io7m | single-page | multi-page | epub | Idstore User Manual 0.0.8

Idstore User Manual 0.0.8

DATE 2022-09-20T08:37:35+00:00
DESCRIPTION User manual for the idstore server.
IDENTIFIER 24c8402e-36b8-4d2b-ab1e-b501050e9611
LANGUAGE en
SOURCE https://www.io7m.com/software/idstore/
TITLE Idstore User Manual 0.0.8

Table Of Contents

1. Introduction

1
The idstore package provides a server and client for managing user accounts.

1.2. Features

  • A small, easily auditable codebase with a heavy use of modularity for correctness.
  • An extensive automated test suite with high coverage.
  • Platform independence. No platform-dependent code is included in any form, and installations can largely be carried between platforms without changes.
  • OSGi-ready
  • JPMS-ready
  • ISC license

2. Installation

2.1. Server Installation

2.1.1. Overview

1
The idstore server package is available from the following sources:

2.1.1.2. Sources

3
Regardless of the distribution method, the idstore package will contain a command named idstore that acts as the main entrypoint to all of the server's functionality. The idstore command expects an environment variable named IDSTORE_SERVER_HOME to be defined that points to the installation directory. See the documentation for the installation methods below for details.

2.1.2. PostgreSQL

1
The idstore server requires a PostgreSQL server. The idstore server will create the required tables and database objects on first startup, given the name of a running PostgreSQL database, and a PostgreSQL role and password.

2.1.3. Maven Central

1
A distribution package can be found at Maven Central.
2
The idstore command requires that a Java 17+ compatible JVM be accessible via /usr/bin/env java.
3
Verify the integrity of the distribution zip file:

2.1.3.4. Verify

$ gpg --verify com.io7m.idstore.server.main-0.0.8-distribution.zip.asc
gpg: assuming signed data in 'com.io7m.idstore.server.main-0.0.8-distribution.zip.asc'
gpg: Signature made Tue 28 Jun 2022 15:01:56 GMT
gpg:                using RSA key 3CCE59428B30462D10459909C5607DA146E128B8
gpg:                issuer "contact@io7m.com"
gpg: using pgp trust model
gpg: Good signature from "io7m.com (2022 maven-rsa-key) <contact@io7m.com>" [unknown]
5
Unzip the zip file, and set up the environment appropriately:

2.1.3.6. Extract

$ unzip com.io7m.idstore.server.main-0.0.8-distribution.zip
$ export IDSTORE_SERVER_HOME=$(realpath idstore)
$ ./idstore/bin/idstore
info: Usage: idstore [options] [command] [command options]
...

2.1.4. Initialization

1
Given an appropriate configuration file in server.conf, it's necessary to tell idstore to configure the database and create an initial administrator user:

2.1.4.2. Initialize

$ idstore initialize \
  --admin-email 'someone@example.com' \
  --admin-realname 'Someone Else' \
  --admin-username 'someone' \
  --admin-password 12345678 \
  --configuration server.conf

2.1.5. Running

1
The server can now be run with idstore server:

2.1.5.2. Run

$ idstore server --configuration server.conf
info: [localhost/<unresolved>:50000] User API server started
info: [localhost/<unresolved>:50001] User view server started
info: [localhost/<unresolved>:51000] Admin API server started
3
The server does not fork into the background and is designed to be run under process supervision.

2.2. Admin Client Installation

2.2.1. Overview

1
The idstore admin client package is available from the following sources:

2.2.1.2. Sources

3
Regardless of the distribution method, the idstore-admin package will contain a command named idstore-admin that starts the client. The idstore-admin command expects an environment variable named IDSTORE_ADMIN_HOME to be defined that points to the installation directory. See the documentation for the installation methods below for details.

2.2.2. Maven Central

1
A distribution package can be found at Maven Central.
2
The idstore-admin command requires that a Java 17+ compatible JVM be accessible via /usr/bin/env java.
3
Verify the integrity of the distribution zip file:

2.2.2.4. Verify

$ gpg --verify com.io7m.idstore.admin_gui.main-0.0.8-distribution.zip.asc
gpg: assuming signed data in 'com.io7m.idstore.admin_gui.main-0.0.8-distribution.zip.asc'
gpg: Signature made Tue 28 Jun 2022 15:01:56 GMT
gpg:                using RSA key 3CCE59428B30462D10459909C5607DA146E128B8
gpg:                issuer "contact@io7m.com"
gpg: using pgp trust model
gpg: Good signature from "io7m.com (2022 maven-rsa-key) <contact@io7m.com>" [unknown]
5
Unzip the zip file, and set up the environment appropriately:

2.2.2.6. Extract

$ unzip com.io7m.idstore.admin_gui.main-0.0.8-distribution.zip
$ export IDSTORE_ADMIN_HOME=$(realpath idstore-admin)
$ ./idstore-admin/bin/idstore-admin

3. Configuration

3.1. Overview

1
The idstore server is configured using a single XML-formatted configuration file. The format has a fully documented schema and so configuration files can be independently validated and benefit from autocompletion in most modern IDEs.
2
The configuration file must consist of a single top-level Configuration element in the urn:com.io7m.idstore:configuration:1 namespace. In modern IDEs, simply creating a file containing this element will immediately fill in all the other required child elements.

3.2. Mail

3.2.1. Overview

1
The Mail section of the configuration file configures the mail service. The server sends mail to users to verify emails and to handle password resets.

3.2.2. Transport

1
The Transport section of the Mail configuration specifies the mail server transport method. This must be one of SMTP, SMTP_TLS, or SMTPS.
2
The Host and Port attributes specify the host and port of the upstream MTA.

3.2.3. SenderAddress

1
The SenderAddress attribute specifies the address that will be used on outgoing mail.

3.2.4. VerificationExpiration

1
The VerificationExpiration attribute specifies how long links sent in emails will take to expire. These links are currently used for password resets, and email verification. The property must be formatted as an ISO 8601 duration string.

3.2.5. Example

1
An example SMTP configuration:

3.2.5.2. Example

<Mail SenderAddress="no-reply@example.com"
      VerificationExpiration="PT24H">
  <SMTP Host="mail.example.com"
        Port="25"/>
</Mail>

3.3. HTTP

3.3.1. Overview

1
The HTTP section of the configuration file configures the various HTTP services.

3.3.2. HTTPServiceAdminAPI

1
The configuration for the Admin API service.
2
The ListenAddress and ListenPort attributes specify the address and port to which to the HTTP service will bind. It is recommended that the service be bound to localhost and a reverse proxy such as nginx be used to provide TLS.
3
The ExternalAddress attribute specifies the external address that clients will use to connect to this server. This value is used in, for example, password reset emails to provide URLs that users can follow to reset their passwords.

3.3.3. HTTPServiceUserAPI

1
The configuration for the User API service.
2
The ListenAddress and ListenPort attributes specify the address and port to which to the HTTP service will bind. It is recommended that the service be bound to localhost and a reverse proxy such as nginx be used to provide TLS.
3
The ExternalAddress attribute specifies the external address that clients will use to connect to this server. This value is used in, for example, password reset emails to provide URLs that users can follow to reset their passwords.

3.3.4. HTTPServiceUserView

1
The configuration for the User View service.
2
The ListenAddress and ListenPort attributes specify the address and port to which to the HTTP service will bind. It is recommended that the service be bound to localhost and a reverse proxy such as nginx be used to provide TLS.
3
The ExternalAddress attribute specifies the external address that clients will use to connect to this server. This value is used in, for example, password reset emails to provide URLs that users can follow to reset their passwords.

3.3.5. Example

1
An example HTTP configuration:

3.3.5.2. Example

<HTTPServices>
  <HTTPServiceAdminAPI ListenAddress="localhost"
                       ListenPort="51000"
                       ExternalURI="http://localhost:51000/"/>
  <HTTPServiceUserAPI ListenAddress="localhost"
                      ListenPort="50000"
                      ExternalURI="http://localhost:50000/"/>
  <HTTPServiceUserView ListenAddress="localhost"
                       ListenPort="50001"
                       ExternalURI="http://localhost:50001/"/>
</HTTPServices>

3.4. Sessions

3.4.1. Overview

1
The Sessions section of the configuration file specifies parameters for controlling session expiration.

3.4.2. Sessions

1
The UserSessionExpiration attribute specifies the duration after which idle user sessions on the server will expire. The value must be expressed as an ISO 8601 duration string.
2
The AdminSessionExpiration attribute specifies the duration after which idle admin sessions on the server will expire. The value must be expressed as an ISO 8601 duration string.

