Identity Service
Port 11001 · 261 endpoints · micro-services/identity-service/
API Key
| Method | Path | Summary | |
|---|---|---|---|
/admin/auth/api-keys | 管理员查询 API Key 列表 | detail → | |
/admin/auth/api-keys/anomalies | 安全异常检测 | detail → | |
/admin/auth/api-keys/batch-revoke | 批量吊销 API Key | detail → | |
/admin/auth/api-keys/cleanup-audit-logs | 清理旧审计日志 | detail → | |
/admin/auth/api-keys/expiring | 获取即将过期的 API Key | detail → | |
/admin/auth/api-keys/stats | 管理员 API Key 统计 | detail → | |
/admin/auth/api-keys/{id}/force | 管理员强制吊销 API Key | detail → | |
/auth/api-keys | 查询 API Key 列表 | detail → | |
/auth/api-keys | 创建 API Key | detail → | |
/auth/api-keys/{id} | 吊销 API Key | detail → | |
/auth/api-keys/{id} | 获取 API Key 详情 | detail → | |
/auth/api-keys/{id}/audit-logs | 获取 API Key 审计日志 | detail → | |
/auth/api-keys/{id}/ip-restrictions | 添加 IP 限制 | detail → | |
/auth/api-keys/{id}/ip-restrictions/{restriction_id} | 删除 IP 限制 | detail → | |
/auth/api-keys/{id}/rotate | 轮换 API Key | detail → | |
/auth/api-keys/{id}/scopes | 更新 API Key 权限范围 | detail → | |
/auth/api-keys/{id}/status | 启用/禁用 API Key | detail → | |
/auth/api-keys/{id}/usage | 获取 API Key 使用统计 | detail → | |
/auth/api-keys/{id}/usage-stats | 获取 API Key 使用统计 | detail → | |
/internal/identity/validate-key | 验证 API Key(内部) | detail → |
Admin
| Method | Path | Summary | |
|---|---|---|---|
/admin/users/{user_id}/oauth-connections | 管理员查看用户OAuth连接 | detail → |
Admin/Agents
| Method | Path | Summary | |
|---|---|---|---|
/admin/agents | List Agents | detail → | |
/admin/agents | Create Agent | detail → | |
/admin/agents/{id} | Revoke Agent | detail → | |
/admin/agents/{id} | Get Agent | detail → | |
/admin/agents/{id} | Update Agent | detail → |
Admin/IoTs
| Method | Path | Summary | |
|---|---|---|---|
/admin/iots | List Devices | detail → | |
/admin/iots | Create Device | detail → | |
/admin/iots/{id} | Revoke Device | detail → | |
/admin/iots/{id} | Get Device | detail → |
Admin/Robots
| Method | Path | Summary | |
|---|---|---|---|
/admin/robots | List Robots | detail → | |
/admin/robots | Create Robot | detail → | |
/admin/robots/{id} | Delete Robot | detail → | |
/admin/robots/{id} | Get Robot | detail → | |
/admin/robots/{id} | Update Robot | detail → | |
/admin/robots/{id}/commission | Commission Robot | detail → | |
/admin/robots/{id}/decommission | Decommission Robot | detail → | |
/admin/robots/{id}/intent | Issue Intent Token | detail → | |
/admin/robots/{id}/intent/revoke | Revoke Intent Token | detail → |
IoTs
| Method | Path | Summary | |
|---|---|---|---|
/iots | List User Devices | detail → | |
/iots/pair | Pair Device | detail → | |
/iots/{id} | Unpair Device | detail → | |
/iots/{id}/transfer | Transfer Device | detail → |
NHI管理
| Method | Path | Summary | |
|---|---|---|---|
/admin/policies/nhi | 获取NHI策略 | detail → | |
/admin/policies/nhi | 更新NHI策略 | detail → |
OAuth
| Method | Path | Summary | |
|---|---|---|---|
/admin/users/{user_id}/oauth-connections | 管理员查看用户OAuth连接 | detail → |
OAuth授权
| Method | Path | Summary | |
|---|---|---|---|
