From f972282031617d1028c2571a54baf6eea5759841 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 1 Apr 2026 14:28:08 +0000
Subject: [PATCH] chore: auto-generate protobuf files [skip ci]

---
 gen/go/identity.pb.go      | 365 ++++++++++++++++++++++++++-----------
 gen/go/identity_grpc.pb.go |  48 ++++-
 gen/identity.ts            |  22 ++-
 3 files changed, 323 insertions(+), 112 deletions(-)

diff --git a/gen/go/identity.pb.go b/gen/go/identity.pb.go
index 895d38a..122f6b5 100644
--- a/gen/go/identity.pb.go
+++ b/gen/go/identity.pb.go
@@ -357,6 +357,142 @@ func (x *LogoutResponse) GetMessage() string {
 	return ""
 }
 
+type VerifyTokenRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Token         string                 `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyTokenRequest) Reset() {
+	*x = VerifyTokenRequest{}
+	mi := &file_identity_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyTokenRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyTokenRequest) ProtoMessage() {}
+
+func (x *VerifyTokenRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_identity_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyTokenRequest.ProtoReflect.Descriptor instead.
+func (*VerifyTokenRequest) Descriptor() ([]byte, []int) {
+	return file_identity_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *VerifyTokenRequest) GetToken() string {
+	if x != nil {
+		return x.Token
+	}
+	return ""
+}
+
+type VerifyTokenResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	IsValid       bool                   `protobuf:"varint,1,opt,name=is_valid,json=isValid,proto3" json:"is_valid,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Id            string                 `protobuf:"bytes,3,opt,name=id,proto3" json:"id,omitempty"`
+	Username      string                 `protobuf:"bytes,4,opt,name=username,proto3" json:"username,omitempty"`
+	RoleLevel     int32                  `protobuf:"varint,5,opt,name=role_level,json=roleLevel,proto3" json:"role_level,omitempty"`
+	Permissions   []string               `protobuf:"bytes,6,rep,name=permissions,proto3" json:"permissions,omitempty"`
+	SessionId     string                 `protobuf:"bytes,7,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyTokenResponse) Reset() {
+	*x = VerifyTokenResponse{}
+	mi := &file_identity_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyTokenResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyTokenResponse) ProtoMessage() {}
+
+func (x *VerifyTokenResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_identity_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyTokenResponse.ProtoReflect.Descriptor instead.
+func (*VerifyTokenResponse) Descriptor() ([]byte, []int) {
+	return file_identity_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *VerifyTokenResponse) GetIsValid() bool {
+	if x != nil {
+		return x.IsValid
+	}
+	return false
+}
+
+func (x *VerifyTokenResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *VerifyTokenResponse) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *VerifyTokenResponse) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *VerifyTokenResponse) GetRoleLevel() int32 {
+	if x != nil {
+		return x.RoleLevel
+	}
+	return 0
+}
+
+func (x *VerifyTokenResponse) GetPermissions() []string {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+func (x *VerifyTokenResponse) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
 type UnlockPinRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	AccessToken   string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
@@ -367,7 +503,7 @@ type UnlockPinRequest struct {
 
 func (x *UnlockPinRequest) Reset() {
 	*x = UnlockPinRequest{}
-	mi := &file_identity_proto_msgTypes[6]
+	mi := &file_identity_proto_msgTypes[8]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -379,7 +515,7 @@ func (x *UnlockPinRequest) String() string {
 func (*UnlockPinRequest) ProtoMessage() {}
 
 func (x *UnlockPinRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[6]
+	mi := &file_identity_proto_msgTypes[8]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -392,7 +528,7 @@ func (x *UnlockPinRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UnlockPinRequest.ProtoReflect.Descriptor instead.
 func (*UnlockPinRequest) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{6}
+	return file_identity_proto_rawDescGZIP(), []int{8}
 }
 
 func (x *UnlockPinRequest) GetAccessToken() string {
@@ -419,7 +555,7 @@ type UnlockPinResponse struct {
 
 func (x *UnlockPinResponse) Reset() {
 	*x = UnlockPinResponse{}
-	mi := &file_identity_proto_msgTypes[7]
+	mi := &file_identity_proto_msgTypes[9]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -431,7 +567,7 @@ func (x *UnlockPinResponse) String() string {
 func (*UnlockPinResponse) ProtoMessage() {}
 
 func (x *UnlockPinResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[7]
+	mi := &file_identity_proto_msgTypes[9]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -444,7 +580,7 @@ func (x *UnlockPinResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UnlockPinResponse.ProtoReflect.Descriptor instead.
 func (*UnlockPinResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{7}
+	return file_identity_proto_rawDescGZIP(), []int{9}
 }
 
 func (x *UnlockPinResponse) GetSuccess() bool {
@@ -472,7 +608,7 @@ type Verify2FaRequest struct {
 
 func (x *Verify2FaRequest) Reset() {
 	*x = Verify2FaRequest{}
-	mi := &file_identity_proto_msgTypes[8]
+	mi := &file_identity_proto_msgTypes[10]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -484,7 +620,7 @@ func (x *Verify2FaRequest) String() string {
 func (*Verify2FaRequest) ProtoMessage() {}
 
