Auth (#1147)

Implement the Auth interface, with JWT and service implementations. * Update Auth Interface * Define Auth Service Implementation * Support Service Auth * Add Auth Service Proto * Remove erronious files * Implement Auth Service Package * Update Auth Interface * Update Auth Interface. Add Validate, remove Add/Remove roles * Make Revoke interface more explicit * Refactor serializing and deserializing service accounts * Fix srv name & update interface to be more explicit * Require jwt public key for auth * Rename Variables (Resource.ID => Resource.Name & ServiceAccount => Account) * Implement JWT Auth Package * Remove parent, add ID * Update auth imports to v2. Add String() to auth interface
2020-02-03 08:16:02 +00:00
parent 449bcb46fe
commit d621548120
16 changed files with 1103 additions and 26 deletions
--- a/auth/service/proto/auth.pb.go
+++ b/auth/service/proto/auth.pb.go
@@ -0,0 +1,466 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: auth/service/proto/auth.proto
+
+package go_micro_auth
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type Account struct {
+	Id                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Token                string            `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
+	Created              int64             `protobuf:"varint,3,opt,name=created,proto3" json:"created,omitempty"`
+	Expiry               int64             `protobuf:"varint,4,opt,name=expiry,proto3" json:"expiry,omitempty"`
+	Roles                []*Role           `protobuf:"bytes,5,rep,name=roles,proto3" json:"roles,omitempty"`
+	Metadata             map[string]string `protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *Account) Reset()         { *m = Account{} }
+func (m *Account) String() string { return proto.CompactTextString(m) }
+func (*Account) ProtoMessage()    {}
+func (*Account) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{0}
+}
+
+func (m *Account) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Account.Unmarshal(m, b)
+}
+func (m *Account) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Account.Marshal(b, m, deterministic)
+}
+func (m *Account) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Account.Merge(m, src)
+}
+func (m *Account) XXX_Size() int {
+	return xxx_messageInfo_Account.Size(m)
+}
+func (m *Account) XXX_DiscardUnknown() {
+	xxx_messageInfo_Account.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Account proto.InternalMessageInfo
+
+func (m *Account) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func (m *Account) GetToken() string {
+	if m != nil {
+		return m.Token
+	}
+	return ""
+}
+
+func (m *Account) GetCreated() int64 {
+	if m != nil {
+		return m.Created
+	}
+	return 0
+}
+
+func (m *Account) GetExpiry() int64 {
+	if m != nil {
+		return m.Expiry
+	}
+	return 0
+}
+
+func (m *Account) GetRoles() []*Role {
+	if m != nil {
+		return m.Roles
+	}
+	return nil
+}
+
+func (m *Account) GetMetadata() map[string]string {
+	if m != nil {
+		return m.Metadata
+	}
+	return nil
+}
+
+type Role struct {
+	Name                 string    `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Resource             *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *Role) Reset()         { *m = Role{} }
+func (m *Role) String() string { return proto.CompactTextString(m) }
+func (*Role) ProtoMessage()    {}
+func (*Role) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{1}
+}
+
+func (m *Role) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Role.Unmarshal(m, b)
+}
+func (m *Role) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Role.Marshal(b, m, deterministic)
+}
+func (m *Role) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Role.Merge(m, src)
+}
+func (m *Role) XXX_Size() int {
+	return xxx_messageInfo_Role.Size(m)
