naftiko: 1.0.0-alpha2 info: label: NPR Identity Service — Authorization description: 'NPR Identity Service — Authorization. 4 operations. Lead operation: NPR Show a web-based login/signup form to a user. Self-contained Naftiko capability covering one Npr business surface.' tags: - Npr - Authorization created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: NPR_API_KEY: NPR_API_KEY capability: consumes: - type: http namespace: identity-authorization baseUri: https://identity.api.npr.org description: NPR Identity Service — Authorization business capability. Self-contained, no shared references. resources: - name: v2-authorize path: /v2/authorize operations: - name: getauthorizationpage method: GET description: NPR Show a web-based login/signup form to a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: client_id in: query type: string description: The client's ID required: true - name: redirect_uri in: query type: string description: The client's URL to redirect to if the authentication is approved required: true - name: response_type in: query type: string description: The type of response; currently, only `code` is supported required: true - name: scope in: query type: string description: A space-separated list of scope(s) requested by the application required: true - name: email in: query type: string description: An email address to prepopulate on the login screen - name: state in: query type: string description: A CSRF token generated by the client, to be roundtripped through the request for added security required: true - name: prompt in: query type: string description: Optional prompt parameter to be passed to Akamai /login/authorize - name: v2-device path: /v2/device operations: - name: generatedevicecode method: POST description: NPR Initiate an OAuth2 login flow for limited input devices outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: v2-token path: /v2/token operations: - name: createtoken method: POST description: NPR Create a new OAuth2 access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: v2-token-revoke path: /v2/token/revoke operations: - name: revoketoken method: POST description: NPR Revoke an existing OAuth2 access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: Authorization in: header type: string description: A `client_credentials` access token from the same client application as the token being revoked. Should start with `Bearer`, followed by a space, followed by th required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.NPR_API_KEY}}' exposes: - type: rest namespace: identity-authorization-rest port: 8080 description: REST adapter for NPR Identity Service — Authorization. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v2/authorize name: v2-authorize description: REST surface for v2-authorize. operations: - method: GET name: getauthorizationpage description: NPR Show a web-based login/signup form to a user call: identity-authorization.getauthorizationpage with: client_id: rest.client_id redirect_uri: rest.redirect_uri response_type: rest.response_type scope: rest.scope email: rest.email state: rest.state prompt: rest.prompt outputParameters: - type: object mapping: $. - path: /v1/v2/device name: v2-device description: REST surface for v2-device. operations: - method: POST name: generatedevicecode description: NPR Initiate an OAuth2 login flow for limited input devices call: identity-authorization.generatedevicecode with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/token name: v2-token description: REST surface for v2-token. operations: - method: POST name: createtoken description: NPR Create a new OAuth2 access token call: identity-authorization.createtoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/token/revoke name: v2-token-revoke description: REST surface for v2-token-revoke. operations: - method: POST name: revoketoken description: NPR Revoke an existing OAuth2 access token call: identity-authorization.revoketoken with: Authorization: rest.Authorization body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: identity-authorization-mcp port: 9090 transport: http description: MCP adapter for NPR Identity Service — Authorization. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: npr-show-web-based-login description: NPR Show a web-based login/signup form to a user hints: readOnly: true destructive: false idempotent: true call: identity-authorization.getauthorizationpage with: client_id: tools.client_id redirect_uri: tools.redirect_uri response_type: tools.response_type scope: tools.scope email: tools.email state: tools.state prompt: tools.prompt outputParameters: - type: object mapping: $. - name: npr-initiate-oauth2-login-flow description: NPR Initiate an OAuth2 login flow for limited input devices hints: readOnly: false destructive: false idempotent: false call: identity-authorization.generatedevicecode with: body: tools.body outputParameters: - type: object mapping: $. - name: npr-create-new-oauth2-access description: NPR Create a new OAuth2 access token hints: readOnly: false destructive: false idempotent: false call: identity-authorization.createtoken with: body: tools.body outputParameters: - type: object mapping: $. - name: npr-revoke-existing-oauth2-access description: NPR Revoke an existing OAuth2 access token hints: readOnly: false destructive: false idempotent: false call: identity-authorization.revoketoken with: Authorization: tools.Authorization body: tools.body outputParameters: - type: object mapping: $.