zitadel/pkg/grpc/admin/proto/admin.proto
Fabi 202aae4954
feat: mfa policy (#913)
* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy

* feat: add mfa to login policy on org

* feat: add mfa to login policy on org

* feat: append events on policy views

* feat: iam login policy mfa definition

* feat: login policies on orgs

* feat: configured mfas in login process

* feat: configured mfas in login process

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: rename software and hardware mfas

* fix: pr requests

* fix user mfa

* fix: test

* fix: oidc version

* fix: oidc version

* fix: proto gen

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
2020-11-04 11:26:10 +01:00

1154 lines
30 KiB
Protocol Buffer

syntax = "proto3";
import "google/api/annotations.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/struct.proto";
import "validate/validate.proto";
import "protoc-gen-swagger/options/annotations.proto";
import "authoption/options.proto";
package caos.zitadel.admin.api.v1;
option go_package ="github.com/caos/zitadel/pkg/grpc/admin";
option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
info: {
title: "admin service";
version: "0.1";
contact:{
url: "https://github.com/caos/zitadel/pkg/admin"
};
};
schemes: HTTPS;
consumes: "application/json";
consumes: "application/grpc";
produces: "application/json";
produces: "application/grpc";
};
service AdminService {
// ---------
// Probes
// ---------
// Healthz returns status OK as soon as the service started
rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
get: "/healthz"
};
}
// Ready returns status OK as soon as all dependent services are available
rpc Ready(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
get: "/ready"
};
}
rpc Validate(google.protobuf.Empty) returns (google.protobuf.Struct) {
option (google.api.http) = {
get: "/validate"
};
}
//ORG
rpc IsOrgUnique(UniqueOrgRequest) returns (UniqueOrgResponse) {
option (google.api.http) = {
get: "/orgs/_isunique"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
rpc GetOrgByID(OrgID) returns (Org) {
option (google.api.http) = {
get: "/orgs/{id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
rpc SearchOrgs(OrgSearchRequest) returns (OrgSearchResponse) {
option (google.api.http) = {
post: "/orgs/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
rpc SetUpOrg(OrgSetUpRequest) returns (OrgSetUpResponse) {
option (google.api.http) = {
post: "/orgs/_setup"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.write"
};
}
//ORG_IAM_POLICY
rpc GetDefaultOrgIamPolicy(google.protobuf.Empty) returns (OrgIamPolicyView) {
option (google.api.http) = {
get: "/orgs/default/policies/orgiam"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdateDefaultOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
option (google.api.http) = {
put: "/orgs/default/policies/orgiam"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetOrgIamPolicy(OrgIamPolicyID) returns (OrgIamPolicyView) {
option (google.api.http) = {
get: "/orgs/{org_id}/policies/orgiam"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc CreateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
option (google.api.http) = {
post: "/orgs/{org_id}/policies/orgiam"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc UpdateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
option (google.api.http) = {
put: "/orgs/{org_id}/policies/orgiam"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc RemoveOrgIamPolicy(OrgIamPolicyID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/orgs/{org_id}/policies/orgiam"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.delete"
};
}
rpc GetIamMemberRoles(google.protobuf.Empty) returns (IamMemberRoles) {
option (google.api.http) = {
get: "/members/roles"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.read"
};
}
rpc AddIamMember(AddIamMemberRequest) returns (IamMember) {
option (google.api.http) = {
