package cs3.auth.provider.v1beta1

Get desktop application:
View/edit binary Protocol Buffers messages

Auth Provider API The Auth Provider API is meant to authenticate a client. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. The following are global requirements that apply to all methods: Any method MUST return CODE_OK on a succesful operation. Any method MAY return NOT_IMPLEMENTED. Any method MAY return INTERNAL. Any method MAY return UNKNOWN. Any method MAY return UNAUTHENTICATED.

rpc Authenticate (AuthenticateRequest, AuthenticateResponse)
provider_api.proto:53
Authenticate authenticates a client.
message AuthenticateRequest
provider_api.proto:56
- optional types.v1beta1.Opaque opaque = 1
  OPTIONAL. Opaque information.
- string client_id = 2
  OPTIONAL. The id of the client. For basic authentication with username and password both client_id and client_secret are expected to be filled. However, for example, for OIDC only a token is necessary.
- string client_secret = 3
  OPTIONAL. The secret of the client.
message AuthenticateResponse
provider_api.proto:71
- optional rpc.v1beta1.Status status = 1
  REQUIRED. The response status.
- optional identity.user.v1beta1.User user = 2
  REQUIRED. The authenticated user.
- map<string, Scope> token_scope = 3
  REQUIRED. The scope of the token to be issued. This would be a list of resources with corresponding role-based access scope.

The role associated with the scope.

Used in: Scope

ROLE_INVALID = 0
Used for invalid roles
ROLE_OWNER = 1
Grants owner permissions on a resource
ROLE_LEGACY = 2
Provides backwards compatibility
ROLE_VIEWER = 3
Grants non-editor role on a resource
ROLE_EDITOR = 4
Grants editor permission on a resource, including folders
ROLE_FILE_EDITOR = 5
Grants editor permission on a single file
ROLE_COOWNER = 6
Grants co-owner permissions on a resource
ROLE_UPLOADER = 7
Role with only write permission can use InitiateFileUpload, nothing else

Scope defines role-based permissions for various resources.

Used in: applications.v1beta1.AppPassword, applications.v1beta1.GenerateAppPasswordRequest, AuthenticateResponse

optional types.v1beta1.OpaqueEntry resource = 1
REQUIRED. The resource embedded in the request of a particular method. It depends on the method, hence is left as opaque.
Role role = 2
REQUIRED. The role associated with the resource.

package cs3.auth.provider.v1beta1

service ProviderAPI

rpc Authenticate (AuthenticateRequest, AuthenticateResponse)

message AuthenticateRequest

optional types.v1beta1.Opaque opaque = 1

string client_id = 2

string client_secret = 3

message AuthenticateResponse

optional rpc.v1beta1.Status status = 1

optional identity.user.v1beta1.User user = 2

map<string, Scope> token_scope = 3

enum Role

ROLE_INVALID = 0

ROLE_OWNER = 1

ROLE_LEGACY = 2

ROLE_VIEWER = 3

ROLE_EDITOR = 4

ROLE_FILE_EDITOR = 5

ROLE_COOWNER = 6

ROLE_UPLOADER = 7

message Scope

optional types.v1beta1.OpaqueEntry resource = 1

Role role = 2