mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-17 21:37:35 +00:00
11635 lines
461 KiB
Protocol Buffer
11635 lines
461 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "zitadel/app.proto";
|
|
import "zitadel/idp.proto";
|
|
import "zitadel/user.proto";
|
|
import "zitadel/object.proto";
|
|
import "zitadel/options.proto";
|
|
import "zitadel/org.proto";
|
|
import "zitadel/member.proto";
|
|
import "zitadel/project.proto";
|
|
import "zitadel/policy.proto";
|
|
import "zitadel/text.proto";
|
|
import "zitadel/message.proto";
|
|
import "zitadel/change.proto";
|
|
import "zitadel/auth_n_key.proto";
|
|
import "zitadel/metadata.proto";
|
|
import "zitadel/action.proto";
|
|
|
|
import "google/api/annotations.proto";
|
|
import "google/api/field_behavior.proto";
|
|
import "google/protobuf/timestamp.proto";
|
|
import "google/protobuf/duration.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
import "validate/validate.proto";
|
|
|
|
|
|
package zitadel.management.v1;
|
|
|
|
option go_package ="github.com/zitadel/zitadel/pkg/grpc/management";
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
|
|
info: {
|
|
title: "Management API";
|
|
version: "1.0";
|
|
description: "The management API is as the name states the interface where systems can mutate IAM objects like organizations, projects, clients, users and so on if they have the necessary access rights.";
|
|
contact:{
|
|
name: "ZITADEL"
|
|
url: "https://zitadel.com"
|
|
email: "hi@zitadel.com"
|
|
}
|
|
license: {
|
|
name: "Apache License 2.0",
|
|
url: "https://github.com/zitadel/zitadel/blob/main/LICENSE"
|
|
}
|
|
};
|
|
tags: [
|
|
{
|
|
name: "Actions"
|
|
},
|
|
{
|
|
name: "Applications",
|
|
description: "Applications are the entry point to your project. Users either login into one of your clients and interact with them directly or use one of your APIs. All applications share the roles and authorizations of their project."
|
|
},
|
|
{
|
|
name: "Authentication Methods"
|
|
},
|
|
{
|
|
name: "Authorization"
|
|
},
|
|
{
|
|
name: "Branding"
|
|
},
|
|
{
|
|
name: "Domain Settings"
|
|
},
|
|
{
|
|
name: "General"
|
|
},
|
|
{
|
|
name: "Identity Providers"
|
|
},
|
|
{
|
|
name: "Global"
|
|
},
|
|
{
|
|
name: "Login Settings"
|
|
},
|
|
{
|
|
name: "Login Texts"
|
|
},
|
|
{
|
|
name: "Members"
|
|
},
|
|
{
|
|
name: "Message Texts"
|
|
},
|
|
{
|
|
name: "Notification Settings"
|
|
},
|
|
{
|
|
name: "Organizations"
|
|
},
|
|
{
|
|
name: "Organization Metadata"
|
|
},
|
|
{
|
|
name: "Password Settings"
|
|
},
|
|
{
|
|
name: "Privacy Settings"
|
|
},
|
|
{
|
|
name: "Projects",
|
|
description: "Projects are vessels for different applications/clients sharing the same role context."
|
|
},
|
|
{
|
|
name: "Project Grants",
|
|
description: "A project that is granted to another organization, so the other organization has access to it and can manage the user authorizations, is called a project grant."
|
|
},
|
|
{
|
|
name: "Project Roles"
|
|
},
|
|
{
|
|
name: "Settings"
|
|
},
|
|
{
|
|
name: "Users",
|
|
description: "ZITADEL knows two different types of users: Users (Human) and Service Users (Machine Accounts)"
|
|
},
|
|
{
|
|
name: "User Grants",
|
|
description: "User grants are the roles a user has for a specific project and organization."
|
|
},
|
|
{
|
|
name: "User Human"
|
|
},
|
|
{
|
|
name: "User Machine"
|
|
},
|
|
{
|
|
name: "User Metadata",
|
|
description: "Metadata is a key/value list to enrich the user object with any data needed. The data is not interpreted by ZITADEL itself."
|
|
},
|
|
{
|
|
name: "ZITADEL Administrators"
|
|
}
|
|
];
|
|
schemes: HTTPS;
|
|
|
|
consumes: "application/json";
|
|
produces: "application/json";
|
|
|
|
consumes: "application/grpc";
|
|
produces: "application/grpc";
|
|
|
|
consumes: "application/grpc-web+proto";
|
|
produces: "application/grpc-web+proto";
|
|
|
|
host: "$ZITADEL_DOMAIN";
|
|
base_path: "/management/v1";
|
|
|
|
external_docs: {
|
|
description: "Detailed information about ZITADEL",
|
|
url: "https://zitadel.com/docs"
|
|
}
|
|
|
|
security_definitions: {
|
|
security: {
|
|
key: "BasicAuth";
|
|
value: {
|
|
type: TYPE_BASIC;
|
|
}
|
|
}
|
|
security: {
|
|
key: "OAuth2";
|
|
value: {
|
|
type: TYPE_OAUTH2;
|
|
flow: FLOW_ACCESS_CODE;
|
|
authorization_url: "$ZITADEL_DOMAIN/oauth/v2/authorize";
|
|
token_url: "$ZITADEL_DOMAIN/oauth/v2/token";
|
|
scopes: {
|
|
scope: {
|
|
key: "openid";
|
|
value: "openid";
|
|
}
|
|
scope: {
|
|
key: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
value: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
security: {
|
|
security_requirement: {
|
|
key: "OAuth2";
|
|
value: {
|
|
scope: "openid";
|
|
scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
|
|
}
|
|
}
|
|
}
|
|
extensions: {
|
|
key: "x-zitadel-orgid";
|
|
value: {
|
|
string_value: "$YOUR-ORGANIZATION";
|
|
}
|
|
}
|
|
};
|
|
|
|
service ManagementService {
|
|
rpc Healthz(HealthzRequest) returns (HealthzResponse) {
|
|
option (google.api.http) = {
|
|
get: "/healthz"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Healthz";
|
|
description: "The health endpoint allows an external system to probe if ZITADEL management API is alive"
|
|
tags: "General";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetOIDCInformation(GetOIDCInformationRequest) returns (GetOIDCInformationResponse) {
|
|
option (google.api.http) = {
|
|
get: "/zitadel/docs"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "ZITADEL documentation";
|
|
description: "This endpoint returns some general needed (OIDC) information about ZITADEL like the issuer or discovery endpoint."
|
|
tags: "General";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetIAM(GetIAMRequest) returns (GetIAMResponse) {
|
|
option (google.api.http) = {
|
|
get: "/iam"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "authenticated"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Instance information";
|
|
description: "Some needed settings made in ZITADEL like the global organization id or ZITADEL project ID "
|
|
tags: "General";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetSupportedLanguages(GetSupportedLanguagesRequest) returns (GetSupportedLanguagesResponse) {
|
|
option (google.api.http) = {
|
|
get: "/languages";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "authenticated";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Supported Languages";
|
|
description: "The supported/default languages of the system will be returned by the language abbreviation."
|
|
tags: "General";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetUserByID(GetUserByIDRequest) returns (GetUserByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "User by ID";
|
|
description: "Returns the full user object (human or machine) including the profile, email, etc."
|
|
tags: "Users";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetUserByLoginNameGlobal(GetUserByLoginNameGlobalRequest) returns (GetUserByLoginNameGlobalResponse) {
|
|
option (google.api.http) = {
|
|
get: "/global/users/_by_login_name"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.global.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get User by login name (globally)";
|
|
description: "Get a user by login name searched over all organizations. The request only returns data if the login name matches exactly."
|
|
tags: "Users";
|
|
tags: "Global";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListUsers(ListUsersRequest) returns (ListUsersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
summary: "Search Users";
|
|
description: "Search for users within an organization. By default, we will return users of your organization. Make sure to include a limit and sorting for pagination."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
responses: {
|
|
key: "200";
|
|
value: {
|
|
description: "A list of all users matching the query";
|
|
};
|
|
};
|
|
responses: {
|
|
key: "400";
|
|
value: {
|
|
description: "invalid list query";
|
|
schema: {
|
|
json_schema: {
|
|
ref: "#/definitions/rpcStatus";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListUserChanges(ListUserChangesRequest) returns (ListUserChangesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/changes/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
summary: "Get User History";
|
|
description: "Returns a list of changes/events that have happened on the user. It's the history of the user. Make sure to send a limit."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc IsUserUnique(IsUserUniqueRequest) returns (IsUserUniqueResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/_is_unique"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
summary: "Check for existing user";
|
|
description: "Returns if a user with the requested email or username is unique. So you can create the user."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// deprecated: use ImportHumanUser
|
|
rpc AddHumanUser(AddHumanUserRequest) returns (AddHumanUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/human"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Deprecated: Create User (Human)";
|
|
description: "Create a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login."
|
|
tags: "Users";
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc ImportHumanUser(ImportHumanUserRequest) returns (ImportHumanUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/human/_import"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Create/Import User (Human)";
|
|
description: "Create/import a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login."
|
|
tags: "Users";
|
|
tags: "User Human"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to add users to another organization include the header. Make sure the user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddMachineUser(AddMachineUserRequest) returns (AddMachineUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/machine"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Create User (Machine)";
|
|
description: "Create a new user with the type machine for your API, service or device. These users are used for non-interactive authentication flows."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateUser(DeactivateUserRequest) returns (DeactivateUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{id}/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Deactivate user";
|
|
description: "The state of the user will be changed to 'deactivated'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'deactivated'. Use deactivate user when the user should not be able to use the account anymore, but you still need access to the user data."
|
|
tags: "Users";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateUser(ReactivateUserRequest) returns (ReactivateUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{id}/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Reactivate user";
|
|
description: "Reactivate a user with the state 'deactivated'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'deactivated'."
|
|
tags: "Users";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc LockUser(LockUserRequest) returns (LockUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{id}/_lock"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Lock user";
|
|
description: "The state of the user will be changed to 'locked'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'locked'. Use this endpoint if the user should not be able to log in temporarily because of an event that happened (wrong password, etc.)"
|
|
tags: "Users";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UnlockUser(UnlockUserRequest) returns (UnlockUserResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{id}/_unlock"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Unlock user";
|
|
description: "Unlock a user with the state 'locked'. The user will be able to log in again afterward. The endpoint returns an error if the user is not in the state 'locked'."
|
|
tags: "Users";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveUser(RemoveUserRequest) returns (RemoveUserResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Delete user";
|
|
description: "The state of the user will be changed to 'deleted'. The user will not be able to log in anymore. Endpoints requesting this user will return an error 'User not found"
|
|
tags: "Users";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateUserName(UpdateUserNameRequest) returns (UpdateUserNameResponse) {
|
|
option (google.api.http) = {
|
|
put: "/users/{user_id}/username"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Change user name";
|
|
description: "Change the username of the user. Be aware that the user has to log in with the newly added username afterward."
|
|
tags: "Users";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetUserMetadata(SetUserMetadataRequest) returns (SetUserMetadataResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{id}/metadata/{key}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
tags: "User Metadata";
|
|
summary: "Set User Metadata";
|
|
description: "This endpoint either adds or updates a metadata value for the requested key. Make sure the value is base64 encoded."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc BulkSetUserMetadata(BulkSetUserMetadataRequest) returns (BulkSetUserMetadataResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{id}/metadata/_bulk"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
tags: "User Metadata";
|
|
summary: "Bulk Set User Metadata";
|
|
description: "Add or update multiple metadata values for a user. Make sure the values are base64 encoded."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListUserMetadata(ListUserMetadataRequest) returns (ListUserMetadataResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{id}/metadata/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
tags: "User Metadata";
|
|
summary: "Search User Metadata";
|
|
description: "Get the metadata of a user filtered by your query."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetUserMetadata(GetUserMetadataRequest) returns (GetUserMetadataResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/{id}/metadata/{key}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
tags: "User Metadata";
|
|
summary: "Get User Metadata By Key";
|
|
description: "Get a metadata object from a user by a specific key."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveUserMetadata(RemoveUserMetadataRequest) returns (RemoveUserMetadataResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{id}/metadata/{key}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
tags: "User Metadata";
|
|
summary: "Delete User Metadata By Key";
|
|
description: "Remove a metadata object from a user with a specific key."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc BulkRemoveUserMetadata(BulkRemoveUserMetadataRequest) returns (BulkRemoveUserMetadataResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{id}/metadata/_bulk"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
tags: "User Metadata";
|
|
summary: "Bulk Delete Metadata";
|
|
description: "Remove a list of metadata objects from a user with a list of keys."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetHumanProfile(GetHumanProfileRequest) returns (GetHumanProfileResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/{user_id}/profile"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get User Profile (Human)";
|
|
description: "Get basic information like first_name and last_name of a user."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateHumanProfile(UpdateHumanProfileRequest) returns (UpdateHumanProfileResponse) {
|
|
option (google.api.http) = {
|
|
put: "/users/{user_id}/profile"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Update User Profile (Human)";
|
|
description: "Update the profile information from a user. The profile includes basic information like first_name and last_name."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetHumanEmail(GetHumanEmailRequest) returns (GetHumanEmailResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/{user_id}/email"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get User Email (Human)";
|
|
description: "Get the email address and the verification state of the address."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateHumanEmail(UpdateHumanEmailRequest) returns (UpdateHumanEmailResponse) {
|
|
option (google.api.http) = {
|
|
put: "/users/{user_id}/email"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Update User Email (Human)";
|
|
description: "Change the email address of a user. If the state is set to not verified, the user will get a verification email."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResendHumanInitialization(ResendHumanInitializationRequest) returns (ResendHumanInitializationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/_resend_initialization"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Resend User Initialization Email";
|
|
description: "A newly created user will get an initialization email to verify the email address and set a password. Resend the email with this request to the user's email address, or a newly added address."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResendHumanEmailVerification(ResendHumanEmailVerificationRequest) returns (ResendHumanEmailVerificationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/email/_resend_verification"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Resend User Email Verification";
|
|
description: "Resend the email verification notification to the given email address of the user."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetHumanPhone(GetHumanPhoneRequest) returns (GetHumanPhoneResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/{user_id}/phone"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get User Phone (Human)";
|
|
description: "Get the phone number and the verification state of the number. The phone number is only for informational purposes and to send messages, not for Authentication (2FA)."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateHumanPhone(UpdateHumanPhoneRequest) returns (UpdateHumanPhoneResponse) {
|
|
option (google.api.http) = {
|
|
put: "/users/{user_id}/phone"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Update User Phone (Human)";
|
|
description: "Change the phone number of a user. If the state is set to not verified, the user will get an SMS to verify (if a notification provider is configured). The phone number is only for informational purposes and to send messages, not for Authentication (2FA)."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveHumanPhone(RemoveHumanPhoneRequest) returns (RemoveHumanPhoneResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/phone"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Remove User Phone (Human)";
|
|
description: "Remove the configured phone number of a user."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResendHumanPhoneVerification(ResendHumanPhoneVerificationRequest) returns (ResendHumanPhoneVerificationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/phone/_resend_verification"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Resend User Phone Verification";
|
|
description: "Resend the notification for the verification of the phone number, to the number stored on the user."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveHumanAvatar(RemoveHumanAvatarRequest) returns (RemoveHumanAvatarResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/avatar"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Delete User Avatar (Human)";
|
|
description: "Removes the avatar that is currently set on the user."
|
|
tags: "Users";
|
|
tags: "User Human"
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// deprecated: use SetHumanPassword
|
|
rpc SetHumanInitialPassword(SetHumanInitialPasswordRequest) returns (SetHumanInitialPasswordResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/password/_initialize"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
summary: "Set Human Initial Password";
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc SetHumanPassword(SetHumanPasswordRequest) returns (SetHumanPasswordResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/password"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Set User Password";
|
|
description: "Set a new password for a user. Per default, the user has to change the password on the next login. You can set no_change_required to true, to avoid the change on the next login."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SendHumanResetPasswordNotification(SendHumanResetPasswordNotificationRequest) returns (SendHumanResetPasswordNotificationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/password/_reset"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Send Reset Password Notification";
|
|
description: "The user will receive an email with a link to change the password."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListHumanAuthFactors(ListHumanAuthFactorsRequest) returns (ListHumanAuthFactorsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/auth_factors/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get User Authentication Factors (2FA/MFA)";
|
|
description: "Get a list of authentication factors the user has set. Including Second-Factors (2FA) and Multi-Factors (MFA)."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveHumanAuthFactorOTP(RemoveHumanAuthFactorOTPRequest) returns (RemoveHumanAuthFactorOTPResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/auth_factors/otp"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Remove Multi-Factor OTP";
|
|
description: "Remove the configured One-Time-Password (OTP) as a factor from the user. OTP is an authentication app, like Authy or Google/Microsoft Authenticator.."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveHumanAuthFactorU2F(RemoveHumanAuthFactorU2FRequest) returns (RemoveHumanAuthFactorU2FResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/auth_factors/u2f/{token_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Remove Multi-Factor U2F";
|
|
description: "Remove the configured Universal-Second-Factor (U2F) as a factor from the user. U2F is a device-dependent factor like FingerPrint, Windows-Hello, etc."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListHumanPasswordless(ListHumanPasswordlessRequest) returns (ListHumanPasswordlessResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/passwordless/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Search Passwordless/Passkey authentication";
|
|
description: "Get a list of configured passwordless/passkey authentication methods from the user. Passwordless/passkey is a device-dependent authentication like FingerScan, WindowsHello or a Hardware Token."
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddPasswordlessRegistration(AddPasswordlessRegistrationRequest) returns (AddPasswordlessRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/passwordless/_link"
|
|
};
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.credential.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Add Passwordless/Passkey Registration Link";
|
|
description: "Adds a new passwordless/passkey authenticator link to the user and returns it in the response. The link enables the user to register a new device if current passwordless/passkey devices are all platform authenticators. e.g. User has already registered Windows Hello and wants to register FaceID on the iPhone"
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SendPasswordlessRegistration(SendPasswordlessRegistrationRequest) returns (SendPasswordlessRegistrationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/passwordless/_send_link"
|
|
body: "*"
|
|
};
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Send Passwordless/Passkey Registration Link";
|
|
description: "Adds a new passwordless/passkey authenticator link to the user and sends it to the user per email. The link enables the user to register a new device if current passwordless/passkey devices are all platform authenticators. e.g. User has already registered Windows Hello and wants to register FaceID on the iPhone"
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveHumanPasswordless(RemoveHumanPasswordlessRequest) returns (RemoveHumanPasswordlessResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/passwordless/{token_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Delete Passwordless/Passkey";
|
|
description: "Remove a configured passwordless/passkey authentication method from the user. (e.g FaceID, FingerScane, WindowsHello, etc.)"
|
|
tags: "Users";
|
|
tags: "User Human";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateMachine(UpdateMachineRequest) returns (UpdateMachineResponse) {
|
|
option (google.api.http) = {
|
|
put: "/users/{user_id}/machine"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Update Machine User";
|
|
description: "Change a service account/machine user. It is used for accounts with non-interactive authentication possibilities."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GenerateMachineSecret(GenerateMachineSecretRequest) returns (GenerateMachineSecretResponse) {
|
|
option (google.api.http) = {
|
|
put: "/users/{user_id}/secret"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Create Secret for Machine User";
|
|
description: "Create a new secret for a machine user/service account. It is used to authenticate the user (client credential grant)."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveMachineSecret(RemoveMachineSecretRequest) returns (RemoveMachineSecretResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/secret"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Delete Secret of Machine User";
|
|
description: "Delete a secret of a machine user/service account. The user will not be able to authenticate with the secret afterward."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetMachineKeyByIDs(GetMachineKeyByIDsRequest) returns (GetMachineKeyByIDsResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/{user_id}/keys/{key_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get Machine user Key By ID";
|
|
description: "Get a specific Key of a machine user by its id. Machine keys are used to authenticate with jwt profile authentication."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListMachineKeys(ListMachineKeysRequest) returns (ListMachineKeysResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/keys/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get Machine user Key By ID";
|
|
description: "Get the list of keys of a machine user. Machine keys are used to authenticate with jwt profile authentication."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddMachineKey(AddMachineKeyRequest) returns (AddMachineKeyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/keys"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Create Key for machine user";
|
|
description: "A new key is generated and will be returned in the response. Make sure to store the returned key. Machine keys are used to authenticate with jwt profile."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveMachineKey(RemoveMachineKeyRequest) returns (RemoveMachineKeyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/keys/{key_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Create Key for machine user";
|
|
description: "Delete a specific key from a user. The user will not be able to authenticate with that key afterward."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetPersonalAccessTokenByIDs(GetPersonalAccessTokenByIDsRequest) returns (GetPersonalAccessTokenByIDsResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/{user_id}/pats/{token_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get a Personal-Access-Token (PAT) by ID";
|
|
description: "Returns the PAT for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/pats/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get a Personal-Access-Token (PAT) by ID";
|
|
description: "Returns a list of PATs for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddPersonalAccessToken(AddPersonalAccessTokenRequest) returns (AddPersonalAccessTokenResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/pats"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Create a Personal-Access-Token (PAT)";
|
|
description: "Generates a new PAT for the user. Currently only available for machine users. The token will be returned in the response, make sure to store it. PATs are ready-to-use tokens and can be sent directly in the authentication header."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to update a user from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/pats/{token_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get a Personal-Access-Token (PAT) by ID";
|
|
description: "Delete a PAT from a user. Afterward, the user will not be able to authenticate with that token anymore."
