chore: auto-generate protobuf files [skip ci]

2026-04-11 05:14:59 +00:00
parent 1244ff0638
commit 1f830aa764
21 changed files with 10518 additions and 0 deletions
--- a/gen/go/sso/account.pb.go
+++ b/gen/go/sso/account.pb.go
--- a/gen/go/sso/account_grpc.pb.go
+++ b/gen/go/sso/account_grpc.pb.go
@@ -0,0 +1,691 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: sso/account.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	AccountService_GetAccount_FullMethodName         = "/account.v1.AccountService/GetAccount"
+	AccountService_ChangePassword_FullMethodName     = "/account.v1.AccountService/ChangePassword"
+	AccountService_AdminResetPassword_FullMethodName = "/account.v1.AccountService/AdminResetPassword"
+	AccountService_CreateUser_FullMethodName         = "/account.v1.AccountService/CreateUser"
+	AccountService_DeleteUser_FullMethodName         = "/account.v1.AccountService/DeleteUser"
+	AccountService_ChangeData_FullMethodName         = "/account.v1.AccountService/ChangeData"
+	AccountService_AssignRole_FullMethodName         = "/account.v1.AccountService/AssignRole"
+	AccountService_RevokeRole_FullMethodName         = "/account.v1.AccountService/RevokeRole"
+	AccountService_SetPin_FullMethodName             = "/account.v1.AccountService/SetPin"
+	AccountService_UnlockPin_FullMethodName          = "/account.v1.AccountService/UnlockPin"
+	AccountService_GetPinStatus_FullMethodName       = "/account.v1.AccountService/GetPinStatus"
+	AccountService_RemovePin_FullMethodName          = "/account.v1.AccountService/RemovePin"
+	AccountService_BlockUser_FullMethodName          = "/account.v1.AccountService/BlockUser"
+	AccountService_UnblockUser_FullMethodName        = "/account.v1.AccountService/UnblockUser"
+	AccountService_BlockIp_FullMethodName            = "/account.v1.AccountService/BlockIp"
+	AccountService_UnblockIp_FullMethodName          = "/account.v1.AccountService/UnblockIp"
+)
+
+// AccountServiceClient is the client API for AccountService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type AccountServiceClient interface {
+	GetAccount(ctx context.Context, in *GetAccountRequest, opts ...grpc.CallOption) (*GetAccountResponse, error)
+	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*ChangePasswordResponse, error)
+	AdminResetPassword(ctx context.Context, in *AdminResetPasswordRequest, opts ...grpc.CallOption) (*AdminResetPasswordResponse, error)
+	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error)
+	DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error)
+	ChangeData(ctx context.Context, in *ChangeDataRequest, opts ...grpc.CallOption) (*ChangeDataResponse, error)
+	AssignRole(ctx context.Context, in *AssignRoleRequest, opts ...grpc.CallOption) (*AssignRoleResponse, error)
+	RevokeRole(ctx context.Context, in *RevokeRoleRequest, opts ...grpc.CallOption) (*RevokeRoleResponse, error)
+	SetPin(ctx context.Context, in *SetPinRequest, opts ...grpc.CallOption) (*SetPinResponse, error)
+	UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error)
+	GetPinStatus(ctx context.Context, in *GetPinStatusRequest, opts ...grpc.CallOption) (*GetPinStatusResponse, error)
+	RemovePin(ctx context.Context, in *RemovePinRequest, opts ...grpc.CallOption) (*RemovePinResponse, error)
+	BlockUser(ctx context.Context, in *BlockUserRequest, opts ...grpc.CallOption) (*BlockUserResponse, error)
+	UnblockUser(ctx context.Context, in *UnblockUserRequest, opts ...grpc.CallOption) (*UnblockUserResponse, error)
+	BlockIp(ctx context.Context, in *BlockIpRequest, opts ...grpc.CallOption) (*BlockIpResponse, error)
+	UnblockIp(ctx context.Context, in *UnblockIpRequest, opts ...grpc.CallOption) (*UnblockIpResponse, error)
+}
+
+type accountServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewAccountServiceClient(cc grpc.ClientConnInterface) AccountServiceClient {
+	return &accountServiceClient{cc}
+}
+
+func (c *accountServiceClient) GetAccount(ctx context.Context, in *GetAccountRequest, opts ...grpc.CallOption) (*GetAccountResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAccountResponse)
+	err := c.cc.Invoke(ctx, AccountService_GetAccount_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*ChangePasswordResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ChangePasswordResponse)
+	err := c.cc.Invoke(ctx, AccountService_ChangePassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) AdminResetPassword(ctx context.Context, in *AdminResetPasswordRequest, opts ...grpc.CallOption) (*AdminResetPasswordResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(AdminResetPasswordResponse)
+	err := c.cc.Invoke(ctx, AccountService_AdminResetPassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CreateUserResponse)
+	err := c.cc.Invoke(ctx, AccountService_CreateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteUserResponse)
+	err := c.cc.Invoke(ctx, AccountService_DeleteUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) ChangeData(ctx context.Context, in *ChangeDataRequest, opts ...grpc.CallOption) (*ChangeDataResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ChangeDataResponse)
+	err := c.cc.Invoke(ctx, AccountService_ChangeData_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) AssignRole(ctx context.Context, in *AssignRoleRequest, opts ...grpc.CallOption) (*AssignRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(AssignRoleResponse)
+	err := c.cc.Invoke(ctx, AccountService_AssignRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) RevokeRole(ctx context.Context, in *RevokeRoleRequest, opts ...grpc.CallOption) (*RevokeRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RevokeRoleResponse)
+	err := c.cc.Invoke(ctx, AccountService_RevokeRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) SetPin(ctx context.Context, in *SetPinRequest, opts ...grpc.CallOption) (*SetPinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SetPinResponse)
+	err := c.cc.Invoke(ctx, AccountService_SetPin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnlockPinResponse)
+	err := c.cc.Invoke(ctx, AccountService_UnlockPin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) GetPinStatus(ctx context.Context, in *GetPinStatusRequest, opts ...grpc.CallOption) (*GetPinStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetPinStatusResponse)
+	err := c.cc.Invoke(ctx, AccountService_GetPinStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) RemovePin(ctx context.Context, in *RemovePinRequest, opts ...grpc.CallOption) (*RemovePinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RemovePinResponse)
+	err := c.cc.Invoke(ctx, AccountService_RemovePin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) BlockUser(ctx context.Context, in *BlockUserRequest, opts ...grpc.CallOption) (*BlockUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(BlockUserResponse)
+	err := c.cc.Invoke(ctx, AccountService_BlockUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) UnblockUser(ctx context.Context, in *UnblockUserRequest, opts ...grpc.CallOption) (*UnblockUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnblockUserResponse)
+	err := c.cc.Invoke(ctx, AccountService_UnblockUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) BlockIp(ctx context.Context, in *BlockIpRequest, opts ...grpc.CallOption) (*BlockIpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(BlockIpResponse)
+	err := c.cc.Invoke(ctx, AccountService_BlockIp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) UnblockIp(ctx context.Context, in *UnblockIpRequest, opts ...grpc.CallOption) (*UnblockIpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnblockIpResponse)
+	err := c.cc.Invoke(ctx, AccountService_UnblockIp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AccountServiceServer is the server API for AccountService service.
+// All implementations must embed UnimplementedAccountServiceServer
+// for forward compatibility.
+type AccountServiceServer interface {
+	GetAccount(context.Context, *GetAccountRequest) (*GetAccountResponse, error)
+	ChangePassword(context.Context, *ChangePasswordRequest) (*ChangePasswordResponse, error)
+	AdminResetPassword(context.Context, *AdminResetPasswordRequest) (*AdminResetPasswordResponse, error)
+	CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error)
+	DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error)
+	ChangeData(context.Context, *ChangeDataRequest) (*ChangeDataResponse, error)
+	AssignRole(context.Context, *AssignRoleRequest) (*AssignRoleResponse, error)
+	RevokeRole(context.Context, *RevokeRoleRequest) (*RevokeRoleResponse, error)
+	SetPin(context.Context, *SetPinRequest) (*SetPinResponse, error)
+	UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error)
+	GetPinStatus(context.Context, *GetPinStatusRequest) (*GetPinStatusResponse, error)
+	RemovePin(context.Context, *RemovePinRequest) (*RemovePinResponse, error)
+	BlockUser(context.Context, *BlockUserRequest) (*BlockUserResponse, error)
+	UnblockUser(context.Context, *UnblockUserRequest) (*UnblockUserResponse, error)
+	BlockIp(context.Context, *BlockIpRequest) (*BlockIpResponse, error)
+	UnblockIp(context.Context, *UnblockIpRequest) (*UnblockIpResponse, error)
+	mustEmbedUnimplementedAccountServiceServer()
+}
+
+// UnimplementedAccountServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedAccountServiceServer struct{}
+
+func (UnimplementedAccountServiceServer) GetAccount(context.Context, *GetAccountRequest) (*GetAccountResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAccount not implemented")
+}
+func (UnimplementedAccountServiceServer) ChangePassword(context.Context, *ChangePasswordRequest) (*ChangePasswordResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangePassword not implemented")
+}
+func (UnimplementedAccountServiceServer) AdminResetPassword(context.Context, *AdminResetPasswordRequest) (*AdminResetPasswordResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AdminResetPassword not implemented")
+}
+func (UnimplementedAccountServiceServer) CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateUser not implemented")
+}
+func (UnimplementedAccountServiceServer) DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteUser not implemented")
+}
+func (UnimplementedAccountServiceServer) ChangeData(context.Context, *ChangeDataRequest) (*ChangeDataResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangeData not implemented")
+}
+func (UnimplementedAccountServiceServer) AssignRole(context.Context, *AssignRoleRequest) (*AssignRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AssignRole not implemented")
+}
+func (UnimplementedAccountServiceServer) RevokeRole(context.Context, *RevokeRoleRequest) (*RevokeRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RevokeRole not implemented")
+}
+func (UnimplementedAccountServiceServer) SetPin(context.Context, *SetPinRequest) (*SetPinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SetPin not implemented")
+}
+func (UnimplementedAccountServiceServer) UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnlockPin not implemented")
+}
+func (UnimplementedAccountServiceServer) GetPinStatus(context.Context, *GetPinStatusRequest) (*GetPinStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetPinStatus not implemented")
+}
+func (UnimplementedAccountServiceServer) RemovePin(context.Context, *RemovePinRequest) (*RemovePinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RemovePin not implemented")
+}
+func (UnimplementedAccountServiceServer) BlockUser(context.Context, *BlockUserRequest) (*BlockUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method BlockUser not implemented")
+}
+func (UnimplementedAccountServiceServer) UnblockUser(context.Context, *UnblockUserRequest) (*UnblockUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnblockUser not implemented")
+}
+func (UnimplementedAccountServiceServer) BlockIp(context.Context, *BlockIpRequest) (*BlockIpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method BlockIp not implemented")
+}
+func (UnimplementedAccountServiceServer) UnblockIp(context.Context, *UnblockIpRequest) (*UnblockIpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnblockIp not implemented")
+}
+func (UnimplementedAccountServiceServer) mustEmbedUnimplementedAccountServiceServer() {}
+func (UnimplementedAccountServiceServer) testEmbeddedByValue()                        {}
+
+// UnsafeAccountServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AccountServiceServer will
+// result in compilation errors.
