TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-03 04:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8883d74e3de764ab0099331740cec8456948ea33
zitadel/proto/zitadel/admin.proto
Livio Amstutz b6b5b1b782 feat: jwt as idp (#2363) 
* feat: jwt idp

* feat: command side

* feat: add tests

* fill idp views with jwt idps and return apis

* add jwtEndpoint to jwt idp

* begin jwt request handling

* merge

* handle jwt idp

* cleanup

* fixes

* autoregister

* get token from specific header name

* error handling

* fix texts

* handle renderExternalNotFoundOption

Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2021-09-14 15:15:01 +02:00

3836 lines
126 KiB
Protocol Buffer
Raw Blame History

syntax = "proto3";
import "zitadel/idp.proto";
import "zitadel/user.proto";
import "zitadel/object.proto";
import "zitadel/options.proto";
import "zitadel/org.proto";
import "zitadel/policy.proto";
import "zitadel/text.proto";
import "zitadel/member.proto";
import "zitadel/features.proto";
import "google/api/annotations.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/duration.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
import "validate/validate.proto";
package zitadel.admin.v1;
option go_package ="github.com/caos/zitadel/pkg/grpc/admin";
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
info: {
title: "Administration API aka Admin";
version: "1.0";
description: "This API is intended to configure and manage the IAM itself.";
contact:{
name: "CAOS developers of ZITADEL"
url: "https://zitadel.ch"
email: "hi@zitadel.ch"
}
license: {
name: "Apache 2.0",
url: "https://github.com/caos/zitadel/blob/main/LICENSE";
};
};
schemes: HTTPS;
schemes: HTTP;
consumes: "application/json";
consumes: "application/grpc";
produces: "application/json";
produces: "application/grpc";
host: "api.zitadel.io";
base_path: "/admin/v1";
security_definitions: {
security: {
key: "BasicAuth";
value: {
type: TYPE_BASIC;
}
}
security: {
key: "OAuth2";
value: {
type: TYPE_OAUTH2;
flow: FLOW_ACCESS_CODE;
authorization_url: "https://accounts.zitadel.io/oauth/v2/authorize";
token_url: "https://api.zitadel.io/oauth/v2/token";
scopes: {
scope: {
key: "openid";
value: "openid";
}
scope: {
key: "urn:zitadel:iam:org:project:id:100992085158584780:aud";
value: "urn:zitadel:iam:org:project:id:100992085158584780:aud";
}
}
}
}
}
security: {
security_requirement: {
key: "OAuth2";
value: {
scope: "openid";
scope: "urn:zitadel:iam:org:project:id:100992085158584780:aud";
}
}
}
responses: {
key: "403";
value: {
description: "Returned when the user does not have permission to access the resource.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
}
}
}
}
responses: {
key: "404";
value: {
description: "Returned when the resource does not exist.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
}
}
}
}
extensions: {
key: "x-zitadel-orgid";
value: {
string_value: "your-org-id";
}
}
};
service AdminService {
//Indicates if ZITADEL is running.
// It respondes as soon as ZITADEL started
rpc Healthz(HealthzRequest) returns (HealthzResponse) {
option (google.api.http) = {
get: "/healthz";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "probes";
responses: {
key: "200";
value: {
description: "ZITADEL started";
};
}
responses: {
key: "default";
value: {
description: "ZITADEL NOT started yet";
};
}
};
}
// Returns the default languages
rpc GetSupportedLanguages(GetSupportedLanguagesRequest) returns (GetSupportedLanguagesResponse) {
option (google.api.http) = {
get: "/languages";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
}
//Checks whether an organisation exists by the given parameters
rpc IsOrgUnique(IsOrgUniqueRequest) returns (IsOrgUniqueResponse) {
option (google.api.http) = {
get: "/orgs/_is_unique";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "orgs";
tags: "global";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Organizations";
description: "detailed information about organizations";
};
responses: {
key: "200";
value: {
description: "ZITADEL started";
};
};
responses: {
key: "default";
value: {
description: "ZITADEL NOT started yet";
};
};
};
}
// Returns an organisation by id
rpc GetOrgByID(GetOrgByIDRequest) returns (GetOrgByIDResponse) {
option (google.api.http) = {
get: "/orgs/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "orgs";
tags: "global";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Organizations";
description: "detailed information about organizations";
};
responses: {
key: "200";
value: {
description: "requested org found";
};
};
};
}
//Returns all organisations matching the request
// all queries need to match (AND)
rpc ListOrgs(ListOrgsRequest) returns (ListOrgsResponse) {
option (google.api.http) = {
post: "/orgs/_search";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "orgs";
tags: "global";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Organizations";
description: "detailed information about organizations";
};
responses: {
key: "200";
value: {
description: "list of organisations matching the query";
};
};
responses: {
key: "400";
value: {
description: "invalid list query";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Creates a new org and user
// and adds the user to the orgs members as ORG_OWNER
rpc SetUpOrg(SetUpOrgRequest) returns (SetUpOrgResponse) {
option (google.api.http) = {
post: "/orgs/_setup";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "orgs";
tags: "global";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Organizations";
description: "detailed information about organizations";
};
responses: {
key: "200";
value: {
description: "org, user and user membership were created successfully";
};
};
responses: {
key: "400";
value: {
description: "invalid org or user";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
// Returns a identity provider configuration of the IAM
rpc GetIDPByID(GetIDPByIDRequest) returns (GetIDPByIDResponse) {
option (google.api.http) = {
get: "/idps/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "idp found";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
// Returns all identity provider configurations of the IAM
rpc ListIDPs(ListIDPsRequest) returns (ListIDPsResponse) {
option (google.api.http) = {
post: "/idps/_search";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "idps found";
};
};
responses: {
key: "400";
value: {
description: "invalid query";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
// Adds a new oidc identity provider configuration the IAM
rpc AddOIDCIDP(AddOIDCIDPRequest) returns (AddOIDCIDPResponse) {
option (google.api.http) = {
post: "/idps/oidc";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
tags: "oidc";
external_docs: {
url: "https://docs.zitadel.ch/concepts#OpenID_Connect_1_0_and_OAuth_2_0";
description: "detailed descriptions about oidc configuration";
};
responses: {
key: "200";
value: {
description: "idp created";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
// Adds a new jwt identity provider configuration the IAM
rpc AddJWTIDP(AddJWTIDPRequest) returns (AddJWTIDPResponse) {
option (google.api.http) = {
post: "/idps/jwt";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
tags: "jwt";
responses: {
key: "200";
value: {
description: "idp created";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Updates the specified idp
// all fields are updated. If no value is provided the field will be empty afterwards.
rpc UpdateIDP(UpdateIDPRequest) returns (UpdateIDPResponse) {
option (google.api.http) = {
put: "/idps/{idp_id}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "idp updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Sets the state of the idp to IDP_STATE_INACTIVE
// the state MUST be IDP_STATE_ACTIVE for this call
rpc DeactivateIDP(DeactivateIDPRequest) returns (DeactivateIDPResponse) {
option (google.api.http) = {
post: "/idps/{idp_id}/_deactivate";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "idp deactivated";
};
};
responses: {
key: "400";
value: {
description: "unable to deactivate idp";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Sets the state of the idp to IDP_STATE_ACTIVE
// the state MUST be IDP_STATE_INACTIVE for this call
rpc ReactivateIDP(ReactivateIDPRequest) returns (ReactivateIDPResponse) {
option (google.api.http) = {
post: "/idps/{idp_id}/_reactivate";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "idp reactivated";
};
};
responses: {
key: "400";
value: {
description: "unable to reactivate idp";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//RemoveIDP deletes the IDP permanetly
rpc RemoveIDP(RemoveIDPRequest) returns (RemoveIDPResponse) {
option (google.api.http) = {
delete: "/idps/{idp_id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "idp removed";
};
};
responses: {
key: "400";
value: {
description: "unable to remove idp";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Updates the oidc configuration of the specified idp
// all fields are updated. If no value is provided the field will be empty afterwards.
rpc UpdateIDPOIDCConfig(UpdateIDPOIDCConfigRequest) returns (UpdateIDPOIDCConfigResponse) {
option (google.api.http) = {
put: "/idps/{idp_id}/oidc_config";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
