Skip to main content

verifyOrgPassphrase

Verifies a passphrase attempt against the stored verifier. Returns true on match, false on mismatch (NOT an error — caller branches on the boolean). Errors only on infrastructure failure or 'no passphrase configured' (a precondition error, distinct from wrong-passphrase). Emits a passphrase_verify SecurityAuditEvent on every attempt for brute-force visibility. Authorization is intentionally permissive — this mutation IS the auth check, requiring view-trust-policy is enough to gate the attempt itself.

verifyOrgPassphrase(
orgID: String!
passphrase: String!
): Boolean!

Arguments

verifyOrgPassphrase.orgID ● String! non-null scalar

Keycloak organization alias.

verifyOrgPassphrase.passphrase ● String! non-null scalar

Passphrase attempt. Never logged.

Type

Boolean scalar

The Boolean scalar type represents true or false.