@ackplus/nest-auth 2.0.0-beta.9 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (276) hide show
  1. package/README.md +83 -130
  2. package/dist/index.d.ts +1 -1
  3. package/dist/index.d.ts.map +1 -1
  4. package/dist/index.js +1 -1
  5. package/dist/index.js.map +1 -1
  6. package/dist/lib/admin-console/admin-console.module.js +1 -1
  7. package/dist/lib/admin-console/admin-console.module.js.map +1 -1
  8. package/dist/lib/admin-console/controllers/admin-auth.controller.d.ts +3 -3
  9. package/dist/lib/admin-console/controllers/admin-auth.controller.d.ts.map +1 -1
  10. package/dist/lib/admin-console/controllers/admin-auth.controller.js +30 -12
  11. package/dist/lib/admin-console/controllers/admin-auth.controller.js.map +1 -1
  12. package/dist/lib/admin-console/controllers/admin-console.controller.d.ts +1 -1
  13. package/dist/lib/admin-console/controllers/admin-console.controller.d.ts.map +1 -1
  14. package/dist/lib/admin-console/controllers/admin-console.controller.js +19 -9
  15. package/dist/lib/admin-console/controllers/admin-console.controller.js.map +1 -1
  16. package/dist/lib/admin-console/controllers/admin-permissions.controller.d.ts.map +1 -1
  17. package/dist/lib/admin-console/controllers/admin-permissions.controller.js +19 -1
  18. package/dist/lib/admin-console/controllers/admin-permissions.controller.js.map +1 -1
  19. package/dist/lib/admin-console/controllers/admin-roles.controller.d.ts.map +1 -1
  20. package/dist/lib/admin-console/controllers/admin-roles.controller.js +15 -1
  21. package/dist/lib/admin-console/controllers/admin-roles.controller.js.map +1 -1
  22. package/dist/lib/admin-console/controllers/admin-tenants.controller.d.ts.map +1 -1
  23. package/dist/lib/admin-console/controllers/admin-tenants.controller.js +15 -1
  24. package/dist/lib/admin-console/controllers/admin-tenants.controller.js.map +1 -1
  25. package/dist/lib/admin-console/controllers/admin-users.controller.d.ts +13 -17
  26. package/dist/lib/admin-console/controllers/admin-users.controller.d.ts.map +1 -1
  27. package/dist/lib/admin-console/controllers/admin-users.controller.js +35 -13
  28. package/dist/lib/admin-console/controllers/admin-users.controller.js.map +1 -1
  29. package/dist/lib/admin-console/dto/admin-user.dto.d.ts +4 -2
  30. package/dist/lib/admin-console/dto/admin-user.dto.d.ts.map +1 -1
  31. package/dist/lib/admin-console/dto/admin-user.dto.js +16 -8
  32. package/dist/lib/admin-console/dto/admin-user.dto.js.map +1 -1
  33. package/dist/lib/admin-console/services/admin-console-config.service.d.ts.map +1 -1
  34. package/dist/lib/admin-console/services/admin-console-config.service.js +10 -4
  35. package/dist/lib/admin-console/services/admin-console-config.service.js.map +1 -1
  36. package/dist/lib/admin-console/services/admin-user-management.service.d.ts +1 -1
  37. package/dist/lib/admin-console/services/admin-user-management.service.d.ts.map +1 -1
  38. package/dist/lib/admin-console/services/admin-user-management.service.js +1 -1
  39. package/dist/lib/admin-console/services/admin-user-management.service.js.map +1 -1
  40. package/dist/lib/admin-console/static/index.html +632 -567
  41. package/dist/lib/admin-console/static/nest-auth.json +3502 -157
  42. package/dist/lib/audit/services/audit.service.d.ts +2 -0
  43. package/dist/lib/audit/services/audit.service.d.ts.map +1 -1
  44. package/dist/lib/audit/services/audit.service.js +23 -0
  45. package/dist/lib/audit/services/audit.service.js.map +1 -1
  46. package/dist/lib/auth/auth.module.d.ts.map +1 -1
  47. package/dist/lib/auth/auth.module.js +6 -0
  48. package/dist/lib/auth/auth.module.js.map +1 -1
  49. package/dist/lib/auth/controllers/auth.controller.d.ts +3 -2
  50. package/dist/lib/auth/controllers/auth.controller.d.ts.map +1 -1
  51. package/dist/lib/auth/controllers/auth.controller.js +48 -24
  52. package/dist/lib/auth/controllers/auth.controller.js.map +1 -1
  53. package/dist/lib/auth/controllers/mfa.controller.d.ts.map +1 -1
  54. package/dist/lib/auth/controllers/mfa.controller.js +6 -1
  55. package/dist/lib/auth/controllers/mfa.controller.js.map +1 -1
  56. package/dist/lib/auth/dto/credentials/social-credentials.dto.d.ts +2 -0
  57. package/dist/lib/auth/dto/credentials/social-credentials.dto.d.ts.map +1 -1
  58. package/dist/lib/auth/dto/credentials/social-credentials.dto.js +28 -0
  59. package/dist/lib/auth/dto/credentials/social-credentials.dto.js.map +1 -1
  60. package/dist/lib/auth/dto/requests/verify-2fa.request.dto.d.ts.map +1 -1
  61. package/dist/lib/auth/dto/requests/verify-2fa.request.dto.js +2 -0
  62. package/dist/lib/auth/dto/requests/verify-2fa.request.dto.js.map +1 -1
  63. package/dist/lib/auth/dto/responses/auth.response.dto.d.ts +3 -5
  64. package/dist/lib/auth/dto/responses/auth.response.dto.d.ts.map +1 -1
  65. package/dist/lib/auth/dto/responses/auth.response.dto.js +11 -27
  66. package/dist/lib/auth/dto/responses/auth.response.dto.js.map +1 -1
  67. package/dist/lib/auth/entities/otp.entity.d.ts +1 -1
  68. package/dist/lib/auth/entities/otp.entity.d.ts.map +1 -1
  69. package/dist/lib/auth/entities/otp.entity.js.map +1 -1
  70. package/dist/lib/auth/entities/trusted-device.entity.d.ts.map +1 -1
  71. package/dist/lib/auth/entities/trusted-device.entity.js +1 -1
  72. package/dist/lib/auth/entities/trusted-device.entity.js.map +1 -1
  73. package/dist/lib/auth/events/login-failed.event.d.ts +15 -0
  74. package/dist/lib/auth/events/login-failed.event.d.ts.map +1 -0
  75. package/dist/lib/auth/events/login-failed.event.js +11 -0
  76. package/dist/lib/auth/events/login-failed.event.js.map +1 -0
  77. package/dist/lib/auth/events/user-logged-in.event.d.ts +3 -1
  78. package/dist/lib/auth/events/user-logged-in.event.d.ts.map +1 -1
  79. package/dist/lib/auth/events/user-logged-in.event.js.map +1 -1
  80. package/dist/lib/auth/events/user-registered.event.d.ts +2 -1
  81. package/dist/lib/auth/events/user-registered.event.d.ts.map +1 -1
  82. package/dist/lib/auth/events/user-registered.event.js.map +1 -1
  83. package/dist/lib/auth/guards/auth.guard.d.ts.map +1 -1
  84. package/dist/lib/auth/guards/auth.guard.js +1 -1
  85. package/dist/lib/auth/guards/auth.guard.js.map +1 -1
  86. package/dist/lib/auth/interceptors/token-response.interceptor.d.ts.map +1 -1
  87. package/dist/lib/auth/interceptors/token-response.interceptor.js +4 -3
  88. package/dist/lib/auth/interceptors/token-response.interceptor.js.map +1 -1
  89. package/dist/lib/auth/services/auth.service.d.ts +17 -6
  90. package/dist/lib/auth/services/auth.service.d.ts.map +1 -1
  91. package/dist/lib/auth/services/auth.service.js +271 -287
  92. package/dist/lib/auth/services/auth.service.js.map +1 -1
  93. package/dist/lib/auth/services/logout.service.d.ts +14 -0
  94. package/dist/lib/auth/services/logout.service.d.ts.map +1 -0
  95. package/dist/lib/auth/services/logout.service.js +74 -0
  96. package/dist/lib/auth/services/logout.service.js.map +1 -0
  97. package/dist/lib/auth/services/mfa.service.d.ts +2 -0
  98. package/dist/lib/auth/services/mfa.service.d.ts.map +1 -1
  99. package/dist/lib/auth/services/mfa.service.js +29 -6
  100. package/dist/lib/auth/services/mfa.service.js.map +1 -1
  101. package/dist/lib/auth/services/otp-flow.service.d.ts.map +1 -1
  102. package/dist/lib/auth/services/otp-flow.service.js +1 -2
  103. package/dist/lib/auth/services/otp-flow.service.js.map +1 -1
  104. package/dist/lib/auth/services/password.service.d.ts +2 -1
  105. package/dist/lib/auth/services/password.service.d.ts.map +1 -1
  106. package/dist/lib/auth/services/password.service.js +19 -6
  107. package/dist/lib/auth/services/password.service.js.map +1 -1
  108. package/dist/lib/auth/services/session-token.service.d.ts +37 -0
  109. package/dist/lib/auth/services/session-token.service.d.ts.map +1 -0
  110. package/dist/lib/auth/services/session-token.service.js +151 -0
  111. package/dist/lib/auth/services/session-token.service.js.map +1 -0
  112. package/dist/lib/auth/services/verification.service.d.ts.map +1 -1
  113. package/dist/lib/auth/services/verification.service.js +0 -5
  114. package/dist/lib/auth/services/verification.service.js.map +1 -1
  115. package/dist/lib/auth.constants.d.ts +15 -0
  116. package/dist/lib/auth.constants.d.ts.map +1 -1
  117. package/dist/lib/auth.constants.js +11 -0
  118. package/dist/lib/auth.constants.js.map +1 -1
  119. package/dist/lib/core/entities.d.ts +5 -3
  120. package/dist/lib/core/entities.d.ts.map +1 -1
  121. package/dist/lib/core/entities.js +5 -2
  122. package/dist/lib/core/entities.js.map +1 -1
  123. package/dist/lib/core/index.d.ts +1 -0
  124. package/dist/lib/core/index.d.ts.map +1 -1
  125. package/dist/lib/core/index.js +1 -0
  126. package/dist/lib/core/index.js.map +1 -1
  127. package/dist/lib/core/interfaces/auth-module-options.interface.d.ts +28 -5
  128. package/dist/lib/core/interfaces/auth-module-options.interface.d.ts.map +1 -1
  129. package/dist/lib/core/interfaces/session-options.interface.d.ts +5 -1
  130. package/dist/lib/core/interfaces/session-options.interface.d.ts.map +1 -1
  131. package/dist/lib/core/interfaces/session-options.interface.js +1 -0
  132. package/dist/lib/core/interfaces/session-options.interface.js.map +1 -1
  133. package/dist/lib/core/interfaces/token-payload.interface.d.ts +3 -1
  134. package/dist/lib/core/interfaces/token-payload.interface.d.ts.map +1 -1
  135. package/dist/lib/core/providers/apple-auth.provider.d.ts +13 -7
  136. package/dist/lib/core/providers/apple-auth.provider.d.ts.map +1 -1
  137. package/dist/lib/core/providers/apple-auth.provider.js +166 -7
  138. package/dist/lib/core/providers/apple-auth.provider.js.map +1 -1
  139. package/dist/lib/core/providers/base-auth.provider.d.ts +2 -0
  140. package/dist/lib/core/providers/base-auth.provider.d.ts.map +1 -1
  141. package/dist/lib/core/providers/base-auth.provider.js.map +1 -1
  142. package/dist/lib/core/providers/email-auth.provider.d.ts.map +1 -1
  143. package/dist/lib/core/providers/email-auth.provider.js +13 -2
  144. package/dist/lib/core/providers/email-auth.provider.js.map +1 -1
  145. package/dist/lib/core/providers/github-auth.provider.d.ts +3 -0
  146. package/dist/lib/core/providers/github-auth.provider.d.ts.map +1 -1
  147. package/dist/lib/core/providers/github-auth.provider.js +73 -24
  148. package/dist/lib/core/providers/github-auth.provider.js.map +1 -1
  149. package/dist/lib/core/providers/google-auth.provider.d.ts +1 -0
  150. package/dist/lib/core/providers/google-auth.provider.d.ts.map +1 -1
  151. package/dist/lib/core/providers/google-auth.provider.js +7 -1
  152. package/dist/lib/core/providers/google-auth.provider.js.map +1 -1
  153. package/dist/lib/core/providers/jwt-auth.provider.d.ts +2 -1
  154. package/dist/lib/core/providers/jwt-auth.provider.d.ts.map +1 -1
  155. package/dist/lib/core/providers/passwordless-auth.provider.d.ts +3 -1
  156. package/dist/lib/core/providers/passwordless-auth.provider.d.ts.map +1 -1
  157. package/dist/lib/core/providers/passwordless-auth.provider.js +11 -1
  158. package/dist/lib/core/providers/passwordless-auth.provider.js.map +1 -1
  159. package/dist/lib/core/providers/phone-auth.provider.d.ts.map +1 -1
  160. package/dist/lib/core/providers/phone-auth.provider.js +13 -2
  161. package/dist/lib/core/providers/phone-auth.provider.js.map +1 -1
  162. package/dist/lib/core/services/auth-config.service.d.ts.map +1 -1
  163. package/dist/lib/core/services/auth-config.service.js +6 -0
  164. package/dist/lib/core/services/auth-config.service.js.map +1 -1
  165. package/dist/lib/core/services/jwt.service.d.ts.map +1 -1
  166. package/dist/lib/core/services/jwt.service.js +10 -5
  167. package/dist/lib/core/services/jwt.service.js.map +1 -1
  168. package/dist/lib/core/swagger/api-responses.decorator.d.ts +15 -0
  169. package/dist/lib/core/swagger/api-responses.decorator.d.ts.map +1 -0
  170. package/dist/lib/core/swagger/api-responses.decorator.js +57 -0
  171. package/dist/lib/core/swagger/api-responses.decorator.js.map +1 -0
  172. package/dist/lib/nest-auth.module.d.ts.map +1 -1
  173. package/dist/lib/nest-auth.module.js +18 -2
  174. package/dist/lib/nest-auth.module.js.map +1 -1
  175. package/dist/lib/permission/events/permission-created.event.d.ts +9 -0
  176. package/dist/lib/permission/events/permission-created.event.d.ts.map +1 -0
  177. package/dist/lib/permission/events/permission-created.event.js +11 -0
  178. package/dist/lib/permission/events/permission-created.event.js.map +1 -0
  179. package/dist/lib/permission/events/permission-deleted.event.d.ts +9 -0
  180. package/dist/lib/permission/events/permission-deleted.event.d.ts.map +1 -0
  181. package/dist/lib/permission/events/permission-deleted.event.js +11 -0
  182. package/dist/lib/permission/events/permission-deleted.event.js.map +1 -0
  183. package/dist/lib/permission/events/permission-updated.event.d.ts +10 -0
  184. package/dist/lib/permission/events/permission-updated.event.d.ts.map +1 -0
  185. package/dist/lib/permission/events/permission-updated.event.js +11 -0
  186. package/dist/lib/permission/events/permission-updated.event.js.map +1 -0
  187. package/dist/lib/permission/index.d.ts +3 -0
  188. package/dist/lib/permission/index.d.ts.map +1 -1
  189. package/dist/lib/permission/index.js +3 -0
  190. package/dist/lib/permission/index.js.map +1 -1
  191. package/dist/lib/permission/services/permission.service.d.ts +3 -1
  192. package/dist/lib/permission/services/permission.service.d.ts.map +1 -1
  193. package/dist/lib/permission/services/permission.service.js +16 -4
  194. package/dist/lib/permission/services/permission.service.js.map +1 -1
  195. package/dist/lib/request-context/request-context.d.ts +1 -1
  196. package/dist/lib/request-context/request-context.d.ts.map +1 -1