 func (x *Verify2FaRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[8]
+	mi := &file_identity_proto_msgTypes[10]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -497,7 +633,7 @@ func (x *Verify2FaRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Verify2FaRequest.ProtoReflect.Descriptor instead.
 func (*Verify2FaRequest) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{8}
+	return file_identity_proto_rawDescGZIP(), []int{10}
 }
 
 func (x *Verify2FaRequest) GetTempToken() string {
@@ -534,7 +670,7 @@ type Verify2FaResponse struct {
 
 func (x *Verify2FaResponse) Reset() {
 	*x = Verify2FaResponse{}
-	mi := &file_identity_proto_msgTypes[9]
+	mi := &file_identity_proto_msgTypes[11]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -546,7 +682,7 @@ func (x *Verify2FaResponse) String() string {
 func (*Verify2FaResponse) ProtoMessage() {}
 
 func (x *Verify2FaResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[9]
+	mi := &file_identity_proto_msgTypes[11]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -559,7 +695,7 @@ func (x *Verify2FaResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Verify2FaResponse.ProtoReflect.Descriptor instead.
 func (*Verify2FaResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{9}
+	return file_identity_proto_rawDescGZIP(), []int{11}
 }
 
 func (x *Verify2FaResponse) GetAccessToken() string {
@@ -606,7 +742,7 @@ type AuthenticatedAccessRequest struct {
 
 func (x *AuthenticatedAccessRequest) Reset() {
 	*x = AuthenticatedAccessRequest{}
-	mi := &file_identity_proto_msgTypes[10]
+	mi := &file_identity_proto_msgTypes[12]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -618,7 +754,7 @@ func (x *AuthenticatedAccessRequest) String() string {
 func (*AuthenticatedAccessRequest) ProtoMessage() {}
 
 func (x *AuthenticatedAccessRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[10]
+	mi := &file_identity_proto_msgTypes[12]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -631,7 +767,7 @@ func (x *AuthenticatedAccessRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AuthenticatedAccessRequest.ProtoReflect.Descriptor instead.
 func (*AuthenticatedAccessRequest) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{10}
+	return file_identity_proto_rawDescGZIP(), []int{12}
 }
 
 func (x *AuthenticatedAccessRequest) GetAccessToken() string {
@@ -650,7 +786,7 @@ type GetTwoFaStatusRequest struct {
 
 func (x *GetTwoFaStatusRequest) Reset() {
 	*x = GetTwoFaStatusRequest{}
-	mi := &file_identity_proto_msgTypes[11]
+	mi := &file_identity_proto_msgTypes[13]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -662,7 +798,7 @@ func (x *GetTwoFaStatusRequest) String() string {
 func (*GetTwoFaStatusRequest) ProtoMessage() {}
 
 func (x *GetTwoFaStatusRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[11]
+	mi := &file_identity_proto_msgTypes[13]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -675,7 +811,7 @@ func (x *GetTwoFaStatusRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetTwoFaStatusRequest.ProtoReflect.Descriptor instead.
 func (*GetTwoFaStatusRequest) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{11}
+	return file_identity_proto_rawDescGZIP(), []int{13}
 }
 
 func (x *GetTwoFaStatusRequest) GetAccessToken() string {
@@ -697,7 +833,7 @@ type GetTwoFaStatusResponse struct {
 
 func (x *GetTwoFaStatusResponse) Reset() {
 	*x = GetTwoFaStatusResponse{}
-	mi := &file_identity_proto_msgTypes[12]
+	mi := &file_identity_proto_msgTypes[14]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -709,7 +845,7 @@ func (x *GetTwoFaStatusResponse) String() string {
 func (*GetTwoFaStatusResponse) ProtoMessage() {}
 
 func (x *GetTwoFaStatusResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[12]
+	mi := &file_identity_proto_msgTypes[14]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -722,7 +858,7 @@ func (x *GetTwoFaStatusResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetTwoFaStatusResponse.ProtoReflect.Descriptor instead.
 func (*GetTwoFaStatusResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{12}
+	return file_identity_proto_rawDescGZIP(), []int{14}
 }
 
 func (x *GetTwoFaStatusResponse) GetTotpEnabled() bool {
@@ -765,7 +901,7 @@ type StartTotpEnrollmentResponse struct {
 
 func (x *StartTotpEnrollmentResponse) Reset() {
 	*x = StartTotpEnrollmentResponse{}
-	mi := &file_identity_proto_msgTypes[13]
+	mi := &file_identity_proto_msgTypes[15]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -777,7 +913,7 @@ func (x *StartTotpEnrollmentResponse) String() string {
 func (*StartTotpEnrollmentResponse) ProtoMessage() {}
 
 func (x *StartTotpEnrollmentResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[13]
+	mi := &file_identity_proto_msgTypes[15]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -790,7 +926,7 @@ func (x *StartTotpEnrollmentResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use StartTotpEnrollmentResponse.ProtoReflect.Descriptor instead.
 func (*StartTotpEnrollmentResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{13}
+	return file_identity_proto_rawDescGZIP(), []int{15}
 }
 
