TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 11:34:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
3c819e561a
zitadel/pkg/auth/api/proto/auth.proto
Fabiennne 3c819e561a feat: add proto files
2020-03-23 10:50:40 +01:00

1170 lines
30 KiB
Protocol Buffer
Raw Blame History

syntax = "proto3";
import "google/api/annotations.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";
import "protoc-gen-swagger/options/annotations.proto";
import "authoption/options.proto";
package zitadel.auth.api.v1;
option go_package = "github.com/caos/citadel/auth/api/grpc";
option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
info: {
title: "Auth API";
version: "0.1";
contact:{
url: "https://github.com/caos/citadel/auth"
};
};
schemes: HTTPS;
consumes: "application/json";
consumes: "application/grpc";
produces: "application/json";
produces: "application/grpc";
};
service AuthService {
// Readiness
rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
get: "/healthz"
};
}
rpc Ready(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
get: "/ready"
};
}
rpc Validate(google.protobuf.Empty) returns (google.protobuf.Struct) {
option (google.api.http) = {
get: "/validate"
};
}
// Authorization
rpc GetUserAgent(UserAgentID) returns (UserAgent) {
option (google.api.http) = {
get: "/useragents/{id}"
};
}
rpc CreateUserAgent(UserAgentCreation) returns (UserAgent) {
option (google.api.http) = {
post: "/useragents"
body: "*"
};
}
rpc RevokeUserAgent(UserAgentID) returns (UserAgent) {
option (google.api.http) = {
put: "/useragents/{id}"
body: "*"
};
}
rpc CreateAuthSession(AuthSessionCreation) returns (AuthSessionResponse) {
option (google.api.http) = {
post: "/useragents/{agent_id}/authsessions"
body: "*"
};
}
rpc GetAuthSession(AuthSessionID) returns (AuthSessionResponse) {
option (google.api.http) = {
get: "/useragents/{agent_id}/authsessions/{id}"
};
}
rpc GetAuthSessionByTokenID(TokenID) returns (AuthSessionView) {
option (google.api.http) = {
get: "/tokens/{id}/authsession"
};
}
rpc SelectUser(SelectUserRequest) returns (AuthSessionResponse) {
option (google.api.http) = {
put: "/useragents/{agent_id}/authsessions/{auth_session_id}/_selectuser"
body: "*"
};
}
rpc VerifyUser(VerifyUserRequest) returns (AuthSessionResponse) {
option (google.api.http) = {
put: "/useragents/{agent_id}/authsessions/{auth_session_id}/_verifyuser"
body: "*"
};
}
rpc VerifyPassword(VerifyPasswordRequest) returns (AuthSessionResponse) {
option (google.api.http) = {
put: "/useragents/{agent_id}/authsessions/{auth_session_id}/_verifypassword"
body: "*"
};
}
rpc VerifyMfa(VerifyMfaRequest) returns (AuthSessionResponse) {
option (google.api.http) = {
put: "/useragents/{agent_id}/authsessions/{auth_session_id}/_verifymfa"
body: "*"
};
}
rpc GetUserAgentSessions(UserAgentID) returns (UserSessions) {
option (google.api.http) = {
get: "/useragents/{id}/usersessions"
};
}
rpc GetUserSession(UserSessionID) returns (UserSession) {
option (google.api.http) = {
get: "/useragents/{agent_id}/usersessions/{id}"
};
}
rpc GetMyUserSessions(google.protobuf.Empty) returns (UserSessionViews) {
option (google.api.http) = {
get: "/me/usersessions"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc TerminateUserSession(UserSessionID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/useragents/{agent_id}/usersessions/{id}"
};
}
rpc CreateToken(CreateTokenRequest) returns (Token) {
option (google.api.http) = {
post: "/useragents/{agent_id}/authsessions/{auth_session_id}/tokens"
body: "*"
};
}
//User
rpc IsUserUnique(UniqueUserRequest) returns (UniqueUserResponse) {
option (google.api.http) = {
get: "/users/_isunique"
};
}
rpc RegisterUser(RegisterUserRequest) returns (User) {
option (google.api.http) = {
post: "/users/_register"
body: "*"
};
}
rpc RegisterUserWithExternal(RegisterUserExternalIDPRequest) returns (User) {
option (google.api.http) = {
post: "/users/_externalregister"
body: "*"
};
}
rpc GetMyUserProfile(google.protobuf.Empty) returns (UserProfile) {
option (google.api.http) = {
get: "/users/me/profile"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc UpdateMyUserProfile(UpdateUserProfileRequest) returns (UserProfile) {
option (google.api.http) = {
put: "/users/me/profile"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc GetMyUserEmail(google.protobuf.Empty) returns (UserEmail) {
option (google.api.http) = {
