| // Copyright 2018 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| library fuchsia.identity.account; |
| using fuchsia.sys; |
| |
| /// The maximum number of Fuchsia accounts that may be simultaneously |
| /// provisioned on a device. This number may be increased in the future. |
| const uint32 MAX_ACCOUNTS_PER_DEVICE = 128; |
| |
| /// The maximum number of personae that may be simultaneously defined within a |
| /// Fuchsia account. This number may be increased in the future. |
| const uint32 MAX_PERSONAE_PER_ACCOUNT = 128; |
| |
| /// The maximum length of the global Fuchsia account and persona identifiers, |
| /// in bytes. |
| const uint32 MAX_ID_SIZE = 256; |
| |
| /// The maximum length of the (UTF-8 encoded) human readable names, in bytes. |
| const uint32 MAX_NAME_SIZE = 128; |
| |
| /// The maximum length of an (UTF-8 encoded) auth provider type, in bytes. |
| const uint32 MAX_AUTH_PROVIDER_TYPE_SIZE = 128; |
| |
| /// The maximum number of authentication mechanisms that can be registered |
| /// for a device. |
| const uint32 MAX_AUTH_MECHANISMS = 16; |
| |
| /// The maximum number of authentication mechanism enrollments that may be |
| /// simultaneously defined within a Fuchsia account. |
| const uint32 MAX_AUTH_MECHANISM_ENROLLMENTS = 32; |
| |
| /// Provides an upper bound to how long a Fuchsia account can live on the |
| /// current device. |
| enum Lifetime : uint8 { |
| /// The account lives at the longest to the end of the power cycle it |
| /// was created in. |
| EPHEMERAL = 1; |
| /// The account lives on the device until it is removed. |
| PERSISTENT = 2; |
| }; |
| |
| /// A globally unique identifier for a Fuchsia account that is constant across |
| /// the devices that the account is provisioned on. Identifiers are not human |
| /// readable. |
| using GlobalAccountId = bytes:MAX_ID_SIZE; |
| |
| /// A unique identifier for a Fuchsia account on the current device. If the |
| /// account is removed and re-added it will receive a different LocalAccountId. |
| /// The same account will have different LocalAccountIds on different devices |
| /// and a particular LocalAccountId value may refer to different accounts on |
| /// different devices. |
| using LocalAccountId = uint64; |
| |
| /// A unique identifier for a Persona of a Fuchsia account on the current |
| /// device. If the account is removed and re-added its personae will receive |
| /// different LocalPersonaIds. A particular LocalPersonaId value may refer to |
| /// different personae and/or different accounts on different devices. The |
| /// LocalAccountId for an account cannot be derived from the LocalPersonaId of |
| /// its personae. |
| using LocalPersonaId = uint64; |
| |
| /// Specifies the reason that a fuchsia.identity.account method failed. |
| enum Error { |
| /// Some other problem occurred that cannot be classified using one of the |
| /// more specific statuses. Retry is optional. |
| UNKNOWN = 1; |
| |
| /// An internal error occurred. This usually indicates a bug within the |
| /// account system itself. Retry is optional. |
| INTERNAL = 2; |
| |
| /// The requested operation is not supported. This generally indicates that |
| /// implementation of a new feature is not yet complete. The request should |
| /// not be retried. |
| UNSUPPORTED_OPERATION = 3; |
| |
| /// The request was malformed in some way, such as using an empty string for |
| /// auth_provider_type. The request should not be retried. |
| INVALID_REQUEST = 4; |
| |
| /// A local resource error occurred such as I/O, FIDL, or memory allocation |
| /// failure. Retry, after a delay, is recommended. |
| RESOURCE = 5; |
| |
| /// A network error occurred while communicating with an auth server. |
| /// Retry, after a delay, is recommended. |
| NETWORK = 6; |
| |
| /// The requested account or persona is not present on the current device. |
| /// The request should not be retried. |
| NOT_FOUND = 7; |
| |
| /// The request cannot be processed due to an ongoing account or persona |
| /// removal. The removal is not guaranteed to suceed and so retry, after |
| /// a delay, is recommended. |
| REMOVAL_IN_PROGRESS = 8; |
| |
| /// The server is not in the state required to perform the requested |
| /// operation. The request should not be retried unless the server state |
| /// has been corrected before the retry. |
| FAILED_PRECONDITION = 9; |
| |
| /// The request cannot be processed due to a rejected authentication |
| /// attempt. User consent or input is required before any retry. |
| FAILED_AUTHENTICATION = 10; |
| |
| // This enumeration may expand to include additional statuses in the future. |
| // Examples are likely to include: MAX_LISTENERS, NO_SUITABLE_AUTHENTICATOR, |
| // INVALID_AUTH_PROVIDER, |
| }; |
| |
| /// A fuchsia component URI pointing to a component containing an authentication |
| /// mechanism. It acts as a unique, stable identifier representing an |
| /// authentication mechanism. |
| // TODO(dnordstrom): Allow multiple authentication mechanisms in the same |
| // component. |
| using AuthMechanismId = fuchsia.sys.component_url; |
| |
| /// Properties describing the authentication mechanism. |
| struct AuthMechanismProperties { |
| /// A unique identifier for the authentication mechanism. |
| AuthMechanismId id; |
| |
| /// If true, the authentication mechanism can be used for storage unlock. |
| bool storage_unlock; |
| |
| // TODO(dnordstrom): Add more properties as they become useful to clients. |
| }; |
| |
| /// An identifier for an enrollment of an authentication mechanism. It is |
| /// unique within an account and an authentication mechanism. |
| using AuthMechanismEnrollmentId = uint64; |
| |
| /// Metadata about an enrollment, such as a human readable name. |
| struct AuthMechanismEnrollmentMetadata { |
| /// A unique identifier associated with the enrollment. |
| AuthMechanismEnrollmentId id; |
| |
| /// A short text describing the enrollment, e.g. "right thumb" for a |
| /// fingerprint authenticator. |
| string:MAX_NAME_SIZE name; |
| |
| // TODO(dnordstrom): Add field for date created. |
| }; |