1
0
mirror of https://github.com/go-micro/go-micro.git synced 2024-11-24 08:02:32 +02:00

Auth - Swap Refresh to Token and change secrets to be strings, not tokens (#1444)

* Refresh => Token

* Secret is no longer a token

Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
ben-toogood 2020-03-31 10:06:13 +01:00 committed by GitHub
parent c706ebe3fb
commit 76ade7efd9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 144 additions and 166 deletions

View File

@ -42,8 +42,8 @@ type Auth interface {
Verify(acc *Account, res *Resource) error Verify(acc *Account, res *Resource) error
// Inspect a token // Inspect a token
Inspect(token string) (*Account, error) Inspect(token string) (*Account, error)
// Refresh an account using a secret // Token generated using an account ID and secret
Refresh(secret string, opts ...RefreshOption) (*Token, error) Token(id, secret string, opts ...TokenOption) (*Token, error)
// String returns the name of the implementation // String returns the name of the implementation
String() string String() string
} }
@ -63,7 +63,7 @@ type Account struct {
// ID of the account (UUIDV4, email or username) // ID of the account (UUIDV4, email or username)
ID string `json:"id"` ID string `json:"id"`
// Secret used to renew the account // Secret used to renew the account
Secret *Token `json:"secret"` Secret string `json:"secret"`
// Roles associated with the Account // Roles associated with the Account
Roles []string `json:"roles"` Roles []string `json:"roles"`
// Any other associated metadata // Any other associated metadata

View File

@ -41,7 +41,7 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
ID: id, ID: id,
Roles: options.Roles, Roles: options.Roles,
Metadata: options.Metadata, Metadata: options.Metadata,
Secret: &Token{}, Secret: uuid.New().String(),
}, nil }, nil
} }
@ -67,7 +67,7 @@ func (n *noop) Inspect(token string) (*Account, error) {
}, nil }, nil
} }
// Refresh an account using a secret // Token generation using an account id and secret
func (n *noop) Refresh(secret string, opts ...RefreshOption) (*Token, error) { func (n *noop) Token(id, secret string, opts ...TokenOption) (*Token, error) {
return &Token{}, nil return &Token{}, nil
} }

View File

@ -71,8 +71,6 @@ type GenerateOptions struct {
Metadata map[string]string Metadata map[string]string
// Roles/scopes associated with the account // Roles/scopes associated with the account
Roles []string Roles []string
// SecretExpiry is the time the secret should live for
SecretExpiry time.Duration
// Namespace the account belongs too // Namespace the account belongs too
Namespace string Namespace string
} }
@ -100,45 +98,32 @@ func WithNamespace(n string) GenerateOption {
} }
} }
// WithSecretExpiry for the generated account's secret expires
func WithSecretExpiry(ex time.Duration) GenerateOption {
return func(o *GenerateOptions) {
o.SecretExpiry = ex
}
}
// NewGenerateOptions from a slice of options // NewGenerateOptions from a slice of options
func NewGenerateOptions(opts ...GenerateOption) GenerateOptions { func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
var options GenerateOptions var options GenerateOptions
for _, o := range opts { for _, o := range opts {
o(&options) o(&options)
} }
// set defualt expiry of secret
if options.SecretExpiry == 0 {
options.SecretExpiry = time.Hour * 24 * 7
}
return options return options
} }
type RefreshOptions struct { type TokenOptions struct {
// TokenExpiry is the time the token should live for // TokenExpiry is the time the token should live for
TokenExpiry time.Duration TokenExpiry time.Duration
} }
type RefreshOption func(o *RefreshOptions) type TokenOption func(o *TokenOptions)
// WithTokenExpiry for the token // WithTokenExpiry for the token
func WithTokenExpiry(ex time.Duration) RefreshOption { func WithTokenExpiry(ex time.Duration) TokenOption {
return func(o *RefreshOptions) { return func(o *TokenOptions) {
o.TokenExpiry = ex o.TokenExpiry = ex
} }
} }
// NewRefreshOptions from a slice of options // NewTokenOptions from a slice of options
func NewRefreshOptions(opts ...RefreshOption) RefreshOptions { func NewTokenOptions(opts ...TokenOption) TokenOptions {
var options RefreshOptions var options TokenOptions
for _, o := range opts { for _, o := range opts {
o(&options) o(&options)
} }

