mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-06 19:36:41 +00:00
833f6279e1
# Which Problems Are Solved Users who started the invitation code verification, but haven't set up any authentication method, need to be able to do so. This might require a new invitation code, which was currently not possible since creation was prevented for users with verified emails. # How the Problems Are Solved - Allow creation of invitation emails for users with verified emails. - Merged the creation and resend into a single method, defaulting the urlTemplate, applicatioName and authRequestID from the previous code (if one exists). On the user service API, the `ResendInviteCode` endpoint has been deprecated in favor of the `CreateInviteCode` # Additional Changes None # Additional Context - Noticed while investigating something internally. - requires backport to 2.x and 3.x
2387 lines
69 KiB
Protocol Buffer
2387 lines
69 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package zitadel.user.v2;
|
|
|
|
import "zitadel/object/v2/object.proto";
|
|
import "zitadel/protoc_gen_zitadel/v2/options.proto";
|
|
import "zitadel/user/v2/auth.proto";
|
|
import "zitadel/user/v2/email.proto";
|
|
import "zitadel/user/v2/phone.proto";
|
|
import "zitadel/user/v2/idp.proto";
|
|
import "zitadel/user/v2/password.proto";
|
|
import "zitadel/user/v2/user.proto";
|
|
import "zitadel/user/v2/query.proto";
|
|
import "google/api/annotations.proto";
|
|
import "google/api/field_behavior.proto";
|
|
import "google/protobuf/duration.proto";
|
|
import "google/protobuf/struct.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
import "validate/validate.proto";
|
|
|
|
option go_package = "github.com/zitadel/zitadel/pkg/grpc/user/v2;user";
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
|
|
info: {
|
|
title: "User Service";
|
|
version: "2.0";
|
|
description: "This API is intended to manage users in a ZITADEL instance.";
|
|
contact:{
|
|
name: "ZITADEL"
|
|
url: "https://zitadel.com"
|
|
email: "hi@zitadel.com"
|
|
}
|
|
license: {
|
|
name: "Apache 2.0",
|
|
url: "https://github.com/zitadel/zitadel/blob/main/LICENSING.md";
|
|
};
|
|
};
|
|
schemes: HTTPS;
|
|
schemes: HTTP;
|
|
|
|
consumes: "application/json";
|
|
consumes: "application/grpc";
|
|
|
|
produces: "application/json";
|
|
produces: "application/grpc";
|
|
|
|
consumes: "application/grpc-web+proto";
|
|
produces: "application/grpc-web+proto";
|
|
|
|
host: "$CUSTOM-DOMAIN";
|
|
base_path: "/";
|
|
|
|
external_docs: {
|
|
description: "Detailed information about ZITADEL",
|
|
url: "https://zitadel.com/docs"
|
|
}
|
|
security_definitions: {
|
|
security: {
|
|
key: "OAuth2";
|
|
value: {
|
|
type: TYPE_OAUTH2;
|
|
flow: FLOW_ACCESS_CODE;
|
|
authorization_url: "$CUSTOM-DOMAIN/oauth/v2/authorize";
|
|
token_url: "$CUSTOM-DOMAIN/oauth/v2/token";
|
|
scopes: {
|
|
scope: {
|
|
key: "openid";
|
|
value: "openid";
|
|
}
|
|
scope: {
|
|
key: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
value: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
security: {
|
|
security_requirement: {
|
|
key: "OAuth2";
|
|
value: {
|
|
scope: "openid";
|
|
scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
}
|
|
}
|
|
}
|
|
responses: {
|
|
key: "403";
|
|
value: {
|
|
description: "Returned when the user does not have permission to access the resource.";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
responses: {
|
|
key: "404";
|
|
value: {
|
|
description: "Returned when the resource does not exist.";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|
|
service UserService {
|
|
|
|
// Create a new human user
|
|
//
|
|
// Create/import a new user with the type human. The newly created user will get a verification email if either the email address is not marked as verified and you did not request the verification to be returned.
|
|
rpc AddHumanUser (AddHumanUserRequest) returns (AddHumanUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/human"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "user.write"
|
|
org_field: "organization"
|
|
}
|
|
http_response: {
|
|
success_code: 201
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// User by ID
|
|
//
|
|
// Returns the full user object (human or machine) including the profile, email, etc..
