package mobile.iam.v2

Get desktop application:
View/edit binary Protocol Buffers messages

Authentication is the 'public' facing service that clients use to authenticate a user and provide session tokens.

• rpc Authenticate (AuthenticateRequest, AuthenticateResponse)

  authentication_service.proto:20

  Authenticate authenticates the user using an ID and secret pair. A session token is provided on success that authorizes a user to perform authenticated requests, which should be provided as a header. Clients wishing to get new sessions MUST go through this API call.

  message AuthenticateRequest

  authentication_service.proto:27

  • oneof credentials

    • AuthenticateRequest.UsernameCredentials username_credentials = 1

    • AuthenticateRequest.EmailCredentials email_credentials = 2

  • optional common.v2.ClientInstanceId client_instance_id = 10

  message AuthenticateResponse

  authentication_service.proto:64

  • AuthenticateResponse.Result result = 1

  • optional common.session.v2.SessionToken session_token = 2

    Clients should use this session token in a header to authenticate subsequent requests Set iff Result == OK

  • optional common.v2.AccountId account_id = 3

    Set iff Result == OK

  • optional common.v2.PersonaId genesis_persona = 4

    TODO: THIS IS NOT MEANT FOR RELEASE JUST FOR MILESTONE ONE

• rpc Logout (LogoutRequest, LogoutResponse)

  authentication_service.proto:24

  Logout terminates the user's session by invalidating their session token. This request must be authenticated using the user's current session token.

  message LogoutRequest

  authentication_service.proto:85

  (message has no fields)

  message LogoutResponse

  authentication_service.proto:88

  • LogoutResponse.Result result = 1

Service for handling methods called when attempting to register (i.e. create an account) NOTE: All methods are rate limited NOTE: Providing an Authentication token with any method in this service will be considered an error.

• rpc ValidateForRegister (ValidateForRegisterRequest, ValidateForRegisterResponse)

  registration_service.proto:26

  Validates that the provided username and/or email address can be used for Registration

  message ValidateForRegisterRequest

  registration_service.proto:45

  • optional common.v2.Email email = 1

    email to check uniqueness of. Note: email technically may not be larger than 254 unicode chars for legacy pairity

  • optional common.v2.Username username = 2

    username to check uniqueness of.

  message ValidateForRegisterResponse

  registration_service.proto:58

  • ValidateForRegisterResponse.Result result = 1

    Indicates success or failure of the request overall. NOTE: Other members of this response are valid iff Result == OK

  • repeated ValidateForRegisterResponse.InvalidElement invalid_elements = 2

    Indicate which elements of the associated request are NOT valid for use in registration.

• rpc Register (RegisterRequest, RegisterResponse)

  registration_service.proto:34

  Register a new account. Response may indicate that a verification procedure must be done. If this is the case, some other system must be engaged with values/tokens provided in the RegisterResponse. Once a verification token is acquired from these other systems, the Register request must be re-issued with those verification tokens. TODO: Definition of verification procedures are still outsdanding

  message RegisterRequest

  registration_service.proto:83

  • string first_name = 1

  • string last_name = 2

  • optional common.v2.Username username = 3

  • optional common.v2.Email email = 4

  • optional common.client.v2.DeviceDetails device_details = 5

  • optional common.client.v2.ClientLocale locale = 6

  • optional common.client.v2.ClientVersion version = 7

  • optional google.protobuf.Timestamp birthday = 8

    Declared birthday of user performing the account registration. After translating to a gregorian date, the value of any fields other than Year/Month/Day are ignored.

  • bytes username_passkey = 9

    The username-derived passkey as described in https://github.com/kikinteractive/kik-product/wiki/Passkeys

  • bytes email_passkey = 10

    The email-derived passkey as described in https://github.com/kikinteractive/kik-product/wiki/Passkeys

  message RegisterResponse

  registration_service.proto:136

  • RegisterResponse.Result result = 1

  • repeated RegisterResponse.RequestElement invalid_elements = 2

    Indication of which elements of the request which have failed server validations.

  • repeated RegisterResponse.RequestElement policy_violation_elements = 3

    Indication of which elements of the request have violated server policies (eg: potentially have bad language, etc)

The set of credentials when a user logs in user their email address

Used in: AuthenticateRequest

• optional common.v2.Email email = 1

• bytes passkey = 2

  The email-derived passkey as described in https://github.com/kikinteractive/kik-product/wiki/Passkeys

The set of credentials when a user logs in using their username

Used in: AuthenticateRequest

• optional common.v2.Username username = 1

• bytes passkey = 2

  The username-derived passkey as described in https://github.com/kikinteractive/kik-product/wiki/Passkeys

Used in: AuthenticateResponse

• OK = 0

• FAILED = 1

Used in: LogoutResponse

• OK = 0

Used in: RegisterResponse

• OTHER = 0

• FIRST_NAME = 1

• LAST_NAME = 2

• FULL_NAME = 3

  Note: FULL_NAME indicates the violation was found when checking both names together sparated by a single space.

• USERNAME = 4

• EMAIL = 5

• DEVICE_ID = 6

• LOCALE = 7

• VERSION = 8

• BIRTHDAY = 9

  Note: BIRTHDAY should only be considered a validation issue if it is somehow *missing*. *DO NOT* use this to indicate that the user submission is UNDERAGE. In such cases we instead return an ERROR_NOT_ACCEPTABLE Result code.

• USERNAME_PASSKEY = 10

• EMAIL_PASSKEY = 11

Used in: RegisterResponse

• OK = 0

  Success - account has been created with provided details.

• VERIFICATION_REQUIRED = 1

  Some form of additional verification has been requested. (such as a captcha challenge) Details of the verification (will be) available in this response, and the request is expected to be re-submitted with challenge response, or whatever details are needed for the verification flow. TODO: Verification request details are to be included in this response.

• ERROR_VERIFICATION_FAILED = 2

  Verification details in request were not acceptable. This indicates that the verification challenge response was invalid or not accepted. New verification details (will be) available in this response so that the user may answer the verification challenge and re-submit the request with new answers to the new verification details.

• ERROR_NOT_ACCEPTABLE = 3

  General failure code; intentionally no explanatory details provided. eg: Rate limit applied to requesting IP eg: Attempted to register QA or system-test user pattern, but not authorized to do so. eg: Birthday field indicates user has not met age requirements.

• ERROR_VALIDATION_FAILED = 4

  Validation of provided details has failed, and/or policy checking indicates a violation. - see 'invalid_elements' in this response for which request fields had validation problems. - see 'policy_violation_elements' in this response for which request fields had policy violations.

• ERROR_ALREADY_REGISTERED = 5

  Username or email address already has an associated account. see invalid_elements for which field(s) (email/username) are already in use.

Used in: ValidateForRegisterResponse

• EMAIL = 0

• USERNAME = 1

Used in: ValidateForRegisterResponse

• OK = 0

  All provided request elements have been verified as unique

• FAILED = 1

  One or more provided request elements have been determined to be NOT acceptable for registration. Problematic request elements are indicated in invalid_elements response field.

• MISSING_INPUT = 2

  No input values were provided.