Auth - Swap Refresh to Token and change secrets to be strings, not tokens (#1444)

* Refresh => Token

* Secret is no longer a token

Co-authored-by: Ben Toogood <ben@micro.mu>

auth/auth.go

@@ -42,8 +42,8 @@ type Auth interface {
 	Verify(acc *Account, res *Resource) error
 	// Inspect a token
 	Inspect(token string) (*Account, error)
-	// Refresh an account using a secret
-	Refresh(secret string, opts ...RefreshOption) (*Token, error)
+	// Token generated using an account ID and secret
+	Token(id, secret string, opts ...TokenOption) (*Token, error)
 	// String returns the name of the implementation
 	String() string
 }
@@ -63,7 +63,7 @@ type Account struct {
 	// ID of the account (UUIDV4, email or username)
 	ID string `json:"id"`
 	// Secret used to renew the account
-	Secret *Token `json:"secret"`
+	Secret string `json:"secret"`
 	// Roles associated with the Account
 	Roles []string `json:"roles"`
 	// Any other associated metadata

auth/default.go

@@ -41,7 +41,7 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
 		ID:       id,
 		Roles:    options.Roles,
 		Metadata: options.Metadata,
-		Secret:   &Token{},
+		Secret:   uuid.New().String(),
 	}, nil
 }
 
@@ -67,7 +67,7 @@ func (n *noop) Inspect(token string) (*Account, error) {
 	}, nil
 }
 
-// Refresh an account using a secret
-func (n *noop) Refresh(secret string, opts ...RefreshOption) (*Token, error) {
+// Token generation using an account id and secret
+func (n *noop) Token(id, secret string, opts ...TokenOption) (*Token, error) {
 	return &Token{}, nil
 }

auth/options.go

@@ -71,8 +71,6 @@ type GenerateOptions struct {
 	Metadata map[string]string
 	// Roles/scopes associated with the account
 	Roles []string
-	// SecretExpiry is the time the secret should live for
-	SecretExpiry time.Duration
 	// Namespace the account belongs too
 	Namespace string
 }
@@ -100,45 +98,32 @@ func WithNamespace(n string) GenerateOption {
 	}
 }
 
-// WithSecretExpiry for the generated account's secret expires
-func WithSecretExpiry(ex time.Duration) GenerateOption {
-	return func(o *GenerateOptions) {
-		o.SecretExpiry = ex
-	}
-}
-
 // NewGenerateOptions from a slice of options
 func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
 	var options GenerateOptions
 	for _, o := range opts {
 		o(&options)
 	}
-
-	// set defualt expiry of secret
-	if options.SecretExpiry == 0 {
-		options.SecretExpiry = time.Hour * 24 * 7
-	}
-
 	return options
 }
 
-type RefreshOptions struct {
+type TokenOptions struct {
 	// TokenExpiry is the time the token should live for
 	TokenExpiry time.Duration
 }
 
-type RefreshOption func(o *RefreshOptions)
+type TokenOption func(o *TokenOptions)
 
 // WithTokenExpiry for the token
-func WithTokenExpiry(ex time.Duration) RefreshOption {
-	return func(o *RefreshOptions) {
+func WithTokenExpiry(ex time.Duration) TokenOption {
+	return func(o *TokenOptions) {
 		o.TokenExpiry = ex
 	}
 }
 
-// NewRefreshOptions from a slice of options
-func NewRefreshOptions(opts ...RefreshOption) RefreshOptions {
-	var options RefreshOptions
+// NewTokenOptions from a slice of options
+func NewTokenOptions(opts ...TokenOption) TokenOptions {
+	var options TokenOptions
 	for _, o := range opts {
 		o(&options)
 	}

auth/service/proto/auth.pb.go

@@ -121,7 +121,7 @@ func (m *Token) GetNamespace() string {
 
 type Account struct {
 	Id                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Secret               *Token            `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
+	Secret               string            `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
 	Roles                []string          `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
 	Metadata             map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	Namespace            string            `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
@@ -162,11 +162,11 @@ func (m *Account) GetId() string {
 	return ""
 }
 
