Commit Graph

3449 Commits

Author SHA1 Message Date
Tim Möhlmann
2021bad0ad
docs(oidc): token exchange guide (#7625)
* docs(oidc): token exchange guide

This change adds a token exchange guide which includes "simple" and impersonation examples.
The endpoint, claims and grant type documentation also has been amended with token exchange specifics.

* solve suggestions

* fix impersonated event type

* add link to event store concept

* fix links build error

* add to sidebar and update some info boxes
2024-03-26 06:28:17 +00:00
Fabi
62652f4f91
docs: add linkedin guide (#7600)
* docs: add linkedin guide

* docs: change pictures and settings
2024-03-25 18:34:49 +02:00
mffap
376c3a3fff
docs(integrate): improve service user authentication (#7492)
* service users

* wip

* wip

* wip

* lower case titles

* wip

* wip

* private key jwt

* wip

* wip

* token introspection

* zitadel apis

* expiration

* replace mermaid with svg

* Apply suggestions from code review

Co-authored-by: Fabi <fabienne@zitadel.com>

* Apply suggestions from code review

* boulevard of broken links

* my hrefs will go on

* docs: add token type to client credential

* Update docs/docs/apis/introduction.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/authenticate-service-users.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/authenticate-service-users.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/authenticate-service-users.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/private-key-jwt.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/private-key-jwt.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/authenticate-service-users.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/client-credentials.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/client-credentials.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/_accessing_zitadel_api.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* docs: add token type to client credential

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Florian Forster <florian@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-25 10:30:43 +01:00
dependabot[bot]
47e5533f0f
chore(deps): bump actions/add-to-project from 0.6.0 to 0.6.1 (#7628)
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-25 09:07:57 +00:00
Livio Spring
30ff0dd1ed
chore: update stable to 2.42.16 (#7629) 2024-03-25 08:53:04 +00:00
Livio Spring
2bcc42c4cd
chore(workflow): fix homebrew update (#7630) 2024-03-25 09:29:54 +01:00
Livio Spring
d313e6d498
fix(setup): enable init-projection by default (#7616)
* fix(setup): enable init-projection by default

* update A10008
2024-03-23 12:52:52 +01:00
Livio Spring
7494a7b6d9
feat(api): add possibility to retrieve user schemas (#7614)
This PR extends the user schema service (V3 API) with the possibility to ListUserSchemas and GetUserSchemaByID.
The previously started guide is extended to demonstrate how to retrieve the schema(s) and notes the generated revision property.
2024-03-22 13:26:13 +00:00
Silvan
5b301c7f96
chore: trigger update homebrew tap on latest release (#7618) 2024-03-22 13:38:18 +01:00
Silvan
c3cb010d2a
chore(build): update dependencies (#7606) 2024-03-22 07:10:34 +00:00
Tim Möhlmann
9d5cd12cd4
fix(oidc): define audience inside auth request instead of token creation (#7610)
fix(oidc): define audience inside auth request instead off token creation

When using the v1 OIDC Code flow, tokens would not carry the correct audience when returned as JWT. This applies to access tokens as JWT and ID tokens.
Introspection would still show the correct audience.
This happened because project audience was appended at token creation time. This stored the appended audience, used later in introspection or token refresh. However, the OIDC library still only had a view of the original auth request with the original audience.
When signing JWTs it would use this outdated information.

This change moves audience modifications to the auth request creation. This is was already the way it was done for v2 login and now v1 follows the same method.

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-21 19:42:44 +02:00
Silvan
6eb982e368
fix(api): correct mapping of metadata queries (#7609) 2024-03-21 14:56:58 +00:00
Stefan Benz
517398bba6
fix: fill resourceowner of project into usergrant projection (#7605) 2024-03-21 10:31:06 +00:00
Stefan Benz
319ebe7898
fix: add organizationID query for user v2 ListUsers and clean up depeprecated attribute (#7593)
Add organizationID as query for ListUsers and clean up the deprecated Organisation attributes in other queries.

This PR removes the following fields from API requests (user service v2):

organisation from AddHumanUser (deprecated some time ago, organization still exists)
organization from GetUserByID
2024-03-21 08:07:00 +00:00
Livio Spring
7e24a1adbc
fix: allow login by email case-insensitive (#7578)
A customer noted that the login by email was case-sensitive, which differs to the handling of the loginname.

This PR changes the email check to be case-insensitive (which it was already in same parts) and improve the search for this as well.
2024-03-20 15:51:26 +00:00
Livio Spring
b2d7352a5a
fix(login): display username after registration with idp (#7598)
It was noticed multiple time (incl. customers) that the loginname is sometimes not rendered in the UI.