 func (x *StartTotpEnrollmentResponse) GetSecretBase32() string {
@@ -831,7 +967,7 @@ type ConfirmTotpEnrollmentRequest struct {
 
 func (x *ConfirmTotpEnrollmentRequest) Reset() {
 	*x = ConfirmTotpEnrollmentRequest{}
-	mi := &file_identity_proto_msgTypes[14]
+	mi := &file_identity_proto_msgTypes[16]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -843,7 +979,7 @@ func (x *ConfirmTotpEnrollmentRequest) String() string {
 func (*ConfirmTotpEnrollmentRequest) ProtoMessage() {}
 
 func (x *ConfirmTotpEnrollmentRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[14]
+	mi := &file_identity_proto_msgTypes[16]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -856,7 +992,7 @@ func (x *ConfirmTotpEnrollmentRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ConfirmTotpEnrollmentRequest.ProtoReflect.Descriptor instead.
 func (*ConfirmTotpEnrollmentRequest) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{14}
+	return file_identity_proto_rawDescGZIP(), []int{16}
 }
 
 func (x *ConfirmTotpEnrollmentRequest) GetAccessToken() string {
@@ -884,7 +1020,7 @@ type ConfirmTotpEnrollmentResponse struct {
 
 func (x *ConfirmTotpEnrollmentResponse) Reset() {
 	*x = ConfirmTotpEnrollmentResponse{}
-	mi := &file_identity_proto_msgTypes[15]
+	mi := &file_identity_proto_msgTypes[17]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -896,7 +1032,7 @@ func (x *ConfirmTotpEnrollmentResponse) String() string {
 func (*ConfirmTotpEnrollmentResponse) ProtoMessage() {}
 
 func (x *ConfirmTotpEnrollmentResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[15]
+	mi := &file_identity_proto_msgTypes[17]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -909,7 +1045,7 @@ func (x *ConfirmTotpEnrollmentResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ConfirmTotpEnrollmentResponse.ProtoReflect.Descriptor instead.
 func (*ConfirmTotpEnrollmentResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{15}
+	return file_identity_proto_rawDescGZIP(), []int{17}
 }
 
 func (x *ConfirmTotpEnrollmentResponse) GetStatus() string {
@@ -943,7 +1079,7 @@ type CancelTotpEnrollmentResponse struct {
 
 func (x *CancelTotpEnrollmentResponse) Reset() {
 	*x = CancelTotpEnrollmentResponse{}
-	mi := &file_identity_proto_msgTypes[16]
+	mi := &file_identity_proto_msgTypes[18]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -955,7 +1091,7 @@ func (x *CancelTotpEnrollmentResponse) String() string {
 func (*CancelTotpEnrollmentResponse) ProtoMessage() {}
 
 func (x *CancelTotpEnrollmentResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[16]
+	mi := &file_identity_proto_msgTypes[18]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -968,7 +1104,7 @@ func (x *CancelTotpEnrollmentResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CancelTotpEnrollmentResponse.ProtoReflect.Descriptor instead.
 func (*CancelTotpEnrollmentResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{16}
+	return file_identity_proto_rawDescGZIP(), []int{18}
 }
 
 func (x *CancelTotpEnrollmentResponse) GetStatus() string {
@@ -996,7 +1132,7 @@ type DisableTotpRequest struct {
 
 func (x *DisableTotpRequest) Reset() {
 	*x = DisableTotpRequest{}
-	mi := &file_identity_proto_msgTypes[17]
+	mi := &file_identity_proto_msgTypes[19]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -1008,7 +1144,7 @@ func (x *DisableTotpRequest) String() string {
 func (*DisableTotpRequest) ProtoMessage() {}
 
 func (x *DisableTotpRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[17]
+	mi := &file_identity_proto_msgTypes[19]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1021,7 +1157,7 @@ func (x *DisableTotpRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DisableTotpRequest.ProtoReflect.Descriptor instead.
 func (*DisableTotpRequest) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{17}
+	return file_identity_proto_rawDescGZIP(), []int{19}
 }
 
 func (x *DisableTotpRequest) GetAccessToken() string {
@@ -1055,7 +1191,7 @@ type DisableTotpResponse struct {
 
 func (x *DisableTotpResponse) Reset() {
 	*x = DisableTotpResponse{}
-	mi := &file_identity_proto_msgTypes[18]
+	mi := &file_identity_proto_msgTypes[20]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -1067,7 +1203,7 @@ func (x *DisableTotpResponse) String() string {
 func (*DisableTotpResponse) ProtoMessage() {}
 
 func (x *DisableTotpResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[18]
+	mi := &file_identity_proto_msgTypes[20]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1080,7 +1216,7 @@ func (x *DisableTotpResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DisableTotpResponse.ProtoReflect.Descriptor instead.
 func (*DisableTotpResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{18}
+	return file_identity_proto_rawDescGZIP(), []int{20}
 }
 
 func (x *DisableTotpResponse) GetStatus() string {
@@ -1109,7 +1245,7 @@ type StartTelegramEnrollmentResponse struct {
 
