mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-07 16:57:53 +00:00
6365 lines
233 KiB
Protocol Buffer
6365 lines
233 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "zitadel/idp.proto";
|
|
import "zitadel/instance.proto";
|
|
import "zitadel/user.proto";
|
|
import "zitadel/object.proto";
|
|
import "zitadel/options.proto";
|
|
import "zitadel/org.proto";
|
|
import "zitadel/policy.proto";
|
|
import "zitadel/settings.proto";
|
|
import "zitadel/text.proto";
|
|
import "zitadel/member.proto";
|
|
import "zitadel/event.proto";
|
|
import "zitadel/management.proto";
|
|
import "zitadel/v1.proto";
|
|
import "zitadel/message.proto";
|
|
|
|
import "google/api/annotations.proto";
|
|
import "google/api/field_behavior.proto";
|
|
import "google/protobuf/timestamp.proto";
|
|
import "google/protobuf/duration.proto";
|
|
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
|
|
import "validate/validate.proto";
|
|
|
|
package zitadel.admin.v1;
|
|
|
|
option go_package ="github.com/zitadel/zitadel/pkg/grpc/admin";
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
|
|
info: {
|
|
title: "Administration API aka Admin";
|
|
version: "1.0";
|
|
description: "This API is intended to configure and manage the IAM instance itself.";
|
|
contact:{
|
|
name: "ZITADEL"
|
|
url: "https://zitadel.com"
|
|
email: "hi@zitadel.com"
|
|
}
|
|
license: {
|
|
name: "Apache 2.0",
|
|
url: "https://github.com/zitadel/zitadel/blob/main/LICENSE";
|
|
};
|
|
};
|
|
tags: [
|
|
{
|
|
name: "Authentication Methods"
|
|
},
|
|
{
|
|
name: "Branding",
|
|
description: "Defines the look of the login UI, E-Mails, and ZITADEL Console. For adding assets like logo, icon and font, have a look at the assets API."
|
|
},
|
|
{
|
|
name: "Domain Settings"
|
|
},
|
|
{
|
|
name: "Events"
|
|
},
|
|
{
|
|
name: "Failed Events"
|
|
},
|
|
{
|
|
name: "General"
|
|
},
|
|
{
|
|
name: "Identity Providers"
|
|
},
|
|
{
|
|
name: "Import/Export",
|
|
},
|
|
{
|
|
name: "Instance"
|
|
},
|
|
{
|
|
name: "Login Settings"
|
|
},
|
|
{
|
|
name: "Login Texts",
|
|
},
|
|
{
|
|
name: "Members",
|
|
},
|
|
{
|
|
name: "Message Texts"
|
|
},
|
|
{
|
|
name: "Notification Providers"
|
|
},
|
|
{
|
|
name: "Notification Settings"
|
|
},
|
|
{
|
|
name: "Organizations"
|
|
},
|
|
{
|
|
name: "Password Settings",
|
|
},
|
|
{
|
|
name: "Privacy Settings",
|
|
},
|
|
{
|
|
name: "Secrets"
|
|
},
|
|
{
|
|
name: "SMS Provider",
|
|
},
|
|
{
|
|
name: "SMTP"
|
|
},
|
|
{
|
|
name: "Settings"
|
|
},
|
|
{
|
|
name: "Views/Projections"
|
|
},
|
|
{
|
|
name: "ZITADEL Administrators"
|
|
}
|
|
];
|
|
schemes: HTTPS;
|
|
schemes: HTTP;
|
|
|
|
consumes: "application/json";
|
|
consumes: "application/grpc";
|
|
|
|
produces: "application/json";
|
|
produces: "application/grpc";
|
|
|
|
consumes: "application/grpc-web+proto";
|
|
produces: "application/grpc-web+proto";
|
|
|
|
host: "$ZITADEL_DOMAIN";
|
|
base_path: "/admin/v1";
|
|
|
|
external_docs: {
|
|
description: "Detailed information about ZITADEL",
|
|
url: "https://zitadel.com/docs"
|
|
}
|
|
|
|
security_definitions: {
|
|
security: {
|
|
key: "BasicAuth";
|
|
value: {
|
|
type: TYPE_BASIC;
|
|
}
|
|
}
|
|
security: {
|
|
key: "OAuth2";
|
|
value: {
|
|
type: TYPE_OAUTH2;
|
|
flow: FLOW_ACCESS_CODE;
|
|
authorization_url: "$ZITADEL_DOMAIN/oauth/v2/authorize";
|
|
token_url: "$ZITADEL_DOMAIN/oauth/v2/token";
|
|
scopes: {
|
|
scope: {
|
|
key: "openid";
|
|
value: "openid";
|
|
}
|
|
scope: {
|
|
key: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
value: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
security: {
|
|
security_requirement: {
|
|
key: "OAuth2";
|
|
value: {
|
|
scope: "openid";
|
|
scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
}
|
|
}
|
|
}
|
|
responses: {
|
|
key: "403";
|
|
value: {
|
|
description: "Returned when the user does not have permission to access the resource.";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
responses: {
|
|
key: "404";
|
|
value: {
|
|
description: "Returned when the resource does not exist.";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|
|
service AdminService {
|
|
rpc Healthz(HealthzRequest) returns (HealthzResponse) {
|
|
option (google.api.http) = {
|
|
get: "/healthz";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Healthz";
|
|
description: "The health endpoint allows an external system to probe if ZITADEL system API is alive. Response as soon as ZITADLE is running."
|
|
tags: "General";
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "ZITADEL started";
|
|
};
|
|
}
|
|
responses: {
|
|
key: "default";
|
|
value: {
|
|
description: "ZITADEL NOT started yet";
|
|
};
|
|
}
|
|
};
|
|
}
|
|
|
|
rpc GetSupportedLanguages(GetSupportedLanguagesRequest) returns (GetSupportedLanguagesResponse) {
|
|
option (google.api.http) = {
|
|
get: "/languages";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "General";
|
|
summary: "Supported Languages";
|
|
description: "The supported/default languages of the system will be returned by the language abbreviation."
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultLanguage(SetDefaultLanguageRequest) returns (SetDefaultLanguageResponse) {
|
|
option (google.api.http) = {
|
|
put: "/languages/default/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "General";
|
|
summary: "Set Default Languages";
|
|
description: "Set the language that is used as a fallback/default if the user has configured something that is not provided by ZITADEL."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLanguage(GetDefaultLanguageRequest) returns (GetDefaultLanguageResponse) {
|
|
option (google.api.http) = {
|
|
get: "/languages/default";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "General";
|
|
summary: "Get Default Languages";
|
|
description: "Returns the language that is used as a fallback/default if the user has configured something that is not provided by ZITADEL."
|
|
};
|
|
}
|
|
|
|
rpc GetMyInstance(GetMyInstanceRequest) returns (GetMyInstanceResponse) {
|
|
option (google.api.http) = {
|
|
get: "/instances/me";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Instance";
|
|
summary: "Get My Instance";
|
|
description: "Returns the details about the current instance such as the name, version, domains, etc."
|
|
};
|
|
}
|
|
|
|
rpc ListInstanceDomains(ListInstanceDomainsRequest) returns (ListInstanceDomainsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/domains/_search";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Instance";
|
|
summary: "List Instance Domains";
|
|
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are the URLs where ZITADEL is running."
|
|
};
|
|
}
|
|
|
|
rpc ListSecretGenerators(ListSecretGeneratorsRequest) returns (ListSecretGeneratorsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/secretgenerators/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Secrets";
|
|
summary: "List Secret Generators";
|
|
description: "Lists all the configured secret generators. The generators define how a secret should look when generated in ZITADEL. E.g Email verification code, phone verification code, etc."
|
|
};
|
|
}
|
|
|
|
rpc GetSecretGenerator(GetSecretGeneratorRequest) returns (GetSecretGeneratorResponse) {
|
|
option (google.api.http) = {
|
|
get: "/secretgenerators/{generator_type}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Secrets";
|
|
summary: "Get Secret Generator";
|
|
description: "Get a specific secret generator by its type (e.g PasswordResetCode). A generator defines how a secret should look when generating in ZITADEL."
|
|
};
|
|
}
|
|
|
|
rpc UpdateSecretGenerator(UpdateSecretGeneratorRequest) returns (UpdateSecretGeneratorResponse) {
|
|
option (google.api.http) = {
|
|
put: "/secretgenerators/{generator_type}";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Secrets";
|
|
summary: "Update Secret Generator";
|
|
description: "Change a specific secret generator configuration by its type (e.g PasswordResetCode). A generator defines how a secret should look when generating in ZITADEL."
|
|
};
|
|
}
|
|
|
|
rpc GetSMTPConfig(GetSMTPConfigRequest) returns (GetSMTPConfigResponse) {
|
|
option (google.api.http) = {
|
|
get: "/smtp";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMTP";
|
|
summary: "Get SMTP Configuration";
|
|
description: "Returns the SMTP configuration from the system. This is used to send E-Mails to the users."
|
|
};
|
|
}
|
|
|
|
rpc AddSMTPConfig(AddSMTPConfigRequest) returns (AddSMTPConfigResponse) {
|
|
option (google.api.http) = {
|
|
post: "/smtp";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMTP";
|
|
summary: "Add SMTP Configuration";
|
|
description: "Add a new SMTP configuration if nothing is set yet."
|
|
};
|
|
}
|
|
|
|
rpc UpdateSMTPConfig(UpdateSMTPConfigRequest) returns (UpdateSMTPConfigResponse) {
|
|
option (google.api.http) = {
|
|
put: "/smtp";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMTP";
|
|
summary: "Update SMTP Configuration";
|
|
description: "Update the SMTP configuration, be aware that this will be activated as soon as it is saved. So the users will get notifications from the newly configured SMTP."
|
|
};
|
|
}
|
|
|
|
rpc UpdateSMTPConfigPassword(UpdateSMTPConfigPasswordRequest) returns (UpdateSMTPConfigPasswordResponse) {
|
|
option (google.api.http) = {
|
|
put: "/smtp/password";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMTP";
|
|
summary: "Update SMTP Password";
|
|
description: "Update the SMTP password that is used for the host, be aware that this will be activated as soon as it is saved. So the users will get notifications from the newly configured SMTP."
|
|
};
|
|
}
|
|
|
|
rpc RemoveSMTPConfig(RemoveSMTPConfigRequest) returns (RemoveSMTPConfigResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/smtp";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMTP";
|
|
summary: "Remove SMTP Configuration";
|
|
description: "Remove the SMTP configuration, be aware that the users will not get an E-Mail if no SMTP is set."
|
|
};
|
|
}
|
|
|
|
rpc ListSMSProviders(ListSMSProvidersRequest) returns (ListSMSProvidersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/sms/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMS Provider";
|
|
summary: "List SMS Providers";
|
|
description: "Returns a list of configured SMS providers."
|
|
};
|
|
}
|
|
|
|
rpc GetSMSProvider(GetSMSProviderRequest) returns (GetSMSProviderResponse) {
|
|
option (google.api.http) = {
|
|
get: "/sms/{id}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMS Provider";
|
|
summary: "Get SMS Provider";
|
|
description: "Get a specific SMS provider by its ID."
|
|
};
|
|
}
|
|
|
|
rpc AddSMSProviderTwilio(AddSMSProviderTwilioRequest) returns (AddSMSProviderTwilioResponse) {
|
|
option (google.api.http) = {
|
|
post: "/sms/twilio";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMS Provider";
|
|
summary: "Add Twilio SMS Provider";
|
|
description: "Configure a new SMS provider of the type Twilio. A provider has to be activated to be able to send notifications."
|
|
};
|
|
}
|
|
|
|
rpc UpdateSMSProviderTwilio(UpdateSMSProviderTwilioRequest) returns (UpdateSMSProviderTwilioResponse) {
|
|
option (google.api.http) = {
|
|
put: "/sms/twilio/{id}";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMS Provider";
|
|
summary: "Update Twilio SMS Provider";
|
|
description: "Change the configuration of an SMS provider of the type Twilio. A provider has to be activated to be able to send notifications."
|
|
};
|
|
}
|
|
|
|
rpc UpdateSMSProviderTwilioToken(UpdateSMSProviderTwilioTokenRequest) returns (UpdateSMSProviderTwilioTokenResponse) {
|
|
option (google.api.http) = {
|
|
put: "/sms/twilio/{id}/token";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMS Provider";
|
|
summary: "Update Twilio SMS Provider Token";
|
|
description: "Change the token of the SMS provider of the type Twilio."
|
|
};
|
|
}
|
|
|
|
rpc ActivateSMSProvider(ActivateSMSProviderRequest) returns (ActivateSMSProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/sms/{id}/_activate";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMS Provider";
|
|
summary: "Activate SMS Provider";
|
|
description: "Activate an SMS provider. After activating a provider, the users will be able to receive SMS notifications."
