-
Notifications
You must be signed in to change notification settings - Fork 674
/
auth.proto
96 lines (79 loc) · 2.44 KB
/
auth.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
syntax = "proto3";
package magistrala;
option go_package = "./magistrala";
// ThingsService is a service that provides things authorization functionalities
// for magistrala services.
service ThingsService {
// Authorize checks if the thing is authorized to perform
// the action on the channel.
rpc Authorize(ThingsAuthzReq) returns (ThingsAuthzRes) {}
}
service TokenService {
rpc Issue(IssueReq) returns (Token) {}
rpc Refresh(RefreshReq) returns (Token) {}
}
// AuthService is a service that provides authentication and authorization
// functionalities for magistrala services.
service AuthService {
rpc Authorize(AuthZReq) returns (AuthZRes) {}
rpc Authenticate(AuthNReq) returns (AuthNRes) {}
}
// DomainsService is a service that provides access to domains
// functionalities for magistrala services.
service DomainsService {
rpc DeleteUserFromDomains(DeleteUserReq) returns (DeleteUserRes) {}
}
// If a token is not carrying any information itself, the type
// field can be used to determine how to validate the token.
// Also, different tokens can be encoded in different ways.
message Token {
string accessToken = 1;
optional string refreshToken = 2;
string accessType = 3;
}
message AuthNReq {
string token = 1;
}
message AuthNRes {
string id = 1; // IMPROVEMENT NOTE: change name from "id" to "subject" , sub in jwt = user id + domain id //
string user_id = 2; // user id
string domain_id = 3; // domain id
}
message IssueReq {
string user_id = 1;
uint32 type = 2;
}
message RefreshReq {
string refresh_token = 1;
}
message AuthZReq {
string domain = 1; // Domain
string subject_type = 2; // Thing or User
string subject_kind = 3; // ID or Token
string subject_relation = 4; // Subject relation
string subject = 5; // Subject value (id or token, depending on kind)
string relation = 6; // Relation to filter
string permission = 7; // Action
string object = 8; // Object ID
string object_type = 9; // Thing, User, Group
}
message AuthZRes {
bool authorized = 1;
string id = 2;
}
message DeleteUserRes { bool deleted = 1; }
message DeleteUserReq{
string id = 1;
}
message ThingsAuthzReq {
string channelID = 1;
string thingID = 2;
string thingKey = 3;
string permission = 4;
}
message ThingsAuthzRes {
bool authorized = 1;
string id = 2;
}