Auth - Swap Refresh to Token and change secrets to be strings, not tokens (#1444)

* Refresh => Token

* Secret is no longer a token

Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
ben-toogood 2020-03-31 10:06:13 +01:00 committed by GitHub
parent c706ebe3fb
commit 76ade7efd9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 144 additions and 166 deletions

View File

@ -42,8 +42,8 @@ type Auth interface {
Verify(acc *Account, res *Resource) error
// Inspect a token
Inspect(token string) (*Account, error)
// Refresh an account using a secret
Refresh(secret string, opts ...RefreshOption) (*Token, error)
// Token generated using an account ID and secret
Token(id, secret string, opts ...TokenOption) (*Token, error)
// String returns the name of the implementation
String() string
}
@ -63,7 +63,7 @@ type Account struct {
// ID of the account (UUIDV4, email or username)
ID string `json:"id"`
// Secret used to renew the account
Secret *Token `json:"secret"`
Secret string `json:"secret"`
// Roles associated with the Account
Roles []string `json:"roles"`
// Any other associated metadata

View File

@ -41,7 +41,7 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
ID: id,
Roles: options.Roles,
Metadata: options.Metadata,
Secret: &Token{},
Secret: uuid.New().String(),
}, nil
}
@ -67,7 +67,7 @@ func (n *noop) Inspect(token string) (*Account, error) {
}, nil
}
// Refresh an account using a secret
func (n *noop) Refresh(secret string, opts ...RefreshOption) (*Token, error) {
// Token generation using an account id and secret
func (n *noop) Token(id, secret string, opts ...TokenOption) (*Token, error) {
return &Token{}, nil
}

View File

@ -71,8 +71,6 @@ type GenerateOptions struct {
Metadata map[string]string
// Roles/scopes associated with the account
Roles []string
// SecretExpiry is the time the secret should live for
SecretExpiry time.Duration
// Namespace the account belongs too
Namespace string
}
@ -100,45 +98,32 @@ func WithNamespace(n string) GenerateOption {
}
}
// WithSecretExpiry for the generated account's secret expires
func WithSecretExpiry(ex time.Duration) GenerateOption {
return func(o *GenerateOptions) {
o.SecretExpiry = ex
}
}
// NewGenerateOptions from a slice of options
func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
var options GenerateOptions
for _, o := range opts {
o(&options)
}
// set defualt expiry of secret
if options.SecretExpiry == 0 {
options.SecretExpiry = time.Hour * 24 * 7
}
return options
}
type RefreshOptions struct {
type TokenOptions struct {
// TokenExpiry is the time the token should live for
TokenExpiry time.Duration
}
type RefreshOption func(o *RefreshOptions)
type TokenOption func(o *TokenOptions)
// WithTokenExpiry for the token
func WithTokenExpiry(ex time.Duration) RefreshOption {
return func(o *RefreshOptions) {
func WithTokenExpiry(ex time.Duration) TokenOption {
return func(o *TokenOptions) {
o.TokenExpiry = ex
}
}
// NewRefreshOptions from a slice of options
func NewRefreshOptions(opts ...RefreshOption) RefreshOptions {
var options RefreshOptions
// NewTokenOptions from a slice of options
func NewTokenOptions(opts ...TokenOption) TokenOptions {
var options TokenOptions
for _, o := range opts {
o(&options)
}