|
|
};
|
|
}
|
|
|
|
rpc DeactivateSMSProvider(DeactivateSMSProviderRequest) returns (DeactivateSMSProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/sms/{id}/_deactivate";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMS Provider";
|
|
summary: "Deactivate SMS Provider";
|
|
description: "Deactivate an SMS provider. After deactivating the provider, the users will not be able to receive SMS notifications from that provider anymore. If it was the last activated they will not get notifications at all"
|
|
};
|
|
}
|
|
|
|
rpc RemoveSMSProvider(RemoveSMSProviderRequest) returns (RemoveSMSProviderResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/sms/{id}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "SMS Provider";
|
|
summary: "Remove SMS Provider" ;
|
|
description: "Delete an SMS provider. If the provider was still active the users will not receive notifications from that provider anymore."
|
|
};
|
|
}
|
|
|
|
rpc GetOIDCSettings(GetOIDCSettingsRequest) returns (GetOIDCSettingsResponse) {
|
|
option (google.api.http) = {
|
|
get: "/settings/oidc";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
summary: "Get OIDC Settings";
|
|
description: "The OIDC Settings define the lifetimes of the different tokens in OIDC."
|
|
};
|
|
}
|
|
|
|
rpc AddOIDCSettings(AddOIDCSettingsRequest) returns (AddOIDCSettingsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/settings/oidc";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
summary: "Add OIDC Settings";
|
|
description: "Create new OIDC settings. The OIDC Settings define the lifetimes of the different tokens in OIDC. These settings are used for all organizations and clients."
|
|
};
|
|
}
|
|
|
|
rpc UpdateOIDCSettings(UpdateOIDCSettingsRequest) returns (UpdateOIDCSettingsResponse) {
|
|
option (google.api.http) = {
|
|
put: "/settings/oidc";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
summary: "Add OIDC Settings";
|
|
description: "Update existing OIDC settings. The OIDC Settings define the lifetimes of the different tokens in OIDC. These settings are used for all organizations and clients."
|
|
};
|
|
}
|
|
|
|
rpc GetFileSystemNotificationProvider(GetFileSystemNotificationProviderRequest) returns (GetFileSystemNotificationProviderResponse) {
|
|
option (google.api.http) = {
|
|
get: "/notification/provider/file";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Notification Providers";
|
|
summary: "Get Notification Provider Filesystem";
|
|
description: "Returns a filesystem notification provider if configured. This provider is only used for testing purposes. The notifications will be written to the filesystem."
|
|
};
|
|
}
|
|
|
|
rpc GetLogNotificationProvider(GetLogNotificationProviderRequest) returns (GetLogNotificationProviderResponse) {
|
|
option (google.api.http) = {
|
|
get: "/notification/provider/log";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Notification Providers";
|
|
summary: "Get Notification Provider Log";
|
|
description: "Returns a log notification provider if configured. This provider is only used for testing purposes. The notifications will be written to the logs."
|
|
};
|
|
}
|
|
|
|
rpc GetSecurityPolicy(GetSecurityPolicyRequest) returns (GetSecurityPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/security";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
summary: "Get Security Settings";
|
|
description: "Returns the security settings of the ZITADEL instance. The settings define if the iframe is allowed and from which origins."
|
|
};
|
|
}
|
|
|
|
rpc SetSecurityPolicy(SetSecurityPolicyRequest) returns (SetSecurityPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/security";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
summary: "Set Security Settings";
|
|
description: "Set the security settings of the ZITADEL instance. The settings define if the iframe is allowed and from which origins."
|
|
};
|
|
}
|
|
|
|
rpc GetOrgByID(GetOrgByIDRequest) returns (GetOrgByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/{id}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Get Organization By ID";
|
|
description: "Returns an organization by its ID. Make sure the user has the permissions to access the organization."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "requested org found";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc IsOrgUnique(IsOrgUniqueRequest) returns (IsOrgUniqueResponse) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/_is_unique";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Is Organization Unique";
|
|
description: "Checks if an organization with the searched parameters already exists or not."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "ZITADEL started";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "default";
|
|
value: {
|
|
description: "ZITADEL NOT started yet";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultOrg(SetDefaultOrgRequest) returns (SetDefaultOrgResponse) {
|
|
option (google.api.http) = {
|
|
put: "/orgs/default/{org_id}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Settings";
|
|
summary: "Set Default Organization";
|
|
description: "Sets the default organization of the ZITADEL instance. If no specific organization is given on the register form, a user will be registered to the default organization."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultOrg(GetDefaultOrgRequest) returns (GetDefaultOrgResponse) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/default";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Settings";
|
|
summary: "Get Default Organization";
|
|
description: "Get the default organization of the ZITADEL instance. If no specific organization is given on the register form, a user will be registered to the default organization."
|
|
};
|
|
}
|
|
|
|
rpc ListOrgs(ListOrgsRequest) returns (ListOrgsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/_search";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Search Organization";
|
|
description: "Returns a list of organizations that match the requesting filters. All filters are applied with an AND condition."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "list of organizations matching the query";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid list query";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetUpOrg(SetUpOrgRequest) returns (SetUpOrgResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/_setup";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Setup Organization";
|
|
description: "Create a new organization with an administrative user. If no specific roles are sent for the first user, the user will get the role ORG_OWNER."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "org, user and user membership were created successfully";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid org or user";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveOrg(RemoveOrgRequest) returns (RemoveOrgResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/orgs/{org_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Remove Organization";
|
|
description: "Sets the state of the organization and all its resource (Users, Projects, Grants to and from the org) to remove. Users of this organization will not be able to log in."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "org removed successfully";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid org";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
|
|
rpc GetIDPByID(GetIDPByIDRequest) returns (GetIDPByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/idps/{id}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Get Identity Provider (IDP) by ID";
|
|
description: "Returns an identity provider (social/enterprise login) by its ID e.g Google, AzureAD, etc."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "IDP found";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListIDPs(ListIDPsRequest) returns (ListIDPsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/_search";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Search Identity Providers (IDP)";
|
|
description: "Returns a list of identity providers (social/enterprise login) configured on an instance level. e.g Google, AzureAD, etc."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "idps found";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid query";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddOIDCIDP(AddOIDCIDPRequest) returns (AddOIDCIDPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/oidc";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Add OIDC Identity Provider (IDP)";
|
|
description: "Create a new identity provider configuration to enable your users to log in with social/enterprise login. The provider has to be OIDC compliant."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "idp created";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddJWTIDP(AddJWTIDPRequest) returns (AddJWTIDPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/jwt";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Add JWT Identity Provider (IDP)";
|
|
description: "Create a new identity provider configuration to enable your users to log in with social/enterprise login. JSON Web Token Identity Provider (JWT IDP) gives you the possibility to use an (existing) JWT as a federated identity. You have to provide an endpoint where ZITADEL can get the existing JWT token."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "idp created";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateIDP(UpdateIDPRequest) returns (UpdateIDPResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{idp_id}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Update Identity Provider (IDP)";
|
|
description: "Update an existing IDP. All fields are updated. If you do not send a value in a field, it will be empty afterward."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "idp updated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateIDP(DeactivateIDPRequest) returns (DeactivateIDPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/{idp_id}/_deactivate";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Deactivate Identity Provider (IDP)";
|
|
description: "Sets the state of the provider to inactive. It can only be called for the provider with the state active. Users will not be able to log in with the given provider afterward. It might cause troubles if it is the only authentication method of the user."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "idp deactivated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "Unable to deactivate IDP";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateIDP(ReactivateIDPRequest) returns (ReactivateIDPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/{idp_id}/_reactivate";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Reactivate Identity Provider (IDP)";
|
|
description: "Sets the state of the provider to active. It can only be called for providers with the state inactive. Users will not be able to log in again with the given provider."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "idp reactivated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "unable to reactivate IDP";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveIDP(RemoveIDPRequest) returns (RemoveIDPResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/idps/{idp_id}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Remove Identity Provider (IDP)";
|
|
description: "Removes the identity provider permanently. All links to the given IDP on users will be deleted as well. They will not be able to log in with the provider afterward. If it is their only authentication possibility it might cause problems."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "idp removed";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "unable to remove IDP";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateIDPOIDCConfig(UpdateIDPOIDCConfigRequest) returns (UpdateIDPOIDCConfigResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{idp_id}/oidc_config";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Update OIDC Identity Provider (IDP)";
|
|
description: "Update the OIDC-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "OIDC config updated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
responses: {
|
|
key: "409";
|
|
value: {
|
|
description: "precondition failed";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateIDPJWTConfig(UpdateIDPJWTConfigRequest) returns (UpdateIDPJWTConfigResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{idp_id}/jwt_config";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Update JWT Identity Provider (IDP)";
|
|
description: "Update the JWT-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "JWT config updated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
responses: {
|
|
key: "409";
|
|
value: {
|
|
description: "precondition failed";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Returns all identity providers, which match the query
|
|
// Limit should always be set, there is a default limit set by the service
|
|
rpc ListProviders(ListProvidersRequest) returns (ListProvidersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/templates/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.read"
|
|
};
|
|
}
|
|
|
|
// Returns an identity provider of the instance
|
|
rpc GetProviderByID(GetProviderByIDRequest) returns (GetProviderByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/idps/templates/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.read"
|
|
};
|
|
}
|
|
|
|
// Add a new OAuth2 identity provider on the instance
|
|
rpc AddGenericOAuthProvider(AddGenericOAuthProviderRequest) returns (AddGenericOAuthProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/oauth"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing OAuth2 identity provider on the instance
|
|
rpc UpdateGenericOAuthProvider(UpdateGenericOAuthProviderRequest) returns (UpdateGenericOAuthProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/oauth/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new OIDC identity provider on the instance
|
|
rpc AddGenericOIDCProvider(AddGenericOIDCProviderRequest) returns (AddGenericOIDCProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/generic_oidc"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing OIDC identity provider on the instance
|
|
rpc UpdateGenericOIDCProvider(UpdateGenericOIDCProviderRequest) returns (UpdateGenericOIDCProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/generic_oidc/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new JWT identity provider on the instance
|
|
rpc AddJWTProvider(AddJWTProviderRequest) returns (AddJWTProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/generic_jwt"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing JWT identity provider on the instance
|
|
rpc UpdateJWTProvider(UpdateJWTProviderRequest) returns (UpdateJWTProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/generic_jwt/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new Google identity provider on the instance
|
|
rpc AddGoogleProvider(AddGoogleProviderRequest) returns (AddGoogleProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/google"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing Google identity provider on the instance
|
|
rpc UpdateGoogleProvider(UpdateGoogleProviderRequest) returns (UpdateGoogleProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/google/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new LDAP identity provider on the instance
|
|
rpc AddLDAPProvider(AddLDAPProviderRequest) returns (AddLDAPProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/ldap"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing LDAP identity provider on the instance
|
|
rpc UpdateLDAPProvider(UpdateLDAPProviderRequest) returns (UpdateLDAPProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/ldap/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Remove an identity provider
|
|
// Will remove all linked providers of this configuration on the users
|
|
rpc DeleteProvider(DeleteProviderRequest) returns (DeleteProviderResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/idps/templates/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/orgiam";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Get Org IAM Policy";
|
|
description: "Use Get Domain Settings instead"
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc UpdateOrgIAMPolicy(UpdateOrgIAMPolicyRequest) returns (UpdateOrgIAMPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/orgiam";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Update Org IAM Policy";
|
|
description: "Use Update Domain Settings instead";
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc GetCustomOrgIAMPolicy(GetCustomOrgIAMPolicyRequest) returns (GetCustomOrgIAMPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/{org_id}/policies/orgiam";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Get Org IAM Policy";
|
|
description: "Use GetDomain Settings for Organization instead";
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc AddCustomOrgIAMPolicy(AddCustomOrgIAMPolicyRequest) returns (AddCustomOrgIAMPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/{org_id}/policies/orgiam";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Add Custom Org IAM Policy";
|
|
description: "Use Get Domain Settings for Organization instead"
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc UpdateCustomOrgIAMPolicy(UpdateCustomOrgIAMPolicyRequest) returns (UpdateCustomOrgIAMPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/orgs/{org_id}/policies/orgiam";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Update Custom Org IAM Policy";
|
|
description: "Use Get Domain Settings for Organization instead"
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomOrgIAMPolicyToDefault(ResetCustomOrgIAMPolicyToDefaultRequest) returns (ResetCustomOrgIAMPolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/orgs/{org_id}/policies/orgiam";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.delete";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Reset Domain Settings of Organization";
|
|
description: "Use Reset Domain Settings of Organization instead"
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc GetDomainPolicy(GetDomainPolicyRequest) returns (GetDomainPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/domain";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Get Domain Settings";
|
|
description: "Returns the domain settings configured as default on the instance. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation.."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default domain policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateDomainPolicy(UpdateDomainPolicyRequest) returns (UpdateDomainPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/domain";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Update Domain Settings";
|
|
description: "Update the domain settings configured as default on the instance. Domain settings specify how ZITADEL should handle domains, usernames, emails and validation. It affects all organizations that do not have overwritten settings."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default domain policy updated";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomDomainPolicy(GetCustomDomainPolicyRequest) returns (GetCustomDomainPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/{org_id}/policies/domain";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
tags: "Organizations";
|
|
summary: "Get Domain Settings for Organization";
|
|
description: "Get the domain settings configured on a specific organization. If the organization doesn't have a custom setting, the default will be returned. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "domain policy of the org or the default policy if not customized";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddCustomDomainPolicy(AddCustomDomainPolicyRequest) returns (AddCustomDomainPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/{org_id}/policies/domain";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
tags: "Organizations";
|
|
summary: "Get Domain Settings for Organization";
|
|
description: "Create the domain settings configured on a specific organization. It will overwrite the settings specified on the instance. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "domain policy created";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateCustomDomainPolicy(UpdateCustomDomainPolicyRequest) returns (UpdateCustomDomainPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/orgs/{org_id}/policies/domain";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
tags: "Organizations";
|
|
summary: "Update Domain Settings for Organization";
|
|
description: "Update the domain settings configured on a specific organization. It will overwrite the settings specified on the instance. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "domain policy updated";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomDomainPolicyToDefault(ResetCustomDomainPolicyToDefaultRequest) returns (ResetCustomDomainPolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/orgs/{org_id}/policies/domain";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.delete";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