3.4.3. Example

1
An example session configuration:

3.4.3.2. Example

<Sessions UserSessionExpiration="PT30M"
          AdminSessionExpiration="PT30M"/>

3.5. History

3.5.1. Overview

1
The History section of the configuration file specifies retention parameters for login histories.

3.5.2. Example

1
An example history configuration:

3.5.2.2. Example

<History UserLoginHistoryLimit="100"
         AdminLoginHistoryLimit="10000"/>

3.6. Database

3.6.1. Overview

1
The Database section of the configuration file configures the database.

3.6.2. Example

1
An example database configuration:

3.6.2.2. Example

<Database Kind="POSTGRESQL"
          Name="postgres"
          User="postgres"
          Password="12345678"
          Address="localhost"
          Port="54322"
          Create="true"
          Upgrade="true"/>

3.7. RateLimiting

3.7.1. Overview

1
The RateLimiting section of the configuration file configures rate limiting for various server operations. Primarily, rate limiting is currently useful to limit any outgoing email that the server might send; unauthenticated clients could, for example, attempt to spam users with password reset emails. Setting a rate limit such that only one password reset email can be sent every ten minutes for a given client can reduce the possible damage.
2
The EmailVerificationRateLimit attribute specifies the minimum duration that must elapse between any two email verification requests for a given user. The attribute must be specified as an ISO 8601 duration string.
3
The PasswordResetRateLimit attribute specifies the minimum duration that must elapse between any two password reset requests from a single IP address. The attribute must be specified as an ISO 8601 duration string.

3.7.2. Example

1
An example rate limit configuration:

3.7.2.2. Example

<RateLimiting EmailVerificationRateLimit="PT10M"
              PasswordResetRateLimit="PT10M"/>

3.8. OpenTelemetry

3.8.1. Overview

1
The OpenTelemetry section of the configuration file configures Open Telemetry. This section is optional and telemetry is disabled if the section is not present.

3.8.2. Example

1
An example Open Telemetry configuration:

3.8.2.2. Example

<OpenTelemetry LogicalServiceName="idstore"
               OTELCollectorAddress="http://localhost:4317"/>

3.9. Branding

3.9.1. Overview

1
The Branding section of the configuration file configures branding.

3.9.2. Example

1
An example branding configuration:

3.9.2.2. Example

<Branding ProductTitle="idstore">
  <ColorScheme>
    <ButtonColors>
      <Disabled>
        <BodyColor Red="0.101"
                   Green="0.309"
                   Blue="0.45"/>
        <BorderColor Red="0"
                     Green="0"
                     Blue="0"/>
        <EmbossEColor Red="0.175"
                      Green="0.527"
                      Blue="0.765"/>
        <EmbossNColor Red="0.175"
                      Green="0.527"
                      Blue="0.765"/>
        <EmbossSColor Red="0.07"
                      Green="0.214"
                      Blue="0.316"/>
        <EmbossWColor Red="0.07"
                      Green="0.214"
                      Blue="0.316"/>
        <TextColor Red="0"
                   Green="0"
                   Blue="0"/>
      </Disabled>
      <Enabled>
        <BodyColor Red="0.101"
                   Green="0.309"
                   Blue="0.45"/>
        <BorderColor Red="0"
                     Green="0"
                     Blue="0"/>
        <EmbossEColor Red="0.175"
                      Green="0.527"
                      Blue="0.765"/>
        <EmbossNColor Red="0.175"
                      Green="0.527"
                      Blue="0.765"/>
        <EmbossSColor Red="0.07"
                      Green="0.214"
                      Blue="0.316"/>
        <EmbossWColor Red="0.07"
                      Green="0.214"
                      Blue="0.316"/>
        <TextColor Red="0"
                   Green="0"
                   Blue="0"/>
      </Enabled>
      <Hover>
        <BodyColor Red="0.125"
                   Green="0.371"
                   Blue="0.539"/>
        <BorderColor Red="0"
                     Green="0"
                     Blue="0"/>
        <EmbossEColor Red="0.175"
                      Green="0.527"
                      Blue="0.765"/>
        <EmbossNColor Red="0.175"
                      Green="0.527"
                      Blue="0.765"/>
        <EmbossSColor Red="0.07"
                      Green="0.214"
                      Blue="0.316"/>
        <EmbossWColor Red="0.07"
                      Green="0.214"
                      Blue="0.316"/>
        <TextColor Red="0"
                   Green="0"
                   Blue="0"/>
      </Hover>
      <Pressed>
        <BodyColor Red="0.093"
                   Green="0.277"
                   Blue="0.406"/>
        <BorderColor Red="0"
                     Green="0"
                     Blue="0"/>
        <EmbossEColor Red="0.07"
                      Green="0.214"
                      Blue="0.316"/>
        <EmbossNColor Red="0.07"
                      Green="0.214"
                      Blue="0.316"/>
        <EmbossSColor Red="0.125"
                      Green="0.371"
                      Blue="0.539"/>
        <EmbossWColor Red="0.125"
                      Green="0.371"
                      Blue="0.539"/>
        <TextColor Red="0"
                   Green="0"
                   Blue="0"/>
      </Pressed>
    </ButtonColors>

    <ErrorBorderColor Red="1"
                      Green="0"
                      Blue="0"/>

    <HeaderBackgroundColor Red="0.184"
                           Green="0.184"
                           Blue="0.184"/>

    <HeaderLinkColor Red="1"
                     Green="1"
                     Blue="1"/>

    <HeaderTextColor Red="1"
                     Green="1"
                     Blue="1"/>

    <MainBackgroundColor Red="0.101"
                         Green="0.309"
                         Blue="0.45"/>

    <MainLinkColor Red="1"
                   Green="1"
                   Blue="1"/>

    <MainMessageBorderColor Red="0.1875"
                            Green="0.558"
                            Blue="0.8125"/>

    <MainTableBorderColor Red="0.1875"
                          Green="0.558"
                          Blue="0.8125"/>

    <MainTextColor Red="1"
                   Green="1"
                   Blue="1"/>
  </ColorScheme>
</Branding>

3.10. Schema

1
The XSD schema for the configuration file is as follows:

3.10.2. Schema

<?xml version="1.0" encoding="UTF-8" ?>

<schema xmlns="http://www.w3.org/2001/XMLSchema"
        xmlns:c="urn:com.io7m.idstore:configuration:1"
        targetNamespace="urn:com.io7m.idstore:configuration:1">

  <simpleType name="ColorComponent">
    <annotation>
      <documentation>
        The type of a component within a color.
      </documentation>
    </annotation>
    <restriction base="double">
      <minInclusive value="0.0"/>
      <maxInclusive value="1.0"/>
    </restriction>
  </simpleType>

  <complexType name="ColorType">
    <annotation>
      <documentation>
        An RGB color.
      </documentation>
    </annotation>

    <attribute name="Red"
               type="c:ColorComponent"
               use="required"/>
    <attribute name="Green"
               type="c:ColorComponent"
               use="required"/>
    <attribute name="Blue"
               type="c:ColorComponent"
               use="required"/>
  </complexType>

  <element name="ErrorBorderColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the border around error messages on web pages.
      </documentation>
    </annotation>
  </element>

  <element name="HeaderBackgroundColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the web page header background.
      </documentation>
    </annotation>
  </element>

  <element name="HeaderLinkColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the web page header links.
      </documentation>
    </annotation>
  </element>

  <element name="HeaderTextColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the web page header text.
      </documentation>
    </annotation>
  </element>

  <element name="MainBackgroundColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the web page main background.
      </documentation>
    </annotation>
  </element>

  <element name="MainLinkColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the web page main links on web pages.
      </documentation>
    </annotation>
  </element>

  <element name="MainMessageBorderColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the border around non-error messages on web pages.
      </documentation>
    </annotation>
  </element>

  <element name="MainTableBorderColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for table borders on web pages.
      </documentation>
    </annotation>
  </element>

  <element name="MainTextColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the main text on web pages.
      </documentation>
    </annotation>
  </element>

  <element name="TextColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the button text.
      </documentation>
    </annotation>
  </element>

  <element name="BodyColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the button body.
      </documentation>
    </annotation>
  </element>

  <element name="BorderColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the button border.
      </documentation>
    </annotation>
  </element>

  <element name="EmbossEColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the east-facing emboss.
      </documentation>
    </annotation>
  </element>

  <element name="EmbossSColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the south-facing emboss.
      </documentation>
    </annotation>
  </element>

  <element name="EmbossWColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the west-facing emboss.
      </documentation>
    </annotation>
  </element>

  <element name="EmbossNColor"
           type="c:ColorType">
    <annotation>
      <documentation>
        The color used for the north-facing emboss.
      </documentation>
    </annotation>
  </element>

  <complexType name="ButtonStateColors">
    <annotation>
      <documentation>
        The colors used for a particular button state.
      </documentation>
    </annotation>
    <sequence>
      <element ref="c:BodyColor"/>
      <element ref="c:BorderColor"/>
      <element ref="c:EmbossEColor"/>
      <element ref="c:EmbossNColor"/>
      <element ref="c:EmbossSColor"/>
      <element ref="c:EmbossWColor"/>
      <element ref="c:TextColor"/>
    </sequence>
  </complexType>

  <element name="Enabled"
           type="c:ButtonStateColors">
    <annotation>
      <documentation>
        The colors used when the button is in the unpressed, enabled state.
      </documentation>
    </annotation>
  </element>

  <element name="Disabled"
           type="c:ButtonStateColors">
    <annotation>
      <documentation>
        The colors used when the button is in the disabled state.
      </documentation>
    </annotation>
  </element>

  <element name="Pressed"
           type="c:ButtonStateColors">
    <annotation>
      <documentation>
        The colors used when the button is in the pressed state.
      </documentation>
    </annotation>
  </element>

