Scalar · Capability

Core — auth

Core — auth. 28 operations. Lead operation: Get a users basic information. Self-contained Naftiko capability covering one business surface.

Core — auth is a Naftiko capability published by Scalar, one of 22 capabilities the APIs.io network indexes for this provider. It bundles 28 operations across the POST, GET, and DELETE methods.

The capability includes 8 read-only operations and 20 state-changing operations. Lead operation: Get a users basic information. Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.

Tagged areas include Scalar and auth.

Run with Naftiko Scalarauth

What You Can Do

GET

Getme — Get a users basic information

/v1/me

POST

Postloginemail — Login with email password flow

/v1/login/email

POST

Postloginemailsignup — Register with email password flow

/v1/login/email-signup

POST

Postloginemailotp — Send an OTP verification code to the email

/v1/login/email-otp

POST

Postloginemailotpverify — Verify OTP

/v1/login/email-otp/verify

POST

Postloginrefresh — Refresh an access token and set the team uid token

/v1/login/refresh

POST

Postloginexchange — Exchange the short lived URL token for access/refresh tokens

/v1/login/exchange

POST

Postlogingetexchange — Gets an exchange token that can be used to redirect a user with auth credentials to different domain

/v1/login/get-exchange

POST

Postloginrequestpasswordreset — Request reset password

/v1/login/request-password-reset

POST

Postloginresetpassword — Verify password reset request

/v1/login/reset-password

POST

Postloginchangepassword — Change password for authenticated user

/v1/login/change-password

POST

Postloginpersonaltokengenerate — Generate a new personal token

/v1/login/personal-token/generate

POST

Postloginpersonaltokenaccess — Generate a new access token from a personal token

/v1/login/personal-token/access

POST

Postloginpersonaltokenuidrevoke — Revoke a personal token

/v1/login/personal-token/{uid}/revoke

DELETE

Deleteloginpersonaltokenuid — Delete a personal token

/v1/login/personal-token/{uid}

GET

Getidentityprovideruid — Get an identity provider configuration for a team

/v1/identity-provider/{uid}

DELETE

Deleteidentityprovideruid — Delete an identity provider configuration for a team

/v1/identity-provider/{uid}

POST

Postidentityprovider — Add an identity provider configuration for a team

/v1/identity-provider

POST

Postidentityproviderupdate — Update an identity provider configuration for a team

/v1/identity-provider/update

GET

Getsamlmetadata — Get base SP SAML metadata

/v1/saml/metadata

GET

Getsamlidpuidmetadata — Get SAML IdP-specific connection metadata

/v1/saml/idp/{uid}/metadata

GET

Getsamlidpuidlogin — SAML connection login route

/v1/saml/idp/{uid}/login

GET

Getsamllogout — SAML logout route

/v1/saml/logout

POST

Postsamlacs — SAML ACS route

/v1/saml/acs

POST

Postsamlinitiate — SAML initiate route

/v1/saml/initiate

GET

Getsamlcertsigning — Return SAML public signing cert

/v1/saml/cert/signing

GET

Getsamlcertencryption — Return SAML public encryption cert

/v1/saml/cert/encryption

POST

Posteventsauthvacuumrefreshtokens — Clean-up unused refresh tokens

/v1/events/auth/vacuum-refresh-tokens

MCP Tools

scalar-getme

Get a users basic information

read-only idempotent

scalar-postloginemail

scalar-postloginemailsignup

scalar-postloginemailotp

Send an OTP verification code to the email

scalar-postloginemailotpverify

Verify OTP

scalar-postloginrefresh

Refresh an access token and set the team uid token

scalar-postloginexchange

Exchange the short lived URL token for access/refresh tokens

scalar-postlogingetexchange

Gets an exchange token that can be used to redirect a user with auth credentials to different domain

