Replace auth account.Namespace with account.Scopes

api/resolver/options.go

@@ -2,8 +2,6 @@ package resolver
 
 import (
 	"net/http"
-
-	"github.com/micro/go-micro/v2/auth"
 )
 
 // NewOptions returns new initialised options
@@ -14,7 +12,7 @@ func NewOptions(opts ...Option) Options {
 	}
 
 	if options.Namespace == nil {
-		options.Namespace = StaticNamespace(auth.DefaultNamespace)
+		options.Namespace = StaticNamespace("go.micro")
 	}
 
 	return options

auth/auth.go

@@ -50,8 +50,6 @@ type Resource struct {
 	Type string `json:"type"`
 	// Endpoint resource e.g NotesService.Create
 	Endpoint string `json:"endpoint"`
-	// Namespace the resource belongs to
-	Namespace string `json:"namespace"`
 }
 
 // Account provided by an auth provider
@@ -66,12 +64,27 @@ type Account struct {
 	Roles []string `json:"roles"`
 	// Any other associated metadata
 	Metadata map[string]string `json:"metadata"`
-	// Namespace the account belongs to
+	// Scopes the account has access to
-	Namespace string `json:"namespace"`
+	Scopes []string `json:"scopes"`
 	// Secret for the account, e.g. the password
 	Secret string `json:"secret"`
 }
 
+// HasScope returns a boolean indicating if the account has the given scope
+func (a *Account) HasScope(scope string) bool {
+	if a.Scopes == nil {
+		return false
+	}
+
+	for _, s := range a.Scopes {
+		if s == scope {
+			return true
+		}
+	}
+
+	return false
+}
+
 // HasRole returns a boolean indicating if the account has the given role
 func (a *Account) HasRole(role string) bool {
 	if a.Roles == nil {
@@ -100,8 +113,6 @@ type Token struct {
 }
 
 const (
-	// DefaultNamespace used for auth
-	DefaultNamespace = "go.micro"
 	// TokenCookieName is the name of the cookie which stores the auth token
 	TokenCookieName = "micro-token"
 	// BearerScheme used for Authorization header

auth/auth_test.go

@@ -2,6 +2,19 @@ package auth
 
 import "testing"
 
+func TestHasScope(t *testing.T) {
+	if new(Account).HasScope("namespace.foo") {
+		t.Errorf("Expected the blank account to not have a role")
+	}
+
+	acc := Account{Scopes: []string{"namespace.foo"}}
+	if !acc.HasScope("namespace.foo") {
+		t.Errorf("Expected the account to have the namespace.foo role")
+	}
+	if acc.HasScope("namespace.bar") {
+		t.Errorf("Expected the account to not have the namespace.bar role")
+	}
+}
 func TestHasRole(t *testing.T) {
 	if new(Account).HasRole("foo") {
 		t.Errorf("Expected the blank account to not have a role")

auth/default.go

@@ -49,11 +49,11 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
 	options := NewGenerateOptions(opts...)
 
 	return &Account{
-		ID:        id,
+		ID:       id,
-		Roles:     options.Roles,
+		Roles:    options.Roles,
-		Secret:    options.Secret,
+		Secret:   options.Secret,
-		Metadata:  options.Metadata,
+		Metadata: options.Metadata,
-		Namespace: DefaultNamespace,
+		Scopes:   options.Scopes,
 	}, nil
 }
 
@@ -74,10 +74,7 @@ func (n *noop) Verify(acc *Account, res *Resource) error {
 
 // Inspect a token
 func (n *noop) Inspect(token string) (*Account, error) {
-	return &Account{
+	return &Account{ID: uuid.New().String()}, nil
-		ID:        uuid.New().String(),
-		Namespace: DefaultNamespace,
-	}, nil
 }
 
 // Token generation using an account id and secret

auth/jwt/jwt.go

@@ -1,6 +1,7 @@
 package jwt
 
 import (
+	"fmt"
 	"sync"
 	"time"
 
@@ -41,10 +42,6 @@ func (j *jwt) Init(opts ...auth.Option) {
 		o(&j.options)
 	}
 
-	if len(j.options.Namespace) == 0 {
-		j.options.Namespace = auth.DefaultNamespace
-	}
-
 	j.jwt = jwtToken.NewTokenProvider(
 		token.WithPrivateKey(j.options.PrivateKey),
 		token.WithPublicKey(j.options.PublicKey),
@@ -60,12 +57,12 @@ func (j *jwt) Options() auth.Options {
 func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
 	options := auth.NewGenerateOptions(opts...)
 	account := &auth.Account{
-		ID:        id,
+		ID:       id,
-		Type:      options.Type,
+		Type:     options.Type,
-		Roles:     options.Roles,
+		Roles:    options.Roles,
-		Provider:  options.Provider,
+		Scopes:   options.Scopes,
-		Metadata:  options.Metadata,
+		Provider: options.Provider,
-		Namespace: options.Namespace,
+		Metadata: options.Metadata,
 	}
 
 	// generate a JWT secret which can be provided to the Token() method
@@ -111,18 +108,18 @@ func (j *jwt) Revoke(role string, res *auth.Resource) error {
 }
 
 func (j *jwt) Verify(acc *auth.Account, res *auth.Resource) error {
-	j.Lock()
+	// check the scope
-	if len(res.Namespace) == 0 {
+	scope := "namespace." + j.options.Namespace
-		res.Namespace = j.options.Namespace
+	if acc != nil && !acc.HasScope(scope) {
+		return fmt.Errorf("Missing required scope: %v", scope)
 	}
+
+	j.Lock()
 	rules := j.rules
 	j.Unlock()
 
 	for _, rule := range rules {
 		// validate the rule applies to the requested resource
-		if rule.resource.Namespace != "*" && rule.resource.Namespace != res.Namespace {
-			continue
-		}
 		if rule.resource.Type != "*" && rule.resource.Type != res.Type {
 			continue
 		}

auth/options.go

@@ -13,9 +13,6 @@ func NewOptions(opts ...Option) Options {
 	for _, o := range opts {
 		o(&options)
 	}
-	if len(options.Namespace) == 0 {
-		options.Namespace = DefaultNamespace
-	}
 	if options.Client == nil {
 		options.Client = client.DefaultClient
 	}
@@ -126,8 +123,8 @@ type GenerateOptions struct {
 	Metadata map[string]string
 	// Roles/scopes associated with the account
 	Roles []string
-	// Namespace the account belongs too
+	// Scopes the account hasaccess too
-	Namespace string
+	Scopes []string
 	// Provider of the account, e.g. oauth
 	Provider string
 	// Type of the account, e.g. user
@@ -166,10 +163,10 @@ func WithRoles(rs ...string) GenerateOption {
 	}
 }
 
-// WithNamespace for the generated account
+// WithScopes for the generated account
-func WithNamespace(n string) GenerateOption {
+func WithScopes(s ...string) GenerateOption {
 	return func(o *GenerateOptions) {
-		o.Namespace = n
+		o.Scopes = s
 	}
 }
 

auth/service/proto/auth.pb.go

@@ -190,7 +190,7 @@ type Account struct {
 	Type                 string            `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
 	Roles                []string          `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
 	Metadata             map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	Namespace            string            `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Scopes               []string          `protobuf:"bytes,5,rep,name=scopes,proto3" json:"scopes,omitempty"`
 	Provider             string            `protobuf:"bytes,6,opt,name=provider,proto3" json:"provider,omitempty"`
 	Secret               string            `protobuf:"bytes,7,opt,name=secret,proto3" json:"secret,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
@@ -251,11 +251,11 @@ func (m *Account) GetMetadata() map[string]string {
 	return nil
 }
 
-func (m *Account) GetNamespace() string {
+func (m *Account) GetScopes() []string {
 	if m != nil {
-		return m.Namespace
+		return m.Scopes
 	}
-	return ""
+	return nil
 }
 
 func (m *Account) GetProvider() string {
@@ -276,7 +276,6 @@ type Resource struct {
 	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	Type                 string   `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
 	Endpoint             string   `protobuf:"bytes,3,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
-	Namespace            string   `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -328,18 +327,11 @@ func (m *Resource) GetEndpoint() string {
 	return ""
 }
 
