syntax = "proto3";

package go.micro.auth;

service Auth {
	rpc Generate(GenerateRequest) returns (GenerateResponse) {};
	rpc Inspect(InspectRequest) returns (InspectResponse) {};		
	rpc Token(TokenRequest) returns (TokenResponse) {};
}

service Accounts {
	rpc List(ListAccountsRequest) returns (ListAccountsResponse) {};
	rpc Delete(DeleteAccountRequest) returns (DeleteAccountResponse) {};
}

service Rules {
	rpc Create(CreateRequest) returns (CreateResponse) {};
	rpc Delete(DeleteRequest) returns (DeleteResponse) {};
	rpc List(ListRequest) returns (ListResponse) {};
}

message ListAccountsRequest {
	Options options = 1;
}

message ListAccountsResponse {
	repeated Account accounts = 1;
}

message DeleteAccountRequest {
	string id = 1;
	Options options = 2;
}

message DeleteAccountResponse {}

message Token {
	string access_token = 1;
	string refresh_token = 2;
	int64 created = 3;
	int64 expiry = 4;
}

message Account {
	string id = 1;
	string type = 2;
	map<string, string> metadata = 4;
	repeated string scopes = 5;
	string issuer = 6;
	string secret = 7;
}

message Resource{
	string name = 1;
	string type = 2;
	string endpoint = 3;
}

message GenerateRequest {
	string id = 1;
	map<string, string> metadata = 3;
	repeated string scopes = 4;
	string secret = 5;
	string type = 6;
	string provider = 7;
	Options options = 8;
}

message GenerateResponse {
	Account account = 1;
}

message GrantRequest {
	string scope = 1;
	Resource resource = 2;
	Options options = 3;
}

message GrantResponse {}

message RevokeRequest {
	string scope = 1;
	Resource resource = 2;
	Options options = 3;
}

message RevokeResponse {}

message InspectRequest {
	string token = 1;
	Options options = 2;
}

message InspectResponse {
	Account account = 1;
}

message TokenRequest {
	string id = 1;
	string secret = 2;
	string refresh_token = 3;
	int64 token_expiry = 4;
	Options options = 5;
}

message TokenResponse {
	Token token = 1;
}

enum Access {
	UNKNOWN = 0;
	GRANTED = 1;
	DENIED = 2;
}

message Rule {
	string id = 1;
	string scope = 2;
	Resource resource = 3;
	Access access = 4;
	int32 priority = 5;
}

message Options {
	string namespace = 1;
}

message CreateRequest {
	Rule rule = 1;
	Options options = 2;
}

message CreateResponse {}

message DeleteRequest {
	string id = 1;
	Options options = 2;
}

message DeleteResponse {}

message ListRequest {
	Options options = 2;
}

message ListResponse {
	repeated Rule rules = 1;
}