tags: "oidc";
external_docs: {
url: "https://docs.zitadel.ch/concepts#OpenID_Connect_1_0_and_OAuth_2_0";
description: "detailed descriptions about oidc configuration";
};
responses: {
key: "200";
value: {
description: "oidc config updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
responses: {
key: "409";
value: {
description: "precondition failed";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Updates the jwt configuration of the specified idp
// all fields are updated. If no value is provided the field will be empty afterwards.
rpc UpdateIDPJWTConfig(UpdateIDPJWTConfigRequest) returns (UpdateIDPJWTConfigResponse) {
option (google.api.http) = {
put: "/idps/{idp_id}/jwt_config";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "identity provider";
tags: "jwt";
responses: {
key: "200";
value: {
description: "jwt config updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
responses: {
key: "409";
value: {
description: "precondition failed";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc GetDefaultFeatures(GetDefaultFeaturesRequest) returns (GetDefaultFeaturesResponse) {
option(google.api.http) = {
get: "/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.read"
};
}
rpc SetDefaultFeatures(SetDefaultFeaturesRequest) returns (SetDefaultFeaturesResponse) {
option(google.api.http) = {
put: "/features"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
rpc GetOrgFeatures(GetOrgFeaturesRequest) returns (GetOrgFeaturesResponse) {
option(google.api.http) = {
get: "/orgs/{org_id}/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.read"
};
}
rpc SetOrgFeatures(SetOrgFeaturesRequest) returns (SetOrgFeaturesResponse) {
option(google.api.http) = {
put: "/orgs/{org_id}/features"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
rpc ResetOrgFeatures(ResetOrgFeaturesRequest) returns (ResetOrgFeaturesResponse) {
option(google.api.http) = {
delete: "/orgs/{org_id}/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
//Returns the IAM policy defined by the administrators of ZITADEL
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
option (google.api.http) = {
get: "/policies/orgiam";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "org iam policy";
tags: "policy";
external_docs: {
url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference";
description: "detailed information about the org iam policy";
};
responses: {
key: "200";
value: {
description: "default org iam policy";
};
};
};
}
//Updates the default IAM policy.
// it impacts all organisations without a customised policy
rpc UpdateOrgIAMPolicy(UpdateOrgIAMPolicyRequest) returns (UpdateOrgIAMPolicyResponse) {
option (google.api.http) = {
put: "/policies/orgiam";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "org iam policy";
tags: "policy";
external_docs: {
url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference";
description: "detailed information about the org iam policy";
};
responses: {
key: "200";
value: {
description: "default org iam policy updated";
};
};
};
}
//Returns the customised policy or the default if not customised
rpc GetCustomOrgIAMPolicy(GetCustomOrgIAMPolicyRequest) returns (GetCustomOrgIAMPolicyResponse) {
option (google.api.http) = {
get: "/orgs/{org_id}/policies/orgiam";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "org iam policy";
tags: "policy";
external_docs: {
url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference";
description: "detailed information about the org iam policy";
};
responses: {
key: "200";
value: {
description: "org iam policy of the org or the default policy if not customized";
};
};
};
}
//Defines a custom ORGIAM policy as specified
rpc AddCustomOrgIAMPolicy(AddCustomOrgIAMPolicyRequest) returns (AddCustomOrgIAMPolicyResponse) {
option (google.api.http) = {
post: "/orgs/{org_id}/policies/orgiam";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "org iam policy";
tags: "policy";
external_docs: {
url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference";
description: "detailed information about the org iam policy";
};
responses: {
key: "200";
value: {
description: "org iam policy created";
};
};
};
}
//Updates a custom ORGIAM policy as specified
rpc UpdateCustomOrgIAMPolicy(UpdateCustomOrgIAMPolicyRequest) returns (UpdateCustomOrgIAMPolicyResponse) {
option (google.api.http) = {
put: "/orgs/{org_id}/policies/orgiam";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "org iam policy";
tags: "policy";
external_docs: {
url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference";
description: "detailed information about the org iam policy";
};
responses: {
key: "200";
value: {
description: "org iam policy updated";
};
};
};
}
//Resets the org iam policy of the organisation to default
// ZITADEL will fallback to the default policy defined by the ZITADEL administrators
rpc ResetCustomOrgIAMPolicyToDefault(ResetCustomOrgIAMPolicyToDefaultRequest) returns (ResetCustomOrgIAMPolicyToDefaultResponse) {
option (google.api.http) = {
delete: "/orgs/{org_id}/policies/orgiam";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "org iam policy";
tags: "policy";
external_docs: {
url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference";
description: "detailed information about the org iam policy";
};
responses: {
key: "200";
value: {
description: "resets the custom org iam policy to the default policy";
};
};
};
}
//Returns the label policy defined by the administrators of ZITADEL
rpc GetLabelPolicy(GetLabelPolicyRequest) returns (GetLabelPolicyResponse) {
option (google.api.http) = {
get: "/policies/label";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "label policy";
tags: "policy";
responses: {
key: "200";
value: {
description: "default label policy";
};
};
};
}
//Returns the preview label policy defined by the administrators of ZITADEL
rpc GetPreviewLabelPolicy(GetPreviewLabelPolicyRequest) returns (GetPreviewLabelPolicyResponse) {
option (google.api.http) = {
get: "/policies/label/_preview";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "label policy";
tags: "policy";
responses: {
key: "200";
value: {
description: "default label policy";
};
};
};
}
//Updates the default label policy of ZITADEL
// it impacts all organisations without a customised policy
rpc UpdateLabelPolicy(UpdateLabelPolicyRequest) returns (UpdateLabelPolicyResponse) {
option (google.api.http) = {
put: "/policies/label";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "label policy";
tags: "policy";
responses: {
key: "200";
value: {
description: "default label policy updated";
};
};
};
}
// Activates all changes of the label policy
rpc ActivateLabelPolicy(ActivateLabelPolicyRequest) returns (ActivateLabelPolicyResponse) {
option (google.api.http) = {
post: "/policies/label/_activate"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
}
// Removes the logo of the label policy
rpc RemoveLabelPolicyLogo(RemoveLabelPolicyLogoRequest) returns (RemoveLabelPolicyLogoResponse) {
option (google.api.http) = {
delete: "/policies/label/logo"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
}
// Removes the logo dark of the label policy
rpc RemoveLabelPolicyLogoDark(RemoveLabelPolicyLogoDarkRequest) returns (RemoveLabelPolicyLogoDarkResponse) {
option (google.api.http) = {
delete: "/policies/label/logo_dark"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
}
// Removes the icon of the label policy
rpc RemoveLabelPolicyIcon(RemoveLabelPolicyIconRequest) returns (RemoveLabelPolicyIconResponse) {
option (google.api.http) = {
delete: "/policies/label/icon"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
}
// Removes the logo dark of the label policy
rpc RemoveLabelPolicyIconDark(RemoveLabelPolicyIconDarkRequest) returns (RemoveLabelPolicyIconDarkResponse) {
option (google.api.http) = {
delete: "/policies/label/icon_dark"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
}
// Removes the font of the label policy
rpc RemoveLabelPolicyFont(RemoveLabelPolicyFontRequest) returns (RemoveLabelPolicyFontResponse) {
option (google.api.http) = {
delete: "/policies/label/font"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
}
//Returns the login policy defined by the administrators of ZITADEL
rpc GetLoginPolicy(GetLoginPolicyRequest) returns (GetLoginPolicyResponse) {
option (google.api.http) = {
get: "/policies/login";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "login policy";
tags: "policy";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Login_Options";
description: "detailed information about the login policy";
};
responses: {
key: "200";
value: {
description: "default login policy";
};
};
};
}
//Updates the default login policy of ZITADEL
// it impacts all organisations without a customised policy
rpc UpdateLoginPolicy(UpdateLoginPolicyRequest) returns (UpdateLoginPolicyResponse) {
option (google.api.http) = {
put: "/policies/login";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "login policy";
tags: "policy";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Login_Options";
description: "detailed information about the login policy";
};
responses: {
key: "200";
value: {
