authzunsafev1alpha

package
v0.0.0-...-9fa10a5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 29, 2024 License: Apache-2.0 Imports: 12 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	SignaturesService_SignClaims_FullMethodName          = "/blocky.authz.unsafe.v1alpha.SignaturesService/SignClaims"
	SignaturesService_IntrospectSignature_FullMethodName = "/blocky.authz.unsafe.v1alpha.SignaturesService/IntrospectSignature"
)
View Source 
const (
	TokensService_IssueIDToken_FullMethodName       = "/blocky.authz.unsafe.v1alpha.TokensService/IssueIDToken"
	TokensService_IssueToken_FullMethodName         = "/blocky.authz.unsafe.v1alpha.TokensService/IssueToken"
	TokensService_RefreshToken_FullMethodName       = "/blocky.authz.unsafe.v1alpha.TokensService/RefreshToken"
	TokensService_RevokeRefreshToken_FullMethodName = "/blocky.authz.unsafe.v1alpha.TokensService/RevokeRefreshToken"
	TokensService_IntrospectToken_FullMethodName    = "/blocky.authz.unsafe.v1alpha.TokensService/IntrospectToken"
)
View Source 
const (
	ClientService_ShowClientCredentials_FullMethodName = "/blocky.authz.unsafe.v1alpha.ClientService/ShowClientCredentials"
)

Variables

View Source 
var ClientService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "blocky.authz.unsafe.v1alpha.ClientService",
	HandlerType: (*ClientServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "ShowClientCredentials",
			Handler:    _ClientService_ShowClientCredentials_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "blocky/authz/unsafe/v1alpha/client.proto",
}

ClientService_ServiceDesc is the grpc.ServiceDesc for ClientService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_blocky_authz_unsafe_v1alpha_client_proto protoreflect.FileDescriptor
View Source 
var File_blocky_authz_unsafe_v1alpha_signature_proto protoreflect.FileDescriptor
View Source 
var File_blocky_authz_unsafe_v1alpha_token_proto protoreflect.FileDescriptor
View Source 
var SignaturesService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "blocky.authz.unsafe.v1alpha.SignaturesService",
	HandlerType: (*SignaturesServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "SignClaims",
			Handler:    _SignaturesService_SignClaims_Handler,
		},
		{
			MethodName: "IntrospectSignature",
			Handler:    _SignaturesService_IntrospectSignature_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "blocky/authz/unsafe/v1alpha/signature.proto",
}

SignaturesService_ServiceDesc is the grpc.ServiceDesc for SignaturesService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var TokensService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "blocky.authz.unsafe.v1alpha.TokensService",
	HandlerType: (*TokensServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "IssueIDToken",
			Handler:    _TokensService_IssueIDToken_Handler,
		},
		{
			MethodName: "IssueToken",
			Handler:    _TokensService_IssueToken_Handler,
		},
		{
			MethodName: "RefreshToken",
			Handler:    _TokensService_RefreshToken_Handler,
		},
		{
			MethodName: "RevokeRefreshToken",
			Handler:    _TokensService_RevokeRefreshToken_Handler,
		},
		{
			MethodName: "IntrospectToken",
			Handler:    _TokensService_IntrospectToken_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "blocky/authz/unsafe/v1alpha/token.proto",
}

TokensService_ServiceDesc is the grpc.ServiceDesc for TokensService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterClientServiceServer 

func RegisterClientServiceServer(s grpc.ServiceRegistrar, srv ClientServiceServer)

func RegisterSignaturesServiceServer 

func RegisterSignaturesServiceServer(s grpc.ServiceRegistrar, srv SignaturesServiceServer)

func RegisterTokensServiceServer 

func RegisterTokensServiceServer(s grpc.ServiceRegistrar, srv TokensServiceServer)

Types

type ClientCredentials 

type ClientCredentials struct {

	// Public client identifier.
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// Client secret used for authentication.
	ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	// contains filtered or unexported fields
}

ClientCredentials represents the client credentials for a client.

func (*ClientCredentials) Descriptor deprecated 

func (*ClientCredentials) Descriptor() ([]byte, []int)

Deprecated: Use ClientCredentials.ProtoReflect.Descriptor instead.

func (*ClientCredentials) GetClientId 

func (x *ClientCredentials) GetClientId() string

func (*ClientCredentials) GetClientSecret 

func (x *ClientCredentials) GetClientSecret() string

func (*ClientCredentials) ProtoMessage 

func (*ClientCredentials) ProtoMessage()

func (*ClientCredentials) ProtoReflect 

func (x *ClientCredentials) ProtoReflect() protoreflect.Message

func (*ClientCredentials) Reset 

func (x *ClientCredentials) Reset()

func (*ClientCredentials) String 

func (x *ClientCredentials) String() string

type ClientServiceClient 

type ClientServiceClient interface {
	// ShowClientCredentials shows the client credentials for a client.
	// It may be used by the unsafe client to obtain the client credentials.
	ShowClientCredentials(ctx context.Context, in *ShowClientCredentialsRequest, opts ...grpc.CallOption) (*ClientCredentials, error)
}

ClientServiceClient is the client API for ClientService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewClientServiceClient 

func NewClientServiceClient(cc grpc.ClientConnInterface) ClientServiceClient

type ClientServiceServer 

type ClientServiceServer interface {
	// ShowClientCredentials shows the client credentials for a client.
	// It may be used by the unsafe client to obtain the client credentials.
	ShowClientCredentials(context.Context, *ShowClientCredentialsRequest) (*ClientCredentials, error)
	// contains filtered or unexported methods
}