scalar-postloginrequestpasswordreset

Request reset password

scalar-postloginresetpassword

Verify password reset request

scalar-postloginchangepassword

Change password for authenticated user

scalar-postloginpersonaltokengenerate

Generate a new personal token

scalar-postloginpersonaltokenaccess

Generate a new access token from a personal token

scalar-postloginpersonaltokenuidrevoke

Revoke a personal token

scalar-deleteloginpersonaltokenuid

Delete a personal token

idempotent

scalar-getidentityprovideruid

Get an identity provider configuration for a team

read-only idempotent

scalar-deleteidentityprovideruid

Delete an identity provider configuration for a team

idempotent

scalar-postidentityprovider

Add an identity provider configuration for a team

scalar-postidentityproviderupdate

Update an identity provider configuration for a team

scalar-getsamlmetadata

Get base SP SAML metadata

read-only idempotent

scalar-getsamlidpuidmetadata

Get SAML IdP-specific connection metadata

read-only idempotent

scalar-getsamlidpuidlogin

SAML connection login route

read-only idempotent

scalar-getsamllogout

SAML logout route

read-only idempotent

scalar-postsamlacs

SAML ACS route

scalar-postsamlinitiate

SAML initiate route

scalar-getsamlcertsigning

Return SAML public signing cert

read-only idempotent

scalar-getsamlcertencryption

Return SAML public encryption cert

read-only idempotent

scalar-posteventsauthvacuumrefreshtokens

Clean-up unused refresh tokens

Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: Core — auth
  description: 'Core — auth. 28 operations. Lead operation: Get a users basic information. Self-contained Naftiko capability covering one business surface.'
  tags:
  - Scalar
  - auth
  created: '2026-05-20'
  modified: '2026-05-20'
binds:
- namespace: env
  keys:
    SCALAR_API_KEY: SCALAR_API_KEY
capability:
  consumes:
  - type: http
    namespace: core-auth
    baseUri: https://example.com
    description: Core — auth business capability. Self-contained, no shared references.
    resources:
    - name: me
      path: /me
      operations:
      - name: getme
        method: GET
        description: Get a users basic information
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters: []
    - name: login-email
      path: /login/email
      operations:
      - name: postloginemail
        method: POST
        description: Login with email password flow
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-email-signup
      path: /login/email-signup
      operations:
      - name: postloginemailsignup
        method: POST
        description: Register with email password flow
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-email-otp
      path: /login/email-otp
      operations:
      - name: postloginemailotp
        method: POST
        description: Send an OTP verification code to the email
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-email-otp-verify
      path: /login/email-otp/verify
      operations:
      - name: postloginemailotpverify
        method: POST
        description: Verify OTP
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-refresh
      path: /login/refresh
      operations:
      - name: postloginrefresh
        method: POST
        description: Refresh an access token and set the team uid token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-exchange
      path: /login/exchange
      operations:
      - name: postloginexchange
        method: POST
        description: Exchange the short lived URL token for access/refresh tokens
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-get-exchange
      path: /login/get-exchange
      operations:
      - name: postlogingetexchange
        method: POST
        description: Gets an exchange token that can be used to redirect a user with auth credentials to different domain
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-request-password-reset
      path: /login/request-password-reset
      operations:
      - name: postloginrequestpasswordreset
        method: POST
        description: Request reset password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-reset-password
      path: /login/reset-password
      operations:
      - name: postloginresetpassword
        method: POST
        description: Verify password reset request
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-change-password
      path: /login/change-password
      operations:
      - name: postloginchangepassword
        method: POST
        description: Change password for authenticated user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-personal-token-generate
      path: /login/personal-token/generate
      operations:
      - name: postloginpersonaltokengenerate
        method: POST
        description: Generate a new personal token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-personal-token-access
      path: /login/personal-token/access
      operations:
      - name: postloginpersonaltokenaccess
        method: POST
        description: Generate a new access token from a personal token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-personal-token-uid-revoke
      path: /login/personal-token/{uid}/revoke
      operations:
      - name: postloginpersonaltokenuidrevoke
        method: POST
        description: Revoke a personal token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: uid
          in: path
          type: string
          description: path parameter uid.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: login-personal-token-uid
      path: /login/personal-token/{uid}
      operations:
      - name: deleteloginpersonaltokenuid
        method: DELETE
        description: Delete a personal token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: uid
          in: path
          type: string
          description: path parameter uid.
          required: true
    - name: identity-provider-uid
      path: /identity-provider/{uid}
      operations:
      - name: getidentityprovideruid
        method: GET
        description: Get an identity provider configuration for a team
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: uid