-func (m *Resource) GetNamespace() string {
-	if m != nil {
-		return m.Namespace
-	}
-	return ""
-}
-
 type GenerateRequest struct {
 	Id                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	Roles                []string          `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
 	Metadata             map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	Namespace            string            `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Scopes               []string          `protobuf:"bytes,4,rep,name=scopes,proto3" json:"scopes,omitempty"`
 	Secret               string            `protobuf:"bytes,5,opt,name=secret,proto3" json:"secret,omitempty"`
 	Type                 string            `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
 	Provider             string            `protobuf:"bytes,7,opt,name=provider,proto3" json:"provider,omitempty"`
@@ -394,11 +386,11 @@ func (m *GenerateRequest) GetMetadata() map[string]string {
 	return nil
 }
 
-func (m *GenerateRequest) GetNamespace() string {
+func (m *GenerateRequest) GetScopes() []string {
 	if m != nil {
-		return m.Namespace
+		return m.Scopes
 	}
-	return ""
+	return nil
 }
 
 func (m *GenerateRequest) GetSecret() string {
@@ -1157,64 +1149,63 @@ func init() {
 func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
 
 var fileDescriptor_21300bfacc51fc2a = []byte{
-	// 900 bytes of a gzipped FileDescriptorProto
+	// 892 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x8e, 0xdb, 0x44,
-	0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xfc, 0x6c, 0x34, 0xdd, 0x16, 0x2b, 0xed, 0x96, 0xad, 0x8b,
+	0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xc4, 0xd9, 0x68, 0xba, 0x2d, 0x96, 0xcb, 0x96, 0xad, 0x8b,
 	0xd0, 0x52, 0x41, 0x16, 0xa5, 0x37, 0x40, 0x6f, 0x58, 0x35, 0x51, 0x68, 0xa1, 0x41, 0x58, 0x45,
-	0xe5, 0x06, 0x55, 0xc6, 0x39, 0xb0, 0xd6, 0x66, 0x6d, 0x33, 0x33, 0x5e, 0x91, 0x1b, 0x24, 0xde,
+	0xe5, 0x06, 0x55, 0xc6, 0x39, 0xb0, 0xd6, 0x66, 0x6d, 0x33, 0x33, 0x5e, 0x91, 0x1b, 0x24, 0x5e,
-	0x81, 0x37, 0x80, 0x2b, 0x9e, 0x89, 0x7b, 0x5e, 0x03, 0xcd, 0x9f, 0x37, 0x76, 0x9c, 0xaa, 0x40,
+	0x80, 0x47, 0xe0, 0x86, 0x3b, 0x9e, 0x89, 0x7b, 0x5e, 0x03, 0x79, 0x7e, 0xbc, 0xb1, 0xe3, 0x54,
-	0x2f, 0xb8, 0x9b, 0x33, 0xe7, 0xf8, 0xcc, 0xf7, 0x7d, 0xe7, 0xcc, 0xf1, 0xc0, 0x51, 0x54, 0xf0,
+	0x05, 0x7a, 0xd1, 0xbb, 0x39, 0x33, 0x67, 0xce, 0x7c, 0xdf, 0x77, 0x7e, 0x6c, 0x38, 0x8a, 0x0a,
-	0xf3, 0x53, 0x86, 0xf4, 0x2a, 0x89, 0xf1, 0x34, 0xa7, 0x19, 0xcf, 0x4e, 0xc5, 0xd6, 0x58, 0x2e,
+	0x7e, 0x7e, 0xca, 0x90, 0x5e, 0x25, 0x31, 0x9e, 0xe6, 0x34, 0xe3, 0xd9, 0x69, 0xb9, 0x35, 0x16,
-	0x49, 0xff, 0x87, 0x6c, 0x7c, 0x99, 0xc4, 0x34, 0x1b, 0x8b, 0xcd, 0xe0, 0x26, 0xdc, 0xf8, 0x22,
+	0x4b, 0xe2, 0xfe, 0x98, 0x8d, 0x2f, 0x93, 0x98, 0x66, 0xe3, 0x72, 0x33, 0xb8, 0x09, 0x37, 0xbe,
-	0x61, 0xfc, 0x2c, 0x8e, 0xb3, 0x22, 0xe5, 0x2c, 0xc4, 0x1f, 0x0b, 0x64, 0x3c, 0x78, 0x0a, 0x87,
+	0x4c, 0x18, 0x3f, 0x8b, 0xe3, 0xac, 0x48, 0x39, 0x0b, 0xf1, 0xa7, 0x02, 0x19, 0x0f, 0x9e, 0xc0,
-	0xd5, 0x6d, 0x96, 0x67, 0x29, 0x43, 0x32, 0x81, 0x4e, 0xa4, 0xf7, 0x7c, 0xeb, 0xd8, 0x39, 0xe9,
+	0x61, 0x7d, 0x9b, 0xe5, 0x59, 0xca, 0x90, 0x4c, 0xa0, 0x17, 0xa9, 0x3d, 0xcf, 0x38, 0xb6, 0x4e,
-	0x4e, 0x6e, 0x8d, 0x2b, 0x09, 0xc7, 0xfa, 0x93, 0xb0, 0x8c, 0x0b, 0x7e, 0xb1, 0xa0, 0xf5, 0x3c,
+	0xfa, 0x93, 0x5b, 0xe3, 0x5a, 0xc0, 0xb1, 0xba, 0x12, 0x56, 0x7e, 0xc1, 0xaf, 0x06, 0x74, 0x9e,
-	0xbb, 0xc0, 0x94, 0xdc, 0x83, 0x5e, 0x14, 0xc7, 0xc8, 0xd8, 0x4b, 0x2e, 0x6c, 0xdf, 0x3a, 0xb6,
+	0x65, 0x17, 0x98, 0x92, 0xbb, 0x30, 0x88, 0xe2, 0x18, 0x19, 0x7b, 0xc1, 0x4b, 0xdb, 0x33, 0x8e,
-	0x4e, 0xf6, 0xc3, 0xae, 0xda, 0x53, 0x21, 0xf7, 0xa1, 0x4f, 0xf1, 0x7b, 0x8a, 0xec, 0x5c, 0xc7,
+	0x8d, 0x93, 0xfd, 0xb0, 0x2f, 0xf7, 0xa4, 0xcb, 0x3d, 0x70, 0x29, 0xfe, 0x40, 0x91, 0x9d, 0x2b,
-	0xd8, 0x32, 0xa6, 0xa7, 0x37, 0x55, 0x90, 0x0f, 0xed, 0x98, 0x62, 0xc4, 0x71, 0xe9, 0x3b, 0xc7,
+	0x1f, 0x53, 0xf8, 0x0c, 0xd4, 0xa6, 0x74, 0xf2, 0xa0, 0x1b, 0x53, 0x8c, 0x38, 0x2e, 0x3d, 0xeb,
-	0xd6, 0x89, 0x13, 0x1a, 0x93, 0xdc, 0x02, 0x0f, 0x7f, 0xca, 0x13, 0xba, 0xf6, 0x5d, 0xe9, 0xd0,