View File

@ -121,7 +121,7 @@ func (m *Token) GetNamespace() string {
type Account struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Secret *Token `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
Secret string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
@ -162,11 +162,11 @@ func (m *Account) GetId() string {
return ""
}
func (m *Account) GetSecret() *Token {
func (m *Account) GetSecret() string {
if m != nil {
return m.Secret
}
return nil
return ""
}
func (m *Account) GetRoles() []string {
@ -249,8 +249,7 @@ type GenerateRequest struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
SecretExpiry int64 `protobuf:"varint,4,opt,name=secret_expiry,json=secretExpiry,proto3" json:"secret_expiry,omitempty"`
Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -302,13 +301,6 @@ func (m *GenerateRequest) GetMetadata() map[string]string {
return nil
}
func (m *GenerateRequest) GetSecretExpiry() int64 {
if m != nil {
return m.SecretExpiry
}
return 0
}
func (m *GenerateRequest) GetNamespace() string {
if m != nil {
return m.Namespace
@ -589,86 +581,94 @@ func (m *InspectResponse) GetAccount() *Account {
return nil
}
type RefreshRequest struct {
Secret string `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"`
TokenExpiry int64 `protobuf:"varint,2,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"`
type TokenRequest struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Secret string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
TokenExpiry int64 `protobuf:"varint,3,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RefreshRequest) Reset() { *m = RefreshRequest{} }
func (m *RefreshRequest) String() string { return proto.CompactTextString(m) }
func (*RefreshRequest) ProtoMessage() {}
func (*RefreshRequest) Descriptor() ([]byte, []int) {
func (m *TokenRequest) Reset() { *m = TokenRequest{} }
func (m *TokenRequest) String() string { return proto.CompactTextString(m) }
func (*TokenRequest) ProtoMessage() {}
func (*TokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{11}
}
func (m *RefreshRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_RefreshRequest.Unmarshal(m, b)
func (m *TokenRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_TokenRequest.Unmarshal(m, b)
}
func (m *RefreshRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_RefreshRequest.Marshal(b, m, deterministic)
func (m *TokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_TokenRequest.Marshal(b, m, deterministic)
}
func (m *RefreshRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_RefreshRequest.Merge(m, src)
func (m *TokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_TokenRequest.Merge(m, src)
}
func (m *RefreshRequest) XXX_Size() int {
return xxx_messageInfo_RefreshRequest.Size(m)