|
|
rpc GetUserByID(GetUserByIDRequest) returns (GetUserByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v2/users/{user_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
http_response: {
|
|
success_code: 200
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Search Users
|
|
//
|
|
// Search for users. By default, we will return all users of your instance that you have permission to read. Make sure to include a limit and sorting for pagination.
|
|
rpc ListUsers(ListUsersRequest) returns (ListUsersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "A list of all users matching the query";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid list query";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Change the user email
|
|
//
|
|
// Change the email address of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by email..
|
|
rpc SetEmail (SetEmailRequest) returns (SetEmailResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/email"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Resend code to verify user email
|
|
//
|
|
// Resend code to verify user email.
|
|
rpc ResendEmailCode (ResendEmailCodeRequest) returns (ResendEmailCodeResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/email/resend"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Send code to verify user email
|
|
//
|
|
// Send code to verify user email.
|
|
rpc SendEmailCode (SendEmailCodeRequest) returns (SendEmailCodeResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/email/send"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify the email
|
|
//
|
|
// Verify the email with the generated code.
|
|
rpc VerifyEmail (VerifyEmailRequest) returns (VerifyEmailResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/email/verify"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Set the user phone
|
|
//
|
|
// Set the phone number of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by sms..
|
|
rpc SetPhone(SetPhoneRequest) returns (SetPhoneResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/phone"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove the user phone
|
|
//
|
|
// Remove the user phone
|
|
rpc RemovePhone(RemovePhoneRequest) returns (RemovePhoneResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v2/users/{user_id}/phone"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Delete the user phone";
|
|
description: "Delete the phone number of a user."
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Resend code to verify user phone
|
|
//
|
|
// Resend code to verify user phone.
|
|
rpc ResendPhoneCode (ResendPhoneCodeRequest) returns (ResendPhoneCodeResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/phone/resend"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify the phone
|
|
//
|
|
// Verify the phone with the generated code..
|
|
rpc VerifyPhone (VerifyPhoneRequest) returns (VerifyPhoneResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/phone/verify"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Update User
|
|
//
|
|
// Update all information from a user..
|
|
rpc UpdateHumanUser(UpdateHumanUserRequest) returns (UpdateHumanUserResponse) {
|
|
option (google.api.http) = {
|
|
put: "/v2/users/human/{user_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Deactivate user
|
|
//
|
|
// The state of the user will be changed to 'deactivated'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'deactivated'. Use deactivate user when the user should not be able to use the account anymore, but you still need access to the user data..
|
|
rpc DeactivateUser(DeactivateUserRequest) returns (DeactivateUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Reactivate user
|
|
//
|
|
// Reactivate a user with the state 'deactivated'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'deactivated'..
|
|
rpc ReactivateUser(ReactivateUserRequest) returns (ReactivateUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Lock user
|
|
//
|
|
// The state of the user will be changed to 'locked'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'locked'. Use this endpoint if the user should not be able to log in temporarily because of an event that happened (wrong password, etc.)..
|
|
rpc LockUser(LockUserRequest) returns (LockUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/lock"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Unlock user
|
|
//
|
|
// The state of the user will be changed to 'locked'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'locked'. Use this endpoint if the user should not be able to log in temporarily because of an event that happened (wrong password, etc.)..
|
|
rpc UnlockUser(UnlockUserRequest) returns (UnlockUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/unlock"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Delete user
|
|
//
|
|
// The state of the user will be changed to 'deleted'. The user will not be able to log in anymore. Endpoints requesting this user will return an error 'User not found..
|
|
rpc DeleteUser(DeleteUserRequest) returns (DeleteUserResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v2/users/{user_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Start the registration of passkey for a user
|
|
//
|
|
// Start the registration of a passkey for a user, as a response the public key credential creation options are returned, which are used to verify the passkey..
|
|
rpc RegisterPasskey (RegisterPasskeyRequest) returns (RegisterPasskeyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/passkeys"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify a passkey for a user
|
|
//
|
|
// Verify the passkey registration with the public key credential..
|
|
rpc VerifyPasskeyRegistration (VerifyPasskeyRegistrationRequest) returns (VerifyPasskeyRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/passkeys/{passkey_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Create a passkey registration link for a user
|
|
//
|
|
// Create a passkey registration link which includes a code and either return it or send it to the user..
|
|
rpc CreatePasskeyRegistrationLink (CreatePasskeyRegistrationLinkRequest) returns (CreatePasskeyRegistrationLinkResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/passkeys/registration_link"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "user.passkey.write"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// List passkeys of an user
|
|
//
|
|
// List passkeys of an user
|
|
rpc ListPasskeys (ListPasskeysRequest) returns (ListPasskeysResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/passkeys/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove passkey from a user
|
|
//
|
|
// Remove passkey from a user.