|
|
tags: "Users";
|
|
tags: "User Machine";
|
|
responses: {
|
|
key: "200"
|
|
value: {
|
|
description: "OK";
|
|
}
|
|
};
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get a result from another organization include the header. Make sure the requesting user has permission in the requested organization.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListHumanLinkedIDPs(ListHumanLinkedIDPsRequest) returns (ListHumanLinkedIDPsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/idps/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users"
|
|
summary: "List Social Logins";
|
|
description: "Returns a list of all linked identity providers/social logins of the user. (e. Google, Microsoft, AzureAD, etc.)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get the result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveHumanLinkedIDP(RemoveHumanLinkedIDPRequest) returns (RemoveHumanLinkedIDPResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/idps/{idp_id}/{linked_user_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users"
|
|
summary: "Remove Social Login";
|
|
description: "Remove a configured social logins/identity providers of the user (e.g. Google, Microsoft, AzureAD, etc.). The user will not be able to log in with the given provider afterward. Make sure the user does have other possibilities to authenticate."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get the result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListUserMemberships(ListUserMembershipsRequest) returns (ListUserMembershipsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/memberships/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.membership.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Users"
|
|
summary: "List ZITADEL Permissions";
|
|
description: "Show all the permissions the user has in ZITADEL (ZITADEL Manager)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get the result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetMyOrg(GetMyOrgRequest) returns (GetMyOrgResponse) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/me"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Get My Organization";
|
|
description: "Returns the organization that is sent in the x-zitadel-orgid. If no header is set the organization of the authenticated user will be returned."
|
|
tags: "Organizations";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetOrgByDomainGlobal(GetOrgByDomainGlobalRequest) returns (GetOrgByDomainGlobalResponse) {
|
|
option (google.api.http) = {
|
|
get: "/global/orgs/_by_domain"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.global.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Get Organization By Domain";
|
|
description: "Search an organization by the domain, overall organizations. The domain must match exactly."
|
|
};
|
|
}
|
|
|
|
rpc ListOrgChanges(ListOrgChangesRequest) returns (ListOrgChangesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/changes/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Get Organization History";
|
|
description: "Returns a list of changes/events that have happened in the organization. It's the history of the organization. Make sure to send a limit."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddOrg(AddOrgRequest) returns (AddOrgResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.create"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Create Organization";
|
|
description: "Create a new organization. Based on the given name a domain will be generated to be able to identify users within an organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateOrg(UpdateOrgRequest) returns (UpdateOrgResponse) {
|
|
option (google.api.http) = {
|
|
put: "/orgs/me"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Update Organization";
|
|
description: "Change the name of the organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateOrg(DeactivateOrgRequest) returns (DeactivateOrgResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Deactivate Organization";
|
|
description: "Sets the state of my organization to deactivated. Users of this organization will not be able to log in."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateOrg(ReactivateOrgRequest) returns (ReactivateOrgResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Reactivate Organization";
|
|
description: "Set the state of my organization to active. The state of the organization has to be deactivated to perform the request. Users of this organization will be able to log in again."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveOrg(RemoveOrgRequest) returns (RemoveOrgResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/orgs/me"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Delete Organization";
|
|
description: "Sets the state of my organization and all its resource (Users, Projects, Grants to and from the org) to remove. Users of this organization will not be able to log in."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetOrgMetadata(SetOrgMetadataRequest) returns (SetOrgMetadataResponse) {
|
|
option (google.api.http) = {
|
|
post: "/metadata/{key}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Organization Metadata";
|
|
summary: "Set Organization Metadata";
|
|
description: "This endpoint either adds or updates a metadata value for the requested key. Make sure the value is base64 encoded."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc BulkSetOrgMetadata(BulkSetOrgMetadataRequest) returns (BulkSetOrgMetadataResponse) {
|
|
option (google.api.http) = {
|
|
post: "/metadata/_bulk"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Organization Metadata";
|
|
summary: "Bulk Set Organization Metadata";
|
|
description: "This endpoint sets a list of metadata to the organization. Make sure the values are base64 encoded."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListOrgMetadata(ListOrgMetadataRequest) returns (ListOrgMetadataResponse) {
|
|
option (google.api.http) = {
|
|
post: "/metadata/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Organization Metadata";
|
|
summary: "Search Organization Metadata";
|
|
description: "Get the metadata of an organization filtered by your query."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetOrgMetadata(GetOrgMetadataRequest) returns (GetOrgMetadataResponse) {
|
|
option (google.api.http) = {
|
|
get: "/metadata/{key}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Organization Metadata";
|
|
summary: "Get Organization Metadata By Key";
|
|
description: "Get a metadata object from an organization by a specific key."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveOrgMetadata(RemoveOrgMetadataRequest) returns (RemoveOrgMetadataResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/metadata/{key}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Organization Metadata";
|
|
summary: "Delete Organization Metadata By Key";
|
|
description: "Remove a metadata object from an organization with a specific key."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc BulkRemoveOrgMetadata(BulkRemoveOrgMetadataRequest) returns (BulkRemoveOrgMetadataResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/metadata/_bulk"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Organization Metadata";
|
|
summary: "Bulk Delete Metadata";
|
|
description: "Remove a list of metadata objects from an organization with a list of keys."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListOrgDomains(ListOrgDomainsRequest) returns (ListOrgDomainsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/domains/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Search Domains";
|
|
description: "Returns the list of registered domains of an organization. The domains are used to identify to which organization a user belongs."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddOrgDomain(AddOrgDomainRequest) returns (AddOrgDomainResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/domains"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Add Domain";
|
|
description: "Add a new domain to an organization. The domains are used to identify to which organization a user belongs."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveOrgDomain(RemoveOrgDomainRequest) returns (RemoveOrgDomainResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/orgs/me/domains/{domain}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Remove Domain";
|
|
description: "Delete a new domain from an organization. The domains are used to identify to which organization a user belongs. If the uses use the domain for login, this will not be possible afterwards. They have to use another domain instead."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GenerateOrgDomainValidation(GenerateOrgDomainValidationRequest) returns (GenerateOrgDomainValidationResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/domains/{domain}/validation/_generate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Generate Domain Verification";
|
|
description: "Generate a new file to be able to verify your domain with DNS or HTTP challenge."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ValidateOrgDomain(ValidateOrgDomainRequest) returns (ValidateOrgDomainResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/domains/{domain}/validation/_validate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Verify Domain";
|
|
description: "Make sure you have added the required verification to your domain, depending on the method you have chosen (HTTP or DNS challenge). ZITADEL will check it and set the domain as verified if it was successful. A verify domain has to be unique."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetPrimaryOrgDomain(SetPrimaryOrgDomainRequest) returns (SetPrimaryOrgDomainResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/domains/{domain}/_set_primary"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
summary: "Set Primary Domain";
|
|
description: "Set a domain as primary. It has to be verified to be able to be set as primary. The primary domain will be shown as suffix on the usernames as preferred loginname on this organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListOrgMemberRoles(ListOrgMemberRolesRequest) returns (ListOrgMemberRolesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/members/roles/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.member.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations"
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "List Organization Member Roles";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all roles possible for a ZITADEL member on the organization level."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListOrgMembers(ListOrgMembersRequest) returns (ListOrgMembersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/members/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.member.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations"
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "List Organization Members";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all users with memberships on the organization level, matching the search queries. The search queries will be AND linked."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddOrgMember(AddOrgMemberRequest) returns (AddOrgMemberResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/me/members"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.member.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Add Organization Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request adds a new user to the members list on the organization level with one or multiple roles."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateOrgMember(UpdateOrgMemberRequest) returns (UpdateOrgMemberResponse) {
|
|
option (google.api.http) = {
|
|
put: "/orgs/me/members/{user_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.member.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Update Organization Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request changes the roles of an existing member. The whole roles list will be updated. Make sure to include roles that you don't want to change (remove)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveOrgMember(RemoveOrgMemberRequest) returns (RemoveOrgMemberResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/orgs/me/members/{user_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.member.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Organizations";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Remove Organization Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request removes a user from the members list on an instance level. The user can still have roles on another level (iam, project)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetProjectByID(GetProjectByIDRequest) returns (GetProjectByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/projects/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.read"
|
|
check_field_name: "Id"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Get Project By ID";
|
|
description: "Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetGrantedProjectByID(GetGrantedProjectByIDRequest) returns (GetGrantedProjectByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/granted_projects/{project_id}/grants/{grant_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.read"
|
|
check_field_name: "GrantId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Get Granted Project By ID";
|
|
description: "Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Search Project";
|
|
description: "Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListGrantedProjects(ListGrantedProjectsRequest) returns (ListGrantedProjectsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/granted_projects/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Search Granted Project";
|
|
description: "Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListGrantedProjectRoles(ListGrantedProjectRolesRequest) returns (ListGrantedProjectRolesResponse) {
|
|
option (google.api.http) = {
|
|
get: "/granted_projects/{project_id}/grants/{grant_id}/roles/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.role.read"
|
|
check_field_name: "GrantId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Search Granted Project Roles";
|
|
description: "Lists the roles a granted projects has. These are the roles, that have been granted by the owner organization to my organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjectChanges(ListProjectChangesRequest) returns (ListProjectChangesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/changes/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Project History";
|
|
description: "Returns a list of changes/events that have happened on the project. It's the history of the project. Make sure to send a limit."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddProject(AddProjectRequest) returns (AddProjectResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.create"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Create Project";
|
|
description: "Create a new project. A Project is a vessel for different applications sharing the same role context."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateProject(UpdateProjectRequest) returns (UpdateProjectResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.write"
|
|
check_field_name: "Id"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Update Project";
|
|
description: "Update a project and its settings. A Project is a vessel for different applications sharing the same role context."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateProject(DeactivateProjectRequest) returns (DeactivateProjectResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{id}/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.write"
|
|
check_field_name: "Id"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Deactivate Project";
|
|
description: "Set the state of a project to deactivated. Request returns an error if the project is already deactivated."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateProject(ReactivateProjectRequest) returns (ReactivateProjectResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{id}/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.write"
|
|
check_field_name: "Id"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Reactivate Project";
|
|
description: "Set the state of a project to active. Request returns an error if the project is not deactivated."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveProject(RemoveProjectRequest) returns (RemoveProjectResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/projects/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.delete"
|
|
check_field_name: "Id"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Remove Project";
|
|
description: "Project and all its sub-resources like project grants, applications, roles and user grants will be removed."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjectRoles(ListProjectRolesRequest) returns (ListProjectRolesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/roles/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.role.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Roles";
|
|
summary: "Search Project Roles";
|
|
description: "Returns all roles of a project matching the search query."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddProjectRole(AddProjectRoleRequest) returns (AddProjectRoleResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/roles"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.role.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Roles";
|
|
summary: "Add Project Role";
|
|
description: "Add a new project role to a project. The key must be unique within the project."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc BulkAddProjectRoles(BulkAddProjectRolesRequest) returns (BulkAddProjectRolesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/roles/_bulk"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.role.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Roles";
|
|
summary: "Bulk Add Project Role";
|
|
description: "Add a list of roles to a project. The keys must be unique within the project."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateProjectRole(UpdateProjectRoleRequest) returns (UpdateProjectRoleResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{project_id}/roles/{role_key}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.role.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Roles";
|
|
summary: "Change Project Role";
|
|
description: "Change a project role. The key is not editable. If a key should change, remove the role and create a new one."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveProjectRole(RemoveProjectRoleRequest) returns (RemoveProjectRoleResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/projects/{project_id}/roles/{role_key}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.role.delete"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Roles";
|
|
summary: "Remove Project Role";
|
|
description: "Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjectMemberRoles(ListProjectMemberRolesRequest) returns (ListProjectMemberRolesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/members/roles/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.member.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects"
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "List Project Member Roles";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all roles possible for a ZITADEL member on the project level."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjectMembers(ListProjectMembersRequest) returns (ListProjectMembersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/members/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.member.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects"
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "List Project Members";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all users with memberships on the project level, matching the search queries. The search queries will be AND linked."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddProjectMember(AddProjectMemberRequest) returns (AddProjectMemberResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/members"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.member.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Add Project Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request adds a new user to the members list on the project level with one or multiple roles."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateProjectMember(UpdateProjectMemberRequest) returns (UpdateProjectMemberResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{project_id}/members/{user_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.member.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Update Project Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request changes the roles of an existing member. The whole roles list will be updated. Make sure to include roles that you don't want to change (remove)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveProjectMember(RemoveProjectMemberRequest) returns (RemoveProjectMemberResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/projects/{project_id}/members/{user_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.member.delete"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Remove Project Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request removes a user from the members list on an project level. The user can still have roles on another level (iam, organization)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetAppByID(GetAppByIDRequest) returns (GetAppByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/projects/{project_id}/apps/{app_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Get Application By ID";
|
|
description: "Get an application of any type (OIDC, API, SAML)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListApps(ListAppsRequest) returns (ListAppsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Search Applications";
|
|
description: "Returns all applications within a project, that match the query."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListAppChanges(ListAppChangesRequest) returns (ListAppChangesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/{app_id}/changes/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Application History";
|
|
description: "Returns a list of changes/events that have happened on the application. It's the history of the app. Make sure to send a limit."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddOIDCApp(AddOIDCAppRequest) returns (AddOIDCAppResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/oidc"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Create Application (OIDC)";
|
|
description: "Create a new OIDC client. The client id will be generated and returned in the response. Depending on the chosen configuration also a secret will be returned."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddSAMLApp(AddSAMLAppRequest) returns (AddSAMLAppResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/saml"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Create Application (SAML)";
|
|
description: "Create a new SAML client. Returns an entity ID"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddAPIApp(AddAPIAppRequest) returns (AddAPIAppResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/api"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Create Application (API)";
|
|
description: "Create a new API client. The client id will be generated and returned in the response. Depending on the chosen configuration also a secret will be generated and returned."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Changes application
|
|
rpc UpdateApp(UpdateAppRequest) returns (UpdateAppResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{project_id}/apps/{app_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Update Application";
|
|
description: "Update the basic information of an application. This doesn't include information that are dependent on the application type (OIDC, API, SAML)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateOIDCAppConfig(UpdateOIDCAppConfigRequest) returns (UpdateOIDCAppConfigResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{project_id}/apps/{app_id}/oidc_config"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Update OIDC Application Config";
|
|
description: "Update the OIDC specific configuration of an application."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateSAMLAppConfig(UpdateSAMLAppConfigRequest) returns (UpdateSAMLAppConfigResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{project_id}/apps/{app_id}/saml_config"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Update SAML Application Config";
|
|
description: "Update the SAML specific configuration of an application."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateAPIAppConfig(UpdateAPIAppConfigRequest) returns (UpdateAPIAppConfigResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{project_id}/apps/{app_id}/api_config"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Update API Application Config";
|
|
description: "Update the OIDC-specific configuration of an application."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateApp(DeactivateAppRequest) returns (DeactivateAppResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/{app_id}/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Deactivate Application";
|
|
description: "Set the state of an application to deactivated. It is not possible to request tokens for deactivated apps. Request returns an error if the application is already deactivated."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateApp(ReactivateAppRequest) returns (ReactivateAppResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/{app_id}/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Reactivate Application";
|
|
description: "Set the state of an application to active. Request returns an error if the application is not deactivated."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveApp(RemoveAppRequest) returns (RemoveAppResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/projects/{project_id}/apps/{app_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.delete"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Remove Application";
|
|
description: "Remove an application. It is not possible to request tokens for removed apps. Request returns an error if the application is already deactivated."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RegenerateOIDCClientSecret(RegenerateOIDCClientSecretRequest) returns (RegenerateOIDCClientSecretResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/{app_id}/oidc_config/_generate_client_secret"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Generate New OIDC Client Secret";
|
|
description: "Generates a new client secret for the OIDC application, make sure to save the response"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RegenerateAPIClientSecret(RegenerateAPIClientSecretRequest) returns (RegenerateAPIClientSecretResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/{app_id}/api_config/_generate_client_secret"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Generate New API Client Secret";
|
|
description: "Generates a new client secret for the API application, make sure to save the response"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetAppKey(GetAppKeyRequest) returns (GetAppKeyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/projects/{project_id}/apps/{app_id}/keys/{key_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Get Application Key By ID";
|
|
description: "Returns an application key. Keys are used for authorizing API Applications."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListAppKeys(ListAppKeysRequest) returns (ListAppKeysResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/{app_id}/keys/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "List Application Keys";
|
|
description: "Search application keys. Keys are used for authorizing API Applications."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddAppKey(AddAppKeyRequest) returns (AddAppKeyResponse){
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/apps/{app_id}/keys"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Create Application Key";
|
|
description: "Create a new application key, they are used for authorizing API Applications. Key details will be returned in the response, make sure to save it."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveAppKey(RemoveAppKeyRequest) returns (RemoveAppKeyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/projects/{project_id}/apps/{app_id}/keys/{key_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.app.write"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Applications";
|
|
summary: "Delete Application Key";
|
|
description: "Remove an application key. The API application will not be able to authorize with the key anymore."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjectGrantChanges(ListProjectGrantChangesRequest) returns (ListProjectGrantChangesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/grants/{grant_id}/changes/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.read"
|
|
check_field_name: "GrantId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Project Grant History";
|
|
description: "Returns a list of changes/events that have happened on the project grant. It's the history of the project. Make sure to send a limit."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetProjectGrantByID(GetProjectGrantByIDRequest) returns (GetProjectGrantByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/projects/{project_id}/grants/{grant_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Projects";
|
|
summary: "Project Grant By ID";
|
|
description: "Returns a project grant. A project grant is when the organization grants its project to another organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjectGrants(ListProjectGrantsRequest) returns (ListProjectGrantsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/grants/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.read"
|
|
check_field_name: "ProjectId"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
summary: "Search Project Grants from Project";
|
|
description: "Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListAllProjectGrants(ListAllProjectGrantsRequest) returns (ListAllProjectGrantsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projectgrants/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
summary: "Search Project Grants";
|
|
description: "Returns a list of project grants. A project grant is when the organization grants its project to another organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddProjectGrant(AddProjectGrantRequest) returns (AddProjectGrantResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/grants"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
summary: "Add Project Grant";
|
|
description: "Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateProjectGrant(UpdateProjectGrantRequest) returns (UpdateProjectGrantResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{project_id}/grants/{grant_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
summary: "Change Project Grant";
|
|
description: "Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateProjectGrant(DeactivateProjectGrantRequest) returns (DeactivateProjectGrantResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/grants/{grant_id}/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
summary: "Deactivate Project Grant";
|
|
description: "Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateProjectGrant(ReactivateProjectGrantRequest) returns (ReactivateProjectGrantResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/grants/{grant_id}/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
summary: "Reactivate Project Grant";
|
|