/auth/oidc/backchannel-logout | OIDC后通道登出 | detail → | |
/auth/oidc/logout | RP发起登出 | detail → | |
/auth/oidc/session-iframe | OIDC会话状态iframe | detail → |
SAML
| Method | Path | Summary | |
|---|---|---|---|
/saml/{provider_id}/acs | 断言消费服务 | detail → | |
/saml/{provider_id}/login | SP-initiated SSO | detail → | |
/saml/{provider_id}/metadata | 获取SP元数据 | detail → | |
/saml/{provider_id}/slo | 单点登出 | detail → | |
/saml/{provider_id}/slo/sp | SP发起的SAML单点登出 | detail → |
SAML Admin
| Method | Path | Summary | |
|---|---|---|---|
/admin/saml/providers | 列出SAML IdP | detail → | |
/admin/saml/providers | 注册SAML IdP | detail → | |
/admin/saml/providers/{id} | 删除SAML IdP | detail → | |
/admin/saml/providers/{id} | 获取SAML IdP详情 | detail → | |
/admin/saml/providers/{id} | 更新SAML IdP | detail → | |
/admin/saml/providers/{id}/attribute-mapping | 更新属性映射 | detail → |
SCIM
| Method | Path | Summary | |
|---|---|---|---|
/scim/Groups | 列出SCIM组 | detail → | |
/scim/Groups | 创建SCIM组 | detail → | |
/scim/Groups/{id} | 删除SCIM组 | detail → | |
/scim/Groups/{id} | 获取SCIM组 | detail → | |
/scim/Groups/{id} | 部分更新SCIM组 | detail → | |
/scim/Groups/{id} | 更新SCIM组 | detail → | |
/scim/ResourceTypes | SCIM资源类型 | detail → | |
/scim/Schemas | SCIM Schemas | detail → | |
/scim/ServiceProviderConfig | SCIM服务提供商配置 | detail → | |
/scim/Users | 列出SCIM用户 | detail → | |
/scim/Users | 创建SCIM用户 | detail → | |
/scim/Users/{id} | 删除SCIM用户 | detail → | |
/scim/Users/{id} | 获取SCIM用户 | detail → | |
/scim/Users/{id} | 部分更新SCIM用户 | detail → | |
/scim/Users/{id} | 更新SCIM用户 | detail → |
WebAuthn
| Method | Path | Summary | |
|---|---|---|---|
/auth/me/webauthn-credentials | 获取已注册的Passkey列表 | detail → | |
/auth/me/webauthn-credentials/{id} | 删除Passkey | detail → | |
/auth/webauthn/authenticate/begin | 开始Passkey公开认证 | detail → | |
/auth/webauthn/authenticate/complete | 完成Passkey公开认证 | detail → | |
/auth/webauthn/login/begin | 开始Passkey登录 | detail → | |
/auth/webauthn/login/complete | 完成Passkey登录 | detail → | |
/auth/webauthn/register/begin | 开始Passkey注册 | detail → | |
/auth/webauthn/register/complete | 完成Passkey注册 | detail → |
internal
| Method | Path | Summary | |
|---|---|---|---|
/internal/seed-provider | Seed SAML provider (dev only) | detail → |
会话与设备
| Method | Path | Summary | |
|---|---|---|---|
/auth/me/authenticator/backup | detail → | ||
/auth/me/authenticator/backup | detail → | ||
/auth/me/authenticator/backup/{id} | detail → | ||
/auth/me/authenticator/devices | detail → | ||
/auth/me/authenticator/devices/{id} | 移除认证器设备 | detail → | |
/auth/qr-login/cancel | 取消二维码登录 | detail → | |
/auth/qr-login/confirm | 确认二维码登录 | detail → | |
/auth/qr-login/initiate | 发起二维码登录 | detail → | |
/auth/qr-login/scan | 扫描二维码登录 | detail → | |
/auth/qr-login/status | 查询二维码登录状态 | detail → | |
/devices | 移除所有设备 | detail → | |
/devices | 获取用户设备列表 | detail → | |
/devices/{id} | 移除设备 | detail → | |
/devices/{id}/trust | 信任/取消信任设备 | detail → |
多因素认证
| Method | Path | Summary | |
|---|---|---|---|
/auth/mfa/verify-challenge | 验证MFA挑战 | detail → |
安全
| Method | Path | Summary | |
|---|---|---|---|
