mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-08 14:07:40 +00:00
aa9518ac02
* integrate docs into nav * generator for local use, production needs to be set by env * fix typo * local dev * docs: annotate the first user endpoints in the management api * docs: annotate the first user endpoints in the management api * docs: annotate the first user endpoints in the management api * docs: annotate the first user endpoints in the management api * docs: add header params * rewrite docs links and improve ci * tweak build command * fix path * Update docs/docusaurus.config.js Co-authored-by: Max Peintner <max@caos.ch> * fix docker * docs: add header params * docs: Add tags to management api. add some descriptions * docs: more descriptions * docs: more descriptions * docs: required fields * docs: example request * docs: example request * docs: example request * docs: example request * docs: example request * docs: user metadata requests * docs: user requests * docs: user requests * docs: user requests * docs: user requests * docs: change nav add first methods to authentication api * docs: auth api * docs: auth api * docs: auth api * docs: auth api * docs: auth api * docs: api sidenav * chore: use buf without docker * fix deploy * fix ci * fix vercel * docs: admin * docs: admin api docs * docs: admin api docs * docs: admin api docs * docs: admin api docs * docs: security * docs: security * docs: admin api * docs: change to env vars * docs: auth api * docs: remove assets, deprecated requests, menu * reworked page with PaloAltoNetworks/docusaurus-openapi-docs * works with the resolutions * fix broken build by adding assets again * add tags to menu * chore: improve build speed * no-minify * test ssr * ssr 20 * use lazy * increase mem * use default mem * change names * docs: remove assets, deprecated requests, menu * docs: management api * docs: management api * docs: management api * docs: sidebar * not the best word smithing but it is ;-) * more typos * merge main * fix some error * trial * update grpc gateway * trigger vercel build * docs: deprecated requests * docs: deprecated requests --------- Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com> Co-authored-by: Max Peintner <max@caos.ch>
229 lines
7.5 KiB
Protocol Buffer
229 lines
7.5 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "zitadel/object.proto";
|
|
import "zitadel/message.proto";
|
|
import "google/protobuf/duration.proto";
|
|
import "validate/validate.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
|
|
package zitadel.app.v1;
|
|
|
|
option go_package ="github.com/zitadel/zitadel/pkg/grpc/app";
|
|
|
|
message App {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
AppState state = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "current state of the application";
|
|
}
|
|
];
|
|
string name = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Console\"";
|
|
}
|
|
];
|
|
oneof config {
|
|
OIDCConfig oidc_config = 5;
|
|
APIConfig api_config = 6;
|
|
SAMLConfig saml_config = 7;
|
|
}
|
|
}
|
|
|
|
enum AppState {
|
|
APP_STATE_UNSPECIFIED = 0;
|
|
APP_STATE_ACTIVE = 1;
|
|
APP_STATE_INACTIVE = 2;
|
|
}
|
|
|
|
message AppQuery {
|
|
oneof query {
|
|
option (validate.required) = true;
|
|
|
|
AppNameQuery name_query = 1;
|
|
}
|
|
}
|
|
|
|
message AppNameQuery {
|
|
string name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Conso\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message OIDCConfig {
|
|
reserved "client_secret";
|
|
reserved 6;
|
|
repeated string redirect_uris = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/auth/callback\"]";
|
|
description: "Callback URI of the authorization request where the code or tokens will be sent to";
|
|
}
|
|
];
|
|
repeated OIDCResponseType response_types = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Determines whether a code, id_token token or just id_token will be returned"
|
|
}
|
|
];
|
|
