From e5a4032c00b4037b84e341b7ce1d952c86710d40 Mon Sep 17 00:00:00 2001
From: juno-bot <juno-bot@users.noreply.github.com>
Date: Mon, 10 Nov 2025 19:56:56 +0000
Subject: [PATCH] feat: Update boilerplate

---
 .../functions/rust/src/satellite/Cargo.toml   |  4 +-
 .../rust/src/satellite/satellite.did          | 88 +++++++++++++++++++
 2 files changed, 90 insertions(+), 2 deletions(-)

diff --git a/boilerplate/functions/rust/src/satellite/Cargo.toml b/boilerplate/functions/rust/src/satellite/Cargo.toml
index 7af025d..ffc953e 100644
--- a/boilerplate/functions/rust/src/satellite/Cargo.toml
+++ b/boilerplate/functions/rust/src/satellite/Cargo.toml
@@ -12,7 +12,7 @@ ic-cdk = "0.18.5"
 ic-cdk-macros = "0.18.5"
 serde = "1.0.225"
 serde_cbor = "0.11.2"
-junobuild-satellite = "0.2.6"
+junobuild-satellite = "0.3.0"
 junobuild-macros = "0.1.1"
-junobuild-utils = "0.1.3"
+junobuild-utils = "0.1.4"
 
