requestStepUp
Establishes a step-up grant for the named scope using the supplied credential. Idempotent on success — multiple successful calls inside the TTL refresh the expiry. Failure (bad passphrase, stale OIDC) returns an access-denied error and emits an auth.step_up.denied audit event.
requestStepUp(
scope: String!
credential: StepUpCredentialInput!
): StepUpGrant!
Arguments
requestStepUp.scope ● String! non-null scalar
requestStepUp.credential ● StepUpCredentialInput! non-null input
Type
StepUpGrant object
Result of a successful requestStepUp. ExpiresAt is the absolute deadline; ConsumeOnFirstUse echoes the policy so the dashboard can decide whether to render the "Verified for Nm" chip (windowed) or just a transient toast (per-action).