1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.identitytoolkit.v2; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/cloud/identitytoolkit/v2/mfa_info.proto"; 23 24option csharp_namespace = "Google.Cloud.IdentityToolkit.V2"; 25option go_package = "cloud.google.com/go/identitytoolkit/apiv2/identitytoolkitpb;identitytoolkitpb"; 26option java_multiple_files = true; 27option java_package = "com.google.cloud.identitytoolkit.v2"; 28option php_namespace = "Google\\Cloud\\IdentityToolkit\\V2"; 29option ruby_package = "Google::Cloud::IdentityToolkit::V2"; 30 31// Authentication for Identity Toolkit 32service AuthenticationService { 33 option (google.api.default_host) = "identitytoolkit.googleapis.com"; 34 option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; 35 36 // Verifies the MFA challenge and performs sign-in 37 rpc FinalizeMfaSignIn(FinalizeMfaSignInRequest) returns (FinalizeMfaSignInResponse) { 38 option (google.api.http) = { 39 post: "/v2/accounts/mfaSignIn:finalize" 40 body: "*" 41 }; 42 } 43 44 // Sends the MFA challenge 45 rpc StartMfaSignIn(StartMfaSignInRequest) returns (StartMfaSignInResponse) { 46 option (google.api.http) = { 47 post: "/v2/accounts/mfaSignIn:start" 48 body: "*" 49 }; 50 } 51} 52 53// Finalizes sign-in by verifying MFA challenge. 54message FinalizeMfaSignInRequest { 55 // Required. Pending credential from first factor sign-in. 56 string mfa_pending_credential = 2 [(google.api.field_behavior) = REQUIRED]; 57 58 // Proof of completion of the MFA challenge. 59 oneof verification_info { 60 // Proof of completion of the SMS based MFA challenge. 61 FinalizeMfaPhoneRequestInfo phone_verification_info = 3; 62 } 63 64 // The ID of the Identity Platform tenant the user is signing in to. If not 65 // set, the user will sign in to the default Identity Platform project. 66 string tenant_id = 4; 67} 68 69// FinalizeMfaSignIn response. 70message FinalizeMfaSignInResponse { 71 // ID token for the authenticated user. 72 string id_token = 1; 73 74 // Refresh token for the authenticated user. 75 string refresh_token = 2; 76 77 // MFA verified sign-in information. 78 oneof auxiliary_auth_info { 79 // Extra phone auth info, including android verification proof. 80 FinalizeMfaPhoneResponseInfo phone_auth_info = 3; 81 } 82} 83 84// Starts multi-factor sign-in by sending the multi-factor auth challenge. 85message StartMfaSignInRequest { 86 // Required. Pending credential from first factor sign-in. 87 string mfa_pending_credential = 2 [(google.api.field_behavior) = REQUIRED]; 88 89 // Required. MFA enrollment id from the user's list of current MFA enrollments. 90 string mfa_enrollment_id = 3 [(google.api.field_behavior) = REQUIRED]; 91 92 // MFA information by type of 2nd factor. 93 oneof sign_in_info { 94 // Verification info to authorize sending an SMS for phone verification. 95 StartMfaPhoneRequestInfo phone_sign_in_info = 4; 96 } 97 98 // The ID of the Identity Platform tenant the user is signing in to. If not 99 // set, the user will sign in to the default Identity Platform project. 100 string tenant_id = 5; 101} 102 103// StartMfaSignIn response. 104message StartMfaSignInResponse { 105 // MultiFactor start sign-in response by 2nd factor type. 106 oneof response_info { 107 // MultiFactor sign-in session information specific to SMS-type second 108 // factors. Along with the one-time code retrieved from the sent SMS, the 109 // contents of this session information should be passed to 110 // FinalizeMfaSignIn to complete the sign in. 111 StartMfaPhoneResponseInfo phone_response_info = 1; 112 } 113} 114