naftiko: 1.0.0-alpha2 info: label: Logto API references — Users description: 'Logto API references — Users. 39 operations. Lead operation: Create user. Self-contained Naftiko capability covering one Logto business surface.' tags: - Logto - Users created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: LOGTO_API_KEY: LOGTO_API_KEY capability: consumes: - type: http namespace: logto-users baseUri: https://[tenant_id].logto.app description: Logto API references — Users business capability. Self-contained, no shared references. resources: - name: api-users path: /api/users operations: - name: createuser method: POST description: Create user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: listusers method: GET description: Get users outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. - name: api-users-userId path: /api/users/{userId} operations: - name: getuser method: GET description: Get user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: includeSsoIdentities in: query type: string description: If it's provided with a truthy value (`true`, `1`, `yes`), each user in the response will include a `ssoIdentities` property containing a list of SSO identities - name: includePasswordHash in: query type: string description: If it's provided with a truthy value (`true`, `1`, `yes`), the response will include the `passwordDigest` and `passwordAlgorithm` fields. These fields are omitt - name: updateuser method: PATCH description: Update user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleteuser method: DELETE description: Delete user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-users-userId-all-identities path: /api/users/{userId}/all-identities operations: - name: listuserallidentities method: GET description: Retrieve social identities, enterprise SSO identities and associated token secret (if token storage is enabled) for a user. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: includeTokenSecret in: query type: string description: Whether to include the token secret in the response. Defaults to false. Token storage must be supported and enabled by the connector to return the token secret. - name: api-users-userId-custom-data path: /api/users/{userId}/custom-data operations: - name: listusercustomdata method: GET description: Get user custom data outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateusercustomdata method: PATCH description: Update user custom data outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-grants path: /api/users/{userId}/grants operations: - name: listusergrants method: GET description: Get user active grants outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: appType in: query type: string description: 'Application type filter. Use ''thirdParty'' to list third-party app grants only, or ''firstParty'' to list first-party app grants only. If omitted, grants from all ' - name: api-users-userId-grants-grantId path: /api/users/{userId}/grants/{grantId} operations: - name: deleteusergrant method: DELETE description: Revoke a user grant outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-users-userId-has-password path: /api/users/{userId}/has-password operations: - name: getuserhaspassword method: GET description: Check if user has password outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-users-userId-identities path: /api/users/{userId}/identities operations: - name: createuseridentity method: POST description: Link social identity to user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-identities-target path: /api/users/{userId}/identities/{target} operations: - name: replaceuseridentity method: PUT description: Update social identity of user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: target in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deleteuseridentity method: DELETE description: Delete social identity from user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: target in: path type: string required: true - name: getuseridentity method: GET description: Retrieve a user's social identity and associated token storage . outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: target in: path type: string required: true - name: includeTokenSecret in: query type: string description: Whether to include the token secret in the response. Defaults to false. Token storage must be supported and enabled by the connector to return the token secret. - name: api-users-userId-is-suspended path: /api/users/{userId}/is-suspended operations: - name: updateuserissuspended method: PATCH description: Update user suspension status outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-logto-configs path: /api/users/{userId}/logto-configs operations: - name: listuserlogtoconfigs method: GET description: Get user logto config outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateuserlogtoconfigs method: PATCH description: Update user logto config outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-mfa-verifications path: /api/users/{userId}/mfa-verifications operations: - name: listusermfaverifications method: GET description: Get user's MFA verifications outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createusermfaverification method: POST description: Create an MFA verification for a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-mfa-verifications-verificationId path: /api/users/{userId}/mfa-verifications/{verificationId} operations: - name: deleteusermfaverification method: DELETE description: Delete an MFA verification for a user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-users-userId-organizations path: /api/users/{userId}/organizations operations: - name: listuserorganizations method: GET description: Get organizations for a user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-users-userId-password path: /api/users/{userId}/password operations: - name: updateuserpassword method: PATCH description: Update user password outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-password-verify