syntax = "proto3"; package sso; import "google/protobuf/empty.proto"; import "google/protobuf/timestamp.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "openapi/annotations.proto"; import "gateway/annotations.proto"; option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = { info: { title: "Single Sign-on"; version: "v1"; }; security_definitions: { security: { key: "ApiKeyAuth"; value: { type: TYPE_API_KEY; in: IN_HEADER; name: "Authorization"; } } }; responses: { key: "400"; value: { description: "Returned when the request is invalid."; schema { json_schema { ref: ".sso.ErrorReply"; } } } }; responses: { key: "401"; value: { description: "Returned when the request is not authenticated."; schema { json_schema { ref: ".sso.ErrorReply"; } } } }; responses: { key: "403"; value: { description: "Returned when the request is not permitted."; schema { json_schema { ref: ".sso.ErrorReply"; } } } }; responses: { key: "404"; value: { description: "Returned when the requested resource does not exist."; schema { json_schema { ref: ".sso.ErrorReply"; } } } }; }; service Sso { // Ping server. // // Returns pong response for uptime tests. This endpoint is only available // via the HTTP server port of `sso-grpc`. Authentication is not // required, this endpoint is intended for internal use only. rpc Ping (google.protobuf.Empty) returns (google.protobuf.StringValue) { option (google.api.http) = { get: "/ping" response_body: "value" }; option (grpc.gateway.protoc_gen_swagger.options.openapiv2_operation) = { security {} }; } // Get server metrics. // // Returns metrics in Prometheus exposition format. This endpoint is only available // via the HTTP server port of `sso-grpc`. Authentication is not // required, this endpoint is intended for internal use only. rpc Metrics (google.protobuf.Empty) returns (google.protobuf.StringValue) { option (google.api.http) = { get: "/metrics" response_body: "value" }; option (grpc.gateway.protoc_gen_swagger.options.openapiv2_operation) = { security {} }; } // Traefik forward authentication hook for self. // // Determines whether request was made with a service or root key, if key // is present and valid will set headers on the response. If key is not present // or invalid this will return an unauthorised response. // // This endpoint is only available via the HTTP server port of `sso-grpc`. // This endpoint is intended for internal use only. // // Request headers. // - `Authorization`: Service key value. // - `User-Authorization`: Optional key or token value. // // Response headers. // - `Grpc-Metadata-Sso-Key-Id`: ID of service key in request. // - `Grpc-Metadata-Sso-Service-Id`: ID of service which owns key, or not defined if key is a root key. // - `Grpc-Metadata-Sso-User-Key-Id`: ID of user key or token or not defined if user authorisation header not present. // - `Grpc-Metadata-Sso-User-Id`: ID of user which owns key or not defined if user authorisation header not present. rpc HookTraefikSelf (google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { get: "/hook/traefik/self" }; } // Traefik forward authentication hook for services. // // Determines whether request was made with a user key or token, if user key or token // is present and valid will set headers on the response. If user key or token is not present // or invalid this will return an unauthorised response. // // This endpoint is only available via the HTTP server port of `sso-grpc`. // This endpoint is intended for internal use only. // // Request headers. // - `Authorization`: User key or token value. // - `Service-Authorization`: Required service key value. // // Response headers. // - `Grpc-Metadata-Sso-Key-Id`: ID of service key in request. // - `Grpc-Metadata-Sso-Service-Id`: ID of service which owns key. // - `Grpc-Metadata-Sso-User-Key-Id`: ID of user key in request or of key used to generate token. // - `Grpc-Metadata-Sso-User-Id`: ID of user which owns key. rpc HookTraefikService (google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { get: "/hook/traefik/service" }; } // List audit logs. // // All fields are optional. rpc AuditList (AuditListRequest) returns (AuditListReply) { option (google.api.http) = { get: "/v1/audit" }; } // Create audit log. rpc AuditCreate (AuditCreateRequest) returns (AuditReadReply) { option (google.api.http) = { post: "/v1/audit" body: "*" }; } // Read audit log. rpc