Differential D7003 Diff 23702 shared/protos/identity_client.proto

Changeset View

Standalone View

shared/protos/identity_client.proto

This file was added.

				syntax = "proto3";

				package identity.client;

				// RPCs from a client (iOS, Android, or web) to identity service
				service IdentityClientService {

				// Account actions

				// Called by user to register with the Identity Service (PAKE only)
				// Due to limitations of grpc-web, the Opaque challenge+response
				// needs to be split up over two unary requests
				// Start/Finish is used here to align with opaque protocol
				rpc RegisterPasswordUserStart(RegistrationStartRequest) returns (
				RegistrationStartResponse) {}
				rpc RegisterPasswordUserFinish(RegistrationFinishRequest) returns (
				RegistrationFinishResponse) {}
				// Called by user to update password and receive new access token
				rpc UpdateUserPasswordStart(UpdateUserPasswordStartRequest) returns
				(UpdateUserPasswordStartResponse) {}
				rpc UpdateUserPasswordFinish(UpdateUserPasswordFinishRequest) returns
				(UpdateUserPasswordFinishResponse) {}
				// Called by user to register device and get an access token
				rpc LoginPasswordUserStart(stream OpaqueLoginStartRequest) returns
				(stream OpaqueLoginStartResponse) {}
				rpc LoginPasswordUserFinish(stream OpaqueLoginFinishRequest) returns
				(stream OpaqueLoginFinishResponse) {}
				rpc LoginWalletUser(WalletLoginRequest) returns (WalletLoginResponse) {}
				// Called by a user to delete their own account
				rpc DeleteUser(DeleteUserRequest) returns (Empty) {}

				// Sign-In with Ethereum actions

				// Called by clients to get a nonce for a Sign-In with Ethereum message
				rpc GenerateNonce(Empty) returns (GenerateNonceResponse) {}
				}

				// Helper types

				message Empty {}

				// Key information needed for starting a X3DH session
				message IdentityKeyInfo {
				// JSON payload containing Olm Identity keys
				// Sessions for users will contain both IdentityKeys and NotifKeys
				// For keyservers, this will only contain IdentityKeys
				string payload = 1;
				// Payload signed with the signing ed25519 key
				string payloadSignature = 2;
				// Signed message used for SIWE (optional)
				// This correlates a given wallet with the identity of a device
				optional string socialProof = 3;
				}

				// Ephemeral information provided to create initial message
				// Prekeys are generally rotated periodically
				// One-time Prekeys are "consumed" after first use
				message PreKeyResponse {
				// Rotating preKey, validated to be associatd with IdentityKeys
				// through signature
				string preKey = 4;
				string preKeySignature = 5;
				// One time key, removed from available list of one time keys after requested
				// Client is also intended to remove OPKs after initial message
				optional string onetimePrekey = 6;
				}

				// Information needed when establishing communication to someone else's device
				message RemoteDeviceInfo {
				IdentityKeyInfo identityInfo = 1;
				PreKeyResponse identityPrekeys = 2;
				PreKeyResponse notifPrekeys = 3;
				}

				// Information needed when establishing communication to a keyserver
				message KeyserverSessionInfo {
				IdentityKeyInfo identityInfo = 1;
				PreKeyResponse identityPrekeys = 2;
				}

				// RegisterUser

				// Ephemeral information provided so others can create initial message
				// to this device
				//
				// Prekeys are generally rotated periodically
				// One-time Prekeys are "consumed" after first use, so many need to
				// be provide to avoid exhausting them.
				message PreKeyRegistrationUpload {
				// Rotating preKey, validated to be associatd with IdentityKeys
				// through signature
				string preKey = 1;
				string preKeySignature = 2;
				// One time keys
				// Removed from available list after requested by another client
				repeated string onetimePrekeys = 3;
				}

				// Bundle of information needed for creating an initial message using X3DH
				message DeviceKeyUpload {
				IdentityKeyInfo deviceKeyInfo = 1;
				PreKeyRegistrationUpload identityUpload = 2;
				PreKeyRegistrationUpload notifUpload = 3;
				}

				// Request for registering a new user
				message RegistrationStartRequest {
				// ed25519 key for the given user's device
				string deviceEd25519PublicKey = 1;
				// Message sent to initiate PAKE registration (step 1)
				bytes opaqueRegistrationRequest = 2;
				string username = 3;
				// Information needed to open a new channel to current user's device
				DeviceKeyUpload deviceKeyUpload = 4;
				}

				// Messages sent from a client to Identity Service
				message RegistrationFinishRequest {
				// Identifier to correlate RegisterStart session
				string sessionID = 1;
				// Final message in PAKE registration
				bytes opaqueRegistrationUpload = 2;
				}

				// Messages sent from Identity Service to client
				message RegistrationStartResponse {
				// Identifier used to correlate start request with finish request
				string sessionID = 1;
				// sent to the user upon reception of the PAKE registration attempt
				// (step 2)
				bytes opaqueRegistrationResponse = 2;
				}

				message RegistrationFinishResponse {
				// After successful unpacking of user credentials, return token
				string accessToken = 2;
				}

				// UpdateUserPassword

				// Request for updating a user, similar to registration but need a
				// access token to validate user before updating password
				message UpdateUserPasswordStartRequest {
				// Message sent to initiate PAKE registration (step 1)
				bytes opaqueRegistrationRequest = 1;
				// Used to validate user, before attempting to update password
				string accessToken = 3;
				}

				// Do a user registration, but overwrite the existing credentials
				// after validation of user
				message UpdateUserPasswordFinishRequest {
				// Identifier used to correlate start and finish request
				string sessionID = 1;
				// Opaque client registration upload (step 3)
				bytes opaqueRegistrationUpload = 2;
				}

				message UpdateUserPasswordStartResponse {
				// Identifier used to correlate start request with finish request
				string sessionID = 1;
				bytes opaqueRegistrationResponse = 2;
				}

				message UpdateUserPasswordFinishResponse {
				// After validating client reponse, mint a new token
				string accessToken = 2;
				}

				// LoginUser

				message OpaqueLoginStartRequest {
				string username = 1;
				// ed25519 key for the given user's device
				string signingPublicKey = 2;
				// Message sent to initiate PAKE login (step 1)
				bytes opaqueLoginRequest = 3;
				// Information specific to a user's device needed to open a new channel of
				// communication with this user
				DeviceKeyUpload deviceKeyUpload = 4;
				}

				message OpaqueLoginFinishRequest {
				// Identifier used to correlate start request with finish request
				string sessionID = 1;
				// Message containing client's reponse to server challenge.
				// Used to verify that client holds password secret (Step 3)
				bytes opaqueLoginUpload = 2;
				}

				message OpaqueLoginStartResponse {
				// Identifier used to correlate start request with finish request
				string sessionID = 1;
				// Opaque challenge sent from server to client attempting to login (Step 2)
				bytes opaqueServerResponse = 2;
				}

				message OpaqueLoginFinishResponse {
				// Mint and return a new key upon successful login
				string accessToken = 2;
				}

				message WalletLoginRequest {
				// ed25519 key for the given user's device
				string signingPublicKey = 1;
				string siweMessage = 2;
				string siweSignature = 3;
				// Information specific to a user's device needed to open a new channel of
				// communication with this user
				DeviceKeyUpload deviceKeyUpload = 4;
				}

				message WalletLoginResponse {
				string accessToken = 1;
				}

				// DeleteUser

				message DeleteUserRequest {
				string accessToken = 1;
				}

				// GenerateNonce

				message GenerateNonceResponse{
				string nonce = 1;
				}