mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-07 06:02:04 +00:00
2519 lines
79 KiB
Protocol Buffer
2519 lines
79 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package zitadel.resources.user.v3alpha;
|
|
|
|
import "google/api/annotations.proto";
|
|
import "google/api/field_behavior.proto";
|
|
import "google/protobuf/duration.proto";
|
|
import "google/protobuf/struct.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
import "validate/validate.proto";
|
|
import "zitadel/object/v3alpha/object.proto";
|
|
import "zitadel/resources/object/v3alpha/object.proto";
|
|
import "zitadel/protoc_gen_zitadel/v2/options.proto";
|
|
import "zitadel/resources/user/v3alpha/authenticator.proto";
|
|
import "zitadel/resources/user/v3alpha/communication.proto";
|
|
import "zitadel/resources/user/v3alpha/query.proto";
|
|
import "zitadel/resources/user/v3alpha/user.proto";
|
|
|
|
option go_package = "github.com/zitadel/zitadel/pkg/grpc/resources/user/v3alpha;user";
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
|
|
info: {
|
|
title: "User Service";
|
|
version: "3.0-alpha";
|
|
description: "This API is intended to manage users with your own data schema in a ZITADEL instance. This project is in preview state. It can AND will continue breaking until the service provides the same functionality as the v1 and v2 user services.";
|
|
contact:{
|
|
name: "ZITADEL"
|
|
url: "https://zitadel.com"
|
|
email: "hi@zitadel.com"
|
|
}
|
|
license: {
|
|
name: "Apache 2.0",
|
|
url: "https://github.com/zitadel/zitadel/blob/main/LICENSE";
|
|
};
|
|
};
|
|
schemes: HTTPS;
|
|
schemes: HTTP;
|
|
|
|
consumes: "application/json";
|
|
produces: "application/json";
|
|
|
|
consumes: "application/grpc";
|
|
produces: "application/grpc";
|
|
|
|
consumes: "application/grpc-web+proto";
|
|
produces: "application/grpc-web+proto";
|
|
|
|
host: "$CUSTOM-DOMAIN";
|
|
base_path: "/";
|
|
|
|
external_docs: {
|
|
description: "Detailed information about ZITADEL",
|
|
url: "https://zitadel.com/docs"
|
|
}
|
|
security_definitions: {
|
|
security: {
|
|
key: "OAuth2";
|
|
value: {
|
|
type: TYPE_OAUTH2;
|
|
flow: FLOW_ACCESS_CODE;
|
|
authorization_url: "$CUSTOM-DOMAIN/oauth/v2/authorize";
|
|
token_url: "$CUSTOM-DOMAIN/oauth/v2/token";
|
|
scopes: {
|
|
scope: {
|
|
key: "openid";
|
|
value: "openid";
|
|
}
|
|
scope: {
|
|
key: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
value: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
security: {
|
|
security_requirement: {
|
|
key: "OAuth2";
|
|
value: {
|
|
scope: "openid";
|
|
scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
}
|
|
}
|
|
}
|
|
responses: {
|
|
key: "403";
|
|
value: {
|
|
description: "Returned when the user does not have permission to access the resource.";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
responses: {
|
|
key: "404";
|
|
value: {
|
|
description: "Returned when the resource does not exist.";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|
|
service ZITADELUsers {
|
|
|
|
// Search users
|
|
//
|
|
// Search all matching users. By default, we will return all users of your instance.
|
|
// Make sure to include a limit and sorting for pagination.
|
|
rpc SearchUsers (SearchUsersRequest) returns (SearchUsersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/_search"
|
|
body: "filters"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "A list of all users matching the query";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid list query";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// User by ID
|
|
//
|
|
// Returns the user identified by the requested ID.
|
|
rpc GetUser (GetUserRequest) returns (GetUserResponse) {
|
|
option (google.api.http) = {
|
|
get: "/resources/v3alpha/users/{id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "User successfully retrieved";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Create a user
|
|
//
|
|
// Create a new user with an optional data schema.