tags: "Organizations";
|
|
summary: "Reset Domain Settings of Organization";
|
|
description: "Resets the domain settings configured on a specific organization to the settings configured on the instance. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "resets the custom domain policy to the default policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetLabelPolicy(GetLabelPolicyRequest) returns (GetLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/label";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Get Private Labeling/Branding Settings";
|
|
description: "Returns the currently active private labeling/branding configured on the instance level. The settings will trigger if the organization has not overwritten the settings or if no specific organization is called on the login UI. Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default label policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetPreviewLabelPolicy(GetPreviewLabelPolicyRequest) returns (GetPreviewLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/label/_preview";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Get Preview Private Labeling/Branding Settings";
|
|
description: "Returns the preview private labeling/branding configured on the instance level. The preview is used to show you how it will look like, and not activate it directly for your users. In the future, it should be possible to send a preview mail and have a look at the preview login. The settings will trigger if the organization has not overwritten the settings or if no specific organization is called on the login UI. Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default label policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateLabelPolicy(UpdateLabelPolicyRequest) returns (UpdateLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/label";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Update Labeling/Branding Settings";
|
|
description: "Update the preview private labeling/branding configured on the instance level. It affects all organizations, that don't overwrite the settings. The preview is used to show you how it will look like, make sure to activate it as soon as you are happy with the configuration. Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default label policy updated";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ActivateLabelPolicy(ActivateLabelPolicyRequest) returns (ActivateLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/label/_activate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Activate Labeling/Branding Settings";
|
|
description: "Activates the preview private labeling/branding configured on the instance level. It will be shown to the users afterward. It affects all organizations, that don't overwrite the settings. Defines what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
};
|
|
}
|
|
|
|
rpc RemoveLabelPolicyLogo(RemoveLabelPolicyLogoRequest) returns (RemoveLabelPolicyLogoResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/logo"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Logo Light";
|
|
description: "Removes the logo of the light theme from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
};
|
|
}
|
|
|
|
rpc RemoveLabelPolicyLogoDark(RemoveLabelPolicyLogoDarkRequest) returns (RemoveLabelPolicyLogoDarkResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/logo_dark"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Logo Dark";
|
|
description: "Removes the logo of the dark theme from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
};
|
|
}
|
|
|
|
rpc RemoveLabelPolicyIcon(RemoveLabelPolicyIconRequest) returns (RemoveLabelPolicyIconResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/icon"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Icon Light";
|
|
description: "Removes the icon of the light theme from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
};
|
|
}
|
|
|
|
rpc RemoveLabelPolicyIconDark(RemoveLabelPolicyIconDarkRequest) returns (RemoveLabelPolicyIconDarkResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/icon_dark"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Icon Dark";
|
|
description: "Removes the icon of the dark theme from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
};
|
|
}
|
|
|
|
rpc RemoveLabelPolicyFont(RemoveLabelPolicyFontRequest) returns (RemoveLabelPolicyFontResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/font"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Font";
|
|
description: "Removes the font from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
};
|
|
}
|
|
|
|
rpc GetLoginPolicy(GetLoginPolicyRequest) returns (GetLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/login";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
summary: "Get Login Settings";
|
|
description: "Returns the login settings defined on the instance level. It will trigger for all organizations, that don't overwrite the settings. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default login policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateLoginPolicy(UpdateLoginPolicyRequest) returns (UpdateLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/login";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
summary: "Update Login Settings";
|
|
description: "Update the default login settings defined on the instance level. It will trigger for all organizations, that don't overwrite the settings. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default login policy updated";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListLoginPolicyIDPs(ListLoginPolicyIDPsRequest) returns (ListLoginPolicyIDPsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/idps/_search";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Identity Providers"
|
|
summary: "List Linked Identity Providers";
|
|
description: "Returns a list of identity providers that are linked in the login policy. This means, that they are configured for the instance and will be shown to the users. It affects all organizations, without custom login settings."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Identity providers of default login policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddIDPToLoginPolicy(AddIDPToLoginPolicyRequest) returns (AddIDPToLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/idps";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Identity Providers"
|
|
summary: "Add Linked Identity Provider";
|
|
description: "Add/link a pre-configured identity provider to the login settings of the instance. This means that it will be shown to the users on the login page. It affects all organizations, without custom login settings."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Identity providers added to default login policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveIDPFromLoginPolicy(RemoveIDPFromLoginPolicyRequest) returns (RemoveIDPFromLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/idps/{idp_id}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Identity Providers"
|
|
summary: "Remove Linked Identity Provider";
|
|
description: "Remove an identity provider from the login settings of the instance. This means that it will not be shown to the users on the login page. It affects all organizations, without custom login settings."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Identity providers removed from default login policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListLoginPolicySecondFactors(ListLoginPolicySecondFactorsRequest) returns (ListLoginPolicySecondFactorsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/second_factors/_search";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "List Second Factors (2FA)";
|
|
description: "Returns a list of second factors (2FA) configured on the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called the second factor as it is used after a password. In the UI we generalize it as multi-factor."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "second factors of default login policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddSecondFactorToLoginPolicy(AddSecondFactorToLoginPolicyRequest) returns (AddSecondFactorToLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/second_factors";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "Add Second Factor (2FA)";
|
|
description: "Add a new second factor (2FA) to the login settings of the instance. Users will have the possibility to authenticate with the configured factor afterward. It affects all organizations, without custom login settings. Authentication factors are used as an additional factor to add more security to your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called a second factor as it is used as an additional authentication after a password. In the UI we generalize this as multi-factor."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "second factor added to default login policy";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid second-factor type";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveSecondFactorFromLoginPolicy(RemoveSecondFactorFromLoginPolicyRequest) returns (RemoveSecondFactorFromLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/second_factors/{type}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "Remove Second Factor (2FA)";
|
|
description: "Remove a configured second factor (2FA) from the login settings of the instance. It affects all organizations, without custom login settings. Users will not be able to authenticate with the configured factor afterward. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called the second factor as it is used after a password. In the UI we generalize it as multi-factor."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "second factor removed from default login policy";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "Invalid second-factor type";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListLoginPolicyMultiFactors(ListLoginPolicyMultiFactorsRequest) returns (ListLoginPolicyMultiFactorsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/multi_factors/_search";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "List Multi Factors (MFA)";
|
|
description: "Returns a list of multi factors (MFA) configured on the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multifactor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "multi factors of default login policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddMultiFactorToLoginPolicy(AddMultiFactorToLoginPolicyRequest) returns (AddMultiFactorToLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/multi_factors";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "Add Multi-Factor (MFA)";
|
|
description: "Add a multi-factor (MFA) to the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "multi-factor added to default login policy";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid multi-factor type";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveMultiFactorFromLoginPolicy(RemoveMultiFactorFromLoginPolicyRequest) returns (RemoveMultiFactorFromLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/multi_factors/{type}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "Remove Multi Factor (MFA)";
|
|
description: "Remove a multi-factor (MFA) from the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "second factor removed from default login policy";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "multi-factor type not defined on policy";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetPasswordComplexityPolicy(GetPasswordComplexityPolicyRequest) returns (GetPasswordComplexityPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/password/complexity";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Password Complexity Settings";
|
|
description: "Returns the password complexity settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify how a password should look (characters, length, etc.)"
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default password complexity policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdatePasswordComplexityPolicy(UpdatePasswordComplexityPolicyRequest) returns (UpdatePasswordComplexityPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/password/complexity";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Update Password Complexity Settings";
|
|
description: "Updates the default password complexity settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify how a password should look (characters, length, etc.)"
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default password complexity policy updated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetPasswordAgePolicy(GetPasswordAgePolicyRequest) returns (GetPasswordAgePolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/password/age";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Password Age Settings";
|
|
description: "Not implemented"
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default password age policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdatePasswordAgePolicy(UpdatePasswordAgePolicyRequest) returns (UpdatePasswordAgePolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/password/age";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Update Password Age Settings";
|
|
description: "Not implemented"
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default password age policy updated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetLockoutPolicy(GetLockoutPolicyRequest) returns (GetLockoutPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/lockout";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Password Lockout Settings";
|
|
description: "Returns the password lockout settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default lockout policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateLockoutPolicy(UpdateLockoutPolicyRequest) returns (UpdateLockoutPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/password/lockout";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Update Password Lockout Settings";
|
|
description: "Update the password lockout settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
|
|
};
|
|
}
|
|
|
|
rpc GetPrivacyPolicy(GetPrivacyPolicyRequest) returns (GetPrivacyPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/privacy";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Privacy Settings";
|
|
summary: "Get Privacy Settings";
|
|
description: "Returns the privacy settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default privacy policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdatePrivacyPolicy(UpdatePrivacyPolicyRequest) returns (UpdatePrivacyPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/privacy";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Privacy Settings";
|
|
summary: "Update Privacy Settings";
|
|
description: "Update the privacy settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings. Variable {{.Lang}} can be set to have different links based on the language."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default privacy policy updated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddNotificationPolicy(AddNotificationPolicyRequest) returns (AddNotificationPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/notification"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Notification Settings";
|
|
summary: "Add Notification Settings";
|
|
description: "Add new notification settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default notification policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetNotificationPolicy(GetNotificationPolicyRequest) returns (GetNotificationPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/notification";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Notification Settings";
|
|
summary: "Return Notification Settings";
|
|
description: "Return the notification settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default notification policy";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateNotificationPolicy(UpdateNotificationPolicyRequest) returns (UpdateNotificationPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/notification";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Notification Settings";
|
|
summary: "Update Notification Settings";
|
|
description: "Update the notification settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "default notification policy updated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid argument";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultInitMessageText(GetDefaultInitMessageTextRequest) returns (GetDefaultInitMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/init/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Init Message Text";
|
|
description: "Get the default text of the initialize-user message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user is created and has either no password or a non-verified email address."
|
|
};
|
|
}
|
|
|
|
rpc GetCustomInitMessageText(GetCustomInitMessageTextRequest) returns (GetCustomInitMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/init/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Init Message Text";
|
|
description: "Get the custom text of the initialize-user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user is created and has either no password or a non-verified email address."
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultInitMessageText(SetDefaultInitMessageTextRequest) returns (SetDefaultInitMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/init/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Custom Init Message Text";
|
|
description: "Set the custom text of the initialize-user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user is created and has either no password or a non-verified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomInitMessageTextToDefault(ResetCustomInitMessageTextToDefaultRequest) returns (ResetCustomInitMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/init/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Init Message Text to Default";
|
|
description: "Removes the custom text of the initialize-user message/email that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordResetMessageText(GetDefaultPasswordResetMessageTextRequest) returns (GetDefaultPasswordResetMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/deafult/message/passwordreset/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Password Reset Message Text";
|
|
description: "Get the default text of the password reset message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user triggers the password forgot-request."
|
|
};
|
|
}
|
|
|
|
rpc GetCustomPasswordResetMessageText(GetCustomPasswordResetMessageTextRequest) returns (GetCustomPasswordResetMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/passwordreset/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Password Reset Message Text";
|
|
description: "Get the custom text of the password reset message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user triggers the password forgot-request."
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultPasswordResetMessageText(SetDefaultPasswordResetMessageTextRequest) returns (SetDefaultPasswordResetMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/passwordreset/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Custom Password Reset Message Text";
|
|
description: "Set the custom text of the password reset user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user triggers the password forgot-request. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomPasswordResetMessageTextToDefault(ResetCustomPasswordResetMessageTextToDefaultRequest) returns (ResetCustomPasswordResetMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/verifyemail/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Password Reset Message Text to Default";
|
|
description: "Removes the custom text of the password reset user message/email that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultVerifyEmailMessageText(GetDefaultVerifyEmailMessageTextRequest) returns (GetDefaultVerifyEmailMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/verifyemail/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Verify Email Message Text";
|
|
description: "Get the default text of the verify-email message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user adds a new non-verified email address."
|
|
};
|
|
}
|
|
|
|
rpc GetCustomVerifyEmailMessageText(GetCustomVerifyEmailMessageTextRequest) returns (GetCustomVerifyEmailMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/verifyemail/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Verify Email Message Text";
|
|
description: "Get the custom text of the verify-email message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user adds a new non-verified email address."
