Documentation ¶
Overview ¶
Package loginsessionspb contains protocol buffers for Login Sessions service.
Index ¶
- Constants
- Variables
- func FileDescriptorSet() *descriptorpb.FileDescriptorSet
- func RegisterLoginSessionsServer(s grpc.ServiceRegistrar, srv LoginSessionsServer)
- type CreateLoginSessionRequest
- func (*CreateLoginSessionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateLoginSessionRequest) GetClientHostname() string
- func (x *CreateLoginSessionRequest) GetExecutableName() string
- func (x *CreateLoginSessionRequest) GetOauthClientId() string
- func (x *CreateLoginSessionRequest) GetOauthS256CodeChallenge() string
- func (x *CreateLoginSessionRequest) GetOauthScopes() []string
- func (*CreateLoginSessionRequest) ProtoMessage()
- func (x *CreateLoginSessionRequest) ProtoReflect() protoreflect.Message
- func (x *CreateLoginSessionRequest) Reset()
- func (x *CreateLoginSessionRequest) String() string
- type GetLoginSessionRequest
- func (*GetLoginSessionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetLoginSessionRequest) GetLoginSessionId() string
- func (x *GetLoginSessionRequest) GetLoginSessionPassword() []byte
- func (*GetLoginSessionRequest) ProtoMessage()
- func (x *GetLoginSessionRequest) ProtoReflect() protoreflect.Message
- func (x *GetLoginSessionRequest) Reset()
- func (x *GetLoginSessionRequest) String() string
- type LoginSession
- func (*LoginSession) Descriptor() ([]byte, []int)deprecated
- func (x *LoginSession) GetCompleted() *timestamppb.Timestamp
- func (x *LoginSession) GetConfirmationCode() string
- func (x *LoginSession) GetConfirmationCodeExpiry() *durationpb.Duration
- func (x *LoginSession) GetConfirmationCodeRefresh() *durationpb.Duration
- func (x *LoginSession) GetCreated() *timestamppb.Timestamp
- func (x *LoginSession) GetExpiry() *timestamppb.Timestamp
- func (x *LoginSession) GetId() string
- func (x *LoginSession) GetLoginFlowUrl() string
- func (x *LoginSession) GetOauthAuthorizationCode() string
- func (x *LoginSession) GetOauthError() string
- func (x *LoginSession) GetOauthRedirectUrl() string
- func (x *LoginSession) GetPassword() []byte
- func (x *LoginSession) GetPollInterval() *durationpb.Duration
- func (x *LoginSession) GetState() LoginSession_State
- func (*LoginSession) ProtoMessage()
- func (x *LoginSession) ProtoReflect() protoreflect.Message
- func (x *LoginSession) Reset()
- func (x *LoginSession) String() string
- type LoginSession_State
- func (LoginSession_State) Descriptor() protoreflect.EnumDescriptor
- func (x LoginSession_State) Enum() *LoginSession_State
- func (LoginSession_State) EnumDescriptor() ([]byte, []int)deprecated
- func (x LoginSession_State) Number() protoreflect.EnumNumber
- func (x LoginSession_State) String() string
- func (LoginSession_State) Type() protoreflect.EnumType
- type LoginSessionsClient
- type LoginSessionsServer
- type UnimplementedLoginSessionsServer
- type UnsafeLoginSessionsServer
Constants ¶
const ( LoginSessions_CreateLoginSession_FullMethodName = "/luci.auth.loginsessions.LoginSessions/CreateLoginSession" LoginSessions_GetLoginSession_FullMethodName = "/luci.auth.loginsessions.LoginSessions/GetLoginSession" )
Variables ¶
var ( LoginSession_State_name = map[int32]string{ 0: "STATE_UNSPECIFIED", 1: "PENDING", 2: "CANCELED", 3: "SUCCEEDED", 4: "FAILED", 5: "EXPIRED", } LoginSession_State_value = map[string]int32{ "STATE_UNSPECIFIED": 0, "PENDING": 1, "CANCELED": 2, "SUCCEEDED": 3, "FAILED": 4, "EXPIRED": 5, } )
Enum value maps for LoginSession_State.
