Implement new interface

auth/auth.go

@@ -74,6 +74,8 @@ type Account struct {
 	Metadata map[string]string `json:"metadata"`
 	// Namespace the account belongs to, default blank
 	Namespace string `json:"namespace"`
+	// Secret for the account, e.g. the password
+	Secret string `json:"secret"`
 }
 
 // Token can be short or long lived

auth/default.go

@@ -34,17 +34,22 @@ func (n *noop) Options() Options {
 }
 
 // Generate a new account
-func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
+func (n *noop) Generate(id, secret string, opts ...GenerateOption) (*Account, error) {
 	options := NewGenerateOptions(opts...)
 
 	return &Account{
 		ID:           id,
 		Roles:        options.Roles,
 		Metadata:     options.Metadata,
-		Secret:   uuid.New().String(),
+		RefreshToken: uuid.New().String(),
 	}, nil
 }
 
+// Login to an existing account
+func (n *noop) Login(id, secret string) (*Account, error) {
+	return &Account{ID: id}, nil
+}
+
 // Grant access to a resource
 func (n *noop) Grant(role string, res *Resource) error {
 	return nil
@@ -68,6 +73,6 @@ func (n *noop) Inspect(token string) (*Account, error) {
 }
 
 // Token generation using an account id and secret
-func (n *noop) Token(id, secret string, opts ...TokenOption) (*Token, error) {
+func (n *noop) Token(id, tok string, opts ...TokenOption) (*Token, error) {
 	return &Token{}, nil
 }

auth/options.go

@@ -10,8 +10,8 @@ import (
 type Options struct {
 	// ID is the services auth ID
 	ID string
-	// Secret is used to generate new tokens
+	// RefreshToken is used to generate new tokens
-	Secret string
+	RefreshToken string
 	// Token is the services token used to authenticate itself
 	Token *Token
 	// Public key base64 encoded
@@ -50,10 +50,10 @@ func PrivateKey(key string) Option {
 }
 
 // Credentials sets the auth credentials
-func Credentials(id, secret string) Option {
+func Credentials(id, refresh string) Option {
 	return func(o *Options) {
 		o.ID = id
-		o.Secret = secret
+		o.RefreshToken = refresh
 	}
 }
 

auth/service/proto/auth.pb.go

@@ -215,10 +215,12 @@ func (m *Token) GetNamespace() string {
 
 type Account struct {
 	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Secret               string            `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
+	// string secret = 2;
 	Roles                []string          `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
 	Metadata             map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	Namespace            string            `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Type                 string            `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
+	RefreshToken         string            `protobuf:"bytes,7,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
 	XXX_unrecognized     []byte            `json:"-"`
 	XXX_sizecache        int32             `json:"-"`
@@ -256,13 +258,6 @@ func (m *Account) GetId() string {
 	return ""
 }
 
-func (m *Account) GetSecret() string {
-	if m != nil {
-		return m.Secret
-	}
-	return ""
-}
-
 func (m *Account) GetRoles() []string {
 	if m != nil {
 		return m.Roles
@@ -284,6 +279,20 @@ func (m *Account) GetNamespace() string {
 	return ""
 }
 
+func (m *Account) GetType() string {
+	if m != nil {
+		return m.Type
+	}
+	return ""
+}
+
+func (m *Account) GetRefreshToken() string {
+	if m != nil {
+		return m.RefreshToken
+	}
+	return ""
+}
+
 type Resource struct {
 	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	Type                 string   `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
@@ -339,11 +348,99 @@ func (m *Resource) GetEndpoint() string {
 	return ""
 }
 
+type LoginRequest struct {
+	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Secret               string   `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *LoginRequest) Reset()         { *m = LoginRequest{} }
+func (m *LoginRequest) String() string { return proto.CompactTextString(m) }
+func (*LoginRequest) ProtoMessage()    {}
+func (*LoginRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_11312eec02fd5712, []int{5}
+}
+
+func (m *LoginRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_LoginRequest.Unmarshal(m, b)
+}
+func (m *LoginRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_LoginRequest.Marshal(b, m, deterministic)
+}
+func (m *LoginRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LoginRequest.Merge(m, src)
+}
+func (m *LoginRequest) XXX_Size() int {
+	return xxx_messageInfo_LoginRequest.Size(m)
+}
+func (m *LoginRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_LoginRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LoginRequest proto.InternalMessageInfo
+
+func (m *LoginRequest) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func (m *LoginRequest) GetSecret() string {
+	if m != nil {
+		return m.Secret
+	}
+	return ""
+}
+
+type LoginResponse struct {
+	Account              *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *LoginResponse) Reset()         { *m = LoginResponse{} }
+func (m *LoginResponse) String() string { return proto.CompactTextString(m) }
+func (*LoginResponse) ProtoMessage()    {}
+func (*LoginResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_11312eec02fd5712, []int{6}
+}
+
+func (m *LoginResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_LoginResponse.Unmarshal(m, b)
+}
+func (m *LoginResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_LoginResponse.Marshal(b, m, deterministic)
+}
+func (m *LoginResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_LoginResponse.Merge(m, src)
+}
+func (m *LoginResponse) XXX_Size() int {
+	return xxx_messageInfo_LoginResponse.Size(m)
+}
+func (m *LoginResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_LoginResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_LoginResponse proto.InternalMessageInfo
+
+func (m *LoginResponse) GetAccount() *Account {
+	if m != nil {
+		return m.Account
+	}
+	return nil
+}
+
 type GenerateRequest struct {
 	Id                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	Roles                []string          `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
 	Metadata             map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	Namespace            string            `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Secret               string            `protobuf:"bytes,5,opt,name=secret,proto3" json:"secret,omitempty"`
+	Type                 string            `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
 	XXX_unrecognized     []byte            `json:"-"`
 	XXX_sizecache        int32             `json:"-"`
@@ -353,7 +450,7 @@ func (m *GenerateRequest) Reset()         { *m = GenerateRequest{} }
 func (m *GenerateRequest) String() string { return proto.CompactTextString(m) }
 func (*GenerateRequest) ProtoMessage()    {}
 func (*GenerateRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{5}
+	return fileDescriptor_11312eec02fd5712, []int{7}
 }
 
 func (m *GenerateRequest) XXX_Unmarshal(b []byte) error {
@@ -402,6 +499,20 @@ func (m *GenerateRequest) GetNamespace() string {
 	return ""
 }
 