+}
+func (m *Role) XXX_DiscardUnknown() {
+	xxx_messageInfo_Role.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Role proto.InternalMessageInfo
+
+func (m *Role) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Role) GetResource() *Resource {
+	if m != nil {
+		return m.Resource
+	}
+	return nil
+}
+
+type Resource struct {
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Type                 string   `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Resource) Reset()         { *m = Resource{} }
+func (m *Resource) String() string { return proto.CompactTextString(m) }
+func (*Resource) ProtoMessage()    {}
+func (*Resource) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{2}
+}
+
+func (m *Resource) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Resource.Unmarshal(m, b)
+}
+func (m *Resource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Resource.Marshal(b, m, deterministic)
+}
+func (m *Resource) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Resource.Merge(m, src)
+}
+func (m *Resource) XXX_Size() int {
+	return xxx_messageInfo_Resource.Size(m)
+}
+func (m *Resource) XXX_DiscardUnknown() {
+	xxx_messageInfo_Resource.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Resource proto.InternalMessageInfo
+
+func (m *Resource) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Resource) GetType() string {
+	if m != nil {
+		return m.Type
+	}
+	return ""
+}
+
+type GenerateRequest struct {
+	Account              *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GenerateRequest) Reset()         { *m = GenerateRequest{} }
+func (m *GenerateRequest) String() string { return proto.CompactTextString(m) }
+func (*GenerateRequest) ProtoMessage()    {}
+func (*GenerateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{3}
+}
+
+func (m *GenerateRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GenerateRequest.Unmarshal(m, b)
+}
+func (m *GenerateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GenerateRequest.Marshal(b, m, deterministic)
+}
+func (m *GenerateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GenerateRequest.Merge(m, src)
+}
+func (m *GenerateRequest) XXX_Size() int {
+	return xxx_messageInfo_GenerateRequest.Size(m)
+}
+func (m *GenerateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_GenerateRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GenerateRequest proto.InternalMessageInfo
+
+func (m *GenerateRequest) GetAccount() *Account {
+	if m != nil {
+		return m.Account
+	}
+	return nil
+}
+
+type GenerateResponse struct {
+	Account              *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *GenerateResponse) Reset()         { *m = GenerateResponse{} }
+func (m *GenerateResponse) String() string { return proto.CompactTextString(m) }
+func (*GenerateResponse) ProtoMessage()    {}
+func (*GenerateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{4}
+}
+
+func (m *GenerateResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_GenerateResponse.Unmarshal(m, b)
+}
+func (m *GenerateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_GenerateResponse.Marshal(b, m, deterministic)
+}
+func (m *GenerateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GenerateResponse.Merge(m, src)
+}
+func (m *GenerateResponse) XXX_Size() int {
+	return xxx_messageInfo_GenerateResponse.Size(m)
+}
+func (m *GenerateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_GenerateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GenerateResponse proto.InternalMessageInfo
+
+func (m *GenerateResponse) GetAccount() *Account {
+	if m != nil {
+		return m.Account
+	}
+	return nil
+}
+
+type ValidateRequest struct {
+	Token                string   `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ValidateRequest) Reset()         { *m = ValidateRequest{} }