ClientServiceServer is the server API for ClientService service. All implementations must embed UnimplementedClientServiceServer for forward compatibility

type IntrospectKeyTypeTokenRequest 

type IntrospectKeyTypeTokenRequest struct {
	KeyTypeId string `protobuf:"bytes,1,opt,name=key_type_id,json=keyTypeId,proto3" json:"key_type_id,omitempty"`
	Token     string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

IntrospectKeyTypeTokenRequest is a request used to introspect a user defined payload.

func (*IntrospectKeyTypeTokenRequest) Descriptor deprecated 

func (*IntrospectKeyTypeTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use IntrospectKeyTypeTokenRequest.ProtoReflect.Descriptor instead.

func (*IntrospectKeyTypeTokenRequest) GetKeyTypeId 

func (x *IntrospectKeyTypeTokenRequest) GetKeyTypeId() string

func (*IntrospectKeyTypeTokenRequest) GetToken 

func (x *IntrospectKeyTypeTokenRequest) GetToken() string

func (*IntrospectKeyTypeTokenRequest) ProtoMessage 

func (*IntrospectKeyTypeTokenRequest) ProtoMessage()

func (*IntrospectKeyTypeTokenRequest) ProtoReflect 

func (x *IntrospectKeyTypeTokenRequest) ProtoReflect() protoreflect.Message

func (*IntrospectKeyTypeTokenRequest) Reset 

func (x *IntrospectKeyTypeTokenRequest) Reset()

func (*IntrospectKeyTypeTokenRequest) String 

func (x *IntrospectKeyTypeTokenRequest) String() string

type IntrospectKeyTypeTokenResponse 

type IntrospectKeyTypeTokenResponse struct {
	TokenId     string `protobuf:"bytes,1,opt,name=token_id,json=tokenId,proto3" json:"token_id,omitempty"`
	JsonPayload []byte `protobuf:"bytes,2,opt,name=json_payload,json=jsonPayload,proto3" json:"json_payload,omitempty"`
	Active      bool   `protobuf:"varint,3,opt,name=active,proto3" json:"active,omitempty"`
	ExpiresAt   int64  `protobuf:"varint,4,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	IssuedAt    int64  `protobuf:"varint,5,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
	Issuer      string `protobuf:"bytes,6,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// contains filtered or unexported fields
}

IntrospectKeyTypeTokenResponse is a response used to introspect a user defined payload.

func (*IntrospectKeyTypeTokenResponse) Descriptor deprecated 

func (*IntrospectKeyTypeTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use IntrospectKeyTypeTokenResponse.ProtoReflect.Descriptor instead.

func (*IntrospectKeyTypeTokenResponse) GetActive 

func (x *IntrospectKeyTypeTokenResponse) GetActive() bool

func (*IntrospectKeyTypeTokenResponse) GetExpiresAt 

func (x *IntrospectKeyTypeTokenResponse) GetExpiresAt() int64

func (*IntrospectKeyTypeTokenResponse) GetIssuedAt 

func (x *IntrospectKeyTypeTokenResponse) GetIssuedAt() int64

func (*IntrospectKeyTypeTokenResponse) GetIssuer 

func (x *IntrospectKeyTypeTokenResponse) GetIssuer() string

func (*IntrospectKeyTypeTokenResponse) GetJsonPayload 

func (x *IntrospectKeyTypeTokenResponse) GetJsonPayload() []byte

func (*IntrospectKeyTypeTokenResponse) GetTokenId 

func (x *IntrospectKeyTypeTokenResponse) GetTokenId() string

func (*IntrospectKeyTypeTokenResponse) ProtoMessage 

func (*IntrospectKeyTypeTokenResponse) ProtoMessage()

func (*IntrospectKeyTypeTokenResponse) ProtoReflect 

func (x *IntrospectKeyTypeTokenResponse) ProtoReflect() protoreflect.Message

func (*IntrospectKeyTypeTokenResponse) Reset 

func (x *IntrospectKeyTypeTokenResponse) Reset()

func (*IntrospectKeyTypeTokenResponse) String 

func (x *IntrospectKeyTypeTokenResponse) String() string

type IntrospectSignatureRequest 

type IntrospectSignatureRequest struct {

	// Required signature to introspect.
	Signature string `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

Request message for [SignaturesService.IntrospectSignature][blocky.authz.unsafe.v1alpha.SignaturesService.IntrospectSignature].

func (*IntrospectSignatureRequest) Descriptor deprecated 

func (*IntrospectSignatureRequest) Descriptor() ([]byte, []int)

Deprecated: Use IntrospectSignatureRequest.ProtoReflect.Descriptor instead.

func (*IntrospectSignatureRequest) GetSignature 

func (x *IntrospectSignatureRequest) GetSignature() string

func (*IntrospectSignatureRequest) ProtoMessage 

func (*IntrospectSignatureRequest) ProtoMessage()

func (*IntrospectSignatureRequest) ProtoReflect 

func (x *IntrospectSignatureRequest) ProtoReflect() protoreflect.Message

func (*IntrospectSignatureRequest) Reset 

func (x *IntrospectSignatureRequest) Reset()

func (*IntrospectSignatureRequest) String 

func (x *IntrospectSignatureRequest) String() string

type IntrospectSignatureResponse 

type IntrospectSignatureResponse struct {

	// The claims returned by the introspection.
	Claims *structpb.Struct `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
	// contains filtered or unexported fields
}