|
|
rpc CreateUser (CreateUserRequest) returns (CreateUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users"
|
|
body: "user"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
org_field: "organization"
|
|
}
|
|
http_response: {
|
|
success_code: 201
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "201";
|
|
value: {
|
|
description: "User successfully created";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/v3alphaCreateUserResponse";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Patch a user
|
|
//
|
|
// Patch an existing user with data based on a user schema.
|
|
rpc PatchUser (PatchUserRequest) returns (PatchUserResponse) {
|
|
option (google.api.http) = {
|
|
patch: "/resources/v3alpha/users/{id}"
|
|
body: "user"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "User successfully updated or left unchanged";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Deactivate a user
|
|
//
|
|
// Deactivate an existing user and change the state 'deactivated'.
|
|
// The user will not be able to log in anymore.
|
|
// Use deactivate user when the user should not be able to use the account anymore,
|
|
// but you still need access to the user data.
|
|
//
|
|
// The endpoint returns an error if the user is already in the state 'deactivated'.
|
|
rpc DeactivateUser (DeactivateUserRequest) returns (DeactivateUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/_deactivate"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "User successfully deactivated";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Activate a user
|
|
//
|
|
// Activate a previously deactivated user and change the state to 'active'.
|
|
// The user will be able to log in again.
|
|
//
|
|
// The endpoint returns an error if the user is not in the state 'deactivated'.
|
|
rpc ActivateUser (ActivateUserRequest) returns (ActivateUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/_activate"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "User successfully activated";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Lock a user
|
|
//
|
|
// Lock an existing user and change the state 'locked'.
|
|
// The user will not be able to log in anymore.
|
|
// Use lock user when the user should temporarily not be able to log in
|
|
// because of an event that happened (wrong password, etc.)
|
|
//
|
|
// The endpoint returns an error if the user is already in the state 'locked'.
|
|
rpc LockUser (LockUserRequest) returns (LockUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/_lock"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "User successfully locked";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Unlock a user
|
|
//
|
|
// Unlock a previously locked user and change the state to 'active'.
|
|
// The user will be able to log in again.
|
|
//
|
|
// The endpoint returns an error if the user is not in the state 'locked'.
|
|
rpc UnlockUser (UnlockUserRequest) returns (UnlockUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/_unlock"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "User successfully unlocked";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Delete a user
|
|
//
|
|
// Delete an existing user and change the state to 'deleted'.
|
|
// The user will be able to log in anymore.
|
|
rpc DeleteUser (DeleteUserRequest) returns (DeleteUserResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "User successfully deleted";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Set contact email
|
|
//
|
|
// Add or update the contact email address of a user.
|
|
// If the email is not passed as verified, a verification code will be generated,
|
|
// which can be either returned or will be sent to the user by email.
|
|
rpc SetContactEmail (SetContactEmailRequest) returns (SetContactEmailResponse) {
|
|
option (google.api.http) = {
|
|
put: "/resources/v3alpha/users/{id}/email"
|
|
body: "email"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Email successfully set";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify the contact email
|
|
//
|
|
// Verify the contact email with the provided code.
|
|
rpc VerifyContactEmail (VerifyContactEmailRequest) returns (VerifyContactEmailResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/email/_verify"
|
|
body: "verification_code"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Email successfully verified";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Resend the contact email code
|
|
//
|
|
// Resend the email with the verification code for the contact email address.
|
|
rpc ResendContactEmailCode (ResendContactEmailCodeRequest) returns (ResendContactEmailCodeResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/email/_resend"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Code resend successfully requested";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Set contact phone
|
|
//
|
|
// Add or update the contact phone number of a user.
|
|
// If the phone is not passed as verified, a verification code will be generated,
|
|
// which can be either returned or will be sent to the user by SMS.