-func (m *Account) GetSecret() *Token {
+func (m *Account) GetSecret() string {
 	if m != nil {
 		return m.Secret
 	}
-	return nil
+	return ""
 }
 
 func (m *Account) GetRoles() []string {
@@ -249,8 +249,7 @@ type GenerateRequest struct {
 	Id                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	Roles                []string          `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
 	Metadata             map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	SecretExpiry         int64             `protobuf:"varint,4,opt,name=secret_expiry,json=secretExpiry,proto3" json:"secret_expiry,omitempty"`
-	Namespace            string            `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Namespace            string            `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
 	XXX_unrecognized     []byte            `json:"-"`
 	XXX_sizecache        int32             `json:"-"`
@@ -302,13 +301,6 @@ func (m *GenerateRequest) GetMetadata() map[string]string {
 	return nil
 }
 
-func (m *GenerateRequest) GetSecretExpiry() int64 {
-	if m != nil {
-		return m.SecretExpiry
-	}
-	return 0
-}
-
 func (m *GenerateRequest) GetNamespace() string {
 	if m != nil {
 		return m.Namespace
@@ -589,86 +581,94 @@ func (m *InspectResponse) GetAccount() *Account {
 	return nil
 }
 
-type RefreshRequest struct {
-	Secret               string   `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"`
-	TokenExpiry          int64    `protobuf:"varint,2,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"`
+type TokenRequest struct {
+	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Secret               string   `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
+	TokenExpiry          int64    `protobuf:"varint,3,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *RefreshRequest) Reset()         { *m = RefreshRequest{} }
-func (m *RefreshRequest) String() string { return proto.CompactTextString(m) }
-func (*RefreshRequest) ProtoMessage()    {}
-func (*RefreshRequest) Descriptor() ([]byte, []int) {
+func (m *TokenRequest) Reset()         { *m = TokenRequest{} }
+func (m *TokenRequest) String() string { return proto.CompactTextString(m) }
+func (*TokenRequest) ProtoMessage()    {}
+func (*TokenRequest) Descriptor() ([]byte, []int) {
 	return fileDescriptor_21300bfacc51fc2a, []int{11}
 }
 
-func (m *RefreshRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_RefreshRequest.Unmarshal(m, b)
+func (m *TokenRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_TokenRequest.Unmarshal(m, b)
 }
-func (m *RefreshRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_RefreshRequest.Marshal(b, m, deterministic)
+func (m *TokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_TokenRequest.Marshal(b, m, deterministic)
 }
-func (m *RefreshRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_RefreshRequest.Merge(m, src)
+func (m *TokenRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TokenRequest.Merge(m, src)
 }
-func (m *RefreshRequest) XXX_Size() int {
-	return xxx_messageInfo_RefreshRequest.Size(m)
+func (m *TokenRequest) XXX_Size() int {
+	return xxx_messageInfo_TokenRequest.Size(m)
 }
-func (m *RefreshRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_RefreshRequest.DiscardUnknown(m)
+func (m *TokenRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_TokenRequest.DiscardUnknown(m)
 }
 
-var xxx_messageInfo_RefreshRequest proto.InternalMessageInfo
+var xxx_messageInfo_TokenRequest proto.InternalMessageInfo
 
-func (m *RefreshRequest) GetSecret() string {
+func (m *TokenRequest) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func (m *TokenRequest) GetSecret() string {
 	if m != nil {
 		return m.Secret
 	}
 	return ""
 }
 
-func (m *RefreshRequest) GetTokenExpiry() int64 {
+func (m *TokenRequest) GetTokenExpiry() int64 {
 	if m != nil {
 		return m.TokenExpiry
 	}
 	return 0
 }
 
-type RefreshResponse struct {
+type TokenResponse struct {
 	Token                *Token   `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 
-func (m *RefreshResponse) Reset()         { *m = RefreshResponse{} }
-func (m *RefreshResponse) String() string { return proto.CompactTextString(m) }
-func (*RefreshResponse) ProtoMessage()    {}
-func (*RefreshResponse) Descriptor() ([]byte, []int) {
+func (m *TokenResponse) Reset()         { *m = TokenResponse{} }
+func (m *TokenResponse) String() string { return proto.CompactTextString(m) }
+func (*TokenResponse) ProtoMessage()    {}
+func (*TokenResponse) Descriptor() ([]byte, []int) {
 	return fileDescriptor_21300bfacc51fc2a, []int{12}
 }
 