AuditRead (AuditReadRequest) returns (AuditReadReply) { option (google.api.http) = { get: "/v1/audit/{id}" }; } // Update audit log (append only). rpc AuditUpdate (AuditUpdateRequest) returns (AuditReadReply) { option (google.api.http) = { patch: "/v1/audit/{id}" body: "*" }; } // List keys. // // All fields are optional. rpc KeyList (KeyListRequest) returns (KeyListReply) { option (google.api.http) = { get: "/v1/key" }; } // Create key. // // Service keys can only be created using a root key. If not creating a service key, // field `service_id` must not be defined, user keys are always created for the service // making the request. // // Available keys types are: `Key`, `Token`, `Totp` // // Root and service keys must be `Key` type. // Users may only have one enabled and not revoked key where type is `Token`. // Users may only have one enabled and not revoked key where type is `Totp`. rpc KeyCreate (KeyCreateRequest) returns (KeyCreateReply) { option (google.api.http) = { post: "/v1/key" body: "*" }; } // Read key. rpc KeyRead (KeyReadRequest) returns (KeyReadReply) { option (google.api.http) = { get: "/v1/key/{id}" }; } // Update key. // // All fields are optional. rpc KeyUpdate (KeyUpdateRequest) returns (KeyReadReply) { option (google.api.http) = { patch: "/v1/key/{id}" body: "*" }; } // Delete key. rpc KeyDelete (KeyReadRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/key/{id}" }; } // List services. // // All fields are optional. rpc ServiceList (ServiceListRequest) returns (ServiceListReply) { option (google.api.http) = { get: "/v1/service" }; } // Create service. rpc ServiceCreate (ServiceCreateRequest) returns (ServiceReadReply) { option (google.api.http) = { post: "/v1/service" body: "*" }; } // Read service. rpc ServiceRead (ServiceReadRequest) returns (ServiceReadReply) { option (google.api.http) = { get: "/v1/service/{id}" }; } // Update service. // // All fields are optional. rpc ServiceUpdate (ServiceUpdateRequest) returns (ServiceReadReply) { option (google.api.http) = { patch: "/v1/service/{id}" body: "*" }; } // Delete service. rpc ServiceDelete (ServiceReadRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/service/{id}" }; } // List users. // // All fields are optional. rpc UserList (UserListRequest) returns (UserListReply) { option (google.api.http) = { get: "/v1/user" }; } // Create user. // // Users can be created without a password by excluding password related fields // from request. rpc UserCreate (UserCreateRequest) returns (UserCreateReply) { option (google.api.http) = { post: "/v1/user" body: "*" }; } // Read user. rpc UserRead (UserReadRequest) returns (UserReadReply) { option (google.api.http) = { get: "/v1/user/{id}" }; } // Update user. // // All fields are optional. rpc UserUpdate (UserUpdateRequest) returns (UserReadReply) { option (google.api.http) = { patch: "/v1/user/{id}" body: "*" }; } // Delete user. rpc UserDelete (UserReadRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/user/{id}" }; } // Verify user key. rpc AuthKeyVerify (AuthKeyRequest) returns (AuthKeyReply) { option (google.api.http) = { post: "/v1/auth/key/verify" body: "*" }; } // Revoke user key. rpc AuthKeyRevoke (AuthKeyRequest) returns (AuthAuditReply) { option (google.api.http) = { post: "/v1/auth/key/revoke" body: "*" }; } // Verify user access token. rpc AuthTokenVerify (AuthTokenRequest) returns (AuthTokenVerifyReply) { option (google.api.http) = { post: "/v1/auth/token/verify" body: "*" }; } // Refresh user access and refresh tokens. rpc AuthTokenRefresh (AuthTokenRequest) returns (AuthTokenReply) { option (google.api.http) = { post: "/v1/auth/token/refresh" body: "*" }; } // Revoke user token. rpc AuthTokenRevoke (AuthTokenRequest) returns (AuthAuditReply) { option (google.api.http) = { post: "/v1/auth/token/revoke" body: "*" }; } // Verify TOTP code. rpc AuthTotpVerify (AuthTotpRequest) returns (AuthAuditReply) { option (google.api.http) = { post: "/v1/auth/totp" body: "*" }; } // Create CSRF token. rpc AuthCsrfCreate (AuthCsrfCreateRequest) returns (AuthCsrfCreateReply) { option (google.api.http) = { get: "/v1/auth/csrf" }; } // Verify CSRF token. rpc AuthCsrfVerify (AuthCsrfVerifyRequest) returns (AuthAuditReply) { option (google.api.http) = { post: "/v1/auth/csrf" body: "*" }; } // Login with email and password. // // Local provider login authentication. // // If users `password_require_update` flag is true, a permission denied (gRPC) or // forbidden (HTTP) error code is returned. rpc AuthLocalLogin (AuthLoginRequest) returns (AuthLoginReply) { option (google.api.http) = { post: "/v1/auth/provider/local/login" body: "*" }; } // Register user for service. // // Local provider user registration. rpc AuthLocalRegister (AuthRegisterRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/v1/auth/provider/local/register" body: "*" }; } // Confirm user registration. // // Local provider user registration confirmation. rpc AuthLocalRegisterConfirm (AuthRegisterConfirmRequest) returns (AuthPasswordMetaReply) { option (google.api.http) = { post: "/v1/auth/provider/local/register/confirm" body: "*" }; } // Revoke user registration. // // Local provider user registration revokation. rpc AuthLocalRegisterRevoke (AuthTokenRequest) returns (AuthAuditReply) { option (google.api.http) = { post: "/v1/auth/provider/local/register/revoke" body: "*" }; } // Reset user password. // // Local provider reset user password request. rpc AuthLocalResetPassword (AuthResetPasswordRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/v1/auth/provider/local/reset-password" body: "*" }; } // Confirm user password reset. // // Local provider reset user password confirmation. rpc AuthLocalResetPasswordConfirm (AuthResetPasswordConfirmRequest) returns (AuthPasswordMetaReply) { option (google.api.http) = { post: "/v1/auth/provider/local/reset-password/confirm" body: "*" }; } // Revoke user password reset. // // Local provider reset user password revokation. rpc AuthLocalResetPasswordRevoke (AuthTokenRequest) returns (AuthAuditReply) { option (google.api.http) = { post: "/v1/auth/provider/local/reset-password/revoke" body: "*" }; } // Update user email. // // Local provider update user email request. rpc AuthLocalUpdateEmail (AuthUpdateEmailRequest) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/v1/auth/provider/local/update-email" body: "*" }; } // Revoke user email update. // // Local provider update user email revokation. rpc AuthLocalUpdateEmailRevoke (AuthTokenRequest) returns (AuthAuditReply) { option (google.api.http) = { post: "/v1/auth/provider/local/update-email/revoke" body: "*" }; } // Update user password. // // Local provider update user password request. rpc AuthLocalUpdatePassword (AuthUpdatePasswordRequest) returns (AuthPasswordMetaReply) { option (google.api.http) = { post: "/v1/auth/provider/local/update-password" body: "*" }; } // Revoke user password update. // // Local provider update user password revokation. rpc AuthLocalUpdatePasswordRevoke (AuthTokenRequest) returns (AuthAuditReply) { option (google.api.http) = { post: "/v1/auth/provider/local/update-password/revoke" body: "*" }; } // Get Github OAuth2 URL. rpc AuthGithubOauth2Url (google.protobuf.Empty) returns (AuthOauth2UrlReply) { option (google.api.http) = { get: "/v1/auth/provider/github/oauth2" }; } // Github OAuth2 callback. rpc AuthGithubOauth2Callback (AuthOauth2CallbackRequest) returns (AuthTokenReply) { option (google.api.http) = { post: "/v1/auth/provider/github/oauth2" body: "*" }; } // Get Microsoft OAuth2 URL. rpc AuthMicrosoftOauth2Url (google.protobuf.Empty) returns (AuthOauth2UrlReply) { option (google.api.http) = { get: "/v1/auth/provider/microsoft/oauth2" }; } // Microsoft OAuth2 callback. rpc AuthMicrosoftOauth2Callback (AuthOauth2CallbackRequest) returns (AuthTokenReply) { option (google.api.http) = { post: "/v1/auth/provider/microsoft/oauth2" body: "*" }; } } // Error reply. message ErrorReply { // Error code. google.protobuf.UInt32Value code = 1; // Error message. google.protobuf.StringValue error = 2; // Error message. google.protobuf.StringValue message = 3; } // List audit logs request. message AuditListRequest { // Greater than or equal to date and time. google.protobuf.Timestamp ge = 1; // Less than or equal to date and time. google.protobuf.Timestamp le = 2; // Limit number of returned logs. google.protobuf.Int64Value limit = 3; // Offset log UUID for paging. google.protobuf.StringValue offset_id = 4; // Log UUID filter array. repeated string id = 5; // Log type filter array. repeated string type = 6; // Log subject filter array. repeated string subject = 7; // Log service UUID filter array. repeated string service_id = 8; // Log user UUID filter array. repeated string user_id = 9; } // List audit logs