+func (m *GenerateRequest) GetSecret() string {
+	if m != nil {
+		return m.Secret
+	}
+	return ""
+}
+
+func (m *GenerateRequest) GetType() string {
+	if m != nil {
+		return m.Type
+	}
+	return ""
+}
+
 type GenerateResponse struct {
 	Account              *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
@@ -413,7 +524,7 @@ func (m *GenerateResponse) Reset()         { *m = GenerateResponse{} }
 func (m *GenerateResponse) String() string { return proto.CompactTextString(m) }
 func (*GenerateResponse) ProtoMessage()    {}
 func (*GenerateResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{6}
+	return fileDescriptor_11312eec02fd5712, []int{8}
 }
 
 func (m *GenerateResponse) XXX_Unmarshal(b []byte) error {
@@ -453,7 +564,7 @@ func (m *GrantRequest) Reset()         { *m = GrantRequest{} }
 func (m *GrantRequest) String() string { return proto.CompactTextString(m) }
 func (*GrantRequest) ProtoMessage()    {}
 func (*GrantRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{7}
+	return fileDescriptor_11312eec02fd5712, []int{9}
 }
 
 func (m *GrantRequest) XXX_Unmarshal(b []byte) error {
@@ -498,7 +609,7 @@ func (m *GrantResponse) Reset()         { *m = GrantResponse{} }
 func (m *GrantResponse) String() string { return proto.CompactTextString(m) }
 func (*GrantResponse) ProtoMessage()    {}
 func (*GrantResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{8}
+	return fileDescriptor_11312eec02fd5712, []int{10}
 }
 
 func (m *GrantResponse) XXX_Unmarshal(b []byte) error {
@@ -531,7 +642,7 @@ func (m *RevokeRequest) Reset()         { *m = RevokeRequest{} }
 func (m *RevokeRequest) String() string { return proto.CompactTextString(m) }
 func (*RevokeRequest) ProtoMessage()    {}
 func (*RevokeRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{9}
+	return fileDescriptor_11312eec02fd5712, []int{11}
 }
 
 func (m *RevokeRequest) XXX_Unmarshal(b []byte) error {
@@ -576,7 +687,7 @@ func (m *RevokeResponse) Reset()         { *m = RevokeResponse{} }
 func (m *RevokeResponse) String() string { return proto.CompactTextString(m) }
 func (*RevokeResponse) ProtoMessage()    {}
 func (*RevokeResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{10}
+	return fileDescriptor_11312eec02fd5712, []int{12}
 }
 
 func (m *RevokeResponse) XXX_Unmarshal(b []byte) error {
@@ -608,7 +719,7 @@ func (m *InspectRequest) Reset()         { *m = InspectRequest{} }
 func (m *InspectRequest) String() string { return proto.CompactTextString(m) }
 func (*InspectRequest) ProtoMessage()    {}
 func (*InspectRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{11}
+	return fileDescriptor_11312eec02fd5712, []int{13}
 }
 
 func (m *InspectRequest) XXX_Unmarshal(b []byte) error {
@@ -647,7 +758,7 @@ func (m *InspectResponse) Reset()         { *m = InspectResponse{} }
 func (m *InspectResponse) String() string { return proto.CompactTextString(m) }
 func (*InspectResponse) ProtoMessage()    {}
 func (*InspectResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{12}
+	return fileDescriptor_11312eec02fd5712, []int{14}
 }
 
 func (m *InspectResponse) XXX_Unmarshal(b []byte) error {
@@ -677,7 +788,7 @@ func (m *InspectResponse) GetAccount() *Account {
 
 type TokenRequest struct {
 	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Secret               string   `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
+	RefreshToken         string   `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
 	TokenExpiry          int64    `protobuf:"varint,3,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
@@ -688,7 +799,7 @@ func (m *TokenRequest) Reset()         { *m = TokenRequest{} }
 func (m *TokenRequest) String() string { return proto.CompactTextString(m) }
 func (*TokenRequest) ProtoMessage()    {}
 func (*TokenRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{13}
+	return fileDescriptor_11312eec02fd5712, []int{15}
 }
 
 func (m *TokenRequest) XXX_Unmarshal(b []byte) error {
@@ -716,9 +827,9 @@ func (m *TokenRequest) GetId() string {
 	return ""
 }
 
-func (m *TokenRequest) GetSecret() string {
+func (m *TokenRequest) GetRefreshToken() string {
 	if m != nil {
-		return m.Secret
+		return m.RefreshToken
 	}
 	return ""
 }
@@ -741,7 +852,7 @@ func (m *TokenResponse) Reset()         { *m = TokenResponse{} }
 func (m *TokenResponse) String() string { return proto.CompactTextString(m) }
 func (*TokenResponse) ProtoMessage()    {}
 func (*TokenResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{14}
+	return fileDescriptor_11312eec02fd5712, []int{16}
 }
 
 func (m *TokenResponse) XXX_Unmarshal(b []byte) error {
@@ -783,7 +894,7 @@ func (m *Rule) Reset()         { *m = Rule{} }
 func (m *Rule) String() string { return proto.CompactTextString(m) }
 func (*Rule) ProtoMessage()    {}
 func (*Rule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{15}
+	return fileDescriptor_11312eec02fd5712, []int{17}
 }
 