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultVerifyEmailMessageText(SetDefaultVerifyEmailMessageTextRequest) returns (SetDefaultVerifyEmailMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/verifyemail/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Verify Email Message Text";
|
|
description: "Set the custom text of the verify email user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user adds a new nonverified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomVerifyEmailMessageTextToDefault(ResetCustomVerifyEmailMessageTextToDefaultRequest) returns (ResetCustomVerifyEmailMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/verifyemail/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Verify Email Message Text to Default";
|
|
description: "Removes the custom text of the email verify message/email that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultVerifyPhoneMessageText(GetDefaultVerifyPhoneMessageTextRequest) returns (GetDefaultVerifyPhoneMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/verifyphone/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Verify Phone Message Text";
|
|
description: "Get the default text of the verify-phone message that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user adds a new non-verified phone number and a notification provider is configured."
|
|
};
|
|
}
|
|
|
|
rpc GetCustomVerifyPhoneMessageText(GetCustomVerifyPhoneMessageTextRequest) returns (GetCustomVerifyPhoneMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/verifyphone/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Verify Phone Message Text";
|
|
description: "Get the custom text of the verify-phone message that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user adds a new non-verified phone number and a notification provider is configured."
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultVerifyPhoneMessageText(SetDefaultVerifyPhoneMessageTextRequest) returns (SetDefaultVerifyPhoneMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/verifyphone/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Verify Phone Reset Message Text";
|
|
description: "Set the custom text of the verify-phone user message that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user adds a new non-verified phone number and a notification provider is configured. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomVerifyPhoneMessageTextToDefault(ResetCustomVerifyPhoneMessageTextToDefaultRequest) returns (ResetCustomVerifyPhoneMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/verifyphone/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Verify Phone Message Text to Default";
|
|
description: "Removes the custom text of the verify-phone message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultDomainClaimedMessageText(GetDefaultDomainClaimedMessageTextRequest) returns (GetDefaultDomainClaimedMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/domainclaimed/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Domain Claimed Message Text";
|
|
description: "Get the default text of the domain claimed message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an organization claims a domain and a user of this domain exists in another organization."
|
|
};
|
|
}
|
|
|
|
rpc GetCustomDomainClaimedMessageText(GetCustomDomainClaimedMessageTextRequest) returns (GetCustomDomainClaimedMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/domainclaimed/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Domain Claimed Message Text";
|
|
description: "Get the custom text of the domain claimed message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an organization claims a domain and a user of this domain exists in another organization."
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultDomainClaimedMessageText(SetDefaultDomainClaimedMessageTextRequest) returns (SetDefaultDomainClaimedMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/domainclaimed/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Domain Claimed Message Text";
|
|
description: "Set the custom text of the domain claimed message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message/email is sent when an organization claims a domain and a user of this domain exists in another organization. The Following Variables can be used: {{.Domain}} {{.TempUsername}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomDomainClaimedMessageTextToDefault(ResetCustomDomainClaimedMessageTextToDefaultRequest) returns (ResetCustomDomainClaimedMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/domainclaimed/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Domain Claimed Message Text to Default";
|
|
description: "Removes the custom text of the domain claimed message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordlessRegistrationMessageText(GetDefaultPasswordlessRegistrationMessageTextRequest) returns (GetDefaultPasswordlessRegistrationMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/passwordless_registration/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Passwordless Registration Message Text";
|
|
description: "Get the default text of the domain claimed message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device."
|
|
};
|
|
}
|
|
|
|
rpc GetCustomPasswordlessRegistrationMessageText(GetCustomPasswordlessRegistrationMessageTextRequest) returns (GetCustomPasswordlessRegistrationMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/passwordless_registration/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Passwordless Registration Message Text";
|
|
description: "Get the custom text of the passwordless/passkey registration message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device."
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultPasswordlessRegistrationMessageText(SetDefaultPasswordlessRegistrationMessageTextRequest) returns (SetDefaultPasswordlessRegistrationMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/passwordless_registration/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Passwordless Registration Message Text";
|
|
description: "Set the custom text of the passwordless/passkey registration message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message/email is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomPasswordlessRegistrationMessageTextToDefault(ResetCustomPasswordlessRegistrationMessageTextToDefaultRequest) returns (ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/passwordless_registration/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Passwordless Registration Message Text to Default";
|
|
description: "Removes the custom text of the passwordless/passkey registration message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordChangeMessageText(GetDefaultPasswordChangeMessageTextRequest) returns (GetDefaultPasswordChangeMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/password_change/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Password Change Message Text";
|
|
description: "Get the default text of the password-changed message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when the password of a user has been changed."
|
|
};
|
|
}
|
|
|
|
rpc GetCustomPasswordChangeMessageText(GetCustomPasswordChangeMessageTextRequest) returns (GetCustomPasswordChangeMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/password_change/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Password Change Message Text";
|
|
description: "Get the custom text of the password-changed message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when the password of a user has been changed."
|
|
};
|
|
}
|
|
|
|
rpc SetDefaultPasswordChangeMessageText(SetDefaultPasswordChangeMessageTextRequest) returns (SetDefaultPasswordChangeMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/password_change/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Password Changed Message Text";
|
|
description: "Set the custom text of the password-changed message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message/email is sent when the password of a user has been changed. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomPasswordChangeMessageTextToDefault(ResetCustomPasswordChangeMessageTextToDefaultRequest) returns (ResetCustomPasswordChangeMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/password_change/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Password Changed Message Text to Default";
|
|
description: "Removes the custom text of the password-changed message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLoginTexts(GetDefaultLoginTextsRequest) returns (GetDefaultLoginTextsResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/login/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Login Texts";
|
|
summary: "Get Default Login Text";
|
|
description: "Get the default texts for the login and register UI of ZITADEL, which are stored as translation files in ZITADEL itself. The text will be shown to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc GetCustomLoginTexts(GetCustomLoginTextsRequest) returns (GetCustomLoginTextsResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/login/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Login Texts";
|
|
summary: "Get Custom Login Text";
|
|
description: "Get the custom texts for the login and register UI of ZITADEL, which is overwritten on the instance as settings/database. The text will be shown to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc SetCustomLoginText(SetCustomLoginTextsRequest) returns (SetCustomLoginTextsResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/login/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Login Texts";
|
|
summary: "Set Default Login Text";
|
|
description: "Set the custom texts for the login and register UI of ZITADEL, which is overwritten on the instance as settings/database. The text will be shown to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomLoginTextToDefault(ResetCustomLoginTextsToDefaultRequest) returns (ResetCustomLoginTextsToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/login/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Login Texts";
|
|
summary: "Reset Custom Login Text to Default";
|
|
description: "Removes the custom texts for the login and register UI of ZITADEL, which is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be shown to the users of all organizations, that do not have a custom text configured."
|
|
};
|
|
}
|
|
|
|
rpc ListIAMMemberRoles(ListIAMMemberRolesRequest) returns (ListIAMMemberRolesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/members/roles/_search";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.member.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "List IAM Member Roles";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all roles possible for a ZITADEL member on the instance level."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "roles on the IAM of the user";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListIAMMembers(ListIAMMembersRequest) returns (ListIAMMembersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/members/_search";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.member.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "List IAM Members";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all users with memberships on the instance level, matching the search queries. The search queries will be AND linked."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "members of the IAM";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
//Adds a user to the membership list of ZITADEL with the given roles
|
|
// undefined roles will be dropped
|
|
rpc AddIAMMember(AddIAMMemberRequest) returns (AddIAMMemberResponse) {
|
|
option (google.api.http) = {
|
|
post: "/members";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.member.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Add IAM Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request adds a new user to the members list with one or multiple roles."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Member added to the IAM";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "user not found or invalid roles";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateIAMMember(UpdateIAMMemberRequest) returns (UpdateIAMMemberResponse) {
|
|
option (google.api.http) = {
|
|
put: "/members/{user_id}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.member.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Update IAM Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request changes the roles of an existing member. The whole roles list will be updated. Make sure to include roles that you don't want to change (remove)."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Member of the IAM updated";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid user or roles";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveIAMMember(RemoveIAMMemberRequest) returns (RemoveIAMMemberResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/members/{user_id}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.member.delete";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Remove IAM Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request removes a user from the members list on an instance level. The user can still have roles on another level (organization, project)"
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Member of the IAM removed";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid user";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListViews(ListViewsRequest) returns (ListViewsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/views/_search";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Views/Projections";
|
|
summary: "List Views/Projections";
|
|
description: "Returns all stored read models of ZITADEL. Views are used for search optimization and optimizing request latencies. They represent the delta of the event that happened on the objects"
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Views for query operations";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListFailedEvents(ListFailedEventsRequest) returns (ListFailedEventsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/failedevents/_search";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Failed Events";
|
|
summary: "List Failed Events";
|
|
description: "Returns a list of events that could not be proceeded in the views/projections. Some events need several retries till they succeed. For example, if the SMTP-API wasn't able to send an email the first time."
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Events which were not processed by the views";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveFailedEvent(RemoveFailedEventRequest) returns (RemoveFailedEventResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/failedevents/{database}/{view_name}/{failed_sequence}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Failed Events";
|
|
summary: "Remove Failed Events";
|
|
description: "Removes the event from the failed evens view, but not from the change stream. This call is useful if the system was able to process the event after some retries. e.g. if the second try of sending an email was successful. the first try produced a failed event. You can find out if it worked on the `failure_count` "
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "Events removed from the list";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "failed event not found";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Imports data into an instance and creates different objects
|
|
rpc ImportData(ImportDataRequest) returns (ImportDataResponse) {
|
|
option (google.api.http) = {
|
|
post: "/import";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Import/Export";
|
|
summary: "Import Data";
|
|
description: "Import data on an instance level to ZITADEL. It can be either directly in the request or you can point to a file on an S3 storage, from which the data should be loaded."
|
|
};
|
|
}
|
|
|
|
rpc ExportData(ExportDataRequest) returns (ExportDataResponse) {
|
|
option (google.api.http) = {
|
|
post: "/export";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "iam.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Import/Export";
|
|
summary: "Export Data";
|
|
description: "Export data on an instance level to ZITADEL. It can be either directly exported in the response or you can point to a file on an S3 storage, where the data should be written."
|
|
};
|
|
}
|
|
|
|
rpc ListEventTypes(ListEventTypesRequest) returns (ListEventTypesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/events/types/_search";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "events.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Events";
|
|
summary: "Event types";
|
|
description: "Returns a list of the possible event types in ZITADEL. This is used to filter the event types in the list events request."
|
|
};
|
|
}
|
|
|
|
rpc ListEvents(ListEventsRequest) returns (ListEventsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/events/_search";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "events.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Events";
|
|
summary: "Search Events";
|
|
description: "Returns a list of the possible event types in ZITADEL. This is used to filter the event types in the list events request."
|
|
};
|
|
}
|
|
|
|
rpc ListAggregateTypes(ListAggregateTypesRequest) returns (ListAggregateTypesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/aggregates/types/_search";
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "events.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Events";
|
|
summary: "List Aggregate Types";
|
|
description: "Returns a list of the possible aggregate types in ZITADEL. This is used to filter the aggregate types in the list events request."
