mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-11 09:43:40 +00:00
fb8cd18f93
# Which Problems Are Solved Some organizations / customers have the requirement, that there users regularly need to change their password. ZITADEL already had the possibility to manage a `password age policy` ( thought the API) with the maximum amount of days a password should be valid, resp. days after with the user should be warned of the upcoming expiration. The policy could not be managed though the Console UI and was not checked in the Login UI. # How the Problems Are Solved - The policy can be managed in the Console UI's settings sections on an instance and organization level. - During an authentication in the Login UI, if a policy is set with an expiry (>0) and the user's last password change exceeds the amount of days set, the user will be prompted to change their password. - The prompt message of the Login UI can be customized in the Custom Login Texts though the Console and API on the instance and each organization. - The information when the user last changed their password is returned in the Auth, Management and User V2 API. - The policy can be retrieved in the settings service as `password expiry settings`. # Additional Changes None. # Additional Context - closes #8081 --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
1011 lines
32 KiB
Protocol Buffer
1011 lines
32 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "zitadel/object.proto";
|
|
import "validate/validate.proto";
|
|
import "google/protobuf/timestamp.proto";
|
|
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
|
|
package zitadel.user.v1;
|
|
|
|
option go_package ="github.com/zitadel/zitadel/pkg/grpc/user";
|
|
|
|
message User {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
UserState state = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "current state of the user";
|
|
}
|
|
];
|
|
string user_name = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi-giraffe\"";
|
|
}
|
|
];
|
|
repeated string login_names = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"gigi@zitadel.com\", \"gigi@zitadel.zitadel.ch\"]";
|
|
}
|
|
];
|
|
string preferred_login_name = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi@zitadel.com\"";
|
|
}
|
|
];
|
|
oneof type {
|
|
Human human = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one of type use human or machine"
|
|
}
|
|
];
|
|
Machine machine = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one of type use human or machine"
|
|
}
|
|
];
|
|
}
|
|
}
|
|
|
|
enum UserState {
|
|
USER_STATE_UNSPECIFIED = 0;
|
|
USER_STATE_ACTIVE = 1;
|
|
USER_STATE_INACTIVE = 2;
|
|
USER_STATE_DELETED = 3;
|
|
USER_STATE_LOCKED = 4;
|
|
USER_STATE_SUSPEND = 5;
|
|
USER_STATE_INITIAL = 6;
|
|
}
|
|
|
|
message Human {
|
|
Profile profile = 1;
|
|
Email email = 2;
|
|
Phone phone = 3;
|
|
// The time the user last changed their password.
|
|
google.protobuf.Timestamp password_changed = 4;
|
|
}
|
|
|
|
message Machine {
|
|
string name = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"zitadel\"";
|
|
}
|
|
];
|
|
string description = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"The one and only IAM\"";
|
|
}
|
|
];
|
|
bool has_secret = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"true\"";
|
|
}
|
|
];
|
|
AccessTokenType access_token_type = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Type of access token to receive";
|
|
}
|
|
];
|
|
}
|
|
|
|
message Profile {
|
|
string first_name = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Gigi\"";
|
|
}
|
|
];
|
|
string last_name = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Giraffe\"";
|
|
}
|
|
];
|
|
string nick_name = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi-giraffe\"";
|
|
}
|
|
];
|
|
string display_name = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "a user can set the display name, if nothing is set ZITADEL computes \"first_name last_name\""
|
|
example: "\"Gigi Giraffe\"";
|
|
}
|
|
];
|
|
string preferred_language = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "language tag analog https://tools.ietf.org/html/rfc3066"
|
|
example: "\"en\"";
|
|
}
|
|
];
|
|
Gender gender = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the gender of the human";
|
|
}
|
|
];
|
|
string avatar_url = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "avatar URL of the user"
|
|
example: "\"https://api.zitadel.ch/assets/v1/avatar-32432jkh4kj32\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
message Email {
|
|
string email = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)"
|
|
example: "\"gigi@zitadel.com\"";
|
|
}
|
|
];
|
|
