Refactor Auth Service Protos, Add Access Rules (#1411)

* Refactor auth/service into two protos * Accounts Proto * Store Prefixes * Misc * Tweak Protos Co-authored-by: Ben Toogood <ben@micro.mu> Co-authored-by: Asim Aslam <asim@aslam.me>
2020-03-26 13:12:43 +00:00 · 2020-03-26 13:12:43 +00:00 · 844c456839
commit 844c456839
parent 7182ca1fd0
11 changed files with 895 additions and 291 deletions
--- a/auth/service/proto/accounts/accounts.pb.go
+++ b/auth/service/proto/accounts/accounts.pb.go
@ -0,0 +1,117 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: github.com/micro/go-micro/auth/service/proto/accounts/accounts.proto
 package go_micro_auth
 import (
 	fmt "fmt"
 	proto "github.com/golang/protobuf/proto"
 	auth "github.com/micro/go-micro/v2/auth/service/proto/auth"
 	math "math"
 )
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 type ListAccountsRequest struct {
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *ListAccountsRequest) Reset()         { *m = ListAccountsRequest{} }
 func (m *ListAccountsRequest) String() string { return proto.CompactTextString(m) }
 func (*ListAccountsRequest) ProtoMessage()    {}
 func (*ListAccountsRequest) Descriptor() ([]byte, []int) {
 	return fileDescriptor_25929ace37374fcc, []int{0}
 }
 func (m *ListAccountsRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListAccountsRequest.Unmarshal(m, b)
 }
 func (m *ListAccountsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListAccountsRequest.Marshal(b, m, deterministic)
 }
 func (m *ListAccountsRequest) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_ListAccountsRequest.Merge(m, src)
 }
 func (m *ListAccountsRequest) XXX_Size() int {
 	return xxx_messageInfo_ListAccountsRequest.Size(m)
 }
 func (m *ListAccountsRequest) XXX_DiscardUnknown() {
 	xxx_messageInfo_ListAccountsRequest.DiscardUnknown(m)
 }
 var xxx_messageInfo_ListAccountsRequest proto.InternalMessageInfo
 type ListAccountsResponse struct {
 	Accounts             []*auth.Account `protobuf:"bytes,1,rep,name=accounts,proto3" json:"accounts,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
 	XXX_unrecognized     []byte          `json:"-"`
 	XXX_sizecache        int32           `json:"-"`
 }
 func (m *ListAccountsResponse) Reset()         { *m = ListAccountsResponse{} }
 func (m *ListAccountsResponse) String() string { return proto.CompactTextString(m) }
 func (*ListAccountsResponse) ProtoMessage()    {}
 func (*ListAccountsResponse) Descriptor() ([]byte, []int) {
 	return fileDescriptor_25929ace37374fcc, []int{1}
 }
 func (m *ListAccountsResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListAccountsResponse.Unmarshal(m, b)
 }
 func (m *ListAccountsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListAccountsResponse.Marshal(b, m, deterministic)
 }
 func (m *ListAccountsResponse) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_ListAccountsResponse.Merge(m, src)
 }
 func (m *ListAccountsResponse) XXX_Size() int {
 	return xxx_messageInfo_ListAccountsResponse.Size(m)
 }
 func (m *ListAccountsResponse) XXX_DiscardUnknown() {
 	xxx_messageInfo_ListAccountsResponse.DiscardUnknown(m)
 }
 var xxx_messageInfo_ListAccountsResponse proto.InternalMessageInfo
 func (m *ListAccountsResponse) GetAccounts() []*auth.Account {
 	if m != nil {
 		return m.Accounts
 	}
 	return nil
 }
 func init() {
 	proto.RegisterType((*ListAccountsRequest)(nil), "go.micro.auth.ListAccountsRequest")
 	proto.RegisterType((*ListAccountsResponse)(nil), "go.micro.auth.ListAccountsResponse")
 }
 func init() {
 	proto.RegisterFile("github.com/micro/go-micro/auth/service/proto/accounts/accounts.proto", fileDescriptor_25929ace37374fcc)
 }
 var fileDescriptor_25929ace37374fcc = []byte{
 	// 186 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x72, 0x49, 0xcf, 0x2c, 0xc9,
 	0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0xcf, 0xcd, 0x4c, 0x2e, 0xca, 0xd7, 0x4f, 0xcf, 0xd7,
 	0x85, 0x30, 0x12, 0x4b, 0x4b, 0x32, 0xf4, 0x8b, 0x53, 0x8b, 0xca, 0x32, 0x93, 0x53, 0xf5, 0x0b,
 	0x8a, 0xf2, 0x4b, 0xf2, 0xf5, 0x13, 0x93, 0x93, 0xf3, 0x4b, 0xf3, 0x4a, 0x8a, 0xe1, 0x0c, 0x3d,
 	0xb0, 0xb8, 0x10, 0x6f, 0x7a, 0xbe, 0x1e, 0x58, 0x93, 0x1e, 0x48, 0x93, 0x94, 0x0d, 0x69, 0x86,
 	0x82, 0x84, 0x40, 0x04, 0xc4, 0x30, 0x25, 0x51, 0x2e, 0x61, 0x9f, 0xcc, 0xe2, 0x12, 0x47, 0xa8,
 	0x15, 0x41, 0xa9, 0x85, 0xa5, 0xa9, 0xc5, 0x25, 0x4a, 0x5e, 0x5c, 0x22, 0xa8, 0xc2, 0xc5, 0x05,
 	0xf9, 0x79, 0xc5, 0xa9, 0x42, 0x46, 0x5c, 0x1c, 0x30, 0xd7, 0x48, 0x30, 0x2a, 0x30, 0x6b, 0x70,
 	0x1b, 0x89, 0xe9, 0xa1, 0x38, 0x47, 0x0f, 0xaa, 0x25, 0x08, 0xae, 0xce, 0x28, 0x96, 0x8b, 0x03,
 	0x66, 0x8e, 0x50, 0x20, 0x17, 0x0b, 0xc8, 0x5c, 0x21, 0x25, 0x34, 0x5d, 0x58, 0xdc, 0x20, 0xa5,
 	0x8c, 0x57, 0x0d, 0xc4, 0x41, 0x4a, 0x0c, 0x49, 0x6c, 0x60, 0x8f, 0x18, 0x03, 0x02, 0x00, 0x00,
 	0xff, 0xff, 0x23, 0x27, 0x81, 0xfe, 0x5d, 0x01, 0x00, 0x00,
 }
--- a/auth/service/proto/accounts/accounts.pb.micro.go
+++ b/auth/service/proto/accounts/accounts.pb.micro.go
@ -0,0 +1,86 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
 // source: github.com/micro/go-micro/auth/service/proto/accounts/accounts.proto
 package go_micro_auth
 import (
 	fmt "fmt"
 	proto "github.com/golang/protobuf/proto"
 	_ "github.com/micro/go-micro/v2/auth/service/proto/auth"
 	math "math"
 )
 import (
 	context "context"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ client.Option
 var _ server.Option
 // Client API for Accounts service
 type AccountsService interface {
 	List(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error)
 }
 type accountsService struct {
 	c    client.Client
 	name string
 }
 func NewAccountsService(name string, c client.Client) AccountsService {
 	return &accountsService{
 		c:    c,
 		name: name,
 	}
 }
 func (c *accountsService) List(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error) {
 	req := c.c.NewRequest(c.name, "Accounts.List", in)
 	out := new(ListAccountsResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 // Server API for Accounts service
 type AccountsHandler interface {
 	List(context.Context, *ListAccountsRequest, *ListAccountsResponse) error
 }
 func RegisterAccountsHandler(s server.Server, hdlr AccountsHandler, opts ...server.HandlerOption) error {
 	type accounts interface {
 		List(ctx context.Context, in *ListAccountsRequest, out *ListAccountsResponse) error
 	}
 	type Accounts struct {
 		accounts
 	}
 	h := &accountsHandler{hdlr}
 	return s.Handle(s.NewHandler(&Accounts{h}, opts...))