  <element name="Hover"
           type="c:ButtonStateColors">
    <annotation>
      <documentation>
        The colors used when the button is in the hover state.
      </documentation>
    </annotation>
  </element>

  <element name="ButtonColors">
    <annotation>
      <documentation>
        The colors used for all button states.
      </documentation>
    </annotation>
    <complexType>
      <sequence>
        <element ref="c:Disabled"/>
        <element ref="c:Enabled"/>
        <element ref="c:Hover"/>
        <element ref="c:Pressed"/>
      </sequence>
    </complexType>
  </element>

  <element name="ColorScheme">
    <complexType>
      <sequence>
        <element ref="c:ButtonColors"/>
        <element ref="c:ErrorBorderColor"/>
        <element ref="c:HeaderBackgroundColor"/>
        <element ref="c:HeaderLinkColor"/>
        <element ref="c:HeaderTextColor"/>
        <element ref="c:MainBackgroundColor"/>
        <element ref="c:MainLinkColor"/>
        <element ref="c:MainMessageBorderColor"/>
        <element ref="c:MainTableBorderColor"/>
        <element ref="c:MainTextColor"/>
      </sequence>
    </complexType>
  </element>

  <element name="Branding">
    <complexType>
      <sequence>
        <element ref="c:ColorScheme"
                 minOccurs="0"
                 maxOccurs="1"/>
      </sequence>

      <attribute name="ProductTitle"
                 use="required"
                 type="string">
        <annotation>
          <documentation>
            The product title that will be used in web pages and emails.
          </documentation>
        </annotation>
      </attribute>

      <attribute name="Logo"
                 use="optional"
                 type="anyURI">
        <annotation>
          <documentation>
            A file that contains a logo image used in web pages.
          </documentation>
        </annotation>
      </attribute>

      <attribute name="LoginExtra"
                 use="optional"
                 type="anyURI">
        <annotation>
          <documentation>
            A file that contains XHTML text that will be inserted into login web pages.
          </documentation>
        </annotation>
      </attribute>
    </complexType>
  </element>

  <complexType name="MailTransportType">
    <annotation>
      <documentation>
        The base type of mail transport configurations.
      </documentation>
    </annotation>
  </complexType>

  <complexType name="SMTPType">
    <annotation>
      <documentation>
        Settings for communicating over SMTP without encryption.
      </documentation>
    </annotation>
    <complexContent>
      <extension base="c:MailTransportType">
        <attribute name="Host"
                   type="anyURI"
                   use="required"/>
        <attribute name="Port"
                   type="unsignedInt"
                   use="required"/>
      </extension>
    </complexContent>
  </complexType>

  <complexType name="SMTPTLSType">
    <annotation>
      <documentation>
        Settings for communicating over SMTP_TLS.
      </documentation>
    </annotation>
    <complexContent>
      <extension base="c:MailTransportType">
        <attribute name="Host"
                   type="anyURI"
                   use="required"/>
        <attribute name="Port"
                   type="unsignedInt"
                   use="required"/>
      </extension>
    </complexContent>
  </complexType>

  <complexType name="SMTPSType">
    <annotation>
      <documentation>
        Settings for communicating over SMTPS.
      </documentation>
    </annotation>
    <complexContent>
      <extension base="c:MailTransportType">
        <attribute name="Host"
                   type="anyURI"
                   use="required"/>
        <attribute name="Port"
                   type="unsignedInt"
                   use="required"/>
      </extension>
    </complexContent>
  </complexType>

  <element name="SMTP"
           type="c:SMTPType"/>
  <element name="SMTPTLS"
           type="c:SMTPTLSType"/>
  <element name="SMTPS"
           type="c:SMTPSType"/>

  <element name="MailAuthentication">
    <annotation>
      <documentation>
        The mail server authentication configuration.
      </documentation>
    </annotation>

    <complexType>
      <attribute name="Username"
                 type="string"
                 use="required">
        <annotation>
          <documentation>
            The username that will be used to authenticate to the mail server.
          </documentation>
        </annotation>
      </attribute>
      <attribute name="Password"
                 type="string"
                 use="required">
        <annotation>
          <documentation>
            The password that will be used to authenticate to the mail server.
          </documentation>
        </annotation>
      </attribute>
    </complexType>
  </element>

  <element name="Mail">
    <annotation>
      <documentation>
        The mail server configuration.
      </documentation>
    </annotation>

    <complexType>
      <sequence>
        <choice minOccurs="1"
                maxOccurs="1">
          <element ref="c:SMTP"/>
          <element ref="c:SMTPS"/>
          <element ref="c:SMTPTLS"/>
        </choice>
        <element ref="c:MailAuthentication"
                 minOccurs="0"
                 maxOccurs="1"/>
      </sequence>

      <attribute name="SenderAddress"
                 type="string"
                 use="required"/>
      <attribute name="VerificationExpiration"
                 type="duration"
                 use="required"/>
    </complexType>
  </element>

  <element name="History">
    <annotation>
      <documentation>
        Retention settings for logins.
      </documentation>
    </annotation>

    <complexType>
      <attribute name="UserLoginHistoryLimit"
                 type="unsignedInt"
                 use="required">
        <annotation>
          <documentation>
            The number of login records to store for users.
          </documentation>
        </annotation>
      </attribute>
      <attribute name="AdminLoginHistoryLimit"
                 type="unsignedInt"
                 use="required">
        <annotation>
          <documentation>
            The number of login records to store for admins.
          </documentation>
        </annotation>
      </attribute>
    </complexType>
  </element>

  <complexType name="HTTPServiceType">
    <attribute name="ListenAddress"
               use="required"
               type="string">
      <annotation>
        <documentation>
          The address upon which this HTTP service will listen.
        </documentation>
      </annotation>
    </attribute>
    <attribute name="ListenPort"
               use="required"
               type="unsignedInt">
      <annotation>
        <documentation>
          The port upon which this HTTP service will listen.
        </documentation>
      </annotation>
    </attribute>
    <attribute name="ExternalURI"
               use="required"
               type="anyURI">
      <annotation>
        <documentation>
          The external URI by which this HTTP service will be accessible. This is used in emails and web pages and is
          primarily useful when the HTTP service will be used behind a reverse proxy.
        </documentation>
      </annotation>
    </attribute>
  </complexType>

  <element name="HTTPServiceAdminAPI"
           type="c:HTTPServiceType">
    <annotation>
      <documentation>
        Configuration for the Admin API service.
      </documentation>
    </annotation>
  </element>

  <element name="HTTPServiceUserAPI"
           type="c:HTTPServiceType">
    <annotation>
      <documentation>
        Configuration for the User API service.
      </documentation>
    </annotation>
  </element>

  <element name="HTTPServiceUserView"
           type="c:HTTPServiceType">
    <annotation>
      <documentation>
        Configuration for the User view service.
      </documentation>
    </annotation>
  </element>

  <element name="HTTPServices">
    <annotation>
      <documentation>
        Configuration for HTTP services.
      </documentation>
    </annotation>

    <complexType>
      <sequence>
        <element ref="c:HTTPServiceAdminAPI"/>
        <element ref="c:HTTPServiceUserAPI"/>
        <element ref="c:HTTPServiceUserView"/>
      </sequence>
    </complexType>
  </element>

  <element name="Sessions">
    <complexType>
      <attribute name="UserSessionExpiration"
                 type="duration"
                 use="required">
        <annotation>
          <documentation>
            The maximum age of idle user sessions before they are considered expired and deleted.
          </documentation>
        </annotation>
      </attribute>
      <attribute name="AdminSessionExpiration"
                 type="duration"
                 use="required">
        <annotation>
          <documentation>
            The maximum age of idle admin sessions before they are considered expired and deleted.
          </documentation>
        </annotation>
      </attribute>
    </complexType>
  </element>

  <element name="Database">
    <annotation>
      <documentation>
        Configuration for the database service.
      </documentation>
    </annotation>

    <complexType>
      <attribute name="Kind"
                 use="required"
                 type="string">
        <annotation>
          <documentation>
            The kind of the remote database, such as POSTGRESQL.
          </documentation>
        </annotation>
      </attribute>

      <attribute name="Name"
                 use="required"
                 type="string">
        <annotation>
          <documentation>
            The name of the database.
          </documentation>
        </annotation>
      </attribute>

      <attribute name="User"
                 use="required"
                 type="string">
        <annotation>
          <documentation>
            The username that will be used to connect to the database.
          </documentation>
        </annotation>
      </attribute>

      <attribute name="Password"
                 use="required"
                 type="string">
        <annotation>
          <documentation>
            The password that will be used to connect to the database.
          </documentation>
        </annotation>
      </attribute>

      <attribute name="Address"
                 use="required"
                 type="string">
        <annotation>
          <documentation>
            The address of the database.
          </documentation>
        </annotation>
      </attribute>

      <attribute name="Port"
                 use="required"
                 type="unsignedInt">
        <annotation>
          <documentation>
            The port used to connect to the database.
          </documentation>
        </annotation>
      </attribute>