Response message for [SignaturesService.IntrospectSignature][blocky.authz.unsafe.v1alpha.SignaturesService.IntrospectSignature].

func (*IntrospectSignatureResponse) Descriptor deprecated 

func (*IntrospectSignatureResponse) Descriptor() ([]byte, []int)

Deprecated: Use IntrospectSignatureResponse.ProtoReflect.Descriptor instead.

func (*IntrospectSignatureResponse) GetClaims 

func (x *IntrospectSignatureResponse) GetClaims() *structpb.Struct

func (*IntrospectSignatureResponse) ProtoMessage 

func (*IntrospectSignatureResponse) ProtoMessage()

func (*IntrospectSignatureResponse) ProtoReflect 

func (x *IntrospectSignatureResponse) ProtoReflect() protoreflect.Message

func (*IntrospectSignatureResponse) Reset 

func (x *IntrospectSignatureResponse) Reset()

func (*IntrospectSignatureResponse) String 

func (x *IntrospectSignatureResponse) String() string

type IntrospectTokenRequest 

type IntrospectTokenRequest struct {

	// A required token to introspect.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

IntrospectTokenRequest is a request used to introspect a token.

func (*IntrospectTokenRequest) Descriptor deprecated 

func (*IntrospectTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use IntrospectTokenRequest.ProtoReflect.Descriptor instead.

func (*IntrospectTokenRequest) GetToken 

func (x *IntrospectTokenRequest) GetToken() string

func (*IntrospectTokenRequest) ProtoMessage 

func (*IntrospectTokenRequest) ProtoMessage()

func (*IntrospectTokenRequest) ProtoReflect 

func (x *IntrospectTokenRequest) ProtoReflect() protoreflect.Message

func (*IntrospectTokenRequest) Reset 

func (x *IntrospectTokenRequest) Reset()

func (*IntrospectTokenRequest) String 

func (x *IntrospectTokenRequest) String() string

type IntrospectTokenResponse 

type IntrospectTokenResponse struct {

	// Are the standard claims of the token.
	Claims *StandardTokenClaims `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
	// Are the unspecified custom claims encoded in the token.
	CustomClaims string `protobuf:"bytes,2,opt,name=custom_claims,json=customClaims,proto3" json:"custom_claims,omitempty"`
	// contains filtered or unexported fields
}

The response message for [TokensService.IntrospectToken][blocky.authz.unsafe.v1alpha.TokensService.IntrospectToken].

func (*IntrospectTokenResponse) Descriptor deprecated 

func (*IntrospectTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use IntrospectTokenResponse.ProtoReflect.Descriptor instead.

func (*IntrospectTokenResponse) GetClaims 

func (x *IntrospectTokenResponse) GetClaims() *StandardTokenClaims

func (*IntrospectTokenResponse) GetCustomClaims 

func (x *IntrospectTokenResponse) GetCustomClaims() string

func (*IntrospectTokenResponse) ProtoMessage 

func (*IntrospectTokenResponse) ProtoMessage()

func (*IntrospectTokenResponse) ProtoReflect 

func (x *IntrospectTokenResponse) ProtoReflect() protoreflect.Message

func (*IntrospectTokenResponse) Reset 

func (x *IntrospectTokenResponse) Reset()

func (*IntrospectTokenResponse) String 

func (x *IntrospectTokenResponse) String() string

type IssueIDTokenRequest 

type IssueIDTokenRequest struct {

	// Project is a resource name of the project that the token is issued for.
	Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"`
	// Required, the subject of the token.
	// The subject is the unique identifier of the user or service account that the token represents.
	Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"`
	// Optional custom claims to be added to the token.
	// If provided this field must be a valid JSON object, otherwise the request will fail.
	// Any standard claims will not be included in the resulting token.
	// The list of standard claims are:
	// - sub: the subject of the token
	// - iss: the issuer of the token
	// - aud: the audience of the token
	// - iat: the time the token was issued
	// - exp: the time the token will expire
	Claims string `protobuf:"bytes,3,opt,name=claims,proto3" json:"claims,omitempty"`
	// Preferred algorithm to sign the token with.
	// If the given algorithm is not supported by the system, the request will fail with the error InvalidArgument.
	// If no algorithm is provided, the token will be signed with the default algorithm in the service.
	Algorithm signalgpb.SigningAlgorithm `protobuf:"varint,4,opt,name=algorithm,proto3,enum=blocky.authz.type.SigningAlgorithm" json:"algorithm,omitempty"`
	// Optional, identifier of the client that is requesting the token.
	// If not provided, the token
	// and no scope validation will be performed.
	// Note: this affects permissible scopes, not the validity of the token.
	Client string `protobuf:"bytes,5,opt,name=client,proto3" json:"client,omitempty"`
	// contains filtered or unexported fields
}

Request message for [TokensService.IssueIDToken][blocky.authz.unsafe.v1alpha.TokensService.IssueIDToken].

func (*IssueIDTokenRequest) Descriptor deprecated 

func (*IssueIDTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use IssueIDTokenRequest.ProtoReflect.Descriptor instead.

