Skip to content

Commit f8ffbe0

Browse files
AlexTugarevroboquat
AlexTugarev
authored and
roboquat
committed
[iam] clean up oidc.proto
1 parent 9f35591 commit f8ffbe0

File tree

6 files changed

+538
-485
lines changed

6 files changed

+538
-485
lines changed

components/public-api/gitpod/experimental/v1/oidc.proto

Lines changed: 50 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -8,24 +8,60 @@ import "google/protobuf/timestamp.proto";
88

99
import "gitpod/experimental/v1/pagination.proto";
1010

11+
12+
// Configuration of an OpenID client.
13+
//
14+
// For the metadata describing the configuration of OIDC providers, cf.
15+
// https://openid.net/specs/openid-connect-discovery-1_0.html
16+
message OIDCClientConfig {
17+
// ID is the unique identifier for the OIDC Config.
18+
// Read only.
19+
string id = 1;
20+
21+
OIDCConfig oidc_config = 2;
22+
23+
OAuth2Config oauth2_config = 3;
24+
// Optional.
25+
bool oauth_only = 4;
26+
27+
// List of the JWS signing algorithms (alg values) supported by the OP for the
28+
// ID Token to encode the Claims in a JWT. The algorithm RS256 MUST be
29+
// included.
30+
// Optional.
31+
repeated string id_token_signing_alg_values_supported = 5;
32+
33+
// Time when the config was created.
34+
// Read-only.
35+
google.protobuf.Timestamp creation_time = 6;
36+
37+
// Describes the status of this configuration item.
38+
// Read-only.
39+
OIDCClientConfigStatus status = 7;
40+
}
41+
42+
// The OIDC specific part of the client configuration.
1143
message OIDCConfig {
1244
// URL using the https scheme with no query or fragment component that the
13-
// OIDC provider asserts as its Issuer Identifier. Required.
45+
// OIDC provider asserts as its Issuer Identifier.
46+
// Required.
1447
string issuer = 1;
1548

1649
// A KeySet that can validate the id_token (JSON web token)
1750
// Either one is required.
1851
string jwks = 2;
1952
string jwks_url = 3;
2053

54+
// Provider specific parameters to control the behavior of the consent screen.
2155
// Optional.
2256
ConsentScreenHints hints = 4;
2357

24-
// If set, the default claim mapping is overriden.
58+
// Optional overrides for key mapping to be applied when extracting claims from id_tokens.
59+
// Should only be set, if an override is required.
2560
// Optional.
2661
ClaimMappingOverride override_claim_mapping = 5;
2762
}
2863

64+
// Provider specific parameters to control the behavior of the consent screen.
2965
message ConsentScreenHints {
3066
// Control options for the consent screen.
3167
// Optional.
@@ -37,6 +73,7 @@ message ConsentScreenHints {
3773
string login_hint = 3;
3874
}
3975

76+
// Optional overrides for key mapping to be applied when extracting claims from id_tokens.
4077
message ClaimMappingOverride {
4178
// Optional.
4279
string claim_email_key = 1;
@@ -46,10 +83,12 @@ message ClaimMappingOverride {
4683
string claim_username_key = 3;
4784
}
4885

86+
// The OAuth2 specific part of the client configuration.
4987
message OAuth2Config {
5088
// Required.
5189
string client_id = 1;
52-
// Required.
90+
// Required for creation/updates.
91+
// Empty on read.
5392
string client_secret = 2;
5493
// Required.
5594
string authorization_endpoint = 3;
@@ -59,52 +98,29 @@ message OAuth2Config {
5998
repeated string scopes_supported = 5;
6099

61100
// Source for additional claims for the token.
101+
// Additional keys may be used to control the extraction of a profile.
62102
// Required.
63103
string userinfo_endpoint = 6;
64104

105+
// Keys of the userinfo result to extract a profile from.
65106
// Optional.
66107
UserInfoKeys userinfo_keys = 7;
67108
}
68109

110+
// Description of keys of a userinfo result.
69111
message UserInfoKeys {
70112
// Optional.
71113
string userinfo_id_key = 1;
72114
// Optional.
73115
string userinfo_name_key = 2;
74116
}
75117

76-
// Configuration of an OpenID provider instance.
77-
//
78-
// For the metadata describing the configuration of OIDC providers, cf.
79-
// https://openid.net/specs/openid-connect-discovery-1_0.html
80-
message OIDCClientConfig {
81-
// ID is the unique identifier for the OIDC Config.
82-
// Read only.
83-
string id = 1;
84-
85-
OIDCConfig oidc_config = 2;
86-
87-
OAuth2Config oauth2_config = 3;
88-
// Optional.
89-
bool oauth_only = 4;
90-
91-
// List of the JWS signing algorithms (alg values) supported by the OP for the
92-
// ID Token to encode the Claims in a JWT. The algorithm RS256 MUST be
93-
// included. Optional.
94-
repeated string id_token_signing_alg_values_supported = 5;
95-
96-
// Time when the config was created.
97-
// Read-only.
98-
google.protobuf.Timestamp creation_time = 6;
99-
100-
// Read-only.
101-
OIDCClientStatus status = 7;
102-
}
103-
104-
message OIDCClientStatus {
118+
// The status of an OIDC client configuration.
119+
message OIDCClientConfigStatus {
105120
//
106121
}
107122

123+
108124
service OIDCService {
109125
// Creates a new OIDC client configuration.
110126
rpc CreateClientConfig(CreateClientConfigRequest)
@@ -118,11 +134,11 @@ service OIDCService {
118134
rpc ListClientConfigs(ListClientConfigsRequest)
119135
returns (ListClientConfigsResponse) {};
120136

121-
// Updates modifiable properties of an existing OIDC provider configuration.
137+
// Updates modifiable properties of an existing OIDC client configuration.
122138
rpc UpdateClientConfig(UpdateClientConfigRequest)
123139
returns (UpdateClientConfigResponse) {};
124140

125-
// Removes a OIDC provider configuration by ID.
141+
// Removes a OIDC client configuration by ID.
126142
rpc DeleteClientConfig(DeleteClientConfigRequest)
127143
returns (DeleteClientConfigResponse) {};
128144
}

0 commit comments

Comments
 (0)