authentication.graphql 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
  1. # ===============================================
  2. # AUTHENTICATION
  3. # ===============================================
  4. extend type Query {
  5. apiKeys: [AuthenticationApiKey]
  6. apiState: Boolean
  7. authStrategies: [AuthenticationStrategy]
  8. authActiveStrategies(
  9. enabledOnly: Boolean
  10. ): [AuthenticationActiveStrategy]
  11. authSiteStrategies(
  12. siteId: UUID!
  13. visibleOnly: Boolean
  14. ): [AuthenticationSiteStrategy]
  15. }
  16. extend type Mutation {
  17. createApiKey(
  18. name: String!
  19. expiration: String!
  20. groups: [UUID]!
  21. ): AuthenticationCreateApiKeyResponse
  22. login(
  23. username: String!
  24. password: String!
  25. strategyId: UUID!
  26. siteId: UUID!
  27. ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
  28. loginTFA(
  29. continuationToken: String!
  30. securityCode: String!
  31. strategyId: UUID!
  32. siteId: UUID!
  33. setup: Boolean
  34. ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
  35. setupTFA(
  36. strategyId: UUID!
  37. siteId: UUID!
  38. ): AuthenticationSetupTFAResponse
  39. deactivateTFA(
  40. strategyId: UUID!
  41. ): DefaultResponse
  42. setupPasskey(
  43. siteId: UUID!
  44. ): AuthenticationSetupPasskeyResponse
  45. finalizePasskey(
  46. registrationResponse: JSON!
  47. name: String!
  48. ): DefaultResponse
  49. deactivatePasskey(
  50. id: UUID!
  51. ): DefaultResponse
  52. changePassword(
  53. continuationToken: String
  54. currentPassword: String
  55. newPassword: String!
  56. strategyId: UUID!
  57. siteId: UUID!
  58. ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
  59. forgotPassword(
  60. email: String!
  61. ): DefaultResponse @rateLimit(limit: 3, duration: 60)
  62. register(
  63. email: String!
  64. password: String!
  65. name: String!
  66. ): AuthenticationAuthResponse @rateLimit(limit: 5, duration: 60)
  67. refreshToken(
  68. token: String!
  69. ): AuthenticationTokenResponse @rateLimit(limit: 30, duration: 60)
  70. revokeApiKey(
  71. id: UUID!
  72. ): DefaultResponse
  73. setApiState(
  74. enabled: Boolean!
  75. ): DefaultResponse
  76. updateAuthStrategies(
  77. strategies: [AuthenticationStrategyInput]!
  78. ): DefaultResponse
  79. regenerateCertificates: DefaultResponse
  80. resetGuestUser: DefaultResponse
  81. }
  82. # -----------------------------------------------
  83. # TYPES
  84. # -----------------------------------------------
  85. type AuthenticationStrategy {
  86. key: String
  87. props: JSON
  88. refs: JSON
  89. title: String
  90. description: String
  91. isAvailable: Boolean
  92. useForm: Boolean
  93. usernameType: String
  94. logo: String
  95. color: String
  96. vendor: String
  97. website: String
  98. icon: String
  99. }
  100. type AuthenticationActiveStrategy {
  101. id: UUID
  102. strategy: AuthenticationStrategy
  103. displayName: String
  104. isEnabled: Boolean
  105. config: JSON
  106. registration: Boolean
  107. allowedEmailRegex: String
  108. autoEnrollGroups: [UUID]
  109. }
  110. type AuthenticationSiteStrategy {
  111. id: UUID
  112. activeStrategy: AuthenticationActiveStrategy
  113. isVisible: Boolean
  114. }
  115. type AuthenticationAuthResponse {
  116. operation: Operation
  117. jwt: String
  118. nextAction: AuthenticationNextAction
  119. continuationToken: String
  120. redirect: String
  121. tfaQRImage: String
  122. }
  123. type AuthenticationTokenResponse {
  124. operation: Operation
  125. jwt: String
  126. }
  127. type AuthenticationSetupTFAResponse {
  128. operation: Operation
  129. continuationToken: String
  130. tfaQRImage: String
  131. }
  132. type AuthenticationSetupPasskeyResponse {
  133. operation: Operation
  134. registrationOptions: JSON
  135. }
  136. input AuthenticationStrategyInput {
  137. key: String!
  138. strategyKey: String!
  139. config: JSON!
  140. displayName: String!
  141. order: Int!
  142. isEnabled: Boolean!
  143. registration: Boolean!
  144. allowedEmailRegex: String!
  145. autoEnrollGroups: [UUID]!
  146. }
  147. type AuthenticationApiKey {
  148. id: UUID
  149. name: String
  150. keyShort: String
  151. expiration: Date
  152. createdAt: Date
  153. updatedAt: Date
  154. isRevoked: Boolean
  155. }
  156. type AuthenticationCreateApiKeyResponse {
  157. operation: Operation
  158. key: String
  159. }
  160. enum AuthenticationNextAction {
  161. changePassword
  162. setupTfa
  163. provideTfa
  164. redirect
  165. }