|
|
rpc SetContactPhone (SetContactPhoneRequest) returns (SetContactPhoneResponse) {
|
|
option (google.api.http) = {
|
|
put: "/resources/v3alpha/users/{id}/phone"
|
|
body: "phone"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Contact phone successfully set";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify the contact phone
|
|
//
|
|
// Verify the contact phone with the provided code.
|
|
rpc VerifyContactPhone (VerifyContactPhoneRequest) returns (VerifyContactPhoneResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/phone/_verify"
|
|
body: "verification_code"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Contact phone successfully verified";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Resend the contact phone code
|
|
//
|
|
// Resend the phone with the verification code for the contact phone number.
|
|
rpc ResendContactPhoneCode (ResendContactPhoneCodeRequest) returns (ResendContactPhoneCodeResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/phone/_resend"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Code resend successfully requested";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add a username
|
|
//
|
|
// Add a new unique username to a user. The username will be used to identify the user on authentication.
|
|
rpc AddUsername (AddUsernameRequest) returns (AddUsernameResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/username"
|
|
body: "username"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Username successfully added";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove a username
|
|
//
|
|
// Remove an existing username of a user, so it cannot be used for authentication anymore.
|
|
rpc RemoveUsername (RemoveUsernameRequest) returns (RemoveUsernameResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/username/{username_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Username successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Set a password
|
|
//
|
|
// Add or update a user's password with either a verification code, the current password or sufficient permissions.
|
|
rpc SetPassword (SetPasswordRequest) returns (SetPasswordResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/password"
|
|
body: "new_password"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Password successfully set";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Request password reset
|
|
//
|
|
// Request a code to be able to set a new password.
|
|
rpc RequestPasswordReset (RequestPasswordResetRequest) returns (RequestPasswordResetResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/password/_reset"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Password reset successfully requested";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove a password
|
|
//
|
|
// Remove a user's password. The user will not be able to login with a password anymore and is required to use another authentication method such as an identity provider.
|
|
rpc RemovePassword (RemovePasswordRequest) returns (RemovePasswordResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/password"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Password successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add a public key
|
|
//
|
|
// Add a new public key to a user. The public key will be used to verify the user's identity on authentication.
|
|
rpc AddPublicKey (AddPublicKeyRequest) returns (AddPublicKeyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/public_key"
|
|
body: "public_key"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Public key successfully added";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove a public key
|
|
//
|
|
// Remove an existing public key of a user, so it cannot be used for authentication anymore.
|
|
rpc RemovePublicKey (RemovePublicKeyRequest) returns (RemovePublicKeyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/public_key/{public_key_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Public key successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add a personal access token
|
|
//
|
|
// Add a new personal access token to a user. The personal access token can be used to access granted resources including the ZITADEL API.
|
|
rpc AddPersonalAccessToken (AddPersonalAccessTokenRequest) returns (AddPersonalAccessTokenResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/personal_access_token"
|
|
body: "personal_access_token"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Personal Access Token successfully added";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove a personal access token
|
|
//
|
|
// Remove an existing personal access token of a user, so it cannot be used to for authorization anymore.
|
|
rpc RemovePersonalAccessToken (RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/personal_access_token/{personal_access_token_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "Username successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Start a WebAuthN registration
|
|
//
|
|
// Start the registration of a new WebAuthN device (e.g. Passkeys) for a user.
|
|
// As a response the public key credential creation options are returned,
|
|
// which are used to verify the device.
|
|
rpc StartWebAuthNRegistration (StartWebAuthNRegistrationRequest) returns (StartWebAuthNRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/webauthn"
|
|
body: "registration"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "WebAuthN registration successfully started";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify a WebAuthN registration
|
|
//
|
|
// Verify the WebAuthN registration started by StartWebAuthNRegistration with the public key credential.