  197. package/dist/lib/request-context/request-context.js +3 -3
  198. package/dist/lib/request-context/request-context.js.map +1 -1
  199. package/dist/lib/role/entities/role.entity.d.ts +3 -1
  200. package/dist/lib/role/entities/role.entity.d.ts.map +1 -1
  201. package/dist/lib/role/entities/role.entity.js +7 -1
  202. package/dist/lib/role/entities/role.entity.js.map +1 -1
  203. package/dist/lib/role/events/role-created.event.d.ts +9 -0
  204. package/dist/lib/role/events/role-created.event.d.ts.map +1 -0
  205. package/dist/lib/role/events/role-created.event.js +11 -0
  206. package/dist/lib/role/events/role-created.event.js.map +1 -0
  207. package/dist/lib/role/events/role-deleted.event.d.ts +9 -0
  208. package/dist/lib/role/events/role-deleted.event.d.ts.map +1 -0
  209. package/dist/lib/role/events/role-deleted.event.js +11 -0
  210. package/dist/lib/role/events/role-deleted.event.js.map +1 -0
  211. package/dist/lib/role/events/role-updated.event.d.ts +10 -0
  212. package/dist/lib/role/events/role-updated.event.d.ts.map +1 -0
  213. package/dist/lib/role/events/role-updated.event.js +11 -0
  214. package/dist/lib/role/events/role-updated.event.js.map +1 -0
  215. package/dist/lib/role/index.d.ts +3 -0
  216. package/dist/lib/role/index.d.ts.map +1 -1
  217. package/dist/lib/role/index.js +3 -0
  218. package/dist/lib/role/index.js.map +1 -1
  219. package/dist/lib/role/services/role.service.d.ts +3 -1
  220. package/dist/lib/role/services/role.service.d.ts.map +1 -1
  221. package/dist/lib/role/services/role.service.js +29 -41
  222. package/dist/lib/role/services/role.service.js.map +1 -1
  223. package/dist/lib/role/utils/access-role-resolver.util.d.ts +20 -0
  224. package/dist/lib/role/utils/access-role-resolver.util.d.ts.map +1 -0
  225. package/dist/lib/role/utils/access-role-resolver.util.js +63 -0
  226. package/dist/lib/role/utils/access-role-resolver.util.js.map +1 -0
  227. package/dist/lib/session/services/session-manager.service.d.ts +8 -3
  228. package/dist/lib/session/services/session-manager.service.d.ts.map +1 -1
  229. package/dist/lib/session/services/session-manager.service.js +30 -11
  230. package/dist/lib/session/services/session-manager.service.js.map +1 -1
  231. package/dist/lib/session/session.module.d.ts.map +1 -1
  232. package/dist/lib/session/session.module.js +5 -1
  233. package/dist/lib/session/session.module.js.map +1 -1
  234. package/dist/lib/tenant/decorators/current-tenant.decorator.d.ts.map +1 -1
  235. package/dist/lib/tenant/decorators/current-tenant.decorator.js.map +1 -1
  236. package/dist/lib/tenant/entities/tenant.entity.d.ts +1 -1
  237. package/dist/lib/tenant/entities/tenant.entity.d.ts.map +1 -1
  238. package/dist/lib/tenant/entities/tenant.entity.js +1 -1
  239. package/dist/lib/tenant/entities/tenant.entity.js.map +1 -1
  240. package/dist/lib/tenant/index.d.ts +1 -1
  241. package/dist/lib/tenant/index.d.ts.map +1 -1
  242. package/dist/lib/tenant/index.js +1 -1
  243. package/dist/lib/tenant/index.js.map +1 -1
  244. package/dist/lib/tenant/tenant-context/services/base-tenant-context.service.d.ts +1 -1
  245. package/dist/lib/tenant/tenant-context/services/base-tenant-context.service.d.ts.map +1 -1
  246. package/dist/lib/tenant/tenant-context/services/disabled-tenant-context.service.d.ts +1 -1
  247. package/dist/lib/tenant/tenant-context/services/disabled-tenant-context.service.d.ts.map +1 -1
  248. package/dist/lib/tenant/tenant-context/tenant-context.interface.d.ts +1 -1
  249. package/dist/lib/tenant/tenant-context/tenant-context.interface.d.ts.map +1 -1
  250. package/dist/lib/user/entities/platform-access.entity.d.ts +16 -0
  251. package/dist/lib/user/entities/platform-access.entity.d.ts.map +1 -0
  252. package/dist/lib/user/entities/platform-access.entity.js +95 -0
  253. package/dist/lib/user/entities/platform-access.entity.js.map +1 -0
  254. package/dist/lib/user/entities/user-access.entity.d.ts +22 -0
  255. package/dist/lib/user/entities/user-access.entity.d.ts.map +1 -0
  256. package/dist/lib/{tenant → user}/entities/user-access.entity.js +35 -4
  257. package/dist/lib/user/entities/user-access.entity.js.map +1 -0
  258. package/dist/lib/user/entities/user.entity.d.ts +10 -12
  259. package/dist/lib/user/entities/user.entity.d.ts.map +1 -1
  260. package/dist/lib/user/entities/user.entity.js +91 -73
  261. package/dist/lib/user/entities/user.entity.js.map +1 -1
  262. package/dist/lib/user/services/access-key.service.d.ts +1 -0
  263. package/dist/lib/user/services/access-key.service.d.ts.map +1 -1
  264. package/dist/lib/user/services/access-key.service.js +19 -3
  265. package/dist/lib/user/services/access-key.service.js.map +1 -1
  266. package/dist/lib/user/services/user.service.d.ts +27 -22
  267. package/dist/lib/user/services/user.service.d.ts.map +1 -1
  268. package/dist/lib/user/services/user.service.js +135 -84
  269. package/dist/lib/user/services/user.service.js.map +1 -1
  270. package/dist/lib/user/user.module.d.ts.map +1 -1
  271. package/dist/lib/user/user.module.js +3 -2
  272. package/dist/lib/user/user.module.js.map +1 -1
  273. package/package.json +14 -9
  274. package/dist/lib/tenant/entities/user-access.entity.d.ts +0 -19
  275. package/dist/lib/tenant/entities/user-access.entity.d.ts.map +0 -1
  276. package/dist/lib/tenant/entities/user-access.entity.js.map +0 -1
@@ -26,11 +26,46 @@
26
26
  }
27
27
  }
28
28
  }
29
+ },
30
+ "400": {
31
+ "description": "Validation failed (bad input).",
32
+ "content": {
33
+ "application/json": {
34
+ "schema": {
35
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
36
+ }
37
+ }
38
+ }
39
+ },
40
+ "401": {
41
+ "description": "Missing, invalid, or expired authentication.",
42
+ "content": {
43
+ "application/json": {
44
+ "schema": {
45
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
46
+ }
47
+ }
48
+ }
49
+ },
50
+ "409": {
51
+ "description": "A user with this email or phone already exists.",
52
+ "content": {
53
+ "application/json": {
54
+ "schema": {
55
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
56
+ }
57
+ }
58
+ }
29
59
  }
30
60
  },
61
+ "security": [
62
+ {
63
+ "access-token": []
64
+ }
65
+ ],
31
66
  "summary": "Signup",
32
67
  "tags": [
33
- "Auth"
68
+ "Authentication"
34
69
  ]
35
70
  }
36
71
  },
@@ -59,11 +94,36 @@
59
94
  }
60
95
  }
61
96
  }
97
+ },
98
+ "400": {
99
+ "description": "Validation failed (bad input).",
100
+ "content": {
101
+ "application/json": {
102
+ "schema": {
103
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
104
+ }
105
+ }
106
+ }
107
+ },
108
+ "401": {
109
+ "description": "Missing, invalid, or expired authentication.",
110
+ "content": {
111
+ "application/json": {
112
+ "schema": {
113
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
114
+ }
115
+ }
116
+ }
62
117
  }
63
118
  },
119
+ "security": [
120
+ {
121
+ "access-token": []
122
+ }
123
+ ],
64
124
  "summary": "Login",
65
125
  "tags": [
66
- "Auth"
126
+ "Authentication"
67
127
  ]
68
128
  }
69
129
  },
@@ -91,11 +151,36 @@
91
151
  }
92
152
  }
93
153
  }
154
+ },
155
+ "400": {
156
+ "description": "Validation failed (bad input).",
157
+ "content": {
158
+ "application/json": {
159
+ "schema": {
160
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
161
+ }
162
+ }
163
+ }
164
+ },
165
+ "401": {
166
+ "description": "Missing, invalid, or expired authentication.",
167
+ "content": {
168
+ "application/json": {
169
+ "schema": {
170
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
171
+ }
172
+ }
173
+ }
94
174
  }
95
175
  },
176
+ "security": [
177
+ {
178
+ "access-token": []
179
+ }
180
+ ],
96
181
  "summary": "Passwordless — send login code (email or SMS)",
97
182
  "tags": [
98
- "Auth"
183
+ "Authentication"
99
184
  ]
100
185
  }
101
186
  },
@@ -124,11 +209,36 @@
124
209
  }
125
210
  }
126
211
  }
212
+ },
213
+ "400": {
214
+ "description": "Validation failed (bad input).",
215
+ "content": {
216
+ "application/json": {
217
+ "schema": {
218
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
219
+ }
220
+ }
221
+ }
222
+ },
223
+ "401": {
224
+ "description": "Missing, invalid, or expired authentication.",
225
+ "content": {
226
+ "application/json": {
227
+ "schema": {
228
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
229
+ }
230
+ }
231
+ }
127
232
  }
128
233
  },
234
+ "security": [
235
+ {
236
+ "access-token": []
237
+ }
238
+ ],
129
239
  "summary": "Refresh Token",
130
240
  "tags": [
131
- "Auth"
241
+ "Authentication"
132
242
  ]
133
243
  }
134
244
  },
@@ -156,11 +266,46 @@
156
266
  }
157
267
  }
158
268
  }
269
+ },
270
+ "400": {
271
+ "description": "Invalid or expired code.",
272
+ "content": {
273
+ "application/json": {
274
+ "schema": {
275
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
276
+ }
277
+ }
278
+ }
279
+ },
280
+ "401": {
281
+ "description": "Missing, invalid, or expired authentication.",
282
+ "content": {
283
+ "application/json": {
284
+ "schema": {
285
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
286
+ }
287
+ }
288
+ }
289
+ },
290
+ "403": {
291
+ "description": "Authenticated but not permitted.",
292
+ "content": {
293
+ "application/json": {
294
+ "schema": {
295
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
296
+ }
297
+ }
298
+ }
159
299
  }
160
300
  },
301
+ "security": [
302
+ {
303
+ "access-token": []
304
+ }
305
+ ],
161
306
  "summary": "Send MFA code for setup/verification",
162
307
  "tags": [
163
- "Mfa"
308
+ "MFA"
164
309
  ]
165
310
  }
166
311
  },
@@ -189,11 +334,36 @@
189
334
  }
190
335
  }
191
336
  }
337
+ },
338
+ "400": {
339
+ "description": "Validation failed (bad input).",
340
+ "content": {
341
+ "application/json": {
342
+ "schema": {
343
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
344
+ }
345
+ }
346
+ }
347
+ },
348
+ "401": {
349
+ "description": "Missing, invalid, or expired authentication.",
350
+ "content": {
351
+ "application/json": {
352
+ "schema": {
353
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
354
+ }
355
+ }
356
+ }
192
357
  }
193
358
  },
359
+ "security": [
360
+ {
361
+ "access-token": []
362
+ }
363
+ ],
194
364
  "summary": "Verify MFA",
195
365
  "tags": [
196
- "Auth"
366
+ "Authentication"
197
367
  ]
198
368
  }
199
369
  },
@@ -211,11 +381,36 @@
211
381
  }
212
382
  }
213
383
  }
384
+ },
385
+ "400": {
386
+ "description": "Validation failed (bad input).",
387
+ "content": {
388
+ "application/json": {
389
+ "schema": {
390
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
391
+ }
392
+ }
393
+ }
394
+ },
395
+ "401": {
396
+ "description": "Missing, invalid, or expired authentication.",
397
+ "content": {
398
+ "application/json": {
399
+ "schema": {
400
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
401
+ }
402
+ }
403
+ }
214
404
  }
215
405
  },
406
+ "security": [
407
+ {
408
+ "access-token": []
409
+ }
410
+ ],
216
411
  "summary": "Logout",
217
412
  "tags": [
218
- "Auth"
413
+ "Authentication"
219
414
  ]
220
415
  }
221
416
  },
@@ -233,11 +428,36 @@
233
428
  }
234
429
  }
235
430
  }
431
+ },
432
+ "400": {
433
+ "description": "Validation failed (bad input).",
434
+ "content": {
435
+ "application/json": {
436
+ "schema": {
437
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
438
+ }
439
+ }
440
+ }
441
+ },
442
+ "401": {
443
+ "description": "Missing, invalid, or expired authentication.",
444
+ "content": {
445
+ "application/json": {
446
+ "schema": {
447
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
448
+ }
449
+ }
450
+ }
236
451
  }
237
452
  },
453
+ "security": [
454
+ {
455
+ "access-token": []
456
+ }
457
+ ],
238
458
  "summary": "Logout All",
239
459
  "tags": [
240
- "Auth"
460
+ "Authentication"
241
461
  ]
242
462
  }
243
463
  },
@@ -265,11 +485,76 @@
265
485
  }
266
486
  }
267
487
  }
488
+ },
489
+ "400": {
490
+ "description": "Validation failed (bad input).",
491
+ "content": {
492
+ "application/json": {
493
+ "schema": {
494
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
495
+ }
496
+ }
497
+ }
498
+ },
499
+ "401": {
500
+ "description": "Missing, invalid, or expired authentication.",
501
+ "content": {
502
+ "application/json": {
503
+ "schema": {
504
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
505
+ }
506
+ }
507
+ }
268
508
  }
269
509
  },
510
+ "security": [
511
+ {
512
+ "access-token": []
513
+ }
514
+ ],
270
515
  "summary": "Switch Active Tenant",
271
516
  "tags": [
272
- "Auth"
517
+ "Authentication"
518
+ ]
519
+ }
520
+ },
521
+ "/auth/me": {
522
+ "get": {
523
+ "operationId": "AuthController_sessionUserData",
524
+ "parameters": [],
525
+ "responses": {
526
+ "200": {
527
+ "description": "Current user data"
528
+ },
529
+ "400": {
530
+ "description": "Validation failed (bad input).",
531
+ "content": {
532
+ "application/json": {
533
+ "schema": {
534
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
535
+ }
536
+ }
537
+ }
538
+ },
539
+ "401": {
540
+ "description": "Missing, invalid, or expired authentication.",
541
+ "content": {
542
+ "application/json": {
543
+ "schema": {
544
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
545
+ }
546
+ }
547
+ }
548
+ }
549
+ },
550
+ "security": [
551
+ {
552
+ "access-token": []
553
+ }
554
+ ],
555
+ "summary": "Get Session User Data and menage extra user data from config",
556
+ "tags": [
557
+ "Authentication"
273
558
  ]
274
559
  }
275
560
  },
@@ -297,11 +582,36 @@
297
582
  }
298
583
  }
299
584
  }
585
+ },
586
+ "400": {
587
+ "description": "Validation failed (bad input).",
588
+ "content": {
589
+ "application/json": {
590
+ "schema": {
591
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
592
+ }
593
+ }
594
+ }
595
+ },
596
+ "401": {
597
+ "description": "Missing, invalid, or expired authentication.",
598
+ "content": {
