pub
/
st-peter-client
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
st-peter-client/proto/st-peter-auth.proto

633 lines
16 KiB
Protocol Buffer
Raw Permalink Blame History

syntax = "proto3";
package st_peter.auth;
option go_package = "nandie.com/pkg/;auth_service";
import "google/protobuf/timestamp.proto";
service AuthService {
rpc RegisterUser (RegisterUserRequest) returns (RegisterUserResponse);
rpc VerifyRegisterUser (VerifyRegisterUserRequest) returns (AuthenticationResponse);
rpc Login (LoginRequest) returns (AuthenticationResponse);
rpc Logout (LogoutRequest) returns (LogoutResponse);
rpc VerifyToken (VerifyTokenRequest) returns (AuthenticationResponse);
rpc VerifyAuthClaimToken (VerifyAuthClaimTokenRequest) returns (AuthenticationResponse);
rpc InitiateTwoFactor (InitiateTwoFactorRequest) returns (InitiateTwoFactorResponse);
rpc VerifyTwoFactor (VerifyTwoFactorRequest) returns (AuthenticationResponse);
rpc InitiatePasswordReset (InitiatePasswordResetRequest) returns (PasswordResetTokenResponse);
rpc VerifyPasswordResetToken (VerifyPasswordResetTokenRequest) returns (PasswordResetTokenResponse);
rpc ResetPassword (ResetPasswordRequest) returns (AuthenticationResponse);
rpc ResendVerificationCode (ResendVerificationRequest) returns (ResendVerificationResponse);
rpc UpdateUserInfo (UpdateUserInfoRequest) returns (UpdateUserInfoResponse);
rpc ChangeIdentityField (ChangeIdentityFieldRequest) returns (ChangeIdentityFieldResponse);
rpc VerifyIdentityField (VerifyIdentityFieldRequest) returns (VerifyIdentityFieldResponse);
rpc ResendIdentifierChangeCode(ResendIdentityFieldRequest) returns (ChangeIdentityFieldResponse);
rpc UpdateUserPreference (UpdateUserPreferenceRequest) returns (OperationResponse);
rpc GetUserPreferenceByCode (GetUserPreferenceByCodeRequest) returns (GetUserPreferenceByCodeResponse);
rpc GetUserSessions(GetUserSessionsRequest) returns (GetUserSessionsResponse);
rpc ClearUserSessions(ClearUserSessionsRequest) returns (ClearUserSessionsResponse);
// Social login - Mobile flow (validates ID token from native SDK)
rpc SocialLogin(SocialLoginRequest) returns (SocialLoginResponse);
// Social login - Web OAuth flow
rpc InitiateOAuth(InitiateOAuthRequest) returns (InitiateOAuthResponse);
rpc CompleteOAuth(OAuthCallbackRequest) returns (SocialLoginResponse);
// Account linking
rpc LinkSocialAccount(LinkSocialAccountRequest) returns (OperationResponse);
rpc UnlinkSocialAccount(UnlinkSocialAccountRequest) returns (OperationResponse);
rpc GetLinkedAccounts(GetLinkedAccountsRequest) returns (GetLinkedAccountsResponse);
// API Keys
rpc CreateApiKey(CreateApiKeyRequest) returns (CreateApiKeyResponse);
rpc ListApiKeys(ListApiKeysRequest) returns (ListApiKeysResponse);
rpc RevokeApiKey(RevokeApiKeyRequest) returns (OperationResponse);
rpc VerifyApiKey(VerifyApiKeyRequest) returns (AuthenticationResponse);
// Password policy (public, no auth required)
rpc GetPasswordPolicy(GetPasswordPolicyRequest) returns (GetPasswordPolicyResponse);
// Metrics
rpc GetMetrics(GetMetricsRequest) returns (GetMetricsResponse);
// User lookup by identifier (email, phone, or handle) — any authenticated user
rpc LookupUser(LookupUserRequest) returns (LookupUserResponse);
}
message Date {
int32 year = 1;
uint32 month = 2;
uint32 day = 3;
}
enum ResultCode {
RESULT_CODE_SUCCESS = 0;
RESULT_CODE_NOT_FOUND = 1;
RESULT_CODE_INTERNAL_SERVER_ERROR = 2;
RESULT_CODE_BAD_REQUEST = 3;
RESULT_CODE_NOT_AUTHORIZED = 4;
RESULT_CODE_FORBIDDEN = 5;
RESULT_CODE_VALIDATION_ERRORS = 6;
RESULT_CODE_PASSCODE_REQUIRED = 7;
RESULT_CODE_TOO_MANY_REQUESTS = 9;
RESULT_CODE_INVALID_CREDENTIALS = 8;
RESULT_CODE_INACTIVE_USER = 10;
RESULT_CODE_IDENTITY_IN_USE = 11;
