# ===============================================
# AUTHENTICATION
# ===============================================
extend type Query {
apiKeys: [AuthenticationApiKey]
apiState: Boolean
authStrategies: [AuthenticationStrategy]
authActiveStrategies(
enabledOnly: Boolean
): [AuthenticationActiveStrategy]
authSiteStrategies(
siteId: UUID!
visibleOnly: Boolean
): [AuthenticationSiteStrategy]
}
extend type Mutation {
createApiKey(
name: String!
expiration: String!
groups: [UUID]!
): AuthenticationCreateApiKeyResponse
login(
username: String!
password: String!
strategyId: UUID!
siteId: UUID!
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
loginTFA(
continuationToken: String!
securityCode: String!
strategyId: UUID!
siteId: UUID!
setup: Boolean
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
setupTFA(
strategyId: UUID!
siteId: UUID!
): AuthenticationSetupTFAResponse
deactivateTFA(
strategyId: UUID!
): DefaultResponse
setupPasskey(
siteId: UUID!
): AuthenticationSetupPasskeyResponse
finalizePasskey(
registrationResponse: JSON!
name: String!
): DefaultResponse
deactivatePasskey(
id: UUID!
): DefaultResponse
authenticatePasskeyGenerate(
email: String!
siteId: UUID!
): AuthenticationPasskeyResponse @rateLimit(limit: 5, duration: 60)
authenticatePasskeyVerify(
authResponse: JSON!
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
changePassword(
continuationToken: String
currentPassword: String
newPassword: String!
strategyId: UUID!
siteId: UUID!
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
forgotPassword(
email: String!
): DefaultResponse @rateLimit(limit: 3, duration: 60)
register(
email: String!
password: String!
name: String!
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
refreshToken(
token: String!
): AuthenticationTokenResponse @rateLimit(limit: 30, duration: 60)
revokeApiKey(
id: UUID!
): DefaultResponse
setApiState(
enabled: Boolean!
): DefaultResponse
updateAuthStrategies(
strategies: [AuthenticationStrategyInput]!
): DefaultResponse
regenerateCertificates: DefaultResponse
resetGuestUser: DefaultResponse
}
# -----------------------------------------------
# TYPES
# -----------------------------------------------
type AuthenticationStrategy {
key: String
props: JSON
refs: JSON
title: String
description: String
isAvailable: Boolean
useForm: Boolean
usernameType: String
logo: String
color: String
vendor: String
website: String
icon: String
}
type AuthenticationActiveStrategy {
id: UUID
strategy: AuthenticationStrategy
displayName: String
isEnabled: Boolean
config: JSON
registration: Boolean
allowedEmailRegex: String
autoEnrollGroups: [UUID]
}
type AuthenticationSiteStrategy {
id: UUID
activeStrategy: AuthenticationActiveStrategy
isVisible: Boolean
}
type AuthenticationAuthResponse {
operation: Operation
jwt: String
nextAction: AuthenticationNextAction
continuationToken: String
redirect: String
tfaQRImage: String
}
type AuthenticationTokenResponse {
operation: Operation
jwt: String
}
type AuthenticationSetupTFAResponse {
operation: Operation
continuationToken: String
tfaQRImage: String
}
type AuthenticationSetupPasskeyResponse {
operation: Operation
registrationOptions: JSON
}
type AuthenticationPasskeyResponse {
operation: Operation
authOptions: JSON
}
input AuthenticationStrategyInput {
key: String!
strategyKey: String!
config: JSON!
displayName: String!
order: Int!
isEnabled: Boolean!
registration: Boolean!
allowedEmailRegex: String!
autoEnrollGroups: [UUID]!
}
type AuthenticationApiKey {
id: UUID
name: String
keyShort: String
expiration: Date
createdAt: Date
updatedAt: Date
isRevoked: Boolean
}
type AuthenticationCreateApiKeyResponse {
operation: Operation
key: String
}
enum AuthenticationNextAction {
changePassword
setupTfa
provideTfa
redirect
}