Tim Möhlmann
e22689c125
feat(oidc): id token for device authorization ( #7088 )
...
* cleanup todo
* pass id token details to oidc
* feat(oidc): id token for device authorization
This changes updates to the newest oidc version,
so the Device Authorization grant can return ID tokens when
the scope `openid` is set.
There is also some refactoring done, so that the eventstore can be
queried directly when polling for state.
The projection is cleaned up to a minimum with only data required for the login UI.
* try to be explicit wit hthe timezone to fix github
* pin oidc v3.8.0
* remove TBD entry
2023-12-20 13:21:08 +01:00
Stefan Benz
15fd3045e0
feat: add SAML as identity provider ( #6454 )
...
* feat: first implementation for saml sp
* fix: add command side instance and org for saml provider
* fix: add query side instance and org for saml provider
* fix: request handling in event and retrieval of finished intent
* fix: add review changes and integration tests
* fix: add integration tests for saml idp
* fix: correct unit tests with review changes
* fix: add saml session unit test
* fix: add saml session unit test
* fix: add saml session unit test
* fix: changes from review
* fix: changes from review
* fix: proto build error
* fix: proto build error
* fix: proto build error
* fix: proto require metadata oneof
* fix: login with saml provider
* fix: integration test for saml assertion
* lint client.go
* fix json tag
* fix: linting
* fix import
* fix: linting
* fix saml idp query
* fix: linting
* lint: try all issues
* revert linting config
* fix: add regenerate endpoints
* fix: translations
* fix mk.yaml
* ignore acs path for user agent cookie
* fix: add AuthFromProvider test for saml
* fix: integration test for saml retrieve information
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-29 11:26:14 +02:00
Livio Spring
e17b49e4ca
feat: add apple as idp ( #6442 )
...
* feat: manage apple idp
* handle apple idp callback
* add tests for provider
* basic console implementation
* implement flow for login UI and add logos / styling
* tests
* cleanup
* add upload button
* begin i18n
* apple logo positioning, file upload component
* fix add apple instance idp
* add missing apple logos for login
* update to go 1.21
* fix slice compare
* revert permission changes
* concrete error messages
* translate login apple logo -y-2px
* change form parsing
* sign in button
* fix tests
* lint console
---------
Co-authored-by: peintnermax <max@caos.ch>
2023-08-31 08:39:16 +02:00
Stefan Benz
5562ee94a6
feat: migrate external idp to other types ( #5984 )
...
* feat: migrate instance oidc to azureAD
* feat: migrate instance oidc to azureAD
* feat: migrate org oidc to azureAD
* feat: migrate oidc to google
* fix: correct idp writemodels
* fix: review changes
2023-06-08 00:50:53 +02:00
Tim Möhlmann
5819924275
feat: device authorization RFC 8628 ( #5646 )
...
* device auth: implement the write events
* add grant type device code
* fix(init): check if default value implements stringer
---------
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2023-04-19 08:46:02 +00:00
Livio Spring
5a307afe62
feat: add azure provider templates ( #5441 )
...
Adds possibility to manage and use Microsoft Azure template based providers
2023-03-15 07:48:37 +01:00
Livio Spring
c0843e6b4c
feat: add gitlab provider templates ( #5405 )
...
* feat(api): add google provider template
* refactor reduce functions
* handle removed event
* linting
* fix projection
* feat(api): add generic oauth provider template
* feat(api): add github provider templates
* feat(api): add github provider templates
* fixes
* proto comment
* fix filtering
* requested changes
* feat(api): add generic oauth provider template
* remove wrongly committed message
* increase budget for angular build
* fix linting
* fixes
* fix merge
* fix merge
* fix projection
* fix merge
* updates from previous PRs
* enable github providers in login
* fix merge
* fix test and add github styling in login
* cleanup
* feat(api): add gitlab provider templates
* fix: merge
* fix display of providers in login
* implement gitlab in login and make prompt `select_account` optional since gitlab can't handle it
* fix merge
* fix merge and add tests for command side
* requested changes
* requested changes
* Update internal/query/idp_template.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* fix merge
* requested changes
---------
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2023-03-13 17:34:29 +01:00
Livio Spring
3042d7ef5c
feat: add github provider template ( #5334 )
...
Adds possibility to manage and use GitHub (incl. Enterprise Server) template based providers
2023-03-08 10:17:28 +00:00
Livio Spring
80003939ad
feat(api): add oidc and jwt provider template ( #5290 )
...