description: "Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveProjectGrant(RemoveProjectGrantRequest) returns (RemoveProjectGrantResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/projects/{project_id}/grants/{grant_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
summary: "Remove Project Grant";
|
|
description: "Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjectGrantMemberRoles(ListProjectGrantMemberRolesRequest) returns (ListProjectGrantMemberRolesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/grants/members/roles/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.member.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants"
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "List Project Grant Member Roles";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all roles possible for a ZITADEL member on the project grant level."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListProjectGrantMembers(ListProjectGrantMembersRequest) returns (ListProjectGrantMembersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/grants/{grant_id}/members/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.member.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants"
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "List Project Members";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all users with memberships on the project grant level, matching the search queries. The search queries will be AND linked."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddProjectGrantMember(AddProjectGrantMemberRequest) returns (AddProjectGrantMemberResponse) {
|
|
option (google.api.http) = {
|
|
post: "/projects/{project_id}/grants/{grant_id}/members"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.member.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Add Project Grant Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request adds a new user to the members list on the project grant level with one or multiple roles."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateProjectGrantMember(UpdateProjectGrantMemberRequest) returns (UpdateProjectGrantMemberResponse) {
|
|
option (google.api.http) = {
|
|
put: "/projects/{project_id}/grants/{grant_id}/members/{user_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.member.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Update Project Grant Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request changes the roles of an existing member. The whole roles list will be updated. Make sure to include roles that you don't want to change (remove)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveProjectGrantMember(RemoveProjectGrantMemberRequest) returns (RemoveProjectGrantMemberResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/projects/{project_id}/grants/{grant_id}/members/{user_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "project.grant.member.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Project Grants";
|
|
tags: "Members";
|
|
tags: "ZITADEL Administrators";
|
|
summary: "Remove Project Grant Member";
|
|
description: "Members are users with permission to administrate ZITADEL on different levels. This request removes a user from the members list on a project grant level. The user can still have roles on another level (iam, organization, project)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetUserGrantByID(GetUserGrantByIDRequest) returns (GetUserGrantByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/users/{user_id}/grants/{grant_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.grant.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "User Grants";
|
|
summary: "User Grant By ID";
|
|
description: "Returns a user grant per ID. A user grant is a role a user has for a specific project and organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListUserGrants(ListUserGrantRequest) returns (ListUserGrantResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/grants/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.grant.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "User Grants";
|
|
summary: "Search User Grants";
|
|
description: "Returns a list of user grants that match the search queries. User grants are the roles users have for a specific project and organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddUserGrant(AddUserGrantRequest) returns (AddUserGrantResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/grants"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.grant.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "User Grants";
|
|
summary: "Add User Grant";
|
|
description: "Add a user grant for a specific user. User grants are the roles users have for a specific project and organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateUserGrant(UpdateUserGrantRequest) returns (UpdateUserGrantResponse) {
|
|
option (google.api.http) = {
|
|
put: "/users/{user_id}/grants/{grant_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.grant.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "User Grants";
|
|
summary: "Update User Grants";
|
|
description: "Update the roles of a user grant. User grants are the roles users have for a specific project and organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateUserGrant(DeactivateUserGrantRequest) returns (DeactivateUserGrantResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/grants/{grant_id}/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.grant.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "User Grants";
|
|
summary: "Deactivate User Grant";
|
|
description: "Deactivate the user grant. The user will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested. An error will be returned if the user grant is already deactivated."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateUserGrant(ReactivateUserGrantRequest) returns (ReactivateUserGrantResponse) {
|
|
option (google.api.http) = {
|
|
post: "/users/{user_id}/grants/{grant_id}/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.grant.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "User Grants";
|
|
summary: "Reactivate User Grant";
|
|
description: "Reactivate a deactivated user grant. The user will be able to use the granted project again. An error will be returned if the user grant is not deactivated."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveUserGrant(RemoveUserGrantRequest) returns (RemoveUserGrantResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/users/{user_id}/grants/{grant_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.grant.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "User Grants";
|
|
summary: "Remove User Grant";
|
|
description: "Removes the user grant from the user. The user will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc BulkRemoveUserGrant(BulkRemoveUserGrantRequest) returns (BulkRemoveUserGrantResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/user_grants/_bulk"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "user.grant.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "User Grants";
|
|
summary: "Bulk Remove User Grants";
|
|
description: "Remove a list of user grants. The users will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
//deprecated: please use DomainPolicy instead
|
|
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/orgiam"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "authenticated"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Get Org IAM Policy";
|
|
description: "Use Get Domain Settings instead"
|
|
deprecated: true;
|
|
};
|
|
}
|
|
|
|
rpc GetDomainPolicy(GetDomainPolicyRequest) returns (GetDomainPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/domain"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "authenticated"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Domain Settings";
|
|
summary: "Get Domain Policy";
|
|
description: "Returns the domain policy (this policy is managed by the IAM administrator)";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetLoginPolicy(GetLoginPolicyRequest) returns (GetLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/login"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
summary: "Get Login Settings";
|
|
description: "Returns the login settings defined on the organization level. It will trigger as soon as the organization is identified (scope, user identification). The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLoginPolicy(GetDefaultLoginPolicyRequest) returns (GetDefaultLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/default/login"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
summary: "Get Default Login Settings";
|
|
description: "Returns the default login settings defined on the instance level. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddCustomLoginPolicy(AddCustomLoginPolicyRequest) returns (AddCustomLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
summary: "Create Custom Login Settings";
|
|
description: "Create login settings for the organization and therefore overwrite the default settings for this organization. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateCustomLoginPolicy(UpdateCustomLoginPolicyRequest) returns (UpdateCustomLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/login"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
summary: "Update Custom Login Settings";
|
|
description: "Change the login settings for the organization, that overwrites the default settings for this organization. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetLoginPolicyToDefault(ResetLoginPolicyToDefaultRequest) returns (ResetLoginPolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
summary: "Reset Custom Login Settings to Default";
|
|
description: "Remove the custom settings from the organization. The default settings of the instance will be triggered afterward. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI.";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListLoginPolicyIDPs(ListLoginPolicyIDPsRequest) returns (ListLoginPolicyIDPsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/idps/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Identity Providers"
|
|
summary: "List Linked Identity Providers";
|
|
description: "Returns a list of identity providers that are linked in the login policy. This means, that they are configured for the organization and will be shown to the users. They will be shown if the organization is identified (per scope or user)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddIDPToLoginPolicy(AddIDPToLoginPolicyRequest) returns (AddIDPToLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/idps"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Identity Providers"
|
|
summary: "Add Linked Identity Provider";
|
|
description: "Add/link a pre-configured identity provider to the login settings of the organization. This means that it will be shown to the users on the login page. They will be shown if the organization is identified (per scope or user)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveIDPFromLoginPolicy(RemoveIDPFromLoginPolicyRequest) returns (RemoveIDPFromLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/idps/{idp_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Identity Providers"
|
|
summary: "Remove Linked Identity Provider";
|
|
description: "Remove an identity provider from the login settings of the organization. This means that it will not be shown to the users on the login page."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListLoginPolicySecondFactors(ListLoginPolicySecondFactorsRequest) returns (ListLoginPolicySecondFactorsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/second_factors/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "List Second Factors (2FA)";
|
|
description: "Returns a list of second factors (2FA) configured on the login settings of the organization. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called the second factor as it is used after a password. In the UI we generalize it as multi-factor."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddSecondFactorToLoginPolicy(AddSecondFactorToLoginPolicyRequest) returns (AddSecondFactorToLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/second_factors"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "Add Second Factor (2FA)";
|
|
description: "Add a new second factor (2FA) to the login settings of the organization. Users will have the possibility to authenticate with the configured factor afterward. Authentication factors are used as an additional factor to add more security to your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called a second factor as it is used as an additional authentication after a password. In the UI we generalize this as multi-factor."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveSecondFactorFromLoginPolicy(RemoveSecondFactorFromLoginPolicyRequest) returns (RemoveSecondFactorFromLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/second_factors/{type}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "Remove Second Factor (2FA)";
|
|
description: "Remove a configured second factor (2FA) from the login settings of the organization. Users will not be able to authenticate with the configured factor afterward. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called the second factor as it is used after a password. In the UI we generalize it as multi-factor."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListLoginPolicyMultiFactors(ListLoginPolicyMultiFactorsRequest) returns (ListLoginPolicyMultiFactorsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/auth_factors/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "List Multi Factors (MFA)";
|
|
description: "Returns a list of multi factors (MFA) configured on the login settings of the organization. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multifactor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddMultiFactorToLoginPolicy(AddMultiFactorToLoginPolicyRequest) returns (AddMultiFactorToLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/multi_factors"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "Add Multi-Factor (MFA)";
|
|
description: "Add a multi-factor (MFA) to the login settings of the organization. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveMultiFactorFromLoginPolicy(RemoveMultiFactorFromLoginPolicyRequest) returns (RemoveMultiFactorFromLoginPolicyResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/multi_factors/{type}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Login Settings";
|
|
tags: "Authentication Methods"
|
|
summary: "Remove Multi Factor (MFA)";
|
|
description: "Remove a multi-factor (MFA) from the login settings of the organization. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetPasswordComplexityPolicy(GetPasswordComplexityPolicyRequest) returns (GetPasswordComplexityPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/password/complexity"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Password Complexity Settings";
|
|
description: "Returns the password complexity settings configured on the organization. The settings specify how a password should look (characters, length, etc.)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordComplexityPolicy(GetDefaultPasswordComplexityPolicyRequest) returns (GetDefaultPasswordComplexityPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/default/password/complexity"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Default Password Complexity Settings";
|
|
description: "Returns the default password complexity settings configured on the instance. The settings specify how a password should look (characters, length, etc.)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddCustomPasswordComplexityPolicy(AddCustomPasswordComplexityPolicyRequest) returns (AddCustomPasswordComplexityPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/password/complexity"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Create Password Complexity Settings";
|
|
description: "Create new password complexity settings for the organization. This will overwrite the settings of the instance for this organization. The settings specify how a password should look (characters, length, etc.)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateCustomPasswordComplexityPolicy(UpdateCustomPasswordComplexityPolicyRequest) returns (UpdateCustomPasswordComplexityPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/password/complexity"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Update Password Complexity Settings";
|
|
description: "Update the password complexity settings of the organization. The settings specify how a password should look (characters, length, etc.)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetPasswordComplexityPolicyToDefault(ResetPasswordComplexityPolicyToDefaultRequest) returns (ResetPasswordComplexityPolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/password/complexity"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Reset Password Complexity Settings to Default";
|
|
description: "Remove the password complexity settings of the organization and therefore use the default settings on the instance. The settings specify how a password should look (characters, length, etc.)"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// The password age policy is not used at the moment
|
|
rpc GetPasswordAgePolicy(GetPasswordAgePolicyRequest) returns (GetPasswordAgePolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/password/age"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Password Age Settings";
|
|
description: "Not implemented";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// The password age policy is not used at the moment
|
|
rpc GetDefaultPasswordAgePolicy(GetDefaultPasswordAgePolicyRequest) returns (GetDefaultPasswordAgePolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/default/password/age"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Default Password Age Settings";
|
|
description: "Not implemented";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// The password age policy is not used at the moment
|
|
rpc AddCustomPasswordAgePolicy(AddCustomPasswordAgePolicyRequest) returns (AddCustomPasswordAgePolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/password/age"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Add Password Age Settings";
|
|
description: "Not implemented";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// The password age policy is not used at the moment
|
|
rpc UpdateCustomPasswordAgePolicy(UpdateCustomPasswordAgePolicyRequest) returns (UpdateCustomPasswordAgePolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/password/age"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Update Password Age Settings";
|
|
description: "Not implemented";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// The password age policy is not used at the moment
|
|
rpc ResetPasswordAgePolicyToDefault(ResetPasswordAgePolicyToDefaultRequest) returns (ResetPasswordAgePolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/password/age"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Reset Password Age Settings to Default";
|
|
description: "Not implemented";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetLockoutPolicy(GetLockoutPolicyRequest) returns (GetLockoutPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/lockout"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Password Lockout Settings";
|
|
description: "Returns the password lockout settings configured on the organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLockoutPolicy(GetDefaultLockoutPolicyRequest) returns (GetDefaultLockoutPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/default/lockout"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Get Default Password Lockout Settings";
|
|
description: "Returns the default password lockout settings configured on the instance. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddCustomLockoutPolicy(AddCustomLockoutPolicyRequest) returns (AddCustomLockoutPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/lockout"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Add Password Lockout Settings";
|
|
description: "Add new password lockout settings on the organization level. This will overwrite the settings set on the instance for this organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateCustomLockoutPolicy(UpdateCustomLockoutPolicyRequest) returns (UpdateCustomLockoutPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/lockout"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Update Password Lockout Settings";
|
|
description: "Update the password lockout settings configured on the organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetLockoutPolicyToDefault(ResetLockoutPolicyToDefaultRequest) returns (ResetLockoutPolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/lockout"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Password Settings";
|
|
summary: "Reset Password Lockout Settings to Default";
|
|
description: "Remove the password lockout settings from the organization. The settings configured on the instance will trigger afterward for this organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetPrivacyPolicy(GetPrivacyPolicyRequest) returns (GetPrivacyPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/privacy"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Privacy Settings";
|
|
summary: "Get Privacy Settings";
|
|
description: "Returns the privacy settings configured on the organization. To be able to trigger the correct policy make sure to identify which organization should be requested on the login/register (organization scope). The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPrivacyPolicy(GetDefaultPrivacyPolicyRequest) returns (GetDefaultPrivacyPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/default/privacy"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Privacy Settings";
|
|
summary: "Get Default Privacy Settings";
|
|
description: "Returns the default privacy settings configured on the instance. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddCustomPrivacyPolicy(AddCustomPrivacyPolicyRequest) returns (AddCustomPrivacyPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/privacy"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Privacy Settings";
|
|
summary: "Add Privacy Settings";
|
|
description: "Add a custom privacy policy for the organization. The configuration of the instance will be overwritten. Variable {{.Lang}} can be set to have different links based on the language. Make sure to identify which settings should be triggered by sending the organization scope. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateCustomPrivacyPolicy(UpdateCustomPrivacyPolicyRequest) returns (UpdateCustomPrivacyPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/privacy"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Privacy Settings";
|
|
summary: "Update Privacy Settings";
|
|
description: "Update the custom privacy policy for the organization. Variable {{.Lang}} can be set to have different links based on the language. Make sure to identify which settings should be triggered by sending the organization scope. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetPrivacyPolicyToDefault(ResetPrivacyPolicyToDefaultRequest) returns (ResetPrivacyPolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/privacy"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Privacy Settings";
|
|
summary: "Reset Privacy Settings to Default";
|
|
description: "The settings from the organization will be removed and therefore the default settings configured on the instance will be triggered. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetNotificationPolicy(GetNotificationPolicyRequest) returns (GetNotificationPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/notification"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Notification Settings";
|
|
summary: "Get Notification Settings";
|
|
description: "Return the notification settings configured on the organization. It overwrites the default settings configured on the instance for this organization. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultNotificationPolicy(GetDefaultNotificationPolicyRequest) returns (GetDefaultNotificationPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/default/notification"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Notification Settings";
|
|
summary: "Get Default Notification Settings";
|
|
description: "Return the default notification settings configured on the instance. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddCustomNotificationPolicy(AddCustomNotificationPolicyRequest) returns (AddCustomNotificationPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/notification"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Notification Settings";
|
|
summary: "Add Notification Settings";
|
|
description: "Create notification settings for the organization and therefore overwrite the default settings for this organization. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateCustomNotificationPolicy(UpdateCustomNotificationPolicyRequest) returns (UpdateCustomNotificationPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/notification"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Notification Settings";
|
|
summary: "Update Notification Settings";
|
|
description: "Update notification settings configured for the organization. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetNotificationPolicyToDefault(ResetNotificationPolicyToDefaultRequest) returns (ResetNotificationPolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/notification"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Notification Settings";
|
|
summary: "Reset Notification Settings to Default";
|
|
description: "The settings configured will be removed from the organization. Therefore the settings from the instance will trigger for the users of this organization afterward. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetLabelPolicy(GetLabelPolicyRequest) returns (GetLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/label"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Get Private Labeling/Branding Settings";
|
|
description: "Returns the currently active private labeling/branding configured on the organization. The settings will trigger if the organization has been identified (organization scope, user). Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetPreviewLabelPolicy(GetPreviewLabelPolicyRequest) returns (GetPreviewLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/label/_preview"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Get Preview Private Labeling/Branding Settings";
|
|
description: "Returns the preview private labeling/branding configured on the organization. The preview is used to show you how it will look like, and not activate it directly for your users. In the future, it should be possible to send a preview mail and have a look at the preview login. The settings will trigger if the organization has been identified (organization scope, user). Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLabelPolicy(GetDefaultLabelPolicyRequest) returns (GetDefaultLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
get: "/policies/default/label"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Get Default Private Labeling/Branding Settings";
|
|
description: "Returns the default private labeling/branding configured on the instance. Defines what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddCustomLabelPolicy(AddCustomLabelPolicyRequest) returns (AddCustomLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/label"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Create Labeling/Branding Settings";
|
|
description: "Create the private labeling/branding configured on the organization. Make sure to activate it so it will be shown to the users. The settings will trigger if the organization has been identified (organization scope, user). Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateCustomLabelPolicy(UpdateCustomLabelPolicyRequest) returns (UpdateCustomLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
put: "/policies/label"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Update Labeling/Branding Settings";
|
|
description: "Update the preview private labeling/branding configured on the organization. The settings will trigger if the organization has been identified (organization scope, user). The preview is used to show you how it will look like, make sure to activate it as soon as you are happy with the configuration. Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ActivateCustomLabelPolicy(ActivateCustomLabelPolicyRequest) returns (ActivateCustomLabelPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/label/_activate"
|
|
body: "*"
|
|
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Activate Labeling/Branding Settings";
|
|
description: "Activates the preview private labeling/branding configured on the organization. It will be shown to the users afterward. The settings will trigger if the organization has been identified (organization scope, user). Defines what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveCustomLabelPolicyLogo(RemoveCustomLabelPolicyLogoRequest) returns (RemoveCustomLabelPolicyLogoResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/logo"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Logo Light";
|
|
description: "Removes the logo of the light theme from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveCustomLabelPolicyLogoDark(RemoveCustomLabelPolicyLogoDarkRequest) returns (RemoveCustomLabelPolicyLogoDarkResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/logo_dark"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Logo Dark";
|
|
description: "Removes the logo of the dark theme from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveCustomLabelPolicyIcon(RemoveCustomLabelPolicyIconRequest) returns (RemoveCustomLabelPolicyIconResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/icon"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Icon Light";
|
|
description: "Removes the icon of the light theme from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveCustomLabelPolicyIconDark(RemoveCustomLabelPolicyIconDarkRequest) returns (RemoveCustomLabelPolicyIconDarkResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/icon_dark"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Icon Dark";
|
|
description: "Removes the icon of the dark theme from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveCustomLabelPolicyFont(RemoveCustomLabelPolicyFontRequest) returns (RemoveCustomLabelPolicyFontResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label/font"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Remove Font";
|
|
description: "Removes the font from the configured label policy/branding of the organization. It will only be shown on the preview. Make sure to activate your changes afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetLabelPolicyToDefault(ResetLabelPolicyToDefaultRequest) returns (ResetLabelPolicyToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/label"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Settings";
|
|
tags: "Branding";
|
|
summary: "Reset Labeling/Branding Settings";
|
|
description: "Removes the label policy/branding of the organization and therefore the default settings from the instance will be shown to the users."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomInitMessageText(GetCustomInitMessageTextRequest) returns (GetCustomInitMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/init/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Init Message Text";
|
|
description: "Get the custom text of the initialize-user message/email that is set on the organization. The email is sent when a user is created and has either no password or a non-verified email address."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultInitMessageText(GetDefaultInitMessageTextRequest) returns (GetDefaultInitMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/init/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Init Message Text";