func (m *TokenRequest) XXX_Size() int {
return xxx_messageInfo_TokenRequest.Size(m)
}
func (m *RefreshRequest) XXX_DiscardUnknown() {
xxx_messageInfo_RefreshRequest.DiscardUnknown(m)
func (m *TokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_TokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_RefreshRequest proto.InternalMessageInfo
var xxx_messageInfo_TokenRequest proto.InternalMessageInfo
func (m *RefreshRequest) GetSecret() string {
func (m *TokenRequest) GetId() string {
if m != nil {
return m.Id
}
return ""
}
func (m *TokenRequest) GetSecret() string {
if m != nil {
return m.Secret
}
return ""
}
func (m *RefreshRequest) GetTokenExpiry() int64 {
func (m *TokenRequest) GetTokenExpiry() int64 {
if m != nil {
return m.TokenExpiry
}
return 0
}
type RefreshResponse struct {
type TokenResponse struct {
Token *Token `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RefreshResponse) Reset() { *m = RefreshResponse{} }
func (m *RefreshResponse) String() string { return proto.CompactTextString(m) }
func (*RefreshResponse) ProtoMessage() {}
func (*RefreshResponse) Descriptor() ([]byte, []int) {
func (m *TokenResponse) Reset() { *m = TokenResponse{} }
func (m *TokenResponse) String() string { return proto.CompactTextString(m) }
func (*TokenResponse) ProtoMessage() {}
func (*TokenResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{12}
}
func (m *RefreshResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_RefreshResponse.Unmarshal(m, b)
func (m *TokenResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_TokenResponse.Unmarshal(m, b)
}
func (m *RefreshResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_RefreshResponse.Marshal(b, m, deterministic)
func (m *TokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_TokenResponse.Marshal(b, m, deterministic)
}
func (m *RefreshResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_RefreshResponse.Merge(m, src)
func (m *TokenResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_TokenResponse.Merge(m, src)
}
func (m *RefreshResponse) XXX_Size() int {
return xxx_messageInfo_RefreshResponse.Size(m)
func (m *TokenResponse) XXX_Size() int {
return xxx_messageInfo_TokenResponse.Size(m)
}
func (m *RefreshResponse) XXX_DiscardUnknown() {
xxx_messageInfo_RefreshResponse.DiscardUnknown(m)
func (m *TokenResponse) XXX_DiscardUnknown() {
xxx_messageInfo_TokenResponse.DiscardUnknown(m)
}
var xxx_messageInfo_RefreshResponse proto.InternalMessageInfo
var xxx_messageInfo_TokenResponse proto.InternalMessageInfo
func (m *RefreshResponse) GetToken() *Token {
func (m *TokenResponse) GetToken() *Token {
if m != nil {
return m.Token
}
@ -690,54 +690,52 @@ func init() {
proto.RegisterType((*RevokeResponse)(nil), "go.micro.auth.RevokeResponse")
