{ "iface": "futoin.auth.types", "version": "0.4", "ftn3rev": "1.9", "imports": [ "futoin.types:1.0" ], "types": { "LocalUserID": "UUIDB64", "LocalUser": { "type": "string", "regex": "^[a-zA-Z]([a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9])?$" }, "LocalService": "LocalUser", "GlobalService": { "type": "Domain", "maxlen": 128 }, "GlobalUser": { "type": "Email", "maxlen": 128 }, "GlobalUserID": [ "GlobalUser", "GlobalService" ], "DomainList": { "type": "array", "elemtype": "Domain", "minlen": 1 }, "MACAlgo": { "type": "enum", "items": [ "HMD5", "HS256", "HS384", "HS512", "KMAC128", "KMAC256" ] }, "Password": { "type": "string", "minlen": 8, "maxlen": 32 }, "PasswordLength": { "type": "integer", "min": 8, "max": 32 }, "KeyBits": { "type": "enum", "items": [ 256, 512 ] }, "MACKey": { "type": "Base64", "minlen": 42, "maxlen": 87 }, "StatelessSecret": [ "Password", "MACKey" ], "MACValue": { "type": "Base64", "minlen": 1, "maxlen": 128 }, "MACBase": { "type": "data", "minlen": 8 }, "MasterSecretID": "UUIDB64", "MasterScope": "Domain", "KeyDerivationStrategy": { "type": "enum", "items": [ "HKDF256", "HKDF512" ] }, "KeyPurpose": { "type": "enum", "items": [ "MAC", "ENC", "EXPOSED" ] }, "ExchangeKeyType": { "type": "enum", "items": [ "RSA", "X25519", "X448" ] }, "ExchangeKey": { "type": "Base64", "minlen": 1, "maxlen": 20000 }, "EncryptedKey": { "type": "Base64", "minlen": 1, "maxlen": 1000 }, "EncryptedMasterSecret": "EncryptedKey", "UserAgent": { "type": "string", "maxlen": 256 }, "X509Cert": { "type": "Base64", "maxlen": 20000 }, "SSHPubKey": { "type": "string", "maxlen": 1000 }, "ClientToken": { "type": "Base64", "maxlen": 342, "desc": "Unique per Service per Client device persistent token" }, "ClientFingerprints": { "type": "map", "fields": { "user_agent": { "type": "UserAgent", "optional": true }, "source_ip": { "type": "IPAddress", "optional": true }, "x509": { "type": "X509Cert", "optional": true }, "ssh_pubkey": { "type": "SSHPubKey", "optional": true }, "client_token": { "type": "ClientToken", "optional": true }, "misc": { "type": "map", "optional": true } } }, "AuthInfo": { "type": "map", "fields": { "local_id": "LocalUserID", "global_id": "GlobalUserID" } }, "RedirectURL": { "type": "string", "regex": "^https?://[a-z0-9-]+(\\.[a-z0-9-]+)*\\.[a-z]{2,}/[a-zA-Z0-9_/-]*(\\?[a-zA-Z][a-zA-Z0-9]*=)?$", "maxlen": 128 }, "ResourceURL": { "type": "string", "regex": "^https?://[a-z0-9-]+(\\.[a-z0-9-]+)*\\.[a-z]{2,}/[a-zA-Z0-9_/?=%&;.-]*$", "maxlen": 128 }, "ParamConstraint": { "type": "map", "elemtype": "array" }, "AccessControlDescriptor": { "type": "map", "fields": { "iface": { "type": "FTNFace", "optional": true }, "ver": { "type": "FTNVersion", "optional": true }, "func": { "type": "FTNFunction", "optional": true }, "params": { "type": "ParamConstraint", "optional": true, "desc": "Named paramater must match one of the values" } }, "desc": "Granted API access constraints in scope of arbitrary Service" }, "AccessControlDescriptorList": { "type": "array", "elemtype": "AccessControlDescriptor", "desc": "List of granted API access in scope of arbitrary Service" }, "AccessGroupName": { "type": "GenericIdentifier", "maxlen": 32, "desc": "Service-specific arbitrary ACD grouping identifier" }, "AccessGroup": { "type": "map", "fields": { "id": "AccessGroupName", "name": "ItemTranslations", "desc": "ItemTranslations", "acds": "AccessControlDescriptorList", "icon": "ResourceURL" }, "desc": "Services-specific arbitrary ACD grouping definition" }, "AccessGroupList": { "type": "array", "elemtype": "ServiceAccessGroup", "desc": "List of Service-specific ACD groupings" }, "ServiceAccessGroup": { "type": "map", "fields": { "service": "GlobalService", "access_group": "AccessGroupName" }, "desc": "Global pointer to ACD group of specific Service" }, "ServiceAccessGroupList": { "type": "array", "elemtype": "ServiceAccessGroup", "desc": "List of global pointers to Service-specific ACD groups" } } }