View File

@ -121,7 +121,7 @@ func (m *Token) GetNamespace() string {
type Account struct { type Account struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Secret *Token `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"` Secret string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"` Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"` Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
@ -162,11 +162,11 @@ func (m *Account) GetId() string {
return "" return ""
} }
func (m *Account) GetSecret() *Token { func (m *Account) GetSecret() string {
if m != nil { if m != nil {
return m.Secret return m.Secret
} }
return nil return ""
} }
func (m *Account) GetRoles() []string { func (m *Account) GetRoles() []string {
@ -249,8 +249,7 @@ type GenerateRequest struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"` Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
SecretExpiry int64 `protobuf:"varint,4,opt,name=secret_expiry,json=secretExpiry,proto3" json:"secret_expiry,omitempty"` Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"` XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"` XXX_sizecache int32 `json:"-"`
@ -302,13 +301,6 @@ func (m *GenerateRequest) GetMetadata() map[string]string {
return nil return nil
} }
func (m *GenerateRequest) GetSecretExpiry() int64 {
if m != nil {
return m.SecretExpiry
}
return 0
}
func (m *GenerateRequest) GetNamespace() string { func (m *GenerateRequest) GetNamespace() string {
if m != nil { if m != nil {
return m.Namespace return m.Namespace
@ -589,86 +581,94 @@ func (m *InspectResponse) GetAccount() *Account {
return nil return nil
} }
type RefreshRequest struct { type TokenRequest struct {
Secret string `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"` Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
TokenExpiry int64 `protobuf:"varint,2,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"` Secret string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
TokenExpiry int64 `protobuf:"varint,3,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"` XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"` XXX_sizecache int32 `json:"-"`
} }
func (m *RefreshRequest) Reset() { *m = RefreshRequest{} } func (m *TokenRequest) Reset() { *m = TokenRequest{} }
func (m *RefreshRequest) String() string { return proto.CompactTextString(m) } func (m *TokenRequest) String() string { return proto.CompactTextString(m) }
func (*RefreshRequest) ProtoMessage() {} func (*TokenRequest) ProtoMessage() {}
func (*RefreshRequest) Descriptor() ([]byte, []int) { func (*TokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{11} return fileDescriptor_21300bfacc51fc2a, []int{11}
} }
func (m *RefreshRequest) XXX_Unmarshal(b []byte) error { func (m *TokenRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_RefreshRequest.Unmarshal(m, b) return xxx_messageInfo_TokenRequest.Unmarshal(m, b)
} }
func (m *RefreshRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { func (m *TokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_RefreshRequest.Marshal(b, m, deterministic) return xxx_messageInfo_TokenRequest.Marshal(b, m, deterministic)
} }
