forked from mystiq/dex
95796b04a3
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
189 lines
5.4 KiB
Protocol Buffer
189 lines
5.4 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package api;
|
|
|
|
option java_package = "com.coreos.dex.api";
|
|
option go_package = "github.com/dexidp/dex/api";
|
|
|
|
// Client represents an OAuth2 client.
|
|
message Client {
|
|
string id = 1;
|
|
string secret = 2;
|
|
repeated string redirect_uris = 3;
|
|
repeated string trusted_peers = 4;
|
|
bool public = 5;
|
|
string name = 6;
|
|
string logo_url = 7;
|
|
}
|
|
|
|
// CreateClientReq is a request to make a client.
|
|
message CreateClientReq {
|
|
Client client = 1;
|
|
}
|
|
|
|
// CreateClientResp returns the response from creating a client.
|
|
message CreateClientResp {
|
|
bool already_exists = 1;
|
|
Client client = 2;
|
|
}
|
|
|
|
// DeleteClientReq is a request to delete a client.
|
|
message DeleteClientReq {
|
|
// The ID of the client.
|
|
string id = 1;
|
|
}
|
|
|
|
// DeleteClientResp determines if the client is deleted successfully.
|
|
message DeleteClientResp {
|
|
bool not_found = 1;
|
|
}
|
|
|
|
// UpdateClientReq is a request to update an existing client.
|
|
message UpdateClientReq {
|
|
string id = 1;
|
|
repeated string redirect_uris = 2;
|
|
repeated string trusted_peers = 3;
|
|
string name = 4;
|
|
string logo_url = 5;
|
|
}
|
|
|
|
// UpdateClientResp returns the response from updating a client.
|
|
message UpdateClientResp {
|
|
bool not_found = 1;
|
|
}
|
|
|
|
// TODO(ericchiang): expand this.
|
|
|
|
// Password is an email for password mapping managed by the storage.
|
|
message Password {
|
|
string email = 1;
|
|
|
|
// Currently we do not accept plain text passwords. Could be an option in the future.
|
|
bytes hash = 2;
|
|
string username = 3;
|
|
string user_id = 4;
|
|
}
|
|
|
|
// CreatePasswordReq is a request to make a password.
|
|
message CreatePasswordReq {
|
|
Password password = 1;
|
|
}
|
|
|
|
// CreatePasswordResp returns the response from creating a password.
|
|
message CreatePasswordResp {
|
|
bool already_exists = 1;
|
|
}
|
|
|
|
// UpdatePasswordReq is a request to modify an existing password.
|
|
message UpdatePasswordReq {
|
|
// The email used to lookup the password. This field cannot be modified
|
|
string email = 1;
|
|
bytes new_hash = 2;
|
|
string new_username = 3;
|
|
}
|
|
|
|
// UpdatePasswordResp returns the response from modifying an existing password.
|
|
message UpdatePasswordResp {
|
|
bool not_found = 1;
|
|
}
|
|
|
|
// DeletePasswordReq is a request to delete a password.
|
|
message DeletePasswordReq {
|
|
string email = 1;
|
|
}
|
|
|
|
// DeletePasswordResp returns the response from deleting a password.
|
|
message DeletePasswordResp {
|
|
bool not_found = 1;
|
|
}
|
|
|
|
// ListPasswordReq is a request to enumerate passwords.
|
|
message ListPasswordReq {}
|
|
|
|
// ListPasswordResp returns a list of passwords.
|
|
message ListPasswordResp {
|
|
repeated Password passwords = 1;
|
|
}
|
|
|
|
// VersionReq is a request to fetch version info.
|
|
message VersionReq {}
|
|
|
|
// VersionResp holds the version info of components.
|
|
message VersionResp {
|
|
// Semantic version of the server.
|
|
string server = 1;
|
|
// Numeric version of the API. It increases everytime a new call is added to the API.
|
|
// Clients should use this info to determine if the server supports specific features.
|
|
int32 api = 2;
|
|
}
|
|
|
|
// RefreshTokenRef contains the metadata for a refresh token that is managed by the storage.
|
|
message RefreshTokenRef {
|
|
// ID of the refresh token.
|
|
string id = 1;
|
|
string client_id = 2;
|
|
int64 created_at = 5;
|
|
int64 last_used = 6;
|
|
}
|
|
|
|
// ListRefreshReq is a request to enumerate the refresh tokens of a user.
|
|
message ListRefreshReq {
|
|
// The "sub" claim returned in the ID Token.
|
|
string user_id = 1;
|
|
}
|
|
|
|
// ListRefreshResp returns a list of refresh tokens for a user.
|
|
message ListRefreshResp {
|
|
repeated RefreshTokenRef refresh_tokens = 1;
|
|
}
|
|
|
|
// RevokeRefreshReq is a request to revoke the refresh token of the user-client pair.
|
|
message RevokeRefreshReq {
|
|
// The "sub" claim returned in the ID Token.
|
|
string user_id = 1;
|
|
string client_id = 2;
|
|
}
|
|
|
|
// RevokeRefreshResp determines if the refresh token is revoked successfully.
|
|
message RevokeRefreshResp {
|
|
// Set to true is refresh token was not found and token could not be revoked.
|
|
bool not_found = 1;
|
|
}
|
|
|
|
message VerifyPasswordReq {
|
|
string email = 1;
|
|
string password = 2;
|
|
}
|
|
|
|
message VerifyPasswordResp {
|
|
bool verified = 1;
|
|
bool not_found = 2;
|
|
}
|
|
|
|
// Dex represents the dex gRPC service.
|
|
service Dex {
|
|
// CreateClient creates a client.
|
|
rpc CreateClient(CreateClientReq) returns (CreateClientResp) {};
|
|
// UpdateClient updates an existing client
|
|
rpc UpdateClient(UpdateClientReq) returns (UpdateClientResp) {};
|
|
// DeleteClient deletes the provided client.
|
|
rpc DeleteClient(DeleteClientReq) returns (DeleteClientResp) {};
|
|
// CreatePassword creates a password.
|
|
rpc CreatePassword(CreatePasswordReq) returns (CreatePasswordResp) {};
|
|
// UpdatePassword modifies existing password.
|
|
rpc UpdatePassword(UpdatePasswordReq) returns (UpdatePasswordResp) {};
|
|
// DeletePassword deletes the password.
|
|
rpc DeletePassword(DeletePasswordReq) returns (DeletePasswordResp) {};
|
|
// ListPassword lists all password entries.
|
|
rpc ListPasswords(ListPasswordReq) returns (ListPasswordResp) {};
|
|
// GetVersion returns version information of the server.
|
|
rpc GetVersion(VersionReq) returns (VersionResp) {};
|
|
// ListRefresh lists all the refresh token entries for a particular user.
|
|
rpc ListRefresh(ListRefreshReq) returns (ListRefreshResp) {};
|
|
// RevokeRefresh revokes the refresh token for the provided user-client pair.
|
|
//
|
|
// Note that each user-client pair can have only one refresh token at a time.
|
|
rpc RevokeRefresh(RevokeRefreshReq) returns (RevokeRefreshResp) {};
|
|
// VerifyPassword returns whether a password matches a hash for a specific email or not.
|
|
rpc VerifyPassword(VerifyPasswordReq) returns (VerifyPasswordResp) {};
|
|
}
|