feat: implement create&delete user access token api

2025-04-18 21:19:44 +00:00 · 2023-08-06 20:53:45 +08:00 · 2023-08-06 20:53:45 +08:00 · a90279221c
commit a90279221c
parent ad988575b3
10 changed files with 1085 additions and 265 deletions
--- a/api/auth/auth.go
+++ b/api/auth/auth.go
@ -1,7 +1,10 @@
 package auth
 import (
 	"fmt"
 	"time"
 	"github.com/golang-jwt/jwt/v4"
 )
 const (
@ -20,3 +23,43 @@ const (
 	// AccessTokenCookieName is the cookie name of access token.
 	AccessTokenCookieName = "slash.access-token"
 )
 type ClaimsMessage struct {
 	Name string `json:"name"`
 	jwt.RegisteredClaims
 }
 // GenerateAccessToken generates an access token.
 // username is the email of the user.
 func GenerateAccessToken(username string, userID int32, secret string) (string, error) {
 	expirationTime := time.Now().Add(AccessTokenDuration)
 	return generateToken(username, userID, expirationTime, []byte(secret))
 }
 // generateToken generates a jwt token.
 func generateToken(username string, userID int32, expirationTime time.Time, secret []byte) (string, error) {
 	// Create the JWT claims, which includes the username and expiry time.
 	claims := &ClaimsMessage{
 		Name: username,
 		RegisteredClaims: jwt.RegisteredClaims{
 			Audience: jwt.ClaimStrings{AccessTokenAudienceName},
 			// In JWT, the expiry time is expressed as unix milliseconds.
 			ExpiresAt: jwt.NewNumericDate(expirationTime),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
 			Issuer:    Issuer,
 			Subject:   fmt.Sprint(userID),
 		},
 	}
 	// Declare the token with the HS256 algorithm used for signing, and the claims.
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	token.Header["kid"] = KeyID
 	// Create the JWT string.
 	tokenString, err := token.SignedString(secret)
 	if err != nil {
 		return "", err
 	}
 	return tokenString, nil
 }
--- a/api/v1/auth.go
+++ b/api/v1/auth.go
@ -51,7 +51,7 @@ func (s *APIV1Service) registerAuthRoutes(g *echo.Group, secret string) {
 			return echo.NewHTTPError(http.StatusUnauthorized, "unmatched email and password")
 		}
-		accessToken, err := GenerateAccessToken(user.Email, user.ID, secret)
+		accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, secret)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
 		}
@ -107,7 +107,7 @@ func (s *APIV1Service) registerAuthRoutes(g *echo.Group, secret string) {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to create user, err: %s", err)).SetInternal(err)
 		}
-		accessToken, err := GenerateAccessToken(user.Email, user.ID, secret)
+		accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, secret)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
 		}
@ -151,12 +151,6 @@ func (s *APIV1Service) UpsertAccessTokenToStore(ctx context.Context, user *store
 	return nil
 }
 // GenerateAccessToken generates an access token for web.
 func GenerateAccessToken(username string, userID int32, secret string) (string, error) {
 	expirationTime := time.Now().Add(auth.AccessTokenDuration)
 	return generateToken(username, userID, auth.AccessTokenAudienceName, expirationTime, []byte(secret))
 }
 // RemoveTokensAndCookies removes the jwt token from the cookies.
 func RemoveTokensAndCookies(c echo.Context) {
 	cookieExp := time.Now().Add(-1 * time.Hour)
--- a/api/v1/jwt.go
+++ b/api/v1/jwt.go
@ -4,7 +4,6 @@ import (
 	"fmt"
 	"net/http"
 	"strings"
 	"time"
 	"github.com/boojack/slash/api/auth"
 	"github.com/boojack/slash/internal/util"
@ -21,39 +20,6 @@ const (
 	UserIDContextKey = "user-id"
 )
 type claimsMessage struct {
 	Name string `json:"name"`
 	jwt.RegisteredClaims
 }
 // generateToken generates a jwt token.
 func generateToken(username string, userID int32, aud string, expirationTime time.Time, secret []byte) (string, error) {
 	// Create the JWT claims, which includes the username and expiry time.
 	claims := &claimsMessage{
 		Name: username,
 		RegisteredClaims: jwt.RegisteredClaims{
 			Audience: jwt.ClaimStrings{aud},
 			// In JWT, the expiry time is expressed as unix milliseconds.
 			ExpiresAt: jwt.NewNumericDate(expirationTime),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
 			Issuer:    auth.Issuer,
 			Subject:   fmt.Sprint(userID),
 		},
 	}
 	// Declare the token with the HS256 algorithm used for signing, and the claims.
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	token.Header["kid"] = auth.KeyID
 	// Create the JWT string.
 	tokenString, err := token.SignedString(secret)
 	if err != nil {
 		return "", err
 	}
 	return tokenString, nil
 }
 func extractTokenFromHeader(c echo.Context) (string, error) {
 	authHeader := c.Request().Header.Get("Authorization")
 	if authHeader == "" {
@ -111,7 +77,7 @@ func JWTMiddleware(s *APIV1Service, next echo.HandlerFunc, secret string) echo.H
 			return echo.NewHTTPError(http.StatusUnauthorized, "Missing access token")
 		}
-		claims := &claimsMessage{}
+		claims := &auth.ClaimsMessage{}
 		_, err := jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
 			if t.Method.Alg() != jwt.SigningMethodHS256.Name {
 				return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
--- a/api/v2/acl.go
+++ b/api/v2/acl.go
@ -38,11 +38,6 @@ const (
 	UserIDContextKey ContextKey = iota
 )
 type claimsMessage struct {
 	Name string `json:"name"`
 	jwt.RegisteredClaims
 }
 // GRPCAuthInterceptor is the auth interceptor for gRPC server.
 type GRPCAuthInterceptor struct {
 	Store  *store.Store
@ -93,7 +88,7 @@ func (in *GRPCAuthInterceptor) authenticate(ctx context.Context, accessTokenStr
 	if accessTokenStr == "" {
 		return 0, status.Errorf(codes.Unauthenticated, "access token not found")
 	}
-	claims := &claimsMessage{}
+	claims := &auth.ClaimsMessage{}
 	_, err := jwt.ParseWithClaims(accessTokenStr, claims, func(t *jwt.Token) (any, error) {
 		if t.Method.Alg() != jwt.SigningMethodHS256.Name {
 			return nil, status.Errorf(codes.Unauthenticated, "unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
--- a/api/v2/user_service.go
+++ b/api/v2/user_service.go
@ -3,7 +3,9 @@ package v2
 import (
 	"context"
 	"github.com/boojack/slash/api/auth"
 	apiv2pb "github.com/boojack/slash/proto/gen/api/v2"
 	storepb "github.com/boojack/slash/proto/gen/store"
 	"github.com/boojack/slash/store"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/pkg/errors"
@ -45,7 +47,7 @@ func (s *UserService) GetUser(ctx context.Context, request *apiv2pb.GetUserReque
 	return response, nil
 }
-func (s *UserService) GetUserAccessTokens(ctx context.Context, request *apiv2pb.GetUserAccessTokensRequest) (*apiv2pb.GetUserAccessTokensResponse, error) {
+func (s *UserService) ListUserAccessTokens(ctx context.Context, request *apiv2pb.ListUserAccessTokensRequest) (*apiv2pb.ListUserAccessTokensResponse, error) {
 	userID := ctx.Value(UserIDContextKey).(int32)
 	if userID != request.Id {
 		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
@ -56,9 +58,9 @@ func (s *UserService) GetUserAccessTokens(ctx context.Context, request *apiv2pb.
 		return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
 	}
-	accessTokens := []*apiv2pb.GetUserAccessTokensResponse_AccessToken{}
+	accessTokens := []*apiv2pb.UserAccessToken{}
 	for _, userAccessToken := range userAccessTokens {
-		claims := &claimsMessage{}
+		claims := &auth.ClaimsMessage{}
 		_, err := jwt.ParseWithClaims(userAccessToken.AccessToken, claims, func(t *jwt.Token) (any, error) {
 			if t.Method.Alg() != jwt.SigningMethodHS256.Name {
 				return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
@ -75,20 +77,129 @@ func (s *UserService) GetUserAccessTokens(ctx context.Context, request *apiv2pb.