          in: path
          type: string
          description: path parameter uid.
          required: true
      - name: deleteidentityprovideruid
        method: DELETE
        description: Delete an identity provider configuration for a team
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: uid
          in: path
          type: string
          description: path parameter uid.
          required: true
    - name: identity-provider
      path: /identity-provider
      operations:
      - name: postidentityprovider
        method: POST
        description: Add an identity provider configuration for a team
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: identity-provider-update
      path: /identity-provider/update
      operations:
      - name: postidentityproviderupdate
        method: POST
        description: Update an identity provider configuration for a team
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: saml-metadata
      path: /saml/metadata
      operations:
      - name: getsamlmetadata
        method: GET
        description: Get base SP SAML metadata
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters: []
    - name: saml-idp-uid-metadata
      path: /saml/idp/{uid}/metadata
      operations:
      - name: getsamlidpuidmetadata
        method: GET
        description: Get SAML IdP-specific connection metadata
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: uid
          in: path
          type: string
          description: path parameter uid.
          required: true
    - name: saml-idp-uid-login
      path: /saml/idp/{uid}/login
      operations:
      - name: getsamlidpuidlogin
        method: GET
        description: SAML connection login route
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: uid
          in: path
          type: string
          description: path parameter uid.
          required: true
        - name: redirect
          in: query
          type: string
          description: query parameter redirect.
        - name: resource
          in: query
          type: string
          description: query parameter resource.
        - name: type
          in: query
          type: string
          description: query parameter type.
    - name: saml-logout
      path: /saml/logout
      operations:
      - name: getsamllogout
        method: GET
        description: SAML logout route
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters: []
    - name: saml-acs
      path: /saml/acs
      operations:
      - name: postsamlacs
        method: POST
        description: SAML ACS route
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: saml-initiate
      path: /saml/initiate
      operations:
      - name: postsamlinitiate
        method: POST
        description: SAML initiate route
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: saml-cert-signing
      path: /saml/cert/signing
      operations:
      - name: getsamlcertsigning
        method: GET
        description: Return SAML public signing cert
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters: []
    - name: saml-cert-encryption
      path: /saml/cert/encryption
      operations:
      - name: getsamlcertencryption
        method: GET
        description: Return SAML public encryption cert
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters: []
    - name: events-auth-vacuum-refresh-tokens
      path: /events/auth/vacuum-refresh-tokens
      operations:
      - name: posteventsauthvacuumrefreshtokens
        method: POST
        description: Clean-up unused refresh tokens
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
  exposes:
  - type: rest
    namespace: core-auth-rest
    port: 8080
    description: REST adapter for Core — auth. One resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/me
      name: me
      description: REST surface for me.
      operations:
      - method: GET
        name: getme
        description: Get a users basic information
        call: core-auth.getme
        with: {}
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/email
      name: login-email
      description: REST surface for login-email.
      operations:
      - method: POST
        name: postloginemail
        description: Login with email password flow
        call: core-auth.postloginemail
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/email-signup
      name: login-email-signup
      description: REST surface for login-email-signup.
      operations:
      - method: POST
        name: postloginemailsignup
        description: Register with email password flow
        call: core-auth.postloginemailsignup
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/email-otp
      name: login-email-otp
      description: REST surface for login-email-otp.
      operations:
      - method: POST
        name: postloginemailotp
        description: Send an OTP verification code to the email
        call: core-auth.postloginemailotp
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/email-otp/verify
      name: login-email-otp-verify
      description: REST surface for login-email-otp-verify.
      operations:
      - method: POST
        name: postloginemailotpverify
        description: Verify OTP
        call: core-auth.postloginemailotpverify
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/refresh
      name: login-refresh
      description: REST surface for login-refresh.
      operations:
      - method: POST
        name: postloginrefresh
        description: Refresh an access token and set the team uid token
        call: core-auth.postloginrefresh
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/exchange
      name: login-exchange
      description: REST surface for login-exchange.
      operations:
      - method: POST
        name: postloginexchange
        description: Exchange the short lived URL token for access/refresh tokens
        call: core-auth.postloginexchange
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/get-exchange
      name: login-get-exchange
      description: REST surface for login-get-exchange.
      operations:
      - method: POST
        name: postlogingetexchange