var File_go_chromium_org_luci_auth_loginsessionspb_service_proto protoreflect.FileDescriptor
var LoginSessions_ServiceDesc = grpc.ServiceDesc{ ServiceName: "luci.auth.loginsessions.LoginSessions", HandlerType: (*LoginSessionsServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "CreateLoginSession", Handler: _LoginSessions_CreateLoginSession_Handler, }, { MethodName: "GetLoginSession", Handler: _LoginSessions_GetLoginSession_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "go.chromium.org/luci/auth/loginsessionspb/service.proto", }
LoginSessions_ServiceDesc is the grpc.ServiceDesc for LoginSessions service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
Functions ¶
func FileDescriptorSet ¶
func FileDescriptorSet() *descriptorpb.FileDescriptorSet
FileDescriptorSet returns a descriptor set for this proto package, which includes all defined services, and all transitive dependencies.
Will not return nil.
Do NOT modify the returned descriptor.
func RegisterLoginSessionsServer ¶
func RegisterLoginSessionsServer(s grpc.ServiceRegistrar, srv LoginSessionsServer)
Types ¶
type CreateLoginSessionRequest ¶
type CreateLoginSessionRequest struct { // An OAuth2 client ID that should be known to the login sessions server. // // The eventual outcome of the login protocol is a set of tokens associated // with this OAuth2 client (e.g. the ID token will have this client as // `aud` claim). // // This client ID also identifies the application information that the user // will see at the OAuth2 consent screen. // // Required. OauthClientId string `protobuf:"bytes,1,opt,name=oauth_client_id,json=oauthClientId,proto3" json:"oauth_client_id,omitempty"` // A list of OAuth2 scopes to get the refresh and access tokens with. // // The server may deny usage of some sensitive scopes. This set of scopes // defined what the user will see at the OAuth2 consent screen. // // Required. OauthScopes []string `protobuf:"bytes,2,rep,name=oauth_scopes,json=oauthScopes,proto3" json:"oauth_scopes,omitempty"` // A `code_challenge` parameter for PKCE protocol using S256 method. // // See https://tools.ietf.org/html/rfc7636. It should be a base64 URL-encoded // SHA256 digest of a `code_verifier` random string (that the caller should // not disclose anywhere). // // Required. OauthS256CodeChallenge string `` /* 131-byte string literal not displayed */ // A name of the native program that started the flow. // // Will be shown on the confirmation web page in the login session UI to // provide some best-effort context around what opened the login session. // It is **not a security mechanism**, just an FYI for the user. // // Optional. ExecutableName string `protobuf:"bytes,4,opt,name=executable_name,json=executableName,proto3" json:"executable_name,omitempty"` // A hostname of the machine that started the flow. // // Used for the same purpose as `executable_name` to give some context around // what opened the login session. It is **not a security mechanism**, just // an FYI for the user. // // Optional. ClientHostname string `protobuf:"bytes,5,opt,name=client_hostname,json=clientHostname,proto3" json:"client_hostname,omitempty"` // contains filtered or unexported fields }
Inputs for CreateLoginSession
func (*CreateLoginSessionRequest) Descriptor
deprecated
func (*CreateLoginSessionRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateLoginSessionRequest.ProtoReflect.Descriptor instead.
func (*CreateLoginSessionRequest) GetClientHostname ¶
func (x *CreateLoginSessionRequest) GetClientHostname() string
func (*CreateLoginSessionRequest) GetExecutableName ¶
func (x *CreateLoginSessionRequest) GetExecutableName() string
func (*CreateLoginSessionRequest) GetOauthClientId ¶
func (x *CreateLoginSessionRequest) GetOauthClientId() string
func (*CreateLoginSessionRequest) GetOauthS256CodeChallenge ¶
func (x *CreateLoginSessionRequest) GetOauthS256CodeChallenge() string
func (*CreateLoginSessionRequest) GetOauthScopes ¶
func (x *CreateLoginSessionRequest) GetOauthScopes() []string
func (*CreateLoginSessionRequest) ProtoMessage ¶
func (*CreateLoginSessionRequest) ProtoMessage()
func (*CreateLoginSessionRequest) ProtoReflect ¶
func (x *CreateLoginSessionRequest) ProtoReflect() protoreflect.Message
func (*CreateLoginSessionRequest) Reset ¶
func (x *CreateLoginSessionRequest) Reset()
func (*CreateLoginSessionRequest) String ¶
func (x *CreateLoginSessionRequest) String() string
type GetLoginSessionRequest ¶
type GetLoginSessionRequest struct { // ID of the login session to get the state of. Required. LoginSessionId string `protobuf:"bytes,1,opt,name=login_session_id,json=loginSessionId,proto3" json:"login_session_id,omitempty"` // The password returned by CreateLoginSession. Required. LoginSessionPassword []byte `protobuf:"bytes,2,opt,name=login_session_password,json=loginSessionPassword,proto3" json:"login_session_password,omitempty"` // contains filtered or unexported fields }
Inputs for GetLoginSession.