+	0xd8, 0x38, 0xb1, 0x42, 0x6d, 0x92, 0x5b, 0xe0, 0xe0, 0xcf, 0x79, 0x42, 0xd7, 0x9e, 0x2d, 0x0e,
-	0x56, 0xf0, 0xab, 0x0d, 0x6d, 0x8d, 0x8c, 0x0c, 0xc0, 0x4e, 0x96, 0xfa, 0x6c, 0x3b, 0x59, 0x12,
+	0x94, 0x15, 0xfc, 0x66, 0x42, 0x57, 0x21, 0x23, 0x43, 0x30, 0x93, 0xa5, 0x7a, 0xdb, 0x4c, 0x96,
-	0x02, 0x2e, 0x5f, 0xe7, 0xa8, 0x4f, 0x92, 0x6b, 0x72, 0x08, 0x2d, 0x9a, 0xad, 0x90, 0xf9, 0xce,
+	0x84, 0x80, 0xcd, 0xd7, 0x39, 0xaa, 0x97, 0xc4, 0x9a, 0x1c, 0x42, 0x87, 0x66, 0x2b, 0x64, 0x9e,
-	0xb1, 0x73, 0xb2, 0x1f, 0x2a, 0x83, 0x7c, 0x0a, 0x9d, 0x4b, 0xe4, 0xd1, 0x32, 0xe2, 0x91, 0xef,
+	0x75, 0x6c, 0x9d, 0xec, 0x87, 0xd2, 0x20, 0x9f, 0x41, 0xef, 0x12, 0x79, 0xb4, 0x8c, 0x78, 0xe4,
-	0x4a, 0xf6, 0xef, 0x34, 0xb3, 0x1f, 0x3f, 0xd3, 0x61, 0xb3, 0x94, 0xd3, 0x75, 0x58, 0x7e, 0x45,
+	0xd9, 0x82, 0xfd, 0xbb, 0xed, 0xec, 0xc7, 0x4f, 0x95, 0xdb, 0x2c, 0xe5, 0x74, 0x1d, 0x56, 0xb7,
-	0xee, 0xc0, 0x7e, 0x1a, 0x5d, 0x22, 0xcb, 0xa3, 0x18, 0xfd, 0x96, 0x3c, 0xf0, 0x7a, 0x83, 0x8c,
+	0x4a, 0x7c, 0x2c, 0xce, 0x72, 0x64, 0x5e, 0x47, 0x04, 0x56, 0x16, 0xf1, 0xa1, 0x97, 0xd3, 0xec,
-	0xa0, 0x93, 0xd3, 0xec, 0x2a, 0x59, 0x22, 0xf5, 0x3d, 0xe9, 0x2c, 0x6d, 0xc1, 0x8c, 0x61, 0x4c,
+	0x2a, 0x59, 0x22, 0xf5, 0x1c, 0x81, 0xa3, 0xb2, 0xc5, 0x1d, 0x8c, 0x29, 0x72, 0xaf, 0x2b, 0x4e,
-	0x91, 0xfb, 0x6d, 0xe9, 0xd1, 0xd6, 0xe8, 0x11, 0xf4, 0x2b, 0x87, 0x91, 0x21, 0x38, 0x17, 0xb8,
+	0x94, 0xe5, 0x3f, 0x04, 0xb7, 0xf6, 0x0c, 0x19, 0x81, 0x75, 0x81, 0x6b, 0xc5, 0xac, 0x5c, 0x96,
-	0xd6, 0xfc, 0xc4, 0x52, 0x90, 0xb9, 0x8a, 0x56, 0x85, 0x61, 0xa8, 0x8c, 0x4f, 0xec, 0x8f, 0xac,
+	0x34, 0xae, 0xa2, 0x55, 0xa1, 0xb9, 0x49, 0xe3, 0x53, 0xf3, 0x63, 0x23, 0x58, 0x40, 0x2f, 0x44,
-	0x60, 0x05, 0x9d, 0x10, 0x59, 0x56, 0xd0, 0x18, 0x85, 0x0c, 0x02, 0x89, 0xfe, 0x50, 0xae, 0x1b,
+	0x96, 0x15, 0x34, 0xc6, 0x52, 0x80, 0x34, 0xba, 0x44, 0x75, 0x51, 0xac, 0x5b, 0x45, 0xf1, 0xa1,
-	0xa5, 0x19, 0x41, 0x07, 0xd3, 0x65, 0x9e, 0x25, 0x29, 0x97, 0xea, 0xef, 0x87, 0xa5, 0x5d, 0xa5,
+	0x87, 0xe9, 0x32, 0xcf, 0x92, 0x94, 0x0b, 0xdd, 0xf7, 0xc3, 0xca, 0x0e, 0x7e, 0x37, 0xe1, 0x60,
-	0xe7, 0xd6, 0xe8, 0x05, 0xbf, 0xdb, 0x70, 0x30, 0xc7, 0x14, 0x69, 0xc4, 0x51, 0x37, 0xda, 0x56,
+	0x8e, 0x29, 0xd2, 0x88, 0xa3, 0x2a, 0xa2, 0x2d, 0xa1, 0x2b, 0x51, 0xcd, 0x4d, 0x51, 0x3f, 0xdf,
-	0x31, 0x4a, 0xe1, 0xed, 0x4d, 0xe1, 0x3f, 0xdb, 0x10, 0xde, 0x91, 0xc2, 0xbf, 0x5f, 0x13, 0xbe,
+	0x10, 0xd5, 0x12, 0xa2, 0x7e, 0xd0, 0x10, 0xb5, 0x11, 0xf7, 0x15, 0xc4, 0xb5, 0x6b, 0xe2, 0x5e,
-	0x96, 0xf7, 0xf5, 0x0a, 0x50, 0x47, 0xb8, 0x21, 0x72, 0x6b, 0x53, 0xe4, 0x52, 0x07, 0xaf, 0xaa,
+	0x0b, 0xd8, 0xd9, 0x14, 0xb0, 0xe2, 0xe8, 0xd4, 0x39, 0x56, 0x89, 0xe8, 0xd6, 0x13, 0xf1, 0xff,
-	0x43, 0x59, 0xac, 0x76, 0xb5, 0x58, 0xff, 0xad, 0x28, 0x53, 0x18, 0x5e, 0xb3, 0xd1, 0xf7, 0xee,
+	0x04, 0x9f, 0xc2, 0xe8, 0x9a, 0x87, 0xea, 0xa6, 0x8f, 0xa0, 0xab, 0xba, 0x44, 0xc4, 0xd8, 0xdd,
-	0x43, 0x68, 0xeb, 0xfb, 0x24, 0x73, 0xec, 0xbe, 0x76, 0x26, 0x2c, 0x78, 0x01, 0xbd, 0x39, 0x8d,
+	0x4c, 0xda, 0x2d, 0x78, 0x0e, 0x83, 0x39, 0x8d, 0x52, 0xae, 0x25, 0x26, 0x60, 0x97, 0x2a, 0xea,
-	0x52, 0x6e, 0x84, 0x26, 0xe0, 0x0a, 0x2d, 0x4d, 0x79, 0xc5, 0x9a, 0x3c, 0x84, 0x0e, 0xd5, 0xe5,
+	0xd4, 0x95, 0x6b, 0xf2, 0x00, 0x7a, 0x54, 0xa5, 0x56, 0xc0, 0xe8, 0x4f, 0xde, 0x6a, 0x84, 0xd5,
-	0x97, 0x30, 0xba, 0x93, 0xb7, 0x6a, 0x69, 0x4d, 0x77, 0x84, 0x65, 0x60, 0x70, 0x00, 0x7d, 0x9d,
+	0x99, 0x0f, 0x2b, 0xc7, 0xe0, 0x00, 0x5c, 0x15, 0x58, 0x62, 0x0b, 0xbe, 0x05, 0x37, 0xc4, 0xab,
-	0x58, 0x61, 0x0b, 0xbe, 0x81, 0x7e, 0x88, 0x57, 0xd9, 0x05, 0xbe, 0xf1, 0xa3, 0x86, 0x30, 0x30,
+	0xec, 0x02, 0x5f, 0xfb, 0x53, 0x23, 0x18, 0xea, 0xc8, 0xea, 0xad, 0xf7, 0x60, 0xf8, 0x38, 0x65,
-	0x99, 0xf5, 0x59, 0xef, 0xc2, 0xe0, 0x49, 0xca, 0x72, 0x8c, 0x4b, 0x5e, 0x87, 0xd0, 0xda, 0x1c,
+	0x39, 0xc6, 0x15, 0xaf, 0x43, 0xe8, 0x6c, 0x8e, 0x08, 0x69, 0x04, 0x8f, 0xe0, 0xa0, 0xf2, 0xfb,
-	0x26, 0xca, 0x08, 0x1e, 0xc3, 0x41, 0x19, 0xf7, 0xaf, 0x25, 0xfc, 0x19, 0x7a, 0x72, 0xde, 0xec,
+	0xcf, 0x12, 0xfe, 0x02, 0x03, 0x31, 0x45, 0x76, 0x55, 0xe9, 0x75, 0xb5, 0x98, 0xb5, 0x6a, 0xd9,
-	0xea, 0xd5, 0xeb, 0x6e, 0xb1, 0x2b, 0xdd, 0xb2, 0x35, 0xc3, 0x9c, 0x86, 0x19, 0x76, 0x0f, 0x7a,
