redeemOrgRecoveryCodeAcceptingDataLoss
Destructive variant of redeemOrgRecoveryCode for the locked-out no-escrow case. Validates the recovery code, resets the passphrase to newPassphrase, and consumes the code EVEN THOUGH the org's existing encrypted secrets cannot be recovered (they become permanently inaccessible). When a recovery escrow DOES exist this behaves exactly like redeemOrgRecoveryCode (data recovered). Only call after an explicit user destructive confirmation.
redeemOrgRecoveryCodeAcceptingDataLoss(
orgID: String!
recoveryCode: String!
newPassphrase: String!
): Boolean!
Arguments
redeemOrgRecoveryCodeAcceptingDataLoss.orgID ● String! non-null scalar
Keycloak organization alias.
redeemOrgRecoveryCodeAcceptingDataLoss.recoveryCode ● String! non-null scalar
The plaintext recovery code (xxxx-xxxx-xxxx-xxxx format). Never logged.
redeemOrgRecoveryCodeAcceptingDataLoss.newPassphrase ● String! non-null scalar
Replacement passphrase — minimum 12 characters enforced server-side. Never logged.
Type
Boolean scalar
The Boolean scalar type represents true or false.