proto.RegisterType((*InspectRequest)(nil), "go.micro.auth.InspectRequest")
proto.RegisterType((*InspectResponse)(nil), "go.micro.auth.InspectResponse")
proto.RegisterType((*RefreshRequest)(nil), "go.micro.auth.RefreshRequest")
proto.RegisterType((*RefreshResponse)(nil), "go.micro.auth.RefreshResponse")
proto.RegisterType((*TokenRequest)(nil), "go.micro.auth.TokenRequest")
proto.RegisterType((*TokenResponse)(nil), "go.micro.auth.TokenResponse")
}
func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
var fileDescriptor_21300bfacc51fc2a = []byte{
// 625 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0x4d, 0x6f, 0xd3, 0x4c,
0x10, 0xae, 0xed, 0x7c, 0x38, 0x93, 0xa6, 0x89, 0x56, 0x55, 0x5e, 0x2b, 0x7a, 0x5b, 0x82, 0x41,
0x28, 0x42, 0x95, 0x83, 0xd2, 0x0b, 0xa2, 0x02, 0x51, 0xa0, 0x2a, 0x1f, 0x2a, 0x07, 0x0b, 0x09,
0xc4, 0x05, 0xb9, 0xce, 0x40, 0x4c, 0x1a, 0xdb, 0xac, 0xd7, 0x11, 0x39, 0xf2, 0x87, 0xf8, 0x67,
0xfc, 0x01, 0x4e, 0x68, 0xd7, 0xbb, 0x8e, 0xe3, 0x24, 0x08, 0xa1, 0x72, 0x89, 0x66, 0x66, 0x67,
0x9e, 0x99, 0x79, 0xf6, 0xf1, 0x06, 0x0e, 0xbc, 0x94, 0x4d, 0x86, 0x09, 0xd2, 0x79, 0xe0, 0xe3,
0x30, 0xa6, 0x11, 0x8b, 0x86, 0x3c, 0xe4, 0x08, 0x93, 0xb4, 0x3e, 0x45, 0xce, 0x2c, 0xf0, 0x69,
0xe4, 0xf0, 0xa0, 0xfd, 0x5d, 0x87, 0xea, 0x9b, 0x68, 0x8a, 0x21, 0xd9, 0x87, 0x2a, 0xe3, 0x86,
0xa5, 0xf5, 0xb5, 0x41, 0xc3, 0xcd, 0x1c, 0x42, 0xa0, 0xc2, 0x16, 0x31, 0x5a, 0xba, 0x08, 0x0a,
0x9b, 0x58, 0x50, 0xf7, 0x29, 0x7a, 0x0c, 0xc7, 0x96, 0xd1, 0xd7, 0x06, 0x86, 0xab, 0x5c, 0xd2,
0x85, 0x1a, 0x7e, 0x8d, 0x03, 0xba, 0xb0, 0x2a, 0xe2, 0x40, 0x7a, 0xbc, 0x22, 0x49, 0x2f, 0x3f,
0xa3, 0xcf, 0xac, 0xaa, 0x00, 0x52, 0x2e, 0xef, 0x4a, 0xa3, 0x2b, 0x4c, 0xac, 0x5a, 0xdf, 0xe0,
0x5d, 0x85, 0x43, 0x1e, 0x81, 0x39, 0x43, 0xe6, 0x8d, 0x3d, 0xe6, 0x59, 0xf5, 0xbe, 0x31, 0x68,
0x8e, 0x6c, 0x67, 0x65, 0x6e, 0x47, 0xcc, 0xec, 0x5c, 0xc8, 0xa4, 0xb3, 0x90, 0xd1, 0x85, 0x9b,
0xd7, 0x90, 0xff, 0xa1, 0x11, 0x7a, 0x33, 0x4c, 0x62, 0xcf, 0x47, 0xcb, 0x14, 0x1d, 0x97, 0x81,
0xde, 0x09, 0xb4, 0x56, 0x0a, 0x49, 0x07, 0x8c, 0x29, 0x2e, 0xe4, 0xe2, 0xdc, 0xe4, 0x63, 0xcd,
0xbd, 0xab, 0x54, 0xed, 0x9d, 0x39, 0x0f, 0xf4, 0xfb, 0x9a, 0xfd, 0x53, 0x83, 0xfa, 0xa9, 0xef,
0x47, 0x69, 0xc8, 0xc8, 0x1e, 0xe8, 0xc1, 0x58, 0x96, 0xe9, 0xc1, 0x98, 0x1c, 0x41, 0x2d, 0x41,
0x9f, 0x22, 0x13, 0x65, 0xcd, 0xd1, 0xfe, 0xa6, 0xa1, 0x5d, 0x99, 0xb3, 0x5c, 0xdd, 0x28, 0xae,
0xfe, 0xb8, 0xb0, 0x7a, 0x45, 0xac, 0x7e, 0xbb, 0x84, 0x22, 0xbb, 0xff, 0xd9, 0xf2, 0xd5, 0x6b,
0x5d, 0xfe, 0x35, 0x98, 0x2e, 0x26, 0x51, 0x4a, 0x7d, 0xe4, 0xca, 0xe0, 0xa8, 0xb2, 0x50, 0xd8,
0x1b, 0xd5, 0xd2, 0x03, 0x13, 0xc3, 0x71, 0x1c, 0x05, 0x21, 0x13, 0x72, 0x69, 0xb8, 0xb9, 0x6f,
0x7f, 0xd3, 0xa1, 0x7d, 0x8e, 0x21, 0x52, 0x8f, 0xa1, 0x8b, 0x5f, 0x52, 0x4c, 0xd6, 0x49, 0xcd,