+	0x9a, 0x4c, 0x56, 0xcb, 0x64, 0xba, 0x0b, 0x03, 0x71, 0xf8, 0xa2, 0x36, 0x85, 0xfa, 0x62, 0x6f,
-	0xd2, 0xf9, 0xb2, 0x32, 0xaf, 0xba, 0x72, 0x6f, 0xa6, 0x86, 0xd6, 0x23, 0xe8, 0xeb, 0xf3, 0x35,
+	0x26, 0x47, 0xd1, 0x43, 0x70, 0xd5, 0xfb, 0x8a, 0xc2, 0xfd, 0x4d, 0xae, 0xfd, 0xc9, 0x61, 0x83,
-	0x85, 0x07, 0x9b, 0x5c, 0xbb, 0x93, 0xc3, 0x1a, 0x01, 0x15, 0xac, 0x15, 0xf8, 0xc3, 0x02, 0x37,
+	0x80, 0x74, 0x56, 0x0a, 0xfc, 0x69, 0x80, 0x1d, 0x16, 0x2b, 0x6c, 0x1b, 0x62, 0x22, 0x3b, 0xe6,
-	0x2c, 0x56, 0xd8, 0x34, 0xee, 0x64, 0x75, 0xec, 0x1d, 0xd5, 0x71, 0x5e, 0xb3, 0x3a, 0xe4, 0x03,
+	0x8e, 0xec, 0x58, 0xaf, 0x98, 0x1d, 0xf2, 0x21, 0x38, 0x72, 0x1e, 0x0b, 0xec, 0xc3, 0xc9, 0xcd,
-	0xf0, 0xd4, 0xe4, 0x96, 0xd8, 0x07, 0x93, 0x9b, 0xdb, 0x7a, 0x22, 0x63, 0xa1, 0x0e, 0x52, 0xf7,
+	0x6d, 0x3d, 0x91, 0xb1, 0x50, 0x39, 0xc9, 0x7e, 0x49, 0x32, 0x9a, 0xf0, 0xb5, 0xe8, 0xae, 0x4e,
-	0x25, 0xc9, 0x68, 0xc2, 0xd7, 0xf2, 0x76, 0xb5, 0xc2, 0xd2, 0x0e, 0x7e, 0xb3, 0xa0, 0xff, 0x58,
+	0x58, 0xd9, 0xc1, 0x1f, 0x06, 0xb8, 0x8f, 0xc4, 0x60, 0x7e, 0xdd, 0x35, 0xb4, 0x81, 0xd2, 0xfa,
-	0x8e, 0xf0, 0x37, 0xdd, 0x43, 0x1b, 0x28, 0x9d, 0x7f, 0x8a, 0xd2, 0xad, 0xa1, 0x1c, 0xc2, 0xc0,
+	0xb7, 0x28, 0xed, 0x06, 0xca, 0x11, 0x0c, 0x35, 0x48, 0x55, 0x8e, 0x25, 0xee, 0x29, 0xae, 0xf0,
-	0x80, 0xd4, 0xed, 0x28, 0x70, 0x4f, 0x71, 0x85, 0xff, 0x7b, 0xdc, 0x06, 0xa4, 0xc6, 0xdd, 0x87,
+	0x8d, 0xc7, 0xad, 0x41, 0x2a, 0xdc, 0x2e, 0xf4, 0xcb, 0x8f, 0xb6, 0xfe, 0x86, 0x7f, 0x02, 0x03,
-	0xae, 0xf8, 0xbd, 0x9b, 0xbf, 0xfd, 0xc7, 0xd0, 0x53, 0xa6, 0xee, 0xb3, 0xf7, 0xa0, 0x45, 0x0b,
+	0x69, 0xaa, 0x3a, 0x7b, 0x1f, 0x3a, 0xb4, 0x28, 0xc7, 0xaf, 0xfc, 0x70, 0xdf, 0x68, 0xa2, 0x2d,
-	0x31, 0x84, 0xd5, 0x2f, 0xfe, 0x46, 0x1d, 0x6d, 0xb1, 0xc2, 0x50, 0x45, 0x3c, 0x18, 0x83, 0xa7,
+	0x56, 0x18, 0x4a, 0x8f, 0xfb, 0x63, 0x70, 0x24, 0x12, 0xd2, 0x87, 0xee, 0x37, 0x8b, 0x2f, 0x16,
-	0x90, 0x90, 0x2e, 0xb4, 0xbf, 0x5e, 0x7c, 0xbe, 0xf8, 0xf2, 0xc5, 0x62, 0xb8, 0x27, 0x8c, 0x79,
+	0x5f, 0x3d, 0x5f, 0x8c, 0xf6, 0x4a, 0x63, 0x1e, 0x9e, 0x2d, 0x9e, 0xcd, 0xa6, 0x23, 0x83, 0x00,
-	0x78, 0xb6, 0x78, 0x3e, 0x9b, 0x0e, 0x2d, 0x02, 0xe0, 0x4d, 0x67, 0x8b, 0x27, 0xb3, 0xe9, 0xd0,
+	0x38, 0xd3, 0xd9, 0xe2, 0xf1, 0x6c, 0x3a, 0x32, 0x27, 0x7f, 0x1b, 0x60, 0x9f, 0x15, 0xfc, 0x9c,
-	0x9e, 0xfc, 0x65, 0x81, 0x7b, 0x56, 0xf0, 0x73, 0xf2, 0x0c, 0x3a, 0x66, 0xca, 0x91, 0xbb, 0xaf,
+	0x3c, 0x85, 0x9e, 0x9e, 0x72, 0xe4, 0xce, 0xcb, 0xc7, 0xb8, 0xff, 0xce, 0xce, 0x73, 0xc5, 0x67,
-	0x1e, 0xe6, 0xa3, 0xb7, 0x77, 0xfa, 0x35, 0x9f, 0x3d, 0xf2, 0x14, 0xda, 0xfa, 0xc2, 0x93, 0xa3,
+	0x8f, 0x3c, 0x81, 0xae, 0x6a, 0x78, 0x72, 0xd4, 0xf0, 0xae, 0x0f, 0x0c, 0xff, 0xce, 0xae, 0xe3,
-	0x5a, 0x74, 0x75, 0x60, 0x8c, 0xee, 0xee, 0x72, 0x97, 0xb9, 0xa6, 0xe6, 0xbd, 0x72, 0xbb, 0xf1,
+	0x2a, 0xd6, 0x54, 0xff, 0x85, 0xdc, 0x6e, 0x6d, 0x30, 0x15, 0xe7, 0xed, 0xf6, 0x43, 0x1d, 0x65,
-	0x82, 0xe9, 0x3c, 0x77, 0x9a, 0x9d, 0x26, 0xcb, 0xe4, 0x5b, 0xe8, 0x98, 0xe7, 0x13, 0xf9, 0x0a,
+	0xf2, 0x1d, 0xf4, 0xf4, 0x4f, 0x11, 0xf9, 0x1a, 0xec, 0x52, 0x60, 0x12, 0x34, 0xee, 0xb4, 0xfc,
-	0x5c, 0x21, 0x30, 0x09, 0x6a, 0xdf, 0x34, 0x3c, 0xbd, 0x46, 0xf7, 0x5f, 0x19, 0x53, 0xa6, 0xff,
+	0x50, 0xf9, 0xf7, 0x5e, 0xea, 0x53, 0x85, 0xff, 0xcb, 0x80, 0x4e, 0x99, 0x08, 0x46, 0xe6, 0xe0,
-	0xd3, 0x82, 0x96, 0x28, 0x04, 0x23, 0x73, 0xf0, 0x54, 0x5b, 0x92, 0x3a, 0xa4, 0xca, 0x95, 0x1a,
+	0xc8, 0xb2, 0x24, 0x4d, 0x48, 0xb5, 0x96, 0xf2, 0x8f, 0x76, 0x9c, 0x56, 0xbc, 0xe7, 0xe0, 0xc8,
-	0x1d, 0xed, 0xf0, 0x96, 0xbc, 0xe7, 0xe0, 0xa9, 0x3e, 0xd9, 0x4a, 0x54, 0xe9, 0xf1, 0xad, 0x44,
+	0x3a, 0xd9, 0x0a, 0x54, 0xab, 0xf1, 0xad, 0x40, 0x8d, 0xe2, 0xda, 0x23, 0x67, 0x8a, 0xae, 0xdf,
-	0xb5, 0xe6, 0xda, 0x23, 0x67, 0x9a, 0xee, 0xa8, 0x81, 0x8a, 0x49, 0x72, 0xbb, 0xd1, 0x67, 0x52,
+	0x42, 0x45, 0x07, 0xb9, 0xdd, 0x7a, 0xa6, 0x43, 0x7c, 0xef, 0x88, 0x7f, 0xd0, 0x07, 0xff, 0x04,
-	0x7c, 0xe7, 0xc9, 0xd7, 0xea, 0xc3, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xdf, 0x67, 0x3c, 0x6e,
+	0x00, 0x00, 0xff, 0xff, 0x60, 0xd4, 0x97, 0x04, 0xa4, 0x0a, 0x00, 0x00,
-	0xce, 0x0a, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.

