syntax = "proto3"; import "google/api/annotations.proto"; import "google/protobuf/empty.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/timestamp.proto"; import "validate/validate.proto"; import "protoc-gen-swagger/options/annotations.proto"; import "authoption/options.proto"; package zitadel.auth.api.v1; option go_package = "github.com/caos/zitadel/pkg/auth/api/grpc"; option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = { info: { title: "Auth API"; version: "0.1"; contact:{ url: "https://github.com/caos/zitadel/pkg/auth" }; }; schemes: HTTPS; consumes: "application/json"; consumes: "application/grpc"; produces: "application/json"; produces: "application/grpc"; }; service AuthService { // Readiness rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { get: "/healthz" }; } rpc Ready(google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { get: "/ready" }; } rpc Validate(google.protobuf.Empty) returns (google.protobuf.Struct) { option (google.api.http) = { get: "/validate" }; } // Authorization rpc GetUserAgent(UserAgentID) returns (UserAgent) { option (google.api.http) = { get: "/useragents/{id}" }; } rpc CreateUserAgent(UserAgentCreation) returns (UserAgent) { option (google.api.http) = { post: "/useragents" body: "*" }; } rpc RevokeUserAgent(UserAgentID) returns (UserAgent) { option (google.api.http) = { put: "/useragents/{id}" body: "*" }; } rpc CreateAuthSession(AuthSessionCreation) returns (AuthSessionResponse) { option (google.api.http) = { post: "/useragents/{agent_id}/authsessions" body: "*" }; } rpc GetAuthSession(AuthSessionID) returns (AuthSessionResponse) { option (google.api.http) = { get: "/useragents/{agent_id}/authsessions/{id}" }; } rpc GetAuthSessionByTokenID(TokenID) returns (AuthSessionView) { option (google.api.http) = { get: "/tokens/{id}/authsession" }; } rpc SelectUser(SelectUserRequest) returns (AuthSessionResponse) { option (google.api.http) = { put: "/useragents/{agent_id}/authsessions/{auth_session_id}/_selectuser" body: "*" }; } rpc VerifyUser(VerifyUserRequest) returns (AuthSessionResponse) { option (google.api.http) = { put: "/useragents/{agent_id}/authsessions/{auth_session_id}/_verifyuser" body: "*" }; } rpc VerifyPassword(VerifyPasswordRequest) returns (AuthSessionResponse) { option (google.api.http) = { put: "/useragents/{agent_id}/authsessions/{auth_session_id}/_verifypassword" body: "*" }; } rpc VerifyMfa(VerifyMfaRequest) returns (AuthSessionResponse) { option (google.api.http) = { put: "/useragents/{agent_id}/authsessions/{auth_session_id}/_verifymfa" body: "*" }; } rpc GetUserAgentSessions(UserAgentID) returns (UserSessions) { option (google.api.http) = { get: "/useragents/{id}/usersessions" }; } rpc GetUserSession(UserSessionID) returns (UserSession) { option (google.api.http) = { get: "/useragents/{agent_id}/usersessions/{id}" }; } rpc GetMyUserSessions(google.protobuf.Empty) returns (UserSessionViews) { option (google.api.http) = { get: "/me/usersessions" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc TerminateUserSession(UserSessionID) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/useragents/{agent_id}/usersessions/{id}" }; } rpc CreateToken(CreateTokenRequest) returns (Token) { option (google.api.http) = { post: "/useragents/{agent_id}/authsessions/{auth_session_id}/tokens" body: "*" }; } //User rpc IsUserUnique(UniqueUserRequest) returns (UniqueUserResponse) { option (google.api.http) = { get: "/users/_isunique" }; } rpc RegisterUser(RegisterUserRequest) returns (User) { option (google.api.http) = { post: "/users/_register" body: "*" }; } rpc RegisterUserWithExternal(RegisterUserExternalIDPRequest) returns (User) { option (google.api.http) = { post: "/users/_externalregister" body: "*" }; } rpc GetMyUserProfile(google.protobuf.Empty) returns (UserProfile) { option (google.api.http) = { get: "/users/me/profile" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc UpdateMyUserProfile(UpdateUserProfileRequest) returns (UserProfile) { option (google.api.http) = { put: "/users/me/profile" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc GetMyUserEmail(google.protobuf.Empty) returns (UserEmail) { option (google.api.http) = { get: "/users/me/email" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc ChangeMyUserEmail(UpdateUserEmailRequest) returns (UserEmail) { option (google.api.http) = { put: "/users/me/email" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc VerifyMyUserEmail(VerifyMyUserEmailRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/me/email/_verify" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc VerifyUserEmail(VerifyUserEmailRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/{id}/email/_verify" body: "*" }; } rpc ResendMyEmailVerificationMail(google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/me/email/_resendverification" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc ResendEmailVerificationMail(UserID) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/{id}/email/_resendverification" body: "*" }; } rpc GetMyUserPhone(google.protobuf.Empty) returns (UserPhone) { option (google.api.http) = { get: "/users/me/phone" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc ChangeMyUserPhone(UpdateUserPhoneRequest) returns (UserPhone) { option (google.api.http) = { put: "/users/me/phone" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc VerifyMyUserPhone(VerifyUserPhoneRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/me/phone/_verify" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc ResendMyPhoneVerificationCode(google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/me/phone/_resendverification" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc GetMyUserAddress(google.protobuf.Empty) returns (UserAddress) { option (google.api.http) = { get: "/users/me/address" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc UpdateMyUserAddress(UpdateUserAddressRequest) returns (UserAddress) { option (google.api.http) = { put: "/users/me/address" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc GetMyMfas(google.protobuf.Empty) returns (MultiFactors) { option (google.api.http) = { get: "/users/me/mfas" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } //Password rpc SetMyPassword(PasswordRequest) returns (google.protobuf.Empty) { option (google.api.http) = { put: "/users/me/passwords" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc RequestPasswordReset(ResetPasswordRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/passwords/_requestpwreset" body: "*" }; } rpc PasswordReset(ResetPassword) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/{id}/passwords/_resetpw" body: "*" }; } rpc ChangeMyPassword(PasswordChange) returns (google.protobuf.Empty) { option (google.api.http) = { put: "/users/me/passwords/_change" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } // MFA rpc AddMfaOTP(google.protobuf.Empty) returns (MfaOtpResponse) { option (google.api.http) = { post: "/users/me/mfa/otp" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc VerifyMfaOTP(VerifyMfaOtp) returns (MfaOtpResponse) { option (google.api.http) = { put: "/users/me/mfa/otp/_verify" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc RemoveMfaOTP(google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/users/me/mfa/otp" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc SkipMfaInit(SkipMfaInitRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/users/{user_id}/mfa/_skipinit" body: "*" }; } //TODO: Remove func only for tests rpc GetUserByID(UserID) returns (User) { option (google.api.http) = { get: "/users/{id}" }; } //Application rpc GetApplicationByID(ApplicationID) returns (Application) { option (google.api.http) = { get: "/applications/{id}" }; } rpc SearchApplications(ApplicationSearchRequest) returns (ApplicationSearchResponse) { option (google.api.http) = { post: "/applications/_search" body: "*" }; } rpc AuthorizeApplication(ApplicationAuthorizeRequest) returns (Application) { option (google.api.http) = { post: "/applications/_authorize" body: "*" }; } //Grant rpc SearchGrant(GrantSearchRequest) returns (GrantSearchResponse) { option (google.api.http) = { post: "/grants/_search" body: "*" }; } rpc SearchMyProjectOrgs(MyProjectOrgSearchRequest) returns (MyProjectOrgSearchResponse) { option (google.api.http) = { post: "/global/projectorgs/_search" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } rpc IsIamAdmin(google.protobuf.Empty) returns (IsAdminResponse) { option (google.api.http) = { get: "/global/_isiamadmin" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } //Permission rpc GetMyZitadelPermissions(google.protobuf.Empty) returns (MyPermissions) { option (google.api.http) = { get: "/permissions/zitadel/me" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "authenticated" }; } } message SessionRequest { string user_id = 1; BrowserInformation browser_info = 2; } message UserAgent { string id = 1; BrowserInformation browser_info = 2; UserAgentState state = 3; } enum UserAgentState { USERAGENTSTATE_UNSPECIFIED = 0; USERAGENTSTATE_ACTIVE = 1; USERAGENTSTATE_TERMINATED = 2; } message UserAgentID { string id = 1; } message UserAgentCreation { BrowserInformation browser_info = 1 [(validate.rules).message.required = true]; } message UserAgents { repeated UserAgent sessions = 1; } message AuthSessionCreation { string agent_id = 1 [(validate.rules).string.min_len = 1]; AuthSessionType type = 2; BrowserInformation browser_info = 3 [(validate.rules).message.required = true]; string client_id = 4 [(validate.rules).string.min_len = 1]; string redirect_uri = 5 [(validate.rules).string.min_len = 1]; string state = 6; Prompt prompt = 7; repeated string auth_context_class_reference = 8; repeated string ui_locales = 9; string login_hint = 10; uint32 max_age = 11; oneof type_info { AuthRequestOIDC oidc = 12; } string preselected_user_id = 13; } message AuthSessionResponse { string agent_id = 1; string id = 2; AuthSessionType type = 3; string client_id = 4; string redirect_uri = 5; string state = 6; Prompt prompt = 7; repeated string auth_context_class_reference = 8; repeated string ui_locales = 9; string login_hint = 10; uint32 max_age = 11; oneof type_info { AuthRequestOIDC oidc = 12; } repeated NextStep possible_steps = 13; repeated string project_client_ids = 14; UserSession user_session = 15; } message AuthSessionView { string agent_id = 1; string auth_session_id = 2; AuthSessionType type = 3; string client_id = 4; string user_session_id = 5; repeated string project_client_ids = 6; string token_id = 7; google.protobuf.Timestamp token_expiration = 8; string user_id = 9; } message TokenID { string id = 1; } message UserSessionID { string id = 1; string agent_id = 2; } message UserSessions { repeated UserSession user_sessions = 1; } message UserSession { string id = 1; string agent_id = 2; UserSessionState auth_state = 3; AuthUser user = 4; bool password_verified = 5; MfaType mfa = 6; bool mfa_verified = 7; google.protobuf.Timestamp auth_time = 8; } message UserSessionViews { repeated UserSessionView user_sessions = 1; } message UserSessionView { string id = 1; string agent_id = 2; UserSessionState auth_state = 3; string user_id = 4; string user_name = 5; } message AuthUser { string user_id = 1; string user_name = 2; } enum UserSessionState { USERSESSIONSTATE_UNSPECIFIED = 0; USERSESSIONSTATE_ACTIVE = 1; USERSESSIONSTATE_TERMINATED = 2; } message AuthSessionID { string id = 1; string agent_id = 2; BrowserInformation browser_info = 3; } message SelectUserRequest { string agent_id = 1; string auth_session_id = 2; string user_session_id = 3; BrowserInformation browser_info = 4 [(validate.rules).message.required = true]; } message VerifyUserRequest { string agent_id = 1 [(validate.rules).string.min_len = 1]; string auth_session_id = 2 [(validate.rules).string.min_len = 1]; string user_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; BrowserInformation browser_info = 4 [(validate.rules).message.required = true]; } message VerifyPasswordRequest { string agent_id = 1 [(validate.rules).string.min_len = 1]; string auth_session_id = 2 [(validate.rules).string.min_len = 1]; string password = 3 [(validate.rules).string = {min_len: 1, max_len: 72}]; BrowserInformation browser_info = 4 [(validate.rules).message.required = true]; } message VerifyMfaRequest { string agent_id = 1 [(validate.rules).string.min_len = 1]; string auth_session_id = 2 [(validate.rules).string.min_len = 1]; BrowserInformation browser_info = 3; oneof mfa { AuthSessionMultiFactorOTP otp = 4; } } message AuthSessionMultiFactorOTP { string code = 1 [(validate.rules).string = {max_len: 200}]; } message NextStep { NextStepType type = 1; oneof data { LoginData login = 2; PasswordData password = 3; MfaVerifyData mfa_verify = 4; MfaPromptData mfa_prompt = 5; ChooseUserData choose_user = 6; } } enum NextStepType { NEXTSTEP_UNSPECIFIED = 0; NEXTSTEP_LOGIN = 1; NEXTSTEP_PASSWORD = 2; NEXTSTEP_CHANGE_PASSWORD = 3; NEXTSTEP_MFA_PROMPT = 4; //TODO: ? NEXTSTEP_MFA_INIT_CHOICE = 5; //TODO: ? NEXTSTEP_MFA_INIT_CREATE = 6; NEXTSTEP_MFA_INIT_VERIFY = 7; NEXTSTEP_MFA_INIT_DONE = 8; NEXTSTEP_MFA_VERIFY = 9; NEXTSTEP_MFA_VERIFY_ASYNC = 10; NEXTSTEP_VERIFY_EMAIL = 11; NEXTSTEP_REDIRECT_TO_CALLBACK = 12; NEXTSTEP_INIT_PASSWORD = 13; NEXTSTEP_CHOOSE_USER = 14; } message LoginData { string err_msg = 1; } message PasswordData { string err_msg = 1; uint32 failure_count = 2; } message MfaVerifyData { string err_msg = 1; uint32 failure_count = 2; repeated MfaType mfa_providers = 3; } message MfaPromptData { bool required = 1; repeated MfaType mfa_providers = 2; } message ChooseUserData { repeated ChooseUser users = 1; } message ChooseUser { string user_session_id = 1; string user_id = 2; string user_name = 3; UserSessionState user_session_state = 4; } message SkipMfaInitRequest { string user_id = 1; } enum AuthSessionType { AUTHSESSIONTYPE_UNSPECIFIED = 0; //TODO: necessary? AUTHSESSIONTYPE_OIDC = 1; AUTHSESSIONTYPE_SAML = 2; } message BrowserInformation { string user_agent = 1; IP remote_ip = 2 [(validate.rules).message.required = true]; string accept_language = 3; } message IP { string V4 = 1; string V6 = 2; } enum Prompt { PROMPT_UNSPECIFIED = 0; PROMPT_NONE = 1; PROMPT_LOGIN = 2; PROMPT_CONSENT = 3; PROMPT_SELECT_ACCOUNT = 4; } message AuthRequestOIDC { repeated string scope = 1; OIDCResponseType response_type = 2; string nonce = 3; CodeChallenge code_challenge = 4; } enum OIDCResponseType { OIDCRESPONSETYPE_CODE = 0; OIDCRESPONSETYPE_ID_TOKEN = 1; OIDCRESPONSETYPE_ID_TOKEN_TOKEN = 2; } message CodeChallenge { string challenge = 1; CodeChallengeMethod method = 2; } enum CodeChallengeMethod { CODECHALLENGEMETHOD_PLAIN = 0; CODECHALLENGEMETHOD_S256 = 1; } message UserID { string id = 1; } message UniqueUserRequest { string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string email = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; } message UniqueUserResponse { bool is_unique = 1; } message RegisterUserRequest { string email = 1 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}]; string first_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string last_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; string nick_name = 4 [(validate.rules).string = {max_len: 200}]; string display_name = 5 [(validate.rules).string = {max_len: 200}]; string preferred_language = 6 [(validate.rules).string = {max_len: 200}]; Gender gender = 7; string password = 8 [(validate.rules).string = {min_len: 1, max_len: 72}]; string org_id = 9 [(validate.rules).string.min_len = 1]; } message RegisterUserExternalIDPRequest { string email = 1 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}]; string first_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string last_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; string nick_name = 4 [(validate.rules).string = {max_len: 200}]; string display_name = 5 [(validate.rules).string = {max_len: 