# =============================================== # AUTHENTICATION # =============================================== extend type Query { apiKeys: [AuthenticationApiKey] apiState: Boolean authStrategies: [AuthenticationStrategy] authActiveStrategies( enabledOnly: Boolean ): [AuthenticationActiveStrategy] authSiteStrategies( siteId: UUID! visibleOnly: Boolean ): [AuthenticationSiteStrategy] } extend type Mutation { createApiKey( name: String! expiration: String! groups: [UUID]! ): AuthenticationCreateApiKeyResponse login( username: String! password: String! strategyId: UUID! siteId: UUID ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) loginTFA( continuationToken: String! securityCode: String! setup: Boolean ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) changePassword( userId: UUID continuationToken: String currentPassword: String newPassword: String! strategyId: UUID! siteId: UUID ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) forgotPassword( email: String! ): DefaultResponse @rateLimit(limit: 3, duration: 60) register( email: String! password: String! name: String! ): AuthenticationRegisterResponse refreshToken( token: String! ): AuthenticationTokenResponse @rateLimit(limit: 30, duration: 60) revokeApiKey( id: UUID! ): DefaultResponse setApiState( enabled: Boolean! ): DefaultResponse updateAuthStrategies( strategies: [AuthenticationStrategyInput]! ): DefaultResponse regenerateCertificates: DefaultResponse resetGuestUser: DefaultResponse } # ----------------------------------------------- # TYPES # ----------------------------------------------- type AuthenticationStrategy { key: String props: JSON refs: JSON title: String description: String isAvailable: Boolean useForm: Boolean usernameType: String logo: String color: String vendor: String website: String icon: String } type AuthenticationActiveStrategy { id: UUID strategy: AuthenticationStrategy displayName: String isEnabled: Boolean config: JSON selfRegistration: Boolean allowedEmailRegex: String autoEnrollGroups: [UUID] } type AuthenticationSiteStrategy { id: UUID activeStrategy: AuthenticationActiveStrategy isVisible: Boolean } type AuthenticationLoginResponse { operation: Operation jwt: String mustChangePwd: Boolean mustProvideTFA: Boolean mustSetupTFA: Boolean continuationToken: String redirect: String tfaQRImage: String } type AuthenticationRegisterResponse { operation: Operation jwt: String } type AuthenticationTokenResponse { operation: Operation jwt: String } input AuthenticationStrategyInput { key: String! strategyKey: String! config: [KeyValuePairInput] displayName: String! order: Int! isEnabled: Boolean! selfRegistration: Boolean! allowedEmailRegex: String! autoEnrollGroups: [UUID]! } type AuthenticationApiKey { id: UUID name: String keyShort: String expiration: Date createdAt: Date updatedAt: Date isRevoked: Boolean } type AuthenticationCreateApiKeyResponse { operation: Operation key: String }