|
|
rpc RemovePasskey (RemovePasskeyRequest) returns (RemovePasskeyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v2/users/{user_id}/passkeys/{passkey_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Start the registration of a u2f token for a user
|
|
//
|
|
// Start the registration of a u2f token for a user, as a response the public key credential creation options are returned, which are used to verify the u2f token..
|
|
rpc RegisterU2F (RegisterU2FRequest) returns (RegisterU2FResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/u2f"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify a u2f token for a user
|
|
//
|
|
// Verify the u2f token registration with the public key credential..
|
|
rpc VerifyU2FRegistration (VerifyU2FRegistrationRequest) returns (VerifyU2FRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/u2f/{u2f_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove u2f token from a user
|
|
//
|
|
// Remove u2f token from a user.
|
|
rpc RemoveU2F (RemoveU2FRequest) returns (RemoveU2FResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v2/users/{user_id}/u2f/{u2f_id}"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Remove u2f token from a user";
|
|
description: "Remove u2f token from a user"
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Start the registration of a TOTP generator for a user
|
|
//
|
|
// Start the registration of a TOTP generator for a user, as a response a secret returned, which is used to initialize a TOTP app or device..
|
|
rpc RegisterTOTP (RegisterTOTPRequest) returns (RegisterTOTPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/totp"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify a TOTP generator for a user
|
|
//
|
|
// Verify the TOTP registration with a generated code..
|
|
rpc VerifyTOTPRegistration (VerifyTOTPRegistrationRequest) returns (VerifyTOTPRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/totp/verify"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove TOTP generator from a user
|
|
//
|
|
// Remove the configured TOTP generator of a user. As only one TOTP generator per user is allowed, the user will not have TOTP as a second factor afterward.
|
|
rpc RemoveTOTP (RemoveTOTPRequest) returns (RemoveTOTPResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v2/users/{user_id}/totp"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add OTP SMS for a user
|
|
//
|
|
// Add a new One-Time Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor..
|
|
rpc AddOTPSMS (AddOTPSMSRequest) returns (AddOTPSMSResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/otp_sms"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove One-Time Password (OTP) SMS from a user
|
|
//
|
|
// Remove the configured One-Time Password (OTP) SMS factor of a user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second factor afterward.
|
|
rpc RemoveOTPSMS (RemoveOTPSMSRequest) returns (RemoveOTPSMSResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v2/users/{user_id}/otp_sms"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add OTP Email for a user
|
|
//
|
|
// Add a new One-Time Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor..
|
|
rpc AddOTPEmail (AddOTPEmailRequest) returns (AddOTPEmailResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/otp_email"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove One-Time Password (OTP) Email from a user
|
|
//
|
|
// Remove the configured One-Time Password (OTP) Email factor of a user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second factor afterward.
|
|
rpc RemoveOTPEmail (RemoveOTPEmailRequest) returns (RemoveOTPEmailResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v2/users/{user_id}/otp_email"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Start flow with an identity provider
|
|
//
|
|
// Start a flow with an identity provider, for external login, registration or linking..
|
|
rpc StartIdentityProviderIntent (StartIdentityProviderIntentRequest) returns (StartIdentityProviderIntentResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/idp_intents"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Retrieve the information returned by the identity provider
|
|
//
|
|
// Retrieve the information returned by the identity provider for registration or updating an existing user with new information..
|
|
rpc RetrieveIdentityProviderIntent (RetrieveIdentityProviderIntentRequest) returns (RetrieveIdentityProviderIntentResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/idp_intents/{idp_intent_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Add link to an identity provider to an user
|
|
//
|
|
// Add link to an identity provider to an user..
|
|
rpc AddIDPLink (AddIDPLinkRequest) returns (AddIDPLinkResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/links"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// List links to an identity provider of an user
|
|
//
|
|
// List links to an identity provider of an user.
|
|
rpc ListIDPLinks (ListIDPLinksRequest) returns (ListIDPLinksResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/links/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Remove link of an identity provider to an user
|
|
//
|
|
// Remove link of an identity provider to an user.