 func (m *Rule) XXX_Unmarshal(b []byte) error {
@@ -845,7 +956,7 @@ func (m *CreateRequest) Reset()         { *m = CreateRequest{} }
 func (m *CreateRequest) String() string { return proto.CompactTextString(m) }
 func (*CreateRequest) ProtoMessage()    {}
 func (*CreateRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{16}
+	return fileDescriptor_11312eec02fd5712, []int{18}
 }
 
 func (m *CreateRequest) XXX_Unmarshal(b []byte) error {
@@ -897,7 +1008,7 @@ func (m *CreateResponse) Reset()         { *m = CreateResponse{} }
 func (m *CreateResponse) String() string { return proto.CompactTextString(m) }
 func (*CreateResponse) ProtoMessage()    {}
 func (*CreateResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{17}
+	return fileDescriptor_11312eec02fd5712, []int{19}
 }
 
 func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
@@ -931,7 +1042,7 @@ func (m *DeleteRequest) Reset()         { *m = DeleteRequest{} }
 func (m *DeleteRequest) String() string { return proto.CompactTextString(m) }
 func (*DeleteRequest) ProtoMessage()    {}
 func (*DeleteRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{18}
+	return fileDescriptor_11312eec02fd5712, []int{20}
 }
 
 func (m *DeleteRequest) XXX_Unmarshal(b []byte) error {
@@ -983,7 +1094,7 @@ func (m *DeleteResponse) Reset()         { *m = DeleteResponse{} }
 func (m *DeleteResponse) String() string { return proto.CompactTextString(m) }
 func (*DeleteResponse) ProtoMessage()    {}
 func (*DeleteResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{19}
+	return fileDescriptor_11312eec02fd5712, []int{21}
 }
 
 func (m *DeleteResponse) XXX_Unmarshal(b []byte) error {
@@ -1014,7 +1125,7 @@ func (m *ListRequest) Reset()         { *m = ListRequest{} }
 func (m *ListRequest) String() string { return proto.CompactTextString(m) }
 func (*ListRequest) ProtoMessage()    {}
 func (*ListRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{20}
+	return fileDescriptor_11312eec02fd5712, []int{22}
 }
 
 func (m *ListRequest) XXX_Unmarshal(b []byte) error {
@@ -1046,7 +1157,7 @@ func (m *ListResponse) Reset()         { *m = ListResponse{} }
 func (m *ListResponse) String() string { return proto.CompactTextString(m) }
 func (*ListResponse) ProtoMessage()    {}
 func (*ListResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{21}
+	return fileDescriptor_11312eec02fd5712, []int{23}
 }
 
 func (m *ListResponse) XXX_Unmarshal(b []byte) error {
@@ -1083,6 +1194,8 @@ func init() {
 	proto.RegisterType((*Account)(nil), "go.micro.auth.Account")
 	proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.Account.MetadataEntry")
 	proto.RegisterType((*Resource)(nil), "go.micro.auth.Resource")
+	proto.RegisterType((*LoginRequest)(nil), "go.micro.auth.LoginRequest")
+	proto.RegisterType((*LoginResponse)(nil), "go.micro.auth.LoginResponse")
 	proto.RegisterType((*GenerateRequest)(nil), "go.micro.auth.GenerateRequest")
 	proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.GenerateRequest.MetadataEntry")
 	proto.RegisterType((*GenerateResponse)(nil), "go.micro.auth.GenerateResponse")
@@ -1108,59 +1221,64 @@ func init() {
 }
 