RESULT_CODE_NEXT_STEP = 12;
}
enum ChannelType {
CHANNEL_TYPE_UNSPECIFIED = 0;
CHANNEL_TYPE_EMAIL = 1;
CHANNEL_TYPE_SMS = 2;
}
enum VerificationCodeType {
VERIFICATION_CODE_TYPE_UNSPECIFIED = 0;
VERIFICATION_CODE_TYPE_REGISTER = 1;
VERIFICATION_CODE_TYPE_PASSWORD_RESET = 2;
VERIFICATION_CODE_TYPE_OTP_LOGIN = 3;
}
message User {
string id = 1;
string email = 2;
string phone = 3;
string first_names = 4;
string last_name = 5;
string profile_picture_url = 6;
optional string handle = 7;
google.protobuf.Timestamp created_at = 10;
google.protobuf.Timestamp updated_at = 11;
google.protobuf.Timestamp deleted_at = 12;
google.protobuf.Timestamp last_login = 13;
bool is_active = 20;
bool is_email_verified = 21;
bool is_phone_verified = 22;
Date date_of_birth = 23;
int64 version = 24;
repeated SocialAccount social_accounts = 30;
}
message UserPreference {
string id = 1;
string user_id = 2;
string preference_code = 3;
string preference_value_type = 4;
string preference_value = 5;
google.protobuf.Timestamp created_at = 10;
google.protobuf.Timestamp updated_at = 11;
}
message Role {
string id = 1;
string code = 2;
string description = 3;
google.protobuf.Timestamp created_at = 4;
google.protobuf.Timestamp updated_at = 5;
}
message SocialAccount {
string provider = 1;
string provider_user_id = 2;
string access_token = 3;
google.protobuf.Timestamp expires_at = 4;
string email = 5;
string name = 6;
string profile_picture_url = 7;
bool email_verified = 8;
}
// OAuth Provider enumeration
enum OAuthProvider {
OAUTH_PROVIDER_UNSPECIFIED = 0;
OAUTH_PROVIDER_GOOGLE = 1;
OAUTH_PROVIDER_APPLE = 2;
OAUTH_PROVIDER_FACEBOOK = 3;
OAUTH_PROVIDER_MICROSOFT = 4;
}
// Mobile flow - validate ID token from native SDK
message SocialLoginRequest {
OAuthProvider provider = 1;
string id_token = 2; // JWT from Google/Apple SDK
string access_token = 3; // For Facebook
DeviceInfo device_info = 4;
string nonce = 5; // For Apple Sign-In security
}
message SocialLoginResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
AuthenticatedUser authenticated_user = 4;
bool is_new_user = 5;
bool was_auto_linked = 6;
repeated ValidationError validation_errors = 7;
}
// Web flow - initiate OAuth redirect
message InitiateOAuthRequest {
OAuthProvider provider = 1;
string redirect_uri = 2;
string state = 3; // Client-provided state for additional verification
}
message InitiateOAuthResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string authorization_url = 4;
string state = 5; // Server-generated state token
}
// Web flow - handle callback
message OAuthCallbackRequest {
OAuthProvider provider = 1;
string code = 2;
string state = 3;
DeviceInfo device_info = 4;
}
// Account linking
message LinkSocialAccountRequest {
string actor_id = 1;
string actor_token = 2;
OAuthProvider provider = 3;
string id_token = 4;
string access_token = 5;
string nonce = 6; // For Apple Sign-In
}
message UnlinkSocialAccountRequest {
string actor_id = 1;
string actor_token = 2;
OAuthProvider provider = 3;
}
message GetLinkedAccountsRequest {
string actor_id = 1;
string actor_token = 2;
}
message GetLinkedAccountsResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
repeated SocialAccount accounts = 4;
}
message RegisterUserRequest {
string user_identifier = 1;
string password = 2;
string first_names = 4;
string last_name = 5;
string app_hash = 6;
DeviceInfo device_info = 7;
}
message RegisterUserResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string registration_id = 4;
repeated ValidationError validation_errors = 5;
}
message VerifyRegisterUserRequest {
string user_identifier = 1; // Can be either email or phone
string registration_id = 2;
string token = 3; //Token has a redirect to encoded in it.