      <attribute name="Create"
                 use="required"
                 type="boolean">
        <annotation>
          <documentation>
            Should the database be created if it does not already exist?
          </documentation>
        </annotation>
      </attribute>

      <attribute name="Upgrade"
                 use="required"
                 type="boolean">
        <annotation>
          <documentation>
            Should the database schema be upgraded if the schema version is older than the current application?
          </documentation>
        </annotation>
      </attribute>
    </complexType>
  </element>

  <element name="RateLimiting">
    <annotation>
      <documentation>
        Configuration information for request rate limiting.
      </documentation>
    </annotation>

    <complexType>
      <attribute name="EmailVerificationRateLimit"
                 type="duration"
                 use="required">
        <annotation>
          <documentation>
            Email verifications for various operations cannot be prompted more frequently than this duration.
          </documentation>
        </annotation>
      </attribute>
      <attribute name="PasswordResetRateLimit"
                 type="duration"
                 use="required">
        <annotation>
          <documentation>
            Passwords cannot be reset more frequently than this duration.
          </documentation>
        </annotation>
      </attribute>
    </complexType>
  </element>

  <element name="OpenTelemetry">
    <annotation>
      <documentation>
        Configuration information for OpenTelemetry.
      </documentation>
    </annotation>

    <complexType>
      <attribute name="LogicalServiceName"
                 use="required"
                 type="string">
        <annotation>
          <documentation>
            The logical name of the service as it will appear in OpenTelemetry.
          </documentation>
        </annotation>
      </attribute>
      <attribute name="OTELCollectorAddress"
                 use="required"
                 type="anyURI">
        <annotation>
          <documentation>
            The URI of the OTEL collector that will receive telemetry.
          </documentation>
        </annotation>
      </attribute>
    </complexType>
  </element>

  <element name="Configuration">
    <annotation>
      <documentation>
        The main server configuration element.
      </documentation>
    </annotation>

    <complexType>
      <sequence>
        <element ref="c:Branding"/>
        <element ref="c:Database"/>
        <element ref="c:HTTPServices"/>
        <element ref="c:History"/>
        <element ref="c:Mail"/>
        <element ref="c:OpenTelemetry"
                 minOccurs="0"
                 maxOccurs="1"/>
        <element ref="c:RateLimiting"/>
        <element ref="c:Sessions"/>
      </sequence>
    </complexType>
  </element>

</schema>

4. Command-Line Interface

4.1. Overview

1
The idstore package provides a command-line interface for performing tasks such as starting the server, checking configuration files, hashing passwords, and etc. The base idstore command is broken into a number of subcommands which are documented over the following sections.

4.1.2. Command-Line Overview

Usage: idstore [options] [command] [command options]

  Options:
    --verbose
      Set the minimum logging verbosity level.
      Default: info
      Possible Values: [trace, debug, info, warn, error]

  Use the "help" command to examine specific commands:

    $ idstore help help.

  Command-line arguments can be placed one per line into a file, and the file
  can be referenced using the @ symbol:

    $ echo help > file.txt
    $ echo help >> file.txt
    $ idstore @file.txt

  Commands:
    help           Show detailed help messages for commands.
    initialize     Initialize the database.
    server         Start the server.
    version        Retrieve the version number.

  Documentation:
    https://www.io7m.com/software/idstore/documentation/
3
All subcommands accept a --verbose parameter that may be set to one of trace, debug, info, warn, or error. This parameter sets the lower bound for the severity of messages that will be logged. For example, at debug verbosity, only messages of severity debug and above will be logged. Setting the verbosity to trace level effectively causes everything to be logged, and will produce large volumes of debugging output.
4
The idstore command-line tool uses jcommander to parse command-line arguments, and therefore supports placing command-line arguments into a file, one argument per line, and then referencing that file with @. For example:

4.1.5. @ Syntax

$ idstore server --configuration server.conf

$ (cat <<EOF
--configuration
server.conf
EOF
) > args.txt

$ idstore @args.txt
6
All subcommands, unless otherwise specified, yield an exit code of 0 on success, and a non-zero exit code on failure.

4.2. initialize

4.2.1. Name

1
initialize - Initialize the server

4.2.2. Description

1
The initialize command performs a one-time server initialization. Specifically, the command creates all necessary tables in the configured database server, and creates an initial administrator user with the provided parameters.

4.2.2.2. Parameters

Parameter Type Required Description
--configuration Path true The configuration file
--admin-id UUID false The ID of the initial administrator
--admin-username String true The initial administrator to create.
--admin-password String true The password of the initial administrator.
--admin-email String true The email address of the initial administrator.
--admin-realname String true The real name of the initial administrator.
--verbose CLPLogLevel false Set the minimum logging verbosity level.

4.2.3. Examples

4.2.3.1. Example

$ idstore initialize \
  --admin-email 'someone@example.com' \
  --admin-realname 'Someone Else' \
  --admin-username 'someone' \
  --admin-password 12345678 \
  --configuration server.conf

4.3. server

4.3.1. Name

1
server - Start the server

4.3.2. Description

1
The server command starts the server.

4.3.2.2. Parameters

Parameter Type Required Description
--verbose CLPLogLevel false Set the minimum logging verbosity level.
--configuration Path true The configuration file

4.3.3. Examples

4.3.3.1. Example

$ idstore server --configuration server.conf
info: [localhost/<unresolved>:50000] User API server started
info: [localhost/<unresolved>:50001] User view server started
info: [localhost/<unresolved>:51000] Admin API server started

4.4. version

4.4.1. Name

1
version - Display the package version

4.4.2. Description

1
The version command displays the current version of the package.

4.4.2.2. Parameters

Parameter Type Required Description
--verbose CLPLogLevel false Set the minimum logging verbosity level.

4.4.3. Examples

4.4.3.1. Example

$ idstore version
1.0.0

5. API Access

5.1. Admin Protocol 1

5.1.1. Encoding

1
The version 1 Admin protocol uses cedarbridge encoded messages over HTTP(s).

5.1.2. Login

1
Send an IdA1CommandLogin command to /v1/login. If the login succeeds, a cookie named IDSTORE_ADMIN_API_SESSION will be set. This cookie must be included with all subsequent requests.

5.1.3. Commands

1
After logging in successfully, send commands of type IdA1Command* to /v1/command. Failed commands will yield a value of type IdA1ResponseError, whilst successful results will yield values of type IdA1Response*.

5.1.4. Schemas

5.1.4.1. Schemas

;
; Copyright © 2022 Mark Raynsford <code@io7m.com> https://www.io7m.com
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
; WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
; MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
; SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
; WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
; ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
; IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
;

[language cedarbridge 1 0]

[package com.io7m.idstore.protocol.admin.cb]

[import com.io7m.cedarbridge cb]

[documentation IdA1UUID "A 128-bit UUID value."]
[record IdA1UUID
  [documentation msb "The most significant bits of the UUID."]
  [field msb cb:IntegerUnsigned64]
  [documentation lsb "The least significant bits of the UUID."]
  [field lsb cb:IntegerUnsigned64]
]

[documentation IdA1Password "Information for a hashed password."]
[record IdA1Password
  [documentation algorithm "The password algorithm."]
  [field algorithm cb:String]
  [documentation hash "The password hash."]
  [field hash cb:String]
  [documentation salt "The password salt."]
  [field salt cb:String]
]

[documentation IdA1TimestampUTC "A UTC timestamp value."]
[record IdA1TimestampUTC
  [documentation year "The year."]
  [field year cb:IntegerUnsigned32]
  [documentation month "The month in the range [1, 12]."]
  [field month cb:IntegerUnsigned8]
  [documentation day "The day of the month in the range [1, 31]."]
  [field day cb:IntegerUnsigned8]
  [documentation hour "The hour in the range [0, 23]."]
  [field hour cb:IntegerUnsigned8]
  [documentation minute "The minute in the range [0, 59]."]
  [field minute cb:IntegerUnsigned8]
  [documentation second "The second in the range [0, 59]."]
  [field second cb:IntegerUnsigned8]
  [documentation millisecond "The millisecond in the range [0, 999]."]
  [field millisecond cb:IntegerUnsigned32]
]

[documentation IdA1Ban "An account ban."]
[record IdA1Ban
  [documentation user "The user (or admin) ID."]
  [field user IdA1UUID]
  [documentation reason "The ban reason."]
  [field reason cb:String]
  [documentation expires "The expiration date, if any."]
  [field expires [cb:Option IdA1TimestampUTC]]
]

[documentation IdA1TimeRange "A UTC time range."]
[record IdA1TimeRange
  [documentation lower "The lower bound."]
  [field lower IdA1TimestampUTC]
  [documentation upper "The upper bound."]
  [field upper IdA1TimestampUTC]
]

[documentation IdA1Login "A login record."]
[record IdA1Login
  [documentation user "The user ID."]
  [field user IdA1UUID]
  [documentation time "The login time."]
  [field time IdA1TimestampUTC]
  [documentation host "The user's host."]
  [field host cb:String]
  [documentation agent "The user's agent."]
  [field agent cb:String]
]