reply. message AuditListReply { // Request message. AuditListRequest meta = 1; // Logs array. repeated Audit data = 2; } // Create audit log request. message AuditCreateRequest { // Log type. string type = 1; // Log subject. google.protobuf.StringValue subject = 2; // Log key, value data. google.protobuf.Struct data = 3; // Log user UUID. google.protobuf.StringValue user_id = 4; // Log user key UUID. google.protobuf.StringValue user_key_id = 5; } // Read audit log request. message AuditReadRequest { // Log UUID. string id = 1; // Log subject filter. google.protobuf.StringValue subject = 2; } // Read audit log reply. message AuditReadReply { // Log. Audit data = 1; } // Update audit log request. message AuditUpdateRequest { // Log UUID. string id = 1; // Log status code. google.protobuf.UInt32Value status_code = 2; // Log subject. google.protobuf.StringValue subject = 3; // Log key, value data. google.protobuf.Struct data = 4; } // Audit log. message Audit { // Created at date and time. google.protobuf.Timestamp created_at = 1; // Updated at date and time. google.protobuf.Timestamp updated_at = 2; // UUID. string id = 3; // User-agent header (or unknown if not available). string user_agent = 4; // Remote IP address (or unknown if not available). string remote = 5; // X-forwarded-for header. google.protobuf.StringValue forwarded = 6; // Response status code. google.protobuf.UInt32Value status_code = 7; // Type. string type = 8; // Subject. google.protobuf.StringValue subject = 9; // Key, value data. google.protobuf.Struct data = 10; // Key UUID. google.protobuf.StringValue key_id = 11; // Service UUID. google.protobuf.StringValue service_id = 12; // User UUID. google.protobuf.StringValue user_id = 13; // User key UUID. google.protobuf.StringValue user_key_id = 14; } // Key type. enum KeyType { KEY = 0; TOKEN = 1; TOTP = 2; } // List keys request. message KeyListRequest { // Greater than key UUID. google.protobuf.StringValue gt = 1; // Less than key UUID. google.protobuf.StringValue lt = 2; // Limit number of returned keys. google.protobuf.Int64Value limit = 3; // Key UUID filter array. repeated string id = 4; // Key is_enabled flag filter. google.protobuf.BoolValue is_enabled = 5; // Key is_revoked flag filter. google.protobuf.BoolValue is_revoked = 6; // Key type filter array. repeated KeyType type = 7; // Key service UUID filter array. repeated string service_id = 8; // Key user UUID filter array. repeated string user_id = 9; } // List keys reply. message KeyListReply { // Request message. KeyListRequest meta = 1; // Keys array. repeated Key data = 2; } // Create key request. message KeyCreateRequest { // Key type. KeyType type = 1; // Key name. string name = 2; // Key is_enabled flag. google.protobuf.BoolValue is_enabled = 3; // Key service UUID. google.protobuf.StringValue service_id = 4; // Key user UUID. google.protobuf.StringValue user_id = 5; } // Create key reply. message KeyCreateReply { // Key. KeyWithValue data = 1; } // Read key request. message KeyReadRequest { // Key UUID. string id = 1; // Key user UUID. google.protobuf.StringValue user_id = 2; } // Read key reply. message KeyReadReply { // Key. Key data = 1; } // Update key request. message KeyUpdateRequest { // Key UUID. string id = 1; // Key name. google.protobuf.StringValue name = 2; // Key is_enabled flag. google.protobuf.BoolValue is_enabled = 3; } // Key. message Key { // Created at date and time. google.protobuf.Timestamp created_at = 1; // Updated at date and time. google.protobuf.Timestamp updated_at = 2; // UUID. string id = 3; // Is enabled flag. bool is_enabled = 4; // Is revoked flag. bool is_revoked = 5; // Type. KeyType type = 6; // Name. string name = 7; // Service UUID. google.protobuf.StringValue service_id = 8; // User UUID. google.protobuf.StringValue user_id = 9; } // Key with value. message KeyWithValue { // Key. Key key = 1; // Key value. string value = 2; } // List services request. message ServiceListRequest { // Greater than service UUID. google.protobuf.StringValue gt = 1; // Less than service UUID. google.protobuf.StringValue lt = 2; // Limit number of returned services. google.protobuf.Int64Value limit = 3; // Service UUID filter array. repeated string id = 4; // Service is_enabled flag filter. google.protobuf.BoolValue is_enabled = 5; } // List services reply. message ServiceListReply { // Request message. ServiceListRequest