* feat: return 404 or 409 if org reg disallowed
* fix: system limit permissions
* feat: add iam limits api
* feat: disallow public org registrations on default instance
* add integration test
* test: integration
* fix test
* docs: describe public org registrations
* avoid updating docs deps
* fix system limits integration test
* silence integration tests
* fix linting
* ignore strange linter complaints
* review
* improve reset properties naming
* redefine the api
* use restrictions aggregate
* test query
* simplify and test projection
* test commands
* fix unit tests
* move integration test
* support restrictions on default instance
* also test GetRestrictions
* self review
* lint
* abstract away resource owner
* fix tests
* configure supported languages
* fix allowed languages
* fix tests
* default lang must not be restricted
* preferred language must be allowed
* change preferred languages
* check languages everywhere
* lint
* test command side
* lint
* add integration test
* add integration test
* restrict supported ui locales
* lint
* lint
* cleanup
* lint
* allow undefined preferred language
* fix integration tests
* update main
* fix env var
* ignore linter
* ignore linter
* improve integration test config
* reduce cognitive complexity
* compile
* fix(console): switch back to saved language
* feat(API): get allowed languages
* fix(console): only make allowed languages selectable
* warn when editing not allowed languages
* feat: manage restrictions in console
* check for duplicates
* remove useless restriction checks
* review
* revert restriction renaming
* manage languages
* fix language restrictions
* lint
* generate
* allow custom texts for supported langs for now
* fix tests
* cleanup
* cleanup
* cleanup
* lint
* unsupported preferred lang is allowed
* fix integration test
* allow unsupported preferred languages
* lint
* fix languages lists
* simplify default language selection
* translate
* discard
* lint
* load languages for tests
* load languages
* lint
* cleanup
* lint
* cleanup
* get allowed only on admin
* cleanup
* reduce flakiness on very limited postgres
* simplify langSvc
* refactor according to suggestions in pr
* lint
* improve ux
* update central allowed languages
* set first allowed language as default
* readd lost translations
* disable sorting disallowed languages
* fix permissions
* lint
* selectionchange for language in msg texts
* initialize login texts
* init message texts
* lint
* fix drag and drop list styles
* start from 1
* cleanup
* prettier
* correct orgdefaultlabel
* unsubscribe
* lint
* docs: describe language settings
---------
Co-authored-by: peintnermax <max@caos.ch>
Update _postgres.mdx
Added MaxIdleConns since this option is missing in the Postgres database settings.
My implementation was slow, because this setting wasn't set and I found it after checking the larger config files. Might have value to show that this value can be set in the database specific page.
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* feat: return 404 or 409 if org reg disallowed
* fix: system limit permissions
* feat: add iam limits api
* feat: disallow public org registrations on default instance
* add integration test
* test: integration
* fix test
* docs: describe public org registrations
* avoid updating docs deps
* fix system limits integration test
* silence integration tests
* fix linting
* ignore strange linter complaints
* review
* improve reset properties naming
* redefine the api
* use restrictions aggregate
* test query
* simplify and test projection
* test commands
* fix unit tests
* move integration test
* support restrictions on default instance
* also test GetRestrictions
* self review
* lint
* abstract away resource owner
* fix tests
* configure supported languages
* fix allowed languages
* fix tests
* default lang must not be restricted
* preferred language must be allowed
* change preferred languages
* check languages everywhere
* lint
* test command side
* lint
* add integration test
* add integration test
* restrict supported ui locales
* lint
* lint
* cleanup
* lint
* allow undefined preferred language
* fix integration tests
* update main
* fix env var
* ignore linter
* ignore linter
* improve integration test config
* reduce cognitive complexity
* compile
* check for duplicates
* remove useless restriction checks
* review
* revert restriction renaming
* fix language restrictions
* lint
* generate
* allow custom texts for supported langs for now
* fix tests
* cleanup
* cleanup
* cleanup
* lint
* unsupported preferred lang is allowed
* fix integration test
* finish reverting to old property name
* finish reverting to old property name
* load languages
* refactor(i18n): centralize translators and fs
* lint
* amplify no validations on preferred languages
* fix integration test
* lint
* fix resetting allowed languages
* test unchanged restrictions
* define roles and permissions
* support system user memberships
* don't limit system users
* cleanup permissions
* restrict memberships to aggregates
* default to SYSTEM_OWNER
* update unit tests
* test: system user token test (#6778)
* update unit tests
* refactor: make authz testable
* move session constants
* cleanup
* comment
* comment
* decode member type string to enum (#6780)
* decode member type string to enum
* handle all membership types
* decode enums where necessary
* decode member type in steps config
* update system api docs
* add technical advisory
* tweak docs a bit
* comment in comment
* lint
* extract token from Bearer header prefix
* review changes
* fix tests
* fix: add fix for activityhandler
* add isSystemUser
* remove IsSystemUser from activity info
* fix: add fix for activityhandler
---------
Co-authored-by: Stefan Benz <stefan@caos.ch>
* fix: hide domains settings for unauthorized users
* refine sidenav object mapping
* move domains to settings
* change docs
* set anchor to list element
* remove canwrite check in ngif
---------
Co-authored-by: Miguel A. C <doncicuto@gmail.com>
* Modified quick start guide to reflect the new onboarding changes.
* Modified titles to optimize indexing. Left thet titles in title case for now.
* Added side bar labels and also made minor changes to titles.