auth/service/proto/auth.proto

@@ -37,7 +37,7 @@ message Account {
 	string type = 2;
 	repeated string roles = 3;
 	map<string, string> metadata = 4;
-	string namespace = 5;
+	repeated string scopes = 5;
 	string provider = 6;
 	string secret = 7;
 }
@@ -46,14 +46,13 @@ message Resource{
 	string name = 1;
 	string type = 2;
 	string endpoint = 3;
-	string namespace = 4;
 }
 
 message GenerateRequest {
 	string id = 1;
 	repeated string roles = 2;
 	map<string, string> metadata = 3;
-	string namespace = 4;
+	repeated string scopes = 4;
 	string secret = 5;
 	string type = 6;
 	string provider = 7;

auth/service/service.go

@@ -63,13 +63,13 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
 	options := auth.NewGenerateOptions(opts...)
 
 	rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{
-		Id:        id,
+		Id:       id,
-		Type:      options.Type,
+		Type:     options.Type,
-		Secret:    options.Secret,
+		Secret:   options.Secret,
-		Roles:     options.Roles,
+		Roles:    options.Roles,
-		Metadata:  options.Metadata,
+		Scopes:   options.Scopes,
-		Provider:  options.Provider,
+		Metadata: options.Metadata,
-		Namespace: options.Namespace,
+		Provider: options.Provider,
 	})
 	if err != nil {
 		return nil, err
@@ -84,10 +84,9 @@ func (s *svc) Grant(role string, res *auth.Resource) error {
 		Role:   role,
 		Access: pb.Access_GRANTED,
 		Resource: &pb.Resource{
-			Namespace: res.Namespace,
+			Type:     res.Type,
-			Type:      res.Type,
+			Name:     res.Name,
-			Name:      res.Name,
+			Endpoint: res.Endpoint,
-			Endpoint:  res.Endpoint,
 		},
 	})
 	return err
@@ -99,10 +98,9 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
 		Role:   role,
 		Access: pb.Access_GRANTED,
 		Resource: &pb.Resource{
-			Namespace: res.Namespace,
+			Type:     res.Type,
-			Type:      res.Type,
+			Name:     res.Name,
-			Name:      res.Name,
+			Endpoint: res.Endpoint,
-			Endpoint:  res.Endpoint,
 		},
 	})
 	return err
@@ -110,20 +108,20 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
 
 // Verify an account has access to a resource
 func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
+	// check the scope
+	scope := "namespace." + s.options.Namespace
+	if acc != nil && !acc.HasScope(scope) {
+		return fmt.Errorf("Missing required scope: %v", scope)
+	}
+
 	// load the rules if none are loaded
 	s.loadRulesIfEmpty()
 
-	// set the namespace on the resource
-	if len(res.Namespace) == 0 {
-		res.Namespace = s.Options().Namespace
-	}
-
 	queries := [][]string{
-		{res.Namespace, res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule)
+		{res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule)
-		{res.Namespace, res.Type, res.Name, "*"},          // check for wildcard endpoint, e.g. service.foo*
+		{res.Type, res.Name, "*"},          // check for wildcard endpoint, e.g. service.foo*
-		{res.Namespace, res.Type, "*"},                    // check for wildcard name, e.g. service.*
+		{res.Type, "*"},                    // check for wildcard name, e.g. service.*
-		{res.Namespace, "*"},                              // check for wildcard type, e.g. *
+		{"*"},                              // check for wildcard type, e.g. *
-		{"*"},                                             // check for wildcard namespace
 	}
 
 	// endpoint is a url which can have wildcard excludes, e.g.
@@ -140,10 +138,6 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
 	if len(logID) == 0 {
 		logID = "[no account]"
 	}
-	logNamespace := acc.Namespace
-	if len(logNamespace) == 0 {
-		logNamespace = "[no namespace]"
-	}
 
 	for _, q := range queries {
 		for _, rule := range s.listRules(q...) {
@@ -151,17 +145,17 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
 			case pb.Access_UNKNOWN:
 				continue // rule did not specify access, check the next rule
 			case pb.Access_GRANTED:
-				log.Tracef("%v:%v granted access to %v:%v:%v:%v by rule %v", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, rule.Id)
+				log.Tracef("%v granted access to %v:%v:%v by rule %v", logID, res.Type, res.Name, res.Endpoint, rule.Id)
 				return nil // rule grants the account access to the resource
 			case pb.Access_DENIED:
-				log.Tracef("%v:%v denied access to %v:%v:%v:%v by rule %v", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, rule.Id)
+				log.Tracef("%v denied access to %v:%v:%v by rule %v", logID, res.Type, res.Name, res.Endpoint, rule.Id)
 				return auth.ErrForbidden // rule denies access to the resource
 			}
 		}
 	}
 
 	// no rules were found for the resource, default to denying access
-	log.Tracef("%v:%v denied access to %v:%v:%v:%v by lack of rule (%v rules found for namespace)", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, len(s.listRules(res.Namespace)))
+	log.Tracef("%v denied access to %v:%v:%v by lack of rule", logID, res.Type, res.Name, res.Endpoint)
 	return auth.ErrForbidden
 }
 
@@ -235,16 +229,13 @@ func (s *svc) listRules(filters ...string) []*pb.Rule {
 
 	var rules []*pb.Rule
 	for _, r := range s.rules {
-		if len(filters) > 0 && r.Resource.Namespace != filters[0] {
+		if len(filters) > 1 && r.Resource.Type != filters[0] {
 			continue
 		}
-		if len(filters) > 1 && r.Resource.Type != filters[1] {
+		if len(filters) > 2 && r.Resource.Name != filters[1] {
 			continue
 		}
-		if len(filters) > 2 && r.Resource.Name != filters[2] {
+		if len(filters) > 3 && r.Resource.Endpoint != filters[2] {
-			continue
-		}
-		if len(filters) > 3 && r.Resource.Endpoint != filters[3] {
 			continue
 		}
 
