syntax = "proto2";
option java_package = "";
import "kudu/util/pb_util.proto";
message AuthnTokenPB {
optional string username = 1;
message AuthzTokenPB {
message TokenPB {
// The time at which this token expires, in seconds since the
// unix epoch.
optional int64 expire_unix_epoch_seconds = 1;
enum Feature {
// Protobuf doesn't let us define a enum with no values,
// so we've got this placeholder in here for now. When we add
// the first real feature flag, we can remove this.
// List of incompatible features used by this token. If a feature
// is listed in the token and a server verifying/authorizing the token
// sees an UNKNOWN value in this list, it should reject the token.
// This allows us to safely add "restrictive" content to tokens
// and have a "default deny" policy on servers that may not understand
// them.
// We use an int32 here but the values correspond to the 'Feature' enum
// above. This is to deal with protobuf's odd handling of unknown enum
// values (see KUDU-1850).
repeated int32 incompatible_features = 2;
oneof token {
AuthnTokenPB authn = 3;
AuthzTokenPB authz = 4;
message SignedTokenPB {
// The actual token data. This is a serialized TokenPB protobuf. However, we use a
// 'bytes' field, since protobuf doesn't guarantee that if two implementations serialize
// a protobuf, they'll necessary get bytewise identical results, particularly in the
// presence of unknown fields.
optional bytes token_data = 1;
// The cryptographic signature of 'token_contents'.
optional bytes signature = 2 [ (kudu.REDACT) = true ];
// The sequence number of the key which produced 'signature'.
optional int64 signing_key_seq_num = 3;
// A private key used to sign tokens.
message TokenSigningPrivateKeyPB {
optional int64 key_seq_num = 1;
// The private key material, in DER format.
optional bytes rsa_key_der = 2 [ (kudu.REDACT) = true ];
// The time at which signatures made by this key should no longer be valid.
optional int64 expire_unix_epoch_seconds = 3;
// A public key corresponding to the private key used to sign tokens. Only
// this part is necessary for token verification.
message TokenSigningPublicKeyPB {
optional int64 key_seq_num = 1;
// The public key material, in DER format.
optional bytes rsa_key_der = 2;
// The time at which signatures made by this key should no longer be valid.
optional int64 expire_unix_epoch_seconds = 3;