syntax = "proto3";

import "zitadel/object.proto";
import "validate/validate.proto";
import "protoc-gen-openapiv2/options/annotations.proto";

package zitadel.idp.v1;

option go_package ="github.com/caos/zitadel/pkg/grpc/idp";

message IDP {
    string id = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"69629023906488334\"";
        }
    ];
    zitadel.v1.ObjectDetails details = 2;
    IDPState state = 3 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "the state of the identity provider";
        }
    ];
    string name = 4 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"google\"";
        }
    ];
    IDPStylingType styling_type = 5 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "some identity providers specify the styling of the button to their login";
        }
    ];
    IDPOwnerType owner = 6 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "the administrator of this identity provider";
        }
    ];
    oneof config {
        OIDCConfig oidc_config = 7;
        JWTConfig jwt_config = 9;
    }
    bool auto_register = 8;
}

message IDPUserLink {
    string user_id = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"69629023906488334\"";
            description: "the id of the user"
        }
    ];
    string idp_id = 2 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"69629023906488334\"";
            description: "the id of the identity provider";
        }
    ];
    string idp_name = 3 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"google\"";
            description: "the name of the identity provider";
        }
    ];
    string provided_user_id = 4 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"as-12-df-89\"";
            description: "the id of the user provided by the identity provider";
        }
    ];
    string provided_user_name = 5 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"gigi.long-neck@gmail.com\"";
            description: "the id of the identity provider";
        }
    ];
    IDPType idp_type = 6 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "the authorization framework of the identity provider";
        }
    ];
}

message IDPLoginPolicyLink {
    string idp_id = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"69629023906488334\"";
            description: "the id of the identity provider"
        }
    ];
    string idp_name = 2 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"google\"";
            description: "the name of the identity provider"
        }
    ];
    IDPType idp_type = 3 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "the authorization framework of the identity provider";
        }
    ];
}

enum IDPState {
    IDP_STATE_UNSPECIFIED = 0;
    IDP_STATE_ACTIVE = 1;
    IDP_STATE_INACTIVE = 2;
}

enum IDPStylingType {
    STYLING_TYPE_UNSPECIFIED = 0;
    STYLING_TYPE_GOOGLE = 1;
}

// authorization framework of the identity provider
enum IDPType {
    IDP_TYPE_UNSPECIFIED = 0;
    IDP_TYPE_OIDC = 1;
    //PLANNED: IDP_TYPE_SAML
    IDP_TYPE_JWT = 3;
}

// the owner of the identity provider.
enum IDPOwnerType {
    IDP_OWNER_TYPE_UNSPECIFIED = 0;
    // system is managed by the ZITADEL administrators
    IDP_OWNER_TYPE_SYSTEM = 1;
    // org is managed by de organisation administrators
    IDP_OWNER_TYPE_ORG = 2;
}

message OIDCConfig {
    string client_id = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "client id generated by the identity provider";
        }
    ];
    string issuer = 2 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"https://accounts.google.com\"";
            description: "the oidc issuer of the identity provider";
        }
    ];
    repeated string scopes = 3 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "[\"openid\", \"profile\", \"email\"]";
            description: "the scopes requested by ZITADEL during the request on the identity provider";
        }
    ];
    OIDCMappingField display_name_mapping = 4 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "definition which field is mapped to the display name of the user";
        }
    ];
    OIDCMappingField username_mapping = 5 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "definition which field is mapped to the email of the user";
        }
    ];
}

enum OIDCMappingField {
    OIDC_MAPPING_FIELD_UNSPECIFIED = 0;
    OIDC_MAPPING_FIELD_PREFERRED_USERNAME = 1;
    OIDC_MAPPING_FIELD_EMAIL = 2;
}


message JWTConfig {
    string jwt_endpoint = 1 [
        (validate.rules).string = {min_len: 1, max_len: 200},
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"https://accounts.google.com\"";
            description: "the endpoint where the jwt can be extracted";
        }
    ];
    string issuer = 2 [
        (validate.rules).string = {min_len: 1, max_len: 200},
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"https://accounts.google.com\"";
            description: "the issuer of the jwt (for validation)";
        }
    ];
    string keys_endpoint = 3 [
        (validate.rules).string = {min_len: 1, max_len: 200},
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"https://accounts.google.com/keys\"";
            description: "the endpoint to the key (JWK) which are used to sign the JWT with";
        }
    ];
    string header_name = 4 [
        (validate.rules).string = {min_len: 1, max_len: 200},
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"x-auth-token\"";
            description: "the name of the header where the JWT is sent in, default is authorization";
        }
    ];
}

message IDPIDQuery {
    string id = 1 [
        (validate.rules).string = {max_len: 200},
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"69629023906488334\"";
        }
    ];
}

message IDPNameQuery {
    string name = 1 [
        (validate.rules).string = {max_len: 200},
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"google\"";
        }
    ];
    zitadel.v1.TextQueryMethod method = 2 [
        (validate.rules).enum.defined_only = true,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "defines which text equality method is used";
        }
    ];
}

message IDPOwnerTypeQuery {
    IDPOwnerType owner_type = 1 [
        (validate.rules).enum.defined_only = true,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "search for custom or global identity providers";
        }
    ];
}

enum IDPFieldName {
    IDP_FIELD_NAME_UNSPECIFIED = 0;
    IDP_FIELD_NAME_NAME = 1;
}