[documentation IdA1AdminPermission "An admin permission."]
[variant IdA1AdminPermission
  [documentation AdminBan "A permission that allows for banning admins."]
  [case AdminBan]
  [documentation AdminCreate "A permission that allows for creating admins."]
  [case AdminCreate]
  [documentation AdminDelete "A permission that allows for deleting admins."]
  [case AdminDelete]
  [documentation AdminWrite "A permission that allows updating admins."]
  [case AdminWrite]
  [documentation AdminWriteSelf "A permission that allows an admin to update itself."]
  [case AdminWriteSelf]
  [documentation AdminRead "A permission that allows reading admins."]
  [case AdminRead]
  [documentation AuditRead "A permission that allows reading the audit log."]
  [case AuditRead]
  [documentation UserDelete "A permission that allows deleting users."]
  [case UserDelete]
  [documentation UserCreate "A permission that allows creating users."]
  [case UserCreate]
  [documentation UserWrite "A permission that allows updating users."]
  [case UserWrite]
  [documentation UserRead "A permission that allows reading users."]
  [case UserRead]
  [documentation UserBan "A permission that allows for banning users."]
  [case UserBan]
]

[documentation IdA1AdminColumn "A column to use for sorting admins."]
[variant IdA1AdminColumn
  [documentation ByID "Order by admin ID."]
  [case ByID]
  [documentation ByIDName "Order by admin id name."]
  [case ByIDName]
  [documentation ByRealName "Order by admin realname."]
  [case ByRealName]
  [documentation ByTimeCreated "Order by admin creation time."]
  [case ByTimeCreated]
  [documentation ByTimeUpdated "Order by admin update time."]
  [case ByTimeUpdated]
]

[documentation IdA1AdminColumnOrdering "A column ordering spec."]
[record IdA1AdminColumnOrdering
  [documentation column "The admin column."]
  [field column IdA1AdminColumn]
  [documentation ascending "True if the results should be ascending."]
  [field ascending cb:Boolean]
]

[documentation IdA1AdminSearchParameters "Search parameters for admins."]
[record IdA1AdminSearchParameters
  [documentation timeCreatedRange "The range of creation times for returned admins."]
  [field timeCreatedRange IdA1TimeRange]
  [documentation timeUpdatedRange "The range of update times for returned admins."]
  [field timeUpdatedRange IdA1TimeRange]
  [documentation search "The search query text."]
  [field search [cb:Option cb:String]]
  [documentation ordering "The result ordering."]
  [field ordering IdA1AdminColumnOrdering]
  [documentation limit "The limit on the number of results."]
  [field limit cb:IntegerUnsigned16]
]

[documentation IdA1AdminSearchByEmailParameters "Search parameters for admins (by email)."]
[record IdA1AdminSearchByEmailParameters
  [documentation timeCreatedRange "The range of creation times for returned admins."]
  [field timeCreatedRange IdA1TimeRange]
  [documentation timeUpdatedRange "The range of update times for returned admins."]
  [field timeUpdatedRange IdA1TimeRange]
  [documentation search "The search query text."]
  [field search cb:String]
  [documentation ordering "The result ordering."]
  [field ordering IdA1AdminColumnOrdering]
  [documentation limit "The limit on the number of results."]
  [field limit cb:IntegerUnsigned16]
]

[documentation IdA1AuditSearchParameters "Search parameters for audit records."]
[record IdA1AuditSearchParameters
  [documentation timeRange "The range of time to include."]
  [field timeRange IdA1TimeRange]
  [documentation owner "All records contain this owner, if specified."]
  [field owner [cb:Option cb:String]]
  [documentation message "All records contain this message, if specified."]
  [field message [cb:Option cb:String]]
  [documentation type "All records contain this type, if specified."]
  [field type [cb:Option cb:String]]
  [documentation limit "The limit on the number of results."]
  [field limit cb:IntegerUnsigned16]
]

[documentation IdA1UserColumn "A column to use for sorting users."]
[variant IdA1UserColumn
  [documentation ByID "Order by user ID."]
  [case ByID]
  [documentation ByIDName "Order by user id name."]
  [case ByIDName]
  [documentation ByRealName "Order by user realname."]
  [case ByRealName]
  [documentation ByTimeCreated "Order by user creation time."]
  [case ByTimeCreated]
  [documentation ByTimeUpdated "Order by user update time."]
  [case ByTimeUpdated]
]

[documentation IdA1UserColumnOrdering "A column ordering spec."]
[record IdA1UserColumnOrdering
  [documentation column "The user column."]
  [field column IdA1UserColumn]
  [documentation ascending "True if the results should be ascending."]
  [field ascending cb:Boolean]
]

[documentation IdA1UserSearchParameters "Search parameters for users."]
[record IdA1UserSearchParameters
  [documentation timeCreatedRange "The range of creation times for returned users."]
  [field timeCreatedRange IdA1TimeRange]
  [documentation timeUpdatedRange "The range of update times for returned users."]
  [field timeUpdatedRange IdA1TimeRange]
  [documentation search "The search query text."]
  [field search [cb:Option cb:String]]
  [documentation ordering "The result ordering."]
  [field ordering IdA1UserColumnOrdering]
  [documentation limit "The limit on the number of results."]
  [field limit cb:IntegerUnsigned16]
]

[documentation IdA1UserSearchByEmailParameters "Search parameters for users (by email)."]
[record IdA1UserSearchByEmailParameters
  [documentation timeCreatedRange "The range of creation times for returned users."]
  [field timeCreatedRange IdA1TimeRange]
  [documentation timeUpdatedRange "The range of update times for returned users."]
  [field timeUpdatedRange IdA1TimeRange]
  [documentation search "The search query text."]
  [field search cb:String]
  [documentation ordering "The result ordering."]
  [field ordering IdA1UserColumnOrdering]
  [documentation limit "The limit on the number of results."]
  [field limit cb:IntegerUnsigned16]
]

[documentation IdA1Admin "An administrator."]
[record IdA1Admin
  [documentation id "The admin ID."]
  [field id IdA1UUID]
  [documentation idName "The admin ID name."]
  [field idName cb:String]
  [documentation realName "The admin real name."]
  [field realName cb:String]
  [documentation emails "The admin emails."]
  [field emails [cb:List cb:String]]
  [documentation timeCreated "The time the admin was created."]
  [field timeCreated IdA1TimestampUTC]
  [documentation timeUpdated "The time the admin was last updated."]
  [field timeUpdated IdA1TimestampUTC]
  [documentation password "The hashed admin password."]
  [field password IdA1Password]
  [documentation permissions "The admin permissions."]
  [field permissions [cb:List IdA1AdminPermission]]
]

[documentation IdA1Page "A page of results."]
[record IdA1Page
  [documentation T "The type of result values."]
  [parameter T]
  [documentation items "The list of results."]
  [field items [cb:List T]]
  [documentation pageIndex "The page index."]
  [field pageIndex cb:IntegerUnsigned32]
  [documentation pageCount "The page count."]
  [field pageCount cb:IntegerUnsigned32]
  [documentation pageFirstOffset "The offset of the first item in the page."]
  [field pageFirstOffset cb:IntegerUnsigned64]]

[documentation IdA1AdminSummary "An admin summary."]
[record IdA1AdminSummary
  [documentation id "The admin ID."]
  [field id IdA1UUID]
  [documentation idName "The admin ID name."]
  [field idName cb:String]
  [documentation realName "The admin real name."]
  [field realName cb:String]
  [documentation timeCreated "The time the admin was created."]
  [field timeCreated IdA1TimestampUTC]
  [documentation timeUpdated "The time the admin was last updated."]
  [field timeUpdated IdA1TimestampUTC]
]

[documentation IdA1AuditEvent "An audit event."]
[record IdA1AuditEvent
  [documentation id "The audit event ID."]
  [field id cb:IntegerUnsigned64]
  [documentation owner "The audit event owner."]
  [field owner IdA1UUID]
  [documentation time "The audit event time."]
  [field time IdA1TimestampUTC]
  [documentation type "The audit event type."]
  [field type cb:String]
  [documentation message "The audit event message."]
  [field message cb:String]
]

[documentation IdA1User "A user."]
[record IdA1User
  [documentation id "The user ID."]
  [field id IdA1UUID]
  [documentation idName "The user ID name."]
  [field idName cb:String]
  [documentation realName "The user real name."]
  [field realName cb:String]
  [documentation emails "The user emails."]
  [field emails [cb:List cb:String]]
  [documentation timeCreated "The time the user was created."]
  [field timeCreated IdA1TimestampUTC]
  [documentation timeUpdated "The time the user was last updated."]
  [field timeUpdated IdA1TimestampUTC]
  [documentation password "The hashed user password."]
  [field password IdA1Password]
]

[documentation IdA1UserSummary "A user summary."]
[record IdA1UserSummary
  [documentation id "The user ID."]
  [field id IdA1UUID]
  [documentation idName "The user ID name."]
  [field idName cb:String]
  [documentation realName "The user real name."]
  [field realName cb:String]
  [documentation timeCreated "The time the user was created."]
  [field timeCreated IdA1TimestampUTC]
  [documentation timeUpdated "The time the user was last updated."]
  [field timeUpdated IdA1TimestampUTC]
]

;
; Admin commands.
;

