@zitadel/node/dist/api/generated/zitadel/idp/v2/idp.d.ts

Library for API access to ZITADEL. Provides compiled gRPC service clients and helpers for applications and service accounts.

import { BinaryReader, BinaryWriter } from "@bufbuild/protobuf/wire";
import Long from "long";
import { Duration } from "../../../google/protobuf/duration.js";
import { Details } from "../../object/v2/object.js";
export declare const protobufPackage = "zitadel.idp.v2";
export declare enum IDPState {
    IDP_STATE_UNSPECIFIED = 0,
    IDP_STATE_ACTIVE = 1,
    IDP_STATE_INACTIVE = 2,
    IDP_STATE_REMOVED = 3,
    IDP_STATE_MIGRATED = 4,
    UNRECOGNIZED = -1
}
export declare function iDPStateFromJSON(object: any): IDPState;
export declare function iDPStateToJSON(object: IDPState): string;
export declare enum IDPType {
    IDP_TYPE_UNSPECIFIED = 0,
    IDP_TYPE_OIDC = 1,
    IDP_TYPE_JWT = 2,
    IDP_TYPE_LDAP = 3,
    IDP_TYPE_OAUTH = 4,
    IDP_TYPE_AZURE_AD = 5,
    IDP_TYPE_GITHUB = 6,
    IDP_TYPE_GITHUB_ES = 7,
    IDP_TYPE_GITLAB = 8,
    IDP_TYPE_GITLAB_SELF_HOSTED = 9,
    IDP_TYPE_GOOGLE = 10,
    IDP_TYPE_APPLE = 11,
    IDP_TYPE_SAML = 12,
    UNRECOGNIZED = -1
}
export declare function iDPTypeFromJSON(object: any): IDPType;
export declare function iDPTypeToJSON(object: IDPType): string;
export declare enum SAMLBinding {
    SAML_BINDING_UNSPECIFIED = 0,
    SAML_BINDING_POST = 1,
    SAML_BINDING_REDIRECT = 2,
    SAML_BINDING_ARTIFACT = 3,
    UNRECOGNIZED = -1
}
export declare function sAMLBindingFromJSON(object: any): SAMLBinding;
export declare function sAMLBindingToJSON(object: SAMLBinding): string;
export declare enum SAMLNameIDFormat {
    SAML_NAME_ID_FORMAT_UNSPECIFIED = 0,
    SAML_NAME_ID_FORMAT_EMAIL_ADDRESS = 1,
    SAML_NAME_ID_FORMAT_PERSISTENT = 2,
    SAML_NAME_ID_FORMAT_TRANSIENT = 3,
    UNRECOGNIZED = -1
}
export declare function sAMLNameIDFormatFromJSON(object: any): SAMLNameIDFormat;
export declare function sAMLNameIDFormatToJSON(object: SAMLNameIDFormat): string;
export declare enum AutoLinkingOption {
    /** AUTO_LINKING_OPTION_UNSPECIFIED - AUTO_LINKING_OPTION_UNSPECIFIED disables the auto linking prompt. */
    AUTO_LINKING_OPTION_UNSPECIFIED = 0,
    /**
     * AUTO_LINKING_OPTION_USERNAME - AUTO_LINKING_OPTION_USERNAME will use the username of the external user to
     * check for a corresponding ZITADEL user.
     */
    AUTO_LINKING_OPTION_USERNAME = 1,
    /**
     * AUTO_LINKING_OPTION_EMAIL - AUTO_LINKING_OPTION_EMAIL  will use the email of the external user to check
     * for a corresponding ZITADEL user with the same verified email Note that in
     * case multiple users match, no prompt will be shown.