/admin/security/risk-events | 风险事件列表 | detail → | |
/admin/security/risk-events/aggregation | 风险事件聚合 | detail → |
安全策略
| Method | Path | Summary | |
|---|---|---|---|
/admin/security/auth-config | 获取认证配置 | detail → | |
/admin/security/auth-config | 更新认证配置 | detail → | |
/admin/security/password-policy | 获取密码策略 | detail → | |
/admin/security/password-policy | 更新密码策略 | detail → | |
/admin/security/password-stats | 获取密码统计 | detail → |
未成年人管理
| Method | Path | Summary | |
|---|---|---|---|
/admin/users/{user_id}/children-consent/deny | 拒绝儿童同意 | detail → | |
/admin/users/{user_id}/children-consent/verify | 验证儿童同意 | detail → |
角色权限
| Method | Path | Summary | |
|---|---|---|---|
/admin/abac-policies | 查询ABAC策略列表 | detail → | |
/admin/abac-policies | 创建ABAC策略 | detail → | |
/admin/abac-policies/{id} | 删除ABAC策略 | detail → | |
/admin/abac-policies/{id} | 获取ABAC策略详情 | detail → | |
/admin/abac-policies/{id} | 更新ABAC策略 | detail → | |
/admin/relationships/check | 检查关系权限 | detail → | |
/admin/relationships/expand | 展开关系树 | detail → | |
/admin/role-activations | 查询角色激活记录 | detail → | |
/admin/role-activations/{id}/approve | 批准角色激活 | detail → | |
/admin/role-activations/{id}/revoke | 撤销角色激活 | detail → | |
/auth/me/role-activations | 查询我的角色激活 | detail → | |
/auth/me/role-activations | 请求角色激活 | detail → | |
/internal/pim/cleanup-expired | 清理过期角色激活 | detail → |
认证策略管理
| Method | Path | Summary | |
|---|---|---|---|
/admin/auth-policies | 获取租户认证策略列表 | detail → | |
/admin/auth-policies/{tenant_id} | 删除租户认证策略 | detail → | |
/admin/auth-policies/{tenant_id} | 获取租户认证策略 | detail → | |
/admin/auth-policies/{tenant_id} | 更新租户认证策略 | detail → |
账户管理
| Method | Path | Summary | |
|---|---|---|---|
/admin/impersonate | 管理员模拟用户登录 | detail → | |
/admin/users | 查询用户列表 | detail → | |
/admin/users | 创建用户 | detail → | |
/admin/users/batch | 批量创建用户 | detail → | |
/admin/users/batch/status | 批量更新用户状态 | detail → | |
/admin/users/merge | 合并用户 | detail → | |
/admin/users/{user_id} | 删除用户 | detail → | |
/admin/users/{user_id} | 获取用户详情 | detail → | |
/admin/users/{user_id} | 更新用户信息 | detail → | |
/admin/users/{user_id}/account-unlocks | 解锁账户 | detail → | |
/admin/users/{user_id}/identities | 获取用户身份列表 | detail → | |
/admin/users/{user_id}/identities | 添加用户身份 | detail → | |
/admin/users/{user_id}/identities/{identity_id} | 移除用户身份 | detail → | |
/admin/users/{user_id}/identities/{identity_id}/set-primary | 设置主身份 | detail → | |
/admin/users/{user_id}/identities/{identity_id}/verifications | 验证用户身份 | detail → | |
/admin/users/{user_id}/impersonate | 管理员模拟用户 | detail → | |
/admin/users/{user_id}/login-histories | 获取登录历史 | detail → | |
/admin/users/{user_id}/security-status | 获取安全状态 | detail → | |
/admin/users/{user_id}/status | 更新用户状态 | detail → | |
/auth/me | 停用当前账户 | detail → | |
/auth/me/audit-logs | 获取我的审计日志 | detail → | |
/auth/me/children-consent | 获取儿童隐私同意状态 | detail → | |
/auth/me/consent | 撤销用户同意 | detail → | |
/auth/me/consent | 记录用户同意 | detail → | |
/auth/me/consent-history | 获取同意历史记录 | detail → | |
/auth/me/delete-account | 永久删除账户 (GDPR 被遗忘权/账户删除) | detail → | |