-func (m *RefreshResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_RefreshResponse.Unmarshal(m, b)
+func (m *TokenResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_TokenResponse.Unmarshal(m, b)
 }
-func (m *RefreshResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_RefreshResponse.Marshal(b, m, deterministic)
+func (m *TokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_TokenResponse.Marshal(b, m, deterministic)
 }
-func (m *RefreshResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_RefreshResponse.Merge(m, src)
+func (m *TokenResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TokenResponse.Merge(m, src)
 }
-func (m *RefreshResponse) XXX_Size() int {
-	return xxx_messageInfo_RefreshResponse.Size(m)
+func (m *TokenResponse) XXX_Size() int {
+	return xxx_messageInfo_TokenResponse.Size(m)
 }
-func (m *RefreshResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_RefreshResponse.DiscardUnknown(m)
+func (m *TokenResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_TokenResponse.DiscardUnknown(m)
 }
 
-var xxx_messageInfo_RefreshResponse proto.InternalMessageInfo
+var xxx_messageInfo_TokenResponse proto.InternalMessageInfo
 
-func (m *RefreshResponse) GetToken() *Token {
+func (m *TokenResponse) GetToken() *Token {
 	if m != nil {
 		return m.Token
 	}
@@ -690,54 +690,52 @@ func init() {
 	proto.RegisterType((*RevokeResponse)(nil), "go.micro.auth.RevokeResponse")
 	proto.RegisterType((*InspectRequest)(nil), "go.micro.auth.InspectRequest")
 	proto.RegisterType((*InspectResponse)(nil), "go.micro.auth.InspectResponse")
-	proto.RegisterType((*RefreshRequest)(nil), "go.micro.auth.RefreshRequest")
-	proto.RegisterType((*RefreshResponse)(nil), "go.micro.auth.RefreshResponse")
+	proto.RegisterType((*TokenRequest)(nil), "go.micro.auth.TokenRequest")
+	proto.RegisterType((*TokenResponse)(nil), "go.micro.auth.TokenResponse")
 }
 
