authorizer/server/graph/schema.graphqls

# GraphQL schema example
#
# https://gqlgen.com/getting-started/
scalar Int64
scalar Map
scalar Any

type Pagination {
  limit: Int64!
  page: Int64!
  offset: Int64!
  total: Int64!
}

type Meta {
  version: String!
  client_id: String!
  is_google_login_enabled: Boolean!
  is_facebook_login_enabled: Boolean!
  is_github_login_enabled: Boolean!
  is_linkedin_login_enabled: Boolean!
  is_apple_login_enabled: Boolean!
  is_twitter_login_enabled: Boolean!
  is_microsoft_login_enabled: Boolean!
  is_email_verification_enabled: Boolean!
  is_basic_authentication_enabled: Boolean!
  is_magic_link_login_enabled: Boolean!
  is_sign_up_enabled: Boolean!
  is_strong_password_enabled: Boolean!
  is_multi_factor_auth_enabled: Boolean!
}

type User {
  id: ID!
  email: String!
  email_verified: Boolean!
  signup_methods: String!
  given_name: String
  family_name: String
  middle_name: String
  nickname: String
  # defaults to email
  preferred_username: String
  gender: String
  birthdate: String
  phone_number: String
  phone_number_verified: Boolean
  picture: String
  roles: [String!]!
  created_at: Int64
  updated_at: Int64
  revoked_timestamp: Int64
  is_multi_factor_auth_enabled: Boolean
}

type Users {
  pagination: Pagination!
  users: [User!]!
}

type VerificationRequest {
  id: ID!
  identifier: String
  token: String
  email: String
  expires: Int64
  created_at: Int64
  updated_at: Int64
  nonce: String
  redirect_uri: String
}

type VerificationRequests {
  pagination: Pagination!
  verification_requests: [VerificationRequest!]!
}

type SMSVerificationRequests {
  id: ID!
  code: String!
  code_expires_at: Int64!
  phone_number: String!
  created_at: Int64!
  updated_at: Int64
}

input VerifyMobileRequest {
  phone_number: String!
  code: String!
}

type Error {
  message: String!
  reason: String!
}

type AuthResponse {
  message: String!
  should_show_otp_screen: Boolean
  access_token: String
  id_token: String
  refresh_token: String
  expires_in: Int64
  user: User
}

type Response {
  message: String!
}

type InviteMembersResponse {
  message: String!
  Users: [User!]!
}

type Env {
  ACCESS_TOKEN_EXPIRY_TIME: String
  ADMIN_SECRET: String
  DATABASE_NAME: String
  DATABASE_URL: String
  DATABASE_TYPE: String
  DATABASE_USERNAME: String
  DATABASE_PASSWORD: String
  DATABASE_HOST: String
  DATABASE_PORT: String
  CLIENT_ID: String!
  CLIENT_SECRET: String!
  CUSTOM_ACCESS_TOKEN_SCRIPT: String
  SMTP_HOST: String
  SMTP_PORT: String
  SMTP_USERNAME: String
  SMTP_PASSWORD: String
  SMTP_LOCAL_NAME: String
  SENDER_EMAIL: String
  SENDER_NAME: String
  JWT_TYPE: String
  JWT_SECRET: String
  JWT_PRIVATE_KEY: String
  JWT_PUBLIC_KEY: String
  ALLOWED_ORIGINS: [String!]
  APP_URL: String
  REDIS_URL: String
  RESET_PASSWORD_URL: String
  DISABLE_EMAIL_VERIFICATION: Boolean!
  DISABLE_BASIC_AUTHENTICATION: Boolean!
  DISABLE_MAGIC_LINK_LOGIN: Boolean!
  DISABLE_LOGIN_PAGE: Boolean!
  DISABLE_SIGN_UP: Boolean!
  DISABLE_REDIS_FOR_ENV: Boolean!
  DISABLE_STRONG_PASSWORD: Boolean!
  DISABLE_MULTI_FACTOR_AUTHENTICATION: Boolean!
  ENFORCE_MULTI_FACTOR_AUTHENTICATION: Boolean!
  ROLES: [String!]
  PROTECTED_ROLES: [String!]
  DEFAULT_ROLES: [String!]
  JWT_ROLE_CLAIM: String
  GOOGLE_CLIENT_ID: String
  GOOGLE_CLIENT_SECRET: String
  GITHUB_CLIENT_ID: String
  GITHUB_CLIENT_SECRET: String
  FACEBOOK_CLIENT_ID: String
  FACEBOOK_CLIENT_SECRET: String
  LINKEDIN_CLIENT_ID: String
  LINKEDIN_CLIENT_SECRET: String
  APPLE_CLIENT_ID: String
  APPLE_CLIENT_SECRET: String
  TWITTER_CLIENT_ID: String
  TWITTER_CLIENT_SECRET: String
  MICROSOFT_CLIENT_ID: String
  MICROSOFT_CLIENT_SECRET: String
  MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: String
  ORGANIZATION_NAME: String
  ORGANIZATION_LOGO: String
  APP_COOKIE_SECURE: Boolean!
  ADMIN_COOKIE_SECURE: Boolean!
  DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
  DEFAULT_AUTHORIZE_RESPONSE_MODE: String
}