[documentation IdA1CommandAdminBanCreate "Ban an admin."]
[record IdA1CommandAdminBanCreate
  [documentation ban "The ban."]
  [field ban IdA1Ban]
]

[documentation IdA1CommandAdminBanDelete "Remove a ban on an admin."]
[record IdA1CommandAdminBanDelete
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
]

[documentation IdA1CommandAdminBanGet "Get a ban on an admin."]
[record IdA1CommandAdminBanGet
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
]

[documentation IdA1CommandAdminCreate "Create an admin."]
[record IdA1CommandAdminCreate
  [documentation adminId "The admin."]
  [field adminId [cb:Option IdA1UUID]]
  [documentation idName "The admin ID name."]
  [field idName cb:String]
  [documentation realName "The admin real name."]
  [field realName cb:String]
  [documentation email "The admin email."]
  [field email cb:String]
  [documentation password "The admin password."]
  [field password IdA1Password]
  [documentation permissions "The set of permissions."]
  [field permissions [cb:List IdA1AdminPermission]]
]

[documentation IdA1CommandAdminDelete "Delete an admin."]
[record IdA1CommandAdminDelete
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
]

[documentation IdA1CommandAdminEmailAdd "Add an email address to the given admin."]
[record IdA1CommandAdminEmailAdd
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
  [documentation email "The email address."]
  [field email cb:String]
]

[documentation IdA1CommandAdminEmailRemove "Remove an email address from the given admin."]
[record IdA1CommandAdminEmailRemove
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
  [documentation email "The email address."]
  [field email cb:String]
]

[documentation IdA1CommandAdminGet "Get the given admin."]
[record IdA1CommandAdminGet
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
]

[documentation IdA1CommandAdminGetByEmail "Get the admin with the given email address."]
[record IdA1CommandAdminGetByEmail
  [documentation email "The email address."]
  [field email cb:String]
]

[documentation IdA1CommandAdminPermissionGrant "Grant a permission to the given admin."]
[record IdA1CommandAdminPermissionGrant
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
  [documentation permission "The permission."]
  [field permission IdA1AdminPermission]
]

[documentation IdA1CommandAdminPermissionRevoke "Revoke a permission from the given admin."]
[record IdA1CommandAdminPermissionRevoke
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
  [documentation permission "The permission."]
  [field permission IdA1AdminPermission]
]

[documentation IdA1CommandAdminSearchBegin "Start searching for admins."]
[record IdA1CommandAdminSearchBegin
  [documentation parameters "The search parameters."]
  [field parameters IdA1AdminSearchParameters]
]

[documentation IdA1CommandAdminSearchByEmailBegin "Start searching for admins (by email)."]
[record IdA1CommandAdminSearchByEmailBegin
  [documentation parameters "The search parameters."]
  [field parameters IdA1AdminSearchByEmailParameters]
]

[documentation IdA1CommandAdminSearchByEmailNext "Get the next page of admin search results."]
[record IdA1CommandAdminSearchByEmailNext]

[documentation IdA1CommandAdminSearchByEmailPrevious "Get the previous page of admin search results."]
[record IdA1CommandAdminSearchByEmailPrevious]

[documentation IdA1CommandAdminSearchNext "Get the next page of admin search results."]
[record IdA1CommandAdminSearchNext]

[documentation IdA1CommandAdminSearchPrevious "Get the previous page of admin search results."]
[record IdA1CommandAdminSearchPrevious]

[documentation IdA1CommandAdminSelf "A request to fetch the admin's own profile."]
[record IdA1CommandAdminSelf]

[documentation IdA1CommandAdminUpdate "A request to fetch the admin's own profile."]
[record IdA1CommandAdminUpdate
  [documentation adminId "The admin."]
  [field adminId IdA1UUID]
  [documentation idName "The admin's new ID name."]
  [field idName [cb:Option cb:String]]
  [documentation realName "The admin's new real name."]
  [field realName [cb:Option cb:String]]
  [documentation password "The admin's new password"]
  [field password [cb:Option IdA1Password]]
]

[documentation IdA1CommandAuditSearchBegin "Start searching/listing audit records."]
[record IdA1CommandAuditSearchBegin
  [documentation parameters "The search parameters."]
  [field parameters IdA1AuditSearchParameters]
]

[documentation IdA1CommandAuditSearchNext "Get the next page of audit search results."]
[record IdA1CommandAuditSearchNext]

[documentation IdA1CommandAuditSearchPrevious "Get the previous page of audit search results."]
[record IdA1CommandAuditSearchPrevious]

[documentation IdA1CommandLogin "A request to log in."]
[record IdA1CommandLogin
  [documentation userName "The username."]
  [field userName cb:String]
  [documentation password "The password."]
  [field password cb:String]
]

;
; User commands.
;

[documentation IdA1CommandUserBanCreate "Ban a user."]
[record IdA1CommandUserBanCreate
  [documentation ban "The ban."]
  [field ban IdA1Ban]
]

[documentation IdA1CommandUserBanDelete "Remove a ban on a user."]
[record IdA1CommandUserBanDelete
  [documentation userId "The user."]
  [field userId IdA1UUID]
]

[documentation IdA1CommandUserBanGet "Get a ban on a user."]
[record IdA1CommandUserBanGet
  [documentation userId "The user."]
  [field userId IdA1UUID]
]

[documentation IdA1CommandUserCreate "Create a user."]
[record IdA1CommandUserCreate
  [documentation userId "The user."]
  [field userId [cb:Option IdA1UUID]]
  [documentation idName "The user ID name."]
  [field idName cb:String]
  [documentation realName "The user real name."]
  [field realName cb:String]
  [documentation email "The user email."]
  [field email cb:String]
  [documentation password "The user password."]
  [field password IdA1Password]
]

[documentation IdA1CommandUserDelete "Delete a user."]
[record IdA1CommandUserDelete
  [documentation userId "The user."]
  [field userId IdA1UUID]
]

[documentation IdA1CommandUserEmailAdd "Add an email address to the given user."]
[record IdA1CommandUserEmailAdd
  [documentation userId "The user."]
  [field userId IdA1UUID]
  [documentation email "The email address."]
  [field email cb:String]
]

[documentation IdA1CommandUserEmailRemove "Remove an email address from the given user."]
[record IdA1CommandUserEmailRemove
  [documentation userId "The user."]
  [field userId IdA1UUID]
  [documentation email "The email address."]
  [field email cb:String]
]

[documentation IdA1CommandUserGet "Get the given user."]
[record IdA1CommandUserGet
  [documentation userId "The user."]
  [field userId IdA1UUID]
]

[documentation IdA1CommandUserGetByEmail "Get the user with the given email address."]
[record IdA1CommandUserGetByEmail
  [documentation email "The email address."]
  [field email cb:String]
]

[documentation IdA1CommandUserLoginHistory "Get the given user's login history."]
[record IdA1CommandUserLoginHistory
  [documentation userId "The user."]
  [field userId IdA1UUID]
]

[documentation IdA1CommandUserSearchBegin "Start searching for users."]
[record IdA1CommandUserSearchBegin
  [documentation parameters "The search parameters."]
  [field parameters IdA1UserSearchParameters]
]

[documentation IdA1CommandUserSearchByEmailBegin "Start searching for users (by email)."]
[record IdA1CommandUserSearchByEmailBegin
  [documentation parameters "The search parameters."]
  [field parameters IdA1UserSearchByEmailParameters]
]

[documentation IdA1CommandUserSearchByEmailNext "Get the next page of user search results."]
[record IdA1CommandUserSearchByEmailNext]

[documentation IdA1CommandUserSearchByEmailPrevious "Get the previous page of user search results."]
[record IdA1CommandUserSearchByEmailPrevious]

[documentation IdA1CommandUserSearchNext "Get the next page of user search results."]
[record IdA1CommandUserSearchNext]

[documentation IdA1CommandUserSearchPrevious "Get the previous page of user search results."]
[record IdA1CommandUserSearchPrevious]

[documentation IdA1CommandUserUpdate "A request to fetch the user's own profile."]
[record IdA1CommandUserUpdate
  [documentation userId "The user."]
  [field userId IdA1UUID]
  [documentation idName "The user's new ID name."]
  [field idName [cb:Option cb:String]]
  [documentation realName "The user's new real name."]
  [field realName [cb:Option cb:String]]
  [documentation password "The user's new password"]
  [field password [cb:Option IdA1Password]]
]

;
; Admin responses.
;

[documentation IdA1ResponseAdminBanCreate "A response to IdA1CommandAdminBanCreate."]
[record IdA1ResponseAdminBanCreate
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation ban "The ban."]
  [field ban IdA1Ban]
]

[documentation IdA1ResponseAdminBanDelete "A response to IdA1CommandAdminBanDelete."]
[record IdA1ResponseAdminBanDelete
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
]

[documentation IdA1ResponseAdminBanGet "A response to IdA1CommandAdminBanGet."]
[record IdA1ResponseAdminBanGet
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation ban "The ban."]
  [field ban [cb:Option IdA1Ban]]
]

[documentation IdA1ResponseAdminCreate "A response to IdA1CommandAdminCreate."]
[record IdA1ResponseAdminCreate
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation admin "The admin."]
  [field admin IdA1Admin]
]