description: "default login policy updated";
};
};
};
}
//Returns the idps linked to the default login policy,
// defined by the administrators of ZITADEL
rpc ListLoginPolicyIDPs(ListLoginPolicyIDPsRequest) returns (ListLoginPolicyIDPsResponse) {
option (google.api.http) = {
post: "/policies/login/idps/_search";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "login policy";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "identity poviders of default login policy";
};
};
};
}
//Adds the povided idp to the default login policy.
// It impacts all organisations without a customised policy
rpc AddIDPToLoginPolicy(AddIDPToLoginPolicyRequest) returns (AddIDPToLoginPolicyResponse) {
option (google.api.http) = {
post: "/policies/login/idps";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "login policy";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "identity poviders added to default login policy";
};
};
};
}
//Removes the povided idp from the default login policy.
// It impacts all organisations without a customised policy
rpc RemoveIDPFromLoginPolicy(RemoveIDPFromLoginPolicyRequest) returns (RemoveIDPFromLoginPolicyResponse) {
option (google.api.http) = {
delete: "/policies/login/idps/{idp_id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "login policy";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "identity poviders removed from default login policy";
};
};
};
}
//Returns the available second factors defined by the administrators of ZITADEL
rpc ListLoginPolicySecondFactors(ListLoginPolicySecondFactorsRequest) returns (ListLoginPolicySecondFactorsResponse) {
option (google.api.http) = {
post: "/policies/login/second_factors/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "second factor";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "second factors of default login policy";
};
};
};
}
//Adds a second factor to the default login policy.
// It impacts all organisations without a customised policy
rpc AddSecondFactorToLoginPolicy(AddSecondFactorToLoginPolicyRequest) returns (AddSecondFactorToLoginPolicyResponse) {
option (google.api.http) = {
post: "/policies/login/second_factors";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "second factor";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "second factor added to default login policy";
};
};
responses: {
key: "400";
value: {
description: "invalid second factor type";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Removes a second factor from the default login policy.
// It impacts all organisations without a customised policy
rpc RemoveSecondFactorFromLoginPolicy(RemoveSecondFactorFromLoginPolicyRequest) returns (RemoveSecondFactorFromLoginPolicyResponse) {
option (google.api.http) = {
delete: "/policies/login/second_factors/{type}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "second factor";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "second factor removed from default login policy";
};
};
responses: {
key: "400";
value: {
description: "invalid second factor type";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Returns the available multi factors defined by the administrators of ZITADEL
rpc ListLoginPolicyMultiFactors(ListLoginPolicyMultiFactorsRequest) returns (ListLoginPolicyMultiFactorsResponse) {
option (google.api.http) = {
post: "/policies/login/multi_factors/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "multi factor";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "multi factors of default login policy";
};
};
};
}
//Adds a multi factor to the default login policy.
// It impacts all organisations without a customised policy
rpc AddMultiFactorToLoginPolicy(AddMultiFactorToLoginPolicyRequest) returns (AddMultiFactorToLoginPolicyResponse) {
option (google.api.http) = {
post: "/policies/login/multi_factors";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "multi factor";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "multi factor added to default login policy";
};
};
responses: {
key: "400";
value: {
description: "invalid multi factor type";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Removes a multi factor from the default login policy.
// It impacts all organisations without a customised policy
rpc RemoveMultiFactorFromLoginPolicy(RemoveMultiFactorFromLoginPolicyRequest) returns (RemoveMultiFactorFromLoginPolicyResponse) {
option (google.api.http) = {
delete: "/policies/login/multi_factors/{type}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "multi factor";
tags: "policy";
tags: "identity provider";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Identity_Providers";
description: "detailed information about identity providers";
};
responses: {
key: "200";
value: {
description: "second factor removed from default login policy";
};
};
responses: {
key: "400";
value: {
description: "multi factor type not defined on policy";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Returns the password complexity policy defined by the administrators of ZITADEL
rpc GetPasswordComplexityPolicy(GetPasswordComplexityPolicyRequest) returns (GetPasswordComplexityPolicyResponse) {
option (google.api.http) = {
get: "/policies/password/complexity";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "policy";
tags: "password policy";
tags: "password complexity";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Password_complexity";
description: "detailed information about the password complexity policy";
};
responses: {
key: "200";
value: {
description: "default password complexity policy";
};
};
};
}
//Updates the default password complexity policy of ZITADEL
// it impacts all organisations without a customised policy
rpc UpdatePasswordComplexityPolicy(UpdatePasswordComplexityPolicyRequest) returns (UpdatePasswordComplexityPolicyResponse) {
option (google.api.http) = {
put: "/policies/password/complexity";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "policy";
tags: "password policy";
tags: "password complexity";
external_docs: {
url: "https://docs.zitadel.ch/administrate#Password_complexity";
description: "detailed information about the password complexity policy";
};
responses: {
key: "200";
value: {
description: "default password complexity policy updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Returns the password age policy defined by the administrators of ZITADEL
rpc GetPasswordAgePolicy(GetPasswordAgePolicyRequest) returns (GetPasswordAgePolicyResponse) {
option (google.api.http) = {
get: "/policies/password/age";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "policy";
tags: "password policy";
tags: "password age";
responses: {
key: "200";
value: {
description: "default password age policy";
};
};
};
}
//Updates the default password age policy of ZITADEL
// it impacts all organisations without a customised policy
rpc UpdatePasswordAgePolicy(UpdatePasswordAgePolicyRequest) returns (UpdatePasswordAgePolicyResponse) {
option (google.api.http) = {
put: "/policies/password/age";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "policy";
tags: "password policy";
tags: "password age";
responses: {
key: "200";
value: {
description: "default password age policy updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Returns the lockout policy defined by the administrators of ZITADEL
rpc GetLockoutPolicy(GetLockoutPolicyRequest) returns (GetLockoutPolicyResponse) {
option (google.api.http) = {
get: "/policies/lockout";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "policy";
tags: "lockout policy";
responses: {
key: "200";
value: {
description: "default lockout policy";
};
};
};
}
//Updates the default lockout policy of ZITADEL
// it impacts all organisations without a customised policy
rpc UpdateLockoutPolicy(UpdateLockoutPolicyRequest) returns (UpdateLockoutPolicyResponse) {
option (google.api.http) = {
put: "/policies/password/lockout";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
}
//Returns the privacy policy defined by the administrators of ZITADEL
rpc GetPrivacyPolicy(GetPrivacyPolicyRequest) returns (GetPrivacyPolicyResponse) {
option (google.api.http) = {
get: "/policies/privacy";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "policy";
tags: "privacy policy";
tags: "privacy";
responses: {
key: "200";
value: {
description: "default privacy policy";
};
};
};
}
//Updates the default privacy policy of ZITADEL
// it impacts all organisations without a customised policy
rpc UpdatePrivacyPolicy(UpdatePrivacyPolicyRequest) returns (UpdatePrivacyPolicyResponse) {
option (google.api.http) = {
put: "/policies/privacy";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "policy";
tags: "privacy policy";
tags: "privacy";
responses: {
key: "200";
value: {
description: "default privacy policy updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Returns the default text for initial message (translation file)
rpc GetDefaultInitMessageText(GetDefaultInitMessageTextRequest) returns (GetDefaultInitMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/init/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Returns the custom text for initial message (overwritten in eventstore)