 			continue
 		}
-		accessTokens = append(accessTokens, &apiv2pb.GetUserAccessTokensResponse_AccessToken{
+		accessTokens = append(accessTokens, &apiv2pb.UserAccessToken{
 			AccessToken: userAccessToken.AccessToken,
 			Description: userAccessToken.Description,
-			ExpiresTime: timestamppb.New(claims.ExpiresAt.Time),
+			IssuedAt:    timestamppb.New(claims.IssuedAt.Time),
-			CreatedTime: timestamppb.New(claims.IssuedAt.Time),
+			ExpiresAt:   timestamppb.New(claims.ExpiresAt.Time),
 		})
 	}
-	response := &apiv2pb.GetUserAccessTokensResponse{
+	response := &apiv2pb.ListUserAccessTokensResponse{
 		AccessTokens: accessTokens,
 	}
 	return response, nil
 }
 func (s *UserService) CreateUserAccessToken(ctx context.Context, request *apiv2pb.CreateUserAccessTokenRequest) (*apiv2pb.CreateUserAccessTokenResponse, error) {
 	userID := ctx.Value(UserIDContextKey).(int32)
 	if userID != request.Id {
 		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
 	}
 	user, err := s.Store.GetUser(ctx, &store.FindUser{
 		ID: &userID,
 	})
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
 	}
 	if user == nil {
 		return nil, status.Errorf(codes.NotFound, "user not found")
 	}
 	accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, s.Secret)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err)
 	}
 	claims := &auth.ClaimsMessage{}
 	_, err = jwt.ParseWithClaims(accessToken, claims, func(t *jwt.Token) (any, error) {
 		if t.Method.Alg() != jwt.SigningMethodHS256.Name {
 			return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
 		}
 		if kid, ok := t.Header["kid"].(string); ok {
 			if kid == "v1" {
 				return []byte(s.Secret), nil
 			}
 		}
 		return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
 	})
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to parse access token: %v", err)
 	}
 	// Upsert the access token to user setting store.
 	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken); err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err)
 	}
 	response := &apiv2pb.CreateUserAccessTokenResponse{
 		AccessToken: &apiv2pb.UserAccessToken{
 			AccessToken: accessToken,
 			Description: request.Description,
 			IssuedAt:    timestamppb.New(claims.IssuedAt.Time),
 			ExpiresAt:   timestamppb.New(claims.ExpiresAt.Time),
 		},
 	}
 	return response, nil
 }
 func (s *UserService) DeleteUserAccessToken(ctx context.Context, request *apiv2pb.DeleteUserAccessTokenRequest) (*apiv2pb.DeleteUserAccessTokenResponse, error) {
 	userID := ctx.Value(UserIDContextKey).(int32)
 	if userID != request.Id {
 		return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
 	}
 	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
 	}
 	updatedUserAccessTokens := []*storepb.AccessTokensUserSetting_AccessToken{}
 	for _, userAccessToken := range userAccessTokens {
 		if userAccessToken.AccessToken == request.AccessToken {
 			continue
 		}
 		updatedUserAccessTokens = append(updatedUserAccessTokens, userAccessToken)
 	}
 	if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
 		UserId: userID,
 		Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
 		Value: &storepb.UserSetting_AccessTokensUserSetting{
 			AccessTokensUserSetting: &storepb.AccessTokensUserSetting{
 				AccessTokens: updatedUserAccessTokens,
 			},
 		},
 	}); err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to upsert user setting: %v", err)
 	}
 	return &apiv2pb.DeleteUserAccessTokenResponse{}, nil
 }
 func (s *UserService) UpsertAccessTokenToStore(ctx context.Context, user *store.User, accessToken string) error {
 	userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
 	if err != nil {
 		return errors.Wrap(err, "failed to get user access tokens")
 	}
 	userAccessToken := storepb.AccessTokensUserSetting_AccessToken{
 		AccessToken: accessToken,
 		Description: "user sign in",
 	}
 	userAccessTokens = append(userAccessTokens, &userAccessToken)
 	if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
 		UserId: user.ID,
 		Key:    storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
 		Value: &storepb.UserSetting_AccessTokensUserSetting{
 			AccessTokensUserSetting: &storepb.AccessTokensUserSetting{
 				AccessTokens: userAccessTokens,
 			},
 		},
 	}); err != nil {
 		return errors.Wrap(err, "failed to upsert user setting")
 	}
 	return nil
 }
 func convertUserFromStore(user *store.User) *apiv2pb.User {
 	return &apiv2pb.User{
 		Id:        int32(user.ID),
--- a/proto/api/v2/user_service.proto
+++ b/proto/api/v2/user_service.proto
@ -15,11 +15,21 @@ service UserService {
    option (google.api.http) = {get: "/api/v2/users/{id}"};
    option (google.api.method_signature) = "id";
  }
-  // GetUserAccessTokens returns a list of access tokens for a user.
+  // ListUserAccessTokens returns a list of access tokens for a user.
-  rpc GetUserAccessTokens(GetUserAccessTokensRequest) returns (GetUserAccessTokensResponse) {
+  rpc ListUserAccessTokens(ListUserAccessTokensRequest) returns (ListUserAccessTokensResponse) {
    option (google.api.http) = {get: "/api/v2/users/{id}/access_tokens"};
    option (google.api.method_signature) = "id";
  }
  // CreateUserAccessToken creates a new access token for a user.
  rpc CreateUserAccessToken(CreateUserAccessTokenRequest) returns (CreateUserAccessTokenResponse) {
    option (google.api.http) = {post: "/api/v2/users/{id}/access_tokens"};
    option (google.api.method_signature) = "id";
  }
  // DeleteUserAccessToken deletes an access token for a user.
  rpc DeleteUserAccessToken(DeleteUserAccessTokenRequest) returns (DeleteUserAccessTokenResponse) {
    option (google.api.http) = {delete: "/api/v2/users/{id}/access_tokens/{access_token}"};
    option (google.api.method_signature) = "id,access_token";
  }
 }
 message User {
@ -54,16 +64,37 @@ message GetUserResponse {
  User user = 1;
 }
-message GetUserAccessTokensRequest {
+message ListUserAccessTokensRequest {
  // id is the user id.
  int32 id = 1;
 }
-message GetUserAccessTokensResponse {
+message ListUserAccessTokensResponse {
-  message AccessToken {
+  repeated UserAccessToken access_tokens = 1;
-    string access_token = 1;
+}
-    string description = 2;
+
-    google.protobuf.Timestamp created_time = 3;
+message CreateUserAccessTokenRequest {
-    google.protobuf.Timestamp expires_time = 4;
+  // id is the user id.
-  }
+  int32 id = 1;
-  repeated AccessToken access_tokens = 1;
+  string description = 2;
 }
 message CreateUserAccessTokenResponse {
  UserAccessToken access_token = 1;
 }
 message DeleteUserAccessTokenRequest {
  // id is the user id.
  int32 id = 1;
  // access_token is the access token to delete.
