Add FIDO2/WebAuthn passkey authentication
Phase 14: Full WebAuthn support for passwordless passkey login and hardware security key 2FA. - go-webauthn/webauthn v0.16.1 dependency - WebAuthnConfig with RPID/RPOrigin/DisplayName validation - Migration 000009: webauthn_credentials table - DB CRUD with ownership checks and admin operations - internal/webauthn adapter: encrypt/decrypt at rest with AES-256-GCM - REST: register begin/finish, login begin/finish, list, delete - Web UI: profile enrollment, login passkey button, admin management - gRPC: ListWebAuthnCredentials, RemoveWebAuthnCredential RPCs - mciasdb: webauthn list/delete/reset subcommands - OpenAPI: 6 new endpoints, WebAuthnCredentialInfo schema - Policy: self-service enrollment rule, admin remove via wildcard - Tests: DB CRUD, adapter round-trip, interface compliance - Docs: ARCHITECTURE.md §22, PROJECT_PLAN.md Phase 14 Security: Credential IDs and public keys encrypted at rest with AES-256-GCM via vault master key. Challenge ceremonies use 128-bit nonces with 120s TTL in sync.Map. Sign counter validated on each assertion to detect cloned authenticators. Password re-auth required for registration (SEC-01 pattern). No credential material in API responses or logs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -569,6 +569,288 @@ func (*RemoveTOTPResponse) Descriptor() ([]byte, []int) {
|
||||
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{11}
|
||||
}
|
||||
|
||||
// ListWebAuthnCredentialsRequest lists metadata for an account's WebAuthn credentials.
|
||||
type ListWebAuthnCredentialsRequest struct {
|
||||
state protoimpl.MessageState `protogen:"open.v1"`
|
||||
AccountId string `protobuf:"bytes,1,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` // UUID
|
||||
unknownFields protoimpl.UnknownFields
|
||||
sizeCache protoimpl.SizeCache
|
||||
}
|
||||
|
||||
func (x *ListWebAuthnCredentialsRequest) Reset() {
|
||||
*x = ListWebAuthnCredentialsRequest{}
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[12]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
||||
func (x *ListWebAuthnCredentialsRequest) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*ListWebAuthnCredentialsRequest) ProtoMessage() {}
|
||||
|
||||
func (x *ListWebAuthnCredentialsRequest) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[12]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use ListWebAuthnCredentialsRequest.ProtoReflect.Descriptor instead.
|
||||
func (*ListWebAuthnCredentialsRequest) Descriptor() ([]byte, []int) {
|
||||
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{12}
|
||||
}
|
||||
|
||||
func (x *ListWebAuthnCredentialsRequest) GetAccountId() string {
|
||||
if x != nil {
|
||||
return x.AccountId
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
// WebAuthnCredentialInfo holds metadata about a stored WebAuthn credential.
|
||||
// Credential material (IDs, public keys) is never included.
|
||||
type WebAuthnCredentialInfo struct {
|
||||
state protoimpl.MessageState `protogen:"open.v1"`
|
||||
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
|
||||
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
|
||||
Aaguid string `protobuf:"bytes,3,opt,name=aaguid,proto3" json:"aaguid,omitempty"`
|
||||
SignCount uint32 `protobuf:"varint,4,opt,name=sign_count,json=signCount,proto3" json:"sign_count,omitempty"`
|
||||
Discoverable bool `protobuf:"varint,5,opt,name=discoverable,proto3" json:"discoverable,omitempty"`
|
||||
Transports string `protobuf:"bytes,6,opt,name=transports,proto3" json:"transports,omitempty"`
|
||||
CreatedAt *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
|
||||
LastUsedAt *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=last_used_at,json=lastUsedAt,proto3" json:"last_used_at,omitempty"`
|
||||
unknownFields protoimpl.UnknownFields
|
||||
sizeCache protoimpl.SizeCache
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) Reset() {
|
||||
*x = WebAuthnCredentialInfo{}
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[13]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*WebAuthnCredentialInfo) ProtoMessage() {}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[13]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use WebAuthnCredentialInfo.ProtoReflect.Descriptor instead.