func (*IssueIDTokenRequest) GetAlgorithm 

func (x *IssueIDTokenRequest) GetAlgorithm() signalgpb.SigningAlgorithm

func (*IssueIDTokenRequest) GetClaims 

func (x *IssueIDTokenRequest) GetClaims() string

func (*IssueIDTokenRequest) GetClient 

func (x *IssueIDTokenRequest) GetClient() string

func (*IssueIDTokenRequest) GetProject 

func (x *IssueIDTokenRequest) GetProject() string

func (*IssueIDTokenRequest) GetSubject 

func (x *IssueIDTokenRequest) GetSubject() string

func (*IssueIDTokenRequest) ProtoMessage 

func (*IssueIDTokenRequest) ProtoMessage()

func (*IssueIDTokenRequest) ProtoReflect 

func (x *IssueIDTokenRequest) ProtoReflect() protoreflect.Message

func (*IssueIDTokenRequest) Reset 

func (x *IssueIDTokenRequest) Reset()

func (*IssueIDTokenRequest) String 

func (x *IssueIDTokenRequest) String() string

type IssueIDTokenResponse 

type IssueIDTokenResponse struct {

	// Is the ID token that can be used to authenticate requests.
	IdToken string `protobuf:"bytes,1,opt,name=id_token,json=idToken,proto3" json:"id_token,omitempty"`
	// contains filtered or unexported fields
}

Response message for [TokensService.IssueIDToken][blocky.authz.unsafe.v1alpha.TokensService.IssueIDToken].

func (*IssueIDTokenResponse) Descriptor deprecated 

func (*IssueIDTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use IssueIDTokenResponse.ProtoReflect.Descriptor instead.

func (*IssueIDTokenResponse) GetIdToken 

func (x *IssueIDTokenResponse) GetIdToken() string

func (*IssueIDTokenResponse) ProtoMessage 

func (*IssueIDTokenResponse) ProtoMessage()

func (*IssueIDTokenResponse) ProtoReflect 

func (x *IssueIDTokenResponse) ProtoReflect() protoreflect.Message

func (*IssueIDTokenResponse) Reset 

func (x *IssueIDTokenResponse) Reset()

func (*IssueIDTokenResponse) String 

func (x *IssueIDTokenResponse) String() string

type IssueTokenRequest 

type IssueTokenRequest struct {

	// Project is a resource name of the project that the token is issued for.
	Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"`
	// Required, the subject of the token.
	// The subject is the unique identifier of the user or service account that the token represents.
	Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"`
	// Optional key resource name used to sign this token.
	// If not provided, the token will be signed with the default key.
	// If provided, it must be a valid key identifier, otherwise the request will fail,
	// with the error NotFound.
	Key string `protobuf:"bytes,3,opt,name=key,proto3" json:"key,omitempty"`
	// Optional custom claims to be added to the token.
	// If provided this field must be a valid JSON object, otherwise the request will fail.
	// By default, the token will contain the following claims:
	// - sub: the subject of the token
	// - iss: the issuer of the token
	// - aud: the audience of the token
	// - iat: the time the token was issued
	// - exp: the time the token will expire
	// - jti: the unique identifier of the token
	Claims string `protobuf:"bytes,4,opt,name=claims,proto3" json:"claims,omitempty"`
	// Required, the scope of the token.
	// The scope is a list of strings that represent the permissions that the token grants.
	Scope string `protobuf:"bytes,5,opt,name=scope,proto3" json:"scope,omitempty"`
	// Algorithm used to sign the token.
	// If the given algorithm is not supported by the system, the request will fail with the error InvalidArgument.
	// If not provided, the token will be signed with the default algorithm for the key.
	Algorithm signalgpb.SigningAlgorithm `protobuf:"varint,6,opt,name=algorithm,proto3,enum=blocky.authz.type.SigningAlgorithm" json:"algorithm,omitempty"`
	// Optional, identifier of the client that is requesting the token.
	// If not provided, the token
	// and no scope validation will be performed.
	// Note: this affects permissible scopes, not the validity of the token.
	Client string `protobuf:"bytes,7,opt,name=client,proto3" json:"client,omitempty"`
	// contains filtered or unexported fields
}

Request message for [TokensService.IssueToken][blocky.authz.unsafe.v1alpha.TokensService.IssueToken].

func (*IssueTokenRequest) Descriptor deprecated 

func (*IssueTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use IssueTokenRequest.ProtoReflect.Descriptor instead.

func (*IssueTokenRequest) GetAlgorithm 

func (x *IssueTokenRequest) GetAlgorithm() signalgpb.SigningAlgorithm

func (*IssueTokenRequest) GetClaims 

func (x *IssueTokenRequest) GetClaims() string

func (*IssueTokenRequest) GetClient 

func (x *IssueTokenRequest) GetClient() string

func (*IssueTokenRequest) GetKey 

func (x *IssueTokenRequest) GetKey() string

func (*IssueTokenRequest) GetProject 

func (x *IssueTokenRequest) GetProject() string

func (*IssueTokenRequest) GetScope 

func (x *IssueTokenRequest) GetScope() string

func (*IssueTokenRequest) GetSubject 

func (x *IssueTokenRequest) GetSubject() string

func (*IssueTokenRequest) ProtoMessage 

func (*IssueTokenRequest) ProtoMessage()

func (*IssueTokenRequest) ProtoReflect 

func (x *IssueTokenRequest) ProtoReflect() protoreflect.Message

func (*IssueTokenRequest) Reset 

func (x *IssueTokenRequest) Reset()