 func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
 
 var fileDescriptor_21300bfacc51fc2a = []byte{
-	// 625 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0x4d, 0x6f, 0xd3, 0x4c,
-	0x10, 0xae, 0xed, 0x7c, 0x38, 0x93, 0xa6, 0x89, 0x56, 0x55, 0x5e, 0x2b, 0x7a, 0x5b, 0x82, 0x41,
-	0x28, 0x42, 0x95, 0x83, 0xd2, 0x0b, 0xa2, 0x02, 0x51, 0xa0, 0x2a, 0x1f, 0x2a, 0x07, 0x0b, 0x09,
-	0xc4, 0x05, 0xb9, 0xce, 0x40, 0x4c, 0x1a, 0xdb, 0xac, 0xd7, 0x11, 0x39, 0xf2, 0x87, 0xf8, 0x67,
-	0xfc, 0x01, 0x4e, 0x68, 0xd7, 0xbb, 0x8e, 0xe3, 0x24, 0x08, 0xa1, 0x72, 0x89, 0x66, 0x66, 0x67,
-	0x9e, 0x99, 0x79, 0xf6, 0xf1, 0x06, 0x0e, 0xbc, 0x94, 0x4d, 0x86, 0x09, 0xd2, 0x79, 0xe0, 0xe3,
-	0x30, 0xa6, 0x11, 0x8b, 0x86, 0x3c, 0xe4, 0x08, 0x93, 0xb4, 0x3e, 0x45, 0xce, 0x2c, 0xf0, 0x69,
-	0xe4, 0xf0, 0xa0, 0xfd, 0x5d, 0x87, 0xea, 0x9b, 0x68, 0x8a, 0x21, 0xd9, 0x87, 0x2a, 0xe3, 0x86,
-	0xa5, 0xf5, 0xb5, 0x41, 0xc3, 0xcd, 0x1c, 0x42, 0xa0, 0xc2, 0x16, 0x31, 0x5a, 0xba, 0x08, 0x0a,
-	0x9b, 0x58, 0x50, 0xf7, 0x29, 0x7a, 0x0c, 0xc7, 0x96, 0xd1, 0xd7, 0x06, 0x86, 0xab, 0x5c, 0xd2,
-	0x85, 0x1a, 0x7e, 0x8d, 0x03, 0xba, 0xb0, 0x2a, 0xe2, 0x40, 0x7a, 0xbc, 0x22, 0x49, 0x2f, 0x3f,
-	0xa3, 0xcf, 0xac, 0xaa, 0x00, 0x52, 0x2e, 0xef, 0x4a, 0xa3, 0x2b, 0x4c, 0xac, 0x5a, 0xdf, 0xe0,
-	0x5d, 0x85, 0x43, 0x1e, 0x81, 0x39, 0x43, 0xe6, 0x8d, 0x3d, 0xe6, 0x59, 0xf5, 0xbe, 0x31, 0x68,
-	0x8e, 0x6c, 0x67, 0x65, 0x6e, 0x47, 0xcc, 0xec, 0x5c, 0xc8, 0xa4, 0xb3, 0x90, 0xd1, 0x85, 0x9b,
-	0xd7, 0x90, 0xff, 0xa1, 0x11, 0x7a, 0x33, 0x4c, 0x62, 0xcf, 0x47, 0xcb, 0x14, 0x1d, 0x97, 0x81,
-	0xde, 0x09, 0xb4, 0x56, 0x0a, 0x49, 0x07, 0x8c, 0x29, 0x2e, 0xe4, 0xe2, 0xdc, 0xe4, 0x63, 0xcd,
-	0xbd, 0xab, 0x54, 0xed, 0x9d, 0x39, 0x0f, 0xf4, 0xfb, 0x9a, 0xfd, 0x53, 0x83, 0xfa, 0xa9, 0xef,
-	0x47, 0x69, 0xc8, 0xc8, 0x1e, 0xe8, 0xc1, 0x58, 0x96, 0xe9, 0xc1, 0x98, 0x1c, 0x41, 0x2d, 0x41,
-	0x9f, 0x22, 0x13, 0x65, 0xcd, 0xd1, 0xfe, 0xa6, 0xa1, 0x5d, 0x99, 0xb3, 0x5c, 0xdd, 0x28, 0xae,
-	0xfe, 0xb8, 0xb0, 0x7a, 0x45, 0xac, 0x7e, 0xbb, 0x84, 0x22, 0xbb, 0xff, 0xd9, 0xf2, 0xd5, 0x6b,
-	0x5d, 0xfe, 0x35, 0x98, 0x2e, 0x26, 0x51, 0x4a, 0x7d, 0xe4, 0xca, 0xe0, 0xa8, 0xb2, 0x50, 0xd8,
-	0x1b, 0xd5, 0xd2, 0x03, 0x13, 0xc3, 0x71, 0x1c, 0x05, 0x21, 0x13, 0x72, 0x69, 0xb8, 0xb9, 0x6f,
-	0x7f, 0xd3, 0xa1, 0x7d, 0x8e, 0x21, 0x52, 0x8f, 0xa1, 0x8b, 0x5f, 0x52, 0x4c, 0xd6, 0x49, 0xcd,
-	0x69, 0xd2, 0x8b, 0x34, 0x3d, 0x2f, 0xd0, 0x64, 0x08, 0x9a, 0x8e, 0x4a, 0x34, 0x95, 0x70, 0xb7,
-	0xd2, 0x75, 0x0b, 0x5a, 0xd9, 0x85, 0x7c, 0x58, 0x91, 0xee, 0x6e, 0x16, 0x3c, 0xcb, 0x04, 0xfc,
-	0x0f, 0x39, 0x7d, 0x06, 0x9d, 0xe5, 0xa8, 0x49, 0x1c, 0x85, 0x09, 0x92, 0x7b, 0x50, 0xf7, 0xb2,
