| // Copyright 2017 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| library fuchsia.modular.auth; |
| |
| using fuchsia.ui.viewsv1token; |
| |
| // An interface that allows the Framework to talk to the token manager service |
| // to add new accounts or be able to get a |TokenProviderFactory| that can be |
| // used to provide specialized instances of |TokenProvider| to third party |
| // agents. |
| // |
| // This is only meant to be used by the Framework. |
| [Discoverable] |
| interface AccountProvider { |
| // Called by the Framework once, right after starting up a token manager |
| // application. |
| 1: Initialize(AccountProviderContext account_provider_context); |
| |
| // Adds a new user account. This involves talking to the identity provider and |
| // fetching profile attributes. |
| 2: AddAccount(IdentityProvider identity_provider) |
| -> (Account? account, string? error_code); |
| |
| // Removes an existing user account. This involves talking to account's |
| // identity provider and revoking user credentials both locally and remotely. |
| // This operation also deletes cached tokens for the given account. |
| // |
| // TODO(ukode): Modify this api to take account_id and IDP as input once the |
| // Account struct is cleaned up. |
| // |
| // If |revoke_all| is set to true, then all device credentials are revoked |
| // both locally and remotely on the backend server and user is logged out from |
| // all devices. If |revoke_all| is set to false, then credentials stored |
| // locally are wiped. This includes cached tokens such as access/id and |
| // firebase tokens and the locally persisted refresh token. By default, |
| // |revoke_all| is set to false and deletes account only from that given |
| // device. |
| 3: RemoveAccount(Account account, bool revoke_all) -> (AuthErr @status); |
| |
| // Get a |TokenProviderFactory| associated with an |account_id|. It is used by |
| // the Framework to provide instances of |TokenProvider| to third party |
| // Agents. |
| 4: GetTokenProviderFactory(string account_id, |
| request<TokenProviderFactory> @request); |
| |
| // This signals |AccountProvider| to teardown itself. After the |
| // AccountProvider responds by closing its handle, the caller may terminate |
| // the |AccountProvider| application if it hasn't already exited. |
| 5: Terminate(); |
| }; |
| |
| interface TokenProviderFactory { |
| 1: GetTokenProvider(string application_url, request<TokenProvider> @request); |
| }; |
| |
| // Implemented by device runner and provided to AccountProvider.Initialize(). |
| interface AccountProviderContext { |
| // Used by the token mangager application to @request the Framework to display |
| // a view to the user. |
| 1: GetAuthenticationContext(string account_id, request<AuthenticationContext> @request); |
| }; |
| |
| // This interface is implemented by device shell. It is used to notify the |
| // device shell that a view for login needs to be started or stopped. The device |
| // shell can close this connection if it wants to cancel the current |
| // authentication flow. |
| interface AuthenticationContext { |
| // Requests device shell to display |view_owner| for authentication. No other |
| // call to StartOverlay() must be made until StopOverlay() has been called. |
| 1: StartOverlay(fuchsia.ui.viewsv1token.ViewOwner view_owner); |
| |
| // Requests device shell to stop displaying the auth view. |
| 2: StopOverlay(); |
| }; |