 var fileDescriptor_11312eec02fd5712 = []byte{
-	// 860 bytes of a gzipped FileDescriptorProto
+	// 931 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x8e, 0xdb, 0x44,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0x6d, 0x6f, 0xdb, 0x36,
-	0x14, 0x5e, 0xff, 0xc4, 0xf1, 0x9e, 0xfc, 0x6c, 0x34, 0xdd, 0x16, 0x2b, 0xfd, 0x21, 0x18, 0x84,
+	0x10, 0x8e, 0x24, 0x5b, 0x56, 0xce, 0x96, 0x63, 0xb0, 0x69, 0x26, 0xb8, 0x2f, 0xcb, 0xd4, 0x61,
-	0x96, 0x8a, 0x3a, 0x28, 0xbd, 0xe0, 0xa7, 0x12, 0x22, 0x6a, 0xa2, 0xd0, 0x42, 0x83, 0xb0, 0x8a,
+	0xc8, 0x8a, 0x55, 0x19, 0x5c, 0x60, 0x6f, 0x05, 0x86, 0x19, 0xb5, 0xe1, 0xb5, 0x6b, 0x3d, 0x4c,
-	0x0a, 0x17, 0x08, 0x79, 0x9d, 0xa3, 0x5d, 0xb3, 0x89, 0x1d, 0x3c, 0xe3, 0x15, 0x79, 0x02, 0xee,
+	0xe8, 0xd0, 0x7d, 0x19, 0x0a, 0x45, 0xbe, 0x26, 0x5a, 0x1c, 0xc9, 0x13, 0xa9, 0x60, 0xf9, 0x01,
-	0x78, 0x14, 0x9e, 0xa8, 0x97, 0x48, 0xbc, 0x06, 0x9a, 0xf1, 0x8c, 0x37, 0x71, 0x9c, 0x55, 0x84,
+	0xc3, 0xf6, 0x69, 0xff, 0x64, 0xfb, 0x45, 0xfb, 0x31, 0x03, 0x29, 0x52, 0x91, 0x25, 0xb9, 0x08,
-	0x72, 0xc1, 0xdd, 0x9c, 0x99, 0x33, 0xdf, 0x7c, 0xdf, 0xe7, 0x33, 0xc7, 0x03, 0x9f, 0x5e, 0x44,
+	0xda, 0x7c, 0xd8, 0x37, 0xde, 0xf1, 0x78, 0xf7, 0x3c, 0xf7, 0x42, 0x12, 0x3e, 0x3f, 0x8e, 0xd8,
-	0xec, 0x32, 0x3b, 0xf7, 0xc2, 0x64, 0xd1, 0x5f, 0x44, 0x61, 0x9a, 0xf4, 0x2f, 0x92, 0x27, 0xf9,
+	0x49, 0x76, 0xe4, 0x85, 0xc9, 0xd9, 0xe1, 0x59, 0x14, 0xa6, 0xc9, 0xe1, 0x71, 0xf2, 0x20, 0x5f,
-	0x20, 0xc8, 0xd8, 0x65, 0x9f, 0x62, 0x7a, 0x1d, 0x85, 0xd8, 0x5f, 0xa6, 0x09, 0xcb, 0xa7, 0x3c,
+	0x04, 0x19, 0x3b, 0x39, 0xa4, 0x98, 0x9e, 0x47, 0x21, 0x1e, 0xae, 0xd2, 0x84, 0xe5, 0x2a, 0x4f,
-	0x31, 0x24, 0xad, 0x8b, 0xc4, 0x13, 0x79, 0x1e, 0x9f, 0x74, 0xef, 0xc2, 0x9d, 0x6f, 0x23, 0xca,
+	0x2c, 0x89, 0x7d, 0x9c, 0x78, 0xc2, 0xce, 0xe3, 0x4a, 0xf7, 0x26, 0xdc, 0x78, 0x16, 0x51, 0x36,
-	0x86, 0x61, 0x98, 0x64, 0x31, 0xa3, 0x3e, 0xfe, 0x96, 0x21, 0x65, 0xee, 0x4b, 0x38, 0xdd, 0x9c,
+	0x0e, 0xc3, 0x24, 0x8b, 0x19, 0xf5, 0xf1, 0xd7, 0x0c, 0x29, 0x73, 0x9f, 0xc2, 0xee, 0xba, 0x9a,
-	0xa6, 0xcb, 0x24, 0xa6, 0x48, 0x06, 0x60, 0x07, 0x72, 0xce, 0xd1, 0x7a, 0xc6, 0x59, 0x63, 0x70,
+	0xae, 0x92, 0x98, 0x22, 0x19, 0x81, 0x15, 0x48, 0x9d, 0xa3, 0xed, 0x1b, 0x07, 0xdd, 0xd1, 0x9e,
-	0xcf, 0xdb, 0x00, 0xf4, 0xe4, 0x16, 0xbf, 0xc8, 0x73, 0xff, 0xd2, 0xa1, 0xf6, 0x3a, 0xb9, 0xc2,
+	0xb7, 0xe6, 0xd0, 0x93, 0x47, 0xfc, 0xc2, 0xce, 0xfd, 0x47, 0x87, 0xf6, 0x8b, 0xe4, 0x14, 0x63,
-	0x98, 0x9c, 0x42, 0x8d, 0xf1, 0x81, 0xa3, 0xf5, 0xb4, 0xb3, 0x63, 0x3f, 0x0f, 0x08, 0x01, 0x93,
+	0xb2, 0x0b, 0x6d, 0xc6, 0x17, 0x8e, 0xb6, 0xaf, 0x1d, 0x6c, 0xfb, 0xb9, 0x40, 0x08, 0xb4, 0xd8,
-	0xad, 0x96, 0xe8, 0xe8, 0x62, 0x52, 0x8c, 0x89, 0x03, 0xf5, 0x30, 0xc5, 0x80, 0xe1, 0xcc, 0x31,
+	0xc5, 0x0a, 0x1d, 0x5d, 0x28, 0xc5, 0x9a, 0x38, 0xd0, 0x09, 0x53, 0x0c, 0x18, 0x2e, 0x1c, 0x63,
