common.member
io.token.proto.common.member common/src/main/proto/member.proto
syntax = "proto3";
package io.token.proto.common.member;
option java_outer_classname = "MemberProtos";
option csharp_namespace = "Tokenio.Proto.Common.MemberProtos";
import "address.proto";
import "alias.proto";
import "security.proto";
import "extensions/field.proto";
import "extensions/message.proto";
// Adds member key to the directory.
message MemberAddKeyOperation {
io.token.proto.common.security.Key key = 1; // Key to add
}
// Removes member key from the directory.
message MemberRemoveKeyOperation {
string key_id = 1; // ID of key to remove
}
// Adds/removes member alias to/from the directory.
message MemberAliasOperation {
// Hash of alias to add/remove
// https://developer.token.io/sdk/esdoc/class/src/Util.js~Util.html#static-method-hashAndSerializeAlias
string alias_hash = 1;
string realm = 2 [deprecated = true]; // Realm of alias to add/remove
string realm_id = 3;
}
// Sets recovery rules for member. Overrides all previously set rules.
// https://developer.token.io/sdk/?java#recovery-rules
message MemberRecoveryRulesOperation {
RecoveryRule recovery_rule = 1;
}
// Provides an agent signature authorizing the recovery operation. Multiple authorizations
// might be required in order to initiate the recovery process. The number of required signatures
// is governed by Recovery Rules associated with the member.
message MemberRecoveryOperation {
Authorization authorization = 1;
// Java SDK Member.authorizeRecovery can generate signature
// https://developer.token.io/sdk/javadoc/io/token/Member.html#authorizeRecovery-io.token.proto.common.member.MemberProtos.MemberRecoveryOperation.Authorization-
io.token.proto.common.security.Signature agent_signature = 2;
message Authorization {
string member_id = 1;
string prev_hash = 2;
io.token.proto.common.security.Key member_key = 3;
}
}
message MemberDeleteOperation {}
message MemberPartnerOperation {}
message MemberRealmPermissionOperation {
repeated RealmPermission permissions = 1;
}
message MemberOperation {
oneof operation {
MemberAddKeyOperation add_key = 1;
MemberRemoveKeyOperation remove_key = 2;
MemberAliasOperation remove_alias = 4;
MemberAliasOperation add_alias = 5;
MemberAliasOperation verify_alias = 6;
MemberRecoveryRulesOperation recovery_rules = 7;
MemberRecoveryOperation recover = 8;
MemberDeleteOperation delete = 9;
MemberPartnerOperation verify_partner = 10;
MemberPartnerOperation unverify_partner = 11;
MemberRealmPermissionOperation realm_permissions = 12;
}
}
// Updates member information in the directory. The directory is append only
// log of operations.
message MemberUpdate {
string prev_hash = 1;
string member_id = 2;
repeated MemberOperation operations = 3;
}
// Metadata associated with MemberUpdate.
// It is outside of MemberUpdate because MemberUpdate is signed and passed to the Directory.
message MemberOperationMetadata {
oneof type {
AddAliasMetadata add_alias_metadata = 1;
AddKeyMetadata add_key_metadata = 2;
}
message AddAliasMetadata {
string alias_hash = 1;
io.token.proto.common.alias.Alias alias = 2;
}
message AddKeyMetadata {
string keychain_id = 1;
}
}
// Metadata associated with MemberUpdateResponse.
message MemberOperationResponseMetadata {
oneof type {
AddAliasResponseMetadata add_alias_response_metadata = 1;
}
message AddAliasResponseMetadata {
string alias_hash = 1;
string verification_id = 2;
}
}
// A recovery rule specifies which signatures are required for a member reset operation.
message RecoveryRule {
string primary_agent = 1; // the member id of the primary agent
repeated string secondary_agents = 2; // an optional list of member ids acting as secondary agents
}
// A member record that is computed by replaying all the member updates.
message Member {
string id = 1; // member ID
string last_hash = 2; // last hash; used with UpdateMember
repeated string alias_hashes = 3; // hashes of verified aliases
repeated io.token.proto.common.security.Key keys = 4; // public keys
repeated string unverified_alias_hashes = 5; // hashes of unverified aliases
RecoveryRule recovery_rule = 6; // recovery rule
int32 last_recovery_sequence = 7; // sequence number for member's last recovery entry
int32 last_operation_sequence = 8; // sequence number for member's last operation
MemberType type = 9; // type of member
string partner_id = 10; // affiliated partner id
bool is_verified_partner = 11; // indicates if member is verified partner
string realm_id = 12; // realm owner member id
repeated RealmPermission realm_permissions = 13; // realm permissions assigned; Used to verify MemberOperations that this member can perform as realm owner.