 }
 type accountsHandler struct {
 	AccountsHandler
 }
 func (h *accountsHandler) List(ctx context.Context, in *ListAccountsRequest, out *ListAccountsResponse) error {
 	return h.AccountsHandler.List(ctx, in, out)
 }
--- a/auth/service/proto/accounts/accounts.proto
+++ b/auth/service/proto/accounts/accounts.proto
@ -0,0 +1,16 @@
 syntax = "proto3";
 package go.micro.auth;
 import "github.com/micro/go-micro/auth/service/proto/auth/auth.proto";
 service Accounts {
  rpc List(ListAccountsRequest) returns (ListAccountsResponse) {};
 }
 message ListAccountsRequest {
 }
 message ListAccountsResponse {
  repeated Account accounts = 1;
 }
--- a/auth/service/proto/auth/auth.pb.go
+++ b/auth/service/proto/auth/auth.pb.go
@ -1,5 +1,5 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
-// source: auth/service/proto/auth.proto
+// source: github.com/micro/go-micro/auth/service/proto/auth/auth.proto
 package go_micro_auth
@ -20,61 +20,6 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 type Rule struct {
 	Id                   string    `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	Role                 string    `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
 	Resource             *Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
 	XXX_unrecognized     []byte    `json:"-"`
 	XXX_sizecache        int32     `json:"-"`
 }
 func (m *Rule) Reset()         { *m = Rule{} }
 func (m *Rule) String() string { return proto.CompactTextString(m) }
 func (*Rule) ProtoMessage()    {}
 func (*Rule) Descriptor() ([]byte, []int) {
 	return fileDescriptor_21300bfacc51fc2a, []int{0}
 }
 func (m *Rule) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Rule.Unmarshal(m, b)
 }
 func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Rule.Marshal(b, m, deterministic)
 }
 func (m *Rule) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_Rule.Merge(m, src)
 }
 func (m *Rule) XXX_Size() int {
 	return xxx_messageInfo_Rule.Size(m)
 }
 func (m *Rule) XXX_DiscardUnknown() {
 	xxx_messageInfo_Rule.DiscardUnknown(m)
 }
 var xxx_messageInfo_Rule proto.InternalMessageInfo
 func (m *Rule) GetId() string {
 	if m != nil {
 		return m.Id
 	}
 	return ""
 }
 func (m *Rule) GetRole() string {
 	if m != nil {
 		return m.Role
 	}
 	return ""
 }
 func (m *Rule) GetResource() *Resource {
 	if m != nil {
 		return m.Resource
 	}
 	return nil
 }
 type Token struct {
 	Token                string            `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
 	Type                 string            `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
@ -92,7 +37,7 @@ func (m *Token) Reset()         { *m = Token{} }
 func (m *Token) String() string { return proto.CompactTextString(m) }
 func (*Token) ProtoMessage()    {}
 func (*Token) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{1}
+	return fileDescriptor_b246cecfa8195ff3, []int{0}
 }
 func (m *Token) XXX_Unmarshal(b []byte) error {
@ -176,7 +121,7 @@ func (m *Account) Reset()         { *m = Account{} }
 func (m *Account) String() string { return proto.CompactTextString(m) }
 func (*Account) ProtoMessage()    {}
 func (*Account) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{2}
+	return fileDescriptor_b246cecfa8195ff3, []int{1}
 }
 func (m *Account) XXX_Unmarshal(b []byte) error {
@ -238,7 +183,7 @@ func (m *Resource) Reset()         { *m = Resource{} }
 func (m *Resource) String() string { return proto.CompactTextString(m) }
 func (*Resource) ProtoMessage()    {}
 func (*Resource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{3}
+	return fileDescriptor_b246cecfa8195ff3, []int{2}
 }
 func (m *Resource) XXX_Unmarshal(b []byte) error {
@ -294,7 +239,7 @@ func (m *GenerateRequest) Reset()         { *m = GenerateRequest{} }
 func (m *GenerateRequest) String() string { return proto.CompactTextString(m) }
 func (*GenerateRequest) ProtoMessage()    {}
 func (*GenerateRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{4}
+	return fileDescriptor_b246cecfa8195ff3, []int{3}
 }
 func (m *GenerateRequest) XXX_Unmarshal(b []byte) error {
@ -354,7 +299,7 @@ func (m *GenerateResponse) Reset()         { *m = GenerateResponse{} }
 func (m *GenerateResponse) String() string { return proto.CompactTextString(m) }
 func (*GenerateResponse) ProtoMessage()    {}
 func (*GenerateResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{5}
+	return fileDescriptor_b246cecfa8195ff3, []int{4}
 }
 func (m *GenerateResponse) XXX_Unmarshal(b []byte) error {
@ -394,7 +339,7 @@ func (m *GrantRequest) Reset()         { *m = GrantRequest{} }
 func (m *GrantRequest) String() string { return proto.CompactTextString(m) }
 func (*GrantRequest) ProtoMessage()    {}
 func (*GrantRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{6}
+	return fileDescriptor_b246cecfa8195ff3, []int{5}
 }
 func (m *GrantRequest) XXX_Unmarshal(b []byte) error {
@ -439,7 +384,7 @@ func (m *GrantResponse) Reset()         { *m = GrantResponse{} }
 func (m *GrantResponse) String() string { return proto.CompactTextString(m) }
 func (*GrantResponse) ProtoMessage()    {}
 func (*GrantResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{7}
+	return fileDescriptor_b246cecfa8195ff3, []int{6}
 }
 func (m *GrantResponse) XXX_Unmarshal(b []byte) error {
@ -472,7 +417,7 @@ func (m *RevokeRequest) Reset()         { *m = RevokeRequest{} }
 func (m *RevokeRequest) String() string { return proto.CompactTextString(m) }
 func (*RevokeRequest) ProtoMessage()    {}
 func (*RevokeRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{8}
+	return fileDescriptor_b246cecfa8195ff3, []int{7}
 }
 func (m *RevokeRequest) XXX_Unmarshal(b []byte) error {
@ -517,7 +462,7 @@ func (m *RevokeResponse) Reset()         { *m = RevokeResponse{} }
 func (m *RevokeResponse) String() string { return proto.CompactTextString(m) }
 func (*RevokeResponse) ProtoMessage()    {}
 func (*RevokeResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{9}
+	return fileDescriptor_b246cecfa8195ff3, []int{8}
 }
 func (m *RevokeResponse) XXX_Unmarshal(b []byte) error {
@ -549,7 +494,7 @@ func (m *InspectRequest) Reset()         { *m = InspectRequest{} }
 func (m *InspectRequest) String() string { return proto.CompactTextString(m) }
 func (*InspectRequest) ProtoMessage()    {}
 func (*InspectRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{10}
+	return fileDescriptor_b246cecfa8195ff3, []int{9}
 }
 func (m *InspectRequest) XXX_Unmarshal(b []byte) error {
@ -588,7 +533,7 @@ func (m *InspectResponse) Reset()         { *m = InspectResponse{} }
 func (m *InspectResponse) String() string { return proto.CompactTextString(m) }
 func (*InspectResponse) ProtoMessage()    {}