func (*GetLoginSessionRequest) Descriptor
deprecated
func (*GetLoginSessionRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetLoginSessionRequest.ProtoReflect.Descriptor instead.
func (*GetLoginSessionRequest) GetLoginSessionId ¶
func (x *GetLoginSessionRequest) GetLoginSessionId() string
func (*GetLoginSessionRequest) GetLoginSessionPassword ¶
func (x *GetLoginSessionRequest) GetLoginSessionPassword() []byte
func (*GetLoginSessionRequest) ProtoMessage ¶
func (*GetLoginSessionRequest) ProtoMessage()
func (*GetLoginSessionRequest) ProtoReflect ¶
func (x *GetLoginSessionRequest) ProtoReflect() protoreflect.Message
func (*GetLoginSessionRequest) Reset ¶
func (x *GetLoginSessionRequest) Reset()
func (*GetLoginSessionRequest) String ¶
func (x *GetLoginSessionRequest) String() string
type LoginSession ¶
type LoginSession struct { // Globally identifies this session. // // It is a randomly generated URL-safe string. Knowing it is enough to // complete the login session via the web UI. Should be used only by the user // that started the login flow. // // It will also appear as a `nonce` claim in the ID token produced by the // protocol. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // Password is required to call GetLoginSession. // // It is populated only in the response from CreateLoginSession. It exists // to make sure that only whoever created the session can check its status. // Must not be shared or stored. Password []byte `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` State LoginSession_State `protobuf:"varint,3,opt,name=state,proto3,enum=luci.auth.loginsessions.LoginSession_State" json:"state,omitempty"` // When the session was created. Always populated. Created *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=created,proto3" json:"created,omitempty"` // When the session will expire. Always populated. Expiry *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expiry,proto3" json:"expiry,omitempty"` // When the session moved to a final state. Populated for finished sessions. Completed *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=completed,proto3" json:"completed,omitempty"` // A full URL to a webpage the user should visit to perform the login flow. // // It encodes `id` inside. Always populated. // // Knowing it is enough to complete the login session via the web UI. Should // be used only by the user that started the login flow. LoginFlowUrl string `protobuf:"bytes,7,opt,name=login_flow_url,json=loginFlowUrl,proto3" json:"login_flow_url,omitempty"` // How often the caller should poll the session status via GetLoginSession. // // It is a mechanism to adjust the global poll rate without redeploying // new clients. // // Populated for sessions in PENDING state. The caller is allowed to ignore it // if absolutely necessary. PollInterval *durationpb.Duration `protobuf:"bytes,8,opt,name=poll_interval,json=pollInterval,proto3" json:"poll_interval,omitempty"` // The active confirmation code. // // The user will be asked to provide this code by the web UI as the final step // of the login flow. The code should be shown to the user by the native // program in the terminal. This code is very short lived (~ 1 min) and the // native program should periodically fetch and show the most recent code. // // The purpose of this mechanism is to make sure the user is completing the // flow they have actually started in their own terminal. It makes phishing // attempts harder, since the target of a phishing attack should not only // click through the web UI login flow initiated from a link (which is // relatively easy to arrange), but also actively copy-paste an up-to-date // code that expires very fast (making "asynchronous" phishing attempts // relatively hard to perform). // // Populated only if the session is still in PENDING state. ConfirmationCode string `protobuf:"bytes,9,opt,name=confirmation_code,json=confirmationCode,proto3" json:"confirmation_code,omitempty"` // When the confirmation code expires, as duration since when the request to // get it completed. // // It is a relative time (instead of an absolute timestamp) to avoid relying // on clock synchronization between the backend and the client machine. Since // the code expires pretty fast, even small differences in clocks may cause // issues. // // This value is always