diff --git a/proto-docs/service.md b/proto-docs/service.md
index 423599b..d492ccd 100644
--- a/proto-docs/service.md
+++ b/proto-docs/service.md
@@ -13,6 +13,8 @@
- [service/verify.proto](#service/verify.proto)
- Messages
+ - [BearerTokenMsg](#service.BearerTokenMsg)
+ - [BearerTokenMsg.Info](#service.BearerTokenMsg.Info)
- [RequestVerificationHeader](#service.RequestVerificationHeader)
- [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
- [Token](#service.Token)
@@ -75,6 +77,32 @@ ResponseMetaHeader contains meta information based on request processing by serv
+
+
+### Message BearerTokenMsg
+BearerTokenMsg carries information about request ACL rules with limited lifetime
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| TokenInfo | [BearerTokenMsg.Info](#service.BearerTokenMsg.Info) | | TokenInfo is a grouped information about token |
+| OwnerKey | [bytes](#bytes) | | OwnerKey is a public key of the token owner |
+| Signature | [bytes](#bytes) | | Signature is a signature of token information |
+
+
+
+
+### Message BearerTokenMsg.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ACLRules | [bytes](#bytes) | | ACLRules is an ACL rules represented in bytes |
+| OwnerID | [bytes](#bytes) | | OwnerID is an owner of token |
+| ValidUntil | [uint64](#uint64) | | ValidUntil carries a last epoch of token lifetime |
+
+
### Message RequestVerificationHeader
@@ -86,6 +114,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
| ----- | ---- | ----- | ----------- |
| Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
| Token | [Token](#service.Token) | | Token is a token of the session within which the request is sent |
+| Bearer | [BearerTokenMsg](#service.BearerTokenMsg) | | Bearer is a Bearer token of the request |
diff --git a/service/verify.proto b/service/verify.proto
index a6619a6..c78a732 100644
--- a/service/verify.proto
+++ b/service/verify.proto
@@ -23,6 +23,9 @@ message RequestVerificationHeader {
// Token is a token of the session within which the request is sent
Token Token = 2;
+
+ // Bearer is a Bearer token of the request
+ BearerTokenMsg Bearer = 3;
}
// User token granting rights for object manipulation
@@ -91,3 +94,26 @@ message TokenLifetime {
// uint32 Version = 2;
// bytes Data = 3;
// }
+
+// BearerTokenMsg carries information about request ACL rules with limited lifetime
+message BearerTokenMsg {
+ message Info {
+ // ACLRules is an ACL rules represented in bytes
+ bytes ACLRules = 1;
+
+ // OwnerID is an owner of token
+ bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+ // ValidUntil carries a last epoch of token lifetime
+ uint64 ValidUntil = 3;
+ }
+
+ // TokenInfo is a grouped information about token
+ Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+
+ // OwnerKey is a public key of the token owner
+ bytes OwnerKey = 2;
+
+ // Signature is a signature of token information
+ bytes Signature = 3;
+}