Adds possibility to manage OIDC and JWT template based providers
2023-02-27 16:32:18 +01:00
Livio Spring
737d14e81b
feat(api): add generic oauth provider template ( #5260 )
...
adds functionality to manage templates based OIDC IDPs
2023-02-24 15:16:06 +01:00
Livio Spring
40e7356f3e
feat(api): add google provider template ( #5247 )
...
add functionality to manage templates based Google IDP
2023-02-21 17:18:28 +00:00
Stefan Benz
586495a0be
feat: add management for ldap idp template ( #5220 )
...
Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future.
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-02-15 08:14:59 +00:00
Stefan Benz
19621acfd3
feat: add notification policy and password change message ( #5065 )
...
Implementation of new notification policy with functionality to send email when a password is changed
2023-01-25 09:49:41 +01:00
Silvan
1bf1f335dc
feat(admin-api): list events ( #4989 )
...
* docs: update cockroachdb version to 22.2
* feat(adminAPI): ListEventTypes returns the list of event types ZITADEL implements
* feat(adminAPI): ListAggregateTypes returns the list of aggregate types ZITADEL implements
* feat(adminAPI): ListEvents allows `IAM_OWNERS` to search for events
2023-01-16 11:30:03 +00:00
Silvan
f3e6f3b23b
feat: remove org ( #4148 )
...
* feat(command): remove org
* refactor: imports, unused code, error handling
* reduce org removed in action
* add org deletion to projections
* add org removal to projections
* add org removal to projections
* org removed projection
* lint import
* projections
* fix: table names in tests
* fix: table names in tests
* logging
* add org state
* fix(domain): add Owner removed to object details
* feat(ListQuery): add with owner removed
* fix(org-delete): add bool to functions to select with owner removed
* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner
* fix(org-delete): add unit tests for owner removed and org removed events
* fix(org-delete): add handling of org remove for grants and members
* fix(org-delete): correction of unit tests for owner removed
* fix(org-delete): update projections, unit tests and get functions
* fix(org-delete): add change date to authnkeys and owner removed to org metadata
* fix(org-delete): include owner removed for login names
* fix(org-delete): some column fixes in projections and build for queries with owner removed
* indexes
* fix(org-delete): include review changes
* fix(org-delete): change user projection name after merge
* fix(org-delete): include review changes for project grant where no project owner is necessary
* fix(org-delete): include auth and adminapi tables with owner removed information
* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed
* fix(org-delete): add permissions for org.remove
* remove unnecessary unique constraints
* fix column order in primary keys
* fix(org-delete): include review changes
* fix(org-delete): add owner removed indexes and chang setup step to create tables
* fix(org-delete): move PK order of instance_id and change added user_grant from review
* fix(org-delete): no params for prepareUserQuery
* change to step 6
* merge main
* fix(org-delete): OldUserName rename to private
* fix linting
* cleanup
* fix: remove org test
* create prerelease
* chore: delete org-delete as prerelease
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2022-11-30 17:01:17 +01:00
Stefan Benz
2c1f9ac4a8
feat(org): add org metadata functionality ( #4234 )
...
* feat(org): add org metadata functionality
* fix(metadata): add unit tests and review for org metadata
* fix(org-metadata): move endpoints to /
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2022-09-20 14:32:09 +00:00
Livio Amstutz
861cf07700
feat: permit all features to every instance and organisation ( #3566 )
2022-05-02 11:18:17 +02:00
Florian Forster
fa9f581d56
chore(v2): move to new org ( #3499 )
...
* chore: move to new org
* logging
* fix: org rename caos -> zitadel
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
2022-04-26 23:01:45 +00:00
Silvan
c5b99274d7
feat(cli): setup ( #3267 )
...
* commander
* commander
* selber!
* move to packages
* fix(errors): implement Is interface
* test: command
* test: commands
* add init steps
* setup tenant
* add default step yaml
* possibility to set password
* merge v2 into v2-commander
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: search query builder can filter events in memory
* fix: filters for add member
* fix(setup): add `ExternalSecure` to config
* chore: name iam to instance
* fix: matching
* remove unsued func
* base url
* base url
* test(command): filter funcs
* test: commands
* fix: rename orgiampolicy to domain policy
* start from init
* commands
* config
* fix indexes and add constraints
* fixes
* fix: merge conflicts
* fix: protos
* fix: md files
* setup
* add deprecated org iam policy again
* typo
* fix search query
* fix filter
* Apply suggestions from code review
* remove custom org from org setup
* add todos for verification
* change apps creation
* simplify package structure
* fix error
* move preparation helper for tests
* fix unique constraints
* fix config mapping in setup
* fix error handling in encryption_keys.go
* fix projection config
* fix query from old views to projection
* fix setup of mgmt api
* set iam project and fix instance projection
* imports
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2022-03-28 10:05:09 +02:00
Fabi
9d4f296c62
fix: rename iam to instance ( #3345 )
...