|
|
rpc VerifyWebAuthNRegistration (VerifyWebAuthNRegistrationRequest) returns (VerifyWebAuthNRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/webauthn/{web_auth_n_id}/_verify"
|
|
body: "verify"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "WebAuthN registration successfully verified";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Create a WebAuthN registration link
|
|
//
|
|
// Create a link, which includes a code, that can either be returned or directly sent to the user.
|
|
// The code will allow the user to start a new WebAuthN registration.
|
|
rpc CreateWebAuthNRegistrationLink (CreateWebAuthNRegistrationLinkRequest) returns (CreateWebAuthNRegistrationLinkResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/webauthn/registration_link"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "WebAuthN registration successfully created";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove a WebAuthN authenticator
|
|
//
|
|
// Remove an existing WebAuthN authenticator from a user, so it cannot be used for authentication anymore.
|
|
rpc RemoveWebAuthNAuthenticator (RemoveWebAuthNAuthenticatorRequest) returns (RemoveWebAuthNAuthenticatorResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/webauthn/{web_auth_n_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "WebAuthN authenticator successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Start a TOTP registration
|
|
//
|
|
// Start the registration of a new time-based one-time-password (TOTP) generator for a user.
|
|
// As a response a secret is returned, which is used to initialize a TOTP app or device.
|
|
rpc StartTOTPRegistration (StartTOTPRegistrationRequest) returns (StartTOTPRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/totp"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "TOTP registration successfully started";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify a TOTP registration
|
|
//
|
|
// Verify the time-based one-time-password (TOTP) registration with the generated code.
|
|
rpc VerifyTOTPRegistration (VerifyTOTPRegistrationRequest) returns (VerifyTOTPRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/totp/{totp_id}/_verify"
|
|
body: "code"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "TOTP registration successfully verified";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove a TOTP authenticator
|
|
//
|
|
// Remove an existing time-based one-time-password (TOTP) authenticator from a user, so it cannot be used for authentication anymore.
|
|
rpc RemoveTOTPAuthenticator (RemoveTOTPAuthenticatorRequest) returns (RemoveTOTPAuthenticatorResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/totp/{totp_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "TOTP authenticator successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add a OTP SMS authenticator
|
|
//
|
|
// Add a new one-time-password (OTP) SMS authenticator to a user.
|
|
// If the phone is not passed as verified, a verification code will be generated,
|
|
// which can be either returned or will be sent to the user by SMS.
|
|
rpc AddOTPSMSAuthenticator (AddOTPSMSAuthenticatorRequest) returns (AddOTPSMSAuthenticatorResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/otp_sms"
|
|
body: "phone"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OTP SMS authenticator successfully added";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify OTP SMS registration
|
|
//
|
|
// Verify the OTP SMS registration with the provided code.
|
|
rpc VerifyOTPSMSRegistration (VerifyOTPSMSRegistrationRequest) returns (VerifyOTPSMSRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/otp_sms/{otp_sms_id}/_verify"
|
|
body: "code"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OTP SMS authenticator successfully verified";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove a OTP SMS authenticator
|
|
//
|
|
// Remove an existing one-time-password (OTP) SMS authenticator from a user, so it cannot be used for authentication anymore.
|
|
rpc RemoveOTPSMSAuthenticator (RemoveOTPSMSAuthenticatorRequest) returns (RemoveOTPSMSAuthenticatorResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/otp_sms/{otp_sms_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OTP SMS authenticator successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add a OTP Email authenticator
|
|
//
|
|
// Add a new one-time-password (OTP) Email authenticator to a user.
|
|
// If the email is not passed as verified, a verification code will be generated,
|
|
// which can be either returned or will be sent to the user by email.
|
|
rpc AddOTPEmailAuthenticator (AddOTPEmailAuthenticatorRequest) returns (AddOTPEmailAuthenticatorResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/otp_email"
|
|
body: "email"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OTP Email authenticator successfully added";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify OTP Email registration
|
|
//
|
|
// Verify the OTP Email registration with the provided code.