DeviceInfo device_info = 4;
}
message UserResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
User user = 4;
}
message DeviceInfo {
string application_name = 1; // e.g., 'web', 'mobile'
string application_version = 2; //e.g., '1.0.0'
string device_name = 3; // e.g., 'iPhone X', 'Pixel 2'
string device_type = 4; // -- e.g., 'desktop', 'mobile'
string device_os = 5; // e. g., 'iOS', 'Android', 'Windows'
string device_os_version = 6; // e.g., '10', '11.4.1'
string device_id = 7; // e.g., 'imei:1234567890', 'serial:1234567890'
}
message LoginRequest {
string user_identifier = 1; // Can be either email or phone
string password = 2;
string app_hash = 3;
DeviceInfo device_info = 4;
}
message AuthenticationResponse {
bool success = 1;
bool pass_code_required = 2;
string two_factor_id = 3;
ResultCode result_code = 8;
string message = 9;
AuthenticatedUser authenticated_user = 10;
}
message AuthenticatedUser {
User user = 1;
string token = 2;
string session_id = 3;
google.protobuf.Timestamp expires_at = 4;
repeated UserPreference user_preferences = 5;
repeated AssignedUserRole user_roles = 11;
}
message AssignedUserRole {
string id = 1;
string user_id = 2;
string role_id = 3;
string role_name = 4;
string scope_code = 5;
string target_id = 6;
}
message VerifyTokenRequest {
string token = 1;
bool include_user_roles = 2;
repeated string role_scopes = 3;
repeated string role_names = 4;
}
message VerifyAuthClaimTokenRequest {
string claim = 2;
}
message InitiateTwoFactorResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string two_factor_id = 4;
ChannelType channel = 5;
string user_id = 7;
repeated ValidationError validation_errors = 6;
}
message VerifyTwoFactorResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
repeated ValidationError validation_errors = 4;
}
message InitiateTwoFactorRequest {
optional string user_id = 1;
optional string user_identifier = 5; // Can be either email or phone
ChannelType channel = 2;
string app_hash = 3;
DeviceInfo device_info = 4;
}
message VerifyTwoFactorRequest {
string two_factor_id = 1;
string code = 2;
DeviceInfo device_info = 3;
}
message InitiatePasswordResetRequest {
string user_identifier = 1; // Can be either email or phone
string app_hash = 2;
DeviceInfo device_info = 4;
string new_password = 5;
}
message OperationResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
}
message VerifyPasswordResetTokenRequest {
string user_id = 1;
string password_reset_id = 2;
string passcode = 3;
}
message PasswordResetTokenResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string password_reset_id = 4;
}
message ResetPasswordRequest {
string user_id = 1;
string password_reset_id = 2;
string passcode = 3;
DeviceInfo device_info = 4;
}
enum IdentityField {
IDENTITY_FIELD_UNSPECIFIED = 0;
IDENTITY_FIELD_EMAIL = 1;
IDENTITY_FIELD_phone = 2;
IDENTITY_FIELD_PASSWORD = 3;
IDENTITY_FIELD_HANDLE = 4;
}
message ChangeIdentityFieldRequest {
string user_id = 1;
string user_token = 2;
ChannelType channel = 3;
string new_value = 4;
IdentityField field_type = 5;
string app_hash = 6;
DeviceInfo device_info = 7;
}
message ChangeIdentityFieldResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string challenge_id = 4;
int32 passcode_size = 5;
string user_identifier = 6;
ChannelType channel = 7;
repeated ValidationError validation_errors = 8;
}
message VerifyIdentityFieldRequest {
string user_id = 1;
string user_token = 2;
string challenge_id = 4;
string verification_code = 5;
string app_hash = 6;
DeviceInfo device_info = 7;
}
message ResendIdentityFieldRequest {
string user_id = 1;
string user_token = 2;
string challenge_id = 4;
string app_hash = 6;
DeviceInfo device_info = 7;
}
message VerifyIdentityFieldResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
bool requires_verification = 8;
string challenge_id = 4;
int32 passcode_size = 5;
