Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sensorup.com/llms.txt

Use this file to discover all available pages before exploring further.

Auth Subgraph Reference

The su-auth subgraph provides authentication, authorization, and session management capabilities.

Subgraph Information

  • Name: su-auth
  • Routing URL: https://xu558bs6wi.execute-api.us-west-2.amazonaws.com/poc/graphql
  • Last Updated: 2025-08-15
  • SDL: View Schema

Overview

This subgraph owns:
  • User authentication (sign in/out)
  • Session management
  • Multi-factor authentication (MFA)
  • API key generation
  • AWS credentials provisioning
  • Device management

Root Query Fields

extend type Query {
  session: AuthSession
  credentials(group: String): AuthCredentials
  config: Config
  signWorkatoJwtToken(customerVendorOrigin: String): String
}

Root Mutation Fields

extend type Mutation {
  signIn(input: AuthSignInInput!): AuthMutationResult!
  signOut: AuthMutationResult
  globalSignOut: AuthMutationResult
  forgotPassword(input: AuthForgotPasswordInput): AuthMutationResult
  forgotPasswordSubmit(input: AuthForgotPasswordSubmitInput): AuthMutationResult
  completeNewPassword(input: AuthCompleteNewPasswordInput): AuthMutationResult!
  federatedSignIn(input: AuthFederatedSignInInput!): AuthMutationResult
  confirmSignIn(input: AuthConfirmSignInInput): AuthConfirmSignInResult!
  setupTOTP: AuthTOTPMutationResult!
  verifyTOTPToken(input: AuthVerifyTOTPTokenInput): AuthMutationResult
  setSessionUserGroup(input: AuthSetSessionUserGroupInput): AuthMutationResult
  createAPIKey(input: AuthCreateAPIKeyInput!): AuthAPIKeyResult!
  reauthenticate(input: ReauthenticationInput!): AuthMutationResult!
  forgetDevices(input: AuthForgetSpecificDevicesInput): AuthMutationResult
  completeAuthChallenge(input: CompleteAuthChallengeInput!): CompleteAuthChallengeResult!
  generateSMSCode: AuthMutationResult
  verifySMSCode(input: AuthVerifySMSCodeInput): AuthMutationResult
}

Core Types

AuthSession

Current authentication session information. 
type AuthSession @key(fields: "username") {
  username: ID!
  preferredMFA: AuthMFAType
  attributes: AuthAttributes
  challengeName: AuthChallengeType
  authenticated: Boolean!
  audit: Audit!
  expiresAt: DateTime!
  expiresAtHard: DateTime!
  userGroup: ID!
  publicReference: ID!
  lastAuthenticatedAt: DateTime
}

AuthCredentials

Temporary AWS credentials for accessing AWS services. 
type AuthCredentials {
  accessKeyId: String!
  secretAccessKey: String!
  sessionToken: String!
  expiration: DateTime!
}

AuthDevice

Registered device information. 
type AuthDevice {
  deviceKey: ID!
  name: String
  remembered: Boolean
  createdAt: DateTime
  modifiedAt: DateTime
  lastSignedInAt: DateTime
  lastIpAddress: String
}

Entity Extensions

User

Extends User type from su-user with device information. 
type User @key(fields: "id") @extends {
  id: ID! @external
  devices: [AuthDevice!]
}