599
+ "application/json": {
600
+ "schema": {
601
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
602
+ }
603
+ }
604
+ }
300
605
  }
301
606
  },
607
+ "security": [
608
+ {
609
+ "access-token": []
610
+ }
611
+ ],
302
612
  "summary": "Change Password",
303
613
  "tags": [
304
- "Auth"
614
+ "Authentication"
305
615
  ]
306
616
  }
307
617
  },
@@ -329,11 +639,36 @@
329
639
  }
330
640
  }
331
641
  }
642
+ },
643
+ "400": {
644
+ "description": "Validation failed (bad input).",
645
+ "content": {
646
+ "application/json": {
647
+ "schema": {
648
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
649
+ }
650
+ }
651
+ }
652
+ },
653
+ "401": {
654
+ "description": "Missing, invalid, or expired authentication.",
655
+ "content": {
656
+ "application/json": {
657
+ "schema": {
658
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
659
+ }
660
+ }
661
+ }
332
662
  }
333
663
  },
664
+ "security": [
665
+ {
666
+ "access-token": []
667
+ }
668
+ ],
334
669
  "summary": "Forgot password",
335
670
  "tags": [
336
- "Auth"
671
+ "Authentication"
337
672
  ]
338
673
  }
339
674
  },
@@ -361,11 +696,36 @@
361
696
  }
362
697
  }
363
698
  }
699
+ },
700
+ "400": {
701
+ "description": "Validation failed (bad input).",
702
+ "content": {
703
+ "application/json": {
704
+ "schema": {
705
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
706
+ }
707
+ }
708
+ }
709
+ },
710
+ "401": {
711
+ "description": "Missing, invalid, or expired authentication.",
712
+ "content": {
713
+ "application/json": {
714
+ "schema": {
715
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
716
+ }
717
+ }
718
+ }
364
719
  }
365
720
  },
721
+ "security": [
722
+ {
723
+ "access-token": []
724
+ }
725
+ ],
366
726
  "summary": "Verify Forgot Password OTP and get reset token",
367
727
  "tags": [
368
- "Auth"
728
+ "Authentication"
369
729
  ]
370
730
  }
371
731
  },
@@ -393,27 +753,77 @@
393
753
  }
394
754
  }
395
755
  }
396
- }
397
- },
398
- "summary": "Reset password",
399
- "tags": [
400
- "Auth"
401
- ]
402
- }
403
- },
404
- "/auth/client-config": {
405
- "get": {
406
- "description": "Public configuration for clients (tenant mode, auth methods, registration, MFA, etc.). No auth required.",
407
- "operationId": "AuthController_getClientConfig",
756
+ },
757
+ "400": {
758
+ "description": "Validation failed (bad input).",
759
+ "content": {
760
+ "application/json": {
761
+ "schema": {
762
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
763
+ }
764
+ }
765
+ }
766
+ },
767
+ "401": {
768
+ "description": "Missing, invalid, or expired authentication.",
769
+ "content": {
770
+ "application/json": {
771
+ "schema": {
772
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
773
+ }
774
+ }
775
+ }
776
+ }
777
+ },
778
+ "security": [
779
+ {
780
+ "access-token": []
781
+ }
782
+ ],
783
+ "summary": "Reset password",
784
+ "tags": [
785
+ "Authentication"
786
+ ]
787
+ }
788
+ },
789
+ "/auth/client-config": {
790
+ "get": {
791
+ "description": "Public configuration for clients (tenant mode, auth methods, registration, MFA, etc.). No auth required.",
792
+ "operationId": "AuthController_getClientConfig",
408
793
  "parameters": [],
409
794
  "responses": {
410
795
  "200": {
411
796
  "description": "Client configuration"
797
+ },
798
+ "400": {
799
+ "description": "Validation failed (bad input).",
800
+ "content": {
801
+ "application/json": {
802
+ "schema": {
803
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
804
+ }
805
+ }
806
+ }
807
+ },
808
+ "401": {
809
+ "description": "Missing, invalid, or expired authentication.",
810
+ "content": {
811
+ "application/json": {
812
+ "schema": {
813
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
814
+ }
815
+ }
816
+ }
412
817
  }
413
818
  },
819
+ "security": [
820
+ {
821
+ "access-token": []
822
+ }
823
+ ],
414
824
  "summary": "Client config",
415
825
  "tags": [
416
- "Auth"
826
+ "Authentication"
417
827
  ]
418
828
  }
419
829
  },
@@ -431,11 +841,36 @@
431
841
  }
432
842
  }
433
843
  }
844
+ },
845
+ "400": {
846
+ "description": "Validation failed (bad input).",
847
+ "content": {
848
+ "application/json": {
849
+ "schema": {
850
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
851
+ }
852
+ }
853
+ }
854
+ },
855
+ "401": {
856
+ "description": "Missing, invalid, or expired authentication.",
857
+ "content": {
858
+ "application/json": {
859
+ "schema": {
860
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
861
+ }
862
+ }
863
+ }
434
864
  }
435
865
  },
866
+ "security": [
867
+ {
868
+ "access-token": []
869
+ }
870
+ ],
436
871
  "summary": "Get Logged In User",
437
872
  "tags": [
438
- "Auth"
873
+ "Authentication"
439
874
  ]
440
875
  }
441
876
  },
@@ -467,11 +902,36 @@
467
902
  }
468
903
  }
469
904
  }
905
+ },
906
+ "400": {
907
+ "description": "Validation failed (bad input).",
908
+ "content": {
909
+ "application/json": {
910
+ "schema": {
911
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
912
+ }
913
+ }
914
+ }
915
+ },
916
+ "401": {
917
+ "description": "Missing, invalid, or expired authentication.",
918
+ "content": {
919
+ "application/json": {
920
+ "schema": {
921
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
922
+ }
923
+ }
924
+ }
470
925
  }
471
926
  },
927
+ "security": [
928
+ {
929
+ "access-token": []
930
+ }
931
+ ],
472
932
  "summary": "Verify Session",
473
933
  "tags": [
474
- "Auth"
934
+ "Authentication"
475
935
  ]
476
936
  }
477
937
  },
@@ -499,11 +959,36 @@
499
959
  }
500
960
  }
501
961
  }
962
+ },
963
+ "400": {
964
+ "description": "Validation failed (bad input).",
965
+ "content": {
966
+ "application/json": {
967
+ "schema": {
968
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
969
+ }
970
+ }
971
+ }
972
+ },
973
+ "401": {
974
+ "description": "Missing, invalid, or expired authentication.",
975
+ "content": {
976
+ "application/json": {
977
+ "schema": {
978
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
979
+ }
980
+ }
981
+ }
502
982
  }
503
983
  },
984
+ "security": [
985
+ {
986
+ "access-token": []
987
+ }
988
+ ],
504
989
  "summary": "Send email verification",
505
990
  "tags": [
506
- "Auth"
991
+ "Authentication"
507
992
  ]
508
993
  }
509
994
  },
@@ -531,11 +1016,36 @@
531
1016
  }
532
1017
  }
533
1018
  }
1019
+ },
1020
+ "400": {
1021
+ "description": "Validation failed (bad input).",
1022
+ "content": {
1023
+ "application/json": {
1024
+ "schema": {
1025
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1026
+ }
1027
+ }
1028
+ }
1029
+ },
1030
+ "401": {
1031
+ "description": "Missing, invalid, or expired authentication.",
1032
+ "content": {
1033
+ "application/json": {
1034
+ "schema": {
1035
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1036
+ }
1037
+ }
1038
+ }
534
1039
  }
535
1040
  },
1041
+ "security": [
1042
+ {
1043
+ "access-token": []
1044
+ }
1045
+ ],
536
1046
  "summary": "Verify Email",
537
1047
  "tags": [
538
- "Auth"
1048
+ "Authentication"
539
1049
  ]
540
1050
  }
541
1051
  },
@@ -563,11 +1073,36 @@
563
1073
  }
564
1074
  }
565
1075
  }
1076
+ },
1077
+ "400": {
1078
+ "description": "Validation failed (bad input).",
1079
+ "content": {
1080
+ "application/json": {
1081
+ "schema": {
1082
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1083
+ }
1084
+ }
1085
+ }
1086
+ },
1087
+ "401": {
1088
+ "description": "Missing, invalid, or expired authentication.",
1089
+ "content": {
1090
+ "application/json": {
1091
+ "schema": {
1092
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1093
+ }
1094
+ }
1095
+ }
566
1096
  }
567
1097
  },
1098
+ "security": [
1099
+ {
1100
+ "access-token": []
1101
+ }
1102
+ ],
568
1103
  "summary": "Send phone verification (SMS OTP)",
569
1104
  "tags": [
570
- "Auth"
1105
+ "Authentication"
571
1106
  ]
572
1107
  }
573
1108
  },
@@ -595,11 +1130,36 @@
595
1130
  }
596
1131
  }
597
1132
  }
1133
+ },
1134
+ "400": {
1135
+ "description": "Validation failed (bad input).",
1136
+ "content": {
1137
+ "application/json": {
1138
+ "schema": {
1139
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1140
+ }
1141
+ }
1142
+ }
1143
+ },
1144
+ "401": {
1145
+ "description": "Missing, invalid, or expired authentication.",
1146
+ "content": {
1147
+ "application/json": {
1148
+ "schema": {
1149
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1150
+ }
1151
+ }
1152
+ }
598
1153
  }
599
1154
  },
1155
+ "security": [
1156
+ {
1157
+ "access-token": []
1158
+ }
1159
+ ],
600
1160
  "summary": "Verify phone number with OTP",
601
1161
  "tags": [
602
- "Auth"
1162
+ "Authentication"
603
1163
  ]
604
1164
  }
605
1165
  },
@@ -620,11 +1180,36 @@
620
1180
  "responses": {
621
1181
  "200": {
622
1182
  "description": ""
1183
+ },
1184
+ "400": {
1185
+ "description": "Validation failed (bad input).",
1186
+ "content": {
1187
+ "application/json": {
1188
+ "schema": {
1189
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1190
+ }
1191
+ }
1192
+ }
1193
+ },
1194
+ "401": {
1195
+ "description": "Missing, invalid, or expired authentication.",
1196
+ "content": {
1197
+ "application/json": {
1198
+ "schema": {
1199
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1200
+ }
1201
+ }
1202
+ }
623
1203
  }
624
1204
  },
1205
+ "security": [
1206
+ {
1207
+ "access-token": []
1208
+ }
1209
+ ],
625
1210
  "summary": "SSO Callback",
626
1211
  "tags": [
627
- "Auth"
1212
+ "Authentication"
628
1213
  ]
629
1214
  }
630
1215
  },
@@ -642,11 +1227,46 @@
642
1227
  }
643
1228
  }
644
1229
  }
1230
+ },
1231
+ "400": {
1232
+ "description": "Invalid or expired code.",
1233
+ "content": {
1234
+ "application/json": {
1235
+ "schema": {
1236
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1237
+ }
1238
+ }
1239
+ }
1240
+ },
1241
+ "401": {
1242
+ "description": "Missing, invalid, or expired authentication.",
1243
+ "content": {
1244
+ "application/json": {
1245
+ "schema": {
1246
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1247
+ }
1248
+ }
1249
+ }
1250
+ },
1251
+ "403": {
1252
+ "description": "Authenticated but not permitted.",
1253
+ "content": {
1254
+ "application/json": {
1255
+ "schema": {
1256
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1257
+ }
1258
+ }
1259
+ }
645
1260
  }
646
1261
  },
1262
+ "security": [
1263
+ {
1264
+ "access-token": []
1265
+ }
1266
+ ],
647
1267
  "summary": "Get MFA status for the current user",
648
1268
  "tags": [
649
- "Mfa"
1269
+ "MFA"
650
1270
  ]
651
1271
  }
652
1272
  },
@@ -674,11 +1294,46 @@
674
1294
  }
675
1295
  }
676
1296
  }
1297
+ },
1298
+ "400": {
1299
+ "description": "Invalid or expired code.",
1300
+ "content": {
1301
+ "application/json": {
1302
+ "schema": {
1303
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1304
+ }
1305
+ }
1306
+ }
1307
+ },
1308
+ "401": {
1309
+ "description": "Missing, invalid, or expired authentication.",
1310
+ "content": {
1311
+ "application/json": {
1312
+ "schema": {
1313
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1314
+ }
1315
+ }
1316
+ }
1317
+ },
1318
+ "403": {
1319
+ "description": "Authenticated but not permitted.",
1320
+ "content": {
1321
+ "application/json": {
1322
+ "schema": {
1323
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1324
+ }
1325
+ }
1326
+ }
677
1327
  }
678
1328
  },
1329
+ "security": [
1330
+ {
1331
+ "access-token": []
1332
+ }
1333
+ ],
679
1334
  "summary": "Enable or disable MFA for the current user",
680
1335
  "tags": [
681
- "Mfa"
1336
+ "MFA"
682
1337
  ]
683
1338
  }
684
1339
  },
@@ -699,11 +1354,46 @@
699
1354
  }
700
1355
  }
701
1356
  }
1357
+ },
1358
+ "400": {
1359
+ "description": "Invalid or expired code.",
1360
+ "content": {
1361
+ "application/json": {
1362
+ "schema": {
1363
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1364
+ }
1365
+ }
1366
+ }
1367
+ },
1368
+ "401": {
1369
+ "description": "Missing, invalid, or expired authentication.",
1370
+ "content": {
1371
+ "application/json": {
1372
+ "schema": {
1373
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1374
+ }
1375
+ }
1376
+ }
1377
+ },
1378
+ "403": {
1379
+ "description": "Authenticated but not permitted.",
1380
+ "content": {
1381
+ "application/json": {
1382
+ "schema": {
1383
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1384
+ }
1385
+ }
1386
+ }
702
1387
  }
703
1388
  },
1389
+ "security": [
1390
+ {
1391
+ "access-token": []
1392
+ }
1393
+ ],
704
1394
  "summary": "List registered MFA devices",
705
1395
  "tags": [
706
- "Mfa"
1396
+ "MFA"
707
1397
  ]
708
1398
  }
709
1399
  },
@@ -730,28 +1420,98 @@
730
1420
  }
731
1421
  }
732
1422
  }
733
- }
734
- },
735
- "summary": "Remove a registered MFA device",
736
- "tags": [
737
- "Mfa"
738
- ]
739
- }
740
- },
741
- "/auth/mfa/setup-totp": {
742
- "post": {
743
- "operationId": "MfaController_setupTotp",
744
- "parameters": [],
745
- "responses": {
746
- "200": {
747
- "description": ""
748
- }
749
- },
750
- "summary": "Setup TOTP Device",
751
- "tags": [
752
- "Mfa"
753
- ]
754
- }
1423
+ },
1424
+ "400": {
1425
+ "description": "Invalid or expired code.",
1426
+ "content": {
1427
+ "application/json": {
1428
+ "schema": {
1429
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1430
+ }
1431
+ }
1432
+ }
1433
+ },
1434
+ "401": {
1435
+ "description": "Missing, invalid, or expired authentication.",
1436
+ "content": {
1437
+ "application/json": {
1438
+ "schema": {
1439
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1440
+ }
1441
+ }
1442
+ }
1443
+ },
1444
+ "403": {
1445
+ "description": "Authenticated but not permitted.",
1446
+ "content": {
1447
+ "application/json": {
1448
+ "schema": {
1449
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1450
+ }
1451
+ }
1452
+ }
1453
+ }
1454
+ },
1455
+ "security": [
1456
+ {
1457
+ "access-token": []
1458
+ }
1459
+ ],
1460
