# =============================================== # AUTHENTICATION # =============================================== extend type Query { authentication: AuthenticationQuery } extend type Mutation { authentication: AuthenticationMutation } # ----------------------------------------------- # QUERIES # ----------------------------------------------- type AuthenticationQuery { apiKeys: [AuthenticationApiKey] @auth(requires: ["manage:system", "manage:api"]) apiState: Boolean! @auth(requires: ["manage:system", "manage:api"]) strategies: [AuthenticationStrategy] @auth(requires: ["manage:system"]) activeStrategies: [AuthenticationActiveStrategy] } # ----------------------------------------------- # MUTATIONS # ----------------------------------------------- type AuthenticationMutation { createApiKey( name: String! expiration: String! fullAccess: Boolean! group: Int ): AuthenticationCreateApiKeyResponse @auth(requires: ["manage:system", "manage:api"]) login( username: String! password: String! strategy: String! ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) loginTFA( continuationToken: String! securityCode: String! ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) loginChangePassword( continuationToken: String! newPassword: String! ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60) register( email: String! password: String! name: String! ): AuthenticationRegisterResponse revokeApiKey( id: Int! ): DefaultResponse @auth(requires: ["manage:system", "manage:api"]) setApiState( enabled: Boolean! ): DefaultResponse @auth(requires: ["manage:system", "manage:api"]) updateStrategies( strategies: [AuthenticationStrategyInput]! ): DefaultResponse @auth(requires: ["manage:system"]) regenerateCertificates: DefaultResponse @auth(requires: ["manage:system"]) resetGuestUser: DefaultResponse @auth(requires: ["manage:system"]) } # ----------------------------------------------- # TYPES # ----------------------------------------------- type AuthenticationStrategy { key: String! props: [KeyValuePair] @auth(requires: ["manage:system"]) title: String! description: String isAvailable: Boolean useForm: Boolean! usernameLabel: String logo: String color: String website: String icon: String } type AuthenticationActiveStrategy { key: String! strategy: AuthenticationStrategy! displayName: String! order: Int! config: [KeyValuePair] @auth(requires: ["manage:system"]) selfRegistration: Boolean! domainWhitelist: [String]! @auth(requires: ["manage:system"]) autoEnrollGroups: [Int]! @auth(requires: ["manage:system"]) } type AuthenticationLoginResponse { responseResult: ResponseStatus jwt: String mustChangePwd: Boolean mustProvideTFA: Boolean continuationToken: String redirect: String } type AuthenticationRegisterResponse { responseResult: ResponseStatus jwt: String } input AuthenticationStrategyInput { key: String! strategyKey: String! config: [KeyValuePairInput] displayName: String! order: Int! selfRegistration: Boolean! domainWhitelist: [String]! autoEnrollGroups: [Int]! } type AuthenticationApiKey { id: Int! name: String! keyShort: String! expiration: Date! createdAt: Date! updatedAt: Date! isRevoked: Boolean! } type AuthenticationCreateApiKeyResponse { responseResult: ResponseStatus key: String }