magistrala/auth.proto

// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0

syntax = "proto3";

package magistrala;
option go_package = "./magistrala";

// AuthzService is a service that provides authentication and authorization
// functionalities for the things service.
service AuthzService {
  // Authorize checks if the subject is authorized to perform
  // the action on the object.
  rpc Authorize(AuthorizeReq) returns (AuthorizeRes) {}
}

// AuthService is a service that provides authentication and authorization
// functionalities for the users service.
service AuthService {
  rpc Issue(IssueReq) returns (Token) {}
  rpc Refresh(RefreshReq) returns (Token) {}
  rpc Identify(IdentityReq) returns (IdentityRes) {}
  rpc Authorize(AuthorizeReq) returns (AuthorizeRes) {}
  rpc AddPolicy(AddPolicyReq) returns (AddPolicyRes) {}
  rpc AddPolicies(AddPoliciesReq) returns (AddPoliciesRes) {}
  rpc DeletePolicy(DeletePolicyReq) returns (DeletePolicyRes) {}
  rpc DeletePolicies(DeletePoliciesReq) returns (DeletePoliciesRes) {}
  rpc ListObjects(ListObjectsReq) returns (ListObjectsRes) {}
  rpc ListAllObjects(ListObjectsReq) returns (ListObjectsRes) {}
  rpc CountObjects(CountObjectsReq) returns (CountObjectsRes) {}
  rpc ListSubjects(ListSubjectsReq) returns (ListSubjectsRes) {}
  rpc ListAllSubjects(ListSubjectsReq) returns (ListSubjectsRes) {}
  rpc CountSubjects(CountSubjectsReq) returns (CountSubjectsRes) {}
}

// If a token is not carrying any information itself, the type
// field can be used to determine how to validate the token.
// Also, different tokens can be encoded in different ways.
message Token {
    string accessToken = 1;
    optional string refreshToken = 2;
    string accessType = 3;
}

message IdentityReq {
    string token = 1;
}

message IdentityRes {
    string id    = 1; // IMPROVEMENT NOTE: change name from "id" to "subject" , sub in jwt = user id  + domain id //
    string user_id = 2; // user id
    string domain_id = 3; // domain id
}

message IssueReq {
  string user_id = 1;
  optional string domain_id = 2;
  uint32 type = 3;
}

message RefreshReq {
  string refresh_token = 1;
  optional string domain_id = 2;
}

message AuthorizeReq {
  string domain = 1;           // Domain
  string subject_type = 2;     // Thing or User
  string subject_kind = 3;     // ID or Token
  string subject_relation = 4; // Subject relation
  string subject = 5;          // Subject value (id or token, depending on kind)
  string relation = 6;         // Relation to filter
  string permission = 7;       // Action
  string object = 8;           // Object ID
  string object_type = 9;      // Thing, User, Group
}

message AuthorizeRes {
  bool authorized = 1;
  string id = 2;
}

message AddPolicyReq {
  string domain = 1;
  string subject_type = 2;
  string subject_relation = 3;
  string subject_kind = 4;
  string subject = 5;
  string relation = 6;
  string permission = 7;
  string object = 8;
  string object_kind = 9;
  string object_type = 10;
}

message AddPoliciesReq{
  repeated AddPolicyReq addPoliciesReq= 1;
}

message AddPolicyRes { bool authorized = 1; }

message AddPoliciesRes { bool authorized = 1; }

message DeletePolicyReq {
  string domain = 1;
  string subject_type = 2;
  string subject_relation = 3;
  string subject_kind = 4;
  string subject = 5;
  string relation = 6;
  string permission = 7;
  string object = 8;
  string object_kind = 9;
  string object_type = 10;
}

message DeletePoliciesReq {
  repeated DeletePolicyReq deletePoliciesReq = 1;
}

message DeletePolicyRes { bool deleted = 1; }

message DeletePoliciesRes { bool deleted = 1; }

message ListObjectsReq {
  string domain = 1;
  string subject_type = 2;
  string subject_relation = 3;
  string subject = 4;
  string relation = 5;
  string permission = 6;
  string object = 7;
  string object_type = 8;
  string nextPageToken = 9;
  int32 limit = 10;
}

message ListObjectsRes {
  repeated string policies = 1;
  string nextPageToken = 2;
}

message CountObjectsReq {
  string domain = 1;
  string subject_type = 2;
  string subject_relation = 3;
  string subject = 4;
  string relation = 5;
  string permission = 6;
  string object = 7;
  string object_type = 8;
  string nextPageToken = 9;
}

message CountObjectsRes { int64 count = 1; }

message ListSubjectsReq {
  string domain = 1;
  string subject_type = 2;
  string subject_relation = 3;
  string subject = 4;
  string relation = 5;
  string permission = 6;
  string object = 7;
  string object_type = 8;
  string nextPageToken = 9;
  int32 limit = 10;
}

message ListSubjectsRes {
  repeated string policies = 1;
  string nextPageToken = 2;
}

message CountSubjectsReq {
  string domain = 1;
  string subject_type = 2;
  string subject_relation = 3;
  string subject = 4;
  string relation = 5;
  string permission = 6;
  string object = 7;
  string object_type = 8;
  string nextPageToken = 9;
}

message CountSubjectsRes { int64 count = 1; }