mirror of
https://github.com/gitpod-io/gitpod.git
synced 2025-12-08 17:36:30 +00:00
172 lines
4.5 KiB
Protocol Buffer
172 lines
4.5 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package iam.v1;
|
|
|
|
option go_package = "github.com/gitpod-io/gitpod/components/iam-api/go/v1";
|
|
|
|
import "google/protobuf/timestamp.proto";
|
|
|
|
|
|
// Configuration of an OpenID client.
|
|
//
|
|
// For the metadata describing the configuration of OIDC providers, cf.
|
|
// https://openid.net/specs/openid-connect-discovery-1_0.html
|
|
message OIDCClientConfig {
|
|
// ID is the unique identifier for the OIDC Config.
|
|
// Read only.
|
|
string id = 1;
|
|
|
|
OIDCConfig oidc_config = 2;
|
|
|
|
OAuth2Config oauth2_config = 3;
|
|
// Optional.
|
|
bool oauth_only = 4;
|
|
|
|
// List of the JWS signing algorithms (alg values) supported by the OP for the
|
|
// ID Token to encode the Claims in a JWT. The algorithm RS256 MUST be
|
|
// included.
|
|
// Optional.
|
|
repeated string id_token_signing_alg_values_supported = 5;
|
|
|
|
// Time when the config was created.
|
|
// Read-only.
|
|
google.protobuf.Timestamp creation_time = 6;
|
|
|
|
// Describes the status of this configuration item.
|
|
// Read-only.
|
|
OIDCClientConfigStatus status = 7;
|
|
}
|
|
|
|
// The OIDC specific part of the client configuration.
|
|
message OIDCConfig {
|
|
// URL using the https scheme with no query or fragment component that the
|
|
// OIDC provider asserts as its Issuer Identifier.
|
|
// Required.
|
|
string issuer = 1;
|
|
|
|
// A KeySet that can validate the id_token (JSON web token)
|
|
// Either one is required.
|
|
string jwks = 2;
|
|
string jwks_url = 3;
|
|
|
|
// Provider specific parameters to control the behavior of the consent screen.
|
|
// Optional.
|
|
ConsentScreenHints hints = 4;
|
|
|
|
// Optional overrides for key mapping to be applied when extracting claims from id_tokens.
|
|
// Should only be set, if an override is required.
|
|
// Optional.
|
|
ClaimMappingOverride override_claim_mapping = 5;
|
|
}
|
|
|
|
// Provider specific parameters to control the behavior of the consent screen.
|
|
message ConsentScreenHints {
|
|
// Control options for the consent screen.
|
|
// Optional.
|
|
string prompt = 1;
|
|
// A hint to pre-select the tenant from an AD.
|
|
// Optional.
|
|
string domain_hint = 2;
|
|
// Optional.
|
|
string login_hint = 3;
|
|
}
|
|
|
|
// Optional overrides for key mapping to be applied when extracting claims from id_tokens.
|
|
message ClaimMappingOverride {
|
|
// Optional.
|
|
string claim_email_key = 1;
|
|
// Optional.
|
|
string claim_groups_key = 2;
|
|
// Optional.
|
|
string claim_username_key = 3;
|
|
}
|
|
|
|
// The OAuth2 specific part of the client configuration.
|
|
message OAuth2Config {
|
|
// Required.
|
|
string client_id = 1;
|
|
// Required for creation/updates.
|
|
// Empty on read.
|
|
string client_secret = 2;
|
|
// Required.
|
|
string authorization_endpoint = 3;
|
|
// Required.
|
|
string token_endpoint = 4;
|
|
// Required.
|
|
repeated string scopes_supported = 5;
|
|
|
|
// Source for additional claims for the token.
|
|
// Additional keys may be used to control the extraction of a profile.
|
|
// Required.
|
|
string userinfo_endpoint = 6;
|
|
|
|
// Keys of the userinfo result to extract a profile from.
|
|
// Optional.
|
|
UserInfoKeys userinfo_keys = 7;
|
|
}
|
|
|
|
// Description of keys of a userinfo result.
|
|
message UserInfoKeys {
|
|
// Optional.
|
|
string userinfo_id_key = 1;
|
|
// Optional.
|
|
string userinfo_name_key = 2;
|
|
}
|
|
|
|
// The status of an OIDC client configuration.
|
|
message OIDCClientConfigStatus {
|
|
//
|
|
}
|
|
|
|
|
|
service OIDCService {
|
|
// Creates a new OIDC client configuration.
|
|
rpc CreateClientConfig(CreateClientConfigRequest)
|
|
returns (CreateClientConfigResponse) {};
|
|
|
|
// Retrieves an OIDC client configuration by ID.
|
|
rpc GetClientConfig(GetClientConfigRequest)
|
|
returns (GetClientConfigResponse) {};
|
|
|
|
// Lists OIDC client configurations.
|
|
rpc ListClientConfigs(ListClientConfigsRequest)
|
|
returns (ListClientConfigsResponse) {};
|
|
|
|
// Updates modifiable properties of an existing OIDC client configuration.
|
|
rpc UpdateClientConfig(UpdateClientConfigRequest)
|
|
returns (UpdateClientConfigResponse) {};
|
|
|
|
// Removes a OIDC client configuration by ID.
|
|
rpc DeleteClientConfig(DeleteClientConfigRequest)
|
|
returns (DeleteClientConfigResponse) {};
|
|
}
|
|
|
|
message CreateClientConfigRequest {
|
|
OIDCClientConfig config = 1;
|
|
|
|
// Optional.
|
|
bool use_discovery = 2;
|
|
}
|
|
|
|
message CreateClientConfigResponse { OIDCClientConfig config = 1; }
|
|
|
|
message GetClientConfigRequest { string id = 1; }
|
|
message GetClientConfigResponse { OIDCClientConfig config = 1; }
|
|
|
|
message ListClientConfigsRequest {
|
|
}
|
|
|
|
message ListClientConfigsResponse {
|
|
repeated OIDCClientConfig providers = 1;
|
|
|
|
int64 total_results = 2;
|
|
}
|
|
|
|
message UpdateClientConfigRequest { OIDCClientConfig config = 1; }
|
|
|
|
message UpdateClientConfigResponse {}
|
|
|
|
message DeleteClientConfigRequest { string id = 1; }
|
|
|
|
message DeleteClientConfigResponse {}
|