diff --git a/rpc/flipt/auth/auth.pb.go b/rpc/flipt/auth/auth.pb.go index 55eb49e2d6..b78df8d840 100644 --- a/rpc/flipt/auth/auth.pb.go +++ b/rpc/flipt/auth/auth.pb.go @@ -28,6 +28,7 @@ type Method int32 const ( Method_METHOD_NONE Method = 0 Method_METHOD_TOKEN Method = 1 + Method_METHOD_OIDC Method = 2 ) // Enum value maps for Method. @@ -35,10 +36,12 @@ var ( Method_name = map[int32]string{ 0: "METHOD_NONE", 1: "METHOD_TOKEN", + 2: "METHOD_OIDC", } Method_value = map[string]int32{ "METHOD_NONE": 0, "METHOD_TOKEN": 1, + "METHOD_OIDC": 2, } ) @@ -69,6 +72,52 @@ func (Method) EnumDescriptor() ([]byte, []int) { return file_auth_auth_proto_rawDescGZIP(), []int{0} } +type OIDCProvider int32 + +const ( + OIDCProvider_OIDC_PROVIDER_NONE OIDCProvider = 0 + OIDCProvider_OIDC_PROVIDER_GOOGLE OIDCProvider = 1 +) + +// Enum value maps for OIDCProvider. +var ( + OIDCProvider_name = map[int32]string{ + 0: "OIDC_PROVIDER_NONE", + 1: "OIDC_PROVIDER_GOOGLE", + } + OIDCProvider_value = map[string]int32{ + "OIDC_PROVIDER_NONE": 0, + "OIDC_PROVIDER_GOOGLE": 1, + } +) + +func (x OIDCProvider) Enum() *OIDCProvider { + p := new(OIDCProvider) + *p = x + return p +} + +func (x OIDCProvider) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (OIDCProvider) Descriptor() protoreflect.EnumDescriptor { + return file_auth_auth_proto_enumTypes[1].Descriptor() +} + +func (OIDCProvider) Type() protoreflect.EnumType { + return &file_auth_auth_proto_enumTypes[1] +} + +func (x OIDCProvider) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use OIDCProvider.Descriptor instead. +func (OIDCProvider) EnumDescriptor() ([]byte, []int) { + return file_auth_auth_proto_rawDescGZIP(), []int{1} +} + type Authentication struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -486,6 +535,226 @@ func (x *CreateTokenResponse) GetAuthentication() *Authentication { return nil } +type AuthorizeURLRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Provider OIDCProvider `protobuf:"varint,1,opt,name=provider,proto3,enum=flipt.auth.OIDCProvider" json:"provider,omitempty"` + State string `protobuf:"bytes,2,opt,name=state,proto3" json:"state,omitempty"` +} + +func (x *AuthorizeURLRequest) Reset() { + *x = AuthorizeURLRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_auth_auth_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AuthorizeURLRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AuthorizeURLRequest) ProtoMessage() {} + +func (x *AuthorizeURLRequest) ProtoReflect() protoreflect.Message { + mi := &file_auth_auth_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AuthorizeURLRequest.ProtoReflect.Descriptor instead. +func (*AuthorizeURLRequest) Descriptor() ([]byte, []int) { + return file_auth_auth_proto_rawDescGZIP(), []int{7} +} + +func (x *AuthorizeURLRequest) GetProvider() OIDCProvider { + if x != nil { + return x.Provider + } + return OIDCProvider_OIDC_PROVIDER_NONE +} + +func (x *AuthorizeURLRequest) GetState() string { + if x != nil { + return x.State + } + return "" +} + +type AuthorizeURLResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + AuthorizeUrl string `protobuf:"bytes,1,opt,name=authorize_url,json=authorizeUrl,proto3" json:"authorize_url,omitempty"` +} + +func (x *AuthorizeURLResponse) Reset() { + *x = AuthorizeURLResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_auth_auth_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AuthorizeURLResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AuthorizeURLResponse) ProtoMessage() {} + +func (x *AuthorizeURLResponse) ProtoReflect() protoreflect.Message { + mi := &file_auth_auth_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AuthorizeURLResponse.ProtoReflect.Descriptor instead. +func (*AuthorizeURLResponse) Descriptor() ([]byte, []int) { + return file_auth_auth_proto_rawDescGZIP(), []int{8} +} + +func (x *AuthorizeURLResponse) GetAuthorizeUrl() string { + if x != nil { + return x.AuthorizeUrl + } + return "" +} + +type CallbackRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Provider OIDCProvider `protobuf:"varint,1,opt,name=provider,proto3,enum=flipt.auth.OIDCProvider" json:"provider,omitempty"` + Code string `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"` + State string `protobuf:"bytes,3,opt,name=state,proto3" json:"state,omitempty"` +} + +func (x *CallbackRequest) Reset() { + *x = CallbackRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_auth_auth_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CallbackRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CallbackRequest) ProtoMessage() {} + +func (x *CallbackRequest) ProtoReflect() protoreflect.Message { + mi := &file_auth_auth_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CallbackRequest.ProtoReflect.Descriptor instead. +func (*CallbackRequest) Descriptor() ([]byte, []int) { + return file_auth_auth_proto_rawDescGZIP(), []int{9} +} + +func (x *CallbackRequest) GetProvider() OIDCProvider { + if x != nil { + return x.Provider + } + return OIDCProvider_OIDC_PROVIDER_NONE +} + +func (x *CallbackRequest) GetCode() string { + if x != nil { + return x.Code + } + return "" +} + +func (x *CallbackRequest) GetState() string { + if x != nil { + return x.State + } + return "" +} + +type CallbackResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClientToken string `protobuf:"bytes,1,opt,name=client_token,json=clientToken,proto3" json:"client_token,omitempty"` + Authentication *Authentication `protobuf:"bytes,2,opt,name=authentication,proto3" json:"authentication,omitempty"` +} + +func (x *CallbackResponse) Reset() { + *x = CallbackResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_auth_auth_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CallbackResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CallbackResponse) ProtoMessage() {} + +func (x *CallbackResponse) ProtoReflect() protoreflect.Message { + mi := &file_auth_auth_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CallbackResponse.ProtoReflect.Descriptor instead. +func (*CallbackResponse) Descriptor() ([]byte, []int) { + return file_auth_auth_proto_rawDescGZIP(), []int{10} +} + +func (x *CallbackResponse) GetClientToken() string { + if x != nil { + return x.ClientToken + } + return "" +} + +func (x *CallbackResponse) GetAuthentication() *Authentication { + if x != nil { + return x.Authentication + } + return nil +} + var File_auth_auth_proto protoreflect.FileDescriptor var file_auth_auth_proto_rawDesc = []byte{ @@ -564,65 +833,118 @@ var file_auth_auth_proto_rawDesc = []byte{ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2a, 0x2b, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4d, 0x45, - 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x4d, - 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x54, 0x4f, 0x4b, 0x45, 0x4e, 0x10, 0x01, 0x32, 0xab, 0x05, - 0x0a, 0x15, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0xa0, 0x01, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x41, - 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x6c, - 0x66, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, 0x2e, 0x66, 0x6c, 0x69, 0x70, - 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x53, 0x92, 0x41, 0x50, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, - 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x34, 0x47, 0x65, 0x74, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x66, - 0x6f, 0x72, 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x20, 0x61, 0x75, 0x74, 0x68, 0x65, - 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, - 0x2a, 0x08, 0x67, 0x65, 0x74, 0x5f, 0x73, 0x65, 0x6c, 0x66, 0x12, 0x98, 0x01, 0x0a, 0x11, 0x47, + 0x22, 0x61, 0x0a, 0x13, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x55, 0x52, 0x4c, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x34, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x66, 0x6c, 0x69, 0x70, + 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x50, 0x72, 0x6f, 0x76, 0x69, + 0x64, 0x65, 0x72, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x14, 0x0a, + 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x22, 0x3b, 0x0a, 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, + 0x55, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x55, 0x72, 0x6c, + 0x22, 0x71, 0x0a, 0x0f, 0x43, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x34, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, + 0x74, 0x68, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, + 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, + 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x22, 0x79, 0x0a, 0x10, 0x43, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x42, 0x0a, 0x0e, 0x61, 0x75, + 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, + 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, + 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x3c, + 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4d, 0x45, 0x54, 0x48, + 0x4f, 0x44, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x4d, 0x45, 0x54, + 0x48, 0x4f, 0x44, 0x5f, 0x54, 0x4f, 0x4b, 0x45, 0x4e, 0x10, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x4d, + 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x4f, 0x49, 0x44, 0x43, 0x10, 0x02, 0x2a, 0x40, 0x0a, 0x0c, + 0x4f, 0x49, 0x44, 0x43, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x12, + 0x4f, 0x49, 0x44, 0x43, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x4e, 0x4f, + 0x4e, 0x45, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x4f, 0x49, 0x44, 0x43, 0x5f, 0x50, 0x52, 0x4f, + 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45, 0x10, 0x01, 0x32, 0xab, + 0x05, 0x0a, 0x15, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0xa0, 0x01, 0x0a, 0x15, 0x47, 0x65, 0x74, + 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, + 0x6c, 0x66, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, 0x2e, 0x66, 0x6c, 0x69, + 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x53, 0x92, 0x41, 0x50, 0x0a, 0x0e, 0x61, 0x75, 0x74, + 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x34, 0x47, 0x65, 0x74, + 0x20, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x20, 0x61, 0x75, 0x74, 0x68, + 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, + 0x74, 0x2a, 0x08, 0x67, 0x65, 0x74, 0x5f, 0x73, 0x65, 0x6c, 0x66, 0x12, 0x98, 0x01, 0x0a, 0x11, + 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x24, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x24, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x47, 0x65, - 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, - 0x75, 0x74, 0x68, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x22, 0x41, 0x92, 0x41, 0x3e, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x18, 0x47, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x62, 0x79, 0x20, 0x49, - 0x44, 0x2a, 0x12, 0x67, 0x65, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0xb0, 0x01, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, - 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x26, 0x2e, - 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, - 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, - 0x74, 0x68, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x48, - 