[documentation IdA1ResponseAdminDelete "A response to IdA1CommandAdminDelete."]
[record IdA1ResponseAdminDelete
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
]

[documentation IdA1ResponseAdminGet "A response to IdA1CommandAdminGet."]
[record IdA1ResponseAdminGet
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation admin "The admin."]
  [field admin [cb:Option IdA1Admin]]
]

[documentation IdA1ResponseAdminSearchBegin "A response to IdA1CommandAdminSearchBegin."]
[record IdA1ResponseAdminSearchBegin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The first page of results."]
  [field page [IdA1Page IdA1AdminSummary]]
]

[documentation IdA1ResponseAdminSearchNext "A response to IdA1CommandAdminSearchNext."]
[record IdA1ResponseAdminSearchNext
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The next page of results."]
  [field page [IdA1Page IdA1AdminSummary]]
]

[documentation IdA1ResponseAdminSearchPrevious "A response to IdA1CommandAdminSearchPrevious."]
[record IdA1ResponseAdminSearchPrevious
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The previous page of results."]
  [field page [IdA1Page IdA1AdminSummary]]
]

[documentation IdA1ResponseAdminSearchByEmailBegin "A response to IdA1CommandAdminSearchByEmailBegin."]
[record IdA1ResponseAdminSearchByEmailBegin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The first page of results."]
  [field page [IdA1Page IdA1AdminSummary]]
]

[documentation IdA1ResponseAdminSearchByEmailNext "A response to IdA1CommandAdminSearchByEmailNext."]
[record IdA1ResponseAdminSearchByEmailNext
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The next page of results."]
  [field page [IdA1Page IdA1AdminSummary]]
]

[documentation IdA1ResponseAdminSearchByEmailPrevious "A response to IdA1CommandAdminSearchByEmailPrevious."]
[record IdA1ResponseAdminSearchByEmailPrevious
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The previous page of results."]
  [field page [IdA1Page IdA1AdminSummary]]
]

[documentation IdA1ResponseAdminSelf "A response to IdA1CommandAdminSelf."]
[record IdA1ResponseAdminSelf
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation admin "The admin."]
  [field admin IdA1Admin]
]

[documentation IdA1ResponseAdminUpdate "A response to IdA1CommandAdminUpdate."]
[record IdA1ResponseAdminUpdate
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation admin "The admin."]
  [field admin IdA1Admin]
]

[documentation IdA1ResponseAuditSearchBegin "A response to IdA1CommandAuditSearchBegin."]
[record IdA1ResponseAuditSearchBegin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The first page of results."]
  [field page [IdA1Page IdA1AuditEvent]]
]

[documentation IdA1ResponseAuditSearchNext "A response to IdA1CommandAuditSearchNext."]
[record IdA1ResponseAuditSearchNext
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The next page of results."]
  [field page [IdA1Page IdA1AuditEvent]]
]

[documentation IdA1ResponseAuditSearchPrevious "A response to IdA1CommandAuditSearchPrevious."]
[record IdA1ResponseAuditSearchPrevious
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The previous page of results."]
  [field page [IdA1Page IdA1AuditEvent]]
]

;
; User responses.
;

[documentation IdA1ResponseUserBanCreate "A response to IdA1CommandUserBanCreate."]
[record IdA1ResponseUserBanCreate
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation ban "The ban."]
  [field ban IdA1Ban]
]

[documentation IdA1ResponseUserBanDelete "A response to IdA1CommandUserBanDelete."]
[record IdA1ResponseUserBanDelete
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
]

[documentation IdA1ResponseUserBanGet "A response to IdA1CommandUserBanGet."]
[record IdA1ResponseUserBanGet
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation ban "The ban."]
  [field ban [cb:Option IdA1Ban]]
]

[documentation IdA1ResponseUserCreate "A response to IdA1CommandUserCreate."]
[record IdA1ResponseUserCreate
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation user "The user."]
  [field user IdA1User]
]

[documentation IdA1ResponseUserDelete "A response to IdA1CommandUserDelete."]
[record IdA1ResponseUserDelete
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
]

[documentation IdA1ResponseUserGet "A response to IdA1CommandUserGet."]
[record IdA1ResponseUserGet
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation user "The user."]
  [field user [cb:Option IdA1User]]
]

[documentation IdA1ResponseUserSearchBegin "A response to IdA1CommandUserSearchBegin."]
[record IdA1ResponseUserSearchBegin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The first page of results."]
  [field page [IdA1Page IdA1UserSummary]]
]

[documentation IdA1ResponseUserSearchNext "A response to IdA1CommandUserSearchNext."]
[record IdA1ResponseUserSearchNext
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The next page of results."]
  [field page [IdA1Page IdA1UserSummary]]
]

[documentation IdA1ResponseUserSearchPrevious "A response to IdA1CommandUserSearchPrevious."]
[record IdA1ResponseUserSearchPrevious
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The previous page of results."]
  [field page [IdA1Page IdA1UserSummary]]
]

[documentation IdA1ResponseUserSearchByEmailBegin "A response to IdA1CommandUserSearchByEmailBegin."]
[record IdA1ResponseUserSearchByEmailBegin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The first page of results."]
  [field page [IdA1Page IdA1UserSummary]]
]

[documentation IdA1ResponseUserSearchByEmailNext "A response to IdA1CommandUserSearchByEmailNext."]
[record IdA1ResponseUserSearchByEmailNext
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The next page of results."]
  [field page [IdA1Page IdA1UserSummary]]
]

[documentation IdA1ResponseUserSearchByEmailPrevious "A response to IdA1CommandUserSearchByEmailPrevious."]
[record IdA1ResponseUserSearchByEmailPrevious
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation page "The previous page of results."]
  [field page [IdA1Page IdA1UserSummary]]
]

[documentation IdA1ResponseUserUpdate "A response to IdA1CommandUserUpdate."]
[record IdA1ResponseUserUpdate
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation user "The user."]
  [field user IdA1User]
]

[documentation IdA1ResponseUserLoginHistory "A response to IdA1CommandUserLoginHistory."]
[record IdA1ResponseUserLoginHistory
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation requestId "The user's login history."]
  [field history [cb:List IdA1Login]]
]

;
; General responses.
;

[documentation IdA1ResponseError "An error response."]
[record IdA1ResponseError
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation errorCode "The error code."]
  [field errorCode cb:String]
  [documentation message "The error message."]
  [field message cb:String]
]

[documentation IdA1ResponseLogin "A response to IdA1CommandLogin."]
[record IdA1ResponseLogin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdA1UUID]
  [documentation admin "The admin."]
  [field admin IdA1Admin]
]

[documentation IdA1 "The Admin v1 protocol."]
[protocol IdA1
  [version 1
    [types-added
      IdA1CommandAdminBanCreate
      IdA1CommandAdminBanDelete
      IdA1CommandAdminBanGet
      IdA1CommandAdminCreate
      IdA1CommandAdminDelete
      IdA1CommandAdminEmailAdd
      IdA1CommandAdminEmailRemove
      IdA1CommandAdminGet
      IdA1CommandAdminGetByEmail
      IdA1CommandAdminPermissionGrant
      IdA1CommandAdminPermissionRevoke
      IdA1CommandAdminSearchBegin
      IdA1CommandAdminSearchByEmailBegin
      IdA1CommandAdminSearchByEmailNext
      IdA1CommandAdminSearchByEmailPrevious
      IdA1CommandAdminSearchNext
      IdA1CommandAdminSearchPrevious
      IdA1CommandAdminSelf
      IdA1CommandAdminUpdate
      IdA1CommandAuditSearchBegin
      IdA1CommandAuditSearchNext
      IdA1CommandAuditSearchPrevious
      IdA1CommandLogin
      IdA1CommandUserBanCreate
      IdA1CommandUserBanDelete
      IdA1CommandUserBanGet
      IdA1CommandUserCreate
      IdA1CommandUserDelete
      IdA1CommandUserEmailAdd
      IdA1CommandUserEmailRemove
      IdA1CommandUserGet
      IdA1CommandUserGetByEmail
      IdA1CommandUserLoginHistory
      IdA1CommandUserSearchBegin
      IdA1CommandUserSearchByEmailBegin
      IdA1CommandUserSearchByEmailNext
      IdA1CommandUserSearchByEmailPrevious
      IdA1CommandUserSearchNext
      IdA1CommandUserSearchPrevious
      IdA1CommandUserUpdate
      IdA1ResponseAdminBanCreate
      IdA1ResponseAdminBanDelete
      IdA1ResponseAdminBanGet
      IdA1ResponseAdminCreate
      IdA1ResponseAdminDelete
      IdA1ResponseAdminGet
      IdA1ResponseAdminSearchBegin
      IdA1ResponseAdminSearchByEmailBegin
      IdA1ResponseAdminSearchByEmailNext
      IdA1ResponseAdminSearchByEmailPrevious
      IdA1ResponseAdminSearchNext
      IdA1ResponseAdminSearchPrevious
      IdA1ResponseAdminSelf
      IdA1ResponseAdminUpdate
      IdA1ResponseAuditSearchBegin
      IdA1ResponseAuditSearchNext
      IdA1ResponseAuditSearchPrevious
      IdA1ResponseError
      IdA1ResponseLogin
      IdA1ResponseUserBanCreate
      IdA1ResponseUserBanDelete
      IdA1ResponseUserBanGet
      IdA1ResponseUserCreate
      IdA1ResponseUserDelete
      IdA1ResponseUserGet
      IdA1ResponseUserLoginHistory
      IdA1ResponseUserSearchBegin
      IdA1ResponseUserSearchByEmailBegin
      IdA1ResponseUserSearchByEmailNext
      IdA1ResponseUserSearchByEmailPrevious
      IdA1ResponseUserSearchNext
      IdA1ResponseUserSearchPrevious
      IdA1ResponseUserUpdate
    ]
  ]
]

5.1.5. Generated Documentation

1
Generated documentation for the Cedarbridge schemas is available:

5.1.5.2. Schema Documentation

5.2. User Protocol 1

5.2.1. Encoding

1
The version 1 User protocol uses cedarbridge encoded messages over HTTP(s).

5.2.2. Login

1
Send an IdU1CommandLogin command to /v1/login. If the login succeeds, a cookie named IDSTORE_USER_API_SESSION will be set. This cookie must be included with all subsequent requests.

