@pidgr/proto 0.36.0

package/pidgr/v1/sso_pb.ts

@@ -0,0 +1,409 @@
+// @generated by protoc-gen-es v2.11.0 with parameter "target=ts"
+// @generated from file pidgr/v1/sso.proto (package pidgr.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file pidgr/v1/sso.proto.
+ */
+export const file_pidgr_v1_sso: GenFile = /*@__PURE__*/
+  fileDesc("ChJwaWRnci92MS9zc28ucHJvdG8SCHBpZGdyLnYxIk0KE1NTT0F0dHJpYnV0ZU1hcHBpbmcSDQoFZW1haWwYASABKAkSEgoKZ2l2ZW5fbmFtZRgCIAEoCRITCgtmYW1pbHlfbmFtZRgDIAEoCSKdAgoLU1NPUHJvdmlkZXISCgoCaWQYASABKAkSDgoGZG9tYWluGAIgASgJEicKBHR5cGUYAyABKA4yGS5waWRnci52MS5TU09Qcm92aWRlclR5cGUSFAoMbWV0YWRhdGFfdXJsGAQgASgJEhkKEWlkcF9wcm92aWRlcl9uYW1lGAUgASgJEi4KCmNyZWF0ZWRfYXQYBiABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEi4KCnVwZGF0ZWRfYXQYByABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEjgKEWF0dHJpYnV0ZV9tYXBwaW5nGAggASgLMh0ucGlkZ3IudjEuU1NPQXR0cmlidXRlTWFwcGluZyIoChdDaGVja1NTT0J5RG9tYWluUmVxdWVzdBINCgVlbWFpbBgBIAEoCSJGChhDaGVja1NTT0J5RG9tYWluUmVzcG9uc2USEwoLc3NvX2VuYWJsZWQYASABKAgSFQoNcHJvdmlkZXJfbmFtZRgCIAEoCSKjAQoYQ3JlYXRlU1NPUHJvdmlkZXJSZXF1ZXN0Eg4KBmRvbWFpbhgBIAEoCRInCgR0eXBlGAIgASgOMhkucGlkZ3IudjEuU1NPUHJvdmlkZXJUeXBlEhQKDG1ldGFkYXRhX3VybBgDIAEoCRI4ChFhdHRyaWJ1dGVfbWFwcGluZxgEIAEoCzIdLnBpZGdyLnYxLlNTT0F0dHJpYnV0ZU1hcHBpbmciRAoZQ3JlYXRlU1NPUHJvdmlkZXJSZXNwb25zZRInCghwcm92aWRlchgBIAEoCzIVLnBpZGdyLnYxLlNTT1Byb3ZpZGVyIhcKFUdldFNTT1Byb3ZpZGVyUmVxdWVzdCJBChZHZXRTU09Qcm92aWRlclJlc3BvbnNlEicKCHByb3ZpZGVyGAEgASgLMhUucGlkZ3IudjEuU1NPUHJvdmlkZXIiLwoYRGVsZXRlU1NPUHJvdmlkZXJSZXF1ZXN0EhMKC3Byb3ZpZGVyX2lkGAEgASgJIhsKGURlbGV0ZVNTT1Byb3ZpZGVyUmVzcG9uc2UqbAoPU1NPUHJvdmlkZXJUeXBlEiEKHVNTT19QUk9WSURFUl9UWVBFX1VOU1BFQ0lGSUVEEAASGgoWU1NPX1BST1ZJREVSX1RZUEVfU0FNTBABEhoKFlNTT19QUk9WSURFUl9UWVBFX09JREMQAjL4AgoKU1NPU2VydmljZRJZChBDaGVja1NTT0J5RG9tYWluEiEucGlkZ3IudjEuQ2hlY2tTU09CeURvbWFpblJlcXVlc3QaIi5waWRnci52MS5DaGVja1NTT0J5RG9tYWluUmVzcG9uc2USXAoRQ3JlYXRlU1NPUHJvdmlkZXISIi5waWRnci52MS5DcmVhdGVTU09Qcm92aWRlclJlcXVlc3QaIy5waWRnci52MS5DcmVhdGVTU09Qcm92aWRlclJlc3BvbnNlElMKDkdldFNTT1Byb3ZpZGVyEh8ucGlkZ3IudjEuR2V0U1NPUHJvdmlkZXJSZXF1ZXN0GiAucGlkZ3IudjEuR2V0U1NPUHJvdmlkZXJSZXNwb25zZRJcChFEZWxldGVTU09Qcm92aWRlchIiLnBpZGdyLnYxLkRlbGV0ZVNTT1Byb3ZpZGVyUmVxdWVzdBojLnBpZGdyLnYxLkRlbGV0ZVNTT1Byb3ZpZGVyUmVzcG9uc2VCNlo0Z2l0aHViLmNvbS9waWRnci9waWRnci1wcm90by9nZW4vZ28vcGlkZ3IvdjE7cGlkZ3J2MWIGcHJvdG8z", [file_google_protobuf_timestamp]);
+
+/**
+ * Custom SAML attribute name overrides for identity providers that use
+ * non-standard attribute names. When provided, these override the
+ * auto-detected values from the metadata URL host.
