tokenserver/api/oauth_token_grant.proto - Issue 2785973002: token-server: Add protos for new API for generating service account tokens.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: tokenserver/api/oauth_token_grant.proto

Issue 2785973002: token-server: Add protos for new API for generating service account tokens. (Closed)

Patch Set: more nits Created 3 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2017 The LUCI Authors. All rights reserved.

	2 // Use of this source code is governed under the Apache License, Version 2.0

	3 // that can be found in the LICENSE file.

	4

	5 syntax = "proto3";

	6

	7 package tokenserver;

	8

	9 import "google/protobuf/timestamp.proto";

	10

	11

	12 // OAuthTokenGrantBody contains the internal guts of an oauth token grant.

	13 //

	14 // It gets serialized, signed and stuffed into OAuthTokenGrantEnvelope, which

	15 // then also gets serialized to get the final blob with the grant. This blob is

	16 // then base64-encoded and returned to the caller of MintOAuthTokenGrant.

	17 message OAuthTokenGrantBody {

	18 // Identifier of this token as generated by the token server.

	19 //

	20 // Used for logging and tracking purposes.

	21 //

	22 // TODO(vadimsh): It may later be used for revocation purposes.

	23 int64 token_id = 1;

	24

	25 // Service account identity the end user wants to act as.

	26 //

	27 // A string of the form "user:<email>".

	28 string service_account = 2;

	29

	30 // Who requested this token and who can pass it to MintOAuthTokenViaGrant.

	31 //

	32 // A string of the form "user:<email>". On Swarming, this is Swarming's own

	33 // service account name.

	34 string wielder_identity = 3;

	35

	36 // An end user that wants to act as the service account (perhaps indirectly).

	37 //

	38 // A string of the form "user:<email>". On Swarming, this is an identity of

	39 // a user that posted the task.

	40 string end_user_identity = 4;

	41

	42 // When the token was generated (and when it becomes valid).

	43 google.protobuf.Timestamp issued_at = 5;

	44

	45 // How long the token is considered valid (in seconds).

	46 //

	47 // It may become invalid sooner if the token server policy changes and the

	48 // new policy doesn't allow this token.

	49 int64 validity_duration = 6;

	50 }

	51

	52

	53 // OAuthTokenGrantEnvelope is what is actually being serialized and send to

	54 // the callers of MintOAuthTokenGrant (after being encoded using base64 standard

	55 // raw encoding).

	56 message OAuthTokenGrantEnvelope {

	57 bytes token_body = 1; // serialized OAuthTokenGrantBody

	58 string key_id = 2; // id of a token server private key used for signi ng

	59 bytes pkcs1_sha256_sig = 3; // signature of 'token_body'

	60 }

OLD	NEW

« tokenserver/api/minter/v1/token_minter.proto ('K') | « tokenserver/api/minter/v1/token_minter.pb.go ('k') | tokenserver/api/oauth_token_grant.pb.go » ('j') | no next file with comments »