# =============================================== # AUTHENTICATION # =============================================== extend type Query { apiKeys: [AuthenticationApiKey] apiState: Boolean authStrategies: [AuthenticationStrategy] authSiteStrategies( siteId: UUID! enabledOnly: Boolean ): [AuthenticationSiteStrategy] } extend type Mutation { createApiKey( name: String! expiration: String! fullAccess: Boolean! group: Int ): AuthenticationCreateApiKeyResponse login( username: String! password: String! strategy: String! ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) loginTFA( continuationToken: String! securityCode: String! setup: Boolean ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) loginChangePassword( continuationToken: String! newPassword: String! ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) forgotPassword( email: String! ): DefaultResponse @rateLimit(limit: 3, duration: 60) register( email: String! password: String! name: String! ): AuthenticationRegisterResponse revokeApiKey( id: Int! ): DefaultResponse setApiState( enabled: Boolean! ): DefaultResponse updateAuthStrategies( strategies: [AuthenticationStrategyInput]! ): DefaultResponse regenerateCertificates: DefaultResponse resetGuestUser: DefaultResponse } # ----------------------------------------------- # TYPES # ----------------------------------------------- type AuthenticationStrategy { key: String props: [KeyValuePair] title: String description: String isAvailable: Boolean useForm: Boolean usernameType: String logo: String color: String website: String icon: String } type AuthenticationSiteStrategy { key: String strategy: AuthenticationStrategy displayName: String order: Int isEnabled: Boolean config: [KeyValuePair] selfRegistration: Boolean domainWhitelist: [String] autoEnrollGroups: [Int] } type AuthenticationLoginResponse { operation: Operation jwt: String mustChangePwd: Boolean mustProvideTFA: Boolean mustSetupTFA: Boolean continuationToken: String redirect: String tfaQRImage: String } type AuthenticationRegisterResponse { operation: Operation jwt: String } input AuthenticationStrategyInput { key: String! strategyKey: String! config: [KeyValuePairInput] displayName: String! order: Int! isEnabled: Boolean! selfRegistration: Boolean! domainWhitelist: [String]! autoEnrollGroups: [Int]! } type AuthenticationApiKey { id: Int! name: String! keyShort: String! expiration: Date! createdAt: Date! updatedAt: Date! isRevoked: Boolean! } type AuthenticationCreateApiKeyResponse { operation: Operation key: String }