|
|
description: "Get the default text of the initialize-user message/email that is set either on the instance or in the filesystem of ZITADEL. The email is sent when a user is created and has either no password or a non-verified email address."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetCustomInitMessageText(SetCustomInitMessageTextRequest) returns (SetCustomInitMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/init/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Custom Init Message Text";
|
|
description: "Set the custom text of the initialize-user message/email the default texts will be overwritten for the organization. The email is sent when a user is created and has either no password or a non-verified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomInitMessageTextToDefault(ResetCustomInitMessageTextToDefaultRequest) returns (ResetCustomInitMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/init/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Init Message Text to Default";
|
|
description: "Removes the custom text of the initialize-user message/email that is overwritten on the organization and triggers the default text instead."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomPasswordResetMessageText(GetCustomPasswordResetMessageTextRequest) returns (GetCustomPasswordResetMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/passwordreset/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Password Reset Message Text";
|
|
description: "Get the custom text of the password reset message/email that is set on the organization. The email is sent when a user triggers the password forgot-request."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordResetMessageText(GetDefaultPasswordResetMessageTextRequest) returns (GetDefaultPasswordResetMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/passwordreset/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Password Reset Message Text";
|
|
description: "Get the default text of the password reset message/email that is set on the instance or in the files of ZITADEL. The email is sent when a user triggers the password forgot-request."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetCustomPasswordResetMessageText(SetCustomPasswordResetMessageTextRequest) returns (SetCustomPasswordResetMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/passwordreset/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Custom Password Reset Message Text";
|
|
description: "Set the custom text of the password reset user message/email for the organization. The email is sent when a user triggers the password forgot-request. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomPasswordResetMessageTextToDefault(ResetCustomPasswordResetMessageTextToDefaultRequest) returns (ResetCustomPasswordResetMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/verifyemail/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Password Reset Message Text to Default";
|
|
description: "Removes the custom text of the password reset user message/email and the default will trigger afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomVerifyEmailMessageText(GetCustomVerifyEmailMessageTextRequest) returns (GetCustomVerifyEmailMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/verifyemail/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Verify Email Message Text";
|
|
description: "Get the custom text of the verify-email message/email that is set on the organization. The email is sent when a user adds a new non-verified email address."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultVerifyEmailMessageText(GetDefaultVerifyEmailMessageTextRequest) returns (GetDefaultVerifyEmailMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/verifyemail/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Verify Email Message Text";
|
|
description: "Get the default text of the verify-email message/email that is set on the instance or as translation files in ZITADEL itself. The email is sent when a user adds a new non-verified email address."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetCustomVerifyEmailMessageText(SetCustomVerifyEmailMessageTextRequest) returns (SetCustomVerifyEmailMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/verifyemail/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Verify Email Message Text";
|
|
description: "Set the custom text of the verify-email user message/email for the organization. The email is sent when a user adds a new nonverified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomVerifyEmailMessageTextToDefault(ResetCustomVerifyEmailMessageTextToDefaultRequest) returns (ResetCustomVerifyEmailMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/verifyemail/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Verify Email Message Text to Default";
|
|
description: "Removes the custom text of the email verify message/email and therefore the default settings will trigger afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomVerifyPhoneMessageText(GetCustomVerifyPhoneMessageTextRequest) returns (GetCustomVerifyPhoneMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/verifyphone/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Verify Phone Message Text";
|
|
description: "Get the custom text of the verify-phone message that is set on the organization. The message is sent when a user adds a new non-verified phone number and a notification provider is configured."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultVerifyPhoneMessageText(GetDefaultVerifyPhoneMessageTextRequest) returns (GetDefaultVerifyPhoneMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/verifyphone/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Verify Phone Message Text";
|
|
description: "Get the default text of the verify-phone message that is set on the instance or as translation files in ZITADEL itself. The message is sent when a user adds a new non-verified phone number and a notification provider is configured."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetCustomVerifyPhoneMessageText(SetCustomVerifyPhoneMessageTextRequest) returns (SetCustomVerifyPhoneMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/verifyphone/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Custom Verify Phone Reset Message Text";
|
|
description: "Set the custom text of the verify-phone message for the organization. The message is sent when a user adds a new non-verified phone number and a notification provider is configured. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomVerifyPhoneMessageTextToDefault(ResetCustomVerifyPhoneMessageTextToDefaultRequest) returns (ResetCustomVerifyPhoneMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/verifyphone/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Verify Phone Message Text to Default";
|
|
description: "Removes the custom text of the verify-phone message from the organization and therefore the default texts will trigger for the users afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomDomainClaimedMessageText(GetCustomDomainClaimedMessageTextRequest) returns (GetCustomDomainClaimedMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/domainclaimed/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Domain Claimed Message Text";
|
|
description: "Get the custom text of the domain claimed message/email that is configured on the organization. The message is sent when an organization claims a domain and a user of this domain exists in another organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultDomainClaimedMessageText(GetDefaultDomainClaimedMessageTextRequest) returns (GetDefaultDomainClaimedMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/domainclaimed/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Domain Claimed Message Text";
|
|
description: "Get the default text of the domain claimed message/email that is set on the instance or as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an organization claims a domain and a user of this domain exists in another organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetCustomDomainClaimedMessageCustomText(SetCustomDomainClaimedMessageTextRequest) returns (SetCustomDomainClaimedMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/domainclaimed/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Custom Domain Claimed Message Text";
|
|
description: "Set the custom text of the domain claimed message/email for the organization. The message/email is sent when an organization claims a domain and a user of this domain exists in another organization. The Following Variables can be used: {{.Domain}} {{.TempUsername}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomDomainClaimedMessageTextToDefault(ResetCustomDomainClaimedMessageTextToDefaultRequest) returns (ResetCustomDomainClaimedMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/domainclaimed/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Domain Claimed Message Text to Default";
|
|
description: "Removes the custom text of the domain claimed message that is configured on the organization and triggers the text from the instance or translation files in ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomPasswordlessRegistrationMessageText(GetCustomPasswordlessRegistrationMessageTextRequest) returns (GetCustomPasswordlessRegistrationMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/passwordless_registration/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Passwordless Registration Message Text";
|
|
description: "Get the custom text of the passwordless/passkey registration message/email that is configured on the organization. The message is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordlessRegistrationMessageText(GetDefaultPasswordlessRegistrationMessageTextRequest) returns (GetDefaultPasswordlessRegistrationMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/passwordless_registration/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Passwordless Registration Message Text";
|
|
description: "Get the default text of the domain claimed message/email that is configured on the instance or as translation files in ZITADEL. The message is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetCustomPasswordlessRegistrationMessageCustomText(SetCustomPasswordlessRegistrationMessageTextRequest) returns (SetCustomPasswordlessRegistrationMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/passwordless_registration/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Default Passwordless Registration Message Text";
|
|
description: "Set the custom text of the passwordless/passkey registration message/email for the organization. The message/email is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomPasswordlessRegistrationMessageTextToDefault(ResetCustomPasswordlessRegistrationMessageTextToDefaultRequest) returns (ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/passwordless_registration/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Passwordless Registration Message Text to Default";
|
|
description: "Removes the custom text of the passwordless/passkey registration from the organization and therefore the default configuration from the instance or translation files will be triggered for the users."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomPasswordChangeMessageText(GetCustomPasswordChangeMessageTextRequest) returns (GetCustomPasswordChangeMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/message/password_change/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Custom Password Change Message Text";
|
|
description: "Get the custom text of the password-changed message/email that is configured on the organization. The message is sent when the password of a user has been changed."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordChangeMessageText(GetDefaultPasswordChangeMessageTextRequest) returns (GetDefaultPasswordChangeMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/message/password_change/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Get Default Password Change Message Text";
|
|
description: "Get the default text of the password-changed message/email that is configured on the instance or as translation files in ZITADEL itself. The message is sent when the password of a user has been changed."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetCustomPasswordChangeMessageCustomText(SetCustomPasswordChangeMessageTextRequest) returns (SetCustomPasswordChangeMessageTextResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/message/password_change/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Set Custom Password Changed Message Text";
|
|
description: "Set the custom text of the password-changed message/email for the organization. The message/email is sent when the password of a user has been changed. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomPasswordChangeMessageTextToDefault(ResetCustomPasswordChangeMessageTextToDefaultRequest) returns (ResetCustomPasswordChangeMessageTextToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/message/password_change/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Message Texts";
|
|
summary: "Reset Custom Password Changed Message Text to Default";
|
|
description: "Removes the custom text of the password-changed message from the organization and therefore the default texts from the instance or translation files will be triggered for the users."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetCustomLoginTexts(GetCustomLoginTextsRequest) returns (GetCustomLoginTextsResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/login/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Login Texts";
|
|
summary: "Get Custom Login Text";
|
|
description: "Get the custom texts for the login and register UI of ZITADEL, which are configured on the organization. The text from the organization will trigger as soon as the organization is identified (organization scope or user)."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLoginTexts(GetDefaultLoginTextsRequest) returns (GetDefaultLoginTextsResponse) {
|
|
option (google.api.http) = {
|
|
get: "/text/default/login/{language}";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.read";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Login Texts";
|
|
summary: "Get Default Login Text";
|
|
description: "Get the default texts for the login and register UI of ZITADEL, which are configured on the instance or as translation files in ZITADEL itself. The text will be shown to the users of all organizations, that do not have a custom text configured. Or if the organization context is not given."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetCustomLoginText(SetCustomLoginTextsRequest) returns (SetCustomLoginTextsResponse) {
|
|
option (google.api.http) = {
|
|
put: "/text/login/{language}";
|
|
body: "*";
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.write";
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Login Texts";
|
|
summary: "Set Default Login Text";
|
|
description: "Set the custom texts for the login and register UI of ZITADEL for the organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ResetCustomLoginTextToDefault(ResetCustomLoginTextsToDefaultRequest) returns (ResetCustomLoginTextsToDefaultResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/text/login/{language}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "policy.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Login Texts";
|
|
summary: "Reset Custom Login Text to Default";
|
|
description: "Removes the custom texts for the login and register UI from the organization and therefore the configuration of the instance or the translation files in ZITADEL itself will trigger."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetOrgIDPByID(GetOrgIDPByIDRequest) returns (GetOrgIDPByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/idps/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Get Identity Provider (IDP) by ID";
|
|
description: "Returns an identity provider (social/enterprise login) by its ID e.g Google, AzureAD, etc that is configured on the organization."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListOrgIDPs(ListOrgIDPsRequest) returns (ListOrgIDPsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Search Identity Providers (IDPs)";
|
|
description: "Returns a list of identity providers (social/enterprise login) configured on the organization. e.g Google, AzureAD, etc."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddOrgOIDCIDP(AddOrgOIDCIDPRequest) returns (AddOrgOIDCIDPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/oidc"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Add OIDC Identity Provider (IDP)";
|
|
description: "Create a new identity provider configuration on the organization to enable your users to log in with social/enterprise login. The provider has to be OIDC-compliant. This configuration can only be used by the organization itself."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc AddOrgJWTIDP(AddOrgJWTIDPRequest) returns (AddOrgJWTIDPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/jwt"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Add JWT Identity Provider (IDP)";
|
|
description: "Create a new identity provider configuration on the organization to enable your users to log in with social/enterprise login. JSON Web Token Identity Provider (JWT IDP) gives you the possibility to use an (existing) JWT as a federated identity. You have to provide an endpoint where ZITADEL can get the existing JWT token."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateOrgIDP(DeactivateOrgIDPRequest) returns (DeactivateOrgIDPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/{idp_id}/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Deactivate Identity Provider (IDP)";
|
|
description: "Sets the state of the provider to inactive. It can only be called for the provider with the state active. Users will not be able to log in with the given provider afterward. It might cause troubles if it is the only authentication method of the user."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateOrgIDP(ReactivateOrgIDPRequest) returns (ReactivateOrgIDPResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/{idp_id}/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Reactivate Identity Provider (IDP)";
|
|
description: "Sets the state of the provider to active. It can only be called for providers with the state inactive. Users will not be able to log in again with the given provider."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc RemoveOrgIDP(RemoveOrgIDPRequest) returns (RemoveOrgIDPResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/idps/{idp_id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Remove Identity Provider (IDP)";
|
|
description: "Removes the identity provider permanently. All links to the given IDP on users will be deleted as well. They will not be able to log in with the provider afterward. If it is their only authentication possibility it might cause problems."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateOrgIDP(UpdateOrgIDPRequest) returns (UpdateOrgIDPResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{idp_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Update Identity Provider (IDP)";
|
|
description: "Update an existing IDP. All fields are updated. If you do not send a value in a field, it will be empty afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateOrgIDPOIDCConfig(UpdateOrgIDPOIDCConfigRequest) returns (UpdateOrgIDPOIDCConfigResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{idp_id}/oidc_config"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Update OIDC Identity Provider (IDP)";
|
|
description: "Update the OIDC-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateOrgIDPJWTConfig(UpdateOrgIDPJWTConfigRequest) returns (UpdateOrgIDPJWTConfigResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{idp_id}/jwt_config"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Identity Providers";
|
|
summary: "Update JWT Identity Provider (IDP)";
|
|
description: "Update the JWT-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
// Returns all identity providers, which match the query
|
|
// Limit should always be set, there is a default limit set by the service
|
|
rpc ListProviders(ListProvidersRequest) returns (ListProvidersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/templates/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.read"
|
|
};
|
|
}
|
|
|
|
// Returns an identity provider of the organization
|
|
rpc GetProviderByID(GetProviderByIDRequest) returns (GetProviderByIDResponse) {
|
|
option (google.api.http) = {
|
|
get: "/idps/templates/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.read"
|
|
};
|
|
}
|
|
|
|
// Add a new OAuth2 identity provider in the organization
|
|
rpc AddGenericOAuthProvider(AddGenericOAuthProviderRequest) returns (AddGenericOAuthProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/oauth"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing OAuth2 identity provider in the organization
|
|
rpc UpdateGenericOAuthProvider(UpdateGenericOAuthProviderRequest) returns (UpdateGenericOAuthProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/oauth/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new OIDC identity provider in the organization
|
|
rpc AddGenericOIDCProvider(AddGenericOIDCProviderRequest) returns (AddGenericOIDCProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/generic_oidc"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing OIDC identity provider in the organization
|
|
rpc UpdateGenericOIDCProvider(UpdateGenericOIDCProviderRequest) returns (UpdateGenericOIDCProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/generic_oidc/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new JWT identity provider in the organization
|
|
rpc AddJWTProvider(AddJWTProviderRequest) returns (AddJWTProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/generic_jwt"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing JWT identity provider in the organization
|
|
rpc UpdateJWTProvider(UpdateJWTProviderRequest) returns (UpdateJWTProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/generic_jwt/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new Azure AD identity provider in the organisation
|
|
rpc AddAzureADProvider(AddAzureADProviderRequest) returns (AddAzureADProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/azure"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing Azure AD identity provider in the organisation
|
|
rpc UpdateAzureADProvider(UpdateAzureADProviderRequest) returns (UpdateAzureADProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/azure/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new GitHub identity provider in the organization
|
|
rpc AddGitHubProvider(AddGitHubProviderRequest) returns (AddGitHubProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/github"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing GitHub identity provider in the organization
|
|
rpc UpdateGitHubProvider(UpdateGitHubProviderRequest) returns (UpdateGitHubProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/github/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new GitHub Enterprise Server identity provider in the organization
|
|
rpc AddGitHubEnterpriseServerProvider(AddGitHubEnterpriseServerProviderRequest) returns (AddGitHubEnterpriseServerProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/github_es"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing GitHub Enterprise Server identity provider in the organization
|
|
rpc UpdateGitHubEnterpriseServerProvider(UpdateGitHubEnterpriseServerProviderRequest) returns (UpdateGitHubEnterpriseServerProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/github_es/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new GitLab identity provider in the organization
|
|
rpc AddGitLabProvider(AddGitLabProviderRequest) returns (AddGitLabProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/gitlab"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing GitLab identity provider in the organization
|
|
rpc UpdateGitLabProvider(UpdateGitLabProviderRequest) returns (UpdateGitLabProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/gitlab/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new self hosted GitLab identity provider in the organization
|
|
rpc AddGitLabSelfHostedProvider(AddGitLabSelfHostedProviderRequest) returns (AddGitLabSelfHostedProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/gitlab_self_hosted"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing self hosted GitLab identity provider in the organization
|
|
rpc UpdateGitLabSelfHostedProvider(UpdateGitLabSelfHostedProviderRequest) returns (UpdateGitLabSelfHostedProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/gitlab_self_hosted/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new Google identity provider in the organization
|
|
rpc AddGoogleProvider(AddGoogleProviderRequest) returns (AddGoogleProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/google"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing Google identity provider in the organization
|
|
rpc UpdateGoogleProvider(UpdateGoogleProviderRequest) returns (UpdateGoogleProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/google/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Add a new LDAP identity provider in the organization
|
|
rpc AddLDAPProvider(AddLDAPProviderRequest) returns (AddLDAPProviderResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/ldap"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Change an existing LDAP identity provider in the organization
|
|
rpc UpdateLDAPProvider(UpdateLDAPProviderRequest) returns (UpdateLDAPProviderResponse) {
|
|
option (google.api.http) = {
|
|
put: "/idps/ldap/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
// Remove an identity provider
|
|
// Will remove all linked providers of this configuration on the users
|
|
rpc DeleteProvider(DeleteProviderRequest) returns (DeleteProviderResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/idps/templates/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.idp.write"
|
|
};
|
|
}
|
|
|
|
rpc ListActions(ListActionsRequest) returns (ListActionsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/actions/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.action.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Search Actions";
|
|
description: "Returns a list of actions matching the query. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetAction(GetActionRequest) returns (GetActionResponse) {
|
|
option (google.api.http) = {
|
|
get: "/actions/{id}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.action.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Get Action By ID";
|
|
description: "Returns an action by id. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc CreateAction(CreateActionRequest) returns (CreateActionResponse) {
|
|
option (google.api.http) = {
|
|
post: "/actions"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.action.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Create Action";
|
|
description: "Create a new ZITADEL action. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc UpdateAction(UpdateActionRequest) returns (UpdateActionResponse) {
|
|
option (google.api.http) = {
|
|
put: "/actions/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.action.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Update Action";
|
|
description: "Update an existing ZITADEL action. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeactivateAction(DeactivateActionRequest) returns (DeactivateActionResponse) {
|
|
option (google.api.http) = {
|
|
post: "/actions/{id}/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.action.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Deactivate Action";
|
|
description: "Deactivate an existing action. The action will not be executed if configured in a flow. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ReactivateAction(ReactivateActionRequest) returns (ReactivateActionResponse) {
|
|
option (google.api.http) = {
|
|
post: "/actions/{id}/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.action.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Reactivate Action";
|
|
description: "Reactivate an existing action that is deactivated. The action will be executed again if configured in a flow. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc DeleteAction(DeleteActionRequest) returns (DeleteActionResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/actions/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.action.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Delete Action";
|
|
description: "Remove an existing action. Actions are custom code written in javascript, that can be run at a specified point/flow/trigger in ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListFlowTypes(ListFlowTypesRequest) returns (ListFlowTypesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/flows/types/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.flow.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Search Flow Types";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ListFlowTriggerTypes(ListFlowTriggerTypesRequest) returns (ListFlowTriggerTypesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/flows/{type}/triggers/_search"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.flow.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "List Flow Trigger Types";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc GetFlow(GetFlowRequest) returns (GetFlowResponse) {
|
|
option (google.api.http) = {
|
|
get: "/flows/{type}"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.flow.read"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Get Flow";
|
|
description: "Returns a flow. Flows are the links between an action and a specific point during a user interaction with ZITADEL."
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc ClearFlow(ClearFlowRequest) returns (ClearFlowResponse) {
|
|
option (google.api.http) = {
|
|
post: "/flows/{type}/_clear"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.flow.delete"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Clear Flow";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
rpc SetTriggerActions(SetTriggerActionsRequest) returns (SetTriggerActionsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/flows/{flow_type}/trigger/{trigger_type}"
|
|
body: "*"
|
|
};
|
|
|
|
option (zitadel.v1.auth_option) = {
|
|
permission: "org.flow.write"
|
|
};
|
|
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
tags: "Actions";
|
|
summary: "Set Trigger Actions";
|
|
parameters: {
|
|
headers: {
|
|
name: "x-zitadel-orgid";
|
|
description: "The default is always the organization of the requesting user. If you like to get users of another organization include the header. Make sure the user has permission to access the requested data.";
|
|
type: STRING,
|
|
required: false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
}
|
|
|
|
//This is an empty request
|
|
message HealthzRequest {}
|
|
|
|
//This is an empty response
|
|
message HealthzResponse {}
|
|
|
|
//This is an empty request
|
|
message GetOIDCInformationRequest {}
|
|
|
|
message GetOIDCInformationResponse {
|
|
string issuer = 1;
|
|
string discovery_endpoint = 2;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetIAMRequest {}
|
|
|
|
message GetIAMResponse {
|
|
//deprecated: use default_org_id instead
|
|
string global_org_id = 1;
|
|
string iam_project_id = 2;
|
|
string default_org_id = 3;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetSupportedLanguagesRequest {}
|
|
|
|
message GetSupportedLanguagesResponse {
|
|
repeated string languages = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"en\", \"de\", \"it\"]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetUserByIDRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
description: "User ID of the user you like to get."