|
|
};
|
|
}
|
|
}
|
|
|
|
|
|
//This is an empty request
|
|
message HealthzRequest {}
|
|
|
|
//This is an empty response
|
|
message HealthzResponse {}
|
|
|
|
//This is an empty request
|
|
message GetSupportedLanguagesRequest {}
|
|
|
|
message GetSupportedLanguagesResponse {
|
|
repeated string languages = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"en\", \"de\", \"it\"]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message SetDefaultLanguageRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 10},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 10;
|
|
example: "\"en\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message SetDefaultLanguageResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetDefaultLanguageRequest {}
|
|
|
|
message GetDefaultLanguageResponse {
|
|
string language = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"en\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message SetDefaultOrgRequest {
|
|
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message SetDefaultOrgResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetDefaultOrgRequest {}
|
|
|
|
message GetDefaultOrgResponse {
|
|
zitadel.org.v1.Org org = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetMyInstanceRequest {}
|
|
|
|
message GetMyInstanceResponse {
|
|
zitadel.instance.v1.InstanceDetail instance = 1;
|
|
}
|
|
|
|
message ListInstanceDomainsRequest {
|
|
zitadel.v1.ListQuery query = 1;
|
|
// the field the result is sorted
|
|
zitadel.instance.v1.DomainFieldName sorting_column = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.instance.v1.DomainSearchQuery queries = 3;
|
|
}
|
|
|
|
message ListInstanceDomainsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
zitadel.instance.v1.DomainFieldName sorting_column = 2;
|
|
repeated zitadel.instance.v1.Domain result = 3;
|
|
}
|
|
|
|
message ListSecretGeneratorsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.settings.v1.SecretGeneratorQuery queries = 2;
|
|
}
|
|
|
|
message ListSecretGeneratorsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.settings.v1.SecretGenerator result = 3;
|
|
}
|
|
|
|
message GetSecretGeneratorRequest {
|
|
zitadel.settings.v1.SecretGeneratorType generator_type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
message GetSecretGeneratorResponse {
|
|
zitadel.settings.v1.SecretGenerator secret_generator = 1;
|
|
}
|
|
|
|
message UpdateSecretGeneratorRequest {
|
|
zitadel.settings.v1.SecretGeneratorType generator_type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
uint32 length = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "6";
|
|
}
|
|
];
|
|
google.protobuf.Duration expiry = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"3600s\"";
|
|
}
|
|
];
|
|
bool include_lower_letters = 4;
|
|
bool include_upper_letters = 5;
|
|
bool include_digits = 6;
|
|
bool include_symbols = 7;
|
|
}
|
|
|
|
message UpdateSecretGeneratorResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetSMTPConfigRequest {}
|
|
|
|
message GetSMTPConfigResponse {
|
|
zitadel.settings.v1.SMTPConfig smtp_config = 1;
|
|
}
|
|
|
|
message AddSMTPConfigRequest {
|
|
string sender_address = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"noreply@m.zitadel.cloud\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string sender_name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bool tls = 3;
|
|
string host = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 500},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"smtp.postmarkapp.com:587\"";
|
|
description: "Make sure to include the port.";
|
|
min_length: 1;
|
|
max_length: 500;
|
|
}
|
|
];
|
|
string user = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
|
|
}
|
|
];
|
|
string password = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"this-is-my-password\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddSMTPConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateSMTPConfigRequest {
|
|
string sender_address = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"noreply@m.zitadel.cloud\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string sender_name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bool tls = 3;
|
|
string host = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 500},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"smtp.postmarkapp.com:587\"";
|
|
description: "Make sure to include the port.";
|
|
min_length: 1;
|
|
max_length: 500;
|
|
}
|
|
];
|
|
string user = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateSMTPConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateSMTPConfigPasswordRequest {
|
|
string password = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"this-is-my-updated-password\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateSMTPConfigPasswordResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//this is an empty request
|
|
message RemoveSMTPConfigRequest {}
|
|
|
|
message RemoveSMTPConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListSMSProvidersRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
}
|
|
|
|
message ListSMSProvidersResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.settings.v1.SMSProvider result = 3;
|
|
}
|
|
|
|
message GetSMSProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
|
|
}
|
|
|
|
message GetSMSProviderResponse {
|
|
zitadel.settings.v1.SMSProvider config = 1;
|
|
}
|
|
|
|
message AddSMSProviderTwilioRequest {
|
|
string sid = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string token = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string sender_number = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddSMSProviderTwilioResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateSMSProviderTwilioRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string sid = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string sender_number = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateSMSProviderTwilioResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateSMSProviderTwilioTokenRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message UpdateSMSProviderTwilioTokenResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ActivateSMSProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ActivateSMSProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeactivateSMSProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message DeactivateSMSProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveSMSProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveSMSProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetFileSystemNotificationProviderRequest {}
|
|
|
|
message GetFileSystemNotificationProviderResponse {
|
|
zitadel.settings.v1.DebugNotificationProvider provider = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetLogNotificationProviderRequest {}
|
|
|
|
message GetLogNotificationProviderResponse {
|
|
zitadel.settings.v1.DebugNotificationProvider provider = 1;
|
|
}
|
|
|
|
// This is an empty request
|
|
message GetOIDCSettingsRequest {}
|
|
|
|
message GetOIDCSettingsResponse {
|
|
zitadel.settings.v1.OIDCSettings settings = 1;
|
|
}
|
|
|
|
message AddOIDCSettingsRequest {
|
|
google.protobuf.Duration access_token_lifetime = 1;
|
|
google.protobuf.Duration id_token_lifetime = 2;
|
|
google.protobuf.Duration refresh_token_idle_expiration = 3;
|
|
google.protobuf.Duration refresh_token_expiration = 4;
|
|
}
|
|
|
|
message AddOIDCSettingsResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateOIDCSettingsRequest {
|
|
google.protobuf.Duration access_token_lifetime = 1;
|
|
google.protobuf.Duration id_token_lifetime = 2;
|
|
google.protobuf.Duration refresh_token_idle_expiration = 3;
|
|
google.protobuf.Duration refresh_token_expiration = 4;
|
|
}
|
|
|
|
message UpdateOIDCSettingsResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
// This is an empty request
|
|
message GetSecurityPolicyRequest{}
|
|
|
|
message GetSecurityPolicyResponse{
|
|
zitadel.settings.v1.SecurityPolicy policy = 1;
|
|
}
|
|
|
|
message SetSecurityPolicyRequest{
|
|
// states if iframe embedding is enabled or disabled
|
|
bool enable_iframe_embedding = 1;
|
|
// origins allowed loading ZITADEL in an iframe if enable_iframe_embedding is true
|
|
repeated string allowed_origins = 2;
|
|
}
|
|
|
|
message SetSecurityPolicyResponse{
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
// if name or domain is already in use, org is not unique
|
|
// at least one argument has to be provided
|
|
message IsOrgUniqueRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
description: "All unique fields of an organization";
|
|
required: ["name", "domain"]
|
|
};
|
|
};
|
|
|
|
string name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL\"";
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string domain = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"zitadel.cloud\"";
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message IsOrgUniqueResponse {
|
|
bool is_unique = 1;
|
|
}
|
|
|
|
message GetOrgByIDRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetOrgByIDResponse {
|
|
zitadel.org.v1.Org org = 1;
|
|
}
|
|
|
|
message ListOrgsRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
description: "Search query for lists";
|
|
required: ["query"]
|
|
};
|
|
};
|
|
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
// the field the result is sorted
|
|
zitadel.org.v1.OrgFieldName sorting_column = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.org.v1.OrgQuery queries = 3;
|
|
}
|
|
|
|
message ListOrgsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
zitadel.org.v1.OrgFieldName sorting_column = 2;
|
|
repeated zitadel.org.v1.Org result = 3;
|
|
}
|
|
|
|
message SetUpOrgRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
description: "Request to set up an organization. User is required";
|
|
required: ["org", "user"]
|
|
};
|
|
};
|
|
|
|
message Org {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["name"]
|
|
};
|
|
};
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"ZITADEL\"";
|
|
}
|
|
];
|
|
string domain = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "ZITADEL generates a domain (<org-name>.zitadel.ch) for an organization, the field is not required";
|
|
max_length: 200;
|
|
example: "\"zitadel.cloud\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message Human {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["user_name", "profile", "email", "password"];
|
|
};
|
|
};
|
|
|
|
message Profile {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["first_name", "last_name"];
|
|
};
|
|
};
|
|
|
|
string first_name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Gigi\"";
|
|
}
|
|
];
|
|
string last_name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Giraffe\"";
|
|
}
|
|
];
|
|
string nick_name = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"gigi-giraffe\"";
|
|
}
|
|
];
|
|
string display_name = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "a user can set his display name if nothing is set ZITADEL computes \"first_name last_name\"";
|
|
max_length: 200;
|
|
example: "\"Gigi Giraffe\"";
|
|
}
|
|
];
|
|
string preferred_language = 5 [
|
|
(validate.rules).string = {max_len: 10},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "language tag analog https://tools.ietf.org/html/rfc3066";
|
|
max_length: 10;
|
|
example: "\"en\"";
|
|
}
|
|
];
|
|
zitadel.user.v1.Gender gender = 6;
|
|
}
|
|
message Email {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["email"];
|
|
};
|
|
};
|
|
|
|
string email = 1 [
|
|
(validate.rules).string.email = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)";
|
|
min_length: 1;
|
|
example: "\"gigi@zitadel.com\"";
|
|
}
|
|
];
|
|
bool is_email_verified = 2;
|
|
}
|
|
message Phone {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["phone"];
|
|
};
|
|
};
|
|
// has to be a global number
|
|
string phone = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)";
|
|
min_length: 1;
|
|
max_length: 50;
|
|
example: "\"+41 71 000 00 00\"";
|
|
}
|
|
];
|
|
bool is_phone_verified = 2;
|
|
}
|
|
|
|
string user_name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"gigi-giraffe\"";
|
|
}
|
|
];
|
|
|
|
Profile profile = 2 [(validate.rules).message.required = true];
|
|
Email email = 3 [(validate.rules).message.required = true];
|
|
Phone phone = 4;
|
|
string password = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the initial password of the user";
|
|
example: "\"my_53cr3t-P4$$w0rd\"";
|
|
}
|
|
];
|
|
}
|
|
Org org = 1 [
|
|
(validate.rules).message.required = true
|
|
];
|
|
oneof user {
|
|
option (validate.required) = true;
|
|
|
|
// oneof field for the user managing the organization
|
|
Human human = 2;
|
|
}
|
|
// specify Org Member Roles for the provided user (default is ORG_OWNER if roles are empty)
|
|
repeated string roles = 3;
|
|
}
|
|
|
|
message SetUpOrgResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string org_id = 2;
|
|
string user_id = 3;
|
|
}
|
|
|
|
message RemoveOrgRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveOrgResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
|
|
message GetIDPByIDRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69234230193872955\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetIDPByIDResponse {
|
|
zitadel.idp.v1.IDP idp = 1;
|
|
}
|
|
|
|
message ListIDPsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
// the field the result is sorted
|
|
zitadel.idp.v1.IDPFieldName sorting_column = 2;
|
|
//criteria the client is looking for
|
|
repeated IDPQuery queries = 3;
|
|
}
|
|
|
|
message IDPQuery {
|
|
oneof query {
|
|
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
|
|
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
|
|
}
|
|
}
|
|
|
|
message ListIDPsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
zitadel.idp.v1.IDPFieldName sorting_column = 2;
|
|
repeated zitadel.idp.v1.IDP result = 3;
|
|
}
|
|
|
|
message AddOIDCIDPRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["name", "client_id", "client_secret", "issuer"]
|
|
};
|
|
};
|
|
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
zitadel.idp.v1.IDPStylingType styling_type = 2 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "some identity providers specify the styling of the button to their login";
|
|
}
|
|
];
|
|
string client_id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client id generated by the identity provider";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string client_secret = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client secret generated by the identity provider";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string issuer = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the oidc issuer of the identity provider";
|
|
max_length: 200;
|
|
}
|
|
];
|
|
repeated string scopes = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"openid\", \"profile\", \"email\"]";
|
|
description: "the scopes requested by ZITADEL during the request on the identity provider";
|
|
}
|
|
];
|
|
zitadel.idp.v1.OIDCMappingField display_name_mapping = 7 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the display name of the user";
|
|
}
|
|
];
|
|
zitadel.idp.v1.OIDCMappingField username_mapping = 8 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the email of the user";
|
|
}
|
|
];
|
|
bool auto_register = 9;
|
|
}
|
|
|
|
message AddOIDCIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string idp_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"53829026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddJWTIDPRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["name", "issuer", "keys_endpoint"]
|
|
};
|
|
};
|
|
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
zitadel.idp.v1.IDPStylingType styling_type = 2 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "some identity providers specify the styling of the button to their login";
|
|
}
|
|
];
|
|
string jwt_endpoint = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://custom.com/auth/jwt\"";
|
|
description: "the endpoint where the jwt can be extracted";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string issuer = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.custom.com\"";
|
|
description: "the issuer of the jwt (for validation)";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string keys_endpoint = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.custom.com/keys\"";
|
|
description: "the endpoint to the key (JWK) which is used to sign the JWT with";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string header_name = 6 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"x-auth-token\"";
|
|
description: "the name of the header where the JWT is sent in, default is authorization";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bool auto_register = 7;
|
|
}
|
|
|
|
message AddJWTIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string idp_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69234230193872955\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateIDPRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
description: "Updates fields of an IDP";
|
|
required: ["idp_id", "name"]
|
|
};
|
|
};
|
|
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
zitadel.idp.v1.IDPStylingType styling_type = 3 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "some identity providers specify the styling of the button to their login";
|
|
}
|
|
];
|
|
bool auto_register = 4;
|
|
}
|
|
|
|
message UpdateIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeactivateIDPRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["idp_id"]
|
|
};
|
|
};
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message DeactivateIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ReactivateIDPRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["idp_id"]
|
|
};
|
|
};
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message ReactivateIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveIDPRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["idp_id"]
|
|
};
|
|
};
|
|
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateIDPOIDCConfigRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["idp_id", "issuer", "client_id"]
|
|
};
|
|
};
|
|
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string issuer = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the oidc issuer of the identity provider";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string client_id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client id generated by the identity provider";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string client_secret = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client secret generated by the identity provider. If empty the secret is not overwritten";
|
|
max_length: 200;
|
|
}
|
|
];
|
|
repeated string scopes = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"openid\", \"profile\", \"email\"]";
|
|
description: "the scopes requested by ZITADEL during the request on the identity provider";
|
|
}
|
|
];
|
|
zitadel.idp.v1.OIDCMappingField display_name_mapping = 6 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the display name of the user";
|
|
}
|
|
];
|
|