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename orgiampolicy to domain policy
* fix: merge conflicts
* fix: protos
* fix: md files
* implement deprecated org iam policy again
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-03-24 16:21:34 +00:00
Livio Amstutz
ed80a8bb1e
feat: actions ( #2377 )
...
* feat(actions): begin api
* feat(actions): begin api
* api and projections
* fix: handle multiple statements for a single event in projections
* export func type
* fix test
* update to new reduce interface
* flows in login
* feat: jwt idp
* feat: command side
* feat: add tests
* actions and flows
* fill idp views with jwt idps and return apis
* add jwtEndpoint to jwt idp
* begin jwt request handling
* add feature
* merge
* merge
* handle jwt idp
* cleanup
* bug fixes
* autoregister
* get token from specific header name
* fix: proto
* fixes
* i18n
* begin tests
* fix and log http proxy
* remove docker cache
* fixes
* usergrants in actions api
* tests adn cleanup
* cleanup
* fix add user grant
* set login context
* i18n
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2021-09-27 13:43:49 +02:00
Livio Amstutz
b6b5b1b782
feat: jwt as idp ( #2363 )
...
* feat: jwt idp
* feat: command side
* feat: add tests
* fill idp views with jwt idps and return apis
* add jwtEndpoint to jwt idp
* begin jwt request handling
* merge
* handle jwt idp
* cleanup
* fixes
* autoregister
* get token from specific header name
* error handling
* fix texts
* handle renderExternalNotFoundOption
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2021-09-14 15:15:01 +02:00
Fabi
bc951985ed
feat: Lockout policy ( #2121 )
...
* feat: lock users if lockout policy is set
* feat: setup
* feat: lock user on password failes
* feat: render error
* feat: lock user on command side
* feat: auth_req tests
* feat: lockout policy docs
* feat: remove show lockout failures from proto
* fix: console lockout
* feat: tests
* fix: tests
* unlock function
* add unlock button
* fix migration version
* lockout policy
* lint
* Update internal/auth/repository/eventsourcing/eventstore/auth_request.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* fix: err message
* Update internal/command/setup_step4.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
2021-08-11 06:36:32 +00:00
Fabi
beb1c1604a
feat: Privacy policy ( #1957 )
...
* feat: command side privacy policy
* feat: add privacy policy to api
* feat: add privacy policy query side
* fix: add privacy policy to mgmt api
* fix: add privacy policy to auth and base data
* feat: use privacyPolicy in login gui
* feat: use privacyPolicy in login gui
* feat: test org fatures
* feat: typos
* feat: tos in register
2021-07-05 10:36:51 +02:00
Fabi
bdf3887f9e
feat: custom message text ( #1801 )
...
* feat: default custom message text
* feat: org custom message text
* feat: org custom message text
* feat: custom messages query side
* feat: default messages
* feat: message text user fields
* feat: check for inactive user
* feat: fix send password reset
* feat: fix custom org text
* feat: add variables to docs
* feat: custom text tests
* feat: fix notifications
* feat: add custom text feature
* feat: add custom text feature
* feat: feature in custom message texts
* feat: add custom text feature in frontend
* feat: merge main
* feat: feature tests
* feat: change phone message in setup
* fix: remove unused code, add event translation
* fix: merge main and fix problems
* fix: english translation file
* fix: migration versions
* fix: setup
* feat: fix pr requests
* feat: fix phone code message
* feat: migration
* feat: setup
* fix: remove unused tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-06-10 11:49:10 +00:00
Fabi
1143e3773e
fix: Remove user with cascading memberships ( #1811 )
...
* fix: remove usermemberships on user remove
* fix: text user remove with memberships
* fix: translations
* Update internal/iam/repository/eventsourcing/model/types.go
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: uncomment tests
* fix: remove memberships if user removed
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-06-07 07:20:47 +02:00
Fabi
73d37459bb
feat: label policy ( #1708 )
...
