| // Copyright 2019 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| library fuchsia.identity.external; |
| |
| using fuchsia.auth; |
| using fuchsia.identity.tokens as tokens; |
| |
| /// The request format used to create a new OAuth 2.0 Refresh Token. |
| type OauthRefreshTokenRequest = resource table { |
| /// The account to create the token for, if known. If omitted, the user will |
| /// be prompted to specify an account. |
| 1: account_id tokens.AccountId; |
| /// A UI Context used to overlay a view in which the user can interactively |
| /// authenticate. This field is required. |
| 2: ui_context client_end:fuchsia.auth.AuthenticationUIContext; |
| }; |
| |
| /// The request format used to exchange an OAuth 2.0 Refresh Token for an |
| /// Access Token. |
| type OauthAccessTokenFromOauthRefreshTokenRequest = table { |
| /// The Refresh token to exchange. This field is required. |
| 1: refresh_token tokens.OauthRefreshToken; |
| /// The OAuth ClientID for the component requesting the token. If absent, a |
| /// default ClientID defined by the implementation will be used. |
| 2: client_id tokens.ClientId; |
| /// The list of OAuth scope strings to request. If absent or empty, a |
| /// default set of scopes defined by the implementation will be used. |
| 3: scopes vector<tokens.Scope>:tokens.MAX_SCOPE_COUNT; |
| }; |
| |
| /// A protocol to request the creation, exchange, and revokation of Oauth 2.0 |
| /// tokens. |
| @discoverable |
| protocol Oauth { |
| /// Creates a new refresh token. If this request is successful |
| /// the refresh token will be returned. Optionally an access token with |
| /// the default client ID and scope may also be returned (if no token is |
| /// available the fields in access_token will be unpopulated). |
| CreateRefreshToken(resource struct { |
| request OauthRefreshTokenRequest; |
| }) -> (struct { |
| refresh_token tokens.OauthRefreshToken; |
| access_token tokens.OauthAccessToken; |
| }) error Error; |
| |
| /// Exchanges a refresh token for an access token. |
| GetAccessTokenFromRefreshToken(struct { |
| request OauthAccessTokenFromOauthRefreshTokenRequest; |
| }) -> (struct { |
| access_token tokens.OauthAccessToken; |
| }) error Error; |
| |
| /// Attempts to revoke the supplied refresh token. |
| RevokeRefreshToken(struct { |
| refresh_token tokens.OauthRefreshToken; |
| }) -> (struct {}) error Error; |
| |
| /// Attempts to revoke the supplied access token. |
| RevokeAccessToken(struct { |
| access_token tokens.OauthAccessToken; |
| }) -> (struct {}) error Error; |
| }; |
| |
| /// A protocol to request the creation, exchange, and revokation of OpenID |
| /// Connect tokens. |
| @discoverable |
| protocol OpenIdConnect { |
| /// Attempts to revoke the supplied ID token. |
| RevokeIdToken(struct { |
| id_token tokens.OpenIdToken; |
| }) -> (struct {}) error Error; |
| }; |
| |
| /// The request format used to exchange an OAuth 2.0 Refresh Token for an |
| /// OpenID Connect ID token. |
| type OpenIdTokenFromOauthRefreshTokenRequest = table { |
| /// The refresh token to exchange. This field is required. |
| 1: refresh_token tokens.OauthRefreshToken; |
| /// The OpenID audience strings that the ID token should be issued to. If |
| /// absent or empty, a default set of scopes defined by the implementation |
| /// will be used. |
| 2: audiences vector<tokens.Audience>:tokens.MAX_AUDIENCE_COUNT; |
| }; |
| |
| /// The request format used to exchange an OAuth 2.0 Access Token for a User |
| /// Info response as defined by OpenID Connect. |
| type OpenIdUserInfoFromOauthAccessTokenRequest = table { |
| /// The Access token to exchange. This field is required. |
| 1: access_token tokens.OauthAccessToken; |
| }; |
| |
| /// A protocol to perform exchanges between Oauth 2.0 and OpenID Connect tokens. |
| @discoverable |
| protocol OauthOpenIdConnect { |
| /// Exchanges an OAuth refresh token for an OpenID Connect ID token. |
| GetIdTokenFromRefreshToken(struct { |
| request OpenIdTokenFromOauthRefreshTokenRequest; |
| }) -> (struct { |
| id_token tokens.OpenIdToken; |
| }) error Error; |
| |
| /// Exchanges an OAuth access token for an OpenID Connect UserInfo. |
| GetUserInfoFromAccessToken(struct { |
| request OpenIdUserInfoFromOauthAccessTokenRequest; |
| }) -> (struct { |
| user_info tokens.OpenIdUserInfo; |
| }) error Error; |
| }; |