syntax = "proto3";

option csharp_namespace = "Thalos.Service.Grpc";

package thalos.service.grpc;

service IdentityRuntime {
  rpc StartIdentitySession (StartIdentitySessionGrpcRequest) returns (StartIdentitySessionGrpcResponse);
  rpc RefreshIdentitySession (RefreshIdentitySessionGrpcRequest) returns (RefreshIdentitySessionGrpcResponse);
  rpc IssueIdentityToken (IssueIdentityTokenGrpcRequest) returns (IssueIdentityTokenGrpcResponse);
  rpc EvaluateIdentityPolicy (EvaluateIdentityPolicyGrpcRequest) returns (EvaluateIdentityPolicyGrpcResponse);
}

message StartIdentitySessionGrpcRequest {
  string subject_id = 1;
  string tenant_id = 2;
  string provider = 3;
  string external_token = 4;
  string correlation_id = 5;
}

message StartIdentitySessionGrpcResponse {
  string access_token = 1;
  string refresh_token = 2;
  int32 expires_in_seconds = 3;
  string subject_id = 4;
  string tenant_id = 5;
  string provider = 6;
}

message RefreshIdentitySessionGrpcRequest {
  string refresh_token = 1;
  string correlation_id = 2;
  string provider = 3;
}

message RefreshIdentitySessionGrpcResponse {
  string access_token = 1;
  string refresh_token = 2;
  int32 expires_in_seconds = 3;
  string subject_id = 4;
  string tenant_id = 5;
  string provider = 6;
}

message IssueIdentityTokenGrpcRequest {
  string subject_id = 1;
  string tenant_id = 2;
  string provider = 3;
  string external_token = 4;
}

message IssueIdentityTokenGrpcResponse {
  string token = 1;
  int32 expires_in_seconds = 2;
}

message EvaluateIdentityPolicyGrpcRequest {
  string subject_id = 1;
  string tenant_id = 2;
  string permission_code = 3;
  string provider = 4;
}

message EvaluateIdentityPolicyGrpcResponse {
  string subject_id = 1;
  string permission_code = 2;
  bool is_allowed = 3;
}