@@ -294,12 +285,12 @@ func serializeToken(t *pb.Token) *auth.Token {
 
 func serializeAccount(a *pb.Account) *auth.Account {
 	return &auth.Account{
-		ID:        a.Id,
+		ID:       a.Id,
-		Roles:     a.Roles,
+		Roles:    a.Roles,
-		Secret:    a.Secret,
+		Secret:   a.Secret,
-		Metadata:  a.Metadata,
+		Metadata: a.Metadata,
-		Provider:  a.Provider,
+		Provider: a.Provider,
-		Namespace: a.Namespace,
+		Scopes:   a.Scopes,
 	}
 }
 

auth/token/jwt/jwt.go

@@ -11,11 +11,11 @@ import (
 
 // authClaims to be encoded in the JWT
 type authClaims struct {
-	Type      string            `json:"type"`
+	Type     string            `json:"type"`
-	Roles     []string          `json:"roles"`
+	Roles    []string          `json:"roles"`
-	Provider  string            `json:"provider"`
+	Scopes   []string          `json:"scopes"`
-	Metadata  map[string]string `json:"metadata"`
+	Provider string            `json:"provider"`
-	Namespace string            `json:"namespace"`
+	Metadata map[string]string `json:"metadata"`
 
 	jwt.StandardClaims
 }
@@ -52,7 +52,7 @@ func (j *JWT) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token.
 	// generate the JWT
 	expiry := time.Now().Add(options.Expiry)
 	t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
-		acc.Type, acc.Roles, acc.Provider, acc.Metadata, acc.Namespace, jwt.StandardClaims{
+		acc.Type, acc.Roles, acc.Scopes, acc.Provider, acc.Metadata, jwt.StandardClaims{
 			Subject:   acc.ID,
 			ExpiresAt: expiry.Unix(),
 		},
@@ -97,12 +97,12 @@ func (j *JWT) Inspect(t string) (*auth.Account, error) {
 
 	// return the token
 	return &auth.Account{
-		ID:        claims.Subject,
+		ID:       claims.Subject,
-		Type:      claims.Type,
+		Type:     claims.Type,
-		Roles:     claims.Roles,
+		Roles:    claims.Roles,
-		Provider:  claims.Provider,
+		Scopes:   claims.Scopes,
-		Metadata:  claims.Metadata,
+		Provider: claims.Provider,
-		Namespace: claims.Namespace,
+		Metadata: claims.Metadata,
 	}, nil
 }
 

config/cmd/cmd.go

@@ -278,6 +278,7 @@ var (
 			Name:    "auth_namespace",
 			EnvVars: []string{"MICRO_AUTH_NAMESPACE"},
 			Usage:   "Namespace for the services auth account",
+			Value:   "go.micro",
 		},
 		&cli.StringFlag{
 			Name:    "auth_public_key",

server/proto/server.pb.go

@@ -1,350 +1,324 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
+// source: server/proto/server.proto
-// 	protoc-gen-go v1.22.0
-// 	protoc        v3.6.1
-// source: github.com/micro/go-micro/server/proto/server.proto
 
 package go_micro_server
 
 import (
+	context "context"
+	fmt "fmt"
 	proto "github.com/golang/protobuf/proto"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	grpc "google.golang.org/grpc"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	codes "google.golang.org/grpc/codes"
-	reflect "reflect"
+	status "google.golang.org/grpc/status"
-	sync "sync"
+	math "math"
 )
 
-const (
+// Reference imports to suppress errors if they are not otherwise used.
-	// Verify that this generated code is sufficiently up-to-date.
+var _ = proto.Marshal
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+var _ = fmt.Errorf
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
+var _ = math.Inf
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
 
-// This is a compile-time assertion that a sufficiently up-to-date version
+// This is a compile-time assertion to ensure that this generated file
-// of the legacy proto package is being used.
+// is compatible with the proto package it is being compiled against.
-const _ = proto.ProtoPackageIsVersion4
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 
 type HandleRequest struct {
-	state         protoimpl.MessageState
+	Service              string   `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
-	sizeCache     protoimpl.SizeCache
+	Endpoint             string   `protobuf:"bytes,2,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
-	unknownFields protoimpl.UnknownFields
+	Protocol             string   `protobuf:"bytes,3,opt,name=protocol,proto3" json:"protocol,omitempty"`
-
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	Service  string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
+	XXX_unrecognized     []byte   `json:"-"`
-	Endpoint string `protobuf:"bytes,2,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
+	XXX_sizecache        int32    `json:"-"`
-	Protocol string `protobuf:"bytes,3,opt,name=protocol,proto3" json:"protocol,omitempty"`
 }
 
-func (x *HandleRequest) Reset() {
+func (m *HandleRequest) Reset()         { *m = HandleRequest{} }
-	*x = HandleRequest{}
+func (m *HandleRequest) String() string { return proto.CompactTextString(m) }
-	if protoimpl.UnsafeEnabled {
+func (*HandleRequest) ProtoMessage()    {}
-		mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HandleRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HandleRequest) ProtoMessage() {}
-
-func (x *HandleRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HandleRequest.ProtoReflect.Descriptor instead.
 func (*HandleRequest) Descriptor() ([]byte, []int) {
-	return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{0}
+	return fileDescriptor_1959cecd4d1121a1, []int{0}
 }
 
-func (x *HandleRequest) GetService() string {
+func (m *HandleRequest) XXX_Unmarshal(b []byte) error {
-	if x != nil {
+	return xxx_messageInfo_HandleRequest.Unmarshal(m, b)
-		return x.Service
+}
+func (m *HandleRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_HandleRequest.Marshal(b, m, deterministic)
+}
+func (m *HandleRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HandleRequest.Merge(m, src)
+}
+func (m *HandleRequest) XXX_Size() int {
+	return xxx_messageInfo_HandleRequest.Size(m)
+}
+func (m *HandleRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_HandleRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HandleRequest proto.InternalMessageInfo
+
+func (m *HandleRequest) GetService() string {
+	if m != nil {
+		return m.Service
 	}
 	return ""
 }
 
-func (x *HandleRequest) GetEndpoint() string {
+func (m *HandleRequest) GetEndpoint() string {
-	if x != nil {
+	if m != nil {
-		return x.Endpoint
+		return m.Endpoint
 	}
 	return ""
 }
 
-func (x *HandleRequest) GetProtocol() string {
+func (m *HandleRequest) GetProtocol() string {
-	if x != nil {
+	if m != nil {
-		return x.Protocol
+		return m.Protocol
 	}
 	return ""
 }
 
 type HandleResponse struct {
-	state         protoimpl.MessageState
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	sizeCache     protoimpl.SizeCache
+	XXX_unrecognized     []byte   `json:"-"`
-	unknownFields protoimpl.UnknownFields
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (x *HandleResponse) Reset() {
+func (m *HandleResponse) Reset()         { *m = HandleResponse{} }
-	*x = HandleResponse{}
+func (m *HandleResponse) String() string { return proto.CompactTextString(m) }
-	if protoimpl.UnsafeEnabled {
+func (*HandleResponse) ProtoMessage()    {}
-		mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HandleResponse) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HandleResponse) ProtoMessage() {}
-
-func (x *HandleResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HandleResponse.ProtoReflect.Descriptor instead.
 func (*HandleResponse) Descriptor() ([]byte, []int) {
-	return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{1}
+	return fileDescriptor_1959cecd4d1121a1, []int{1}
 }
 
+func (m *HandleResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_HandleResponse.Unmarshal(m, b)
+}
+func (m *HandleResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_HandleResponse.Marshal(b, m, deterministic)
+}
+func (m *HandleResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HandleResponse.Merge(m, src)
+}
+func (m *HandleResponse) XXX_Size() int {
+	return xxx_messageInfo_HandleResponse.Size(m)
+}
+func (m *HandleResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_HandleResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HandleResponse proto.InternalMessageInfo
+
 type SubscribeRequest struct {
-	state         protoimpl.MessageState
+	Topic                string   `protobuf:"bytes,1,opt,name=topic,proto3" json:"topic,omitempty"`
-	sizeCache     protoimpl.SizeCache
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	unknownFields protoimpl.UnknownFields
+	XXX_unrecognized     []byte   `json:"-"`
-
+	XXX_sizecache        int32    `json:"-"`
-	Topic string `protobuf:"bytes,1,opt,name=topic,proto3" json:"topic,omitempty"`
 }
 