meta = 1; // Services array. repeated Service data = 2; } // Create service request. message ServiceCreateRequest { // Service name. string name = 1; // Service URL. string url = 2; // Service is_enabled flag. google.protobuf.BoolValue is_enabled = 3; // Service user_allow_register flag. google.protobuf.BoolValue user_allow_register = 4; // Service user email text. google.protobuf.StringValue user_email_text = 5; // Service local provider URL. google.protobuf.StringValue provider_local_url = 6; // Service GitHub OAuth2 provider URL. google.protobuf.StringValue provider_github_oauth2_url = 7; // Service Microsoft OAuth2 provider URL. google.protobuf.StringValue provider_microsoft_oauth2_url = 8; } // Read service request. message ServiceReadRequest { // Service UUID. string id = 1; } // Read service reply. message ServiceReadReply { // Service. Service data = 1; } // Update service request. message ServiceUpdateRequest { // Service UUID. string id = 1; // Service name. google.protobuf.StringValue name = 2; // Service URL. google.protobuf.StringValue url = 3; // Service is_enabled flag. google.protobuf.BoolValue is_enabled = 4; // Service user_allow_register flag. google.protobuf.BoolValue user_allow_register = 5; // Service user email text. google.protobuf.StringValue user_email_text = 6; // Service local provider URL. google.protobuf.StringValue provider_local_url = 7; // Service GitHub OAuth2 provider URL. google.protobuf.StringValue provider_github_oauth2_url = 8; // Service Microsoft OAuth2 provider URL. google.protobuf.StringValue provider_microsoft_oauth2_url = 9; } // Service. message Service { // Created at date and time. google.protobuf.Timestamp created_at = 1; // Updated at date and time. google.protobuf.Timestamp updated_at = 2; // UUID. string id = 3; // Is enabled flag. bool is_enabled = 4; // Name. string name = 5; // URL. string url = 6; // User allow register flag. bool user_allow_register = 7; // User email text. string user_email_text = 8; // Local provider URL. google.protobuf.StringValue provider_local_url = 9; // GitHub OAuth2 provider URL. google.protobuf.StringValue provider_github_oauth2_url = 10; // Microsoft OAuth2 provider URL. google.protobuf.StringValue provider_microsoft_oauth2_url = 11; } // List users request. message UserListRequest { // Greater than service UUID. google.protobuf.StringValue gt = 1; // Less than service UUID. google.protobuf.StringValue lt = 2; // Greater than or equal user name. google.protobuf.StringValue name_ge = 3; // Less than or equal user name. google.protobuf.StringValue name_le = 4; // Limit number of returned users. google.protobuf.Int64Value limit = 5; // Offset user UUID for paging. google.protobuf.StringValue offset_id = 6; // User UUID filter array. repeated string id = 7; // User email filter array. repeated string email = 8; } // List users reply. message UserListReply { // Request message. UserListRequest meta = 1; // Users array. repeated User data = 2; } // Create user request. message UserCreateRequest { // User name. string name = 1; // User email. string email = 2; // User is_enabled flag. google.protobuf.BoolValue is_enabled = 3; // User locale. google.protobuf.StringValue locale = 4; // User timezone. google.protobuf.StringValue timezone = 5; // User password_allow_reset flag. google.protobuf.BoolValue password_allow_reset = 6; // User password_require_update flag. google.protobuf.BoolValue password_require_update = 7; // User password. google.protobuf.StringValue password = 8; } // Read user request. message UserReadRequest { // User UUID. string id = 1; } // Create user reply. message UserCreateReply { // Password metadata. AuthPasswordMeta meta = 1; // User. User data = 2; } // Read user reply. message UserReadReply { // User. User data = 1; } // Update user request. message UserUpdateRequest { // User UUID. string id = 1; // User name. google.protobuf.StringValue name = 2; // User is_enabled flag. google.protobuf.BoolValue is_enabled = 3; // User locale. google.protobuf.StringValue locale = 4; // User timezone. google.protobuf.StringValue timezone = 5; // User password_allow_reset flag. google.protobuf.BoolValue password_allow_reset = 6; // User password_require_update flag. google.protobuf.BoolValue password_require_update = 7; } // User. message User { // Created at date and time. google.protobuf.Timestamp created_at = 