Auth Service Proto

# Auth Service Proto ```proto // AuthorizationRequest is a specific request to the serivce for authorization message AuthorizationRequest { string token = 1; // the presented macaroon string signature = 2; // oberon signature that can be validated } // AuthorizationReply is the result of the authorization process message AuthorizationReply { bool authorized = 1; // true if the requeted action is approved } // Serive for authorizing access to resources service Authorize { // Query whether a specific request is authorized rpc Request(AuthorizationRequest) returns (AuthorizationReply); } // Authorization: Bearer <OberonProof serialized> ??? // Base64 OberonProof message OberonProof { OberonData data = 1; bytes proof = 2; bytes nonce = 3; } // data store on server { "id": "urn:uuid:12345", "email": "example@gmail.com" "authorizedDevices": [ "my phone", "my browser", "my iot", { "name": "", "expires": "", "operation": ["read"] } ] } message OberonData { string wallet_id = 1; "urn:uuid:12345" string device_id = 2; "my phone" int64 valid_until = 3; } // AuthenticateOberonRequest message AuthenticateOberonRequest { OberonProof proof = 1;  } message Authorize { Who is acting */*/* string owner/id string scope/target/object/resource string action/operation/role } message AuthenticateOberonResponse { bool authorized = 1; // true if the requeted action is approved AuthenticationTicket ticket = 2; } message AuthenticationTicket { string id = 1; device_id = 2; } message AuthenticateWebAuthNRequest { } message AuthenticateWebAuthNResponse { } message GenerateOberonTokenRequest { blind, device_id, wallet_id } message GenerateOberonTokenResponse { OberonData OberonToken Blinded = boolean } service Auth { rpc GenerateOberonToken(GenerateOberonTokenRequest) returns (GenerateOberonTokenResponse); rpc AuthenticateOberon(AuthenticateOberonRequest) returns (AuthenticateOberonResponse) rpc AuthenticateWebAuthN(AuthenticateWebAuthNRequest) returns (AuthenticateWebAuthNResponse); rpc Authorize } ```