 func (*InspectResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{11}
+	return fileDescriptor_b246cecfa8195ff3, []int{10}
 }
 func (m *InspectResponse) XXX_Unmarshal(b []byte) error {
@ -628,7 +573,7 @@ func (m *RefreshRequest) Reset()         { *m = RefreshRequest{} }
 func (m *RefreshRequest) String() string { return proto.CompactTextString(m) }
 func (*RefreshRequest) ProtoMessage()    {}
 func (*RefreshRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{12}
+	return fileDescriptor_b246cecfa8195ff3, []int{11}
 }
 func (m *RefreshRequest) XXX_Unmarshal(b []byte) error {
@ -674,7 +619,7 @@ func (m *RefreshResponse) Reset()         { *m = RefreshResponse{} }
 func (m *RefreshResponse) String() string { return proto.CompactTextString(m) }
 func (*RefreshResponse) ProtoMessage()    {}
 func (*RefreshResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_21300bfacc51fc2a, []int{13}
+	return fileDescriptor_b246cecfa8195ff3, []int{12}
 }
 func (m *RefreshResponse) XXX_Unmarshal(b []byte) error {
@ -702,78 +647,7 @@ func (m *RefreshResponse) GetToken() *Token {
 	return nil
 }
 type ListRulesRequest struct {
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *ListRulesRequest) Reset()         { *m = ListRulesRequest{} }
 func (m *ListRulesRequest) String() string { return proto.CompactTextString(m) }
 func (*ListRulesRequest) ProtoMessage()    {}
 func (*ListRulesRequest) Descriptor() ([]byte, []int) {
 	return fileDescriptor_21300bfacc51fc2a, []int{14}
 }
 func (m *ListRulesRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListRulesRequest.Unmarshal(m, b)
 }
 func (m *ListRulesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListRulesRequest.Marshal(b, m, deterministic)
 }
 func (m *ListRulesRequest) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_ListRulesRequest.Merge(m, src)
 }
 func (m *ListRulesRequest) XXX_Size() int {
 	return xxx_messageInfo_ListRulesRequest.Size(m)
 }
 func (m *ListRulesRequest) XXX_DiscardUnknown() {
 	xxx_messageInfo_ListRulesRequest.DiscardUnknown(m)
 }
 var xxx_messageInfo_ListRulesRequest proto.InternalMessageInfo
 type ListRulesResponse struct {
 	Rules                []*Rule  `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *ListRulesResponse) Reset()         { *m = ListRulesResponse{} }
 func (m *ListRulesResponse) String() string { return proto.CompactTextString(m) }
 func (*ListRulesResponse) ProtoMessage()    {}
 func (*ListRulesResponse) Descriptor() ([]byte, []int) {
 	return fileDescriptor_21300bfacc51fc2a, []int{15}
 }
 func (m *ListRulesResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListRulesResponse.Unmarshal(m, b)
 }
 func (m *ListRulesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListRulesResponse.Marshal(b, m, deterministic)
 }
 func (m *ListRulesResponse) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_ListRulesResponse.Merge(m, src)
 }
 func (m *ListRulesResponse) XXX_Size() int {
 	return xxx_messageInfo_ListRulesResponse.Size(m)
 }
 func (m *ListRulesResponse) XXX_DiscardUnknown() {
 	xxx_messageInfo_ListRulesResponse.DiscardUnknown(m)
 }
 var xxx_messageInfo_ListRulesResponse proto.InternalMessageInfo
 func (m *ListRulesResponse) GetRules() []*Rule {
 	if m != nil {
 		return m.Rules
 	}
 	return nil
 }
 func init() {
 	proto.RegisterType((*Rule)(nil), "go.micro.auth.Rule")
 	proto.RegisterType((*Token)(nil), "go.micro.auth.Token")
 	proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.Token.MetadataEntry")
 	proto.RegisterType((*Account)(nil), "go.micro.auth.Account")
@ -790,56 +664,51 @@ func init() {
 	proto.RegisterType((*InspectResponse)(nil), "go.micro.auth.InspectResponse")
 	proto.RegisterType((*RefreshRequest)(nil), "go.micro.auth.RefreshRequest")
 	proto.RegisterType((*RefreshResponse)(nil), "go.micro.auth.RefreshResponse")
 	proto.RegisterType((*ListRulesRequest)(nil), "go.micro.auth.ListRulesRequest")
 	proto.RegisterType((*ListRulesResponse)(nil), "go.micro.auth.ListRulesResponse")
 }
-func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
+func init() {
-
+	proto.RegisterFile("github.com/micro/go-micro/auth/service/proto/auth/auth.proto", fileDescriptor_b246cecfa8195ff3)
-var fileDescriptor_21300bfacc51fc2a = []byte{
+}
-	// 696 bytes of a gzipped FileDescriptorProto
+
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xdb, 0x6e, 0xd3, 0x40,
+var fileDescriptor_b246cecfa8195ff3 = []byte{
-	0x10, 0xad, 0xed, 0xdc, 0x3a, 0x69, 0x9a, 0xb0, 0x54, 0xc5, 0x32, 0x6d, 0x09, 0x06, 0xa1, 0x82,
+	// 612 bytes of a gzipped FileDescriptorProto
-	0xaa, 0x14, 0xa5, 0x2f, 0x08, 0x44, 0x45, 0x45, 0xab, 0x72, 0x2b, 0x42, 0x16, 0x12, 0xbc, 0x55,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xcd, 0x6e, 0xd3, 0x40,
-	0xae, 0x33, 0x50, 0xd3, 0xd4, 0x36, 0xeb, 0x75, 0x45, 0xfe, 0x82, 0x2f, 0xe3, 0x0b, 0x78, 0xe3,
+	0x10, 0xae, 0xed, 0x34, 0x49, 0x27, 0x4d, 0x13, 0xad, 0xaa, 0x60, 0x45, 0xa2, 0x04, 0x83, 0x50,
-	0x47, 0xd0, 0xae, 0x77, 0xb7, 0x8e, 0x13, 0x23, 0xc4, 0xe5, 0x6d, 0x77, 0x76, 0x7c, 0xce, 0xcc,
+	0x84, 0x8a, 0x83, 0xd2, 0x0b, 0xe2, 0x4f, 0x54, 0x50, 0x95, 0x1f, 0x95, 0x83, 0x85, 0x04, 0x37,
-	0x99, 0x33, 0x09, 0xac, 0xfb, 0x19, 0x3b, 0xdd, 0x4e, 0x91, 0x5e, 0x84, 0x01, 0x6e, 0x27, 0x34,
+	0xe4, 0x38, 0x43, 0x62, 0xd2, 0x78, 0xcd, 0x7a, 0x1d, 0x91, 0xb7, 0xe0, 0x01, 0xb9, 0x71, 0xe6,
-	0x66, 0xf1, 0x36, 0x0f, 0x0d, 0xc4, 0x91, 0x74, 0x3e, 0xc6, 0x83, 0xf3, 0x30, 0xa0, 0xf1, 0x80,
+	0x1d, 0xd0, 0xae, 0x77, 0x5d, 0xc7, 0x49, 0x38, 0xf0, 0x73, 0x89, 0x66, 0x66, 0x67, 0xbf, 0x6f,
-	0x07, 0xdd, 0x63, 0xa8, 0x79, 0xd9, 0x18, 0xc9, 0x32, 0x98, 0xe1, 0xc8, 0x36, 0xfa, 0xc6, 0xe6,
+	0xe6, 0x9b, 0xd9, 0x18, 0x1e, 0x4f, 0x42, 0x3e, 0x4d, 0x47, 0x6e, 0x40, 0xe7, 0x83, 0x79, 0x18,
-	0xa2, 0x67, 0x86, 0x23, 0x42, 0xa0, 0x46, 0xe3, 0x31, 0xda, 0xa6, 0x88, 0x88, 0x33, 0xd9, 0x81,
+	0x30, 0x3a, 0x98, 0xd0, 0x7b, 0x99, 0xe1, 0xa7, 0x7c, 0x3a, 0x48, 0x90, 0x2d, 0xc2, 0x00, 0x07,
-	0x16, 0xc5, 0x34, 0xce, 0x68, 0x80, 0xb6, 0xd5, 0x37, 0x36, 0xdb, 0xc3, 0x6b, 0x83, 0x29, 0xb4,
+	0x31, 0xa3, 0x5c, 0x85, 0xc4, 0x8f, 0x2b, 0x7d, 0xd2, 0x9c, 0x50, 0x57, 0x26, 0xbb, 0x22, 0xe8,
-	0x81, 0x27, 0x9f, 0x3d, 0x9d, 0xe8, 0x7e, 0x35, 0xa1, 0xfe, 0x36, 0x3e, 0xc3, 0x88, 0xac, 0x40,
+	0x7c, 0x33, 0x61, 0xf7, 0x1d, 0x9d, 0x61, 0x44, 0x0e, 0x61, 0x97, 0x0b, 0xc3, 0x36, 0x7a, 0x46,
-	0x9d, 0xf1, 0x83, 0x64, 0xc9, 0x2f, 0x9c, 0x88, 0x4d, 0x12, 0x4d, 0xc4, 0xcf, 0xc4, 0x86, 0x66,
+	0x7f, 0xcf, 0xcb, 0x1c, 0x42, 0xa0, 0xc2, 0x97, 0x31, 0xda, 0xa6, 0x0c, 0x4a, 0x9b, 0xd8, 0x50,
-	0x40, 0xd1, 0x67, 0x38, 0x12, 0x3c, 0x96, 0xa7, 0xae, 0x64, 0x15, 0x1a, 0xf8, 0x25, 0x09, 0xe9,
+	0x0b, 0x18, 0xfa, 0x1c, 0xc7, 0xb6, 0xd5, 0x33, 0xfa, 0x96, 0xa7, 0x5d, 0xd2, 0x81, 0x2a, 0x7e,
