syntax = "proto3";

package session;
option go_package = "github.com/pomerium/pomerium/pkg/grpc/session";

import "google/protobuf/empty.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";

message IDToken {
  string issuer = 1;
  string subject = 2;
  google.protobuf.Timestamp expires_at = 3;
  google.protobuf.Timestamp issued_at = 4;
  string raw = 5;
}

message OAuthToken {
  string access_token = 1;
  string token_type = 2;
  google.protobuf.Timestamp expires_at = 3;
  string refresh_token = 4;
}

message Session {
  message DeviceCredential {
    string type_id = 1;
    oneof credential {
      google.protobuf.Empty unavailable = 2;
      string id = 3;
    }
  }

  string version = 1;
  string id = 2;
  string user_id = 3;
  repeated DeviceCredential device_credentials = 17;
  google.protobuf.Timestamp issued_at = 14;
  google.protobuf.Timestamp expires_at = 4;
  google.protobuf.Timestamp accessed_at = 18;
  IDToken id_token = 6;
  OAuthToken oauth_token = 7;
  map<string, google.protobuf.ListValue> claims = 9;
  repeated string audience = 10;

  optional string impersonate_session_id = 15;
}