-	0x5b, 0x16, 0x18, 0xcd, 0x51, 0x77, 0xb3, 0x06, 0x5c, 0x95, 0x66, 0xbf, 0x85, 0xdd, 0x73, 0xea,
-	0x85, 0x4c, 0xb1, 0x48, 0xa0, 0xc2, 0x89, 0x52, 0xb7, 0xc3, 0x6d, 0x72, 0x0c, 0x26, 0x95, 0xb7,
-	0x27, 0x05, 0xfa, 0x5f, 0x09, 0x56, 0x5d, 0xae, 0x9b, 0x27, 0xda, 0x6d, 0x68, 0x49, 0xe0, 0x6c,
-	0x36, 0xfb, 0x1d, 0xb4, 0x5c, 0x9c, 0x47, 0x53, 0xbc, 0xf6, 0x56, 0x1d, 0xd8, 0x53, 0xc8, 0xb2,
-	0xd7, 0x1d, 0xd8, 0x7b, 0x11, 0x26, 0x31, 0xfa, 0xf9, 0x5e, 0x1b, 0x5f, 0x29, 0xfb, 0x29, 0xb4,
-	0xf3, 0xbc, 0xbf, 0xa6, 0xf0, 0x15, 0x6f, 0xff, 0x91, 0x62, 0x32, 0x51, 0xcd, 0xba, 0xf9, 0xf7,
-	0x9c, 0x75, 0x53, 0x5f, 0xee, 0x4d, 0xd8, 0x15, 0x7d, 0x95, 0x62, 0x74, 0xa1, 0x98, 0xa6, 0x88,
-	0x65, 0x82, 0xb1, 0x1f, 0x42, 0x3b, 0x07, 0x93, 0x13, 0xdd, 0x2d, 0x8e, 0xbe, 0xed, 0x71, 0xc8,
-	0x52, 0x46, 0x3f, 0x34, 0xa8, 0x9c, 0xa6, 0x6c, 0x42, 0x2e, 0xc0, 0x54, 0xea, 0x20, 0x87, 0xbf,
-	0x57, 0x78, 0xef, 0xc6, 0xd6, 0x73, 0x49, 0xe7, 0x0e, 0x79, 0x09, 0x75, 0x49, 0x14, 0x39, 0x28,
-	0x65, 0xaf, 0x12, 0xdd, 0x3b, 0xdc, 0x76, 0x5c, 0xc4, 0x92, 0x2b, 0xae, 0x61, 0xad, 0xf2, 0xb8,
-	0x86, 0x55, 0x62, 0xc6, 0xde, 0x79, 0xd2, 0x7c, 0xdf, 0xe0, 0x27, 0x27, 0xfc, 0xe7, 0xb2, 0x26,
-	0xfe, 0xa9, 0x8e, 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x52, 0x2c, 0xfc, 0x9c, 0xca, 0x06, 0x00,
-	0x00,
+	// 600 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x6d, 0x8b, 0xd3, 0x40,
+	0x10, 0x36, 0x2f, 0x6d, 0xd3, 0x49, 0xdf, 0x58, 0x8e, 0x33, 0xd4, 0xbb, 0xb3, 0x06, 0x91, 0x22,
+	0x92, 0x4a, 0xef, 0x8b, 0x58, 0x10, 0x4f, 0xef, 0x38, 0x15, 0xce, 0x0f, 0x41, 0xf0, 0xe5, 0x8b,
+	0xe4, 0xd2, 0xc1, 0x8b, 0xbd, 0x26, 0x71, 0xb3, 0x29, 0xf6, 0x4f, 0xf9, 0x8b, 0xfc, 0x28, 0xf8,
+	0x37, 0x64, 0xb7, 0xbb, 0xe9, 0x8b, 0xa9, 0x1c, 0xd2, 0x2f, 0x65, 0x66, 0x76, 0xe7, 0x99, 0x79,
+	0x9e, 0x9d, 0x4e, 0xe0, 0x30, 0xc8, 0xd9, 0xd5, 0x20, 0x43, 0x3a, 0x8b, 0x42, 0x1c, 0xa4, 0x34,
+	0x61, 0xc9, 0x80, 0x87, 0x3c, 0x61, 0x92, 0xe6, 0x97, 0xc4, 0x9b, 0x46, 0x21, 0x4d, 0x3c, 0x1e,
+	0x74, 0x7f, 0xe8, 0x50, 0x79, 0x97, 0x4c, 0x30, 0x26, 0x7b, 0x50, 0x61, 0xdc, 0x70, 0xb4, 0x9e,
+	0xd6, 0xaf, 0xfb, 0x0b, 0x87, 0x10, 0x30, 0xd9, 0x3c, 0x45, 0x47, 0x17, 0x41, 0x61, 0x13, 0x07,
+	0x6a, 0x21, 0xc5, 0x80, 0xe1, 0xd8, 0x31, 0x7a, 0x5a, 0xdf, 0xf0, 0x95, 0x4b, 0xf6, 0xa1, 0x8a,
+	0xdf, 0xd3, 0x88, 0xce, 0x1d, 0x53, 0x1c, 0x48, 0x8f, 0x67, 0x64, 0xf9, 0xe5, 0x57, 0x0c, 0x99,
+	0x53, 0x11, 0x40, 0xca, 0xe5, 0x55, 0x69, 0x72, 0x8d, 0x99, 0x53, 0xed, 0x19, 0xbc, 0xaa, 0x70,
+	0xc8, 0x33, 0xb0, 0xa6, 0xc8, 0x82, 0x71, 0xc0, 0x02, 0xa7, 0xd6, 0x33, 0xfa, 0xf6, 0xd0, 0xf5,
+	0xd6, 0xfa, 0xf6, 0x44, 0xcf, 0xde, 0x85, 0xbc, 0x74, 0x16, 0x33, 0x3a, 0xf7, 0x8b, 0x1c, 0x72,
+	0x00, 0xf5, 0x38, 0x98, 0x62, 0x96, 0x06, 0x21, 0x3a, 0x96, 0xa8, 0xb8, 0x0c, 0x74, 0x47, 0xd0,