This PR fixes such an issue after registration of a new user from an IdP.
2024-03-20 15:02:57 +01:00
Tim Möhlmann
6398349c24
feat(oidc): token exchange impersonation (#7516)
* add token exchange feature flag

* allow setting reason and actor to access tokens

* impersonation

* set token types and scopes in response

* upgrade oidc to working draft state

* fix tests

* audience and scope validation

* id toke and jwt as input

* return id tokens

* add grant type  token exchange to app config

* add integration tests

* check and deny actors in api calls

* fix instance setting tests by triggering projection on write and cleanup

* insert sleep statements again

* solve linting issues

* add translations

* pin oidc v3.15.0

* resolve comments, add event translation

* fix refreshtoken test

* use ValidateAuthReqScopes from oidc

* apparently the linter can't make up its mind

* persist actor thru refresh tokens and check in tests

* remove unneeded triggers
2024-03-20 10:18:46 +00:00
Silvan
b338171585
docs: move jwt idp to guides (#7570) 2024-03-20 10:46:05 +01:00
Silvan
cc26eb1116
feat(actions): ctx.org.getMetadata() in external authentication (#7571) 2024-03-19 07:34:38 +01:00
Dakshitha Ratnayake
d30fb3118d
docs: Update additional-information.mdx (#7590)
Update additional-information.mdx
2024-03-18 16:01:03 +05:30
Livio Spring
6c3f48f496
fix(login): (re)allow HTML in custom login texts (#7575)
fix: allow HTML in custom login texts
2024-03-15 16:29:10 +01:00
Fabi
732217bc5e
docs: add org id header in missing requests (#7562)
* docs: add org id header in missing requests

* docs: add org id header to proto definitions

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-15 10:45:14 +00:00
Max Peintner
0d46c39d00
docs: typescript login progress (#7378)
* docs: typescript login progress

* docs

* space

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* future login, show email password login

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-03-15 11:02:56 +01:00
Silvan
150f3bddf0
docs: add azure entra saml (#7566) 2024-03-15 10:07:30 +01:00
Livio Spring
529b52f028
chore: update stable to 2.41.x (#7547) 2024-03-15 08:17:40 +00:00
Livio Spring
20d1d56669
fix: enable resend code in user initialization without auth request (#7568) 2024-03-15 06:50:55 +01:00
PaulHiryliuk
3be559038b
feat: updated russian translations by native speaker with a user poli… (#7567)
feat: updated russian translations by native speaker with a user polite approach

Co-authored-by: Pavel Girilyuk <pavel.girilyuk@digitalchief.ru>
Co-authored-by: Fabi <fabienne@zitadel.com>
2024-03-14 15:29:24 +00:00
Max Peintner
8be64f4991
fix(console): phone, email, branding dialogs (#7539)
* fix: phone, email, branding dialogs

* use full width for phone number

* fix user create phone width

* reset width

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-03-14 13:38:09 +00:00
Fabi
802b6c7fd1
docs: Okta saml idp docs (#7523)
* docs: add guide to setup okta saml idp

* docs: remove todo

* docs: okta user data info

* docs: fix broken links

* docs: add references to API docs

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update docs/docs/guides/integrate/identity-providers/okta_saml.mdx

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* docs: default settings

* docs: default settings

* docs: add saml mapping action

* docs: add saml mapping action

* docs: add saml mapping action

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-03-14 11:47:03 +00:00
Livio Spring
bbb4dea0bd
chore: fix artifact upload for container build (#7565) 2024-03-14 11:10:53 +00:00
Stefan Benz
fb3c6f791b
feat: query side for executions and targets for actions v2 (#7524)
* feat: add projections and query side to executions and targets

* feat: add list and get endpoints for targets

* feat: add integration tests for query endpoints target and execution

* fix: linting

* fix: linting

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: review changes, renames and corrections

* fix: remove position from list details
2024-03-14 09:56:23 +00:00
Livio Spring
5d2cfc06d5
chore: update github actions (#7564) 2024-03-14 09:26:31 +00:00
Livio Spring
252e59d5cd
fix: get orgID when missing on trigger logs (#7555) 2024-03-14 08:49:10 +00:00
Fabi
bcff220cb4
docs: onboarding users (#7462)
* docs: log module for actions

* docs: info on registration options

* docs: add saml description

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* Update docs/docs/guides/integrate/onboarding/end-users.mdx