rpc GetCustomInitMessageText(GetCustomInitMessageTextRequest) returns (GetCustomInitMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/init/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Sets the default custom text for initial message
// it impacts all organisations without customized initial message text
// The Following Variables can be used:
// {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}}
rpc SetDefaultInitMessageText(SetDefaultInitMessageTextRequest) returns (SetDefaultInitMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/init/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
}
//Returns the default text for password reset message (translation file)
rpc GetDefaultPasswordResetMessageText(GetDefaultPasswordResetMessageTextRequest) returns (GetDefaultPasswordResetMessageTextResponse) {
option (google.api.http) = {
get: "/text/deafult/message/passwordreset/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Returns the custom text for password reset message (overwritten in eventstore)
rpc GetCustomPasswordResetMessageText(GetCustomPasswordResetMessageTextRequest) returns (GetCustomPasswordResetMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/passwordreset/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Sets the default custom text for password reset message
// it impacts all organisations without customized password reset message text
// The Following Variables can be used:
// {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}}
rpc SetDefaultPasswordResetMessageText(SetDefaultPasswordResetMessageTextRequest) returns (SetDefaultPasswordResetMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/passwordreset/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
}
//Returns the default text for verify email message (translation files)
rpc GetDefaultVerifyEmailMessageText(GetDefaultVerifyEmailMessageTextRequest) returns (GetDefaultVerifyEmailMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/verifyemail/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Returns the custom text for verify email message (overwritten in eventstore)
rpc GetCustomVerifyEmailMessageText(GetCustomVerifyEmailMessageTextRequest) returns (GetCustomVerifyEmailMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/verifyemail/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Sets the default custom text for verify email message
// it impacts all organisations without customized verify email message text
// The Following Variables can be used:
// {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}}
rpc SetDefaultVerifyEmailMessageText(SetDefaultVerifyEmailMessageTextRequest) returns (SetDefaultVerifyEmailMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/verifyemail/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
}
//Returns the default text for verify phone message (translation file)
rpc GetDefaultVerifyPhoneMessageText(GetDefaultVerifyPhoneMessageTextRequest) returns (GetDefaultVerifyPhoneMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/verifyphone/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Returns the custom text for verify phone message
rpc GetCustomVerifyPhoneMessageText(GetCustomVerifyPhoneMessageTextRequest) returns (GetCustomVerifyPhoneMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/verifyphone/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Sets the default custom text for verify phone message
// it impacts all organisations without customized verify phone message text
// The Following Variables can be used:
// {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}}
rpc SetDefaultVerifyPhoneMessageText(SetDefaultVerifyPhoneMessageTextRequest) returns (SetDefaultVerifyPhoneMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/verifyphone/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
}
//Returns the default text for domain claimed message (translation file)
rpc GetDefaultDomainClaimedMessageText(GetDefaultDomainClaimedMessageTextRequest) returns (GetDefaultDomainClaimedMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/domainclaimed/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Returns the custom text for domain claimed message (overwritten in eventstore)
rpc GetCustomDomainClaimedMessageText(GetCustomDomainClaimedMessageTextRequest) returns (GetCustomDomainClaimedMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/domainclaimed/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Sets the default custom text for domain claimed phone message
// it impacts all organisations without customized domain claimed message text
// The Following Variables can be used:
// {{.Domain}} {{.TempUsername}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}}
rpc SetDefaultDomainClaimedMessageText(SetDefaultDomainClaimedMessageTextRequest) returns (SetDefaultDomainClaimedMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/domainclaimed/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
}
//Returns the default text for passwordless registration message (translation file)
rpc GetDefaultPasswordlessRegistrationMessageText(GetDefaultPasswordlessRegistrationMessageTextRequest) returns (GetDefaultPasswordlessRegistrationMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/passwordless_registration/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Returns the custom text for passwordless registration message (overwritten in eventstore)
rpc GetCustomPasswordlessRegistrationMessageText(GetCustomPasswordlessRegistrationMessageTextRequest) returns (GetCustomPasswordlessRegistrationMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/passwordless_registration/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Sets the default custom text for passwordless registration message
// it impacts all organisations without customized passwordless registration message text
// The Following Variables can be used:
// {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}}
rpc SetDefaultPasswordlessRegistrationMessageText(SetDefaultPasswordlessRegistrationMessageTextRequest) returns (SetDefaultPasswordlessRegistrationMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/passwordless_registration/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
}
//Returns the default custom texts for login ui (translation file)
rpc GetDefaultLoginTexts(GetDefaultLoginTextsRequest) returns (GetDefaultLoginTextsResponse) {
option (google.api.http) = {
get: "/text/default/login/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Returns the custom texts for login ui
rpc GetCustomLoginTexts(GetCustomLoginTextsRequest) returns (GetCustomLoginTextsResponse) {
option (google.api.http) = {
get: "/text/login/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
}
//Sets the custom text for login ui
//it impacts all organisations without customized login ui texts
rpc SetCustomLoginText(SetCustomLoginTextsRequest) returns (SetCustomLoginTextsResponse) {
option (google.api.http) = {
put: "/text/login/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
}
// Removes the custom texts for login ui
// it impacts all organisations without customized login ui texts
// The default text form translation file will trigger after
rpc ResetCustomLoginTextToDefault(ResetCustomLoginTextsToDefaultRequest) returns (ResetCustomLoginTextsToDefaultResponse) {
option (google.api.http) = {
delete: "/text/login/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "policy.delete"
};
}
//Returns the IAM roles visible for the requested user
rpc ListIAMMemberRoles(ListIAMMemberRolesRequest) returns (ListIAMMemberRolesResponse) {
option (google.api.http) = {
post: "/members/roles/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "iam";
tags: "member";
tags: "roles";
external_docs: {
url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles";
description: "detailed information about the IAM member roles";
};
responses: {
key: "200";
value: {
description: "roles on the IAM of the user";
};
};
};
}
//Returns all members matching the request
// all queries need to match (ANDed)
rpc ListIAMMembers(ListIAMMembersRequest) returns (ListIAMMembersResponse) {
option (google.api.http) = {
post: "/members/_search";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "iam";
tags: "member";
tags: "iam member";
external_docs: {
url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles";
description: "detailed information about the IAM member roles";
};
responses: {
key: "200";
value: {
description: "members of the IAM";
};
};
};
}
//Adds a user to the membership list of ZITADEL with the given roles
// undefined roles will be dropped
rpc AddIAMMember(AddIAMMemberRequest) returns (AddIAMMemberResponse) {
option (google.api.http) = {
post: "/members";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "iam";
tags: "member";
tags: "iam member";
external_docs: {
url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles";
description: "detailed information about the IAM member roles";
};
responses: {
key: "200";
value: {
description: "Member added to the IAM";
};
};
responses: {
key: "400";
value: {
description: "user not found or invalid roles";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Sets the given roles on a member.