 func (x *StartTelegramEnrollmentResponse) Reset() {
 	*x = StartTelegramEnrollmentResponse{}
-	mi := &file_identity_proto_msgTypes[19]
+	mi := &file_identity_proto_msgTypes[21]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -1121,7 +1257,7 @@ func (x *StartTelegramEnrollmentResponse) String() string {
 func (*StartTelegramEnrollmentResponse) ProtoMessage() {}
 
 func (x *StartTelegramEnrollmentResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[19]
+	mi := &file_identity_proto_msgTypes[21]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1134,7 +1270,7 @@ func (x *StartTelegramEnrollmentResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use StartTelegramEnrollmentResponse.ProtoReflect.Descriptor instead.
 func (*StartTelegramEnrollmentResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{19}
+	return file_identity_proto_rawDescGZIP(), []int{21}
 }
 
 func (x *StartTelegramEnrollmentResponse) GetEnrollmentToken() string {
@@ -1176,7 +1312,7 @@ type ConfirmTelegramEnrollmentRequest struct {
 
 func (x *ConfirmTelegramEnrollmentRequest) Reset() {
 	*x = ConfirmTelegramEnrollmentRequest{}
-	mi := &file_identity_proto_msgTypes[20]
+	mi := &file_identity_proto_msgTypes[22]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -1188,7 +1324,7 @@ func (x *ConfirmTelegramEnrollmentRequest) String() string {
 func (*ConfirmTelegramEnrollmentRequest) ProtoMessage() {}
 
 func (x *ConfirmTelegramEnrollmentRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[20]
+	mi := &file_identity_proto_msgTypes[22]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1201,7 +1337,7 @@ func (x *ConfirmTelegramEnrollmentRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ConfirmTelegramEnrollmentRequest.ProtoReflect.Descriptor instead.
 func (*ConfirmTelegramEnrollmentRequest) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{20}
+	return file_identity_proto_rawDescGZIP(), []int{22}
 }
 
 func (x *ConfirmTelegramEnrollmentRequest) GetAccessToken() string {
@@ -1236,7 +1372,7 @@ type ConfirmTelegramEnrollmentResponse struct {
 
 func (x *ConfirmTelegramEnrollmentResponse) Reset() {
 	*x = ConfirmTelegramEnrollmentResponse{}
-	mi := &file_identity_proto_msgTypes[21]
+	mi := &file_identity_proto_msgTypes[23]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -1248,7 +1384,7 @@ func (x *ConfirmTelegramEnrollmentResponse) String() string {
 func (*ConfirmTelegramEnrollmentResponse) ProtoMessage() {}
 
 func (x *ConfirmTelegramEnrollmentResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[21]
+	mi := &file_identity_proto_msgTypes[23]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1261,7 +1397,7 @@ func (x *ConfirmTelegramEnrollmentResponse) ProtoReflect() protoreflect.Message
 
 // Deprecated: Use ConfirmTelegramEnrollmentResponse.ProtoReflect.Descriptor instead.
 func (*ConfirmTelegramEnrollmentResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{21}
+	return file_identity_proto_rawDescGZIP(), []int{23}
 }
 
 func (x *ConfirmTelegramEnrollmentResponse) GetStatus() string {
@@ -1296,7 +1432,7 @@ type DisableTelegramRequest struct {
 
 func (x *DisableTelegramRequest) Reset() {
 	*x = DisableTelegramRequest{}
-	mi := &file_identity_proto_msgTypes[22]
+	mi := &file_identity_proto_msgTypes[24]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -1308,7 +1444,7 @@ func (x *DisableTelegramRequest) String() string {
 func (*DisableTelegramRequest) ProtoMessage() {}
 
 func (x *DisableTelegramRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[22]
+	mi := &file_identity_proto_msgTypes[24]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1321,7 +1457,7 @@ func (x *DisableTelegramRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DisableTelegramRequest.ProtoReflect.Descriptor instead.
 func (*DisableTelegramRequest) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{22}
+	return file_identity_proto_rawDescGZIP(), []int{24}
 }
 
 func (x *DisableTelegramRequest) GetAccessToken() string {
@@ -1355,7 +1491,7 @@ type DisableTelegramResponse struct {
 
 func (x *DisableTelegramResponse) Reset() {
 	*x = DisableTelegramResponse{}
-	mi := &file_identity_proto_msgTypes[23]
+	mi := &file_identity_proto_msgTypes[25]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
@@ -1367,7 +1503,7 @@ func (x *DisableTelegramResponse) String() string {
 func (*DisableTelegramResponse) ProtoMessage() {}
 
 func (x *DisableTelegramResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_identity_proto_msgTypes[23]
+	mi := &file_identity_proto_msgTypes[25]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1380,7 +1516,7 @@ func (x *DisableTelegramResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DisableTelegramResponse.ProtoReflect.Descriptor instead.
 func (*DisableTelegramResponse) Descriptor() ([]byte, []int) {
-	return file_identity_proto_rawDescGZIP(), []int{23}
+	return file_identity_proto_rawDescGZIP(), []int{25}
 }
 