|
||||
func (*WebAuthnCredentialInfo) Descriptor() ([]byte, []int) {
|
||||
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{13}
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) GetId() int64 {
|
||||
if x != nil {
|
||||
return x.Id
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) GetName() string {
|
||||
if x != nil {
|
||||
return x.Name
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) GetAaguid() string {
|
||||
if x != nil {
|
||||
return x.Aaguid
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) GetSignCount() uint32 {
|
||||
if x != nil {
|
||||
return x.SignCount
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) GetDiscoverable() bool {
|
||||
if x != nil {
|
||||
return x.Discoverable
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) GetTransports() string {
|
||||
if x != nil {
|
||||
return x.Transports
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) GetCreatedAt() *timestamppb.Timestamp {
|
||||
if x != nil {
|
||||
return x.CreatedAt
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (x *WebAuthnCredentialInfo) GetLastUsedAt() *timestamppb.Timestamp {
|
||||
if x != nil {
|
||||
return x.LastUsedAt
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// ListWebAuthnCredentialsResponse returns credential metadata.
|
||||
type ListWebAuthnCredentialsResponse struct {
|
||||
state protoimpl.MessageState `protogen:"open.v1"`
|
||||
Credentials []*WebAuthnCredentialInfo `protobuf:"bytes,1,rep,name=credentials,proto3" json:"credentials,omitempty"`
|
||||
unknownFields protoimpl.UnknownFields
|
||||
sizeCache protoimpl.SizeCache
|
||||
}
|
||||
|
||||
func (x *ListWebAuthnCredentialsResponse) Reset() {
|
||||
*x = ListWebAuthnCredentialsResponse{}
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[14]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
||||
func (x *ListWebAuthnCredentialsResponse) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*ListWebAuthnCredentialsResponse) ProtoMessage() {}
|
||||
|
||||
func (x *ListWebAuthnCredentialsResponse) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[14]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use ListWebAuthnCredentialsResponse.ProtoReflect.Descriptor instead.
|
||||
func (*ListWebAuthnCredentialsResponse) Descriptor() ([]byte, []int) {
|
||||
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{14}
|
||||
}
|
||||
|
||||
func (x *ListWebAuthnCredentialsResponse) GetCredentials() []*WebAuthnCredentialInfo {
|
||||
if x != nil {
|
||||
return x.Credentials
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveWebAuthnCredentialRequest removes a specific WebAuthn credential (admin).
|
||||
type RemoveWebAuthnCredentialRequest struct {
|
||||
state protoimpl.MessageState `protogen:"open.v1"`
|
||||
AccountId string `protobuf:"bytes,1,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` // UUID
|
||||
CredentialId int64 `protobuf:"varint,2,opt,name=credential_id,json=credentialId,proto3" json:"credential_id,omitempty"`
|
||||
unknownFields protoimpl.UnknownFields
|
||||
sizeCache protoimpl.SizeCache
|
||||
}
|
||||
|
||||
func (x *RemoveWebAuthnCredentialRequest) Reset() {
|
||||
*x = RemoveWebAuthnCredentialRequest{}
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[15]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
||||
func (x *RemoveWebAuthnCredentialRequest) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*RemoveWebAuthnCredentialRequest) ProtoMessage() {}
|
||||
|
||||
func (x *RemoveWebAuthnCredentialRequest) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[15]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use RemoveWebAuthnCredentialRequest.ProtoReflect.Descriptor instead.