post: "/members"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.write"
};
}
rpc ChangeIamMember(ChangeIamMemberRequest) returns (IamMember) {
option (google.api.http) = {
put: "/members/{user_id}"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.write"
};
}
rpc RemoveIamMember(RemoveIamMemberRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/members/{user_id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.delete"
};
}
rpc SearchIamMembers(IamMemberSearchRequest) returns (IamMemberSearchResponse) {
option (google.api.http) = {
post: "/members/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.read"
};
}
rpc GetViews(google.protobuf.Empty) returns (Views) {
option (google.api.http) = {
get: "/views"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
rpc ClearView(ViewID) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/views/{database}/{view_name}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.write"
};
}
rpc GetFailedEvents(google.protobuf.Empty) returns (FailedEvents) {
option (google.api.http) = {
get: "/failedevents"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
rpc RemoveFailedEvent(FailedEventID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/failedevents/{database}/{view_name}/{failed_sequence}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.write"
};
}
rpc IdpByID(IdpID) returns (IdpView) {
option (google.api.http) = {
get: "/idps/{id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.read"
};
}
rpc CreateOidcIdp(OidcIdpConfigCreate) returns (Idp) {
option (google.api.http) = {
post: "/idps/oidc"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc UpdateIdpConfig(IdpUpdate) returns (Idp) {
option (google.api.http) = {
put: "/idps/{id}"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc DeactivateIdpConfig(IdpID) returns (Idp) {
option (google.api.http) = {
put: "/idps/{id}/_deactivate"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc ReactivateIdpConfig(IdpID) returns (Idp) {
option (google.api.http) = {
put: "/idps/{id}/_reactivate"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc RemoveIdpConfig(IdpID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/idps/{id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc UpdateOidcIdpConfig(OidcIdpConfigUpdate) returns (OidcIdpConfig) {
option (google.api.http) = {
put: "/idps/{idp_id}/oidcconfig"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc SearchIdps(IdpSearchRequest) returns (IdpSearchResponse) {
option (google.api.http) = {
post: "/idps/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.read"
};
}
rpc GetDefaultLabelPolicy(google.protobuf.Empty) returns (DefaultLabelPolicyView) {
option (google.api.http) = {
get: "/policies/label"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdateDefaultLabelPolicy(DefaultLabelPolicyUpdate) returns (DefaultLabelPolicy) {
option (google.api.http) = {
put: "/policies/label"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetDefaultLoginPolicy(google.protobuf.Empty) returns (DefaultLoginPolicyView) {
option (google.api.http) = {
get: "/policies/login"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdateDefaultLoginPolicy(DefaultLoginPolicyRequest) returns (DefaultLoginPolicy) {
option (google.api.http) = {
put: "/policies/login"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetDefaultLoginPolicyIdpProviders(IdpProviderSearchRequest) returns (IdpProviderSearchResponse) {
option (google.api.http) = {
post: "/policies/login/idpproviders/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc AddIdpProviderToDefaultLoginPolicy(IdpProviderID) returns (IdpProviderID) {
option (google.api.http) = {
post: "/policies/login/idpproviders"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc RemoveIdpProviderFromDefaultLoginPolicy(IdpProviderID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/policies/login/idpproviders/{idp_config_id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetDefaultLoginPolicySecondFactors(google.protobuf.Empty) returns (SecondFactorsResult) {