 func (x *DisableTelegramResponse) GetStatus() string {
@@ -1428,7 +1564,19 @@ const file_identity_proto_rawDesc = "" +
 	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\"D\n" +
 	"\x0eLogoutResponse\x12\x18\n" +
 	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
-	"\amessage\x18\x02 \x01(\tR\amessage\"P\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"*\n" +
+	"\x12VerifyTokenRequest\x12\x14\n" +
+	"\x05token\x18\x01 \x01(\tR\x05token\"\xe1\x01\n" +
+	"\x13VerifyTokenResponse\x12\x19\n" +
+	"\bis_valid\x18\x01 \x01(\bR\aisValid\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12\x0e\n" +
+	"\x02id\x18\x03 \x01(\tR\x02id\x12\x1a\n" +
+	"\busername\x18\x04 \x01(\tR\busername\x12\x1d\n" +
+	"\n" +
+	"role_level\x18\x05 \x01(\x05R\troleLevel\x12 \n" +
+	"\vpermissions\x18\x06 \x03(\tR\vpermissions\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\a \x01(\tR\tsessionId\"P\n" +
 	"\x10UnlockPinRequest\x12!\n" +
 	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\x12\x19\n" +
 	"\bpin_code\x18\x02 \x01(\tR\apinCode\"G\n" +
@@ -1503,10 +1651,11 @@ const file_identity_proto_rawDesc = "" +
 	"\x12_telegram_otp_code\"K\n" +
 	"\x17DisableTelegramResponse\x12\x16\n" +
 	"\x06status\x18\x01 \x01(\tR\x06status\x12\x18\n" +
-	"\amessage\x18\x02 \x01(\tR\amessage2\xd0\x02\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage2\x9c\x03\n" +
 	"\vAuthService\x128\n" +
 	"\x05Login\x12\x16.identity.LoginRequest\x1a\x17.identity.LoginResponse\x12>\n" +
-	"\aRefresh\x12\x18.identity.RefreshRequest\x1a\x19.identity.RefreshResponse\x12;\n" +
+	"\aRefresh\x12\x18.identity.RefreshRequest\x1a\x19.identity.RefreshResponse\x12J\n" +
+	"\vVerifyToken\x12\x1c.identity.VerifyTokenRequest\x1a\x1d.identity.VerifyTokenResponse\x12;\n" +
 	"\x06Logout\x12\x17.identity.LogoutRequest\x1a\x18.identity.LogoutResponse\x12D\n" +
 	"\tUnlockPin\x12\x1a.identity.UnlockPinRequest\x1a\x1b.identity.UnlockPinResponse\x12D\n" +
 	"\tVerify2Fa\x12\x1a.identity.Verify2FaRequest\x1a\x1b.identity.Verify2FaResponse2\x9c\x06\n" +
@@ -1532,7 +1681,7 @@ func file_identity_proto_rawDescGZIP() []byte {
 	return file_identity_proto_rawDescData
 }
 