|
||||
func (*RemoveWebAuthnCredentialRequest) Descriptor() ([]byte, []int) {
|
||||
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{15}
|
||||
}
|
||||
|
||||
func (x *RemoveWebAuthnCredentialRequest) GetAccountId() string {
|
||||
if x != nil {
|
||||
return x.AccountId
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (x *RemoveWebAuthnCredentialRequest) GetCredentialId() int64 {
|
||||
if x != nil {
|
||||
return x.CredentialId
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
// RemoveWebAuthnCredentialResponse confirms removal.
|
||||
type RemoveWebAuthnCredentialResponse struct {
|
||||
state protoimpl.MessageState `protogen:"open.v1"`
|
||||
unknownFields protoimpl.UnknownFields
|
||||
sizeCache protoimpl.SizeCache
|
||||
}
|
||||
|
||||
func (x *RemoveWebAuthnCredentialResponse) Reset() {
|
||||
*x = RemoveWebAuthnCredentialResponse{}
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[16]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
|
||||
func (x *RemoveWebAuthnCredentialResponse) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*RemoveWebAuthnCredentialResponse) ProtoMessage() {}
|
||||
|
||||
func (x *RemoveWebAuthnCredentialResponse) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_mcias_v1_auth_proto_msgTypes[16]
|
||||
if x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use RemoveWebAuthnCredentialResponse.ProtoReflect.Descriptor instead.
|
||||
func (*RemoveWebAuthnCredentialResponse) Descriptor() ([]byte, []int) {
|
||||
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{16}
|
||||
}
|
||||
|
||||
var File_mcias_v1_auth_proto protoreflect.FileDescriptor
|
||||
|
||||
const file_mcias_v1_auth_proto_rawDesc = "" +
|
||||
@@ -601,7 +883,31 @@ const file_mcias_v1_auth_proto_rawDesc = "" +
|
||||
"\x11RemoveTOTPRequest\x12\x1d\n" +
|
||||
"\n" +
|
||||
"account_id\x18\x01 \x01(\tR\taccountId\"\x14\n" +
|
||||
"\x12RemoveTOTPResponse2\xab\x03\n" +
|
||||
"\x12RemoveTOTPResponse\"?\n" +
|
||||
"\x1eListWebAuthnCredentialsRequest\x12\x1d\n" +
|
||||
"\n" +
|
||||
"account_id\x18\x01 \x01(\tR\taccountId\"\xb0\x02\n" +
|
||||
"\x16WebAuthnCredentialInfo\x12\x0e\n" +
|
||||
"\x02id\x18\x01 \x01(\x03R\x02id\x12\x12\n" +
|
||||
"\x04name\x18\x02 \x01(\tR\x04name\x12\x16\n" +
|
||||
"\x06aaguid\x18\x03 \x01(\tR\x06aaguid\x12\x1d\n" +
|
||||
"\n" +
|
||||
"sign_count\x18\x04 \x01(\rR\tsignCount\x12\"\n" +
|
||||
"\fdiscoverable\x18\x05 \x01(\bR\fdiscoverable\x12\x1e\n" +
|
||||
"\n" +
|
||||
"transports\x18\x06 \x01(\tR\n" +
|
||||
"transports\x129\n" +
|
||||
"\n" +
|
||||
"created_at\x18\a \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x12<\n" +
|
||||
"\flast_used_at\x18\b \x01(\v2\x1a.google.protobuf.TimestampR\n" +
|
||||
"lastUsedAt\"e\n" +
|
||||
"\x1fListWebAuthnCredentialsResponse\x12B\n" +
|
||||
