xuyiping
/
kpt-grpc-demo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
							// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.identitytoolkit.v2;

import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/cloud/identitytoolkit/v2/mfa_info.proto";

option csharp_namespace = "Google.Cloud.IdentityToolkit.V2";
option go_package = "google.golang.org/genproto/googleapis/cloud/identitytoolkit/v2;identitytoolkit";
option java_multiple_files = true;
option java_package = "com.google.cloud.identitytoolkit.v2";
option php_namespace = "Google\\Cloud\\IdentityToolkit\\V2";
option ruby_package = "Google::Cloud::IdentityToolkit::V2";

// Authentication for Identity Toolkit
service AuthenticationService {
  option (google.api.default_host) = "identitytoolkit.googleapis.com";
  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";

  // Verifies the MFA challenge and performs sign-in
  rpc FinalizeMfaSignIn(FinalizeMfaSignInRequest) returns (FinalizeMfaSignInResponse) {
    option (google.api.http) = {
      post: "/v2/accounts/mfaSignIn:finalize"
      body: "*"
    };
  }

  // Sends the MFA challenge
  rpc StartMfaSignIn(StartMfaSignInRequest) returns (StartMfaSignInResponse) {
    option (google.api.http) = {
      post: "/v2/accounts/mfaSignIn:start"
      body: "*"
    };
  }
}

// Finalizes sign-in by verifying MFA challenge.
message FinalizeMfaSignInRequest {
  // Required. Pending credential from first factor sign-in.
  string mfa_pending_credential = 2 [(google.api.field_behavior) = REQUIRED];

  // Proof of completion of the MFA challenge.
  oneof verification_info {
    // Proof of completion of the SMS based MFA challenge.
    FinalizeMfaPhoneRequestInfo phone_verification_info = 3;
  }

  // The ID of the Identity Platform tenant the user is signing in to. If not
  // set, the user will sign in to the default Identity Platform project.
  string tenant_id = 4;
}

// FinalizeMfaSignIn response.
message FinalizeMfaSignInResponse {
  // ID token for the authenticated user.
  string id_token = 1;

  // Refresh token for the authenticated user.
  string refresh_token = 2;

  // MFA verified sign-in information.
  oneof auxiliary_auth_info {
    // Extra phone auth info, including android verification proof.
    FinalizeMfaPhoneResponseInfo phone_auth_info = 3;
  }
}

// Starts multi-factor sign-in by sending the multi-factor auth challenge.
message StartMfaSignInRequest {
  // Required. Pending credential from first factor sign-in.
  string mfa_pending_credential = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. MFA enrollment id from the user's list of current MFA enrollments.
  string mfa_enrollment_id = 3 [(google.api.field_behavior) = REQUIRED];

  // MFA information by type of 2nd factor.
  oneof sign_in_info {
    // Verification info to authorize sending an SMS for phone verification.
    StartMfaPhoneRequestInfo phone_sign_in_info = 4;
  }

  // The ID of the Identity Platform tenant the user is signing in to. If not
  // set, the user will sign in to the default Identity Platform project.
  string tenant_id = 5;
}

// StartMfaSignIn response.
message StartMfaSignInResponse {
  // MultiFactor start sign-in response by 2nd factor type.
  oneof response_info {
    // MultiFactor sign-in session information specific to SMS-type second
    // factors. Along with the one-time code retrieved from the sent SMS, the
    // contents of this session information should be passed to
    // FinalizeMfaSignIn to complete the sign in.
    StartMfaPhoneResponseInfo phone_response_info = 1;
  }
}