package powerman.example.auth

Get desktop application:
View/edit binary Protocol Buffers messages

Private API, require authentication.

• rpc CheckAccessToken (CheckAccessTokenRequest, CheckAccessTokenResponse)

  service_int.proto:15

  Returns identity tied to access_token.

  message CheckAccessTokenRequest

  service_int.proto:19

  Request.

  (message has no fields)

  message CheckAccessTokenResponse

  service_int.proto:22

  Response.

  • optional User user = 1

    Identity tied to access_token.

Public API, require authentication.

• rpc SignoutIdentity (SignoutIdentityRequest, SignoutIdentityResponse)

  service.proto:46

  Logout. Invalidates either current or all user's access_token. (-- api-linter: core::0136::verb-noun=disabled --)

  message SignoutIdentityRequest

  service.proto:95

  Request.

  • bool everywhere = 1

    Set to true to invalidate all user's access_token.

  message SignoutIdentityResponse

  service.proto:101

  Response.

  (message has no fields)

Public API, do not require authentication.

• rpc CreateAccount (CreateAccountRequest, Account)

  service.proto:24

  Registers new user account. User can provide optional account_id (username). These fields will be ignored in input and set automatically: account.name, account.user.name, account.user.access. If account_id=="admin" then user's role will be set to ROLE_ADMIN. XXX No email validation.

  message CreateAccountRequest

  service.proto:53

  Request.

  • optional Account account = 1

    The account to create.

  • string account_id = 2

    The ID to use for the account. This value should be 4-63 characters [a-z0-9-].

• rpc SigninIdentity (SigninIdentityRequest, SigninIdentityResponse)

  service.proto:33

  Authenticates user by different credentials. Creates and returns access_token. Also returns user's account details for convenience.

  message SigninIdentityRequest

  service.proto:62

  Request.

  • oneof auth

    Different ways to authenticate.

    • SigninIdentityRequest.AccountAuth account = 1

      By username.

    • SigninIdentityRequest.EmailAuth email = 2

      By email.

  message SigninIdentityResponse

  service.proto:87

  Response.

  • string access_token = 1

    Opaque.

  • optional User user = 2

    User/Access details.

Access describes identity's permissions.

Used in: User

• Access.Role role = 1

  User's role.

Possible roles for a user. New values may be added in the future.

Used in: Access

• ROLE_UNSPECIFIED = 0

  Default value. This value is unused.

• ROLE_ADMIN = 1

  Full access to everything.

• ROLE_USER = 2

  Full access only to user's own data. Read-only access to user's Access.

Account contains data needed for authentication.

Used as response type in: NoAuthSvc.CreateAccount

Used as field type in: CreateAccountRequest

• string name = 1

  Format: "accounts/{account_id}".

• optional User user = 2

  Default identity connected to the account.

• string password = 16

  Must be strong enough.

• string email = 3

  Primary email, needed to reset password.

• optional google.protobuf.Timestamp create_time = 15

  Account create time. Output only.

Authentication using username and password.

Used in: SigninIdentityRequest

• string account_id = 1

  This value should be 4-63 characters [a-z0-9-].

• string password = 2

  Any value.

Authentication user email and password.

Used in: SigninIdentityRequest

• string email = 1

  This value should contain [@].

• string password = 2

  Any value.

User is an identity tied to Account.

Used in: Account, CheckAccessTokenResponse, SigninIdentityResponse

• string name = 1

  Format: "users/{user_uid}".

• string display_name = 2

  By default set to {account_id}.

• optional Access access = 3

  Permissions.