"\vcredentials\x18\x01 \x03(\v2 .mcias.v1.WebAuthnCredentialInfoR\vcredentials\"e\n" +
|
||||
"\x1fRemoveWebAuthnCredentialRequest\x12\x1d\n" +
|
||||
"\n" +
|
||||
"account_id\x18\x01 \x01(\tR\taccountId\x12#\n" +
|
||||
"\rcredential_id\x18\x02 \x01(\x03R\fcredentialId\"\"\n" +
|
||||
" RemoveWebAuthnCredentialResponse2\x8e\x05\n" +
|
||||
"\vAuthService\x128\n" +
|
||||
"\x05Login\x12\x16.mcias.v1.LoginRequest\x1a\x17.mcias.v1.LoginResponse\x12;\n" +
|
||||
"\x06Logout\x12\x17.mcias.v1.LogoutRequest\x1a\x18.mcias.v1.LogoutResponse\x12G\n" +
|
||||
@@ -611,7 +917,9 @@ const file_mcias_v1_auth_proto_rawDesc = "" +
|
||||
"EnrollTOTP\x12\x1b.mcias.v1.EnrollTOTPRequest\x1a\x1c.mcias.v1.EnrollTOTPResponse\x12J\n" +
|
||||
"\vConfirmTOTP\x12\x1c.mcias.v1.ConfirmTOTPRequest\x1a\x1d.mcias.v1.ConfirmTOTPResponse\x12G\n" +
|
||||
"\n" +
|
||||
"RemoveTOTP\x12\x1b.mcias.v1.RemoveTOTPRequest\x1a\x1c.mcias.v1.RemoveTOTPResponseB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
|
||||
"RemoveTOTP\x12\x1b.mcias.v1.RemoveTOTPRequest\x1a\x1c.mcias.v1.RemoveTOTPResponse\x12n\n" +
|
||||
"\x17ListWebAuthnCredentials\x12(.mcias.v1.ListWebAuthnCredentialsRequest\x1a).mcias.v1.ListWebAuthnCredentialsResponse\x12q\n" +
|
||||
"\x18RemoveWebAuthnCredential\x12).mcias.v1.RemoveWebAuthnCredentialRequest\x1a*.mcias.v1.RemoveWebAuthnCredentialResponseB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
|
||||
|
||||
var (
|
||||
file_mcias_v1_auth_proto_rawDescOnce sync.Once
|
||||
@@ -625,42 +933,54 @@ func file_mcias_v1_auth_proto_rawDescGZIP() []byte {
|
||||
return file_mcias_v1_auth_proto_rawDescData
|
||||
}
|
||||
|
||||
var file_mcias_v1_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 12)
|
||||
var file_mcias_v1_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
|
||||
var file_mcias_v1_auth_proto_goTypes = []any{
|
||||
(*LoginRequest)(nil), // 0: mcias.v1.LoginRequest
|
||||
(*LoginResponse)(nil), // 1: mcias.v1.LoginResponse
|
||||
(*LogoutRequest)(nil), // 2: mcias.v1.LogoutRequest
|
||||
(*LogoutResponse)(nil), // 3: mcias.v1.LogoutResponse
|
||||
(*RenewTokenRequest)(nil), // 4: mcias.v1.RenewTokenRequest
|
||||
(*RenewTokenResponse)(nil), // 5: mcias.v1.RenewTokenResponse
|
||||
(*EnrollTOTPRequest)(nil), // 6: mcias.v1.EnrollTOTPRequest
|
||||
(*EnrollTOTPResponse)(nil), // 7: mcias.v1.EnrollTOTPResponse
|
||||
(*ConfirmTOTPRequest)(nil), // 8: mcias.v1.ConfirmTOTPRequest
|
||||
(*ConfirmTOTPResponse)(nil), // 9: mcias.v1.ConfirmTOTPResponse
|
||||
(*RemoveTOTPRequest)(nil), // 10: mcias.v1.RemoveTOTPRequest
|
||||
(*RemoveTOTPResponse)(nil), // 11: mcias.v1.RemoveTOTPResponse
|
||||
(*timestamppb.Timestamp)(nil), // 12: google.protobuf.Timestamp
|
||||
(*LoginRequest)(nil), // 0: mcias.v1.LoginRequest
|
||||
(*LoginResponse)(nil), // 1: mcias.v1.LoginResponse