+func (m *ValidateRequest) String() string { return proto.CompactTextString(m) }
+func (*ValidateRequest) ProtoMessage()    {}
+func (*ValidateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{5}
+}
+
+func (m *ValidateRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ValidateRequest.Unmarshal(m, b)
+}
+func (m *ValidateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ValidateRequest.Marshal(b, m, deterministic)
+}
+func (m *ValidateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidateRequest.Merge(m, src)
+}
+func (m *ValidateRequest) XXX_Size() int {
+	return xxx_messageInfo_ValidateRequest.Size(m)
+}
+func (m *ValidateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidateRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidateRequest proto.InternalMessageInfo
+
+func (m *ValidateRequest) GetToken() string {
+	if m != nil {
+		return m.Token
+	}
+	return ""
+}
+
+type ValidateResponse struct {
+	Account              *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ValidateResponse) Reset()         { *m = ValidateResponse{} }
+func (m *ValidateResponse) String() string { return proto.CompactTextString(m) }
+func (*ValidateResponse) ProtoMessage()    {}
+func (*ValidateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{6}
+}
+
+func (m *ValidateResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ValidateResponse.Unmarshal(m, b)
+}
+func (m *ValidateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ValidateResponse.Marshal(b, m, deterministic)
+}
+func (m *ValidateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidateResponse.Merge(m, src)
+}
+func (m *ValidateResponse) XXX_Size() int {
+	return xxx_messageInfo_ValidateResponse.Size(m)
+}
+func (m *ValidateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidateResponse proto.InternalMessageInfo
+
+func (m *ValidateResponse) GetAccount() *Account {
+	if m != nil {
+		return m.Account
+	}
+	return nil
+}
+
+type RevokeRequest struct {
+	Token                string   `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *RevokeRequest) Reset()         { *m = RevokeRequest{} }
+func (m *RevokeRequest) String() string { return proto.CompactTextString(m) }
+func (*RevokeRequest) ProtoMessage()    {}
+func (*RevokeRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{7}
+}
+
+func (m *RevokeRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_RevokeRequest.Unmarshal(m, b)
+}
+func (m *RevokeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_RevokeRequest.Marshal(b, m, deterministic)
+}
+func (m *RevokeRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RevokeRequest.Merge(m, src)
+}
+func (m *RevokeRequest) XXX_Size() int {
+	return xxx_messageInfo_RevokeRequest.Size(m)
+}
+func (m *RevokeRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_RevokeRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RevokeRequest proto.InternalMessageInfo
+
+func (m *RevokeRequest) GetToken() string {
+	if m != nil {
+		return m.Token
+	}
+	return ""
+}
+
+type RevokeResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *RevokeResponse) Reset()         { *m = RevokeResponse{} }
+func (m *RevokeResponse) String() string { return proto.CompactTextString(m) }
+func (*RevokeResponse) ProtoMessage()    {}
+func (*RevokeResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_21300bfacc51fc2a, []int{8}
+}
+
+func (m *RevokeResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_RevokeResponse.Unmarshal(m, b)
+}
+func (m *RevokeResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_RevokeResponse.Marshal(b, m, deterministic)
+}
+func (m *RevokeResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RevokeResponse.Merge(m, src)
+}
+func (m *RevokeResponse) XXX_Size() int {
+	return xxx_messageInfo_RevokeResponse.Size(m)
+}