  string access_token = 2;
 }
 message DeleteUserAccessTokenResponse {}
 message UserAccessToken {
  string access_token = 1;
  string description = 2;
  google.protobuf.Timestamp issued_at = 3;
  google.protobuf.Timestamp expires_at = 4;
 }
--- a/proto/gen/api/v2/README.md
+++ b/proto/gen/api/v2/README.md
@ -7,12 +7,16 @@
    - [RowStatus](#slash-api-v2-RowStatus)
 - [api/v2/user_service.proto](#api_v2_user_service-proto)
-    - [GetUserAccessTokensRequest](#slash-api-v2-GetUserAccessTokensRequest)
+    - [CreateUserAccessTokenRequest](#slash-api-v2-CreateUserAccessTokenRequest)
-    - [GetUserAccessTokensResponse](#slash-api-v2-GetUserAccessTokensResponse)
+    - [CreateUserAccessTokenResponse](#slash-api-v2-CreateUserAccessTokenResponse)
-    - [GetUserAccessTokensResponse.AccessToken](#slash-api-v2-GetUserAccessTokensResponse-AccessToken)
+    - [DeleteUserAccessTokenRequest](#slash-api-v2-DeleteUserAccessTokenRequest)
    - [DeleteUserAccessTokenResponse](#slash-api-v2-DeleteUserAccessTokenResponse)
    - [GetUserRequest](#slash-api-v2-GetUserRequest)
    - [GetUserResponse](#slash-api-v2-GetUserResponse)
    - [ListUserAccessTokensRequest](#slash-api-v2-ListUserAccessTokensRequest)
    - [ListUserAccessTokensResponse](#slash-api-v2-ListUserAccessTokensResponse)
    - [User](#slash-api-v2-User)
    - [UserAccessToken](#slash-api-v2-UserAccessToken)
    - [Role](#slash-api-v2-Role)
@ -58,48 +62,57 @@
-<a name="slash-api-v2-GetUserAccessTokensRequest"></a>
+<a name="slash-api-v2-CreateUserAccessTokenRequest"></a>
-### GetUserAccessTokensRequest
+### CreateUserAccessTokenRequest
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| id | [int32](#int32) |  |  |
+| id | [int32](#int32) |  | id is the user id. |
 <a name="slash-api-v2-GetUserAccessTokensResponse"></a>
 ### GetUserAccessTokensResponse
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | access_tokens | [GetUserAccessTokensResponse.AccessToken](#slash-api-v2-GetUserAccessTokensResponse-AccessToken) | repeated |  |
 <a name="slash-api-v2-GetUserAccessTokensResponse-AccessToken"></a>
 ### GetUserAccessTokensResponse.AccessToken
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | access_token | [string](#string) |  |  |
 | description | [string](#string) |  |  |
-| created_time | [google.protobuf.Timestamp](#google-protobuf-Timestamp) |  |  |
+
-| expires_time | [google.protobuf.Timestamp](#google-protobuf-Timestamp) |  |  |
+
 <a name="slash-api-v2-CreateUserAccessTokenResponse"></a>
 ### CreateUserAccessTokenResponse
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | access_token | [UserAccessToken](#slash-api-v2-UserAccessToken) |  |  |
 <a name="slash-api-v2-DeleteUserAccessTokenRequest"></a>
 ### DeleteUserAccessTokenRequest
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | id | [int32](#int32) |  | id is the user id. |
 | access_token | [string](#string) |  | access_token is the access token to delete. |
 <a name="slash-api-v2-DeleteUserAccessTokenResponse"></a>
 ### DeleteUserAccessTokenResponse
@ -136,6 +149,36 @@
 <a name="slash-api-v2-ListUserAccessTokensRequest"></a>
 ### ListUserAccessTokensRequest
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | id | [int32](#int32) |  | id is the user id. |
 <a name="slash-api-v2-ListUserAccessTokensResponse"></a>
 ### ListUserAccessTokensResponse
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | access_tokens | [UserAccessToken](#slash-api-v2-UserAccessToken) | repeated |  |
 <a name="slash-api-v2-User"></a>
 ### User
@ -156,6 +199,24 @@
 <a name="slash-api-v2-UserAccessToken"></a>
 ### UserAccessToken
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | access_token | [string](#string) |  |  |
 | description | [string](#string) |  |  |
 | issued_at | [google.protobuf.Timestamp](#google-protobuf-Timestamp) |  |  |
 | expires_at | [google.protobuf.Timestamp](#google-protobuf-Timestamp) |  |  |
@ -184,7 +245,9 @@
 | Method Name | Request Type | Response Type | Description |
 | ----------- | ------------ | ------------- | ------------|
 | GetUser | [GetUserRequest](#slash-api-v2-GetUserRequest) | [GetUserResponse](#slash-api-v2-GetUserResponse) | GetUser returns a user by id. |
-| GetUserAccessTokens | [GetUserAccessTokensRequest](#slash-api-v2-GetUserAccessTokensRequest) | [GetUserAccessTokensResponse](#slash-api-v2-GetUserAccessTokensResponse) | GetUserAccessTokens returns a list of access tokens for a user. |
+| ListUserAccessTokens | [ListUserAccessTokensRequest](#slash-api-v2-ListUserAccessTokensRequest) | [ListUserAccessTokensResponse](#slash-api-v2-ListUserAccessTokensResponse) | ListUserAccessTokens returns a list of access tokens for a user. |
 | CreateUserAccessToken | [CreateUserAccessTokenRequest](#slash-api-v2-CreateUserAccessTokenRequest) | [CreateUserAccessTokenResponse](#slash-api-v2-CreateUserAccessTokenResponse) | CreateUserAccessToken creates a new access token for a user. |
 | DeleteUserAccessToken | [DeleteUserAccessTokenRequest](#slash-api-v2-DeleteUserAccessTokenRequest) | [DeleteUserAccessTokenResponse](#slash-api-v2-DeleteUserAccessTokenResponse) | DeleteUserAccessToken deletes an access token for a user. |
--- a/proto/gen/api/v2/user_service.pb.go
+++ b/proto/gen/api/v2/user_service.pb.go
@ -260,16 +260,17 @@ func (x *GetUserResponse) GetUser() *User {
 	return nil
 }
-type GetUserAccessTokensRequest struct {
+type ListUserAccessTokensRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 	// id is the user id.
 	Id int32 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
 }
-func (x *GetUserAccessTokensRequest) Reset() {
+func (x *ListUserAccessTokensRequest) Reset() {
-	*x = GetUserAccessTokensRequest{}
+	*x = ListUserAccessTokensRequest{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_api_v2_user_service_proto_msgTypes[3]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -277,13 +278,13 @@ func (x *GetUserAccessTokensRequest) Reset() {
 	}
 }
-func (x *GetUserAccessTokensRequest) String() string {
+func (x *ListUserAccessTokensRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
-func (*GetUserAccessTokensRequest) ProtoMessage() {}
+func (*ListUserAccessTokensRequest) ProtoMessage() {}
-func (x *GetUserAccessTokensRequest) ProtoReflect() protoreflect.Message {
+func (x *ListUserAccessTokensRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v2_user_service_proto_msgTypes[3]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -295,28 +296,28 @@ func (x *GetUserAccessTokensRequest) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
-// Deprecated: Use GetUserAccessTokensRequest.ProtoReflect.Descriptor instead.
+// Deprecated: Use ListUserAccessTokensRequest.ProtoReflect.Descriptor instead.
-func (*GetUserAccessTokensRequest) Descriptor() ([]byte, []int) {
+func (*ListUserAccessTokensRequest) Descriptor() ([]byte, []int) {
 	return file_api_v2_user_service_proto_rawDescGZIP(), []int{3}
 }
-func (x *GetUserAccessTokensRequest) GetId() int32 {
+func (x *ListUserAccessTokensRequest) GetId() int32 {
 	if x != nil {
 		return x.Id
 	}
 	return 0
 }
-type GetUserAccessTokensResponse struct {
+type ListUserAccessTokensResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
-	AccessTokens []*GetUserAccessTokensResponse_AccessToken `protobuf:"bytes,1,rep,name=access_tokens,json=accessTokens,proto3" json:"access_tokens,omitempty"`
+	AccessTokens []*UserAccessToken `protobuf:"bytes,1,rep,name=access_tokens,json=accessTokens,proto3" json:"access_tokens,omitempty"`
 }
-func (x *GetUserAccessTokensResponse) Reset() {
+func (x *ListUserAccessTokensResponse) Reset() {
-	*x = GetUserAccessTokensResponse{}
+	*x = ListUserAccessTokensResponse{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_api_v2_user_service_proto_msgTypes[4]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -324,13 +325,13 @@ func (x *GetUserAccessTokensResponse) Reset() {
 	}
 }
-func (x *GetUserAccessTokensResponse) String() string {
+func (x *ListUserAccessTokensResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
-func (*GetUserAccessTokensResponse) ProtoMessage() {}
+func (*ListUserAccessTokensResponse) ProtoMessage() {}
-func (x *GetUserAccessTokensResponse) ProtoReflect() protoreflect.Message {
+func (x *ListUserAccessTokensResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v2_user_service_proto_msgTypes[4]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -342,31 +343,30 @@ func (x *GetUserAccessTokensResponse) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
-// Deprecated: Use GetUserAccessTokensResponse.ProtoReflect.Descriptor instead.
+// Deprecated: Use ListUserAccessTokensResponse.ProtoReflect.Descriptor instead.
-func (*GetUserAccessTokensResponse) Descriptor() ([]byte, []int) {
+func (*ListUserAccessTokensResponse) Descriptor() ([]byte, []int) {
 	return file_api_v2_user_service_proto_rawDescGZIP(), []int{4}
 }
-func (x *GetUserAccessTokensResponse) GetAccessTokens() []*GetUserAccessTokensResponse_AccessToken {
+func (x *ListUserAccessTokensResponse) GetAccessTokens() []*UserAccessToken {
 	if x != nil {
 		return x.AccessTokens
 	}
 	return nil
 }
-type GetUserAccessTokensResponse_AccessToken struct {
+type CreateUserAccessTokenRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
-	AccessToken string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
+	// id is the user id.