get: "/users/me/email"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc ChangeMyUserEmail(UpdateUserEmailRequest) returns (UserEmail) {
option (google.api.http) = {
put: "/users/me/email"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc VerifyMyUserEmail(VerifyMyUserEmailRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/me/email/_verify"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc VerifyUserEmail(VerifyUserEmailRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/{id}/email/_verify"
body: "*"
};
}
rpc ResendMyEmailVerificationMail(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/me/email/_resendverification"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc ResendEmailVerificationMail(UserID) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/{id}/email/_resendverification"
body: "*"
};
}
rpc GetMyUserPhone(google.protobuf.Empty) returns (UserPhone) {
option (google.api.http) = {
get: "/users/me/phone"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc ChangeMyUserPhone(UpdateUserPhoneRequest) returns (UserPhone) {
option (google.api.http) = {
put: "/users/me/phone"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc VerifyMyUserPhone(VerifyUserPhoneRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/me/phone/_verify"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc ResendMyPhoneVerificationCode(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/me/phone/_resendverification"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc GetMyUserAddress(google.protobuf.Empty) returns (UserAddress) {
option (google.api.http) = {
get: "/users/me/address"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc UpdateMyUserAddress(UpdateUserAddressRequest) returns (UserAddress) {
option (google.api.http) = {
put: "/users/me/address"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc GetMyMfas(google.protobuf.Empty) returns (MultiFactors) {
option (google.api.http) = {
get: "/users/me/mfas"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
//Password
rpc SetMyPassword(PasswordRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
put: "/users/me/passwords"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc RequestPasswordReset(ResetPasswordRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/passwords/_requestpwreset"
body: "*"
};
}
rpc PasswordReset(ResetPassword) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/{id}/passwords/_resetpw"
body: "*"
};
}
rpc ChangeMyPassword(PasswordChange) returns (google.protobuf.Empty) {
option (google.api.http) = {
put: "/users/me/passwords/_change"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
// MFA
rpc AddMfaOTP(google.protobuf.Empty) returns (MfaOtpResponse) {
option (google.api.http) = {
post: "/users/me/mfa/otp"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc VerifyMfaOTP(VerifyMfaOtp) returns (MfaOtpResponse) {
option (google.api.http) = {
put: "/users/me/mfa/otp/_verify"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc RemoveMfaOTP(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/users/me/mfa/otp"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc SkipMfaInit(SkipMfaInitRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/{user_id}/mfa/_skipinit"
body: "*"
};
}
//TODO: Remove func only for tests
rpc GetUserByID(UserID) returns (User) {
option (google.api.http) = {
get: "/users/{id}"
};
}
//Application
rpc GetApplicationByID(ApplicationID) returns (Application) {
option (google.api.http) = {
get: "/applications/{id}"
};
}
rpc SearchApplications(ApplicationSearchRequest) returns (ApplicationSearchResponse) {
option (google.api.http) = {
post: "/applications/_search"
body: "*"
};
}
rpc AuthorizeApplication(ApplicationAuthorizeRequest) returns (Application) {
option (google.api.http) = {
post: "/applications/_authorize"
body: "*"
};
}
//Grant
rpc SearchGrant(GrantSearchRequest) returns (GrantSearchResponse) {
option (google.api.http) = {
post: "/grants/_search"
body: "*"
};
}
rpc SearchMyProjectOrgs(MyProjectOrgSearchRequest) returns (MyProjectOrgSearchResponse) {
option (google.api.http) = {
post: "/global/projectorgs/_search"
body: "*"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc IsIamAdmin(google.protobuf.Empty) returns (IsAdminResponse) {
option (google.api.http) = {
get: "/global/_isiamadmin"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
//Permission