+func (m *RevokeResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_RevokeResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RevokeResponse proto.InternalMessageInfo
+
+func init() {
+	proto.RegisterType((*Account)(nil), "go.micro.auth.Account")
+	proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.Account.MetadataEntry")
+	proto.RegisterType((*Role)(nil), "go.micro.auth.Role")
+	proto.RegisterType((*Resource)(nil), "go.micro.auth.Resource")
+	proto.RegisterType((*GenerateRequest)(nil), "go.micro.auth.GenerateRequest")
+	proto.RegisterType((*GenerateResponse)(nil), "go.micro.auth.GenerateResponse")
+	proto.RegisterType((*ValidateRequest)(nil), "go.micro.auth.ValidateRequest")
+	proto.RegisterType((*ValidateResponse)(nil), "go.micro.auth.ValidateResponse")
+	proto.RegisterType((*RevokeRequest)(nil), "go.micro.auth.RevokeRequest")
+	proto.RegisterType((*RevokeResponse)(nil), "go.micro.auth.RevokeResponse")
+}
+
+func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
+
+var fileDescriptor_21300bfacc51fc2a = []byte{
+	// 429 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x53, 0x4d, 0x6f, 0xd3, 0x40,
+	0x10, 0xad, 0x3f, 0xe2, 0x98, 0x89, 0xd2, 0x46, 0x03, 0x2a, 0x56, 0x44, 0x21, 0xb2, 0x40, 0x84,
+	0x8b, 0x83, 0xdc, 0x0b, 0x82, 0x0b, 0x15, 0xa0, 0x9e, 0x2a, 0xa4, 0x3d, 0x70, 0x5f, 0xec, 0x11,
+	0xb5, 0xe2, 0x78, 0xcd, 0x7a, 0x1d, 0xe1, 0xdf, 0xc0, 0x6f, 0xe5, 0x3f, 0x20, 0xaf, 0xbd, 0x69,
+	0xea, 0xb4, 0xaa, 0xd4, 0xdb, 0x7c, 0xbc, 0x79, 0xf3, 0xde, 0x68, 0x17, 0xce, 0x78, 0xad, 0xae,
+	0x57, 0x15, 0xc9, 0x6d, 0x96, 0xd0, 0xaa, 0x94, 0x42, 0x89, 0x55, 0x5b, 0x8a, 0x74, 0x88, 0xd3,
+	0x5f, 0x22, 0xda, 0x64, 0x89, 0x14, 0x51, 0x5b, 0x0c, 0xff, 0xda, 0x30, 0xbe, 0x48, 0x12, 0x51,
+	0x17, 0x0a, 0x8f, 0xc1, 0xce, 0xd2, 0xc0, 0x5a, 0x58, 0xcb, 0x27, 0xcc, 0xce, 0x52, 0x7c, 0x06,
+	0x23, 0x25, 0xd6, 0x54, 0x04, 0xb6, 0x2e, 0x75, 0x09, 0x06, 0x30, 0x4e, 0x24, 0x71, 0x45, 0x69,
+	0xe0, 0x2c, 0xac, 0xa5, 0xc3, 0x4c, 0x8a, 0xa7, 0xe0, 0xd1, 0x9f, 0x32, 0x93, 0x4d, 0xe0, 0xea,
+	0x46, 0x9f, 0xe1, 0x3b, 0x18, 0x49, 0x91, 0x53, 0x15, 0x8c, 0x16, 0xce, 0x72, 0x12, 0x3f, 0x8d,
+	0x6e, 0x49, 0x88, 0x98, 0xc8, 0x89, 0x75, 0x08, 0xfc, 0x0c, 0xfe, 0x86, 0x14, 0x4f, 0xb9, 0xe2,
+	0x81, 0xa7, 0xd1, 0xaf, 0x07, 0xe8, 0x5e, 0x6c, 0x74, 0xd5, 0xc3, 0xbe, 0x15, 0x4a, 0x36, 0x6c,
+	0x37, 0x35, 0xff, 0x04, 0xd3, 0x5b, 0x2d, 0x9c, 0x81, 0xb3, 0xa6, 0xa6, 0xb7, 0xd5, 0x86, 0xad,
+	0xaf, 0x2d, 0xcf, 0x6b, 0x32, 0xbe, 0x74, 0xf2, 0xd1, 0xfe, 0x60, 0x85, 0xdf, 0xc1, 0x6d, 0xd5,
+	0x20, 0x82, 0x5b, 0xf0, 0x0d, 0xf5, 0x43, 0x3a, 0xc6, 0x73, 0xf0, 0x25, 0x55, 0xa2, 0x96, 0x49,
+	0x37, 0x38, 0x89, 0x9f, 0x0f, 0x8d, 0xf4, 0x6d, 0xb6, 0x03, 0x86, 0x31, 0xf8, 0xa6, 0x7a, 0x27,
+	0x29, 0x82, 0xab, 0x9a, 0xd2, 0x28, 0xd1, 0x71, 0xf8, 0x05, 0x4e, 0x2e, 0xa9, 0x20, 0xc9, 0x15,
+	0x31, 0xfa, 0x5d, 0x53, 0xa5, 0xf0, 0x3d, 0x8c, 0x79, 0xe7, 0x5b, 0x4f, 0x4f, 0xe2, 0xd3, 0xbb,
+	0xaf, 0xc2, 0x0c, 0x2c, 0xfc, 0x0a, 0xb3, 0x1b, 0x92, 0xaa, 0x14, 0x45, 0x45, 0x8f, 0x60, 0x79,
+	0x0b, 0x27, 0x3f, 0x78, 0x9e, 0xa5, 0x7b, 0x52, 0x76, 0x8f, 0xc2, 0xda, 0x7b, 0x14, 0xed, 0xba,
+	0x1b, 0xe0, 0xa3, 0xd7, 0xbd, 0x81, 0x29, 0xa3, 0xad, 0x58, 0x3f, 0xb0, 0x6c, 0x06, 0xc7, 0x06,
+	0xd6, 0xad, 0x8a, 0xff, 0x59, 0xe0, 0x5e, 0xd4, 0xea, 0x1a, 0xaf, 0xc0, 0x37, 0xb6, 0xf1, 0xe5,
+	0x60, 0xdd, 0xe0, 0xa8, 0xf3, 0x57, 0xf7, 0xf6, 0x3b, 0xd6, 0xf0, 0xa8, 0xa5, 0x33, 0xb6, 0x0e,
+	0xe8, 0x06, 0x87, 0x39, 0xa0, 0x1b, 0xde, 0x23, 0x3c, 0xc2, 0x4b, 0xf0, 0x3a, 0xe1, 0xf8, 0xe2,
+	0xe0, 0xe9, 0xec, 0xd9, 0x9e, 0x9f, 0xdd, 0xd3, 0x35, 0x44, 0x3f, 0x3d, 0xfd, 0x97, 0xcf, 0xff,
+	0x07, 0x00, 0x00, 0xff, 0xff, 0x79, 0x35, 0xb2, 0x7e, 0xec, 0x03, 0x00, 0x00,
+}
--- a/auth/service/proto/auth.pb.micro.go
+++ b/auth/service/proto/auth.pb.micro.go
@@ -0,0 +1,125 @@
+// Code generated by protoc-gen-micro. DO NOT EDIT.
