Merge pull request #241 from overmindtech/refresh-api-key

Create an endpoint to refresh an API key's token without creating a new API key
overmindtech · Aug 6, 2024 · ef63d21 · ef63d21
2 parents 2712d72 + f02c0ee
commit ef63d21
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/apikeys.proto b/apikeys.proto
@@ -26,6 +26,10 @@ service ApiKeyService {
     // cannot be used until the user has been redirected to the given URL which
     // allows Auth0 to actually generate an access token
     rpc CreateAPIKey(CreateAPIKeyRequest) returns (CreateAPIKeyResponse);
+    // Refreshes an API key, returning a new one with the same metadata and
+    // properties. The response will be the same as CreateAPIKey, and requires
+    // the same redirect handling to authenticate the new key.
+    rpc RefreshAPIKey(RefreshAPIKeyRequest) returns (RefreshAPIKeyResponse);
     rpc GetAPIKey(GetAPIKeyRequest) returns (GetAPIKeyResponse);
     rpc UpdateAPIKey(UpdateAPIKeyRequest) returns (UpdateAPIKeyResponse);
     rpc ListAPIKeys(ListAPIKeysRequest) returns (ListAPIKeysResponse);
@@ -141,6 +145,18 @@ message CreateAPIKeyResponse {
     string authorizeURL = 2;
 }
 
+message RefreshAPIKeyRequest {
+    // The UUID of the API key to refresh
+    bytes uuid = 1;
+}
+
+message RefreshAPIKeyResponse {
+    // Refreshing the API key will return the same response as CreateAPIKey, as
+    // it is basically the a new Key, just under the same UUID and reusing the
+    // old info.
+    CreateAPIKeyResponse response = 1;
+}
+
 message GetAPIKeyRequest {
     // The UUID of the API Key to get
     bytes uuid = 1;