zitadel.idp.v1.OIDCMappingField username_mapping = 7 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the email of the user";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateIDPOIDCConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateIDPJWTConfigRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["idp_id", "jwt_endpoint", "issuer", "keys_endpoint", "header_name"]
|
|
};
|
|
};
|
|
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string jwt_endpoint = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://custom.com/auth/jwt\"";
|
|
description: "the endpoint where the jwt can be extracted";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string issuer = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.custom.com\"";
|
|
description: "the issuer of the jwt (for validation)";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string keys_endpoint = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.custom.com/keys\"";
|
|
description: "the endpoint to the key (JWK) which is used to sign the JWT with";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string header_name = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"x-auth-token\"";
|
|
description: "the name of the header where the JWT is sent in, default is authorization";
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateIDPJWTConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListProvidersRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated ProviderQuery queries = 2;
|
|
}
|
|
|
|
message ProviderQuery {
|
|
oneof query {
|
|
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
|
|
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
|
|
}
|
|
}
|
|
|
|
message ListProvidersResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.idp.v1.Provider result = 2;
|
|
}
|
|
|
|
message GetProviderByIDRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetProviderByIDResponse {
|
|
zitadel.idp.v1.Provider idp = 1;
|
|
}
|
|
|
|
message AddGenericOAuthProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string authorization_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_endpoint = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_endpoint = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 7 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 8;
|
|
}
|
|
|
|
message AddGenericOAuthProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGenericOAuthProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
|
string authorization_endpoint = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_endpoint = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_endpoint = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 8 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 9;
|
|
}
|
|
|
|
message UpdateGenericOAuthProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddGenericOIDCProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
}
|
|
|
|
message AddGenericOIDCProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGenericOIDCProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 5 [(validate.rules).string = {max_len: 200}];
|
|
repeated string scopes = 6 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 7;
|
|
}
|
|
|
|
message UpdateGenericOIDCProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddJWTProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string jwt_endpoint = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string keys_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string header_name = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
}
|
|
|
|
message AddJWTProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateJWTProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string jwt_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string keys_endpoint = 5 [(validate.rules).string = {max_len: 200}];
|
|
string header_name = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.Options provider_options = 7;
|
|
}
|
|
|
|
message UpdateJWTProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddGoogleProviderRequest {
|
|
// Google will be used as default, if no name is provided
|
|
string name = 1 [(validate.rules).string = {max_len: 200}];
|
|
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 4 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 5;
|
|
}
|
|
|
|
message AddGoogleProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGoogleProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
|
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
}
|
|
|
|
message UpdateGoogleProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddLDAPProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string host = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string port = 3 [(validate.rules).string = {max_len: 5}];
|
|
bool tls = 4;
|
|
string base_dn = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_object_class = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_unique_attribute = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string admin = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string password = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.LDAPAttributes attributes = 10;
|
|
zitadel.idp.v1.Options provider_options = 11;
|
|
}
|
|
|
|
message AddLDAPProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateLDAPProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string host = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string port = 4 [(validate.rules).string = {max_len: 5}];
|
|
bool tls = 5;
|
|
string base_dn = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_object_class = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_unique_attribute = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string admin = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string password = 10 [(validate.rules).string = {max_len: 200}];
|
|
zitadel.idp.v1.LDAPAttributes attributes = 11;
|
|
zitadel.idp.v1.Options provider_options = 12;
|
|
}
|
|
|
|
message UpdateLDAPProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeleteProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message DeleteProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetOrgIAMPolicyRequest {}
|
|
|
|
message GetOrgIAMPolicyResponse {
|
|
zitadel.policy.v1.OrgIAMPolicy policy = 1;
|
|
}
|
|
|
|
message UpdateOrgIAMPolicyRequest {
|
|
bool user_login_must_be_domain = 1;
|
|
}
|
|
|
|
message UpdateOrgIAMPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomOrgIAMPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetCustomOrgIAMPolicyResponse {
|
|
zitadel.policy.v1.OrgIAMPolicy policy = 1;
|
|
//deprecated: is_default is also defined in zitadel.policy.v1.OrgIAMPolicy
|
|
bool is_default = 2;
|
|
}
|
|
|
|
message AddCustomOrgIAMPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"#69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bool user_login_must_be_domain = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the username has to end with the domain of its organization"
|
|
}
|
|
]; // the username has to end with the domain of its organization (uniqueness is organization based)
|
|
}
|
|
|
|
message AddCustomOrgIAMPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomOrgIAMPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bool user_login_must_be_domain = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the username has to end with the domain of its organization"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateCustomOrgIAMPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomOrgIAMPolicyToDefaultRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message ResetCustomOrgIAMPolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDomainPolicyRequest {}
|
|
|
|
message GetDomainPolicyResponse {
|
|
zitadel.policy.v1.DomainPolicy policy = 1;
|
|
}
|
|
|
|
message UpdateDomainPolicyRequest {
|
|
bool user_login_must_be_domain = 1;
|
|
bool validate_org_domains = 2;
|
|
bool smtp_sender_address_matches_instance_domain = 3;
|
|
}
|
|
|
|
message UpdateDomainPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomDomainPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"#69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetCustomDomainPolicyResponse {
|
|
zitadel.policy.v1.DomainPolicy policy = 1;
|
|
//deprecated: is_default is also defined in zitadel.policy.v1.DomainPolicy
|
|
bool is_default = 2;
|
|
}
|
|
|
|
message AddCustomDomainPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"#69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bool user_login_must_be_domain = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the username has to end with the domain of its organization"
|
|
}
|
|
]; // the username has to end with the domain of its organization (uniqueness is organization based)
|
|
bool validate_org_domains = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if organization domains should be validated org count as validated automatically"
|
|
}
|
|
];
|
|
bool smtp_sender_address_matches_instance_domain = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the SMTP sender address domain should match an existing domain on the instance"
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddCustomDomainPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomDomainPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bool user_login_must_be_domain = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the username has to end with the domain of its organization"
|
|
}
|
|
];
|
|
bool validate_org_domains = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if organization domains should be validated org count as validated automatically"
|
|
}
|
|
];
|
|
bool smtp_sender_address_matches_instance_domain = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the SMTP sender address domain should match an existing domain on the instance"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateCustomDomainPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomDomainPolicyToDefaultRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
|
|
string org_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message ResetCustomDomainPolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetLabelPolicyRequest {}
|
|
|
|
message GetLabelPolicyResponse {
|
|
zitadel.policy.v1.LabelPolicy policy = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetPreviewLabelPolicyRequest {}
|
|
|
|
message GetPreviewLabelPolicyResponse {
|
|
zitadel.policy.v1.LabelPolicy policy = 1;
|
|
}
|
|
|
|
message UpdateLabelPolicyRequest {
|
|
string primary_color = 1 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "represents a color scheme"
|
|
example: "\"#353535\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
bool hide_login_name_suffix = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set";
|
|
}
|
|
];
|
|
string warn_color = 4 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for warn color";
|
|
example: "\"#CD3D56\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string background_color = 5 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for background color";
|
|
example: "\"#FAFAFA\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string font_color = 6 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for font color";
|
|
example: "\"#000000\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string primary_color_dark = 7 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for the primary color dark theme";
|
|
example: "\"#BBBAFA\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string background_color_dark = 8 [
|
|
(validate.rules).string = { max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for background color dark theme";
|
|
example: "\"#111827\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string warn_color_dark = 9 [
|
|
(validate.rules).string = { max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for warning color dark theme";
|
|
example: "\"#FF3B5B\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string font_color_dark = 10 [
|
|
(validate.rules).string = { max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for font color dark theme";
|
|
example: "\"#FFFFFF\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
bool disable_watermark = 11;
|
|
}
|
|
|
|
message UpdateLabelPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ActivateLabelPolicyRequest {}
|
|
|
|
message ActivateLabelPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveLabelPolicyLogoRequest {}
|
|
|
|
message RemoveLabelPolicyLogoResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveLabelPolicyLogoDarkRequest {}
|
|
|
|
message RemoveLabelPolicyLogoDarkResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveLabelPolicyIconRequest {}
|
|
|
|
message RemoveLabelPolicyIconResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveLabelPolicyIconDarkRequest {}
|
|
|
|
message RemoveLabelPolicyIconDarkResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveLabelPolicyFontRequest {}
|
|
|
|
message RemoveLabelPolicyFontResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetLoginPolicyRequest {}
|
|
|
|
message GetLoginPolicyResponse {
|
|
zitadel.policy.v1.LoginPolicy policy = 1;
|
|
}
|
|
|
|
message UpdateLoginPolicyRequest {
|
|
bool allow_username_password = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if a user is allowed to log in with his username and password"
|
|
}
|
|
];
|
|
bool allow_register = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if a person is allowed to register a user on this organization"
|
|
}
|
|
];
|
|
bool allow_external_idp = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if a user is allowed to add a defined identity provider. E.g. Google auth"
|
|
}
|
|
];
|
|
bool force_mfa = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if a user MUST use a multi-factor to log in"
|
|
}
|
|
];
|
|
zitadel.policy.v1.PasswordlessType passwordless_type = 5 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if passwordless is allowed for users"
|
|
}];
|
|
bool hide_password_reset = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if password reset link should be shown in the login screen"
|
|
}
|
|
];
|
|
bool ignore_unknown_usernames = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if unknown username on login screen directly returns an error or always displays the password screen"
|
|
}
|
|
];
|
|
string default_redirect_uri = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines where the user will be redirected to if the login is started without app context (e.g. from mail)"
|
|
}
|
|
];
|
|
google.protobuf.Duration password_check_lifetime = 9;
|
|
google.protobuf.Duration external_login_check_lifetime = 10;
|
|
google.protobuf.Duration mfa_init_skip_lifetime = 11;
|
|
google.protobuf.Duration second_factor_check_lifetime = 12;
|
|
google.protobuf.Duration multi_factor_check_lifetime = 13;
|
|
// If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
|
|
bool allow_domain_discovery = 14 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success."
|
|
}
|
|
];
|
|
bool disable_login_with_email = 15 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the user can additionally (to the login name) be identified by their verified email address"
|
|
}
|
|
];
|
|
bool disable_login_with_phone = 16 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListLoginPolicyIDPsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
}
|
|
|
|
message ListLoginPolicyIDPsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.idp.v1.IDPLoginPolicyLink result = 2;
|
|
}
|
|
|
|
message AddIDPToLoginPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["org_id"]
|
|
};
|
|
};
|
|
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
description: "Id of the predefined idp configuration";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddIDPToLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveIDPFromLoginPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["idp_id"]
|
|
};
|
|
};
|
|
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveIDPFromLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ListLoginPolicySecondFactorsRequest {}
|
|
|
|
message ListLoginPolicySecondFactorsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.policy.v1.SecondFactorType result = 2;
|
|
}
|
|
|
|
message AddSecondFactorToLoginPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["type"]
|
|
};
|
|
};
|
|
|
|
zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
message AddSecondFactorToLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveSecondFactorFromLoginPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["type"]
|
|
};
|
|
};
|
|
|
|
zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
message RemoveSecondFactorFromLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ListLoginPolicyMultiFactorsRequest {}
|
|
|
|
message ListLoginPolicyMultiFactorsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.policy.v1.MultiFactorType result = 2;
|
|
}
|
|
|
|
message AddMultiFactorToLoginPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["type"]
|
|
};
|
|
};
|
|
|
|
zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
message AddMultiFactorToLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveMultiFactorFromLoginPolicyRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["type"]
|
|
};
|
|
};
|
|
|
|
zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
message RemoveMultiFactorFromLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetPasswordComplexityPolicyRequest {}
|
|
|
|
message GetPasswordComplexityPolicyResponse {
|
|
zitadel.policy.v1.PasswordComplexityPolicy policy = 1;
|
|
}
|
|
|
|
message UpdatePasswordComplexityPolicyRequest {
|
|
uint32 min_length = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"8\""
|
|
}
|
|
];
|
|
bool has_uppercase = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain an upper case letter"
|
|
}
|
|
];
|
|
bool has_lowercase = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain a lowercase letter"
|
|
}
|
|
];
|
|
bool has_number = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain a number"
|
|
}
|
|
];
|
|
bool has_symbol = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain a symbol. E.g. \"$\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdatePasswordComplexityPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetPasswordAgePolicyRequest {}
|
|
|
|
message GetPasswordAgePolicyResponse {
|
|
zitadel.policy.v1.PasswordAgePolicy policy = 1;
|
|
}
|
|
|
|
message UpdatePasswordAgePolicyRequest {
|
|
uint32 max_age_days = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Maximum days since last password change"
|
|
example: "\"365\""
|
|
}
|
|
];
|
|
uint32 expire_warn_days = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Days before the password expiry the user gets notified to change the password"
|
|
example: "\"10\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdatePasswordAgePolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetLockoutPolicyRequest {}
|
|
|
|
message GetLockoutPolicyResponse {
|
|
zitadel.policy.v1.LockoutPolicy policy = 1;
|
|
}
|
|
|
|
message UpdateLockoutPolicyRequest {
|
|
// failed attempts until a user gets locked
|
|
uint32 max_password_attempts = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correctly or the password is reset."
