// This file was autogenerated by go-to-protobuf. Do not edit it manually! syntax = 'proto2'; package github.com.openshift.api.oauth.v1; import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; // Package-wide variables from generator "generated". option go_package = "v1"; // ClusterRoleScopeRestriction describes restrictions on cluster role scopes message ClusterRoleScopeRestriction { // RoleNames is the list of cluster roles that can referenced. * means anything repeated string roleNames = 1; // Namespaces is the list of namespaces that can be referenced. * means any of them (including *) repeated string namespaces = 2; // AllowEscalation indicates whether you can request roles and their escalating resources optional bool allowEscalation = 3; } // OAuthAccessToken describes an OAuth access token message OAuthAccessToken { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this token. optional string clientName = 2; // ExpiresIn is the seconds from CreationTime before this token expires. optional int64 expiresIn = 3; // Scopes is an array of the requested scopes. repeated string scopes = 4; // RedirectURI is the redirection associated with the token. optional string redirectURI = 5; // UserName is the user name associated with this token optional string userName = 6; // UserUID is the unique UID associated with this token optional string userUID = 7; // AuthorizeToken contains the token that authorized this token optional string authorizeToken = 8; // RefreshToken is the value by which this token can be renewed. Can be blank. optional string refreshToken = 9; // InactivityTimeoutSeconds is the value in seconds, from the // CreationTimestamp, after which this token can no longer be used. // The value is automatically incremented when the token is used. optional int32 inactivityTimeoutSeconds = 10; } // OAuthAccessTokenList is a collection of OAuth access tokens message OAuthAccessTokenList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth access tokens repeated OAuthAccessToken items = 2; } // OAuthAuthorizeToken describes an OAuth authorization token message OAuthAuthorizeToken { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this token. optional string clientName = 2; // ExpiresIn is the seconds from CreationTime before this token expires. optional int64 expiresIn = 3; // Scopes is an array of the requested scopes. repeated string scopes = 4; // RedirectURI is the redirection associated with the token. optional string redirectURI = 5; // State data from request optional string state = 6; // UserName is the user name associated with this token optional string userName = 7; // UserUID is the unique UID associated with this token. UserUID and UserName must both match // for this token to be valid. optional string userUID = 8; // CodeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636 optional string codeChallenge = 9; // CodeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636 optional string codeChallengeMethod = 10; } // OAuthAuthorizeTokenList is a collection of OAuth authorization tokens message OAuthAuthorizeTokenList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth authorization tokens repeated OAuthAuthorizeToken items = 2; } // OAuthClient describes an OAuth client message OAuthClient { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Secret is the unique secret associated with a client optional string secret = 2; // AdditionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation // and for service account token validation repeated string additionalSecrets = 3; // RespondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects optional bool respondWithChallenges = 4; // RedirectURIs is the valid redirection URIs associated with a client // +patchStrategy=merge repeated string redirectURIs = 5; // GrantMethod is a required field which determines how to handle grants for this client. // Valid grant handling methods are: // - auto: always approves grant requests, useful for trusted clients // - prompt: prompts the end user for approval of grant requests, useful for third-party clients optional string grantMethod = 6; // ScopeRestrictions describes which scopes this client can request. Each requested scope // is checked against each restriction. If any restriction matches, then the scope is allowed. // If no restriction matches, then the scope is denied. repeated ScopeRestriction scopeRestrictions = 7; // AccessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. // 0 means no expiration. optional int32 accessTokenMaxAgeSeconds = 8; // AccessTokenInactivityTimeoutSeconds overrides the default token // inactivity timeout for tokens granted to this client. // The value represents the maximum amount of time that can occur between // consecutive uses of the token. Tokens become invalid if they are not // used within this temporal window. The user will need to acquire a new // token to regain access once a token times out. // This value needs to be set only if the default set in configuration is // not appropriate for this client. Valid values are: // - 0: Tokens for this client never time out // - X: Tokens time out if there is no activity for X seconds // The current minimum allowed value for X is 300 (5 minutes) optional int32 accessTokenInactivityTimeoutSeconds = 9; } // OAuthClientAuthorization describes an authorization created by an OAuth client message OAuthClientAuthorization { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this authorization optional string clientName = 2; // UserName is the user name that authorized this client optional string userName = 3; // UserUID is the unique UID associated with this authorization. UserUID and UserName // must both match for this authorization to be valid. optional string userUID = 4; // Scopes is an array of the granted scopes. repeated string scopes = 5; } // OAuthClientAuthorizationList is a collection of OAuth client authorizations message OAuthClientAuthorizationList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth client authorizations repeated OAuthClientAuthorization items = 2; } // OAuthClientList is a collection of OAuth clients message OAuthClientList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth clients repeated OAuthClient items = 2; } // OAuthRedirectReference is a reference to an OAuth redirect object. message OAuthRedirectReference { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // The reference to an redirect object in the current namespace. optional RedirectReference reference = 2; } // RedirectReference specifies the target in the current namespace that resolves into redirect URIs. Only the 'Route' kind is currently allowed. message RedirectReference { // The group of the target that is being referred to. optional string group = 1; // The kind of the target that is being referred to. Currently, only 'Route' is allowed. optional string kind = 2; // The name of the target that is being referred to. e.g. name of the Route. optional string name = 3; } // ScopeRestriction describe one restriction on scopes. Exactly one option must be non-nil. message ScopeRestriction { // ExactValues means the scope has to match a particular set of strings exactly repeated string literals = 1; // ClusterRole describes a set of restrictions for cluster role scoping. optional ClusterRoleScopeRestriction clusterRole = 2; }