aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'jeff-migrate-debugging'
${ noResults }
boundary/internal/proto/local/controller/api/services/v1/authenticate_service.proto

64 lines
2.3 KiB
Raw Permalink Blame History

syntax = "proto3";
package controller.api.services.v1;
option go_package = "github.com/hashicorp/watchtower/internal/gen/controller/api/services;services";
import "protoc-gen-openapiv2/options/annotations.proto";
import "google/api/annotations.proto";
import "google/protobuf/struct.proto";
import "controller/api/resources/authtokens/v1/authtoken.proto";
service AuthenticationService {
// Authenticate validates credentials provided and returns an auth token.
rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse) {
option (google.api.http) = {
post: "/v1/scopes/*/auth-methods/{auth_method_id}:authenticate"
body: "*"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Authenticate a user to an scope and retrieve an authentication token."
};
}
}
// Logout terminates a user's current session.
// TODO: Ideally it'd live here but grpc-gateway chokes on it. But deauth should really be scopeless.
/*
rpc Deauthenticate(DeauthenticateRequest) returns (DeauthenticateResponse) {
option (google.api.http) = {
post: "/v1/:deauthenticate"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Deauthenticate an authentication token."
};
}
}
*/
// The layout of the struct for "credentials" field in AuthenticateRequest. This message isn't
// directly referenced anywhere but is used here to define the expected field names and types.
message PasswordCredentials {
string name = 1;
string password = 2;
}
message AuthenticateRequest {
// The id to the authmethod in the system being used for authentication. The auth method must be in the scope
// being logged in to.
string auth_method_id = 1;
// This can be "cookie" or "token". If not provided, "token" will be used. For now only type "token" is returned.
string token_type = 2;
// credentials are the different possible credential names depending on what type of auth method is used.
// For password auth method: should include only "name" and "password".
google.protobuf.Struct credentials = 3;
}
message AuthenticateResponse {
resources.authtokens.v1.AuthToken item = 1;
}
message DeauthenticateRequest {}
message DeauthenticateResponse {}
Reference in new issue View Git Blame Copy Permalink