     */
    AUTO_LINKING_OPTION_EMAIL = 2,
    UNRECOGNIZED = -1
}
export declare function autoLinkingOptionFromJSON(object: any): AutoLinkingOption;
export declare function autoLinkingOptionToJSON(object: AutoLinkingOption): string;
export declare enum AzureADTenantType {
    AZURE_AD_TENANT_TYPE_COMMON = 0,
    AZURE_AD_TENANT_TYPE_ORGANISATIONS = 1,
    AZURE_AD_TENANT_TYPE_CONSUMERS = 2,
    UNRECOGNIZED = -1
}
export declare function azureADTenantTypeFromJSON(object: any): AzureADTenantType;
export declare function azureADTenantTypeToJSON(object: AzureADTenantType): string;
export interface IDP {
    /** Unique identifier for the identity provider. */
    id: string;
    details: Details | undefined;
    /** Current state of the identity provider. */
    state: IDPState;
    name: string;
    /** Type of the identity provider, for example OIDC, JWT, LDAP and SAML. */
    type: IDPType;
    /** Configuration for the type of the identity provider. */
    config: IDPConfig | undefined;
}
export interface IDPConfig {
    options: Options | undefined;
    ldap?: LDAPConfig | undefined;
    google?: GoogleConfig | undefined;
    oauth?: OAuthConfig | undefined;
    oidc?: GenericOIDCConfig | undefined;
    jwt?: JWTConfig | undefined;
    github?: GitHubConfig | undefined;
    githubEs?: GitHubEnterpriseServerConfig | undefined;
    gitlab?: GitLabConfig | undefined;
    gitlabSelfHosted?: GitLabSelfHostedConfig | undefined;
    azureAd?: AzureADConfig | undefined;
    apple?: AppleConfig | undefined;
    saml?: SAMLConfig | undefined;
}
export interface JWTConfig {
    /** The endpoint where the JWT can be extracted. */
    jwtEndpoint: string;
    /** The issuer of the JWT (for validation). */
    issuer: string;
    /** The endpoint to the key (JWK) which is used to sign the JWT with. */
    keysEndpoint: string;
    /** The name of the header where the JWT is sent in, default is authorization. */
    headerName: string;
}
export interface OAuthConfig {
    /** Client id generated by the identity provider. */
    clientId: string;
    /** The endpoint where ZITADEL send the user to authenticate. */
    authorizationEndpoint: string;
    /** The endpoint where ZITADEL can get the token. */
    tokenEndpoint: string;
    /** The endpoint where ZITADEL can get the user information. */
    userEndpoint: string;
    /**
     * The scopes requested by ZITADEL during the request on the identity
     * provider.
     */
    scopes: string[];
    /**
     * Defines how the attribute is called where ZITADEL can get the id of the
     * user.
     */
    idAttribute: string;
}
export interface GenericOIDCConfig {
    /** The OIDC issuer of the identity provider. */
    issuer: string;
    /** Client id generated by the identity provider. */
    clientId: string;
    /**
     * The scopes requested by ZITADEL during the request on the identity
     * provider.
     */
    scopes: string[];
    /**
     * If true, provider information get mapped from the id token, not from the
     * userinfo endpoint.
     */
    isIdTokenMapping: boolean;
}
export interface GitHubConfig {
    /** The client ID of the GitHub App. */
    clientId: string;
    /** The scopes requested by ZITADEL during the request to GitHub. */
    scopes: string[];
}
export interface GitHubEnterpriseServerConfig {
    /** The client ID of the GitHub App. */
    clientId: string;
    authorizationEndpoint: string;
    tokenEndpoint: string;
    userEndpoint: string;
    /** The scopes requested by ZITADEL during the request to GitHub. */
    scopes: string[];
}
export interface GoogleConfig {
    /** Client id of the Google application. */
    clientId: string;
    /** The scopes requested by ZITADEL during the request to Google. */
    scopes: string[];
}
export interface GitLabConfig {
    /** Client id of the GitLab application. */
    clientId: string;
    /** The scopes requested by ZITADEL during the request to GitLab. */
    scopes: string[];
}
export interface GitLabSelfHostedConfig {
    issuer: string;
    /** Client id of the GitLab application. */
    clientId: string;
    /** The scopes requested by ZITADEL during the request to GitLab. */
    scopes: string[];
}
export interface LDAPConfig {
    servers: string[];
    startTls: boolean;
    baseDn: string;
    bindDn: string;
    userBase: string;
    userObjectClasses: string[];
    userFilters: string[];
    timeout: Duration | undefined;
    attributes: LDAPAttributes | undefined;
    rootCa: Buffer;
}
export interface SAMLConfig {
    /** Metadata of the SAML identity provider. */
    metadataXml: Buffer;
    /** Binding which defines the type of communication with the identity provider. */
    binding: SAMLBinding;
    /** Boolean which defines if the authentication requests are signed. */
    withSignedRequest: boolean;
    /** `nameid-format` for the SAML Request. */
    nameIdFormat: SAMLNameIDFormat;
    /**
     * Optional name of the attribute, which will be used to map the user
     * in case the nameid-format returned is
     * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
     */
    transientMappingAttributeName?: string | undefined;
    /**
     * Boolean weather federated logout is enabled. If enabled, ZITADEL will send a logout request to the identity provider,
     * if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.
