mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-10 13:43:44 +00:00
fa9f581d56
* chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
236 lines
7.5 KiB
Protocol Buffer
236 lines
7.5 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "zitadel/object.proto";
|
|
import "validate/validate.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
|
|
package zitadel.idp.v1;
|
|
|
|
option go_package ="github.com/zitadel/zitadel/pkg/grpc/idp";
|
|
|
|
message IDP {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
IDPState state = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the state of the identity provider";
|
|
}
|
|
];
|
|
string name = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
}
|
|
];
|
|
IDPStylingType styling_type = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "some identity providers specify the styling of the button to their login";
|
|
}
|
|
];
|
|
IDPOwnerType owner = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the administrator of this identity provider";
|
|
}
|
|
];
|
|
oneof config {
|
|
OIDCConfig oidc_config = 7;
|
|
JWTConfig jwt_config = 9;
|
|
}
|
|
bool auto_register = 8;
|
|
}
|
|
|
|
message IDPUserLink {
|
|
string user_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
description: "the id of the user"
|
|
}
|
|
];
|
|
string idp_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
description: "the id of the identity provider";
|
|
}
|
|
];
|
|
string idp_name = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
description: "the name of the identity provider";
|
|
}
|
|
];
|
|
string provided_user_id = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"as-12-df-89\"";
|
|
description: "the id of the user provided by the identity provider";
|
|
}
|
|
];
|
|
string provided_user_name = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi.long-neck@gmail.com\"";
|
|
description: "the id of the identity provider";
|
|
}
|
|
];
|
|
IDPType idp_type = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the authorization framework of the identity provider";
|
|
}
|
|
];
|
|
}
|
|
|
|
message IDPLoginPolicyLink {
|
|
string idp_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
description: "the id of the identity provider"
|
|
}
|
|
];
|
|
string idp_name = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
description: "the name of the identity provider"
|
|
}
|
|
];
|
|
IDPType idp_type = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the authorization framework of the identity provider";
|
|
}
|
|
];
|
|
}
|
|
|
|
enum IDPState {
|
|
IDP_STATE_UNSPECIFIED = 0;
|
|
IDP_STATE_ACTIVE = 1;
|
|
IDP_STATE_INACTIVE = 2;
|
|
}
|
|
|
|
enum IDPStylingType {
|
|
STYLING_TYPE_UNSPECIFIED = 0;
|
|
STYLING_TYPE_GOOGLE = 1;
|
|
}
|
|
|
|
// authorization framework of the identity provider
|
|
enum IDPType {
|
|
IDP_TYPE_UNSPECIFIED = 0;
|
|
IDP_TYPE_OIDC = 1;
|
|
//PLANNED: IDP_TYPE_SAML
|
|
IDP_TYPE_JWT = 3;
|
|
}
|
|
|
|
// the owner of the identity provider.
|
|
enum IDPOwnerType {
|
|
IDP_OWNER_TYPE_UNSPECIFIED = 0;
|
|
// system is managed by the ZITADEL administrators
|
|
IDP_OWNER_TYPE_SYSTEM = 1;
|
|
// org is managed by de organisation administrators
|
|
IDP_OWNER_TYPE_ORG = 2;
|
|
}
|
|
|
|
message OIDCConfig {
|
|
string client_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client id generated by the identity provider";
|
|
}
|
|
];
|
|
string issuer = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the oidc issuer of the identity provider";
|
|
}
|
|
];
|
|
repeated string scopes = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"openid\", \"profile\", \"email\"]";
|
|
description: "the scopes requested by ZITADEL during the request on the identity provider";
|
|
}
|
|
];
|
|
OIDCMappingField display_name_mapping = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the display name of the user";
|
|
}
|
|
];
|
|
OIDCMappingField username_mapping = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the email of the user";
|
|
}
|
|
];
|
|
}
|
|
|
|
enum OIDCMappingField {
|
|
OIDC_MAPPING_FIELD_UNSPECIFIED = 0;
|
|
OIDC_MAPPING_FIELD_PREFERRED_USERNAME = 1;
|
|
OIDC_MAPPING_FIELD_EMAIL = 2;
|
|
}
|
|
|
|
|
|
message JWTConfig {
|
|
string jwt_endpoint = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the endpoint where the jwt can be extracted";
|
|
}
|
|
];
|
|
string issuer = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the issuer of the jwt (for validation)";
|
|
}
|
|
];
|
|
string keys_endpoint = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com/keys\"";
|
|
description: "the endpoint to the key (JWK) which are used to sign the JWT with";
|
|
}
|
|
];
|
|
string header_name = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"x-auth-token\"";
|
|
description: "the name of the header where the JWT is sent in, default is authorization";
|
|
}
|
|
];
|
|
}
|
|
|
|
message IDPIDQuery {
|
|
string id = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message IDPNameQuery {
|
|
string name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message IDPOwnerTypeQuery {
|
|
IDPOwnerType owner_type = 1 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "search for custom or global identity providers";
|
|
}
|
|
];
|
|
}
|
|
|
|
enum IDPFieldName {
|
|
IDP_FIELD_NAME_UNSPECIFIED = 0;
|
|
IDP_FIELD_NAME_NAME = 1;
|
|
}
|