+	0x5c, 0x4b, 0x24, 0x1d, 0x30, 0x26, 0x38, 0x97, 0xc4, 0xb9, 0xc9, 0xdb, 0x9a, 0x05, 0xd7, 0xb9,
+	0xe2, 0xbd, 0x70, 0x9e, 0xea, 0x4f, 0x34, 0xf7, 0x97, 0x06, 0xb5, 0x93, 0x30, 0x4c, 0xf2, 0x98,
+	0x91, 0x16, 0xe8, 0xd1, 0x58, 0xa6, 0xe9, 0x91, 0xa0, 0x9f, 0x61, 0x48, 0x91, 0xc9, 0x34, 0xe9,
+	0x2d, 0x49, 0x1a, 0xab, 0x24, 0x9f, 0xaf, 0x90, 0x34, 0x05, 0xc9, 0xfb, 0x1b, 0x24, 0x65, 0x9d,
+	0x9b, 0xd1, 0xac, 0xec, 0x94, 0xe6, 0x5b, 0xb0, 0x7c, 0xcc, 0x92, 0x9c, 0x86, 0xc8, 0x67, 0x80,
+	0xa3, 0xca, 0x44, 0x61, 0x97, 0xce, 0x45, 0x17, 0x2c, 0x8c, 0xc7, 0x69, 0x12, 0xc5, 0x4c, 0x0c,
+	0x46, 0xdd, 0x2f, 0x7c, 0xf7, 0xa7, 0x06, 0xed, 0x73, 0x8c, 0x91, 0x06, 0x0c, 0x7d, 0xfc, 0x96,
+	0x63, 0xf6, 0xb7, 0x7c, 0x85, 0x4c, 0xfa, 0xaa, 0x4c, 0xaf, 0x56, 0x64, 0x32, 0x84, 0x4c, 0x8f,
+	0x36, 0x64, 0xda, 0xc0, 0xbd, 0x99, 0x5c, 0xe6, 0x4e, 0xe5, 0x3a, 0x85, 0xce, 0xb2, 0x8b, 0x2c,
+	0x4d, 0xe2, 0x0c, 0xc9, 0x63, 0xa8, 0x05, 0x8b, 0x07, 0x14, 0x18, 0xf6, 0x70, 0xbf, 0xfc, 0x79,
+	0x7d, 0x75, 0xcd, 0x7d, 0x0f, 0x8d, 0x73, 0x1a, 0xc4, 0x4c, 0x09, 0x44, 0xc0, 0xe4, 0x1a, 0x28,
+	0xe1, 0xb9, 0x4d, 0x8e, 0xc1, 0xa2, 0xf2, 0x61, 0x44, 0x1b, 0xf6, 0xf0, 0xf6, 0x06, 0xac, 0x7a,
+	0x37, 0xbf, 0xb8, 0xe8, 0xb6, 0xa1, 0x29, 0x81, 0x17, 0xbd, 0xb9, 0x1f, 0xa0, 0xe9, 0xe3, 0x2c,
+	0x99, 0xe0, 0xce, 0x4b, 0x75, 0xa0, 0xa5, 0x90, 0x65, 0xad, 0x07, 0xd0, 0x7a, 0x1d, 0x67, 0x29,
+	0x86, 0x05, 0xaf, 0xd2, 0x55, 0xe3, 0xbe, 0x84, 0x76, 0x71, 0xef, 0xbf, 0x25, 0xfc, 0x08, 0x0d,
+	0xb1, 0x1a, 0xb6, 0xcd, 0xd8, 0xb6, 0xbf, 0xe8, 0x3d, 0x68, 0x88, 0x2e, 0x3e, 0xcb, 0xfd, 0xb5,
+	0x58, 0x6c, 0xb6, 0x88, 0x9d, 0x89, 0x90, 0x3b, 0x82, 0xa6, 0x84, 0x96, 0xdd, 0x3d, 0x5c, 0xa5,
+	0x61, 0x0f, 0xf7, 0xca, 0x56, 0x94, 0x24, 0x37, 0xfc, 0xad, 0x81, 0x79, 0x92, 0xb3, 0x2b, 0x72,
+	0x01, 0x96, 0x9a, 0x14, 0x72, 0xf4, 0xef, 0x41, 0xee, 0xde, 0xdd, 0x7a, 0x2e, 0xa5, 0xbd, 0x45,
+	0xde, 0x40, 0x4d, 0x8a, 0x46, 0x0e, 0x37, 0x6e, 0xaf, 0x8b, 0xde, 0x3d, 0xda, 0x76, 0x5c, 0x60,
+	0x9d, 0xaa, 0x4f, 0xc1, 0x9d, 0x52, 0x26, 0x12, 0xe7, 0xa0, 0xfc, 0x50, 0xa1, 0xbc, 0xb0, 0x3f,
+	0xd5, 0x79, 0x7c, 0xc4, 0x7f, 0x2e, 0xab, 0xe2, 0xa3, 0x73, 0xfc, 0x27, 0x00, 0x00, 0xff, 0xff,
+	0xc4, 0x24, 0xa4, 0xa3, 0x95, 0x06, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -754,7 +752,7 @@ const _ = grpc.SupportPackageIsVersion4
 type AuthClient interface {
 	Generate(ctx context.Context, in *GenerateRequest, opts ...grpc.CallOption) (*GenerateResponse, error)
 	Inspect(ctx context.Context, in *InspectRequest, opts ...grpc.CallOption) (*InspectResponse, error)
-	Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error)
+	Token(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error)
 }
 
