Skip to main content

lockPassphraseSession

Explicitly clears the cached KEK for the calling user + org. Emits passphrase.session.locked. Idempotent — safe to call when no KEK is cached.

lockPassphraseSession(
orgID: String!
): PassphraseSessionStatus!

Arguments

lockPassphraseSession.orgID ● String! non-null scalar

Keycloak organization alias.

Type

PassphraseSessionStatus object

PassphraseSessionStatus reports whether the caller has a cached Argon2id-derived KEK for an organization, when it expires, and the org's current strictness mode (which dictates the TTL).