Protocol Buffer definitions for StructuredID Community Edition.
proto/
├── buf.yaml # Buf configuration
├── buf.gen.yaml # Code generation config
└── sid/
└── v1/
├── identity.proto # Profile, credentials, sessions
├── auth.proto # Authentication flows
└── authz.proto # Authorization (RBAC, policies)
Manages profile lifecycle, credentials, and sessions.
Key entities:
Profile— user identity (CE: Profile IS the user, no separate User entity)Credential— authentication factor (OPAQUE, WebAuthn, TOTP, recovery codes)Session— active user session with scopes
RPC methods:
- Profile CRUD:
CreateProfile,GetProfile,UpdateProfile,DeleteProfile,ListProfiles - Credential management:
AddCredential,ListCredentials,RevokeCredential - Session management:
ListSessions,RevokeSession
Handles authentication flows.
Protocols:
- OPAQUE (RFC 9807): Zero-knowledge password authentication
- 2-step registration:
OpaqueRegistrationStart→OpaqueRegistrationFinish - 2-step login:
OpaqueLoginStart→OpaqueLoginFinish
- 2-step registration:
- WebAuthn (passkeys): FIDO2 authentication
- 2-step registration:
WebAuthnRegistrationStart→WebAuthnRegistrationFinish - 2-step authentication:
WebAuthnAuthenticationStart→WebAuthnAuthenticationFinish
- 2-step registration:
- OAuth2 / OIDC: Standard flows
OAuth2Authorize,OAuth2Token,OAuth2Introspect,OAuth2Revoke
- Session validation:
ValidateSession
Handles authorization and policy evaluation.
Key entities:
Role— named collection of permissionsGroup— collection of profilesRoleAssignment— assigns role to profile/group with optional scope and expiryPolicy— Cedar ABAC policy
RPC methods:
- Permission check:
CheckPermission,BatchCheckPermission - Role management:
CreateRole,GetRole,UpdateRole,DeleteRole,ListRoles - Role assignment:
AssignRole,RevokeRole,ListRoleAssignments - Group management:
CreateGroup,GetGroup,UpdateGroup,DeleteGroup,ListGroups - Group membership:
AddToGroup,RemoveFromGroup,ListGroupMembers - Policy management:
CreatePolicy,GetPolicy,UpdatePolicy,DeletePolicy,ListPolicies
Install buf and code generators:
# Install buf
brew install bufbuild/buf/buf
# Install Rust generators
cargo install protoc-gen-tonic protoc-gen-prost
# Install TypeScript generator
npm install -g @protobuf-ts/plugin
# Install doc generator
go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc@latest# From proto/ directory
buf generate
# Generated files:
# - ../sid/crates/sid-proto/src/*.rs (Rust)
# - ../admin-ui/src/generated/*.ts (TypeScript)
# - docs/api.md (Documentation)# Lint proto files
buf lint
# Check for breaking changes (against main)
buf breaking --against '.git#branch=main'Current version: sid/v1
Breaking change policy:
sid/v1/— NEVER break (semver MAJOR bump required)- Deprecate old fields, add new fields/RPCs
- Use
optionalfor new fields to maintain backward compatibility
Apache 2.0
Note: Proto definitions are licensed under Apache 2.0 to allow unrestricted integration by third parties. The StructuredID CE server binary is licensed under AGPL-3.0.