 type authClient struct {
@@ -783,9 +781,9 @@ func (c *authClient) Inspect(ctx context.Context, in *InspectRequest, opts ...gr
 	return out, nil
 }
 
-func (c *authClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) {
-	out := new(RefreshResponse)
-	err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Refresh", in, out, opts...)
+func (c *authClient) Token(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error) {
+	out := new(TokenResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Token", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -796,7 +794,7 @@ func (c *authClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...gr
 type AuthServer interface {
 	Generate(context.Context, *GenerateRequest) (*GenerateResponse, error)
 	Inspect(context.Context, *InspectRequest) (*InspectResponse, error)
-	Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error)
+	Token(context.Context, *TokenRequest) (*TokenResponse, error)
 }
 
 // UnimplementedAuthServer can be embedded to have forward compatible implementations.
@@ -809,8 +807,8 @@ func (*UnimplementedAuthServer) Generate(ctx context.Context, req *GenerateReque
 func (*UnimplementedAuthServer) Inspect(ctx context.Context, req *InspectRequest) (*InspectResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Inspect not implemented")
 }
-func (*UnimplementedAuthServer) Refresh(ctx context.Context, req *RefreshRequest) (*RefreshResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method Refresh not implemented")
+func (*UnimplementedAuthServer) Token(ctx context.Context, req *TokenRequest) (*TokenResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Token not implemented")
 }
 
 func RegisterAuthServer(s *grpc.Server, srv AuthServer) {
@@ -853,20 +851,20 @@ func _Auth_Inspect_Handler(srv interface{}, ctx context.Context, dec func(interf
 	return interceptor(ctx, in, info, handler)
 }
 
-func _Auth_Refresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RefreshRequest)
+func _Auth_Token_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(TokenRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(AuthServer).Refresh(ctx, in)
+		return srv.(AuthServer).Token(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/go.micro.auth.Auth/Refresh",
+		FullMethod: "/go.micro.auth.Auth/Token",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(AuthServer).Refresh(ctx, req.(*RefreshRequest))
+		return srv.(AuthServer).Token(ctx, req.(*TokenRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -884,8 +882,8 @@ var _Auth_serviceDesc = grpc.ServiceDesc{
 			Handler:    _Auth_Inspect_Handler,
 		},
 		{
-			MethodName: "Refresh",
-			Handler:    _Auth_Refresh_Handler,
+			MethodName: "Token",
+			Handler:    _Auth_Token_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},

auth/service/proto/auth.pb.micro.go

@@ -36,7 +36,7 @@ var _ server.Option
 type AuthService interface {
 	Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
 	Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
-	Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error)
+	Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error)
 }
 
 type authService struct {
@@ -71,9 +71,9 @@ func (c *authService) Inspect(ctx context.Context, in *InspectRequest, opts ...c
 	return out, nil
 }
 