+type UnsafeAccountServiceServer interface {
+	mustEmbedUnimplementedAccountServiceServer()
+}
+
+func RegisterAccountServiceServer(s grpc.ServiceRegistrar, srv AccountServiceServer) {
+	// If the following call panics, it indicates UnimplementedAccountServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&AccountService_ServiceDesc, srv)
+}
+
+func _AccountService_GetAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAccountRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).GetAccount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_GetAccount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).GetAccount(ctx, req.(*GetAccountRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_ChangePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangePasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).ChangePassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_ChangePassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_AdminResetPassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AdminResetPasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).AdminResetPassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_AdminResetPassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).AdminResetPassword(ctx, req.(*AdminResetPasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).CreateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_CreateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).CreateUser(ctx, req.(*CreateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_DeleteUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).DeleteUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_DeleteUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).DeleteUser(ctx, req.(*DeleteUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_ChangeData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangeDataRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).ChangeData(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_ChangeData_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).ChangeData(ctx, req.(*ChangeDataRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_AssignRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AssignRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).AssignRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_AssignRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).AssignRole(ctx, req.(*AssignRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_RevokeRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RevokeRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).RevokeRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_RevokeRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).RevokeRole(ctx, req.(*RevokeRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_SetPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SetPinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).SetPin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_SetPin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).SetPin(ctx, req.(*SetPinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_UnlockPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnlockPinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).UnlockPin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_UnlockPin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).UnlockPin(ctx, req.(*UnlockPinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_GetPinStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetPinStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).GetPinStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_GetPinStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).GetPinStatus(ctx, req.(*GetPinStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_RemovePin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemovePinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).RemovePin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_RemovePin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).RemovePin(ctx, req.(*RemovePinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_BlockUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(BlockUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).BlockUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_BlockUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).BlockUser(ctx, req.(*BlockUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_UnblockUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnblockUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).UnblockUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_UnblockUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).UnblockUser(ctx, req.(*UnblockUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_BlockIp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(BlockIpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).BlockIp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_BlockIp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).BlockIp(ctx, req.(*BlockIpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_UnblockIp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnblockIpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).UnblockIp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_UnblockIp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).UnblockIp(ctx, req.(*UnblockIpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// AccountService_ServiceDesc is the grpc.ServiceDesc for AccountService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AccountService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "account.v1.AccountService",
+	HandlerType: (*AccountServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetAccount",
+			Handler:    _AccountService_GetAccount_Handler,
+		},
+		{
+			MethodName: "ChangePassword",
+			Handler:    _AccountService_ChangePassword_Handler,
+		},
+		{
+			MethodName: "AdminResetPassword",
+			Handler:    _AccountService_AdminResetPassword_Handler,
+		},
+		{
+			MethodName: "CreateUser",
+			Handler:    _AccountService_CreateUser_Handler,
+		},
+		{
+			MethodName: "DeleteUser",
+			Handler:    _AccountService_DeleteUser_Handler,
+		},
+		{
+			MethodName: "ChangeData",
+			Handler:    _AccountService_ChangeData_Handler,
+		},
+		{
+			MethodName: "AssignRole",
+			Handler:    _AccountService_AssignRole_Handler,
+		},
+		{
+			MethodName: "RevokeRole",
+			Handler:    _AccountService_RevokeRole_Handler,
+		},
+		{
+			MethodName: "SetPin",
+			Handler:    _AccountService_SetPin_Handler,
+		},
+		{
+			MethodName: "UnlockPin",
+			Handler:    _AccountService_UnlockPin_Handler,
+		},
+		{
+			MethodName: "GetPinStatus",
+			Handler:    _AccountService_GetPinStatus_Handler,
+		},
+		{
+			MethodName: "RemovePin",
+			Handler:    _AccountService_RemovePin_Handler,
+		},
+		{
+			MethodName: "BlockUser",
+			Handler:    _AccountService_BlockUser_Handler,
+		},
+		{
+			MethodName: "UnblockUser",
+			Handler:    _AccountService_UnblockUser_Handler,
+		},
+		{
+			MethodName: "BlockIp",
+			Handler:    _AccountService_BlockIp_Handler,
+		},
+		{
+			MethodName: "UnblockIp",
+			Handler:    _AccountService_UnblockIp_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/account.proto",
+}
--- a/gen/go/sso/auth.pb.go
+++ b/gen/go/sso/auth.pb.go
--- a/gen/go/sso/auth_grpc.pb.go
+++ b/gen/go/sso/auth_grpc.pb.go
@@ -0,0 +1,387 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: sso/auth.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	AuthService_Login_FullMethodName               = "/auth.v1.AuthService/Login"
+	AuthService_Refresh_FullMethodName             = "/auth.v1.AuthService/Refresh"
+	AuthService_VerifyToken_FullMethodName         = "/auth.v1.AuthService/VerifyToken"
+	AuthService_GetAccountRoleLevel_FullMethodName = "/auth.v1.AuthService/GetAccountRoleLevel"
+	AuthService_Logout_FullMethodName              = "/auth.v1.AuthService/Logout"
+	AuthService_LogoutOther_FullMethodName         = "/auth.v1.AuthService/LogoutOther"
+	AuthService_GetSessions_FullMethodName         = "/auth.v1.AuthService/GetSessions"
+	AuthService_TerminateSession_FullMethodName    = "/auth.v1.AuthService/TerminateSession"
+)
+
+// AuthServiceClient is the client API for AuthService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type AuthServiceClient interface {
+	Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
+	Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error)
+	VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error)
+	GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error)
+	Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
+	LogoutOther(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
+	GetSessions(ctx context.Context, in *GetSessionRequest, opts ...grpc.CallOption) (*GetSessionsResponse, error)
+	TerminateSession(ctx context.Context, in *TerminateSessionRequest, opts ...grpc.CallOption) (*TerminateSessionResponse, error)
+}
+
+type authServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewAuthServiceClient(cc grpc.ClientConnInterface) AuthServiceClient {
+	return &authServiceClient{cc}
+}
+
+func (c *authServiceClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LoginResponse)
+	err := c.cc.Invoke(ctx, AuthService_Login_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RefreshResponse)
+	err := c.cc.Invoke(ctx, AuthService_Refresh_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(VerifyTokenResponse)
+	err := c.cc.Invoke(ctx, AuthService_VerifyToken_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAccountRoleLevelResponse)
+	err := c.cc.Invoke(ctx, AuthService_GetAccountRoleLevel_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LogoutResponse)
+	err := c.cc.Invoke(ctx, AuthService_Logout_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) LogoutOther(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LogoutResponse)
+	err := c.cc.Invoke(ctx, AuthService_LogoutOther_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) GetSessions(ctx context.Context, in *GetSessionRequest, opts ...grpc.CallOption) (*GetSessionsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetSessionsResponse)
+	err := c.cc.Invoke(ctx, AuthService_GetSessions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) TerminateSession(ctx context.Context, in *TerminateSessionRequest, opts ...grpc.CallOption) (*TerminateSessionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(TerminateSessionResponse)
+	err := c.cc.Invoke(ctx, AuthService_TerminateSession_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AuthServiceServer is the server API for AuthService service.
+// All implementations must embed UnimplementedAuthServiceServer
+// for forward compatibility.
+type AuthServiceServer interface {
+	Login(context.Context, *LoginRequest) (*LoginResponse, error)
+	Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error)
+	VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error)
+	GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error)
+	Logout(context.Context, *LogoutRequest) (*LogoutResponse, error)
+	LogoutOther(context.Context, *LogoutRequest) (*LogoutResponse, error)
+	GetSessions(context.Context, *GetSessionRequest) (*GetSessionsResponse, error)
+	TerminateSession(context.Context, *TerminateSessionRequest) (*TerminateSessionResponse, error)
+	mustEmbedUnimplementedAuthServiceServer()
+}
+
+// UnimplementedAuthServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedAuthServiceServer struct{}
+
+func (UnimplementedAuthServiceServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Login not implemented")
+}
+func (UnimplementedAuthServiceServer) Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Refresh not implemented")
+}
+func (UnimplementedAuthServiceServer) VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method VerifyToken not implemented")
+}
+func (UnimplementedAuthServiceServer) GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAccountRoleLevel not implemented")
+}
+func (UnimplementedAuthServiceServer) Logout(context.Context, *LogoutRequest) (*LogoutResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Logout not implemented")
+}
+func (UnimplementedAuthServiceServer) LogoutOther(context.Context, *LogoutRequest) (*LogoutResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method LogoutOther not implemented")
+}
+func (UnimplementedAuthServiceServer) GetSessions(context.Context, *GetSessionRequest) (*GetSessionsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetSessions not implemented")
+}
+func (UnimplementedAuthServiceServer) TerminateSession(context.Context, *TerminateSessionRequest) (*TerminateSessionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method TerminateSession not implemented")
+}
+func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
+func (UnimplementedAuthServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AuthServiceServer will
+// result in compilation errors.
