syntax = "proto3";

package auth.v1;

import "auth/v1/msg.proto";
import "base/v1/msg.proto";

service AuthorizationService {
  rpc AuthorizationSrvHealth(base.v1.Empty) returns (base.v1.StatusRes);

  rpc CheckIAM(CheckIAMReq) returns (InternalIAM) {}

  rpc SendLoginOTP(UserSendOtpReq) returns (UserSendOtpRes) {}
  rpc LoginWithOTP(UserLoginReq) returns (UserAccessTokenRes) {}
  rpc GetAccessTokenByRefreshToken(UserRefreshTokenReq) returns (UserAccessTokenRes) {}

  rpc GetUserPermission(InternalIAM) returns (PermissionList) {}

  rpc GetIdentity(InternalIAM) returns (Identity) {}
  rpc UpdateIdentity(UserUpdateIdentityReq) returns (base.v1.StatusRes) {}

  rpc GetBankInfoList(ReqWithIAMAndParams) returns (BankInfoList) {}
  rpc UpdateBankInfo(UserUpdateBankInfoReq) returns (base.v1.StatusRes) {}
  rpc RemoveBankInfo(IdReqWithIAM) returns (base.v1.StatusRes) {}

  rpc GetUser(GetUserReq) returns (User) {}

  // Two Factor Authentication
  // For now it's only SMS-OTP - later will be Email-OTP or other methods can be
  // added For HMAC-OTP there won't be a need to call this api
  rpc ProcessTFAReq(TFAReq) returns (base.v1.StatusRes) {}

  // For HMAC-OTP an initialization step must be added to exchange keys
  rpc InitTFAReq(InternalIAM) returns (TFAExRes) {}

  rpc CheckTFACode(CheckTFAReq) returns (base.v1.StatusRes) {}
}