|
|
rpc RemoveIDPLink (RemoveIDPLinkRequest) returns (RemoveIDPLinkResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v2/users/{user_id}/links/{idp_id}/{linked_user_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Request a code to reset a password
|
|
//
|
|
// Request a code to reset a password..
|
|
rpc PasswordReset (PasswordResetRequest) returns (PasswordResetResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/password_reset"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Change password
|
|
//
|
|
// Change the password of a user with either a verification code or the current password..
|
|
rpc SetPassword (SetPasswordRequest) returns (SetPasswordResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/password"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// List all possible authentication methods of a user
|
|
//
|
|
// List all possible authentication methods of a user like password, passwordless, (T)OTP and more..
|
|
rpc ListAuthenticationMethodTypes (ListAuthenticationMethodTypesRequest) returns (ListAuthenticationMethodTypesResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v2/users/{user_id}/authentication_methods"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListAuthenticationFactors(ListAuthenticationFactorsRequest) returns (ListAuthenticationFactorsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/authentication_factors/_search"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
|
|
}
|
|
|
|
// Create an invite code for a user
|
|
//
|
|
// Create an invite code for a user to initialize their first authentication method (password, passkeys, IdP) depending on the organization's available methods.
|
|
// If an invite code has been created previously, it's url template and application name will be used as defaults for the new code.
|
|
// The new code will overwrite the previous one and make it invalid.
|
|
rpc CreateInviteCode (CreateInviteCodeRequest) returns (CreateInviteCodeResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/invite_code"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Resend an invite code for a user
|
|
//
|
|
// Deprecated: Use [CreateInviteCode](apis/resources/user_service_v2/user-service-create-invite-code.api.mdx) instead.
|
|
//
|
|
// Resend an invite code for a user to initialize their first authentication method (password, passkeys, IdP) depending on the organization's available methods.
|
|
// A resend is only possible if a code has been created previously and sent to the user. If there is no code or it was directly returned, an error will be returned.
|
|
rpc ResendInviteCode (ResendInviteCodeRequest) returns (ResendInviteCodeResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/invite_code/resend"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
deprecated: true;
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// Verify an invite code for a user
|
|
//
|
|
// Verify the invite code of a user previously issued. This will set their email to a verified state and
|
|
// allow the user to set up their first authentication method (password, passkeys, IdP) depending on the organization's available methods.
|
|
rpc VerifyInviteCode (VerifyInviteCodeRequest) returns (VerifyInviteCodeResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/invite_code/verify"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
// MFA Init Skipped
|
|
//
|
|
// Update the last time the user has skipped MFA initialization. The server timestamp is used.
|
|
rpc HumanMFAInitSkipped(HumanMFAInitSkippedRequest) returns (HumanMFAInitSkippedResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v2/users/{user_id}/mfa_init_skipped"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.protoc_gen_zitadel.v2.options) = {
|
|
auth_option: {
|
|
permission: "authenticated"
|
|
}
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
}
|
|
|
|
message AddHumanUserRequest{
|
|
reserved 3;
|
|
reserved "organisation";
|
|
// optionally set your own id unique for the user.
|
|
optional string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
|
|
}
|
|
];
|
|
// optionally set a unique username, if none is provided the email will be used.
|
|
optional string username = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"minnie-mouse\"";
|
|
}
|
|
];
|
|
zitadel.object.v2.Organization organization = 11;
|
|
SetHumanProfile profile = 4 [
|
|
(validate.rules).message.required = true,
|
|
(google.api.field_behavior) = REQUIRED
|
|
];
|
|
SetHumanEmail email = 5 [
|
|
(validate.rules).message.required = true,
|
|
(google.api.field_behavior) = REQUIRED
|
|
];
|
|
SetHumanPhone phone = 10;
|
|
repeated SetMetadataEntry metadata = 6;
|
|
oneof password_type {
|
|
Password password = 7;
|
|
HashedPassword hashed_password = 8;
|
|
}
|
|
repeated IDPLink idp_links = 9;
|
|
|
|
// An Implementation of RFC 6238 is used, with HMAC-SHA-1 and time-step of 30 seconds.
|
|
// Currently no other options are supported, and if anything different is used the validation will fail.
|
|
optional string totp_secret = 12 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddHumanUserResponse {
|
|
string user_id = 1;
|
|
zitadel.object.v2.Details details = 2;
|
|
optional string email_code = 3;
|
|
optional string phone_code = 4;
|
|
}
|
|
|
|
message GetUserByIDRequest {
|
|
reserved 2;
|
|
reserved "organization";
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
description: "User ID of the user you like to get."