|
|
example: "\"10\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateLockoutPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetPrivacyPolicyRequest {}
|
|
|
|
message GetPrivacyPolicyResponse {
|
|
zitadel.policy.v1.PrivacyPolicy policy = 1;
|
|
}
|
|
|
|
message UpdatePrivacyPolicyRequest {
|
|
string tos_link = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://zitadel.com/docs/legal/terms-of-service\"";
|
|
}
|
|
];
|
|
string privacy_link = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://zitadel.com/docs/legal/privacy-policy\"";
|
|
}
|
|
];
|
|
string help_link = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://zitadel.com/docs/manuals/introduction\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdatePrivacyPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddNotificationPolicyRequest {
|
|
bool password_change = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If set to true the users will get a notification whenever their password has been changed.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddNotificationPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetNotificationPolicyRequest {}
|
|
|
|
message GetNotificationPolicyResponse {
|
|
zitadel.policy.v1.NotificationPolicy policy = 1;
|
|
}
|
|
|
|
message UpdateNotificationPolicyRequest {
|
|
bool password_change = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If set to true the users will get a notification whenever their password has been changed.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateNotificationPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDefaultInitMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultInitMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomInitMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomInitMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetDefaultInitMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Initialize User\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Initialize User\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Initialize User\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 1000},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"This user was created in Zitadel. Use the username {{.PreferredLoginName}} to log in. Please click the button below to finish the initialization process. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.\""
|
|
max_length: 1000;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Finish initialization\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetDefaultInitMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomInitMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomInitMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDefaultPasswordResetMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultPasswordResetMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomPasswordResetMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomPasswordResetMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetDefaultPasswordResetMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Reset Password\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Reset Password\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Reset Password\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"We received a password reset request. Please use the button below to reset your password. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Reset Password\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetDefaultPasswordResetMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomPasswordResetMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomPasswordResetMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDefaultVerifyEmailMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultVerifyEmailMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomVerifyEmailMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomVerifyEmailMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetDefaultVerifyEmailMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Verify Email\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Email\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Email\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"A new email has been added. Please use the button below to verify your mail. (Code {{.Code}}) If you didn't add a new email, please ignore this email.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Email\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetDefaultVerifyEmailMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomVerifyEmailMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomVerifyEmailMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDefaultVerifyPhoneMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultVerifyPhoneMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomVerifyPhoneMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomVerifyPhoneMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetDefaultVerifyPhoneMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Verify Phone\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Phone\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Phone\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"A new phone number has been added. Please use the following code to verify it {{.Code}}.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Phone\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetDefaultVerifyPhoneMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomVerifyPhoneMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomVerifyPhoneMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDefaultDomainClaimedMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultDomainClaimedMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomDomainClaimedMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomDomainClaimedMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetDefaultDomainClaimedMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Domain has been claimed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Change email / username\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Domain has been claimed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"The domain {{.Domain}} has been claimed by an organization. Your current user {{.UserName}} is not part of this organization. Therefore you'll have to change your email when you log in. We have created a temporary username ({{.TempUsername}}) for this login.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetDefaultDomainClaimedMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomDomainClaimedMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomDomainClaimedMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDefaultPasswordChangeMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultPasswordChangeMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomPasswordChangeMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomPasswordChangeMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetDefaultPasswordChangeMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Password of the user has changed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Password Changed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Password of user has changed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"The password of your user has changed, if this change was not done by you, please be advised to immediately reset your password.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetDefaultPasswordChangeMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomPasswordChangeMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomPasswordChangeMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
|
|
message GetDefaultPasswordlessRegistrationMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultPasswordlessRegistrationMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomPasswordlessRegistrationMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomPasswordlessRegistrationMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetDefaultPasswordlessRegistrationMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Add Passwordless Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Add Passwordless Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Add Passwordless Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"We received a request to add a token for passwordless login. Please use the button below to add your token or device for passwordless login.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Add Passwordless Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetDefaultPasswordlessRegistrationMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomPasswordlessRegistrationMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDefaultLoginTextsRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultLoginTextsResponse {
|
|
zitadel.text.v1.LoginCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomLoginTextsRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomLoginTextsResponse {
|
|
zitadel.text.v1.LoginCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomLoginTextsRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
zitadel.text.v1.SelectAccountScreenText select_account_text = 2;
|
|
zitadel.text.v1.LoginScreenText login_text = 3;
|
|
zitadel.text.v1.PasswordScreenText password_text = 4;
|
|
zitadel.text.v1.UsernameChangeScreenText username_change_text = 5;
|
|
zitadel.text.v1.UsernameChangeDoneScreenText username_change_done_text = 6;
|
|
zitadel.text.v1.InitPasswordScreenText init_password_text = 7;
|
|
zitadel.text.v1.InitPasswordDoneScreenText init_password_done_text = 8;
|
|
zitadel.text.v1.EmailVerificationScreenText email_verification_text = 9;
|
|
zitadel.text.v1.EmailVerificationDoneScreenText email_verification_done_text = 10;
|
|
zitadel.text.v1.InitializeUserScreenText initialize_user_text = 11;
|
|
zitadel.text.v1.InitializeUserDoneScreenText initialize_done_text = 12;
|
|
zitadel.text.v1.InitMFAPromptScreenText init_mfa_prompt_text = 13;
|
|
zitadel.text.v1.InitMFAOTPScreenText init_mfa_otp_text = 14;
|
|
zitadel.text.v1.InitMFAU2FScreenText init_mfa_u2f_text = 15;
|
|
zitadel.text.v1.InitMFADoneScreenText init_mfa_done_text = 16;
|
|
zitadel.text.v1.MFAProvidersText mfa_providers_text = 17;
|
|
zitadel.text.v1.VerifyMFAOTPScreenText verify_mfa_otp_text = 18;
|
|
zitadel.text.v1.VerifyMFAU2FScreenText verify_mfa_u2f_text = 19;
|
|
zitadel.text.v1.PasswordlessScreenText passwordless_text = 20;
|
|
zitadel.text.v1.PasswordChangeScreenText password_change_text = 21;
|
|
zitadel.text.v1.PasswordChangeDoneScreenText password_change_done_text = 22;
|
|
zitadel.text.v1.PasswordResetDoneScreenText password_reset_done_text = 23;
|
|
zitadel.text.v1.RegistrationOptionScreenText registration_option_text = 24;
|
|
zitadel.text.v1.RegistrationUserScreenText registration_user_text = 25;
|
|
zitadel.text.v1.RegistrationOrgScreenText registration_org_text = 26;
|
|
zitadel.text.v1.LinkingUserDoneScreenText linking_user_done_text = 27;
|
|
zitadel.text.v1.ExternalUserNotFoundScreenText external_user_not_found_text = 28;
|
|
zitadel.text.v1.SuccessLoginScreenText success_login_text = 29;
|
|
zitadel.text.v1.LogoutDoneScreenText logout_text = 30;
|
|
zitadel.text.v1.FooterText footer_text = 31;
|
|
zitadel.text.v1.PasswordlessPromptScreenText passwordless_prompt_text = 32;
|
|
zitadel.text.v1.PasswordlessRegistrationScreenText passwordless_registration_text = 33;
|
|
zitadel.text.v1.PasswordlessRegistrationDoneScreenText passwordless_registration_done_text = 34;
|
|
zitadel.text.v1.ExternalRegistrationUserOverviewScreenText external_registration_user_overview_text = 35;
|
|
}
|
|
|
|
message SetCustomLoginTextsResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomLoginTextsToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomLoginTextsToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddIAMMemberRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["user_id"]
|
|
};
|
|
};
|
|
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
repeated string roles = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"IAM_OWNER\"]";
|
|
description: "If no roles are provided the user won't have any rights"
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddIAMMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateIAMMemberRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["user_id"]
|
|
};
|
|
};
|
|
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
repeated string roles = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"IAM_OWNER\"]";
|
|
description: "If no roles are provided the user won't have any rights"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateIAMMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveIAMMemberRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["user_id"]
|
|
};
|
|
};
|
|
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveIAMMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ListIAMMemberRolesRequest {}
|
|
|
|
message ListIAMMemberRolesResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated string roles = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"IAM_OWNER\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ListIAMMembersRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.member.v1.SearchQuery queries = 2;
|
|
}
|
|
|
|
message ListIAMMembersResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.member.v1.Member result = 2;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ListViewsRequest {}
|
|
|
|
message ListViewsResponse {
|
|
//TODO: list details
|
|
repeated View result = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ListFailedEventsRequest {}
|
|
|
|
message ListFailedEventsResponse {
|
|
//TODO: list details
|
|
repeated FailedEvent result = 1;
|
|
}