diff --git a/boilerplate/functions/rust/src/satellite/satellite.did b/boilerplate/functions/rust/src/satellite/satellite.did
index 15126df..5bf4ae5 100644
--- a/boilerplate/functions/rust/src/satellite/satellite.did
+++ b/boilerplate/functions/rust/src/satellite/satellite.did
@@ -20,8 +20,15 @@ type AssetNoContent = record {
   version : opt nat64;
 };
 type AssetsUpgradeOptions = record { clear_existing_assets : opt bool };
+type AuthenticateResultResponse = variant {
+  Ok : Authentication;
+  Err : AuthenticationError;
+};
+type Authentication = record { doc : Doc; delegation : PreparedDelegation };
+type AuthenticationArgs = variant { OpenId : OpenIdPrepareDelegationArgs };
 type AuthenticationConfig = record {
   updated_at : opt nat64;
+  openid : opt AuthenticationConfigOpenId;
   created_at : opt nat64;
   version : opt nat64;
   internet_identity : opt AuthenticationConfigInternetIdentity;
@@ -31,6 +38,14 @@ type AuthenticationConfigInternetIdentity = record {
   derivation_origin : opt text;
   external_alternative_origins : opt vec text;
 };
+type AuthenticationConfigOpenId = record {
+  observatory_id : opt principal;
+  providers : vec record { OpenIdProvider; OpenIdProviderConfig };
+};
+type AuthenticationError = variant {
+  PrepareDelegation : PrepareDelegationError;
+  RegisterUser : text;
+};
 type AuthenticationRules = record { allowed_callers : vec principal };
 type CollectionType = variant { Db; Storage };
 type CommitBatch = record {
@@ -67,6 +82,11 @@ type DbConfig = record {
 };
 type DelDoc = record { version : opt nat64 };
 type DelRule = record { version : opt nat64 };
+type Delegation = record {
+  pubkey : blob;
+  targets : opt vec principal;
+  expiration : nat64;
+};
 type DeleteControllersArgs = record { controllers : vec principal };
 type DeleteProposalAssets = record { proposal_ids : vec nat };
 type DepositCyclesArgs = record { cycles : nat; destination_id : principal };
@@ -78,6 +98,30 @@ type Doc = record {
   created_at : nat64;
   version : opt nat64;
 };
+type GetDelegationArgs = variant { OpenId : OpenIdGetDelegationArgs };
+type GetDelegationError = variant {
+  JwtFindProvider : JwtFindProviderError;
+  GetCachedJwks;
+  NoSuchDelegation;
+  JwtVerify : JwtVerifyError;
+  GetOrFetchJwks : GetOrRefreshJwksError;
+  DeriveSeedFailed : text;
+};
+type GetDelegationResultResponse = variant {
+  Ok : SignedDelegation;
+  Err : GetDelegationError;
+};
+type GetOrRefreshJwksError = variant {
+  InvalidConfig : text;
+  MissingKid;
+  BadClaim : text;
+  KeyNotFoundCooldown;
+  CertificateNotFound;
+  BadSig : text;
+  MissingLastAttempt : text;
+  KeyNotFound;
+  FetchFailed : text;
+};
 type HttpRequest = record {
   url : text;
   method : text;
@@ -105,6 +149,18 @@ type InitSatelliteArgs = record {
 };
 type InitStorageArgs = record { system_memory : opt Memory };
 type InitUploadResult = record { batch_id : nat };
+type JwtFindProviderError = variant {
+  BadClaim : text;
+  BadSig : text;
+  NoMatchingProvider;
+};
+type JwtVerifyError = variant {
+  WrongKeyType;
+  MissingKid;
+  BadClaim : text;
+  BadSig : text;
+  NoKeyForKid;
+};
 type ListMatcher = record {
   key : opt text;
   updated_at : opt TimestampMatcher;
@@ -154,7 +210,35 @@ type ListRulesResults = record {
 };
 type Memory = variant { Heap; Stable };
 type MemorySize = record { stable : nat64; heap : nat64 };
+type OpenIdGetDelegationArgs = record {
+  jwt : text;
+  session_key : blob;
+  salt : blob;
+  expiration : nat64;
+};
+type OpenIdPrepareDelegationArgs = record {
+  jwt : text;
+  session_key : blob;
+  salt : blob;
+};
+type OpenIdProvider = variant { Google };
+type OpenIdProviderConfig = record {
+  delegation : opt OpenIdProviderDelegationConfig;
+  client_id : text;
+};
+type OpenIdProviderDelegationConfig = record {
+  targets : opt vec principal;
+  max_time_to_live : opt nat64;
+};
 type Permission = variant { Controllers; Private; Public; Managed };
+type PrepareDelegationError = variant {
+  JwtFindProvider : JwtFindProviderError;
+  GetCachedJwks;
+  JwtVerify : JwtVerifyError;
+  GetOrFetchJwks : GetOrRefreshJwksError;
+  DeriveSeedFailed : text;
+};
+type PreparedDelegation = record { user_key : blob; expiration : nat64 };
 type Proposal = record {
   status : ProposalStatus;
   updated_at : nat64;
@@ -198,6 +282,7 @@ type SegmentsDeploymentOptions = record {
   satellite_version : opt text;
 };
 type SetAuthenticationConfig = record {
+  openid : opt AuthenticationConfigOpenId;
   version : opt nat64;
   internet_identity : opt AuthenticationConfigInternetIdentity;
   rules : opt AuthenticationRules;
@@ -240,6 +325,7 @@ type SetStorageConfig = record {
   raw_access : opt StorageConfigRawAccess;
   redirects : opt vec record { text; StorageConfigRedirect };
 };
+type SignedDelegation = record { signature : blob; delegation : Delegation };
 type StorageConfig = record {
   iframe : opt StorageConfigIFrame;
   updated_at : opt nat64;
@@ -286,6 +372,7 @@ type UploadChunk = record {
 };
 type UploadChunkResult = record { chunk_id : nat };
 service : (InitSatelliteArgs) -> {
+  authenticate : (AuthenticationArgs) -> (AuthenticateResultResponse);
   commit_asset_upload : (CommitBatch) -> ();
   commit_proposal : (CommitProposal) -> (null);
   commit_proposal_asset_upload : (CommitBatch) -> ();
@@ -314,6 +401,7 @@ service : (InitSatelliteArgs) -> {
   get_auth_config : () -> (opt AuthenticationConfig) query;
   get_config : () -> (Config);
   get_db_config : () -> (opt DbConfig) query;
+  get_delegation : (GetDelegationArgs) -> (GetDelegationResultResponse) query;
   get_doc : (text, text) -> (opt Doc) query;
   get_many_assets : (vec record { text; text }) -> (
       vec record { text; opt AssetNoContent },