-	Description string                 `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	Id          int32  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	CreatedTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=created_time,json=createdTime,proto3" json:"created_time,omitempty"`
+	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
 	ExpiresTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=expires_time,json=expiresTime,proto3" json:"expires_time,omitempty"`
 }
-func (x *GetUserAccessTokensResponse_AccessToken) Reset() {
+func (x *CreateUserAccessTokenRequest) Reset() {
-	*x = GetUserAccessTokensResponse_AccessToken{}
+	*x = CreateUserAccessTokenRequest{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_api_v2_user_service_proto_msgTypes[5]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -374,13 +374,13 @@ func (x *GetUserAccessTokensResponse_AccessToken) Reset() {
 	}
 }
-func (x *GetUserAccessTokensResponse_AccessToken) String() string {
+func (x *CreateUserAccessTokenRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
-func (*GetUserAccessTokensResponse_AccessToken) ProtoMessage() {}
+func (*CreateUserAccessTokenRequest) ProtoMessage() {}
-func (x *GetUserAccessTokensResponse_AccessToken) ProtoReflect() protoreflect.Message {
+func (x *CreateUserAccessTokenRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v2_user_service_proto_msgTypes[5]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -392,35 +392,234 @@ func (x *GetUserAccessTokensResponse_AccessToken) ProtoReflect() protoreflect.Me
 	return mi.MessageOf(x)
 }
-// Deprecated: Use GetUserAccessTokensResponse_AccessToken.ProtoReflect.Descriptor instead.
+// Deprecated: Use CreateUserAccessTokenRequest.ProtoReflect.Descriptor instead.
-func (*GetUserAccessTokensResponse_AccessToken) Descriptor() ([]byte, []int) {
+func (*CreateUserAccessTokenRequest) Descriptor() ([]byte, []int) {
-	return file_api_v2_user_service_proto_rawDescGZIP(), []int{4, 0}
+	return file_api_v2_user_service_proto_rawDescGZIP(), []int{5}
 }
-func (x *GetUserAccessTokensResponse_AccessToken) GetAccessToken() string {
+func (x *CreateUserAccessTokenRequest) GetId() int32 {
 	if x != nil {
-		return x.AccessToken
+		return x.Id
 	}
-	return ""
+	return 0
 }
-func (x *GetUserAccessTokensResponse_AccessToken) GetDescription() string {
+func (x *CreateUserAccessTokenRequest) GetDescription() string {
 	if x != nil {
 		return x.Description
 	}
 	return ""
 }
-func (x *GetUserAccessTokensResponse_AccessToken) GetCreatedTime() *timestamppb.Timestamp {
+type CreateUserAccessTokenResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 	AccessToken *UserAccessToken `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
 }
 func (x *CreateUserAccessTokenResponse) Reset() {
 	*x = CreateUserAccessTokenResponse{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_api_v2_user_service_proto_msgTypes[6]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
 }
 func (x *CreateUserAccessTokenResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*CreateUserAccessTokenResponse) ProtoMessage() {}
 func (x *CreateUserAccessTokenResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v2_user_service_proto_msgTypes[6]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use CreateUserAccessTokenResponse.ProtoReflect.Descriptor instead.
 func (*CreateUserAccessTokenResponse) Descriptor() ([]byte, []int) {
 	return file_api_v2_user_service_proto_rawDescGZIP(), []int{6}
 }
 func (x *CreateUserAccessTokenResponse) GetAccessToken() *UserAccessToken {
 	if x != nil {
-		return x.CreatedTime
+		return x.AccessToken
 	}
 	return nil
 }
-func (x *GetUserAccessTokensResponse_AccessToken) GetExpiresTime() *timestamppb.Timestamp {
+type DeleteUserAccessTokenRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 	// id is the user id.
 	Id int32 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
 	// access_token is the access token to delete.
 	AccessToken string `protobuf:"bytes,2,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
 }
 func (x *DeleteUserAccessTokenRequest) Reset() {
 	*x = DeleteUserAccessTokenRequest{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_api_v2_user_service_proto_msgTypes[7]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
 }
 func (x *DeleteUserAccessTokenRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*DeleteUserAccessTokenRequest) ProtoMessage() {}
 func (x *DeleteUserAccessTokenRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v2_user_service_proto_msgTypes[7]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use DeleteUserAccessTokenRequest.ProtoReflect.Descriptor instead.
 func (*DeleteUserAccessTokenRequest) Descriptor() ([]byte, []int) {
 	return file_api_v2_user_service_proto_rawDescGZIP(), []int{7}
 }
 func (x *DeleteUserAccessTokenRequest) GetId() int32 {
 	if x != nil {
-		return x.ExpiresTime
+		return x.Id
 	}
 	return 0
 }
 func (x *DeleteUserAccessTokenRequest) GetAccessToken() string {
 	if x != nil {
 		return x.AccessToken
 	}
 	return ""
 }
 type DeleteUserAccessTokenResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 }
 func (x *DeleteUserAccessTokenResponse) Reset() {
 	*x = DeleteUserAccessTokenResponse{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_api_v2_user_service_proto_msgTypes[8]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
 }
 func (x *DeleteUserAccessTokenResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*DeleteUserAccessTokenResponse) ProtoMessage() {}
 func (x *DeleteUserAccessTokenResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v2_user_service_proto_msgTypes[8]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use DeleteUserAccessTokenResponse.ProtoReflect.Descriptor instead.
 func (*DeleteUserAccessTokenResponse) Descriptor() ([]byte, []int) {
 	return file_api_v2_user_service_proto_rawDescGZIP(), []int{8}
 }
 type UserAccessToken struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 	AccessToken string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
 	Description string                 `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
 	IssuedAt    *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
 	ExpiresAt   *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
 }
 func (x *UserAccessToken) Reset() {
 	*x = UserAccessToken{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_api_v2_user_service_proto_msgTypes[9]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
 }
 func (x *UserAccessToken) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*UserAccessToken) ProtoMessage() {}
 func (x *UserAccessToken) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v2_user_service_proto_msgTypes[9]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use UserAccessToken.ProtoReflect.Descriptor instead.