bool is_email_verified = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Is true if the user verified the email or if the email is managed outside ZITADEL"
|
|
}
|
|
];
|
|
}
|
|
|
|
message Phone {
|
|
string phone = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)"
|
|
example: "\"+41 71 000 00 00\"";
|
|
}
|
|
];
|
|
bool is_phone_verified = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Is true if the user verified the phone or if the phone is managed outside ZITADEL"
|
|
}
|
|
];
|
|
}
|
|
|
|
enum Gender {
|
|
GENDER_UNSPECIFIED = 0;
|
|
GENDER_FEMALE = 1;
|
|
GENDER_MALE = 2;
|
|
GENDER_DIVERSE = 3;
|
|
}
|
|
|
|
enum AccessTokenType {
|
|
ACCESS_TOKEN_TYPE_BEARER = 0;
|
|
ACCESS_TOKEN_TYPE_JWT = 1;
|
|
}
|
|
|
|
message SearchQuery {
|
|
oneof query {
|
|
option (validate.required) = true;
|
|
|
|
UserNameQuery user_name_query = 1;
|
|
FirstNameQuery first_name_query = 2;
|
|
LastNameQuery last_name_query = 3;
|
|
NickNameQuery nick_name_query = 4;
|
|
DisplayNameQuery display_name_query = 5;
|
|
EmailQuery email_query = 6;
|
|
StateQuery state_query = 7;
|
|
TypeQuery type_query = 8;
|
|
LoginNameQuery login_name_query = 9;
|
|
InUserIDQuery in_user_ids_query = 10;
|
|
OrQuery or_query = 11;
|
|
AndQuery and_query = 12;
|
|
NotQuery not_query = 13;
|
|
InUserEmailsQuery in_user_emails_query = 14;
|
|
}
|
|
}
|
|
|
|
message OrQuery {
|
|
repeated SearchQuery queries = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the sub queries to 'OR'"
|
|
}
|
|
];
|
|
}
|
|
message AndQuery {
|
|
repeated SearchQuery queries = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the sub queries to 'AND'"
|
|
}
|
|
];
|
|
}
|
|
|
|
message NotQuery {
|
|
SearchQuery query = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the sub query to negate (NOT)"
|
|
}
|
|
];
|
|
}
|
|
|
|
message InUserIDQuery {
|
|
repeated string user_ids = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the ids of the users to include"
|
|
example: "[\"69629023906488334\",\"69622366012355662\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message InUserEmailsQuery {
|
|
repeated string user_emails = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the emails of the users to include"
|
|
example: "[\"test@example.com\",\"test@example.org\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserNameQuery {
|
|
string user_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"gigi-giraffe\"";
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message FirstNameQuery {
|
|
string first_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"Gigi\"";
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message LastNameQuery {
|
|
string last_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"Giraffe\"";
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message NickNameQuery {
|
|
string nick_name = 1 [(validate.rules).string = {max_len: 200}];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message DisplayNameQuery {
|
|
string display_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"Gigi Giraffe\"";
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message EmailQuery {
|
|
string email_address = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "email address of the user"
|
|
max_length: 200;
|
|
example: "\"gigi@zitadel.com\"";
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message LoginNameQuery {
|
|
string login_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
max_length: 200;
|
|
example: "\"gigi@zitadel.cloud\"";
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
//UserStateQuery always equals
|
|
message StateQuery {
|
|
UserState state = 1 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "current state of the user";
|
|
}
|
|
];
|
|
}
|
|
|
|
//UserTypeQuery always equals
|
|
message TypeQuery {
|
|
Type type = 1 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the type of the user";
|
|
}
|
|
];
|
|
}
|
|
|
|
enum Type {
|
|
TYPE_UNSPECIFIED = 0;
|
|
TYPE_HUMAN = 1;
|
|
TYPE_MACHINE = 2;
|
|
}
|
|
|
|
enum UserFieldName {
|
|
USER_FIELD_NAME_UNSPECIFIED = 0;
|
|
USER_FIELD_NAME_USER_NAME = 1;
|
|
USER_FIELD_NAME_FIRST_NAME = 2;
|
|
USER_FIELD_NAME_LAST_NAME = 3;
|
|
USER_FIELD_NAME_NICK_NAME = 4;
|
|
USER_FIELD_NAME_DISPLAY_NAME = 5;
|
|
USER_FIELD_NAME_EMAIL = 6;
|
|
USER_FIELD_NAME_STATE = 7;
|
|
USER_FIELD_NAME_TYPE = 8;
|
|
USER_FIELD_NAME_CREATION_DATE = 9;
|
|
}
|
|
|
|
message AuthFactor {
|
|
AuthFactorState state = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "current state of the auth factor";
|
|
}
|
|
];
|
|
oneof type {
|
|
AuthFactorOTP otp = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one type use OTP, OTPSMS, OTPEmail or U2F"