+type UnsafeAuthServiceServer interface {
+	mustEmbedUnimplementedAuthServiceServer()
+}
+
+func RegisterAuthServiceServer(s grpc.ServiceRegistrar, srv AuthServiceServer) {
+	// If the following call panics, it indicates UnimplementedAuthServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&AuthService_ServiceDesc, srv)
+}
+
+func _AuthService_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LoginRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Login(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Login_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Login(ctx, req.(*LoginRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Refresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RefreshRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Refresh(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Refresh_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Refresh(ctx, req.(*RefreshRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_VerifyToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyTokenRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).VerifyToken(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_VerifyToken_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).VerifyToken(ctx, req.(*VerifyTokenRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_GetAccountRoleLevel_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAccountRoleLevelRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).GetAccountRoleLevel(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_GetAccountRoleLevel_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).GetAccountRoleLevel(ctx, req.(*GetAccountRoleLevelRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Logout_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LogoutRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Logout(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Logout_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Logout(ctx, req.(*LogoutRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_LogoutOther_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LogoutRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).LogoutOther(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_LogoutOther_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).LogoutOther(ctx, req.(*LogoutRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_GetSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).GetSessions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_GetSessions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).GetSessions(ctx, req.(*GetSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_TerminateSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(TerminateSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).TerminateSession(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_TerminateSession_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).TerminateSession(ctx, req.(*TerminateSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// AuthService_ServiceDesc is the grpc.ServiceDesc for AuthService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AuthService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "auth.v1.AuthService",
+	HandlerType: (*AuthServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Login",
+			Handler:    _AuthService_Login_Handler,
+		},
+		{
+			MethodName: "Refresh",
+			Handler:    _AuthService_Refresh_Handler,
+		},
+		{
+			MethodName: "VerifyToken",
+			Handler:    _AuthService_VerifyToken_Handler,
+		},
+		{
+			MethodName: "GetAccountRoleLevel",
+			Handler:    _AuthService_GetAccountRoleLevel_Handler,
+		},
+		{
+			MethodName: "Logout",
+			Handler:    _AuthService_Logout_Handler,
+		},
+		{
+			MethodName: "LogoutOther",
+			Handler:    _AuthService_LogoutOther_Handler,
+		},
+		{
+			MethodName: "GetSessions",
+			Handler:    _AuthService_GetSessions_Handler,
+		},
+		{
+			MethodName: "TerminateSession",
+			Handler:    _AuthService_TerminateSession_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/auth.proto",
+}
--- a/gen/go/sso/ldap-auth.pb.go
+++ b/gen/go/sso/ldap-auth.pb.go
@@ -0,0 +1,205 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v3.21.12
+// source: sso/ldap-auth.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// --- Авторизация ---
+type VerifyRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	Password      string                 `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyRequest) Reset() {
+	*x = VerifyRequest{}
+	mi := &file_sso_ldap_auth_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyRequest) ProtoMessage() {}
+
+func (x *VerifyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_auth_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyRequest.ProtoReflect.Descriptor instead.
+func (*VerifyRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_auth_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *VerifyRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *VerifyRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+type VerifyResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	User          *UserData              `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"` // Отдаем полные данные при успешном входе
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyResponse) Reset() {
+	*x = VerifyResponse{}
+	mi := &file_sso_ldap_auth_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyResponse) ProtoMessage() {}
+
+func (x *VerifyResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_auth_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyResponse.ProtoReflect.Descriptor instead.
+func (*VerifyResponse) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_auth_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *VerifyResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *VerifyResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *VerifyResponse) GetUser() *UserData {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+var File_sso_ldap_auth_proto protoreflect.FileDescriptor
+
+const file_sso_ldap_auth_proto_rawDesc = "" +
+	"\n" +
+	"\x13sso/ldap-auth.proto\x12\fldap_auth.v1\x1a\x0esso/ldap.proto\"G\n" +
+	"\rVerifyRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
+	"\bpassword\x18\x02 \x01(\tR\bpassword\"v\n" +
+	"\x0eVerifyResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12%\n" +
+	"\x04user\x18\x03 \x01(\v2\x11.ldap.v1.UserDataR\x04user2Z\n" +
+	"\x0fLdapAuthService\x12G\n" +
+	"\n" +
+	"VerifyUser\x12\x1b.ldap_auth.v1.VerifyRequest\x1a\x1c.ldap_auth.v1.VerifyResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_sso_ldap_auth_proto_rawDescOnce sync.Once
+	file_sso_ldap_auth_proto_rawDescData []byte
+)
+
+func file_sso_ldap_auth_proto_rawDescGZIP() []byte {
+	file_sso_ldap_auth_proto_rawDescOnce.Do(func() {
+		file_sso_ldap_auth_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sso_ldap_auth_proto_rawDesc), len(file_sso_ldap_auth_proto_rawDesc)))
+	})
+	return file_sso_ldap_auth_proto_rawDescData
+}
+
+var file_sso_ldap_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_sso_ldap_auth_proto_goTypes = []any{
+	(*VerifyRequest)(nil),  // 0: ldap_auth.v1.VerifyRequest
+	(*VerifyResponse)(nil), // 1: ldap_auth.v1.VerifyResponse
+	(*UserData)(nil),       // 2: ldap.v1.UserData
+}
+var file_sso_ldap_auth_proto_depIdxs = []int32{
+	2, // 0: ldap_auth.v1.VerifyResponse.user:type_name -> ldap.v1.UserData
+	0, // 1: ldap_auth.v1.LdapAuthService.VerifyUser:input_type -> ldap_auth.v1.VerifyRequest
+	1, // 2: ldap_auth.v1.LdapAuthService.VerifyUser:output_type -> ldap_auth.v1.VerifyResponse
+	2, // [2:3] is the sub-list for method output_type
+	1, // [1:2] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_sso_ldap_auth_proto_init() }
+func file_sso_ldap_auth_proto_init() {
+	if File_sso_ldap_auth_proto != nil {
+		return
+	}
+	file_sso_ldap_proto_init()
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sso_ldap_auth_proto_rawDesc), len(file_sso_ldap_auth_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sso_ldap_auth_proto_goTypes,
+		DependencyIndexes: file_sso_ldap_auth_proto_depIdxs,
+		MessageInfos:      file_sso_ldap_auth_proto_msgTypes,
+	}.Build()
+	File_sso_ldap_auth_proto = out.File
+	file_sso_ldap_auth_proto_goTypes = nil
+	file_sso_ldap_auth_proto_depIdxs = nil
+}
--- a/gen/go/sso/ldap-auth_grpc.pb.go
+++ b/gen/go/sso/ldap-auth_grpc.pb.go
@@ -0,0 +1,121 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: sso/ldap-auth.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	LdapAuthService_VerifyUser_FullMethodName = "/ldap_auth.v1.LdapAuthService/VerifyUser"
+)
+
+// LdapAuthServiceClient is the client API for LdapAuthService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type LdapAuthServiceClient interface {
+	VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error)
+}
+
+type ldapAuthServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewLdapAuthServiceClient(cc grpc.ClientConnInterface) LdapAuthServiceClient {
+	return &ldapAuthServiceClient{cc}
+}
+
+func (c *ldapAuthServiceClient) VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(VerifyResponse)
+	err := c.cc.Invoke(ctx, LdapAuthService_VerifyUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// LdapAuthServiceServer is the server API for LdapAuthService service.
+// All implementations must embed UnimplementedLdapAuthServiceServer
+// for forward compatibility.
+type LdapAuthServiceServer interface {
+	VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error)
+	mustEmbedUnimplementedLdapAuthServiceServer()
+}
+
+// UnimplementedLdapAuthServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedLdapAuthServiceServer struct{}
+
+func (UnimplementedLdapAuthServiceServer) VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method VerifyUser not implemented")
+}
+func (UnimplementedLdapAuthServiceServer) mustEmbedUnimplementedLdapAuthServiceServer() {}
+func (UnimplementedLdapAuthServiceServer) testEmbeddedByValue()                         {}
+
+// UnsafeLdapAuthServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to LdapAuthServiceServer will
+// result in compilation errors.
+type UnsafeLdapAuthServiceServer interface {
+	mustEmbedUnimplementedLdapAuthServiceServer()
+}
+
+func RegisterLdapAuthServiceServer(s grpc.ServiceRegistrar, srv LdapAuthServiceServer) {
+	// If the following call panics, it indicates UnimplementedLdapAuthServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&LdapAuthService_ServiceDesc, srv)
+}
+
+func _LdapAuthService_VerifyUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServiceServer).VerifyUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuthService_VerifyUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServiceServer).VerifyUser(ctx, req.(*VerifyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// LdapAuthService_ServiceDesc is the grpc.ServiceDesc for LdapAuthService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var LdapAuthService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "ldap_auth.v1.LdapAuthService",
+	HandlerType: (*LdapAuthServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "VerifyUser",
+			Handler:    _LdapAuthService_VerifyUser_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/ldap-auth.proto",
+}
--- a/gen/go/sso/ldap.pb.go
+++ b/gen/go/sso/ldap.pb.go
@@ -0,0 +1,846 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v3.21.12
+// source: sso/ldap.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// ==========================================
+// БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+// ==========================================
+type EmptyRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *EmptyRequest) Reset() {
+	*x = EmptyRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *EmptyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EmptyRequest) ProtoMessage() {}
+
+func (x *EmptyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EmptyRequest.ProtoReflect.Descriptor instead.
+func (*EmptyRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{0}
+}
+
+// Стандартный ответ для мутаций (создание, обновление, удаление)
+type StatusResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *StatusResponse) Reset() {
+	*x = StatusResponse{}
+	mi := &file_sso_ldap_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *StatusResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StatusResponse) ProtoMessage() {}
+
+func (x *StatusResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StatusResponse.ProtoReflect.Descriptor instead.
+func (*StatusResponse) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *StatusResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *StatusResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+// Полная модель пользователя
+type UserData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`                                      // Полный путь в AD (Distinguished Name)
+	Username      string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`                          // Логин (sAMAccountName)
+	DisplayName   string                 `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // ФИО (displayName)
+	Email         string                 `protobuf:"bytes,4,opt,name=email,proto3" json:"email,omitempty"`                                // Почта (mail)
+	Description   string                 `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`                    // Описание/Должность (description)
+	Avatar        []byte                 `protobuf:"bytes,6,opt,name=avatar,proto3" json:"avatar,omitempty"`                              // Аватарка в байтах (thumbnailPhoto)
+	Groups        []string               `protobuf:"bytes,7,rep,name=groups,proto3" json:"groups,omitempty"`                              // Список групп
+	IsActive      bool                   `protobuf:"varint,8,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"`         // Статус аккаунта
+	Phone         string                 `protobuf:"bytes,9,opt,name=phone,proto3" json:"phone,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserData) Reset() {
+	*x = UserData{}
+	mi := &file_sso_ldap_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserData) ProtoMessage() {}
+
+func (x *UserData) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserData.ProtoReflect.Descriptor instead.