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetUserByIDResponse {
|
|
//deprecated: details is moved into user
|
|
zitadel.object.v2.Details details = 1;
|
|
zitadel.user.v2.User user = 2;
|
|
}
|
|
|
|
message ListUsersRequest {
|
|
//list limitations and ordering
|
|
zitadel.object.v2.ListQuery query = 1;
|
|
// the field the result is sorted
|
|
zitadel.user.v2.UserFieldName sorting_column = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.user.v2.SearchQuery queries = 3;
|
|
}
|
|
|
|
message ListUsersResponse {
|
|
zitadel.object.v2.ListDetails details = 1;
|
|
zitadel.user.v2.UserFieldName sorting_column = 2;
|
|
repeated zitadel.user.v2.User result = 3;
|
|
}
|
|
|
|
message SetEmailRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string email = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200, email: true},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"mini@mouse.com\"";
|
|
}
|
|
];
|
|
// if no verification is specified, an email is sent with the default url
|
|
oneof verification {
|
|
SendEmailVerificationCode send_code = 3;
|
|
ReturnEmailVerificationCode return_code = 4;
|
|
bool is_verified = 5 [(validate.rules).bool.const = true];
|
|
}
|
|
}
|
|
|
|
message SetEmailResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
// in case the verification was set to return_code, the code will be returned
|
|
optional string verification_code = 2;
|
|
}
|
|
|
|
message ResendEmailCodeRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// if no verification is specified, an email is sent with the default url
|
|
oneof verification {
|
|
SendEmailVerificationCode send_code = 2;
|
|
ReturnEmailVerificationCode return_code = 3;
|
|
}
|
|
}
|
|
|
|
message ResendEmailCodeResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
// in case the verification was set to return_code, the code will be returned
|
|
optional string verification_code = 2;
|
|
}
|
|
|
|
message SendEmailCodeRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// if no verification is specified, an email is sent with the default url
|
|
oneof verification {
|
|
SendEmailVerificationCode send_code = 2;
|
|
ReturnEmailVerificationCode return_code = 3;
|
|
}
|
|
}
|
|
|
|
message SendEmailCodeResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
// in case the verification was set to return_code, the code will be returned
|
|
optional string verification_code = 2;
|
|
}
|
|
|
|
message VerifyEmailRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string verification_code = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 20},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 20;
|
|
example: "\"SKJd342k\"";
|
|
description: "\"the verification code generated during the set email request\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyEmailResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message SetPhoneRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string phone = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"+41791234567\"";
|
|
}
|
|
];
|
|
// if no verification is specified, an sms is sent
|
|
oneof verification {
|
|
SendPhoneVerificationCode send_code = 3;
|
|
ReturnPhoneVerificationCode return_code = 4;
|
|
bool is_verified = 5 [(validate.rules).bool.const = true];
|
|
}
|
|
}
|
|
|
|
message SetPhoneResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
// in case the verification was set to return_code, the code will be returned
|
|
optional string verification_code = 2;
|
|
}
|
|
|
|
message RemovePhoneRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemovePhoneResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message ResendPhoneCodeRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// if no verification is specified, an sms is sent
|
|
oneof verification {
|
|
SendPhoneVerificationCode send_code = 3;
|
|
ReturnPhoneVerificationCode return_code = 4;
|
|
}
|
|
}
|
|
|
|
message ResendPhoneCodeResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
// in case the verification was set to return_code, the code will be returned
|
|
optional string verification_code = 2;
|
|
}
|
|
|
|
message VerifyPhoneRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string verification_code = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 20},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 20;
|
|
example: "\"SKJd342k\"";
|
|
description: "\"the verification code generated during the set phone request\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyPhoneResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message DeleteUserRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}];
|
|
}
|
|
|
|
message DeleteUserResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message UpdateHumanUserRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
|
|
}
|
|
];
|
|
optional string username = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"minnie-mouse\"";
|
|
}
|
|
];
|
|
optional SetHumanProfile profile = 3;
|
|
optional SetHumanEmail email = 4;
|
|
optional SetHumanPhone phone = 5;
|
|
optional SetPassword password = 6;
|
|
}
|
|
|
|
message UpdateHumanUserResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
optional string email_code = 2;
|
|
optional string phone_code = 3;
|
|
}
|
