fuchsia.modular.auth

PROTOCOLS

AccountProvider

Defined in fuchsia.modular.auth/account_provider.fidl

An interface that allows the Framework to talk to the token manager service to add new accounts and be able to mint the corresponding TokenManager specialized instances for thid party agents and first party ledger client.

This is only meant to be used by the Framework and will be replaced with AccountManager in the near future.

AddAccount

Adds a new user account. This involves talking to the identity provider and fetching profile attributes.

Request

NameType
identity_provider IdentityProvider

Response

NameType
account Account?
error_code string?

RemoveAccount

Removes an existing user account. This involves talking to account's identity provider and revoking user credentials both locally and remotely. This operation also deletes cached tokens for the given account.

If revoke_all is set to true, then all device credentials are revoked both locally and remotely on the backend server and user is logged out from all devices. If revoke_all is set to false, then credentials stored locally are wiped. This includes cached tokens such as access/id and firebase tokens and the locally persisted refresh token. By default, revoke_all is set to false and deletes account only from that given device.

Request

NameType
account Account
revoke_all bool

Response

NameType
status AuthErr

Terminate

This signals AccountProvider to teardown itself. After the AccountProvider responds by closing its handle, the caller may terminate the AccountProvider application if it hasn't already exited.

Request

NameType

STRUCTS

Account

Defined in fuchsia.modular.auth/account.fidl

Stores attributes related to an account that is exposed to base shell. A list of existing account(s) can be obtained via UserProvider.PreviousUsers() and a new account can be added via UserProvider.AddAccount().

NameTypeDescriptionDefault
id string A randomly generated identifier that is used to identify this account on this device. This is meant to be used by base shell when it wants to login as a user who has previously logged in. No default
identity_provider IdentityProvider The identity provider that was used to authenticate the user on this device. No default
profile_id string Unique identifier configured for the given user at the Identity provider. Profile id is fetched from user profile attributes as configured by the user at the given identity provider. No default
display_name string The name that is displayed on the base shell while logging in. Display name is fetched from user profile attributes as configured by the user at the given identity provider. No default
url string User's profile url that is used by the base shell while logging in. Profile url is fetched from user profile attributes as configured by the user at the given identity provider. No default
image_url string User's profile image url that is used by the base shell while logging in. Profile image url is fetched from user profile attributes as configured by the user at the given identity provider. No default

AuthErr

Defined in fuchsia.modular.auth/account_provider.fidl

Authentication errors returned by AccountProvider. It contains error status code along with a detailed error message.

NameTypeDescriptionDefault
status Status No default
message string No default

ENUMS

IdentityProvider

Type: uint32

Defined in fuchsia.modular.auth/account.fidl

The currently supported identity providers. An identity provider provides identifiers for users to interact with the system and may provide information about the user that is known to the provider.

NameValueDescription
DEV 0
GOOGLE 1

Status

Type: uint32

Defined in fuchsia.modular.auth/account_provider.fidl

Specifies the success/failure status.

NameValueDescription
OK 0
BAD_REQUEST 1
BAD_RESPONSE 2
OAUTH_SERVER_ERROR 3
USER_CANCELLED 4
NETWORK_ERROR 5
INTERNAL_ERROR 6