func (m *RefreshRequest) XXX_Merge(src proto.Message) { func (m *TokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_RefreshRequest.Merge(m, src) xxx_messageInfo_TokenRequest.Merge(m, src)
} }
func (m *RefreshRequest) XXX_Size() int { func (m *TokenRequest) XXX_Size() int {
return xxx_messageInfo_RefreshRequest.Size(m) return xxx_messageInfo_TokenRequest.Size(m)
} }
func (m *RefreshRequest) XXX_DiscardUnknown() { func (m *TokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_RefreshRequest.DiscardUnknown(m) xxx_messageInfo_TokenRequest.DiscardUnknown(m)
} }
var xxx_messageInfo_RefreshRequest proto.InternalMessageInfo var xxx_messageInfo_TokenRequest proto.InternalMessageInfo
func (m *RefreshRequest) GetSecret() string { func (m *TokenRequest) GetId() string {
if m != nil {
return m.Id
}
return ""
}
func (m *TokenRequest) GetSecret() string {
if m != nil { if m != nil {
return m.Secret return m.Secret
} }
return "" return ""
} }
func (m *RefreshRequest) GetTokenExpiry() int64 { func (m *TokenRequest) GetTokenExpiry() int64 {
if m != nil { if m != nil {
return m.TokenExpiry return m.TokenExpiry
} }
return 0 return 0
} }
type RefreshResponse struct { type TokenResponse struct {
Token *Token `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` Token *Token `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"` XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"` XXX_sizecache int32 `json:"-"`
} }
func (m *RefreshResponse) Reset() { *m = RefreshResponse{} } func (m *TokenResponse) Reset() { *m = TokenResponse{} }
func (m *RefreshResponse) String() string { return proto.CompactTextString(m) } func (m *TokenResponse) String() string { return proto.CompactTextString(m) }
func (*RefreshResponse) ProtoMessage() {} func (*TokenResponse) ProtoMessage() {}
func (*RefreshResponse) Descriptor() ([]byte, []int) { func (*TokenResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_21300bfacc51fc2a, []int{12} return fileDescriptor_21300bfacc51fc2a, []int{12}
} }
func (m *RefreshResponse) XXX_Unmarshal(b []byte) error { func (m *TokenResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_RefreshResponse.Unmarshal(m, b) return xxx_messageInfo_TokenResponse.Unmarshal(m, b)
} }
func (m *RefreshResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { func (m *TokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_RefreshResponse.Marshal(b, m, deterministic) return xxx_messageInfo_TokenResponse.Marshal(b, m, deterministic)
} }
func (m *RefreshResponse) XXX_Merge(src proto.Message) { func (m *TokenResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_RefreshResponse.Merge(m, src) xxx_messageInfo_TokenResponse.Merge(m, src)
} }
func (m *RefreshResponse) XXX_Size() int { func (m *TokenResponse) XXX_Size() int {
return xxx_messageInfo_RefreshResponse.Size(m) return xxx_messageInfo_TokenResponse.Size(m)
} }
func (m *RefreshResponse) XXX_DiscardUnknown() { func (m *TokenResponse) XXX_DiscardUnknown() {
xxx_messageInfo_RefreshResponse.DiscardUnknown(m) xxx_messageInfo_TokenResponse.DiscardUnknown(m)
} }
var xxx_messageInfo_RefreshResponse proto.InternalMessageInfo var xxx_messageInfo_TokenResponse proto.InternalMessageInfo
func (m *RefreshResponse) GetToken() *Token { func (m *TokenResponse) GetToken() *Token {
if m != nil { if m != nil {
return m.Token return m.Token