|
|
|
message DeactivateUserRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message DeactivateUserResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
|
|
message ReactivateUserRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ReactivateUserResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message LockUserRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message LockUserResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message UnlockUserRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UnlockUserResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message RegisterPasskeyRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
optional PasskeyRegistrationCode code = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "\"one time code generated by ZITADEL; required to start the passkey registration without user authentication\"";
|
|
}
|
|
];
|
|
PasskeyAuthenticator authenticator = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "\"Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed.\"";
|
|
}
|
|
];
|
|
string domain = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "\"Domain on which the user is authenticated.\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RegisterPasskeyResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
string passkey_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"163840776835432705\""
|
|
}
|
|
];
|
|
google.protobuf.Struct public_key_credential_creation_options = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialcreationoptions"
|
|
example: "{\"publicKey\":{\"attestation\":\"none\",\"authenticatorSelection\":{\"userVerification\":\"required\"},\"challenge\":\"XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ\",\"excludeCredentials\":[{\"id\":\"tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI\",\"type\":\"public-key\"}],\"pubKeyCredParams\":[{\"alg\":-7,\"type\":\"public-key\"}],\"rp\":{\"id\":\"localhost\",\"name\":\"ZITADEL\"},\"timeout\":300000,\"user\":{\"displayName\":\"Tim Mohlmann\",\"id\":\"MjE1NTk4MDAwNDY0OTk4OTQw\",\"name\":\"tim\"}}}"
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyPasskeyRegistrationRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
string passkey_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
google.protobuf.Struct public_key_credential = 3 [
|
|
(validate.rules).message.required = true,
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "PublicKeyCredential Interface. Generated helper methods populate the field from JSON created by a WebauthN client. See also: https://www.w3.org/TR/webauthn/#publickeycredential";
|
|
example: "{\"type\":\"public-key\",\"id\":\"pawVarF4xPxLFmfCnRkwXWeTrKGzabcAi92LEI1WC00\",\"rawId\":\"pawVarF4xPxLFmfCnRkwXWeTrKGzabcAi92LEI1WC00\",\"response\":{\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgRKS3VpeE9tfExXRzkoUKnG4rQWPvtSSt4YtDGgTx32oCIQDPey-2YJ4uIg-QCM4jj6aE2U3tgMFM_RP7Efx6xRu3JGhhdXRoRGF0YVikSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFAAAAADju76085Yhmlt1CEOHkwLQAIKWsFWqxeMT8SxZnwp0ZMF1nk6yhs2m3AIvdixCNVgtNpQECAyYgASFYIMGUDSP2FAQn2MIfPMy7cyB_Y30VqixVgGULTBtFjfRiIlggjUGfQo3_-CrMmH3S-ZQkFKWKnNBQEAMkFtG-9A4zqW0\",\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiQlhXdHh0WGxJeFZZa0pHT1dVaUVmM25zby02aXZKdWw2YmNmWHdMVlFIayIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0OjgwODAifQ\"}}";
|
|
min_length: 55;
|
|
max_length: 1048576; //1 MB
|
|
}
|
|
];
|
|
string passkey_name = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"fido key\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyPasskeyRegistrationResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message RegisterU2FRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
string domain = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "\"Domain on which the user is authenticated.\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RegisterU2FResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
string u2f_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"163840776835432705\""
|
|
}
|
|
];
|
|
google.protobuf.Struct public_key_credential_creation_options = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialcreationoptions"
|
|
example: "{\"publicKey\":{\"attestation\":\"none\",\"authenticatorSelection\":{\"userVerification\":\"required\"},\"challenge\":\"XaMYwWOZ5hj6pwtwJJlpcI-ExkO5TxevBMG4R8DoKQQ\",\"excludeCredentials\":[{\"id\":\"tVp1QfYhT8DkyEHVrv7blnpAo2YJzbZgZNBf7zPs6CI\",\"type\":\"public-key\"}],\"pubKeyCredParams\":[{\"alg\":-7,\"type\":\"public-key\"}],\"rp\":{\"id\":\"localhost\",\"name\":\"ZITADEL\"},\"timeout\":300000,\"user\":{\"displayName\":\"Tim Mohlmann\",\"id\":\"MjE1NTk4MDAwNDY0OTk4OTQw\",\"name\":\"tim\"}}}"
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyU2FRegistrationRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
string u2f_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
google.protobuf.Struct public_key_credential = 3 [
|
|
(validate.rules).message.required = true,
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "PublicKeyCredential Interface. Generated helper methods populate the field from JSON created by a WebauthN client. See also: https://www.w3.org/TR/webauthn/#publickeycredential";
|
|
