go.chromium.org/luci@v0.0.0-20250314024836-d9a61d0730e6/tokenserver/api/token_file.proto

// Copyright 2016 The LUCI Authors. All rights reserved.
// Use of this source code is governed under the Apache License, Version 2.0
// that can be found in the LICENSE file.

syntax = "proto3";

package tokenserver;

option go_package = "go.chromium.org/luci/tokenserver/api;tokenserver";


// TokenFile is representation of a token file on disk (serialized as JSON).
//
// The token file is consumed by whoever wishes to use machine tokens. It is
// intentionally made as simple as possible (e.g. uses unix timestamps instead
// of fancy protobuf ones).
message TokenFile {
  // Google OAuth2 access token of a machine service account.
  string access_token = 1 [json_name="access_token"];

  // OAuth2 access token type, usually "Bearer".
  string token_type = 2 [json_name="token_type"];

  // Machine token understood by LUCI backends (alternative to access_token).
  string luci_machine_token = 3 [json_name="luci_machine_token"];

  // Unix timestamp (in seconds) when this token expires.
  //
  // The token file is expected to be updated before the token expires, see
  // 'next_update' for next expected update time.
  int64 expiry = 4 [json_name="expiry"];

  // Unix timestamp of when this file was updated the last time.
  int64 last_update = 5 [json_name="last_update"];

  // Unix timestamp of when this file is expected to be updated next time.
  int64 next_update = 6 [json_name="next_update"];

  // Email of the associated service account.
  string service_account_email = 7 [json_name="service_account_email"];

  // Unique stable ID of the associated service account.
  string service_account_unique_id = 8 [json_name="service_account_unique_id"];

  // Any information tokend daemon wishes to associate with the token.
  //
  // Consumers of the token file should ignore this field. It is used
  // exclusively by tokend daemon.
  bytes tokend_state = 50 [json_name="tokend_state"];
}