|
||||
(*LogoutRequest)(nil), // 2: mcias.v1.LogoutRequest
|
||||
(*LogoutResponse)(nil), // 3: mcias.v1.LogoutResponse
|
||||
(*RenewTokenRequest)(nil), // 4: mcias.v1.RenewTokenRequest
|
||||
(*RenewTokenResponse)(nil), // 5: mcias.v1.RenewTokenResponse
|
||||
(*EnrollTOTPRequest)(nil), // 6: mcias.v1.EnrollTOTPRequest
|
||||
(*EnrollTOTPResponse)(nil), // 7: mcias.v1.EnrollTOTPResponse
|
||||
(*ConfirmTOTPRequest)(nil), // 8: mcias.v1.ConfirmTOTPRequest
|
||||
(*ConfirmTOTPResponse)(nil), // 9: mcias.v1.ConfirmTOTPResponse
|
||||
(*RemoveTOTPRequest)(nil), // 10: mcias.v1.RemoveTOTPRequest
|
||||
(*RemoveTOTPResponse)(nil), // 11: mcias.v1.RemoveTOTPResponse
|
||||
(*ListWebAuthnCredentialsRequest)(nil), // 12: mcias.v1.ListWebAuthnCredentialsRequest
|
||||
(*WebAuthnCredentialInfo)(nil), // 13: mcias.v1.WebAuthnCredentialInfo
|
||||
(*ListWebAuthnCredentialsResponse)(nil), // 14: mcias.v1.ListWebAuthnCredentialsResponse
|
||||
(*RemoveWebAuthnCredentialRequest)(nil), // 15: mcias.v1.RemoveWebAuthnCredentialRequest
|
||||
(*RemoveWebAuthnCredentialResponse)(nil), // 16: mcias.v1.RemoveWebAuthnCredentialResponse
|
||||
(*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp
|
||||
}
|
||||
var file_mcias_v1_auth_proto_depIdxs = []int32{
|
||||
12, // 0: mcias.v1.LoginResponse.expires_at:type_name -> google.protobuf.Timestamp
|
||||
12, // 1: mcias.v1.RenewTokenResponse.expires_at:type_name -> google.protobuf.Timestamp
|
||||
0, // 2: mcias.v1.AuthService.Login:input_type -> mcias.v1.LoginRequest
|
||||
2, // 3: mcias.v1.AuthService.Logout:input_type -> mcias.v1.LogoutRequest
|
||||
4, // 4: mcias.v1.AuthService.RenewToken:input_type -> mcias.v1.RenewTokenRequest
|
||||
6, // 5: mcias.v1.AuthService.EnrollTOTP:input_type -> mcias.v1.EnrollTOTPRequest
|
||||
8, // 6: mcias.v1.AuthService.ConfirmTOTP:input_type -> mcias.v1.ConfirmTOTPRequest
|
||||
10, // 7: mcias.v1.AuthService.RemoveTOTP:input_type -> mcias.v1.RemoveTOTPRequest
|
||||
1, // 8: mcias.v1.AuthService.Login:output_type -> mcias.v1.LoginResponse
|
||||
3, // 9: mcias.v1.AuthService.Logout:output_type -> mcias.v1.LogoutResponse
|
||||
5, // 10: mcias.v1.AuthService.RenewToken:output_type -> mcias.v1.RenewTokenResponse
|
||||
7, // 11: mcias.v1.AuthService.EnrollTOTP:output_type -> mcias.v1.EnrollTOTPResponse
|
||||
9, // 12: mcias.v1.AuthService.ConfirmTOTP:output_type -> mcias.v1.ConfirmTOTPResponse
|
||||
11, // 13: mcias.v1.AuthService.RemoveTOTP:output_type -> mcias.v1.RemoveTOTPResponse
|
||||
8, // [8:14] is the sub-list for method output_type
|
||||
2, // [2:8] is the sub-list for method input_type
|
||||
2, // [2:2] is the sub-list for extension type_name
|
||||
2, // [2:2] is the sub-list for extension extendee
|
||||
0, // [0:2] is the sub-list for field type_name
|
||||