0x92, 0x41, 0x45, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x1a, 0x1d, 0x4c, 0x69, 0x73, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, - 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, - 0x65, 0x73, 0x2a, 0x14, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0xa0, 0x01, 0x0a, 0x14, 0x44, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x27, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x44, - 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, - 0x74, 0x79, 0x22, 0x47, 0x92, 0x41, 0x44, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x1b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x62, - 0x79, 0x20, 0x49, 0x44, 0x2a, 0x15, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, - 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0xc9, 0x01, 0x0a, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, - 0x74, 0x68, 0x6f, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x12, 0xa4, 0x01, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, - 0x12, 0x1e, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x43, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1f, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x43, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x54, 0x92, 0x41, 0x51, 0x0a, 0x2a, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x20, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x1a, 0x1b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x20, 0x61, 0x75, 0x74, 0x68, 0x65, - 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x2a, - 0x06, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x42, 0xd4, 0x03, 0x5a, 0x20, 0x67, 0x6f, 0x2e, 0x66, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, + 0x61, 0x75, 0x74, 0x68, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x22, 0x41, 0x92, 0x41, 0x3e, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, + 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x18, 0x47, 0x65, 0x74, 0x20, 0x41, 0x75, + 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x62, 0x79, 0x20, + 0x49, 0x44, 0x2a, 0x12, 0x67, 0x65, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0xb0, 0x01, 0x0a, 0x13, 0x4c, 0x69, 0x73, 0x74, 0x41, + 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x26, + 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, + 0x75, 0x74, 0x68, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x48, 0x92, 0x41, 0x45, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x1d, 0x4c, 0x69, 0x73, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x65, + 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, + 0x63, 0x65, 0x73, 0x2a, 0x14, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, + 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0xa0, 0x01, 0x0a, 0x14, 0x44, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x27, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, + 0x70, 0x74, 0x79, 0x22, 0x47, 0x92, 0x41, 0x44, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, + 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x1b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x20, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, + 0x62, 0x79, 0x20, 0x49, 0x44, 0x2a, 0x15, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x5f, 0x61, 0x75, + 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0xc9, 0x01, 0x0a, + 0x20, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, + 0x65, 0x74, 0x68, 0x6f, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x12, 0xa4, 0x01, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x12, 0x1e, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x43, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x1f, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x43, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x54, 0x92, 0x41, 0x51, 0x0a, 0x2a, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x20, 0x74, 0x6f, + 0x6b, 0x65, 0x6e, 0x1a, 0x1b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x20, 0x61, 0x75, 0x74, 0x68, + 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x74, 0x6f, 0x6b, 0x65, 0x6e, + 0x2a, 0x06, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x32, 0xec, 0x02, 0x0a, 0x1f, 0x41, 0x75, 0x74, + 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x4f, 0x49, 0x44, 0x43, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0xad, 0x01, 0x0a, + 0x0c, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x55, 0x52, 0x4c, 0x12, 0x1f, 0x2e, + 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x7a, 0x65, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, + 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x55, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x5a, 0x92, 0x41, 0x57, 0x0a, 0x29, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x20, 0x6f, 0x69, 0x64, 0x63, + 0x1a, 0x1b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x20, 0x4f, 0x49, 0x44, 0x43, 0x20, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x20, 0x55, 0x52, 0x4c, 0x2a, 0x0d, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x12, 0x98, 0x01, 0x0a, + 0x08, 0x43, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x1b, 0x2e, 0x66, 0x6c, 0x69, 0x70, + 0x74, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x43, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x61, + 0x75, 0x74, 0x68, 0x2e, 0x43, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x51, 0x92, 0x41, 0x4e, 0x0a, 0x29, 0x61, 0x75, 0x74, 0x68, 0x65, + 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, + 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x20, + 0x6f, 0x69, 0x64, 0x63, 0x1a, 0x17, 