 func (*UserAccessToken) Descriptor() ([]byte, []int) {
 	return file_api_v2_user_service_proto_rawDescGZIP(), []int{9}
 }
 func (x *UserAccessToken) GetAccessToken() string {
 	if x != nil {
 		return x.AccessToken
 	}
 	return ""
 }
 func (x *UserAccessToken) GetDescription() string {
 	if x != nil {
 		return x.Description
 	}
 	return ""
 }
 func (x *UserAccessToken) GetIssuedAt() *timestamppb.Timestamp {
 	if x != nil {
 		return x.IssuedAt
 	}
 	return nil
 }
 func (x *UserAccessToken) GetExpiresAt() *timestamppb.Timestamp {
 	if x != nil {
 		return x.ExpiresAt
 	}
 	return nil
 }
@ -457,63 +656,102 @@ var file_api_v2_user_service_proto_rawDesc = []byte{
 	0x64, 0x22, 0x39, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70,
 	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x26, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x0b, 0x32, 0x12, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76,
-	0x32, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x22, 0x2c, 0x0a, 0x1a,
+	0x32, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x22, 0x2d, 0x0a, 0x1b,
-	0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b,
+	0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f,
-	0x65, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64,
+	0x6b, 0x65, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x02, 0x69, 0x64, 0x22, 0xcc, 0x02, 0x0a, 0x1b, 0x47,
+	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x02, 0x69, 0x64, 0x22, 0x62, 0x0a, 0x1c, 0x4c,
-	0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65,
+	0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b,
-	0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5a, 0x0a, 0x0d, 0x61, 0x63,
+	0x65, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x0d, 0x61,
-	0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03,
-	0x0b, 0x32, 0x35, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76,
-	0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f,
+	0x32, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65,
-	0x6b, 0x65, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x41, 0x63, 0x63,
+	0x6e, 0x52, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x22,
-	0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x50, 0x0a, 0x1c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63,
-	0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x1a, 0xd0, 0x01, 0x0a, 0x0b, 0x41, 0x63, 0x63, 0x65, 0x73,
+	0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x02, 0x69, 0x64, 0x12,
-	0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x63,
+	0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02,
-	0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x6e, 0x22, 0x61, 0x0a, 0x1d, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x41,
-	0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0c, 0x63,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x73, 0x65, 0x12, 0x40, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b,
-	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68,
-	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x63,
+	0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x65, 0x78,
+	0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54,
-	0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
+	0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x51, 0x0a, 0x1c, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73,
-	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x65, 0x78,
+	0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
-	0x70, 0x69, 0x72, 0x65, 0x73, 0x54, 0x69, 0x6d, 0x65, 0x2a, 0x31, 0x0a, 0x04, 0x52, 0x6f, 0x6c,
+	0x52, 0x02, 0x69, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74,
-	0x65, 0x12, 0x14, 0x0a, 0x10, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+	0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65,
-	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x44, 0x4d, 0x49, 0x4e,
+	0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x1f, 0x0a, 0x1d, 0x44, 0x65, 0x6c, 0x65, 0x74,
-	0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x55, 0x53, 0x45, 0x52, 0x10, 0x02, 0x32, 0x92, 0x02, 0x0a,
+	0x65, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e,
-	0x0b, 0x55, 0x73, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x67, 0x0a, 0x07,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xca, 0x01, 0x0a, 0x0f, 0x55, 0x73, 0x65,
-	0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x12, 0x1c, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e,
+	0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x21, 0x0a, 0x0c,
-	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65,
+	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70,
+	0x28, 0x09, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12,
-	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70,
+	0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1f, 0xda, 0x41, 0x02, 0x69, 0x64, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
-	0x14, 0x12, 0x12, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x73,
+	0x6e, 0x12, 0x37, 0x0a, 0x09, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x03,
-	0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0x99, 0x01, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x28, 0x2e,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
-	0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74,
+	0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x41, 0x74, 0x12, 0x39, 0x0a, 0x0a, 0x65, 0x78,
-	0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73,
+	0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63,
+	0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69,
-	0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x72, 0x65, 0x73, 0x41, 0x74, 0x2a, 0x31, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x14, 0x0a,
-	0x73, 0x65, 0x22, 0x2d, 0xda, 0x41, 0x02, 0x69, 0x64, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x22, 0x12,
+	0x10, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
-	0x20, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x73, 0x2f, 0x7b,
+	0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x44, 0x4d, 0x49, 0x4e, 0x10, 0x01, 0x12, 0x08,
 	0x0a, 0x04, 0x55, 0x53, 0x45, 0x52, 0x10, 0x02, 0x32, 0xf5, 0x04, 0x0a, 0x0b, 0x55, 0x73, 0x65,
 	0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x67, 0x0a, 0x07, 0x47, 0x65, 0x74, 0x55,
 	0x73, 0x65, 0x72, 0x12, 0x1c, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e,
 	0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
 	0x74, 0x1a, 0x1d, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
 	0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
 	0x22, 0x1f, 0xda, 0x41, 0x02, 0x69, 0x64, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x14, 0x12, 0x12, 0x2f,
 	0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x69, 0x64,
 	0x7d, 0x12, 0x9c, 0x01, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63,
 	0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x29, 0x2e, 0x73, 0x6c, 0x61,
 	0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73,
 	0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x52, 0x65,
 	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70,
 	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63,
 	0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
 	0x65, 0x22, 0x2d, 0xda, 0x41, 0x02, 0x69, 0x64, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x22, 0x12, 0x20,
 	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x69,
 	0x64, 0x7d, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73,
 	0x12, 0x9f, 0x01, 0x0a, 0x15, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x41,
 	0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2a, 0x2e, 0x73, 0x6c, 0x61,
 	0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
 	0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52,
 	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61,
 	0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72,
 	0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
 	0x6e, 0x73, 0x65, 0x22, 0x2d, 0xda, 0x41, 0x02, 0x69, 0x64, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x22,
 	0x22, 0x20, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x73, 0x2f,
 	0x7b, 0x69, 0x64, 0x7d, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65,
 	0x6e, 0x73, 0x12, 0xbb, 0x01, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65,
 	0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2a, 0x2e, 0x73,
 	0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x44, 0x65, 0x6c, 0x65,
 	0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65,
 	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68,
 	0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73,
 	0x65, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73,
 	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x49, 0xda, 0x41, 0x0f, 0x69, 0x64, 0x2c, 0x61, 0x63, 0x63,
 	0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x31, 0x2a,
 	0x2f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x73, 0x2f, 0x7b,
 	0x69, 0x64, 0x7d, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
-	0x73, 0x42, 0xa7, 0x01, 0x0a, 0x10, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e,
+	0x73, 0x2f, 0x7b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x7d,
-	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x42, 0x10, 0x55, 0x73, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76,