path: /api/users/{userId}/password/verify operations: - name: verifyuserpassword method: POST description: Verify user password outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-personal-access-tokens path: /api/users/{userId}/personal-access-tokens operations: - name: listuserpersonalaccesstokens method: GET description: Get personal access tokens outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createuserpersonalaccesstoken method: POST description: Add personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: updatepersonalaccesstokenname method: PATCH description: Update personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-personal-access-tokens-delete path: /api/users/{userId}/personal-access-tokens/delete operations: - name: deletepersonalaccesstokenpost method: POST description: Delete personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-personal-access-tokens-name path: /api/users/{userId}/personal-access-tokens/{name} operations: - name: deleteuserpersonalaccesstoken method: DELETE description: Delete personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string description: The name of the token. required: true - name: updateuserpersonalaccesstoken method: PATCH description: Update personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string description: The current name of the token. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-profile path: /api/users/{userId}/profile operations: - name: updateuserprofile method: PATCH description: Update user profile outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-roles path: /api/users/{userId}/roles operations: - name: listuserroles method: GET description: Get roles for user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page in: query type: integer description: Page number (starts from 1). - name: page_size in: query type: integer description: Entries per page. - name: search_params in: query type: object description: Search query parameters. - name: assignuserroles method: POST description: Assign roles to user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: replaceuserroles method: PUT description: Update roles for user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-users-userId-roles-roleId path: /api/users/{userId}/roles/{roleId} operations: - name: deleteuserrole method: DELETE description: Remove role from user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-users-userId-sessions path: /api/users/{userId}/sessions operations: - name: listusersessions method: GET description: Get user active sessions outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-users-userId-sessions-sessionId path: /api/users/{userId}/sessions/{sessionId} operations: - name: getusersession method: GET description: Get user active session outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteusersession method: DELETE description: Revoke a user session outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: revokeGrantsTarget in: query type: string description: Optional target for revoking associated grants and tokens. 'all' revokes grants for every application authorized by this session. 'firstParty' revokes only firs - name: api-users-userId-sso-identities-ssoConnectorId path: /api/users/{userId}/sso-identities/{ssoConnectorId} operations: - name: getuserssoidentity method: GET description: Retrieve a user's enterprise SSO identity and associated token secret (if token storage is enabled). outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: includeTokenSecret in: query type: string description: Whether to include the token secret in the response. Defaults to false. Token storage must be supported and enabled by the connector to return the token secret. authentication: type: bearer token: '{{env.LOGTO_API_KEY}}' exposes: - type: rest namespace: logto-users-rest port: 8080 description: REST adapter for Logto API references — Users. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/users name: api-users description: REST surface for api-users. operations: - method: POST name: createuser description: Create user call: logto-users.createuser with: body: rest.body outputParameters: - type: object mapping: $. - method: GET name: listusers description: Get users call: logto-users.listusers with: page: rest.page page_size: rest.page_size search_params: rest.search_params outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid} name: api-users-userid description: REST surface for api-users-userId. operations: - method: GET name: getuser description: Get user call: logto-users.getuser with: includeSsoIdentities: rest.includeSsoIdentities includePasswordHash: rest.includePasswordHash outputParameters: - type: object mapping: $. - method: PATCH name: updateuser description: Update user call: logto-users.updateuser with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuser description: Delete user call: logto-users.deleteuser outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/all-identities name: api-users-userid-all-identities description: REST surface for api-users-userId-all-identities. operations: - method: GET name: listuserallidentities description: Retrieve social identities, enterprise SSO identities and associated token secret (if token storage is enabled) for a user. call: logto-users.listuserallidentities with: includeTokenSecret: rest.includeTokenSecret outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/custom-data name: api-users-userid-custom-data description: REST surface for api-users-userId-custom-data. operations: - method: GET name: listusercustomdata description: Get user custom data call: logto-users.listusercustomdata outputParameters: - type: object mapping: $. - method: PATCH name: updateusercustomdata description: Update user custom data call: logto-users.updateusercustomdata with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/grants name: api-users-userid-grants description: REST surface for