From b6c35cabc6dd24dccb763f37fe98a468e2a06204 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nadja=20von=20Reitzenstein=20=C4=8Cerpnjak?=
 <me@dequbed.space>
Date: Mon, 22 Apr 2024 12:23:13 +0200
Subject: [PATCH] Add continue result to authentication

---
 auth.capnp | 18 +++++++++++++++++-
 main.capnp |  5 ++---
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/auth.capnp b/auth.capnp
index 5c366ea..f0f69b1 100644
--- a/auth.capnp
+++ b/auth.capnp
@@ -6,6 +6,11 @@ $CSharp.namespace("FabAccessAPI.Schema");
 using import "utils.capnp".L10NString;
 using import "main.capnp".Session;
 
+struct AuthSupported {
+    mechs @0 :List(Mechanism);
+    cbtypes @1 :List(Text);
+}
+
 struct Mechanism {
     name @0 :Text;
     additionalInfo @1 :AnyPointer;
@@ -95,7 +100,18 @@ struct Response {
             # non-NULL list ptr of zero bytes which clients MUST pass to their SASL implementation
             # as "no additional data" and "some additional data of zero length" respectively.
         }
-        # TODO: Continue for successful step but additional mech needed
+        continue :group {
+            # The current authentication exchange was successful, but the client needs to perform 
+            # a second round of authentication (e.g.  2FA) to continue.
+
+            nextMechanisms @6 :List(Mechanism);
+            # List of mechanisms now available to the client.
+
+            additionalData @7 :Data;
+            # SASL may send additional data with the continue result. This MAY be a NULL-ptr or a
+            # non-NULL list ptr of zero bytes which clients MUST pass to their SASL implementation
+            # as "no additional data" and "some additional data of zero length" respectively.
+        }
     }
 }
 
diff --git a/main.capnp b/main.capnp
index 062b395..8a380ad 100644
--- a/main.capnp
+++ b/main.capnp
@@ -4,6 +4,7 @@ using CSharp = import "programming_language/csharp.capnp";
 $CSharp.namespace("FabAccessAPI.Schema");
 
 using import "auth.capnp".Authentication;
+using import "auth.capnp".AuthSupported;
 using import "auth.capnp".Mechanism;
 using import "resources.capnp".Resources;
 using import "users.capnp".Users;
@@ -31,10 +32,8 @@ interface Bootstrap
     getServerInfo @2 () -> ( spacename :Text, instanceurl :Text );
     # Returns information about the server, which can be used to resolve MDNS to DNS and display the server name to the user.
 
-    mechanisms @3 () -> ( mechs :List(Mechanism), cbtypes :List(Text) );
+    mechanisms @3 () -> AuthSupported;
     # Get a list of Mechanisms this server allows in this context.
-    # TODO: Channel Bindings
-    # TODO: List of groups of mechs
 
     createSession @4 ( mechanism :Text ) -> ( authentication :Authentication );
     # Create a new session with the server that you wish to authenticate using `mechanism`.  If the