0x69, 0xd2, 0x8b, 0x34, 0x3d, 0x2f, 0xd0, 0x64, 0x08, 0x9a, 0x8e, 0x4a, 0x34, 0x95, 0x70, 0xb7,
0xd2, 0x75, 0x0b, 0x5a, 0xd9, 0x85, 0x7c, 0x58, 0x91, 0xee, 0x6e, 0x16, 0x3c, 0xcb, 0x04, 0xfc,
0x0f, 0x39, 0x7d, 0x06, 0x9d, 0xe5, 0xa8, 0x49, 0x1c, 0x85, 0x09, 0x92, 0x7b, 0x50, 0xf7, 0xb2,
0x5b, 0x16, 0x18, 0xcd, 0x51, 0x77, 0xb3, 0x06, 0x5c, 0x95, 0x66, 0xbf, 0x85, 0xdd, 0x73, 0xea,
0x85, 0x4c, 0xb1, 0x48, 0xa0, 0xc2, 0x89, 0x52, 0xb7, 0xc3, 0x6d, 0x72, 0x0c, 0x26, 0x95, 0xb7,
0x27, 0x05, 0xfa, 0x5f, 0x09, 0x56, 0x5d, 0xae, 0x9b, 0x27, 0xda, 0x6d, 0x68, 0x49, 0xe0, 0x6c,
0x36, 0xfb, 0x1d, 0xb4, 0x5c, 0x9c, 0x47, 0x53, 0xbc, 0xf6, 0x56, 0x1d, 0xd8, 0x53, 0xc8, 0xb2,
0xd7, 0x1d, 0xd8, 0x7b, 0x11, 0x26, 0x31, 0xfa, 0xf9, 0x5e, 0x1b, 0x5f, 0x29, 0xfb, 0x29, 0xb4,
0xf3, 0xbc, 0xbf, 0xa6, 0xf0, 0x15, 0x6f, 0xff, 0x91, 0x62, 0x32, 0x51, 0xcd, 0xba, 0xf9, 0xf7,
0x9c, 0x75, 0x53, 0x5f, 0xee, 0x4d, 0xd8, 0x15, 0x7d, 0x95, 0x62, 0x74, 0xa1, 0x98, 0xa6, 0x88,
0x65, 0x82, 0xb1, 0x1f, 0x42, 0x3b, 0x07, 0x93, 0x13, 0xdd, 0x2d, 0x8e, 0xbe, 0xed, 0x71, 0xc8,
0x52, 0x46, 0x3f, 0x34, 0xa8, 0x9c, 0xa6, 0x6c, 0x42, 0x2e, 0xc0, 0x54, 0xea, 0x20, 0x87, 0xbf,
0x57, 0x78, 0xef, 0xc6, 0xd6, 0x73, 0x49, 0xe7, 0x0e, 0x79, 0x09, 0x75, 0x49, 0x14, 0x39, 0x28,
0x65, 0xaf, 0x12, 0xdd, 0x3b, 0xdc, 0x76, 0x5c, 0xc4, 0x92, 0x2b, 0xae, 0x61, 0xad, 0xf2, 0xb8,
0x86, 0x55, 0x62, 0xc6, 0xde, 0x79, 0xd2, 0x7c, 0xdf, 0xe0, 0x27, 0x27, 0xfc, 0xe7, 0xb2, 0x26,
0xfe, 0xa9, 0x8e, 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x52, 0x2c, 0xfc, 0x9c, 0xca, 0x06, 0x00,
0x00,
// 600 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x6d, 0x8b, 0xd3, 0x40,
0x10, 0x36, 0x2f, 0x6d, 0xd3, 0x49, 0xdf, 0x58, 0x8e, 0x33, 0xd4, 0xbb, 0xb3, 0x06, 0x91, 0x22,
0x92, 0x4a, 0xef, 0x8b, 0x58, 0x10, 0x4f, 0xef, 0x38, 0x15, 0xce, 0x0f, 0x41, 0xf0, 0xe5, 0x8b,
0xe4, 0xd2, 0xc1, 0x8b, 0xbd, 0x26, 0x71, 0xb3, 0x29, 0xf6, 0x4f, 0xf9, 0x8b, 0xfc, 0x28, 0xf8,
0x37, 0x64, 0xb7, 0xbb, 0xe9, 0x8b, 0xa9, 0x1c, 0xd2, 0x2f, 0x65, 0x66, 0x76, 0xe7, 0x99, 0x79,
0x9e, 0x9d, 0x4e, 0xe0, 0x30, 0xc8, 0xd9, 0xd5, 0x20, 0x43, 0x3a, 0x8b, 0x42, 0x1c, 0xa4, 0x34,
0x61, 0xc9, 0x80, 0x87, 0x3c, 0x61, 0x92, 0xe6, 0x97, 0xc4, 0x9b, 0x46, 0x21, 0x4d, 0x3c, 0x1e,
0x74, 0x7f, 0xe8, 0x50, 0x79, 0x97, 0x4c, 0x30, 0x26, 0x7b, 0x50, 0x61, 0xdc, 0x70, 0xb4, 0x9e,
0xd6, 0xaf, 0xfb, 0x0b, 0x87, 0x10, 0x30, 0xd9, 0x3c, 0x45, 0x47, 0x17, 0x41, 0x61, 0x13, 0x07,
0x6a, 0x21, 0xc5, 0x80, 0xe1, 0xd8, 0x31, 0x7a, 0x5a, 0xdf, 0xf0, 0x95, 0x4b, 0xf6, 0xa1, 0x8a,
0xdf, 0xd3, 0x88, 0xce, 0x1d, 0x53, 0x1c, 0x48, 0x8f, 0x67, 0x64, 0xf9, 0xe5, 0x57, 0x0c, 0x99,
0x53, 0x11, 0x40, 0xca, 0xe5, 0x55, 0x69, 0x72, 0x8d, 0x99, 0x53, 0xed, 0x19, 0xbc, 0xaa, 0x70,
0xc8, 0x33, 0xb0, 0xa6, 0xc8, 0x82, 0x71, 0xc0, 0x02, 0xa7, 0xd6, 0x33, 0xfa, 0xf6, 0xd0, 0xf5,