-var file_identity_proto_msgTypes = make([]protoimpl.MessageInfo, 24)
+var file_identity_proto_msgTypes = make([]protoimpl.MessageInfo, 26)
 var file_identity_proto_goTypes = []any{
 	(*LoginRequest)(nil),                      // 0: identity.LoginRequest
 	(*LoginResponse)(nil),                     // 1: identity.LoginResponse
@@ -1540,54 +1689,58 @@ var file_identity_proto_goTypes = []any{
 	(*RefreshResponse)(nil),                   // 3: identity.RefreshResponse
 	(*LogoutRequest)(nil),                     // 4: identity.LogoutRequest
 	(*LogoutResponse)(nil),                    // 5: identity.LogoutResponse
-	(*UnlockPinRequest)(nil),                  // 6: identity.UnlockPinRequest
-	(*UnlockPinResponse)(nil),                 // 7: identity.UnlockPinResponse
-	(*Verify2FaRequest)(nil),                  // 8: identity.Verify2FaRequest
-	(*Verify2FaResponse)(nil),                 // 9: identity.Verify2FaResponse
-	(*AuthenticatedAccessRequest)(nil),        // 10: identity.AuthenticatedAccessRequest
-	(*GetTwoFaStatusRequest)(nil),             // 11: identity.GetTwoFaStatusRequest
-	(*GetTwoFaStatusResponse)(nil),            // 12: identity.GetTwoFaStatusResponse
-	(*StartTotpEnrollmentResponse)(nil),       // 13: identity.StartTotpEnrollmentResponse
-	(*ConfirmTotpEnrollmentRequest)(nil),      // 14: identity.ConfirmTotpEnrollmentRequest
-	(*ConfirmTotpEnrollmentResponse)(nil),     // 15: identity.ConfirmTotpEnrollmentResponse
-	(*CancelTotpEnrollmentResponse)(nil),      // 16: identity.CancelTotpEnrollmentResponse
-	(*DisableTotpRequest)(nil),                // 17: identity.DisableTotpRequest
-	(*DisableTotpResponse)(nil),               // 18: identity.DisableTotpResponse
-	(*StartTelegramEnrollmentResponse)(nil),   // 19: identity.StartTelegramEnrollmentResponse
-	(*ConfirmTelegramEnrollmentRequest)(nil),  // 20: identity.ConfirmTelegramEnrollmentRequest
-	(*ConfirmTelegramEnrollmentResponse)(nil), // 21: identity.ConfirmTelegramEnrollmentResponse
-	(*DisableTelegramRequest)(nil),            // 22: identity.DisableTelegramRequest
-	(*DisableTelegramResponse)(nil),           // 23: identity.DisableTelegramResponse
+	(*VerifyTokenRequest)(nil),                // 6: identity.VerifyTokenRequest
+	(*VerifyTokenResponse)(nil),               // 7: identity.VerifyTokenResponse
+	(*UnlockPinRequest)(nil),                  // 8: identity.UnlockPinRequest
+	(*UnlockPinResponse)(nil),                 // 9: identity.UnlockPinResponse
+	(*Verify2FaRequest)(nil),                  // 10: identity.Verify2FaRequest
+	(*Verify2FaResponse)(nil),                 // 11: identity.Verify2FaResponse
+	(*AuthenticatedAccessRequest)(nil),        // 12: identity.AuthenticatedAccessRequest
+	(*GetTwoFaStatusRequest)(nil),             // 13: identity.GetTwoFaStatusRequest
+	(*GetTwoFaStatusResponse)(nil),            // 14: identity.GetTwoFaStatusResponse
+	(*StartTotpEnrollmentResponse)(nil),       // 15: identity.StartTotpEnrollmentResponse
+	(*ConfirmTotpEnrollmentRequest)(nil),      // 16: identity.ConfirmTotpEnrollmentRequest
+	(*ConfirmTotpEnrollmentResponse)(nil),     // 17: identity.ConfirmTotpEnrollmentResponse
+	(*CancelTotpEnrollmentResponse)(nil),      // 18: identity.CancelTotpEnrollmentResponse
+	(*DisableTotpRequest)(nil),                // 19: identity.DisableTotpRequest
+	(*DisableTotpResponse)(nil),               // 20: identity.DisableTotpResponse
+	(*StartTelegramEnrollmentResponse)(nil),   // 21: identity.StartTelegramEnrollmentResponse
+	(*ConfirmTelegramEnrollmentRequest)(nil),  // 22: identity.ConfirmTelegramEnrollmentRequest
+	(*ConfirmTelegramEnrollmentResponse)(nil), // 23: identity.ConfirmTelegramEnrollmentResponse
+	(*DisableTelegramRequest)(nil),            // 24: identity.DisableTelegramRequest
+	(*DisableTelegramResponse)(nil),           // 25: identity.DisableTelegramResponse
 }
 var file_identity_proto_depIdxs = []int32{
 	0,  // 0: identity.AuthService.Login:input_type -> identity.LoginRequest
 	2,  // 1: identity.AuthService.Refresh:input_type -> identity.RefreshRequest
-	4,  // 2: identity.AuthService.Logout:input_type -> identity.LogoutRequest
-	6,  // 3: identity.AuthService.UnlockPin:input_type -> identity.UnlockPinRequest
-	8,  // 4: identity.AuthService.Verify2Fa:input_type -> identity.Verify2FaRequest
-	11, // 5: identity.TwoFaService.GetTwoFaStatus:input_type -> identity.GetTwoFaStatusRequest
-	10, // 6: identity.TwoFaService.StartTotpEnrollment:input_type -> identity.AuthenticatedAccessRequest
-	14, // 7: identity.TwoFaService.ConfirmTotpErollment:input_type -> identity.ConfirmTotpEnrollmentRequest
-	10, // 8: identity.TwoFaService.CancelTotpEnrollment:input_type -> identity.AuthenticatedAccessRequest
-	17, // 9: identity.TwoFaService.DisableTotp:input_type -> identity.DisableTotpRequest
-	10, // 10: identity.TwoFaService.StartTelegramEnrollment:input_type -> identity.AuthenticatedAccessRequest
-	20, // 11: identity.TwoFaService.ConfirmTelegramEnrollment:input_type -> identity.ConfirmTelegramEnrollmentRequest
-	22, // 12: identity.TwoFaService.DisableTelegram:input_type -> identity.DisableTelegramRequest