// The member has only roles provided by this call
rpc UpdateIAMMember(UpdateIAMMemberRequest) returns (UpdateIAMMemberResponse) {
option (google.api.http) = {
put: "/members/{user_id}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "iam";
tags: "member";
tags: "iam member";
external_docs: {
url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles";
description: "detailed information about the IAM member roles";
};
responses: {
key: "200";
value: {
description: "Member of the IAM updated";
};
};
responses: {
key: "400";
value: {
description: "invalid user or roles";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Removes the user from the membership list of ZITADEL
rpc RemoveIAMMember(RemoveIAMMemberRequest) returns (RemoveIAMMemberResponse) {
option (google.api.http) = {
delete: "/members/{user_id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.delete";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "iam";
tags: "member";
tags: "iam member";
external_docs: {
url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles";
description: "detailed information about the IAM member roles";
};
responses: {
key: "200";
value: {
description: "Member of the IAM removed";
};
};
responses: {
key: "400";
value: {
description: "invalid user";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
//Returns all stored read models of ZITADEL
// views are used for search optimisation and optimise request latencies
// they represent the delta of the event happend on the objects
rpc ListViews(ListViewsRequest) returns (ListViewsResponse) {
option (google.api.http) = {
post: "/views/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "views";
external_docs: {
url: "https://docs.zitadel.ch/concepts#Software_Architecture";
description: "details of ZITADEL's event driven software concepts";
};
responses: {
key: "200";
value: {
description: "Views for query operations";
};
};
};
}
//Truncates the delta of the change stream
// be carefull with this function because ZITADEL has to
// recompute the deltas after they got cleared.
// Search requests will return wrong results until all deltas are recomputed
rpc ClearView(ClearViewRequest) returns (ClearViewResponse) {
option (google.api.http) = {
post: "/views/{database}/{view_name}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "views";
external_docs: {
url: "https://docs.zitadel.ch/concepts#Software_Architecture";
description: "details of ZITADEL's event driven software concepts";
};
responses: {
key: "200";
value: {
description: "View cleared";
};
};
};
}
//Returns event descriptions which cannot be processed.
// It's possible that some events need some retries.
// For example if the SMTP-API wasn't able to send an email at the first time
rpc ListFailedEvents(ListFailedEventsRequest) returns (ListFailedEventsResponse) {
option (google.api.http) = {
post: "/failedevents/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "failed events";
external_docs: {
url: "https://docs.zitadel.ch/concepts#Software_Architecture";
description: "details of ZITADEL's event driven software concepts";
};
responses: {
key: "200";
value: {
description: "Events which were not processed by the views";
};
};
};
}
//Deletes the event from failed events view.
// the event is not removed from the change stream
// This call is usefull if the system was able to process the event later.
// e.g. if the second try of sending an email was successful. the first try produced a
// failed event. You can find out if it worked on the `failure_count`
rpc RemoveFailedEvent(RemoveFailedEventRequest) returns (RemoveFailedEventResponse) {
option (google.api.http) = {
delete: "/failedevents/{database}/{view_name}/{failed_sequence}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "failed events";
external_docs: {
url: "https://docs.zitadel.ch/concepts#Software_Architecture";
description: "details of ZITADEL's event driven software concepts";
};
responses: {
key: "200";
value: {
description: "Events removed from the list";
};
};
responses: {
key: "400";
value: {
description: "failed event not found";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
}
//This is an empty request
message HealthzRequest {}
//This is an empty response
message HealthzResponse {}
//This is an empty request
message GetSupportedLanguagesRequest {}
message GetSupportedLanguagesResponse {
repeated string languages = 1;
}
// if name or domain is already in use, org is not unique
message IsOrgUniqueRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
description: "All unique fields of an organisation";
required: ["name", "domain"]
};
};
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"CAOS AG\"";
min_length: 1;
max_length: 200;
}
];
string domain = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"caos.ch\"";
min_length: 1;
max_length: 200;
}
];
}
message IsOrgUniqueResponse {
bool is_unique = 1;
}
message GetOrgByIDRequest {
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message GetOrgByIDResponse {
zitadel.org.v1.Org org = 1;
}
message ListOrgsRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
description: "Search query for lists";
required: ["query"]
};
};
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
// the field the result is sorted
zitadel.org.v1.OrgFieldName sorting_column = 2;
//criterias the client is looking for
repeated zitadel.org.v1.OrgQuery queries = 3;
}
message ListOrgsResponse {
zitadel.v1.ListDetails details = 1;
zitadel.org.v1.OrgFieldName sorting_column = 2;
repeated zitadel.org.v1.Org result = 3;
}
message SetUpOrgRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
description: "Request to set up an organisation. User is required";
required: ["org", "user"]
};
};
message Org {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["name"]
};
};
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"CAOS AG\"";
}
];
string domain = 2 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "ZITADEL generates a domain (<org-name>.zitadel.ch) for an organisation, the field is not required";
max_length: 200;
example: "\"caos.ch\"";
}
];
}
message Human {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["user_name", "profile", "email", "password"];
};
};
message Profile {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["first_name", "last_name"];
};
};
string first_name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"Gigi\"";
}
];
string last_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"Giraffe\"";
}
];
string nick_name = 3 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_length: 200;
example: "\"long_neck\"";
}
];
string display_name = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "a user can set his display name, if nothing is set ZITADEL computes \"first_name last_name\"";
max_length: 200;
example: "\"Gigi Giraffe\"";
}
];
string preferred_language = 5 [
(validate.rules).string = {max_len: 10},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "language tag analog https://tools.ietf.org/html/rfc3066";
max_length: 10;
example: "\"en\"";
}
];
zitadel.user.v1.Gender gender = 6;
}
message Email {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["email"];
};
};
string email = 1 [
(validate.rules).string.email = true,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)";
min_length: 1;
example: "\"gigi@caos.ch\"";
}
]; //TODO: check if no value is allowed
bool is_email_verified = 2;
}
message Phone {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["phone"];
};
};
// has to be a global number
string phone = 1 [
(validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)";
min_length: 1;
max_length: 50;
example: "\"+41 71 000 00 00\"";
}
];
bool is_phone_verified = 2;
}
string user_name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"mr_long_neck\"";
}
];
Profile profile = 2 [(validate.rules).message.required = true];
Email email = 3 [(validate.rules).message.required = true];
Phone phone = 4;
string password = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the initial password of the user";
example: "\"my_53cr3t-P4$$w0rd\"";
}
];
}
Org org = 1 [
(validate.rules).message.required = true
];
oneof user {
option (validate.required) = true;
// oneof field for the user managing the organisation
Human human = 2;
}
}
message SetUpOrgResponse {
zitadel.v1.ObjectDetails details = 1;
string org_id = 2;
string user_id = 3;
}
message GetIDPByIDRequest {
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69234230193872955\"";
}
];
}
message GetIDPByIDResponse {
zitadel.idp.v1.IDP idp = 1;
}
message ListIDPsRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
// the field the result is sorted
zitadel.idp.v1.IDPFieldName sorting_column = 2;
//criterias the client is looking for
repeated IDPQuery queries = 3;
}
message IDPQuery {
oneof query {
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
}
}
message ListIDPsResponse {
zitadel.v1.ListDetails details = 1;
zitadel.idp.v1.IDPFieldName sorting_column = 2;
repeated zitadel.idp.v1.IDP result = 3;
}
message AddOIDCIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["name", "client_id", "client_secret", "issuer"]
};
};
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"google\"";