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetUserByIDResponse {
|
|
zitadel.user.v1.User user = 1;
|
|
}
|
|
|
|
message GetUserByLoginNameGlobalRequest{
|
|
string login_name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"minnie-mouse\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetUserByLoginNameGlobalResponse {
|
|
zitadel.user.v1.User user = 1;
|
|
}
|
|
|
|
message ListUsersRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
// the field the result is sorted
|
|
zitadel.user.v1.UserFieldName sorting_column = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.user.v1.SearchQuery queries = 3;
|
|
}
|
|
|
|
message ListUsersResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
zitadel.user.v1.UserFieldName sorting_column = 2;
|
|
repeated zitadel.user.v1.User result = 3;
|
|
}
|
|
|
|
message ListUserChangesRequest {
|
|
//list limitations and ordering
|
|
zitadel.change.v1.ChangeQuery query = 1;
|
|
string user_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ListUserChangesResponse {
|
|
reserved 1;
|
|
reserved "details";
|
|
// zitadel.v1.ListDetails details = 1; was always returned empty (as we cannot get the necessary info)
|
|
repeated zitadel.change.v1.Change result = 2;
|
|
}
|
|
|
|
message IsUserUniqueRequest {
|
|
string user_name = 1 [(validate.rules).string = {max_len: 200}];
|
|
string email = 2 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message IsUserUniqueResponse {
|
|
bool is_unique = 1;
|
|
}
|
|
|
|
message AddHumanUserRequest {
|
|
message Profile {
|
|
string first_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string last_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string nick_name = 3 [(validate.rules).string = {max_len: 200}];
|
|
string display_name = 4 [(validate.rules).string = {max_len: 200}];
|
|
string preferred_language = 5 [(validate.rules).string = {max_len: 10}];
|
|
zitadel.user.v1.Gender gender = 6;
|
|
}
|
|
message Email {
|
|
string email = 1 [(validate.rules).string.email = true];
|
|
bool is_email_verified = 2;
|
|
}
|
|
message Phone {
|
|
// has to be a global number
|
|
string phone = 1 [(validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"}];
|
|
bool is_phone_verified = 2;
|
|
}
|
|
|
|
string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
|
|
Profile profile = 2 [(validate.rules).message.required = true];
|
|
Email email = 3 [(validate.rules).message.required = true];
|
|
Phone phone = 4;
|
|
string initial_password = 5;
|
|
}
|
|
|
|
message AddHumanUserResponse {
|
|
string user_id = 1;
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
// Describe my Import Human User Request
|
|
message ImportHumanUserRequest {
|
|
message Profile {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
title: "Profile"
|
|
description: "Profile includes the basic information of a user, like first name, last name, etc."
|
|
}
|
|
};
|
|
string first_name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Minnie\"";
|
|
}
|
|
];
|
|
string last_name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Mouse\"";
|
|
}
|
|
];
|
|
string nick_name = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"Mini\"";
|
|
}
|
|
];
|
|
string display_name = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"Minnie Mouse\"";
|
|
}
|
|
];
|
|
string preferred_language = 5 [
|
|
(validate.rules).string = {max_len: 10},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 10;
|
|
example: "\"en\"";
|
|
}
|
|
];
|
|
zitadel.user.v1.Gender gender = 6 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"GENDER_FEMALE\"";
|
|
}];
|
|
}
|
|
message Email {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
title: "Email"
|
|
}
|
|
};
|
|
string email = 1 [
|
|
(validate.rules).string.email = true,
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"minnie@mouse.com\"";
|
|
description: "Object that contains the email address and a verified flag."
|
|
}];
|
|
bool is_email_verified = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If email verified is set to true, the email will be added as verified and the user doesn't have to verify."
|
|
}
|
|
];
|
|
}
|
|
message Phone {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
title: "Phone"
|
|
description: "Object that contains the number and a verified flag"
|
|
}
|
|
};
|
|
string phone = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)";
|
|
min_length: 1;
|
|
max_length: 50;
|
|
example: "\"+41 71 000 00 00\"";
|
|
}
|
|
];
|
|
bool is_phone_verified = 2;
|
|
}
|
|
message HashedPassword{
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
|
|
json_schema: {
|
|
title: "Hashed Password",
|
|
description: "Use this to import hashed passwords from another system."
|
|
}
|
|
};
|
|
string value = 1;
|
|
string algorithm = 2;
|
|
}
|
|
message IDP {
|
|
string config_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"idp-config-id\"";
|
|
min_length: 1,
|
|
max_length: 200,
|
|
description: "The internal ID of the identity provider configured in ZITADEL."
|
|
}
|
|
];
|
|
string external_user_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"idp-config-id\"";
|
|
description: "The id of the user in the external identity provider"
|
|
}
|
|
];
|
|
string display_name = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200,
|
|
example: "\"minnie.mouse@gmail.com\"";
|
|
description: "A display name ZITADEL can show on the linked provider."
|
|
}
|
|
];
|
|
}
|
|
|
|
string user_name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"minnie-mouse\"";
|
|
}
|
|
];
|
|
|
|
Profile profile = 2 [
|
|
(validate.rules).message.required = true,
|
|
(google.api.field_behavior) = REQUIRED
|
|
];
|
|
Email email = 3 [
|
|
(validate.rules).message.required = true,
|
|
(google.api.field_behavior) = REQUIRED
|
|
];
|
|
Phone phone = 4;
|
|
string password = 5;
|
|
HashedPassword hashed_password = 6;
|
|
bool password_change_required = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If this is set to true, the user has to change the password on the next login.";
|
|
example: "true";
|
|
}
|
|
];
|
|
bool request_passwordless_registration = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If this is set to true, you will get a link for the passwordless/passkey registration in the response.";
|
|
example: "true";
|
|
}
|
|
];
|
|
string otp_code = 9;
|
|
repeated IDP idps = 10 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
title: "Identity Provider";
|
|
description: "To link your user directly with an external identity provider (Identity brokering)"
|
|
}
|
|
];
|
|
}
|
|
|
|
message ImportHumanUserResponse {
|
|
message PasswordlessRegistration {
|
|
string link = 1;
|
|
//deprecated: use expiration instead
|
|
google.protobuf.Duration lifetime = 2;
|
|
google.protobuf.Duration expiration = 3;
|
|
}
|
|
|
|
string user_id = 1;
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
PasswordlessRegistration passwordless_registration = 3;
|
|
}
|
|
|
|
message AddMachineUserRequest {
|
|
string user_name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"robot\"";
|
|
}
|
|
];
|
|
|
|
string name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"My Machine Account\"";
|
|
}
|
|
];
|
|
string description = 3 [
|
|
(validate.rules).string = {max_len: 500},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 500;
|
|
example: "\"First machine account used for API XY.\"";
|
|
}
|
|
];
|
|
|
|
zitadel.user.v1.AccessTokenType access_token_type = 4 [
|
|
(validate.rules).enum = {defined_only: true}
|
|
];
|
|
}
|
|
|
|
message AddMachineUserResponse {
|
|
string user_id = 1;
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message DeactivateUserRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message DeactivateUserResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ReactivateUserRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ReactivateUserResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message LockUserRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}];
|
|
}
|
|
|
|
message LockUserResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UnlockUserRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UnlockUserResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveUserRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}];
|
|
}
|
|
|
|
message RemoveUserResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateUserNameRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}];
|
|
string user_name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"minnie-mouse-updated\"";
|
|
}];
|
|
}
|
|
|
|
message UpdateUserNameResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListUserMetadataRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.v1.ListQuery query = 2;
|
|
repeated zitadel.metadata.v1.MetadataQuery queries = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
title: "Medata Query"
|
|
description: "Metadata object-specific queries."
|
|
}];
|
|
}
|
|
|
|
message ListUserMetadataResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.metadata.v1.Metadata result = 2;
|
|
}
|
|
|
|
message GetUserMetadataRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string key = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetUserMetadataResponse {
|
|
zitadel.metadata.v1.Metadata metadata = 1;
|
|
}
|
|
|
|
message SetUserMetadataRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"my-user-id\"";
|
|
min_length: 1,
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string key = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"my-key\"";
|
|
min_length: 1,
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bytes value = 3 [
|
|
(validate.rules).bytes = {min_len: 1, max_len: 500000},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "The value has to be base64 encoded.";
|
|
example: "\"VGhpcyBpcyBteSB0ZXN0IHZhbHVl\"";
|
|
min_length: 1,
|
|
max_length: 500000;
|
|
}
|
|
];
|
|
}
|
|
|
|
message SetUserMetadataResponse {
|
|
string id = 1;
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message BulkSetUserMetadataRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
message Metadata {
|
|
string key = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
bytes value = 2 [(validate.rules).bytes = {min_len: 1, max_len: 500000}];
|
|
}
|
|
repeated Metadata metadata = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
title: "Medata (Key/Value)"
|
|
description: "The values have to be base64 encoded.";
|
|
example: "[{\"key\": \"test1\", \"value\": \"VGhpcyBpcyBteSBmaXJzdCB2YWx1ZQ==\"}, {\"key\": \"test2\", \"value\": \"VGhpcyBpcyBteSBzZWNvbmQgdmFsdWU=\"}]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message BulkSetUserMetadataResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveUserMetadataRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string key = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveUserMetadataResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message BulkRemoveUserMetadataRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string keys = 2 [
|
|
(validate.rules).repeated.items.string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "A list of keys that should be removed"
|
|
example: "[\"test1\", \"test2\"]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message BulkRemoveUserMetadataResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetHumanProfileRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetHumanProfileResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
zitadel.user.v1.Profile profile = 2;
|
|
}
|
|
|
|
message UpdateHumanProfileRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
|
|
string first_name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Gigi\"";
|
|
}
|
|
];
|
|
string last_name = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Giraffe\"";
|
|
}
|
|
];
|
|
string nick_name = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"Gigi\"";
|
|
}
|
|
];
|
|
string display_name = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Gigi\"";
|
|
}
|
|
];
|
|
string preferred_language = 6 [
|
|
(validate.rules).string = {max_len: 10},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 10;
|
|
example: "\"en\"";
|
|
}
|
|
];
|
|
zitadel.user.v1.Gender gender = 7;
|
|
}
|
|
|
|
message UpdateHumanProfileResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetHumanEmailRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetHumanEmailResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
zitadel.user.v1.Email email = 2;
|
|
}
|
|
|
|
message UpdateHumanEmailRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
|
|
string email = 2 [
|
|
(validate.rules).string.email = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi@zitadel.com\"";
|
|
}
|
|
];
|
|
bool is_email_verified = 3;
|
|
}
|
|
|
|
message UpdateHumanEmailResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResendHumanInitializationRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string email = 2 [
|
|
(validate.rules).string = {ignore_empty: true, email: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"updated-email@test.com\"";
|
|
description: "Send a new email address if the one set on the user is wrong or has a typo."
|
|
}
|
|
];
|
|
}
|
|
|
|
message ResendHumanInitializationResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResendHumanEmailVerificationRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResendHumanEmailVerificationResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetHumanPhoneRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetHumanPhoneResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
zitadel.user.v1.Phone phone = 2;
|
|
}
|
|
|
|
message UpdateHumanPhoneRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string phone = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)";
|
|
min_length: 1;
|
|
max_length: 50;
|
|
example: "\"+41 71 000 00 00\"";
|
|
}
|
|
];
|
|
bool is_phone_verified = 3;
|
|
}
|
|
|
|
message UpdateHumanPhoneResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveHumanPhoneRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveHumanPhoneResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResendHumanPhoneVerificationRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResendHumanPhoneVerificationResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveHumanAvatarRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveHumanAvatarResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message SetHumanInitialPasswordRequest {
|
|
string user_id = 1 [(validate.rules).string.min_len = 1];
|
|
string password = 2 [(validate.rules).string = {min_len: 1, max_len: 72}];
|
|
}
|
|
|
|
message SetHumanInitialPasswordResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message SetHumanPasswordRequest {
|
|
string user_id = 1 [(validate.rules).string.min_len = 1];
|
|
string password = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 72},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 72;
|
|
example: "\"MyNewPassword1234!\"";
|
|
}
|
|
];
|
|
bool no_change_required = 3;
|
|
}
|
|
|
|
message SetHumanPasswordResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message SendHumanResetPasswordNotificationRequest {
|
|
enum Type {
|
|
TYPE_EMAIL = 0;
|
|
TYPE_SMS = 1;
|
|
}
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
Type type = 2 [(validate.rules).enum.defined_only = true];
|
|
}
|
|
|
|
message SendHumanResetPasswordNotificationResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListHumanAuthFactorsRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ListHumanAuthFactorsResponse {
|
|
repeated zitadel.user.v1.AuthFactor result = 1;
|
|
}
|
|
|
|
message RemoveHumanAuthFactorOTPRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveHumanAuthFactorOTPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveHumanAuthFactorU2FRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveHumanAuthFactorU2FResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListHumanPasswordlessRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ListHumanPasswordlessResponse {
|
|
repeated zitadel.user.v1.WebAuthNToken result = 1;
|
|
}
|
|
|
|
message AddPasswordlessRegistrationRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message AddPasswordlessRegistrationResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string link = 2;
|
|
google.protobuf.Duration expiration = 3;
|
|
}
|
|
|
|
message SendPasswordlessRegistrationRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message SendPasswordlessRegistrationResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveHumanPasswordlessRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveHumanPasswordlessResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateMachineRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string description = 2 [(validate.rules).string.max_len = 500];
|
|
string name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.user.v1.AccessTokenType access_token_type = 4 [(validate.rules).enum = {defined_only: true}];
|
|
}
|
|
|
|
message UpdateMachineResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GenerateMachineSecretRequest {
|
|
string user_id = 1 [(validate.rules).string.min_len = 1];
|
|
}
|
|
|
|
message GenerateMachineSecretResponse {
|
|
string client_id = 1;
|
|
string client_secret = 2;
|
|
zitadel.v1.ObjectDetails details = 3;
|
|
}
|
|
|
|
message RemoveMachineSecretRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveMachineSecretResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetMachineKeyByIDsRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string key_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetMachineKeyByIDsResponse {
|
|
zitadel.authn.v1.Key key = 1;
|
|
}
|
|
|
|
message ListMachineKeysRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 2;
|
|
}
|
|
|
|
message ListMachineKeysResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.authn.v1.Key result = 2;
|
|
}
|
|
|
|
message AddMachineKeyRequest {
|
|
string user_id = 1 [(validate.rules).string.min_len = 1];
|
|
zitadel.authn.v1.KeyType type = 2 [
|
|
(validate.rules).enum = {defined_only: true, not_in: [0]},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"KEY_TYPE_JSON\"";
|
|
description: "The date the key will expire and no logins will be possible";
|
|
}
|
|
];
|
|
google.protobuf.Timestamp expiration_date = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2519-04-01T08:45:00.000000Z\"";
|
|
description: "The date the key will expire and no logins will be possible";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddMachineKeyResponse {
|
|
string key_id = 1;
|
|
bytes key_details = 2;
|
|
zitadel.v1.ObjectDetails details = 3;
|
|
}
|
|
|
|
message RemoveMachineKeyRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string key_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveMachineKeyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetPersonalAccessTokenByIDsRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetPersonalAccessTokenByIDsResponse {
|
|
zitadel.user.v1.PersonalAccessToken token = 1;
|
|
}
|
|
|
|
message ListPersonalAccessTokensRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 2;
|
|
}
|
|
|
|
message ListPersonalAccessTokensResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.user.v1.PersonalAccessToken result = 2;
|
|
}
|
|
|
|
message AddPersonalAccessTokenRequest {
|
|
string user_id = 1 [(validate.rules).string.min_len = 1];
|
|
google.protobuf.Timestamp expiration_date = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2519-04-01T08:45:00.000000Z\"";
|
|
description: "The date the token will expire and no logins will be possible";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddPersonalAccessTokenResponse {
|
|
string token_id = 1;
|
|
string token = 2;
|
|
zitadel.v1.ObjectDetails details = 3;
|
|
}
|
|
|
|
message RemovePersonalAccessTokenRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemovePersonalAccessTokenResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListHumanLinkedIDPsRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 2;
|
|
}
|
|
|
|
message ListHumanLinkedIDPsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.idp.v1.IDPUserLink result = 2;
|
|
}
|
|
|
|
message RemoveHumanLinkedIDPRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string idp_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string linked_user_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveHumanLinkedIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListUserMembershipsRequest {
|
|
//list limitations and ordering
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//the field the result is sorted
|
|
zitadel.v1.ListQuery query = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.user.v1.MembershipQuery queries = 3;
|
|
}
|
|
|
|
message ListUserMembershipsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.user.v1.Membership result = 2;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetMyOrgRequest {}
|
|
|
|
message GetMyOrgResponse {
|
|
zitadel.org.v1.Org org = 1;
|
|
}
|
|
|
|
message GetOrgByDomainGlobalRequest {
|
|
string domain = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200} ,
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"zitadel.cloud\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ListOrgChangesRequest {
|
|
//list limitations and ordering
|
|
zitadel.change.v1.ChangeQuery query = 1;
|
|
}
|
|
|
|
message ListOrgChangesResponse {
|
|
reserved 1;
|
|
reserved "details";
|
|
// zitadel.v1.ListDetails details = 1; was always returned empty (as we cannot get the necessary info)
|
|
repeated zitadel.change.v1.Change result = 2;
|
|
}
|
|
|
|
message GetOrgByDomainGlobalResponse {
|
|
zitadel.org.v1.Org org = 1;
|
|
}
|
|
|
|
message AddOrgRequest {
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Customer A\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddOrgResponse {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message UpdateOrgRequest {
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Customer 1\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateOrgResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message DeactivateOrgRequest {}
|
|
|
|
message DeactivateOrgResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ReactivateOrgRequest {}
|
|
|
|
message ReactivateOrgResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveOrgRequest {}
|
|
|
|
message RemoveOrgResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListOrgDomainsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.org.v1.DomainSearchQuery queries = 2;
|
|
}
|
|
|
|
message ListOrgDomainsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.org.v1.Domain result = 2;
|
|
}
|
|
|
|
message AddOrgDomainRequest {
|
|
string domain = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"testdomain.com\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddOrgDomainResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveOrgDomainRequest {
|
|
string domain = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveOrgDomainResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GenerateOrgDomainValidationRequest {
|
|
string domain = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.org.v1.DomainValidationType type = 2 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
message GenerateOrgDomainValidationResponse {
|
|
string token = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ofSBHsSAVHAoTIE4Iv2gwhaYhTjcY5QX\"";
|
|
}
|
|
];
|
|
string url = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://testdomain.com/.well-known/zitadel-challenge/ofSBHsSAVHAoTIE4Iv2gwhaYhTjcY5QX\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
|
|
message ValidateOrgDomainRequest {
|
|
string domain = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"testdomain.com\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ValidateOrgDomainResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message SetPrimaryOrgDomainRequest {
|
|
string domain = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message SetPrimaryOrgDomainResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ListOrgMemberRolesRequest {}
|
|
|
|
message ListOrgMemberRolesResponse {
|
|
repeated string result = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"ORG_OWNER\", \"ORG_OWNER_VIEWER\", \"...\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ListOrgMembersRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.member.v1.SearchQuery queries = 2;
|
|
}
|
|
|
|
message ListOrgMembersResponse {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListDetails details = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.member.v1.Member result = 2;
|
|
}
|
|
|
|
message AddOrgMemberRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string roles = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"IAM_OWNER\"]";
|
|
description: "If no roles are provided the user won't have any rights"
|
|
}
|
|
];
|
|
}
|
|
message AddOrgMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateOrgMemberRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string roles = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"IAM_OWNER\"]";
|
|
description: "If no roles are provided the user won't have any rights"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateOrgMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveOrgMemberRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveOrgMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListOrgMetadataRequest {
|
|
zitadel.v1.ListQuery query = 1;
|
|
repeated zitadel.metadata.v1.MetadataQuery queries = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
title: "Medata Query"
|
|
description: "Metadata object-specific queries."