} }
@ -690,54 +690,52 @@ func init() {
proto.RegisterType((*RevokeResponse)(nil), "go.micro.auth.RevokeResponse") proto.RegisterType((*RevokeResponse)(nil), "go.micro.auth.RevokeResponse")
proto.RegisterType((*InspectRequest)(nil), "go.micro.auth.InspectRequest") proto.RegisterType((*InspectRequest)(nil), "go.micro.auth.InspectRequest")
proto.RegisterType((*InspectResponse)(nil), "go.micro.auth.InspectResponse") proto.RegisterType((*InspectResponse)(nil), "go.micro.auth.InspectResponse")
proto.RegisterType((*RefreshRequest)(nil), "go.micro.auth.RefreshRequest") proto.RegisterType((*TokenRequest)(nil), "go.micro.auth.TokenRequest")
proto.RegisterType((*RefreshResponse)(nil), "go.micro.auth.RefreshResponse") proto.RegisterType((*TokenResponse)(nil), "go.micro.auth.TokenResponse")
} }
func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) } func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
var fileDescriptor_21300bfacc51fc2a = []byte{ var fileDescriptor_21300bfacc51fc2a = []byte{
// 625 bytes of a gzipped FileDescriptorProto // 600 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0x4d, 0x6f, 0xd3, 0x4c, 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x6d, 0x8b, 0xd3, 0x40,
0x10, 0xae, 0xed, 0x7c, 0x38, 0x93, 0xa6, 0x89, 0x56, 0x55, 0x5e, 0x2b, 0x7a, 0x5b, 0x82, 0x41, 0x10, 0x36, 0x2f, 0x6d, 0xd3, 0x49, 0xdf, 0x58, 0x8e, 0x33, 0xd4, 0xbb, 0xb3, 0x06, 0x91, 0x22,
0x28, 0x42, 0x95, 0x83, 0xd2, 0x0b, 0xa2, 0x02, 0x51, 0xa0, 0x2a, 0x1f, 0x2a, 0x07, 0x0b, 0x09, 0x92, 0x4a, 0xef, 0x8b, 0x58, 0x10, 0x4f, 0xef, 0x38, 0x15, 0xce, 0x0f, 0x41, 0xf0, 0xe5, 0x8b,
0xc4, 0x05, 0xb9, 0xce, 0x40, 0x4c, 0x1a, 0xdb, 0xac, 0xd7, 0x11, 0x39, 0xf2, 0x87, 0xf8, 0x67, 0xe4, 0xd2, 0xc1, 0x8b, 0xbd, 0x26, 0x71, 0xb3, 0x29, 0xf6, 0x4f, 0xf9, 0x8b, 0xfc, 0x28, 0xf8,
0xfc, 0x01, 0x4e, 0x68, 0xd7, 0xbb, 0x8e, 0xe3, 0x24, 0x08, 0xa1, 0x72, 0x89, 0x66, 0x66, 0x67, 0x37, 0x64, 0xb7, 0xbb, 0xe9, 0x8b, 0xa9, 0x1c, 0xd2, 0x2f, 0x65, 0x66, 0x76, 0xe7, 0x99, 0x79,
0x9e, 0x99, 0x79, 0xf6, 0xf1, 0x06, 0x0e, 0xbc, 0x94, 0x4d, 0x86, 0x09, 0xd2, 0x79, 0xe0, 0xe3, 0x9e, 0x9d, 0x4e, 0xe0, 0x30, 0xc8, 0xd9, 0xd5, 0x20, 0x43, 0x3a, 0x8b, 0x42, 0x1c, 0xa4, 0x34,
0x30, 0xa6, 0x11, 0x8b, 0x86, 0x3c, 0xe4, 0x08, 0x93, 0xb4, 0x3e, 0x45, 0xce, 0x2c, 0xf0, 0x69, 0x61, 0xc9, 0x80, 0x87, 0x3c, 0x61, 0x92, 0xe6, 0x97, 0xc4, 0x9b, 0x46, 0x21, 0x4d, 0x3c, 0x1e,
0xe4, 0xf0, 0xa0, 0xfd, 0x5d, 0x87, 0xea, 0x9b, 0x68, 0x8a, 0x21, 0xd9, 0x87, 0x2a, 0xe3, 0x86, 0x74, 0x7f, 0xe8, 0x50, 0x79, 0x97, 0x4c, 0x30, 0x26, 0x7b, 0x50, 0x61, 0xdc, 0x70, 0xb4, 0x9e,
0xa5, 0xf5, 0xb5, 0x41, 0xc3, 0xcd, 0x1c, 0x42, 0xa0, 0xc2, 0x16, 0x31, 0x5a, 0xba, 0x08, 0x0a, 0xd6, 0xaf, 0xfb, 0x0b, 0x87, 0x10, 0x30, 0xd9, 0x3c, 0x45, 0x47, 0x17, 0x41, 0x61, 0x13, 0x07,
0x9b, 0x58, 0x50, 0xf7, 0x29, 0x7a, 0x0c, 0xc7, 0x96, 0xd1, 0xd7, 0x06, 0x86, 0xab, 0x5c, 0xd2, 0x6a, 0x21, 0xc5, 0x80, 0xe1, 0xd8, 0x31, 0x7a, 0x5a, 0xdf, 0xf0, 0x95, 0x4b, 0xf6, 0xa1, 0x8a,
0x85, 0x1a, 0x7e, 0x8d, 0x03, 0xba, 0xb0, 0x2a, 0xe2, 0x40, 0x7a, 0xbc, 0x22, 0x49, 0x2f, 0x3f, 0xdf, 0xd3, 0x88, 0xce, 0x1d, 0x53, 0x1c, 0x48, 0x8f, 0x67, 0x64, 0xf9, 0xe5, 0x57, 0x0c, 0x99,