+func (*UserData) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *UserData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *UserData) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *UserData) GetDisplayName() string {
+	if x != nil {
+		return x.DisplayName
+	}
+	return ""
+}
+
+func (x *UserData) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *UserData) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *UserData) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+func (x *UserData) GetGroups() []string {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+func (x *UserData) GetIsActive() bool {
+	if x != nil {
+		return x.IsActive
+	}
+	return false
+}
+
+func (x *UserData) GetPhone() string {
+	if x != nil {
+		return x.Phone
+	}
+	return ""
+}
+
+// Модель группы
+type GroupData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // Короткое имя группы (cn)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupData) Reset() {
+	*x = GroupData{}
+	mi := &file_sso_ldap_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupData) ProtoMessage() {}
+
+func (x *GroupData) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupData.ProtoReflect.Descriptor instead.
+func (*GroupData) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GroupData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *GroupData) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+// --- Списки ---
+type UserListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Users         []*UserData            `protobuf:"bytes,3,rep,name=users,proto3" json:"users,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserListResponse) Reset() {
+	*x = UserListResponse{}
+	mi := &file_sso_ldap_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserListResponse) ProtoMessage() {}
+
+func (x *UserListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserListResponse.ProtoReflect.Descriptor instead.
+func (*UserListResponse) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *UserListResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *UserListResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *UserListResponse) GetUsers() []*UserData {
+	if x != nil {
+		return x.Users
+	}
+	return nil
+}
+
+type GroupListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Groups        []*GroupData           `protobuf:"bytes,3,rep,name=groups,proto3" json:"groups,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupListResponse) Reset() {
+	*x = GroupListResponse{}
+	mi := &file_sso_ldap_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupListResponse) ProtoMessage() {}
+
+func (x *GroupListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupListResponse.ProtoReflect.Descriptor instead.
+func (*GroupListResponse) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *GroupListResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *GroupListResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *GroupListResponse) GetGroups() []*GroupData {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+// --- Управление профилем ---
+type CreateUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	FullName      string                 `protobuf:"bytes,2,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty"`
+	Password      string                 `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
+	Email         *string                `protobuf:"bytes,4,opt,name=email,proto3,oneof" json:"email,omitempty"` // Сразу при создании можно задать почту
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CreateUserRequest) Reset() {
+	*x = CreateUserRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreateUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateUserRequest) ProtoMessage() {}
+
+func (x *CreateUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateUserRequest.ProtoReflect.Descriptor instead.
+func (*CreateUserRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *CreateUserRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetFullName() string {
+	if x != nil {
+		return x.FullName
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetEmail() string {
+	if x != nil && x.Email != nil {
+		return *x.Email
+	}
+	return ""
+}
+
+// Запрос на обновление. Используем optional для частичного обновления.
+type UpdateUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`                                // Обязательное поле: кого обновляем
+	DisplayName   *string                `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3,oneof" json:"display_name,omitempty"` // Новое ФИО (повлечет Rename CN)
+	Email         *string                `protobuf:"bytes,3,opt,name=email,proto3,oneof" json:"email,omitempty"`                                // Новая почта
+	Description   *string                `protobuf:"bytes,4,opt,name=description,proto3,oneof" json:"description,omitempty"`                    // Новое описание
+	Avatar        []byte                 `protobuf:"bytes,5,opt,name=avatar,proto3,oneof" json:"avatar,omitempty"`                              // Новая аватарка (бинарник картинки)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UpdateUserRequest) Reset() {
+	*x = UpdateUserRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdateUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateUserRequest) ProtoMessage() {}
+
+func (x *UpdateUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateUserRequest.ProtoReflect.Descriptor instead.
+func (*UpdateUserRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *UpdateUserRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetDisplayName() string {
+	if x != nil && x.DisplayName != nil {
+		return *x.DisplayName
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetEmail() string {
+	if x != nil && x.Email != nil {
+		return *x.Email
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetDescription() string {
+	if x != nil && x.Description != nil {
+		return *x.Description
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+type ChangePasswordRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	NewPassword   string                 `protobuf:"bytes,2,opt,name=new_password,json=newPassword,proto3" json:"new_password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ChangePasswordRequest) Reset() {
+	*x = ChangePasswordRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ChangePasswordRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ChangePasswordRequest) ProtoMessage() {}
+
+func (x *ChangePasswordRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ChangePasswordRequest.ProtoReflect.Descriptor instead.
+func (*ChangePasswordRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *ChangePasswordRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *ChangePasswordRequest) GetNewPassword() string {
+	if x != nil {
+		return x.NewPassword
+	}
+	return ""
+}
+
+type ToggleStatusRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	SetActive     bool                   `protobuf:"varint,2,opt,name=set_active,json=setActive,proto3" json:"set_active,omitempty"` // true - включить (512), false - отключить (514)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ToggleStatusRequest) Reset() {
+	*x = ToggleStatusRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ToggleStatusRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ToggleStatusRequest) ProtoMessage() {}
+
+func (x *ToggleStatusRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ToggleStatusRequest.ProtoReflect.Descriptor instead.
+func (*ToggleStatusRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ToggleStatusRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *ToggleStatusRequest) GetSetActive() bool {
+	if x != nil {
+		return x.SetActive
+	}
+	return false
+}
+
+// --- Управление членством в группах ---
+type GroupMemberRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`              // Логин пользователя
+	GroupDn       string                 `protobuf:"bytes,2,opt,name=group_dn,json=groupDn,proto3" json:"group_dn,omitempty"` // Полный путь группы (в которую добавляем / из которой удаляем)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupMemberRequest) Reset() {
+	*x = GroupMemberRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupMemberRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupMemberRequest) ProtoMessage() {}
+
+func (x *GroupMemberRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupMemberRequest.ProtoReflect.Descriptor instead.
+func (*GroupMemberRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *GroupMemberRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *GroupMemberRequest) GetGroupDn() string {
+	if x != nil {
+		return x.GroupDn
+	}
+	return ""
+}
+
+var File_sso_ldap_proto protoreflect.FileDescriptor
+
+const file_sso_ldap_proto_rawDesc = "" +
+	"\n" +
+	"\x0esso/ldap.proto\x12\aldap.v1\"\x0e\n" +
+	"\fEmptyRequest\"O\n" +
+	"\x0eStatusResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\"\xf4\x01\n" +
+	"\bUserData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x1a\n" +
+	"\busername\x18\x02 \x01(\tR\busername\x12!\n" +
+	"\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12\x14\n" +
+	"\x05email\x18\x04 \x01(\tR\x05email\x12 \n" +
+	"\vdescription\x18\x05 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06avatar\x18\x06 \x01(\fR\x06avatar\x12\x16\n" +
+	"\x06groups\x18\a \x03(\tR\x06groups\x12\x1b\n" +
+	"\tis_active\x18\b \x01(\bR\bisActive\x12\x14\n" +
+	"\x05phone\x18\t \x01(\tR\x05phone\"/\n" +
+	"\tGroupData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\"z\n" +
+	"\x10UserListResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12'\n" +
+	"\x05users\x18\x03 \x03(\v2\x11.ldap.v1.UserDataR\x05users\"~\n" +
+	"\x11GroupListResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12*\n" +
+	"\x06groups\x18\x03 \x03(\v2\x12.ldap.v1.GroupDataR\x06groups\"\x8d\x01\n" +
+	"\x11CreateUserRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1b\n" +
+	"\tfull_name\x18\x02 \x01(\tR\bfullName\x12\x1a\n" +
+	"\bpassword\x18\x03 \x01(\tR\bpassword\x12\x19\n" +
+	"\x05email\x18\x04 \x01(\tH\x00R\x05email\x88\x01\x01B\b\n" +
+	"\x06_email\"\xec\x01\n" +
+	"\x11UpdateUserRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12&\n" +
+	"\fdisplay_name\x18\x02 \x01(\tH\x00R\vdisplayName\x88\x01\x01\x12\x19\n" +
+	"\x05email\x18\x03 \x01(\tH\x01R\x05email\x88\x01\x01\x12%\n" +
+	"\vdescription\x18\x04 \x01(\tH\x02R\vdescription\x88\x01\x01\x12\x1b\n" +
+	"\x06avatar\x18\x05 \x01(\fH\x03R\x06avatar\x88\x01\x01B\x0f\n" +
+	"\r_display_nameB\b\n" +
+	"\x06_emailB\x0e\n" +
+	"\f_descriptionB\t\n" +
+	"\a_avatar\"V\n" +
+	"\x15ChangePasswordRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12!\n" +
+	"\fnew_password\x18\x02 \x01(\tR\vnewPassword\"P\n" +
+	"\x13ToggleStatusRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1d\n" +
+	"\n" +
+	"set_active\x18\x02 \x01(\bR\tsetActive\"K\n" +
+	"\x12GroupMemberRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x19\n" +
+	"\bgroup_dn\x18\x02 \x01(\tR\agroupDn2\xbc\x04\n" +
+	"\vLdapService\x12<\n" +
+	"\bGetUsers\x12\x15.ldap.v1.EmptyRequest\x1a\x19.ldap.v1.UserListResponse\x12A\n" +
+	"\n" +
+	"CreateUser\x12\x1a.ldap.v1.CreateUserRequest\x1a\x17.ldap.v1.StatusResponse\x12A\n" +
+	"\n" +
+	"UpdateUser\x12\x1a.ldap.v1.UpdateUserRequest\x1a\x17.ldap.v1.StatusResponse\x12I\n" +
+	"\x0eChangePassword\x12\x1e.ldap.v1.ChangePasswordRequest\x1a\x17.ldap.v1.StatusResponse\x12I\n" +
+	"\x10ToggleUserStatus\x12\x1c.ldap.v1.ToggleStatusRequest\x1a\x17.ldap.v1.StatusResponse\x12>\n" +
+	"\tGetGroups\x12\x15.ldap.v1.EmptyRequest\x1a\x1a.ldap.v1.GroupListResponse\x12F\n" +
+	"\x0eAddUserToGroup\x12\x1b.ldap.v1.GroupMemberRequest\x1a\x17.ldap.v1.StatusResponse\x12K\n" +
+	"\x13RemoveUserFromGroup\x12\x1b.ldap.v1.GroupMemberRequest\x1a\x17.ldap.v1.StatusResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_sso_ldap_proto_rawDescOnce sync.Once
+	file_sso_ldap_proto_rawDescData []byte
+)
+
+func file_sso_ldap_proto_rawDescGZIP() []byte {
+	file_sso_ldap_proto_rawDescOnce.Do(func() {
+		file_sso_ldap_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sso_ldap_proto_rawDesc), len(file_sso_ldap_proto_rawDesc)))
+	})
+	return file_sso_ldap_proto_rawDescData
+}
+
