user";
}
];
// If the identity provider does not serve an openid configuration, fill the authorization and token endpoint instead of the issuer
string authorization_endpoint = 8 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/o/oauth2/v2/auth\"";
description: "the oauth2 authorization endpoint of the identity provider";
max_length: 500;
}
];
// If the identity provider does not serve an openid configuration, fill the authorization and token endpoint instead of the issuer
string token_endpoint = 9 [
(validate.rules).string = {max_len: 500},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://oauth2.googleapis.com/token\"";
description: "the oauth2 token endpoint of the identity provider";
max_length: 500;
}
];
}
message UpdateOrgIDPOIDCConfigResponse {