// Copyright (C) 2023 The Licensing Authors
// SPDX-License-Identifier: MIT

//
// This file attempts to follow common styles and design patterns described by
// Google Cloud based on their extensive use of protocol buffers.
//
// - See here for more: https://cloud.google.com/apis/design/design_patterns
//

syntax = "proto3";

package tokens.v1;

import "google/api/annotations.proto";

message AuthenticateRequest {
  // grant_type = client_credentials, refresh_token, password, authorization_code, license
  string grant_type = 1;

  // required for a handful of workflows
  // can also come from the basic auth header
  string client_id = 2;
  string client_secret = 3;

  // grant_type=refresh_token
  string refresh_token = 4;

  // grant_type=password
  string username = 5;
  string password = 6;

  // grant_type=authorization_code
  string code = 7;
  string redirect_uri = 8;
  string code_verifier = 9;

  // grant_type=license
  string license = 10;

  // allow for room to add additional grant_type's

  string scope = 20;
}

message AuthenticateResponse {
  string access_token = 1;
  string token_type = 2;
  int32 expires_in = 3;
  string refresh_token = 4;
  string scope = 5;

  // error = invalid_request, invalid_client, invalid_grant, invalid_scope, unauthorized_client, unsupported_grant_type

  string error = 10;
  string error_description = 11;
  string error_uri = 12;
}

message Token {
  string id = 1;
  string name = 2;
  repeated string scopes = 3;

  // one of
  bool no_expiry = 4;
  string expires_at = 5;
  string expires_in = 6;
}

message ListRequest {}

message ListResponse {
  repeated Token tokens = 5;
}

message CreateRequest {
  Token token = 1;
}

message CreateResponse {
  string token = 1;
}

message DeleteRequest {
  string token_id = 1;
}

message DeleteResponse {}

service TokenService {
  rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse) {
    option (google.api.http) = {
      post: "/v1/token"
      body: "*"
    };
  };

  rpc List(ListRequest) returns (ListResponse) {
    option (google.api.http) = {
      get: "/v1/tokens"
    };
  };

  rpc Create(CreateRequest) returns (CreateResponse) {
    option (google.api.http) = {
      post: "/v1/tokens"
      body: "*"
    };
  };

  rpc Delete(DeleteRequest) returns (DeleteResponse) {
    option (google.api.http) = {
      delete: "/v1/tokens/{token_id}"
    };
  };
}