0xd6, 0xfa, 0xf6, 0x44, 0xcf, 0xde, 0x85, 0xbc, 0x74, 0x16, 0x33, 0x3a, 0xf7, 0x8b, 0x1c, 0x72,
0x00, 0xf5, 0x38, 0x98, 0x62, 0x96, 0x06, 0x21, 0x3a, 0x96, 0xa8, 0xb8, 0x0c, 0x74, 0x47, 0xd0,
0x5c, 0x4b, 0x24, 0x1d, 0x30, 0x26, 0x38, 0x97, 0xc4, 0xb9, 0xc9, 0xdb, 0x9a, 0x05, 0xd7, 0xb9,
0xe2, 0xbd, 0x70, 0x9e, 0xea, 0x4f, 0x34, 0xf7, 0x97, 0x06, 0xb5, 0x93, 0x30, 0x4c, 0xf2, 0x98,
0x91, 0x16, 0xe8, 0xd1, 0x58, 0xa6, 0xe9, 0x91, 0xa0, 0x9f, 0x61, 0x48, 0x91, 0xc9, 0x34, 0xe9,
0x2d, 0x49, 0x1a, 0xab, 0x24, 0x9f, 0xaf, 0x90, 0x34, 0x05, 0xc9, 0xfb, 0x1b, 0x24, 0x65, 0x9d,
0x9b, 0xd1, 0xac, 0xec, 0x94, 0xe6, 0x5b, 0xb0, 0x7c, 0xcc, 0x92, 0x9c, 0x86, 0xc8, 0x67, 0x80,
0xa3, 0xca, 0x44, 0x61, 0x97, 0xce, 0x45, 0x17, 0x2c, 0x8c, 0xc7, 0x69, 0x12, 0xc5, 0x4c, 0x0c,
0x46, 0xdd, 0x2f, 0x7c, 0xf7, 0xa7, 0x06, 0xed, 0x73, 0x8c, 0x91, 0x06, 0x0c, 0x7d, 0xfc, 0x96,
0x63, 0xf6, 0xb7, 0x7c, 0x85, 0x4c, 0xfa, 0xaa, 0x4c, 0xaf, 0x56, 0x64, 0x32, 0x84, 0x4c, 0x8f,
0x36, 0x64, 0xda, 0xc0, 0xbd, 0x99, 0x5c, 0xe6, 0x4e, 0xe5, 0x3a, 0x85, 0xce, 0xb2, 0x8b, 0x2c,
0x4d, 0xe2, 0x0c, 0xc9, 0x63, 0xa8, 0x05, 0x8b, 0x07, 0x14, 0x18, 0xf6, 0x70, 0xbf, 0xfc, 0x79,
0x7d, 0x75, 0xcd, 0x7d, 0x0f, 0x8d, 0x73, 0x1a, 0xc4, 0x4c, 0x09, 0x44, 0xc0, 0xe4, 0x1a, 0x28,
0xe1, 0xb9, 0x4d, 0x8e, 0xc1, 0xa2, 0xf2, 0x61, 0x44, 0x1b, 0xf6, 0xf0, 0xf6, 0x06, 0xac, 0x7a,
0x37, 0xbf, 0xb8, 0xe8, 0xb6, 0xa1, 0x29, 0x81, 0x17, 0xbd, 0xb9, 0x1f, 0xa0, 0xe9, 0xe3, 0x2c,
0x99, 0xe0, 0xce, 0x4b, 0x75, 0xa0, 0xa5, 0x90, 0x65, 0xad, 0x07, 0xd0, 0x7a, 0x1d, 0x67, 0x29,
0x86, 0x05, 0xaf, 0xd2, 0x55, 0xe3, 0xbe, 0x84, 0x76, 0x71, 0xef, 0xbf, 0x25, 0xfc, 0x08, 0x0d,
0xb1, 0x1a, 0xb6, 0xcd, 0xd8, 0xb6, 0xbf, 0xe8, 0x3d, 0x68, 0x88, 0x2e, 0x3e, 0xcb, 0xfd, 0xb5,
0x58, 0x6c, 0xb6, 0x88, 0x9d, 0x89, 0x90, 0x3b, 0x82, 0xa6, 0x84, 0x96, 0xdd, 0x3d, 0x5c, 0xa5,
0x61, 0x0f, 0xf7, 0xca, 0x56, 0x94, 0x24, 0x37, 0xfc, 0xad, 0x81, 0x79, 0x92, 0xb3, 0x2b, 0x72,
0x01, 0x96, 0x9a, 0x14, 0x72, 0xf4, 0xef, 0x41, 0xee, 0xde, 0xdd, 0x7a, 0x2e, 0xa5, 0xbd, 0x45,
0xde, 0x40, 0x4d, 0x8a, 0x46, 0x0e, 0x37, 0x6e, 0xaf, 0x8b, 0xde, 0x3d, 0xda, 0x76, 0x5c, 0x60,
0x9d, 0xaa, 0x4f, 0xc1, 0x9d, 0x52, 0x26, 0x12, 0xe7, 0xa0, 0xfc, 0x50, 0xa1, 0xbc, 0xb0, 0x3f,
0xd5, 0x79, 0x7c, 0xc4, 0x7f, 0x2e, 0xab, 0xe2, 0xa3, 0x73, 0xfc, 0x27, 0x00, 0x00, 0xff, 0xff,
0xc4, 0x24, 0xa4, 0xa3, 0x95, 0x06, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
@ -754,7 +752,7 @@ const _ = grpc.SupportPackageIsVersion4
type AuthClient interface {
Generate(ctx context.Context, in *GenerateRequest, opts ...grpc.CallOption) (*GenerateResponse, error)
Inspect(ctx context.Context, in *InspectRequest, opts ...grpc.CallOption) (*InspectResponse, error)
Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error)