|
|
}
|
|
];
|
|
AuthFactorU2F u2f = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one type use OTP, OTPSMS, OTPEmail or U2F"
|
|
}
|
|
];
|
|
AuthFactorOTPSMS otp_sms = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one type use OTP, OTPSMS, OTPEmail or U2F"
|
|
}
|
|
];
|
|
AuthFactorOTPEmail otp_email = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one type use OTP, OTPSMS, OTPEmail or U2F"
|
|
}
|
|
];
|
|
}
|
|
}
|
|
|
|
enum AuthFactorState {
|
|
AUTH_FACTOR_STATE_UNSPECIFIED = 0;
|
|
AUTH_FACTOR_STATE_NOT_READY = 1;
|
|
AUTH_FACTOR_STATE_READY = 2;
|
|
AUTH_FACTOR_STATE_REMOVED = 3;
|
|
}
|
|
|
|
message AuthFactorOTP {}
|
|
message AuthFactorOTPSMS {}
|
|
message AuthFactorOTPEmail {}
|
|
|
|
message AuthFactorU2F {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
string name = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"fido key\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message WebAuthNKey {
|
|
bytes public_key = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "json representation of public key credential creation options used by the webauthn client"
|
|
example: "\"eyJwdWJsaWNLZXkiOnsiY2hhbGxlbmdlIoplfZm4vM21qSzBPdjltN2x6VWhnclYyejFJSlVzZnpLd0Z1TytWTWtzRW1Icz0iLCJycCI6eyJuYW1lIjoiWklUQURFTCIsImlkIjoiYWNtZS1nem9lNHgueml0YWRlbC5jbG91ZCJ9LCJ1c2VyIjp7Im5hbWUiOiJ0ZXN0dXNlcjU1QGFjbWUueml0YWRlbC5jbG91ZCIsImRpc3BsYXlOYW1lIjoiVGVzdCBUZXN0IiwiaWQiOiJNVGd5TVRVMk1qWTBNakk1TXpBMk5qSTEifSwicHViS2V5Q3JlZFBhcmFtcyI6W3sidHlwZSI6InB1YmxpYy1rZXkiLCJhbGciOi03fSx7InR5cGUiOiJwdWJsaWMta2V5IiwiYWxnIjotMzV9LHsidHlwZSI6InB1YmxpYy1rZXkiLCJhbGciOi0zNn0seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTI1N30seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTI1OH0seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTI1OX0seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTM3fSx7InR5cGUiOiJwdWJsaWMta2V5IiwiYWxnIjotMzh9LHsidHlwZSI6InB1YmxpYy1rZXkiLCJhbGciOi0zOX0seyJ0eXBlIjoicHVibGljLWtleSIsImFsZyI6LTh9XSwiYXV0aGVudGljYXRvclNlbGVjdGlvbiI6eyJ1c2VyVmVyaWZpY2F0aW9uIjoiZGlzY291cmFnZWQifn2ilGltZW91dCI6NjAwMDAsImF0dGVzdGF0aW9uIjoibm9uZSJ9fQ==\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message WebAuthNVerification {
|
|
bytes public_key_credential = 1 [
|
|
(validate.rules).bytes.min_len = 55,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "JSON representation of public key credential issued by the webauthn client";
|
|
min_length: 55;
|
|
max_length: 1048576; //1 MB
|
|
}
|
|
];
|
|
string token_name = 2 [
|
|
(validate.rules).string = {min_len: 1, max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"fido key\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message WebAuthNToken {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
AuthFactorState state = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "current state of the token";
|
|
}
|
|
];
|
|
string name = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
min_length: 1;
|
|
max_length: 200;
|
|
example: "\"fido key\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message Membership {
|
|
string user_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
repeated string roles = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"IAM_OWNER\"]"
|
|
}
|
|
];
|
|
string display_name = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "display name of the user"
|
|
example: "\"Gigi Giraffe\"";
|
|
}
|
|
];
|
|
oneof type {
|
|
bool iam = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one of type use iam, org id, project id or project grant id"
|
|
}
|
|
];
|
|
string org_id = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one of type use iam, org id, project id or project grant id"
|
|
}
|
|
];
|
|
string project_id = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one of type use iam, org id, project id or project grant id"
|
|
}
|
|
];
|
|
string project_grant_id = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "one of type use iam, org id, project id or project grant id"
|
|
}
|
|
];
|
|
}
|
|
}
|
|
|
|
message MembershipQuery {
|
|
oneof query {
|
|
option (validate.required) = true;
|
|
|
|
MembershipOrgQuery org_query = 1;
|
|
MembershipProjectQuery project_query = 2;
|
|
MembershipProjectGrantQuery project_grant_query = 3;
|
|
MembershipIAMQuery iam_query = 4;
|
|
}
|
|
}
|
|
|
|
// this query always equals
|
|
message MembershipOrgQuery {
|
|
string org_id = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
}
|
|
|
|
// this query always equals
|
|
message MembershipProjectQuery {
|
|
string project_id = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
}
|
|
|
|