+// source: auth/service/proto/auth.proto
+
+package go_micro_auth
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+import (
+	context "context"
+	client "github.com/micro/go-micro/client"
+	server "github.com/micro/go-micro/server"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ client.Option
+var _ server.Option
+
+// Client API for Auth service
+
+type AuthService interface {
+	Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
+	Validate(ctx context.Context, in *ValidateRequest, opts ...client.CallOption) (*ValidateResponse, error)
+	Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error)
+}
+
+type authService struct {
+	c    client.Client
+	name string
+}
+
+func NewAuthService(name string, c client.Client) AuthService {
+	if c == nil {
+		c = client.NewClient()
+	}
+	if len(name) == 0 {
+		name = "go.micro.auth"
+	}
+	return &authService{
+		c:    c,
+		name: name,
+	}
+}
+
+func (c *authService) Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error) {
+	req := c.c.NewRequest(c.name, "Auth.Generate", in)
+	out := new(GenerateResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authService) Validate(ctx context.Context, in *ValidateRequest, opts ...client.CallOption) (*ValidateResponse, error) {
+	req := c.c.NewRequest(c.name, "Auth.Validate", in)
+	out := new(ValidateResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authService) Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error) {
+	req := c.c.NewRequest(c.name, "Auth.Revoke", in)
+	out := new(RevokeResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for Auth service
+
+type AuthHandler interface {
+	Generate(context.Context, *GenerateRequest, *GenerateResponse) error
+	Validate(context.Context, *ValidateRequest, *ValidateResponse) error
+	Revoke(context.Context, *RevokeRequest, *RevokeResponse) error
+}
+
+func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
+	type auth interface {
+		Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
+		Validate(ctx context.Context, in *ValidateRequest, out *ValidateResponse) error
+		Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error
+	}
+	type Auth struct {
+		auth
+	}
+	h := &authHandler{hdlr}
+	return s.Handle(s.NewHandler(&Auth{h}, opts...))
+}
+
+type authHandler struct {
+	AuthHandler
+}
+
+func (h *authHandler) Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error {
+	return h.AuthHandler.Generate(ctx, in, out)
+}
+
+func (h *authHandler) Validate(ctx context.Context, in *ValidateRequest, out *ValidateResponse) error {
+	return h.AuthHandler.Validate(ctx, in, out)
+}
+
+func (h *authHandler) Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error {
+	return h.AuthHandler.Revoke(ctx, in, out)
+}
--- a/auth/service/proto/auth.proto
+++ b/auth/service/proto/auth.proto
@@ -0,0 +1,50 @@
+syntax = "proto3";
+
+package go.micro.auth;
+
+service Auth {
+    rpc Generate(GenerateRequest) returns (GenerateResponse) {};
+    rpc Validate(ValidateRequest) returns (ValidateResponse) {};
+    rpc Revoke(RevokeRequest)  returns (RevokeResponse) {};
+}
+
+message Account{
+    string id = 1;
+    string token = 2;
+    int64 created = 3;
+    int64 expiry = 4;
+    repeated Role roles = 5;
+	map<string, string> metadata = 6;
+}
+
+message Role {
+    string name = 1;
+    Resource resource = 2;
+}
+
+message Resource{
+    string name = 1;
+    string type = 2;
+}
+
+message GenerateRequest {
+    Account account = 1;
+}
+
+message GenerateResponse {
+    Account account = 1;
+}
+
+message ValidateRequest {
+    string token = 1;
+}
+
+message ValidateResponse {
+    Account account = 1;
+}
+
+message RevokeRequest {
+    string token = 1;
+}
+
+message RevokeResponse {}
--- a/auth/service/service.go
+++ b/auth/service/service.go
@@ -0,0 +1,128 @@
+package service
+
+import (
+	"context"
+	"time"
+
+	"github.com/micro/go-micro/client"
+	"github.com/micro/go-micro/v2/auth"
+	pb "github.com/micro/go-micro/v2/auth/service/proto"
+)
+
+// NewAuth returns a new instance of the Auth service
+func NewAuth(opts ...auth.Option) auth.Auth {
+	svc := new(svc)
+	svc.Init(opts...)
