Differential D7003 Diff 23609 shared/protos/identity_client.proto

Changeset View

Standalone View

shared/protos/identity_client.proto

This file was added.

				syntax = "proto3";

				package identity.client;

				// RPCs from a client (iOS, Android, or web) to identity service
				service IdentityClientService {
				// Called by user to register with the Identity Service (PAKE only)
				rpc RegisterUser(stream RegistrationRequest) returns (stream
				RegistrationResponse) {}
				// Called by user to update password and receive new access token
				rpc UpdateUserPassword(stream UpdateUserPasswordRequest) returns
				(stream UpdateUserPasswordResponse) {}
				// Called by user to register device and get an access token
				rpc LoginPasswordUser(stream OpaqueLoginRequest) returns
				(stream OpaqueLoginResponse) {}
				rpc LoginWalletUser(WalletLoginRequest) returns (WalletLoginResponse) {}
				// Called by a user to delete their own account
				rpc DeleteUser(DeleteUserRequest) returns (Empty) {}

				// Called by clients to get a nonce for a Sign-In with Ethereum message
				rpc GenerateNonce(Empty) returns (GenerateNonceResponse) {}
				// Called by clients to get session initialization info needed to open a new
				// channel of communication with a given user
				rpc GetSessionInitializationInfo(GetSessionInitializationInfoRequest) returns
				(GetSessionInitializationInfoResponse) {}
				}

				// Helper types

				message Empty {}

				message SessionInitializationInfo {
				string payload = 1;
				string payloadSignature = 2; // payload signed with the signing ed25519 key
				optional string socialProof = 3; // signed message used for SIWE (optional)
				}

				// RegisterUser

				// Request for registering a new user
				message ClientRegistrationRequest {
				// ed25519 key for the given user's device
				string deviceEd25519PublicKey = 1;
				// Message sent to initiate PAKE registration (step 1)
				bytes opaqueRegistrationRequest = 2;
				string username = 3;
				// Information specific to a user's device needed to open a new channel of
				// communication with this user
				SessionInitializationInfo sessionInitializationInfo = 4;
				}


				// Messages sent from a client to Identity Service
				message RegistrationRequest {
				oneof data {
				// First message in PAKE registration + user information
				ClientRegistrationRequest registrationRequest = 1;
				// Final message in PAKE registration
				bytes opaqueRegistrationUpload = 2;
				}
				}

				// Messages sent from Identity Service to client
				message RegistrationResponse {
				oneof data {
				// sent to the user upon reception of the PAKE registration attempt
				// (step 2)
				bytes opaqueRegistrationResponse = 1;
				// After successful unpacking of user credentials, return token
				string accessToken = 2;
				}
				}

				// UpdateUserPassword

				// Request for updating a user, similar to registration but need a
				// access token to validate user before updating password
				message InitialUpdateUserPasswordRequest {
				// ed25519 key for the given user's device
				string signingPublicKey = 1;
				// Message sent to initiate PAKE registration (step 1)
				bytes opaqueRegistrationRequest = 2;
				string username = 3;
				// Information specific to a user's device needed to open a new channel of
				// communication with this user
				SessionInitializationInfo sessionInitializationInfo = 4;
				// Used to validate user, before attempting to update password
				string accessToken = 5;
				}

				// Do a user registration, but overwrite the existing credentials
				// after validation of user
				message UpdateUserPasswordRequest {
				oneof data {
				InitialUpdateUserPasswordRequest updateRequest = 1;
				bytes opaqueRegistrationUpload = 2;
				}
				}

				message UpdateUserPasswordResponse {
				oneof data {
				bytes opaqueRegistrationResponse = 1;
				// After validating client reponse, mint a new token
				string accessToken = 2;
				}
				}

				// LoginUser

				message InitialOpaqueLoginRequest {
				string username = 1;
				// ed25519 key for the given user's device
				string signingPublicKey = 2;
				// Message sent to initiate PAKE login (step 1)
				bytes opaqueLoginRequest = 3;
				// Information specific to a user's device needed to open a new channel of
				// communication with this user
				SessionInitializationInfo sessionInitializationInfo = 4;
				}

				message OpaqueLoginRequest {
				oneof data {
				InitialOpaqueLoginRequest loginRequest = 1;
				// Message containing client's reponse to server challenge.
				// Used to verify that client holds password secret (Step 3)
				bytes opaqueLoginUpload = 1;
				}
				}

				message OpaqueLoginResponse {
				oneof data {
				// Opaque challenge sent from server to client attempting to login (Step 2)
				bytes opaqueServerResponse = 1;
				// Mint and return a new key upon successful login
				string accessToken = 2;
				}
				}

				message WalletLoginRequest {
				// ed25519 key for the given user's device
				string signingPublicKey = 1;
				string siweMessage = 2;
				string siweSignature = 3;
				// Information specific to a user's device needed to open a new channel of
				// communication with this user
				SessionInitializationInfo sessionInitializationInfo = 4;
				}

				message WalletLoginResponse {
				string accessToken = 1;
				}

				// DeleteUser

				message DeleteUserRequest {
				string accessToken = 1;
				}

				// GenerateNonce

				message GenerateNonceResponse{
				string nonce = 1;
				}

				// GetSessionInitializationInfo

				message GetSessionInitializationInfoRequest {
				oneof identifier {
				string username = 1;
				string walletAddress = 2;
				}
				}

				message GetSessionInitializationInfoResponse {
				// Map is keyed on devices' public ed25519 key used for signing
				map<string, SessionInitializationInfo> devices = 1;
				}