syntax = "proto3";

package arbiter.auth;

import "google/protobuf/timestamp.proto";

message AuthChallengeRequest {
  bytes pubkey = 1;
  optional string bootstrap_token = 2;
}

message AuthChallenge {
  bytes pubkey = 1;
  bytes nonce = 2;
  google.protobuf.Timestamp minted = 3;
}

message AuthChallengeSolution {
  AuthChallenge challenge = 1;
  bytes signature = 2;
}

message AuthResponse {
  string token = 1;
  string refresh_token = 2;
  google.protobuf.Timestamp expires_at = 3;
  google.protobuf.Timestamp refresh_expires_at = 4;
}

message ClientMessage {
  oneof payload {
    AuthChallengeRequest auth_challenge_request = 1;
    AuthChallengeSolution auth_challenge_solution = 2;
  }
}

message ServerMessage {
  oneof payload {
    AuthChallenge auth_challenge = 1;
    AuthResponse auth_response = 2;
  }
}