min_length: 1;
max_length: 200;
}
];
zitadel.idp.v1.IDPStylingType styling_type = 2 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "some identity providers specify the styling of the button to their login";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "client id generated by the identity provider";
min_length: 1;
max_length: 200;
}
];
string client_secret = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "client secret generated by the identity provider";
min_length: 1;
max_length: 200;
}
];
string issuer = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the oidc issuer of the identity provider";
max_length: 200;
}
];
repeated string scopes = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "the scopes requested by ZITADEL during the request on the identity provider";
}
];
zitadel.idp.v1.OIDCMappingField display_name_mapping = 7 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "definition which field is mapped to the display name of the user";
}
];
zitadel.idp.v1.OIDCMappingField username_mapping = 8 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "definition which field is mapped to the email of the user";
}
];
bool auto_register = 9;
}
message AddOIDCIDPResponse {
zitadel.v1.ObjectDetails details = 1;
string idp_id = 2;
}
message AddJWTIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["name", "issuer", "keys_endpoint"]
};
};
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"google\"";
min_length: 1;
max_length: 200;
}
];
zitadel.idp.v1.IDPStylingType styling_type = 2 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "some identity providers specify the styling of the button to their login";
}
];
string jwt_endpoint = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://custom.com/auth/jwt\"";
description: "the endpoint where the jwt can be extracted";
}
];
string issuer = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.custom.com\"";
description: "the issuer of the jwt (for validation)";
}
];
string keys_endpoint = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.custom.com/keys\"";
description: "the endpoint to the key (JWK) which are used to sign the JWT with";
}
];
string header_name = 6 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"x-auth-token\"";
description: "the name of the header where the JWT is sent in, default is authorization";
max_length: 200;
}
];
bool auto_register = 7;
}
message AddJWTIDPResponse {
zitadel.v1.ObjectDetails details = 1;
string idp_id = 2;
}
message UpdateIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
description: "Updates fields of an idp";
required: ["idp_id", "name"]
};
};
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"google\"";
min_length: 1;
max_length: 200;
}
];
zitadel.idp.v1.IDPStylingType styling_type = 3 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "some identity providers specify the styling of the button to their login";
}
];
bool auto_register = 4;
}
message UpdateIDPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message DeactivateIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message DeactivateIDPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ReactivateIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message ReactivateIDPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message RemoveIDPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateIDPOIDCConfigRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id", "issuer", "client_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
string issuer = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the oidc issuer of the identity provider";
min_length: 1;
max_length: 200;
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "client id generated by the identity provider";
min_length: 1;
max_length: 200;
}
];
string client_secret = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "client secret generated by the identity provider. If empty the secret is not overwritten";
max_length: 200;
}
];
repeated string scopes = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "the scopes requested by ZITADEL during the request on the identity provider";
}
];
zitadel.idp.v1.OIDCMappingField display_name_mapping = 6 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "definition which field is mapped to the display name of the user";
}
];
zitadel.idp.v1.OIDCMappingField username_mapping = 7 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "definition which field is mapped to the email of the user";
}
];
}
message UpdateIDPOIDCConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateIDPJWTConfigRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id", "issuer", "keys_endpoint"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
string jwt_endpoint = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://custom.com/auth/jwt\"";
description: "the endpoint where the jwt can be extracted";
min_length: 1;
max_length: 200;
}
];
string issuer = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.custom.com\"";
description: "the issuer of the jwt (for validation)";
min_length: 1;
max_length: 200;
}
];
string keys_endpoint = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.custom.com/keys\"";
description: "the endpoint to the key (JWK) which are used to sign the JWT with";
min_length: 1;
max_length: 200;
}
];
string header_name = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"x-auth-token\"";
description: "the name of the header where the JWT is sent in, default is authorization";
max_length: 200;
}
];
}
message UpdateIDPJWTConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultFeaturesRequest {}
message GetDefaultFeaturesResponse {
zitadel.features.v1.Features features = 1;
}
message SetDefaultFeaturesRequest {
string tier_name = 1 [(validate.rules).string = {max_len: 200}];
string description = 2 [(validate.rules).string = {max_len: 200}];
google.protobuf.Duration audit_log_retention = 5 [(validate.rules).duration = {gte: {seconds: 0}}];
bool login_policy_username_login = 6;
bool login_policy_registration = 7;
bool login_policy_idp = 8;
bool login_policy_factors = 9;
bool login_policy_passwordless = 10;
bool password_complexity_policy = 11;
bool label_policy = 12;
bool custom_domain = 13;
bool login_policy_password_reset = 14;
bool label_policy_private_label = 15;
bool label_policy_watermark = 16;
bool custom_text = 17;
bool privacy_policy = 18;
bool metadata_user = 19;
bool custom_text_message = 20;
bool custom_text_login = 21;
bool lockout_policy = 22;
}
message SetDefaultFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetOrgFeaturesResponse {
zitadel.features.v1.Features features = 1;
}
message SetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string tier_name = 2 [(validate.rules).string = {max_len: 200}];
string description = 3 [(validate.rules).string = {max_len: 200}];
zitadel.features.v1.FeaturesState state = 4;
string state_description = 5 [(validate.rules).string = {max_len: 200}];
google.protobuf.Duration audit_log_retention = 6 [(validate.rules).duration = {gte: {seconds: 0}}];
bool login_policy_username_login = 7;
bool login_policy_registration = 8;
bool login_policy_idp = 9;
bool login_policy_factors = 10;
bool login_policy_passwordless = 11;
bool password_complexity_policy = 12;
bool label_policy = 13;
bool custom_domain = 14;
bool login_policy_password_reset = 15;
bool label_policy_private_label = 16;
bool label_policy_watermark = 17;
bool custom_text = 18;
bool privacy_policy = 19;
bool metadata_user = 20;
bool custom_text_message = 21;
bool custom_text_login = 22;
bool lockout_policy = 23;
}
message SetOrgFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetOrgFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetOrgIAMPolicyRequest {}
message GetOrgIAMPolicyResponse {
zitadel.policy.v1.OrgIAMPolicy policy = 1;
}
message UpdateOrgIAMPolicyRequest {
bool user_login_must_be_domain = 1;
}
message UpdateOrgIAMPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetCustomOrgIAMPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"#69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message GetCustomOrgIAMPolicyResponse {
zitadel.policy.v1.OrgIAMPolicy policy = 1;
bool is_default = 2;
}
message AddCustomOrgIAMPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"#69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of it's organisation"
}
]; // the username has to end with the domain of it's organisation (uniqueness is organisation based)
}
message AddCustomOrgIAMPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateCustomOrgIAMPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of it's organisation"
}
];
}
message UpdateCustomOrgIAMPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomOrgIAMPolicyToDefaultRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message ResetCustomOrgIAMPolicyToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetLabelPolicyRequest {}
message GetLabelPolicyResponse {
zitadel.policy.v1.LabelPolicy policy = 1;
}
//This is an empty request
message GetPreviewLabelPolicyRequest {}
message GetPreviewLabelPolicyResponse {
zitadel.policy.v1.LabelPolicy policy = 1;
}
message UpdateLabelPolicyRequest {