|
|
rpc VerifyOTPEmailRegistration (VerifyOTPEmailRegistrationRequest) returns (VerifyOTPEmailRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/otp_email/{otp_email_id}/_verify"
|
|
body: "code"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OTP Email authenticator successfully verified";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove a OTP Email authenticator
|
|
//
|
|
// Remove an existing one-time-password (OTP) Email authenticator from a user, so it cannot be used for authentication anymore.
|
|
rpc RemoveOTPEmailAuthenticator (RemoveOTPEmailAuthenticatorRequest) returns (RemoveOTPEmailAuthenticatorResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/otp_email/{otp_email_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OTP Email authenticator successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Start an IDP authentication intent
|
|
//
|
|
// Start a new authentication intent on configured identity provider (IDP) for external login, registration or linking.
|
|
rpc StartIdentityProviderIntent (StartIdentityProviderIntentRequest) returns (StartIdentityProviderIntentResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/idp_intents"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "IDP intent successfully started";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Get the information of the IDP authentication intent
|
|
//
|
|
// Get the information returned by the identity provider (IDP) for registration or updating an existing user with new information.
|
|
rpc GetIdentityProviderIntent (GetIdentityProviderIntentRequest) returns (GetIdentityProviderIntentResponse) {
|
|
option (google.api.http) = {
|
|
get: "/resources/v3alpha/idp_intents/{idp_intent_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "IDP intent successfully retrieved";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add an IDP authenticator to a user
|
|
//
|
|
// Add a new identity provider (IDP) authenticator to an existing user.
|
|
// This will allow the user to authenticate with the provided IDP.
|
|
rpc AddIDPAuthenticator (AddIDPAuthenticatorRequest) returns (AddIDPAuthenticatorResponse) {
|
|
option (google.api.http) = {
|
|
post: "/resources/v3alpha/users/{id}/idps"
|
|
body: "authenticator"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "IDP authenticator successfully added";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove an IDP authenticator
|
|
//
|
|
// Remove an existing identity provider (IDP) authenticator from a user, so it cannot be used for authentication anymore.
|
|
rpc RemoveIDPAuthenticator (RemoveIDPAuthenticatorRequest) returns (RemoveIDPAuthenticatorResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/resources/v3alpha/users/{id}/idps/{idp_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "IDP authenticator successfully removed";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
}
|
|
|
|
message SearchUsersRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
|
|
// Search limitations and ordering.
|
|
zitadel.resources.object.v3alpha.SearchQuery query = 2;
|
|
// the field the result is sorted.
|
|
FieldName sorting_column = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"FIELD_NAME_SCHEMA_TYPE\""
|
|
}
|
|
];
|
|
// Define the criteria to query for.
|
|
repeated SearchFilter filters = 4;
|
|
}
|
|
|
|
message SearchUsersResponse {
|
|
// Details provides information about the returned result including total amount found.
|
|
zitadel.resources.object.v3alpha.ListDetails details = 1;
|
|
// The result contains the user schemas, which matched the queries.
|
|
repeated GetUser result = 2;
|
|
}
|
|
|
|
message GetUserRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// unique identifier of the user.
|
|
string id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetUserResponse {
|
|
GetUser user = 1;
|
|
}
|
|
|
|
message CreateUserRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Set the organization the user belongs to.
|
|
zitadel.object.v3alpha.Organization organization = 2 [
|
|
(validate.rules).message = {required: true},
|
|
(google.api.field_behavior) = REQUIRED
|
|
];
|
|
CreateUser user = 3;
|
|
}
|
|
|
|
message CreateUserResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// The email code will be set if a contact email was set with a return_code verification option.
|
|
optional string email_code = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
// The phone code will be set if a contact phone was set with a return_code verification option.
|
|
optional string phone_code = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"IFi39dk2\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message PatchUserRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
PatchUser user = 4;
|
|
}
|
|
|
|
message PatchUserResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// The email code will be set if a contact email was set with a return_code verification option.