func (*IssueTokenRequest) String 

func (x *IssueTokenRequest) String() string

type IssueTokenRequest_AccessTokenOptions 

type IssueTokenRequest_AccessTokenOptions struct {

	// An optional signing algorithm  on the access token creation.
	Algorithm signalgpb.SigningAlgorithm `protobuf:"varint,1,opt,name=algorithm,proto3,enum=blocky.authz.type.SigningAlgorithm" json:"algorithm,omitempty"`
	// An optional 'kid' - key revision unique identifier - to use for signing the access token.
	// If not provided, the highest priority or default per instance key will be used.
	Kid string `protobuf:"bytes,2,opt,name=kid,proto3" json:"kid,omitempty"`
	// An optional set of custom claims to be added to the access token.
	// These claims needs to be encoded as a valid JSON object.
	// All the standard fields will override custom claim keys with the same key.
	Claims string `protobuf:"bytes,3,opt,name=claims,proto3" json:"claims,omitempty"`
	// contains filtered or unexported fields
}

func (*IssueTokenRequest_AccessTokenOptions) Descriptor deprecated 

func (*IssueTokenRequest_AccessTokenOptions) Descriptor() ([]byte, []int)

Deprecated: Use IssueTokenRequest_AccessTokenOptions.ProtoReflect.Descriptor instead.

func (*IssueTokenRequest_AccessTokenOptions) GetAlgorithm 

func (x *IssueTokenRequest_AccessTokenOptions) GetAlgorithm() signalgpb.SigningAlgorithm

func (*IssueTokenRequest_AccessTokenOptions) GetClaims 

func (x *IssueTokenRequest_AccessTokenOptions) GetClaims() string

func (*IssueTokenRequest_AccessTokenOptions) GetKid 

func (x *IssueTokenRequest_AccessTokenOptions) GetKid() string

func (*IssueTokenRequest_AccessTokenOptions) ProtoMessage 

func (*IssueTokenRequest_AccessTokenOptions) ProtoMessage()

func (*IssueTokenRequest_AccessTokenOptions) ProtoReflect 

func (x *IssueTokenRequest_AccessTokenOptions) ProtoReflect() protoreflect.Message

func (*IssueTokenRequest_AccessTokenOptions) Reset 

func (x *IssueTokenRequest_AccessTokenOptions) Reset()

func (*IssueTokenRequest_AccessTokenOptions) String 

func (x *IssueTokenRequest_AccessTokenOptions) String() string

type IssueTokenResponse 

type IssueTokenResponse struct {

	// Is the access token that can be used to authenticate requests.
	AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
	// Is an optional refresh token that can be used to issue new tokens.
	RefreshToken string `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
	// Is the expiration time of the access token.
	ExpiresIn int64 `protobuf:"varint,3,opt,name=expires_in,json=expiresIn,proto3" json:"expires_in,omitempty"`
	// contains filtered or unexported fields
}

IssueTokenResponse is a response used to issue a token.

func (*IssueTokenResponse) Descriptor deprecated 

func (*IssueTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use IssueTokenResponse.ProtoReflect.Descriptor instead.

func (*IssueTokenResponse) GetAccessToken 

func (x *IssueTokenResponse) GetAccessToken() string

func (*IssueTokenResponse) GetExpiresIn 

func (x *IssueTokenResponse) GetExpiresIn() int64

func (*IssueTokenResponse) GetRefreshToken 

func (x *IssueTokenResponse) GetRefreshToken() string

func (*IssueTokenResponse) ProtoMessage 

func (*IssueTokenResponse) ProtoMessage()

func (*IssueTokenResponse) ProtoReflect 

func (x *IssueTokenResponse) ProtoReflect() protoreflect.Message

func (*IssueTokenResponse) Reset 

func (x *IssueTokenResponse) Reset()

func (*IssueTokenResponse) String 

func (x *IssueTokenResponse) String() string

type RefreshTokenRequest 

type RefreshTokenRequest struct {
	RefreshToken              string `protobuf:"bytes,1,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
	ForceConfigurationOptions bool   `` /* 139-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*RefreshTokenRequest) Descriptor deprecated 

func (*RefreshTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use RefreshTokenRequest.ProtoReflect.Descriptor instead.

func (*RefreshTokenRequest) GetForceConfigurationOptions 

func (x *RefreshTokenRequest) GetForceConfigurationOptions() bool

func (*RefreshTokenRequest) GetRefreshToken 

func (x *RefreshTokenRequest) GetRefreshToken() string

func (*RefreshTokenRequest) ProtoMessage 

func (*RefreshTokenRequest) ProtoMessage()

func (*RefreshTokenRequest) ProtoReflect 

func (x *RefreshTokenRequest) ProtoReflect() protoreflect.Message

func (*RefreshTokenRequest) Reset 

func (x *RefreshTokenRequest) Reset()

func (*RefreshTokenRequest) String 

func (x *RefreshTokenRequest) String() string

type RefreshTokenResponse 

type RefreshTokenResponse struct {
	TokenId string `protobuf:"bytes,1,opt,name=token_id,json=tokenId,proto3" json:"token_id,omitempty"`
	// contains filtered or unexported fields
}

func (*RefreshTokenResponse) Descriptor deprecated 

func (*RefreshTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use RefreshTokenResponse.ProtoReflect.Descriptor instead.