rpc GetMyCitadelPermissions(google.protobuf.Empty) returns (MyPermissions) {
option (google.api.http) = {
get: "/permissions/zitadel/me"
};
option (caos.citadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
}
message SessionRequest {
string user_id = 1;
BrowserInformation browser_info = 2;
}
message UserAgent {
string id = 1;
BrowserInformation browser_info = 2;
UserAgentState state = 3;
}
enum UserAgentState {
USERAGENTSTATE_UNSPECIFIED = 0;
USERAGENTSTATE_ACTIVE = 1;
USERAGENTSTATE_TERMINATED = 2;
}
message UserAgentID {
string id = 1;
}
message UserAgentCreation {
BrowserInformation browser_info = 1 [(validate.rules).message.required = true];
}
message UserAgents {
repeated UserAgent sessions = 1;
}
message AuthSessionCreation {
string agent_id = 1 [(validate.rules).string.min_len = 1];
AuthSessionType type = 2;
BrowserInformation browser_info = 3 [(validate.rules).message.required = true];
string client_id = 4 [(validate.rules).string.min_len = 1];
string redirect_uri = 5 [(validate.rules).string.min_len = 1];
string state = 6;
Prompt prompt = 7;
repeated string auth_context_class_reference = 8;
repeated string ui_locales = 9;
string login_hint = 10;
uint32 max_age = 11;
oneof type_info {
AuthRequestOIDC oidc = 12;
}
string preselected_user_id = 13;
}
message AuthSessionResponse {
string agent_id = 1;
string id = 2;
AuthSessionType type = 3;
string client_id = 4;
string redirect_uri = 5;
string state = 6;
Prompt prompt = 7;
repeated string auth_context_class_reference = 8;
repeated string ui_locales = 9;
string login_hint = 10;
uint32 max_age = 11;
oneof type_info {
AuthRequestOIDC oidc = 12;
}
repeated NextStep possible_steps = 13;
repeated string project_client_ids = 14;
UserSession user_session = 15;
}
message AuthSessionView {
string agent_id = 1;
string auth_session_id = 2;
AuthSessionType type = 3;
string client_id = 4;
string user_session_id = 5;
repeated string project_client_ids = 6;
string token_id = 7;
google.protobuf.Timestamp token_expiration = 8;
string user_id = 9;
}
message TokenID {
string id = 1;
}
message UserSessionID {
string id = 1;
string agent_id = 2;
}
message UserSessions {
repeated UserSession user_sessions = 1;
}
message UserSession {
string id = 1;
string agent_id = 2;
UserSessionState auth_state = 3;
AuthUser user = 4;
bool password_verified = 5;
MfaType mfa = 6;
bool mfa_verified = 7;
google.protobuf.Timestamp auth_time = 8;
}
message UserSessionViews {
repeated UserSessionView user_sessions = 1;
}
message UserSessionView {
string id = 1;
string agent_id = 2;
UserSessionState auth_state = 3;
string user_id = 4;
string user_name = 5;
}
message AuthUser {
string user_id = 1;
string user_name = 2;
}
enum UserSessionState {
USERSESSIONSTATE_UNSPECIFIED = 0;
USERSESSIONSTATE_ACTIVE = 1;
USERSESSIONSTATE_TERMINATED = 2;
}
message AuthSessionID {
string id = 1;
string agent_id = 2;
BrowserInformation browser_info = 3;
}
message SelectUserRequest {
string agent_id = 1;
string auth_session_id = 2;
string user_session_id = 3;
BrowserInformation browser_info = 4 [(validate.rules).message.required = true];
}
message VerifyUserRequest {
string agent_id = 1 [(validate.rules).string.min_len = 1];
string auth_session_id = 2 [(validate.rules).string.min_len = 1];
string user_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
BrowserInformation browser_info = 4 [(validate.rules).message.required = true];
}
message VerifyPasswordRequest {
string agent_id = 1 [(validate.rules).string.min_len = 1];
string auth_session_id = 2 [(validate.rules).string.min_len = 1];
string password = 3 [(validate.rules).string = {min_len: 1, max_len: 72}];
BrowserInformation browser_info = 4 [(validate.rules).message.required = true];
}
message VerifyMfaRequest {
string agent_id = 1 [(validate.rules).string.min_len = 1];
string auth_session_id = 2 [(validate.rules).string.min_len = 1];
BrowserInformation browser_info = 3;
oneof mfa {
AuthSessionMultiFactorOTP otp = 4;
}
}
message AuthSessionMultiFactorOTP {
string code = 1 [(validate.rules).string = {max_len: 200}];
}
message NextStep {
NextStepType type = 1;
oneof data {
LoginData login = 2;
PasswordData password = 3;
MfaVerifyData mfa_verify = 4;
MfaPromptData mfa_prompt = 5;
ChooseUserData choose_user = 6;
}
}
enum NextStepType {
NEXTSTEP_UNSPECIFIED = 0;
NEXTSTEP_LOGIN = 1;
NEXTSTEP_PASSWORD = 2;
NEXTSTEP_CHANGE_PASSWORD = 3;
NEXTSTEP_MFA_PROMPT = 4; //TODO: ?
