|
|
|
# ===============================================
|
|
|
|
# AUTHENTICATION
|
|
|
|
# ===============================================
|
|
|
|
|
|
|
|
extend type Query {
|
|
|
|
apiKeys: [AuthenticationApiKey]
|
|
|
|
|
|
|
|
apiState: Boolean
|
|
|
|
|
|
|
|
authStrategies: [AuthenticationStrategy]
|
|
|
|
|
|
|
|
authActiveStrategies(
|
|
|
|
enabledOnly: Boolean
|
|
|
|
): [AuthenticationActiveStrategy]
|
|
|
|
|
|
|
|
authSiteStrategies(
|
|
|
|
siteId: UUID!
|
|
|
|
visibleOnly: Boolean
|
|
|
|
): [AuthenticationSiteStrategy]
|
|
|
|
}
|
|
|
|
|
|
|
|
extend type Mutation {
|
|
|
|
createApiKey(
|
|
|
|
name: String!
|
|
|
|
expiration: String!
|
|
|
|
groups: [UUID]!
|
|
|
|
): AuthenticationCreateApiKeyResponse
|
|
|
|
|
|
|
|
login(
|
|
|
|
username: String!
|
|
|
|
password: String!
|
|
|
|
strategyId: UUID!
|
|
|
|
siteId: UUID!
|
|
|
|
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
|
|
|
|
|
|
|
|
loginTFA(
|
|
|
|
continuationToken: String!
|
|
|
|
securityCode: String!
|
|
|
|
strategyId: UUID!
|
|
|
|
siteId: UUID!
|
|
|
|
setup: Boolean
|
|
|
|
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
|
|
|
|
|
|
|
|
changePassword(
|
|
|
|
userId: UUID
|
|
|
|
continuationToken: String
|
|
|
|
currentPassword: String
|
|
|
|
newPassword: String!
|
|
|
|
strategyId: UUID!
|
|
|
|
siteId: UUID
|
|
|
|
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
|
|
|
|
|
|
|
|
forgotPassword(
|
|
|
|
email: String!
|
|
|
|
): DefaultResponse @rateLimit(limit: 3, duration: 60)
|
|
|
|
|
|
|
|
register(
|
|
|
|
email: String!
|
|
|
|
password: String!
|
|
|
|
name: String!
|
|
|
|
): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
|
|
|
|
|
|
|
|
refreshToken(
|
|
|
|
token: String!
|
|
|
|
): AuthenticationTokenResponse @rateLimit(limit: 30, duration: 60)
|
|
|
|
|
|
|
|
revokeApiKey(
|
|
|
|
id: UUID!
|
|
|
|
): DefaultResponse
|
|
|
|
|
|
|
|
setApiState(
|
|
|
|
enabled: Boolean!
|
|
|
|
): DefaultResponse
|
|
|
|
|
|
|
|
updateAuthStrategies(
|
|
|
|
strategies: [AuthenticationStrategyInput]!
|
|
|
|
): DefaultResponse
|
|
|
|
|
|
|
|
regenerateCertificates: DefaultResponse
|
|
|
|
|
|
|
|
resetGuestUser: DefaultResponse
|
|
|
|
}
|
|
|
|
|
|
|
|
# -----------------------------------------------
|
|
|
|
# TYPES
|
|
|
|
# -----------------------------------------------
|
|
|
|
|
|
|
|
type AuthenticationStrategy {
|
|
|
|
key: String
|
|
|
|
props: JSON
|
|
|
|
refs: JSON
|
|
|
|
title: String
|
|
|
|
description: String
|
|
|
|
isAvailable: Boolean
|
|
|
|
useForm: Boolean
|
|
|
|
usernameType: String
|
|
|
|
logo: String
|
|
|
|
color: String
|
|
|
|
vendor: String
|
|
|
|
website: String
|
|
|
|
icon: String
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationActiveStrategy {
|
|
|
|
id: UUID
|
|
|
|
strategy: AuthenticationStrategy
|
|
|
|
displayName: String
|
|
|
|
isEnabled: Boolean
|
|
|
|
config: JSON
|
|
|
|
registration: Boolean
|
|
|
|
allowedEmailRegex: String
|
|
|
|
autoEnrollGroups: [UUID]
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationSiteStrategy {
|
|
|
|
id: UUID
|
|
|
|
activeStrategy: AuthenticationActiveStrategy
|
|
|
|
isVisible: Boolean
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationAuthResponse {
|
|
|
|
operation: Operation
|
|
|
|
jwt: String
|
|
|
|
nextAction: AuthenticationNextAction
|
|
|
|
continuationToken: String
|
|
|
|
redirect: String
|
|
|
|
tfaQRImage: String
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationTokenResponse {
|
|
|
|
operation: Operation
|
|
|
|
jwt: String
|
|
|
|
}
|
|
|
|
|
|
|
|
input AuthenticationStrategyInput {
|
|
|
|
key: String!
|
|
|
|
strategyKey: String!
|
|
|
|
config: JSON!
|
|
|
|
displayName: String!
|
|
|
|
order: Int!
|
|
|
|
isEnabled: Boolean!
|
|
|
|
registration: Boolean!
|
|
|
|
allowedEmailRegex: String!
|
|
|
|
autoEnrollGroups: [UUID]!
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationApiKey {
|
|
|
|
id: UUID
|
|
|
|
name: String
|
|
|
|
keyShort: String
|
|
|
|
expiration: Date
|
|
|
|
createdAt: Date
|
|
|
|
updatedAt: Date
|
|
|
|
isRevoked: Boolean
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationCreateApiKeyResponse {
|
|
|
|
operation: Operation
|
|
|
|
key: String
|
|
|
|
}
|
|
|
|
|
|
|
|
enum AuthenticationNextAction {
|
|
|
|
changePassword
|
|
|
|
setupTfa
|
|
|
|
provideTfa
|
|
|
|
redirect
|
|
|
|
}
|