func (*RefreshTokenResponse) GetTokenId 

func (x *RefreshTokenResponse) GetTokenId() string

func (*RefreshTokenResponse) ProtoMessage 

func (*RefreshTokenResponse) ProtoMessage()

func (*RefreshTokenResponse) ProtoReflect 

func (x *RefreshTokenResponse) ProtoReflect() protoreflect.Message

func (*RefreshTokenResponse) Reset 

func (x *RefreshTokenResponse) Reset()

func (*RefreshTokenResponse) String 

func (x *RefreshTokenResponse) String() string

type RevokeRefreshTokenRequest 

type RevokeRefreshTokenRequest struct {
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

func (*RevokeRefreshTokenRequest) Descriptor deprecated 

func (*RevokeRefreshTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use RevokeRefreshTokenRequest.ProtoReflect.Descriptor instead.

func (*RevokeRefreshTokenRequest) GetToken 

func (x *RevokeRefreshTokenRequest) GetToken() string

func (*RevokeRefreshTokenRequest) ProtoMessage 

func (*RevokeRefreshTokenRequest) ProtoMessage()

func (*RevokeRefreshTokenRequest) ProtoReflect 

func (x *RevokeRefreshTokenRequest) ProtoReflect() protoreflect.Message

func (*RevokeRefreshTokenRequest) Reset 

func (x *RevokeRefreshTokenRequest) Reset()

func (*RevokeRefreshTokenRequest) String 

func (x *RevokeRefreshTokenRequest) String() string

type ShowClientCredentialsRequest 

type ShowClientCredentialsRequest struct {

	// Is a resource reference to the client for which the client credentials
	// should be shown.
	// The format of a client resource name is:
	// 'projects/{project}/clients/{client}'.
	// If the client has an alias it can be used instead of the client id in the
	// resource name.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

ShowClientCredentialsRequest is the request message for ShowClientCredentials.

func (*ShowClientCredentialsRequest) Descriptor deprecated 

func (*ShowClientCredentialsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ShowClientCredentialsRequest.ProtoReflect.Descriptor instead.

func (*ShowClientCredentialsRequest) GetName 

func (x *ShowClientCredentialsRequest) GetName() string

func (*ShowClientCredentialsRequest) ProtoMessage 

func (*ShowClientCredentialsRequest) ProtoMessage()

func (*ShowClientCredentialsRequest) ProtoReflect 

func (x *ShowClientCredentialsRequest) ProtoReflect() protoreflect.Message

func (*ShowClientCredentialsRequest) Reset 

func (x *ShowClientCredentialsRequest) Reset()

func (*ShowClientCredentialsRequest) String 

func (x *ShowClientCredentialsRequest) String() string

type SignClaimsRequest 

type SignClaimsRequest struct {

	// The claims to sign.
	Claims *structpb.Struct `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
	// Optional signature type to use.
	// If not specified a signature is generated using the default key
	// and the default signing algorithm.
	// The signature type may be used to override the default key and algorithm.
	// This field relates to the signature type id in the
	// [SignatureType][blocky.authz.unsafe.v1alpha.SignatureType] message.
	SignatureTypeId string `protobuf:"bytes,2,opt,name=signature_type_id,json=signatureTypeId,proto3" json:"signature_type_id,omitempty"`
	// Optional key id to use.
	// If not specified the default key id is used.
	// This field relates to the field:
	// [Key][blocky.authz.unsafe.v1alpha.Key.key_id].
	KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Optional signing algorithm to use.
	// If not specified the default signing algorithm is used.
	// If no matching algorithm is found, an error is returned.
	SigningAlgorithm signalgpb.SigningAlgorithm `` /* 150-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [SignaturesService.SignClaims][blocky.authz.unsafe.v1alpha.SignaturesService.SignClaims].

func (*SignClaimsRequest) Descriptor deprecated 

func (*SignClaimsRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignClaimsRequest.ProtoReflect.Descriptor instead.

func (*SignClaimsRequest) GetClaims 

func (x *SignClaimsRequest) GetClaims() *structpb.Struct

func (*SignClaimsRequest) GetKeyId 

func (x *SignClaimsRequest) GetKeyId() string

func (*SignClaimsRequest) GetSignatureTypeId 

func (x *SignClaimsRequest) GetSignatureTypeId() string

func (*SignClaimsRequest) GetSigningAlgorithm 

func (x *SignClaimsRequest) GetSigningAlgorithm() signalgpb.SigningAlgorithm

func (*SignClaimsRequest) ProtoMessage 

func (*SignClaimsRequest) ProtoMessage()

func (*SignClaimsRequest) ProtoReflect 

func (x *SignClaimsRequest) ProtoReflect() protoreflect.Message

func (*SignClaimsRequest) Reset 

func (x *SignClaimsRequest) Reset()

func (*SignClaimsRequest) String 

func (x *SignClaimsRequest) String() string

type SignClaimsResponse 

type SignClaimsResponse struct {

	// The compacted JWS token as defined in RFC 7515.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

Response message for [SignaturesService.SignClaims][blocky.authz.unsafe.v1alpha.SignaturesService.SignClaims].

func (*SignClaimsResponse) Descriptor deprecated 

func (*SignClaimsResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignClaimsResponse.ProtoReflect.Descriptor instead.

