mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-14 03:54:21 +00:00
229 lines
7.5 KiB
Protocol Buffer
229 lines
7.5 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "zitadel/object.proto";
|
|
import "zitadel/message.proto";
|
|
import "google/protobuf/duration.proto";
|
|
import "validate/validate.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
|
|
package zitadel.app.v1;
|
|
|
|
option go_package ="github.com/zitadel/zitadel/pkg/grpc/app";
|
|
|
|
message App {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
AppState state = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "current state of the application";
|
|
}
|
|
];
|
|
string name = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Console\"";
|
|
}
|
|
];
|
|
oneof config {
|
|
OIDCConfig oidc_config = 5;
|
|
APIConfig api_config = 6;
|
|
SAMLConfig saml_config = 7;
|
|
}
|
|
}
|
|
|
|
enum AppState {
|
|
APP_STATE_UNSPECIFIED = 0;
|
|
APP_STATE_ACTIVE = 1;
|
|
APP_STATE_INACTIVE = 2;
|
|
}
|
|
|
|
message AppQuery {
|
|
oneof query {
|
|
option (validate.required) = true;
|
|
|
|
AppNameQuery name_query = 1;
|
|
}
|
|
}
|
|
|
|
message AppNameQuery {
|
|
string name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Conso\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message OIDCConfig {
|
|
reserved "client_secret";
|
|
reserved 6;
|
|
repeated string redirect_uris = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/auth/callback\"]";
|
|
description: "Callback URI of the authorization request where the code or tokens will be sent to";
|
|
}
|
|
];
|
|
repeated OIDCResponseType response_types = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Determines whether a code, id_token token or just id_token will be returned"
|
|
}
|
|
];
|
|
repeated OIDCGrantType grant_types = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "The flow type the application uses to gain access";
|
|
}
|
|
];
|
|
OIDCAppType app_type = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "determines the paradigm of the application";
|
|
}
|
|
];
|
|
string client_id = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334@ZITADEL\"";
|
|
description: "generated oauth2/oidc client id";
|
|
}
|
|
];
|
|
OIDCAuthMethodType auth_method_type = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines how the application passes login credentials";
|
|
}
|
|
];
|
|
repeated string post_logout_redirect_uris = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/logout\"]";
|
|
description: "ZITADEL will redirect to this link after a successful logout";
|
|
}
|
|
];
|
|
OIDCVersion version = 9 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the oidc version used by the application";
|
|
}
|
|
];
|
|
bool none_compliant = 10 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "specifies wheter the config is oidc compliant. A production configuration SHOULD be compliant";
|
|
}
|
|
];
|
|
repeated zitadel.v1.LocalizedMessage compliance_problems = 11 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "lists the problems for non compliancy";
|
|
}
|
|
];
|
|
bool dev_mode = 12 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "used for development";
|
|
}
|
|
];
|
|
OIDCTokenType access_token_type = 13 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "type of the access token returned from ZITADEL";
|
|
}
|
|
];
|
|
bool access_token_role_assertion = 14 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "adds roles to the claims of the access token (only if type == jwt) even if they are not requested by scopes";
|
|
}
|
|
];
|
|
bool id_token_role_assertion = 15 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "adds roles to the claims of the id token even if they are not requested by scopes";
|
|
}
|
|
];
|
|
bool id_token_userinfo_assertion = 16 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the oidc specification";
|
|
}
|
|
];
|
|
google.protobuf.Duration clock_skew = 17 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and substracted from \"iat\", \"auth_time\" and \"nbf\" claims";
|
|
// min: "0s";
|
|
// max: "5s";
|
|
}
|
|
];
|
|
repeated string additional_origins = 18 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/auth/callback\"]";
|
|
description: "additional origins (other than the redirect_uris) from where the api can be used";
|
|
}
|
|
];
|
|
repeated string allowed_origins = 19 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/auth/callback\"]";
|
|
description: "all allowed origins from where the api can be used";
|
|
}
|
|
];
|
|
}
|
|
|
|
enum OIDCResponseType {
|
|
OIDC_RESPONSE_TYPE_CODE = 0;
|
|
OIDC_RESPONSE_TYPE_ID_TOKEN = 1;
|
|
OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN = 2;
|
|
}
|
|
|
|
enum OIDCGrantType{
|
|
OIDC_GRANT_TYPE_AUTHORIZATION_CODE = 0;
|
|
OIDC_GRANT_TYPE_IMPLICIT = 1;
|
|
OIDC_GRANT_TYPE_REFRESH_TOKEN = 2;
|
|
}
|
|
|
|
enum OIDCAppType {
|
|
OIDC_APP_TYPE_WEB = 0;
|
|
OIDC_APP_TYPE_USER_AGENT = 1;
|
|
OIDC_APP_TYPE_NATIVE = 2;
|
|
}
|
|
|
|
enum OIDCAuthMethodType {
|
|
OIDC_AUTH_METHOD_TYPE_BASIC = 0;
|
|
OIDC_AUTH_METHOD_TYPE_POST = 1;
|
|
OIDC_AUTH_METHOD_TYPE_NONE = 2;
|
|
OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT = 3;
|
|
}
|
|
|
|
enum OIDCVersion {
|
|
OIDC_VERSION_1_0 = 0;
|
|
}
|
|
|
|
enum OIDCTokenType {
|
|
OIDC_TOKEN_TYPE_BEARER = 0;
|
|
OIDC_TOKEN_TYPE_JWT = 1;
|
|
}
|
|
|
|
message SAMLConfig {
|
|
oneof metadata{
|
|
bytes metadata_xml = 1;
|
|
string metadata_url = 2;
|
|
}
|
|
}
|
|
|
|
enum APIAuthMethodType {
|
|
API_AUTH_METHOD_TYPE_BASIC = 0;
|
|
API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT = 1;
|
|
}
|
|
|
|
message APIConfig {
|
|
reserved "client_secret";
|
|
reserved 2;
|
|
string client_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334@ZITADEL\"";
|
|
description: "generated oauth2/oidc client_id";
|
|
}
|
|
];
|
|
APIAuthMethodType auth_method_type = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines how the api passes the login credentials";
|
|
}
|
|
];
|
|
}
|