-	0x7a, 0xda, 0x99, 0xe1, 0xab, 0x90, 0xdc, 0x03, 0x0b, 0x7f, 0x5f, 0x46, 0xe9, 0xca, 0x31, 0xc5,
+	0x5f, 0x3b, 0x30, 0x7c, 0x25, 0x92, 0x3d, 0x30, 0xf1, 0xb7, 0x55, 0x94, 0x5e, 0x38, 0x2d, 0xb1,
-	0x82, 0x8c, 0xf8, 0x0e, 0x9a, 0x9d, 0xff, 0x8a, 0x21, 0x73, 0x6a, 0x02, 0x48, 0x85, 0xfc, 0xd4,
+	0x21, 0x25, 0x7e, 0x82, 0x66, 0x47, 0xbf, 0x60, 0xc8, 0x9c, 0xb6, 0x70, 0xa4, 0x44, 0x1e, 0x35,
-	0x34, 0x99, 0x23, 0x75, 0xac, 0x9e, 0xc1, 0x4f, 0x15, 0x01, 0xf9, 0x12, 0xec, 0x05, 0xb2, 0x60,
+	0x4d, 0x96, 0x48, 0x1d, 0x73, 0xdf, 0xe0, 0x51, 0x85, 0x40, 0xbe, 0x06, 0xeb, 0x0c, 0x59, 0xb0,
-	0x16, 0xb0, 0xc0, 0xa9, 0x0b, 0x25, 0x6e, 0x49, 0x89, 0xe0, 0xec, 0xbd, 0x92, 0x49, 0xe3, 0x98,
+	0x08, 0x58, 0xe0, 0x74, 0x04, 0x13, 0xb7, 0xc2, 0x44, 0x60, 0xf6, 0x9e, 0x4b, 0xa3, 0x69, 0xcc,
-	0xa5, 0x2b, 0xbf, 0xd8, 0x43, 0x1e, 0xc0, 0x71, 0x1c, 0x2c, 0x90, 0x2e, 0x83, 0x10, 0x1d, 0x5b,
+	0xd2, 0x0b, 0xbf, 0x38, 0x43, 0x6e, 0xc3, 0x76, 0x1c, 0x9c, 0x21, 0x5d, 0x05, 0x21, 0x3a, 0x96,
-	0x9c, 0x78, 0x33, 0xd1, 0x7d, 0x06, 0xad, 0x8d, 0x8d, 0xa4, 0x03, 0xc6, 0x15, 0xae, 0xa4, 0x70,
+	0x88, 0x78, 0xa9, 0x18, 0x3e, 0x02, 0x7b, 0xed, 0x20, 0x19, 0x80, 0x71, 0x8a, 0x17, 0x92, 0x38,
-	0x3e, 0xe4, 0xb4, 0xae, 0x83, 0x79, 0xa6, 0x74, 0xe7, 0xc1, 0x17, 0xfa, 0x67, 0x9a, 0xfb, 0xb7,
+	0x5f, 0x72, 0x58, 0xe7, 0xc1, 0x32, 0x53, 0xbc, 0x73, 0xe1, 0x2b, 0xfd, 0x0b, 0xcd, 0xfd, 0x5d,
-	0x06, 0x75, 0x69, 0x23, 0x69, 0x83, 0x1e, 0xcd, 0xe4, 0x36, 0x3d, 0x12, 0xf2, 0x29, 0x86, 0x29,
+	0x87, 0x8e, 0x4c, 0x23, 0xe9, 0x83, 0x1e, 0x2d, 0xe4, 0x31, 0x3d, 0x5a, 0x5c, 0x92, 0x31, 0xca,
-	0x32, 0xb9, 0x4d, 0x46, 0x37, 0x22, 0x8d, 0x75, 0x91, 0x5f, 0xad, 0x89, 0x34, 0x85, 0xc8, 0x0f,
+	0x64, 0xbe, 0x29, 0x91, 0x69, 0x09, 0x32, 0x1f, 0x36, 0x97, 0xe5, 0x6a, 0x74, 0xda, 0x15, 0x3a,
-	0xaa, 0x3f, 0xd7, 0x7e, 0x32, 0x6b, 0x07, 0x95, 0x39, 0x05, 0xdb, 0x47, 0x9a, 0x64, 0x69, 0x88,
+	0x45, 0x89, 0xcc, 0x52, 0x89, 0xee, 0x81, 0x9d, 0xe2, 0xeb, 0x14, 0xe9, 0xc9, 0xab, 0xbc, 0xa8,
-	0xbc, 0x06, 0x38, 0xaa, 0xdc, 0x28, 0xc6, 0x95, 0x75, 0xd1, 0x05, 0x1b, 0xe3, 0xd9, 0x32, 0x89,
+	0x1d, 0xb1, 0xd9, 0x93, 0x4a, 0x91, 0xbd, 0x77, 0xcb, 0xc3, 0x1c, 0x2c, 0x1f, 0x69, 0x92, 0xa5,
-	0x62, 0x26, 0x0a, 0xe3, 0xd8, 0x2f, 0x62, 0xf7, 0xad, 0x06, 0x27, 0x13, 0x8c, 0x31, 0x0d, 0x18,
+	0x39, 0x02, 0x0e, 0x47, 0x1e, 0x14, 0xeb, 0xc6, 0xc6, 0x19, 0x82, 0x85, 0xf1, 0x62, 0x95, 0x44,
-	0xca, 0x3a, 0xde, 0xb2, 0xaf, 0xb0, 0x49, 0x5f, 0xb7, 0xe9, 0xeb, 0x35, 0x9b, 0x0c, 0x61, 0xd3,
+	0x31, 0x13, 0x9d, 0xb3, 0xed, 0x17, 0xb2, 0xfb, 0x19, 0xf4, 0x9e, 0x25, 0xc7, 0x51, 0x2c, 0x9b,
-	0xc7, 0x25, 0x9b, 0x4a, 0xb8, 0xfb, 0xd9, 0x65, 0x1e, 0xd4, 0xae, 0x11, 0x74, 0x6e, 0x58, 0xc8,
+	0xbc, 0x96, 0xdb, 0x3d, 0x30, 0x29, 0x86, 0x29, 0x32, 0xe9, 0x51, 0x4a, 0xee, 0x18, 0x6c, 0x79,
