syntax = "proto3"; import "user_commons.proto"; import "model_onli_id.proto"; import "securityMessages.proto"; package userApi; option go_package = "github.com/onlicorp/user-tray/userApi/gen"; // auth using app-dev user_id/app-key service OnliIdService { // CreateOwner - Appliance user admin sends email and xt.app data to start user creation process // Machine User Agent generates email invite and inserts app_id and sends an email invite // and a notification is sent to rabbitmq channel of the specified Appliance // identity.onli_you_id is optional for pre-minted users, if left empty then user-tray will mint internally // Example Input: // { //    "data": { //        "identity": { //             "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c", //             "email": "user@gmail.com", //             "phone": "+149916289417" //         }, //         "context": { //             "appliances": { //                 "ENGMA": { //                     "user_class": "owner" //                 } //             } //         } //     } // } // Example Output: // { //     "status": 0, //     "identity": { //         "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c" //     } // } rpc CreateOwner(CreateRequest) returns (IdentityResponse); // GetOwner - get identity + xt.appliance // Example Input: // { //     "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c", //     "app_symbol": "ENGMA" // } // Example Output: // { //     "status": 0, //     "data": { //         "identity": { //             "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c", //             "email": "user@gmail.com", //             "phone": "+149916289417", //             "status": "STATUS_INVITED" //         }, //         "context": { //             "appliances": { //                 "ENGMA": { //                     "user_class": "owner", //                     "status": "STATUS_APP_ACTIVE", //                 } //             } //         }, // "content": { // "profile_img": "https://onlicorp.com/profiles/usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c/img.png", // "my_appliances": { // "ENGMA": { // "status": "STATUS_APP_ACTIVE", // "name": "John Doe", // "email": "user@gmail.com", // "phone": "+149916289417" // } // } //     } // } rpc GetOwner(GetOwnerRequest) returns (GetOwnerResponse); // FetchOwner - get any attribute inside identity + xt.appliance // Example Input: // { //     "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c", //     "app_symbol": "ENGMA", //     "condition": "identity.email" // } // Example Output: // { //     "data": { //         "identity": { //             "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c", //             "email": "user@gmail.com" //         } //     } // } rpc FetchOwner(FetchOwnerRequest) returns (FetchOwnerResponse); // ListOwner - list all owners in appliance + xt.appliance // Example Input: // { //     "app_symbol": "{{app_symbol}}", //     "condition": "identity.email", //     "meta": { //         "limit": 2, //         "offset": 0 //     } // } // Example Output: // { //     "data": [ //         { //             "identity": { //                 "onli_you_id": "usr-5d1aee4e-8ac0-5d8a-a0ce-01c38454a62a", //                 "email": "test@test.co" //             } //         }, //         { //             "identity": { //                 "onli_you_id": "usr-8dfc7648-d44f-57d3-82d3-f71bf41dc0c6", //                 "email": "test@test.com" //             } //         } //     ], //     "meta": { //         "limit": 2 //     } // } rpc ListOwner(ListOwnerRequest) returns (ListOwnerResponse); // UpdateOwner - update xt.appliance only // Example Input: // { //     "data": { //         "identity": { //             "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c" //         }, //         "context": { //             "appliances": { //                 "ENGMA": { //                     "user_class": "owner", //                     "extra": "{\"key\": \"val\"}" //                 } //             } //         } //     } // } // Example Output: // { //     "status": 0, //     "identity": { //         "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c" //     } // } rpc UpdateOwner(UpdateOwnerRequest) returns (UpdateOwnerResponse); // AskToAddOwner - Appliance User Admin calls this to send a notification to // the rabbitmq channel of the user which can call AcceptAppliance to accept the request // Example Input: // { //     "data": { //         "owner": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c", //         "app_symbol": "NEWAP", //         "appliance": { //             "user_class": "owner" //         } //     } // } // Example Output: // { //     "onli_you_id": "usr-8ff1aa0e-2427-52d0-b96e-6fb90dbf277c", //     "ask_to_add_owner_id": "b57fff72-31be-4222-9db5-3e2e94191877", //     "app_symbol": "NEWAP" // } rpc AskToAddOwner(AskToAddOwnerRequest) returns (AskToAddOwnerRecord); /****** SecurityTray Calls *******/ // Utilize accounting by retrieving a specific auth log // Example Input: // { //     "app_symbol": "ABCDE", //     "auth_log_id": "example auth-log-id" // } // Example Output: // { //     "AuthLogId": "example auth-log-id", //     "TS": "1738763781676826463", //     "WhichSecurityMethod": "ask_to_move_stream", //     "WhichAppliance": "ABCDE", //     "GeoData": null, //     "Request": "{ "to ": "example usr-id ", "note ":{ "behavior ": "move ", "body ": "Accept ask to move request from ABCDE "}, "app_symbol ": "ABCDE ", "amount ":1}", //     "Response": "{ "ask_to_move_id ": "example ask-to-move-id ", "pkg_tag ": "e484868e-89db-406e-882f-321e9341977c ", "to ": "example usr-id ", "note ":{ "behavior ": "move ", "body ": "Accept ask to move request from ABCDE "}, "amount ":1, "app_symbol ": "ABCDE ", "asset_balance ":8, "notified_at ":1738763619, "status ":3, "expires_at ":1754531619, "behavior_status ":true, "authorization_status ":true, "auth_log_id ": "example auth-log-id "}", //     "Err": "" // } // Possible errors: // 1. Code: Unavailable, Err: unable to initialize SecurityTray client, Reason: OCT not able to connect to SecurityTray // 2. Code: Internal, Err: unable to AuthLog, Reason: Internal error in SecurityTray // 3. 2a.Code: NotFound, Err: failed to get auth_log from database, Reason: AuthLog not found in database // 4. 2b.Code: InvalidArgument, Err: app_symbol doesn't match the auth_log, Reason: The provided app_symbol doesn't match the auth_log rpc AuthLog(securityApi.AuthLogReq) returns (securityApi.AuthLogResp) {} // AskAssetBalance is called by master to request the owner to share their vault balances // The owner is sent a notification and can authorize with UpdateAssetBalance // Example Input: // { //     "app_symbol": "ABCDE", //     "owner": "example user_id" // } // Example Output: // { //     "AssetBalances": [ //         { //             "balance": "2009", //             "vault_type": "desktop" //         }, //         { //             "balance": "51", //             "vault_type": "cloud" //         } //     ], //     "owner": "example usr-id", //     "auth_log_id": "example auth-log-id", //     "app_symbol": "ABCDE", //     "status": "AuthenticationStatusACCEPTED" // } // Possible errors: // 1. Code: Unavailable, Err: unable to initialize SecurityTray client, Reason: OCT not able to connect to SecurityTray // 2. Code: Unavailable, Err: unable to get AskAssetBalance stream, Reason: SecurityTray unable to get AskAssetBalance stream // 3. Code: Internal, Err: unable to AskAssetBalance, Reason: Internal error in SecurityTray // 4. 3a.Code: NotFound, Err: unable to find gene_id for user_id, Reason: User not found in database // 5. 3b.Code: Internal, Err: failed to notify the owner, Reason: SecurityTray unable to notify the owner rpc AskAssetBalance(stream securityApi.AskAssetBalanceReq) returns (stream securityApi.AssetBalanceRecord) {} // AuthenticateOwner is a bi-directional stream request from a master to an owner // and it stays open for a set-interval, // after that it expires and the stream exits. // AuthenticateOwner supports 3 different methods of authentication: // . `basic` uses the owners gene to authenticate // . `reverse-mfa` uses the owners gene to authenticate alongside a master generated string for the owner to input during acceptance // . `reverse-hash` uses the owner gene to authenticate alongside a master generated nonce for the gene to sample during acceptance // The server will select authentication method based on the input request. // Onli Cloud marks the authenticate_owner_record as ASKED at init, // If the owner accepts then it will be marked as ACCEPTED // Else if the owner denies then it will be marked as DENIED // Else if the owner doesn't respond within set-interval then it will be marked as EXPIRED. // Example Input: // { //     "owner": "example user_id", //     "app_symbol": "ABCDE", //     "body": "Please Confirm Request to Authenticate from ABCDE", //     "rev_string": "96" // } // Example