+	0x42, 0xa7, 0x01, 0x0a, 0x10, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x61,
-	0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68,
+	0x70, 0x69, 0x2e, 0x76, 0x32, 0x42, 0x10, 0x55, 0x73, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x6f, 0x6f, 0x6a, 0x61, 0x63, 0x6b, 0x2f, 0x73,
+	0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x6c, 0x61, 0x73, 0x68, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x61,
+	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x62, 0x6f, 0x6f, 0x6a, 0x61, 0x63, 0x6b, 0x2f, 0x73, 0x6c,
-	0x70, 0x69, 0x2f, 0x76, 0x32, 0x3b, 0x61, 0x70, 0x69, 0x76, 0x32, 0xa2, 0x02, 0x03, 0x53, 0x41,
+	0x61, 0x73, 0x68, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x61, 0x70,
-	0x58, 0xaa, 0x02, 0x0c, 0x53, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x41, 0x70, 0x69, 0x2e, 0x56, 0x32,
+	0x69, 0x2f, 0x76, 0x32, 0x3b, 0x61, 0x70, 0x69, 0x76, 0x32, 0xa2, 0x02, 0x03, 0x53, 0x41, 0x58,
-	0xca, 0x02, 0x0c, 0x53, 0x6c, 0x61, 0x73, 0x68, 0x5c, 0x41, 0x70, 0x69, 0x5c, 0x56, 0x32, 0xe2,
+	0xaa, 0x02, 0x0c, 0x53, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x41, 0x70, 0x69, 0x2e, 0x56, 0x32, 0xca,
-	0x02, 0x18, 0x53, 0x6c, 0x61, 0x73, 0x68, 0x5c, 0x41, 0x70, 0x69, 0x5c, 0x56, 0x32, 0x5c, 0x47,
+	0x02, 0x0c, 0x53, 0x6c, 0x61, 0x73, 0x68, 0x5c, 0x41, 0x70, 0x69, 0x5c, 0x56, 0x32, 0xe2, 0x02,
-	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0e, 0x53, 0x6c, 0x61,
+	0x18, 0x53, 0x6c, 0x61, 0x73, 0x68, 0x5c, 0x41, 0x70, 0x69, 0x5c, 0x56, 0x32, 0x5c, 0x47, 0x50,
-	0x73, 0x68, 0x3a, 0x3a, 0x41, 0x70, 0x69, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0e, 0x53, 0x6c, 0x61, 0x73,
-	0x74, 0x6f, 0x33,
+	0x68, 0x3a, 0x3a, 0x41, 0x70, 0x69, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x33,
 }
 var (
@ -529,34 +767,43 @@ func file_api_v2_user_service_proto_rawDescGZIP() []byte {
 }
 var file_api_v2_user_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_api_v2_user_service_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+var file_api_v2_user_service_proto_msgTypes = make([]protoimpl.MessageInfo, 10)
 var file_api_v2_user_service_proto_goTypes = []interface{}{
-	(Role)(0),                                       // 0: slash.api.v2.Role
+	(Role)(0),                             // 0: slash.api.v2.Role
-	(*User)(nil),                                    // 1: slash.api.v2.User
+	(*User)(nil),                          // 1: slash.api.v2.User
-	(*GetUserRequest)(nil),                          // 2: slash.api.v2.GetUserRequest
+	(*GetUserRequest)(nil),                // 2: slash.api.v2.GetUserRequest
-	(*GetUserResponse)(nil),                         // 3: slash.api.v2.GetUserResponse
+	(*GetUserResponse)(nil),               // 3: slash.api.v2.GetUserResponse
-	(*GetUserAccessTokensRequest)(nil),              // 4: slash.api.v2.GetUserAccessTokensRequest
+	(*ListUserAccessTokensRequest)(nil),   // 4: slash.api.v2.ListUserAccessTokensRequest
-	(*GetUserAccessTokensResponse)(nil),             // 5: slash.api.v2.GetUserAccessTokensResponse
+	(*ListUserAccessTokensResponse)(nil),  // 5: slash.api.v2.ListUserAccessTokensResponse
-	(*GetUserAccessTokensResponse_AccessToken)(nil), // 6: slash.api.v2.GetUserAccessTokensResponse.AccessToken
+	(*CreateUserAccessTokenRequest)(nil),  // 6: slash.api.v2.CreateUserAccessTokenRequest
-	(RowStatus)(0),                                  // 7: slash.api.v2.RowStatus
+	(*CreateUserAccessTokenResponse)(nil), // 7: slash.api.v2.CreateUserAccessTokenResponse
-	(*timestamppb.Timestamp)(nil),                   // 8: google.protobuf.Timestamp
+	(*DeleteUserAccessTokenRequest)(nil),  // 8: slash.api.v2.DeleteUserAccessTokenRequest
 	(*DeleteUserAccessTokenResponse)(nil), // 9: slash.api.v2.DeleteUserAccessTokenResponse
 	(*UserAccessToken)(nil),               // 10: slash.api.v2.UserAccessToken
 	(RowStatus)(0),                        // 11: slash.api.v2.RowStatus
 	(*timestamppb.Timestamp)(nil),         // 12: google.protobuf.Timestamp
 }
 var file_api_v2_user_service_proto_depIdxs = []int32{
-	7, // 0: slash.api.v2.User.row_status:type_name -> slash.api.v2.RowStatus
+	11, // 0: slash.api.v2.User.row_status:type_name -> slash.api.v2.RowStatus
-	0, // 1: slash.api.v2.User.role:type_name -> slash.api.v2.Role
+	0,  // 1: slash.api.v2.User.role:type_name -> slash.api.v2.Role
-	1, // 2: slash.api.v2.GetUserResponse.user:type_name -> slash.api.v2.User
+	1,  // 2: slash.api.v2.GetUserResponse.user:type_name -> slash.api.v2.User
-	6, // 3: slash.api.v2.GetUserAccessTokensResponse.access_tokens:type_name -> slash.api.v2.GetUserAccessTokensResponse.AccessToken
+	10, // 3: slash.api.v2.ListUserAccessTokensResponse.access_tokens:type_name -> slash.api.v2.UserAccessToken
-	8, // 4: slash.api.v2.GetUserAccessTokensResponse.AccessToken.created_time:type_name -> google.protobuf.Timestamp
+	10, // 4: slash.api.v2.CreateUserAccessTokenResponse.access_token:type_name -> slash.api.v2.UserAccessToken
-	8, // 5: slash.api.v2.GetUserAccessTokensResponse.AccessToken.expires_time:type_name -> google.protobuf.Timestamp
+	12, // 5: slash.api.v2.UserAccessToken.issued_at:type_name -> google.protobuf.Timestamp
-	2, // 6: slash.api.v2.UserService.GetUser:input_type -> slash.api.v2.GetUserRequest
+	12, // 6: slash.api.v2.UserAccessToken.expires_at:type_name -> google.protobuf.Timestamp
-	4, // 7: slash.api.v2.UserService.GetUserAccessTokens:input_type -> slash.api.v2.GetUserAccessTokensRequest
+	2,  // 7: slash.api.v2.UserService.GetUser:input_type -> slash.api.v2.GetUserRequest
-	3, // 8: slash.api.v2.UserService.GetUser:output_type -> slash.api.v2.GetUserResponse
+	4,  // 8: slash.api.v2.UserService.ListUserAccessTokens:input_type -> slash.api.v2.ListUserAccessTokensRequest
-	5, // 9: slash.api.v2.UserService.GetUserAccessTokens:output_type -> slash.api.v2.GetUserAccessTokensResponse
+	6,  // 9: slash.api.v2.UserService.CreateUserAccessToken:input_type -> slash.api.v2.CreateUserAccessTokenRequest
-	8, // [8:10] is the sub-list for method output_type
+	8,  // 10: slash.api.v2.UserService.DeleteUserAccessToken:input_type -> slash.api.v2.DeleteUserAccessTokenRequest
-	6, // [6:8] is the sub-list for method input_type
+	3,  // 11: slash.api.v2.UserService.GetUser:output_type -> slash.api.v2.GetUserResponse
-	6, // [6:6] is the sub-list for extension type_name
+	5,  // 12: slash.api.v2.UserService.ListUserAccessTokens:output_type -> slash.api.v2.ListUserAccessTokensResponse
-	6, // [6:6] is the sub-list for extension extendee
+	7,  // 13: slash.api.v2.UserService.CreateUserAccessToken:output_type -> slash.api.v2.CreateUserAccessTokenResponse
-	0, // [0:6] is the sub-list for field type_name
+	9,  // 14: slash.api.v2.UserService.DeleteUserAccessToken:output_type -> slash.api.v2.DeleteUserAccessTokenResponse
 	11, // [11:15] is the sub-list for method output_type
 	7,  // [7:11] is the sub-list for method input_type
 	7,  // [7:7] is the sub-list for extension type_name
 	7,  // [7:7] is the sub-list for extension extendee
 	0,  // [0:7] is the sub-list for field type_name
 }
 func init() { file_api_v2_user_service_proto_init() }
@ -603,7 +850,7 @@ func file_api_v2_user_service_proto_init() {
 			}
 		}
 		file_api_v2_user_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetUserAccessTokensRequest); i {
+			switch v := v.(*ListUserAccessTokensRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@ -615,7 +862,7 @@ func file_api_v2_user_service_proto_init() {
 			}
 		}
 		file_api_v2_user_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetUserAccessTokensResponse); i {
+			switch v := v.(*ListUserAccessTokensResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@ -627,7 +874,55 @@ func file_api_v2_user_service_proto_init() {
 			}
 		}
 		file_api_v2_user_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetUserAccessTokensResponse_AccessToken); i {
+			switch v := v.(*CreateUserAccessTokenRequest); i {
 			case 0:
 				return &v.state
 			case 1:
 				return &v.sizeCache
 			case 2:
 				return &v.unknownFields
 			default:
 				return nil
 			}
 		}
 		file_api_v2_user_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*CreateUserAccessTokenResponse); i {
 			case 0:
 				return &v.state
 			case 1:
 				return &v.sizeCache
 			case 2:
 				return &v.unknownFields
 			default:
 				return nil
 			}
 		}
 		file_api_v2_user_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DeleteUserAccessTokenRequest); i {
 			case 0:
 				return &v.state
 			case 1:
 				return &v.sizeCache
 			case 2:
 				return &v.unknownFields
 			default:
 				return nil
 			}
 		}
 		file_api_v2_user_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DeleteUserAccessTokenResponse); i {
 			case 0:
 				return &v.state
 			case 1:
 				return &v.sizeCache
 			case 2:
 				return &v.unknownFields
 			default:
 				return nil
 			}
 		}
 		file_api_v2_user_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*UserAccessToken); i {
 			case 0:
 				return &v.state
 			case 1:
@ -645,7 +940,7 @@ func file_api_v2_user_service_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_api_v2_user_service_proto_rawDesc,
 			NumEnums:      1,
-			NumMessages:   6,
+			NumMessages:   10,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
--- a/proto/gen/api/v2/user_service.pb.gw.go
+++ b/proto/gen/api/v2/user_service.pb.gw.go
@ -83,8 +83,8 @@ func local_request_UserService_GetUser_0(ctx context.Context, marshaler runtime.
