syntax = "proto3"; package resf.obsidian.v1; import "google/api/annotations.proto"; import "validate/validate.proto"; option go_package = "peridot.resf.org/obsidian/pb;obsidianpb"; // ObsidianService is a Hydra-based authentication and authorization service. // todo(mustafa): Currently only supports Social/OAuth2 sign-in service ObsidianService { rpc SessionStatus (SessionStatusRequest) returns (SessionStatusResponse) { option (google.api.http) = { post: "/v1/users/sessions:status" body: "*" }; } rpc ConsentDecision (ConsentDecisionRequest) returns (ConsentDecisionResponse) { option (google.api.http) = { post: "/v1/users:consent" body: "*" }; } rpc GetOAuth2Providers (GetOAuth2ProvidersRequest) returns (GetOAuth2ProvidersResponse) { option (google.api.http) = { get: "/v1/oauth2/providers" }; } rpc InitiateOAuth2Session (InitiateOAuth2SessionRequest) returns (InitiateOAuth2SessionResponse) { option (google.api.http) = { get: "/v1/oauth2/initiate_session" }; } rpc ConfirmOAuth2Session (ConfirmOAuth2SessionRequest) returns (ConfirmOAuth2SessionResponse) { option (google.api.http) = { get: "/v1/oauth2/providers/{provider_id=*}/callback" }; } rpc LogoutDecision (LogoutDecisionRequest) returns (LogoutDecisionResponse) { option (google.api.http) = { post: "/v1/users:logout" body: "*" }; } } message OAuth2Provider { string id = 1; string name = 2; string provider = 3; } message ConsentDecisionRequest { string challenge = 1; bool allow = 2; } message ConsentDecisionResponse { string redirect_url = 1; } message GetOAuth2ProvidersRequest {} message GetOAuth2ProvidersResponse { repeated OAuth2Provider providers = 1; } message InitiateOAuth2SessionRequest { string challenge = 1; string provider_id = 2; } message InitiateOAuth2SessionResponse {} message ConfirmOAuth2SessionRequest { string provider_id = 1; string code = 2; string scope = 3; string state = 4; } message ConfirmOAuth2SessionResponse {} message SessionStatusRequest { string challenge = 1; string check_type = 2; } message SessionStatusResponse { bool valid = 1; string redirect_url = 2; string client_name = 3; repeated string scopes = 4; } message LogoutDecisionRequest { string challenge = 1; bool accept = 2; } message LogoutDecisionResponse { string redirect_url = 1; }