example: "{\"type\":\"public-key\",\"id\":\"pawVarF4xPxLFmfCnRkwXWeTrKGzabcAi92LEI1WC00\",\"rawId\":\"pawVarF4xPxLFmfCnRkwXWeTrKGzabcAi92LEI1WC00\",\"response\":{\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgRKS3VpeE9tfExXRzkoUKnG4rQWPvtSSt4YtDGgTx32oCIQDPey-2YJ4uIg-QCM4jj6aE2U3tgMFM_RP7Efx6xRu3JGhhdXRoRGF0YVikSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFAAAAADju76085Yhmlt1CEOHkwLQAIKWsFWqxeMT8SxZnwp0ZMF1nk6yhs2m3AIvdixCNVgtNpQECAyYgASFYIMGUDSP2FAQn2MIfPMy7cyB_Y30VqixVgGULTBtFjfRiIlggjUGfQo3_-CrMmH3S-ZQkFKWKnNBQEAMkFtG-9A4zqW0\",\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiQlhXdHh0WGxJeFZZa0pHT1dVaUVmM25zby02aXZKdWw2YmNmWHdMVlFIayIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0OjgwODAifQ\"}}";
|
|
min_length: 55;
|
|
max_length: 1048576; //1 MB
|
|
}
|
|
];
|
|
string token_name = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"fido key\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyU2FRegistrationResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message RemoveU2FRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string u2f_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveU2FResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message RegisterTOTPRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RegisterTOTPResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
string uri = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"otpauth://totp/ZITADEL:gigi@acme.zitadel.cloud?algorithm=SHA1&digits=6&issuer=ZITADEL&period=30&secret=TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK\"";
|
|
}
|
|
];
|
|
string secret = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyTOTPRegistrationRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
string code = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Code generated by TOTP app or device"
|
|
example: "\"123456\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyTOTPRegistrationResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message RemoveTOTPRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveTOTPResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message AddOTPSMSRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddOTPSMSResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message RemoveOTPSMSRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveOTPSMSResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message AddOTPEmailRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddOTPEmailResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message RemoveOTPEmailRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveOTPEmailResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message CreatePasskeyRegistrationLinkRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
// if no medium is specified, an email is sent with the default url
|
|
oneof medium {
|
|
SendPasskeyRegistrationLink send_link = 2;
|
|
ReturnPasskeyRegistrationCode return_code = 3;
|
|
}
|
|
}
|
|
|
|
message CreatePasskeyRegistrationLinkResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
// in case the medium was set to return_code, the code will be returned
|
|
optional PasskeyRegistrationCode code = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "\"one time code generated by ZITADEL; required to start the passkey registration without user authentication\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ListPasskeysRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ListPasskeysResponse {
|
|
zitadel.object.v2.ListDetails details = 1;
|
|
repeated Passkey result = 2;
|
|
}
|
|
|
|
message RemovePasskeyRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string passkey_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemovePasskeyResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message StartIdentityProviderIntentRequest{
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "ID for existing identity provider"
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
|
|
oneof content {
|
|
RedirectURLs urls = 2;
|
|
LDAPCredentials ldap = 3;
|
|
}
|
|
}
|
|
|
|
message StartIdentityProviderIntentResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
oneof next_step {
|
|
string auth_url = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "URL to which the client should redirect"
|
|
example: "\"https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback\"";
|
|
}
|
|
];
|
|
IDPIntent idp_intent = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "IDP Intent information"
|
|
}
|
|
];
|
|
bytes post_form = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "POST call information"
|
|
}
|
|
];
|
|
}
|
|
}
|
|
|
|
message RetrieveIdentityProviderIntentRequest{
|
|
string idp_intent_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "ID of the idp intent, previously returned on the success response of the IDP callback"
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"163840776835432705\"";
|
|
}
|
|
];
|
|
string idp_intent_token = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "token of the idp intent, previously returned on the success response of the IDP callback"
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RetrieveIdentityProviderIntentResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
IDPInformation idp_information = 2;
