-
Notifications
You must be signed in to change notification settings - Fork 156
/
Copy pathsteammessages_twofactor.proto
200 lines (164 loc) · 10.5 KB
/
steammessages_twofactor.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
syntax = "proto2";
import "steammessages_base.proto";
import "steammessages_unified_base.proto";
option py_generic_services = true;
message CTwoFactor_Status_Request {
optional fixed64 steamid = 1 [(description) = "steamid to use"];
}
message CTwoFactor_Status_Response {
optional uint32 state = 1 [(description) = "Authenticator state"];
optional uint32 inactivation_reason = 2 [(description) = "Inactivation reason (if any)"];
optional uint32 authenticator_type = 3 [(description) = "Type of authenticator"];
optional bool authenticator_allowed = 4 [(description) = "Account allowed to have an authenticator?"];
optional uint32 steamguard_scheme = 5 [(description) = "Steam Guard scheme in effect"];
optional string token_gid = 6 [(description) = "String rep of token GID assigned by server"];
optional bool email_validated = 7 [(description) = "Account has verified email capability"];
optional string device_identifier = 8 [(description) = "Authenticator (phone) identifier"];
optional uint32 time_created = 9 [(description) = "When the token was created"];
optional uint32 revocation_attempts_remaining = 10 [(description) = "Number of revocation code attempts remaining"];
optional string classified_agent = 11 [(description) = "Agent that added the authenticator (e.g., ios / android / other)"];
optional bool allow_external_authenticator = 12 [(description) = "Allow a third-party authenticator (in addition to two-factor)"];
optional uint32 time_transferred = 13 [(description) = "When the token was transferred from another device, if applicable"];
}
message CTwoFactor_AddAuthenticator_Request {
optional fixed64 steamid = 1 [(description) = "steamid to use"];
optional uint64 authenticator_time = 2 [(description) = "Current authenticator time"];
optional fixed64 serial_number = 3 [(description) = "locally computed serial (deprecated)"];
optional uint32 authenticator_type = 4 [(description) = "Authenticator type"];
optional string device_identifier = 5 [(description) = "Authenticator identifier"];
optional string sms_phone_id = 6 [(description) = "ID of phone to use for SMS verification"];
repeated string http_headers = 7 [(description) = "HTTP headers alternating by K/V"];
optional uint32 version = 8 [default = 1, (description) = "What the version of our token should be"];
}
message CTwoFactor_AddAuthenticator_Response {
optional bytes shared_secret = 1 [(description) = "Shared secret between server and authenticator"];
optional fixed64 serial_number = 2 [(description) = "Authenticator serial number (unique per token)"];
optional string revocation_code = 3 [(description) = "code used to revoke authenticator"];
optional string uri = 4 [(description) = "URI for QR code generation"];
optional uint64 server_time = 5 [(description) = "Current server time"];
optional string account_name = 6 [(description) = "Account name to display on token client"];
optional string token_gid = 7 [(description) = "Token GID assigned by server"];
optional bytes identity_secret = 8 [(description) = "Secret used for identity attestation (e.g., for eventing)"];
optional bytes secret_1 = 9 [(description) = "Spare shared secret"];
optional int32 status = 10 [(description) = "Result code"];
optional string phone_number_hint = 11 [(description) = "a portion of the phone number the SMS code was sent to"];
}
message CTwoFactor_SendEmail_Request {
optional fixed64 steamid = 1 [(description) = "Steamid to use"];
optional uint32 email_type = 2 [(description) = "Type of email to send (ETwoFactorEmailType::*)"];
optional bool include_activation_code = 3 [(description) = "Include activation code in email parameters"];
}
message CTwoFactor_SendEmail_Response {
}
message CTwoFactor_FinalizeAddAuthenticator_Request {
optional fixed64 steamid = 1 [(description) = "steamid to use"];
optional string authenticator_code = 2 [(description) = "Current auth code"];
optional uint64 authenticator_time = 3 [(description) = "Current authenticator time"];
optional string activation_code = 4 [(description) = "Activation code from out-of-band message"];
repeated string http_headers = 5 [(description) = "HTTP headers alternating by K/V"];
optional bool validate_sms_code = 6 [(description) = "When finalizing with an SMS code, pass the request on to the PhoneService to update its state too."];
}
message CTwoFactor_FinalizeAddAuthenticator_Response {
optional bool success = 1 [(description) = "True if succeeded, or want more tries"];
optional bool want_more = 2 [(description) = "True if want more tries"];
optional uint64 server_time = 3 [(description) = "Current server time"];
optional int32 status = 4 [(description) = "Result code"];
}
message CTwoFactor_UpdateTokenVersion_Request {
optional fixed64 steamid = 1;
optional uint32 version = 2 [(description) = "What the version of our token should be"];
optional bytes signature = 3 [(description) = "HMAC digest over user's private key"];
}
message CTwoFactor_UpdateTokenVersion_Response {
}
message CTwoFactor_RemoveAuthenticator_Request {
optional string revocation_code = 2 [(description) = "Password needed to remove token"];
optional uint32 revocation_reason = 5 [(description) = "Reason the authenticator is being removed"];
