xref: /aosp_15_r20/external/googleapis/google/cloud/identitytoolkit/v2/authentication_service.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.identitytoolkit.v2;
18
19import "google/api/annotations.proto";
20import "google/api/client.proto";
21import "google/api/field_behavior.proto";
22import "google/cloud/identitytoolkit/v2/mfa_info.proto";
23
24option csharp_namespace = "Google.Cloud.IdentityToolkit.V2";
25option go_package = "cloud.google.com/go/identitytoolkit/apiv2/identitytoolkitpb;identitytoolkitpb";
26option java_multiple_files = true;
27option java_package = "com.google.cloud.identitytoolkit.v2";
28option php_namespace = "Google\\Cloud\\IdentityToolkit\\V2";
29option ruby_package = "Google::Cloud::IdentityToolkit::V2";
30
31// Authentication for Identity Toolkit
32service AuthenticationService {
33  option (google.api.default_host) = "identitytoolkit.googleapis.com";
34  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
35
36  // Verifies the MFA challenge and performs sign-in
37  rpc FinalizeMfaSignIn(FinalizeMfaSignInRequest) returns (FinalizeMfaSignInResponse) {
38    option (google.api.http) = {
39      post: "/v2/accounts/mfaSignIn:finalize"
40      body: "*"
41    };
42  }
43
44  // Sends the MFA challenge
45  rpc StartMfaSignIn(StartMfaSignInRequest) returns (StartMfaSignInResponse) {
46    option (google.api.http) = {
47      post: "/v2/accounts/mfaSignIn:start"
48      body: "*"
49    };
50  }
51}
52
53// Finalizes sign-in by verifying MFA challenge.
54message FinalizeMfaSignInRequest {
55  // Required. Pending credential from first factor sign-in.
56  string mfa_pending_credential = 2 [(google.api.field_behavior) = REQUIRED];
57
58  // Proof of completion of the MFA challenge.
59  oneof verification_info {
60    // Proof of completion of the SMS based MFA challenge.
61    FinalizeMfaPhoneRequestInfo phone_verification_info = 3;
62  }
63
64  // The ID of the Identity Platform tenant the user is signing in to. If not
65  // set, the user will sign in to the default Identity Platform project.
66  string tenant_id = 4;
67}
68
69// FinalizeMfaSignIn response.
70message FinalizeMfaSignInResponse {
71  // ID token for the authenticated user.
72  string id_token = 1;
73
74  // Refresh token for the authenticated user.
75  string refresh_token = 2;
76
77  // MFA verified sign-in information.
78  oneof auxiliary_auth_info {
79    // Extra phone auth info, including android verification proof.
80    FinalizeMfaPhoneResponseInfo phone_auth_info = 3;
81  }
82}
83
84// Starts multi-factor sign-in by sending the multi-factor auth challenge.
85message StartMfaSignInRequest {
86  // Required. Pending credential from first factor sign-in.
87  string mfa_pending_credential = 2 [(google.api.field_behavior) = REQUIRED];
88
89  // Required. MFA enrollment id from the user's list of current MFA enrollments.
90  string mfa_enrollment_id = 3 [(google.api.field_behavior) = REQUIRED];
91
92  // MFA information by type of 2nd factor.
93  oneof sign_in_info {
94    // Verification info to authorize sending an SMS for phone verification.
95    StartMfaPhoneRequestInfo phone_sign_in_info = 4;
96  }
97
98  // The ID of the Identity Platform tenant the user is signing in to. If not
99  // set, the user will sign in to the default Identity Platform project.
100  string tenant_id = 5;
101}
102
103// StartMfaSignIn response.
104message StartMfaSignInResponse {
105  // MultiFactor start sign-in response by 2nd factor type.
106  oneof response_info {
107    // MultiFactor sign-in session information specific to SMS-type second
108    // factors. Along with the one-time code retrieved from the sent SMS, the
109    // contents of this session information should be passed to
110    // FinalizeMfaSignIn to complete the sign in.
111    StartMfaPhoneResponseInfo phone_response_info = 1;
112  }
113}
114