Token(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error)
}
type authClient struct {
@ -783,9 +781,9 @@ func (c *authClient) Inspect(ctx context.Context, in *InspectRequest, opts ...gr
return out, nil
}
func (c *authClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) {
out := new(RefreshResponse)
err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Refresh", in, out, opts...)
func (c *authClient) Token(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error) {
out := new(TokenResponse)
err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Token", in, out, opts...)
if err != nil {
return nil, err
}
@ -796,7 +794,7 @@ func (c *authClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...gr
type AuthServer interface {
Generate(context.Context, *GenerateRequest) (*GenerateResponse, error)
Inspect(context.Context, *InspectRequest) (*InspectResponse, error)
Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error)
Token(context.Context, *TokenRequest) (*TokenResponse, error)
}
// UnimplementedAuthServer can be embedded to have forward compatible implementations.
@ -809,8 +807,8 @@ func (*UnimplementedAuthServer) Generate(ctx context.Context, req *GenerateReque
func (*UnimplementedAuthServer) Inspect(ctx context.Context, req *InspectRequest) (*InspectResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Inspect not implemented")
}
func (*UnimplementedAuthServer) Refresh(ctx context.Context, req *RefreshRequest) (*RefreshResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Refresh not implemented")
func (*UnimplementedAuthServer) Token(ctx context.Context, req *TokenRequest) (*TokenResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Token not implemented")
}
func RegisterAuthServer(s *grpc.Server, srv AuthServer) {
@ -853,20 +851,20 @@ func _Auth_Inspect_Handler(srv interface{}, ctx context.Context, dec func(interf
return interceptor(ctx, in, info, handler)
}
func _Auth_Refresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RefreshRequest)
func _Auth_Token_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(TokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServer).Refresh(ctx, in)
return srv.(AuthServer).Token(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/go.micro.auth.Auth/Refresh",
FullMethod: "/go.micro.auth.Auth/Token",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServer).Refresh(ctx, req.(*RefreshRequest))
return srv.(AuthServer).Token(ctx, req.(*TokenRequest))
}
return interceptor(ctx, in, info, handler)
}
@ -884,8 +882,8 @@ var _Auth_serviceDesc = grpc.ServiceDesc{
Handler: _Auth_Inspect_Handler,
},
{
MethodName: "Refresh",
Handler: _Auth_Refresh_Handler,
MethodName: "Token",
Handler: _Auth_Token_Handler,
},
},
Streams: []grpc.StreamDesc{},