0xa3, 0xcf, 0xac, 0xaa, 0x00, 0x52, 0x2e, 0xef, 0x4a, 0xa3, 0x2b, 0x4c, 0xac, 0x5a, 0xdf, 0xe0, 0x53, 0x11, 0x40, 0xca, 0xe5, 0x55, 0x69, 0x72, 0x8d, 0x99, 0x53, 0xed, 0x19, 0xbc, 0xaa, 0x70,
0x5d, 0x85, 0x43, 0x1e, 0x81, 0x39, 0x43, 0xe6, 0x8d, 0x3d, 0xe6, 0x59, 0xf5, 0xbe, 0x31, 0x68, 0xc8, 0x33, 0xb0, 0xa6, 0xc8, 0x82, 0x71, 0xc0, 0x02, 0xa7, 0xd6, 0x33, 0xfa, 0xf6, 0xd0, 0xf5,
0x8e, 0x6c, 0x67, 0x65, 0x6e, 0x47, 0xcc, 0xec, 0x5c, 0xc8, 0xa4, 0xb3, 0x90, 0xd1, 0x85, 0x9b, 0xd6, 0xfa, 0xf6, 0x44, 0xcf, 0xde, 0x85, 0xbc, 0x74, 0x16, 0x33, 0x3a, 0xf7, 0x8b, 0x1c, 0x72,
0xd7, 0x90, 0xff, 0xa1, 0x11, 0x7a, 0x33, 0x4c, 0x62, 0xcf, 0x47, 0xcb, 0x14, 0x1d, 0x97, 0x81, 0x00, 0xf5, 0x38, 0x98, 0x62, 0x96, 0x06, 0x21, 0x3a, 0x96, 0xa8, 0xb8, 0x0c, 0x74, 0x47, 0xd0,
0xde, 0x09, 0xb4, 0x56, 0x0a, 0x49, 0x07, 0x8c, 0x29, 0x2e, 0xe4, 0xe2, 0xdc, 0xe4, 0x63, 0xcd, 0x5c, 0x4b, 0x24, 0x1d, 0x30, 0x26, 0x38, 0x97, 0xc4, 0xb9, 0xc9, 0xdb, 0x9a, 0x05, 0xd7, 0xb9,
0xbd, 0xab, 0x54, 0xed, 0x9d, 0x39, 0x0f, 0xf4, 0xfb, 0x9a, 0xfd, 0x53, 0x83, 0xfa, 0xa9, 0xef, 0xe2, 0xbd, 0x70, 0x9e, 0xea, 0x4f, 0x34, 0xf7, 0x97, 0x06, 0xb5, 0x93, 0x30, 0x4c, 0xf2, 0x98,
0x47, 0x69, 0xc8, 0xc8, 0x1e, 0xe8, 0xc1, 0x58, 0x96, 0xe9, 0xc1, 0x98, 0x1c, 0x41, 0x2d, 0x41, 0x91, 0x16, 0xe8, 0xd1, 0x58, 0xa6, 0xe9, 0x91, 0xa0, 0x9f, 0x61, 0x48, 0x91, 0xc9, 0x34, 0xe9,
0x9f, 0x22, 0x13, 0x65, 0xcd, 0xd1, 0xfe, 0xa6, 0xa1, 0x5d, 0x99, 0xb3, 0x5c, 0xdd, 0x28, 0xae, 0x2d, 0x49, 0x1a, 0xab, 0x24, 0x9f, 0xaf, 0x90, 0x34, 0x05, 0xc9, 0xfb, 0x1b, 0x24, 0x65, 0x9d,
0xfe, 0xb8, 0xb0, 0x7a, 0x45, 0xac, 0x7e, 0xbb, 0x84, 0x22, 0xbb, 0xff, 0xd9, 0xf2, 0xd5, 0x6b, 0x9b, 0xd1, 0xac, 0xec, 0x94, 0xe6, 0x5b, 0xb0, 0x7c, 0xcc, 0x92, 0x9c, 0x86, 0xc8, 0x67, 0x80,
0x5d, 0xfe, 0x35, 0x98, 0x2e, 0x26, 0x51, 0x4a, 0x7d, 0xe4, 0xca, 0xe0, 0xa8, 0xb2, 0x50, 0xd8, 0xa3, 0xca, 0x44, 0x61, 0x97, 0xce, 0x45, 0x17, 0x2c, 0x8c, 0xc7, 0x69, 0x12, 0xc5, 0x4c, 0x0c,
0x1b, 0xd5, 0xd2, 0x03, 0x13, 0xc3, 0x71, 0x1c, 0x05, 0x21, 0x13, 0x72, 0x69, 0xb8, 0xb9, 0x6f, 0x46, 0xdd, 0x2f, 0x7c, 0xf7, 0xa7, 0x06, 0xed, 0x73, 0x8c, 0x91, 0x06, 0x0c, 0x7d, 0xfc, 0x96,
0x7f, 0xd3, 0xa1, 0x7d, 0x8e, 0x21, 0x52, 0x8f, 0xa1, 0x8b, 0x5f, 0x52, 0x4c, 0xd6, 0x49, 0xcd, 0x63, 0xf6, 0xb7, 0x7c, 0x85, 0x4c, 0xfa, 0xaa, 0x4c, 0xaf, 0x56, 0x64, 0x32, 0x84, 0x4c, 0x8f,
0x69, 0xd2, 0x8b, 0x34, 0x3d, 0x2f, 0xd0, 0x64, 0x08, 0x9a, 0x8e, 0x4a, 0x34, 0x95, 0x70, 0xb7, 0x36, 0x64, 0xda, 0xc0, 0xbd, 0x99, 0x5c, 0xe6, 0x4e, 0xe5, 0x3a, 0x85, 0xce, 0xb2, 0x8b, 0x2c,
0xd2, 0x75, 0x0b, 0x5a, 0xd9, 0x85, 0x7c, 0x58, 0x91, 0xee, 0x6e, 0x16, 0x3c, 0xcb, 0x04, 0xfc, 0x4d, 0xe2, 0x0c, 0xc9, 0x63, 0xa8, 0x05, 0x8b, 0x07, 0x14, 0x18, 0xf6, 0x70, 0xbf, 0xfc, 0x79,
0x0f, 0x39, 0x7d, 0x06, 0x9d, 0xe5, 0xa8, 0x49, 0x1c, 0x85, 0x09, 0x92, 0x7b, 0x50, 0xf7, 0xb2, 0x7d, 0x75, 0xcd, 0x7d, 0x0f, 0x8d, 0x73, 0x1a, 0xc4, 0x4c, 0x09, 0x44, 0xc0, 0xe4, 0x1a, 0x28,
0x5b, 0x16, 0x18, 0xcd, 0x51, 0x77, 0xb3, 0x06, 0x5c, 0x95, 0x66, 0xbf, 0x85, 0xdd, 0x73, 0xea, 0xe1, 0xb9, 0x4d, 0x8e, 0xc1, 0xa2, 0xf2, 0x61, 0x44, 0x1b, 0xf6, 0xf0, 0xf6, 0x06, 0xac, 0x7a,
0x85, 0x4c, 0xb1, 0x48, 0xa0, 0xc2, 0x89, 0x52, 0xb7, 0xc3, 0x6d, 0x72, 0x0c, 0x26, 0x95, 0xb7, 0x37, 0xbf, 0xb8, 0xe8, 0xb6, 0xa1, 0x29, 0x81, 0x17, 0xbd, 0xb9, 0x1f, 0xa0, 0xe9, 0xe3, 0x2c,