200}]; string preferred_language = 6 [(validate.rules).string = {max_len: 200}]; Gender gender = 7; IDPProvider idp_provider = 8; string org_id = 9 [(validate.rules).string.min_len = 1]; } message IDPProvider { string provider = 8; string externalIdpID = 9; } message User { string id = 1; UserState state = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp activation_date = 4; google.protobuf.Timestamp change_date = 5; google.protobuf.Timestamp last_login = 6; google.protobuf.Timestamp password_changed = 7; string user_name = 8; string first_name = 9; string last_name = 10; string nick_name = 11; string display_name = 12; string preferred_language = 13; Gender gender = 14; string email = 15; bool is_email_verified = 16; string phone = 17; bool is_phone_verified = 18; string country = 19; string locality = 20; string postal_code = 21; string region = 22; string street_address = 23; bool password_change_required = 24; } enum UserState { USERSTATE_UNSPECIEFIED = 0; USERSTATE_ACTIVE = 1; USERSTATE_INACTIVE = 2; USERSTATE_DELETED = 3; USERSTATE_LOCKED = 4; USERSTATE_SUSPEND = 5; USERSTATE_INITIAL= 6; } enum Gender { GENDER_UNSPECIFIED = 0; GENDER_FEMALE = 1; GENDER_MALE = 2; GENDER_DIVERSE = 3; } message UserProfile { string id = 1; string user_name = 2; string first_name = 3; string last_name = 4; string nick_name = 5; string display_name = 6; string preferred_language = 7; Gender gender = 8; } message UpdateUserProfileRequest { string first_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string last_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string nick_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; string display_name = 4 [(validate.rules).string = {min_len: 1, max_len: 200}]; string preferred_language = 5 [(validate.rules).string = {min_len: 1, max_len: 200}]; Gender gender = 6; } message UserEmail { string id = 1; string email = 2; bool isEmailVerified = 3; } message VerifyMyUserEmailRequest { string code = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; } message VerifyUserEmailRequest { string id = 1; string code = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; } message UpdateUserEmailRequest { string email = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; } message UserPhone { string id = 1; string phone = 2; bool is_phone_verified = 3; } message UpdateUserPhoneRequest { string phone = 1 [(validate.rules).string = {min_len: 1, max_len: 20}]; } message VerifyUserPhoneRequest { string code = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; } message UserAddress { string id = 1; string country = 2; string locality = 3; string postal_code = 4; string region = 5; string street_address = 6; } message UpdateUserAddressRequest { string country = 1 [(validate.rules).string = {max_len: 200}]; string locality = 2 [(validate.rules).string = {max_len: 200}]; string postal_code = 3 [(validate.rules).string = {max_len: 200}]; string region = 4 [(validate.rules).string = {max_len: 200}]; string street_address = 5 [(validate.rules).string = {max_len: 200}]; } message PasswordID{ string id = 1; } message PasswordRequest { string password = 1 [(validate.rules).string = {min_len: 1, max_len: 72}]; } message ResetPasswordRequest { string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; NotificationType type = 2; } message ResetPassword { string id = 1 [(validate.rules).string.min_len = 1]; string code = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string new_password = 3 [(validate.rules).string = {min_len: 1, max_len: 72}]; } message SetPasswordNotificationRequest { string id = 1; NotificationType type = 2; } enum NotificationType { NOTIFICATIONTYPE_EMAIL = 0; NOTIFICATIONTYPE_SMS = 1; } message PasswordChange { string old_password = 1 [(validate.rules).string = {min_len: 1, max_len: 72}]; string new_password = 2 [(validate.rules).string = {min_len: 1, max_len: 72}]; } enum MfaType { MFATYPE_UNSPECIFIED = 0; MFATYPE_SMS = 1; MFATYPE_OTP = 2; } message VerifyMfaOtp { string