Authorization API 1.0 – draft 03 #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

gertd merged 7 commits into main from draft-03

Feb 28, 2025

README.md

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -4,6 +4,6 @@
  
    ## Access Service

    This repo contains protobuf definitions for the OpenID AuthZEN Access Service. The current implementation reflects the [Authorization API 1.0 – draft 02](https://openid.github.io/authzen/) specification.

    This repo contains protobuf definitions for the OpenID AuthZEN Access Service. The current implementation reflects the [Authorization API 1.0 – draft 03](https://openid.github.io/authzen/) specification.

    All builds are published to the [buf.build/auzthzen/access](https://buf.build/authzen/access) registry, where one can [browse](https://buf.build/authzen/access/docs/v0.1.0-02:authzen.access.v1) the definitions or [generate](https://buf.build/authzen/access/sdks/v0.1.0-02:protobuf) server and client language bindings.

    All builds are published to the [buf.build/auzthzen/access](https://buf.build/authzen/access) registry, where one can [browse](https://buf.build/authzen/access/docs/v0.1.0-02:authzen.access.v1) the definitions or [generate](https://buf.build/authzen/access/sdks/v0.1.0-03:protobuf) server and client language bindings.

buf.lock

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -2,8 +2,8 @@
  
    version: v2

    deps:

      - name: buf.build/googleapis/googleapis

        commit: e93e34f48be043dab55be31b4b47f458

        digest: b5:cebe5dfac5f7d67c55296f37ad9d368dba8d9862777e69d5d99eb1d72dc95fa68cd6323b483ca42cf70e66060002c1bc36e1f5f754b217a5c771c108eb243dbf

        commit: 546238c53f7340c6a2a6099fb863bc1b

        digest: b5:e017bbf31a3f912e2b969c03c3aa711f466cfe104f510865d1a8ede1be490240aabd4cca5865459a0f15222747284395f98afc094b0fd086e8917a5a7bdd9db0

      - name: buf.build/grpc-ecosystem/grpc-gateway

        commit: 4c5ba75caaf84e928b7137ae5c18c26a

        digest: b5:c113e62fb3b29289af785866cae062b55ec8ae19ab3f08f3004098928fbca657730a06810b2012951294326b95669547194fa84476b9e9b688d4f8bf77a0691d

makefile

-Original file line number
+Diff line change
@@ Expand Up / @@ -50,6 +50,11 @@ buf-lint: @@
     	@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
     	@${EXT_BIN_DIR}/buf lint
+    .PHONY: buf-format
+    buf-format:
+    	@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
+    	@${EXT_BIN_DIR}/buf format --write
     .PHONY: buf-breaking
     buf-breaking:
     	@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
@@ Expand Down @@

proto/access/v1/access.proto

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -3,15 +3,14 @@ syntax = "proto3";
  
    package authzen.access.v1;

    import "google/api/annotations.proto";

    import "google/api/field_behavior.proto";

    import "google/protobuf/struct.proto";

    import "protoc-gen-openapiv2/options/annotations.proto";

    option go_package = "github.com/authzen/access/v1;access";

    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {

      info: {

        title: "OpenID AuthZen Access Service"

        version: "1.0.0-2"

        version: "1.0.0-3"

        contact: {

          name: ""

          url: ""

    @@ -25,7 +24,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
  
      external_docs: {

        url: "https://openid.github.io/authzen/"

        description: "Authorization API 1.0 - draft 02"

        description: "Authorization API 1.0 - draft 03"

      }

      schemes: HTTP

    @@ -81,20 +80,68 @@ service Access {
  
          deprecated: false

        };

      }

      // subject search

      rpc SubjectSearch(SubjectSearchRequest) returns (SubjectSearchResponse) {

        option (google.api.http) = {

          post: "/access/v1/search/subject"

          body: "*"

        };

        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {

          tags: "authzen"

          summary: "Subject Search API"

          description: "TBD."

          operation_id: "openid.authzen.access.v1.search.subject.post"

          deprecated: false

        };

      }

      // resource search

      rpc ResourceSearch(ResourceSearchRequest) returns (ResourceSearchResponse) {

        option (google.api.http) = {

          post: "/access/v1/search/resource"

          body: "*"