-	0xc4, 0xae, 0x89, 0x07, 0x79, 0xe3, 0x5f, 0xa4, 0xd9, 0xc9, 0x27, 0x0c, 0x98, 0x5d, 0x17, 0x40,
+	0x8d, 0x43, 0xb6, 0xb4, 0x2b, 0xf2, 0x40, 0x79, 0xe2, 0x46, 0x92, 0x8e, 0x3e, 0x63, 0xc0, 0xed,
-	0xea, 0xca, 0x59, 0x79, 0xf1, 0xa9, 0xdd, 0xe8, 0x5b, 0x9c, 0x55, 0x5c, 0xc8, 0x2e, 0xb4, 0xce,
+	0x5d, 0x09, 0xa4, 0x5d, 0xc1, 0xca, 0xe8, 0x25, 0x26, 0x76, 0xb5, 0x67, 0x09, 0x56, 0xe9, 0x90,
-	0x91, 0xf9, 0x23, 0x9f, 0xf9, 0x76, 0xb3, 0x6f, 0x6d, 0xb6, 0x87, 0x6e, 0xa9, 0x15, 0x51, 0xf3,
+	0xa7, 0x50, 0x9f, 0x23, 0xf7, 0xc7, 0x3e, 0xf7, 0xed, 0x5a, 0xcf, 0xea, 0x37, 0x86, 0x8e, 0xbb,
-	0xe0, 0x48, 0x26, 0x1d, 0x44, 0x8c, 0x4e, 0x3c, 0xfd, 0x8d, 0xf3, 0x08, 0x3a, 0x53, 0x4f, 0xa4,
+	0x52, 0xb7, 0x2b, 0x6b, 0x76, 0x2f, 0x54, 0xd2, 0x59, 0xc4, 0xd9, 0xd2, 0xcb, 0xef, 0x74, 0x1f,
-	0x07, 0xd6, 0x19, 0x4e, 0x64, 0x6b, 0xfc, 0xc8, 0x89, 0x2f, 0xfc, 0x71, 0xa6, 0x3a, 0xcb, 0x2f,
+	0x41, 0x73, 0xe5, 0x88, 0xb4, 0xc1, 0x9a, 0xe1, 0x52, 0xb5, 0x26, 0x4c, 0x41, 0xbc, 0xf0, 0x2f,
-	0x0f, 0xcd, 0x07, 0x86, 0xfb, 0xdd, 0x80, 0xe6, 0x5e, 0x10, 0xc4, 0x59, 0xc4, 0x66, 0x74, 0xdf,
+	0x53, 0xdd, 0x59, 0xe6, 0x3c, 0x34, 0x1f, 0x18, 0xce, 0x77, 0x03, 0x6a, 0xa7, 0x41, 0x40, 0xd3,
-	0x82, 0x46, 0x8a, 0x01, 0x45, 0x26, 0x3e, 0x6b, 0x0f, 0x57, 0xe6, 0x95, 0xe5, 0xc9, 0x9c, 0xcb,
+	0x88, 0x93, 0x03, 0x30, 0xc3, 0xb1, 0xba, 0x66, 0x86, 0x63, 0x72, 0x0c, 0xd5, 0x04, 0x03, 0x86,
-	0xe6, 0xac, 0x62, 0x73, 0x4f, 0x0a, 0xcd, 0xd5, 0x44, 0x73, 0xb7, 0x4b, 0x28, 0x92, 0xfd, 0xff,
+	0x5c, 0x5e, 0x6b, 0x0c, 0x0f, 0x37, 0x95, 0xe5, 0xa9, 0x9c, 0xab, 0xe6, 0xac, 0x62, 0x73, 0xcf,
-	0xb4, 0xf7, 0x1a, 0x5a, 0xca, 0x07, 0x7c, 0xba, 0x91, 0x7f, 0x8e, 0xf2, 0x43, 0x71, 0x9e, 0x3b,
+	0x0a, 0xcd, 0x55, 0x64, 0x73, 0xb7, 0x4b, 0x28, 0x8a, 0xfd, 0xff, 0xb4, 0xf7, 0x16, 0xea, 0x1e,
-	0x71, 0x07, 0x5a, 0x18, 0x8d, 0x92, 0x38, 0x8c, 0x98, 0x18, 0xf9, 0xa2, 0xa7, 0xef, 0xee, 0x0f,
+	0x26, 0x34, 0x65, 0x01, 0x8a, 0xe9, 0x46, 0xfe, 0x1c, 0xd5, 0x45, 0x69, 0x6f, 0x9c, 0x78, 0x17,
-	0x03, 0xba, 0x87, 0x18, 0x21, 0xf5, 0x19, 0x7a, 0xf8, 0x39, 0xc3, 0x74, 0x56, 0x36, 0x2d, 0x84,
+	0xea, 0x18, 0x8d, 0x63, 0x1a, 0x46, 0x5c, 0x8e, 0x7c, 0xcf, 0xcb, 0x7d, 0xe7, 0x87, 0x01, 0xad,
-	0x59, 0x14, 0xe2, 0x59, 0x41, 0x08, 0x4b, 0x08, 0xb1, 0x55, 0x12, 0xa2, 0x84, 0x5b, 0x25, 0x08,
+	0x73, 0x8c, 0x90, 0xf9, 0x1c, 0x3d, 0xfc, 0x92, 0x62, 0xb2, 0x2e, 0x5b, 0x2e, 0x84, 0x59, 0x14,
-	0xb9, 0x05, 0x9d, 0x5c, 0xf2, 0xe3, 0x29, 0xfb, 0x2d, 0xe5, 0xc1, 0x03, 0x11, 0xfb, 0x3b, 0xd5,
+	0xe2, 0x65, 0x41, 0x08, 0x4b, 0x0a, 0x71, 0x5c, 0x12, 0xa2, 0x84, 0xbb, 0x4d, 0x10, 0x72, 0x0b,
-	0xf6, 0xa1, 0x77, 0x59, 0x4c, 0x9a, 0xc4, 0x51, 0x8a, 0xe4, 0x3e, 0x34, 0xfd, 0x7c, 0x52, 0x02,
+	0x9a, 0x99, 0xe4, 0x1f, 0x57, 0xd6, 0x6f, 0x3f, 0x0b, 0x9e, 0xc9, 0xd8, 0xdf, 0xa9, 0xf6, 0x02,
-	0xa3, 0x3d, 0x5c, 0x9d, 0x3f, 0x47, 0x4f, 0xa5, 0xb9, 0xef, 0x60, 0xe9, 0x90, 0xfa, 0x11, 0x53,
+	0xda, 0x57, 0xc5, 0x24, 0x31, 0x8d, 0x12, 0x24, 0xf7, 0xa1, 0xe6, 0x67, 0x93, 0x92, 0x18, 0x8d,
-	0x3a, 0xa9, 0x35, 0x36, 0x2a, 0xd6, 0xd8, 0xfc, 0xdd, 0x35, 0xee, 0x42, 0x47, 0x02, 0xe7, 0xb5,
+	0x61, 0x67, 0xf3, 0x1c, 0x3d, 0x9d, 0xe6, 0xbc, 0x87, 0xfd, 0x73, 0xe6, 0x47, 0x5c, 0xeb, 0x44,
-	0xb9, 0xef, 0xa1, 0xe3, 0xe1, 0x45, 0x7c, 0x86, 0xff, 0x9c, 0xaa, 0x07, 0xcb, 0x0a, 0x59, 0x72,
+	0xa0, 0x22, 0xa4, 0xd0, 0xfa, 0x0b, 0x9b, 0x9c, 0x40, 0x9d, 0xa9, 0xf9, 0xa8, 0x25, 0xbb, 0x56,
-	0xdd, 0x81, 0xe5, 0xe7, 0x51, 0x9a, 0x60, 0xa0, 0xfb, 0x9a, 0xfb, 0x5b, 0xe2, 0x3e, 0x85, 0xae,
+	0x82, 0xd5, 0xe3, 0xf3, 0xf2, 0x44, 0xa7, 0x05, 0x4d, 0x05, 0x9c, 0xd5, 0xe6, 0x7c, 0x80, 0xa6,
-	0xce, 0xfb, 0x63, 0x09, 0x5f, 0x72, 0xfa, 0x0f, 0x14, 0xd3, 0x53, 0x45, 0xb6, 0xaa, 0x77, 0x32,
+	0x87, 0x0b, 0x3a, 0xc3, 0x7f, 0x4e, 0xd5, 0x86, 0x03, 0x8d, 0xac, 0xb8, 0xee, 0xc0, 0xc1, 0xab,
-	0x67, 0x53, 0xdb, 0x77, 0x13, 0x96, 0x04, 0xaf, 0xf2, 0x84, 0x29, 0x3c, 0xd1, 0x16, 0xb1, 0xdc,
+	0x28, 0x89, 0x31, 0xc8, 0xfb, 0xda, 0xf8, 0x5f, 0xe2, 0x3c, 0x87, 0x56, 0x9e, 0xf7, 0xc7, 0x12,
-	0x12, 0xee, 0x63, 0xe8, 0x6a, 0x30, 0x59, 0xd1, 0xbd, 0x62, 0xe9, 0x55, 0x0b, 0x2e, 0x1b, 0x22,
+	0xbe, 0x11, 0xf4, 0x9f, 0x18, 0x26, 0x53, 0x4d, 0xd6, 0xc9, 0xdf, 0x64, 0xc6, 0xa6, 0x5f, 0xdf,
-	0xd0, 0x7b, 0x15, 0xa6, 0x8c, 0xff, 0x42, 0xa7, 0xb2, 0x1a, 0x77, 0x17, 0xae, 0x14, 0x62, 0x12,
+	0x4d, 0xd8, 0x97, 0xbc, 0x7a, 0x27, 0x4c, 0xb9, 0x13, 0x0d, 0x19, 0xcb, 0x56, 0xc2, 0x79, 0x02,
-	0xf4, 0x2e, 0xd4, 0x29, 0x0f, 0xd8, 0x86, 0xb0, 0xf9, 0xd5, 0xb2, 0xca, 0xd9, 0x18, 0xbd, 0x3c,
+	0xad, 0x1c, 0x4c, 0x55, 0x74, 0xb7, 0x58, 0xfa, 0xb6, 0x07, 0x9e, 0xa5, 0x0c, 0x7f, 0x1a, 0x50,
-	0x63, 0xf8, 0xcd, 0x82, 0xda, 0x5e, 0xc6, 0x4e, 0xc9, 0x11, 0xb4, 0x94, 0xe3, 0xc8, 0xc6, 0xaf,
+	0x39, 0x4d, 0xf9, 0x94, 0x5c, 0x40, 0x5d, 0x6f, 0x07, 0x39, 0xfa, 0xfd, 0x0e, 0x77, 0x6f, 0x6c,
-	0xf7, 0xc2, 0xb9, 0x51, 0xf9, 0x2e, 0x47, 0xb4, 0x40, 0xf6, 0xa1, 0x2e, 0x1c, 0x42, 0xae, 0x97,
+	0x3d, 0x57, 0x72, 0xee, 0x90, 0xd7, 0x50, 0x53, 0x42, 0x91, 0xeb, 0xa5, 0xec, 0x55, 0xa1, 0xbb,
-	0x73, 0x0b, 0x86, 0x74, 0xd6, 0xe6, 0x3f, 0x6a, 0x94, 0x43, 0x68, 0xe4, 0xc3, 0x27, 0x6b, 0x33,
+	0x47, 0xdb, 0x8e, 0x8b, 0x58, 0xaa, 0xc5, 0x35, 0xac, 0x55, 0x1d, 0xd7, 0xb0, 0x4a, 0xca, 0x38,
-	0x4e, 0x29, 0xb8, 0xcd, 0x59, 0xaf, 0x78, 0xd5, 0x40, 0x2f, 0xa0, 0x29, 0xbd, 0x40, 0xca, 0xb9,
+	0x3b, 0xa3, 0xaa, 0xfc, 0x84, 0x9c, 0xfc, 0x0a, 0x00, 0x00, 0xff, 0xff, 0xe9, 0x1b, 0x69, 0xa7,
-	0xd3, 0x5e, 0x72, 0x36, 0xaa, 0x9e, 0x8b, 0x58, 0x72, 0x8a, 0x64, 0x96, 0xb7, 0x68, 0x95, 0x19,
+	0x82, 0x06, 0x00, 0x00,
 	0xac, 0xd2, 0xf0, 0xdd, 0x05, 0xf2, 0x06, 0x16, 0xf5, 0xf8, 0x48, 0x59, 0xd6, 0xf2, 0xb0, 0x9d,
 	0x7e, 0x75, 0x82, 0x42, 0x3c, 0x69, 0x88, 0x3f, 0xf6, 0x9d, 0x9f, 0x01, 0x00, 0x00, 0xff, 0xff,
 	0x91, 0x77, 0xf2, 0xa6, 0xf9, 0x07, 0x00, 0x00,
 }
--- a/auth/service/proto/auth/auth.pb.micro.go
+++ b/auth/service/proto/auth/auth.pb.micro.go
@ -1,5 +1,5 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
-// source: auth/service/proto/auth.proto
+// source: github.com/micro/go-micro/auth/service/proto/auth/auth.proto
 package go_micro_auth
@ -35,11 +35,8 @@ var _ server.Option
 type AuthService interface {
 	Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
 	Grant(ctx context.Context, in *GrantRequest, opts ...client.CallOption) (*GrantResponse, error)
 	Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error)
 	Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
 	Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error)
 	ListRules(ctx context.Context, in *ListRulesRequest, opts ...client.CallOption) (*ListRulesResponse, error)
 }
 type authService struct {
@ -64,26 +61,6 @@ func (c *authService) Generate(ctx context.Context, in *GenerateRequest, opts ..