        description: Gets an exchange token that can be used to redirect a user with auth credentials to different domain
        call: core-auth.postlogingetexchange
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/request-password-reset
      name: login-request-password-reset
      description: REST surface for login-request-password-reset.
      operations:
      - method: POST
        name: postloginrequestpasswordreset
        description: Request reset password
        call: core-auth.postloginrequestpasswordreset
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/reset-password
      name: login-reset-password
      description: REST surface for login-reset-password.
      operations:
      - method: POST
        name: postloginresetpassword
        description: Verify password reset request
        call: core-auth.postloginresetpassword
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/change-password
      name: login-change-password
      description: REST surface for login-change-password.
      operations:
      - method: POST
        name: postloginchangepassword
        description: Change password for authenticated user
        call: core-auth.postloginchangepassword
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/personal-token/generate
      name: login-personal-token-generate
      description: REST surface for login-personal-token-generate.
      operations:
      - method: POST
        name: postloginpersonaltokengenerate
        description: Generate a new personal token
        call: core-auth.postloginpersonaltokengenerate
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/personal-token/access
      name: login-personal-token-access
      description: REST surface for login-personal-token-access.
      operations:
      - method: POST
        name: postloginpersonaltokenaccess
        description: Generate a new access token from a personal token
        call: core-auth.postloginpersonaltokenaccess
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/personal-token/{uid}/revoke
      name: login-personal-token-uid-revoke
      description: REST surface for login-personal-token-uid-revoke.
      operations:
      - method: POST
        name: postloginpersonaltokenuidrevoke
        description: Revoke a personal token
        call: core-auth.postloginpersonaltokenuidrevoke
        with:
          uid: rest.uid
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/login/personal-token/{uid}
      name: login-personal-token-uid
      description: REST surface for login-personal-token-uid.
      operations:
      - method: DELETE
        name: deleteloginpersonaltokenuid
        description: Delete a personal token
        call: core-auth.deleteloginpersonaltokenuid
        with:
          uid: rest.uid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/identity-provider/{uid}
      name: identity-provider-uid
      description: REST surface for identity-provider-uid.
      operations:
      - method: GET
        name: getidentityprovideruid
        description: Get an identity provider configuration for a team
        call: core-auth.getidentityprovideruid
        with:
          uid: rest.uid
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteidentityprovideruid
        description: Delete an identity provider configuration for a team
        call: core-auth.deleteidentityprovideruid
        with:
          uid: rest.uid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/identity-provider
      name: identity-provider
      description: REST surface for identity-provider.
      operations:
      - method: POST
        name: postidentityprovider
        description: Add an identity provider configuration for a team
        call: core-auth.postidentityprovider
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/identity-provider/update
      name: identity-provider-update
      description: REST surface for identity-provider-update.
      operations:
      - method: POST
        name: postidentityproviderupdate
        description: Update an identity provider configuration for a team
        call: core-auth.postidentityproviderupdate
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/saml/metadata
      name: saml-metadata
      description: REST surface for saml-metadata.
      operations:
      - method: GET
        name: getsamlmetadata
        description: Get base SP SAML metadata
        call: core-auth.getsamlmetadata
        with: {}
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/saml/idp/{uid}/metadata
      name: saml-idp-uid-metadata
      description: REST surface for saml-idp-uid-metadata.
      operations:
      - method: GET
        name: getsamlidpuidmetadata
        description: Get SAML IdP-specific connection metadata
        call: core-auth.getsamlidpuidmetadata
        with:
          uid: rest.uid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/saml/idp/{uid}/login
      name: saml-idp-uid-login
      description: REST surface for saml-idp-uid-login.
      operations:
      - method: GET
        name: getsamlidpuidlogin
        description: SAML connection login route
        call: core-auth.getsamlidpuidlogin
        with:
          uid: rest.uid
          redirect: rest.redirect
          resource: rest.resource
          type: rest.type
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/saml/logout
      name: saml-logout
      description: REST surface for saml-logout.
      operations:
      - method: GET
        name: getsamllogout
        description: SAML logout route
        call: core-auth.getsamllogout
        with: {}
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/saml/acs
      name: saml-acs
      description: REST surface for saml-acs.
      operations:
      - method: POST
        name: postsamlacs
        description: SAML ACS route
        call: core-auth.postsamlacs
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/saml/initiate
      name: saml-initiate
      description: REST surface for saml-initiate.
      operations:
      - method: POST
        name: postsamlinitiate
        description: SAML initiate route
        call: core-auth.postsamlinitiate
