naftiko: 1.0.0-alpha2 info: label: Passbolt API — Authentication (JWT) description: 'Passbolt API — Authentication (JWT). 5 operations. Lead operation: Get the JWKs server information.. Self-contained Naftiko capability covering one Passbolt business surface.' tags: - Passbolt - Authentication (JWT) created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PASSBOLT_API_KEY: PASSBOLT_API_KEY capability: consumes: - type: http namespace: passbolt-authentication-jwt baseUri: https://passbolt.local description: Passbolt API — Authentication (JWT) business capability. Self-contained, no shared references. resources: - name: auth-jwt-jwks.json path: /auth/jwt/jwks.json operations: - name: viewauthjwtjwks method: GET description: Get the JWKs server information. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-jwt-login.json path: /auth/jwt/login.json operations: - name: authjwtlogin method: POST description: Login. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: auth-jwt-logout.json path: /auth/jwt/logout.json operations: - name: authjwtlogout method: POST description: Logout. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: auth-jwt-refresh.json path: /auth/jwt/refresh.json operations: - name: authjwtrefresh method: POST description: Refresh access token. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: auth-jwt-rsa.json path: /auth/jwt/rsa.json operations: - name: viewauthjwtrsa method: GET description: Get the JWT RSA server information. outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: bearer token: '{{env.PASSBOLT_API_KEY}}' exposes: - type: rest namespace: passbolt-authentication-jwt-rest port: 8080 description: REST adapter for Passbolt API — Authentication (JWT). One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/auth/jwt/jwks-json name: auth-jwt-jwks-json description: REST surface for auth-jwt-jwks.json. operations: - method: GET name: viewauthjwtjwks description: Get the JWKs server information. call: passbolt-authentication-jwt.viewauthjwtjwks outputParameters: - type: object mapping: $. - path: /v1/auth/jwt/login-json name: auth-jwt-login-json description: REST surface for auth-jwt-login.json. operations: - method: POST name: authjwtlogin description: Login. call: passbolt-authentication-jwt.authjwtlogin with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/jwt/logout-json name: auth-jwt-logout-json description: REST surface for auth-jwt-logout.json. operations: - method: POST name: authjwtlogout description: Logout. call: passbolt-authentication-jwt.authjwtlogout with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/jwt/refresh-json name: auth-jwt-refresh-json description: REST surface for auth-jwt-refresh.json. operations: - method: POST name: authjwtrefresh description: Refresh access token. call: passbolt-authentication-jwt.authjwtrefresh with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/jwt/rsa-json name: auth-jwt-rsa-json description: REST surface for auth-jwt-rsa.json. operations: - method: GET name: viewauthjwtrsa description: Get the JWT RSA server information. call: passbolt-authentication-jwt.viewauthjwtrsa outputParameters: - type: object mapping: $. - type: mcp namespace: passbolt-authentication-jwt-mcp port: 9090 transport: http description: MCP adapter for Passbolt API — Authentication (JWT). One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-jwks-server-information description: Get the JWKs server information. hints: readOnly: true destructive: false idempotent: true call: passbolt-authentication-jwt.viewauthjwtjwks outputParameters: - type: object mapping: $. - name: login description: Login. hints: readOnly: false destructive: false idempotent: false call: passbolt-authentication-jwt.authjwtlogin with: body: tools.body outputParameters: - type: object mapping: $. - name: logout description: Logout. hints: readOnly: false destructive: false idempotent: false call: passbolt-authentication-jwt.authjwtlogout with: body: tools.body outputParameters: - type: object mapping: $. - name: refresh-access-token description: Refresh access token. hints: readOnly: false destructive: false idempotent: false call: passbolt-authentication-jwt.authjwtrefresh with: body: tools.body outputParameters: - type: object mapping: $. - name: get-jwt-rsa-server-information description: Get the JWT RSA server information. hints: readOnly: true destructive: false idempotent: true call: passbolt-authentication-jwt.viewauthjwtrsa outputParameters: - type: object mapping: $.