0x27, 0x05, 0xfa, 0x5f, 0x09, 0x56, 0x5d, 0xae, 0x9b, 0x27, 0xda, 0x6d, 0x68, 0x49, 0xe0, 0x6c, 0x99, 0xe0, 0xce, 0x4b, 0x75, 0xa0, 0xa5, 0x90, 0x65, 0xad, 0x07, 0xd0, 0x7a, 0x1d, 0x67, 0x29,
0x36, 0xfb, 0x1d, 0xb4, 0x5c, 0x9c, 0x47, 0x53, 0xbc, 0xf6, 0x56, 0x1d, 0xd8, 0x53, 0xc8, 0xb2, 0x86, 0x05, 0xaf, 0xd2, 0x55, 0xe3, 0xbe, 0x84, 0x76, 0x71, 0xef, 0xbf, 0x25, 0xfc, 0x08, 0x0d,
0xd7, 0x1d, 0xd8, 0x7b, 0x11, 0x26, 0x31, 0xfa, 0xf9, 0x5e, 0x1b, 0x5f, 0x29, 0xfb, 0x29, 0xb4, 0xb1, 0x1a, 0xb6, 0xcd, 0xd8, 0xb6, 0xbf, 0xe8, 0x3d, 0x68, 0x88, 0x2e, 0x3e, 0xcb, 0xfd, 0xb5,
0xf3, 0xbc, 0xbf, 0xa6, 0xf0, 0x15, 0x6f, 0xff, 0x91, 0x62, 0x32, 0x51, 0xcd, 0xba, 0xf9, 0xf7, 0x58, 0x6c, 0xb6, 0x88, 0x9d, 0x89, 0x90, 0x3b, 0x82, 0xa6, 0x84, 0x96, 0xdd, 0x3d, 0x5c, 0xa5,
0x9c, 0x75, 0x53, 0x5f, 0xee, 0x4d, 0xd8, 0x15, 0x7d, 0x95, 0x62, 0x74, 0xa1, 0x98, 0xa6, 0x88, 0x61, 0x0f, 0xf7, 0xca, 0x56, 0x94, 0x24, 0x37, 0xfc, 0xad, 0x81, 0x79, 0x92, 0xb3, 0x2b, 0x72,
0x65, 0x82, 0xb1, 0x1f, 0x42, 0x3b, 0x07, 0x93, 0x13, 0xdd, 0x2d, 0x8e, 0xbe, 0xed, 0x71, 0xc8, 0x01, 0x96, 0x9a, 0x14, 0x72, 0xf4, 0xef, 0x41, 0xee, 0xde, 0xdd, 0x7a, 0x2e, 0xa5, 0xbd, 0x45,
0x52, 0x46, 0x3f, 0x34, 0xa8, 0x9c, 0xa6, 0x6c, 0x42, 0x2e, 0xc0, 0x54, 0xea, 0x20, 0x87, 0xbf, 0xde, 0x40, 0x4d, 0x8a, 0x46, 0x0e, 0x37, 0x6e, 0xaf, 0x8b, 0xde, 0x3d, 0xda, 0x76, 0x5c, 0x60,
0x57, 0x78, 0xef, 0xc6, 0xd6, 0x73, 0x49, 0xe7, 0x0e, 0x79, 0x09, 0x75, 0x49, 0x14, 0x39, 0x28, 0x9d, 0xaa, 0x4f, 0xc1, 0x9d, 0x52, 0x26, 0x12, 0xe7, 0xa0, 0xfc, 0x50, 0xa1, 0xbc, 0xb0, 0x3f,
0x65, 0xaf, 0x12, 0xdd, 0x3b, 0xdc, 0x76, 0x5c, 0xc4, 0x92, 0x2b, 0xae, 0x61, 0xad, 0xf2, 0xb8, 0xd5, 0x79, 0x7c, 0xc4, 0x7f, 0x2e, 0xab, 0xe2, 0xa3, 0x73, 0xfc, 0x27, 0x00, 0x00, 0xff, 0xff,
0x86, 0x55, 0x62, 0xc6, 0xde, 0x79, 0xd2, 0x7c, 0xdf, 0xe0, 0x27, 0x27, 0xfc, 0xe7, 0xb2, 0x26, 0xc4, 0x24, 0xa4, 0xa3, 0x95, 0x06, 0x00, 0x00,
0xfe, 0xa9, 0x8e, 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x52, 0x2c, 0xfc, 0x9c, 0xca, 0x06, 0x00,
0x00,
} }
// Reference imports to suppress errors if they are not otherwise used. // Reference imports to suppress errors if they are not otherwise used.
@ -754,7 +752,7 @@ const _ = grpc.SupportPackageIsVersion4
type AuthClient interface { type AuthClient interface {
Generate(ctx context.Context, in *GenerateRequest, opts ...grpc.CallOption) (*GenerateResponse, error) Generate(ctx context.Context, in *GenerateRequest, opts ...grpc.CallOption) (*GenerateResponse, error)
Inspect(ctx context.Context, in *InspectRequest, opts ...grpc.CallOption) (*InspectResponse, error) Inspect(ctx context.Context, in *InspectRequest, opts ...grpc.CallOption) (*InspectResponse, error)
Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) Token(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error)
} }
type authClient struct { type authClient struct {
@ -783,9 +781,9 @@ func (c *authClient) Inspect(ctx context.Context, in *InspectRequest, opts ...gr
return out, nil return out, nil
} }
func (c *authClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) { func (c *authClient) Token(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error) {
out := new(RefreshResponse) out := new(TokenResponse)