-func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error) {
-	req := c.c.NewRequest(c.name, "Auth.Refresh", in)
-	out := new(RefreshResponse)
+func (c *authService) Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error) {
+	req := c.c.NewRequest(c.name, "Auth.Token", in)
+	out := new(TokenResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
@@ -86,14 +86,14 @@ func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...c
 type AuthHandler interface {
 	Generate(context.Context, *GenerateRequest, *GenerateResponse) error
 	Inspect(context.Context, *InspectRequest, *InspectResponse) error
-	Refresh(context.Context, *RefreshRequest, *RefreshResponse) error
+	Token(context.Context, *TokenRequest, *TokenResponse) error
 }
 
 func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
 	type auth interface {
 		Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
 		Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
-		Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error
+		Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error
 	}
 	type Auth struct {
 		auth
@@ -114,6 +114,6 @@ func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *Insp
 	return h.AuthHandler.Inspect(ctx, in, out)
 }
 
-func (h *authHandler) Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error {
-	return h.AuthHandler.Refresh(ctx, in, out)
+func (h *authHandler) Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error {
+	return h.AuthHandler.Token(ctx, in, out)
 }

auth/service/proto/auth.proto

@@ -6,8 +6,8 @@ option go_package = "auth;auth";
 
 service Auth {
 	rpc Generate(GenerateRequest) returns (GenerateResponse) {};
-	rpc Inspect(InspectRequest)  returns (InspectResponse) {};
-	rpc Refresh(RefreshRequest)  returns (RefreshResponse) {};
+	rpc Inspect(InspectRequest)  returns (InspectResponse) {};		
+	rpc Token(TokenRequest)  returns (TokenResponse) {};
 }
 
 message Token {
@@ -23,7 +23,7 @@ message Token {
 
 message Account {
 	string id = 1;
-	Token secret = 2;
+	string secret = 2;
 	repeated string roles = 3;
 	map<string, string> metadata = 4;
 	string namespace = 5;
@@ -39,8 +39,7 @@ message GenerateRequest {
 	string id = 1;
 	repeated string roles = 2;
 	map<string, string> metadata = 3;
-	int64 secret_expiry = 4;
-	string namespace = 5;
+	string namespace = 4;
 }
 
 message GenerateResponse {
@@ -69,11 +68,12 @@ message InspectResponse {
 	Account account = 1;
 }
 
-message RefreshRequest {
-	string secret = 1;
-	int64 token_expiry = 2;
+message TokenRequest {
+	string id = 1;
+	string secret = 2;
+	int64 token_expiry = 3;
 }
 
-message RefreshResponse {
+message TokenResponse {
 	Token token = 1;
 }

auth/service/service.go

@@ -81,11 +81,10 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
 	options := auth.NewGenerateOptions(opts...)
 
 	rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{
-		Id:           id,
-		Roles:        options.Roles,
-		Metadata:     options.Metadata,
-		Namespace:    options.Namespace,
-		SecretExpiry: int64(options.SecretExpiry.Seconds()),
+		Id:        id,
+		Roles:     options.Roles,
+		Metadata:  options.Metadata,
+		Namespace: options.Namespace,
 	})
 	if err != nil {
 		return nil, err
@@ -186,11 +185,12 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
 	return serializeAccount(rsp.Account), nil
 }
 
-// Refresh an account using a secret
-func (s *svc) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, error) {
-	options := auth.NewRefreshOptions(opts...)
+// Token generation using an account ID and secret
+func (s *svc) Token(id, secret string, opts ...auth.TokenOption) (*auth.Token, error) {
+	options := auth.NewTokenOptions(opts...)
 
-	rsp, err := s.auth.Refresh(context.Background(), &pb.RefreshRequest{
+	rsp, err := s.auth.Token(context.Background(), &pb.TokenRequest{
+		Id:          id,
 		Secret:      secret,
 		TokenExpiry: int64(options.TokenExpiry.Seconds()),
 	})
@@ -269,16 +269,11 @@ func serializeToken(t *pb.Token) *auth.Token {
 }
 
 func serializeAccount(a *pb.Account) *auth.Account {
-	var secret *auth.Token
-	if a.Secret != nil {
-		secret = serializeToken(a.Secret)
-	}
-
 	return &auth.Account{
 		ID:        a.Id,
 		Roles:     a.Roles,
 		Metadata:  a.Metadata,
 		Namespace: a.Namespace,
-		Secret:    secret,
+		Secret:    a.Secret,
 	}
 }