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/saml/cert/signing
      name: saml-cert-signing
      description: REST surface for saml-cert-signing.
      operations:
      - method: GET
        name: getsamlcertsigning
        description: Return SAML public signing cert
        call: core-auth.getsamlcertsigning
        with: {}
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/saml/cert/encryption
      name: saml-cert-encryption
      description: REST surface for saml-cert-encryption.
      operations:
      - method: GET
        name: getsamlcertencryption
        description: Return SAML public encryption cert
        call: core-auth.getsamlcertencryption
        with: {}
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/events/auth/vacuum-refresh-tokens
      name: events-auth-vacuum-refresh-tokens
      description: REST surface for events-auth-vacuum-refresh-tokens.
      operations:
      - method: POST
        name: posteventsauthvacuumrefreshtokens
        description: Clean-up unused refresh tokens
        call: core-auth.posteventsauthvacuumrefreshtokens
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: core-auth-mcp
    port: 9090
    transport: http
    description: MCP adapter for Core — auth. One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: scalar-getme
      description: Get a users basic information
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: core-auth.getme
      with: {}
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginemail
      description: Login with email password flow
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginemail
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginemailsignup
      description: Register with email password flow
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginemailsignup
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginemailotp
      description: Send an OTP verification code to the email
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginemailotp
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginemailotpverify
      description: Verify OTP
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginemailotpverify
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginrefresh
      description: Refresh an access token and set the team uid token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginrefresh
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginexchange
      description: Exchange the short lived URL token for access/refresh tokens
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginexchange
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postlogingetexchange
      description: Gets an exchange token that can be used to redirect a user with auth credentials to different domain
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postlogingetexchange
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginrequestpasswordreset
      description: Request reset password
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginrequestpasswordreset
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginresetpassword
      description: Verify password reset request
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginresetpassword
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginchangepassword
      description: Change password for authenticated user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginchangepassword
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginpersonaltokengenerate
      description: Generate a new personal token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginpersonaltokengenerate
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginpersonaltokenaccess
      description: Generate a new access token from a personal token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginpersonaltokenaccess
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postloginpersonaltokenuidrevoke
      description: Revoke a personal token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postloginpersonaltokenuidrevoke
      with:
        uid: tools.uid
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-deleteloginpersonaltokenuid
      description: Delete a personal token
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: core-auth.deleteloginpersonaltokenuid
      with:
        uid: tools.uid
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-getidentityprovideruid
      description: Get an identity provider configuration for a team
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: core-auth.getidentityprovideruid
      with:
        uid: tools.uid
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-deleteidentityprovideruid
      description: Delete an identity provider configuration for a team
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: core-auth.deleteidentityprovideruid
      with:
        uid: tools.uid
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postidentityprovider
      description: Add an identity provider configuration for a team
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postidentityprovider
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-postidentityproviderupdate
      description: Update an identity provider configuration for a team
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: core-auth.postidentityproviderupdate
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-getsamlmetadata
      description: Get base SP SAML metadata
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: core-auth.getsamlmetadata
      with: {}
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-getsamlidpuidmetadata
      description: Get SAML IdP-specific connection metadata
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: core-auth.getsamlidpuidmetadata
      with:
        uid: tools.uid
      outputParameters:
      - type: object
        mapping: $.
    - name: scalar-getsamlidpuidlogin
      description: SAML connection login route
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: core-auth.getsamlidpuidlogin


# --- truncated at 32 KB (33 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/scalar/refs/heads/main/capabilities/core-auth.yaml