-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathidp_token.proto
75 lines (63 loc) · 1.73 KB
/
idp_token.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
/*
Copyright © 2024 Acronis International GmbH.
Released under MIT license.
*/
syntax = "proto3";
package idp_token;
option go_package = "./pb";
service IDPTokenService {
// CreateToken creates a new token based on the provided assertion.
// Currently only "urn:ietf:params:oauth:grant-type:jwt-bearer" grant type is supported.
rpc CreateToken (CreateTokenRequest) returns (CreateTokenResponse);
// IntrospectToken returns information about the token including its scopes.
// The token is considered active if
// 1) it's not expired;
// 2) it's not revoked;
// 3) it has a valid signature.
rpc IntrospectToken (IntrospectTokenRequest) returns (IntrospectTokenResponse);
}
message CreateTokenRequest {
reserved 5 to 50;
reserved 3;
string grant_type = 1; // example: urn:ietf:params:oauth:grant-type:jwt-bearer
string assertion = 2;
bool not_required_introspection = 4;
}
message CreateTokenResponse {
reserved 4 to 50;
string access_token = 1;
string token_type = 2;
int64 expires_in = 3;
}
message IntrospectionScopeFilter {
reserved 2 to 50;
string resource_namespace = 1;
}
message IntrospectTokenRequest {
reserved 3 to 50;
string token = 1;
repeated IntrospectionScopeFilter scope_filter = 2;
}
message AccessTokenScope {
reserved 7 to 50;
string tenant_uuid = 1;
int64 tenant_int_id = 2;
string resource_server = 3;
string resource_namespace = 4;
string resource_path = 5;
string role_name = 6;
}
message IntrospectTokenResponse {
reserved 14 to 100;
reserved 8, 9, 10;
bool active = 1;
string token_type = 2;
int64 exp = 3;
repeated string aud = 4;
string jti = 5;
string iss = 6;
string sub = 7;
repeated AccessTokenScope scope = 11;
int64 nbf = 12;
int64 iat = 13;
}