+var file_sso_ldap_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
+var file_sso_ldap_proto_goTypes = []any{
+	(*EmptyRequest)(nil),          // 0: ldap.v1.EmptyRequest
+	(*StatusResponse)(nil),        // 1: ldap.v1.StatusResponse
+	(*UserData)(nil),              // 2: ldap.v1.UserData
+	(*GroupData)(nil),             // 3: ldap.v1.GroupData
+	(*UserListResponse)(nil),      // 4: ldap.v1.UserListResponse
+	(*GroupListResponse)(nil),     // 5: ldap.v1.GroupListResponse
+	(*CreateUserRequest)(nil),     // 6: ldap.v1.CreateUserRequest
+	(*UpdateUserRequest)(nil),     // 7: ldap.v1.UpdateUserRequest
+	(*ChangePasswordRequest)(nil), // 8: ldap.v1.ChangePasswordRequest
+	(*ToggleStatusRequest)(nil),   // 9: ldap.v1.ToggleStatusRequest
+	(*GroupMemberRequest)(nil),    // 10: ldap.v1.GroupMemberRequest
+}
+var file_sso_ldap_proto_depIdxs = []int32{
+	2,  // 0: ldap.v1.UserListResponse.users:type_name -> ldap.v1.UserData
+	3,  // 1: ldap.v1.GroupListResponse.groups:type_name -> ldap.v1.GroupData
+	0,  // 2: ldap.v1.LdapService.GetUsers:input_type -> ldap.v1.EmptyRequest
+	6,  // 3: ldap.v1.LdapService.CreateUser:input_type -> ldap.v1.CreateUserRequest
+	7,  // 4: ldap.v1.LdapService.UpdateUser:input_type -> ldap.v1.UpdateUserRequest
+	8,  // 5: ldap.v1.LdapService.ChangePassword:input_type -> ldap.v1.ChangePasswordRequest
+	9,  // 6: ldap.v1.LdapService.ToggleUserStatus:input_type -> ldap.v1.ToggleStatusRequest
+	0,  // 7: ldap.v1.LdapService.GetGroups:input_type -> ldap.v1.EmptyRequest
+	10, // 8: ldap.v1.LdapService.AddUserToGroup:input_type -> ldap.v1.GroupMemberRequest
+	10, // 9: ldap.v1.LdapService.RemoveUserFromGroup:input_type -> ldap.v1.GroupMemberRequest
+	4,  // 10: ldap.v1.LdapService.GetUsers:output_type -> ldap.v1.UserListResponse
+	1,  // 11: ldap.v1.LdapService.CreateUser:output_type -> ldap.v1.StatusResponse
+	1,  // 12: ldap.v1.LdapService.UpdateUser:output_type -> ldap.v1.StatusResponse
+	1,  // 13: ldap.v1.LdapService.ChangePassword:output_type -> ldap.v1.StatusResponse
+	1,  // 14: ldap.v1.LdapService.ToggleUserStatus:output_type -> ldap.v1.StatusResponse
+	5,  // 15: ldap.v1.LdapService.GetGroups:output_type -> ldap.v1.GroupListResponse
+	1,  // 16: ldap.v1.LdapService.AddUserToGroup:output_type -> ldap.v1.StatusResponse
+	1,  // 17: ldap.v1.LdapService.RemoveUserFromGroup:output_type -> ldap.v1.StatusResponse
+	10, // [10:18] is the sub-list for method output_type
+	2,  // [2:10] is the sub-list for method input_type
+	2,  // [2:2] is the sub-list for extension type_name
+	2,  // [2:2] is the sub-list for extension extendee
+	0,  // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_sso_ldap_proto_init() }
+func file_sso_ldap_proto_init() {
+	if File_sso_ldap_proto != nil {
+		return
+	}
+	file_sso_ldap_proto_msgTypes[6].OneofWrappers = []any{}
+	file_sso_ldap_proto_msgTypes[7].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sso_ldap_proto_rawDesc), len(file_sso_ldap_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   11,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sso_ldap_proto_goTypes,
+		DependencyIndexes: file_sso_ldap_proto_depIdxs,
+		MessageInfos:      file_sso_ldap_proto_msgTypes,
+	}.Build()
+	File_sso_ldap_proto = out.File
+	file_sso_ldap_proto_goTypes = nil
+	file_sso_ldap_proto_depIdxs = nil
+}
--- a/gen/go/sso/ldap_grpc.pb.go
+++ b/gen/go/sso/ldap_grpc.pb.go
@@ -0,0 +1,391 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: sso/ldap.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	LdapService_GetUsers_FullMethodName            = "/ldap.v1.LdapService/GetUsers"
+	LdapService_CreateUser_FullMethodName          = "/ldap.v1.LdapService/CreateUser"
+	LdapService_UpdateUser_FullMethodName          = "/ldap.v1.LdapService/UpdateUser"
+	LdapService_ChangePassword_FullMethodName      = "/ldap.v1.LdapService/ChangePassword"
+	LdapService_ToggleUserStatus_FullMethodName    = "/ldap.v1.LdapService/ToggleUserStatus"
+	LdapService_GetGroups_FullMethodName           = "/ldap.v1.LdapService/GetGroups"
+	LdapService_AddUserToGroup_FullMethodName      = "/ldap.v1.LdapService/AddUserToGroup"
+	LdapService_RemoveUserFromGroup_FullMethodName = "/ldap.v1.LdapService/RemoveUserFromGroup"
+)
+
+// LdapServiceClient is the client API for LdapService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type LdapServiceClient interface {
+	// Управление Пользователями (Bind системного аккаунта) ---
+	GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error)
+	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	// Управление Группами ---
+	GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error)
+	AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+}
+
+type ldapServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewLdapServiceClient(cc grpc.ClientConnInterface) LdapServiceClient {
+	return &ldapServiceClient{cc}
+}
+
+func (c *ldapServiceClient) GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UserListResponse)
+	err := c.cc.Invoke(ctx, LdapService_GetUsers_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_CreateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_UpdateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_ChangePassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_ToggleUserStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GroupListResponse)
+	err := c.cc.Invoke(ctx, LdapService_GetGroups_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_AddUserToGroup_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_RemoveUserFromGroup_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// LdapServiceServer is the server API for LdapService service.
+// All implementations must embed UnimplementedLdapServiceServer
+// for forward compatibility.
+type LdapServiceServer interface {
+	// Управление Пользователями (Bind системного аккаунта) ---
+	GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error)
+	CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error)
+	UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error)
+	ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error)
+	ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error)
+	// Управление Группами ---
+	GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error)
+	AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
+	RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
+	mustEmbedUnimplementedLdapServiceServer()
+}
+
+// UnimplementedLdapServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedLdapServiceServer struct{}
+
+func (UnimplementedLdapServiceServer) GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUsers not implemented")
+}
+func (UnimplementedLdapServiceServer) CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateUser not implemented")
+}
+func (UnimplementedLdapServiceServer) UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateUser not implemented")
+}
+func (UnimplementedLdapServiceServer) ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangePassword not implemented")
+}
+func (UnimplementedLdapServiceServer) ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ToggleUserStatus not implemented")
+}
+func (UnimplementedLdapServiceServer) GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetGroups not implemented")
+}
+func (UnimplementedLdapServiceServer) AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AddUserToGroup not implemented")
+}
+func (UnimplementedLdapServiceServer) RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RemoveUserFromGroup not implemented")
+}
+func (UnimplementedLdapServiceServer) mustEmbedUnimplementedLdapServiceServer() {}
+func (UnimplementedLdapServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeLdapServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to LdapServiceServer will
+// result in compilation errors.
+type UnsafeLdapServiceServer interface {
+	mustEmbedUnimplementedLdapServiceServer()
+}
+
+func RegisterLdapServiceServer(s grpc.ServiceRegistrar, srv LdapServiceServer) {
+	// If the following call panics, it indicates UnimplementedLdapServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&LdapService_ServiceDesc, srv)
+}
+
+func _LdapService_GetUsers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EmptyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).GetUsers(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_GetUsers_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).GetUsers(ctx, req.(*EmptyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).CreateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_CreateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).CreateUser(ctx, req.(*CreateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).UpdateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_UpdateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).UpdateUser(ctx, req.(*UpdateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_ChangePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangePasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).ChangePassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_ChangePassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_ToggleUserStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ToggleStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).ToggleUserStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_ToggleUserStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).ToggleUserStatus(ctx, req.(*ToggleStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_GetGroups_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EmptyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).GetGroups(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_GetGroups_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).GetGroups(ctx, req.(*EmptyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_AddUserToGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GroupMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).AddUserToGroup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_AddUserToGroup_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).AddUserToGroup(ctx, req.(*GroupMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_RemoveUserFromGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GroupMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).RemoveUserFromGroup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_RemoveUserFromGroup_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).RemoveUserFromGroup(ctx, req.(*GroupMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// LdapService_ServiceDesc is the grpc.ServiceDesc for LdapService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var LdapService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "ldap.v1.LdapService",
+	HandlerType: (*LdapServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetUsers",
+			Handler:    _LdapService_GetUsers_Handler,
+		},
+		{
+			MethodName: "CreateUser",
+			Handler:    _LdapService_CreateUser_Handler,
+		},
+		{
+			MethodName: "UpdateUser",
+			Handler:    _LdapService_UpdateUser_Handler,
+		},
+		{
+			MethodName: "ChangePassword",
+			Handler:    _LdapService_ChangePassword_Handler,
+		},
+		{
+			MethodName: "ToggleUserStatus",
+			Handler:    _LdapService_ToggleUserStatus_Handler,
+		},
+		{
+			MethodName: "GetGroups",
+			Handler:    _LdapService_GetGroups_Handler,
+		},
+		{
+			MethodName: "AddUserToGroup",
+			Handler:    _LdapService_AddUserToGroup_Handler,
+		},
+		{
+			MethodName: "RemoveUserFromGroup",
+			Handler:    _LdapService_RemoveUserFromGroup_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/ldap.proto",
+}
--- a/gen/go/sso/rbac.pb.go
+++ b/gen/go/sso/rbac.pb.go
@@ -0,0 +1,975 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v3.21.12
+// source: sso/rbac.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type GetAllPermissionsRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllPermissionsRequest) Reset() {
+	*x = GetAllPermissionsRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllPermissionsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllPermissionsRequest) ProtoMessage() {}
+
+func (x *GetAllPermissionsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllPermissionsRequest.ProtoReflect.Descriptor instead.