Output: // { //     "owner": "example usr-id", //     "auth_log_id": "example auth-log-id", //     "authentication_status": "AuthenticationStatusACCEPTED", //     "auth_type": "REVERSE_MFA", //     "rev_string": "96", //     "app_symbol": "ABCDE", //     "body": "Please Confirm Request to Authenticate from ABCDE", //     "asset_balance": "51" // } // Possible errors: // 1. Code: Unavailable, Err: unable to initialize SecurityTray client, Reason: OCT not able to connect to SecurityTray // 2. Code: Unavailable, Err: unable to get AuthenticateOwner stream, Reason: SecurityTray unable to get AuthenticateOwner stream // 3. Code: Internal, Err: error in AuthenticateOwner stream, Reason: Internal error in SecurityTray // 4. 3a.Code: NotFound, Err: unable to find gene_id for user_id, Reason: User not found in database // 5. 3b.Code: Internal, Err: error hashing gene record, Reason: SecurityTray unable to compute hash using the provided salt // 6. 3c.Code: Unauthenticated, Err: gene_sample in security-tray is not equal to client_gene_sample, Reason: Invalid input ClientGeneSample // 7. 3d.Code: Internal, Err: unable to add/update authenticate_owner_record, Reason:SecurityTray unable to add/update authenticate_owner_record // 8. 3e.Code: Internal, Err: failed to notify the owner, Reason: SecurityTray failed to notify the owner rpc AuthenticateOwner(stream securityApi.AuthenticateOwnerReq) returns (stream securityApi.AuthenticateOwnerRecord) {} // AuthorizeBehavior is a bi-directional stream that masters use to confirm explicit behaviors from owners // Similar process to AuthenticateOwner, the only requirement is that the behavior exists under the user type in Onli ID // Example Input: // { //     "owner": "example user_id", //     "app_symbol": "ABCDE", //     "note": { //         "behavior": "login", //         "body": "Please Confirm Request to Authorize from ABCDE" //     } // } // Example Output: // { //     "owner": "example usr-id", //     "auth_log_id": "example auth-log-id", //     "authentication_status": "AuthenticationStatusACCEPTED", //     "app_symbol": "ABCDE", //     "note": { //         "behavior": "login", //         "body": "Please Confirm Request to Authorize from ABCDE" //     } // } // Possible errors: // 1. Code: Unavailable, Err: unable to initialize SecurityTray client, Reason: OCT not able to connect to SecurityTray // 2. Code: Unavailable, Err: unable to get AuthorizeBehavior stream, Reason: SecurityTray unable to get AuthorizeBehavior stream // 3. Code: Internal, Err: error in AuthorizeBehavior stream, Reason: Internal error in SecurityTray // 4. 3a.Code: InvalidArgument, Err: note is required, Reason: input.note is empty // 5. 3b.Code: InvalidArgument, Err: note.behavior is required, Reason: input.note.behavior is empty // 6. 3c.Code: Unavailable, Err: unable to connect to user-tray, Reason: SecurityTray unable to connect to user-tray // 7. 3d.Code: Internal, Err: unable to GetOwner from user-tray, Reason: SecurityTray unable to GetOwner from user-tray // 8. 3e.Code: Internal, Err: user-tray.GetOnliYouID returned non-OK status, Reason: SecurityTray unable to GetOwner from user-tray // 9. 3f.Code: InvalidArgument, Err: App doesn't exist in user-tray object, Reason: Invalid app_symbol in input // 10. 3g.Code: Internal, Err: App has empty user_class in user-tray object, Reason: Internal error in user-tray // 11. 3h.Code: Unavailable, Err: unable to connect to app-tray, Reason: SecurityTray unable to connect to app-tray // 12. 3i.Code: NotFound, Err: App doesn't exist in appliance-tray, Reason: Invalid app_symbol in input // 13. 3j.Code: Internal, Err: user_classes is nil, Reason: Internal error in app-tray // 14. 3k.Code: Internal, Err: user_behaviors is nil, Reason: Internal error in app-tray // 15. 3l.Code: Unauthenticated, Err: user_behaviors doesn't contain behavior, Reason: Invalid behavior in input // 16. 3m.Code: Internal, Err: user_classes doesn't contain class, Reason: Internal error in app-tray // 17. 3n.Code: Unauthenticated, Err: user_class doesn't contain behavior %s, Reason: Invalid behavior in input // 18. 3o.Code: Internal, Err: failed to notify the owner, Reason: SecurityTray failed to notify the owner // 19. 3p.Code: Internal, Err: unable to add/update authorize_behavior_record, Reason: SecurityTray unable to add/update authorize_behavior_record rpc AuthorizeBehavior(stream securityApi.AuthorizeBehaviorReq) returns (stream securityApi.AuthorizeBehaviorRecord) {} }