-	0xeb, 0xf8, 0x09, 0xd4, 0xe5, 0x35, 0x13, 0x18, 0xbb, 0x6f, 0xa3, 0x4a, 0x73, 0xdf, 0x40, 0x73,
+	0x4e, 0x4e, 0xc1, 0xa7, 0xd0, 0x91, 0xdd, 0x2d, 0x4e, 0x6f, 0x1e, 0x02, 0x65, 0xe6, 0xfe, 0xa9,
-	0x92, 0x06, 0x31, 0x53, 0x06, 0x11, 0x30, 0xb9, 0x07, 0xca, 0x78, 0x3e, 0x26, 0x4f, 0xc1, 0x4e,
+	0xc3, 0xce, 0x0c, 0x63, 0x4c, 0x03, 0x86, 0x9b, 0xc2, 0x17, 0xa5, 0xd5, 0xcb, 0xa5, 0xfd, 0xb6,
-	0xe5, 0x87, 0x11, 0x34, 0x1a, 0x83, 0x77, 0x4a, 0xb0, 0xea, 0xbb, 0xf9, 0x45, 0xa2, 0x7b, 0x02,
+	0x54, 0x5a, 0x43, 0x94, 0xf6, 0x93, 0x4a, 0xb0, 0x8a, 0xdf, 0xab, 0x95, 0xb8, 0x55, 0x2d, 0xf1,
-	0x2d, 0x09, 0x9c, 0x73, 0x73, 0x7f, 0x84, 0x96, 0x8f, 0xd7, 0xc9, 0x15, 0x1e, 0xfc, 0xa8, 0x0e,
+	0x25, 0xf9, 0x76, 0x99, 0x7c, 0x53, 0xe9, 0xdf, 0xad, 0xaa, 0x13, 0x18, 0x5c, 0x22, 0x7e, 0xeb,
-	0xb4, 0x15, 0xb2, 0x3c, 0xeb, 0x43, 0x68, 0xbf, 0x88, 0xe9, 0x12, 0xc3, 0x42, 0x57, 0x65, 0xab,
+	0x84, 0xbe, 0x84, 0xde, 0x2c, 0x0d, 0x62, 0xa6, 0x92, 0x49, 0xa0, 0xc5, 0xf3, 0xa5, 0xfa, 0x83,
-	0x71, 0x9f, 0xc3, 0x49, 0x91, 0xf7, 0x9f, 0x2d, 0xfc, 0x09, 0x9a, 0xa2, 0x35, 0xec, 0xaa, 0xb1,
+	0xaf, 0xc9, 0x43, 0xb0, 0x52, 0xd9, 0x3f, 0x02, 0x46, 0x77, 0xf4, 0x5e, 0xc5, 0xad, 0x6a, 0x2f,
-	0x5d, 0x57, 0xf4, 0x3d, 0x68, 0x0a, 0x16, 0xbf, 0xc8, 0xfe, 0x95, 0x37, 0xb6, 0x86, 0x98, 0x1b,
+	0xbf, 0x30, 0x74, 0x77, 0xc0, 0x96, 0x8e, 0x73, 0x6c, 0xee, 0x4f, 0x60, 0xfb, 0x78, 0x9e, 0x9c,
-	0x8b, 0x29, 0xf7, 0x19, 0xb4, 0x24, 0xb4, 0x64, 0xf7, 0x78, 0x5d, 0x46, 0x63, 0x70, 0x5a, 0xd5,
+	0xe2, 0xb5, 0x87, 0x1a, 0x40, 0x5f, 0x79, 0x96, 0xb1, 0x3e, 0x82, 0xfe, 0x93, 0x98, 0xae, 0x30,
-	0xa2, 0x94, 0xb8, 0x3f, 0x35, 0x30, 0xfd, 0x6c, 0x8e, 0x5b, 0x84, 0x94, 0xf1, 0xfa, 0x0e, 0xe3,
+	0x2c, 0x78, 0x35, 0x5e, 0x99, 0xee, 0x63, 0xd8, 0x29, 0xec, 0xde, 0x3a, 0x85, 0xaf, 0xa1, 0x27,
-	0x8d, 0x3d, 0x8d, 0x27, 0x4f, 0xc0, 0x0a, 0xc2, 0x10, 0x29, 0x15, 0xa5, 0xdd, 0x1e, 0xdc, 0xdd,
+	0x86, 0x74, 0x53, 0x3f, 0xd6, 0x06, 0x5c, 0xaf, 0x0f, 0x38, 0xf9, 0x00, 0x7a, 0x62, 0xf3, 0x95,
-	0xb6, 0x0a, 0x29, 0xf5, 0x65, 0x92, 0xfb, 0x87, 0x06, 0xad, 0xe7, 0xa2, 0x6d, 0x1f, 0xba, 0x04,
+	0xbc, 0x94, 0xf3, 0xdb, 0xba, 0x2b, 0x74, 0x53, 0xa1, 0x72, 0x1f, 0x81, 0x2d, 0xe3, 0x48, 0xa8,
-	0xd6, 0x98, 0x18, 0xfb, 0x30, 0xe9, 0x40, 0x5b, 0x11, 0x91, 0x15, 0xc3, 0xb9, 0x8d, 0x70, 0x8e,
+	0xf7, 0xcb, 0x9c, 0xba, 0xa3, 0xdd, 0xa6, 0x7b, 0x57, 0x31, 0xfd, 0x4b, 0x83, 0x96, 0x9f, 0x2d,
-	0xff, 0x0b, 0x6e, 0x8a, 0x88, 0xe4, 0xd6, 0x82, 0x06, 0xff, 0xf9, 0xaa, 0x7f, 0xf1, 0xe7, 0xd0,
+	0xb1, 0x86, 0x4e, 0x55, 0x41, 0xdf, 0x50, 0x05, 0xe3, 0x8a, 0x55, 0x20, 0x0f, 0xc0, 0x0c, 0xc2,
-	0xcc, 0x43, 0x59, 0x13, 0x1f, 0x41, 0x2d, 0xcd, 0x78, 0x0f, 0xcb, 0x7f, 0xc0, 0x77, 0xca, 0x8c,
+	0x10, 0x29, 0x15, 0x33, 0xd1, 0x1f, 0xdd, 0xac, 0xe7, 0x0d, 0x29, 0xf5, 0xa5, 0x91, 0xfb, 0x87,