func (*SignClaimsResponse) GetToken 

func (x *SignClaimsResponse) GetToken() string

func (*SignClaimsResponse) ProtoMessage 

func (*SignClaimsResponse) ProtoMessage()

func (*SignClaimsResponse) ProtoReflect 

func (x *SignClaimsResponse) ProtoReflect() protoreflect.Message

func (*SignClaimsResponse) Reset 

func (x *SignClaimsResponse) Reset()

func (*SignClaimsResponse) String 

func (x *SignClaimsResponse) String() string

type SignaturesServiceClient 

type SignaturesServiceClient interface {
	// Signs the input payload and returns a signed string token.
	// The result is a Json Web Signature (JWS) as defined in RFC 7515.
	SignClaims(ctx context.Context, in *SignClaimsRequest, opts ...grpc.CallOption) (*SignClaimsResponse, error)
	// Introspects the signature and returns the claims.
	// Once the signature is verified, the claims are returned as a Struct.
	IntrospectSignature(ctx context.Context, in *IntrospectSignatureRequest, opts ...grpc.CallOption) (*IntrospectSignatureResponse, error)
}

SignaturesServiceClient is the client API for SignaturesService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewSignaturesServiceClient 

func NewSignaturesServiceClient(cc grpc.ClientConnInterface) SignaturesServiceClient

type SignaturesServiceServer 

type SignaturesServiceServer interface {
	// Signs the input payload and returns a signed string token.
	// The result is a Json Web Signature (JWS) as defined in RFC 7515.
	SignClaims(context.Context, *SignClaimsRequest) (*SignClaimsResponse, error)
	// Introspects the signature and returns the claims.
	// Once the signature is verified, the claims are returned as a Struct.
	IntrospectSignature(context.Context, *IntrospectSignatureRequest) (*IntrospectSignatureResponse, error)
	// contains filtered or unexported methods
}

SignaturesServiceServer is the server API for SignaturesService service. All implementations must embed UnimplementedSignaturesServiceServer for forward compatibility

type StandardTokenClaims 

type StandardTokenClaims struct {

	// Is the token unique identifier.
	TokenId string `protobuf:"bytes,1,opt,name=token_id,json=jti,proto3" json:"token_id,omitempty"`
	// States if the token is active.
	Active bool `protobuf:"varint,2,opt,name=active,proto3" json:"active,omitempty"`
	// Is the subject of the token.
	Subject string `protobuf:"bytes,3,opt,name=subject,json=sub,omitempty,proto3" json:"subject,omitempty"`
	// Is the expiration time of the token.
	ExpiresAt int64 `protobuf:"varint,4,opt,name=expires_at,json=exp,omitempty,proto3" json:"expires_at,omitempty"`
	// Is the time the token was issued.
	IssuedAt int64 `protobuf:"varint,5,opt,name=issued_at,json=iat,omitempty,proto3" json:"issued_at,omitempty"`
	// Is the time the token was revoked.
	RevokedAt int64 `protobuf:"varint,6,opt,name=revoked_at,json=rat,omitempty,proto3" json:"revoked_at,omitempty"`
	// Is the time the token was not valid before.
	NotBefore int64 `protobuf:"varint,7,opt,name=not_before,json=nbf,omitempty,proto3" json:"not_before,omitempty"`
	// Is the issuer of the token.
	Issuer string `protobuf:"bytes,8,opt,name=issuer,json=iss,omitempty,proto3" json:"issuer,omitempty"`
	// Is a comma separated list of scopes that the token grants.
	Scope string `protobuf:"bytes,9,opt,name=scope,proto3" json:"scope,omitempty"`
	// Is the audience of the token,
	Audience []string `protobuf:"bytes,10,rep,name=audience,json=aud,omitempty,proto3" json:"audience,omitempty"`
	// Is the client that requested the token.
	Client string `protobuf:"bytes,11,opt,name=client,json=client_id,omitempty,proto3" json:"client,omitempty"`
	// contains filtered or unexported fields
}

IntrospectedTokenClaims is a set of claims that are returned when introspecting a token.

func (*StandardTokenClaims) Descriptor deprecated 

func (*StandardTokenClaims) Descriptor() ([]byte, []int)

Deprecated: Use StandardTokenClaims.ProtoReflect.Descriptor instead.

func (*StandardTokenClaims) GetActive 

func (x *StandardTokenClaims) GetActive() bool

func (*StandardTokenClaims) GetAudience 

func (x *StandardTokenClaims) GetAudience() []string

func (*StandardTokenClaims) GetClient 

func (x *StandardTokenClaims) GetClient() string

func (*StandardTokenClaims) GetExpiresAt 

func (x *StandardTokenClaims) GetExpiresAt() int64

func (*StandardTokenClaims) GetIssuedAt 

func (x *StandardTokenClaims) GetIssuedAt() int64

func (*StandardTokenClaims) GetIssuer 

func (x *StandardTokenClaims) GetIssuer() string

func (*StandardTokenClaims) GetNotBefore 

func (x *StandardTokenClaims) GetNotBefore() int64

func (*StandardTokenClaims) GetRevokedAt 

func (x *StandardTokenClaims) GetRevokedAt() int64

func (*StandardTokenClaims) GetScope 

func (x *StandardTokenClaims) GetScope() string

func (*StandardTokenClaims) GetSubject 

func (x *StandardTokenClaims) GetSubject() string

func (*StandardTokenClaims) GetTokenId 

func (x *StandardTokenClaims) GetTokenId() string

func (*StandardTokenClaims) ProtoMessage 

func (*StandardTokenClaims) ProtoMessage()

func (*StandardTokenClaims) ProtoReflect 

func (x *StandardTokenClaims) ProtoReflect() protoreflect.Message

func (*StandardTokenClaims) Reset 

func (x *StandardTokenClaims) Reset()