|
|
}];
|
|
}
|
|
|
|
message ListOrgMetadataResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.metadata.v1.Metadata result = 2;
|
|
}
|
|
|
|
message GetOrgMetadataRequest {
|
|
string key = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetOrgMetadataResponse {
|
|
zitadel.metadata.v1.Metadata metadata = 1;
|
|
}
|
|
|
|
message SetOrgMetadataRequest {
|
|
string key = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"key1\"";
|
|
min_length: 1,
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bytes value = 2 [
|
|
(validate.rules).bytes = {min_len: 1, max_len: 500000},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "The value has to be base64 encoded.";
|
|
example: "\"VGhpcyBpcyBteSB0ZXN0IHZhbHVl\"";
|
|
min_length: 1,
|
|
max_length: 500000;
|
|
}
|
|
];
|
|
}
|
|
|
|
message SetOrgMetadataResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message BulkSetOrgMetadataRequest {
|
|
message Metadata {
|
|
string key = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
bytes value = 2 [(validate.rules).bytes = {min_len: 1, max_len: 500000}];
|
|
}
|
|
repeated Metadata metadata = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
title: "Medata (Key/Value)"
|
|
description: "The values have to be base64 encoded.";
|
|
example: "[{\"key\": \"test1\", \"value\": \"VGhpcyBpcyBteSBmaXJzdCB2YWx1ZQ==\"}, {\"key\": \"test2\", \"value\": \"VGhpcyBpcyBteSBzZWNvbmQgdmFsdWU=\"}]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message BulkSetOrgMetadataResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveOrgMetadataRequest {
|
|
string key = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveOrgMetadataResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message BulkRemoveOrgMetadataRequest {
|
|
repeated string keys = 1 [(validate.rules).repeated.items.string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message BulkRemoveOrgMetadataResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetProjectByIDRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message GetProjectByIDResponse {
|
|
zitadel.project.v1.Project project = 1;
|
|
}
|
|
|
|
message GetGrantedProjectByIDRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetGrantedProjectByIDResponse {
|
|
zitadel.project.v1.GrantedProject granted_project = 1;
|
|
}
|
|
|
|
message ListProjectsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.project.v1.ProjectQuery queries = 2;
|
|
}
|
|
|
|
message ListProjectsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.project.v1.Project result = 2;
|
|
}
|
|
|
|
message ListGrantedProjectsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.project.v1.ProjectQuery queries = 2;
|
|
}
|
|
|
|
message ListGrantedProjectsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.project.v1.GrantedProject result = 2;
|
|
}
|
|
|
|
message ListProjectChangesRequest {
|
|
//list limitations and ordering
|
|
zitadel.change.v1.ChangeQuery query = 1;
|
|
string project_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ListProjectChangesResponse {
|
|
reserved 1;
|
|
reserved "details";
|
|
// zitadel.v1.ListDetails details = 1; was always returned empty (as we cannot get the necessary info)
|
|
repeated zitadel.change.v1.Change result = 2;
|
|
}
|
|
|
|
message AddProjectRequest {
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"MyProject\"";
|
|
}
|
|
];
|
|
bool project_role_assertion = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Enable this setting to have role information included in the user info endpoint. It is also dependent on your application settings to include it in tokens and other types.";
|
|
}
|
|
];
|
|
bool project_role_check = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "When enabled ZITADEL will check if a user has a role of this project assigned when login into an application of this project.";
|
|
}
|
|
];
|
|
bool has_project_check = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "When enabled ZITADEL will check if the organization of the user, that is trying to log in, has a grant to this project.";
|
|
}
|
|
];
|
|
zitadel.project.v1.PrivateLabelingSetting private_labeling_setting = 5 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Define which private labeling/branding should trigger when getting to a login of this project.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddProjectResponse {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"98729028932384528\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message UpdateProjectRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200}
|
|
];
|
|
string name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"MyProject-Updated\"";
|
|
}
|
|
];
|
|
bool project_role_assertion = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Enable this setting to have role information included in the user info endpoint. It is also dependent on your application settings to include it in tokens and other types.";
|
|
}
|
|
];
|
|
bool project_role_check = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "When enabled ZITADEL will check if a user has a role of this project assigned when login into an application of this project.";
|
|
}
|
|
];
|
|
bool has_project_check = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "When enabled ZITADEL will check if the organization of the user, that is trying to log in, has a grant to this project.";
|
|
}
|
|
];
|
|
zitadel.project.v1.PrivateLabelingSetting private_labeling_setting = 6 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Define which private labeling/branding should trigger when getting to a login of this project.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateProjectResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeactivateProjectRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message DeactivateProjectResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ReactivateProjectRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ReactivateProjectResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveProjectRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveProjectResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ListProjectMemberRolesRequest {}
|
|
|
|
message ListProjectMemberRolesResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated string result = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"PROJECT_OWNER\", \"PROJECT_OWNER_VIEWER\", \"...\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddProjectRoleRequest {
|
|
string project_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200}
|
|
];
|
|
string role_key = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"ADMIN\"";
|
|
description: "The key is the only relevant attribute for ZITADEL regarding the authorization checks."
|
|
}
|
|
];
|
|
string display_name = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Administrator\"";
|
|
}
|
|
];
|
|
string group = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"Admins\"";
|
|
description: "The group is only used for display purposes. That you have better handling, like giving all the roles from a group to a user.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddProjectRoleResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message BulkAddProjectRolesRequest {
|
|
message Role {
|
|
string key = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string display_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string group = 3 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated Role roles = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
title: "Roles"
|
|
example: "[{\"key\": \"ADMIN\", \"display_name\": \"Administrator\"}, {\"key\": \"SUPPORT\", \"display_name\": \"Supporter\"}]"
|
|
}
|
|
];;
|
|
}
|
|
|
|
message BulkAddProjectRolesResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateProjectRoleRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string role_key = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"ADMIN\"";
|
|
description: "The key is the only relevant attribute for ZITADEL regarding the authorization checks."
|
|
}
|
|
];
|
|
string display_name = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"Administrator\"";
|
|
}
|
|
];
|
|
string group = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"Admins\"";
|
|
description: "The group is only used for display purposes. That you have better handling, like giving all the roles from a group to a user.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateProjectRoleResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveProjectRoleRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string role_key = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveProjectRoleResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListProjectRolesRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.project.v1.RoleQuery queries = 3;
|
|
}
|
|
|
|
message ListProjectRolesResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.project.v1.Role result = 2;
|
|
}
|
|
|
|
message ListGrantedProjectRolesRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 3;
|
|
//criteria the client is looking for
|
|
repeated zitadel.project.v1.RoleQuery queries = 4;
|
|
}
|
|
|
|
message ListGrantedProjectRolesResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.project.v1.Role result = 2;
|
|
}
|
|
|
|
message ListProjectMembersRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.member.v1.SearchQuery queries = 3;
|
|
}
|
|
|
|
message ListProjectMembersResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.member.v1.Member result = 2;
|
|
}
|
|
|
|
message AddProjectMemberRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string roles = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"PROJECT_OWNER\"]";
|
|
description: "If no roles are provided the user won't have any rights"
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddProjectMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateProjectMemberRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string roles = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"PROJECT_OWNER\"]";
|
|
description: "If no roles are provided the user won't have any rights"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateProjectMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveProjectMemberRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveProjectMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetAppByIDRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetAppByIDResponse {
|
|
zitadel.app.v1.App app = 1;
|
|
}
|
|
|
|
message ListAppsRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.app.v1.AppQuery queries = 3;
|
|
}
|
|
|
|
message ListAppsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.app.v1.App result = 2;
|
|
}
|
|
|
|
message ListAppChangesRequest {
|
|
//list limitations and ordering
|
|
zitadel.change.v1.ChangeQuery query = 1;
|
|
string project_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ListAppChangesResponse {
|
|
reserved 1;
|
|
reserved "details";
|
|
// zitadel.v1.ListDetails details = 1; was always returned empty (as we cannot get the necessary info)
|
|
repeated zitadel.change.v1.Change result = 2;
|
|
}
|
|
|
|
message AddOIDCAppRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"MyOIDCApp\"";
|
|
}
|
|
];
|
|
repeated string redirect_uris = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"http://localhost:4200/auth/callback\"]";
|
|
description: "Callback URI of the authorization request where the code or tokens will be sent to";
|
|
}
|
|
];
|
|
repeated zitadel.app.v1.OIDCResponseType response_types = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Determines whether a code, id_token token or just id_token will be returned"
|
|
}
|
|
];
|
|
repeated zitadel.app.v1.OIDCGrantType grant_types = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "The flow type the application uses to gain access";
|
|
}
|
|
];
|
|
zitadel.app.v1.OIDCAppType app_type = 6 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Determines the paradigm of the application";
|
|
}
|
|
];
|
|
zitadel.app.v1.OIDCAuthMethodType auth_method_type = 7 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines how the application passes login credentials";
|
|
}
|
|
];
|
|
repeated string post_logout_redirect_uris = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"http://localhost:4200/signedout\"]";
|
|
description: "ZITADEL will redirect to this link after a successful logout";
|
|
}
|
|
];
|
|
zitadel.app.v1.OIDCVersion version = 9 [(validate.rules).enum = {defined_only: true}];
|
|
bool dev_mode = 10 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Used for development, some checks of the OIDC specification will not be checked.";
|
|
}
|
|
];
|
|
zitadel.app.v1.OIDCTokenType access_token_type = 11 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Type of the access token returned from ZITADEL";
|
|
}
|
|
];
|
|
bool access_token_role_assertion = 12 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes";
|
|
}
|
|
];
|
|
bool id_token_role_assertion = 13 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Adds roles to the claims of the id token even if they are not requested by scopes";
|
|
}
|
|
];
|
|
bool id_token_userinfo_assertion = 14 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification";
|
|
}
|
|
];
|
|
google.protobuf.Duration clock_skew = 15 [
|
|
(validate.rules).duration = {gte: {}, lte: {seconds: 5}},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims";
|
|
example: "\"1s\"";
|
|
}
|
|
];
|
|
repeated string additional_origins = 16 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/auth/callback\"]";
|
|
description: "Additional origins (other than the redirect_uris) from where the API can be used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddOIDCAppResponse {
|
|
string app_id = 1;
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
string client_id = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"1035496534033449\"";
|
|
description: "generated client id for this config";
|
|
}
|
|
];
|
|
string client_secret = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gjoq34589uasgh\"";
|
|
description: "generated secret for this config";
|
|
}
|
|
];
|
|
bool none_compliant = 5;
|
|
repeated zitadel.v1.LocalizedMessage compliance_problems = 6;
|
|
}
|
|
|
|
message AddSAMLAppRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"MySAMLApp\"";
|
|
}
|
|
];
|
|
oneof metadata {
|
|
option (validate.required) = true;
|
|
bytes metadata_xml = 3 [(validate.rules).bytes.max_len = 500000];
|
|
string metadata_url = 4 [(validate.rules).string.max_len = 200];
|
|
}
|
|
}
|
|
|
|
message AddSAMLAppResponse {
|
|
string app_id = 1;
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message AddAPIAppRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"MyAPIApp\"";
|
|
}
|
|
];
|
|
zitadel.app.v1.APIAuthMethodType auth_method_type = 3 [(validate.rules).enum = {defined_only: true}];
|
|
}
|
|
|
|
message AddAPIAppResponse {
|
|
string app_id = 1;
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
string client_id = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"3950723409029374\"";
|
|
description: "generated secret for this config";
|
|
}
|
|
];
|
|
string client_secret = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gjoq34589uasgh\"";
|
|
description: "generated secret for this config";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateAppRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"MyApplicationName\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateAppResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateOIDCAppConfigRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
|
|
repeated string redirect_uris = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"http://localhost:4200/auth/callback\"]";
|
|
description: "Callback URI of the authorization request where the code or tokens will be sent to";
|
|
}
|
|
];
|
|
repeated zitadel.app.v1.OIDCResponseType response_types = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Determines whether a code, id_token token or just id_token will be returned"
|
|
}
|
|
];
|
|
repeated zitadel.app.v1.OIDCGrantType grant_types = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "The flow type the application uses to gain access";
|
|
}
|
|
];
|
|
zitadel.app.v1.OIDCAppType app_type = 6 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Determines the paradigm of the application";
|
|
}
|
|
];
|
|
zitadel.app.v1.OIDCAuthMethodType auth_method_type = 7 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines how the application passes login credentials";
|
|
}
|
|
];
|
|
repeated string post_logout_redirect_uris = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"http://localhost:4200/signedout\"]";
|
|
description: "ZITADEL will redirect to this link after a successful logout";
|
|
}
|
|
];
|
|
bool dev_mode = 9 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Used for development, some checks of the OIDC specification will not be checked.";
|
|
}
|
|
];
|
|
zitadel.app.v1.OIDCTokenType access_token_type = 10 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Type of the access token returned from ZITADEL";
|
|
}
|
|
];
|
|
bool access_token_role_assertion = 11 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes";
|
|
}
|
|
];
|
|
bool id_token_role_assertion = 12 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Adds roles to the claims of the id token even if they are not requested by scopes";
|
|
}
|
|
];
|
|
bool id_token_userinfo_assertion = 13 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification";
|
|
}
|
|
];
|
|
google.protobuf.Duration clock_skew = 14 [
|
|
(validate.rules).duration = {gte: {}, lte: {seconds: 5}},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims";
|
|
example: "\"1s\"";
|
|
}
|
|
];
|
|
repeated string additional_origins = 15 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"https://console.zitadel.ch/auth/callback\"]";
|
|
description: "Additional origins (other than the redirect_uris) from where the API can be used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateOIDCAppConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateSAMLAppConfigRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
|
|
oneof metadata {
|
|
option (validate.required) = true;
|
|
bytes metadata_xml = 3 [(validate.rules).bytes.max_len = 500000];
|
|
string metadata_url = 4 [(validate.rules).string.max_len = 200];
|
|
}
|
|
}
|
|
|
|
message UpdateSAMLAppConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateAPIAppConfigRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.app.v1.APIAuthMethodType auth_method_type = 7 [(validate.rules).enum = {defined_only: true}];
|
|
}
|
|
|
|
message UpdateAPIAppConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeactivateAppRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message DeactivateAppResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ReactivateAppRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ReactivateAppResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveAppRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveAppResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RegenerateOIDCClientSecretRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RegenerateOIDCClientSecretResponse {
|
|
string client_secret = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gjoq34589uasgh\"";
|
|
description: "generated secret for the client";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message RegenerateAPIClientSecretRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RegenerateAPIClientSecretResponse {
|
|
string client_secret = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"k3n0fnslei93nps9\"";
|
|
description: "generated secret for the client";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message GetAppKeyRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string key_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetAppKeyResponse {
|
|
zitadel.authn.v1.Key key = 1;
|
|
}
|
|
|
|
message ListAppKeysRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string project_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
message ListAppKeysResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.authn.v1.Key result = 2;
|
|
}
|
|
|
|
message AddAppKeyRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.authn.v1.KeyType type = 3 [
|
|
(validate.rules).enum = {defined_only: true, not_in: [0]},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"KEY_TYPE_JSON\"";
|
|
}
|
|
];
|
|
google.protobuf.Timestamp expiration_date = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2519-04-01T08:45:00.000000Z\"";
|
|
description: "The date the key will expire and no logins will be possible";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddAppKeyResponse {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"28746028909593987\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
bytes key_details = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"eyJ0eXBlIjoiYXBwbGljYXRpb24iLCJrZXlJZCI6IjIwMjcxMDE4NjYyMjcxNDExMyIsImtleSI6Ii0tLS0tQkVHSU4gUlNBIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUVvd0lCQUFLQ0FRRUFuMUxyNStTV0pGRllURU1kaXQ2U0dNY0E2Yks5dG0xMmhlcm55V0wrZm9PWnA3eEVcbk9wcmsvWE81QVplSU5NY0x0ZVhxckJlK1NPdVVNMFpLU2xCMHFTNzNjVStDVTVMTGoycVB0UzhNOFI0N3BGdFhcbjJXRTFJNjNhZHB1N01TejA2SXduQ2lyNnJYOTVPQ2ZneHA3VU1Dd0pSTUZmYXJqdjVBRXY3NXpsSS9lYUV6bUJcbkxKWU1xanZFRmZoN2x3M2lPT3VsWW9kNjNpN3RDNWl5czNlYjNLZW4yWU0rN1FSbXB2dE5qcTJMVmlIMnkrUGJcbk9ESlI3MU9ib05TYVJDNTZDUFpWVytoWDByYXI3VzMwUjI2eGtIQ09oSytQbUpSeGtOY0g1VTdja0xXMEw0WEVcbnNNZkVUSmszeDR3Q0psbisxbElXUzkrNmw0R1E2TWRzWURyOU5RSURBUUFCQW9JQkFCSkx6WGQxMHFBZEQwekNcbnNGUFFOMnJNLzVmV3hONThONDR0YWF6QXg0VHp5K050UlZDTmxScGQvYkxuR2VjbHJIeVpDSmYycWcxcHNEMHJcbkowRGRlR2d0VXBFYWxsYk9scjNEZVBsUGkrYnNsK0RKOUk2c0VSUWwxTjZtQjVzZ0ZJZllBR3UwZjlFSXdIem9cblozR25yNnBRaEVmM0JPUVdsTVhVTlJNSksyOHp3M2E1L01nRmtKVUZUSTUzeXFwbGRtZ2hLajRZR1hLRk1LUGhcbkV3RkxrRncwK2s3K0xuSjFQNGp1ZVd1RXo3WlAyaFpvUWxCcXdSajVyTG9QZ05RbUU4UytFVDRuczlUYzByOFFcbnFyaHlacDZBczJrTDhGTytCZnF3SVpDZnpnWHN2cC9PLzRaSHIzVTB2Ymp3UW1sSzdVSm42U0J6T2hpWFpNU0lcbk5Wc0V5VUVDZ1lFQTFEaktkRGo3NTM1MWQzdlRNQlRFd2JSQ3hoUVZOdENFMnMwVUw4ckJQZ1I0K1dlblNUWmFcbnprWUprcEV0bE54VGxzYnN1Y0RTUXZqeWRYYk5nSHFBeDYzMm1vdTVkak9lR0VTUDFWVGtUdElsZFZQZWszQWxcbjVYbkpQa1dqWGVyVVJZNm5KeUQ5UWhlREx3MVp4NEFYVzNHWURiTFkrT05XV0VKUlJaQUloNjBDZ1lFQXdEQ2xcbnc1MHc4dkcvbEJ4RzNSYW9FaHdLOWNna1VXOHk2T25DekNwcEtjOEZUUmY1VE5iWjl5TzNXUmdYajhkeHRCakFcbkl5VGlzYk9NQk1VaFZKUUtGZHRQaDhoVDBwRkRjeE9ndzY0aHBtYzhyY2RTbXVKNzlYSVRTaHUySjA0N0UvNFZcbnJOTThpWVk5ZGR3VGdGUUlsdFNZL0l0RnFxWERmdjhqK1dVY25La0NnWUVBaENOUU80bDNuNjRucWR2WnBTaHBcblVrclJBTkJrWFJyOGZkZ1BaNnFSSS9KWStNSEhjVmg4dGM3NkN0NkdTUmZlbkJVRU5LeVF2czZPK1FDZCtBOU9cbnZBWGZkRjduZldlcVdtWG1RT2g0dDNNMWk1WkxFZlpVUWt2UU9BdllLcFFhMDZ4OCsyb1pCdHZvL0pVTmY2Q0xcbjZvNFNKUVZrLzZOZGtkckpDODBnNG9rQ2dZQkZsNWYrbkVYa1F0dWZVeG5wNXRGWE5XWldsM0ZuTjMvVXpRaW5cbmkxZm5OcnB4cnhPcjJrUzA4KzdwU1FzSEdpNDNDNXRQWG9UajJlTUN1eXNWaUVHYXBuNUc2YWhJb0NjdlhWVWlcblprUnpFQUR0NERZdU5ZS3pYdXBUTkhPaUNmYmtoMlhyM2RXVzZ0QUloSGRmU1k2T3AwNzZhNmYvWWVUSGNMWGpcbkVkVHBlUUtCZ0FPdnBqcDQ4TzRUWEZkU0JLSnYya005OHVhUjlSQURtdGxTWHd2cTlyQkhTV084NFk4bzE0L1Bcbkl1UmxUOHhROGRYKzhMR21UUCtjcUtiOFFRQ1grQk1YUWxMSEVtWnpnb0xFa0pGMUVIMm4vZEZ5bngxS3prdFNcbm9UZUdsRzZhbXhVOVh4eW9RVFlEVGJCbERwc2FZUlFBZ2FUQzM3UVZRUjhmK1ZoRzFHSFFcbi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tXG4iLCJhcHBJZCI6IjIwMjcwNjM5ODgxMzg4MDU3NyIsImNsaWVudElkIjoiMjAyNzA2Mzk4ODEzOTQ2MTEzQG15dGVzdHByb2plY3QifQ==\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message RemoveAppKeyRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string key_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveAppKeyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListProjectGrantChangesRequest {
|
|
//list limitations and ordering
|
|
zitadel.change.v1.ChangeQuery query = 1;
|
|
string project_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ListProjectGrantChangesResponse {
|
|
reserved 1;
|
|
reserved "details";
|
|
// zitadel.v1.ListDetails details = 1; was always returned empty (as we cannot get the necessary info)
|
|
repeated zitadel.change.v1.Change result = 2;
|
|
}
|
|
|
|
message GetProjectGrantByIDRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetProjectGrantByIDResponse {
|
|
zitadel.project.v1.GrantedProject project_grant = 1;
|
|
}
|
|
|
|
message ListProjectGrantsRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 2;
|
|
//criteria the client is looking for
|
|
repeated zitadel.project.v1.ProjectGrantQuery queries = 3;
|
|
}
|
|
|
|
message ListProjectGrantsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.project.v1.GrantedProject result = 2;
|
|
}
|
|
|
|
message ListAllProjectGrantsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.project.v1.AllProjectGrantQuery queries = 2;
|
|
}
|
|
|
|
message ListAllProjectGrantsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.project.v1.GrantedProject result = 2;
|
|
}
|
|
|
|
message AddProjectGrantRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string granted_org_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"28746028909593987\""
|
|
}
|
|
];
|
|
repeated string role_keys = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"RoleKey1\", \"RoleKey2\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddProjectGrantResponse {
|
|
string grant_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"28746028909593987\""
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message UpdateProjectGrantRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string role_keys = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"RoleKey1\", \"RoleKey2\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateProjectGrantResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeactivateProjectGrantRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message DeactivateProjectGrantResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ReactivateProjectGrantRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
message ReactivateProjectGrantResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveProjectGrantRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
message RemoveProjectGrantResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListProjectGrantMemberRolesRequest {
|
|
zitadel.v1.ListQuery query = 1;
|
|
repeated string result = 2;
|
|
}
|
|
|
|
message ListProjectGrantMemberRolesResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated string result = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"PROJECT_GRANT_OWNER\", \"PROJECT_GRANT_OWNER_VIEWER\", \"...\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message ListProjectGrantMembersRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 3;
|
|
//criteria the client is looking for
|
|
repeated zitadel.member.v1.SearchQuery queries = 4;
|
|
}
|
|
|
|
message ListProjectGrantMembersResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.member.v1.Member result = 2;
|
|
}
|
|
|
|
message AddProjectGrantMemberRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
repeated string roles = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"PROJECT_GRANT_OWNER\"]";
|
|
description: "If no roles are provided the user won't have any rights"
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddProjectGrantMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateProjectGrantMemberRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"69629012906488334\"";
|
|
}
|
|
];
|
|
repeated string roles = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"PROJECT_GRANT_OWNER\"]";
|
|
description: "If no roles are provided the user won't have any rights"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateProjectGrantMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveProjectGrantMemberRequest {
|
|
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveProjectGrantMemberResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetUserGrantByIDRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetUserGrantByIDResponse {
|
|
zitadel.user.v1.UserGrant user_grant = 1;
|
|
}
|
|
|
|
message ListUserGrantRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated zitadel.user.v1.UserGrantQuery queries = 2;
|
|
}
|
|
|
|
message ListUserGrantResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.user.v1.UserGrant result = 2;
|
|
}
|
|
|
|
message AddUserGrantRequest {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
example: "\"69629026806489455\"";
|
|
}
|
|
];
|
|
string project_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"58949026806489455\"";
|
|
}
|
|
];
|
|
string project_grant_id = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"9847026806489455\"";
|
|
description: "Make sure to fill in the project grant id if the user grant is for a granted project and the organization is not the owner of the project.";
|
|
}
|
|
];
|
|
repeated string role_keys = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"RoleKey1\", \"RoleKey2\"]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddUserGrantResponse {
|
|
string user_grant_id = 1;
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
}
|
|
|
|
message UpdateUserGrantRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string role_keys = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"RoleKey1\", \"RoleKey2\"]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateUserGrantResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeactivateUserGrantRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message DeactivateUserGrantResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ReactivateUserGrantRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ReactivateUserGrantResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveUserGrantRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveUserGrantResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message BulkRemoveUserGrantRequest {
|
|
repeated string grant_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"9384786806489455\", \"2984754806489455\"]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message BulkRemoveUserGrantResponse {}
|
|
|
|
message GetOrgIAMPolicyRequest {}
|
|
|
|
message GetOrgIAMPolicyResponse {
|
|
zitadel.policy.v1.OrgIAMPolicy policy = 1;
|
|
}
|
|
|
|
message GetDomainPolicyRequest {}
|
|
|
|
message GetDomainPolicyResponse {
|
|
zitadel.policy.v1.DomainPolicy policy = 1;
|
|
}
|
|
|
|
message GetLoginPolicyRequest {}
|
|
|
|
message GetLoginPolicyResponse {
|
|
zitadel.policy.v1.LoginPolicy policy = 1;
|
|
//deprecated: is_default is also defined in zitadel.policy.v1.LoginPolicy
|
|
bool is_default = 2;
|
|
}
|
|
|
|
message GetDefaultLoginPolicyRequest {}
|
|
|
|
message GetDefaultLoginPolicyResponse {
|
|
zitadel.policy.v1.LoginPolicy policy = 1;
|
|
}
|
|
|
|
message AddCustomLoginPolicyRequest {
|
|
message IDP {
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.IDPOwnerType ownerType = 2 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
bool allow_username_password = 1;
|
|
bool allow_register = 2;
|
|
bool allow_external_idp = 3;
|
|
bool force_mfa = 4;
|
|
zitadel.policy.v1.PasswordlessType passwordless_type = 5 [(validate.rules).enum = {defined_only: true}];
|
|
bool hide_password_reset = 6;
|
|
bool ignore_unknown_usernames = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if unknown username on login screen directly returns an error or always displays the password screen"
|
|
}
|
|
];
|
|
string default_redirect_uri = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines where the user will be redirected to if the login is started without app context (e.g. from mail)"
|
|
}
|
|
];
|
|
google.protobuf.Duration password_check_lifetime = 9;
|
|
google.protobuf.Duration external_login_check_lifetime = 10;
|
|
google.protobuf.Duration mfa_init_skip_lifetime = 11;
|
|
google.protobuf.Duration second_factor_check_lifetime = 12;
|
|
google.protobuf.Duration multi_factor_check_lifetime = 13;
|
|
repeated zitadel.policy.v1.SecondFactorType second_factors = 14;
|
|
repeated zitadel.policy.v1.MultiFactorType multi_factors = 15;
|
|
repeated IDP idps = 16;
|
|
// If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
|
|
bool allow_domain_discovery = 17 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success."
