fuchsia.identity.tokens

Defines the data types and protocols used to request user authorization tokens and identity information from service providers and identity providers.

The actual interaction with these providers is through lower level protocols defined in fuchsia.id.external.

TABLES

OauthRefreshToken

Defined in fuchsia.identity.tokens/token_types.fidl

A long-lived OAuth 2.0 Refresh Token.

OrdinalNameTypeDescription
1 content string

The content of the token.

2 account_id AccountId

A unique identifier for the account that the token refers to, as specified by the authorization server.

OauthAccessToken

Defined in fuchsia.identity.tokens/token_types.fidl

An OAuth 2.0 Access Token.

OrdinalNameTypeDescription
1 content string

The content of the token.

2 expiry_time zx/time

The time on ZX_CLOCK_UTC at which the token will expire. If the field is absent the token does not have a fixed expiry time.

OpenIdToken

Defined in fuchsia.identity.tokens/token_types.fidl

An OpenID Connect ID Token.

OrdinalNameTypeDescription
1 content string

The content of the JSON Web Token.

2 expiry_time zx/time

The time on ZX_CLOCK_UTC at which the token will expire. If the field is absent the token does not have a fixed expiry time.

OpenIdUserInfo

Defined in fuchsia.identity.tokens/token_types.fidl

The reponse from an OpenID Connect UserInfo endpoint.

OrdinalNameTypeDescription
1 subject string[255]

The subject to which this info applies.

2 name string

The user's full name.

3 email string

The user's email address.

4 picture string

A URL to a profile picture for the user.

CONSTANTS

NameValueTypeDescription
MAX_ACCOUNT_ID_SIZE 1024 uint32

The maximum length of an account ID string, in bytes.

MAX_CLIENT_ID_SIZE 1024 uint32

The maximum length of an OAuth client ID, in bytes. We reserve the right to increase this size in future.

MAX_SCOPE_SIZE 1024 uint32

The maximum length of an OAuth scope, in bytes. We reserve the right to increase this size in future.

MAX_SCOPE_COUNT 128 uint32

The maximum number of OAuth scopes that may be requested for a single token. We reserve the right to increase this value in future.

MAX_AUDIENCE_SIZE 1024 uint32

The maximum length of an OpenID audience string, in bytes. We reserve the right to increase this size in future.

MAX_AUDIENCE_COUNT 16 uint32

The maximum number of audiences that may be requested for a single ID token. We reserve the right to increase this value in future.

TYPE ALIASES

NameValueDescription
AccountId string[MAX_ACCOUNT_ID_SIZE]

An identifier for the account that a token is issued against, as specified by the authorization server. Account identifiers are guaranteed to be unique within an auth provider type.

ClientId string[MAX_CLIENT_ID_SIZE]

An OAuth client ID string.

Scope string[MAX_SCOPE_SIZE]

An OAuth scope string.

Audience string[MAX_AUDIENCE_SIZE]

An OpenID audience string.