NEXTSTEP_MFA_INIT_CHOICE = 5; //TODO: ?
NEXTSTEP_MFA_INIT_CREATE = 6;
NEXTSTEP_MFA_INIT_VERIFY = 7;
NEXTSTEP_MFA_INIT_DONE = 8;
NEXTSTEP_MFA_VERIFY = 9;
NEXTSTEP_MFA_VERIFY_ASYNC = 10;
NEXTSTEP_VERIFY_EMAIL = 11;
NEXTSTEP_REDIRECT_TO_CALLBACK = 12;
NEXTSTEP_INIT_PASSWORD = 13;
NEXTSTEP_CHOOSE_USER = 14;
}
message LoginData {
string err_msg = 1;
}
message PasswordData {
string err_msg = 1;
uint32 failure_count = 2;
}
message MfaVerifyData {
string err_msg = 1;
uint32 failure_count = 2;
repeated MfaType mfa_providers = 3;
}
message MfaPromptData {
bool required = 1;
repeated MfaType mfa_providers = 2;
}
message ChooseUserData {
repeated ChooseUser users = 1;
}
message ChooseUser {
string user_session_id = 1;
string user_id = 2;
string user_name = 3;
UserSessionState user_session_state = 4;
}
message SkipMfaInitRequest {
string user_id = 1;
}
enum AuthSessionType {
AUTHSESSIONTYPE_UNSPECIFIED = 0; //TODO: necessary?
AUTHSESSIONTYPE_OIDC = 1;
AUTHSESSIONTYPE_SAML = 2;
}
message BrowserInformation {
string user_agent = 1;
IP remote_ip = 2 [(validate.rules).message.required = true];
string accept_language = 3;
}
message IP {
string V4 = 1;
string V6 = 2;
}
enum Prompt {
PROMPT_UNSPECIFIED = 0;
PROMPT_NONE = 1;
PROMPT_LOGIN = 2;
PROMPT_CONSENT = 3;
PROMPT_SELECT_ACCOUNT = 4;
}
message AuthRequestOIDC {
repeated string scope = 1;
OIDCResponseType response_type = 2;
string nonce = 3;
CodeChallenge code_challenge = 4;
}
enum OIDCResponseType {
OIDCRESPONSETYPE_CODE = 0;
OIDCRESPONSETYPE_ID_TOKEN = 1;
OIDCRESPONSETYPE_ID_TOKEN_TOKEN = 2;
}
message CodeChallenge {
string challenge = 1;
CodeChallengeMethod method = 2;
}
enum CodeChallengeMethod {
CODECHALLENGEMETHOD_PLAIN = 0;
CODECHALLENGEMETHOD_S256 = 1;
}
message UserID {
string id = 1;
}
message UniqueUserRequest {
string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string email = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message UniqueUserResponse {
bool is_unique = 1;
}
message RegisterUserRequest {
string email = 1 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}];
string first_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string last_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string nick_name = 4 [(validate.rules).string = {max_len: 200}];
string display_name = 5 [(validate.rules).string = {max_len: 200}];
string preferred_language = 6 [(validate.rules).string = {max_len: 200}];
Gender gender = 7;
string password = 8 [(validate.rules).string = {min_len: 1, max_len: 72}];
string org_id = 9 [(validate.rules).string.min_len = 1];
}
message RegisterUserExternalIDPRequest {
string email = 1 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}];
string first_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string last_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string nick_name = 4 [(validate.rules).string = {max_len: 200}];
string display_name = 5 [(validate.rules).string = {max_len: 200}];
string preferred_language = 6 [(validate.rules).string = {max_len: 200}];
Gender gender = 7;
IDPProvider idp_provider = 8;
string org_id = 9 [(validate.rules).string.min_len = 1];
}
message IDPProvider {
string provider = 8;
string externalIdpID = 9;
}
message User {
string id = 1;
UserState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp activation_date = 4;
google.protobuf.Timestamp change_date = 5;
google.protobuf.Timestamp last_login = 6;
google.protobuf.Timestamp password_changed = 7;
string user_name = 8;
string first_name = 9;
string last_name = 10;
string nick_name = 11;
string display_name = 12;
string preferred_language = 13;
Gender gender = 14;
string email = 15;