+ "summary": "Remove a registered MFA device",
1461
+ "tags": [
1462
+ "MFA"
1463
+ ]
1464
+ }
1465
+ },
1466
+ "/auth/mfa/setup-totp": {
1467
+ "post": {
1468
+ "operationId": "MfaController_setupTotp",
1469
+ "parameters": [],
1470
+ "responses": {
1471
+ "200": {
1472
+ "description": ""
1473
+ },
1474
+ "400": {
1475
+ "description": "Invalid or expired code.",
1476
+ "content": {
1477
+ "application/json": {
1478
+ "schema": {
1479
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1480
+ }
1481
+ }
1482
+ }
1483
+ },
1484
+ "401": {
1485
+ "description": "Missing, invalid, or expired authentication.",
1486
+ "content": {
1487
+ "application/json": {
1488
+ "schema": {
1489
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1490
+ }
1491
+ }
1492
+ }
1493
+ },
1494
+ "403": {
1495
+ "description": "Authenticated but not permitted.",
1496
+ "content": {
1497
+ "application/json": {
1498
+ "schema": {
1499
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1500
+ }
1501
+ }
1502
+ }
1503
+ }
1504
+ },
1505
+ "security": [
1506
+ {
1507
+ "access-token": []
1508
+ }
1509
+ ],
1510
+ "summary": "Setup TOTP Device",
1511
+ "tags": [
1512
+ "MFA"
1513
+ ]
1514
+ }
755
1515
  },
756
1516
  "/auth/mfa/verify-totp-setup": {
757
1517
  "post": {
@@ -777,11 +1537,46 @@
777
1537
  }
778
1538
  }
779
1539
  }
1540
+ },
1541
+ "400": {
1542
+ "description": "Invalid or expired code.",
1543
+ "content": {
1544
+ "application/json": {
1545
+ "schema": {
1546
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1547
+ }
1548
+ }
1549
+ }
1550
+ },
1551
+ "401": {
1552
+ "description": "Missing, invalid, or expired authentication.",
1553
+ "content": {
1554
+ "application/json": {
1555
+ "schema": {
1556
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1557
+ }
1558
+ }
1559
+ }
1560
+ },
1561
+ "403": {
1562
+ "description": "Authenticated but not permitted.",
1563
+ "content": {
1564
+ "application/json": {
1565
+ "schema": {
1566
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1567
+ }
1568
+ }
1569
+ }
780
1570
  }
781
1571
  },
1572
+ "security": [
1573
+ {
1574
+ "access-token": []
1575
+ }
1576
+ ],
782
1577
  "summary": "Verify TOTP Setup",
783
1578
  "tags": [
784
- "Mfa"
1579
+ "MFA"
785
1580
  ]
786
1581
  }
787
1582
  },
@@ -792,11 +1587,46 @@
792
1587
  "responses": {
793
1588
  "200": {
794
1589
  "description": ""
1590
+ },
1591
+ "400": {
1592
+ "description": "Invalid or expired code.",
1593
+ "content": {
1594
+ "application/json": {
1595
+ "schema": {
1596
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1597
+ }
1598
+ }
1599
+ }
1600
+ },
1601
+ "401": {
1602
+ "description": "Missing, invalid, or expired authentication.",
1603
+ "content": {
1604
+ "application/json": {
1605
+ "schema": {
1606
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1607
+ }
1608
+ }
1609
+ }
1610
+ },
1611
+ "403": {
1612
+ "description": "Authenticated but not permitted.",
1613
+ "content": {
1614
+ "application/json": {
1615
+ "schema": {
1616
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1617
+ }
1618
+ }
1619
+ }
795
1620
  }
796
1621
  },
1622
+ "security": [
1623
+ {
1624
+ "access-token": []
1625
+ }
1626
+ ],
797
1627
  "summary": "Generate Recovery Codes",
798
1628
  "tags": [
799
- "Mfa"
1629
+ "MFA"
800
1630
  ]
801
1631
  }
802
1632
  },
@@ -814,32 +1644,2415 @@
814
1644
  }
815
1645
  }
816
1646
  }
1647
+ },
1648
+ "400": {
1649
+ "description": "Invalid or expired code.",
1650
+ "content": {
1651
+ "application/json": {
1652
+ "schema": {
1653
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1654
+ }
1655
+ }
1656
+ }
1657
+ },
1658
+ "401": {
1659
+ "description": "Missing, invalid, or expired authentication.",
1660
+ "content": {
1661
+ "application/json": {
1662
+ "schema": {
1663
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1664
+ }
1665
+ }
1666
+ }
1667
+ },
1668
+ "403": {
1669
+ "description": "Authenticated but not permitted.",
1670
+ "content": {
1671
+ "application/json": {
1672
+ "schema": {
1673
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1674
+ }
1675
+ }
1676
+ }
817
1677
  }
818
1678
  },
1679
+ "security": [
1680
+ {
1681
+ "access-token": []
1682
+ }
1683
+ ],
819
1684
  "summary": "Reset TOTP Device",
820
1685
  "tags": [
821
- "Mfa"
1686
+ "MFA"
1687
+ ]
1688
+ }
1689
+ },
1690
+ "/auth/admin/signup": {
1691
+ "post": {
1692
+ "operationId": "AdminAuthController_signup",
1693
+ "parameters": [],
1694
+ "requestBody": {
1695
+ "required": true,
1696
+ "content": {
1697
+ "application/json": {
1698
+ "schema": {
1699
+ "$ref": "#/components/schemas/AdminSignupDto"
1700
+ }
1701
+ }
1702
+ }
1703
+ },
1704
+ "responses": {
1705
+ "201": {
1706
+ "description": ""
1707
+ },
1708
+ "400": {
1709
+ "description": "Validation failed (bad input).",
1710
+ "content": {
1711
+ "application/json": {
1712
+ "schema": {
1713
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1714
+ }
1715
+ }
1716
+ }
1717
+ },
1718
+ "401": {
1719
+ "description": "Missing, invalid, or expired authentication.",
1720
+ "content": {
1721
+ "application/json": {
1722
+ "schema": {
1723
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1724
+ }
1725
+ }
1726
+ }
1727
+ }
1728
+ },
1729
+ "summary": "Create an admin (secret-key gated)",
1730
+ "tags": [
1731
+ "Admin · Console"
1732
+ ]
1733
+ }
1734
+ },
1735
+ "/auth/admin/login": {
1736
+ "post": {
1737
+ "operationId": "AdminAuthController_login",
1738
+ "parameters": [],
1739
+ "requestBody": {
1740
+ "required": true,
1741
+ "content": {
1742
+ "application/json": {
1743
+ "schema": {
1744
+ "$ref": "#/components/schemas/AdminLoginDto"
1745
+ }
1746
+ }
1747
+ }
1748
+ },
1749
+ "responses": {
1750
+ "201": {
1751
+ "description": ""
1752
+ },
1753
+ "400": {
1754
+ "description": "Validation failed (bad input).",
1755
+ "content": {
1756
+ "application/json": {
1757
+ "schema": {
1758
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1759
+ }
1760
+ }
1761
+ }
1762
+ },
1763
+ "401": {
1764
+ "description": "Missing, invalid, or expired authentication.",
1765
+ "content": {
1766
+ "application/json": {
1767
+ "schema": {
1768
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1769
+ }
1770
+ }
1771
+ }
1772
+ }
1773
+ },
1774
+ "summary": "Admin login (sets the session cookie)",
1775
+ "tags": [
1776
+ "Admin · Console"
1777
+ ]
1778
+ }
1779
+ },
1780
+ "/auth/admin/me": {
1781
+ "get": {
1782
+ "operationId": "AdminAuthController_me",
1783
+ "parameters": [],
1784
+ "responses": {
1785
+ "200": {
1786
+ "description": ""
1787
+ },
1788
+ "400": {
1789
+ "description": "Validation failed (bad input).",
1790
+ "content": {
1791
+ "application/json": {
1792
+ "schema": {
1793
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1794
+ }
1795
+ }
1796
+ }
1797
+ },
1798
+ "401": {
1799
+ "description": "Missing, invalid, or expired authentication.",
1800
+ "content": {
1801
+ "application/json": {
1802
+ "schema": {
1803
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1804
+ }
1805
+ }
1806
+ }
1807
+ }
1808
+ },
1809
+ "summary": "Current admin",
1810
+ "tags": [
1811
+ "Admin · Console"
1812
+ ]
1813
+ }
1814
+ },
1815
+ "/auth/admin/logout": {
1816
+ "post": {
1817
+ "operationId": "AdminAuthController_logout",
1818
+ "parameters": [],
1819
+ "responses": {
1820
+ "201": {
1821
+ "description": ""
1822
+ },
1823
+ "400": {
1824
+ "description": "Validation failed (bad input).",
1825
+ "content": {
1826
+ "application/json": {
1827
+ "schema": {
1828
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1829
+ }
1830
+ }
1831
+ }
1832
+ },
1833
+ "401": {
1834
+ "description": "Missing, invalid, or expired authentication.",
1835
+ "content": {
1836
+ "application/json": {
1837
+ "schema": {
1838
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1839
+ }
1840
+ }
1841
+ }
1842
+ }
1843
+ },
1844
+ "summary": "Admin logout",
1845
+ "tags": [
1846
+ "Admin · Console"
1847
+ ]
1848
+ }
1849
+ },
1850
+ "/auth/admin/config": {
1851
+ "get": {
1852
+ "operationId": "AdminAuthController_publicConfig",
1853
+ "parameters": [],
1854
+ "responses": {
1855
+ "200": {
1856
+ "description": ""
1857
+ },
1858
+ "400": {
1859
+ "description": "Validation failed (bad input).",
1860
+ "content": {
1861
+ "application/json": {
1862
+ "schema": {
1863
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1864
+ }
1865
+ }
1866
+ }
1867
+ },
1868
+ "401": {
1869
+ "description": "Missing, invalid, or expired authentication.",
1870
+ "content": {
1871
+ "application/json": {
1872
+ "schema": {
1873
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1874
+ }
1875
+ }
1876
+ }
1877
+ }
1878
+ },
1879
+ "summary": "Public admin-console config",
1880
+ "tags": [
1881
+ "Admin · Console"
1882
+ ]
1883
+ }
1884
+ },
1885
+ "/auth/admin/api/stats": {
1886
+ "get": {
1887
+ "operationId": "AdminAuthController_getDashboardStats",
1888
+ "parameters": [],
1889
+ "responses": {
1890
+ "200": {
1891
+ "description": ""
1892
+ },
1893
+ "400": {
1894
+ "description": "Validation failed (bad input).",
1895
+ "content": {
1896
+ "application/json": {
1897
+ "schema": {
1898
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1899
+ }
1900
+ }
1901
+ }
1902
+ },
1903
+ "401": {
1904
+ "description": "Missing, invalid, or expired authentication.",
1905
+ "content": {
1906
+ "application/json": {
1907
+ "schema": {
1908
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1909
+ }
1910
+ }
1911
+ }
1912
+ }
1913
+ },
1914
+ "summary": "Dashboard stats",
1915
+ "tags": [
1916
+ "Admin · Console"
1917
+ ]
1918
+ }
1919
+ },
1920
+ "/auth/admin/admins": {
1921
+ "get": {
1922
+ "operationId": "AdminAuthController_listAdmins",
1923
+ "parameters": [],
1924
+ "responses": {
1925
+ "200": {
1926
+ "description": ""
1927
+ },
1928
+ "400": {
1929
+ "description": "Validation failed (bad input).",
1930
+ "content": {
1931
+ "application/json": {
1932
+ "schema": {
1933
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1934
+ }
1935
+ }
1936
+ }
1937
+ },
1938
+ "401": {
1939
+ "description": "Missing, invalid, or expired authentication.",
1940
+ "content": {
1941
+ "application/json": {
1942
+ "schema": {
1943
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1944
+ }
1945
+ }
1946
+ }
1947
+ }
1948
+ },
1949
+ "summary": "List admins",
1950
+ "tags": [
1951
+ "Admin · Console"
1952
+ ]
1953
+ },
1954
+ "post": {
1955
+ "operationId": "AdminAuthController_createAdmin",
1956
+ "parameters": [],
1957
+ "requestBody": {
1958
+ "required": true,
1959
+ "content": {
1960
+ "application/json": {
1961
+ "schema": {
1962
+ "$ref": "#/components/schemas/CreateDashboardAdminDto"
1963
+ }
1964
+ }
1965
+ }
1966
+ },
1967
+ "responses": {
1968
+ "201": {
1969
+ "description": ""
1970
+ },
1971
+ "400": {
1972
+ "description": "Validation failed (bad input).",
1973
+ "content": {
1974
+ "application/json": {
1975
+ "schema": {
1976
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1977
+ }
1978
+ }
1979
+ }
1980
+ },
1981
+ "401": {
1982
+ "description": "Missing, invalid, or expired authentication.",
1983
+ "content": {
1984
+ "application/json": {
1985
+ "schema": {
1986
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
1987
+ }
1988
+ }
1989
+ }
1990
+ }
1991
+ },
1992
+ "summary": "Create an admin",
1993
+ "tags": [
1994
+ "Admin · Console"
1995
+ ]
1996
+ }
1997
+ },
1998
+ "/auth/admin/admins/{id}": {
1999
+ "patch": {
2000
+ "operationId": "AdminAuthController_updateAdmin",
2001
+ "parameters": [
2002
+ {
2003
+ "name": "id",
2004
+ "required": true,
2005
+ "in": "path",
2006
+ "schema": {
2007
+ "type": "string"
2008
+ }
2009
+ }
2010
+ ],
2011
+ "requestBody": {
2012
+ "required": true,
2013
+ "content": {
2014
+ "application/json": {
2015
+ "schema": {
2016
+ "$ref": "#/components/schemas/UpdateDashboardAdminDto"
2017
+ }
2018
+ }
2019
+ }
2020
+ },
2021
+ "responses": {
2022
+ "200": {
2023
+ "description": ""
2024
+ },
2025
+ "400": {
2026
+ "description": "Validation failed (bad input).",
2027
+ "content": {
2028
+ "application/json": {
2029
+ "schema": {
2030
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2031
+ }
2032
+ }
2033
+ }
2034
+ },
2035
+ "401": {
2036
+ "description": "Missing, invalid, or expired authentication.",
2037
+ "content": {
2038
+ "application/json": {
2039
+ "schema": {
2040
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2041
+ }
2042
+ }
2043
+ }
2044
+ }
2045
+ },
2046
+ "summary": "Update an admin",
2047
+ "tags": [
2048
+ "Admin · Console"
2049
+ ]
2050
+ },
2051
+ "delete": {
2052
+ "operationId": "AdminAuthController_deleteAdmin",
2053
+ "parameters": [
2054
+ {
2055
+ "name": "id",
2056
+ "required": true,
2057
+ "in": "path",
2058
+ "schema": {
2059
+ "type": "string"
2060
+ }
2061
+ }
2062
+ ],
2063
+ "responses": {
2064
+ "200": {
2065
+ "description": ""
2066
+ },
2067
+ "400": {
2068
+ "description": "Validation failed (bad input).",
2069
+ "content": {
2070
+ "application/json": {
2071
+ "schema": {
2072
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2073
+ }
2074
+ }
2075
+ }
2076
+ },
2077
+ "401": {
2078
+ "description": "Missing, invalid, or expired authentication.",
2079
+ "content": {
2080
+ "application/json": {
2081
+ "schema": {
2082
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2083
+ }
2084
+ }
2085
+ }
2086
+ }
2087
+ },
2088
+ "summary": "Delete an admin",
2089
+ "tags": [
2090
+ "Admin · Console"
2091
+ ]
2092
+ }
2093
+ },
2094
+ "/auth/admin/reset-password": {
2095
+ "post": {
2096
+ "operationId": "AdminAuthController_resetPassword",
2097
+ "parameters": [],
2098
+ "requestBody": {
2099
+ "required": true,
2100
+ "content": {
2101
+ "application/json": {
2102
+ "schema": {
2103
+ "$ref": "#/components/schemas/AdminResetPasswordDto"
2104
+ }
2105
+ }
2106
+ }
2107
+ },
2108
+ "responses": {
2109
+ "201": {
2110