 	return out, nil
 }
 func (c *authService) Grant(ctx context.Context, in *GrantRequest, opts ...client.CallOption) (*GrantResponse, error) {
 	req := c.c.NewRequest(c.name, "Auth.Grant", in)
 	out := new(GrantResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authService) Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error) {
 	req := c.c.NewRequest(c.name, "Auth.Revoke", in)
 	out := new(RevokeResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authService) Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error) {
 	req := c.c.NewRequest(c.name, "Auth.Inspect", in)
 	out := new(InspectResponse)
@ -104,35 +81,19 @@ func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...c
 	return out, nil
 }
 func (c *authService) ListRules(ctx context.Context, in *ListRulesRequest, opts ...client.CallOption) (*ListRulesResponse, error) {
 	req := c.c.NewRequest(c.name, "Auth.ListRules", in)
 	out := new(ListRulesResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 // Server API for Auth service
 type AuthHandler interface {
 	Generate(context.Context, *GenerateRequest, *GenerateResponse) error
 	Grant(context.Context, *GrantRequest, *GrantResponse) error
 	Revoke(context.Context, *RevokeRequest, *RevokeResponse) error
 	Inspect(context.Context, *InspectRequest, *InspectResponse) error
 	Refresh(context.Context, *RefreshRequest, *RefreshResponse) error
 	ListRules(context.Context, *ListRulesRequest, *ListRulesResponse) error
 }
 func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
 	type auth interface {
 		Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
 		Grant(ctx context.Context, in *GrantRequest, out *GrantResponse) error
 		Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error
 		Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
 		Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error
 		ListRules(ctx context.Context, in *ListRulesRequest, out *ListRulesResponse) error
 	}
 	type Auth struct {
 		auth
@ -149,14 +110,6 @@ func (h *authHandler) Generate(ctx context.Context, in *GenerateRequest, out *Ge
 	return h.AuthHandler.Generate(ctx, in, out)
 }
 func (h *authHandler) Grant(ctx context.Context, in *GrantRequest, out *GrantResponse) error {
 	return h.AuthHandler.Grant(ctx, in, out)
 }
 func (h *authHandler) Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error {
 	return h.AuthHandler.Revoke(ctx, in, out)
 }
 func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error {
 	return h.AuthHandler.Inspect(ctx, in, out)
 }
@ -164,7 +117,3 @@ func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *Insp
 func (h *authHandler) Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error {
 	return h.AuthHandler.Refresh(ctx, in, out)
 }
 func (h *authHandler) ListRules(ctx context.Context, in *ListRulesRequest, out *ListRulesResponse) error {
 	return h.AuthHandler.ListRules(ctx, in, out)
 }
--- a/auth/service/proto/auth/auth.proto
+++ b/auth/service/proto/auth/auth.proto
@ -4,17 +4,8 @@ package go.micro.auth;
 service Auth {
 	rpc Generate(GenerateRequest) returns (GenerateResponse) {};
 	rpc Grant(GrantRequest) returns (GrantResponse) {};
 	rpc Revoke(RevokeRequest)  returns (RevokeResponse) {};
 	rpc Inspect(InspectRequest)  returns (InspectResponse) {};		
 	rpc Refresh(RefreshRequest)  returns (RefreshResponse) {};
 	rpc ListRules(ListRulesRequest) returns (ListRulesResponse) {};
 }
 message Rule {
 	string id = 1;
 	string role = 2;
 	Resource resource = 3;
 }
 message Token {
@ -80,11 +71,4 @@ message RefreshRequest {
 message RefreshResponse {
 	Token token = 1;
-}
+}
 message ListRulesRequest {
 }
 message ListRulesResponse {
 	repeated Rule rules = 1;
 }
--- a/auth/service/proto/rules/rules.pb.go
+++ b/auth/service/proto/rules/rules.pb.go
@ -0,0 +1,398 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // source: github.com/micro/go-micro/auth/service/proto/rules/rules.proto
 package go_micro_auth
 import (
 	fmt "fmt"
 	proto "github.com/golang/protobuf/proto"
 	auth "github.com/micro/go-micro/v2/auth/service/proto/auth"
 	math "math"
 )
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 type Access int32
 const (
 	Access_UNKNOWN Access = 0
 	Access_GRANTED Access = 1
 	Access_DENIED  Access = 2
 )
 var Access_name = map[int32]string{
 	0: "UNKNOWN",
 	1: "GRANTED",
 	2: "DENIED",
 }
 var Access_value = map[string]int32{
 	"UNKNOWN": 0,
 	"GRANTED": 1,
 	"DENIED":  2,
 }
 func (x Access) String() string {
 	return proto.EnumName(Access_name, int32(x))
 }
 func (Access) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_d5bb7c98c32bdd99, []int{0}
 }
 type Rule struct {
 	Id                   string         `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	Role                 string         `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
 	Resource             *auth.Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
 	Access               Access         `protobuf:"varint,4,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
 	XXX_unrecognized     []byte         `json:"-"`
 	XXX_sizecache        int32          `json:"-"`
 }
 func (m *Rule) Reset()         { *m = Rule{} }
 func (m *Rule) String() string { return proto.CompactTextString(m) }
 func (*Rule) ProtoMessage()    {}
 func (*Rule) Descriptor() ([]byte, []int) {
 	return fileDescriptor_d5bb7c98c32bdd99, []int{0}
 }
 func (m *Rule) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_Rule.Unmarshal(m, b)
 }
 func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_Rule.Marshal(b, m, deterministic)
 }
 func (m *Rule) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_Rule.Merge(m, src)
 }
 func (m *Rule) XXX_Size() int {
 	return xxx_messageInfo_Rule.Size(m)
 }
 func (m *Rule) XXX_DiscardUnknown() {
 	xxx_messageInfo_Rule.DiscardUnknown(m)
 }
 var xxx_messageInfo_Rule proto.InternalMessageInfo
 func (m *Rule) GetId() string {
 	if m != nil {
 		return m.Id
 	}
 	return ""
 }
 func (m *Rule) GetRole() string {
 	if m != nil {
 		return m.Role
 	}
 	return ""
 }
 func (m *Rule) GetResource() *auth.Resource {
 	if m != nil {
 		return m.Resource
 	}
 	return nil
 }
 func (m *Rule) GetAccess() Access {
 	if m != nil {
 		return m.Access
 	}
 	return Access_UNKNOWN
 }
 type CreateRequest struct {
 	Role                 string         `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
 	Resource             *auth.Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
 	Access               Access         `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
 	XXX_unrecognized     []byte         `json:"-"`
 	XXX_sizecache        int32          `json:"-"`
 }
 func (m *CreateRequest) Reset()         { *m = CreateRequest{} }
 func (m *CreateRequest) String() string { return proto.CompactTextString(m) }
 func (*CreateRequest) ProtoMessage()    {}
 func (*CreateRequest) Descriptor() ([]byte, []int) {
 	return fileDescriptor_d5bb7c98c32bdd99, []int{1}
 }
 func (m *CreateRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_CreateRequest.Unmarshal(m, b)
 }
 func (m *CreateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_CreateRequest.Marshal(b, m, deterministic)
 }
 func (m *CreateRequest) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_CreateRequest.Merge(m, src)
 }
 func (m *CreateRequest) XXX_Size() int {
