tokenserver/api/oauth_token_grant.proto - Issue 2785973002: token-server: Add protos for new API for generating service account tokens.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: tokenserver/api/oauth_token_grant.proto

Issue 2785973002: token-server: Add protos for new API for generating service account tokens. (Closed)

Patch Set: more nits Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: tokenserver/api/oauth_token_grant.proto

diff --git a/tokenserver/api/oauth_token_grant.proto b/tokenserver/api/oauth_token_grant.proto

new file mode 100644

index 0000000000000000000000000000000000000000..c98841f1c92fdb226135891e76ec1653ab057ff0

--- /dev/null

+++ b/tokenserver/api/oauth_token_grant.proto

@@ -0,0 +1,60 @@

+// Use of this source code is governed under the Apache License, Version 2.0

+// that can be found in the LICENSE file.

+syntax = "proto3";

+package tokenserver;

+import "google/protobuf/timestamp.proto";

+// OAuthTokenGrantBody contains the internal guts of an oauth token grant.

+//

+// It gets serialized, signed and stuffed into OAuthTokenGrantEnvelope, which

+// then also gets serialized to get the final blob with the grant. This blob is

+// then base64-encoded and returned to the caller of MintOAuthTokenGrant.

+message OAuthTokenGrantBody {

+ // Identifier of this token as generated by the token server.

+ //

+ // Used for logging and tracking purposes.

+ //

+ // TODO(vadimsh): It may later be used for revocation purposes.

+ int64 token_id = 1;

+ // Service account identity the end user wants to act as.

+ //

+ // A string of the form "user:<email>".

+ string service_account = 2;

+ // Who requested this token and who can pass it to MintOAuthTokenViaGrant.

+ //

+ // A string of the form "user:<email>". On Swarming, this is Swarming's own

+ // service account name.

+ string wielder_identity = 3;

+ // An end user that wants to act as the service account (perhaps indirectly).

+ //

+ // A string of the form "user:<email>". On Swarming, this is an identity of

+ // a user that posted the task.

+ string end_user_identity = 4;

+ // When the token was generated (and when it becomes valid).

+ google.protobuf.Timestamp issued_at = 5;

+ // How long the token is considered valid (in seconds).

+ //

+ // It may become invalid sooner if the token server policy changes and the

+ // new policy doesn't allow this token.

+ int64 validity_duration = 6;

+// OAuthTokenGrantEnvelope is what is actually being serialized and send to

+// the callers of MintOAuthTokenGrant (after being encoded using base64 standard

+// raw encoding).

+message OAuthTokenGrantEnvelope {

+ bytes token_body = 1; // serialized OAuthTokenGrantBody

+ string key_id = 2; // id of a token server private key used for signing

+ bytes pkcs1_sha256_sig = 3; // signature of 'token_body'

« tokenserver/api/minter/v1/token_minter.proto ('K') | « tokenserver/api/minter/v1/token_minter.pb.go ('k') | tokenserver/api/oauth_token_grant.pb.go » ('j') | no next file with comments »