+ "description": ""
2111
+ },
2112
+ "400": {
2113
+ "description": "Validation failed (bad input).",
2114
+ "content": {
2115
+ "application/json": {
2116
+ "schema": {
2117
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2118
+ }
2119
+ }
2120
+ }
2121
+ },
2122
+ "401": {
2123
+ "description": "Missing, invalid, or expired authentication.",
2124
+ "content": {
2125
+ "application/json": {
2126
+ "schema": {
2127
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2128
+ }
2129
+ }
2130
+ }
2131
+ }
2132
+ },
2133
+ "summary": "Reset an admin's password",
2134
+ "tags": [
2135
+ "Admin · Console"
2136
+ ]
2137
+ }
2138
+ },
2139
+ "/auth/admin/api/users": {
2140
+ "get": {
2141
+ "operationId": "AdminUsersController_listUsers",
2142
+ "parameters": [
2143
+ {
2144
+ "name": "page",
2145
+ "required": true,
2146
+ "in": "query",
2147
+ "schema": {
2148
+ "type": "string"
2149
+ }
2150
+ },
2151
+ {
2152
+ "name": "limit",
2153
+ "required": true,
2154
+ "in": "query",
2155
+ "schema": {
2156
+ "type": "string"
2157
+ }
2158
+ },
2159
+ {
2160
+ "name": "search",
2161
+ "required": true,
2162
+ "in": "query",
2163
+ "schema": {
2164
+ "type": "string"
2165
+ }
2166
+ },
2167
+ {
2168
+ "name": "status",
2169
+ "required": true,
2170
+ "in": "query",
2171
+ "schema": {
2172
+ "type": "string"
2173
+ }
2174
+ },
2175
+ {
2176
+ "name": "tenantId",
2177
+ "required": true,
2178
+ "in": "query",
2179
+ "schema": {
2180
+ "type": "string"
2181
+ }
2182
+ },
2183
+ {
2184
+ "name": "roleName",
2185
+ "required": true,
2186
+ "in": "query",
2187
+ "schema": {
2188
+ "type": "string"
2189
+ }
2190
+ }
2191
+ ],
2192
+ "responses": {
2193
+ "200": {
2194
+ "description": ""
2195
+ },
2196
+ "400": {
2197
+ "description": "Validation failed (bad input).",
2198
+ "content": {
2199
+ "application/json": {
2200
+ "schema": {
2201
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2202
+ }
2203
+ }
2204
+ }
2205
+ },
2206
+ "401": {
2207
+ "description": "Admin session missing or invalid.",
2208
+ "content": {
2209
+ "application/json": {
2210
+ "schema": {
2211
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2212
+ }
2213
+ }
2214
+ }
2215
+ },
2216
+ "403": {
2217
+ "description": "Authenticated but not permitted.",
2218
+ "content": {
2219
+ "application/json": {
2220
+ "schema": {
2221
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2222
+ }
2223
+ }
2224
+ }
2225
+ },
2226
+ "404": {
2227
+ "description": "User not found.",
2228
+ "content": {
2229
+ "application/json": {
2230
+ "schema": {
2231
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2232
+ }
2233
+ }
2234
+ }
2235
+ }
2236
+ },
2237
+ "security": [
2238
+ {
2239
+ "admin-session": []
2240
+ }
2241
+ ],
2242
+ "summary": "List users (paginated, cross-tenant; filter by status/tenant/role/search)",
2243
+ "tags": [
2244
+ "Admin · Users"
2245
+ ]
2246
+ },
2247
+ "post": {
2248
+ "operationId": "AdminUsersController_createUser",
2249
+ "parameters": [],
2250
+ "requestBody": {
2251
+ "required": true,
2252
+ "content": {
2253
+ "application/json": {
2254
+ "schema": {
2255
+ "$ref": "#/components/schemas/AdminCreateUserDto"
2256
+ }
2257
+ }
2258
+ }
2259
+ },
2260
+ "responses": {
2261
+ "201": {
2262
+ "description": ""
2263
+ },
2264
+ "400": {
2265
+ "description": "Validation failed (bad input).",
2266
+ "content": {
2267
+ "application/json": {
2268
+ "schema": {
2269
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2270
+ }
2271
+ }
2272
+ }
2273
+ },
2274
+ "401": {
2275
+ "description": "Admin session missing or invalid.",
2276
+ "content": {
2277
+ "application/json": {
2278
+ "schema": {
2279
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2280
+ }
2281
+ }
2282
+ }
2283
+ },
2284
+ "403": {
2285
+ "description": "Authenticated but not permitted.",
2286
+ "content": {
2287
+ "application/json": {
2288
+ "schema": {
2289
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2290
+ }
2291
+ }
2292
+ }
2293
+ },
2294
+ "404": {
2295
+ "description": "User not found.",
2296
+ "content": {
2297
+ "application/json": {
2298
+ "schema": {
2299
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2300
+ }
2301
+ }
2302
+ }
2303
+ }
2304
+ },
2305
+ "security": [
2306
+ {
2307
+ "admin-session": []
2308
+ }
2309
+ ],
2310
+ "summary": "Create a user",
2311
+ "tags": [
2312
+ "Admin · Users"
2313
+ ]
2314
+ }
2315
+ },
2316
+ "/auth/admin/api/users/{id}": {
2317
+ "get": {
2318
+ "operationId": "AdminUsersController_getUser",
2319
+ "parameters": [
2320
+ {
2321
+ "name": "id",
2322
+ "required": true,
2323
+ "in": "path",
2324
+ "schema": {
2325
+ "type": "string"
2326
+ }
2327
+ }
2328
+ ],
2329
+ "responses": {
2330
+ "200": {
2331
+ "description": ""
2332
+ },
2333
+ "400": {
2334
+ "description": "Validation failed (bad input).",
2335
+ "content": {
2336
+ "application/json": {
2337
+ "schema": {
2338
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2339
+ }
2340
+ }
2341
+ }
2342
+ },
2343
+ "401": {
2344
+ "description": "Admin session missing or invalid.",
2345
+ "content": {
2346
+ "application/json": {
2347
+ "schema": {
2348
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2349
+ }
2350
+ }
2351
+ }
2352
+ },
2353
+ "403": {
2354
+ "description": "Authenticated but not permitted.",
2355
+ "content": {
2356
+ "application/json": {
2357
+ "schema": {
2358
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2359
+ }
2360
+ }
2361
+ }
2362
+ },
2363
+ "404": {
2364
+ "description": "User not found.",
2365
+ "content": {
2366
+ "application/json": {
2367
+ "schema": {
2368
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2369
+ }
2370
+ }
2371
+ }
2372
+ }
2373
+ },
2374
+ "security": [
2375
+ {
2376
+ "admin-session": []
2377
+ }
2378
+ ],
2379
+ "summary": "Get a user (with roles, sessions, identities)",
2380
+ "tags": [
2381
+ "Admin · Users"
2382
+ ]
2383
+ },
2384
+ "patch": {
2385
+ "operationId": "AdminUsersController_updateUser",
2386
+ "parameters": [
2387
+ {
2388
+ "name": "id",
2389
+ "required": true,
2390
+ "in": "path",
2391
+ "schema": {
2392
+ "type": "string"
2393
+ }
2394
+ }
2395
+ ],
2396
+ "requestBody": {
2397
+ "required": true,
2398
+ "content": {
2399
+ "application/json": {
2400
+ "schema": {
2401
+ "$ref": "#/components/schemas/AdminUpdateUserDto"
2402
+ }
2403
+ }
2404
+ }
2405
+ },
2406
+ "responses": {
2407
+ "200": {
2408
+ "description": ""
2409
+ },
2410
+ "400": {
2411
+ "description": "Validation failed (bad input).",
2412
+ "content": {
2413
+ "application/json": {
2414
+ "schema": {
2415
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2416
+ }
2417
+ }
2418
+ }
2419
+ },
2420
+ "401": {
2421
+ "description": "Admin session missing or invalid.",
2422
+ "content": {
2423
+ "application/json": {
2424
+ "schema": {
2425
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2426
+ }
2427
+ }
2428
+ }
2429
+ },
2430
+ "403": {
2431
+ "description": "Authenticated but not permitted.",
2432
+ "content": {
2433
+ "application/json": {
2434
+ "schema": {
2435
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2436
+ }
2437
+ }
2438
+ }
2439
+ },
2440
+ "404": {
2441
+ "description": "User not found.",
2442
+ "content": {
2443
+ "application/json": {
2444
+ "schema": {
2445
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2446
+ }
2447
+ }
2448
+ }
2449
+ }
2450
+ },
2451
+ "security": [
2452
+ {
2453
+ "admin-session": []
2454
+ }
2455
+ ],
2456
+ "summary": "Update a user",
2457
+ "tags": [
2458
+ "Admin · Users"
2459
+ ]
2460
+ },
2461
+ "delete": {
2462
+ "operationId": "AdminUsersController_deleteUser",
2463
+ "parameters": [
2464
+ {
2465
+ "name": "id",
2466
+ "required": true,
2467
+ "in": "path",
2468
+ "schema": {
2469
+ "type": "string"
2470
+ }
2471
+ }
2472
+ ],
2473
+ "responses": {
2474
+ "200": {
2475
+ "description": ""
2476
+ },
2477
+ "400": {
2478
+ "description": "Validation failed (bad input).",
2479
+ "content": {
2480
+ "application/json": {
2481
+ "schema": {
2482
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2483
+ }
2484
+ }
2485
+ }
2486
+ },
2487
+ "401": {
2488
+ "description": "Admin session missing or invalid.",
2489
+ "content": {
2490
+ "application/json": {
2491
+ "schema": {
2492
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2493
+ }
2494
+ }
2495
+ }
2496
+ },
2497
+ "403": {
2498
+ "description": "Authenticated but not permitted.",
2499
+ "content": {
2500
+ "application/json": {
2501
+ "schema": {
2502
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2503
+ }
2504
+ }
2505
+ }
2506
+ },
2507
+ "404": {
2508
+ "description": "User not found.",
2509
+ "content": {
2510
+ "application/json": {
2511
+ "schema": {
2512
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2513
+ }
2514
+ }
2515
+ }
2516
+ }
2517
+ },
2518
+ "security": [
2519
+ {
2520
+ "admin-session": []
2521
+ }
2522
+ ],
2523
+ "summary": "Delete a user",
2524
+ "tags": [
2525
+ "Admin · Users"
2526
+ ]
2527
+ }
2528
+ },
2529
+ "/auth/admin/api/users/{id}/totp-devices/{deviceId}": {
2530
+ "delete": {
2531
+ "operationId": "AdminUsersController_deleteTotpDevice",
2532
+ "parameters": [
2533
+ {
2534
+ "name": "id",
2535
+ "required": true,
2536
+ "in": "path",
2537
+ "schema": {
2538
+ "type": "string"
2539
+ }
2540
+ },
2541
+ {
2542
+ "name": "deviceId",
2543
+ "required": true,
2544
+ "in": "path",
2545
+ "schema": {
2546
+ "type": "string"
2547
+ }
2548
+ }
2549
+ ],
2550
+ "responses": {
2551
+ "200": {
2552
+ "description": ""
2553
+ },
2554
+ "400": {
2555
+ "description": "Validation failed (bad input).",
2556
+ "content": {
2557
+ "application/json": {
2558
+ "schema": {
2559
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2560
+ }
2561
+ }
2562
+ }
2563
+ },
2564
+ "401": {
2565
+ "description": "Admin session missing or invalid.",
2566
+ "content": {
2567
+ "application/json": {
2568
+ "schema": {
2569
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2570
+ }
2571
+ }
2572
+ }
2573
+ },
2574
+ "403": {
2575
+ "description": "Authenticated but not permitted.",
2576
+ "content": {
2577
+ "application/json": {
2578
+ "schema": {
2579
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2580
+ }
2581
+ }
2582
+ }
2583
+ },
2584
+ "404": {
2585
+ "description": "User not found.",
2586
+ "content": {
2587
+ "application/json": {
2588
+ "schema": {
2589
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2590
+ }
2591
+ }
2592
+ }
2593
+ }
2594
+ },
2595
+ "security": [
2596
+ {
2597
+ "admin-session": []
2598
+ }
2599
+ ],
2600
+ "summary": "Remove a user's TOTP device",
2601
+ "tags": [
2602
+ "Admin · Users"
2603
+ ]
2604
+ }
2605
+ },
2606
+ "/auth/admin/api/users/{id}/sessions": {
2607
+ "get": {
2608
+ "operationId": "AdminUsersController_listSessions",
2609
+ "parameters": [
2610
+ {
2611
+ "name": "id",
2612
+ "required": true,
2613
+ "in": "path",
2614
+ "schema": {
2615
+ "type": "string"
2616
+ }
2617
+ }
2618
+ ],
2619
+ "responses": {
2620
+ "200": {
2621
+ "description": ""
2622
+ },
2623
+ "400": {
2624
+ "description": "Validation failed (bad input).",
2625
+ "content": {
2626
+ "application/json": {
2627
+ "schema": {
2628
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2629
+ }
2630
+ }
2631
+ }
2632
+ },
2633
+ "401": {
2634
+ "description": "Admin session missing or invalid.",
2635
+ "content": {
2636
+ "application/json": {
2637
+ "schema": {
2638
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2639
+ }
2640
+ }
2641
+ }
2642
+ },
2643
+ "403": {
2644
+ "description": "Authenticated but not permitted.",
2645
+ "content": {
2646
+ "application/json": {
2647
+ "schema": {
2648
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2649
+ }
2650
+ }
2651
+ }
2652
+ },
2653
+ "404": {
2654
+ "description": "User not found.",
2655
+ "content": {
2656
+ "application/json": {
2657
+ "schema": {
2658
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2659
+ }
2660
+ }
2661
+ }
2662
+ }
2663
+ },
2664
+ "security": [
2665
+ {
2666
+ "admin-session": []
2667
+ }
2668
+ ],
2669
+ "summary": "List a user's active sessions",
2670
+ "tags": [
2671
+ "Admin · Users"
2672
+ ]
2673
+ },
2674
+ "delete": {
2675
+ "operationId": "AdminUsersController_revokeAllSessions",
2676
+ "parameters": [
2677
+ {
2678
+ "name": "id",
2679
+ "required": true,
2680
+ "in": "path",
2681
+ "schema": {
2682
+ "type": "string"
2683
+ }
2684
+ }
2685
+ ],
2686
+ "responses": {
2687
+ "200": {
2688
+ "description": ""
2689
+ },
2690
+ "400": {
2691
+ "description": "Validation failed (bad input).",
2692
+ "content": {
2693
+ "application/json": {
2694
+ "schema": {
2695
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2696
+ }
2697
+ }
2698
+ }
2699
+ },
2700
+ "401": {
2701
+ "description": "Admin session missing or invalid.",
2702
+ "content": {
2703
+ "application/json": {
2704
+ "schema": {
2705
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2706
+ }
2707
+ }
2708
+ }
2709
+ },
2710
+ "403": {
2711
+ "description": "Authenticated but not permitted.",
2712
+ "content": {
2713
+ "application/json": {
2714
+ "schema": {
2715
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2716
+ }
2717
+ }
2718
+ }
2719
+ },
2720
+ "404": {
2721
+ "description": "User not found.",
2722
+ "content": {
2723
+ "application/json": {
2724
+ "schema": {
2725
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2726
+ }
2727
+ }
2728
+ }
2729
+ }
2730
+ },
2731
+ "security": [
2732
+ {
2733
+ "admin-session": []
2734
+ }
2735
+ ],
2736
+ "summary": "Revoke all of a user's sessions",
2737
+ "tags": [
2738
+ "Admin · Users"
2739
+ ]
2740
+ }
2741
+ },
2742
+ "/auth/admin/api/users/{id}/sessions/{sessionId}": {
2743
+ "delete": {
2744
+ "operationId": "AdminUsersController_revokeSession",
2745
+ "parameters": [
2746
+ {
2747
+ "name": "id",
2748
+ "required": true,
2749
+ "in": "path",
2750
+ "schema": {
2751