bool is_email_verified = 16;
string phone = 17;
bool is_phone_verified = 18;
string country = 19;
string locality = 20;
string postal_code = 21;
string region = 22;
string street_address = 23;
bool password_change_required = 24;
}
enum UserState {
USERSTATE_UNSPECIEFIED = 0;
USERSTATE_ACTIVE = 1;
USERSTATE_INACTIVE = 2;
USERSTATE_DELETED = 3;
USERSTATE_LOCKED = 4;
USERSTATE_SUSPEND = 5;
USERSTATE_INITIAL= 6;
}
enum Gender {
GENDER_UNSPECIFIED = 0;
GENDER_FEMALE = 1;
GENDER_MALE = 2;
GENDER_DIVERSE = 3;
}
message UserProfile {
string id = 1;
string user_name = 2;
string first_name = 3;
string last_name = 4;
string nick_name = 5;
string display_name = 6;
string preferred_language = 7;
Gender gender = 8;
}
message UpdateUserProfileRequest {
string first_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string last_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string nick_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string display_name = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string preferred_language = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
Gender gender = 6;
}
message UserEmail {
string id = 1;
string email = 2;
bool isEmailVerified = 3;
}
message VerifyMyUserEmailRequest {
string code = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message VerifyUserEmailRequest {
string id = 1;
string code = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message UpdateUserEmailRequest {
string email = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message UserPhone {
string id = 1;
string phone = 2;
bool is_phone_verified = 3;
}
message UpdateUserPhoneRequest {
string phone = 1 [(validate.rules).string = {min_len: 1, max_len: 20}];
}
message VerifyUserPhoneRequest {
string code = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message UserAddress {
string id = 1;
string country = 2;
string locality = 3;
string postal_code = 4;
string region = 5;
string street_address = 6;
}
message UpdateUserAddressRequest {
string country = 1 [(validate.rules).string = {max_len: 200}];
string locality = 2 [(validate.rules).string = {max_len: 200}];
string postal_code = 3 [(validate.rules).string = {max_len: 200}];
string region = 4 [(validate.rules).string = {max_len: 200}];
string street_address = 5 [(validate.rules).string = {max_len: 200}];
}
message PasswordID{
string id = 1;
}
message PasswordRequest {
string password = 1 [(validate.rules).string = {min_len: 1, max_len: 72}];
}
message ResetPasswordRequest {
string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
NotificationType type = 2;
}
message ResetPassword {
string id = 1 [(validate.rules).string.min_len = 1];
string code = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string new_password = 3 [(validate.rules).string = {min_len: 1, max_len: 72}];
}
message SetPasswordNotificationRequest {
string id = 1;
NotificationType type = 2;
}
enum NotificationType {
NOTIFICATIONTYPE_EMAIL = 0;
NOTIFICATIONTYPE_SMS = 1;
}
message PasswordChange {
string old_password = 1 [(validate.rules).string = {min_len: 1, max_len: 72}];
string new_password = 2 [(validate.rules).string = {min_len: 1, max_len: 72}];
}
enum MfaType {
MFATYPE_UNSPECIFIED = 0;
MFATYPE_SMS = 1;
MFATYPE_OTP = 2;
}
message VerifyMfaOtp {
string code = 1;
}
message MultiFactors {
repeated MultiFactor mfas = 1;
}
message MultiFactor {
MfaType type = 1;
MFAState state = 2;
}
message MfaOtpResponse {
string user_id = 1;
string url = 2;
string secret = 3;
MFAState state = 4;
}
enum MFAState {
MFASTATE_UNSPECIFIED = 0;
MFASTATE_NOT_READY = 1;
MFASTATE_READY = 2;
MFASTATE_REMOVED = 3;
}
message ApplicationID {
string id = 1;
