# Which Problems Are Solved
Some organizations / customers have the requirement, that there users
regularly need to change their password.
ZITADEL already had the possibility to manage a `password age policy` (
thought the API) with the maximum amount of days a password should be
valid, resp. days after with the user should be warned of the upcoming
expiration.
The policy could not be managed though the Console UI and was not
checked in the Login UI.
# How the Problems Are Solved
- The policy can be managed in the Console UI's settings sections on an
instance and organization level.
- During an authentication in the Login UI, if a policy is set with an
expiry (>0) and the user's last password change exceeds the amount of
days set, the user will be prompted to change their password.
- The prompt message of the Login UI can be customized in the Custom
Login Texts though the Console and API on the instance and each
organization.
- The information when the user last changed their password is returned
in the Auth, Management and User V2 API.
- The policy can be retrieved in the settings service as `password
expiry settings`.
# Additional Changes
None.
# Additional Context
- closes#8081
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* fix: add granted org info to user grants query response
* fix: show user info, tests and add columns to user grant
* fix: add check for org membership
* fix: typo in find logic
---------
Co-authored-by: Max Peintner <max@caos.ch>
* feat(user/v1): support composite queries
* fix: added proper error handling for NotQuery
* Added error when there are too many levels of nesting
* Add localization keys for english
* Update internal/api/grpc/user/query.go
* chore(console): remove first and lastName fallback from user
* use display name and ensure it's set without required name fields
* add user type to user grant and memberships responses
* contributor, members
* fix avatar display checks
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* integrate docs into nav
* generator for local use, production needs to be set by env
* fix typo
* local dev
* docs: annotate the first user endpoints in the management api
* docs: annotate the first user endpoints in the management api
* docs: annotate the first user endpoints in the management api
* docs: annotate the first user endpoints in the management api
* docs: add header params
* rewrite docs links and improve ci
* tweak build command
* fix path
* Update docs/docusaurus.config.js
Co-authored-by: Max Peintner <max@caos.ch>
* fix docker
* docs: add header params
* docs: Add tags to management api. add some descriptions
* docs: more descriptions
* docs: more descriptions
* docs: required fields
* docs: example request
* docs: example request
* docs: example request
* docs: example request
* docs: example request
* docs: user metadata requests
* docs: user requests
* docs: user requests
* docs: user requests
* docs: user requests
* docs: change nav add first methods to authentication api
* docs: auth api
* docs: auth api
* docs: auth api
* docs: auth api
* docs: auth api
* docs: api sidenav
* chore: use buf without docker
* fix deploy
* fix ci
* fix vercel
* docs: admin
* docs: admin api docs
* docs: admin api docs
* docs: admin api docs
* docs: admin api docs
* docs: security
* docs: security
* docs: admin api
* docs: change to env vars
* docs: auth api
* docs: remove assets, deprecated requests, menu
* reworked page with PaloAltoNetworks/docusaurus-openapi-docs
* works with the resolutions
* fix broken build by adding assets again
* add tags to menu
* chore: improve build speed
* no-minify
* test ssr
* ssr 20
* use lazy
* increase mem
* use default mem
* change names
* docs: remove assets, deprecated requests, menu
* docs: management api
* docs: management api
* docs: management api
* docs: sidebar
* not the best word smithing but it is ;-)
* more typos
* merge main
* fix some error
* trial
* update grpc gateway
* trigger vercel build
* docs: deprecated requests
* docs: deprecated requests
---------
Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
* feat: request users ordered by creation date
* fix: missing case for creationDate in user-table
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Add functionality to configure the access token type on the service accounts to provide the oidc library with the necessary information to create the right type of access token.
Request an access_token for service users with OAuth 2.0 Client Credentials Grant. Added functionality to generate and remove a secret on service users.
* fix(user): add search query for login name
* fix(user): change login name query to IN from EXISTS
* fix(loginname): include InQuery into ListQuery with SubSelect as possible datasource
* fix(user): apply suggestions from code review
Co-authored-by: Livio Spring <livio.a@gmail.com>
* fix: correct unit test for search query
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* fix(projections): add members
* refactor: simplify member projections
* add migration for members
* add metadata to member projections
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* fix: correct cols in reduce member
* test(projections): org, iam, project members
* member additional cols and conds as opt,
add project grant members
* fix(migration): members
* fix(migration): correct database name
* migration version
* migs
* better naming for member cond and col
* split project and project grant members
* prepare member columns
* feat(queries): membership query
* test(queries): membership prepare
* fix(queries): multiple projections for latest sequence
* fix(api): use query for membership queries in auth and management
* feat: org member queries
* fix(api): use query for iam member calls
* fix(queries): org members
* fix(queries): project members
* fix(queries): project grant members
* fix(query): member queries and user avatar column
* member cols
* fix(queries): membership stmt
* fix user test
* fix user test
* fix(projections): add user grant projection
* fix(user_grant): handle state changes
* add state to migration
* fix(management): use query for user grant requests
* merge eventstore-naming into user-grant-projection
* feat(queries): user grants
* fix(migrations): version
* fix(api): user query for user grants
* fix(query): event mappers for usergrant aggregate
* fix(projection): correct aggregate for user grants
* fix(queries): user grant roles as list contains
* cleanup reducers
* fix avater_key to avatar_key
* tests
* cleanup
* cleanup
* add resourceowner query
* fix: user grant project name search query
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: correct import for errors
* fix: add missing translations
* fix(eventstore): index
* fix(eventstore): use table instead of index
* fix(proto): correct info
* fix(migrations): use eventstore