api-users-userId-grants. operations: - method: GET name: listusergrants description: Get user active grants call: logto-users.listusergrants with: appType: rest.appType outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/grants/{grantid} name: api-users-userid-grants-grantid description: REST surface for api-users-userId-grants-grantId. operations: - method: DELETE name: deleteusergrant description: Revoke a user grant call: logto-users.deleteusergrant outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/has-password name: api-users-userid-has-password description: REST surface for api-users-userId-has-password. operations: - method: GET name: getuserhaspassword description: Check if user has password call: logto-users.getuserhaspassword outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/identities name: api-users-userid-identities description: REST surface for api-users-userId-identities. operations: - method: POST name: createuseridentity description: Link social identity to user call: logto-users.createuseridentity with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/identities/{target} name: api-users-userid-identities-target description: REST surface for api-users-userId-identities-target. operations: - method: PUT name: replaceuseridentity description: Update social identity of user call: logto-users.replaceuseridentity with: target: rest.target body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuseridentity description: Delete social identity from user call: logto-users.deleteuseridentity with: target: rest.target outputParameters: - type: object mapping: $. - method: GET name: getuseridentity description: Retrieve a user's social identity and associated token storage . call: logto-users.getuseridentity with: target: rest.target includeTokenSecret: rest.includeTokenSecret outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/is-suspended name: api-users-userid-is-suspended description: REST surface for api-users-userId-is-suspended. operations: - method: PATCH name: updateuserissuspended description: Update user suspension status call: logto-users.updateuserissuspended with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/logto-configs name: api-users-userid-logto-configs description: REST surface for api-users-userId-logto-configs. operations: - method: GET name: listuserlogtoconfigs description: Get user logto config call: logto-users.listuserlogtoconfigs outputParameters: - type: object mapping: $. - method: PATCH name: updateuserlogtoconfigs description: Update user logto config call: logto-users.updateuserlogtoconfigs with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/mfa-verifications name: api-users-userid-mfa-verifications description: REST surface for api-users-userId-mfa-verifications. operations: - method: GET name: listusermfaverifications description: Get user's MFA verifications call: logto-users.listusermfaverifications outputParameters: - type: object mapping: $. - method: POST name: createusermfaverification description: Create an MFA verification for a user call: logto-users.createusermfaverification with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/mfa-verifications/{verificationid} name: api-users-userid-mfa-verifications-verificationid description: REST surface for api-users-userId-mfa-verifications-verificationId. operations: - method: DELETE name: deleteusermfaverification description: Delete an MFA verification for a user call: logto-users.deleteusermfaverification outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/organizations name: api-users-userid-organizations description: REST surface for api-users-userId-organizations. operations: - method: GET name: listuserorganizations description: Get organizations for a user call: logto-users.listuserorganizations outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/password name: api-users-userid-password description: REST surface for api-users-userId-password. operations: - method: PATCH name: updateuserpassword description: Update user password call: logto-users.updateuserpassword with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/password/verify name: api-users-userid-password-verify description: REST surface for api-users-userId-password-verify. operations: - method: POST name: verifyuserpassword description: Verify user password call: logto-users.verifyuserpassword with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/personal-access-tokens name: api-users-userid-personal-access-tokens description: REST surface for api-users-userId-personal-access-tokens. operations: - method: GET name: listuserpersonalaccesstokens description: Get personal access tokens call: logto-users.listuserpersonalaccesstokens outputParameters: - type: object mapping: $. - method: POST name: createuserpersonalaccesstoken description: Add personal access token call: logto-users.createuserpersonalaccesstoken with: body: rest.body outputParameters: - type: object mapping: $. - method: PATCH name: updatepersonalaccesstokenname description: Update personal access token call: logto-users.updatepersonalaccesstokenname with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/personal-access-tokens/delete name: api-users-userid-personal-access-tokens-delete description: REST surface for api-users-userId-personal-access-tokens-delete. operations: - method: POST name: deletepersonalaccesstokenpost description: Delete personal access token call: logto-users.deletepersonalaccesstokenpost with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/personal-access-tokens/{name} name: api-users-userid-personal-access-tokens-name description: REST surface for api-users-userId-personal-access-tokens-name. operations: - method: DELETE name: deleteuserpersonalaccesstoken description: Delete personal access token call: logto-users.deleteuserpersonalaccesstoken with: name: rest.name outputParameters: - type: object mapping: $. - method: PATCH name: updateuserpersonalaccesstoken description: Update personal