        };

        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {

          tags: "authzen"

          summary: "Resource Search API"

          description: "TBD."

          operation_id: "openid.authzen.access.v1.search.post"

          deprecated: false

        };

      }

      // action search

      rpc ActionSearch(ActionSearchRequest) returns (ActionSearchResponse) {

        option (google.api.http) = {

          post: "/access/v1/search/action"

          body: "*"

        };

        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {

          tags: "authzen"

          summary: "Action Search API"

          description: "TBD."

          operation_id: "openid.authzen.access.v1.search.action.post"

          deprecated: false

        };

      }

    }

    // https://openid.github.io/authzen/#name-the-access-evaluation-api-r

    message EvaluationRequest {

      Subject subject = 1 [(google.api.field_behavior) = REQUIRED];

      Action action = 2 [(google.api.field_behavior) = REQUIRED];

      Resource resource = 3 [(google.api.field_behavior) = REQUIRED];

      Subject subject = 1;

      Action action = 2;

      Resource resource = 3;

      google.protobuf.Struct context = 4;

    }

    // https://openid.github.io/authzen/#name-the-access-evaluation-api-re

    message EvaluationResponse {

      bool decision = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

      google.protobuf.Struct context = 2 [(google.api.field_behavior) = OUTPUT_ONLY];

      bool decision = 1;

      google.protobuf.Struct context = 2;

    }

    // https://openid.github.io/authzen/#name-the-access-evaluations-api-

    message EvaluationsRequest {

      Subject subject = 1;

      Action action = 2;

    @@ -104,23 +151,76 @@ message EvaluationsRequest {
  
      google.protobuf.Struct options = 6;

    }

    // https://openid.github.io/authzen/#name-access-evaluations-api-resp

    message EvaluationsResponse {

      repeated EvaluationResponse decisions = 1;

    }

    // https://openid.github.io/authzen/#name-the-subject-search-api-requ

    message SubjectSearchRequest {

      Subject subject = 1;

      Action action = 2;

      Resource resource = 3;

      google.protobuf.Struct context = 4;

      Page page = 5;

    }

    // https://openid.github.io/authzen/#name-the-subject-search-api-resp

    message SubjectSearchResponse {

      repeated Subject results = 1;

      Page page = 2;

    }

    // https://openid.github.io/authzen/#name-the-resource-search-api-req

    message ResourceSearchRequest {

      Subject subject = 1;

      Action action = 2;

      Resource resource = 3;

      google.protobuf.Struct context = 4;

      Page page = 5;

    }

    // https://openid.github.io/authzen/#name-the-resource-search-api-res

    message ResourceSearchResponse {

      repeated Resource results = 1;

      Page page = 2;

    }

    // https://openid.github.io/authzen/#name-the-action-search-api-reque

    message ActionSearchRequest {

      Subject subject = 1;

      Action action = 2;

      Resource resource = 3;

      google.protobuf.Struct context = 4;

      Page page = 5;

    }

    // https://openid.github.io/authzen/#name-the-action-search-api-respo

    message ActionSearchResponse {

      repeated Action results = 1;

      Page page = 2;

    }

    // https://openid.github.io/authzen/#name-subject

    message Subject {

      string type = 1 [(google.api.field_behavior) = REQUIRED];

      string id = 2 [(google.api.field_behavior) = REQUIRED];

      string type = 1;

      string id = 2;

      google.protobuf.Struct properties = 3;

    }

    // https://openid.github.io/authzen/#name-action

    message Action {

      string name = 1 [(google.api.field_behavior) = REQUIRED];

      string name = 1;

      google.protobuf.Struct properties = 2;

    }

    // https://openid.github.io/authzen/#name-resource

    message Resource {

      string type = 1 [(google.api.field_behavior) = REQUIRED];

      string id = 2 [(google.api.field_behavior) = REQUIRED];

      string type = 1;

      string id = 2;

      google.protobuf.Struct properties = 3;

    }

    message Page {

      string next_token = 1;

    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authorization API 1.0 – draft 03 #3

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!