-	0xb2, 0x39, 0xfa, 0x79, 0xc6, 0x63, 0x0f, 0xac, 0xfc, 0x34, 0xd2, 0x80, 0xfa, 0x0f, 0xd3, 0x6f,
+	0x06, 0xf6, 0x63, 0xf1, 0x16, 0x5d, 0x77, 0x3f, 0x94, 0x90, 0x18, 0x57, 0x41, 0x32, 0x80, 0xbe,
-	0xa6, 0xdf, 0xbd, 0x99, 0x76, 0x8e, 0x78, 0x30, 0xf1, 0x87, 0xd3, 0xd7, 0xe3, 0x51, 0x47, 0x23,
+	0x02, 0x22, 0xdb, 0x87, 0x63, 0x9b, 0xe0, 0x12, 0xff, 0x17, 0xd8, 0x14, 0x10, 0x89, 0xcd, 0x86,
-	0x00, 0xd6, 0x68, 0x3c, 0x7d, 0x31, 0x1e, 0x75, 0xf4, 0xc1, 0x3f, 0x1a, 0x98, 0xc3, 0x8c, 0x5d,
+	0x2e, 0xff, 0x51, 0xa8, 0x0f, 0xc6, 0x97, 0xd0, 0xcb, 0x45, 0xd9, 0x13, 0x1f, 0x43, 0x3b, 0xcd,
-	0x92, 0x57, 0x60, 0xab, 0x66, 0x43, 0x1e, 0xdd, 0xde, 0x0b, 0xbb, 0xef, 0xee, 0x5c, 0x97, 0x7a,
+	0xf8, 0xe5, 0x97, 0xff, 0x2a, 0x6e, 0x54, 0x11, 0x65, 0x4b, 0xf4, 0x73, 0x8b, 0xfb, 0x1e, 0x98,
-	0x8e, 0xc8, 0x4b, 0xa8, 0xcb, 0x7b, 0x47, 0x1e, 0x96, 0xb2, 0x37, 0xef, 0x6d, 0xf7, 0xd1, 0xae,
+	0x79, 0x34, 0xd2, 0x85, 0xce, 0x8f, 0xf3, 0xef, 0xe6, 0xdf, 0xbf, 0x9c, 0x0f, 0xb6, 0xb8, 0x30,
-	0xe5, 0x02, 0x6b, 0xa4, 0x5e, 0x13, 0xf7, 0x2b, 0x2f, 0x83, 0xc4, 0x79, 0x50, 0xbd, 0xa8, 0x50,
+	0xf3, 0xc7, 0xf3, 0x17, 0xd3, 0xc9, 0x40, 0x23, 0x00, 0xe6, 0x64, 0x3a, 0x7f, 0x32, 0x9d, 0x0c,
-	0x06, 0x3f, 0x83, 0xad, 0x1e, 0x37, 0xe4, 0x7b, 0x30, 0xb9, 0xc1, 0xa4, 0xfc, 0x00, 0xa8, 0x78,
+	0xf4, 0xd1, 0xdf, 0x3a, 0xb4, 0xc6, 0x19, 0x3b, 0x21, 0xcf, 0xc1, 0x52, 0x37, 0x0f, 0xb9, 0xfb,
-	0x18, 0x75, 0xdf, 0xbf, 0x35, 0xa7, 0x80, 0x7f, 0xab, 0x41, 0x8d, 0x7f, 0x08, 0x4a, 0x26, 0x60,
+	0xe6, 0x4b, 0x74, 0xf8, 0xfe, 0xc6, 0x7d, 0xc9, 0x67, 0x8b, 0x3c, 0x85, 0x8e, 0x1c, 0x42, 0x72,
-	0xe5, 0xa5, 0x47, 0xca, 0x94, 0x36, 0xae, 0x46, 0xf7, 0xe1, 0x8e, 0xd5, 0x42, 0xf7, 0x04, 0xac,
+	0xa7, 0x62, 0xbd, 0x3e, 0xc4, 0xc3, 0xbb, 0x9b, 0xb6, 0x0b, 0x5f, 0x13, 0xf5, 0x45, 0xba, 0xd5,
-	0xbc, 0x4e, 0xb6, 0x80, 0x36, 0xea, 0x78, 0x0b, 0xa8, 0x54, 0x5c, 0x47, 0x64, 0x28, 0xe5, 0x76,
+	0x38, 0x0c, 0xd2, 0xcf, 0xed, 0xe6, 0xcd, 0xb2, 0x17, 0xf1, 0x50, 0xd5, 0xbc, 0x94, 0x9f, 0xbd,
-	0x2b, 0xa4, 0x28, 0x90, 0xfb, 0x95, 0x6b, 0x0a, 0xe2, 0xdc, 0x12, 0x6f, 0xc9, 0xa7, 0xff, 0x06,
+	0x9a, 0x97, 0xb5, 0xb7, 0xcd, 0xdd, 0x1a, 0xfd, 0x0c, 0x96, 0xfa, 0xf7, 0x91, 0x1f, 0xa0, 0xc5,
-	0x00, 0x00, 0xff, 0xff, 0x24, 0x1b, 0xf8, 0x32, 0x86, 0x0a, 0x00, 0x00,
+	0xcb, 0x44, 0xaa, 0x7f, 0xa3, 0x86, 0x3f, 0xe3, 0xf0, 0xde, 0x1b, 0x6d, 0x0a, 0xf7, 0xff, 0x6a,
+	0xd0, 0xe6, 0xe5, 0xa4, 0x64, 0x06, 0x66, 0xde, 0xc0, 0xa4, 0x0a, 0x69, 0x6d, 0xc0, 0x86, 0x77,
+	0x36, 0xec, 0x16, 0xbc, 0x67, 0x60, 0xe6, 0xdd, 0x56, 0x73, 0xb4, 0x36, 0x0d, 0x35, 0x47, 0x95,
+	0x16, 0xdd, 0x22, 0x63, 0x49, 0x77, 0xd8, 0x40, 0x45, 0x39, 0xb9, 0xd5, 0xb8, 0xa7, 0x5c, 0x1c,
+	0x99, 0xe2, 0x9b, 0xfd, 0xf0, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xd9, 0x7a, 0xd4, 0x05, 0xa1,
+	0x0b, 0x00, 0x00,
 }

