mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-07 07:16:54 +00:00
b8ba7bd5ba
# Which Problems Are Solved Actions v2 is not a feature flag anymore, include functionality on executions is not used and json tags of proto messages are handled incorrectly. # How the Problems Are Solved - Remove actions from the feature flags on system and instance level - Remove include type on executions, only in the API, later maybe in the handling logic as well - Use protojson in request and response handling of actions v2 # Additional Changes - Correct integration tests for request and response handling - Use json.RawMessage for events, so that the event payload is not base64 encoded - Added separate context for async webhook calls, that executions are not cancelled when called async # Additional Context Related to #9759 Closes #9710 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
187 lines
8.4 KiB
Protocol Buffer
187 lines
8.4 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package zitadel.feature.v2;
|
|
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
import "validate/validate.proto";
|
|
|
|
import "zitadel/object/v2/object.proto";
|
|
import "zitadel/feature/v2/feature.proto";
|
|
|
|
option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
|
|
|
|
message SetSystemFeaturesRequest{
|
|
reserved 6;
|
|
reserved "actions";
|
|
optional bool login_default_org = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "The login UI will use the settings of the default org (and not from the instance) if no organization context is set";
|
|
}
|
|
];
|
|
|
|
optional bool oidc_trigger_introspection_projections = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
|
|
}
|
|
];
|
|
|
|
optional bool oidc_legacy_introspection = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
|
|
}
|
|
];
|
|
|
|
optional bool user_schema = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
|
|
}
|
|
];
|
|
|
|
optional bool oidc_token_exchange = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable the experimental `urn:ietf:params:oauth:grant-type:token-exchange` grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.";
|
|
}
|
|
];
|
|
|
|
repeated ImprovedPerformance improved_performance = 7 [
|
|
(validate.rules).repeated.unique = true,
|
|
(validate.rules).repeated.items.enum = {defined_only: true, not_in: [0]},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[1]";
|
|
description: "Improves performance of specified execution paths.";
|
|
}
|
|
];
|
|
|
|
optional bool oidc_single_v1_session_termination = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a `sid` claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.";
|
|
}
|
|
];
|
|
|
|
optional bool disable_user_token_event = 9 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Do not push user token meta-event user.token.v2.added to improve performance on many concurrent single (machine-)user logins";
|
|
}
|
|
];
|
|
|
|
optional bool enable_back_channel_logout = 10 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "If the flag is enabled, you'll be able to use the OIDC Back-Channel Logout to be notified in your application about terminated user sessions.";
|
|
}
|
|
];
|
|
|
|
optional LoginV2 login_v2 = 11 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Specify the login UI for all users and applications regardless of their preference.";
|
|
}
|
|
];
|
|
|
|
optional bool permission_check_v2 = 12 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable a newer, more performant, permission check used for v2 and v3 resource based APIs.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message SetSystemFeaturesResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message ResetSystemFeaturesRequest {}
|
|
|
|
message ResetSystemFeaturesResponse {
|
|
zitadel.object.v2.Details details = 1;
|
|
}
|
|
|
|
message GetSystemFeaturesRequest {}
|
|
|
|
message GetSystemFeaturesResponse {
|
|
reserved 7;
|
|
reserved "actions";
|
|
zitadel.object.v2.Details details = 1;
|
|
FeatureFlag login_default_org = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "The login UI will use the settings of the default org (and not from the instance) if no organization context is set";
|
|
}
|
|
];
|
|
|
|
FeatureFlag oidc_trigger_introspection_projections = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag oidc_legacy_introspection = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag user_schema = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag oidc_token_exchange = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable the experimental `urn:ietf:params:oauth:grant-type:token-exchange` grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.";
|
|
}
|
|
];
|
|
|
|
ImprovedPerformanceFeatureFlag improved_performance = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[1]";
|
|
description: "Improves performance of specified execution paths.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag oidc_single_v1_session_termination = 9 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a `sid` claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag disable_user_token_event = 10 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Do not push user token meta-event user.token.v2.added to improve performance on many concurrent single (machine-)user logins";
|
|
}
|
|
];
|
|
|
|
FeatureFlag enable_back_channel_logout = 11 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "If the flag is enabled, you'll be able to use the OIDC Back-Channel Logout to be notified in your application about terminated user sessions.";
|
|
}
|
|
];
|
|
|
|
LoginV2FeatureFlag login_v2 = 12 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "If the flag is set, all users will be redirected to the login V2 regardless of the application's preference.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag permission_check_v2 = 13 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Enable a newer, more performant, permission check used for v2 and v3 resource based APIs.";
|
|
}
|
|
];
|
|
}
|