|
|
string user_id = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "ID of the user in ZITADEL if external user is linked"
|
|
example: "\"163840776835432345\"";
|
|
}
|
|
];
|
|
AddHumanUserRequest add_human_user = 4;
|
|
}
|
|
|
|
message AddIDPLinkRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
IDPLink idp_link = 2;
|
|
}
|
|
|
|
message AddIDPLinkResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message ListIDPLinksRequest{
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.object.v2.ListQuery query = 2;
|
|
}
|
|
|
|
message ListIDPLinksResponse{
|
|
zitadel.object.v2.ListDetails details = 1;
|
|
repeated IDPLink result = 2;
|
|
}
|
|
|
|
message RemoveIDPLinkRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string idp_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string linked_user_id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveIDPLinkResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message PasswordResetRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// if no medium is specified, an email is sent with the default url
|
|
oneof medium {
|
|
SendPasswordResetLink send_link = 2;
|
|
ReturnPasswordResetCode return_code = 3;
|
|
}
|
|
}
|
|
|
|
message PasswordResetResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
// in case the medium was set to return_code, the code will be returned
|
|
optional string verification_code = 2;
|
|
}
|
|
|
|
message SetPasswordRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
Password new_password = 2;
|
|
// if neither, the current password must be provided nor a verification code generated by the PasswordReset is provided,
|
|
// the user must be granted permission to set a password
|
|
oneof verification {
|
|
string current_password = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Secr3tP4ssw0rd!\"";
|
|
}
|
|
];
|
|
string verification_code = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 20},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 20;
|
|
example: "\"SKJd342k\"";
|
|
description: "\"the verification code generated during password reset request\"";
|
|
}
|
|
];
|
|
}
|
|
}
|
|
|
|
message SetPasswordResponse{
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message ListAuthenticationMethodTypesRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
optional DomainQuery domain_query = 2;
|
|
}
|
|
|
|
message DomainQuery {
|
|
// List also auth method types without domain information like passkey and U2F added through V1 APIs / Login UI.
|
|
bool include_without_domain = 1;
|
|
// List only auth methods with specific domain.
|
|
string domain = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"example.com\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ListAuthenticationMethodTypesResponse{
|
|
zitadel.object.v2.ListDetails details = 1;
|
|
repeated AuthenticationMethodType auth_method_types = 2;
|
|
}
|
|
|
|
enum AuthenticationMethodType {
|
|
AUTHENTICATION_METHOD_TYPE_UNSPECIFIED = 0;
|
|
AUTHENTICATION_METHOD_TYPE_PASSWORD = 1;
|
|
AUTHENTICATION_METHOD_TYPE_PASSKEY = 2;
|
|
AUTHENTICATION_METHOD_TYPE_IDP = 3;
|
|
AUTHENTICATION_METHOD_TYPE_TOTP = 4;
|
|
AUTHENTICATION_METHOD_TYPE_U2F = 5;
|
|
AUTHENTICATION_METHOD_TYPE_OTP_SMS = 6;
|
|
AUTHENTICATION_METHOD_TYPE_OTP_EMAIL = 7;
|
|
}
|
|
|
|
message ListAuthenticationFactorsRequest{
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
repeated AuthFactors auth_factors = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Specify the Auth Factors you are interested in"
|
|
default: "All Auth Factors"
|
|
}
|
|
];
|
|
repeated AuthFactorState states = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Specify the state of the Auth Factors"
|
|
default: "Auth Factors that are ready"
|
|
}
|
|
];
|
|
}
|
|
|
|
enum AuthFactors {
|
|
OTP = 0;
|
|
OTP_SMS = 1;
|
|
OTP_EMAIL = 2;
|
|
U2F = 3;
|
|
}
|
|
|
|
message ListAuthenticationFactorsResponse {
|
|
repeated zitadel.user.v2.AuthFactor result = 1;
|
|
}
|
|
|
|
message CreateInviteCodeRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
// if no verification is specified, an email is sent with the default url and application name (ZITADEL)
|
|
oneof verification {
|
|
SendInviteCode send_code = 2;
|
|
ReturnInviteCode return_code = 3;
|
|
}
|
|
}
|
|
|
|
message CreateInviteCodeResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
// The invite code is returned if the verification was set to return_code.
|
|
optional string invite_code = 2;
|
|
}
|
|
message ResendInviteCodeRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ResendInviteCodeResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message VerifyInviteCodeRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string verification_code = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 20},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 20;
|
|
example: "\"SKJd342k\"";
|
|
description: "\"the verification code generated during the invite code request\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message VerifyInviteCodeResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message HumanMFAInitSkippedRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message HumanMFAInitSkippedResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|