Auth Service

Auto-generated from /home/runner/work/feature-flag/feature-flag/proto/auth/v1/auth_service.proto

Package: stitchd.auth.v1

Message: `CredentialRequest`

A raw credential presented by a caller for validation. Exactly one field must be set.

Field	Type	Description
`bearer_token`	`string`	A signed JWT issued by the human-auth flow.
`sdk_key`	`string`	A raw SDK key presented via `x-sdk-key` header.

Access-control information returned for a validated credential. Downstream services inject this into request context without re-validating.

Field	Type	Description
`tenant_id`	`string`
`environment_id`	`string`
`roles`	`repeated string`
`permissions`	`repeated string`
`subject`	`string`	The resolved actor identity (user_id for JWT, sdk_key_id for SDK keys).
`is_system`	`bool`	True when the credential belongs to a user in the platform System org. Used by the gateway to enforce admin-only vs. management-only route separation: admin routes require is_system=true; management routes require is_system=false.

Field	Type	Description
`email`	`string`
`password`	`string`
`org_id`	`string`	Optional org scope; if empty the first org the user belongs to is used.

Field	Type	Description
`access_token`	`string`
`refresh_token`	`string`
`expires_in`	`int64`	Seconds until the access token expires.
`user_id`	`string`
`org_id`	`string`

Field	Type	Description
`current_token`	`string`
`target_org_id`	`string`

Field	Type	Description
`current_token`	`string`

Field	Type	Description
`orgs`	`repeated UserOrgEntry`

Validates a credential and returns the RBAC context for the caller. Returns UNAUTHENTICATED if the credential is invalid or expired.

Authenticates an email + password credential and issues a JWT.

Switches the current user to a different org, issuing a new JWT.

Lists all orgs the current user is a member of (excluding System orgs).