 }
-func request_UserService_GetUserAccessTokens_0(ctx context.Context, marshaler runtime.Marshaler, client UserServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func request_UserService_ListUserAccessTokens_0(ctx context.Context, marshaler runtime.Marshaler, client UserServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq GetUserAccessTokensRequest
+	var protoReq ListUserAccessTokensRequest
 	var metadata runtime.ServerMetadata
 	var (
@ -104,13 +104,13 @@ func request_UserService_GetUserAccessTokens_0(ctx context.Context, marshaler ru
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
 	}
-	msg, err := client.GetUserAccessTokens(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	msg, err := client.ListUserAccessTokens(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 }
-func local_request_UserService_GetUserAccessTokens_0(ctx context.Context, marshaler runtime.Marshaler, server UserServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func local_request_UserService_ListUserAccessTokens_0(ctx context.Context, marshaler runtime.Marshaler, server UserServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq GetUserAccessTokensRequest
+	var protoReq ListUserAccessTokensRequest
 	var metadata runtime.ServerMetadata
 	var (
@ -130,7 +130,149 @@ func local_request_UserService_GetUserAccessTokens_0(ctx context.Context, marsha
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
 	}
-	msg, err := server.GetUserAccessTokens(ctx, &protoReq)
+	msg, err := server.ListUserAccessTokens(ctx, &protoReq)
 	return msg, metadata, err
 }
 var (
 	filter_UserService_CreateUserAccessToken_0 = &utilities.DoubleArray{Encoding: map[string]int{"id": 0}, Base: []int{1, 2, 0, 0}, Check: []int{0, 1, 2, 2}}
 )
 func request_UserService_CreateUserAccessToken_0(ctx context.Context, marshaler runtime.Marshaler, client UserServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var protoReq CreateUserAccessTokenRequest
 	var metadata runtime.ServerMetadata
 	var (
 		val string
 		ok  bool
 		err error
 		_   = err
 	)
 	val, ok = pathParams["id"]
 	if !ok {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
 	}
 	protoReq.Id, err = runtime.Int32(val)
 	if err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
 	}
 	if err := req.ParseForm(); err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
 	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_UserService_CreateUserAccessToken_0); err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
 	msg, err := client.CreateUserAccessToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 }
 func local_request_UserService_CreateUserAccessToken_0(ctx context.Context, marshaler runtime.Marshaler, server UserServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var protoReq CreateUserAccessTokenRequest
 	var metadata runtime.ServerMetadata
 	var (
 		val string
 		ok  bool
 		err error
 		_   = err
 	)
 	val, ok = pathParams["id"]
 	if !ok {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
 	}
 	protoReq.Id, err = runtime.Int32(val)
 	if err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
 	}
 	if err := req.ParseForm(); err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
 	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_UserService_CreateUserAccessToken_0); err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
 	msg, err := server.CreateUserAccessToken(ctx, &protoReq)
 	return msg, metadata, err
 }
 func request_UserService_DeleteUserAccessToken_0(ctx context.Context, marshaler runtime.Marshaler, client UserServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var protoReq DeleteUserAccessTokenRequest
 	var metadata runtime.ServerMetadata
 	var (
 		val string
 		ok  bool
 		err error
 		_   = err
 	)
 	val, ok = pathParams["id"]
 	if !ok {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
 	}
 	protoReq.Id, err = runtime.Int32(val)
 	if err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
 	}
 	val, ok = pathParams["access_token"]
 	if !ok {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "access_token")
 	}
 	protoReq.AccessToken, err = runtime.String(val)
 	if err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "access_token", err)
 	}
 	msg, err := client.DeleteUserAccessToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 }
 func local_request_UserService_DeleteUserAccessToken_0(ctx context.Context, marshaler runtime.Marshaler, server UserServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var protoReq DeleteUserAccessTokenRequest
 	var metadata runtime.ServerMetadata
 	var (
 		val string
 		ok  bool
 		err error
 		_   = err
 	)
 	val, ok = pathParams["id"]
 	if !ok {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
 	}
 	protoReq.Id, err = runtime.Int32(val)
 	if err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
 	}
 	val, ok = pathParams["access_token"]
 	if !ok {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "access_token")
 	}
 	protoReq.AccessToken, err = runtime.String(val)
 	if err != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "access_token", err)
 	}
 	msg, err := server.DeleteUserAccessToken(ctx, &protoReq)
 	return msg, metadata, err
 }
@ -166,7 +308,7 @@ func RegisterUserServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux
 	})
-	mux.Handle("GET", pattern_UserService_GetUserAccessTokens_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle("GET", pattern_UserService_ListUserAccessTokens_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		var stream runtime.ServerTransportStream
@ -174,12 +316,12 @@ func RegisterUserServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
 		var err error
 		var annotatedContext context.Context
-		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/slash.api.v2.UserService/GetUserAccessTokens", runtime.WithHTTPPathPattern("/api/v2/users/{id}/access_tokens"))
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/slash.api.v2.UserService/ListUserAccessTokens", runtime.WithHTTPPathPattern("/api/v2/users/{id}/access_tokens"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := local_request_UserService_GetUserAccessTokens_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		resp, md, err := local_request_UserService_ListUserAccessTokens_0(annotatedContext, inboundMarshaler, server, req, pathParams)
 		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
@ -187,7 +329,57 @@ func RegisterUserServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux
 			return
 		}
-		forward_UserService_GetUserAccessTokens_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_UserService_ListUserAccessTokens_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
 	mux.Handle("POST", pattern_UserService_CreateUserAccessToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
 		var err error
 		var annotatedContext context.Context
 		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/slash.api.v2.UserService/CreateUserAccessToken", runtime.WithHTTPPathPattern("/api/v2/users/{id}/access_tokens"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
 		resp, md, err := local_request_UserService_CreateUserAccessToken_0(annotatedContext, inboundMarshaler, server, req, pathParams)
 		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
 		forward_UserService_CreateUserAccessToken_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
 	mux.Handle("DELETE", pattern_UserService_DeleteUserAccessToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
 		var err error
 		var annotatedContext context.Context
 		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/slash.api.v2.UserService/DeleteUserAccessToken", runtime.WithHTTPPathPattern("/api/v2/users/{id}/access_tokens/{access_token}"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
 		resp, md, err := local_request_UserService_DeleteUserAccessToken_0(annotatedContext, inboundMarshaler, server, req, pathParams)
 		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
 		forward_UserService_DeleteUserAccessToken_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
@ -254,25 +446,69 @@ func RegisterUserServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux
 	})
-	mux.Handle("GET", pattern_UserService_GetUserAccessTokens_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle("GET", pattern_UserService_ListUserAccessTokens_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
 		var err error
 		var annotatedContext context.Context
-		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/slash.api.v2.UserService/GetUserAccessTokens", runtime.WithHTTPPathPattern("/api/v2/users/{id}/access_tokens"))
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/slash.api.v2.UserService/ListUserAccessTokens", runtime.WithHTTPPathPattern("/api/v2/users/{id}/access_tokens"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_UserService_GetUserAccessTokens_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		resp, md, err := request_UserService_ListUserAccessTokens_0(annotatedContext, inboundMarshaler, client, req, pathParams)
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		forward_UserService_GetUserAccessTokens_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_UserService_ListUserAccessTokens_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
 	mux.Handle("POST", pattern_UserService_CreateUserAccessToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
 		var err error
 		var annotatedContext context.Context
 		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/slash.api.v2.UserService/CreateUserAccessToken", runtime.WithHTTPPathPattern("/api/v2/users/{id}/access_tokens"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
 		resp, md, err := request_UserService_CreateUserAccessToken_0(annotatedContext, inboundMarshaler, client, req, pathParams)
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
 		forward_UserService_CreateUserAccessToken_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
 	mux.Handle("DELETE", pattern_UserService_DeleteUserAccessToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
 		var err error
 		var annotatedContext context.Context
 		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/slash.api.v2.UserService/DeleteUserAccessToken", runtime.WithHTTPPathPattern("/api/v2/users/{id}/access_tokens/{access_token}"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
 		resp, md, err := request_UserService_DeleteUserAccessToken_0(annotatedContext, inboundMarshaler, client, req, pathParams)
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
 		forward_UserService_DeleteUserAccessToken_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
@ -282,11 +518,19 @@ func RegisterUserServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux
 var (
 	pattern_UserService_GetUser_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v2", "users", "id"}, ""))
-	pattern_UserService_GetUserAccessTokens_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v2", "users", "id", "access_tokens"}, ""))
+	pattern_UserService_ListUserAccessTokens_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v2", "users", "id", "access_tokens"}, ""))
 	pattern_UserService_CreateUserAccessToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v2", "users", "id", "access_tokens"}, ""))
 	pattern_UserService_DeleteUserAccessToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5}, []string{"api", "v2", "users", "id", "access_tokens", "access_token"}, ""))
 )
 var (
 	forward_UserService_GetUser_0 = runtime.ForwardResponseMessage
-	forward_UserService_GetUserAccessTokens_0 = runtime.ForwardResponseMessage
+	forward_UserService_ListUserAccessTokens_0 = runtime.ForwardResponseMessage
 	forward_UserService_CreateUserAccessToken_0 = runtime.ForwardResponseMessage
 	forward_UserService_DeleteUserAccessToken_0 = runtime.ForwardResponseMessage
 )
--- a/proto/gen/api/v2/user_service_grpc.pb.go
+++ b/proto/gen/api/v2/user_service_grpc.pb.go
@ -19,8 +19,10 @@ import (
 const _ = grpc.SupportPackageIsVersion7
 const (
-	UserService_GetUser_FullMethodName             = "/slash.api.v2.UserService/GetUser"
+	UserService_GetUser_FullMethodName               = "/slash.api.v2.UserService/GetUser"
-	UserService_GetUserAccessTokens_FullMethodName = "/slash.api.v2.UserService/GetUserAccessTokens"
+	UserService_ListUserAccessTokens_FullMethodName  = "/slash.api.v2.UserService/ListUserAccessTokens"
 	UserService_CreateUserAccessToken_FullMethodName = "/slash.api.v2.UserService/CreateUserAccessToken"
 	UserService_DeleteUserAccessToken_FullMethodName = "/slash.api.v2.UserService/DeleteUserAccessToken"
 )
 // UserServiceClient is the client API for UserService service.