type ValidateJWTTokenResponse {
  is_valid: Boolean!
  claims: Map
}

type GenerateJWTKeysResponse {
  secret: String
  public_key: String
  private_key: String
}

type Webhook {
  id: ID!
  event_name: String # this is unique string
  event_description: String
  endpoint: String
  enabled: Boolean
  headers: Map
  created_at: Int64
  updated_at: Int64
}

type Webhooks {
  pagination: Pagination!
  webhooks: [Webhook!]!
}

type WebhookLog {
  id: ID!
  http_status: Int64
  response: String
  request: String
  webhook_id: ID
  created_at: Int64
  updated_at: Int64
}

type TestEndpointResponse {
  http_status: Int64
  response: String
}

type WebhookLogs {
  pagination: Pagination!
  webhook_logs: [WebhookLog!]!
}

type EmailTemplate {
  id: ID!
  event_name: String!
  template: String!
  design: String!
  subject: String!
  created_at: Int64
  updated_at: Int64
}

type EmailTemplates {
  pagination: Pagination!
  email_templates: [EmailTemplate!]!
}

input UpdateEnvInput {
  ACCESS_TOKEN_EXPIRY_TIME: String
  ADMIN_SECRET: String
  CUSTOM_ACCESS_TOKEN_SCRIPT: String
  OLD_ADMIN_SECRET: String
  SMTP_HOST: String
  SMTP_PORT: String
  SMTP_USERNAME: String
  SMTP_PASSWORD: String
  SMTP_LOCAL_NAME: String
  SENDER_EMAIL: String
  SENDER_NAME: String
  JWT_TYPE: String
  JWT_SECRET: String
  JWT_PRIVATE_KEY: String
  JWT_PUBLIC_KEY: String
  ALLOWED_ORIGINS: [String!]
  APP_URL: String
  RESET_PASSWORD_URL: String
  APP_COOKIE_SECURE: Boolean
  ADMIN_COOKIE_SECURE: Boolean
  DISABLE_EMAIL_VERIFICATION: Boolean
  DISABLE_BASIC_AUTHENTICATION: Boolean
  DISABLE_MAGIC_LINK_LOGIN: Boolean
  DISABLE_LOGIN_PAGE: Boolean
  DISABLE_SIGN_UP: Boolean
  DISABLE_REDIS_FOR_ENV: Boolean
  DISABLE_STRONG_PASSWORD: Boolean
  DISABLE_MULTI_FACTOR_AUTHENTICATION: Boolean
  ENFORCE_MULTI_FACTOR_AUTHENTICATION: Boolean
  ROLES: [String!]
  PROTECTED_ROLES: [String!]
  DEFAULT_ROLES: [String!]
  JWT_ROLE_CLAIM: String
  GOOGLE_CLIENT_ID: String
  GOOGLE_CLIENT_SECRET: String
  GITHUB_CLIENT_ID: String
  GITHUB_CLIENT_SECRET: String
  FACEBOOK_CLIENT_ID: String
  FACEBOOK_CLIENT_SECRET: String
  LINKEDIN_CLIENT_ID: String
  LINKEDIN_CLIENT_SECRET: String
  APPLE_CLIENT_ID: String
  APPLE_CLIENT_SECRET: String
  TWITTER_CLIENT_ID: String
  TWITTER_CLIENT_SECRET: String
  MICROSOFT_CLIENT_ID: String
  MICROSOFT_CLIENT_SECRET: String
  MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: String
  ORGANIZATION_NAME: String
  ORGANIZATION_LOGO: String
  DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
  DEFAULT_AUTHORIZE_RESPONSE_MODE: String
}