+ "type": "string"
2752
+ }
2753
+ },
2754
+ {
2755
+ "name": "sessionId",
2756
+ "required": true,
2757
+ "in": "path",
2758
+ "schema": {
2759
+ "type": "string"
2760
+ }
2761
+ }
2762
+ ],
2763
+ "responses": {
2764
+ "200": {
2765
+ "description": ""
2766
+ },
2767
+ "400": {
2768
+ "description": "Validation failed (bad input).",
2769
+ "content": {
2770
+ "application/json": {
2771
+ "schema": {
2772
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2773
+ }
2774
+ }
2775
+ }
2776
+ },
2777
+ "401": {
2778
+ "description": "Admin session missing or invalid.",
2779
+ "content": {
2780
+ "application/json": {
2781
+ "schema": {
2782
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2783
+ }
2784
+ }
2785
+ }
2786
+ },
2787
+ "403": {
2788
+ "description": "Authenticated but not permitted.",
2789
+ "content": {
2790
+ "application/json": {
2791
+ "schema": {
2792
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2793
+ }
2794
+ }
2795
+ }
2796
+ },
2797
+ "404": {
2798
+ "description": "User not found.",
2799
+ "content": {
2800
+ "application/json": {
2801
+ "schema": {
2802
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2803
+ }
2804
+ }
2805
+ }
2806
+ }
2807
+ },
2808
+ "security": [
2809
+ {
2810
+ "admin-session": []
2811
+ }
2812
+ ],
2813
+ "summary": "Revoke a single user session",
2814
+ "tags": [
2815
+ "Admin · Users"
2816
+ ]
2817
+ }
2818
+ },
2819
+ "/auth/admin/api/roles": {
2820
+ "get": {
2821
+ "operationId": "AdminRolesController_listRoles",
2822
+ "parameters": [
2823
+ {
2824
+ "name": "tenantId",
2825
+ "required": true,
2826
+ "in": "query",
2827
+ "schema": {
2828
+ "type": "string"
2829
+ }
2830
+ },
2831
+ {
2832
+ "name": "guard",
2833
+ "required": true,
2834
+ "in": "query",
2835
+ "schema": {
2836
+ "type": "string"
2837
+ }
2838
+ }
2839
+ ],
2840
+ "responses": {
2841
+ "200": {
2842
+ "description": ""
2843
+ },
2844
+ "400": {
2845
+ "description": "Validation failed (bad input).",
2846
+ "content": {
2847
+ "application/json": {
2848
+ "schema": {
2849
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2850
+ }
2851
+ }
2852
+ }
2853
+ },
2854
+ "401": {
2855
+ "description": "Admin session missing or invalid.",
2856
+ "content": {
2857
+ "application/json": {
2858
+ "schema": {
2859
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2860
+ }
2861
+ }
2862
+ }
2863
+ },
2864
+ "403": {
2865
+ "description": "Authenticated but not permitted.",
2866
+ "content": {
2867
+ "application/json": {
2868
+ "schema": {
2869
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2870
+ }
2871
+ }
2872
+ }
2873
+ },
2874
+ "404": {
2875
+ "description": "Role not found.",
2876
+ "content": {
2877
+ "application/json": {
2878
+ "schema": {
2879
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2880
+ }
2881
+ }
2882
+ }
2883
+ }
2884
+ },
2885
+ "security": [
2886
+ {
2887
+ "admin-session": []
2888
+ }
2889
+ ],
2890
+ "summary": "List roles",
2891
+ "tags": [
2892
+ "Admin · Roles"
2893
+ ]
2894
+ },
2895
+ "post": {
2896
+ "operationId": "AdminRolesController_createRole",
2897
+ "parameters": [],
2898
+ "requestBody": {
2899
+ "required": true,
2900
+ "content": {
2901
+ "application/json": {
2902
+ "schema": {
2903
+ "$ref": "#/components/schemas/AdminCreateRoleDto"
2904
+ }
2905
+ }
2906
+ }
2907
+ },
2908
+ "responses": {
2909
+ "201": {
2910
+ "description": ""
2911
+ },
2912
+ "400": {
2913
+ "description": "Validation failed (bad input).",
2914
+ "content": {
2915
+ "application/json": {
2916
+ "schema": {
2917
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2918
+ }
2919
+ }
2920
+ }
2921
+ },
2922
+ "401": {
2923
+ "description": "Admin session missing or invalid.",
2924
+ "content": {
2925
+ "application/json": {
2926
+ "schema": {
2927
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2928
+ }
2929
+ }
2930
+ }
2931
+ },
2932
+ "403": {
2933
+ "description": "Authenticated but not permitted.",
2934
+ "content": {
2935
+ "application/json": {
2936
+ "schema": {
2937
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2938
+ }
2939
+ }
2940
+ }
2941
+ },
2942
+ "404": {
2943
+ "description": "Role not found.",
2944
+ "content": {
2945
+ "application/json": {
2946
+ "schema": {
2947
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2948
+ }
2949
+ }
2950
+ }
2951
+ }
2952
+ },
2953
+ "security": [
2954
+ {
2955
+ "admin-session": []
2956
+ }
2957
+ ],
2958
+ "summary": "Create a role",
2959
+ "tags": [
2960
+ "Admin · Roles"
2961
+ ]
2962
+ }
2963
+ },
2964
+ "/auth/admin/api/roles/{id}": {
2965
+ "patch": {
2966
+ "operationId": "AdminRolesController_updateRole",
2967
+ "parameters": [
2968
+ {
2969
+ "name": "id",
2970
+ "required": true,
2971
+ "in": "path",
2972
+ "schema": {
2973
+ "type": "string"
2974
+ }
2975
+ }
2976
+ ],
2977
+ "requestBody": {
2978
+ "required": true,
2979
+ "content": {
2980
+ "application/json": {
2981
+ "schema": {
2982
+ "$ref": "#/components/schemas/AdminUpdateRoleDto"
2983
+ }
2984
+ }
2985
+ }
2986
+ },
2987
+ "responses": {
2988
+ "200": {
2989
+ "description": ""
2990
+ },
2991
+ "400": {
2992
+ "description": "Validation failed (bad input).",
2993
+ "content": {
2994
+ "application/json": {
2995
+ "schema": {
2996
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
2997
+ }
2998
+ }
2999
+ }
3000
+ },
3001
+ "401": {
3002
+ "description": "Admin session missing or invalid.",
3003
+ "content": {
3004
+ "application/json": {
3005
+ "schema": {
3006
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3007
+ }
3008
+ }
3009
+ }
3010
+ },
3011
+ "403": {
3012
+ "description": "Authenticated but not permitted.",
3013
+ "content": {
3014
+ "application/json": {
3015
+ "schema": {
3016
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3017
+ }
3018
+ }
3019
+ }
3020
+ },
3021
+ "404": {
3022
+ "description": "Role not found.",
3023
+ "content": {
3024
+ "application/json": {
3025
+ "schema": {
3026
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3027
+ }
3028
+ }
3029
+ }
3030
+ }
3031
+ },
3032
+ "security": [
3033
+ {
3034
+ "admin-session": []
3035
+ }
3036
+ ],
3037
+ "summary": "Update a role",
3038
+ "tags": [
3039
+ "Admin · Roles"
3040
+ ]
3041
+ },
3042
+ "delete": {
3043
+ "operationId": "AdminRolesController_deleteRole",
3044
+ "parameters": [
3045
+ {
3046
+ "name": "id",
3047
+ "required": true,
3048
+ "in": "path",
3049
+ "schema": {
3050
+ "type": "string"
3051
+ }
3052
+ }
3053
+ ],
3054
+ "responses": {
3055
+ "200": {
3056
+ "description": ""
3057
+ },
3058
+ "400": {
3059
+ "description": "Validation failed (bad input).",
3060
+ "content": {
3061
+ "application/json": {
3062
+ "schema": {
3063
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3064
+ }
3065
+ }
3066
+ }
3067
+ },
3068
+ "401": {
3069
+ "description": "Admin session missing or invalid.",
3070
+ "content": {
3071
+ "application/json": {
3072
+ "schema": {
3073
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3074
+ }
3075
+ }
3076
+ }
3077
+ },
3078
+ "403": {
3079
+ "description": "Authenticated but not permitted.",
3080
+ "content": {
3081
+ "application/json": {
3082
+ "schema": {
3083
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3084
+ }
3085
+ }
3086
+ }
3087
+ },
3088
+ "404": {
3089
+ "description": "Role not found.",
3090
+ "content": {
3091
+ "application/json": {
3092
+ "schema": {
3093
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3094
+ }
3095
+ }
3096
+ }
3097
+ }
3098
+ },
3099
+ "security": [
3100
+ {
3101
+ "admin-session": []
3102
+ }
3103
+ ],
3104
+ "summary": "Delete a role",
3105
+ "tags": [
3106
+ "Admin · Roles"
3107
+ ]
3108
+ }
3109
+ },
3110
+ "/auth/admin/api/tenants": {
3111
+ "get": {
3112
+ "operationId": "AdminTenantsController_listTenants",
3113
+ "parameters": [],
3114
+ "responses": {
3115
+ "200": {
3116
+ "description": ""
3117
+ },
3118
+ "400": {
3119
+ "description": "Validation failed (bad input).",
3120
+ "content": {
3121
+ "application/json": {
3122
+ "schema": {
3123
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3124
+ }
3125
+ }
3126
+ }
3127
+ },
3128
+ "401": {
3129
+ "description": "Admin session missing or invalid.",
3130
+ "content": {
3131
+ "application/json": {
3132
+ "schema": {
3133
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3134
+ }
3135
+ }
3136
+ }
3137
+ },
3138
+ "403": {
3139
+ "description": "Authenticated but not permitted.",
3140
+ "content": {
3141
+ "application/json": {
3142
+ "schema": {
3143
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3144
+ }
3145
+ }
3146
+ }
3147
+ },
3148
+ "404": {
3149
+ "description": "Tenant not found.",
3150
+ "content": {
3151
+ "application/json": {
3152
+ "schema": {
3153
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3154
+ }
3155
+ }
3156
+ }
3157
+ }
3158
+ },
3159
+ "security": [
3160
+ {
3161
+ "admin-session": []
3162
+ }
3163
+ ],
3164
+ "summary": "List tenants",
3165
+ "tags": [
3166
+ "Admin · Tenants"
3167
+ ]
3168
+ },
3169
+ "post": {
3170
+ "operationId": "AdminTenantsController_createTenant",
3171
+ "parameters": [],
3172
+ "requestBody": {
3173
+ "required": true,
3174
+ "content": {
3175
+ "application/json": {
3176
+ "schema": {
3177
+ "$ref": "#/components/schemas/AdminCreateTenantDto"
3178
+ }
3179
+ }
3180
+ }
3181
+ },
3182
+ "responses": {
3183
+ "201": {
3184
+ "description": ""
3185
+ },
3186
+ "400": {
3187
+ "description": "Validation failed (bad input).",
3188
+ "content": {
3189
+ "application/json": {
3190
+ "schema": {
3191
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3192
+ }
3193
+ }
3194
+ }
3195
+ },
3196
+ "401": {
3197
+ "description": "Admin session missing or invalid.",
3198
+ "content": {
3199
+ "application/json": {
3200
+ "schema": {
3201
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3202
+ }
3203
+ }
3204
+ }
3205
+ },
3206
+ "403": {
3207
+ "description": "Authenticated but not permitted.",
3208
+ "content": {
3209
+ "application/json": {
3210
+ "schema": {
3211
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3212
+ }
3213
+ }
3214
+ }
3215
+ },
3216
+ "404": {
3217
+ "description": "Tenant not found.",
3218
+ "content": {
3219
+ "application/json": {
3220
+ "schema": {
3221
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3222
+ }
3223
+ }
3224
+ }
3225
+ }
3226
+ },
3227
+ "security": [
3228
+ {
3229
+ "admin-session": []
3230
+ }
3231
+ ],
3232
+ "summary": "Create a tenant",
3233
+ "tags": [
3234
+ "Admin · Tenants"
3235
+ ]
3236
+ }
3237
+ },
3238
+ "/auth/admin/api/tenants/{id}": {
3239
+ "patch": {
3240
+ "operationId": "AdminTenantsController_updateTenant",
3241
+ "parameters": [
3242
+ {
3243
+ "name": "id",
3244
+ "required": true,
3245
+ "in": "path",
3246
+ "schema": {
3247
+ "type": "string"
3248
+ }
3249
+ }
3250
+ ],
3251
+ "requestBody": {
3252
+ "required": true,
3253
+ "content": {
3254
+ "application/json": {
3255
+ "schema": {
3256
+ "$ref": "#/components/schemas/AdminUpdateTenantDto"
3257
+ }
3258
+ }
3259
+ }
3260
+ },
3261
+ "responses": {
3262
+ "200": {
3263
+ "description": ""
3264
+ },
3265
+ "400": {
3266
+ "description": "Validation failed (bad input).",
3267
+ "content": {
3268
+ "application/json": {
3269
+ "schema": {
3270
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3271
+ }
3272
+ }
3273
+ }
3274
+ },
3275
+ "401": {
3276
+ "description": "Admin session missing or invalid.",
3277
+ "content": {
3278
+ "application/json": {
3279
+ "schema": {
3280
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3281
+ }
3282
+ }
3283
+ }
3284
+ },
3285
+ "403": {
3286
+ "description": "Authenticated but not permitted.",
3287
+ "content": {
3288
+ "application/json": {
3289
+ "schema": {
3290
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3291
+ }
3292
+ }
3293
+ }
3294
+ },
3295
+ "404": {
3296
+ "description": "Tenant not found.",
3297
+ "content": {
3298
+ "application/json": {
3299
+ "schema": {
3300
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3301
+ }
3302
+ }
3303
+ }
3304
+ }
3305
+ },
3306
+ "security": [
3307
+ {
3308
+ "admin-session": []
3309
+ }
3310
+ ],
3311
+ "summary": "Update a tenant",
3312
+ "tags": [
3313
+ "Admin · Tenants"
3314
+ ]
3315
+ },
3316
+ "delete": {
3317
+ "operationId": "AdminTenantsController_deleteTenant",
3318
+ "parameters": [
3319
+ {
3320
+ "name": "id",
3321
+ "required": true,
3322
+ "in": "path",
3323
+ "schema": {
3324
+ "type": "string"
3325
+ }
3326
+ }
3327
+ ],
3328
+ "responses": {
3329
+ "200": {
3330
+ "description": ""
3331
+ },
3332
+ "400": {
3333
+ "description": "Validation failed (bad input).",
3334
+ "content": {
3335
+ "application/json": {
3336
+ "schema": {
3337
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3338
+ }
3339
+ }
3340
+ }
3341
+ },
3342
+ "401": {
3343
+ "description": "Admin session missing or invalid.",
3344
+ "content": {
3345
+ "application/json": {
3346
+ "schema": {
3347
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3348
+ }
3349
+ }
3350
+ }
3351
+ },
3352
+ "403": {
3353
+ "description": "Authenticated but not permitted.",
3354
+ "content": {
3355
+ "application/json": {
3356
+ "schema": {
3357
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3358
+ }
3359
+ }
3360
+ }
3361
+ },
3362
+ "404": {
3363
+ "description": "Tenant not found.",
3364
+ "content": {
3365
+ "application/json": {
3366
+ "schema": {
3367
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3368
+ }
3369
+ }
3370
+ }
3371
+ }
3372
+ },
3373
+ "security": [
3374
+ {
3375
+ "admin-session": []
3376
+ }
3377
+ ],
3378
+ "summary": "Delete a tenant",
3379
+ "tags": [
3380
+ "Admin · Tenants"
3381
+ ]
3382
+ }
3383
+ },
3384
+ "/auth/admin/api/permissions": {
3385
+ "get": {
3386
+ "operationId": "AdminPermissionsController_listPermissions",
3387
+ "parameters": [
3388
+ {
3389
+ "name": "search",
3390
+ "required": true,
3391
+ "in": "query",
3392
