package jsso
Get desktop application:
View/edit binary Protocol Buffers messages
service Enrollment
jsso.proto:46Service Enrollment manages the WebAuthn enrollment ceremony.
rpc Finish (, )
jsso.proto:49message
jsso.proto:95optional credential = 1
string name = 2
message
jsso.proto:100string login_url = 1
rpc Start (, )
jsso.proto:47message
jsso.proto:87(message has no fields)
message
jsso.proto:90optional user = 1
optional credential_creation_options = 2
service Login
jsso.proto:38Service Login manages the WebAuthn login ceremony.
rpc Finish (, )
jsso.proto:41message
jsso.proto:78optional credential = 1
string error = 2
string redirect_token = 3
message
jsso.proto:83string redirect_url = 1
rpc Start (, )
jsso.proto:39message
jsso.proto:70string username = 1
message
jsso.proto:73optional credential_request_options = 1
string token = 2
service Session
jsso.proto:25Service session manages sessions.
rpc AuthorizeHTTP (, )
jsso.proto:33AuthorizeHTTP authorizes an incoming HTTP request, returning a request-scoped bearer token to authenticate the request to upstream systems. A "deny" authorization decision will not be transmitted as a gRPC error; a gRPC error like PermissionDenied means that the caller is not authorized to call AuthorizeHTTP, not that the HTTP request is unauthorized. (Corollary: an OK response code does not mean the request is authorized.)
message
jsso.proto:112AuthorizeHTTPRequest is a request from an authenticating proxy to authorize one HTTP request.
string request_method = 1
The method of this request.
string request_uri = 2
The URI that this request is attempting to access.
string request_id = 3
The x-request-id header for this request.
repeated string authorization_headers = 4
The value of the "Authorization" HTTP header.
repeated string cookies = 5
Any cookies included with this request.
string ip_address = 6
The IP address of the user making this request.
message
jsso.proto:162AuthorizeHTTPReply contains the authorization decision.
oneof decision
allow = 1
deny = 2
service User
jsso.proto:9Service User manages user accounts.
rpc Edit (, )
jsso.proto:11Edit adds a new user if the ID is 0, or updates an existing user.
message
jsso.proto:53optional user = 1
message
jsso.proto:57optional user = 1
rpc GenerateEnrollmentLink (, )
jsso.proto:14GenerateEnrollmentLink generates an enrollment token for the user.
message
jsso.proto:61optional target = 1
message
jsso.proto:65string url = 1
string token = 2
rpc WhoAmI (, )
jsso.proto:20WhoAmI returns the user object associated with the current session. When called without a session, a null current user is returned rather than an error.
message
jsso.proto:104(message has no fields)
message
jsso.proto:106optional user = 1
message
jsso.proto:128Allow allows a request through the proxy.
Used in:
string username = 1
repeated string groups = 2
string bearer_token = 3
A signed and encrypted token allowing the upstream application to authorize this request without contacting an external system. It is scoped to this request and has a short duration, so capturing this token only provides limited authenticated access. This token is included here for non-proxying API clients; the actual authorization header to pass upstream is included in add_headers or append_headers fields below.
repeated add_headers = 4
Headers to replace when sending the request upstream. If Authorization or Cookie are unset, they should be cleared.
message
jsso.proto:146Deny denies a request through the proxy. An HTTP response can be included to inform the end-user as to what went wrong. (More likely, it will be a temporary redirect to a login page.)
Used in:
string reason = 1
oneof destination
redirect = 2
response = 3
message
jsso.proto:148Used in:
string redirect_url = 1
message
jsso.proto:151Used in:
string content_type = 1
string body = 2