naftiko: 1.0.0-alpha2 info: label: Logto API references — Authn description: 'Logto API references — Authn. 3 operations. Lead operation: Hasura auth hook endpoint. Self-contained Naftiko capability covering one Logto business surface.' tags: - Logto - Authn created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: LOGTO_API_KEY: LOGTO_API_KEY capability: consumes: - type: http namespace: logto-authn baseUri: https://[tenant_id].logto.app description: Logto API references — Authn business capability. Self-contained, no shared references. resources: - name: api-authn-hasura path: /api/authn/hasura operations: - name: gethasuraauth method: GET description: Hasura auth hook endpoint outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource in: query type: string required: true - name: unauthorizedRole in: query type: string - name: api-authn-saml-connectorId path: /api/authn/saml/{connectorId} operations: - name: assertsaml method: POST description: SAML ACS endpoint (social) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-authn-single-sign-on-saml-connectorId path: /api/authn/single-sign-on/saml/{connectorId} operations: - name: assertsinglesignonsaml method: POST description: SAML ACS endpoint (SSO) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.LOGTO_API_KEY}}' exposes: - type: rest namespace: logto-authn-rest port: 8080 description: REST adapter for Logto API references — Authn. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/authn/hasura name: api-authn-hasura description: REST surface for api-authn-hasura. operations: - method: GET name: gethasuraauth description: Hasura auth hook endpoint call: logto-authn.gethasuraauth with: resource: rest.resource unauthorizedRole: rest.unauthorizedRole outputParameters: - type: object mapping: $. - path: /v1/api/authn/saml/{connectorid} name: api-authn-saml-connectorid description: REST surface for api-authn-saml-connectorId. operations: - method: POST name: assertsaml description: SAML ACS endpoint (social) call: logto-authn.assertsaml with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/authn/single-sign-on/saml/{connectorid} name: api-authn-single-sign-on-saml-connectorid description: REST surface for api-authn-single-sign-on-saml-connectorId. operations: - method: POST name: assertsinglesignonsaml description: SAML ACS endpoint (SSO) call: logto-authn.assertsinglesignonsaml with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: logto-authn-mcp port: 9090 transport: http description: MCP adapter for Logto API references — Authn. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: hasura-auth-hook-endpoint description: Hasura auth hook endpoint hints: readOnly: true destructive: false idempotent: true call: logto-authn.gethasuraauth with: resource: tools.resource unauthorizedRole: tools.unauthorizedRole outputParameters: - type: object mapping: $. - name: saml-acs-endpoint-social description: SAML ACS endpoint (social) hints: readOnly: false destructive: false idempotent: false call: logto-authn.assertsaml with: body: tools.body outputParameters: - type: object mapping: $. - name: saml-acs-endpoint-sso description: SAML ACS endpoint (SSO) hints: readOnly: false destructive: false idempotent: false call: logto-authn.assertsinglesignonsaml with: body: tools.body outputParameters: - type: object mapping: $.