access token call: logto-users.updateuserpersonalaccesstoken with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/profile name: api-users-userid-profile description: REST surface for api-users-userId-profile. operations: - method: PATCH name: updateuserprofile description: Update user profile call: logto-users.updateuserprofile with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/roles name: api-users-userid-roles description: REST surface for api-users-userId-roles. operations: - method: GET name: listuserroles description: Get roles for user call: logto-users.listuserroles with: page: rest.page page_size: rest.page_size search_params: rest.search_params outputParameters: - type: object mapping: $. - method: POST name: assignuserroles description: Assign roles to user call: logto-users.assignuserroles with: body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: replaceuserroles description: Update roles for user call: logto-users.replaceuserroles with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/roles/{roleid} name: api-users-userid-roles-roleid description: REST surface for api-users-userId-roles-roleId. operations: - method: DELETE name: deleteuserrole description: Remove role from user call: logto-users.deleteuserrole outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/sessions name: api-users-userid-sessions description: REST surface for api-users-userId-sessions. operations: - method: GET name: listusersessions description: Get user active sessions call: logto-users.listusersessions outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/sessions/{sessionid} name: api-users-userid-sessions-sessionid description: REST surface for api-users-userId-sessions-sessionId. operations: - method: GET name: getusersession description: Get user active session call: logto-users.getusersession outputParameters: - type: object mapping: $. - method: DELETE name: deleteusersession description: Revoke a user session call: logto-users.deleteusersession with: revokeGrantsTarget: rest.revokeGrantsTarget outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/sso-identities/{ssoconnectorid} name: api-users-userid-sso-identities-ssoconnectorid description: REST surface for api-users-userId-sso-identities-ssoConnectorId. operations: - method: GET name: getuserssoidentity description: Retrieve a user's enterprise SSO identity and associated token secret (if token storage is enabled). call: logto-users.getuserssoidentity with: includeTokenSecret: rest.includeTokenSecret outputParameters: - type: object mapping: $. - type: mcp namespace: logto-users-mcp port: 9090 transport: http description: MCP adapter for Logto API references — Users. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: create-user description: Create user hints: readOnly: false destructive: false idempotent: false call: logto-users.createuser with: body: tools.body outputParameters: - type: object mapping: $. - name: get-users description: Get users hints: readOnly: true destructive: false idempotent: true call: logto-users.listusers with: page: tools.page page_size: tools.page_size search_params: tools.search_params outputParameters: - type: object mapping: $. - name: get-user description: Get user hints: readOnly: true destructive: false idempotent: true call: logto-users.getuser with: includeSsoIdentities: tools.includeSsoIdentities includePasswordHash: tools.includePasswordHash outputParameters: - type: object mapping: $. - name: update-user description: Update user hints: readOnly: false destructive: false idempotent: true call: logto-users.updateuser with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-user description: Delete user hints: readOnly: false destructive: true idempotent: true call: logto-users.deleteuser outputParameters: - type: object mapping: $. - name: retrieve-social-identities-enterprise-sso description: Retrieve social identities, enterprise SSO identities and associated token secret (if token storage is enabled) for a user. hints: readOnly: true destructive: false idempotent: true call: logto-users.listuserallidentities with: includeTokenSecret: tools.includeTokenSecret outputParameters: - type: object mapping: $. - name: get-user-custom-data description: Get user custom data hints: readOnly: true destructive: false idempotent: true call: logto-users.listusercustomdata outputParameters: - type: object mapping: $. - name: update-user-custom-data description: Update user custom data hints: readOnly: false destructive: false idempotent: true call: logto-users.updateusercustomdata with: body: tools.body outputParameters: - type: object mapping: $. - name: get-user-active-grants description: Get user active grants hints: readOnly: true destructive: false idempotent: true call: logto-users.listusergrants with: appType: tools.appType outputParameters: - type: object mapping: $. - name: revoke-user-grant description: Revoke a user grant hints: readOnly: false destructive: true idempotent: true call: logto-users.deleteusergrant outputParameters: - type: object mapping: $. - name: check-if-user-has-password description: Check if user has password hints: readOnly: true destructive: false idempotent: true call: logto-users.getuserhaspassword outputParameters: - type: object mapping: $. - name: link-social-identity-user description: Link social identity to user hints: readOnly: false destructive: false idempotent: false call: logto-users.createuseridentity with: body: tools.body outputParameters: - type: object mapping: $. - name: update-social-identity-user description: Update social identity of user hints: readOnly: false destructive: false idempotent: true call: logto-users.replaceuseridentity with: target: tools.target body: tools.body outputParameters: - type: object mapping: $. - name: delete-social-identity-user description: Delete social identity from user hints: readOnly: false destructive: true idempotent: true call: logto-users.deleteuseridentity with: target: tools.target outputParameters: - type: object mapping: $. - name: retrieve-user-s-social-identity-and description: Retrieve a user's social identity and associated token storage . hints: readOnly: true destructive: false idempotent: true call: logto-users.getuseridentity with: target: tools.target includeTokenSecret: tools.includeTokenSecret outputParameters: - type: object mapping: $. - name: update-user-suspension-status description: Update user suspension status hints: readOnly: false destructive: false idempotent: true call: logto-users.updateuserissuspended with: body: tools.body outputParameters: - type: object mapping: $. - name: get-user-logto-config description: Get user logto config hints: readOnly: true destructive: false idempotent: true call: logto-users.listuserlogtoconfigs outputParameters: - type: object mapping: $. - name: update-user-logto-config description: Update user logto config hints: readOnly: false destructive: false idempotent: true call: logto-users.updateuserlogtoconfigs with: body: tools.body outputParameters: - type: object mapping: $. - name: get-user-s-mfa-verifications description: Get user's MFA verifications hints: readOnly: true destructive: false idempotent: true call: logto-users.listusermfaverifications outputParameters: - type: object mapping: $. - name: create-mfa-verification-user description: Create an MFA verification for a user hints: readOnly: false destructive: false idempotent: false call: logto-users.createusermfaverification with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-mfa-verification-user description: Delete an MFA verification for a user hints: readOnly: false destructive: true idempotent: true call: logto-users.deleteusermfaverification outputParameters: - type: object mapping: $. - name: get-organizations-user description: Get organizations for a user hints: readOnly: true destructive: false idempotent: true call: logto-users.listuserorganizations outputParameters: - type: object mapping: $. - name: update-user-password description: Update user password hints: readOnly: false destructive: false idempotent: true call: logto-users.updateuserpassword with: body: tools.body outputParameters: - type: object mapping: $. - name: verify-user-password description: Verify user password hints: readOnly: false destructive: false idempotent: false call: logto-users.verifyuserpassword with: body: tools.body outputParameters: - type: object mapping: $. - name: get-personal-access-tokens description: Get personal access tokens hints: readOnly: true destructive: false idempotent: true call: logto-users.listuserpersonalaccesstokens outputParameters: - type: object mapping: $. - name: add-personal-access-token description: Add personal access token hints: readOnly: false destructive: false idempotent: false call: logto-users.createuserpersonalaccesstoken with: body: tools.body outputParameters: - type: object mapping: $. - name: update-personal-access-token description: Update personal access token hints: readOnly: false destructive: false idempotent: true call: logto-users.updatepersonalaccesstokenname with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-personal-access-token description: Delete personal access token hints: readOnly: false destructive: false idempotent: false call: logto-users.deletepersonalaccesstokenpost with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-personal-access-token-2 description: Delete personal access token hints: readOnly: false destructive: true idempotent: true call: logto-users.deleteuserpersonalaccesstoken with: name: tools.name outputParameters: - type: object mapping: $. - name: update-personal-access-token-2 description: Update personal access token hints: readOnly: false destructive: false idempotent: true call: logto-users.updateuserpersonalaccesstoken with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: update-user-profile description: Update user profile hints: readOnly: false destructive: false idempotent: true call: logto-users.updateuserprofile with: body: tools.body outputParameters: - type: object mapping: $. - name: get-roles-user description: Get roles for user hints: readOnly: true destructive: false idempotent: true call: logto-users.listuserroles with: page: tools.page page_size: tools.page_size search_params: tools.search_params outputParameters: - type: object mapping: $. - name: assign-roles-user description: Assign roles to user hints: readOnly: false destructive: false idempotent: false call: logto-users.assignuserroles with: body: tools.body outputParameters: - type: object mapping: $. - name: update-roles-user description: Update roles for user hints: readOnly: false destructive: false idempotent: true call: logto-users.replaceuserroles with: body: tools.body outputParameters: - type: object mapping: $. - name: remove-role-user description: Remove role from user hints: readOnly: false destructive: true idempotent: true call: logto-users.deleteuserrole outputParameters: - type: object mapping: $. - name: get-user-active-sessions description: Get user active sessions hints: readOnly: true destructive: false idempotent: true call: logto-users.listusersessions outputParameters: - type: object mapping: $. - name: get-user-active-session description: Get user active session hints: readOnly: true destructive: false idempotent: true call: logto-users.getusersession outputParameters: - type: object mapping: $. - name: revoke-user-session description: Revoke a user session hints: readOnly: false destructive: true idempotent: true call: logto-users.deleteusersession with: revokeGrantsTarget: tools.revokeGrantsTarget outputParameters: - type: object mapping: $. - name: retrieve-user-s-enterprise-sso-identity description: Retrieve a user's enterprise SSO identity and associated token secret (if token storage is enabled). hints: readOnly: true destructive: false idempotent: true call: logto-users.getuserssoidentity with: includeTokenSecret: tools.includeTokenSecret outputParameters: - type: object mapping: $.