* Update docs/docs/apis/openidoauth/endpoints.mdx
Co-authored-by: Fabi <fabienne@zitadel.com>
---------
Co-authored-by: Fabi <fabienne@zitadel.com>
* docs(apple-idp): remove client id and secret from documentation, as it is not needed
* fix(apple-idp): fix reading of key file by using content type of file
* docs(integrate): google workspace
* first part of the guide
* second part
* remove warnings, add troubleshoot
* typo
* IDP entity ID, typos, screenshot
* docs: extend technical advisory
* docs: add version and dates
* docs: add version and dates
* fix version and date
* docs: add version and dates
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* feat: add reply-to header to smtp messages
* fix: grpc reply_to_address min 0 and js var name
* fix: add missing translations
* fix merge and linting
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* fix(api): rename first and last name to given and family name, intent to idp_intent, remove _ actions
* fix merge
* fully rename intent to idp intent in api
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
doc(oidc): device auth grant supported, typo
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* poc
* wip
* works
* upgrade yaml package
* need to add global comments for shifting
* wip: need index before working on comments
* green
* clean up
* test null value
* comment
* package
* delete
* convert to module
* render md table
* tests with ESM
* comments
* top level gitignore
* wip: new cases
* arrays: green
* array_test
* treat comments on map without first element
* fix some new case
* skip leaf comments
* output folder
* comment
* finish up for poc
* arrays
* create output dir
* merge main, create tables
* copy config options to docs
* cleanup
* recommend file configuration
* language
* add some explanations
* some small typo fixes
---------
Co-authored-by: mffap <mpa@zitadel.com>
Co-authored-by: Florian Forster <florian@zitadel.com>
* feat: Add full example for helmfile + PostgreSQL
- Adds full helmfile + PostgreSQL example
- Extends production checklist for bullet about insecure credentials
- Extends database documentation to ensure secure user rotation
Refs: https://discord.com/channels/927474939156643850/927866013545025566/1133692721710772294
* chore: revert example and move to zitadel-charts
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
Co-authored-by: Fabi <fabienne@zitadel.com>
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
* pipeline runs on ubuntu instead of docker
* added Makefile to build zitadel core (backend) and console (frontend)
* pipeline runs in parallel where possible
* pipeline is split into multiple jobs
* removed goreleaser
* added command to check if zitadel instance is running
* add macedonian language to currently supported languages
* mk yaml login static with en values
* mk json assets with en values
* mk yaml notification static with en values
* add macedonian notification yaml
* mk yaml static with en values
* mk translations for login
* mk translations for internal
* macedonian translations
* - fix lint issues
This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow.
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* docs: add instance not found troubleshoot to self-hosting
* docs: add instance not found troubleshoot to self-hosting
* docs: fix links
* docs: remove instance not found from support troubleshoot
* docs: add instance not found note on all deploy guides
* Modifying docs to comply with Google style guide for docs.
* Removed typo.
* Added FE and BE integration with ZITADEL
* Added FE and BE integration with ZITADEL
* Added FE and BE integration with ZITADEL
* Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx
Co-authored-by: mffap <mpa@zitadel.com>
* Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx
Co-authored-by: mffap <mpa@zitadel.com>
* Addressed @mffap's question on the PR.
* Added docs for detailed explanations for token introspection.
* Update docs/docs/guides/integrate/token-introspection/basic-auth.mdx
Co-authored-by: Fabi <fabienne@zitadel.com>
* Update docs/sidebars.js
Co-authored-by: Fabi <fabienne@zitadel.com>
* Update docs/docs/guides/integrate/token-introspection/private-key-jwt.mdx
* Addressed @hifabienne's review comments.
* Addressed @hifabienne's review comments.
---------
Co-authored-by: Dakshitha Ratnayake <dakshitharatnayake@Dakshithas-MacBook-Pro-2.local>
Co-authored-by: mffap <mpa@zitadel.com>
Co-authored-by: Fabi <fabienne@zitadel.com>
* Modifying docs to comply with Google style guide for docs.
* Removed typo.
* Added FE and BE integration with ZITADEL
* Added FE and BE integration with ZITADEL
* Added FE and BE integration with ZITADEL
* Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx
Co-authored-by: mffap <mpa@zitadel.com>
* Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx
Co-authored-by: mffap <mpa@zitadel.com>
* Addressed @mffap's question on the PR.
---------
Co-authored-by: Dakshitha Ratnayake <dakshitharatnayake@Dakshithas-MacBook-Pro-2.local>
Co-authored-by: mffap <mpa@zitadel.com>
* docs: add guide for implementing ui with the new user/session api
* docs: add guide for implementing ui with the new user/session api
* docs: add oidc flow to login ui guide
* Modifying docs to comply with Google style guide for docs.
* Removed typo.
---------
Co-authored-by: Dakshitha Ratnayake <dakshitharatnayake@Dakshithas-MacBook-Pro-2.local>
* feat: add v2alpha policies service
* feat: add v2alpha policies service
* fix: rename of attributes and messages in v2alpha api
* fix: rename of attributes and messages in v2alpha api
* fix: linter corrections
* fix: review corrections
* fix: review corrections
* fix: review corrections
* fix: review corrections
* fix grpc
* refactor: rename to settings and more
* Apply suggestions from code review
Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>
* add service to docs and rename legal settings
* unit tests for converters
* go mod tidy
* ensure idp name and return list details
* fix: use correct resource owner for active idps
* change query to join
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