sufficiently larger than zero (to give the user some // time to use it). The server will prepare a new code in advance if the // existing one expires soon. See confirmation_code_refresh below. During such // transitions both codes are valid. // // Populated only if the session is still in PENDING state. ConfirmationCodeExpiry *durationpb.Duration `` /* 130-byte string literal not displayed */ // When the confirmation code will be refreshed (approximately). // // A "refresh" in this context means GetLoginSession will start returning // a new code. It happens somewhat before the previous code expires. That way // the user always sees a code that is sufficiently fresh to be copy-pasted // into the confirmation web page in a leisurely pace. // // Populated only if the session is still in PENDING state. ConfirmationCodeRefresh *durationpb.Duration `` /* 133-byte string literal not displayed */ // The OAuth2 authorization code that can be exchanged for OAuth2 tokens. // // Populated only for sessions in SUCCEEDED state. Getting this code is the // goal of LoginSessions service. Knowing this code, an OAuth2 client secret // (which is usually hardcoded in the native program code) and the PKCE code // verifier secret (which was used to derive `oauth_s256_code_challenge`) is // enough to get all OAuth2 tokens. // // Must not be shared. OauthAuthorizationCode string `` /* 130-byte string literal not displayed */ // An URL that should be used as `redirect_url` parameter when calling the // authorization server token endpoint when exchanging the authorization code // for tokens. // // Populated only for sessions in SUCCEEDED state. It is usually a static // well-known URL pointing to a page on the login sessions service domain, // but it is returned with the session to avoid hardcoding dependencies on // implementation details of the login sessions server. OauthRedirectUrl string `protobuf:"bytes,13,opt,name=oauth_redirect_url,json=oauthRedirectUrl,proto3" json:"oauth_redirect_url,omitempty"` // An optional error message if the login flow failed. // // Populated only for sessions in FAILED state. OauthError string `protobuf:"bytes,14,opt,name=oauth_error,json=oauthError,proto3" json:"oauth_error,omitempty"` // contains filtered or unexported fields }
Represents a login session whose eventual outcome if an OAuth2 authorization code.
func (*LoginSession) Descriptor
deprecated
func (*LoginSession) Descriptor() ([]byte, []int)
Deprecated: Use LoginSession.ProtoReflect.Descriptor instead.
func (*LoginSession) GetCompleted ¶
func (x *LoginSession) GetCompleted() *timestamppb.Timestamp
func (*LoginSession) GetConfirmationCode ¶
func (x *LoginSession) GetConfirmationCode() string
func (*LoginSession) GetConfirmationCodeExpiry ¶
func (x *LoginSession) GetConfirmationCodeExpiry() *durationpb.Duration
func (*LoginSession) GetConfirmationCodeRefresh ¶
func (x *LoginSession) GetConfirmationCodeRefresh() *durationpb.Duration
func (*LoginSession) GetCreated ¶
func (x *LoginSession) GetCreated() *timestamppb.Timestamp
func (*LoginSession) GetExpiry ¶
func (x *LoginSession) GetExpiry() *timestamppb.Timestamp
func (*LoginSession) GetId ¶
func (x *LoginSession) GetId() string
func (*LoginSession) GetLoginFlowUrl ¶
func (x *LoginSession) GetLoginFlowUrl() string
func (*LoginSession) GetOauthAuthorizationCode ¶
func (x *LoginSession) GetOauthAuthorizationCode() string
func (*LoginSession) GetOauthError ¶
func (x *LoginSession) GetOauthError() string
func (*LoginSession) GetOauthRedirectUrl ¶
func (x *LoginSession) GetOauthRedirectUrl() string
func (*LoginSession) GetPassword ¶
func (x *LoginSession) GetPassword() []byte
func (*LoginSession) GetPollInterval ¶
func (x *LoginSession) GetPollInterval() *durationpb.Duration
func (*LoginSession) GetState ¶
func (x *LoginSession) GetState() LoginSession_State
func (*LoginSession) ProtoMessage ¶
func (*LoginSession) ProtoMessage()
func (*LoginSession) ProtoReflect ¶
func (x *LoginSession) ProtoReflect() protoreflect.Message
func (*LoginSession) Reset ¶
func (x *LoginSession) Reset()
func (*LoginSession) String ¶
func (x *LoginSession) String() string
type LoginSession_State ¶
type LoginSession_State int32
A session starts in PENDING state and then moves to one of other states (all of them are final) in response to user actions or passage of time.