+	return svc
+}
+
+// svc is the service implementation of the Auth interface
+type svc struct {
+	options auth.Options
+	auth    pb.AuthService
+}
+
+func (s *svc) String() string {
+	return "service"
+}
+
+func (s *svc) Init(opts ...auth.Option) error {
+	for _, o := range opts {
+		o(&s.options)
+	}
+
+	dc := client.DefaultClient
+	s.auth = pb.NewAuthService("go.micro.auth", dc)
+
+	return nil
+}
+
+// Generate a new auth account
+func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
+	// construct the request
+	options := auth.NewGenerateOptions(opts...)
+	sa := &auth.Account{
+		Id:       id,
+		Roles:    options.Roles,
+		Metadata: options.Metadata,
+	}
+	req := &pb.GenerateRequest{Account: serializeAccount(sa)}
+
+	// execute the request
+	resp, err := s.auth.Generate(context.Background(), req)
+	if err != nil {
+		return nil, err
+	}
+
+	// format the response
+	return deserializeAccount(resp.Account), nil
+}
+
+// Revoke an authorization account
+func (s *svc) Revoke(token string) error {
+	// contruct the request
+	req := &pb.RevokeRequest{Token: token}
+
+	// execute the request
+	_, err := s.auth.Revoke(context.Background(), req)
+	return err
+}
+
+// Validate an account token
+func (s *svc) Validate(token string) (*auth.Account, error) {
+	resp, err := s.auth.Validate(context.Background(), &pb.ValidateRequest{Token: token})
+	if err != nil {
+		return nil, err
+	}
+
+	return deserializeAccount(resp.Account), nil
+}
+
+func serializeAccount(sa *auth.Account) *pb.Account {
+	roles := make([]*pb.Role, len(sa.Roles))
+	for i, r := range sa.Roles {
+		roles[i] = &pb.Role{
+			Name: r.Name,
+		}
+
+		if r.Resource != nil {
+			roles[i].Resource = &pb.Resource{
+				Name: r.Resource.Name,
+				Type: r.Resource.Type,
+			}
+		}
+	}
+
+	return &pb.Account{
+		Id:       sa.Id,
+		Roles:    roles,
+		Metadata: sa.Metadata,
+	}
+}
+
+func deserializeAccount(a *pb.Account) *auth.Account {
+	// format the response
+	sa := &auth.Account{
+		Id:       a.Id,
+		Token:    a.Token,
+		Created:  time.Unix(a.Created, 0),
+		Expiry:   time.Unix(a.Expiry, 0),
+		Metadata: a.Metadata,
+	}
+
+	sa.Roles = make([]*auth.Role, len(a.Roles))
+	for i, r := range a.Roles {
+		sa.Roles[i] = &auth.Role{
+			Name: r.Name,
+		}
+
+		if r.Resource != nil {
+			sa.Roles[i].Resource = &auth.Resource{
+				Name: r.Resource.Name,
+				Type: r.Resource.Type,
+			}
+		}
+	}
+
+	return sa
+}