|
|
}
|
|
];
|
|
bool disable_login_with_email = 18 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the user can additionally (to the login name) be identified by their verified email address"
|
|
}
|
|
];
|
|
bool disable_login_with_phone = 19 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddCustomLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomLoginPolicyRequest {
|
|
bool allow_username_password = 1;
|
|
bool allow_register = 2;
|
|
bool allow_external_idp = 3;
|
|
bool force_mfa = 4;
|
|
zitadel.policy.v1.PasswordlessType passwordless_type = 5 [(validate.rules).enum = {defined_only: true}];
|
|
bool hide_password_reset = 6;
|
|
bool ignore_unknown_usernames = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if unknown username on login screen directly returns an error or always displays the password screen"
|
|
}
|
|
];
|
|
string default_redirect_uri = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines where the user will be redirected to if the login is started without app context (e.g. from mail)"
|
|
}
|
|
];
|
|
google.protobuf.Duration password_check_lifetime = 9;
|
|
google.protobuf.Duration external_login_check_lifetime = 10;
|
|
google.protobuf.Duration mfa_init_skip_lifetime = 11;
|
|
google.protobuf.Duration second_factor_check_lifetime = 12;
|
|
google.protobuf.Duration multi_factor_check_lifetime = 13;
|
|
// If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
|
|
bool allow_domain_discovery = 14 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success."
|
|
}
|
|
];
|
|
bool disable_login_with_email = 15 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the user can additionally (to the login name) be identified by their verified email address"
|
|
}
|
|
];
|
|
bool disable_login_with_phone = 16 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateCustomLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetLoginPolicyToDefaultRequest {}
|
|
|
|
message ResetLoginPolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListLoginPolicyIDPsRequest {
|
|
zitadel.v1.ListQuery query = 1;
|
|
}
|
|
|
|
message ListLoginPolicyIDPsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.idp.v1.IDPLoginPolicyLink result = 2;
|
|
}
|
|
|
|
message AddIDPToLoginPolicyRequest {
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.IDPOwnerType ownerType = 2 [
|
|
(validate.rules).enum = {defined_only: true, not_in: [0]},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"IDP_OWNER_TYPE_SYSTEM\"]";
|
|
description: "Choose IDP_OWNER_TYPE_SYSTEM if the configuration is made on the instance and IDP_OWNER_TYPE_ORG if the configuration is made on the organization."
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddIDPToLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveIDPFromLoginPolicyRequest {
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message RemoveIDPFromLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListLoginPolicySecondFactorsRequest {}
|
|
|
|
message ListLoginPolicySecondFactorsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.policy.v1.SecondFactorType result = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"SECOND_FACTOR_TYPE_OTP\"]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddSecondFactorToLoginPolicyRequest {
|
|
zitadel.policy.v1.SecondFactorType type = 1 [
|
|
(validate.rules).enum = {defined_only: true, not_in: [0]},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"SECOND_FACTOR_TYPE_OTP\"";
|
|
}
|
|
];
|
|
}
|
|
message AddSecondFactorToLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveSecondFactorFromLoginPolicyRequest {
|
|
zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
message RemoveSecondFactorFromLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListLoginPolicyMultiFactorsRequest {}
|
|
|
|
message ListLoginPolicyMultiFactorsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.policy.v1.MultiFactorType result = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION\"]"
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddMultiFactorToLoginPolicyRequest {
|
|
zitadel.policy.v1.MultiFactorType type = 1 [
|
|
(validate.rules).enum = {defined_only: true, not_in: [0]},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddMultiFactorToLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveMultiFactorFromLoginPolicyRequest {
|
|
zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
|
|
}
|
|
|
|
message RemoveMultiFactorFromLoginPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetPasswordComplexityPolicyRequest {}
|
|
|
|
message GetPasswordComplexityPolicyResponse {
|
|
zitadel.policy.v1.PasswordComplexityPolicy policy = 1;
|
|
//deprecated: is_default is also defined in zitadel.policy.v1.PasswordComplexityPolicy
|
|
bool is_default = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Deprecated: Is defined in the policy itself"
|
|
}
|
|
];
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetDefaultPasswordComplexityPolicyRequest {}
|
|
|
|
message GetDefaultPasswordComplexityPolicyResponse {
|
|
zitadel.policy.v1.PasswordComplexityPolicy policy = 1;
|
|
}
|
|
|
|
message AddCustomPasswordComplexityPolicyRequest {
|
|
uint64 min_length = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"8\""
|
|
}
|
|
];
|
|
bool has_uppercase = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain an upper case letter"
|
|
}
|
|
];
|
|
bool has_lowercase = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain a lowercase letter"
|
|
}
|
|
];
|
|
bool has_number = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain a number"
|
|
}
|
|
];
|
|
bool has_symbol = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain a symbol. E.g. \"$\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddCustomPasswordComplexityPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomPasswordComplexityPolicyRequest {
|
|
uint64 min_length = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"8\""
|
|
}
|
|
];
|
|
bool has_uppercase = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain an upper case letter"
|
|
}
|
|
];
|
|
bool has_lowercase = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain a lowercase letter"
|
|
}
|
|
];
|
|
bool has_number = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Defines if the password MUST contain a number"
|
|
}
|
|
];
|
|
bool has_symbol = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the password MUST contain a symbol. E.g. \"$\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateCustomPasswordComplexityPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ResetPasswordComplexityPolicyToDefaultRequest {}
|
|
|
|
message ResetPasswordComplexityPolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetPasswordAgePolicyRequest {}
|
|
|
|
message GetPasswordAgePolicyResponse {
|
|
zitadel.policy.v1.PasswordAgePolicy policy = 1;
|
|
//deprecated: is_default is also defined in zitadel.policy.v1.PasswordAgePolicy
|
|
bool is_default = 2;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetDefaultPasswordAgePolicyRequest {}
|
|
|
|
message GetDefaultPasswordAgePolicyResponse {
|
|
zitadel.policy.v1.PasswordAgePolicy policy = 1;
|
|
}
|
|
|
|
message AddCustomPasswordAgePolicyRequest {
|
|
uint32 max_age_days = 1;
|
|
uint32 expire_warn_days = 2;
|
|
}
|
|
|
|
message AddCustomPasswordAgePolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomPasswordAgePolicyRequest {
|
|
uint32 max_age_days = 1;
|
|
uint32 expire_warn_days = 2;
|
|
}
|
|
|
|
message UpdateCustomPasswordAgePolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ResetPasswordAgePolicyToDefaultRequest {}
|
|
|
|
message ResetPasswordAgePolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetLockoutPolicyRequest {}
|
|
|
|
message GetLockoutPolicyResponse {
|
|
zitadel.policy.v1.LockoutPolicy policy = 1;
|
|
//deprecated: is_default is also defined in zitadel.policy.v1.LockoutPolicy
|
|
bool is_default = 2;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetDefaultLockoutPolicyRequest {}
|
|
|
|
message GetDefaultLockoutPolicyResponse {
|
|
zitadel.policy.v1.LockoutPolicy policy = 1;
|
|
}
|
|
|
|
message AddCustomLockoutPolicyRequest {
|
|
uint32 max_password_attempts = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "When the user has reached the maximum password attempts the account will be locked, If this is set to 0 the lockout will not trigger."
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddCustomLockoutPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomLockoutPolicyRequest {
|
|
uint32 max_password_attempts = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "When the user has reached the maximum password attempts the account will be locked, If this is set to 0 the lockout will not trigger."
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateCustomLockoutPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ResetLockoutPolicyToDefaultRequest {}
|
|
|
|
message ResetLockoutPolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetPrivacyPolicyRequest {}
|
|
|
|
message GetPrivacyPolicyResponse {
|
|
zitadel.policy.v1.PrivacyPolicy policy = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetDefaultPrivacyPolicyRequest {}
|
|
|
|
message GetDefaultPrivacyPolicyResponse {
|
|
zitadel.policy.v1.PrivacyPolicy policy = 1;
|
|
}
|
|
|
|
message AddCustomPrivacyPolicyRequest {
|
|
string tos_link = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If registration is enabled, the user has to accept the TOS. Variable {{.Lang}} can be set to have different links based on the language.";
|
|
example: "\"https://zitadel.com/docs/legal/terms-of-service\"";
|
|
}
|
|
];
|
|
string privacy_link = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If registration is enabled, the user has to accept the privacy terms. Variable {{.Lang}} can be set to have different links based on the language.";
|
|
example: "\"https://zitadel.com/docs/legal/privacy-policy\"";
|
|
}
|
|
];
|
|
string help_link = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Variable {{.Lang}} can be set to have different links based on the language.";
|
|
example: "\"https://zitadel.com/docs/manuals/introduction\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddCustomPrivacyPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomPrivacyPolicyRequest {
|
|
string tos_link = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If registration is enabled, the user has to accept the TOS. Variable {{.Lang}} can be set to have different links based on the language.";
|
|
example: "\"https://zitadel.com/docs/legal/terms-of-service\"";
|
|
}
|
|
];
|
|
string privacy_link = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If registration is enabled, the user has to accept the privacy terms. Variable {{.Lang}} can be set to have different links based on the language.";
|
|
example: "\"https://zitadel.com/docs/legal/privacy-policy\"";
|
|
}
|
|
];
|
|
string help_link = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Variable {{.Lang}} can be set to have different links based on the language.";
|
|
example: "\"https://zitadel.com/docs/manuals/introduction\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateCustomPrivacyPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ResetPrivacyPolicyToDefaultRequest {}
|
|
|
|
message ResetPrivacyPolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetNotificationPolicyRequest {}
|
|
|
|
message GetNotificationPolicyResponse {
|
|
zitadel.policy.v1.NotificationPolicy policy = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetDefaultNotificationPolicyRequest {}
|
|
|
|
message GetDefaultNotificationPolicyResponse {
|
|
zitadel.policy.v1.NotificationPolicy policy = 1;
|
|
}
|
|
|
|
message AddCustomNotificationPolicyRequest {
|
|
bool password_change = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If set to true the users will get a notification whenever their password has been changed.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddCustomNotificationPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomNotificationPolicyRequest {
|
|
bool password_change = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "If set to true the users will get a notification whenever their password has been changed.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateCustomNotificationPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ResetNotificationPolicyToDefaultRequest {}
|
|
|
|
message ResetNotificationPolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetLabelPolicyRequest {}
|
|
|
|
message GetLabelPolicyResponse {
|
|
zitadel.policy.v1.LabelPolicy policy = 1;
|
|
//deprecated: is_default is also defined in zitadel.policy.v1.LabelPolicy
|
|
bool is_default = 2;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetPreviewLabelPolicyRequest {}
|
|
|
|
message GetPreviewLabelPolicyResponse {
|
|
zitadel.policy.v1.LabelPolicy policy = 1;
|
|
//deprecated: is_default is also defined in zitadel.policy.v1.LabelPolicy
|
|
bool is_default = 2;
|
|
}
|
|
|
|
//This is an empty request
|
|
message GetDefaultLabelPolicyRequest {}
|
|
|
|
message GetDefaultLabelPolicyResponse {
|
|
zitadel.policy.v1.LabelPolicy policy = 1;
|
|
}
|
|
|
|
message AddCustomLabelPolicyRequest {
|
|
string primary_color = 1 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Represents a color scheme"
|
|
example: "\"#353535\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
// hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set
|
|
bool hide_login_name_suffix = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set";
|
|
}
|
|
];
|
|
string warn_color = 4 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for warn color";
|
|
example: "\"#CD3D56\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string background_color = 5 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for background color";
|
|
example: "\"#FAFAFA\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string font_color = 6 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for font color";
|
|
example: "\"#000000\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string primary_color_dark = 7 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for the primary color dark theme";
|
|
example: "\"#BBBAFA\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string background_color_dark = 8 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for background color dark theme";
|
|
example: "\"#111827\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string warn_color_dark = 9 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for warning color dark theme";
|
|
example: "\"#FF3B5B\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string font_color_dark = 10 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for font color dark theme";
|
|
example: "\"#FFFFFF\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
bool disable_watermark = 11;
|
|
}
|
|
|
|
message AddCustomLabelPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateCustomLabelPolicyRequest {
|
|
string primary_color = 1 [(validate.rules).string = {max_len: 50}];
|
|
bool hide_login_name_suffix = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set";
|
|
}
|
|
];
|
|
string warn_color = 4 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for warn color";
|
|
example: "\"#CD3D56\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string background_color = 5 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for background color";
|
|
example: "\"#FAFAFA\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string font_color = 6 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for font color";
|
|
example: "\"#000000\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string primary_color_dark = 7 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for the primary color dark theme";
|
|
example: "\"#BBBAFA\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string background_color_dark = 8 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for background color dark theme";
|
|
example: "\"#111827\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string warn_color_dark = 9 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for warning color dark theme";
|
|
example: "\"#FF3B5B\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
string font_color_dark = 10 [
|
|
(validate.rules).string = {max_len: 50},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for font color dark theme";
|
|
example: "\"#FFFFFF\"";
|
|
max_length: 50;
|
|
}
|
|
];
|
|
bool disable_watermark = 11;
|
|
}
|
|
|
|
message UpdateCustomLabelPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ActivateCustomLabelPolicyRequest {}
|
|
|
|
message ActivateCustomLabelPolicyResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveCustomLabelPolicyLogoRequest {}
|
|
|
|
message RemoveCustomLabelPolicyLogoResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveCustomLabelPolicyLogoDarkRequest {}
|
|
|
|
message RemoveCustomLabelPolicyLogoDarkResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveCustomLabelPolicyIconRequest {}
|
|
|
|
message RemoveCustomLabelPolicyIconResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveCustomLabelPolicyIconDarkRequest {}
|
|
|
|
message RemoveCustomLabelPolicyIconDarkResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message RemoveCustomLabelPolicyFontRequest {}
|
|
|
|
message RemoveCustomLabelPolicyFontResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ResetLabelPolicyToDefaultRequest {}
|
|
|
|
message ResetLabelPolicyToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomInitMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomInitMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetDefaultInitMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultInitMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomInitMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Initialize User\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Initialize User\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Initialize User\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"This user was created in Zitadel. Use the username {{.PreferredLoginName}} to log in. Please click the button below to finish the initialization process. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Finish initialization\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetCustomInitMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomInitMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomInitMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetDefaultLoginTextsRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultLoginTextsResponse {
|
|
zitadel.text.v1.LoginCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetCustomLoginTextsRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomLoginTextsResponse {
|
|
zitadel.text.v1.LoginCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomLoginTextsRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
zitadel.text.v1.SelectAccountScreenText select_account_text = 2;
|
|
zitadel.text.v1.LoginScreenText login_text = 3;
|
|
zitadel.text.v1.PasswordScreenText password_text = 4;
|
|
zitadel.text.v1.UsernameChangeScreenText username_change_text = 5;
|
|
zitadel.text.v1.UsernameChangeDoneScreenText username_change_done_text = 6;
|
|
zitadel.text.v1.InitPasswordScreenText init_password_text = 7;
|
|
zitadel.text.v1.InitPasswordDoneScreenText init_password_done_text = 8;
|
|
zitadel.text.v1.EmailVerificationScreenText email_verification_text = 9;
|
|
zitadel.text.v1.EmailVerificationDoneScreenText email_verification_done_text = 10;
|
|
zitadel.text.v1.InitializeUserScreenText initialize_user_text = 11;
|
|
zitadel.text.v1.InitializeUserDoneScreenText initialize_done_text = 12;
|
|
zitadel.text.v1.InitMFAPromptScreenText init_mfa_prompt_text = 13;
|
|
zitadel.text.v1.InitMFAOTPScreenText init_mfa_otp_text = 14;
|
|
zitadel.text.v1.InitMFAU2FScreenText init_mfa_u2f_text = 15;
|
|
zitadel.text.v1.InitMFADoneScreenText init_mfa_done_text = 16;
|
|
zitadel.text.v1.MFAProvidersText mfa_providers_text = 17;
|
|
zitadel.text.v1.VerifyMFAOTPScreenText verify_mfa_otp_text = 18;
|
|
zitadel.text.v1.VerifyMFAU2FScreenText verify_mfa_u2f_text = 19;
|
|
zitadel.text.v1.PasswordlessScreenText passwordless_text = 20;
|
|
zitadel.text.v1.PasswordChangeScreenText password_change_text = 21;
|
|
zitadel.text.v1.PasswordChangeDoneScreenText password_change_done_text = 22;
|
|
zitadel.text.v1.PasswordResetDoneScreenText password_reset_done_text = 23;
|
|
zitadel.text.v1.RegistrationOptionScreenText registration_option_text = 24;
|
|
zitadel.text.v1.RegistrationUserScreenText registration_user_text = 25;
|
|
zitadel.text.v1.RegistrationOrgScreenText registration_org_text = 26;
|
|
zitadel.text.v1.LinkingUserDoneScreenText linking_user_done_text = 27;
|
|
zitadel.text.v1.ExternalUserNotFoundScreenText external_user_not_found_text = 28;
|
|
zitadel.text.v1.SuccessLoginScreenText success_login_text = 29;
|
|
zitadel.text.v1.LogoutDoneScreenText logout_text = 30;
|
|
zitadel.text.v1.FooterText footer_text = 31;
|
|
zitadel.text.v1.PasswordlessPromptScreenText passwordless_prompt_text = 32;
|
|
zitadel.text.v1.PasswordlessRegistrationScreenText passwordless_registration_text = 33;
|
|
zitadel.text.v1.PasswordlessRegistrationDoneScreenText passwordless_registration_done_text = 34;
|
|
zitadel.text.v1.ExternalRegistrationUserOverviewScreenText external_registration_user_overview_text = 35;
|
|
}
|
|
|
|
message SetCustomLoginTextsResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
message ResetCustomLoginTextsToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomLoginTextsToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomPasswordResetMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomPasswordResetMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetDefaultPasswordResetMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultPasswordResetMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomPasswordResetMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Reset Password\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Reset Password\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Reset Password\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"We received a password reset request. Please use the button below to reset your password. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Reset Password\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetCustomPasswordResetMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomPasswordResetMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomPasswordResetMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomVerifyEmailMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomVerifyEmailMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetDefaultVerifyEmailMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultVerifyEmailMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomVerifyEmailMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Verify Email\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Email\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Email\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"A new email has been added. Please use the button below to verify your mail. (Code {{.Code}}) If you didn't add a new email, please ignore this email.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Email\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetCustomVerifyEmailMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomVerifyEmailMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomVerifyEmailMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomVerifyPhoneMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomVerifyPhoneMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetDefaultVerifyPhoneMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultVerifyPhoneMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomVerifyPhoneMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Verify Phone\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Phone\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Phone\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"A new phone number has been added. Please use the following code to verify it {{.Code}}.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Verify Phone\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetCustomVerifyPhoneMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomVerifyPhoneMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomVerifyPhoneMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomDomainClaimedMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomDomainClaimedMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetDefaultDomainClaimedMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultDomainClaimedMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomDomainClaimedMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Domain has been claimed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Change email / username\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Domain has been claimed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"The domain {{.Domain}} has been claimed by an organization. Your current user {{.UserName}} is not part of this organization. Therefore you'll have to change your email when you log in. We have created a temporary username ({{.TempUsername}}) for this login.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetCustomDomainClaimedMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