 	return xxx_messageInfo_CreateRequest.Size(m)
 }
 func (m *CreateRequest) XXX_DiscardUnknown() {
 	xxx_messageInfo_CreateRequest.DiscardUnknown(m)
 }
 var xxx_messageInfo_CreateRequest proto.InternalMessageInfo
 func (m *CreateRequest) GetRole() string {
 	if m != nil {
 		return m.Role
 	}
 	return ""
 }
 func (m *CreateRequest) GetResource() *auth.Resource {
 	if m != nil {
 		return m.Resource
 	}
 	return nil
 }
 func (m *CreateRequest) GetAccess() Access {
 	if m != nil {
 		return m.Access
 	}
 	return Access_UNKNOWN
 }
 type CreateResponse struct {
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *CreateResponse) Reset()         { *m = CreateResponse{} }
 func (m *CreateResponse) String() string { return proto.CompactTextString(m) }
 func (*CreateResponse) ProtoMessage()    {}
 func (*CreateResponse) Descriptor() ([]byte, []int) {
 	return fileDescriptor_d5bb7c98c32bdd99, []int{2}
 }
 func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_CreateResponse.Unmarshal(m, b)
 }
 func (m *CreateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_CreateResponse.Marshal(b, m, deterministic)
 }
 func (m *CreateResponse) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_CreateResponse.Merge(m, src)
 }
 func (m *CreateResponse) XXX_Size() int {
 	return xxx_messageInfo_CreateResponse.Size(m)
 }
 func (m *CreateResponse) XXX_DiscardUnknown() {
 	xxx_messageInfo_CreateResponse.DiscardUnknown(m)
 }
 var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
 type DeleteRequest struct {
 	Role                 string         `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
 	Resource             *auth.Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
 	Access               Access         `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
 	XXX_unrecognized     []byte         `json:"-"`
 	XXX_sizecache        int32          `json:"-"`
 }
 func (m *DeleteRequest) Reset()         { *m = DeleteRequest{} }
 func (m *DeleteRequest) String() string { return proto.CompactTextString(m) }
 func (*DeleteRequest) ProtoMessage()    {}
 func (*DeleteRequest) Descriptor() ([]byte, []int) {
 	return fileDescriptor_d5bb7c98c32bdd99, []int{3}
 }
 func (m *DeleteRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DeleteRequest.Unmarshal(m, b)
 }
 func (m *DeleteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DeleteRequest.Marshal(b, m, deterministic)
 }
 func (m *DeleteRequest) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_DeleteRequest.Merge(m, src)
 }
 func (m *DeleteRequest) XXX_Size() int {
 	return xxx_messageInfo_DeleteRequest.Size(m)
 }
 func (m *DeleteRequest) XXX_DiscardUnknown() {
 	xxx_messageInfo_DeleteRequest.DiscardUnknown(m)
 }
 var xxx_messageInfo_DeleteRequest proto.InternalMessageInfo
 func (m *DeleteRequest) GetRole() string {
 	if m != nil {
 		return m.Role
 	}
 	return ""
 }
 func (m *DeleteRequest) GetResource() *auth.Resource {
 	if m != nil {
 		return m.Resource
 	}
 	return nil
 }
 func (m *DeleteRequest) GetAccess() Access {
 	if m != nil {
 		return m.Access
 	}
 	return Access_UNKNOWN
 }
 type DeleteResponse struct {
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *DeleteResponse) Reset()         { *m = DeleteResponse{} }
 func (m *DeleteResponse) String() string { return proto.CompactTextString(m) }
 func (*DeleteResponse) ProtoMessage()    {}
 func (*DeleteResponse) Descriptor() ([]byte, []int) {
 	return fileDescriptor_d5bb7c98c32bdd99, []int{4}
 }
 func (m *DeleteResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_DeleteResponse.Unmarshal(m, b)
 }
 func (m *DeleteResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_DeleteResponse.Marshal(b, m, deterministic)
 }
 func (m *DeleteResponse) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_DeleteResponse.Merge(m, src)
 }
 func (m *DeleteResponse) XXX_Size() int {
 	return xxx_messageInfo_DeleteResponse.Size(m)
 }
 func (m *DeleteResponse) XXX_DiscardUnknown() {
 	xxx_messageInfo_DeleteResponse.DiscardUnknown(m)
 }
 var xxx_messageInfo_DeleteResponse proto.InternalMessageInfo
 type ListRequest struct {
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *ListRequest) Reset()         { *m = ListRequest{} }
 func (m *ListRequest) String() string { return proto.CompactTextString(m) }
 func (*ListRequest) ProtoMessage()    {}
 func (*ListRequest) Descriptor() ([]byte, []int) {
 	return fileDescriptor_d5bb7c98c32bdd99, []int{5}
 }
 func (m *ListRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListRequest.Unmarshal(m, b)
 }
 func (m *ListRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListRequest.Marshal(b, m, deterministic)
 }
 func (m *ListRequest) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_ListRequest.Merge(m, src)
 }
 func (m *ListRequest) XXX_Size() int {
 	return xxx_messageInfo_ListRequest.Size(m)
 }
 func (m *ListRequest) XXX_DiscardUnknown() {
 	xxx_messageInfo_ListRequest.DiscardUnknown(m)
 }
 var xxx_messageInfo_ListRequest proto.InternalMessageInfo
 type ListResponse struct {
 	Rules                []*Rule  `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *ListResponse) Reset()         { *m = ListResponse{} }
 func (m *ListResponse) String() string { return proto.CompactTextString(m) }
 func (*ListResponse) ProtoMessage()    {}
 func (*ListResponse) Descriptor() ([]byte, []int) {
 	return fileDescriptor_d5bb7c98c32bdd99, []int{6}
 }
 func (m *ListResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_ListResponse.Unmarshal(m, b)
 }
 func (m *ListResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	return xxx_messageInfo_ListResponse.Marshal(b, m, deterministic)
 }
 func (m *ListResponse) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_ListResponse.Merge(m, src)
 }
 func (m *ListResponse) XXX_Size() int {
 	return xxx_messageInfo_ListResponse.Size(m)
 }
 func (m *ListResponse) XXX_DiscardUnknown() {
 	xxx_messageInfo_ListResponse.DiscardUnknown(m)
 }
 var xxx_messageInfo_ListResponse proto.InternalMessageInfo
 func (m *ListResponse) GetRules() []*Rule {
 	if m != nil {
 		return m.Rules
 	}
 	return nil
 }
 func init() {
 	proto.RegisterEnum("go.micro.auth.Access", Access_name, Access_value)
 	proto.RegisterType((*Rule)(nil), "go.micro.auth.Rule")
 	proto.RegisterType((*CreateRequest)(nil), "go.micro.auth.CreateRequest")
 	proto.RegisterType((*CreateResponse)(nil), "go.micro.auth.CreateResponse")
 	proto.RegisterType((*DeleteRequest)(nil), "go.micro.auth.DeleteRequest")
 	proto.RegisterType((*DeleteResponse)(nil), "go.micro.auth.DeleteResponse")
 	proto.RegisterType((*ListRequest)(nil), "go.micro.auth.ListRequest")
 	proto.RegisterType((*ListResponse)(nil), "go.micro.auth.ListResponse")
 }
 func init() {
 	proto.RegisterFile("github.com/micro/go-micro/auth/service/proto/rules/rules.proto", fileDescriptor_d5bb7c98c32bdd99)
 }
 var fileDescriptor_d5bb7c98c32bdd99 = []byte{
 	// 384 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x93, 0x41, 0x6b, 0xdb, 0x30,
 	0x1c, 0xc5, 0x23, 0xc7, 0xf1, 0xb6, 0xbf, 0x97, 0x60, 0x34, 0xc6, 0x8c, 0xb7, 0x81, 0xc9, 0xc9,
 	0x1b, 0xc4, 0x06, 0xe7, 0x34, 0x18, 0x83, 0x30, 0x87, 0x30, 0x36, 0x3c, 0x10, 0x2d, 0x3d, 0x27,
 	0xce, 0x9f, 0xc4, 0xe0, 0x54, 0xa9, 0x64, 0xf7, 0x2b, 0xf4, 0xd6, 0x4f, 0xd8, 0x0f, 0x53, 0x2c,