const ( LoginSession_STATE_UNSPECIFIED LoginSession_State = 0 LoginSession_PENDING LoginSession_State = 1 LoginSession_CANCELED LoginSession_State = 2 LoginSession_SUCCEEDED LoginSession_State = 3 LoginSession_FAILED LoginSession_State = 4 LoginSession_EXPIRED LoginSession_State = 5 )
func (LoginSession_State) Descriptor ¶
func (LoginSession_State) Descriptor() protoreflect.EnumDescriptor
func (LoginSession_State) Enum ¶
func (x LoginSession_State) Enum() *LoginSession_State
func (LoginSession_State) EnumDescriptor
deprecated
func (LoginSession_State) EnumDescriptor() ([]byte, []int)
Deprecated: Use LoginSession_State.Descriptor instead.
func (LoginSession_State) Number ¶
func (x LoginSession_State) Number() protoreflect.EnumNumber
func (LoginSession_State) String ¶
func (x LoginSession_State) String() string
func (LoginSession_State) Type ¶
func (LoginSession_State) Type() protoreflect.EnumType
type LoginSessionsClient ¶
type LoginSessionsClient interface { // CreateLoginSession creates a new login session in PENDING state. // // The returned message contains a new session with auto-generated random `id` // and `password`. It's the only reply that has `password` populated. Both // `id` and `password` are needed to get the up-to-date state of the session // in GetLoginSession. // // Returns: // // INVALID_ARGUMENT: when missing required fields. // PERMISSION_DENIED: when `oauth_client_id` is not recognized or some // requested scopes are forbidden from use. CreateLoginSession(ctx context.Context, in *CreateLoginSessionRequest, opts ...grpc.CallOption) (*LoginSession, error) // GetLoginSession returns the current up-to-date state of a login session. // // The state changes based on interaction with the user in the browser (via // a flow launched by visiting `login_flow_url`) and with passage of time. // // Returns: // // INVALID_ARGUMENT: when missing required fields. // NOT_FOUND: if the session is not found, expired long time ago or the // password doesn't match. GetLoginSession(ctx context.Context, in *GetLoginSessionRequest, opts ...grpc.CallOption) (*LoginSession, error) }
LoginSessionsClient is the client API for LoginSessions service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewLoginSessionsClient ¶
func NewLoginSessionsClient(cc grpc.ClientConnInterface) LoginSessionsClient
type LoginSessionsServer ¶
type LoginSessionsServer interface { // CreateLoginSession creates a new login session in PENDING state. // // The returned message contains a new session with auto-generated random `id` // and `password`. It's the only reply that has `password` populated. Both // `id` and `password` are needed to get the up-to-date state of the session // in GetLoginSession. // // Returns: // // INVALID_ARGUMENT: when missing required fields. // PERMISSION_DENIED: when `oauth_client_id` is not recognized or some // requested scopes are forbidden from use. CreateLoginSession(context.Context, *CreateLoginSessionRequest) (*LoginSession, error) // GetLoginSession returns the current up-to-date state of a login session. // // The state changes based on interaction with the user in the browser (via // a flow launched by visiting `login_flow_url`) and with passage of time. // // Returns: // // INVALID_ARGUMENT: when missing required fields. // NOT_FOUND: if the session is not found, expired long time ago or the // password doesn't match. GetLoginSession(context.Context, *GetLoginSessionRequest) (*LoginSession, error) // contains filtered or unexported methods }
LoginSessionsServer is the server API for LoginSessions service. All implementations must embed UnimplementedLoginSessionsServer for forward compatibility
type UnimplementedLoginSessionsServer ¶
type UnimplementedLoginSessionsServer struct { }
UnimplementedLoginSessionsServer must be embedded to have forward compatible implementations.
func (UnimplementedLoginSessionsServer) CreateLoginSession ¶
func (UnimplementedLoginSessionsServer) CreateLoginSession(context.Context, *CreateLoginSessionRequest) (*LoginSession, error)
func (UnimplementedLoginSessionsServer) GetLoginSession ¶
func (UnimplementedLoginSessionsServer) GetLoginSession(context.Context, *GetLoginSessionRequest) (*LoginSession, error)
type UnsafeLoginSessionsServer ¶
type UnsafeLoginSessionsServer interface {
// contains filtered or unexported methods
}
UnsafeLoginSessionsServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to LoginSessionsServer will result in compilation errors.