changeOrgPassphrase
Rotates the organization's passphrase. Verifies oldPassphrase against the stored verifier, then atomically installs a new verifier derived from newPassphrase. Returns true on success; errors on wrong old passphrase, no passphrase configured, or infrastructure failure. Emits passphrase_verify + passphrase_changed audit events on success; passphrase_verify (denied) on wrong-old.
changeOrgPassphrase(
orgID: String!
oldPassphrase: String!
newPassphrase: String!
): Boolean!
Arguments
changeOrgPassphrase.orgID ● String! non-null scalar
Keycloak organization alias.
changeOrgPassphrase.oldPassphrase ● String! non-null scalar
Current passphrase. Never logged.
changeOrgPassphrase.newPassphrase ● String! non-null scalar
Replacement passphrase — minimum 12 characters enforced server-side. Never logged.
Type
Boolean scalar
The Boolean scalar type represents true or false.