option (google.api.http) = {
get: "/policies/login/secondfactors/_search"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc AddSecondFactorToDefaultLoginPolicy(SecondFactor) returns (SecondFactor) {
option (google.api.http) = {
post: "/policies/login/secondfactors"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc RemoveSecondFactorFromDefaultLoginPolicy(SecondFactor) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/policies/login/secondfactors/{second_factor}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetDefaultLoginPolicyMultiFactors(google.protobuf.Empty) returns (MultiFactorsResult) {
option (google.api.http) = {
get: "/policies/login/multifactors/_search"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc AddMultiFactorToDefaultLoginPolicy(MultiFactor) returns (MultiFactor) {
option (google.api.http) = {
post: "/policies/login/multifactors"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc RemoveMultiFactorFromDefaultLoginPolicy(MultiFactor) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/policies/login/multifactors/{multi_factor}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetDefaultPasswordComplexityPolicy(google.protobuf.Empty) returns (DefaultPasswordComplexityPolicyView) {
option (google.api.http) = {
get: "/policies/password/complexity"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdateDefaultPasswordComplexityPolicy(DefaultPasswordComplexityPolicyRequest) returns (DefaultPasswordComplexityPolicy) {
option (google.api.http) = {
put: "/policies/password/complexity"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetDefaultPasswordAgePolicy(google.protobuf.Empty) returns (DefaultPasswordAgePolicyView) {
option (google.api.http) = {
get: "/policies/password/age"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdateDefaultPasswordAgePolicy(DefaultPasswordAgePolicyRequest) returns (DefaultPasswordAgePolicy) {
option (google.api.http) = {
put: "/policies/password/age"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetDefaultPasswordLockoutPolicy(google.protobuf.Empty) returns (DefaultPasswordLockoutPolicyView) {
option (google.api.http) = {
get: "/policies/password/lockout"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdateDefaultPasswordLockoutPolicy(DefaultPasswordLockoutPolicyRequest) returns (DefaultPasswordLockoutPolicy) {
option (google.api.http) = {
put: "/policies/password/lockout"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
}
message OrgID {
string id = 1 [(validate.rules).string = {min_len: 1}];
}
message UniqueOrgRequest {
string name = 1 [(validate.rules).string.min_len = 1];
string domain = 2 [(validate.rules).string.min_len = 1];
}
message UniqueOrgResponse {
bool is_unique = 1;
}
message Org {
string id = 1;
OrgState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
string name = 5;
string domain = 6;
}
enum OrgState {
ORGSTATE_UNSPECIFIED = 0;
ORGSTATE_ACTIVE = 1;
ORGSTATE_INACTIVE = 2;
}
message OrgSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
OrgSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];;
bool asc = 4;
repeated OrgSearchQuery queries = 5;
}
message OrgSearchQuery {
OrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
OrgSearchMethod method = 2;
string value = 3;
}
enum OrgSearchKey {
ORGSEARCHKEY_UNSPECIFIED = 0;
ORGSEARCHKEY_NAME = 1;
ORGSEARCHKEY_DOMAIN = 2;
ORGSEARCHKEY_STATE = 3;
}
message OrgSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated Org result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
enum OrgSearchMethod {
ORGSEARCHMETHOD_EQUALS = 0;
ORGSEARCHMETHOD_STARTS_WITH = 1;
ORGSEARCHMETHOD_CONTAINS = 2;
}
message OrgSetUpRequest {
CreateOrgRequest org = 1 [(validate.rules).message.required = true];
CreateUserRequest user = 2 [(validate.rules).message.required = true];