+func (*GetAllPermissionsRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GetAllPermissionsRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetAllPermissionsRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetAllPermissionsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Permissions   []*Permission          `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllPermissionsResponse) Reset() {
+	*x = GetAllPermissionsResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllPermissionsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllPermissionsResponse) ProtoMessage() {}
+
+func (x *GetAllPermissionsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllPermissionsResponse.ProtoReflect.Descriptor instead.
+func (*GetAllPermissionsResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GetAllPermissionsResponse) GetPermissions() []*Permission {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+type Permission struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Code          string                 `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Module        string                 `protobuf:"bytes,4,opt,name=module,proto3" json:"module,omitempty"`
+	Roles         []string               `protobuf:"bytes,5,rep,name=roles,proto3" json:"roles,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Permission) Reset() {
+	*x = Permission{}
+	mi := &file_sso_rbac_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Permission) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Permission) ProtoMessage() {}
+
+func (x *Permission) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Permission.ProtoReflect.Descriptor instead.
+func (*Permission) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Permission) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Permission) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+func (x *Permission) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Permission) GetModule() string {
+	if x != nil {
+		return x.Module
+	}
+	return ""
+}
+
+func (x *Permission) GetRoles() []string {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+type GetAllRolesRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllRolesRequest) Reset() {
+	*x = GetAllRolesRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllRolesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllRolesRequest) ProtoMessage() {}
+
+func (x *GetAllRolesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllRolesRequest.ProtoReflect.Descriptor instead.
+func (*GetAllRolesRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetAllRolesRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetAllRolesRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetAllRolesResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Roles         []*Roles               `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllRolesResponse) Reset() {
+	*x = GetAllRolesResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllRolesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllRolesResponse) ProtoMessage() {}
+
+func (x *GetAllRolesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllRolesResponse.ProtoReflect.Descriptor instead.
+func (*GetAllRolesResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GetAllRolesResponse) GetRoles() []*Roles {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+type CreateRoleRequest struct {
+	state           protoimpl.MessageState `protogen:"open.v1"`
+	Name            string                 `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Level           int32                  `protobuf:"varint,2,opt,name=level,proto3" json:"level,omitempty"`
+	PermissionCodes []string               `protobuf:"bytes,3,rep,name=permission_codes,json=permissionCodes,proto3" json:"permission_codes,omitempty"`
+	unknownFields   protoimpl.UnknownFields
+	sizeCache       protoimpl.SizeCache
+}
+
+func (x *CreateRoleRequest) Reset() {
+	*x = CreateRoleRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreateRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateRoleRequest) ProtoMessage() {}
+
+func (x *CreateRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateRoleRequest.ProtoReflect.Descriptor instead.
+func (*CreateRoleRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *CreateRoleRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *CreateRoleRequest) GetLevel() int32 {
+	if x != nil {
+		return x.Level
+	}
+	return 0
+}
+
+func (x *CreateRoleRequest) GetPermissionCodes() []string {
+	if x != nil {
+		return x.PermissionCodes
+	}
+	return nil
+}
+
+type UpdateRoleRequest struct {
+	state           protoimpl.MessageState `protogen:"open.v1"`
+	Id              string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name            *string                `protobuf:"bytes,2,opt,name=name,proto3,oneof" json:"name,omitempty"`
+	Level           *int32                 `protobuf:"varint,3,opt,name=level,proto3,oneof" json:"level,omitempty"`
+	PermissionCodes []string               `protobuf:"bytes,4,rep,name=permission_codes,json=permissionCodes,proto3" json:"permission_codes,omitempty"`
+	unknownFields   protoimpl.UnknownFields
+	sizeCache       protoimpl.SizeCache
+}
+
+func (x *UpdateRoleRequest) Reset() {
+	*x = UpdateRoleRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdateRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateRoleRequest) ProtoMessage() {}
+
+func (x *UpdateRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateRoleRequest.ProtoReflect.Descriptor instead.
+func (*UpdateRoleRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *UpdateRoleRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *UpdateRoleRequest) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *UpdateRoleRequest) GetLevel() int32 {
+	if x != nil && x.Level != nil {
+		return *x.Level
+	}
+	return 0
+}
+
+func (x *UpdateRoleRequest) GetPermissionCodes() []string {
+	if x != nil {
+		return x.PermissionCodes
+	}
+	return nil
+}
+
+type ModifyRoleResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ModifyRoleResponse) Reset() {
+	*x = ModifyRoleResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ModifyRoleResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ModifyRoleResponse) ProtoMessage() {}
+
+func (x *ModifyRoleResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ModifyRoleResponse.ProtoReflect.Descriptor instead.
+func (*ModifyRoleResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *ModifyRoleResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *ModifyRoleResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type DeleteRoleRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *DeleteRoleRequest) Reset() {
+	*x = DeleteRoleRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeleteRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteRoleRequest) ProtoMessage() {}
+
+func (x *DeleteRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteRoleRequest.ProtoReflect.Descriptor instead.
+func (*DeleteRoleRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *DeleteRoleRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type DeleteRoleResponse struct {
+	state            protoimpl.MessageState `protogen:"open.v1"`
+	Success          bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message          string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	FallbackRoleName *string                `protobuf:"bytes,3,opt,name=fallback_role_name,json=fallbackRoleName,proto3,oneof" json:"fallback_role_name,omitempty"`
+	unknownFields    protoimpl.UnknownFields
+	sizeCache        protoimpl.SizeCache
+}
+
+func (x *DeleteRoleResponse) Reset() {
+	*x = DeleteRoleResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeleteRoleResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteRoleResponse) ProtoMessage() {}
+
+func (x *DeleteRoleResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteRoleResponse.ProtoReflect.Descriptor instead.
+func (*DeleteRoleResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *DeleteRoleResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *DeleteRoleResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+func (x *DeleteRoleResponse) GetFallbackRoleName() string {
+	if x != nil && x.FallbackRoleName != nil {
+		return *x.FallbackRoleName
+	}
+	return ""
+}
+
+type CreatePermissionRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Code          string                 `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
+	Description   string                 `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	Module        string                 `protobuf:"bytes,3,opt,name=module,proto3" json:"module,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CreatePermissionRequest) Reset() {
+	*x = CreatePermissionRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreatePermissionRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreatePermissionRequest) ProtoMessage() {}
+
+func (x *CreatePermissionRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreatePermissionRequest.ProtoReflect.Descriptor instead.
+func (*CreatePermissionRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *CreatePermissionRequest) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+func (x *CreatePermissionRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *CreatePermissionRequest) GetModule() string {
+	if x != nil {
+		return x.Module
+	}
+	return ""
+}
+
+type UpdatePermissionRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	RoleIds       []string               `protobuf:"bytes,2,rep,name=role_ids,json=roleIds,proto3" json:"role_ids,omitempty"` // Привязка к конкретным ролям
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UpdatePermissionRequest) Reset() {
+	*x = UpdatePermissionRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdatePermissionRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdatePermissionRequest) ProtoMessage() {}
+
+func (x *UpdatePermissionRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdatePermissionRequest.ProtoReflect.Descriptor instead.
+func (*UpdatePermissionRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *UpdatePermissionRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *UpdatePermissionRequest) GetRoleIds() []string {
+	if x != nil {
+		return x.RoleIds
+	}
+	return nil
+}
+
+type ModifyPermissionResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ModifyPermissionResponse) Reset() {
+	*x = ModifyPermissionResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ModifyPermissionResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ModifyPermissionResponse) ProtoMessage() {}
+
+func (x *ModifyPermissionResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ModifyPermissionResponse.ProtoReflect.Descriptor instead.
+func (*ModifyPermissionResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *ModifyPermissionResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *ModifyPermissionResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type Roles struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Level         int32                  `protobuf:"varint,3,opt,name=level,proto3" json:"level,omitempty"`
+	Permissions   []string               `protobuf:"bytes,4,rep,name=permissions,proto3" json:"permissions,omitempty"`
+	LdapMapping   []string               `protobuf:"bytes,5,rep,name=ldap_mapping,json=ldapMapping,proto3" json:"ldap_mapping,omitempty"`
+	Accounts      []string               `protobuf:"bytes,6,rep,name=accounts,proto3" json:"accounts,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Roles) Reset() {
+	*x = Roles{}
+	mi := &file_sso_rbac_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Roles) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Roles) ProtoMessage() {}
+
+func (x *Roles) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[13]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Roles.ProtoReflect.Descriptor instead.