repeated io.token.proto.common.security.Key expiredKeys = 14; // expired public keys
enum MemberType {
INVALID_MEMBER_TYPE = 0;
PERSONAL = 1; // Bank's customer, end user; should be under bank's realm
TRANSIENT = 4;
BUSINESS = 5; // a customer of Token; Token is the regulated TPP in this case
LICENSED_TPP = 6; // a customer of Token but uses its own licence; Token is a TSP for the business in this case
DIRECT_BANK_TPP = 7; // a regulated party using its own licence to connect to a specific Token managed bank under the provisions of the regulation(s); Token is a TSP to the bank in this case
BANK = 8;
TOKEN = 9; // a single member that represents Token realm
}
}
// A member address record
message AddressRecord {
option deprecated = true;
string id = 1; // Address id
string name = 2; // The display name of the address, e.g., "Office"
io.token.proto.common.address.Address address = 3; // Country specific JSON address
io.token.proto.common.security.Signature address_signature = 4; // member signature of the address
}
// Public profile
message Profile {
option (io.token.proto.extensions.message.redact) = true;
string display_name_first = 1 [deprecated = true]; // first name; DEPRECATED refer member.profileName
string display_name_last = 2 [deprecated = true]; // last name; DEPRECATED refer member.profileName
string original_picture_id = 3; // blob ID. Ignored in set profile request
string small_picture_id = 4; // blob ID. Ignored in set profile request
string medium_picture_id = 5; // blob ID. Ignored in set profile request
string large_picture_id = 6; // blob ID. Ignored in set profile request
}
// Profile picture sizes
enum ProfilePictureSize {
INVALID = 0;
ORIGINAL = 1; // same size as uploaded
SMALL = 2; // 200x200
MEDIUM = 3; // 600x600
LARGE = 4;
}
message ReceiptContact {
string value = 1 [(io.token.proto.extensions.field.redact) = true];
Type type = 2;
enum Type {
INVALID = 0;
EMAIL = 1;
}
}
message Device {
string name = 1;
io.token.proto.common.security.Key key = 2 [deprecated = true];
repeated io.token.proto.common.security.Key keys = 3;
}
enum CreateMemberType {
INVALID_MEMBER_TYPE = 0;
PERSONAL = 1;
BUSINESS = 2;
TRANSIENT = 3;
LICENSED_TPP = 4;
}
enum RealmPermission {
INVALID_REALM_PERMISSION = 0;
VERIFY_ALIAS = 1;
ADD_ALIAS = 2;
REMOVE_ALIAS = 3;
ADD_KEY = 4;
REMOVE_KEY = 5;
}
message Customization {
string customization_id = 1;
string name = 5; // display name
string logo_blob_id = 2; // logo blob id
map<string, string> colors = 3; // colors in hex string #AARRGGBB
string consent_text = 4; // use '\n' for line breaks.
// TODO(RD-1985): re-evaluate app_name
string app_name = 6; // the name of the corresponding app
}
message Keychain {
string keychain_id = 1;
string name = 2;
repeated io.token.proto.common.security.Key keys = 3;
}
message MemberInfo {
string id = 1;
repeated io.token.proto.common.alias.Alias aliases = 2; // verified aliases
string profile_name = 3;
int64 created_at_ms = 4;
}
message SubTpp {
string id = 1; // identifier
string member_id = 2; // member id under which this Tpp is registered
string name = 3; // registered name of this Sub TPP
string domain = 4; // registered domain URL
string domicile_country = 5;
bytes logo = 6; // sub tpp logo
Status status = 7;
int64 created_at = 8;
int64 updated_at = 9;
string status_reason_information = 10;
string mcc_code = 11; // optional mcc code
string parent_sub_tpp_id = 12;
repeated string child_sub_tpp_ids = 13;
Merchant merchant = 14;
repeated string restricted_countries = 15;
enum Status {
INVALID_STATUS = 0;
ACTIVATED = 1; // sub-TPP is activated, i.e. allowed to make the calls
REJECTED = 2; // sub-TPP was rejected during KYC check
AWAITING_APPROVAL = 3; // sub-TPP is added and is awaiting approval
DEACTIVATED = 4; // sub-TPP was activated before, but is deactivated now
}
}
message Merchant {
string merchant_jurisdiction = 1;
string legal_entity_name = 2;
string company_registration_number = 3;
string primary_use_case = 4;
string iban = 5;
string bic = 6;
string reporting_identifier = 7;
string reporting_label = 8;
string approval_date = 9;
string termination_date = 10;
ChargeableStatus chargeable_status = 11;
string uid = 12;
string industry = 13;
RegulatoryType regulatory_type = 14;
repeated CompetentAuthorities competent_authorities = 15;
RiskAssessmentScore risk_assessment_score = 16;
string risk_assessment_review_date = 17;
string sub_tpp_id = 18;
enum ChargeableStatus{
INVALID_STATUS = 0;
CHARGEABLE = 1;
PASS_THROUGH = 2;
INTERNAL = 3;
}
enum RegulatoryType {
INVALID_TYPE = 0;
TYPE_1 = 1;
TYPE_2 = 2;
}
enum CompetentAuthorities {
INVALID_AUTHORITY = 0;
FCA = 1;
BAFIN = 2;
}
enum RiskAssessmentScore {
INVALID_SCORE = 0;
GREEN = 1;
AMBER = 2;
RED = 3;
}
}