|
|
|
|
message RemoveFailedEventRequest {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
required: ["database", "view_name", "failed_sequence"]
|
|
};
|
|
};
|
|
|
|
string database = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"adminapi\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string view_name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"iam_members\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
uint64 failed_sequence = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"9823758\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
//This is an empty response
|
|
message RemoveFailedEventResponse {}
|
|
|
|
message View {
|
|
string database = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"adminapi\"";
|
|
}
|
|
];
|
|
string view_name = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"iam_members\"";
|
|
}
|
|
];
|
|
uint64 processed_sequence = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"9823758\"";
|
|
}
|
|
];
|
|
google.protobuf.Timestamp event_timestamp = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2019-04-01T08:45:00.000000Z\"";
|
|
description: "The timestamp the event occurred";
|
|
}
|
|
]; // The timestamp the event occurred
|
|
google.protobuf.Timestamp last_successful_spooler_run = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "The timestamp the event occurred";
|
|
}
|
|
];
|
|
}
|
|
|
|
message FailedEvent {
|
|
string database = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"adminapi\"";
|
|
}
|
|
];
|
|
string view_name = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"iam_members\"";
|
|
}
|
|
];
|
|
uint64 failed_sequence = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"9823759\"";
|
|
}
|
|
];
|
|
uint64 failure_count = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"5\"";
|
|
}
|
|
];
|
|
string error_message = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ID=EXAMP-ID3ER Message=Example message\"";
|
|
}
|
|
];
|
|
google.protobuf.Timestamp last_failed = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "The timestamp the failure last occurred";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ImportDataRequest {
|
|
message LocalInput{
|
|
string path = 1;
|
|
}
|
|
message S3Input{
|
|
string path = 1;
|
|
string endpoint = 2;
|
|
string access_key_id =3;
|
|
string secret_access_key = 4;
|
|
bool ssl = 5;
|
|
string bucket = 6;
|
|
}
|
|
message GCSInput{
|
|
string bucket = 1;
|
|
string serviceaccount_json = 2;
|
|
string path = 3;
|
|
}
|
|
|
|
oneof data {
|
|
ImportDataOrg data_orgs = 1;
|
|
zitadel.v1.v1.ImportDataOrg data_orgsv1 = 2;
|
|
LocalInput data_orgs_local = 3;
|
|
LocalInput data_orgsv1_local = 4;
|
|
S3Input data_orgs_s3 = 5;
|
|
S3Input data_orgsv1_s3 = 6;
|
|
GCSInput data_orgs_gcs = 7;
|
|
GCSInput data_orgsv1_gcs = 8;
|
|
}
|
|
string timeout = 9;
|
|
}
|
|
|
|
message ImportDataOrg {
|
|
repeated DataOrg orgs = 1;
|
|
}
|
|
|
|
message DataOrg {
|
|
string org_id = 1;
|
|
zitadel.management.v1.AddOrgRequest org = 3;
|
|
AddCustomDomainPolicyRequest domain_policy = 4;
|
|
zitadel.management.v1.AddCustomLabelPolicyRequest label_policy = 5;
|
|
zitadel.management.v1.AddCustomLockoutPolicyRequest lockout_policy = 6;
|
|
zitadel.management.v1.AddCustomLoginPolicyRequest login_policy = 7;
|
|
zitadel.management.v1.AddCustomPasswordComplexityPolicyRequest password_complexity_policy = 8;
|
|
zitadel.management.v1.AddCustomPrivacyPolicyRequest privacy_policy = 9;
|
|
|
|
repeated zitadel.v1.v1.DataProject projects = 10;
|
|
repeated zitadel.management.v1.AddProjectRoleRequest project_roles = 11;
|
|
repeated zitadel.v1.v1.DataAPIApplication api_apps = 12;
|
|
repeated zitadel.v1.v1.DataOIDCApplication oidc_apps = 13;
|
|
repeated zitadel.v1.v1.DataHumanUser human_users = 14;
|
|
repeated zitadel.v1.v1.DataMachineUser machine_users = 15;
|
|
repeated zitadel.management.v1.SetTriggerActionsRequest trigger_actions = 16;
|
|
repeated zitadel.v1.v1.DataAction actions = 17;
|
|
|
|
repeated zitadel.v1.v1.DataProjectGrant project_grants = 18;
|
|
repeated zitadel.management.v1.AddUserGrantRequest user_grants = 19;
|
|
|
|
repeated zitadel.management.v1.AddOrgMemberRequest org_members = 20;
|
|
repeated zitadel.management.v1.AddProjectMemberRequest project_members = 21;
|
|
repeated zitadel.management.v1.AddProjectGrantMemberRequest project_grant_members = 22;
|
|
|
|
repeated zitadel.management.v1.SetUserMetadataRequest user_metadata = 23;
|
|
|
|
repeated zitadel.management.v1.SetCustomLoginTextsRequest login_texts = 24;
|
|
|
|
repeated zitadel.management.v1.SetCustomInitMessageTextRequest init_messages = 25;
|
|
repeated zitadel.management.v1.SetCustomPasswordResetMessageTextRequest password_reset_messages = 26;
|
|
repeated zitadel.management.v1.SetCustomVerifyEmailMessageTextRequest verify_email_messages = 27;
|
|
repeated zitadel.management.v1.SetCustomVerifyPhoneMessageTextRequest verify_phone_messages = 28;
|
|
repeated zitadel.management.v1.SetCustomDomainClaimedMessageTextRequest domain_claimed_messages = 29;
|
|
repeated zitadel.management.v1.SetCustomPasswordlessRegistrationMessageTextRequest passwordless_registration_messages = 30;
|
|
|
|
repeated zitadel.v1.v1.DataOIDCIDP oidc_idps = 31;
|
|
repeated zitadel.v1.v1.DataJWTIDP jwt_idps = 32;
|
|
|
|
repeated zitadel.idp.v1.IDPUserLink user_links = 33;
|
|
repeated zitadel.org.v1.Domain domains = 34;
|
|
|
|
repeated zitadel.v1.v1.DataAppKey app_keys = 35;
|
|
repeated zitadel.v1.v1.DataMachineKey machine_keys = 36;
|
|
}
|
|
|
|
message ImportDataResponse{
|
|
repeated ImportDataError errors = 1;
|
|
ImportDataSuccess success = 2;
|
|
}
|
|
|
|
message ImportDataError{
|
|
string type = 1;
|
|
string id = 2;
|
|
string message = 3;
|
|
}
|
|
|
|
message ImportDataSuccess {
|
|
repeated ImportDataSuccessOrg orgs = 1;
|
|
}
|
|
|
|
message ImportDataSuccessOrg{
|
|
string org_id = 1;
|
|
repeated string project_ids = 2;
|
|
repeated string project_roles = 3;
|
|
repeated string oidc_app_ids = 4;
|
|
repeated string api_app_ids = 5;
|
|
repeated string human_user_ids = 6;
|
|
repeated string machine_user_ids = 7;
|
|
repeated string action_ids = 8;
|
|
repeated zitadel.management.v1.SetTriggerActionsRequest trigger_actions = 9;
|
|
repeated ImportDataSuccessProjectGrant project_grants = 10;
|
|
repeated ImportDataSuccessUserGrant user_grants = 11;
|
|
repeated string org_members = 12;
|
|
repeated ImportDataSuccessProjectMember project_members = 13;
|
|
repeated ImportDataSuccessProjectGrantMember project_grant_members = 14;
|
|
repeated string oidc_ipds = 15;
|
|
repeated string jwt_idps = 16;
|
|
repeated string idp_links = 17;
|
|
repeated ImportDataSuccessUserLinks user_links = 18;
|
|
repeated ImportDataSuccessUserMetadata user_metadata = 19;
|
|
repeated string domains = 20;
|
|
repeated string app_keys = 21;
|
|
repeated string machine_keys = 22;
|
|
}
|
|
|
|
message ImportDataSuccessProjectGrant{
|
|
string grant_id = 1;
|
|
string project_id = 2;
|
|
string org_id = 3;
|
|
}
|
|
|
|
message ImportDataSuccessUserGrant{
|
|
string project_id = 1;
|
|
string user_id = 2;
|
|
}
|
|
|
|
message ImportDataSuccessProjectMember{
|
|
string project_id = 1;
|
|
string user_id = 2;
|
|
}
|
|
|
|
message ImportDataSuccessProjectGrantMember{
|
|
string project_id = 1;
|
|
string grant_id = 2;
|
|
string user_id = 3;
|
|
}
|
|
|
|
message ImportDataSuccessUserLinks {
|
|
string user_id = 1;
|
|
string external_user_id = 2;
|
|
string display_name = 3;
|
|
string idp_id = 4;
|
|
}
|
|
|
|
message ImportDataSuccessUserMetadata {
|
|
string user_id = 1;
|
|
string key = 2;
|
|
}
|
|
|
|
message ExportDataRequest {
|
|
message LocalOutput{
|
|
string path = 1;
|
|
}
|
|
message S3Output{
|
|
string path = 1;
|
|
string endpoint = 2;
|
|
string access_key_id =3;
|
|
string secret_access_key = 4;
|
|
bool ssl = 5;
|
|
string bucket = 6;
|
|
}
|
|
message GCSOutput{
|
|
string bucket = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"zitadel-test-bucket\"";
|
|
}
|
|
];
|
|
string serviceaccount_json = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ewogICJ0eXFUJEfjjue9WFJishieWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiY2Fvcy0yNDA4MDkiLAogICJwcml2YXRlX2tleV9pZCI6ICJjMmFlYWQwZjYwODk5MGU4NzM0NjllYThiYWZlMjdhZGQ2YTAyMzY2IiwKICAicHJpdmF0ZV9rZXkiOiAiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tJFOgj8JeJFNOEFGQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLZ3dnZ1NrQWdFQUFvSUJBUUNZcHlqMDBqMnRCRThOXG5NYnNRSUk3dkhudG5oUW1QWThDcWZyTzduZXV1cHRuemphNGxJa0pLeDNmcFZFRDJUWXJySWUfh5JfsoixmXG42MTlTeTVLMWFYY05Xamx0Z1UyMVVvbjJLZzdBbi9BVWJkRDdvUUxaWER1MU0rV09nV0NndUlKZ0ZCNjhVaENnXG5acHBtR1FaeTNvNDJaYVFCTkdVRlprR1Z6UnNtU24zakdWZmNaU202YWJCTm9xaitucFVwMjJraDdkdurTJFISE55HVXZBVWs0cWErMXdnR1BlNlNET3Q4NUQ4WFZKV3Urblc2cTNwQjh0WllCMnJWMlpEcGEwK1NnUzBBYWczSXh1XG5COVpZdm14cVZqYjRYQ2h0a0NDTjRoS25GS1N5K09KdnJBcjZiSTZDek0rRzVYQW1HWUxHVGxpRUMwVUlCVXVlXG44U2llbHVVckFnTUJBQUVDZ2dFQUg0b1YrN00rZS9OU2MrcnM5OUdLUnB4WktkUENYR1pqUmJhazR1UW5jQy9ZXG5BeXFvS3RMdnVHeUsrV0huaEJ3VVVpMXg2TUM2SGtHc3lKL2tVNEpzL3Q5WjhoL01rclB1L3NJZGNBZFRnZmZwXG5qZ2I4Y1NqY29sVWNudjBvZGkrRDYrRURTdCtOVkNKdWZmMkU5QWhDblZRZk5OeitMQ09McGJoeFg0Wi9rQUx0XG5QeHI0TG5yd2VEUWxEcFBtdXhibGpoelJHbEhaVFd1YVRKSU9Lb29USzBXN21OK2lqUXp4c1pMYVFsQjkyanhlXG5VM3BGMFkzK2lIRW42SzBVb2RROHB0b2dld3NjMjFYTTZGbkVTMVB4OFBUWTNHWmVnZEd4eU5rVlVwdklEZkRjXG5RV3lBd2NyS28zenh5VUM4VkZrRFZjZitLSGM5U3NOSk9QWVJlYkQ5UlFLQmdRRFFjYTVWTWYybkx0WkNpc2M2XG5seExnNzAvNzVUekN1R2UvZ0JRVGkrUGk2L1lIWXViVGdPcEkwNkN3TndNOUlVOEIzd2pjWHNndGk3QmVqRmhxXG5PUFRiSS8zL0w2U3BMd2d0d1RmSDhwYlFaUVBCWVM2TmkzclV4OWpoa3Q3RzRGeDhHTnhNanRsZjFjK3ZEbE4rXG41d2p2dytLT2RyYnF4Tjk0a2VsazFETi9Od0tCZ1FDN2V2WXFGZ3QwMWVKOVg1NTdMUUp6ajBqcmYvYk1iYis2XG5PWkpHU2NXY1R2N3oxWEdsRTFEZmpXeDdkQ0tPNG5CbnA3THBDOFhCZUI2a1A2ekJRYk9tRmsvbWtnem1SU2F4XG5SZ2o2N3VzQUdsUzQycktMeUc3Y3c4ZHprL29TaWQ3cTdGaDEvb2hCZmRxYnVmdzdVY2FEMmJ6eUNpQjREdmw0XG5mRDJtRituN3JRS0JnUUNRRmVVQ016bzVkS0RiQW45Uk90anI3OEVFU0tQRm5oN3BPeW1sa1UrSHJzQTB2dUw4XG5WT0tlVU51RXM2SmpnVURSOUZCMXRIYi9OTTVIclEvNDdVSWtzUzZFVlhTbkZrRzdEeEwxL2ZUT1BPVnBxVG02XG4waTJvSkRVQlNMc0NFbGtiMXp1QkdFV2VmM2UrZEZLM0tCRC9YQktoaytKQlNyR0c4S1c2OHd4ZDVRS0JnUUNRXG5oanludXZDLzgzV3l3bmh3YWdVZXdsRXJRaTBsOEdEQmxVbitwellQeGhIaU5DTjBac3lNV1FCTXR2MUErcXcrXG5LOWZPc1VXVVhCMzY3aDhscDVsdXFucVR1dmo0dGt3YWttdXZ6V2daWHpMNmdaVHNEdW52ZzNrSXp3VVRMM2RKXG4wRUp0UzNjTVRaR3RSSlY5d1E5d2F2U3QvVUtFYXI3RHM3cnVoRGJhelFLQmdCOEQvbm83NXdISW9zd3p5bUo3XG43STNXekgzUzRsV2s2bUdMdjdlTnR3bFBPWVR6VHhyVFRtVzJHRDExNlhQRkQrbUFnanIwYlNzMDdJd2F5aytzXG5ZUmtGWmQ0emZnb2ZyVU1QS1d6WVBWS0RPOVNGMlFTU0V6SVNmU3p3SkZCWFp6d2pKeHdnbXIwbDR6aDJvZURTXG5iYXZOZDVvaHZNR05WZUZrKzVkZ3pKUEhcbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbiIsCiAgImNsaWVudF9lbWFpbCI6ICJvcmJvcy1iZW56QGNhb3MtMjQwODA5LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjExMzU0OTkwNDM2NjczMjE1MzM1NSIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1MDkvb3Jib3MtYmVueiU0MGNhb3MtMjQwODA5LmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cg==\"";
|
|
}
|
|
];
|
|
string path = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"my_export_file.json\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
repeated string org_ids = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"119345938451786790\", \"76693875574553926\"]"
|
|
}
|
|
];
|
|
repeated string excluded_org_ids = 2;
|
|
bool with_passwords = 3;
|
|
bool with_otp = 4;
|
|
bool response_output = 5;
|
|
LocalOutput local_output = 6;
|
|
S3Output s3_output = 7;
|
|
GCSOutput gcs_output = 8;
|
|
string timeout = 9[
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"30m\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ExportDataResponse {
|
|
repeated DataOrg orgs = 1;
|
|
}
|
|
|
|
message ListEventsRequest {
|
|
uint64 sequence = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2\"";
|
|
description: "Sequence represents the order of events. It's always counting. If asc is false, the sequence is used as lesser than filter. If asc is true sequence is used as greater than filter. If the sequence is 0 the field is ignored."
|
|
}
|
|
];
|
|
uint32 limit = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "20";
|
|
description: "Maximum amount of events returned.";
|
|
}
|
|
];
|
|
bool asc = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "default is descending sorting order"
|
|
}
|
|
];
|
|
string editor_user_id = 4 [
|
|
(validate.rules).string = {min_len: 0, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
repeated string event_types = 5 [
|
|
(validate.rules).repeated = {max_items: 30},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"user.human.added\", \"user.machine\"]";
|
|
description: "The types are filtered by 'or' and must match the type exactly.";
|
|
}
|
|
];
|
|
string aggregate_id = 6 [
|
|
(validate.rules).string = {min_len: 0, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
repeated string aggregate_types = 7 [
|
|
(validate.rules).repeated = {max_items: 10},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"user\"";
|
|
}
|
|
];
|
|
string resource_owner = 8 [
|
|
(validate.rules).string = {min_len: 0, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
google.protobuf.Timestamp creation_date = 9 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2019-04-01T08:45:00.000000Z\"";
|
|
description: "If asc is false creation_date is used as less than filter If asc is true creation_date is used as greater than filter. If creation_date is not set the field is ignored.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ListEventsResponse {
|
|
repeated zitadel.event.v1.Event events = 1;
|
|
}
|
|
|
|
message ListEventTypesRequest {}
|
|
|
|
message ListEventTypesResponse {
|
|
repeated zitadel.event.v1.EventType event_types = 1;
|
|
}
|
|
|
|
message ListAggregateTypesRequest {}
|
|
|
|
message ListAggregateTypesResponse {
|
|
repeated zitadel.event.v1.AggregateType aggregate_types = 1;
|
|
}
|