Co-authored-by: mffap <mpa@zitadel.com>

* docs: org scope

---------

Co-authored-by: mffap <mpa@zitadel.com>
2024-03-14 08:25:46 +00:00
Miguel Cabrerizo
dff5984f7d
fix: add expiration date information to service users keys (#7497)
* feat: add ExpirationDate to MachineKey JSON detail

* fix: include time in expiration date column for machine keys table

* fix: show expiration date in ShowKeyDialog if available

* fix: add machine key expiration date note

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-03-13 18:21:19 +00:00
Silvan
30a1f4b39e
docs(actions): add examples (#7494)
* docs(actions): add use cases

* docs(actions): extend available modules

* docs(actions): add example to http module

* hide code in details

* add saml response,
correct code examples

* describe internal authentication flow

* rename to code examples
2024-03-13 17:49:36 +01:00
Elio Bischof
6a1b708ff8
feat: console descriptions (#7552)
* org page descriptions

* feat(console): describe options

* docs: fix bullet

* lint

* refactor: cleanup unused translations

* translate

* translate

* translate

* members

* add links

* translate

* remove scripts

* lint

* remove node-jq

* fix styles

* Update console/src/assets/i18n/it.json

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/assets/i18n/it.json

Co-authored-by: Max Peintner <max@caos.ch>

* Update console/src/assets/i18n/it.json

Co-authored-by: Max Peintner <max@caos.ch>

---------

Co-authored-by: peintnermax <max@caos.ch>
2024-03-13 14:53:48 +00:00
Max Peintner
1db10a4286
fix(console): app integration without context (#7541)
* fix: app integration without context

* cleanup

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-03-13 11:27:53 +01:00
Livio Spring
266abcb23b
docs: describe session validation (#7548)
* docs: describe session validation

* typo

* resolve comments
2024-03-13 07:24:33 +00:00
Livio Spring
a28b3a1c2d
fix: rendering of TOTP QR code (#7549) 2024-03-12 16:20:42 +00:00
Livio Spring
0e181b218c
feat: implement user schema management (#7416)
This PR adds the functionality to manage user schemas through the new user schema service.
It includes the possibility to create a basic JSON schema and also provides a way on defining permissions (read, write) for owner and self context with an annotation.

Further annotations for OIDC claims and SAML attribute mappings will follow.

A guide on how to create a schema and assign permissions has been started. It will be extended though out the process of implementing the schema and users based on those.

Note:
This feature is in an early stage and therefore not enabled by default. To test it out, please enable the UserSchema feature flag on your instance / system though the feature service.
2024-03-12 13:50:13 +00:00
Fabi
2a39cc16f5
docs: external audit log (#7510)
* docs: external audit log

* docs: cockroach change data capture

* docs: add actions possibility

* docs: change sidebar

* docs: requested changes

* docs: requested changes

* docs: requested changes

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-03-11 14:07:58 +00:00
Silvan
4224c7ad3a
chore(core): update dependencies (#7517)
* chore(core): update dependencies

* chore(core): update dependencies
2024-03-11 10:43:56 +00:00
Livio Spring
860b80c9ee
refactor: copy only required frameworks icons from docs in console (#7538) 2024-03-11 08:33:05 +00:00
Silvan
7b537243c4
docs: describe combinations of flow and trigger types (#7519)
* docs(api): describe which flow and trigger types word together

* docs(actions): describe which flow and trigger types work together

* Update management.proto

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-11 07:24:24 +00:00
Livio Spring
07ec2efa9d
fix: use correct template package (#7522) 2024-03-11 07:52:02 +01:00
Silvan
60ee2610f2
fix(eventstore): consider IsGlobal-flag of constraints (#7518)
* fix(eventstore): consider `IsGlobal`-flag of constraints

* fix(setup): set `instance_domain`-constraint global
2024-03-08 13:33:53 +00:00
Fabi
fd39729089
docs: add note about x-zitadel-login-client matching pat when building your login ui (#7521)
docs: add note about x-zitadel-login-client matching pat
2024-03-08 13:02:53 +00:00
Stefan Benz
9f72fc63ac
fix: add additional permission tests to user v2 query endpoints (#7382)
Add additional permission integration tests to the user v2 query endpoints including some fixes to correctly check the permissions after the data is known which you want to query.
2024-03-08 08:37:23 +00:00
Stefan Benz
6df4b1b2c2
fix: combine resourceowner query in reduce function for user grant (#7383)
* fix: projection reduce correction with unit tests

* fix: remove eventcout variable as not used anymore

* fix: add errors if resoureowner is not found in user grants reduce
2024-03-08 07:52:59 +00:00