/auth/me/devices | 获取我的设备列表 | detail → | |
/auth/me/devices/{device_id} | 移除设备 | detail → | |
/auth/me/devices/{device_id}/trust | 信任/取消信任设备 | detail → | |
/auth/me/email/change | 变更邮箱地址 | detail → | |
/auth/me/email/verify | 验证邮箱变更 | detail → | |
/auth/me/export-data | 导出我的数据 (GDPR DSAR) | detail → | |
/auth/me/memberships | 获取我的租户成员状态 | detail → | |
/auth/me/phone/change | 变更手机号 | detail → | |
/auth/me/phone/verify | 验证手机号变更 | detail → | |
/auth/me/recovery-contacts | 获取恢复联系人列表 | detail → | |
/auth/me/recovery-contacts | 添加恢复联系人 | detail → | |
/auth/me/recovery-contacts/{contact_id} | 移除恢复联系人 | detail → | |
/auth/me/saml-links | 获取SAML关联账户列表 | detail → | |
/auth/me/saml-links/{id} | 解绑SAML关联账户 | detail → | |
/auth/me/security-events | 获取安全事件列表 | detail → | |
/auth/me/security-events/{event_id}/dismiss | 关闭安全事件提醒 | detail → | |
/auth/me/sessions | 登出所有会话 | detail → | |
/auth/me/sessions | 获取我的会话列表 | detail → | |
/auth/me/sessions/{session_id} | 登出指定会话 | detail → | |
/auth/me/stop-impersonation | 结束模拟会话 | detail → | |
/internal/identity/erase-user/{user_id} | 内部硬删除用户 | detail → | |
/internal/maker-checker/record | 记录双人复核 | detail → |
身份提供商
| Method | Path | Summary | |
|---|---|---|---|
/admin/identity-providers | 列出身份提供商 | detail → | |
/admin/identity-providers | 创建身份提供商 | detail → | |
/admin/identity-providers/import-oidc-discovery | 导入OIDC Discovery | detail → | |
/admin/identity-providers/import-saml-metadata | 导入SAML Metadata | detail → | |
/admin/identity-providers/{id} | 删除身份提供商 | detail → | |
/admin/identity-providers/{id} | 获取身份提供商详情 | detail → | |
/admin/identity-providers/{id} | 更新身份提供商 | detail → | |
/admin/identity-providers/{id}/activate | 启用身份提供商 | detail → | |
/admin/identity-providers/{id}/attribute-mapping | 获取属性映射 | detail → | |
/admin/identity-providers/{id}/attribute-mapping | 更新属性映射 | detail → | |
/admin/identity-providers/{id}/certificates | 列出证书 | detail → | |
/admin/identity-providers/{id}/certificates | 上传证书 | detail → | |
/admin/identity-providers/{id}/certificates/{cert_id} | 删除证书 | detail → | |
/admin/identity-providers/{id}/certificates/{cert_id}/rotate | 证书轮转 | detail → | |
/admin/identity-providers/{id}/deactivate | 停用身份提供商 | detail → | |
/admin/identity-providers/{id}/jit-config | 获取JIT配置 | detail → | |
/admin/identity-providers/{id}/jit-config | 更新JIT配置 | detail → | |
/admin/identity-providers/{id}/stats | 获取提供商统计 | detail → | |
/admin/identity-providers/{id}/test | 测试身份提供商连接 | detail → | |
/admin/identity-providers/{id}/users | 获取提供商关联用户 | detail → |
身份认证
| Method | Path | Summary | |
|---|---|---|---|
/admin/users/{user_id}/password | 修改密码 | detail → | |
/admin/users/{user_id}/password-resets | 重置密码 | detail → | |
/admin/users/{user_id}/password-status | 获取用户密码状态 | detail → | |
/auth/anonymous | 匿名认证 | detail → | |
/auth/captcha/challenge | 获取CAPTCHA挑战 | detail → | |
/auth/forgot-password | 忘记密码 | detail → | |
/auth/generate-ticket | 生成一次性票据 | detail → | |
/auth/id-token/signin | ID Token登录 | detail → | |
/auth/login | 用户登录 | detail → | |
/auth/login/email-code | 邮箱验证码登录 | detail → | |