//This is an empty request
|
|
message ResetCustomDomainClaimedMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomDomainClaimedMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomPasswordlessRegistrationMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomPasswordlessRegistrationMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetDefaultPasswordlessRegistrationMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultPasswordlessRegistrationMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomPasswordlessRegistrationMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Password of the user has changed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Password Changed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Password of user has changed\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"The password of your user has changed, if this change was not done by you, please be advised to immediately reset your password.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetCustomPasswordlessRegistrationMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomPasswordlessRegistrationMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetCustomPasswordChangeMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetCustomPasswordChangeMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message GetDefaultPasswordChangeMessageTextRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetDefaultPasswordChangeMessageTextResponse {
|
|
zitadel.text.v1.MessageCustomText custom_text = 1;
|
|
}
|
|
|
|
message SetCustomPasswordChangeMessageTextRequest {
|
|
string language = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"de\""
|
|
}
|
|
];
|
|
string title = 2 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL - Add Passwordless Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string pre_header = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Add Passwordless Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string subject = 4 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Add Passwordless Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string greeting = 5 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Hello {{.FirstName}} {{.LastName}},\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string text = 6 [
|
|
(validate.rules).string = {max_len: 800},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"We received a request to add a token for passwordless login. Please use the button below to add your token or device for passwordless login.\""
|
|
max_length: 800;
|
|
}
|
|
];
|
|
string button_text = 7 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Add Passwordless Login\""
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string footer_text = 8 [(validate.rules).string = {max_len: 200}];
|
|
}
|
|
|
|
message SetCustomPasswordChangeMessageTextResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ResetCustomPasswordChangeMessageTextToDefaultRequest {
|
|
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ResetCustomPasswordChangeMessageTextToDefaultResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetOrgIDPByIDRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetOrgIDPByIDResponse {
|
|
zitadel.idp.v1.IDP idp = 1;
|
|
}
|
|
|
|
message ListOrgIDPsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//the field the result is sorted
|
|
zitadel.idp.v1.IDPFieldName sorting_column = 2;
|
|
//criteria the client is looking for
|
|
repeated IDPQuery queries = 3;
|
|
}
|
|
|
|
message IDPQuery {
|
|
oneof query {
|
|
option (validate.required) = true;
|
|
|
|
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
|
|
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
|
|
zitadel.idp.v1.IDPOwnerTypeQuery owner_type_query = 3;
|
|
}
|
|
}
|
|
|
|
message ListOrgIDPsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
zitadel.idp.v1.IDPFieldName sorting_column = 2;
|
|
repeated zitadel.idp.v1.IDP result = 3;
|
|
}
|
|
|
|
message AddOrgOIDCIDPRequest {
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
zitadel.idp.v1.IDPStylingType styling_type = 2 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "some identity providers specify the styling of the button to their login";
|
|
}
|
|
];
|
|
|
|
string client_id = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client id generated by the identity provider";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string client_secret = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client secret generated by the identity provider";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string issuer = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the OIDC issuer of the identity provider";
|
|
}
|
|
];
|
|
repeated string scopes = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"openid\", \"profile\", \"email\"]";
|
|
description: "the scopes requested by ZITADEL during the request on the identity provider";
|
|
}
|
|
];
|
|
zitadel.idp.v1.OIDCMappingField display_name_mapping = 7 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the display name of the user";
|
|
}
|
|
];
|
|
zitadel.idp.v1.OIDCMappingField username_mapping = 8 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the email of the user";
|
|
}
|
|
];
|
|
bool auto_register = 9;
|
|
}
|
|
|
|
message AddOrgOIDCIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string idp_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69234230193872955\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message AddOrgJWTIDPRequest {
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
zitadel.idp.v1.IDPStylingType styling_type = 2 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "some identity providers specify the styling of the button to their login";
|
|
}
|
|
];
|
|
string jwt_endpoint = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the endpoint where the JWT can be extracted";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string issuer = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the issuer of the JWT (for validation)";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string keys_endpoint = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com/keys\"";
|
|
description: "the endpoint to the key (JWK) which is used to sign the JWT with";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string header_name = 6 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"x-auth-token\"";
|
|
description: "the name of the header where the JWT is sent in, default is authorization";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
bool auto_register = 7;
|
|
}
|
|
|
|
message AddOrgJWTIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string idp_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69234230193872955\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message DeactivateOrgIDPRequest {
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message DeactivateOrgIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ReactivateOrgIDPRequest {
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message ReactivateOrgIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message RemoveOrgIDPRequest {
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
//This is an empty response
|
|
message RemoveOrgIDPResponse {}
|
|
|
|
message UpdateOrgIDPRequest {
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"google\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
zitadel.idp.v1.IDPStylingType styling_type = 3 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "some identity providers specify the styling of the button to their login";
|
|
}
|
|
];
|
|
bool auto_register = 4;
|
|
}
|
|
|
|
message UpdateOrgIDPResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message UpdateOrgIDPOIDCConfigRequest {
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
|
|
string client_id = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client id generated by the identity provider";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string client_secret = 3 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "client secret generated by the identity provider. If empty the secret is not overwritten";
|
|
}
|
|
];
|
|
string issuer = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the OIDC issuer of the identity provider";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
repeated string scopes = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"openid\", \"profile\", \"email\"]";
|
|
description: "the scopes requested by ZITADEL during the request on the identity provider";
|
|
}
|
|
];
|
|
zitadel.idp.v1.OIDCMappingField display_name_mapping = 6 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the display name of the user";
|
|
}
|
|
];
|
|
zitadel.idp.v1.OIDCMappingField username_mapping = 7 [
|
|
(validate.rules).enum = {defined_only: true},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "definition which field is mapped to the email of the user";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateOrgIDPOIDCConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
|
|
message UpdateOrgIDPJWTConfigRequest {
|
|
string idp_id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
string jwt_endpoint = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the endpoint where the JWT can be extracted";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string issuer = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com\"";
|
|
description: "the issuer of the JWT (for validation)";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string keys_endpoint = 4 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"https://accounts.google.com/keys\"";
|
|
description: "the endpoint to the key (JWK) which is used to sign the JWT with";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string header_name = 5 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"x-auth-token\"";
|
|
description: "the name of the header where the JWT is sent in, default is authorization";
|
|
max_length: 200;
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateOrgIDPJWTConfigResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListProvidersRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//criteria the client is looking for
|
|
repeated ProviderQuery queries = 2;
|
|
}
|
|
|
|
message ProviderQuery {
|
|
oneof query {
|
|
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
|
|
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
|
|
zitadel.idp.v1.IDPOwnerTypeQuery owner_type_query = 3;
|
|
}
|
|
}
|
|
|
|
message ListProvidersResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
repeated zitadel.idp.v1.Provider result = 2;
|
|
}
|
|
|
|
message GetProviderByIDRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message GetProviderByIDResponse {
|
|
zitadel.idp.v1.Provider idp = 1;
|
|
}
|
|
|
|
message AddGenericOAuthProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string authorization_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_endpoint = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_endpoint = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 7 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
// identifying attribute of the user in the response of the user_endpoint
|
|
string id_attribute = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.Options provider_options = 9;
|
|
}
|
|
|
|
message AddGenericOAuthProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGenericOAuthProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
|
string authorization_endpoint = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_endpoint = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_endpoint = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 8 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
// identifying attribute of the user in the response of the user_endpoint
|
|
string id_attribute = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.Options provider_options = 10;
|
|
}
|
|
|
|
message UpdateGenericOAuthProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddGenericOIDCProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
bool is_id_token_mapping = 7;
|
|
}
|
|
|
|
message AddGenericOIDCProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGenericOIDCProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 5 [(validate.rules).string = {max_len: 200}];
|
|
repeated string scopes = 6 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 7;
|
|
bool is_id_token_mapping = 8;
|
|
}
|
|
|
|
message UpdateGenericOIDCProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddJWTProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string jwt_endpoint = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string keys_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string header_name = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
}
|
|
|
|
message AddJWTProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateJWTProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string jwt_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string keys_endpoint = 5 [(validate.rules).string = {max_len: 200}];
|
|
string header_name = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.Options provider_options = 7;
|
|
}
|
|
|
|
message UpdateJWTProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddAzureADProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// if not provided the `common` tenant will be used
|
|
zitadel.idp.v1.AzureADTenant tenant = 4;
|
|
bool email_verified = 5;
|
|
repeated string scopes = 6 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 7;
|
|
}
|
|
|
|
message AddAzureADProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateAzureADProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
|
// if not provided the `common` tenant will be used
|
|
zitadel.idp.v1.AzureADTenant tenant = 5;
|
|
bool email_verified = 6;
|
|
repeated string scopes = 7 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 8;
|
|
}
|
|
|
|
message UpdateAzureADProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddGitHubProviderRequest {
|
|
// GitHub will be used as default, if no name is provided
|
|
string name = 1 [(validate.rules).string = {max_len: 200}];
|
|
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 4 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 5;
|
|
}
|
|
|
|
message AddGitHubProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGitHubProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
|
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
}
|
|
|
|
message UpdateGitHubProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddGitHubEnterpriseServerProviderRequest {
|
|
string client_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string authorization_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_endpoint = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_endpoint = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 7 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 8;
|
|
}
|
|
|
|
message AddGitHubEnterpriseServerProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGitHubEnterpriseServerProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
|
string authorization_endpoint = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string token_endpoint = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_endpoint = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 8 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 9;
|
|
}
|
|
|
|
message UpdateGitHubEnterpriseServerProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddGitLabProviderRequest {
|
|
// GitLab will be used as default, if no name is provided
|
|
string name = 1 [(validate.rules).string = {max_len: 200}];
|
|
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 4 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 5;
|
|
}
|
|
|
|
message AddGitLabProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGitLabProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
|
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
}
|
|
|
|
message UpdateGitLabProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddGitLabSelfHostedProviderRequest {
|
|
string issuer = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
}
|
|
|
|
message AddGitLabSelfHostedProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGitLabSelfHostedProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_id = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 5 [(validate.rules).string = {max_len: 200}];
|
|
repeated string scopes = 6 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 7;
|
|
}
|
|
|
|
message UpdateGitLabSelfHostedProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddGoogleProviderRequest {
|
|
// Google will be used as default, if no name is provided
|
|
string name = 1 [(validate.rules).string = {max_len: 200}];
|
|
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 4 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 5;
|
|
}
|
|
|
|
message AddGoogleProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateGoogleProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {max_len: 200}];
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
// client_secret will only be updated if provided
|
|
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
|
repeated string scopes = 5 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
|
zitadel.idp.v1.Options provider_options = 6;
|
|
}
|
|
|
|
message UpdateGoogleProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message AddLDAPProviderRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string host = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string port = 3 [(validate.rules).string = {max_len: 5}];
|
|
bool tls = 4;
|
|
string base_dn = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_object_class = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_unique_attribute = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string admin = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string password = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
zitadel.idp.v1.LDAPAttributes attributes = 10;
|
|
zitadel.idp.v1.Options provider_options = 11;
|
|
}
|
|
|
|
message AddLDAPProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message UpdateLDAPProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string host = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string port = 4 [(validate.rules).string = {max_len: 5}];
|
|
bool tls = 5;
|
|
string base_dn = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_object_class = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string user_unique_attribute = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string admin = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string password = 10 [(validate.rules).string = {max_len: 200}];
|
|
zitadel.idp.v1.LDAPAttributes attributes = 11;
|
|
zitadel.idp.v1.Options provider_options = 12;
|
|
}
|
|
|
|
message UpdateLDAPProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeleteProviderRequest {
|
|
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
}
|
|
|
|
message DeleteProviderResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ListActionsRequest {
|
|
//list limitations and ordering
|
|
zitadel.v1.ListQuery query = 1;
|
|
//the field the result is sorted
|
|
zitadel.action.v1.ActionFieldName sorting_column = 2;
|
|
//criteria the client is looking for
|
|
repeated ActionQuery queries = 3;
|
|
}
|
|
|
|
message ActionQuery {
|
|
oneof query {
|
|
option (validate.required) = true;
|
|
|
|
zitadel.action.v1.ActionIDQuery action_id_query = 1;
|
|
zitadel.action.v1.ActionNameQuery action_name_query = 2;
|
|
zitadel.action.v1.ActionStateQuery action_state_query = 3;
|
|
}
|
|
}
|
|
|
|
message ListActionsResponse {
|
|
zitadel.v1.ListDetails details = 1;
|
|
zitadel.action.v1.ActionFieldName sorting_column = 2;
|
|
repeated zitadel.action.v1.Action result = 3;
|
|
}
|
|
|
|
message CreateActionRequest {
|
|
string name = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"log context\"";
|
|
min_length: 1;
|
|
max_length: 200;
|
|
}
|
|
];
|
|
string script = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 2000},
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"function log(context, calls){console.log(context)}\"";
|
|
description: "Javascript code that should be executed"
|
|
min_length: 1;
|
|
max_length: 2000;
|
|
}
|
|
];
|
|
google.protobuf.Duration timeout = 3 [
|
|
(validate.rules).duration = {gte: {}, lte: {seconds: 20}},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "after which time the action will be terminated if not finished";
|
|
}
|
|
];
|
|
bool allowed_to_fail = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "when true, the next action will be called even if this action fails";
|
|
}
|
|
];
|
|
}
|
|
|
|
message CreateActionResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string id = 2;
|
|
}
|
|
|
|
message GetActionRequest {
|
|
string id = 1;
|
|
}
|
|
|
|
message GetActionResponse {
|
|
zitadel.action.v1.Action action = 1;
|
|
}
|
|
|
|
message UpdateActionRequest {
|
|
string id = 1 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
string name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"log context\"";
|
|
}
|
|
];
|
|
string script = 3 [
|
|
(validate.rules).string = {min_len: 1, max_len: 2000},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"function log(context, calls){console.log(context)}\"";
|
|
}
|
|
];
|
|
google.protobuf.Duration timeout = 4 [
|
|
(validate.rules).duration = {gte: {}, lte: {seconds: 20}},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "after which time the action will be terminated if not finished";
|
|
}
|
|
];
|
|
bool allowed_to_fail = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "when true, the next action will be called even if this action fails";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UpdateActionResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message DeleteActionRequest {
|
|
string id = 1;
|
|
}
|
|
|
|
message DeleteActionResponse {}
|
|
|
|
message ListFlowTypesRequest {}
|
|
|
|
message ListFlowTypesResponse {
|
|
repeated zitadel.action.v1.FlowType result = 1;
|
|
}
|
|
|
|
message ListFlowTriggerTypesRequest {
|
|
string type = 1;
|
|
}
|
|
|
|
message ListFlowTriggerTypesResponse {
|
|
repeated zitadel.action.v1.TriggerType result = 1;
|
|
}
|
|
|
|
message DeactivateActionRequest {
|
|
string id = 1;
|
|
}
|
|
|
|
message DeactivateActionResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message ReactivateActionRequest {
|
|
string id = 1;
|
|
}
|
|
|
|
message ReactivateActionResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message GetFlowRequest {
|
|
// id of the flow
|
|
string type = 1;
|
|
}
|
|
|
|
message GetFlowResponse {
|
|
zitadel.action.v1.Flow flow = 1;
|
|
}
|
|
|
|
message ClearFlowRequest {
|
|
// id of the flow
|
|
string type = 1;
|
|
}
|
|
|
|
message ClearFlowResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|
|
|
|
message SetTriggerActionsRequest {
|
|
// id of the flow type
|
|
string flow_type = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"1\"";
|
|
description: "At the moment you have to send the ID of the Flow Type: ExternalAuthentication=1, CustomiseToken=2, InternalAuthentication=3, PreUserinfoCreation=3";
|
|
}
|
|
];
|
|
// id of the trigger type
|
|
string trigger_type = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"1\"";
|
|
description: "At the moment you have to send the ID of the Trigger Type: PostAuthentication=1, PreCreation=2, PostCreation=3, PreUserinfoCreation=4, PreAccessTokenCreation=5";
|
|
}
|
|
];
|
|
repeated string action_ids = 3;
|
|
}
|
|
|
|
message SetTriggerActionsResponse {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
}
|