0x4f, 0x49, 0x44, 0x43, 0x20, 0x63, 0x61, 0x6c, 0x6c, 0x62, + 0x61, 0x63, 0x6b, 0x20, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x08, 0x63, + 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x42, 0xd4, 0x03, 0x5a, 0x20, 0x67, 0x6f, 0x2e, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2e, 0x69, 0x6f, 0x2f, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x66, 0x6c, 0x69, 0x70, 0x74, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x92, 0x41, 0xae, 0x03, 0x12, 0xb0, 0x01, 0x0a, 0x19, 0x46, 0x6c, 0x69, 0x70, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x65, @@ -667,46 +989,58 @@ func file_auth_auth_proto_rawDescGZIP() []byte { return file_auth_auth_proto_rawDescData } -var file_auth_auth_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_auth_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_auth_auth_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_auth_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 12) var file_auth_auth_proto_goTypes = []interface{}{ (Method)(0), // 0: flipt.auth.Method - (*Authentication)(nil), // 1: flipt.auth.Authentication - (*GetAuthenticationRequest)(nil), // 2: flipt.auth.GetAuthenticationRequest - (*ListAuthenticationsRequest)(nil), // 3: flipt.auth.ListAuthenticationsRequest - (*ListAuthenticationsResponse)(nil), // 4: flipt.auth.ListAuthenticationsResponse - (*DeleteAuthenticationRequest)(nil), // 5: flipt.auth.DeleteAuthenticationRequest - (*CreateTokenRequest)(nil), // 6: flipt.auth.CreateTokenRequest - (*CreateTokenResponse)(nil), // 7: flipt.auth.CreateTokenResponse - nil, // 8: flipt.auth.Authentication.MetadataEntry - (*timestamppb.Timestamp)(nil), // 9: google.protobuf.Timestamp - (*emptypb.Empty)(nil), // 10: google.protobuf.Empty + (OIDCProvider)(0), // 1: flipt.auth.OIDCProvider + (*Authentication)(nil), // 2: flipt.auth.Authentication + (*GetAuthenticationRequest)(nil), // 3: flipt.auth.GetAuthenticationRequest + (*ListAuthenticationsRequest)(nil), // 4: flipt.auth.ListAuthenticationsRequest + (*ListAuthenticationsResponse)(nil), // 5: flipt.auth.ListAuthenticationsResponse + (*DeleteAuthenticationRequest)(nil), // 6: flipt.auth.DeleteAuthenticationRequest + (*CreateTokenRequest)(nil), // 7: flipt.auth.CreateTokenRequest + (*CreateTokenResponse)(nil), // 8: flipt.auth.CreateTokenResponse + (*AuthorizeURLRequest)(nil), // 9: flipt.auth.AuthorizeURLRequest + (*AuthorizeURLResponse)(nil), // 10: flipt.auth.AuthorizeURLResponse + (*CallbackRequest)(nil), // 11: flipt.auth.CallbackRequest + (*CallbackResponse)(nil), // 12: flipt.auth.CallbackResponse + nil, // 13: flipt.auth.Authentication.MetadataEntry + (*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp + (*emptypb.Empty)(nil), // 15: google.protobuf.Empty } var file_auth_auth_proto_depIdxs = []int32{ 0, // 0: flipt.auth.Authentication.method:type_name -> flipt.auth.Method - 9, // 1: flipt.auth.Authentication.expires_at:type_name -> google.protobuf.Timestamp - 9, // 2: flipt.auth.Authentication.created_at:type_name -> google.protobuf.Timestamp - 9, // 3: flipt.auth.Authentication.updated_at:type_name -> google.protobuf.Timestamp - 8, // 4: flipt.auth.Authentication.metadata:type_name -> flipt.auth.Authentication.MetadataEntry + 14, // 1: flipt.auth.Authentication.expires_at:type_name -> google.protobuf.Timestamp + 14, // 2: flipt.auth.Authentication.created_at:type_name -> google.protobuf.Timestamp + 14, // 3: flipt.auth.Authentication.updated_at:type_name -> google.protobuf.Timestamp + 13, // 4: flipt.auth.Authentication.metadata:type_name -> flipt.auth.Authentication.MetadataEntry 0, // 5: flipt.auth.ListAuthenticationsRequest.method:type_name -> flipt.auth.Method - 1, // 6: flipt.auth.ListAuthenticationsResponse.authentications:type_name -> flipt.auth.Authentication - 9, // 7: flipt.auth.CreateTokenRequest.expires_at:type_name -> google.protobuf.Timestamp - 1, // 8: flipt.auth.CreateTokenResponse.authentication:type_name -> flipt.auth.Authentication - 10, // 9: flipt.auth.AuthenticationService.GetAuthenticationSelf:input_type -> google.protobuf.Empty - 2, // 10: flipt.auth.AuthenticationService.GetAuthentication:input_type -> flipt.auth.GetAuthenticationRequest - 3, // 11: flipt.auth.AuthenticationService.ListAuthentications:input_type -> flipt.auth.ListAuthenticationsRequest - 5, // 12: flipt.auth.AuthenticationService.DeleteAuthentication:input_type -> flipt.auth.DeleteAuthenticationRequest - 6, // 13: flipt.auth.AuthenticationMethodTokenService.CreateToken:input_type -> flipt.auth.CreateTokenRequest - 1, // 14: flipt.auth.AuthenticationService.GetAuthenticationSelf:output_type -> flipt.auth.Authentication - 1, // 15: flipt.auth.AuthenticationService.GetAuthentication:output_type -> flipt.auth.Authentication - 4, // 16: flipt.auth.AuthenticationService.ListAuthentications:output_type -> flipt.auth.ListAuthenticationsResponse - 10, // 17: flipt.auth.AuthenticationService.DeleteAuthentication:output_type -> google.protobuf.Empty - 7, // 18: flipt.auth.AuthenticationMethodTokenService.CreateToken:output_type -> flipt.auth.CreateTokenResponse - 14, // [14:19] is the sub-list for method output_type - 9, // [9:14] is the sub-list for method input_type - 9, // [9:9] is the sub-list for extension type_name - 9, // [9:9] is the sub-list for extension extendee - 0, // [0:9] is the sub-list for field type_name + 2, // 6: flipt.auth.ListAuthenticationsResponse.authentications:type_name -> flipt.auth.Authentication + 14, // 7: flipt.auth.CreateTokenRequest.expires_at:type_name -> google.protobuf.Timestamp + 2, // 8: flipt.auth.CreateTokenResponse.authentication:type_name -> flipt.auth.Authentication + 1, // 9: flipt.auth.AuthorizeURLRequest.provider:type_name -> flipt.auth.OIDCProvider + 1, // 10: flipt.auth.CallbackRequest.provider:type_name -> flipt.auth.OIDCProvider + 2, // 11: flipt.auth.CallbackResponse.authentication:type_name -> flipt.auth.Authentication + 15, // 12: flipt.auth.AuthenticationService.GetAuthenticationSelf:input_type -> google.protobuf.Empty + 3, // 13: flipt.auth.AuthenticationService.GetAuthentication:input_type -> flipt.auth.GetAuthenticationRequest + 4, // 14: flipt.auth.AuthenticationService.ListAuthentications:input_type -> flipt.auth.ListAuthenticationsRequest + 6, // 15: flipt.auth.AuthenticationService.DeleteAuthentication:input_type -> flipt.auth.DeleteAuthenticationRequest + 7, // 16: flipt.auth.AuthenticationMethodTokenService.CreateToken:input_type -> flipt.auth.CreateTokenRequest + 9, // 17: flipt.auth.AuthenticationMethodOIDCService.AuthorizeURL:input_type -> flipt.auth.AuthorizeURLRequest + 11, // 18: flipt.auth.AuthenticationMethodOIDCService.Callback:input_type -> flipt.auth.CallbackRequest + 2, // 19: flipt.auth.AuthenticationService.GetAuthenticationSelf:output_type -> flipt.auth.Authentication + 2, // 20: flipt.auth.AuthenticationService.GetAuthentication:output_type -> flipt.auth.Authentication + 5, // 21: flipt.auth.AuthenticationService.ListAuthentications:output_type -> flipt.auth.ListAuthenticationsResponse + 15, // 22: flipt.auth.AuthenticationService.DeleteAuthentication:output_type -> google.protobuf.Empty + 8, // 23: flipt.auth.AuthenticationMethodTokenService.CreateToken:output_type -> flipt.auth.CreateTokenResponse + 10, // 24: flipt.auth.AuthenticationMethodOIDCService.AuthorizeURL:output_type -> flipt.auth.AuthorizeURLResponse + 12, // 25: flipt.auth.AuthenticationMethodOIDCService.Callback:output_type -> flipt.auth.CallbackResponse + 19, // [19:26] is the sub-list for method output_type + 12, // [12:19] is the sub-list for method input_type + 12, // [12:12] is the sub-list for extension type_name + 12, // [12:12] is the sub-list for extension extendee + 0, // [0:12] is the sub-list for field type_name } func init() { file_auth_auth_proto_init() } @@ -799,16 +1133,64 @@ func file_auth_auth_proto_init() { return nil } } + file_auth_auth_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AuthorizeURLRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_auth_auth_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AuthorizeURLResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_auth_auth_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CallbackRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_auth_auth_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CallbackResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_auth_auth_proto_rawDesc, - NumEnums: 1, - NumMessages: 8, + NumEnums: 2, + NumMessages: 12, NumExtensions: 0, - NumServices: 2, + NumServices: 3, }, GoTypes: file_auth_auth_proto_goTypes, DependencyIndexes: file_auth_auth_proto_depIdxs, diff --git a/rpc/flipt/auth/auth.pb.gw.go b/rpc/flipt/auth/auth.pb.gw.go index 6316004ec9..3aa126250d 100644 --- a/rpc/flipt/auth/auth.pb.gw.go +++ b/rpc/flipt/auth/auth.pb.gw.go @@ -224,6 +224,158 @@ func local_request_AuthenticationMethodTokenService_CreateToken_0(ctx context.Co } +var ( + filter_AuthenticationMethodOIDCService_AuthorizeURL_0 = &utilities.DoubleArray{Encoding: map[string]int{"provider": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + +func request_AuthenticationMethodOIDCService_AuthorizeURL_0(ctx context.Context, marshaler runtime.Marshaler, client AuthenticationMethodOIDCServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq AuthorizeURLRequest + var metadata runtime.ServerMetadata + + var ( + val string + e int32 + ok bool + err error + _ = err + ) + + val, ok = pathParams["provider"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "provider") + } + + e, err = runtime.Enum(val, OIDCProvider_value) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "provider", err) + } + + protoReq.Provider = OIDCProvider(e) + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthenticationMethodOIDCService_AuthorizeURL_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.AuthorizeURL(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_AuthenticationMethodOIDCService_AuthorizeURL_0(ctx context.Context, marshaler runtime.Marshaler, server AuthenticationMethodOIDCServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq AuthorizeURLRequest + var metadata runtime.ServerMetadata + + var ( + val string + e int32 + ok bool + err error + _ = err + ) + + val, ok = pathParams["provider"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "provider") + } + + e, err = runtime.Enum(val, OIDCProvider_value) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "provider", err) + } + + protoReq.Provider = OIDCProvider(e) + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthenticationMethodOIDCService_AuthorizeURL_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.AuthorizeURL(ctx, &protoReq) + return msg, metadata, err + +} + +var ( + filter_AuthenticationMethodOIDCService_Callback_0 = &utilities.DoubleArray{Encoding: map[string]int{"provider": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + +func request_AuthenticationMethodOIDCService_Callback_0(ctx context.Context, marshaler runtime.Marshaler, client AuthenticationMethodOIDCServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq CallbackRequest + var metadata runtime.ServerMetadata + + var ( + val string + e int32 + ok bool + err error + _ = err + ) + + val, ok = pathParams["provider"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "provider") + } + + e, err = runtime.Enum(val, OIDCProvider_value) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "provider", err) + } + + protoReq.Provider = OIDCProvider(e) + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthenticationMethodOIDCService_Callback_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.Callback(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_AuthenticationMethodOIDCService_Callback_0(ctx context.Context, marshaler runtime.Marshaler, server AuthenticationMethodOIDCServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq CallbackRequest + var metadata runtime.ServerMetadata + + var ( + val string + e int32 + ok bool + err error + _ = err + ) + + val, ok = pathParams["provider"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "provider") + } + + e, err = runtime.Enum(val, OIDCProvider_value) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "provider", err) + } + + protoReq.Provider = OIDCProvider(e) + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthenticationMethodOIDCService_Callback_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.Callback(ctx, &protoReq) + return msg, metadata, err + +} + // RegisterAuthenticationServiceHandlerServer registers the http handlers for service AuthenticationService to "mux". // UnaryRPC :call AuthenticationServiceServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -367,6 +519,65 @@ func RegisterAuthenticationMethodTokenServiceHandlerServer(ctx context.Context, return nil } +// RegisterAuthenticationMethodOIDCServiceHandlerServer registers the http handlers for service AuthenticationMethodOIDCService to "mux". +// UnaryRPC :call AuthenticationMethodOIDCServiceServer directly. +// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. +// Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterAuthenticationMethodOIDCServiceHandlerFromEndpoint instead. +func RegisterAuthenticationMethodOIDCServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AuthenticationMethodOIDCServiceServer) error { + + mux.Handle("GET", pattern_AuthenticationMethodOIDCService_AuthorizeURL_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/flipt.auth.AuthenticationMethodOIDCService/AuthorizeURL", runtime.WithHTTPPathPattern("/auth/v1/method/oidc/{provider}/authorize")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_AuthenticationMethodOIDCService_AuthorizeURL_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AuthenticationMethodOIDCService_AuthorizeURL_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_AuthenticationMethodOIDCService_Callback_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/flipt.auth.AuthenticationMethodOIDCService/Callback", runtime.WithHTTPPathPattern("/auth/v1/method/oidc/{provider}/callback")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_AuthenticationMethodOIDCService_Callback_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AuthenticationMethodOIDCService_Callback_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + return nil +} + // RegisterAuthenticationServiceHandlerFromEndpoint is same as RegisterAuthenticationServiceHandler but // automatically dials to "endpoint" and closes the connection when "ctx" gets done. func RegisterAuthenticationServiceHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) { @@ -586,3 +797,100 @@ var ( var ( forward_AuthenticationMethodTokenService_CreateToken_0 = runtime.ForwardResponseMessage ) + +// RegisterAuthenticationMethodOIDCServiceHandlerFromEndpoint is same as RegisterAuthenticationMethodOIDCServiceHandler but +// automatically dials to "endpoint" and closes the connection when "ctx" gets done. +func RegisterAuthenticationMethodOIDCServiceHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) { + conn, err := grpc.Dial(endpoint, opts...) + if err != nil { + return err + } + defer func() { + if err != nil { + if cerr := conn.Close(); cerr != nil { + grpclog.Infof("Failed to close conn to %s: %v", endpoint, cerr) + } + return + } + go func() { + <-ctx.Done() + if cerr := conn.Close(); cerr != nil { + grpclog.Infof("Failed to close conn to %s: %v", endpoint, cerr) + } + }() + }() + + return RegisterAuthenticationMethodOIDCServiceHandler(ctx, mux, conn) +} + +// RegisterAuthenticationMethodOIDCServiceHandler registers the http handlers for service AuthenticationMethodOIDCService to "mux". +// The handlers forward requests to the grpc endpoint over "conn". +func RegisterAuthenticationMethodOIDCServiceHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error { + return RegisterAuthenticationMethodOIDCServiceHandlerClient(ctx, mux, NewAuthenticationMethodOIDCServiceClient(conn)) +} + +// RegisterAuthenticationMethodOIDCServiceHandlerClient registers the http handlers for service AuthenticationMethodOIDCService +// to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "AuthenticationMethodOIDCServiceClient". +// Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "AuthenticationMethodOIDCServiceClient" +// doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in +// "AuthenticationMethodOIDCServiceClient" to call the correct interceptors. +func RegisterAuthenticationMethodOIDCServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AuthenticationMethodOIDCServiceClient) error { + + mux.Handle("GET", pattern_AuthenticationMethodOIDCService_AuthorizeURL_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/flipt.auth.AuthenticationMethodOIDCService/AuthorizeURL", runtime.WithHTTPPathPattern("/auth/v1/method/oidc/{provider}/authorize")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_AuthenticationMethodOIDCService_AuthorizeURL_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AuthenticationMethodOIDCService_AuthorizeURL_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_AuthenticationMethodOIDCService_Callback_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/flipt.auth.AuthenticationMethodOIDCService/Callback", runtime.WithHTTPPathPattern("/auth/v1/method/oidc/{provider}/callback")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_AuthenticationMethodOIDCService_Callback_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AuthenticationMethodOIDCService_Callback_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + return nil +} + +var ( + pattern_AuthenticationMethodOIDCService_AuthorizeURL_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4, 2, 5}, []string{"auth", "v1", "method", "oidc", "provider", "authorize"}, "")) + + pattern_AuthenticationMethodOIDCService_Callback_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4, 2, 5}, []string{"auth", "v1", "method", "oidc", "provider", "callback"}, "")) +) + +var ( + forward_AuthenticationMethodOIDCService_AuthorizeURL_0 = runtime.ForwardResponseMessage + + forward_AuthenticationMethodOIDCService_Callback_0 = runtime.ForwardResponseMessage +) diff --git a/rpc/flipt/auth/auth.proto b/rpc/flipt/auth/auth.proto index 0e7d8839be..e6132720a2 100644 --- a/rpc/flipt/auth/auth.proto +++ b/rpc/flipt/auth/auth.proto @@ -59,6 +59,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { enum Method { METHOD_NONE = 0; METHOD_TOKEN = 1; + METHOD_OIDC = 2; } message Authentication { @@ -161,3 +162,45 @@ service AuthenticationMethodTokenService { }; } } + +enum OIDCProvider { + OIDC_PROVIDER_NONE = 0; + OIDC_PROVIDER_GOOGLE = 1; +} + +message AuthorizeURLRequest { + OIDCProvider provider = 1; + string state = 2; +} + +message AuthorizeURLResponse { + string authorize_url = 1; +} + +message CallbackRequest { + OIDCProvider provider = 1; + string code = 2; + string state = 3; +} + +message CallbackResponse { + string client_token = 1; + Authentication authentication = 2; +} + +service AuthenticationMethodOIDCService { + rpc AuthorizeURL(AuthorizeURLRequest) returns (AuthorizeURLResponse) { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + operation_id: "authorize_url", + description: "Generate OIDC authorize URL", + tags: "authentication authentication_method oidc", + }; + } + rpc Callback(CallbackRequest) returns (CallbackResponse) { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + operation_id: "callback", + description: "OIDC callback operation", + tags: "authentication authentication_method oidc", + }; + } +} diff --git a/rpc/flipt/auth/auth_grpc.pb.go b/rpc/flipt/auth/auth_grpc.pb.go index 78ef13f1f4..57e196a95b 100644 --- a/rpc/flipt/auth/auth_grpc.pb.go +++ b/rpc/flipt/auth/auth_grpc.pb.go @@ -299,3 +299,126 @@ var AuthenticationMethodTokenService_ServiceDesc = grpc.ServiceDesc{ Streams: []grpc.StreamDesc{}, Metadata: "auth/auth.proto", } + +// AuthenticationMethodOIDCServiceClient is the client API for AuthenticationMethodOIDCService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type AuthenticationMethodOIDCServiceClient interface { + AuthorizeURL(ctx context.Context, in *AuthorizeURLRequest, opts ...grpc.CallOption) (*AuthorizeURLResponse, error) + Callback(ctx context.Context, in *CallbackRequest, opts ...grpc.CallOption) (*CallbackResponse, error) +} + +type authenticationMethodOIDCServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewAuthenticationMethodOIDCServiceClient(cc grpc.ClientConnInterface) AuthenticationMethodOIDCServiceClient { + return &authenticationMethodOIDCServiceClient{cc} +} + +func (c *authenticationMethodOIDCServiceClient) AuthorizeURL(ctx context.Context, in *AuthorizeURLRequest, opts ...grpc.CallOption) (*AuthorizeURLResponse, error) { + out := new(AuthorizeURLResponse) + err := c.cc.Invoke(ctx, "/flipt.auth.AuthenticationMethodOIDCService/AuthorizeURL", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *authenticationMethodOIDCServiceClient) Callback(ctx context.Context, in *CallbackRequest, opts ...grpc.CallOption) (*CallbackResponse, error) { + out := new(CallbackResponse) + err := c.cc.Invoke(ctx, "/flipt.auth.AuthenticationMethodOIDCService/Callback", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// AuthenticationMethodOIDCServiceServer is the server API for AuthenticationMethodOIDCService service. +// All implementations must embed UnimplementedAuthenticationMethodOIDCServiceServer +// for forward compatibility +type AuthenticationMethodOIDCServiceServer interface { + AuthorizeURL(context.Context, *AuthorizeURLRequest) (*AuthorizeURLResponse, error) + Callback(context.Context, *CallbackRequest) (*CallbackResponse, error) + mustEmbedUnimplementedAuthenticationMethodOIDCServiceServer() +} + +// UnimplementedAuthenticationMethodOIDCServiceServer must be embedded to have forward compatible implementations. +type UnimplementedAuthenticationMethodOIDCServiceServer struct { +} + +func (UnimplementedAuthenticationMethodOIDCServiceServer) AuthorizeURL(context.Context, *AuthorizeURLRequest) (*AuthorizeURLResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method AuthorizeURL not implemented") +} +func (UnimplementedAuthenticationMethodOIDCServiceServer) Callback(context.Context, *CallbackRequest) (*CallbackResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Callback not implemented") +} +func (UnimplementedAuthenticationMethodOIDCServiceServer) mustEmbedUnimplementedAuthenticationMethodOIDCServiceServer() { +} + +// UnsafeAuthenticationMethodOIDCServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to AuthenticationMethodOIDCServiceServer will +// result in compilation errors. +type UnsafeAuthenticationMethodOIDCServiceServer interface { + mustEmbedUnimplementedAuthenticationMethodOIDCServiceServer() +} + +func RegisterAuthenticationMethodOIDCServiceServer(s grpc.ServiceRegistrar, srv AuthenticationMethodOIDCServiceServer) { + s.RegisterService(&AuthenticationMethodOIDCService_ServiceDesc, srv) +} + +func _AuthenticationMethodOIDCService_AuthorizeURL_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(AuthorizeURLRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthenticationMethodOIDCServiceServer).AuthorizeURL(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/flipt.auth.AuthenticationMethodOIDCService/AuthorizeURL", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthenticationMethodOIDCServiceServer).AuthorizeURL(ctx, req.(*AuthorizeURLRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthenticationMethodOIDCService_Callback_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CallbackRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthenticationMethodOIDCServiceServer).Callback(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/flipt.auth.AuthenticationMethodOIDCService/Callback", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthenticationMethodOIDCServiceServer).Callback(ctx, req.(*CallbackRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// AuthenticationMethodOIDCService_ServiceDesc is the grpc.ServiceDesc for AuthenticationMethodOIDCService service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var AuthenticationMethodOIDCService_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "flipt.auth.AuthenticationMethodOIDCService", + HandlerType: (*AuthenticationMethodOIDCServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "AuthorizeURL", + Handler: _AuthenticationMethodOIDCService_AuthorizeURL_Handler, + }, + { + MethodName: "Callback", + Handler: _AuthenticationMethodOIDCService_Callback_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "auth/auth.proto", +} diff --git a/rpc/flipt/flipt.yaml b/rpc/flipt/flipt.yaml index 831eb38552..dd6a4e5f48 100644 --- a/rpc/flipt/flipt.yaml +++ b/rpc/flipt/flipt.yaml @@ -87,3 +87,8 @@ http: - selector: flipt.auth.AuthenticationMethodTokenService.CreateToken post: /auth/v1/method/token body: "*" + # method: oidc + - selector: flipt.auth.AuthenticationMethodOIDCService.AuthorizeURL + get: /auth/v1/method/oidc/{provider}/authorize + - selector: flipt.auth.AuthenticationMethodOIDCService.Callback + get: /auth/v1/method/oidc/{provider}/callback diff --git a/swagger/auth/auth.swagger.json b/swagger/auth/auth.swagger.json index 922c6f53ab..995ce8e076 100644 --- a/swagger/auth/auth.swagger.json +++ b/swagger/auth/auth.swagger.json @@ -19,6 +19,9 @@ }, { "name": "AuthenticationMethodTokenService" + }, + { + "name": "AuthenticationMethodOIDCService" } ], "schemes": [ @@ -32,6 +35,106 @@ "application/json" ], "paths": { + "/auth/v1/method/oidc/{provider}/authorize": { + "get": { + "description": "Generate OIDC authorize URL", + "operationId": "authorize_url", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/authAuthorizeURLResponse" + } + }, + "401": { + "description": "Request could not be authenticated (authentication required).", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "provider", + "in": "path", + "required": true, + "type": "string", + "enum": [ + "OIDC_PROVIDER_NONE", + "OIDC_PROVIDER_GOOGLE" + ] + }, + { + "name": "state", + "in": "query", + "required": false, + "type": "string" + } + ], + "tags": [ + "authentication authentication_method oidc" + ] + } + }, + "/auth/v1/method/oidc/{provider}/callback": { + "get": { + "description": "OIDC callback operation", + "operationId": "callback", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/authCallbackResponse" + } + }, + "401": { + "description": "Request could not be authenticated (authentication required).", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/rpcStatus" + } + } + }, + "parameters": [ + { + "name": "provider", + "in": "path", + "required": true, + "type": "string", + "enum": [ + "OIDC_PROVIDER_NONE", + "OIDC_PROVIDER_GOOGLE" + ] + }, + { + "name": "code", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "state", + "in": "query", + "required": false, + "type": "string" + } + ], + "tags": [ + "authentication authentication_method oidc" + ] + } + }, "/auth/v1/method/token": { "post": { "description": "Create authentication token", @@ -132,7 +235,8 @@ "type": "string", "enum": [ "METHOD_NONE", - "METHOD_TOKEN" + "METHOD_TOKEN", + "METHOD_OIDC" ], "default": "METHOD_NONE" }, @@ -259,6 +363,25 @@ } } }, + "authAuthorizeURLResponse": { + "type": "object", + "properties": { + "authorizeUrl": { + "type": "string" + } + } + }, + "authCallbackResponse": { + "type": "object", + "properties": { + "clientToken": { + "type": "string" + }, + "authentication": { + "$ref": "#/definitions/authAuthentication" + } + } + }, "authCreateTokenRequest": { "type": "object", "properties": { @@ -307,10 +430,19 @@ "type": "string", "enum": [ "METHOD_NONE", - "METHOD_TOKEN" + "METHOD_TOKEN", + "METHOD_OIDC" ], "default": "METHOD_NONE" }, + "authOIDCProvider": { + "type": "string", + "enum": [ + "OIDC_PROVIDER_NONE", + "OIDC_PROVIDER_GOOGLE" + ], + "default": "OIDC_PROVIDER_NONE" + }, "protobufAny": { "type": "object", "properties": {