+ *
+ * @generated from message pidgr.v1.SSOAttributeMapping
+ */
+export type SSOAttributeMapping = Message<"pidgr.v1.SSOAttributeMapping"> & {
+  /**
+   * SAML attribute name for the user's email address.
+   *
+   * @generated from field: string email = 1;
+   */
+  email: string;
+
+  /**
+   * SAML attribute name for the user's first name.
+   *
+   * @generated from field: string given_name = 2;
+   */
+  givenName: string;
+
+  /**
+   * SAML attribute name for the user's last name.
+   *
+   * @generated from field: string family_name = 3;
+   */
+  familyName: string;
+};
+
+/**
+ * Describes the message pidgr.v1.SSOAttributeMapping.
+ * Use `create(SSOAttributeMappingSchema)` to create a new message.
+ */
+export const SSOAttributeMappingSchema: GenMessage<SSOAttributeMapping> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 0);
+
+/**
+ * An SSO identity provider configured for an organization.
+ *
+ * @generated from message pidgr.v1.SSOProvider
+ */
+export type SSOProvider = Message<"pidgr.v1.SSOProvider"> & {
+  /**
+   * Unique identifier for the provider.
+   *
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * Email domain that triggers this SSO provider (e.g. "acme.com").
+   * Constraints: Max length 253 characters (RFC 1035).
+   *
+   * @generated from field: string domain = 2;
+   */
+  domain: string;
+
+  /**
+   * Type of identity provider.
+   *
+   * @generated from field: pidgr.v1.SSOProviderType type = 3;
+   */
+  type: SSOProviderType;
+
+  /**
+   * SAML metadata URL or OIDC discovery URL.
+   * Constraints: Max length 2048 characters. HTTPS required.
+   *
+   * @generated from field: string metadata_url = 4;
+   */
+  metadataUrl: string;
+
+  /**
+   * Name of the identity provider (used for signInWithRedirect).
+   * Set by the API when the IdP is created.
+   *
+   * @generated from field: string idp_provider_name = 5;
+   */
+  idpProviderName: string;
+
+  /**
+   * Timestamp when the provider was created.
+   *
+   * @generated from field: google.protobuf.Timestamp created_at = 6;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * Timestamp when the provider was last updated.
+   *
+   * @generated from field: google.protobuf.Timestamp updated_at = 7;
+   */
+  updatedAt?: Timestamp;
+
+  /**
+   * Optional custom SAML attribute name overrides.
+   *
+   * @generated from field: pidgr.v1.SSOAttributeMapping attribute_mapping = 8;
+   */
+  attributeMapping?: SSOAttributeMapping;
+};
+
+/**
+ * Describes the message pidgr.v1.SSOProvider.
+ * Use `create(SSOProviderSchema)` to create a new message.
+ */
+export const SSOProviderSchema: GenMessage<SSOProvider> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 1);
+
+/**
+ * Request to check if an email domain has SSO configured.
+ * This RPC is pre-authentication — no JWT required.
+ *
+ * @generated from message pidgr.v1.CheckSSOByDomainRequest
+ */
+export type CheckSSOByDomainRequest = Message<"pidgr.v1.CheckSSOByDomainRequest"> & {
+  /**
+   * Email address to check. The domain part is extracted.
+   * Constraints: Max length 254 characters (RFC 5321).
+   *
+   * @generated from field: string email = 1;
+   */
+  email: string;
+};
+
+/**
+ * Describes the message pidgr.v1.CheckSSOByDomainRequest.
+ * Use `create(CheckSSOByDomainRequestSchema)` to create a new message.
+ */
+export const CheckSSOByDomainRequestSchema: GenMessage<CheckSSOByDomainRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 2);
+
+/**
+ * Response for SSO domain check.
