fidentapi.proto

syntax = "proto3";

package fidentapi;

service Auth {
  // Pre-authentication methods
  rpc GetAuthenticationChallenge(AuthChallengeRequest) returns (AuthChallengeResponse) {};
  rpc PerformAuthentication(PerformAuthRequest) returns (AuthResponse) {};

  // Account generation / management
  rpc GetNewAuthenticationKey(AuthKeyRequest) returns (AuthKeyResponse) {};
  rpc CreateServiceAccount(ServiceRegistrationRequest) returns (ServiceRegistrationResponse) {};
  rpc CreateUserAccount(CreateUserAccountRequest) returns (CreateUserAccountResponse) {};

  // Identity queries
  rpc GetLastLoginTimestamps(LoginTimestampRequest) returns (LoginTimestampResponse) {};
  rpc GetAccountDetails(AccountDetailRequest) returns (AccountDetailResponse) {};
  rpc GetAllIdentityIDs(IdentityIDsRequest) returns (IdentityIDsResponse) {};

  // Management API permission management
  rpc GetManagementPermissionsForIdentityIDs(GetManagementPermissionsRequest) returns (ManagementPermissionsResponse) {};
  rpc AddManagementPermissionToIdentityIDs(AddManagementPermissionRequest) returns (AddManagementPermissionReponse) {};
  rpc RemoveManagementPermissionFromIdentityIDs(RemoveManagementPermissionRequest) returns (RemoveManagementPermissionReponse) {};
}

message ServiceRegistrationResponse {
  string identity_id = 1;
  string service_key = 2;
}

message ServiceRegistrationRequest {
  string service_name = 1;
  string service_vendor = 2;
  string support_email = 3;
}

message AuthResponse {
  string token = 1;
}

message AuthChallengeResponse {
  string challenge = 1;
}

message AuthChallengeRequest {
  string identity_id = 1;
  string project_id = 2;
}

message PerformAuthRequest {
  string identity_id = 1;
  string key_handle = 2;
  string project_id = 3;
  string challenge_response = 4;
}

message AuthKeyRequest {
  string username = 1;
  string password = 2;
  string usage_description = 3;
}

message AuthKeyResponse {
  string username = 1;
  string identity_id = 2;
  string private_key = 3;
  string key_handle = 4;
}

message LoginTimestampResponse {
  map<string, int64> results = 1;
}

message LoginTimestampRequest {
  repeated string identity_id = 1;
}

message IdentityIDsResponse {
  repeated string identity_id = 1;
}

message IdentityIDsRequest {}

message AccountAttribute{
  string key = 1;
  string value = 2;
}

message AccountDetail {
  string identity_id = 1;
  string username = 2;
  repeated AccountAttribute attributes = 3;
  int64 created = 4;
}

message AccountDetailResponse {
  repeated AccountDetail results = 1;
}

message AccountDetailRequest {
  repeated string identity_id = 1;
}

message GetManagementPermissionsRequest {
  repeated string identity_id = 1;
}

message ManagementPermissionResponse {
  string identity_id = 1;
  repeated string permissions = 2;
}

message ManagementPermissionsResponse {
  repeated ManagementPermissionResponse results = 1;
}

message AddManagementPermissionReponse {}

message AddManagementPermissionRequest {
  repeated string identity_id = 1;
  string permission = 2;
}

message RemoveManagementPermissionReponse {}

message RemoveManagementPermissionRequest {
  repeated string identity_id = 1;
  string permission = 2;
}

message Cookie {
  string name = 1;
  string value = 2;
  string domain = 3;
  int64 expires_epoch = 4;
  bool secure = 5;
  bool http_only = 6;
}

message CreateUserAccountRequest {
  string email_address = 1;
  bool   issue_temporary_token = 2;
}

message CreateUserAccountResponse {
  string identity_id = 1;
  Cookie temporary_token = 2;
}