auth/service/proto/auth.pb.micro.go

@@ -37,6 +37,7 @@ type AuthService interface {
 	Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
 	Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
 	Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error)
+	Login(ctx context.Context, in *LoginRequest, opts ...client.CallOption) (*LoginResponse, error)
 }
 
 type authService struct {
@@ -81,12 +82,23 @@ func (c *authService) Token(ctx context.Context, in *TokenRequest, opts ...clien
 	return out, nil
 }
 
+func (c *authService) Login(ctx context.Context, in *LoginRequest, opts ...client.CallOption) (*LoginResponse, error) {
+	req := c.c.NewRequest(c.name, "Auth.Login", in)
+	out := new(LoginResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // Server API for Auth service
 
 type AuthHandler interface {
 	Generate(context.Context, *GenerateRequest, *GenerateResponse) error
 	Inspect(context.Context, *InspectRequest, *InspectResponse) error
 	Token(context.Context, *TokenRequest, *TokenResponse) error
+	Login(context.Context, *LoginRequest, *LoginResponse) error
 }
 
 func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
@@ -94,6 +106,7 @@ func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.Handl
 		Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
 		Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
 		Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error
+		Login(ctx context.Context, in *LoginRequest, out *LoginResponse) error
 	}
 	type Auth struct {
 		auth
@@ -118,6 +131,10 @@ func (h *authHandler) Token(ctx context.Context, in *TokenRequest, out *TokenRes
 	return h.AuthHandler.Token(ctx, in, out)
 }
 
+func (h *authHandler) Login(ctx context.Context, in *LoginRequest, out *LoginResponse) error {
+	return h.AuthHandler.Login(ctx, in, out)
+}
+
 // Client API for Accounts service
 
 type AccountsService interface {

auth/service/proto/auth.proto

@@ -6,6 +6,7 @@ service Auth {
 	rpc Generate(GenerateRequest) returns (GenerateResponse) {};
 	rpc Inspect(InspectRequest)  returns (InspectResponse) {};		
 	rpc Token(TokenRequest)  returns (TokenResponse) {};
+	rpc Login(LoginRequest)  returns (LoginResponse) {};
 }
 
 service Accounts {
@@ -38,10 +39,11 @@ message Token {
 
 message Account {
 	string id = 1;
-	string secret = 2;
 	repeated string roles = 3;
 	map<string, string> metadata = 4;
 	string namespace = 5;
+	string type = 6;
+	string refresh_token = 7;
 }
 
 message Resource{
@@ -50,11 +52,22 @@ message Resource{
 	string endpoint = 3;
 }
 
+message LoginRequest {
+	string id = 1;
+	string secret = 2;
+}
+
+message LoginResponse {
+	Account account = 1;
+}
+
 message GenerateRequest {
 	string id = 1;
 	repeated string roles = 2;
 	map<string, string> metadata = 3;
 	string namespace = 4;
+	string secret = 5;
+	string type = 6;
 }
 
 message GenerateResponse {
@@ -85,7 +98,7 @@ message InspectResponse {
 
 message TokenRequest {
 	string id = 1;
-	string secret = 2;
+	string refresh_token = 2;
 	int64 token_expiry = 3;
 }
 

auth/service/service.go

@@ -73,7 +73,7 @@ func (s *svc) Init(opts ...auth.Option) {
 
 	// we have client credentials and must load a new token
 	// periodically
-	if len(s.options.ID) > 0 || len(s.options.Secret) > 0 {
+	if len(s.options.ID) > 0 || len(s.options.RefreshToken) > 0 {
 		tokenTimer := time.NewTicker(time.Minute)
 
 		go func() {
@@ -107,11 +107,12 @@ func (s *svc) Options() auth.Options {
 }
 
 // Generate a new account
-func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
+func (s *svc) Generate(id, secret string, opts ...auth.GenerateOption) (*auth.Account, error) {
 	options := auth.NewGenerateOptions(opts...)
 
 	rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{
 		Id:        id,
+		Secret:    secret,
 		Roles:     options.Roles,
 		Metadata:  options.Metadata,
 		Namespace: options.Namespace,
@@ -123,6 +124,15 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
 	return serializeAccount(rsp.Account), nil
 }
 
+// Login to an account
+func (s *svc) Login(id, secret string) (*auth.Account, error) {
+	rsp, err := s.auth.Login(context.TODO(), &pb.LoginRequest{Id: id, Secret: secret})
+	if err != nil {
+		return nil, err
+	}
+	return serializeAccount(rsp.Account), nil
+}
+
 // Grant access to a resource
 func (s *svc) Grant(role string, res *auth.Resource) error {
 	_, err := s.rule.Create(context.TODO(), &pb.CreateRequest{
@@ -216,12 +226,12 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
 }
 
 // Token generation using an account ID and secret
-func (s *svc) Token(id, secret string, opts ...auth.TokenOption) (*auth.Token, error) {
+func (s *svc) Token(id, refresh string, opts ...auth.TokenOption) (*auth.Token, error) {
 	options := auth.NewTokenOptions(opts...)
 
 	rsp, err := s.auth.Token(context.Background(), &pb.TokenRequest{
 		Id:           id,
-		Secret:      secret,
+		RefreshToken: refresh,
 		TokenExpiry:  int64(options.TokenExpiry.Seconds()),
 	})
 	if err != nil {
@@ -290,7 +300,7 @@ func (s *svc) loadRules() {
 func (s *svc) loadToken() {
 	rsp, err := s.auth.Token(context.TODO(), &pb.TokenRequest{
 		Id:           s.Options().ID,
-		Secret:      s.Options().Secret,
+		RefreshToken: s.Options().RefreshToken,
 		TokenExpiry:  int64((time.Minute * 15).Seconds()),
 	})
 	s.Lock()
@@ -322,6 +332,6 @@ func serializeAccount(a *pb.Account) *auth.Account {
 		Roles:        a.Roles,
 		Metadata:     a.Metadata,
 		Namespace:    a.Namespace,
-		Secret:    a.Secret,
+		RefreshToken: a.RefreshToken,
 	}
 }