+ "schema": {
3393
+ "type": "string"
3394
+ }
3395
+ },
3396
+ {
3397
+ "name": "category",
3398
+ "required": true,
3399
+ "in": "query",
3400
+ "schema": {
3401
+ "type": "string"
3402
+ }
3403
+ },
3404
+ {
3405
+ "name": "guard",
3406
+ "required": true,
3407
+ "in": "query",
3408
+ "schema": {
3409
+ "type": "string"
3410
+ }
3411
+ },
3412
+ {
3413
+ "name": "limit",
3414
+ "required": true,
3415
+ "in": "query",
3416
+ "schema": {
3417
+ "type": "string"
3418
+ }
3419
+ }
3420
+ ],
3421
+ "responses": {
3422
+ "200": {
3423
+ "description": ""
3424
+ },
3425
+ "400": {
3426
+ "description": "Validation failed (bad input).",
3427
+ "content": {
3428
+ "application/json": {
3429
+ "schema": {
3430
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3431
+ }
3432
+ }
3433
+ }
3434
+ },
3435
+ "401": {
3436
+ "description": "Admin session missing or invalid.",
3437
+ "content": {
3438
+ "application/json": {
3439
+ "schema": {
3440
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3441
+ }
3442
+ }
3443
+ }
3444
+ },
3445
+ "403": {
3446
+ "description": "Authenticated but not permitted.",
3447
+ "content": {
3448
+ "application/json": {
3449
+ "schema": {
3450
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3451
+ }
3452
+ }
3453
+ }
3454
+ },
3455
+ "404": {
3456
+ "description": "Permission not found.",
3457
+ "content": {
3458
+ "application/json": {
3459
+ "schema": {
3460
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3461
+ }
3462
+ }
3463
+ }
3464
+ }
3465
+ },
3466
+ "security": [
3467
+ {
3468
+ "admin-session": []
3469
+ }
3470
+ ],
3471
+ "summary": "List permissions",
3472
+ "tags": [
3473
+ "Admin · Permissions"
3474
+ ]
3475
+ },
3476
+ "post": {
3477
+ "operationId": "AdminPermissionsController_createPermission",
3478
+ "parameters": [],
3479
+ "requestBody": {
3480
+ "required": true,
3481
+ "content": {
3482
+ "application/json": {
3483
+ "schema": {
3484
+ "$ref": "#/components/schemas/AdminCreatePermissionDto"
3485
+ }
3486
+ }
3487
+ }
3488
+ },
3489
+ "responses": {
3490
+ "201": {
3491
+ "description": ""
3492
+ },
3493
+ "400": {
3494
+ "description": "Validation failed (bad input).",
3495
+ "content": {
3496
+ "application/json": {
3497
+ "schema": {
3498
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3499
+ }
3500
+ }
3501
+ }
3502
+ },
3503
+ "401": {
3504
+ "description": "Admin session missing or invalid.",
3505
+ "content": {
3506
+ "application/json": {
3507
+ "schema": {
3508
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3509
+ }
3510
+ }
3511
+ }
3512
+ },
3513
+ "403": {
3514
+ "description": "Authenticated but not permitted.",
3515
+ "content": {
3516
+ "application/json": {
3517
+ "schema": {
3518
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3519
+ }
3520
+ }
3521
+ }
3522
+ },
3523
+ "404": {
3524
+ "description": "Permission not found.",
3525
+ "content": {
3526
+ "application/json": {
3527
+ "schema": {
3528
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3529
+ }
3530
+ }
3531
+ }
3532
+ }
3533
+ },
3534
+ "security": [
3535
+ {
3536
+ "admin-session": []
3537
+ }
3538
+ ],
3539
+ "summary": "Create a permission",
3540
+ "tags": [
3541
+ "Admin · Permissions"
3542
+ ]
3543
+ }
3544
+ },
3545
+ "/auth/admin/api/permissions/guards": {
3546
+ "get": {
3547
+ "operationId": "AdminPermissionsController_getGuards",
3548
+ "parameters": [],
3549
+ "responses": {
3550
+ "200": {
3551
+ "description": ""
3552
+ },
3553
+ "400": {
3554
+ "description": "Validation failed (bad input).",
3555
+ "content": {
3556
+ "application/json": {
3557
+ "schema": {
3558
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3559
+ }
3560
+ }
3561
+ }
3562
+ },
3563
+ "401": {
3564
+ "description": "Admin session missing or invalid.",
3565
+ "content": {
3566
+ "application/json": {
3567
+ "schema": {
3568
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3569
+ }
3570
+ }
3571
+ }
3572
+ },
3573
+ "403": {
3574
+ "description": "Authenticated but not permitted.",
3575
+ "content": {
3576
+ "application/json": {
3577
+ "schema": {
3578
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3579
+ }
3580
+ }
3581
+ }
3582
+ },
3583
+ "404": {
3584
+ "description": "Permission not found.",
3585
+ "content": {
3586
+ "application/json": {
3587
+ "schema": {
3588
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3589
+ }
3590
+ }
3591
+ }
3592
+ }
3593
+ },
3594
+ "security": [
3595
+ {
3596
+ "admin-session": []
3597
+ }
3598
+ ],
3599
+ "summary": "List guard namespaces",
3600
+ "tags": [
3601
+ "Admin · Permissions"
3602
+ ]
3603
+ }
3604
+ },
3605
+ "/auth/admin/api/permissions/search": {
3606
+ "get": {
3607
+ "operationId": "AdminPermissionsController_searchPermissions",
3608
+ "parameters": [
3609
+ {
3610
+ "name": "q",
3611
+ "required": true,
3612
+ "in": "query",
3613
+ "schema": {
3614
+ "type": "string"
3615
+ }
3616
+ },
3617
+ {
3618
+ "name": "guard",
3619
+ "required": true,
3620
+ "in": "query",
3621
+ "schema": {
3622
+ "type": "string"
3623
+ }
3624
+ },
3625
+ {
3626
+ "name": "limit",
3627
+ "required": true,
3628
+ "in": "query",
3629
+ "schema": {
3630
+ "type": "string"
3631
+ }
3632
+ }
3633
+ ],
3634
+ "responses": {
3635
+ "200": {
3636
+ "description": ""
3637
+ },
3638
+ "400": {
3639
+ "description": "Validation failed (bad input).",
3640
+ "content": {
3641
+ "application/json": {
3642
+ "schema": {
3643
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3644
+ }
3645
+ }
3646
+ }
3647
+ },
3648
+ "401": {
3649
+ "description": "Admin session missing or invalid.",
3650
+ "content": {
3651
+ "application/json": {
3652
+ "schema": {
3653
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3654
+ }
3655
+ }
3656
+ }
3657
+ },
3658
+ "403": {
3659
+ "description": "Authenticated but not permitted.",
3660
+ "content": {
3661
+ "application/json": {
3662
+ "schema": {
3663
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3664
+ }
3665
+ }
3666
+ }
3667
+ },
3668
+ "404": {
3669
+ "description": "Permission not found.",
3670
+ "content": {
3671
+ "application/json": {
3672
+ "schema": {
3673
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3674
+ }
3675
+ }
3676
+ }
3677
+ }
3678
+ },
3679
+ "security": [
3680
+ {
3681
+ "admin-session": []
3682
+ }
3683
+ ],
3684
+ "summary": "Search permissions",
3685
+ "tags": [
3686
+ "Admin · Permissions"
3687
+ ]
3688
+ }
3689
+ },
3690
+ "/auth/admin/api/permissions/categories": {
3691
+ "get": {
3692
+ "operationId": "AdminPermissionsController_getCategories",
3693
+ "parameters": [],
3694
+ "responses": {
3695
+ "200": {
3696
+ "description": ""
3697
+ },
3698
+ "400": {
3699
+ "description": "Validation failed (bad input).",
3700
+ "content": {
3701
+ "application/json": {
3702
+ "schema": {
3703
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3704
+ }
3705
+ }
3706
+ }
3707
+ },
3708
+ "401": {
3709
+ "description": "Admin session missing or invalid.",
3710
+ "content": {
3711
+ "application/json": {
3712
+ "schema": {
3713
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3714
+ }
3715
+ }
3716
+ }
3717
+ },
3718
+ "403": {
3719
+ "description": "Authenticated but not permitted.",
3720
+ "content": {
3721
+ "application/json": {
3722
+ "schema": {
3723
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3724
+ }
3725
+ }
3726
+ }
3727
+ },
3728
+ "404": {
3729
+ "description": "Permission not found.",
3730
+ "content": {
3731
+ "application/json": {
3732
+ "schema": {
3733
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3734
+ }
3735
+ }
3736
+ }
3737
+ }
3738
+ },
3739
+ "security": [
3740
+ {
3741
+ "admin-session": []
3742
+ }
3743
+ ],
3744
+ "summary": "List permission categories",
3745
+ "tags": [
3746
+ "Admin · Permissions"
3747
+ ]
3748
+ }
3749
+ },
3750
+ "/auth/admin/api/permissions/{id}": {
3751
+ "get": {
3752
+ "operationId": "AdminPermissionsController_getPermission",
3753
+ "parameters": [
3754
+ {
3755
+ "name": "id",
3756
+ "required": true,
3757
+ "in": "path",
3758
+ "schema": {
3759
+ "type": "string"
3760
+ }
3761
+ }
3762
+ ],
3763
+ "responses": {
3764
+ "200": {
3765
+ "description": ""
3766
+ },
3767
+ "400": {
3768
+ "description": "Validation failed (bad input).",
3769
+ "content": {
3770
+ "application/json": {
3771
+ "schema": {
3772
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3773
+ }
3774
+ }
3775
+ }
3776
+ },
3777
+ "401": {
3778
+ "description": "Admin session missing or invalid.",
3779
+ "content": {
3780
+ "application/json": {
3781
+ "schema": {
3782
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3783
+ }
3784
+ }
3785
+ }
3786
+ },
3787
+ "403": {
3788
+ "description": "Authenticated but not permitted.",
3789
+ "content": {
3790
+ "application/json": {
3791
+ "schema": {
3792
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3793
+ }
3794
+ }
3795
+ }
3796
+ },
3797
+ "404": {
3798
+ "description": "Permission not found.",
3799
+ "content": {
3800
+ "application/json": {
3801
+ "schema": {
3802
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3803
+ }
3804
+ }
3805
+ }
3806
+ }
3807
+ },
3808
+ "security": [
3809
+ {
3810
+ "admin-session": []
3811
+ }
3812
+ ],
3813
+ "summary": "Get a permission",
3814
+ "tags": [
3815
+ "Admin · Permissions"
3816
+ ]
3817
+ },
3818
+ "patch": {
3819
+ "operationId": "AdminPermissionsController_updatePermission",
3820
+ "parameters": [
3821
+ {
3822
+ "name": "id",
3823
+ "required": true,
3824
+ "in": "path",
3825
+ "schema": {
3826
+ "type": "string"
3827
+ }
3828
+ }
3829
+ ],
3830
+ "requestBody": {
3831
+ "required": true,
3832
+ "content": {
3833
+ "application/json": {
3834
+ "schema": {
3835
+ "$ref": "#/components/schemas/AdminUpdatePermissionDto"
3836
+ }
3837
+ }
3838
+ }
3839
+ },
3840
+ "responses": {
3841
+ "200": {
3842
+ "description": ""
3843
+ },
3844
+ "400": {
3845
+ "description": "Validation failed (bad input).",
3846
+ "content": {
3847
+ "application/json": {
3848
+ "schema": {
3849
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3850
+ }
3851
+ }
3852
+ }
3853
+ },
3854
+ "401": {
3855
+ "description": "Admin session missing or invalid.",
3856
+ "content": {
3857
+ "application/json": {
3858
+ "schema": {
3859
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3860
+ }
3861
+ }
3862
+ }
3863
+ },
3864
+ "403": {
3865
+ "description": "Authenticated but not permitted.",
3866
+ "content": {
3867
+ "application/json": {
3868
+ "schema": {
3869
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3870
+ }
3871
+ }
3872
+ }
3873
+ },
3874
+ "404": {
3875
+ "description": "Permission not found.",
3876
+ "content": {
3877
+ "application/json": {
3878
+ "schema": {
3879
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3880
+ }
3881
+ }
3882
+ }
3883
+ }
3884
+ },
3885
+ "security": [
3886
+ {
3887
+ "admin-session": []
3888
+ }
3889
+ ],
3890
+ "summary": "Update a permission",
3891
+ "tags": [
3892
+ "Admin · Permissions"
3893
+ ]
3894
+ },
3895
+ "delete": {
3896
+ "operationId": "AdminPermissionsController_deletePermission",
3897
+ "parameters": [
3898
+ {
3899
+ "name": "id",
3900
+ "required": true,
3901
+ "in": "path",
3902
+ "schema": {
3903
+ "type": "string"
3904
+ }
3905
+ }
3906
+ ],
3907
+ "responses": {
3908
+ "200": {
3909
+ "description": ""
3910
+ },
3911
+ "400": {
3912
+ "description": "Validation failed (bad input).",
3913
+ "content": {
3914
+ "application/json": {
3915
+ "schema": {
3916
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3917
+ }
3918
+ }
3919
+ }
3920
+ },
3921
+ "401": {
3922
+ "description": "Admin session missing or invalid.",
3923
+ "content": {
3924
+ "application/json": {
3925
+ "schema": {
3926
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3927
+ }
3928
+ }
3929
+ }
3930
+ },
3931
+ "403": {
3932
+ "description": "Authenticated but not permitted.",
3933
+ "content": {
3934
+ "application/json": {
3935
+ "schema": {
3936
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3937
+ }
3938
+ }
3939
+ }
3940
+ },
3941
+ "404": {
3942
+ "description": "Permission not found.",
3943
+ "content": {
3944
+ "application/json": {
3945
+ "schema": {
3946
+ "$ref": "#/components/schemas/ApiErrorResponseDto"
3947
+ }
3948
+ }
3949
+ }
3950
+ }
3951
+ },
3952
+ "security": [
3953
+ {
3954
+ "admin-session": []
3955
+ }
3956
+ ],
3957
+ "summary": "Delete a permission",
3958
+ "tags": [
3959
+ "Admin · Permissions"
822
3960
  ]
823
3961
  }
824
3962
  }
825
3963
  },
826
3964
  "info": {
827
3965
  "title": "@ackplus/nest-auth API",
828
- "description": "OpenAPI specification generated from the Nest Auth module",
829
- "version": "2.0.0-beta.9",
3966
+ "description": "Authentication & authorization API for **@ackplus/nest-auth**.\n\n### Conventions\n- **Base URL** — routes are shown relative to your app’s global prefix. The reference example app uses `/api`, so a route like `POST /auth/login` is called at `POST /api/auth/login`.\n- **Auth** — most endpoints require a Bearer access token: `Authorization: Bearer <accessToken>`. The **Admin** endpoints use an httpOnly session cookie set by `POST /auth/admin/login`.\n- **Token modes** — in *header* mode (default) tokens are returned in the response body; in *cookie* mode they are set as httpOnly cookies. Controlled by `accessTokenType`.\n- **Errors** — failures return `{ statusCode, error, message, code }`; the machine-readable `code` is the value to branch on.\n\nBrowse by section in the sidebar: **Authentication**, **Password**, **Verification**, **Passwordless**, **MFA**, and the **Admin** groups.",
3967
+ "version": "2.0.1",
830
3968
  "contact": {}
831
3969
  },
832
- "tags": [],
833
- "servers": [],
3970
+ "tags": [
3971
+ {
3972
+ "name": "Authentication",
3973
+ "description": "Sign up, log in/out, refresh, sessions, password, verification, passwordless, account introspection, tenant switching."