/auth/login/phone-code | 手机验证码登录 | detail → | |
/auth/magic-link/callback | 魔法链接回调 (GET→POST 双步跳转) | detail → | |
/auth/magic-link/callback | 魔法链接回调 (GET→POST 双步跳转) | detail → | |
/auth/magic-link/request | 请求发送魔法链接 | detail → | |
/auth/me | 获取当前登录用户信息 | detail → | |
/auth/me | 更新当前用户信息 | detail → | |
/auth/me/email-verification-status | 检查邮箱验证状态 | detail → | |
/auth/me/password | 修改当前用户密码 | detail → | |
/auth/me/password-strength | 检查密码强度 | detail → | |
/auth/me/permissions | 获取当前用户权限 | detail → | |
/auth/me/phone-verification-status | 检查手机号验证状态 | detail → | |
/auth/me/switch-tenant | 切换当前租户 | detail → | |
/auth/me/tenants | 获取当前用户租户 | detail → | |
/auth/oauth/accounts | 获取用户OAuth账号列表 | detail → | |
/auth/oauth/bind | 绑定OAuth账号 | detail → | |
/auth/oauth/providers | 获取OAuth提供商列表 | detail → | |
/auth/oauth/unbind | 解绑OAuth账号 | detail → | |
/auth/oauth/{provider} | 发起OAuth登录 | detail → | |
/auth/oauth/{provider}/callback | OAuth回调 | detail → | |
/auth/re-authenticate | 重新认证(Step-up) | detail → | |
/auth/recover-account | 通过恢复联系人初始化账户恢复 | detail → | |
/auth/recover-account/reset | 通过恢复码重置密码 | detail → | |
/auth/recovery/complete | 完成账户恢复 | detail → | |
/auth/recovery/request | 发起账户恢复 | detail → | |
/auth/recovery/verify | 验证账户恢复码 | detail → | |
/auth/refresh | 刷新访问令牌 | detail → | |
/auth/register | 用户注册 | detail → | |
/auth/register/check-email | 检查邮箱是否可用 | detail → | |
/auth/register/check-email | 检查邮箱是否可用 | detail → | |
/auth/register/check-username | 检查用户名是否可用 | detail → | |
/auth/register/check-username | 检查用户名是否可用 | detail → | |
/auth/register/email-code | 邮箱验证码注册 | detail → | |
/auth/register/invitation | 邀请注册 | detail → | |
/auth/register/oauth | OAuth补充注册 | detail → | |
/auth/register/phone-code | 手机验证码注册 | detail → | |
/auth/register/reapply | 重新申请注册 | detail → | |
/auth/resend-sms-code | 重新发送短信验证码 | detail → | |
/auth/resend-verification-email | 重新发送邮箱验证邮件 | detail → | |
/auth/reset-password | 重置密码 | detail → | |
/auth/send-login-code | 发送登录验证码 | detail → | |
/auth/send-sms-code | 发送短信验证码 | detail → | |
/auth/send-verification-email | 发送邮箱验证邮件 | detail → | |
/auth/sso/callback | 企业SSO回调 | detail → | |
/auth/sso/initiate | 启动企业SSO登录 | detail → | |
/auth/ticket/signin | 票据签名登录 | detail → | |
/auth/verify-email | 验证邮箱地址 | detail → | |
/auth/verify-phone | 验证手机号 | detail → | |
/auth/verify-reset-code | 验证重置验证码 | detail → | |
/auth/web3/verify | 验证Web3钱包签名 | detail → | |
/internal/identity/verify-password | 验证密码 | detail → | |
/internal/record-login-failure | 记录登录失败 | detail → | |
/internal/record-login-success | 记录登录成功 | detail → | |
/public/auth-config/by-domain/{domain} | 根据域名获取租户认证配置(公开) | detail → | |
/public/auth-config/by-identifier | 根据标识符发现租户 | detail → | |
/public/auth-config/by-slug/{slug} | 根据租户标识获取认证配置(公开) | detail → | |
/public/auth-config/{tenant_id} | 获取租户认证配置(公开) | detail → | |
/public/password-strength | 检查密码强度(公开) | detail → | |
/public/tenants/discover | 发现公开可加入的租户 | detail → |
身份认证 - 内部接口
| Method | Path | Summary | |
|---|---|---|---|
/public/key-exchange | ECDH 密钥交换 | detail → |