|
|
optional string email_code = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
// The phone code will be set if a contact phone was set with a return_code verification option.
|
|
optional string phone_code = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"IFi39dk2\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message DeactivateUserRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message DeactivateUserResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
|
|
message ActivateUserRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ActivateUserResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message LockUserRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message LockUserResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message UnlockUserRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UnlockUserResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message DeleteUserRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message DeleteUserResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message SetContactEmailRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the user's contact email and it's verification state.
|
|
SetEmail email = 4;
|
|
}
|
|
|
|
message SetContactEmailResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// The verification code will be set if a contact email was set with a return_code verification option.
|
|
optional string verification_code = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyContactEmailRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the verification code generated during the set contact email request.
|
|
string verification_code = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 20},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 20;
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyContactEmailResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message ResendContactEmailCodeRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// if no verification is specified, an email is sent
|
|
oneof verification {
|
|
// Let ZITADEL send the link to the user via email.
|
|
SendEmailVerificationCode send_code = 4;
|
|
// Get the code back to provide it to the user in your preferred mechanism.
|
|
ReturnEmailVerificationCode return_code = 5;
|
|
}
|
|
}
|
|
|
|
message ResendContactEmailCodeResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// in case the verification was set to return_code, the code will be returned.
|
|
optional string verification_code = 2;
|
|
}
|
|
|
|
message SetContactPhoneRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the user's contact phone and it's verification state.
|
|
SetPhone phone = 4;
|
|
}
|
|
|
|
message SetContactPhoneResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// The phone verification code will be set if a contact phone was set with a return_code verification option.
|
|
optional string verification_code = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyContactPhoneRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the verification code generated during the set contact phone request.
|
|
string verification_code = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 20},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 20;
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyContactPhoneResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message ResendContactPhoneCodeRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// if no verification is specified, a SMS is sent
|
|
oneof verification {
|
|
// Let ZITADEL send the link to the user via SMS.
|
|
SendPhoneVerificationCode send_code = 4;
|
|
// Get the code back to provide it to the user in your preferred mechanism.
|
|
ReturnPhoneVerificationCode return_code = 5;
|
|
}
|
|
}
|
|
|
|
message ResendContactPhoneCodeResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// in case the verification was set to return_code, the code will be returned.
|
|
optional string verification_code = 2;
|
|
}
|
|
|
|
message AddUsernameRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the user's new username.
|
|
SetUsername username = 4;
|
|
}
|
|
|
|
message AddUsernameResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// unique identifier of the username.
|
|
string username_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveUsernameRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the username.
|
|
string username_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveUsernameResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message SetPasswordRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Provide the new password (in plain text or as hash).
|
|
SetPassword new_password = 4;
|
|
}
|
|
|
|
message SetPasswordResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message RequestPasswordResetRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// If no medium is specified, an email is sent with the default url.
|
|
oneof medium {
|
|
// Let ZITADEL send the link to the user via email.
|
|
SendPasswordResetEmail send_email = 4;
|
|
// Let ZITADEL send the link to the user via SMS.
|
|
SendPasswordResetSMS send_sms = 5;
|
|
// Get the code back to provide it to the user in your preferred mechanism.
|
|
ReturnPasswordResetCode return_code = 6;
|
|
}
|
|
}
|
|
|
|
message RequestPasswordResetResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// In case the medium was set to return_code, the code will be returned.
|
|
optional string verification_code = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemovePasswordRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemovePasswordResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message AddPublicKeyRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the user's new public key.
|
|
SetPublicKey public_key = 4;
|
|
}
|
|
|
|
message AddPublicKeyResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// unique identifier of the public key.
|
|
string public_key_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
bytes private_key = 3;
|
|
}
|
|
|
|
message RemovePublicKeyRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the public key.