err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Refresh", in, out, opts...) err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Token", in, out, opts...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -796,7 +794,7 @@ func (c *authClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...gr
type AuthServer interface { type AuthServer interface {
Generate(context.Context, *GenerateRequest) (*GenerateResponse, error) Generate(context.Context, *GenerateRequest) (*GenerateResponse, error)
Inspect(context.Context, *InspectRequest) (*InspectResponse, error) Inspect(context.Context, *InspectRequest) (*InspectResponse, error)
Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error) Token(context.Context, *TokenRequest) (*TokenResponse, error)
} }
// UnimplementedAuthServer can be embedded to have forward compatible implementations. // UnimplementedAuthServer can be embedded to have forward compatible implementations.
@ -809,8 +807,8 @@ func (*UnimplementedAuthServer) Generate(ctx context.Context, req *GenerateReque
func (*UnimplementedAuthServer) Inspect(ctx context.Context, req *InspectRequest) (*InspectResponse, error) { func (*UnimplementedAuthServer) Inspect(ctx context.Context, req *InspectRequest) (*InspectResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Inspect not implemented") return nil, status.Errorf(codes.Unimplemented, "method Inspect not implemented")
} }
func (*UnimplementedAuthServer) Refresh(ctx context.Context, req *RefreshRequest) (*RefreshResponse, error) { func (*UnimplementedAuthServer) Token(ctx context.Context, req *TokenRequest) (*TokenResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Refresh not implemented") return nil, status.Errorf(codes.Unimplemented, "method Token not implemented")
} }
func RegisterAuthServer(s *grpc.Server, srv AuthServer) { func RegisterAuthServer(s *grpc.Server, srv AuthServer) {
@ -853,20 +851,20 @@ func _Auth_Inspect_Handler(srv interface{}, ctx context.Context, dec func(interf
return interceptor(ctx, in, info, handler) return interceptor(ctx, in, info, handler)
} }
func _Auth_Refresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { func _Auth_Token_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RefreshRequest) in := new(TokenRequest)
if err := dec(in); err != nil { if err := dec(in); err != nil {
return nil, err return nil, err
} }
if interceptor == nil { if interceptor == nil {
return srv.(AuthServer).Refresh(ctx, in) return srv.(AuthServer).Token(ctx, in)
} }
info := &grpc.UnaryServerInfo{ info := &grpc.UnaryServerInfo{
Server: srv, Server: srv,
FullMethod: "/go.micro.auth.Auth/Refresh", FullMethod: "/go.micro.auth.Auth/Token",
} }
handler := func(ctx context.Context, req interface{}) (interface{}, error) { handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServer).Refresh(ctx, req.(*RefreshRequest)) return srv.(AuthServer).Token(ctx, req.(*TokenRequest))
} }
return interceptor(ctx, in, info, handler) return interceptor(ctx, in, info, handler)
} }
@ -884,8 +882,8 @@ var _Auth_serviceDesc = grpc.ServiceDesc{
Handler: _Auth_Inspect_Handler, Handler: _Auth_Inspect_Handler,
}, },
{ {
MethodName: "Refresh", MethodName: "Token",
Handler: _Auth_Refresh_Handler, Handler: _Auth_Token_Handler,
}, },
}, },
Streams: []grpc.StreamDesc{}, Streams: []grpc.StreamDesc{},

