Auth Subgraph Reference

The su-auth subgraph provides authentication, authorization, and session management capabilities.

Subgraph Information

Name: su-auth
Routing URL: https://xu558bs6wi.execute-api.us-west-2.amazonaws.com/poc/graphql
Last Updated: 2025-08-15
SDL: View Schema

Overview

This subgraph owns:

User authentication (sign in/out)
Session management
Multi-factor authentication (MFA)
API key generation
AWS credentials provisioning
Device management

Root Query Fields

extend type Query {
  session: AuthSession
  credentials(group: String): AuthCredentials
  config: Config
  signWorkatoJwtToken(customerVendorOrigin: String): String
}

Root Mutation Fields

extend type Mutation {
  signIn(input: AuthSignInInput!): AuthMutationResult!
  signOut: AuthMutationResult
  globalSignOut: AuthMutationResult
  forgotPassword(input: AuthForgotPasswordInput): AuthMutationResult
  forgotPasswordSubmit(input: AuthForgotPasswordSubmitInput): AuthMutationResult
  completeNewPassword(input: AuthCompleteNewPasswordInput): AuthMutationResult!
  federatedSignIn(input: AuthFederatedSignInInput!): AuthMutationResult
  confirmSignIn(input: AuthConfirmSignInInput): AuthConfirmSignInResult!
  setupTOTP: AuthTOTPMutationResult!
  verifyTOTPToken(input: AuthVerifyTOTPTokenInput): AuthMutationResult
  setSessionUserGroup(input: AuthSetSessionUserGroupInput): AuthMutationResult
  createAPIKey(input: AuthCreateAPIKeyInput!): AuthAPIKeyResult!
  reauthenticate(input: ReauthenticationInput!): AuthMutationResult!
  forgetDevices(input: AuthForgetSpecificDevicesInput): AuthMutationResult
  completeAuthChallenge(input: CompleteAuthChallengeInput!): CompleteAuthChallengeResult!
  generateSMSCode: AuthMutationResult
  verifySMSCode(input: AuthVerifySMSCodeInput): AuthMutationResult
}

Core Types

AuthSession

Current authentication session information.

type AuthSession @key(fields: "username") {
  username: ID!
  preferredMFA: AuthMFAType
  attributes: AuthAttributes
  challengeName: AuthChallengeType
  authenticated: Boolean!
  audit: Audit!
  expiresAt: DateTime!
  expiresAtHard: DateTime!
  userGroup: ID!
  publicReference: ID!
  lastAuthenticatedAt: DateTime
}

AuthCredentials

Temporary AWS credentials for accessing AWS services.

type AuthCredentials {
  accessKeyId: String!
  secretAccessKey: String!
  sessionToken: String!
  expiration: DateTime!
}

AuthDevice

Registered device information.

type AuthDevice {
  deviceKey: ID!
  name: String
  remembered: Boolean
  createdAt: DateTime
  modifiedAt: DateTime
  lastSignedInAt: DateTime
  lastIpAddress: String
}

Entity Extensions

User

Extends User type from su-user with device information.

type User @key(fields: "id") @extends {
  id: ID! @external
  devices: [AuthDevice!]
}

Authentication Guide - Authentication workflows and examples
Quickstart Guide - Getting started with auth
Full SDL Schema - Complete type definitions

​Auth Subgraph Reference

​Subgraph Information

​Overview

​Root Query Fields

​Root Mutation Fields

​Core Types

​AuthSession

​AuthCredentials

​AuthDevice

​Entity Extensions

​User

​Related Resources