// this query always equals
|
|
message MembershipProjectGrantQuery {
|
|
string project_grant_id = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
}
|
|
|
|
// this query always equals
|
|
message MembershipIAMQuery {
|
|
bool iam = 1;
|
|
}
|
|
|
|
message Session {
|
|
string session_id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
string agent_id = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
SessionState auth_state = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "current state of the session";
|
|
}
|
|
];
|
|
string user_id = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
string user_name = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi-giraffe\"";
|
|
}
|
|
];
|
|
string login_name = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi@zitadel.com\"";
|
|
}
|
|
];
|
|
string display_name = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the display name of the user"
|
|
example: "\"Gigi Giraffe\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 9;
|
|
string avatar_url = 10 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "avatar URL of the user"
|
|
example: "\"https://api.zitadel.ch/assets/v1/avatar-32432jkh4kj32\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
enum SessionState {
|
|
SESSION_STATE_UNSPECIFIED = 0;
|
|
SESSION_STATE_ACTIVE = 1;
|
|
SESSION_STATE_TERMINATED = 2;
|
|
}
|
|
|
|
message RefreshToken {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906489455\""
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
string client_id = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334@ZITADEL\"";
|
|
description: "oauth2/oidc client_id of the authorized application";
|
|
}
|
|
];
|
|
google.protobuf.Timestamp auth_time = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2023-02-13T08:45:00.000000Z\"";
|
|
description: "\"time when the user authenticated, does not have to be the same time the token was created\""
|
|
}
|
|
];
|
|
google.protobuf.Timestamp idle_expiration = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2023-02-14T08:45:00.000000Z\"";
|
|
description: "\"time the refresh token will expire if not used, the user will have to reauthenticate\""
|
|
}
|
|
];
|
|
google.protobuf.Timestamp expiration = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"2023-02-14T08:45:00.000000Z\"";
|
|
description: "\"time the refresh token will expire, the user will have to reauthenticate\""
|
|
}
|
|
];
|
|
repeated string scopes = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"openid\",\"email\",\"profile\",\"offline_access\"]";
|
|
description: "scopes of the initial auth request, access tokens created by this refresh token can have a subset of these scopes";
|
|
}
|
|
];
|
|
repeated string audience = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"69629023906488334@ZITADEL\", \"69629023906481256\"]"
|
|
description: "audience of the initial auth request and of all access tokens created by this refresh token";
|
|
}
|
|
];
|
|
}
|
|
|
|
|
|
message PersonalAccessToken {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\"";
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
google.protobuf.Timestamp expiration_date = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the date the token will expire";
|
|
example: "\"3019-04-01T08:45:00.000000Z\"";
|
|
}
|
|
];
|
|
repeated string scopes = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "scopes granted to the token";
|
|
example: "[\"openid\"]";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrant {
|
|
string id = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
zitadel.v1.ObjectDetails details = 2;
|
|
repeated string role_keys = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[\"role.super.man\"]"
|
|
}
|
|
];
|
|
UserGrantState state = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "current state of the user";
|
|
}
|
|
];
|
|
|
|
string user_id = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
string user_name = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi-giraffe\"";
|
|
}
|
|
];
|
|
string first_name = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Gigi\"";
|
|
}
|
|
];
|
|
string last_name = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Giraffe\"";
|
|
}
|
|
];
|
|
string email = 9 [
|
|
(validate.rules).string.email = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)"
|
|
example: "\"gigi@zitadel.com\"";
|
|
}
|
|
];
|
|
string display_name = 10 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "display name of the user"
|
|
example: "\"Gigi Giraffe\"";
|
|
}
|
|
];
|
|
string org_id = 11 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