+func (*Roles) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *Roles) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Roles) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Roles) GetLevel() int32 {
+	if x != nil {
+		return x.Level
+	}
+	return 0
+}
+
+func (x *Roles) GetPermissions() []string {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+func (x *Roles) GetLdapMapping() []string {
+	if x != nil {
+		return x.LdapMapping
+	}
+	return nil
+}
+
+func (x *Roles) GetAccounts() []string {
+	if x != nil {
+		return x.Accounts
+	}
+	return nil
+}
+
+var File_sso_rbac_proto protoreflect.FileDescriptor
+
+const file_sso_rbac_proto_rawDesc = "" +
+	"\n" +
+	"\x0esso/rbac.proto\x12\arbac.v1\"R\n" +
+	"\x18GetAllPermissionsRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\"R\n" +
+	"\x19GetAllPermissionsResponse\x125\n" +
+	"\vpermissions\x18\x01 \x03(\v2\x13.rbac.v1.PermissionR\vpermissions\"\x80\x01\n" +
+	"\n" +
+	"Permission\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04code\x18\x02 \x01(\tR\x04code\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06module\x18\x04 \x01(\tR\x06module\x12\x14\n" +
+	"\x05roles\x18\x05 \x03(\tR\x05roles\"L\n" +
+	"\x12GetAllRolesRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\";\n" +
+	"\x13GetAllRolesResponse\x12$\n" +
+	"\x05roles\x18\x01 \x03(\v2\x0e.rbac.v1.RolesR\x05roles\"h\n" +
+	"\x11CreateRoleRequest\x12\x12\n" +
+	"\x04name\x18\x01 \x01(\tR\x04name\x12\x14\n" +
+	"\x05level\x18\x02 \x01(\x05R\x05level\x12)\n" +
+	"\x10permission_codes\x18\x03 \x03(\tR\x0fpermissionCodes\"\x95\x01\n" +
+	"\x11UpdateRoleRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x17\n" +
+	"\x04name\x18\x02 \x01(\tH\x00R\x04name\x88\x01\x01\x12\x19\n" +
+	"\x05level\x18\x03 \x01(\x05H\x01R\x05level\x88\x01\x01\x12)\n" +
+	"\x10permission_codes\x18\x04 \x03(\tR\x0fpermissionCodesB\a\n" +
+	"\x05_nameB\b\n" +
+	"\x06_level\"H\n" +
+	"\x12ModifyRoleResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"#\n" +
+	"\x11DeleteRoleRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\x92\x01\n" +
+	"\x12DeleteRoleResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\x121\n" +
+	"\x12fallback_role_name\x18\x03 \x01(\tH\x00R\x10fallbackRoleName\x88\x01\x01B\x15\n" +
+	"\x13_fallback_role_name\"g\n" +
+	"\x17CreatePermissionRequest\x12\x12\n" +
+	"\x04code\x18\x01 \x01(\tR\x04code\x12 \n" +
+	"\vdescription\x18\x02 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06module\x18\x03 \x01(\tR\x06module\"D\n" +
+	"\x17UpdatePermissionRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x19\n" +
+	"\brole_ids\x18\x02 \x03(\tR\aroleIds\"N\n" +
+	"\x18ModifyPermissionResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"\xa2\x01\n" +
+	"\x05Roles\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12\x14\n" +
+	"\x05level\x18\x03 \x01(\x05R\x05level\x12 \n" +
+	"\vpermissions\x18\x04 \x03(\tR\vpermissions\x12!\n" +
+	"\fldap_mapping\x18\x05 \x03(\tR\vldapMapping\x12\x1a\n" +
+	"\baccounts\x18\x06 \x03(\tR\baccounts2\xba\x04\n" +
+	"\vRbacService\x12E\n" +
+	"\n" +
+	"CreateRole\x12\x1a.rbac.v1.CreateRoleRequest\x1a\x1b.rbac.v1.ModifyRoleResponse\x12E\n" +
+	"\n" +
+	"UpdateRole\x12\x1a.rbac.v1.UpdateRoleRequest\x1a\x1b.rbac.v1.ModifyRoleResponse\x12E\n" +
+	"\n" +
+	"DeleteRole\x12\x1a.rbac.v1.DeleteRoleRequest\x1a\x1b.rbac.v1.DeleteRoleResponse\x12W\n" +
+	"\x10CreatePermission\x12 .rbac.v1.CreatePermissionRequest\x1a!.rbac.v1.ModifyPermissionResponse\x12W\n" +
+	"\x10UpdatePermission\x12 .rbac.v1.UpdatePermissionRequest\x1a!.rbac.v1.ModifyPermissionResponse\x12Z\n" +
+	"\x11GetAllPermissions\x12!.rbac.v1.GetAllPermissionsRequest\x1a\".rbac.v1.GetAllPermissionsResponse\x12H\n" +
+	"\vGetAllRoles\x12\x1b.rbac.v1.GetAllRolesRequest\x1a\x1c.rbac.v1.GetAllRolesResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_sso_rbac_proto_rawDescOnce sync.Once
+	file_sso_rbac_proto_rawDescData []byte
+)
+
+func file_sso_rbac_proto_rawDescGZIP() []byte {
+	file_sso_rbac_proto_rawDescOnce.Do(func() {
+		file_sso_rbac_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sso_rbac_proto_rawDesc), len(file_sso_rbac_proto_rawDesc)))
+	})
+	return file_sso_rbac_proto_rawDescData
+}
+
+var file_sso_rbac_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
+var file_sso_rbac_proto_goTypes = []any{
+	(*GetAllPermissionsRequest)(nil),  // 0: rbac.v1.GetAllPermissionsRequest
+	(*GetAllPermissionsResponse)(nil), // 1: rbac.v1.GetAllPermissionsResponse
+	(*Permission)(nil),                // 2: rbac.v1.Permission
+	(*GetAllRolesRequest)(nil),        // 3: rbac.v1.GetAllRolesRequest
+	(*GetAllRolesResponse)(nil),       // 4: rbac.v1.GetAllRolesResponse
+	(*CreateRoleRequest)(nil),         // 5: rbac.v1.CreateRoleRequest
+	(*UpdateRoleRequest)(nil),         // 6: rbac.v1.UpdateRoleRequest
+	(*ModifyRoleResponse)(nil),        // 7: rbac.v1.ModifyRoleResponse
+	(*DeleteRoleRequest)(nil),         // 8: rbac.v1.DeleteRoleRequest
+	(*DeleteRoleResponse)(nil),        // 9: rbac.v1.DeleteRoleResponse
+	(*CreatePermissionRequest)(nil),   // 10: rbac.v1.CreatePermissionRequest
+	(*UpdatePermissionRequest)(nil),   // 11: rbac.v1.UpdatePermissionRequest
+	(*ModifyPermissionResponse)(nil),  // 12: rbac.v1.ModifyPermissionResponse
+	(*Roles)(nil),                     // 13: rbac.v1.Roles
+}
+var file_sso_rbac_proto_depIdxs = []int32{
+	2,  // 0: rbac.v1.GetAllPermissionsResponse.permissions:type_name -> rbac.v1.Permission
+	13, // 1: rbac.v1.GetAllRolesResponse.roles:type_name -> rbac.v1.Roles
+	5,  // 2: rbac.v1.RbacService.CreateRole:input_type -> rbac.v1.CreateRoleRequest
+	6,  // 3: rbac.v1.RbacService.UpdateRole:input_type -> rbac.v1.UpdateRoleRequest
+	8,  // 4: rbac.v1.RbacService.DeleteRole:input_type -> rbac.v1.DeleteRoleRequest
+	10, // 5: rbac.v1.RbacService.CreatePermission:input_type -> rbac.v1.CreatePermissionRequest
+	11, // 6: rbac.v1.RbacService.UpdatePermission:input_type -> rbac.v1.UpdatePermissionRequest
+	0,  // 7: rbac.v1.RbacService.GetAllPermissions:input_type -> rbac.v1.GetAllPermissionsRequest
+	3,  // 8: rbac.v1.RbacService.GetAllRoles:input_type -> rbac.v1.GetAllRolesRequest
+	7,  // 9: rbac.v1.RbacService.CreateRole:output_type -> rbac.v1.ModifyRoleResponse
+	7,  // 10: rbac.v1.RbacService.UpdateRole:output_type -> rbac.v1.ModifyRoleResponse
+	9,  // 11: rbac.v1.RbacService.DeleteRole:output_type -> rbac.v1.DeleteRoleResponse
+	12, // 12: rbac.v1.RbacService.CreatePermission:output_type -> rbac.v1.ModifyPermissionResponse
+	12, // 13: rbac.v1.RbacService.UpdatePermission:output_type -> rbac.v1.ModifyPermissionResponse
+	1,  // 14: rbac.v1.RbacService.GetAllPermissions:output_type -> rbac.v1.GetAllPermissionsResponse
+	4,  // 15: rbac.v1.RbacService.GetAllRoles:output_type -> rbac.v1.GetAllRolesResponse
+	9,  // [9:16] is the sub-list for method output_type
+	2,  // [2:9] is the sub-list for method input_type
+	2,  // [2:2] is the sub-list for extension type_name
+	2,  // [2:2] is the sub-list for extension extendee
+	0,  // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_sso_rbac_proto_init() }
+func file_sso_rbac_proto_init() {
+	if File_sso_rbac_proto != nil {
+		return
+	}
+	file_sso_rbac_proto_msgTypes[6].OneofWrappers = []any{}
+	file_sso_rbac_proto_msgTypes[9].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sso_rbac_proto_rawDesc), len(file_sso_rbac_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   14,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sso_rbac_proto_goTypes,
+		DependencyIndexes: file_sso_rbac_proto_depIdxs,
+		MessageInfos:      file_sso_rbac_proto_msgTypes,
+	}.Build()
+	File_sso_rbac_proto = out.File
+	file_sso_rbac_proto_goTypes = nil
+	file_sso_rbac_proto_depIdxs = nil
+}
--- a/gen/go/sso/rbac_grpc.pb.go
+++ b/gen/go/sso/rbac_grpc.pb.go
@@ -0,0 +1,349 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: sso/rbac.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	RbacService_CreateRole_FullMethodName        = "/rbac.v1.RbacService/CreateRole"
+	RbacService_UpdateRole_FullMethodName        = "/rbac.v1.RbacService/UpdateRole"
+	RbacService_DeleteRole_FullMethodName        = "/rbac.v1.RbacService/DeleteRole"
+	RbacService_CreatePermission_FullMethodName  = "/rbac.v1.RbacService/CreatePermission"
+	RbacService_UpdatePermission_FullMethodName  = "/rbac.v1.RbacService/UpdatePermission"
+	RbacService_GetAllPermissions_FullMethodName = "/rbac.v1.RbacService/GetAllPermissions"
+	RbacService_GetAllRoles_FullMethodName       = "/rbac.v1.RbacService/GetAllRoles"
+)
+
+// RbacServiceClient is the client API for RbacService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type RbacServiceClient interface {
+	CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*DeleteRoleResponse, error)
+	CreatePermission(ctx context.Context, in *CreatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
+	UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
+	GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error)
+	GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error)
+}
+
+type rbacServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewRbacServiceClient(cc grpc.ClientConnInterface) RbacServiceClient {
+	return &rbacServiceClient{cc}
+}
+
+func (c *rbacServiceClient) CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_CreateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_UpdateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*DeleteRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_DeleteRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) CreatePermission(ctx context.Context, in *CreatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionResponse)
+	err := c.cc.Invoke(ctx, RbacService_CreatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionResponse)
+	err := c.cc.Invoke(ctx, RbacService_UpdatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllPermissionsResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllPermissions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllRolesResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllRoles_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// RbacServiceServer is the server API for RbacService service.