}
message OrgSetUpResponse {
Org org = 1;
UserResponse user = 2;
}
message CreateUserRequest {
string user_name = 1 [(validate.rules).string.pattern = "^[^[:space:]]{1,200}$"];
oneof user {
option (validate.required) = true;
CreateHumanRequest human = 2;
CreateMachineRequest machine = 3;
}
}
message CreateHumanRequest {
string first_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string last_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string nick_name = 3 [(validate.rules).string = {max_len: 200}];
string preferred_language = 4 [(validate.rules).string = {max_len: 200}];
Gender gender = 5;
string email = 6 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}];
bool is_email_verified = 7;
string phone = 8 [(validate.rules).string = {max_len: 20}];
bool is_phone_verified = 9;
string country = 10 [(validate.rules).string = {max_len: 200}];
string locality = 11 [(validate.rules).string = {max_len: 200}];
string postal_code = 12 [(validate.rules).string = {max_len: 200}];
string region = 13 [(validate.rules).string = {max_len: 200}];
string street_address = 14 [(validate.rules).string = {max_len: 200}];
string password = 15 [(validate.rules).string = {max_len: 72}];
}
message CreateMachineRequest {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string description = 2 [(validate.rules).string = {max_len: 500}];
}
message UserResponse {
string id = 1;
UserState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
uint64 sequence = 5;
string user_name = 6;
oneof user {
option (validate.required) = true;
HumanResponse human = 7;
MachineResponse machine = 8;
}
}
enum UserState {
USERSTATE_UNSPECIFIED = 0;
USERSTATE_ACTIVE = 1;
USERSTATE_INACTIVE = 2;
USERSTATE_DELETED = 3;
USERSTATE_LOCKED = 4;
USERSTATE_SUSPEND = 5;
USERSTATE_INITIAL= 6;
}
enum Gender {
GENDER_UNSPECIFIED = 0;
GENDER_FEMALE = 1;
GENDER_MALE = 2;
GENDER_DIVERSE = 3;
}
message HumanResponse {
string first_name = 1;
string last_name = 2;
string display_name = 3;
string nick_name = 4;
string preferred_language = 5;
Gender gender = 6;
string email = 7;
bool is_email_verified = 8;
string phone = 9;
bool is_phone_verified = 10;
string country = 11;
string locality = 12;
string postal_code = 13;
string region = 14;
string street_address = 15;
}
message MachineResponse {
string name = 1;
string description = 2;
repeated MachineKeyResponse keys = 3;
}
message MachineKeyResponse {
string id = 1;
MachineKeyType type = 2;
uint64 sequence = 3;
google.protobuf.Timestamp creation_date = 4;
google.protobuf.Timestamp expiration_date = 5;
}
enum MachineKeyType {
MACHINEKEY_UNSPECIFIED = 0;
MACHINEKEY_JSON = 1;
}
message CreateOrgRequest {
string name = 1 [(validate.rules).string.min_len = 1];
string domain = 2;
}
message OrgIamPolicy {
string org_id = 1;
bool user_login_must_be_domain = 2;
bool default = 3;
uint64 sequence = 4;
google.protobuf.Timestamp creation_date = 5;
google.protobuf.Timestamp change_date = 6;
}
message OrgIamPolicyView {
string org_id = 1;
bool user_login_must_be_domain = 2;
bool default = 3;
uint64 sequence = 4;
google.protobuf.Timestamp creation_date = 5;
google.protobuf.Timestamp change_date = 6;
}
message OrgIamPolicyRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1}];
string description = 2;
bool user_login_must_be_domain = 3;
}
message OrgIamPolicyID {
string org_id = 1 [(validate.rules).string = {min_len: 1}];
}
message IamMemberRoles {
repeated string roles = 1;
}
message IamMember {
string user_id = 1;
repeated string roles = 2;
google.protobuf.Timestamp change_date = 3;
google.protobuf.Timestamp creation_date = 4;
uint64 sequence = 5;
}
message AddIamMemberRequest {
string user_id = 1 [(validate.rules).string = {min_len: 1}];
repeated string roles = 2;
}
message ChangeIamMemberRequest {
string user_id = 1 [(validate.rules).string = {min_len: 1}];
repeated string roles = 2;
}
message RemoveIamMemberRequest {