code = 1; } message MultiFactors { repeated MultiFactor mfas = 1; } message MultiFactor { MfaType type = 1; MFAState state = 2; } message MfaOtpResponse { string user_id = 1; string url = 2; string secret = 3; MFAState state = 4; } enum MFAState { MFASTATE_UNSPECIFIED = 0; MFASTATE_NOT_READY = 1; MFASTATE_READY = 2; MFASTATE_REMOVED = 3; } message ApplicationID { string id = 1; } message Application { string id = 1; AppState state = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp change_date = 4; string name = 5; oneof app_config { OIDCConfig oidc_config = 8; } } enum AppState { APPSTATE_UNSPECIFIED = 0; APPSTATE_ACTIVE = 1; APPSTATE_INACTIVE = 2; APPSTATE_DELETED = 3; } message OIDCConfig { repeated string redirect_uris = 1; repeated OIDCResponseType response_types = 2; repeated OIDCGrantType grant_types = 3; OIDCApplicationType application_type = 4; string client_secret = 5; string client_id = 6; OIDCAuthMethodType auth_method_type = 7; repeated string post_logout_redirect_uris = 8; } enum OIDCGrantType { OIDCGRANTTYPE_AUTHORIZATION_CODE = 0; OIDCGRANTTYPE_GRANT_TYPE_NONE = 1; OIDCGRANTTYPE_REFRESH_TOKEN = 2; } enum OIDCApplicationType { OIDCAPPLICATIONTYPE_WEB = 0; OIDCAPPLICATIONTYPE_USER_AGENT = 1; OIDCAPPLICATIONTYPE_NATIVE = 2; } enum OIDCAuthMethodType { OIDCAUTHMETHODTYPE_BASIC = 0; OIDCAUTHMETHODTYPE_POST = 1; OIDCAUTHMETHODTYPE_NONE = 2; } message ApplicationSearchRequest { uint64 offset = 1; uint64 limit = 2; ApplicationSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];; bool asc = 4; repeated ApplicationSearchQuery queries = 5; } message ApplicationSearchQuery { ApplicationSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];; SearchMethod method = 2; string value = 3; } enum ApplicationSearchKey { APPLICATIONSEARCHKEY_UNSPECIFIED = 0; APPLICATIONSEARCHKEY_APP_TYPE = 1; APPLICATIONSEARCHKEY_STATE = 2; APPLICATIONSEARCHKEY_CLIENT_ID = 3; APPLICATIONSEARCHKEY_APP_NAME = 4; APPLICATIONSEARCHKEY_PROJECT_ID = 5; } message ApplicationSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated Application result = 4; } enum SearchMethod { SEARCHMETHOD_EQUALS = 0; SEARCHMETHOD_STARTS_WITH = 1; SEARCHMETHOD_CONTAINS = 2; } message ApplicationAuthorizeRequest { oneof auth { OIDCClientAuth oidc_client_auth = 1; } } message OIDCClientAuth { string client_id = 1; string client_secret = 2; } message GrantSearchRequest { uint64 offset = 1; uint64 limit = 2; GrantSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];; bool asc = 4; repeated GrantSearchQuery queries = 5; } message GrantSearchQuery { GrantSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];; SearchMethod method = 2; string value = 3; } enum GrantSearchKey { GRANTSEARCHKEY_UNSPECIFIED = 0; GRANTSEARCHKEY_ORG_ID = 1; GRANTSEARCHKEY_PROJECT_ID = 2; GRANTSEARCHKEY_USER_ID = 3; } message GrantSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated Grant result = 4; } message Grant { string OrgId = 1; string ProjectId = 2; string UserId = 3; repeated string Roles = 4; string OrgName = 5; } message MyProjectOrgSearchRequest { uint64 offset = 1; uint64 limit = 2; bool asc = 4; repeated MyProjectOrgSearchQuery queries = 5; } message MyProjectOrgSearchQuery { MyProjectOrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];; SearchMethod method = 2; string value = 3; } enum MyProjectOrgSearchKey { MYPROJECTORGSEARCHKEY_UNSPECIFIED = 0; MYPROJECTORGSEARCHKEY_ORG_NAME = 1; } message MyProjectOrgSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated Org result = 4; } message IsAdminResponse { bool is_admin = 1; } message Org { string id = 1; string name = 2; } message CreateTokenRequest { string agent_id = 1 [(validate.rules).string.min_len = 1]; string auth_session_id = 2 [(validate.rules).string.min_len = 1]; } message Token { string id = 1; google.protobuf.Timestamp expiration = 8; } message MyPermissions { repeated string permissions = 1; } message VerifyUserInitRequest { string id = 1; string code = 2; string password = 3; }