+// All implementations must embed UnimplementedRbacServiceServer
+// for forward compatibility.
+type RbacServiceServer interface {
+	CreateRole(context.Context, *CreateRoleRequest) (*ModifyRoleResponse, error)
+	UpdateRole(context.Context, *UpdateRoleRequest) (*ModifyRoleResponse, error)
+	DeleteRole(context.Context, *DeleteRoleRequest) (*DeleteRoleResponse, error)
+	CreatePermission(context.Context, *CreatePermissionRequest) (*ModifyPermissionResponse, error)
+	UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error)
+	GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error)
+	GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error)
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+// UnimplementedRbacServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedRbacServiceServer struct{}
+
+func (UnimplementedRbacServiceServer) CreateRole(context.Context, *CreateRoleRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateRole not implemented")
+}
+func (UnimplementedRbacServiceServer) UpdateRole(context.Context, *UpdateRoleRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateRole not implemented")
+}
+func (UnimplementedRbacServiceServer) DeleteRole(context.Context, *DeleteRoleRequest) (*DeleteRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteRole not implemented")
+}
+func (UnimplementedRbacServiceServer) CreatePermission(context.Context, *CreatePermissionRequest) (*ModifyPermissionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreatePermission not implemented")
+}
+func (UnimplementedRbacServiceServer) UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdatePermission not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllPermissions not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllRoles not implemented")
+}
+func (UnimplementedRbacServiceServer) mustEmbedUnimplementedRbacServiceServer() {}
+func (UnimplementedRbacServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeRbacServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to RbacServiceServer will
+// result in compilation errors.
+type UnsafeRbacServiceServer interface {
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+func RegisterRbacServiceServer(s grpc.ServiceRegistrar, srv RbacServiceServer) {
+	// If the following call panics, it indicates UnimplementedRbacServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&RbacService_ServiceDesc, srv)
+}
+
+func _RbacService_CreateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).CreateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_CreateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).CreateRole(ctx, req.(*CreateRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_UpdateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).UpdateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_UpdateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).UpdateRole(ctx, req.(*UpdateRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_DeleteRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).DeleteRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_DeleteRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).DeleteRole(ctx, req.(*DeleteRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_CreatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreatePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).CreatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_CreatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).CreatePermission(ctx, req.(*CreatePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_UpdatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdatePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).UpdatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_UpdatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).UpdatePermission(ctx, req.(*UpdatePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllPermissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllPermissionsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllPermissions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, req.(*GetAllPermissionsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllRolesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllRoles_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, req.(*GetAllRolesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// RbacService_ServiceDesc is the grpc.ServiceDesc for RbacService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var RbacService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "rbac.v1.RbacService",
+	HandlerType: (*RbacServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateRole",
+			Handler:    _RbacService_CreateRole_Handler,
+		},
+		{
+			MethodName: "UpdateRole",
+			Handler:    _RbacService_UpdateRole_Handler,
+		},
+		{
+			MethodName: "DeleteRole",
+			Handler:    _RbacService_DeleteRole_Handler,
+		},
+		{
+			MethodName: "CreatePermission",
+			Handler:    _RbacService_CreatePermission_Handler,
+		},
+		{
+			MethodName: "UpdatePermission",
+			Handler:    _RbacService_UpdatePermission_Handler,
+		},
+		{
+			MethodName: "GetAllPermissions",
+			Handler:    _RbacService_GetAllPermissions_Handler,
+		},
+		{
+			MethodName: "GetAllRoles",
+			Handler:    _RbacService_GetAllRoles_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/rbac.proto",
+}
--- a/gen/go/sso/twofa.pb.go
+++ b/gen/go/sso/twofa.pb.go
--- a/gen/go/sso/twofa_grpc.pb.go
+++ b/gen/go/sso/twofa_grpc.pb.go
@@ -0,0 +1,425 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: sso/twofa.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	TwoFaService_Verify2Fa_FullMethodName                 = "/twofa.v1.TwoFaService/Verify2Fa"
+	TwoFaService_GetTwoFaStatus_FullMethodName            = "/twofa.v1.TwoFaService/GetTwoFaStatus"
+	TwoFaService_StartTotpEnrollment_FullMethodName       = "/twofa.v1.TwoFaService/StartTotpEnrollment"
+	TwoFaService_ConfirmTotpErollment_FullMethodName      = "/twofa.v1.TwoFaService/ConfirmTotpErollment"
+	TwoFaService_CancelTotpEnrollment_FullMethodName      = "/twofa.v1.TwoFaService/CancelTotpEnrollment"
+	TwoFaService_DisableTotp_FullMethodName               = "/twofa.v1.TwoFaService/DisableTotp"
+	TwoFaService_StartTelegramEnrollment_FullMethodName   = "/twofa.v1.TwoFaService/StartTelegramEnrollment"
+	TwoFaService_ConfirmTelegramEnrollment_FullMethodName = "/twofa.v1.TwoFaService/ConfirmTelegramEnrollment"
+	TwoFaService_DisableTelegram_FullMethodName           = "/twofa.v1.TwoFaService/DisableTelegram"
+)
+
+// TwoFaServiceClient is the client API for TwoFaService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type TwoFaServiceClient interface {
+	Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error)
+	GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error)
+	StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error)
+	ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error)
+	CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error)
+	DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error)
+	StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error)
+	ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error)
+	DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error)
+}
+
+type twoFaServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewTwoFaServiceClient(cc grpc.ClientConnInterface) TwoFaServiceClient {
+	return &twoFaServiceClient{cc}
+}
+
+func (c *twoFaServiceClient) Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(Verify2FaResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_Verify2Fa_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetTwoFaStatusResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_GetTwoFaStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_StartTotpEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ConfirmTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTotpErollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CancelTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_CancelTotpEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DisableTotpResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_DisableTotp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartTelegramEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_StartTelegramEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ConfirmTelegramEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTelegramEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DisableTelegramResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_DisableTelegram_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// TwoFaServiceServer is the server API for TwoFaService service.
+// All implementations must embed UnimplementedTwoFaServiceServer
+// for forward compatibility.
+type TwoFaServiceServer interface {
+	Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error)
+	GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error)
+	StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error)
+	ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error)
+	CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error)
+	DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error)
+	StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error)
+	ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error)
+	DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error)
+	mustEmbedUnimplementedTwoFaServiceServer()
+}
+
+// UnimplementedTwoFaServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedTwoFaServiceServer struct{}
+
+func (UnimplementedTwoFaServiceServer) Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Verify2Fa not implemented")
+}
+func (UnimplementedTwoFaServiceServer) GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetTwoFaStatus not implemented")
+}
+func (UnimplementedTwoFaServiceServer) StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartTotpEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ConfirmTotpErollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CancelTotpEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DisableTotp not implemented")
+}
+func (UnimplementedTwoFaServiceServer) StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartTelegramEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ConfirmTelegramEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DisableTelegram not implemented")
+}
+func (UnimplementedTwoFaServiceServer) mustEmbedUnimplementedTwoFaServiceServer() {}
+func (UnimplementedTwoFaServiceServer) testEmbeddedByValue()                      {}
+
+// UnsafeTwoFaServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to TwoFaServiceServer will
+// result in compilation errors.
+type UnsafeTwoFaServiceServer interface {
+	mustEmbedUnimplementedTwoFaServiceServer()
+}
+
+func RegisterTwoFaServiceServer(s grpc.ServiceRegistrar, srv TwoFaServiceServer) {
+	// If the following call panics, it indicates UnimplementedTwoFaServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&TwoFaService_ServiceDesc, srv)
+}
+
+func _TwoFaService_Verify2Fa_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(Verify2FaRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).Verify2Fa(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_Verify2Fa_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).Verify2Fa(ctx, req.(*Verify2FaRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_GetTwoFaStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetTwoFaStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_GetTwoFaStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, req.(*GetTwoFaStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_StartTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_StartTotpEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_ConfirmTotpErollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfirmTotpEnrollmentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_ConfirmTotpErollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, req.(*ConfirmTotpEnrollmentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_CancelTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_CancelTotpEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_DisableTotp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DisableTotpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).DisableTotp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_DisableTotp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).DisableTotp(ctx, req.(*DisableTotpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_StartTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_StartTelegramEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_ConfirmTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfirmTelegramEnrollmentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_ConfirmTelegramEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, req.(*ConfirmTelegramEnrollmentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_DisableTelegram_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DisableTelegramRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).DisableTelegram(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_DisableTelegram_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).DisableTelegram(ctx, req.(*DisableTelegramRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// TwoFaService_ServiceDesc is the grpc.ServiceDesc for TwoFaService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var TwoFaService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "twofa.v1.TwoFaService",
+	HandlerType: (*TwoFaServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Verify2Fa",
+			Handler:    _TwoFaService_Verify2Fa_Handler,
+		},
+		{
+			MethodName: "GetTwoFaStatus",
+			Handler:    _TwoFaService_GetTwoFaStatus_Handler,
+		},
+		{
+			MethodName: "StartTotpEnrollment",
+			Handler:    _TwoFaService_StartTotpEnrollment_Handler,
+		},
+		{
+			MethodName: "ConfirmTotpErollment",
+			Handler:    _TwoFaService_ConfirmTotpErollment_Handler,
+		},
+		{
+			MethodName: "CancelTotpEnrollment",
+			Handler:    _TwoFaService_CancelTotpEnrollment_Handler,
+		},
+		{
+			MethodName: "DisableTotp",
+			Handler:    _TwoFaService_DisableTotp_Handler,
+		},
+		{
+			MethodName: "StartTelegramEnrollment",
+			Handler:    _TwoFaService_StartTelegramEnrollment_Handler,
+		},
+		{
+			MethodName: "ConfirmTelegramEnrollment",
+			Handler:    _TwoFaService_ConfirmTelegramEnrollment_Handler,
+		},
+		{
+			MethodName: "DisableTelegram",
+			Handler:    _TwoFaService_DisableTelegram_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/twofa.proto",
+}