+ *
+ * @generated from message pidgr.v1.CheckSSOByDomainResponse
+ */
+export type CheckSSOByDomainResponse = Message<"pidgr.v1.CheckSSOByDomainResponse"> & {
+  /**
+   * Whether SSO is enabled for the email's domain.
+   *
+   * @generated from field: bool sso_enabled = 1;
+   */
+  ssoEnabled: boolean;
+
+  /**
+   * Identity provider name for signInWithRedirect.
+   * Empty if sso_enabled is false.
+   *
+   * @generated from field: string provider_name = 2;
+   */
+  providerName: string;
+};
+
+/**
+ * Describes the message pidgr.v1.CheckSSOByDomainResponse.
+ * Use `create(CheckSSOByDomainResponseSchema)` to create a new message.
+ */
+export const CheckSSOByDomainResponseSchema: GenMessage<CheckSSOByDomainResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 3);
+
+/**
+ * Request to create an SSO provider for the organization.
+ *
+ * @generated from message pidgr.v1.CreateSSOProviderRequest
+ */
+export type CreateSSOProviderRequest = Message<"pidgr.v1.CreateSSOProviderRequest"> & {
+  /**
+   * Email domain to associate (e.g. "acme.com").
+   * Constraints: Max length 253 characters (RFC 1035).
+   *
+   * @generated from field: string domain = 1;
+   */
+  domain: string;
+
+  /**
+   * Type of identity provider.
+   *
+   * @generated from field: pidgr.v1.SSOProviderType type = 2;
+   */
+  type: SSOProviderType;
+
+  /**
+   * SAML metadata URL or OIDC discovery URL.
+   * Constraints: Max length 2048 characters. HTTPS required.
+   *
+   * @generated from field: string metadata_url = 3;
+   */
+  metadataUrl: string;
+
+  /**
+   * Optional custom SAML attribute name overrides.
+   * When omitted, attribute names are auto-detected from the metadata URL.
+   *
+   * @generated from field: pidgr.v1.SSOAttributeMapping attribute_mapping = 4;
+   */
+  attributeMapping?: SSOAttributeMapping;
+};
+
+/**
+ * Describes the message pidgr.v1.CreateSSOProviderRequest.
+ * Use `create(CreateSSOProviderRequestSchema)` to create a new message.
+ */
+export const CreateSSOProviderRequestSchema: GenMessage<CreateSSOProviderRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 4);
+
+/**
+ * Response after creating an SSO provider.
+ *
+ * @generated from message pidgr.v1.CreateSSOProviderResponse
+ */
+export type CreateSSOProviderResponse = Message<"pidgr.v1.CreateSSOProviderResponse"> & {
+  /**
+   * The newly created SSO provider.
+   *
+   * @generated from field: pidgr.v1.SSOProvider provider = 1;
+   */
+  provider?: SSOProvider;
+};
+
+/**
+ * Describes the message pidgr.v1.CreateSSOProviderResponse.
+ * Use `create(CreateSSOProviderResponseSchema)` to create a new message.
+ */
+export const CreateSSOProviderResponseSchema: GenMessage<CreateSSOProviderResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 5);
+
+/**
+ * Request to get the SSO provider for the organization.
+ * Returns the provider if one is configured, or empty if not.
+ *
+ * @generated from message pidgr.v1.GetSSOProviderRequest
+ */
+export type GetSSOProviderRequest = Message<"pidgr.v1.GetSSOProviderRequest"> & {
+};
+
+/**
+ * Describes the message pidgr.v1.GetSSOProviderRequest.
+ * Use `create(GetSSOProviderRequestSchema)` to create a new message.
+ */
+export const GetSSOProviderRequestSchema: GenMessage<GetSSOProviderRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 6);
+
+/**
+ * Response containing the organization's SSO provider.
+ *
+ * @generated from message pidgr.v1.GetSSOProviderResponse
+ */
+export type GetSSOProviderResponse = Message<"pidgr.v1.GetSSOProviderResponse"> & {
+  /**
+   * The organization's SSO provider, or null if not configured.
+   *
+   * @generated from field: pidgr.v1.SSOProvider provider = 1;
+   */
+  provider?: SSOProvider;
+};
+
+/**
+ * Describes the message pidgr.v1.GetSSOProviderResponse.
+ * Use `create(GetSSOProviderResponseSchema)` to create a new message.
+ */
+export const GetSSOProviderResponseSchema: GenMessage<GetSSOProviderResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 7);
+
+/**
+ * Request to delete the organization's SSO provider.
