| // Copyright 2019 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| library fuchsia.identity.tokens; |
| |
| /// The maximum length of an account ID string, in bytes. |
| const MAX_ACCOUNT_ID_SIZE uint32 = 256; |
| |
| /// An identifier for the account that a token is issued against, as specified |
| /// by the authorization server. Account identifiers are guaranteed to be unique |
| /// within an auth provider type. |
| alias AccountId = string:MAX_ACCOUNT_ID_SIZE; |
| |
| /// The maximum length of an OAuth client ID, in bytes. |
| const MAX_CLIENT_ID_SIZE uint32 = 256; |
| |
| /// An OAuth client ID string. |
| alias ClientId = string:MAX_CLIENT_ID_SIZE; |
| |
| /// The maximum length of an OAuth scope, in bytes. |
| const MAX_SCOPE_SIZE uint32 = 256; |
| |
| /// An OAuth scope string. |
| alias Scope = string:MAX_SCOPE_SIZE; |
| |
| /// The maximum number of OAuth scopes that may be requested for a single token. |
| const MAX_SCOPE_COUNT uint32 = 64; |
| |
| /// The maximum length of an OpenID audience string, in bytes. |
| const MAX_AUDIENCE_SIZE uint32 = 256; |
| |
| /// An OpenID audience string. |
| alias Audience = string:MAX_AUDIENCE_SIZE; |
| |
| /// The maximum number of audiences that may be requested for a single ID token. |
| const MAX_AUDIENCE_COUNT uint32 = 16; |
| |
| /// Specifies the reason that a fuchsia.identity.tokens method failed. |
| type Error = strict enum { |
| /// Some other problem occurred that cannot be classified using one of the |
| /// more specific statuses. Retry is optional. |
| UNKNOWN = 1; |
| |
| /// An internal error occurred. This usually indicates a bug within the |
| /// Token Manager itself. Retry is optional. |
| INTERNAL = 2; |
| |
| /// The requested operation is not supported for the requested entity. For |
| /// example, some service providers may not support some types of token. |
| /// The request should not be retried. |
| UNSUPPORTED_OPERATION = 3; |
| |
| /// The request was malformed in some way, such as using an empty string for |
| /// service provider. The request should not be retried. |
| INVALID_REQUEST = 4; |
| |
| /// A local resource error occurred such as I/O, FIDL, or memory allocation |
| /// failure. Retry, after a delay, is recommended. |
| RESOURCE = 5; |
| |
| /// A network error occurred while communicating with a server or the server |
| /// was unreachable. Retry, after a delay, is recommended. |
| NETWORK = 6; |
| |
| /// The request referred to a missing service provider or one where the auth |
| /// provider component is misconfigured or failed. |
| INVALID_SERVICE_PROVIDER = 7; |
| |
| /// The request referred to an account that is not found for the specified |
| /// service provider. The request should not be retried. |
| INVALID_ACCOUNT = 8; |
| |
| /// The service provider returned a error that indicates a failure within |
| /// the service provider itself. Retry, after a delay, is recommended. |
| SERVICE_PROVIDER_ERROR = 10; |
| |
| /// The service provider refused to grant the requested token. The request |
| /// should not be retried. |
| SERVICE_PROVIDER_DENIED = 11; |
| |
| /// The service provider requires that the user reauthenticate before |
| /// supplying the requested token. The client should call the |
| /// `ReauthorizeAccount` method before retrying the request. |
| SERVICE_PROVIDER_REAUTHORIZE = 12; |
| |
| /// The user cancelled or failed an interactive flow. The caller should |
| /// gather user consent before any retry of the request. |
| ABORTED = 13; |
| }; |