repeated OIDCGrantType grant_types = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "The flow type the application uses to gain access";
|
|
}
|
|
];
|
|
OIDCAppType app_type = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "determines the paradigm of the application";
|
|
}
|
|
];
|
|
string client_id = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334@ZITADEL\"";
|
|
description: "generated oauth2/oidc client id";
|
|
}
|
|
];
|
|
OIDCAuthMethodType auth_method_type = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines how the application passes login credentials";
|
|
}
|
|
];
|
|
repeated string post_logout_redirect_uris = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/logout\"]";
|
|
description: "ZITADEL will redirect to this link after a successful logout";
|
|
}
|
|
];
|
|
OIDCVersion version = 9 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the OIDC version used by the application";
|
|
}
|
|
];
|
|
bool none_compliant = 10 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "specifies whether the config is OIDC compliant. A production configuration SHOULD be compliant";
|
|
}
|
|
];
|
|
repeated zitadel.v1.LocalizedMessage compliance_problems = 11 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "lists the problems for non-compliancy";
|
|
}
|
|
];
|
|
bool dev_mode = 12 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "used for development";
|
|
}
|
|
];
|
|
OIDCTokenType access_token_type = 13 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "type of the access token returned from ZITADEL";
|
|
}
|
|
];
|
|
bool access_token_role_assertion = 14 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes";
|
|
}
|
|
];
|
|
bool id_token_role_assertion = 15 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "adds roles to the claims of the id token even if they are not requested by scopes";
|
|
}
|
|
];
|
|
bool id_token_userinfo_assertion = 16 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification";
|
|
}
|
|
];
|
|
google.protobuf.Duration clock_skew = 17 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims";
|
|
// min: "0s";
|
|
// max: "5s";
|
|
}
|
|
];
|
|
repeated string additional_origins = 18 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/auth/callback\"]";
|
|
description: "additional origins (other than the redirect_uris) from where the API can be used";
|
|
}
|
|
];
|
|
repeated string allowed_origins = 19 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/auth/callback\"]";
|
|
description: "all allowed origins from where the API can be used";
|
|
}
|
|
];
|
|
}
|
|
|
|
enum OIDCResponseType {
|
|
OIDC_RESPONSE_TYPE_CODE = 0;
|
|
OIDC_RESPONSE_TYPE_ID_TOKEN = 1;
|
|
OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN = 2;
|
|
}
|
|
|
|
enum OIDCGrantType{
|
|
OIDC_GRANT_TYPE_AUTHORIZATION_CODE = 0;
|
|
OIDC_GRANT_TYPE_IMPLICIT = 1;
|
|
OIDC_GRANT_TYPE_REFRESH_TOKEN = 2;
|
|
}
|
|
|
|
enum OIDCAppType {
|
|
OIDC_APP_TYPE_WEB = 0;
|
|
OIDC_APP_TYPE_USER_AGENT = 1;
|
|
OIDC_APP_TYPE_NATIVE = 2;
|
|
}
|
|
|
|
enum OIDCAuthMethodType {
|
|
OIDC_AUTH_METHOD_TYPE_BASIC = 0;
|
|
OIDC_AUTH_METHOD_TYPE_POST = 1;
|
|
OIDC_AUTH_METHOD_TYPE_NONE = 2;
|
|
OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT = 3;
|
|
}
|
|
|
|
enum OIDCVersion {
|
|
OIDC_VERSION_1_0 = 0;
|
|
}
|
|
|
|
enum OIDCTokenType {
|
|
OIDC_TOKEN_TYPE_BEARER = 0;
|
|
OIDC_TOKEN_TYPE_JWT = 1;
|
|
}
|
|
|
|
message SAMLConfig {
|
|
oneof metadata{
|
|
bytes metadata_xml = 1;
|
|
string metadata_url = 2;
|
|
}
|
|
}
|
|
|
|
enum APIAuthMethodType {
|
|
API_AUTH_METHOD_TYPE_BASIC = 0;
|
|
API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT = 1;
|
|
}
|
|
|
|
message APIConfig {
|
|
reserved "client_secret";
|
|
reserved 2;
|
|
string client_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334@ZITADEL\"";
|
|
description: "generated oauth2/oidc client_id";
|
|
}
|
|
];
|
|
APIAuthMethodType auth_method_type = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines how the API passes the login credentials";
|
|
}
|
|
];
|
|
}
|