string user_identifier = 6;
ChannelType channel = 7;
repeated ValidationError validation_errors = 9;
}
message UpdateUserInfoRequest {
string user_id = 1;
string user_token = 2;
optional string first_names = 3;
optional string last_name = 4;
optional string profile_picture_id = 6;
Date date_of_birth = 5;
optional string handle = 7; // Optional unique handle (e.g., @username)
}
message UpdateUserInfoResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
User user = 4;
}
message LogoutRequest {
string token = 1;
}
message LogoutResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
}
message ValidationError {
string field = 1;
string message = 2;
}
message Scope {
string code = 1;
string description = 2;
optional string parent_code = 3;
bool is_active = 4;
}
message UpdateUserPreferenceRequest {
string actor_id = 1;
string actor_token = 2;
string preference_key = 3;
string preference_value = 4;
}
message GetUserPreferenceByCodeRequest {
string actor_id = 1;
string actor_token = 2;
string preference_code = 3;
}
message GetUserPreferenceByCodeResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string value = 4;
}
message ResendVerificationRequest {
string user_identifier = 1;
VerificationCodeType verification_code_type = 2;
string app_hash = 3;
string verification_code_id = 4;
DeviceInfo device_info = 19;
}
message ResendVerificationResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string verification_code_id = 4;
}
message UserSession {
string id = 1;
string user_id = 2;
DeviceInfo device_info = 3;
google.protobuf.Timestamp created_at = 4;
google.protobuf.Timestamp expires_at = 5;
google.protobuf.Timestamp last_activity = 6;
bool is_active = 7;
string ip_address = 8;
string user_agent = 9;
}
message GetUserSessionsRequest {
string actor_id = 1;
string actor_token = 2;
int32 page = 3;
int32 size = 4;
}
message GetUserSessionsResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
repeated UserSession sessions = 4;
int32 total = 5;
}
message ClearUserSessionsRequest {
string actor_id = 1;
string actor_token = 2;
repeated string session_ids = 3; // If empty, clears all sessions except current
}
message ClearUserSessionsResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
int32 cleared_count = 4;
}
// Metrics
message GetMetricsRequest {
string bearer_token = 1;
}
message GetMetricsResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string metrics = 4; // Prometheus text format
}
// API Key messages
message CreateApiKeyRequest {
string token = 1; // existing session token for auth
string name = 2;
repeated string scopes = 3;
int64 expires_at = 4; // 0 = never
}
message CreateApiKeyResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
string api_key = 4; // full key, shown ONCE
string key_id = 5;
string key_prefix = 6;
}
message ListApiKeysRequest {
string token = 1;
}
message ListApiKeysResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
repeated ApiKeyInfo keys = 4;
}
message ApiKeyInfo {
string id = 1;
string name = 2;
string key_prefix = 3;
repeated string scopes = 4;
int64 last_used_at = 5;
int64 expires_at = 6;
int64 created_at = 7;
bool is_active = 8;
}
message RevokeApiKeyRequest {
string token = 1;
string key_id = 2;
}
message VerifyApiKeyRequest {
string api_key = 1;
}
// Password policy
message GetPasswordPolicyRequest {}
message GetPasswordPolicyResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
uint32 min_length = 4;
bool requires_uppercase = 5;
bool requires_special_character = 6;
}
// Lookup user by exact identifier (email, phone number, or handle)
message LookupUserRequest {
string user_id = 1;
string user_token = 2;
string identifier = 3; // email, phone number, or handle
}
message LookupUserResponse {
bool success = 1;
ResultCode result_code = 2;
string message = 3;
optional User user = 4;
}
Reference in New Issue View Git Blame Copy Permalink