func (*StandardTokenClaims) String 

func (x *StandardTokenClaims) String() string

type TokensServiceClient 

type TokensServiceClient interface {
	// IssueIDToken issues a new ID token for the input subject.
	IssueIDToken(ctx context.Context, in *IssueIDTokenRequest, opts ...grpc.CallOption) (*IssueIDTokenResponse, error)
	// Issues a new authorization token for the input subject.
	IssueToken(ctx context.Context, in *IssueTokenRequest, opts ...grpc.CallOption) (*IssueTokenResponse, error)
	// Creates a new access, refresh token pair on top of the input refresh token.
	// The input refresh token needs to be non-expired, non-revoked and active.
	// Resulting tokens will share the claims provided during the [IssueTokenRequest].
	RefreshToken(ctx context.Context, in *RefreshTokenRequest, opts ...grpc.CallOption) (*RefreshTokenResponse, error)
	// Revokes the input refresh token.
	// Revoked refresh tokens will not be able to be used to issue new tokens.
	// This makes the refresh token invalid.
	RevokeRefreshToken(ctx context.Context, in *RevokeRefreshTokenRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Checks if the input token is valid, and if so, returns the claims of the token.
	// If the token is invalid, the response will contain an error.
	IntrospectToken(ctx context.Context, in *IntrospectTokenRequest, opts ...grpc.CallOption) (*IntrospectTokenResponse, error)
}

TokensServiceClient is the client API for TokensService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewTokensServiceClient 

func NewTokensServiceClient(cc grpc.ClientConnInterface) TokensServiceClient

type TokensServiceServer 

type TokensServiceServer interface {
	// IssueIDToken issues a new ID token for the input subject.
	IssueIDToken(context.Context, *IssueIDTokenRequest) (*IssueIDTokenResponse, error)
	// Issues a new authorization token for the input subject.
	IssueToken(context.Context, *IssueTokenRequest) (*IssueTokenResponse, error)
	// Creates a new access, refresh token pair on top of the input refresh token.
	// The input refresh token needs to be non-expired, non-revoked and active.
	// Resulting tokens will share the claims provided during the [IssueTokenRequest].
	RefreshToken(context.Context, *RefreshTokenRequest) (*RefreshTokenResponse, error)
	// Revokes the input refresh token.
	// Revoked refresh tokens will not be able to be used to issue new tokens.
	// This makes the refresh token invalid.
	RevokeRefreshToken(context.Context, *RevokeRefreshTokenRequest) (*emptypb.Empty, error)
	// Checks if the input token is valid, and if so, returns the claims of the token.
	// If the token is invalid, the response will contain an error.
	IntrospectToken(context.Context, *IntrospectTokenRequest) (*IntrospectTokenResponse, error)
	// contains filtered or unexported methods
}

TokensServiceServer is the server API for TokensService service. All implementations must embed UnimplementedTokensServiceServer for forward compatibility

type UnimplementedClientServiceServer 

type UnimplementedClientServiceServer struct {
}

UnimplementedClientServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedClientServiceServer) ShowClientCredentials 

func (UnimplementedClientServiceServer) ShowClientCredentials(context.Context, *ShowClientCredentialsRequest) (*ClientCredentials, error)

type UnimplementedSignaturesServiceServer 

type UnimplementedSignaturesServiceServer struct {
}

UnimplementedSignaturesServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedSignaturesServiceServer) IntrospectSignature 

func (UnimplementedSignaturesServiceServer) IntrospectSignature(context.Context, *IntrospectSignatureRequest) (*IntrospectSignatureResponse, error)

func (UnimplementedSignaturesServiceServer) SignClaims 

func (UnimplementedSignaturesServiceServer) SignClaims(context.Context, *SignClaimsRequest) (*SignClaimsResponse, error)

type UnimplementedTokensServiceServer 

type UnimplementedTokensServiceServer struct {
}

UnimplementedTokensServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedTokensServiceServer) IntrospectToken 

func (UnimplementedTokensServiceServer) IntrospectToken(context.Context, *IntrospectTokenRequest) (*IntrospectTokenResponse, error)

func (UnimplementedTokensServiceServer) IssueIDToken 

func (UnimplementedTokensServiceServer) IssueIDToken(context.Context, *IssueIDTokenRequest) (*IssueIDTokenResponse, error)

func (UnimplementedTokensServiceServer) IssueToken 

func (UnimplementedTokensServiceServer) IssueToken(context.Context, *IssueTokenRequest) (*IssueTokenResponse, error)

func (UnimplementedTokensServiceServer) RefreshToken 

func (UnimplementedTokensServiceServer) RefreshToken(context.Context, *RefreshTokenRequest) (*RefreshTokenResponse, error)

func (UnimplementedTokensServiceServer) RevokeRefreshToken 

func (UnimplementedTokensServiceServer) RevokeRefreshToken(context.Context, *RevokeRefreshTokenRequest) (*emptypb.Empty, error)

type UnsafeClientServiceServer 

type UnsafeClientServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeClientServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to ClientServiceServer will result in compilation errors.

type UnsafeSignaturesServiceServer 

type UnsafeSignaturesServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeSignaturesServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SignaturesServiceServer will result in compilation errors.

type UnsafeTokensServiceServer 

type UnsafeTokensServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeTokensServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to TokensServiceServer will result in compilation errors.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.