* feat: label policy proto extension
* feat: label policy and activate event
* feat: label policy asset events
* feat: label policy asset commands
* feat: add storage key
* feat: storage key validation
* feat: label policy asset tests
* feat: label policy query side
* feat: avatar
* feat: avatar event
* feat: human avatar
* feat: avatar read side
* feat: font on iam label policy
* feat: label policy font
* feat: possiblity to create bucket on put file
* uplaoder
* login policy logo
* set bucket prefix
* feat: avatar upload
* feat: avatar upload
* feat: use assets on command side
* feat: fix human avatar removed event
* feat: remove human avatar
* feat: mock asset storage
* feat: remove human avatar
* fix(operator): add configuration of asset storage to zitadel operator
* feat(console): private labeling policy (#1697 )
* private labeling component, routing, preview
* font, colors, upload, i18n
* show logo
* fix: uniqueness (#1710 )
* fix: uniqueconstraint to lower
* feat: change org
* feat: org change test
* feat: change org
* fix: tests
* fix: handle domain claims correctly
* feat: update org
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: handle domain claimed event correctly for service users (#1711 )
* fix: handle domain claimed event correctly on user view
* fix: ignore domain claimed events for email notifications
* fix: change org
* handle org changed in read models correctly
* fix: change org in user grant handler
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fix: correct value (#1695 )
* docs(api): correct link (#1712 )
* upload service
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
* feat: fix tests,
* feat: remove assets from label policy
* fix npm, set environment
* lint ts
* remove stylelinting
* fix(operator): add mapping for console with changed unit tests
* fix(operator): add secrets as env variables to pod
* feat: remove human avatar
* fix(operator): add secrets as env variables to pod
* feat: map label policy
* feat: labelpolicy, admin, mgmt, adv settings (#1715 )
* fetch label policy, mgmt, admin service
* feat: advanced beh, links, add, update
* lint ts
* feat: watermark
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: remove human avatar
* feat: custom css
* css
* css
* css
* css
* css
* getobject
* feat: dynamic handler
* feat: varibale css
* content info
* css overwrite
* feat: variablen css
* feat: generate css file
* feat: dark mode
* feat: dark mode
* fix logo css
* feat: upload logos
* dark mode with cookie
* feat: handle images in login
* avatar css and begin font
* feat: avatar
* feat: user avatar
* caching of static assets in login
* add avatar.js to main.html
* feat: header dont show logo if no url
* feat: label policy colors
* feat: mock asset storage
* feat: mock asset storage
* feat: fix tests
* feat: user avatar
* feat: header logo
* avatar
* avatar
* make it compatible with go 1.15
* feat: remove unused logos
* fix handler
* fix: styling error handling
* fonts
* fix: download func
* switch to mux
* fix: change upload api to assets
* fix build
* fix: download avatar
* fix: download logos
* fix: my avatar
* font
* fix: remove error msg popup possibility
* fix: docs
* fix: svalidate colors
* rem msg popup from frontend
* fix: email with private labeling
* fix: tests
* fix: email templates
* fix: change migration version
* fix: fix duplicate imports
* fix(console): assets, service url, upload, policy current and preview (#1781 )
* upload endpoint, layout
* fetch current, preview, fix upload
* cleanup private labeling
* fix linting
* begin generated asset handler
* generate asset api in dockerfile
* features for label policy
* features for label policy
* features
* flag for asset generator
* change asset generator flag
* fix label policy view in grpc
* fix: layout, activate policy (#1786 )
* theme switcher up on top
* change layout
* activate policy
* feat(console): label policy back color, layout (#1788 )
* theme switcher up on top
* change layout
* activate policy
* fix overwrite value fc
* reset policy, reset service
* autosave policy, preview desc, layout impv
* layout, i18n
* background colors, inject material styles
* load images
* clean, lint
* fix layout
* set custom hex
* fix content size conversion
* remove font format in generated css
* fix features for assets
* fix(console): label policy colors, image downloads, preview (#1804 )
* load images
* colors, images binding
* lint
* refresh emitter
* lint
* propagate font colors
* upload error handling
* label policy feature check
* add blob in csp for console
* log
* fix: feature edits for label policy, refresh state on upload (#1807 )
* show error on load image, stop spinner
* fix merge
* fix migration versions
* fix assets
* fix csp
* fix background color
* scss
* fix build
* lint scss
* fix statik for console
* fix features check for label policy
* cleanup
* lint
* public links
* fix notifications
* public links
* feat: merge main
* feat: fix translation files
* fix migration
* set api domain
* fix logo in email
* font face in email
* font face in email
* validate assets on upload
* cleanup
* add missing translations
* add missing translations
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Florian Forster <florian@caos.ch>
2021-06-04 14:53:51 +02:00
Livio Amstutz
a4763b1e4c
feat: features ( #1427 )
...
* features
* features
* features
* fix json tags
* add features handler to auth
* mocks for tests
* add setup step
* fixes
* add featurelist to auth api
* grandfather state and typos
* typo
* merge new-eventstore
* fix login policy tests
* label policy in features
* audit log retention
2021-03-25 17:26:21 +01:00
Fabi
3c07a186fc
fix: todos ( #1346 )
...
* fix: pub sub in new eventstore
* fix: todos
* fix: todos
* fix: todos
* fix: todos
* fix: todos
2021-03-01 08:48:50 +01:00
Fabi
d8e42744b4
fix: move v2 pkgs ( #1331 )
...
* fix: move eventstore pkgs
* fix: move eventstore pkgs
* fix: remove v2 view
* fix: remove v2 view
2021-02-23 15:13:04 +01:00