string primary_color = 1 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "respresents a color scheme"
example: "\"#353535\"";
max_length: 50;
}
];
bool hide_login_name_suffix = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set. Details about this scope in https://docs.zitadel.ch/concepts#Reserved_Scopes";
}
];
string warn_color = 4 [(validate.rules).string = {max_len: 50}];
string background_color = 5 [(validate.rules).string = {max_len: 50}];
string font_color = 6 [(validate.rules).string = {max_len: 50}];
string primary_color_dark = 7 [(validate.rules).string = {max_len: 50}];
string background_color_dark = 8 [(validate.rules).string = { max_len: 50}];
string warn_color_dark = 9 [(validate.rules).string = { max_len: 50}];
string font_color_dark = 10 [(validate.rules).string = { max_len: 50}];
bool disable_watermark = 11;
}
message UpdateLabelPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message ActivateLabelPolicyRequest {}
message ActivateLabelPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyLogoRequest {}
message RemoveLabelPolicyLogoResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyLogoDarkRequest {}
message RemoveLabelPolicyLogoDarkResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyIconRequest {}
message RemoveLabelPolicyIconResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyIconDarkRequest {}
message RemoveLabelPolicyIconDarkResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyFontRequest {}
message RemoveLabelPolicyFontResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetLoginPolicyRequest {}
message GetLoginPolicyResponse {
zitadel.policy.v1.LoginPolicy policy = 1;
}
message UpdateLoginPolicyRequest {
bool allow_username_password = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a user is allowed to login with his username and password"
}
];
bool allow_register = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a person is allowed to register a user on this organisation"
}
];
bool allow_external_idp = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a user is allowed to add a defined identity provider. E.g. Google auth"
}
];
bool force_mfa = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a user MUST use a multi factor to log in"
}
];
zitadel.policy.v1.PasswordlessType passwordless_type = 5 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if passwordless is allowed for users"
}];
bool hide_password_reset = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if password reset link should be shown in the login screen"
}
];
}
message UpdateLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ListLoginPolicyIDPsRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
}
message ListLoginPolicyIDPsResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.idp.v1.IDPLoginPolicyLink result = 2;
}
message AddIDPToLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
]; // Id of the predefined idp configuration
}
message AddIDPToLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveIDPFromLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message RemoveIDPFromLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message ListLoginPolicySecondFactorsRequest {}
message ListLoginPolicySecondFactorsResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.policy.v1.SecondFactorType result = 2;
}
message AddSecondFactorToLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["type"]
};
};
zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message AddSecondFactorToLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveSecondFactorFromLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["type"]
};
};
zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message RemoveSecondFactorFromLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message ListLoginPolicyMultiFactorsRequest {}
message ListLoginPolicyMultiFactorsResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.policy.v1.MultiFactorType result = 2;
}
message AddMultiFactorToLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["type"]
};
};
zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message AddMultiFactorToLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveMultiFactorFromLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["type"]
};
};
zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message RemoveMultiFactorFromLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetPasswordComplexityPolicyRequest {}
message GetPasswordComplexityPolicyResponse {
zitadel.policy.v1.PasswordComplexityPolicy policy = 1;
}
message UpdatePasswordComplexityPolicyRequest {
uint32 min_length = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"8\""
}
];
bool has_uppercase = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the password MUST contain an upper case letter"
}
];
bool has_lowercase = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the password MUST contain a lower case letter"
}
];
bool has_number = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the password MUST contain a numer"
}
];
bool has_symbol = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the password MUST contain a symbol. E.g. \"$\""
}
];
}
message UpdatePasswordComplexityPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetPasswordAgePolicyRequest {}
message GetPasswordAgePolicyResponse {
zitadel.policy.v1.PasswordAgePolicy policy = 1;
}
message UpdatePasswordAgePolicyRequest {
uint32 max_age_days = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Maximum days since last password change"
example: "\"365\""
}
];
uint32 expire_warn_days = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Days before the password expiry the user gets notified to change the password"
example: "\"10\""
}
];
}
message UpdatePasswordAgePolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetLockoutPolicyRequest {}
message GetLockoutPolicyResponse {
zitadel.policy.v1.LockoutPolicy policy = 1;
}
message UpdateLockoutPolicyRequest {
// failed attempts until a user gets locked
uint32 max_password_attempts = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correct or the password is reset."
example: "\"10\""
}
];
}
message UpdateLockoutPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetPrivacyPolicyRequest {}
message GetPrivacyPolicyResponse {
zitadel.policy.v1.PrivacyPolicy policy = 1;
}
message UpdatePrivacyPolicyRequest {
string tos_link = 1;
string privacy_link = 2;
}
message UpdatePrivacyPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultInitMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultInitMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomInitMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomInitMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultInitMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
string title = 2 [(validate.rules).string = {max_len: 200}];
string pre_header = 3 [(validate.rules).string = {max_len: 200}];
string subject = 4 [(validate.rules).string = {max_len: 200}];
string greeting = 5 [(validate.rules).string = {max_len: 200}];
string text = 6 [(validate.rules).string = {max_len: 1000}];
string button_text = 7 [(validate.rules).string = {max_len: 200}];
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
}
message SetDefaultInitMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultPasswordResetMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultPasswordResetMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomPasswordResetMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomPasswordResetMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultPasswordResetMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
string title = 2 [(validate.rules).string = {max_len: 200}];
string pre_header = 3 [(validate.rules).string = {max_len: 200}];
string subject = 4 [(validate.rules).string = {max_len: 200}];
string greeting = 5 [(validate.rules).string = {max_len: 200}];
string text = 6 [(validate.rules).string = {max_len: 800}];
string button_text = 7 [(validate.rules).string = {max_len: 200}];
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
}
message SetDefaultPasswordResetMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultVerifyEmailMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultVerifyEmailMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomVerifyEmailMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomVerifyEmailMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultVerifyEmailMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
string title = 2 [(validate.rules).string = {max_len: 200}];
string pre_header = 3 [(validate.rules).string = {max_len: 200}];
string subject = 4 [(validate.rules).string = {max_len: 200}];
string greeting = 5 [(validate.rules).string = {max_len: 200}];
string text = 6 [(validate.rules).string = {max_len: 800}];
string button_text = 7 [(validate.rules).string = {max_len: 200}];
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
}
message SetDefaultVerifyEmailMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultVerifyPhoneMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultVerifyPhoneMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomVerifyPhoneMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomVerifyPhoneMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultVerifyPhoneMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