string user_id = 1 [(validate.rules).string = {min_len: 1}];
}
message IamMemberSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated IamMemberView result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
message IamMemberView {
string user_id = 1;
repeated string roles = 2;
google.protobuf.Timestamp change_date = 3;
google.protobuf.Timestamp creation_date = 4;
uint64 sequence = 5;
string user_name = 6;
string email = 7;
string first_name = 8;
string last_name = 9;
string display_name = 10;
}
message IamMemberSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
repeated IamMemberSearchQuery queries = 3;
}
message IamMemberSearchQuery {
IamMemberSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
SearchMethod method = 2;
string value = 3;
}
enum IamMemberSearchKey {
IAMMEMBERSEARCHKEY_UNSPECIFIED = 0;
IAMMEMBERSEARCHKEY_FIRST_NAME = 1;
IAMMEMBERSEARCHKEY_LAST_NAME = 2;
IAMMEMBERSEARCHKEY_EMAIL = 3;
IAMMEMBERSEARCHKEY_USER_ID = 4;
}
enum SearchMethod {
SEARCHMETHOD_EQUALS = 0;
SEARCHMETHOD_STARTS_WITH = 1;
SEARCHMETHOD_CONTAINS = 2;
SEARCHMETHOD_EQUALS_IGNORE_CASE = 3;
SEARCHMETHOD_STARTS_WITH_IGNORE_CASE = 4;
SEARCHMETHOD_CONTAINS_IGNORE_CASE = 5;
SEARCHMETHOD_NOT_EQUALS = 6;
SEARCHMETHOD_GREATER_THAN = 7;
SEARCHMETHOD_LESS_THAN = 8;
SEARCHMETHOD_IS_ONE_OF = 9;
SEARCHMETHOD_LIST_CONTAINS = 10;
}
message FailedEventID {
string database = 1 [(validate.rules).string = {min_len: 1}];
string view_name = 2 [(validate.rules).string = {min_len: 1}];
uint64 failed_sequence = 3;
}
message FailedEvents {
repeated FailedEvent failed_events = 1;
}
message FailedEvent {
string database = 1;
string view_name = 2;
uint64 failed_sequence = 3;
uint64 failure_count = 4;
string error_message = 5;
}
message ViewID {
string database = 1 [(validate.rules).string = {min_len: 1}];
string view_name = 2 [(validate.rules).string = {min_len: 1}];
}
message Views {
repeated View views = 1;
}
message View {
string database = 1;
string view_name = 2;
uint64 processed_sequence = 3;
google.protobuf.Timestamp view_timestamp = 4;
}
message IdpID {
string id = 1 [(validate.rules).string = {min_len: 1}];
}
message Idp {
string id = 1;
IdpState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
string name = 5;
IdpStylingType styling_type = 6;
oneof idp_config {
OidcIdpConfig oidc_config = 7;
}
uint64 sequence = 8;
}
message IdpUpdate {
string id = 1 [(validate.rules).string = {min_len: 1}];
string name = 2;
IdpStylingType styling_type = 3;
}
message OidcIdpConfig {
string client_id = 1;
string client_secret = 2;
string issuer = 3;
repeated string scopes = 4;
}
enum IdpStylingType {
IDPSTYLINGTYPE_UNSPECIFIED = 0;
IDPSTYLINGTYPE_GOOGLE = 1;
}
enum IdpState {
IDPCONFIGSTATE_UNSPECIFIED = 0;
IDPCONFIGSTATE_ACTIVE = 1;
IDPCONFIGSTATE_INACTIVE = 2;
}
enum OIDCMappingField {
OIDCMAPPINGFIELD_UNSPECIFIED = 0;
OIDCMAPPINGFIELD_PREFERRED_USERNAME = 1;
OIDCMAPPINGFIELD_EMAIL = 2;
}
message OidcIdpConfigCreate {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
IdpStylingType styling_type = 2;
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string scopes = 6;
OIDCMappingField idp_display_name_mapping = 7;
OIDCMappingField username_mapping = 8;
}
message OidcIdpConfigUpdate {
string idp_id = 1 [(validate.rules).string = {min_len: 1}];
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_secret = 3;
string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string scopes = 5;
OIDCMappingField idp_display_name_mapping = 6;
OIDCMappingField username_mapping = 7;
}
message IdpSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated IdpView result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
message IdpView {
string id = 1;
IdpState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
string name = 5;
IdpStylingType styling_type = 6;
oneof idp_config_view {
OidcIdpConfigView oidc_config = 7;
}
uint64 sequence = 8;
}
