naftiko: 1.0.0-alpha2 info: label: Couchbase Capella App Services Public API — Authentication description: 'Couchbase Capella App Services Public API — Authentication. 4 operations. Lead operation: Initiate OpenID Connect authentication. Self-contained Naftiko capability covering one Couchbase business surface.' tags: - Couchbase - Authentication created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: COUCHBASE_API_KEY: COUCHBASE_API_KEY capability: consumes: - type: http namespace: capella-app-services-public-authentication baseUri: https://{appEndpoint} description: Couchbase Capella App Services Public API — Authentication business capability. Self-contained, no shared references. resources: - name: db-_oidc path: /{db}/_oidc operations: - name: oidcauthenticate method: GET description: Initiate OpenID Connect authentication outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: provider in: query type: string description: Name of the OIDC provider - name: offline in: query type: boolean description: Whether to request a refresh token - name: db-_oidc_callback path: /{db}/_oidc_callback operations: - name: oidccallback method: GET description: OpenID Connect callback outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: code in: query type: string description: Authorization code from the identity provider required: true - name: state in: query type: string description: State parameter for CSRF protection - name: db-_session path: /{db}/_session operations: - name: createsession method: POST description: Create a user session outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deletesession method: DELETE description: Delete current session outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: SyncGatewaySession value: '{{env.COUCHBASE_API_KEY}}' placement: cookie exposes: - type: rest namespace: capella-app-services-public-authentication-rest port: 8080 description: REST adapter for Couchbase Capella App Services Public API — Authentication. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/{db}/oidc name: db-oidc description: REST surface for db-_oidc. operations: - method: GET name: oidcauthenticate description: Initiate OpenID Connect authentication call: capella-app-services-public-authentication.oidcauthenticate with: provider: rest.provider offline: rest.offline outputParameters: - type: object mapping: $. - path: /v1/{db}/oidc-callback name: db-oidc-callback description: REST surface for db-_oidc_callback. operations: - method: GET name: oidccallback description: OpenID Connect callback call: capella-app-services-public-authentication.oidccallback with: code: rest.code state: rest.state outputParameters: - type: object mapping: $. - path: /v1/{db}/session name: db-session description: REST surface for db-_session. operations: - method: POST name: createsession description: Create a user session call: capella-app-services-public-authentication.createsession with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletesession description: Delete current session call: capella-app-services-public-authentication.deletesession outputParameters: - type: object mapping: $. - type: mcp namespace: capella-app-services-public-authentication-mcp port: 9090 transport: http description: MCP adapter for Couchbase Capella App Services Public API — Authentication. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: initiate-openid-connect-authentication description: Initiate OpenID Connect authentication hints: readOnly: true destructive: false idempotent: true call: capella-app-services-public-authentication.oidcauthenticate with: provider: tools.provider offline: tools.offline outputParameters: - type: object mapping: $. - name: openid-connect-callback description: OpenID Connect callback hints: readOnly: true destructive: false idempotent: true call: capella-app-services-public-authentication.oidccallback with: code: tools.code state: tools.state outputParameters: - type: object mapping: $. - name: create-user-session description: Create a user session hints: readOnly: false destructive: false idempotent: false call: capella-app-services-public-authentication.createsession with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-current-session description: Delete current session hints: readOnly: false destructive: true idempotent: true call: capella-app-services-public-authentication.deletesession outputParameters: - type: object mapping: $.