input AdminLoginInput {
  admin_secret: String!
}

input AdminSignupInput {
  admin_secret: String!
}

input MobileSignUpInput {
  email: String
  given_name: String
  family_name: String
  middle_name: String
  nickname: String
  gender: String
  birthdate: String
  phone_number: String!
  picture: String
  password: String!
  confirm_password: String!
  roles: [String!]
  scope: [String!]
  redirect_uri: String
  is_multi_factor_auth_enabled: Boolean
  # state is used for authorization code grant flow
  # it is used to get code for an on-going auth process during login
  # and use that code for setting `c_hash` in id_token
  state: String
}

input SignUpInput {
  email: String!
  given_name: String
  family_name: String
  middle_name: String
  nickname: String
  gender: String
  birthdate: String
  phone_number: String
  picture: String
  password: String!
  confirm_password: String!
  roles: [String!]
  scope: [String!]
  redirect_uri: String
  is_multi_factor_auth_enabled: Boolean
  # state is used for authorization code grant flow
  # it is used to get code for an on-going auth process during login
  # and use that code for setting `c_hash` in id_token
  state: String
}

input LoginInput {
  email: String!
  password: String!
  roles: [String!]
  scope: [String!]
  # state is used for authorization code grant flow
  # it is used to get code for an on-going auth process during login
  # and use that code for setting `c_hash` in id_token
  state: String
}

input MobileLoginInput {
  phone_number: String!
  password: String!
  roles: [String!]
  scope: [String!]
  # state is used for authorization code grant flow
  # it is used to get code for an on-going auth process during login
  # and use that code for setting `c_hash` in id_token
  state: String
}

input VerifyEmailInput {
  token: String!
  # state is used for authorization code grant flow
  # it is used to get code for an on-going auth process during login
  # and use that code for setting `c_hash` in id_token
  state: String
}

input ResendVerifyEmailInput {
  email: String!
  identifier: String!
  # state is used for authorization code grant flow
  # it is used to get code for an on-going auth process during login
  # and use that code for setting `c_hash` in id_token
  state: String
}

input UpdateProfileInput {
  old_password: String
  new_password: String
  confirm_new_password: String
  email: String
  given_name: String
  family_name: String
  middle_name: String
  nickname: String
  gender: String
  birthdate: String
  phone_number: String
  picture: String
  is_multi_factor_auth_enabled: Boolean
}

input UpdateUserInput {
  id: ID!
  email: String
  email_verified: Boolean
  given_name: String
  family_name: String
  middle_name: String
  nickname: String
  gender: String
  birthdate: String
  phone_number: String
  picture: String
  roles: [String]
  is_multi_factor_auth_enabled: Boolean
}

input ForgotPasswordInput {
  email: String!
  state: String
  redirect_uri: String
}

input ResetPasswordInput {
  token: String!
  password: String!
  confirm_password: String!
}

input DeleteUserInput {
  email: String!
}

input MagicLinkLoginInput {
  email: String!
  roles: [String!]
  scope: [String!]
  state: String
  redirect_uri: String
}

input SessionQueryInput {
  roles: [String!]
  scope: [String!]
}

input PaginationInput {
  limit: Int64
  page: Int64
}

input PaginatedInput {
  pagination: PaginationInput
}

input OAuthRevokeInput {
  refresh_token: String!
}

input InviteMemberInput {
  emails: [String!]!
  redirect_uri: String
}

input UpdateAccessInput {
  user_id: String!
}

input ValidateJWTTokenInput {
  token_type: String!
  token: String!
  roles: [String!]
}

input GenerateJWTKeysInput {
  type: String!
}

input ListWebhookLogRequest {
  pagination: PaginationInput
  webhook_id: String
}