View File

@ -36,7 +36,7 @@ var _ server.Option
type AuthService interface { type AuthService interface {
Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error) Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error) Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error) Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error)
} }
type authService struct { type authService struct {
@ -71,9 +71,9 @@ func (c *authService) Inspect(ctx context.Context, in *InspectRequest, opts ...c
return out, nil return out, nil
} }
func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...client.CallOption) (*RefreshResponse, error) { func (c *authService) Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error) {
req := c.c.NewRequest(c.name, "Auth.Refresh", in) req := c.c.NewRequest(c.name, "Auth.Token", in)
out := new(RefreshResponse) out := new(TokenResponse)
err := c.c.Call(ctx, req, out, opts...) err := c.c.Call(ctx, req, out, opts...)
if err != nil { if err != nil {
return nil, err return nil, err
@ -86,14 +86,14 @@ func (c *authService) Refresh(ctx context.Context, in *RefreshRequest, opts ...c
type AuthHandler interface { type AuthHandler interface {
Generate(context.Context, *GenerateRequest, *GenerateResponse) error Generate(context.Context, *GenerateRequest, *GenerateResponse) error
Inspect(context.Context, *InspectRequest, *InspectResponse) error Inspect(context.Context, *InspectRequest, *InspectResponse) error
Refresh(context.Context, *RefreshRequest, *RefreshResponse) error Token(context.Context, *TokenRequest, *TokenResponse) error
} }
func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error { func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
type auth interface { type auth interface {
Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error
} }
type Auth struct { type Auth struct {
auth auth
@ -114,6 +114,6 @@ func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *Insp
return h.AuthHandler.Inspect(ctx, in, out) return h.AuthHandler.Inspect(ctx, in, out)
} }
func (h *authHandler) Refresh(ctx context.Context, in *RefreshRequest, out *RefreshResponse) error { func (h *authHandler) Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error {
return h.AuthHandler.Refresh(ctx, in, out) return h.AuthHandler.Token(ctx, in, out)
} }

View File

@ -6,8 +6,8 @@ option go_package = "auth;auth";
service Auth { service Auth {
rpc Generate(GenerateRequest) returns (GenerateResponse) {}; rpc Generate(GenerateRequest) returns (GenerateResponse) {};
rpc Inspect(InspectRequest) returns (InspectResponse) {}; rpc Inspect(InspectRequest) returns (InspectResponse) {};
rpc Refresh(RefreshRequest) returns (RefreshResponse) {}; rpc Token(TokenRequest) returns (TokenResponse) {};
} }
message Token { message Token {
@ -23,7 +23,7 @@ message Token {
message Account { message Account {
string id = 1; string id = 1;
Token secret = 2; string secret = 2;
repeated string roles = 3; repeated string roles = 3;
map<string, string> metadata = 4; map<string, string> metadata = 4;
string namespace = 5; string namespace = 5;
@ -39,8 +39,7 @@ message GenerateRequest {
string id = 1; string id = 1;
repeated string roles = 2; repeated string roles = 2;
map<string, string> metadata = 3; map<string, string> metadata = 3;
int64 secret_expiry = 4; string namespace = 4;
string namespace = 5;
} }
message GenerateResponse { message GenerateResponse {
@ -69,11 +68,12 @@ message InspectResponse {
Account account = 1; Account account = 1;
} }
message RefreshRequest { message TokenRequest {
string secret = 1; string id = 1;
int64 token_expiry = 2; string secret = 2;
int64 token_expiry = 3;
} }
message RefreshResponse { message TokenResponse {
Token token = 1; Token token = 1;
} }

View File

@ -81,11 +81,10 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
options := auth.NewGenerateOptions(opts...) options := auth.NewGenerateOptions(opts...)
rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{ rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{
Id: id, Id: id,
Roles: options.Roles, Roles: options.Roles,
Metadata: options.Metadata, Metadata: options.Metadata,
Namespace: options.Namespace, Namespace: options.Namespace,
SecretExpiry: int64(options.SecretExpiry.Seconds()),
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@ -186,11 +185,12 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
return serializeAccount(rsp.Account), nil return serializeAccount(rsp.Account), nil
} }
// Refresh an account using a secret // Token generation using an account ID and secret
func (s *svc) Refresh(secret string, opts ...auth.RefreshOption) (*auth.Token, error) { func (s *svc) Token(id, secret string, opts ...auth.TokenOption) (*auth.Token, error) {
options := auth.NewRefreshOptions(opts...) options := auth.NewTokenOptions(opts...)
rsp, err := s.auth.Refresh(context.Background(), &pb.RefreshRequest{ rsp, err := s.auth.Token(context.Background(), &pb.TokenRequest{
Id: id,
Secret: secret, Secret: secret,
TokenExpiry: int64(options.TokenExpiry.Seconds()), TokenExpiry: int64(options.TokenExpiry.Seconds()),
}) })
@ -269,16 +269,11 @@ func serializeToken(t *pb.Token) *auth.Token {
} }
func serializeAccount(a *pb.Account) *auth.Account { func serializeAccount(a *pb.Account) *auth.Account {
var secret *auth.Token
if a.Secret != nil {
secret = serializeToken(a.Secret)
}
return &auth.Account{ return &auth.Account{
ID: a.Id, ID: a.Id,
Roles: a.Roles, Roles: a.Roles,
Metadata: a.Metadata, Metadata: a.Metadata,
Namespace: a.Namespace, Namespace: a.Namespace,
Secret: secret, Secret: a.Secret,
} }
} }