View File

@ -36,7 +36,7 @@ var _ server.Option
type AuthService interface {
Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error)
Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error)
}
type authService struct {
@ -71,9 +71,9 @@ func (c *authService) Inspect(ctx context.Context, in *InspectRequest, opts ...c
return out, nil
}
func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error) {
req := c.c.NewRequest(c.name, "Auth.Refresh", in)
out := new(RefreshResponse)
func (c *authService) Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error) {
req := c.c.NewRequest(c.name, "Auth.Token", in)
out := new(TokenResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
@ -86,14 +86,14 @@ func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...c
type AuthHandler interface {
Generate(context.Context, *GenerateRequest, *GenerateResponse) error
Inspect(context.Context, *InspectRequest, *InspectResponse) error
Refresh(context.Context, *RefreshRequest, *RefreshResponse) error
Token(context.Context, *TokenRequest, *TokenResponse) error
}
func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
type auth interface {
Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error
Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error
}
type Auth struct {
auth
@ -114,6 +114,6 @@ func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *Insp
return h.AuthHandler.Inspect(ctx, in, out)
}
func (h *authHandler) Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error {
return h.AuthHandler.Refresh(ctx, in, out)
func (h *authHandler) Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error {
return h.AuthHandler.Token(ctx, in, out)
}

View File

@ -7,7 +7,7 @@ option go_package = "auth;auth";
service Auth {
rpc Generate(GenerateRequest) returns (GenerateResponse) {};
rpc Inspect(InspectRequest) returns (InspectResponse) {};
rpc Refresh(RefreshRequest) returns (RefreshResponse) {};
rpc Token(TokenRequest) returns (TokenResponse) {};
}
message Token {
@ -23,7 +23,7 @@ message Token {
message Account {
string id = 1;
Token secret = 2;
string secret = 2;
repeated string roles = 3;
map<string, string> metadata = 4;
string namespace = 5;
@ -39,8 +39,7 @@ message GenerateRequest {
string id = 1;
repeated string roles = 2;
map<string, string> metadata = 3;
int64 secret_expiry = 4;
string namespace = 5;
string namespace = 4;
}
message GenerateResponse {
@ -69,11 +68,12 @@ message InspectResponse {
Account account = 1;
}
message RefreshRequest {
string secret = 1;
int64 token_expiry = 2;
message TokenRequest {
string id = 1;
string secret = 2;
int64 token_expiry = 3;
}
message RefreshResponse {
message TokenResponse {
Token token = 1;
}

View File

@ -85,7 +85,6 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
Roles: options.Roles,
Metadata: options.Metadata,
Namespace: options.Namespace,
SecretExpiry: int64(options.SecretExpiry.Seconds()),
})
if err != nil {
return nil, err
@ -186,11 +185,12 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
return serializeAccount(rsp.Account), nil
}
// Refresh an account using a secret
func (s *svc) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, error) {
options := auth.NewRefreshOptions(opts...)
// Token generation using an account ID and secret
func (s *svc) Token(id, secret string, opts ...auth.TokenOption) (*auth.Token, error) {
options := auth.NewTokenOptions(opts...)
rsp, err := s.auth.Refresh(context.Background(), &pb.RefreshRequest{
rsp, err := s.auth.Token(context.Background(), &pb.TokenRequest{
Id: id,
Secret: secret,
TokenExpiry: int64(options.TokenExpiry.Seconds()),
})
@ -269,16 +269,11 @@ func serializeToken(t *pb.Token) *auth.Token {
}
func serializeAccount(a *pb.Account) *auth.Account {
var secret *auth.Token
if a.Secret != nil {
secret = serializeToken(a.Secret)
}
return &auth.Account{
ID: a.Id,
Roles: a.Roles,
Metadata: a.Metadata,
Namespace: a.Namespace,
Secret: secret,
Secret: a.Secret,
}
}