 	0x39, 0xa1, 0x71, 0x1a, 0x68, 0x6e, 0xbd, 0x08, 0x49, 0xef, 0xe9, 0xf9, 0xa7, 0x67, 0x1b, 0x7e,
 	0xad, 0xf2, 0x72, 0x5d, 0x2d, 0xc2, 0x8c, 0x6f, 0xa2, 0x4d, 0x9e, 0x09, 0x1e, 0xad, 0xf8, 0x48,
 	0x4f, 0xe6, 0x55, 0xb9, 0x8e, 0x24, 0x8a, 0xdb, 0x3c, 0xc3, 0x68, 0x2b, 0x78, 0xc9, 0x23, 0x51,
 	0x15, 0x28, 0xf5, 0x18, 0xaa, 0x1d, 0xda, 0x5f, 0xf1, 0x50, 0xd9, 0xc3, 0xda, 0xee, 0xfd, 0x3c,
 	0x2b, 0x4e, 0x6d, 0xd5, 0x83, 0x0e, 0x1b, 0xde, 0x13, 0x30, 0x59, 0x55, 0x20, 0x1d, 0x80, 0x91,
 	0x2f, 0x5d, 0xe2, 0x93, 0xe0, 0x1d, 0x33, 0xf2, 0x25, 0xa5, 0x60, 0x0a, 0x5e, 0xa0, 0x6b, 0xa8,
 	0x1d, 0x35, 0xa7, 0x63, 0x78, 0x2b, 0x50, 0xf2, 0x4a, 0x64, 0xe8, 0x76, 0x7d, 0x12, 0xd8, 0xf1,
 	0xa7, 0xf0, 0x00, 0x26, 0x64, 0x8d, 0xcc, 0xf6, 0x46, 0x3a, 0x02, 0x6b, 0x9e, 0x65, 0x28, 0xa5,
 	0x6b, 0xfa, 0x24, 0x18, 0xc4, 0x1f, 0x5b, 0x47, 0x26, 0x4a, 0x64, 0x8d, 0x69, 0x78, 0x47, 0xa0,
 	0xff, 0x5b, 0xe0, 0xbc, 0x44, 0x86, 0x37, 0x15, 0xca, 0x72, 0x4f, 0x42, 0x4e, 0x90, 0x18, 0xe7,
 	0x93, 0x74, 0x5f, 0x42, 0xe2, 0xc0, 0x60, 0x07, 0x22, 0xb7, 0xfc, 0x5a, 0xa2, 0x62, 0x4b, 0xb0,
 	0xc0, 0x57, 0xc1, 0xb6, 0x03, 0x69, 0xd8, 0xfa, 0x60, 0xff, 0xcb, 0x65, 0xd9, 0x80, 0x0d, 0x7f,
 	0xc0, 0x7b, 0xbd, 0xd4, 0x32, 0xfd, 0x06, 0x3d, 0xf5, 0x0d, 0xb9, 0xc4, 0xef, 0x06, 0x76, 0xfc,
 	0xa1, 0x4d, 0x54, 0x15, 0xc8, 0xb4, 0xe3, 0x7b, 0x08, 0x96, 0x7e, 0x1a, 0xb5, 0xe1, 0xcd, 0x65,
 	0xfa, 0x37, 0xfd, 0x7f, 0x95, 0x3a, 0x9d, 0x7a, 0x31, 0x63, 0x93, 0xf4, 0x62, 0x9a, 0x38, 0x84,
 	0x02, 0x58, 0xc9, 0x34, 0xfd, 0x33, 0x4d, 0x1c, 0x23, 0x7e, 0x20, 0xd0, 0xab, 0xcf, 0x4b, 0x3a,
 	0x03, 0x4b, 0x37, 0x46, 0xbf, 0xb4, 0xf2, 0x0f, 0xde, 0xa8, 0xf7, 0xf5, 0x84, 0xda, 0x5c, 0xa5,
 	0x53, 0x07, 0xe9, 0xeb, 0x1d, 0x05, 0x1d, 0xd4, 0x7f, 0x14, 0xd4, 0xea, 0xa4, 0x43, 0x27, 0x60,
 	0xd6, 0x35, 0x50, 0xaf, 0x65, 0x7c, 0x52, 0x95, 0xf7, 0xf9, 0x59, 0x6d, 0x17, 0xb1, 0xb0, 0xd4,
 	0x8f, 0x32, 0x7e, 0x0c, 0x00, 0x00, 0xff, 0xff, 0x85, 0x65, 0x07, 0x9d, 0xb7, 0x03, 0x00, 0x00,
 }
--- a/auth/service/proto/rules/rules.pb.micro.go
+++ b/auth/service/proto/rules/rules.pb.micro.go
@ -0,0 +1,120 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
 // source: github.com/micro/go-micro/auth/service/proto/rules/rules.proto
 package go_micro_auth
 import (
 	fmt "fmt"
 	proto "github.com/golang/protobuf/proto"
 	_ "github.com/micro/go-micro/v2/auth/service/proto/auth"
 	math "math"
 )
 import (
 	context "context"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 // Reference imports to suppress errors if they are not otherwise used.
 var _ context.Context
 var _ client.Option
 var _ server.Option
 // Client API for Rules service
 type RulesService interface {
 	Create(ctx context.Context, in *CreateRequest, opts ...client.CallOption) (*CreateResponse, error)
 	Delete(ctx context.Context, in *DeleteRequest, opts ...client.CallOption) (*DeleteResponse, error)
 	List(ctx context.Context, in *ListRequest, opts ...client.CallOption) (*ListResponse, error)
 }
 type rulesService struct {
 	c    client.Client
 	name string
 }
 func NewRulesService(name string, c client.Client) RulesService {
 	return &rulesService{
 		c:    c,
 		name: name,
 	}
 }
 func (c *rulesService) Create(ctx context.Context, in *CreateRequest, opts ...client.CallOption) (*CreateResponse, error) {
 	req := c.c.NewRequest(c.name, "Rules.Create", in)
 	out := new(CreateResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *rulesService) Delete(ctx context.Context, in *DeleteRequest, opts ...client.CallOption) (*DeleteResponse, error) {
 	req := c.c.NewRequest(c.name, "Rules.Delete", in)
 	out := new(DeleteResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *rulesService) List(ctx context.Context, in *ListRequest, opts ...client.CallOption) (*ListResponse, error) {
 	req := c.c.NewRequest(c.name, "Rules.List", in)
 	out := new(ListResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 // Server API for Rules service
 type RulesHandler interface {
 	Create(context.Context, *CreateRequest, *CreateResponse) error
 	Delete(context.Context, *DeleteRequest, *DeleteResponse) error
 	List(context.Context, *ListRequest, *ListResponse) error
 }
 func RegisterRulesHandler(s server.Server, hdlr RulesHandler, opts ...server.HandlerOption) error {
 	type rules interface {
 		Create(ctx context.Context, in *CreateRequest, out *CreateResponse) error
 		Delete(ctx context.Context, in *DeleteRequest, out *DeleteResponse) error
 		List(ctx context.Context, in *ListRequest, out *ListResponse) error
 	}
 	type Rules struct {
 		rules
 	}
 	h := &rulesHandler{hdlr}
 	return s.Handle(s.NewHandler(&Rules{h}, opts...))
 }
 type rulesHandler struct {
 	RulesHandler
 }
 func (h *rulesHandler) Create(ctx context.Context, in *CreateRequest, out *CreateResponse) error {
 	return h.RulesHandler.Create(ctx, in, out)
 }
 func (h *rulesHandler) Delete(ctx context.Context, in *DeleteRequest, out *DeleteResponse) error {
 	return h.RulesHandler.Delete(ctx, in, out)
 }
 func (h *rulesHandler) List(ctx context.Context, in *ListRequest, out *ListResponse) error {
 	return h.RulesHandler.List(ctx, in, out)
 }
--- a/auth/service/proto/rules/rules.proto
+++ b/auth/service/proto/rules/rules.proto
@ -0,0 +1,47 @@
 syntax = "proto3";
 package go.micro.auth;
 import "github.com/micro/go-micro/auth/service/proto/auth/auth.proto";
 service Rules {
 	rpc Create(CreateRequest) returns (CreateResponse) {};
 	rpc Delete(DeleteRequest) returns (DeleteResponse) {};
 	rpc List(ListRequest) returns (ListResponse) {};
 }
 enum Access {
 	UNKNOWN = 0;
 	GRANTED = 1;
 	DENIED = 2;
 }
 message Rule {
 	string id = 1;
 	string role = 2;
 	Resource resource = 3;
 	Access access = 4;
 }
 message CreateRequest {
 	string role = 1;
  Resource resource = 2;
  Access access = 3;
 }
 message CreateResponse {}
 message DeleteRequest {
 	string role = 1;
  Resource resource = 2;
  Access access = 3;
 }
 message DeleteResponse {}
 message ListRequest {
 }
 message ListResponse {
 	repeated Rule rules = 1;
 }
--- a/auth/service/service.go
+++ b/auth/service/service.go
@ -8,7 +8,8 @@ import (
 	"time"
 	"github.com/micro/go-micro/v2/auth"
-	pb "github.com/micro/go-micro/v2/auth/service/proto"
+	authPb "github.com/micro/go-micro/v2/auth/service/proto/auth"
 	rulePb "github.com/micro/go-micro/v2/auth/service/proto/rules"
 	"github.com/micro/go-micro/v2/auth/token"
 	"github.com/micro/go-micro/v2/auth/token/jwt"
 	"github.com/micro/go-micro/v2/client"
@ -26,10 +27,11 @@ func NewAuth(opts ...auth.Option) auth.Auth {
 // svc is the service implementation of the Auth interface
 type svc struct {
 	options auth.Options
-	auth    pb.AuthService
+	auth    authPb.AuthService
 	rule    rulePb.RulesService
 	jwt     token.Provider
 	rules   []*pb.Rule
 	rules []*rulePb.Rule
 	sync.Mutex
 }
@ -43,7 +45,8 @@ func (s *svc) Init(opts ...auth.Option) {
 	}
 	dc := client.DefaultClient
-	s.auth = pb.NewAuthService("go.micro.auth", dc)
+	s.auth = authPb.NewAuthService("go.micro.auth", dc)
 	s.rule = rulePb.NewRulesService("go.micro.auth", dc)
 	// if we have a JWT public key passed as an option,
 	// we can decode tokens with the type "JWT" locally
@ -78,7 +81,7 @@ func (s *svc) Options() auth.Options {
 func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
 	options := auth.NewGenerateOptions(opts...)