input AddWebhookRequest {
  event_name: String!
  event_description: String
  endpoint: String!
  enabled: Boolean!
  headers: Map
}

input UpdateWebhookRequest {
  id: ID!
  event_name: String
  event_description: String
  endpoint: String
  enabled: Boolean
  headers: Map
}

input WebhookRequest {
  id: ID!
}

input TestEndpointRequest {
  endpoint: String!
  event_name: String!
  headers: Map
}

input AddEmailTemplateRequest {
  event_name: String!
  subject: String!
  template: String!
  # Design value is set when editor is used
  # If raw HTML is used design value is set to null
  design: String
}

input UpdateEmailTemplateRequest {
  id: ID!
  event_name: String
  template: String
  subject: String
  # Design value is set when editor is used
  # If raw HTML is used design value is set to null
  design: String
}

input DeleteEmailTemplateRequest {
  id: ID!
}

input VerifyOTPRequest {
  email: String!
  otp: String!
  # state is used for authorization code grant flow
  # it is used to get code for an on-going auth process during login
  # and use that code for setting `c_hash` in id_token
  state: String
}

input ResendOTPRequest {
  email: String!
  # state is used for authorization code grant flow
  # it is used to get code for an on-going auth process during login
  # and use that code for setting `c_hash` in id_token
  state: String
}

input GetUserRequest {
  id: String
  email: String
}

type Mutation {
  signup(params: SignUpInput!): AuthResponse!
  mobile_signup(params: MobileSignUpInput): AuthResponse!
  login(params: LoginInput!): AuthResponse!
  mobile_login(params: MobileLoginInput!): AuthResponse!
  magic_link_login(params: MagicLinkLoginInput!): Response!
  logout: Response!
  update_profile(params: UpdateProfileInput!): Response!
  verify_email(params: VerifyEmailInput!): AuthResponse!
  resend_verify_email(params: ResendVerifyEmailInput!): Response!
  forgot_password(params: ForgotPasswordInput!): Response!
  reset_password(params: ResetPasswordInput!): Response!
  revoke(params: OAuthRevokeInput!): Response!
  verify_otp(params: VerifyOTPRequest!): AuthResponse!
  resend_otp(params: ResendOTPRequest!): Response!
  verify_mobile(params: VerifyMobileRequest!): AuthResponse!
  # admin only apis
  _delete_user(params: DeleteUserInput!): Response!
  _update_user(params: UpdateUserInput!): User!
  _admin_signup(params: AdminSignupInput!): Response!
  _admin_login(params: AdminLoginInput!): Response!
  _admin_logout: Response!
  _update_env(params: UpdateEnvInput!): Response!
  _invite_members(params: InviteMemberInput!): InviteMembersResponse!
  _revoke_access(param: UpdateAccessInput!): Response!
  _enable_access(param: UpdateAccessInput!): Response!
  _generate_jwt_keys(params: GenerateJWTKeysInput!): GenerateJWTKeysResponse!
  _add_webhook(params: AddWebhookRequest!): Response!
  _update_webhook(params: UpdateWebhookRequest!): Response!
  _delete_webhook(params: WebhookRequest!): Response!
  _test_endpoint(params: TestEndpointRequest!): TestEndpointResponse!
  _add_email_template(params: AddEmailTemplateRequest!): Response!
  _update_email_template(params: UpdateEmailTemplateRequest!): Response!
  _delete_email_template(params: DeleteEmailTemplateRequest!): Response!
}

type Query {
  meta: Meta!
  session(params: SessionQueryInput): AuthResponse!
  profile: User!
  validate_jwt_token(params: ValidateJWTTokenInput!): ValidateJWTTokenResponse!
  # admin only apis
  _users(params: PaginatedInput): Users!
  _user(params: GetUserRequest!): User!
  _verification_requests(params: PaginatedInput): VerificationRequests!
  _admin_session: Response!
  _env: Env!
  _webhook(params: WebhookRequest!): Webhook!
  _webhooks(params: PaginatedInput): Webhooks!
  _webhook_logs(params: ListWebhookLogRequest): WebhookLogs!
  _email_templates(params: PaginatedInput): EmailTemplates!
}