verifyOrgPassphrase
Verifies a passphrase attempt against the stored verifier. Returns true on match, false on mismatch (NOT an error — caller branches on the boolean). Errors only on infrastructure failure or 'no passphrase configured' (a precondition error, distinct from wrong-passphrase). Emits a passphrase_verify SecurityAuditEvent on every attempt for brute-force visibility. Authorization is intentionally permissive — this mutation IS the auth check, requiring view-trust-policy is enough to gate the attempt itself.
verifyOrgPassphrase(
orgID: String!
passphrase: String!
): Boolean!
Arguments
verifyOrgPassphrase.orgID ● String! non-null scalar
Keycloak organization alias.
verifyOrgPassphrase.passphrase ● String! non-null scalar
Passphrase attempt. Never logged.
Type
Boolean scalar
The Boolean scalar type represents true or false.