}
message Application {
string id = 1;
AppState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
string name = 5;
oneof app_config {
OIDCConfig oidc_config = 8;
}
}
enum AppState {
APPSTATE_UNSPECIFIED = 0;
APPSTATE_ACTIVE = 1;
APPSTATE_INACTIVE = 2;
APPSTATE_DELETED = 3;
}
message OIDCConfig {
repeated string redirect_uris = 1;
repeated OIDCResponseType response_types = 2;
repeated OIDCGrantType grant_types = 3;
OIDCApplicationType application_type = 4;
string client_secret = 5;
string client_id = 6;
OIDCAuthMethodType auth_method_type = 7;
repeated string post_logout_redirect_uris = 8;
}
enum OIDCGrantType {
OIDCGRANTTYPE_AUTHORIZATION_CODE = 0;
OIDCGRANTTYPE_GRANT_TYPE_NONE = 1;
OIDCGRANTTYPE_REFRESH_TOKEN = 2;
}
enum OIDCApplicationType {
OIDCAPPLICATIONTYPE_WEB = 0;
OIDCAPPLICATIONTYPE_USER_AGENT = 1;
OIDCAPPLICATIONTYPE_NATIVE = 2;
}
enum OIDCAuthMethodType {
OIDCAUTHMETHODTYPE_BASIC = 0;
OIDCAUTHMETHODTYPE_POST = 1;
OIDCAUTHMETHODTYPE_NONE = 2;
}
message ApplicationSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
ApplicationSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];;
bool asc = 4;
repeated ApplicationSearchQuery queries = 5;
}
message ApplicationSearchQuery {
ApplicationSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
SearchMethod method = 2;
string value = 3;
}
enum ApplicationSearchKey {
APPLICATIONSEARCHKEY_UNSPECIFIED = 0;
APPLICATIONSEARCHKEY_APP_TYPE = 1;
APPLICATIONSEARCHKEY_STATE = 2;
APPLICATIONSEARCHKEY_CLIENT_ID = 3;
APPLICATIONSEARCHKEY_APP_NAME = 4;
APPLICATIONSEARCHKEY_PROJECT_ID = 5;
}
message ApplicationSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated Application result = 4;
}
enum SearchMethod {
SEARCHMETHOD_EQUALS = 0;
SEARCHMETHOD_STARTS_WITH = 1;
SEARCHMETHOD_CONTAINS = 2;
}
message ApplicationAuthorizeRequest {
oneof auth {
OIDCClientAuth oidc_client_auth = 1;
}
}
message OIDCClientAuth {
string client_id = 1;
string client_secret = 2;
}
message GrantSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
GrantSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];;
bool asc = 4;
repeated GrantSearchQuery queries = 5;
}
message GrantSearchQuery {
GrantSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
SearchMethod method = 2;
string value = 3;
}
enum GrantSearchKey {
GRANTSEARCHKEY_UNSPECIFIED = 0;
GRANTSEARCHKEY_ORG_ID = 1;
GRANTSEARCHKEY_PROJECT_ID = 2;
GRANTSEARCHKEY_USER_ID = 3;
}
message GrantSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated Grant result = 4;
}
message Grant {
string OrgId = 1;
string ProjectId = 2;
string UserId = 3;
repeated string Roles = 4;
string OrgName = 5;
}
message MyProjectOrgSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
bool asc = 4;
repeated MyProjectOrgSearchQuery queries = 5;
}
message MyProjectOrgSearchQuery {
MyProjectOrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
SearchMethod method = 2;
string value = 3;
}
enum MyProjectOrgSearchKey {
MYPROJECTORGSEARCHKEY_UNSPECIFIED = 0;
MYPROJECTORGSEARCHKEY_ORG_NAME = 1;
}
message MyProjectOrgSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated Org result = 4;
}
message IsAdminResponse {
bool is_admin = 1;
}
message Org {
string id = 1;
string name = 2;
}
message CreateTokenRequest {
string agent_id = 1 [(validate.rules).string.min_len = 1];
string auth_session_id = 2 [(validate.rules).string.min_len = 1];
}
message Token {
string id = 1;
google.protobuf.Timestamp expiration = 8;
}
message MyPermissions {
repeated string permissions = 1;
}
message VerifyUserInitRequest {
string id = 1;
string code = 2;
string password = 3;
}
Reference in New Issue View Git Blame Copy Permalink