get:
  operationId: GetAuth
  summary: Get Current User
  x-authenticated: true
  description: Get the currently logged in user's details.
  x-codegen:
    method: getSession
  x-codeSamples:
    - lang: JavaScript
      label: JS Client
      source:
        $ref: ../code_samples/JavaScript/admin_auth/get.js
    - lang: Shell
      label: cURL
      source:
        $ref: ../code_samples/Shell/admin_auth/get.sh
  security:
    - api_token: []
    - cookie_auth: []
    - jwt_token: []
  tags:
    - Auth
  responses:
    '200':
      description: OK
      content:
        application/json:
          schema:
            $ref: ../components/schemas/AdminAuthRes.yaml
    '400':
      $ref: ../components/responses/400_error.yaml
    '401':
      $ref: ../components/responses/unauthorized.yaml
    '404':
      $ref: ../components/responses/not_found_error.yaml
    '409':
      $ref: ../components/responses/invalid_state_error.yaml
    '422':
      $ref: ../components/responses/invalid_request_error.yaml
    '500':
      $ref: ../components/responses/500_error.yaml
post:
  operationId: PostAuth
  summary: User Login
  x-authenticated: false
  description: >-
    Log a User in and includes the Cookie session in the response header. The
    cookie session can be used in subsequent requests to authorize the user to
    perform admin functionalities. When using Medusa's JS or Medusa React
    clients, the cookie is automatically attached to subsequent requests.
  requestBody:
    content:
      application/json:
        schema:
          $ref: ../components/schemas/AdminPostAuthReq.yaml
  x-codegen:
    method: createSession
  x-codeSamples:
    - lang: JavaScript
      label: JS Client
      source:
        $ref: ../code_samples/JavaScript/admin_auth/post.js
    - lang: Shell
      label: cURL
      source:
        $ref: ../code_samples/Shell/admin_auth/post.sh
  tags:
    - Auth
  responses:
    '200':
      description: OK
      content:
        application/json:
          schema:
            $ref: ../components/schemas/AdminAuthRes.yaml
    '400':
      $ref: ../components/responses/400_error.yaml
    '401':
      $ref: ../components/responses/incorrect_credentials.yaml
    '404':
      $ref: ../components/responses/not_found_error.yaml
    '409':
      $ref: ../components/responses/invalid_state_error.yaml
    '422':
      $ref: ../components/responses/invalid_request_error.yaml
    '500':
      $ref: ../components/responses/500_error.yaml
delete:
  operationId: DeleteAuth
  summary: User Logout
  x-authenticated: true
  description: >-
    Delete the current session for the logged in user. This will only work if
    you're using Cookie session for authentication. If the API token is still
    passed in the header, the user is still authorized to perform admin
    functionalities in other API Routes.
  x-codegen:
    method: deleteSession
  x-codeSamples:
    - lang: JavaScript
      label: JS Client
      source:
        $ref: ../code_samples/JavaScript/admin_auth/delete.js
    - lang: Shell
      label: cURL
      source:
        $ref: ../code_samples/Shell/admin_auth/delete.sh
  security:
    - api_token: []
    - cookie_auth: []
    - jwt_token: []
  tags:
    - Auth
  responses:
    '200':
      description: OK
    '400':
      $ref: ../components/responses/400_error.yaml
    '401':
      $ref: ../components/responses/unauthorized.yaml
    '404':
      $ref: ../components/responses/not_found_error.yaml
    '409':
      $ref: ../components/responses/invalid_state_error.yaml
    '422':
      $ref: ../components/responses/invalid_request_error.yaml
    '500':
      $ref: ../components/responses/500_error.yaml