|
|
string public_key_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemovePublicKeyResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message AddPersonalAccessTokenRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the user's new personal access token.
|
|
SetPersonalAccessToken personal_access_token = 4;
|
|
}
|
|
|
|
message AddPersonalAccessTokenResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// unique identifier of the public key.
|
|
string personal_access_token_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
string personal_access_token = 3;
|
|
}
|
|
|
|
message RemovePersonalAccessTokenRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the personal access token.
|
|
string personal_access_token_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemovePersonalAccessTokenResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message StartWebAuthNRegistrationRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
StartWebAuthNRegistration registration = 4;
|
|
}
|
|
|
|
message StartWebAuthNRegistrationResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// unique identifier of the WebAuthN registration.
|
|
string web_auth_n_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"163840776835432705\""
|
|
}
|
|
];
|
|
// Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions).
|
|
// Generated helper methods transform the field to JSON, for use in a WebauthN client.
|
|
// See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialcreationoptions
|
|
google.protobuf.Struct public_key_credential_creation_options = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "{\"publicKey\":{\"attestation\":\"none\",\"authenticatorSelection\":{\"userVerification\":\"required\"},\"challenge\":\"XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ\",\"excludeCredentials\":[{\"id\":\"tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI\",\"type\":\"public-key\"}],\"pubKeyCredParams\":[{\"alg\":-7,\"type\":\"public-key\"}],\"rp\":{\"id\":\"localhost\",\"name\":\"ZITADEL\"},\"timeout\":300000,\"user\":{\"displayName\":\"Tim Mohlmann\",\"id\":\"MjE1NTk4MDAwNDY0OTk4OTQw\",\"name\":\"tim\"}}}"
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyWebAuthNRegistrationRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the WebAuthN registration, which was returned in the start webauthn registration.
|
|
string web_auth_n_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
VerifyWebAuthNRegistration verify = 5;
|
|
}
|
|
|
|
message VerifyWebAuthNRegistrationResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message CreateWebAuthNRegistrationLinkRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// if no medium is specified, an email is sent with the default url.
|
|
oneof medium {
|
|
// Let ZITADEL send the link to the user via email.
|
|
SendWebAuthNRegistrationLink send_link = 4;
|
|
// Get the code back to provide it to the user in your preferred mechanism.
|
|
ReturnWebAuthNRegistrationCode return_code = 5;
|
|
}
|
|
}
|
|
|
|
message CreateWebAuthNRegistrationLinkResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// In case the medium was set to return_code, the code will be returned.
|
|
optional AuthenticatorRegistrationCode code = 2;
|
|
}
|
|
|
|
message RemoveWebAuthNAuthenticatorRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the WebAuthN authenticator.
|
|
string web_auth_n_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveWebAuthNAuthenticatorResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message StartTOTPRegistrationRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message StartTOTPRegistrationResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// unique identifier of the TOTP registration.
|
|
string totp_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
// The TOTP URI, which can be used to create a QR Code for scanning with an authenticator app.
|
|
string uri = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"otpauth://totp/ZITADEL:gigi@acme.zitadel.cloud?algorithm=SHA1&digits=6&issuer=ZITADEL&period=30&secret=TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK\"";
|
|
}
|
|
];
|
|
// The TOTP secret, which can be used for manually adding in an authenticator app.
|
|
string secret = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyTOTPRegistrationRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the TOTP registration, which was returned in the start TOTP registration.
|
|
string totp_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
// Code generated by TOTP app or device.
|
|
string code = 5 [
|
|
(validate.rules).string = {min_len: 6, max_len: 9},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 6,
|
|
max_length: 9,
|
|
example: "\"123456\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyTOTPRegistrationResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message RemoveTOTPAuthenticatorRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the TOTP authenticator.
|
|
string totp_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveTOTPAuthenticatorResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message AddOTPSMSAuthenticatorRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the user's phone for the OTP SMS authenticator and it's verification state.