-func (x *SubscribeRequest) Reset() {
+func (m *SubscribeRequest) Reset()         { *m = SubscribeRequest{} }
-	*x = SubscribeRequest{}
+func (m *SubscribeRequest) String() string { return proto.CompactTextString(m) }
-	if protoimpl.UnsafeEnabled {
+func (*SubscribeRequest) ProtoMessage()    {}
-		mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SubscribeRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SubscribeRequest) ProtoMessage() {}
-
-func (x *SubscribeRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SubscribeRequest.ProtoReflect.Descriptor instead.
 func (*SubscribeRequest) Descriptor() ([]byte, []int) {
-	return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{2}
+	return fileDescriptor_1959cecd4d1121a1, []int{2}
 }
 
-func (x *SubscribeRequest) GetTopic() string {
+func (m *SubscribeRequest) XXX_Unmarshal(b []byte) error {
-	if x != nil {
+	return xxx_messageInfo_SubscribeRequest.Unmarshal(m, b)
-		return x.Topic
+}
+func (m *SubscribeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_SubscribeRequest.Marshal(b, m, deterministic)
+}
+func (m *SubscribeRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SubscribeRequest.Merge(m, src)
+}
+func (m *SubscribeRequest) XXX_Size() int {
+	return xxx_messageInfo_SubscribeRequest.Size(m)
+}
+func (m *SubscribeRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_SubscribeRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SubscribeRequest proto.InternalMessageInfo
+
+func (m *SubscribeRequest) GetTopic() string {
+	if m != nil {
+		return m.Topic
 	}
 	return ""
 }
 
 type SubscribeResponse struct {
-	state         protoimpl.MessageState
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	sizeCache     protoimpl.SizeCache
+	XXX_unrecognized     []byte   `json:"-"`
-	unknownFields protoimpl.UnknownFields
+	XXX_sizecache        int32    `json:"-"`
 }
 
-func (x *SubscribeResponse) Reset() {
+func (m *SubscribeResponse) Reset()         { *m = SubscribeResponse{} }
-	*x = SubscribeResponse{}
+func (m *SubscribeResponse) String() string { return proto.CompactTextString(m) }
-	if protoimpl.UnsafeEnabled {
+func (*SubscribeResponse) ProtoMessage()    {}
-		mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SubscribeResponse) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SubscribeResponse) ProtoMessage() {}
-
-func (x *SubscribeResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SubscribeResponse.ProtoReflect.Descriptor instead.
 func (*SubscribeResponse) Descriptor() ([]byte, []int) {
-	return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{3}
+	return fileDescriptor_1959cecd4d1121a1, []int{3}
 }
 
-var File_github_com_micro_go_micro_server_proto_server_proto protoreflect.FileDescriptor
+func (m *SubscribeResponse) XXX_Unmarshal(b []byte) error {
-
+	return xxx_messageInfo_SubscribeResponse.Unmarshal(m, b)
-var file_github_com_micro_go_micro_server_proto_server_proto_rawDesc = []byte{
+}
-	0x0a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6d, 0x69, 0x63,
+func (m *SubscribeResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	0x72, 0x6f, 0x2f, 0x67, 0x6f, 0x2d, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2f, 0x73, 0x65, 0x72, 0x76,
+	return xxx_messageInfo_SubscribeResponse.Marshal(b, m, deterministic)
-	0x65, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e,
+}
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e,
+func (m *SubscribeResponse) XXX_Merge(src proto.Message) {
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x61, 0x0a, 0x0d, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65,
+	xxx_messageInfo_SubscribeResponse.Merge(m, src)
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69,
+}
-	0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
+func (m *SubscribeResponse) XXX_Size() int {
-	0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x02, 0x20,
+	return xxx_messageInfo_SubscribeResponse.Size(m)
-	0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x1a, 0x0a,
+}
-	0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+func (m *SubscribeResponse) XXX_DiscardUnknown() {
-	0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x10, 0x0a, 0x0e, 0x48, 0x61, 0x6e,
+	xxx_messageInfo_SubscribeResponse.DiscardUnknown(m)
-	0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x0a, 0x10, 0x53,
-	0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x14, 0x0a, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
-	0x74, 0x6f, 0x70, 0x69, 0x63, 0x22, 0x13, 0x0a, 0x11, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69,
-	0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xab, 0x01, 0x0a, 0x06, 0x53,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x4b, 0x0a, 0x06, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x12,
-	0x1e, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x1f, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x22, 0x00, 0x12, 0x54, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12,
-	0x21, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
-var (
+var xxx_messageInfo_SubscribeResponse proto.InternalMessageInfo
-	file_github_com_micro_go_micro_server_proto_server_proto_rawDescOnce sync.Once
-	file_github_com_micro_go_micro_server_proto_server_proto_rawDescData = file_github_com_micro_go_micro_server_proto_server_proto_rawDesc
-)
 
-func file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP() []byte {
+func init() {
-	file_github_com_micro_go_micro_server_proto_server_proto_rawDescOnce.Do(func() {
+	proto.RegisterType((*HandleRequest)(nil), "go.micro.server.HandleRequest")
-		file_github_com_micro_go_micro_server_proto_server_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_micro_go_micro_server_proto_server_proto_rawDescData)
+	proto.RegisterType((*HandleResponse)(nil), "go.micro.server.HandleResponse")
-	})
+	proto.RegisterType((*SubscribeRequest)(nil), "go.micro.server.SubscribeRequest")
-	return file_github_com_micro_go_micro_server_proto_server_proto_rawDescData
+	proto.RegisterType((*SubscribeResponse)(nil), "go.micro.server.SubscribeResponse")
 }
 
-var file_github_com_micro_go_micro_server_proto_server_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+func init() { proto.RegisterFile("server/proto/server.proto", fileDescriptor_1959cecd4d1121a1) }
-var file_github_com_micro_go_micro_server_proto_server_proto_goTypes = []interface{}{
+
-	(*HandleRequest)(nil),     // 0: go.micro.server.HandleRequest
+var fileDescriptor_1959cecd4d1121a1 = []byte{
-	(*HandleResponse)(nil),    // 1: go.micro.server.HandleResponse
+	// 223 bytes of a gzipped FileDescriptorProto
-	(*SubscribeRequest)(nil),  // 2: go.micro.server.SubscribeRequest
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x2c, 0x4e, 0x2d, 0x2a,
-	(*SubscribeResponse)(nil), // 3: go.micro.server.SubscribeResponse
+	0x4b, 0x2d, 0xd2, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0xd7, 0x87, 0x70, 0xf4, 0xc0, 0x1c, 0x21, 0xfe,
-}
+	0xf4, 0x7c, 0xbd, 0xdc, 0xcc, 0xe4, 0xa2, 0x7c, 0x3d, 0x88, 0xb0, 0x52, 0x22, 0x17, 0xaf, 0x47,
-var file_github_com_micro_go_micro_server_proto_server_proto_depIdxs = []int32{
+	0x62, 0x5e, 0x4a, 0x4e, 0x6a, 0x50, 0x6a, 0x61, 0x69, 0x6a, 0x71, 0x89, 0x90, 0x04, 0x17, 0x3b,
-	0, // 0: go.micro.server.Server.Handle:input_type -> go.micro.server.HandleRequest
+	0x48, 0x2a, 0x33, 0x39, 0x55, 0x82, 0x51, 0x81, 0x51, 0x83, 0x33, 0x08, 0xc6, 0x15, 0x92, 0xe2,
-	2, // 1: go.micro.server.Server.Subscribe:input_type -> go.micro.server.SubscribeRequest
+	0xe2, 0x48, 0xcd, 0x4b, 0x29, 0xc8, 0xcf, 0xcc, 0x2b, 0x91, 0x60, 0x02, 0x4b, 0xc1, 0xf9, 0x20,
-	1, // 2: go.micro.server.Server.Handle:output_type -> go.micro.server.HandleResponse
+	0x39, 0xb0, 0x05, 0xc9, 0xf9, 0x39, 0x12, 0xcc, 0x10, 0x39, 0x18, 0x5f, 0x49, 0x80, 0x8b, 0x0f,
-	3, // 3: go.micro.server.Server.Subscribe:output_type -> go.micro.server.SubscribeResponse
+	0x66, 0x45, 0x71, 0x41, 0x7e, 0x5e, 0x71, 0xaa, 0x92, 0x06, 0x97, 0x40, 0x70, 0x69, 0x52, 0x71,
-	2, // [2:4] is the sub-list for method output_type
+	0x72, 0x51, 0x66, 0x12, 0xdc, 0x5e, 0x11, 0x2e, 0xd6, 0x92, 0xfc, 0x82, 0xcc, 0x64, 0xa8, 0xad,
-	0, // [0:2] is the sub-list for method input_type
+	0x10, 0x8e, 0x92, 0x30, 0x97, 0x20, 0x92, 0x4a, 0x88, 0x76, 0xa3, 0xd5, 0x8c, 0x5c, 0x6c, 0xc1,
-	0, // [0:0] is the sub-list for extension type_name
+	0x60, 0xe7, 0x0b, 0x79, 0x73, 0xb1, 0x41, 0xcc, 0x16, 0x92, 0xd3, 0x43, 0xf3, 0x9a, 0x1e, 0x8a,
-	0, // [0:0] is the sub-list for extension extendee
+	0xbf, 0xa4, 0xe4, 0x71, 0xca, 0x43, 0x1d, 0xc5, 0x20, 0x14, 0xc2, 0xc5, 0x09, 0xb7, 0x4c, 0x48,
-	0, // [0:0] is the sub-list for field type_name
+	0x11, 0x43, 0x3d, 0xba, 0x93, 0xa5, 0x94, 0xf0, 0x29, 0x81, 0x99, 0x9a, 0xc4, 0x06, 0x0e, 0x08,
+	0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa4, 0x3f, 0x79, 0x80, 0x96, 0x01, 0x00, 0x00,
 }
 