message OidcIdpConfigView {
string client_id = 1;
string issuer = 2;
repeated string scopes = 3;
OIDCMappingField idp_display_name_mapping = 4;
OIDCMappingField username_mapping = 5;
}
message IdpSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
repeated IdpSearchQuery queries = 3;
}
message IdpSearchQuery {
IdpSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
SearchMethod method = 2;
string value = 3;
}
enum IdpSearchKey {
IDPSEARCHKEY_UNSPECIFIED = 0;
IDPSEARCHKEY_IDP_CONFIG_ID = 1;
IDPSEARCHKEY_NAME = 2;
}
message DefaultLabelPolicy {
string primary_color = 1;
string secondary_color = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
}
message DefaultLabelPolicyUpdate {
string primary_color = 1;
string secondary_color = 2;
}
message DefaultLabelPolicyView {
string primary_color = 1;
string secondary_color = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
}
message DefaultLoginPolicy {
bool allow_username_password = 1;
bool allow_register = 2;
bool allow_external_idp = 3;
google.protobuf.Timestamp creation_date = 4;
google.protobuf.Timestamp change_date = 5;
bool force_mfa = 6;
}
message DefaultLoginPolicyRequest {
bool allow_username_password = 1;
bool allow_register = 2;
bool allow_external_idp = 3;
bool force_mfa = 4;
}
message IdpProviderID {
string idp_config_id = 1 [(validate.rules).string = {min_len: 1}];
}
message DefaultLoginPolicyView {
bool allow_username_password = 1;
bool allow_register = 2;
bool allow_external_idp = 3;
google.protobuf.Timestamp creation_date = 4;
google.protobuf.Timestamp change_date = 5;
bool force_mfa = 6;
}
message IdpProviderView {
string idp_config_id = 1;
string name = 2;
IdpType type = 3;
}
enum IdpType {
IDPTYPE_UNSPECIFIED = 0;
IDPTYPE_OIDC = 1;
IDPTYPE_SAML = 2;
}
message IdpProviderSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated IdpProviderView result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
message IdpProviderSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
}
message SecondFactorsResult {
repeated SecondFactorType second_factors = 1;
}
message SecondFactor {
SecondFactorType second_factor = 1;
}
enum SecondFactorType {
SECONDFACTORTYPE_UNSPECIFIED = 0;
SECONDFACTORTYPE_OTP = 1;
SECONDFACTORTYPE_U2F = 2;
}
message MultiFactorsResult {
repeated MultiFactorType multi_factors = 1;
}
message MultiFactor {
MultiFactorType multi_factor = 1;
}
enum MultiFactorType {
MULTIFACTORTYPE_UNSPECIFIED = 0;
MULTIFACTORTYPE_U2F_WITH_PIN = 1;
}
message DefaultPasswordComplexityPolicy {
uint64 min_length = 1;
bool has_uppercase = 2;
bool has_lowercase = 3;
bool has_number = 4;
bool has_symbol = 5;
google.protobuf.Timestamp creation_date = 6;
google.protobuf.Timestamp change_date = 7;
}
message DefaultPasswordComplexityPolicyRequest {
uint64 min_length = 1;
bool has_uppercase = 2;
bool has_lowercase = 3;
bool has_number = 4;
bool has_symbol = 5;
}
message DefaultPasswordComplexityPolicyView {
uint64 min_length = 1;
bool has_uppercase = 2;
bool has_lowercase = 3;
bool has_number = 4;
bool has_symbol = 5;
google.protobuf.Timestamp creation_date = 6;
google.protobuf.Timestamp change_date = 7;
}
message DefaultPasswordAgePolicy {
uint64 max_age_days = 1;
uint64 expire_warn_days = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
}
message DefaultPasswordAgePolicyRequest {
uint64 max_age_days = 1;
uint64 expire_warn_days = 2;
}
message DefaultPasswordAgePolicyView {
uint64 max_age_days = 1;
uint64 expire_warn_days = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
}
message DefaultPasswordLockoutPolicy {
uint64 max_attempts = 1;
bool show_lockout_failure = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
}
message DefaultPasswordLockoutPolicyRequest {
uint64 max_attempts = 1;
bool show_lockout_failure = 2;
}
message DefaultPasswordLockoutPolicyView {
uint64 max_attempts = 1;
bool show_lockout_failure = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
}