string org_name = 12 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL\"";
|
|
}
|
|
];
|
|
string org_domain = 13 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"zitadel.cloud\"";
|
|
}
|
|
];
|
|
string project_id = 14 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
string project_name = 15 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL\"";
|
|
}
|
|
];
|
|
string project_grant_id = 16 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
string avatar_url = 17 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "avatar URL of the user"
|
|
example: "\"{your-domain}/assets/v1/avatar-32432jkh4kj32\"";
|
|
}
|
|
];
|
|
string preferred_login_name = 18 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi@zitadel.com\"";
|
|
}
|
|
];
|
|
Type user_type = 19 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "type of the user (human / machine)"
|
|
}
|
|
];
|
|
string granted_org_id = 20 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
string granted_org_name = 21 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ZITADEL\"";
|
|
}
|
|
];
|
|
string granted_org_domain = 22 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"zitadel.cloud\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
enum UserGrantState {
|
|
USER_GRANT_STATE_UNSPECIFIED = 0;
|
|
USER_GRANT_STATE_ACTIVE = 1;
|
|
USER_GRANT_STATE_INACTIVE = 2;
|
|
}
|
|
|
|
message UserGrantQuery {
|
|
oneof query {
|
|
option (validate.required) = true;
|
|
|
|
UserGrantProjectIDQuery project_id_query = 1;
|
|
UserGrantUserIDQuery user_id_query = 2;
|
|
UserGrantWithGrantedQuery with_granted_query = 3;
|
|
UserGrantRoleKeyQuery role_key_query = 4;
|
|
UserGrantProjectGrantIDQuery project_grant_id_query = 5;
|
|
UserGrantUserNameQuery user_name_query = 6;
|
|
UserGrantFirstNameQuery first_name_query = 7;
|
|
UserGrantLastNameQuery last_name_query = 8;
|
|
UserGrantEmailQuery email_query = 9;
|
|
UserGrantOrgNameQuery org_name_query = 10;
|
|
UserGrantOrgDomainQuery org_domain_query = 11;
|
|
UserGrantProjectNameQuery project_name_query = 12;
|
|
UserGrantDisplayNameQuery display_name_query = 13;
|
|
UserGrantUserTypeQuery user_type_query = 14;
|
|
}
|
|
}
|
|
|
|
message UserGrantProjectIDQuery {
|
|
string project_id = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantUserIDQuery {
|
|
string user_id = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantWithGrantedQuery {
|
|
bool with_granted = 1;
|
|
}
|
|
|
|
message UserGrantRoleKeyQuery {
|
|
string role_key = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"role.super.man\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantProjectGrantIDQuery {
|
|
string project_grant_id = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"69629023906488334\""
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantUserNameQuery {
|
|
string user_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi-giraffe\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantFirstNameQuery {
|
|
string first_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Gigi\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantLastNameQuery {
|
|
string last_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"Giraffe\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantEmailQuery {
|
|
string email = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"gigi@zitadel.com\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantOrgNameQuery {
|
|
string org_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"cao\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantOrgDomainQuery {
|
|
string org_domain = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"OS AG\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which text equality method is used"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantProjectNameQuery {
|
|
string project_name = 1 [
|
|
(validate.rules).string = {max_len: 200},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"ITADE\""
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "3"
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantDisplayNameQuery {
|
|
string display_name = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "display name of a user"
|
|
example: "\"Gigi Giraffe\"";
|
|
}
|
|
];
|
|
zitadel.v1.TextQueryMethod method = 2 [
|
|
(validate.rules).enum.defined_only = true,
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines which equality method is used";
|
|
}
|
|
];
|
|
}
|
|
|
|
message UserGrantUserTypeQuery {
|
|
Type type = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "type of user"
|
|
example: "\"TYPE_HUMAN\"";
|
|
}
|
|
];
|
|
}
|
|
|
|
//PLANNED: login name query
|