package identity.auth
Get desktop application:
View/edit binary Protocol Buffers messages
RPCs from a client (iOS, Android, or web) to identity service This service will assert authenticity of a device by verifying the access token through an interceptor, thus avoiding the need to explicitly pass the credentials on every request
Replenish one-time preKeys
message
identity_auth.proto:130As OPKs get exhausted, they need to be refreshed
repeated string content_one_time_prekeys = 1
repeated string notif_one_time_prekeys = 2
Rotate a device's prekey and prekey signature Rotated for deniability of older messages
message
identity_auth.proto:138optional new_content_prekey = 1
optional new_notif_prekey = 2
Called by clients to get all device keys associated with a user in order to open a new channel of communication on any of their devices. Specially, this will return the following per device: - Identity keys (both Content and Notif Keys) - Prekey (including prekey signature) - One-time Prekey
message
identity_auth.proto:164map<string, > devices = 1
Map is keyed on devices' public ed25519 key used for signing
Called by receivers of a communication request. The reponse will return identity keys (both content and notif keys) and related prekeys per device, but will not contain one-time keys. Additionally, the response will contain the other user's username.
message
identity_auth.proto:190string user_id = 1
message
identity_auth.proto:184map<string, > devices = 1
Map is keyed on devices' public ed25519 key used for signing
optional identity = 2
Called by clients to get required keys for opening a connection to a user's keyserver
message
identity_auth.proto:152optional keyserver_info = 1
optional identity = 2
Called by user to update password
message
identity_auth.proto:196bytes opaque_registration_request = 1
Initiate PAKE registration with new password
bytes opaque_login_request = 2
Initiate PAKE login with old password
message
identity_auth.proto:212string session_id = 1
Identifier used to correlate start request with finish request
bytes opaque_registration_response = 2
Continue PAKE registration on server with new password
bytes opaque_login_response = 3
Continue PAKE login on server with old password
message
identity_auth.proto:203string session_id = 1
Identifier used to correlate start and finish request
bytes opaque_registration_upload = 2
Complete PAKE registration with new password
bytes opaque_login_upload = 3
Complete PAKE login with old password
rpc LogOutUser (, )
identity_auth.proto:52Called by user to log out (clears device's keys and access token)
Called by a ssecondary device to log out (clear its keys and access token)
Called by a primary device to log out (clear all devices' keys and tokens)
message
identity_auth.proto:223string signed_device_list = 1
A stringified JSON object of the following format: { "rawDeviceList": JSON.stringify({ "devices": [<primary_device_id: string>] "timestamp": <UTC timestamp in milliseconds: int>, }), "curPrimarySignature": "base64-encoded primary device signature" } When the primary device logs out, it removes all secondary devices from the device list, and sends up a new singleton device list consisting of just itself.
Called by a user to delete their own account
message
identity_auth.proto:241First user must log in
bytes opaque_login_request = 1
Message sent to initiate PAKE login
message
identity_auth.proto:253string session_id = 1
Identifier used to correlate requests in the same workflow
bytes opaque_login_response = 2
message
identity_auth.proto:247If login is successful, the user's account will be deleted
string session_id = 1
Identifier used to correlate requests in the same workflow
bytes opaque_login_upload = 2
Called by Comm staff to delete user accounts. Usage is strictly limited to accounts flagged for violating terms of service.
message
identity_auth.proto:261repeated string user_ids = 1
Called by Comm staff to reset user passwords. Usage is strictly limited to accounts that have requested a password reset.
message
identity_auth.proto:267bytes opaque_registration_request = 1
Initiate PAKE registration with new password
string username = 2
bool skip_password_reset = 3
when true, user is reset to unsigned device list without password change
message
identity_auth.proto:275string session_id = 1
Identifier used to correlate start request with finish request
bytes opaque_registration_response = 2
Continue PAKE registration on server with new password
message
identity_auth.proto:282string session_id = 1
Identifier used to correlate start and finish request
bytes opaque_registration_upload = 2
Complete PAKE registration with new password
Returns device list history
message
identity_auth.proto:291string user_id = 1
User whose device lists we want to retrieve
optional int64 since_timestamp = 2
UTC timestamp in milliseconds If none, whole device list history will be retrieved
message
identity_auth.proto:299repeated string device_list_updates = 1
A list of stringified JSON objects of the following format: { "rawDeviceList": JSON.stringify({ "devices": [<device_id: string>, ...] "timestamp": <UTC timestamp in milliseconds: int>, }) }
Returns current device list for a set of users
message
identity_auth.proto:326repeated string user_ids = 1
message
identity_auth.proto:330map<string, string> users_device_lists = 1
keys are user_id values are JSON-stringified device list payloads (see GetDeviceListResponse message for payload structure)
map<string, > users_devices_platform_details = 2
keys are user IDs
message
identity_auth.proto:342string new_device_list = 1
A stringified JSON object of the following format: { "rawDeviceList": JSON.stringify({ "devices": [<device_id: string>, ...] "timestamp": <UTC timestamp in milliseconds: int>, }) }
Called by an existing user to link their Farcaster account
message
identity_auth.proto:355string farcaster_id = 1
Called by an existing user to unlink their Farcaster account
message
identity_auth.proto:361repeated string user_ids = 1
user IDs for which we want to get the identity
message
identity_auth.proto:366map<string, > identities = 1
map<string, string> reserved_user_identifiers = 2
reserved usernames or wallet addresses
Updates current device PlatformDetails stored on Identity Service. It doesn't require any input - all values are passed via request metadata.
message
identity_auth.proto:114Used in:
string wallet_address = 1
string siwe_message = 2
string siwe_signature = 3
message
identity_auth.proto:120Used in: , ,
string username = 1
this is wallet address for Ethereum users
optional eth_identity = 2
optional string farcaster_id = 3
message
identity_auth.proto:178Used in:
optional identity_info = 1
optional content_prekey = 2
optional notif_prekey = 3
message
identity_auth.proto:144Information needed when establishing communication to someone else's device
Used in: ,
optional identity_info = 1
optional content_prekey = 2
optional notif_prekey = 3
optional string one_time_content_prekey = 4
optional string one_time_notif_prekey = 5
message
identity_auth.proto:172Information needed by a device to establish communcation when responding to a request. The device receiving a request only needs the content key and prekey.
Used as request type in: IdentityClientService.GetKeyserverKeys, IdentityClientService.GetOutboundKeysForUser
string user_id = 1
message
identity_auth.proto:313platform details for single device
Used in:
unauth.DeviceType device_type = 1
uint64 code_version = 2
optional uint64 state_version = 3
optional uint64 major_desktop_version = 4
message
identity_auth.proto:321platform details for user's devices
Used in:
map<string, > devices_platform_details = 1
keys are device IDs