+ *
+ * @generated from message pidgr.v1.DeleteSSOProviderRequest
+ */
+export type DeleteSSOProviderRequest = Message<"pidgr.v1.DeleteSSOProviderRequest"> & {
+  /**
+   * ID of the provider to delete.
+   *
+   * @generated from field: string provider_id = 1;
+   */
+  providerId: string;
+};
+
+/**
+ * Describes the message pidgr.v1.DeleteSSOProviderRequest.
+ * Use `create(DeleteSSOProviderRequestSchema)` to create a new message.
+ */
+export const DeleteSSOProviderRequestSchema: GenMessage<DeleteSSOProviderRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 8);
+
+/**
+ * Response after deleting an SSO provider.
+ *
+ * @generated from message pidgr.v1.DeleteSSOProviderResponse
+ */
+export type DeleteSSOProviderResponse = Message<"pidgr.v1.DeleteSSOProviderResponse"> & {
+};
+
+/**
+ * Describes the message pidgr.v1.DeleteSSOProviderResponse.
+ * Use `create(DeleteSSOProviderResponseSchema)` to create a new message.
+ */
+export const DeleteSSOProviderResponseSchema: GenMessage<DeleteSSOProviderResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_sso, 9);
+
+/**
+ * Type of SSO identity provider.
+ *
+ * @generated from enum pidgr.v1.SSOProviderType
+ */
+export enum SSOProviderType {
+  /**
+   * Default value; not a valid type.
+   *
+   * @generated from enum value: SSO_PROVIDER_TYPE_UNSPECIFIED = 0;
+   */
+  SSO_PROVIDER_TYPE_UNSPECIFIED = 0,
+
+  /**
+   * SAML 2.0 identity provider (e.g. Okta, Azure AD).
+   *
+   * @generated from enum value: SSO_PROVIDER_TYPE_SAML = 1;
+   */
+  SSO_PROVIDER_TYPE_SAML = 1,
+
+  /**
+   * OpenID Connect identity provider (e.g. Google Workspace, Auth0).
+   *
+   * @generated from enum value: SSO_PROVIDER_TYPE_OIDC = 2;
+   */
+  SSO_PROVIDER_TYPE_OIDC = 2,
+}
+
+/**
+ * Describes the enum pidgr.v1.SSOProviderType.
+ */
+export const SSOProviderTypeSchema: GenEnum<SSOProviderType> = /*@__PURE__*/
+  enumDesc(file_pidgr_v1_sso, 0);
+
+/**
+ * Manages SSO identity provider configuration for organizations.
+ *
+ * @generated from service pidgr.v1.SSOService
+ */
+export const SSOService: GenService<{
+  /**
+   * Check if an email domain has SSO configured.
+   * This is a pre-authentication endpoint — no JWT required.
+   * Authorization: None (public).
+   *
+   * @generated from rpc pidgr.v1.SSOService.CheckSSOByDomain
+   */
+  checkSSOByDomain: {
+    methodKind: "unary";
+    input: typeof CheckSSOByDomainRequestSchema;
+    output: typeof CheckSSOByDomainResponseSchema;
+  },
+  /**
+   * Create an SSO provider for the organization.
+   * Validates the metadata URL before saving.
+   * Creates the corresponding identity provider in the auth service.
+   * Authorization: Requires PERMISSION_ORG_WRITE.
+   *
+   * @generated from rpc pidgr.v1.SSOService.CreateSSOProvider
+   */
+  createSSOProvider: {
+    methodKind: "unary";
+    input: typeof CreateSSOProviderRequestSchema;
+    output: typeof CreateSSOProviderResponseSchema;
+  },
+  /**
+   * Get the organization's SSO provider configuration.
+   * Authorization: Requires PERMISSION_ORG_READ.
+   *
+   * @generated from rpc pidgr.v1.SSOService.GetSSOProvider
+   */
+  getSSOProvider: {
+    methodKind: "unary";
+    input: typeof GetSSOProviderRequestSchema;
+    output: typeof GetSSOProviderResponseSchema;
+  },
+  /**
+   * Delete the organization's SSO provider.
+   * Deletes the corresponding identity provider from the auth service.
+   * Users with that domain fall back to passkey/OTP.
+   * Authorization: Requires PERMISSION_ORG_WRITE.
+   *
+   * @generated from rpc pidgr.v1.SSOService.DeleteSSOProvider
+   */
+  deleteSSOProvider: {
+    methodKind: "unary";
+    input: typeof DeleteSSOProviderRequestSchema;
+    output: typeof DeleteSSOProviderResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_pidgr_v1_sso, 0);
+