optional uint32 steamguard_scheme = 6 [(description) = "Type of Steam Guard to use once token is removed"];
optional bool remove_all_steamguard_cookies = 7 [(description) = "Remove all steamguard cookies"];
}
message CTwoFactor_RemoveAuthenticator_Response {
optional bool success = 1 [(description) = "True if request succeeeded. The mobile app checks this."];
optional uint64 server_time = 3 [(description) = "Current server time"];
optional uint32 revocation_attempts_remaining = 5 [(description) = "Number of revocation code attempts remaining"];
}
message CTwoFactor_CreateEmergencyCodes_Request {
optional string code = 1;
}
message CTwoFactor_CreateEmergencyCodes_Response {
repeated string codes = 1 [(description) = "Emergency codes"];
}
message CTwoFactor_DestroyEmergencyCodes_Request {
optional fixed64 steamid = 1 [(description) = "steamid to use"];
}
message CTwoFactor_DestroyEmergencyCodes_Response {
}
message CTwoFactor_ValidateToken_Request {
optional string code = 1 [(description) = "code to validate"];
}
message CTwoFactor_ValidateToken_Response {
optional bool valid = 1 [(description) = "result of validation"];
}
message CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request {
}
message CTwoFactor_RemoveAuthenticatorViaChallengeStart_Response {
optional bool success = 1 [(description) = "True if succeeded, or want more tries with an authenticator_code"];
}
message CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request {
optional string sms_code = 1 [(description) = "Code from SMS"];
optional bool generate_new_token = 2 [(description) = "Generate new token (instead of removing old one)"];
}
message CRemoveAuthenticatorViaChallengeContinue_Replacement_Token {
optional bytes shared_secret = 1 [(description) = "Shared secret between server and authenticator"];
optional fixed64 serial_number = 2 [(description) = "Authenticator serial number (unique per token)"];
optional string revocation_code = 3 [(description) = "code used to revoke authenticator"];
optional string uri = 4 [(description) = "URI for QR code generation"];
optional uint64 server_time = 5 [(description) = "Current server time"];
optional string account_name = 6 [(description) = "Account name to display on token client"];
optional string token_gid = 7 [(description) = "Token GID assigned by server"];
optional bytes identity_secret = 8 [(description) = "Secret used for identity attestation (e.g., for eventing)"];
optional bytes secret_1 = 9 [(description) = "Spare shared secret"];
optional int32 status = 10 [(description) = "Result code"];
optional uint32 steamguard_scheme = 11 [(description) = "Type of Steam Guard to use once token is removed"];
optional fixed64 steamid = 12 [(description) = "steamid that owns the secret"];
}
message CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Response {
optional bool success = 1 [(description) = "True if succeeded, or want more tries with an authenticator_code"];
optional .CRemoveAuthenticatorViaChallengeContinue_Replacement_Token replacement_token = 2 [(description) = "Fresh secret to install"];
}
service TwoFactor {
option (service_description) = "Two Factor Authentication Service";
rpc QueryStatus (.CTwoFactor_Status_Request) returns (.CTwoFactor_Status_Response) {
option (method_description) = "Get two-factor authentication settings for the logged-in account";
}
rpc AddAuthenticator (.CTwoFactor_AddAuthenticator_Request) returns (.CTwoFactor_AddAuthenticator_Response) {
option (method_description) = "Add two-factor authenticator to the logged-in account";
}
rpc SendEmail (.CTwoFactor_SendEmail_Request) returns (.CTwoFactor_SendEmail_Response) {
option (method_description) = "Send email to the account";
}
rpc FinalizeAddAuthenticator (.CTwoFactor_FinalizeAddAuthenticator_Request) returns (.CTwoFactor_FinalizeAddAuthenticator_Response) {
option (method_description) = "Finalize two-factor authentication addition to the logged-in account";
}
rpc UpdateTokenVersion (.CTwoFactor_UpdateTokenVersion_Request) returns (.CTwoFactor_UpdateTokenVersion_Response) {
option (method_description) = "Update the version for my token";
}
rpc RemoveAuthenticator (.CTwoFactor_RemoveAuthenticator_Request) returns (.CTwoFactor_RemoveAuthenticator_Response) {
option (method_description) = "Remove two-factor authentication addition from the logged-in account";
}
rpc CreateEmergencyCodes (.CTwoFactor_CreateEmergencyCodes_Request) returns (.CTwoFactor_CreateEmergencyCodes_Response) {
option (method_description) = "Generate emergency authenticator codes";
}
rpc DestroyEmergencyCodes (.CTwoFactor_DestroyEmergencyCodes_Request) returns (.CTwoFactor_DestroyEmergencyCodes_Response) {
option (method_description) = "Destroy emergency authenticator codes for the account";
}
rpc ValidateToken (.CTwoFactor_ValidateToken_Request) returns (.CTwoFactor_ValidateToken_Response) {
option (method_description) = "Validate (and consume) a token";
}
rpc RemoveAuthenticatorViaChallengeStart (.CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request) returns (.CTwoFactor_RemoveAuthenticatorViaChallengeStart_Response) {
option (method_description) = "Start challenge-based authenticator removal";
}
rpc RemoveAuthenticatorViaChallengeContinue (.CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request) returns (.CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Response) {
option (method_description) = "Continue challenge-based authenticator removal";
}
}