5.2.3. Commands

1
After logging in successfully, send commands of type IdU1Command* to /v1/command. Failed commands will yield a value of type IdU1ResponseError, whilst successful results will yield values of type IdU1Response*.

5.2.4. Schemas

5.2.4.1. Schemas

;
; Copyright © 2022 Mark Raynsford <code@io7m.com> https://www.io7m.com
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
; WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
; MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
; SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
; WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
; ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
; IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
;

[language cedarbridge 1 0]

[package com.io7m.idstore.protocol.user.cb]

[import com.io7m.cedarbridge cb]

[documentation IdU1UUID "A 128-bit UUID value."]
[record IdU1UUID
  [documentation msb "The most significant bits of the UUID."]
  [field msb cb:IntegerUnsigned64]
  [documentation lsb "The least significant bits of the UUID."]
  [field lsb cb:IntegerUnsigned64]
]

[documentation IdU1Password "Information for a hashed password."]
[record IdU1Password
  [documentation algorithm "The password algorithm."]
  [field algorithm cb:String]
  [documentation hash "The password hash."]
  [field hash cb:String]
  [documentation salt "The password salt."]
  [field salt cb:String]
]

[documentation IdU1TimestampUTC "A UTC timestamp value."]
[record IdU1TimestampUTC
  [documentation year "The year."]
  [field year cb:IntegerUnsigned32]
  [documentation month "The month in the range [1, 12]."]
  [field month cb:IntegerUnsigned8]
  [documentation day "The day of the month in the range [1, 31]."]
  [field day cb:IntegerUnsigned8]
  [documentation hour "The hour in the range [0, 23]."]
  [field hour cb:IntegerUnsigned8]
  [documentation minute "The minute in the range [0, 59]."]
  [field minute cb:IntegerUnsigned8]
  [documentation second "The second in the range [0, 59]."]
  [field second cb:IntegerUnsigned8]
  [documentation millisecond "The millisecond in the range [0, 999]."]
  [field millisecond cb:IntegerUnsigned32]
]

[documentation IdU1User "A user."]
[record IdU1User
  [documentation id "The user ID."]
  [field id IdU1UUID]
  [documentation idName "The user ID name."]
  [field idName cb:String]
  [documentation realName "The user real name."]
  [field realName cb:String]
  [documentation emails "The user emails."]
  [field emails [cb:List cb:String]]
  [documentation timeCreated "The time the account was created."]
  [field timeCreated IdU1TimestampUTC]
  [documentation timeUpdated "The time the account was updated."]
  [field timeUpdated IdU1TimestampUTC]
  [documentation password "The user password."]
  [field password IdU1Password]
]

;
; Commands.
;

[documentation IdU1CommandLogin "A request to log in."]
[record IdU1CommandLogin
  [documentation userName "The username."]
  [field userName cb:String]
  [documentation password "The password."]
  [field password cb:String]
  [documentation metadata "Extra metadata included with the login request."]
  [field metadata [cb:Map cb:String cb:String]]
]

[documentation IdU1CommandUserSelf "A request to fetch the user's own profile."]
[record IdU1CommandUserSelf]

[documentation IdU1CommandEmailAddBegin "A request to add an email address."]
[record IdU1CommandEmailAddBegin
  [documentation email "The email address."]
  [field email cb:String]
]

[documentation IdU1CommandEmailRemoveBegin "A request to remove an email address."]
[record IdU1CommandEmailRemoveBegin
  [documentation email "The email address."]
  [field email cb:String]
]

[documentation IdU1CommandEmailAddPermit "A request to complete an email address challenge."]
[record IdU1CommandEmailAddPermit
  [documentation token "The challenge token."]
  [field token cb:String]
]

[documentation IdU1CommandEmailRemovePermit "A request to complete an email address challenge."]
[record IdU1CommandEmailRemovePermit
  [documentation token "The challenge token."]
  [field token cb:String]
]

[documentation IdU1CommandEmailAddDeny "A request to complete an email address challenge."]
[record IdU1CommandEmailAddDeny
  [documentation token "The challenge token."]
  [field token cb:String]
]

[documentation IdU1CommandEmailRemoveDeny "A request to complete an email address challenge."]
[record IdU1CommandEmailRemoveDeny
  [documentation token "The challenge token."]
  [field token cb:String]
]

[documentation IdU1CommandRealnameUpdate "A request to update the user's real name."]
[record IdU1CommandRealnameUpdate
  [documentation name "The new name."]
  [field name cb:String]
]

[documentation IdU1CommandPasswordUpdate "A request to update the user's password."]
[record IdU1CommandPasswordUpdate
  [documentation password "The new password."]
  [field password cb:String]
  [documentation passwordConfirm "The password confirmation."]
  [field passwordConfirm cb:String]
]

;
; Responses.
;

[documentation IdU1ResponseError "An error response."]
[record IdU1ResponseError
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
  [documentation errorCode "The error code."]
  [field errorCode cb:String]
  [documentation message "The error message."]
  [field message cb:String]
]

[documentation IdU1ResponseLogin "A response to IdU1CommandLogin."]
[record IdU1ResponseLogin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
  [documentation user "The user."]
  [field user IdU1User]
]

[documentation IdU1ResponseUserSelf "A response to IdU1CommandUserSelf."]
[record IdU1ResponseUserSelf
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
  [documentation user "The user."]
  [field user IdU1User]
]

[documentation IdU1ResponseUserUpdate "A response to various update commands."]
[record IdU1ResponseUserUpdate
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
  [documentation user "The user."]
  [field user IdU1User]
]

[documentation IdU1ResponseEmailAddBegin "A response to IdU1CommandEmailAddBegin."]
[record IdU1ResponseEmailAddBegin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
]

[documentation IdU1ResponseEmailRemoveBegin "A response to IdU1CommandEmailRemoveBegin."]
[record IdU1ResponseEmailRemoveBegin
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
]

[documentation IdU1ResponseEmailAddPermit "A response to IdU1CommandEmailAddPermit."]
[record IdU1ResponseEmailAddPermit
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
]

[documentation IdU1ResponseEmailRemovePermit "A response to IdU1CommandEmailRemovePermit."]
[record IdU1ResponseEmailRemovePermit
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
]

[documentation IdU1ResponseEmailAddDeny "A response to IdU1CommandEmailAddDeny."]
[record IdU1ResponseEmailAddDeny
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
]

[documentation IdU1ResponseEmailRemoveDeny "A response to IdU1CommandEmailRemoveDeny."]
[record IdU1ResponseEmailRemoveDeny
  [documentation requestId "The ID of the request that yielded this response."]
  [field requestId IdU1UUID]
]

;
; Protocol.
;

[documentation IdU1 "The User v1 protocol."]
[protocol IdU1
  [version 1
    [types-added
      IdU1CommandEmailAddBegin
      IdU1CommandEmailAddDeny
      IdU1CommandEmailAddPermit
      IdU1CommandEmailRemoveBegin
      IdU1CommandEmailRemoveDeny
      IdU1CommandEmailRemovePermit
      IdU1CommandLogin
      IdU1CommandPasswordUpdate
      IdU1CommandRealnameUpdate
      IdU1CommandUserSelf
      IdU1ResponseEmailAddBegin
      IdU1ResponseEmailAddDeny
      IdU1ResponseEmailAddPermit
      IdU1ResponseEmailRemoveBegin
      IdU1ResponseEmailRemoveDeny
      IdU1ResponseEmailRemovePermit
      IdU1ResponseError
      IdU1ResponseLogin
      IdU1ResponseUserSelf
      IdU1ResponseUserUpdate
    ]
  ]
]

5.2.5. Generated Documentation

1
Generated documentation for the Cedarbridge schemas is available:

5.2.5.2. Schema Documentation

5.3. JavaDoc

1
The server and clients expose Java APIs that are documented in the included JavaDoc.
io7m | single-page | multi-page | epub | Idstore User Manual 0.0.8