forked from mainflux/mainflux
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.proto
169 lines (145 loc) · 4.22 KB
/
auth.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0
syntax = "proto3";
package mainflux;
option go_package = "./mainflux";
// AuthzService is a service that provides authentication and authorization
// functionalities for the things service.
service AuthzService {
// Authorize checks if the subject is authorized to perform
// the action on the object.
rpc Authorize(AuthorizeReq) returns (AuthorizeRes) {}
}
// AuthService is a service that provides authentication and authorization
// functionalities for the users service.
service AuthService {
rpc Issue(IssueReq) returns (Token) {}
rpc Login(LoginReq) returns (Token) {}
rpc Refresh(RefreshReq) returns (Token) {}
rpc Identify(IdentityReq) returns (IdentityRes) {}
rpc Authorize(AuthorizeReq) returns (AuthorizeRes) {}
rpc AddPolicy(AddPolicyReq) returns (AddPolicyRes) {}
rpc DeletePolicy(DeletePolicyReq) returns (DeletePolicyRes) {}
rpc ListObjects(ListObjectsReq) returns (ListObjectsRes) {}
rpc ListAllObjects(ListObjectsReq) returns (ListObjectsRes) {}
rpc CountObjects(CountObjectsReq) returns (CountObjectsRes) {}
rpc ListSubjects(ListSubjectsReq) returns (ListSubjectsRes) {}
rpc ListAllSubjects(ListSubjectsReq) returns (ListSubjectsRes) {}
rpc CountSubjects(CountSubjectsReq) returns (CountSubjectsRes) {}
}
// If a token is not carrying any information itself, the type
// field can be used to determine how to validate the token.
// Also, different tokens can be encoded in different ways.
message Token {
string accessToken = 1;
optional string refreshToken = 2;
string accessType = 3;
}
message IdentityReq {
string token = 1;
}
message IdentityRes {
string id = 1;
}
message IssueReq {
string id = 1;
uint32 type = 3;
}
message LoginReq {
string id = 1;
string domain = 3;
}
message RefreshReq { string value = 1; }
message AuthorizeReq {
string namespace = 1; // Namespace = Domain
string subject_type = 2; // Thing or User
string subject_kind = 3; // ID or Token
string subject_relation = 4; // Subject relation
string subject = 5; // Subject value (id or token, depending on kind)
string relation = 6; // Relation to filter
string permission = 7; // Action
string object = 8; // Object ID
string object_type = 9; // Thing, User, Group
}
message AuthorizeRes {
bool authorized = 1;
string id = 2;
}
message AddPolicyReq {
string namespace = 1;
string subject_type = 2;
string subject_relation = 3;
string subject = 4;
string relation = 5;
string permission = 6;
string object = 7;
string object_type = 8;
}
message AddPolicyRes { bool authorized = 1; }
message DeletePolicyReq {
string namespace = 1;
string subject_type = 2;
string subject_relation = 3;
string subject = 4;
string relation = 5;
string permission = 6;
string object = 7;
string object_type = 8;
}
message DeletePolicyRes { bool deleted = 1; }
message ListObjectsReq {
string namespace = 1;
string subject_type = 2;
string subject_relation = 3;
string subject = 4;
string relation = 5;
string permission = 6;
string object = 7;
string object_type = 8;
string nextPageToken = 9;
int32 limit = 10;
}
message ListObjectsRes {
repeated string policies = 1;
string nextPageToken = 2;
}
message CountObjectsReq {
string namespace = 1;
string subject_type = 2;
string subject_relation = 3;
string subject = 4;
string relation = 5;
string permission = 6;
string object = 7;
string object_type = 8;
string nextPageToken = 9;
}
message CountObjectsRes { int64 count = 1; }
message ListSubjectsReq {
string namespace = 1;
string subject_type = 2;
string subject_relation = 3;
string subject = 4;
string relation = 5;
string permission = 6;
string object = 7;
string object_type = 8;
string nextPageToken = 9;
int32 limit = 10;
}
message ListSubjectsRes {
repeated string policies = 1;
string nextPageToken = 2;
}
message CountSubjectsReq {
string namespace = 1;
string subject_type = 2;
string subject_relation = 3;
string subject = 4;
string relation = 5;
string permission = 6;
string object = 7;
string object_type = 8;
string nextPageToken = 9;
}
message CountSubjectsRes { int64 count = 1; }