1; // Updated at date and time. google.protobuf.Timestamp updated_at = 2; // UUID. string id = 3; // Is enabled flag. bool is_enabled = 4; // Name. string name = 5; // Email. string email = 6; // Locale. string locale = 7; // Timezone. string timezone = 8; // Password allow reset flag. bool password_allow_reset = 9; // Password require update flag. bool password_require_update = 10; } // Authentication key request. message AuthKeyRequest { // Key value. string key = 1; // Audit type. google.protobuf.StringValue audit = 2; } // Authentication key reply. message AuthKeyReply { // User. User user = 1; // User key. Key key = 2; // Audit UUID. google.protobuf.StringValue audit = 3; } // Authentication audit reply. message AuthAuditReply { // Audit UUID. google.protobuf.StringValue audit = 1; } // Authentication token request/ message AuthTokenRequest { // Token value. string token = 1; // Audit type. google.protobuf.StringValue audit = 2; } // Authentication token verify reply. message AuthTokenVerifyReply { // User. User user = 1; // Access token. AuthToken access = 2; // Audit UUID. google.protobuf.StringValue audit = 3; } // Authentication token reply. message AuthTokenReply { // User. User user = 1; // Access token. AuthToken access = 2; // Refresh token. AuthToken refresh = 3; // Audit UUID. google.protobuf.StringValue audit = 4; } // Authentication token. message AuthToken { // Token value. string token = 1; // Token expires. int64 token_expires = 2; } // Authentication TOTP request. message AuthTotpRequest { // User UUID. string user_id = 1; // TOTP code. string totp = 2; } // Authentication create CSRF token request. message AuthCsrfCreateRequest { // CSRF token expires. google.protobuf.Int64Value expires_s = 1; } // Authentication CSRF token. message AuthCsrfCreateReply { // CSRF. Csrf csrf = 1; } // Authentication verify CSRF token request. message AuthCsrfVerifyRequest { // CSRF token value. string csrf = 1; // Audit type. google.protobuf.StringValue audit = 2; } // CSRF. message Csrf { // Created at date and time. google.protobuf.Timestamp created_at = 1; // Key. string key = 2; // Value. string value = 3; // Time to live. google.protobuf.Timestamp ttl = 4; // Service UUID. google.protobuf.StringValue service_id = 5; } // Authentication login request. message AuthLoginRequest { // User email. string email = 1; // User password. string password = 2; } // Authentication login reply. message AuthLoginReply { // Password metadata. AuthPasswordMeta meta = 1; // User. User user = 2; // Access token. AuthToken access = 3; // Refresh token. AuthToken refresh = 4; } // Authentication register request. message AuthRegisterRequest { // User name. string name = 1; // User email. string email = 2; // User locale. google.protobuf.StringValue locale = 3; // User timezone. google.protobuf.StringValue timezone = 4; } // Authentication register confirm request. message AuthRegisterConfirmRequest { // Register token value. string token = 1; // User password. google.protobuf.StringValue password = 2; // User password_allow_reset flag. google.protobuf.BoolValue password_allow_reset = 3; } // Authentication password metadata reply. message AuthPasswordMetaReply { // Password metadata. AuthPasswordMeta meta = 1; } // Authentication password metadata. message AuthPasswordMeta { // Password strength. google.protobuf.UInt32Value password_strength = 1; // Password pwned. google.protobuf.BoolValue password_pwned = 2; } // Authentication reset password request. message AuthResetPasswordRequest { // User email. string email = 1; } // Authentication reset password confirm request. message AuthResetPasswordConfirmRequest { // Reset password token. string token = 1; // User password. string password = 2; } // Authentication update email request. message AuthUpdateEmailRequest { // User email. string email = 1; // User current password. string password = 2; // User new email address. string new_email = 3; } // Authentication update password request. message AuthUpdatePasswordRequest { // User email. string email = 1; // User current password. string password = 2; // User new password. string new_password = 3; } // Authentication OAuth2 URL reply. message AuthOauth2UrlReply { // URL. string url = 1; } // Authentication OAuth2 callback request. message AuthOauth2CallbackRequest { // Code. string code = 1; // State. string state = 2; }