3974
+ },
3975
+ {
3976
+ "name": "MFA",
3977
+ "description": "Multi-factor: TOTP, email/SMS OTP, recovery codes, trusted devices."
3978
+ },
3979
+ {
3980
+ "name": "Admin · Console",
3981
+ "description": "Admin sign-in (cookie session), profile, dashboard stats, and managing admins."
3982
+ },
3983
+ {
3984
+ "name": "Admin · Users",
3985
+ "description": "Cross-tenant user management: list, create, update, delete, sessions, MFA reset."
3986
+ },
3987
+ {
3988
+ "name": "Admin · Roles",
3989
+ "description": "Create and manage roles + their permissions."
3990
+ },
3991
+ {
3992
+ "name": "Admin · Permissions",
3993
+ "description": "Create and manage permissions."
3994
+ },
3995
+ {
3996
+ "name": "Admin · Tenants",
3997
+ "description": "Create and manage tenants."
3998
+ }
3999
+ ],
4000
+ "servers": [
4001
+ {
4002
+ "url": "/api",
4003
+ "description": "Default — your app’s global prefix (the example app uses `api`)"
4004
+ },
4005
+ {
4006
+ "url": "/",
4007
+ "description": "No global prefix"
4008
+ }
4009
+ ],
834
4010
  "components": {
835
4011
  "securitySchemes": {
836
- "bearer": {
4012
+ "access-token": {
837
4013
  "scheme": "bearer",
838
4014
  "bearerFormat": "JWT",
839
- "type": "http"
4015
+ "type": "http",
4016
+ "description": "Paste an access token from /auth/login"
4017
+ },
4018
+ "admin-session": {
4019
+ "type": "apiKey",
4020
+ "in": "cookie",
4021
+ "name": "nest_auth_admin"
840
4022
  }
841
4023
  },
842
4024
  "schemas": {
4025
+ "ApiErrorResponseDto": {
4026
+ "type": "object",
4027
+ "properties": {
4028
+ "statusCode": {
4029
+ "type": "number",
4030
+ "example": 401,
4031
+ "description": "HTTP status code"
4032
+ },
4033
+ "error": {
4034
+ "type": "string",
4035
+ "example": "Unauthorized",
4036
+ "description": "HTTP status text / exception name"
4037
+ },
4038
+ "message": {
4039
+ "type": "string",
4040
+ "example": "Invalid credentials",
4041
+ "description": "Human-readable message"
4042
+ },
4043
+ "code": {
4044
+ "type": "string",
4045
+ "example": "INVALID_CREDENTIALS",
4046
+ "description": "Stable, machine-readable error code — branch on this, not the message"
4047
+ }
4048
+ },
4049
+ "required": [
4050
+ "statusCode",
4051
+ "error",
4052
+ "message",
4053
+ "code"
4054
+ ]
4055
+ },
843
4056
  "NestAuthSignupRequestDto": {
844
4057
  "type": "object",
845
4058
  "properties": {
@@ -875,89 +4088,6 @@
875
4088
  "password"
876
4089
  ]
877
4090
  },
878
- "UserResponseDto": {
879
- "type": "object",
880
- "properties": {
881
- "id": {
882
- "type": "string",
883
- "description": "User unique identifier",
884
- "example": "123e4567-e89b-12d3-a456-426614174000"
885
- },
886
- "email": {
887
- "type": "string",
888
- "description": "User email address",
889
- "example": "user@example.com"
890
- },
891
- "phone": {
892
- "type": "string",
893
- "description": "User phone number",
894
- "example": "+1234567890"
895
- },
896
- "isVerified": {
897
- "type": "boolean",
898
- "description": "Email verification status",
899
- "example": true
900
- },
901
- "isMfaEnabled": {
902
- "type": "boolean",
903
- "description": "Whether MFA is enabled for this user",
904
- "example": false
905
- },
906
- "roles": {
907
- "description": "User roles (role names)",
908
- "example": [
909
- "admin",
910
- "user"
911
- ],
912
- "type": "array",
913
- "items": {
914
- "type": "string"
915
- }
916
- },
917
- "permissions": {
918
- "description": "User permissions (flattened from roles)",
919
- "example": [
920
- "read:users",
921
- "write:users"
922
- ],
923
- "type": "array",
924
- "items": {
925
- "type": "string"
926
- }
927
- },
928
- "metadata": {
929
- "type": "object",
930
- "description": "Additional user metadata",
931
- "example": {
932
- "firstName": "John",
933
- "lastName": "Doe"
934
- }
935
- },
936
- "tenantId": {
937
- "type": "string",
938
- "description": "Tenant ID for multi-tenant applications",
939
- "example": "tenant-123"
940
- },
941
- "tenants": {
942
- "description": "Tenants the user belongs to",
943
- "type": "array",
944
- "items": {
945
- "type": "object"
946
- }
947
- },
948
- "userAccesses": {
949
- "description": "User access per tenant (includes roles)",
950
- "type": "array",
951
- "items": {
952
- "type": "object"
953
- }
954
- }
955
- },
956
- "required": [
957
- "id",
958
- "isVerified"
959
- ]
960
- },
961
4091
  "AuthWithTokensResponseDto": {
962
4092
  "type": "object",
963
4093
  "properties": {
@@ -1007,14 +4137,6 @@
1007
4137
  "totp"
1008
4138
  ]
1009
4139
  },
1010
- "user": {
1011
- "description": "User information",
1012
- "allOf": [
1013
- {
1014
- "$ref": "#/components/schemas/UserResponseDto"
1015
- }
1016
- ]
1017
- },
1018
4140
  "trustToken": {
1019
4141
  "type": "string",
1020
4142
  "description": "Trust token for trusted device verification",
@@ -1074,6 +4196,25 @@
1074
4196
  "type": "string",
1075
4197
  "description": "OAuth token or ID token from social provider",
1076
4198
  "example": "ya29.a0AfH6SMBx1234567890abcdefghijklmnop"
4199
+ },
4200
+ "type": {
4201
+ "type": "string",
4202
+ "description": "How to interpret the supplied token. Required only for Google: `idToken` (default) verifies a Google-signed ID token client-side; `accessToken` calls Google's userinfo endpoint with a Bearer access token. Other providers (Facebook, Apple, GitHub) ignore this field.",
4203
+ "example": "idToken",
4204
+ "enum": [
4205
+ "idToken",
4206
+ "accessToken"
4207
+ ],
4208
+ "default": "idToken"
4209
+ },
4210
+ "name": {
4211
+ "type": "string",
4212
+ "description": "Display name from the provider. Apple only returns the user's name on the FIRST native sign-in, so pass it here to persist it (ignored by other providers).",
4213
+ "example": "Ada Lovelace"
4214
+ },
4215
+ "nonce": {
4216
+ "type": "string",
4217
+ "description": "Nonce used for native sign-in replay protection. When provided, it must match the `nonce` claim in the verified Apple identityToken."
1077
4218
  }
1078
4219
  },
1079
4220
  "required": [
@@ -1305,6 +4446,83 @@
1305
4446
  "otp"
1306
4447
  ]
1307
4448
  },
4449
+ "UserResponseDto": {
4450
+ "type": "object",
4451
+ "properties": {
4452
+ "id": {
4453
+ "type": "string",
4454
+ "description": "User unique identifier",
4455
+ "example": "123e4567-e89b-12d3-a456-426614174000"
4456
+ },
4457
+ "email": {
4458
+ "type": "string",
4459
+ "description": "User email address",
4460
+ "example": "user@example.com"
4461
+ },
4462
+ "phone": {
4463
+ "type": "string",
4464
+ "description": "User phone number",
4465
+ "example": "+1234567890"
4466
+ },
4467
+ "emailVerifiedAt": {
4468
+ "format": "date-time",
4469
+ "type": "string",
4470
+ "description": "Email verification status",
4471
+ "example": true
4472
+ },
4473
+ "phoneVerifiedAt": {
4474
+ "format": "date-time",
4475
+ "type": "string",
4476
+ "description": "Phone verification status",
4477
+ "example": true
4478
+ },
4479
+ "isMfaEnabled": {
4480
+ "type": "boolean",
4481
+ "description": "Whether MFA is enabled for this user",
4482
+ "example": false
4483
+ },
4484
+ "roles": {
4485
+ "description": "User roles (role names)",
4486
+ "example": [
4487
+ "admin",
4488
+ "user"
4489
+ ],
4490
+ "type": "array",
4491
+ "items": {
4492
+ "type": "string"
4493
+ }
4494
+ },
4495
+ "permissions": {
4496
+ "description": "User permissions (flattened from roles)",
4497
+ "example": [
4498
+ "read:users",
4499
+ "write:users"
4500
+ ],
4501
+ "type": "array",
4502
+ "items": {
4503
+ "type": "string"
4504
+ }
4505
+ },
4506
+ "metadata": {
4507
+ "type": "object",
4508
+ "description": "Additional user metadata",
4509
+ "example": {
4510
+ "firstName": "John",
4511
+ "lastName": "Doe"
4512
+ }
4513
+ },
4514
+ "tenantId": {
4515
+ "type": "string",
4516
+ "description": "Tenant ID for multi-tenant applications",
4517
+ "example": "tenant-123"
4518
+ }
4519
+ },
4520
+ "required": [
4521
+ "id",
4522
+ "emailVerifiedAt",
4523
+ "phoneVerifiedAt"
4524
+ ]
4525
+ },
1308
4526
  "Verify2faWithTokensResponseDto": {
1309
4527
  "type": "object",
1310
4528
  "properties": {
@@ -1871,6 +5089,133 @@
1871
5089
  "required": [
1872
5090
  "message"
1873
5091
  ]
5092
+ },
5093
+ "AdminSignupDto": {
5094
+ "type": "object",
5095
+ "properties": {
5096
+ "email": {
5097
+ "type": "string",
5098
+ "description": "Admin email address",
5099
+ "example": "admin@example.com"
5100
+ },
5101
+ "password": {
5102
+ "type": "string",
5103
+ "description": "Admin password (minimum 8 characters, must contain uppercase, lowercase, number, and special character)",
5104
+ "example": "SecurePassword123!",
5105
+ "minLength": 8
5106
+ },
5107
+ "secretKey": {
5108
+ "type": "string",
5109
+ "description": "Secret key for authorization (provided in module configuration)",
5110
+ "example": "your-secret-key"
5111
+ },
5112
+ "name": {
5113
+ "type": "string",
5114
+ "description": "Admin name (optional)",
5115
+ "example": "Admin User"
5116
+ },
5117
+ "metadata": {
5118
+ "type": "object",
5119
+ "description": "Additional metadata for the admin user (optional)",
5120
+ "example": {
5121
+ "department": "IT",
5122
+ "role": "super-admin"
5123
+ }
5124
+ }
5125
+ },
5126
+ "required": [
5127
+ "email",
5128
+ "password",
5129
+ "secretKey"
5130
+ ]
5131
+ },
5132
+ "AdminLoginDto": {
5133
+ "type": "object",
5134
+ "properties": {}
5135
+ },
5136
+ "CreateDashboardAdminDto": {
5137
+ "type": "object",
5138
+ "properties": {}
5139
+ },
5140
+ "UpdateDashboardAdminDto": {
5141
+ "type": "object",
5142
+ "properties": {}
5143
+ },
5144
+ "AdminResetPasswordDto": {
5145
+ "type": "object",
5146
+ "properties": {}
5147
+ },
5148
+ "AdminCreateUserDto": {
5149
+ "type": "object",
5150
+ "properties": {}
5151
+ },
5152
+ "AdminUpdateUserDto": {
5153
+ "type": "object",
5154
+ "properties": {}
5155
+ },
5156
+ "AdminCreateRoleDto": {
5157
+ "type": "object",
5158
+ "properties": {}
5159
+ },
5160
+ "AdminUpdateRoleDto": {
5161
+ "type": "object",
5162
+ "properties": {}
5163
+ },
5164
+ "AdminCreateTenantDto": {
5165
+ "type": "object",
5166
+ "properties": {}
5167
+ },
5168
+ "AdminUpdateTenantDto": {
5169
+ "type": "object",
5170
+ "properties": {}
5171
+ },
5172
+ "AdminCreatePermissionDto": {
5173
+ "type": "object",
5174
+ "properties": {
5175
+ "name": {
5176
+ "type": "string",
5177
+ "description": "Permission name (must be unique per guard)",
5178
+ "example": "users.create",
5179
+ "minLength": 1,
5180
+ "maxLength": 255
5181
+ },
5182
+ "guard": {
5183
+ "type": "string",
5184
+ "description": "Guard name (defaults to \"web\" if not provided)",
5185
+ "example": "web"
5186
+ },
5187
+ "description": {
5188
+ "type": "string",
5189
+ "description": "Optional description of what this permission allows",
5190
+ "example": "Allows creating new user accounts"
5191
+ },
5192
+ "category": {
5193
+ "type": "string",
5194
+ "description": "Optional category to group permissions (e.g., \"users\", \"posts\", \"admin\")",
5195
+ "example": "users"
5196
+ }
5197
+ },
5198
+ "required": [
5199
+ "name"
5200
+ ]
5201
+ },
5202
+ "AdminUpdatePermissionDto": {
5203
+ "type": "object",
5204
+ "properties": {
5205
+ "name": {
5206
+ "type": "string",
5207
+ "description": "Permission name (must be unique per guard if changed)",
5208
+ "example": "users.create"
5209
+ },
5210
+ "category": {
5211
+ "type": "string",
5212
+ "description": "Optional category to group permissions"
5213
+ },
5214
+ "description": {
5215
+ "type": "string",
5216
+ "description": "Optional description of what this permission allows"
5217
+ }
5218
+ }
1874
5219
  }
1875
5220
  }
1876
5221
  }