-	1,  // 13: identity.AuthService.Login:output_type -> identity.LoginResponse
-	3,  // 14: identity.AuthService.Refresh:output_type -> identity.RefreshResponse
-	5,  // 15: identity.AuthService.Logout:output_type -> identity.LogoutResponse
-	7,  // 16: identity.AuthService.UnlockPin:output_type -> identity.UnlockPinResponse
-	9,  // 17: identity.AuthService.Verify2Fa:output_type -> identity.Verify2FaResponse
-	12, // 18: identity.TwoFaService.GetTwoFaStatus:output_type -> identity.GetTwoFaStatusResponse
-	13, // 19: identity.TwoFaService.StartTotpEnrollment:output_type -> identity.StartTotpEnrollmentResponse
-	15, // 20: identity.TwoFaService.ConfirmTotpErollment:output_type -> identity.ConfirmTotpEnrollmentResponse
-	16, // 21: identity.TwoFaService.CancelTotpEnrollment:output_type -> identity.CancelTotpEnrollmentResponse
-	18, // 22: identity.TwoFaService.DisableTotp:output_type -> identity.DisableTotpResponse
-	19, // 23: identity.TwoFaService.StartTelegramEnrollment:output_type -> identity.StartTelegramEnrollmentResponse
-	21, // 24: identity.TwoFaService.ConfirmTelegramEnrollment:output_type -> identity.ConfirmTelegramEnrollmentResponse
-	23, // 25: identity.TwoFaService.DisableTelegram:output_type -> identity.DisableTelegramResponse
-	13, // [13:26] is the sub-list for method output_type
-	0,  // [0:13] is the sub-list for method input_type
+	6,  // 2: identity.AuthService.VerifyToken:input_type -> identity.VerifyTokenRequest
+	4,  // 3: identity.AuthService.Logout:input_type -> identity.LogoutRequest
+	8,  // 4: identity.AuthService.UnlockPin:input_type -> identity.UnlockPinRequest
+	10, // 5: identity.AuthService.Verify2Fa:input_type -> identity.Verify2FaRequest
+	13, // 6: identity.TwoFaService.GetTwoFaStatus:input_type -> identity.GetTwoFaStatusRequest
+	12, // 7: identity.TwoFaService.StartTotpEnrollment:input_type -> identity.AuthenticatedAccessRequest
+	16, // 8: identity.TwoFaService.ConfirmTotpErollment:input_type -> identity.ConfirmTotpEnrollmentRequest
+	12, // 9: identity.TwoFaService.CancelTotpEnrollment:input_type -> identity.AuthenticatedAccessRequest
+	19, // 10: identity.TwoFaService.DisableTotp:input_type -> identity.DisableTotpRequest
+	12, // 11: identity.TwoFaService.StartTelegramEnrollment:input_type -> identity.AuthenticatedAccessRequest
+	22, // 12: identity.TwoFaService.ConfirmTelegramEnrollment:input_type -> identity.ConfirmTelegramEnrollmentRequest
+	24, // 13: identity.TwoFaService.DisableTelegram:input_type -> identity.DisableTelegramRequest
+	1,  // 14: identity.AuthService.Login:output_type -> identity.LoginResponse
+	3,  // 15: identity.AuthService.Refresh:output_type -> identity.RefreshResponse
+	7,  // 16: identity.AuthService.VerifyToken:output_type -> identity.VerifyTokenResponse
+	5,  // 17: identity.AuthService.Logout:output_type -> identity.LogoutResponse
+	9,  // 18: identity.AuthService.UnlockPin:output_type -> identity.UnlockPinResponse
+	11, // 19: identity.AuthService.Verify2Fa:output_type -> identity.Verify2FaResponse
+	14, // 20: identity.TwoFaService.GetTwoFaStatus:output_type -> identity.GetTwoFaStatusResponse
+	15, // 21: identity.TwoFaService.StartTotpEnrollment:output_type -> identity.StartTotpEnrollmentResponse
+	17, // 22: identity.TwoFaService.ConfirmTotpErollment:output_type -> identity.ConfirmTotpEnrollmentResponse
+	18, // 23: identity.TwoFaService.CancelTotpEnrollment:output_type -> identity.CancelTotpEnrollmentResponse
+	20, // 24: identity.TwoFaService.DisableTotp:output_type -> identity.DisableTotpResponse
+	21, // 25: identity.TwoFaService.StartTelegramEnrollment:output_type -> identity.StartTelegramEnrollmentResponse
+	23, // 26: identity.TwoFaService.ConfirmTelegramEnrollment:output_type -> identity.ConfirmTelegramEnrollmentResponse
+	25, // 27: identity.TwoFaService.DisableTelegram:output_type -> identity.DisableTelegramResponse
+	14, // [14:28] is the sub-list for method output_type
+	0,  // [0:14] is the sub-list for method input_type
 	0,  // [0:0] is the sub-list for extension type_name
 	0,  // [0:0] is the sub-list for extension extendee
 	0,  // [0:0] is the sub-list for field type_name
@@ -1599,16 +1752,16 @@ func file_identity_proto_init() {
 		return
 	}
 	file_identity_proto_msgTypes[1].OneofWrappers = []any{}
-	file_identity_proto_msgTypes[8].OneofWrappers = []any{}
-	file_identity_proto_msgTypes[17].OneofWrappers = []any{}
-	file_identity_proto_msgTypes[22].OneofWrappers = []any{}
+	file_identity_proto_msgTypes[10].OneofWrappers = []any{}
+	file_identity_proto_msgTypes[19].OneofWrappers = []any{}
+	file_identity_proto_msgTypes[24].OneofWrappers = []any{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: unsafe.Slice(unsafe.StringData(file_identity_proto_rawDesc), len(file_identity_proto_rawDesc)),
 			NumEnums:      0,
-			NumMessages:   24,
+			NumMessages:   26,
 			NumExtensions: 0,
 			NumServices:   2,
 		},
diff --git a/gen/go/identity_grpc.pb.go b/gen/go/identity_grpc.pb.go
index c8fae3f..e389a71 100644
--- a/gen/go/identity_grpc.pb.go
+++ b/gen/go/identity_grpc.pb.go
@@ -19,11 +19,12 @@ import (
 const _ = grpc.SupportPackageIsVersion9
 