@ -29,8 +31,12 @@ const (
 type UserServiceClient interface {
 	// GetUser returns a user by id.
 	GetUser(ctx context.Context, in *GetUserRequest, opts ...grpc.CallOption) (*GetUserResponse, error)
-	// GetUserAccessTokens returns a list of access tokens for a user.
+	// ListUserAccessTokens returns a list of access tokens for a user.
-	GetUserAccessTokens(ctx context.Context, in *GetUserAccessTokensRequest, opts ...grpc.CallOption) (*GetUserAccessTokensResponse, error)
+	ListUserAccessTokens(ctx context.Context, in *ListUserAccessTokensRequest, opts ...grpc.CallOption) (*ListUserAccessTokensResponse, error)
 	// CreateUserAccessToken creates a new access token for a user.
 	CreateUserAccessToken(ctx context.Context, in *CreateUserAccessTokenRequest, opts ...grpc.CallOption) (*CreateUserAccessTokenResponse, error)
 	// DeleteUserAccessToken deletes an access token for a user.
 	DeleteUserAccessToken(ctx context.Context, in *DeleteUserAccessTokenRequest, opts ...grpc.CallOption) (*DeleteUserAccessTokenResponse, error)
 }
 type userServiceClient struct {
@ -50,9 +56,27 @@ func (c *userServiceClient) GetUser(ctx context.Context, in *GetUserRequest, opt
 	return out, nil
 }
-func (c *userServiceClient) GetUserAccessTokens(ctx context.Context, in *GetUserAccessTokensRequest, opts ...grpc.CallOption) (*GetUserAccessTokensResponse, error) {
+func (c *userServiceClient) ListUserAccessTokens(ctx context.Context, in *ListUserAccessTokensRequest, opts ...grpc.CallOption) (*ListUserAccessTokensResponse, error) {
-	out := new(GetUserAccessTokensResponse)
+	out := new(ListUserAccessTokensResponse)
-	err := c.cc.Invoke(ctx, UserService_GetUserAccessTokens_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, UserService_ListUserAccessTokens_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *userServiceClient) CreateUserAccessToken(ctx context.Context, in *CreateUserAccessTokenRequest, opts ...grpc.CallOption) (*CreateUserAccessTokenResponse, error) {
 	out := new(CreateUserAccessTokenResponse)
 	err := c.cc.Invoke(ctx, UserService_CreateUserAccessToken_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *userServiceClient) DeleteUserAccessToken(ctx context.Context, in *DeleteUserAccessTokenRequest, opts ...grpc.CallOption) (*DeleteUserAccessTokenResponse, error) {
 	out := new(DeleteUserAccessTokenResponse)
 	err := c.cc.Invoke(ctx, UserService_DeleteUserAccessToken_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@ -65,8 +89,12 @@ func (c *userServiceClient) GetUserAccessTokens(ctx context.Context, in *GetUser
 type UserServiceServer interface {
 	// GetUser returns a user by id.
 	GetUser(context.Context, *GetUserRequest) (*GetUserResponse, error)
-	// GetUserAccessTokens returns a list of access tokens for a user.
+	// ListUserAccessTokens returns a list of access tokens for a user.
-	GetUserAccessTokens(context.Context, *GetUserAccessTokensRequest) (*GetUserAccessTokensResponse, error)
+	ListUserAccessTokens(context.Context, *ListUserAccessTokensRequest) (*ListUserAccessTokensResponse, error)
 	// CreateUserAccessToken creates a new access token for a user.
 	CreateUserAccessToken(context.Context, *CreateUserAccessTokenRequest) (*CreateUserAccessTokenResponse, error)
 	// DeleteUserAccessToken deletes an access token for a user.
 	DeleteUserAccessToken(context.Context, *DeleteUserAccessTokenRequest) (*DeleteUserAccessTokenResponse, error)
 	mustEmbedUnimplementedUserServiceServer()
 }
@ -77,8 +105,14 @@ type UnimplementedUserServiceServer struct {
 func (UnimplementedUserServiceServer) GetUser(context.Context, *GetUserRequest) (*GetUserResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetUser not implemented")
 }
-func (UnimplementedUserServiceServer) GetUserAccessTokens(context.Context, *GetUserAccessTokensRequest) (*GetUserAccessTokensResponse, error) {
+func (UnimplementedUserServiceServer) ListUserAccessTokens(context.Context, *ListUserAccessTokensRequest) (*ListUserAccessTokensResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetUserAccessTokens not implemented")
+	return nil, status.Errorf(codes.Unimplemented, "method ListUserAccessTokens not implemented")
 }
 func (UnimplementedUserServiceServer) CreateUserAccessToken(context.Context, *CreateUserAccessTokenRequest) (*CreateUserAccessTokenResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method CreateUserAccessToken not implemented")
 }
 func (UnimplementedUserServiceServer) DeleteUserAccessToken(context.Context, *DeleteUserAccessTokenRequest) (*DeleteUserAccessTokenResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method DeleteUserAccessToken not implemented")
 }
 func (UnimplementedUserServiceServer) mustEmbedUnimplementedUserServiceServer() {}
@ -111,20 +145,56 @@ func _UserService_GetUser_Handler(srv interface{}, ctx context.Context, dec func
 	return interceptor(ctx, in, info, handler)
 }
-func _UserService_GetUserAccessTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+func _UserService_ListUserAccessTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetUserAccessTokensRequest)
+	in := new(ListUserAccessTokensRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(UserServiceServer).GetUserAccessTokens(ctx, in)
+		return srv.(UserServiceServer).ListUserAccessTokens(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: UserService_GetUserAccessTokens_FullMethodName,
+		FullMethod: UserService_ListUserAccessTokens_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(UserServiceServer).GetUserAccessTokens(ctx, req.(*GetUserAccessTokensRequest))
+		return srv.(UserServiceServer).ListUserAccessTokens(ctx, req.(*ListUserAccessTokensRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _UserService_CreateUserAccessToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(CreateUserAccessTokenRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(UserServiceServer).CreateUserAccessToken(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: UserService_CreateUserAccessToken_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(UserServiceServer).CreateUserAccessToken(ctx, req.(*CreateUserAccessTokenRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _UserService_DeleteUserAccessToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(DeleteUserAccessTokenRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(UserServiceServer).DeleteUserAccessToken(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: UserService_DeleteUserAccessToken_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(UserServiceServer).DeleteUserAccessToken(ctx, req.(*DeleteUserAccessTokenRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@ -141,8 +211,16 @@ var UserService_ServiceDesc = grpc.ServiceDesc{
 			Handler:    _UserService_GetUser_Handler,
 		},
 		{
-			MethodName: "GetUserAccessTokens",
+			MethodName: "ListUserAccessTokens",
-			Handler:    _UserService_GetUserAccessTokens_Handler,
+			Handler:    _UserService_ListUserAccessTokens_Handler,
 		},
 		{
 			MethodName: "CreateUserAccessToken",
 			Handler:    _UserService_CreateUserAccessToken_Handler,
 		},
 		{
 			MethodName: "DeleteUserAccessToken",
 			Handler:    _UserService_DeleteUserAccessToken_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},