-	rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{
+	rsp, err := s.auth.Generate(context.TODO(), &authPb.GenerateRequest{
 		Id:           id,
 		Roles:        options.Roles,
 		Metadata:     options.Metadata,
@ -93,9 +96,10 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
 // Grant access to a resource
 func (s *svc) Grant(role string, res *auth.Resource) error {
-	_, err := s.auth.Grant(context.TODO(), &pb.GrantRequest{
+	_, err := s.rule.Create(context.TODO(), &rulePb.CreateRequest{
-		Role: role,
+		Role:   role,
-		Resource: &pb.Resource{
+		Access: rulePb.Access_GRANTED,
 		Resource: &authPb.Resource{
 			Type:     res.Type,
 			Name:     res.Name,
 			Endpoint: res.Endpoint,
@ -106,9 +110,10 @@ func (s *svc) Grant(role string, res *auth.Resource) error {
 // Revoke access to a resource
 func (s *svc) Revoke(role string, res *auth.Resource) error {
-	_, err := s.auth.Revoke(context.TODO(), &pb.RevokeRequest{
+	_, err := s.rule.Delete(context.TODO(), &rulePb.DeleteRequest{
-		Role: role,
+		Role:   role,
-		Resource: &pb.Resource{
+		Access: rulePb.Access_GRANTED,
 		Resource: &authPb.Resource{
 			Type:     res.Type,
 			Name:     res.Name,
 			Endpoint: res.Endpoint,
@ -120,10 +125,11 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
 // Verify an account has access to a resource
 func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
 	queries := [][]string{
-		{res.Type, "*"},                         // check for wildcard resource type, e.g. service.*
+		{res.Type, res.Name, res.Endpoint},      // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule)
-		{res.Type, res.Name, "*"},               // check for wildcard name, e.g. service.foo*
+		{res.Type, res.Name, res.Endpoint, "*"}, // check for wildcard role, e.g. service.foo.ListFoo:*
-		{res.Type, res.Name, res.Endpoint, "*"}, // check for wildcard endpoints, e.g. service.foo.ListFoo:*
+		{res.Type, res.Name, "*"},               // check for wildcard endpoint, e.g. service.foo*
-		{res.Type, res.Name, res.Endpoint},      // check for specific role, e.g. service.foo.ListFoo:admin
+		{res.Type, "*"},                         // check for wildcard name, e.g. service.*
 		{"*"},                                   // check for wildcard type, e.g. *
 	}
 	// endpoint is a url which can have wildcard excludes, e.g.
@ -137,12 +143,18 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
 	for _, q := range queries {
 		for _, rule := range s.listRules(q...) {
-			if isValidRule(rule, acc, res) {
+			switch accessForRule(rule, acc, res) {
-				return nil
+			case rulePb.Access_UNKNOWN:
 				continue // rule did not specify access, check the next rule
 			case rulePb.Access_GRANTED:
 				return nil // rule grants the account access to the resource
 			case rulePb.Access_DENIED:
 				return auth.ErrForbidden // reule denies access to the resource
 			}
 		}
 	}
 	// no rules were found for the resource, default to denying access
 	return auth.ErrForbidden
 }
@ -162,7 +174,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
 		}
 	}
-	rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{
+	rsp, err := s.auth.Inspect(context.TODO(), &authPb.InspectRequest{
 		Token: token,
 	})
 	if err != nil {
@ -176,7 +188,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
 func (s *svc) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, error) {
 	options := auth.NewRefreshOptions(opts...)
-	rsp, err := s.auth.Refresh(context.Background(), &pb.RefreshRequest{
+	rsp, err := s.auth.Refresh(context.Background(), &authPb.RefreshRequest{
 		Secret:      secret,
 		TokenExpiry: int64(options.TokenExpiry.Seconds()),
 	})
@ -189,36 +201,36 @@ func (s *svc) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, e
 var ruleJoinKey = ":"
-// isValidRule returns a bool, indicating if a rule permits access to a
+// accessForRule returns a rule status, indicating if a rule permits access to a
 // resource for a given account
-func isValidRule(rule *pb.Rule, acc *auth.Account, res *auth.Resource) bool {
+func accessForRule(rule *rulePb.Rule, acc *auth.Account, res *auth.Resource) rulePb.Access {
 	if rule.Role == "*" {
-		return true
+		return rule.Access
 	}
 	for _, role := range acc.Roles {
 		if rule.Role == role {
-			return true
+			return rule.Access
 		}
 		// allow user.anything if role is user.*
 		if strings.HasSuffix(rule.Role, ".*") && strings.HasPrefix(rule.Role, role+".") {
-			return true
+			return rule.Access
 		}
 	}
-	return false
+	return rulePb.Access_DENIED
 }
 // listRules gets all the rules from the store which have an id
 // prefix matching the filters
-func (s *svc) listRules(filters ...string) []*pb.Rule {
+func (s *svc) listRules(filters ...string) []*rulePb.Rule {
 	s.Lock()
 	defer s.Unlock()
 	prefix := strings.Join(filters, ruleJoinKey)
-	var rules []*pb.Rule
+	var rules []*rulePb.Rule
 	for _, r := range s.rules {
 		if strings.HasPrefix(r.Id, prefix) {
 			rules = append(rules, r)
@ -230,7 +242,7 @@ func (s *svc) listRules(filters ...string) []*pb.Rule {
 // loadRules retrieves the rules from the auth service
 func (s *svc) loadRules() {
-	rsp, err := s.auth.ListRules(context.TODO(), &pb.ListRulesRequest{}, client.WithRetries(3))
+	rsp, err := s.rule.List(context.TODO(), &rulePb.ListRequest{})
 	s.Lock()
 	defer s.Unlock()
@ -242,7 +254,7 @@ func (s *svc) loadRules() {
 	s.rules = rsp.Rules
 }
-func serializeToken(t *pb.Token) *auth.Token {
+func serializeToken(t *authPb.Token) *auth.Token {
 	return &auth.Token{
 		Token:    t.Token,
 		Type:     t.Type,
@ -254,7 +266,7 @@ func serializeToken(t *pb.Token) *auth.Token {
 	}
 }
-func serializeAccount(a *pb.Account) *auth.Account {
+func serializeAccount(a *authPb.Account) *auth.Account {
 	var secret *auth.Token
 	if a.Secret != nil {
 		secret = serializeToken(a.Secret)
--- a/auth/token/basic/basic.go
+++ b/auth/token/basic/basic.go
@ -2,6 +2,7 @@ package basic
 import (
 	"encoding/json"
 	"fmt"
 	"time"
 	"github.com/google/uuid"
@ -15,6 +16,11 @@ type Basic struct {
 	store store.Store
 }
 var (
 	// StorePrefix to isolate tokens
 	StorePrefix = "tokens/"
 )
 // NewTokenProvider returns an initialized basic provider
 func NewTokenProvider(opts ...token.Option) token.Provider {
 	options := token.NewOptions(opts...)
@ -51,7 +57,7 @@ func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.To
 	// write to the store
 	err = b.store.Write(&store.Record{
-		Key:    token.Token,
+		Key:    fmt.Sprintf("%v%v", StorePrefix, token.Token),
 		Value:  bytes,
 		Expiry: options.Expiry,
 	})
@ -66,7 +72,7 @@ func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.To
 // Inspect a token
 func (b *Basic) Inspect(t string) (*auth.Token, error) {
 	// lookup the token in the store
-	recs, err := b.store.Read(t)
+	recs, err := b.store.Read(StorePrefix + t)
 	if err == store.ErrNotFound {
 		return nil, token.ErrInvalidToken
 	} else if err != nil {