-func init() { file_github_com_micro_go_micro_server_proto_server_proto_init() }
+// Reference imports to suppress errors if they are not otherwise used.
-func file_github_com_micro_go_micro_server_proto_server_proto_init() {
+var _ context.Context
-	if File_github_com_micro_go_micro_server_proto_server_proto != nil {
+var _ grpc.ClientConn
-		return
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// ServerClient is the client API for Server service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type ServerClient interface {
+	Handle(ctx context.Context, in *HandleRequest, opts ...grpc.CallOption) (*HandleResponse, error)
+	Subscribe(ctx context.Context, in *SubscribeRequest, opts ...grpc.CallOption) (*SubscribeResponse, error)
+}
+
+type serverClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewServerClient(cc *grpc.ClientConn) ServerClient {
+	return &serverClient{cc}
+}
+
+func (c *serverClient) Handle(ctx context.Context, in *HandleRequest, opts ...grpc.CallOption) (*HandleResponse, error) {
+	out := new(HandleResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.server.Server/Handle", in, out, opts...)
+	if err != nil {
+		return nil, err
 	}
-	if !protoimpl.UnsafeEnabled {
+	return out, nil
-		file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+}
-			switch v := v.(*HandleRequest); i {
+
-			case 0:
+func (c *serverClient) Subscribe(ctx context.Context, in *SubscribeRequest, opts ...grpc.CallOption) (*SubscribeResponse, error) {
-				return &v.state
+	out := new(SubscribeResponse)
-			case 1:
+	err := c.cc.Invoke(ctx, "/go.micro.server.Server/Subscribe", in, out, opts...)
-				return &v.sizeCache
+	if err != nil {
-			case 2:
+		return nil, err
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HandleResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SubscribeRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SubscribeResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
 	}
-	type x struct{}
+	return out, nil
-	out := protoimpl.TypeBuilder{
+}
-		File: protoimpl.DescBuilder{
+
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+// ServerServer is the server API for Server service.
-			RawDescriptor: file_github_com_micro_go_micro_server_proto_server_proto_rawDesc,
+type ServerServer interface {
-			NumEnums:      0,
+	Handle(context.Context, *HandleRequest) (*HandleResponse, error)
-			NumMessages:   4,
+	Subscribe(context.Context, *SubscribeRequest) (*SubscribeResponse, error)
-			NumExtensions: 0,
+}
-			NumServices:   1,
+
+// UnimplementedServerServer can be embedded to have forward compatible implementations.
+type UnimplementedServerServer struct {
+}
+
+func (*UnimplementedServerServer) Handle(ctx context.Context, req *HandleRequest) (*HandleResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Handle not implemented")
+}
+func (*UnimplementedServerServer) Subscribe(ctx context.Context, req *SubscribeRequest) (*SubscribeResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Subscribe not implemented")
+}
+
+func RegisterServerServer(s *grpc.Server, srv ServerServer) {
+	s.RegisterService(&_Server_serviceDesc, srv)
+}
+
+func _Server_Handle_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(HandleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ServerServer).Handle(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.server.Server/Handle",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ServerServer).Handle(ctx, req.(*HandleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Server_Subscribe_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SubscribeRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ServerServer).Subscribe(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.server.Server/Subscribe",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ServerServer).Subscribe(ctx, req.(*SubscribeRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Server_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "go.micro.server.Server",
+	HandlerType: (*ServerServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Handle",
+			Handler:    _Server_Handle_Handler,
 		},
-		GoTypes:           file_github_com_micro_go_micro_server_proto_server_proto_goTypes,
+		{
-		DependencyIndexes: file_github_com_micro_go_micro_server_proto_server_proto_depIdxs,
+			MethodName: "Subscribe",
-		MessageInfos:      file_github_com_micro_go_micro_server_proto_server_proto_msgTypes,
+			Handler:    _Server_Subscribe_Handler,
-	}.Build()
+		},
-	File_github_com_micro_go_micro_server_proto_server_proto = out.File
+	},
-	file_github_com_micro_go_micro_server_proto_server_proto_rawDesc = nil
+	Streams:  []grpc.StreamDesc{},
-	file_github_com_micro_go_micro_server_proto_server_proto_goTypes = nil
+	Metadata: "server/proto/server.proto",
-	file_github_com_micro_go_micro_server_proto_server_proto_depIdxs = nil
 }

server/proto/server.pb.micro.go

@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
-// source: github.com/micro/go-micro/server/proto/server.proto
+// source: server/proto/server.proto
 
 package go_micro_server
 

util/auth/auth.go

@@ -18,17 +18,19 @@ func Generate(id string, name string, a auth.Auth) error {
 	// if no credentials were provided, generate an account
 	if len(accID) == 0 || len(accSecret) == 0 {
 		name := fmt.Sprintf("%v-%v", name, id)
+		scope := "namespace." + a.Options().Namespace
+
 		opts := []auth.GenerateOption{
 			auth.WithType("service"),
 			auth.WithRoles("service"),
-			auth.WithNamespace(a.Options().Namespace),
+			auth.WithScopes(scope),
 		}
 
 		acc, err := a.Generate(name, opts...)
 		if err != nil {
 			return err
 		}
-		logger.Infof("Auth [%v] Authenticated as %v in the %v namespace", a, name, acc.Namespace)
+		logger.Infof("Auth [%v] Authenticated as %v in the %v scope", a, name, scope)
 
 		accID = acc.ID
 		accSecret = acc.Secret

util/file/proto/file.pb.micro.go

@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
-// source: micro/go-micro/util/file/proto/file.proto
+// source: util/file/proto/file.proto
 
 package go_micro_server
 

util/wrapper/wrapper.go

@@ -197,10 +197,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			}
 
 			// Inspect the token and get the account
-			account, err := a.Inspect(token)
+			account, _ := a.Inspect(token)
-			if err != nil {
-				account = &auth.Account{Namespace: a.Options().Namespace}
-			}
 
 			// construct the resource
 			res := &auth.Resource{
@@ -210,7 +207,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			}
 
 			// Verify the caller has access to the resource
-			err = a.Verify(account, res)
+			err := a.Verify(account, res)
 			if err != nil && len(account.ID) > 0 {
 				return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
 			} else if err != nil {