 const (
-	AuthService_Login_FullMethodName     = "/identity.AuthService/Login"
-	AuthService_Refresh_FullMethodName   = "/identity.AuthService/Refresh"
-	AuthService_Logout_FullMethodName    = "/identity.AuthService/Logout"
-	AuthService_UnlockPin_FullMethodName = "/identity.AuthService/UnlockPin"
-	AuthService_Verify2Fa_FullMethodName = "/identity.AuthService/Verify2Fa"
+	AuthService_Login_FullMethodName       = "/identity.AuthService/Login"
+	AuthService_Refresh_FullMethodName     = "/identity.AuthService/Refresh"
+	AuthService_VerifyToken_FullMethodName = "/identity.AuthService/VerifyToken"
+	AuthService_Logout_FullMethodName      = "/identity.AuthService/Logout"
+	AuthService_UnlockPin_FullMethodName   = "/identity.AuthService/UnlockPin"
+	AuthService_Verify2Fa_FullMethodName   = "/identity.AuthService/Verify2Fa"
 )
 
 // AuthServiceClient is the client API for AuthService service.
@@ -32,6 +33,7 @@ const (
 type AuthServiceClient interface {
 	Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
 	Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error)
+	VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error)
 	Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
 	UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error)
 	Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error)
@@ -65,6 +67,16 @@ func (c *authServiceClient) Refresh(ctx context.Context, in *RefreshRequest, opt
 	return out, nil
 }
 
+func (c *authServiceClient) VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(VerifyTokenResponse)
+	err := c.cc.Invoke(ctx, AuthService_VerifyToken_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 func (c *authServiceClient) Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(LogoutResponse)
@@ -101,6 +113,7 @@ func (c *authServiceClient) Verify2Fa(ctx context.Context, in *Verify2FaRequest,
 type AuthServiceServer interface {
 	Login(context.Context, *LoginRequest) (*LoginResponse, error)
 	Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error)
+	VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error)
 	Logout(context.Context, *LogoutRequest) (*LogoutResponse, error)
 	UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error)
 	Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error)
@@ -120,6 +133,9 @@ func (UnimplementedAuthServiceServer) Login(context.Context, *LoginRequest) (*Lo
 func (UnimplementedAuthServiceServer) Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method Refresh not implemented")
 }
+func (UnimplementedAuthServiceServer) VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method VerifyToken not implemented")
+}
 func (UnimplementedAuthServiceServer) Logout(context.Context, *LogoutRequest) (*LogoutResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method Logout not implemented")
 }
@@ -186,6 +202,24 @@ func _AuthService_Refresh_Handler(srv interface{}, ctx context.Context, dec func
 	return interceptor(ctx, in, info, handler)
 }
 
+func _AuthService_VerifyToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyTokenRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).VerifyToken(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_VerifyToken_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).VerifyToken(ctx, req.(*VerifyTokenRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 func _AuthService_Logout_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(LogoutRequest)
 	if err := dec(in); err != nil {
@@ -255,6 +289,10 @@ var AuthService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "Refresh",
 			Handler:    _AuthService_Refresh_Handler,
 		},
+		{
+			MethodName: "VerifyToken",
+			Handler:    _AuthService_VerifyToken_Handler,
+		},
 		{
 			MethodName: "Logout",
 			Handler:    _AuthService_Logout_Handler,
diff --git a/gen/identity.ts b/gen/identity.ts
index 2e6994d..5900415 100644
--- a/gen/identity.ts
+++ b/gen/identity.ts
@@ -43,6 +43,20 @@ export interface LogoutResponse {
   message: string;
 }
 
+export interface VerifyTokenRequest {
+  token: string;
+}
+
+export interface VerifyTokenResponse {
+  isValid: boolean;
+  errorMessage: string;
+  id: string;
+  username: string;
+  roleLevel: number;
+  permissions: string[];
+  sessionId: string;
+}
+
 export interface UnlockPinRequest {
   accessToken: string;
   pinCode: string;
@@ -153,6 +167,8 @@ export interface AuthServiceClient {
 
   refresh(request: RefreshRequest): Observable<RefreshResponse>;
 
+  verifyToken(request: VerifyTokenRequest): Observable<VerifyTokenResponse>;
+
   logout(request: LogoutRequest): Observable<LogoutResponse>;
 
   unlockPin(request: UnlockPinRequest): Observable<UnlockPinResponse>;
@@ -165,6 +181,10 @@ export interface AuthServiceController {
 
   refresh(request: RefreshRequest): Promise<RefreshResponse> | Observable<RefreshResponse> | RefreshResponse;
 
+  verifyToken(
+    request: VerifyTokenRequest,
+  ): Promise<VerifyTokenResponse> | Observable<VerifyTokenResponse> | VerifyTokenResponse;
+
   logout(request: LogoutRequest): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
 
   unlockPin(request: UnlockPinRequest): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
@@ -174,7 +194,7 @@ export interface AuthServiceController {
 
 export function AuthServiceControllerMethods() {
   return function (constructor: Function) {
-    const grpcMethods: string[] = ["login", "refresh", "logout", "unlockPin", "verify2Fa"];
+    const grpcMethods: string[] = ["login", "refresh", "verifyToken", "logout", "unlockPin", "verify2Fa"];
     for (const method of grpcMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
       GrpcMethod("AuthService", method)(constructor.prototype[method], method, descriptor);