From 1d3ffeb841b4fe1d1d594e038cc4210cfc877061 Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@nspcc.ru>
Date: Thu, 18 Jun 2020 10:58:11 +0300
Subject: [PATCH 1/2] service: add Bearer token message to
 RequestVerificationHeader

---
 proto-docs/service.md | 29 +++++++++++++++++++++++++++++
 service/verify.proto  | 26 ++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/proto-docs/service.md b/proto-docs/service.md
index 423599b..d492ccd 100644
--- a/proto-docs/service.md
+++ b/proto-docs/service.md
@@ -13,6 +13,8 @@
 - [service/verify.proto](#service/verify.proto)
 
   - Messages
+    - [BearerTokenMsg](#service.BearerTokenMsg)
+    - [BearerTokenMsg.Info](#service.BearerTokenMsg.Info)
     - [RequestVerificationHeader](#service.RequestVerificationHeader)
     - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
     - [Token](#service.Token)
@@ -75,6 +77,32 @@ ResponseMetaHeader contains meta information based on request processing by serv
  <!-- end services -->
 
 
+<a name="service.BearerTokenMsg"></a>
+
+### Message BearerTokenMsg
+BearerTokenMsg carries information about request ACL rules with limited lifetime
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| TokenInfo | [BearerTokenMsg.Info](#service.BearerTokenMsg.Info) |  | TokenInfo is a grouped information about token |
+| OwnerKey | [bytes](#bytes) |  | OwnerKey is a public key of the token owner |
+| Signature | [bytes](#bytes) |  | Signature is a signature of token information |
+
+
+<a name="service.BearerTokenMsg.Info"></a>
+
+### Message BearerTokenMsg.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ACLRules | [bytes](#bytes) |  | ACLRules is an ACL rules represented in bytes |
+| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of token |
+| ValidUntil | [uint64](#uint64) |  | ValidUntil carries a last epoch of token lifetime |
+
+
 <a name="service.RequestVerificationHeader"></a>
 
 ### Message RequestVerificationHeader
@@ -86,6 +114,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 | ----- | ---- | ----- | ----------- |
 | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
 | Token | [Token](#service.Token) |  | Token is a token of the session within which the request is sent |
+| Bearer | [BearerTokenMsg](#service.BearerTokenMsg) |  | Bearer is a Bearer token of the request |
 
 
 <a name="service.RequestVerificationHeader.Signature"></a>
diff --git a/service/verify.proto b/service/verify.proto
index a6619a6..c78a732 100644
--- a/service/verify.proto
+++ b/service/verify.proto
@@ -23,6 +23,9 @@ message RequestVerificationHeader {
 
     // Token is a token of the session within which the request is sent
     Token Token = 2;
+
+    // Bearer is a Bearer token of the request
+    BearerTokenMsg Bearer = 3;
 }
 
 // User token granting rights for object manipulation
@@ -91,3 +94,26 @@ message TokenLifetime {
 //     uint32 Version = 2;
 //     bytes Data = 3;
 // }
+
+// BearerTokenMsg carries information about request ACL rules with limited lifetime
+message BearerTokenMsg {
+    message Info {
+        // ACLRules is an ACL rules represented in bytes
+        bytes ACLRules = 1;
+
+        // OwnerID is an owner of token
+        bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+        // ValidUntil carries a last epoch of token lifetime
+        uint64 ValidUntil = 3;
+    }
+
+    // TokenInfo is a grouped information about token
+    Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+
+    // OwnerKey is a public key of the token owner
+    bytes OwnerKey = 2;
+
+    // Signature is a signature of token information
+    bytes Signature = 3;
+}

From 108d7e0fb048bc7f1af2f087f32f1cbc91f62269 Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@nspcc.ru>
Date: Thu, 18 Jun 2020 11:56:26 +0300
Subject: [PATCH 2/2] service: clarify the description of
 BearerTokenMsg.Info.ACLRules field

---
 proto-docs/service.md | 2 +-
 service/verify.proto  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/proto-docs/service.md b/proto-docs/service.md
index d492ccd..a42f0a0 100644
--- a/proto-docs/service.md
+++ b/proto-docs/service.md
@@ -98,7 +98,7 @@ BearerTokenMsg carries information about request ACL rules with limited lifetime
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| ACLRules | [bytes](#bytes) |  | ACLRules is an ACL rules represented in bytes |
+| ACLRules | [bytes](#bytes) |  | ACLRules carries a binary representation of the table of extended ACL rules |
 | OwnerID | [bytes](#bytes) |  | OwnerID is an owner of token |
 | ValidUntil | [uint64](#uint64) |  | ValidUntil carries a last epoch of token lifetime |
 
diff --git a/service/verify.proto b/service/verify.proto
index c78a732..a7e694f 100644
--- a/service/verify.proto
+++ b/service/verify.proto
@@ -98,7 +98,7 @@ message TokenLifetime {
 // BearerTokenMsg carries information about request ACL rules with limited lifetime
 message BearerTokenMsg {
     message Info {
-        // ACLRules is an ACL rules represented in bytes
+        // ACLRules carries a binary representation of the table of extended ACL rules
         bytes ACLRules = 1;
 
         // OwnerID is an owner of token