17, // 0: mcias.v1.LoginResponse.expires_at:type_name -> google.protobuf.Timestamp
|
||||
17, // 1: mcias.v1.RenewTokenResponse.expires_at:type_name -> google.protobuf.Timestamp
|
||||
17, // 2: mcias.v1.WebAuthnCredentialInfo.created_at:type_name -> google.protobuf.Timestamp
|
||||
17, // 3: mcias.v1.WebAuthnCredentialInfo.last_used_at:type_name -> google.protobuf.Timestamp
|
||||
13, // 4: mcias.v1.ListWebAuthnCredentialsResponse.credentials:type_name -> mcias.v1.WebAuthnCredentialInfo
|
||||
0, // 5: mcias.v1.AuthService.Login:input_type -> mcias.v1.LoginRequest
|
||||
2, // 6: mcias.v1.AuthService.Logout:input_type -> mcias.v1.LogoutRequest
|
||||
4, // 7: mcias.v1.AuthService.RenewToken:input_type -> mcias.v1.RenewTokenRequest
|
||||
6, // 8: mcias.v1.AuthService.EnrollTOTP:input_type -> mcias.v1.EnrollTOTPRequest
|
||||
8, // 9: mcias.v1.AuthService.ConfirmTOTP:input_type -> mcias.v1.ConfirmTOTPRequest
|
||||
10, // 10: mcias.v1.AuthService.RemoveTOTP:input_type -> mcias.v1.RemoveTOTPRequest
|
||||
12, // 11: mcias.v1.AuthService.ListWebAuthnCredentials:input_type -> mcias.v1.ListWebAuthnCredentialsRequest
|
||||
15, // 12: mcias.v1.AuthService.RemoveWebAuthnCredential:input_type -> mcias.v1.RemoveWebAuthnCredentialRequest
|
||||
1, // 13: mcias.v1.AuthService.Login:output_type -> mcias.v1.LoginResponse
|
||||
3, // 14: mcias.v1.AuthService.Logout:output_type -> mcias.v1.LogoutResponse
|
||||
5, // 15: mcias.v1.AuthService.RenewToken:output_type -> mcias.v1.RenewTokenResponse
|
||||
7, // 16: mcias.v1.AuthService.EnrollTOTP:output_type -> mcias.v1.EnrollTOTPResponse
|
||||
9, // 17: mcias.v1.AuthService.ConfirmTOTP:output_type -> mcias.v1.ConfirmTOTPResponse
|
||||
11, // 18: mcias.v1.AuthService.RemoveTOTP:output_type -> mcias.v1.RemoveTOTPResponse
|
||||
14, // 19: mcias.v1.AuthService.ListWebAuthnCredentials:output_type -> mcias.v1.ListWebAuthnCredentialsResponse
|
||||
16, // 20: mcias.v1.AuthService.RemoveWebAuthnCredential:output_type -> mcias.v1.RemoveWebAuthnCredentialResponse
|
||||
13, // [13:21] is the sub-list for method output_type
|
||||
5, // [5:13] is the sub-list for method input_type
|
||||
5, // [5:5] is the sub-list for extension type_name
|
||||
5, // [5:5] is the sub-list for extension extendee
|
||||
0, // [0:5] is the sub-list for field type_name
|
||||
}
|
||||
|
||||
func init() { file_mcias_v1_auth_proto_init() }
|
||||
@@ -674,7 +994,7 @@ func file_mcias_v1_auth_proto_init() {
|
||||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
||||
RawDescriptor: unsafe.Slice(unsafe.StringData(file_mcias_v1_auth_proto_rawDesc), len(file_mcias_v1_auth_proto_rawDesc)),
|
||||
NumEnums: 0,
|
||||
NumMessages: 12,
|
||||
NumMessages: 17,
|
||||
NumExtensions: 0,
|
||||
NumServices: 1,
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user