|
|
SetPhone phone = 4;
|
|
}
|
|
|
|
message AddOTPSMSAuthenticatorResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// unique identifier of the OTP SMS registration.
|
|
string otp_sms_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
// The OTP verification code will be set if a phone was set with a return_code verification option.
|
|
optional string verification_code = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
|
|
}
|
|
|
|
message VerifyOTPSMSRegistrationRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the OTP SMS registration, which was returned in the add OTP SMS.
|
|
string otp_sms_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
// Set the verification code generated during the add OTP SMS request.
|
|
string code = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyOTPSMSRegistrationResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message RemoveOTPSMSAuthenticatorRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the OTP SMS authenticator.
|
|
string otp_sms_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveOTPSMSAuthenticatorResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message AddOTPEmailAuthenticatorRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// Set the user's email for the OTP Email authenticator and it's verification state.
|
|
SetEmail email = 4;
|
|
}
|
|
|
|
message AddOTPEmailAuthenticatorResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// unique identifier of the OTP Email registration.
|
|
string otp_email_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
// The OTP verification code will be set if a email was set with a return_code verification option.
|
|
optional string verification_code = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyOTPEmailRegistrationRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the OTP Email registration, which was returned in the add OTP Email.
|
|
string otp_email_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
// Set the verification code generated during the add OTP Email request.
|
|
string code = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"SKJd342k\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyOTPEmailRegistrationResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message RemoveOTPEmailAuthenticatorRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the OTP Email authenticator.
|
|
string otp_email_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveOTPEmailAuthenticatorResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message StartIdentityProviderIntentRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// ID of an existing identity provider (IDP).
|
|
string idp_id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
|
|
oneof content {
|
|
RedirectURLs urls = 4;
|
|
LDAPCredentials ldap = 5;
|
|
}
|
|
}
|
|
|
|
message StartIdentityProviderIntentResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// the next step to take in the idp intent flow.
|
|
oneof next_step {
|
|
// The authentication URL to which the client should redirect.
|
|
string auth_url = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback\"";
|
|
}
|
|
];
|
|
// The Start Intent directly succeeded and returned the IDP Intent.
|
|
// Further information can be retrieved by using the retrieve identity provider intent request.
|
|
IdentityProviderIntent idp_intent = 3;
|
|
// The HTML form with the embedded POST call information to render and execute.
|
|
bytes post_form = 4;
|
|
}
|
|
}
|
|
|
|
message GetIdentityProviderIntentRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// ID of the identity provider (IDP) intent, previously returned on the success response of the start identity provider intent.
|
|
string idp_intent_id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
// Token of the identity provider (IDP) intent, previously returned on the success response of the start identity provider intent.
|
|
string idp_intent_token = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetIdentityProviderIntentResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
// Information returned by the identity provider (IDP) such as the identification of the user
|
|
// and detailed / profile information.
|
|
IDPInformation idp_information = 2;
|
|
// If the user was already federated and linked to a ZITADEL user, it's id will be returned.
|
|
optional string id = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"163840776835432345\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddIDPAuthenticatorRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
IDPAuthenticator authenticator = 4;
|
|
}
|
|
|
|
message AddIDPAuthenticatorResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|
|
message RemoveIDPAuthenticatorRequest {
|
|
optional zitadel.object.v3alpha.Instance instance = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
default: "\"domain from HOST or :authority header\""
|
|
}
|
|
];
|
|
// Optionally expect the user to be in this organization.
|
|
optional zitadel.object.v3alpha.Organization organization = 2;
|
|
// unique identifier of the user.
|
|
string id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// unique identifier of the identity provider (IDP) authenticator.
|
|
string idp_id = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1,
|
|
max_length: 200,
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveIDPAuthenticatorResponse {
|
|
zitadel.resources.object.v3alpha.Details details = 1;
|
|
}
|
|
|