     */
    federatedLogoutEnabled?: boolean | undefined;
}
export interface AzureADConfig {
    /** Client id of the Azure AD application */
    clientId: string;
    /**
     * Defines what user accounts should be able to login (Personal,
     * Organizational, All).
     */
    tenant: AzureADTenant | undefined;
    /**
     * Azure AD doesn't send if the email has been verified. Enable this if the
     * user email should always be added verified in ZITADEL (no verification
     * emails will be sent).
     */
    emailVerified: boolean;
    /** The scopes requested by ZITADEL during the request to Azure AD. */
    scopes: string[];
}
export interface Options {
    /**
     * Enable if users should be able to link an existing ZITADEL user with an
     * external account.
     */
    isLinkingAllowed: boolean;
    /**
     * Enable if users should be able to create a new account in ZITADEL when
     * using an external account.
     */
    isCreationAllowed: boolean;
    /**
     * Enable if a new account in ZITADEL should be created automatically when
     * login with an external account.
     */
    isAutoCreation: boolean;
    /**
     * Enable if a the ZITADEL account fields should be updated automatically on
     * each login.
     */
    isAutoUpdate: boolean;
    /**
     * Enable if users should get prompted to link an existing ZITADEL user to an
     * external account if the selected attribute matches.
     */
    autoLinking: AutoLinkingOption;
}
export interface LDAPAttributes {
    idAttribute: string;
    firstNameAttribute: string;
    lastNameAttribute: string;
    displayNameAttribute: string;
    nickNameAttribute: string;
    preferredUsernameAttribute: string;
    emailAttribute: string;
    emailVerifiedAttribute: string;
    phoneAttribute: string;
    phoneVerifiedAttribute: string;
    preferredLanguageAttribute: string;
    avatarUrlAttribute: string;
    profileAttribute: string;
    rootCa: string;
}
export interface AzureADTenant {
    tenantType?: AzureADTenantType | undefined;
    tenantId?: string | undefined;
}
export interface AppleConfig {
    /** Client id (App ID or Service ID) provided by Apple. */
    clientId: string;
    /** Team ID provided by Apple. */
    teamId: string;
    /** ID of the private key generated by Apple. */
    keyId: string;
    /** The scopes requested by ZITADEL during the request to Apple. */
    scopes: string[];
}
export declare const IDP: MessageFns<IDP>;
export declare const IDPConfig: MessageFns<IDPConfig>;
export declare const JWTConfig: MessageFns<JWTConfig>;
export declare const OAuthConfig: MessageFns<OAuthConfig>;
export declare const GenericOIDCConfig: MessageFns<GenericOIDCConfig>;
export declare const GitHubConfig: MessageFns<GitHubConfig>;
export declare const GitHubEnterpriseServerConfig: MessageFns<GitHubEnterpriseServerConfig>;
export declare const GoogleConfig: MessageFns<GoogleConfig>;
export declare const GitLabConfig: MessageFns<GitLabConfig>;
export declare const GitLabSelfHostedConfig: MessageFns<GitLabSelfHostedConfig>;
export declare const LDAPConfig: MessageFns<LDAPConfig>;
export declare const SAMLConfig: MessageFns<SAMLConfig>;
export declare const AzureADConfig: MessageFns<AzureADConfig>;
export declare const Options: MessageFns<Options>;
export declare const LDAPAttributes: MessageFns<LDAPAttributes>;
export declare const AzureADTenant: MessageFns<AzureADTenant>;
export declare const AppleConfig: MessageFns<AppleConfig>;
type Builtin = Date | Function | Uint8Array | string | number | boolean | undefined;
export type DeepPartial<T> = T extends Builtin ? T : T extends Long ? string | number | Long : T extends globalThis.Array<infer U> ? globalThis.Array<DeepPartial<U>> : T extends ReadonlyArray<infer U> ? ReadonlyArray<DeepPartial<U>> : T extends {} ? {
    [K in keyof T]?: DeepPartial<T[K]>;
} : Partial<T>;
export interface MessageFns<T> {
    encode(message: T, writer?: BinaryWriter): BinaryWriter;
    decode(input: BinaryReader | Uint8Array, length?: number): T;
    fromJSON(object: any): T;
    toJSON(message: T): unknown;
    create(base?: DeepPartial<T>): T;
    fromPartial(object: DeepPartial<T>): T;
}
export {};