string title = 2 [(validate.rules).string = {max_len: 200}];
string pre_header = 3 [(validate.rules).string = {max_len: 200}];
string subject = 4 [(validate.rules).string = {max_len: 200}];
string greeting = 5 [(validate.rules).string = {max_len: 200}];
string text = 6 [(validate.rules).string = {max_len: 800}];
string button_text = 7 [(validate.rules).string = {max_len: 200}];
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
}
message SetDefaultVerifyPhoneMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultDomainClaimedMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultDomainClaimedMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomDomainClaimedMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomDomainClaimedMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultDomainClaimedMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
string title = 2 [(validate.rules).string = {max_len: 200}];
string pre_header = 3 [(validate.rules).string = {max_len: 200}];
string subject = 4 [(validate.rules).string = {max_len: 200}];
string greeting = 5 [(validate.rules).string = {max_len: 200}];
string text = 6 [(validate.rules).string = {max_len: 800}];
string button_text = 7 [(validate.rules).string = {max_len: 200}];
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
}
message SetDefaultDomainClaimedMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultPasswordlessRegistrationMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultPasswordlessRegistrationMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomPasswordlessRegistrationMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomPasswordlessRegistrationMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultPasswordlessRegistrationMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
string title = 2 [(validate.rules).string = {max_len: 200}];
string pre_header = 3 [(validate.rules).string = {max_len: 200}];
string subject = 4 [(validate.rules).string = {max_len: 200}];
string greeting = 5 [(validate.rules).string = {max_len: 200}];
string text = 6 [(validate.rules).string = {max_len: 800}];
string button_text = 7 [(validate.rules).string = {max_len: 200}];
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
}
message SetDefaultPasswordlessRegistrationMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultLoginTextsRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultLoginTextsResponse {
zitadel.text.v1.LoginCustomText custom_text = 1;
}
message GetCustomLoginTextsRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomLoginTextsResponse {
zitadel.text.v1.LoginCustomText custom_text = 1;
}
message SetCustomLoginTextsRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
zitadel.text.v1.SelectAccountScreenText select_account_text = 2;
zitadel.text.v1.LoginScreenText login_text = 3;
zitadel.text.v1.PasswordScreenText password_text = 4;
zitadel.text.v1.UsernameChangeScreenText username_change_text = 5;
zitadel.text.v1.UsernameChangeDoneScreenText username_change_done_text = 6;
zitadel.text.v1.InitPasswordScreenText init_password_text = 7;
zitadel.text.v1.InitPasswordDoneScreenText init_password_done_text = 8;
zitadel.text.v1.EmailVerificationScreenText email_verification_text = 9;
zitadel.text.v1.EmailVerificationDoneScreenText email_verification_done_text = 10;
zitadel.text.v1.InitializeUserScreenText initialize_user_text = 11;
zitadel.text.v1.InitializeUserDoneScreenText initialize_done_text = 12;
zitadel.text.v1.InitMFAPromptScreenText init_mfa_prompt_text = 13;
zitadel.text.v1.InitMFAOTPScreenText init_mfa_otp_text = 14;
zitadel.text.v1.InitMFAU2FScreenText init_mfa_u2f_text = 15;
zitadel.text.v1.InitMFADoneScreenText init_mfa_done_text = 16;
zitadel.text.v1.MFAProvidersText mfa_providers_text = 17;
zitadel.text.v1.VerifyMFAOTPScreenText verify_mfa_otp_text = 18;
zitadel.text.v1.VerifyMFAU2FScreenText verify_mfa_u2f_text = 19;
zitadel.text.v1.PasswordlessScreenText passwordless_text = 20;
zitadel.text.v1.PasswordChangeScreenText password_change_text = 21;
zitadel.text.v1.PasswordChangeDoneScreenText password_change_done_text = 22;
zitadel.text.v1.PasswordResetDoneScreenText password_reset_done_text = 23;
zitadel.text.v1.RegistrationOptionScreenText registration_option_text = 24;
zitadel.text.v1.RegistrationUserScreenText registration_user_text = 25;
zitadel.text.v1.RegistrationOrgScreenText registration_org_text = 26;
zitadel.text.v1.LinkingUserDoneScreenText linking_user_done_text = 27;
zitadel.text.v1.ExternalUserNotFoundScreenText external_user_not_found_text = 28;
zitadel.text.v1.SuccessLoginScreenText success_login_text = 29;
zitadel.text.v1.LogoutDoneScreenText logout_text = 30;
zitadel.text.v1.FooterText footer_text = 31;
zitadel.text.v1.PasswordlessPromptScreenText passwordless_prompt_text = 32;
zitadel.text.v1.PasswordlessRegistrationScreenText passwordless_registration_text = 33;
zitadel.text.v1.PasswordlessRegistrationDoneScreenText passwordless_registration_done_text = 34;
zitadel.text.v1.ExternalRegistrationUserOverviewScreenText external_registration_user_overview_text = 35;
}
message SetCustomLoginTextsResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomLoginTextsToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomLoginTextsToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddIAMMemberRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["user_id"]
};
};
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
//if no roles provided the user won't have any rights
repeated string roles = 2;
}
message AddIAMMemberResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateIAMMemberRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["user_id"]
};
};
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
//if no roles provided the user won't have any rights
repeated string roles = 2;
}
message UpdateIAMMemberResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveIAMMemberRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["user_id"]
};
};
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message RemoveIAMMemberResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message ListIAMMemberRolesRequest {}
message ListIAMMemberRolesResponse {
zitadel.v1.ListDetails details = 1;
repeated string roles = 2;
}
message ListIAMMembersRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
//criterias the client is looking for
repeated zitadel.member.v1.SearchQuery queries = 2;
}
message ListIAMMembersResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.member.v1.Member result = 2;
}
//This is an empty request
message ListViewsRequest {}
message ListViewsResponse {
//TODO: list details
repeated View result = 1;
}
message ClearViewRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["database", "view_name"]
};
};
string database = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"adminapi\"";
min_length: 1;
max_length: 200;
}
];
string view_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"iam_members\"";
min_length: 1;
max_length: 200;
}
];
}
//This is an empty response
message ClearViewResponse {}
//This is an empty request
message ListFailedEventsRequest {}
message ListFailedEventsResponse {
//TODO: list details
repeated FailedEvent result = 1;
}
message RemoveFailedEventRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["database", "view_name", "failed_sequence"]
};
};
string database = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"adminapi\"";
min_length: 1;
max_length: 200;
}
];
string view_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"iam_members\"";
min_length: 1;
max_length: 200;
}
];
uint64 failed_sequence = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"9823758\"";
}
];
}
//This is an empty response
message RemoveFailedEventResponse {}
message View {
string database = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"adminapi\"";
}
];
string view_name = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"iam_members\"";
}
];
uint64 processed_sequence = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"9823758\"";
}
];
google.protobuf.Timestamp event_timestamp = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2019-04-01T08:45:00.000000Z\"";
description: "The timestamp the event occured";
}
]; // The timestamp the event occured
google.protobuf.Timestamp last_successful_spooler_run = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The timestamp the event occured";
}
];
}
message FailedEvent {
string database = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"adminapi\"";
}
];
string view_name = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"iam_members\"";
}
];
uint64 failed_sequence = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"9823759\"";
}
];
uint64 failure_count = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"5\"";
}
];
string error_message = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ID=EXAMP-ID3ER Message=Example message\"";
}
];
}
Reference in New Issue View Git Blame Copy Permalink