Class: AdminFlow
Class: AdminFlow
Defined in: auth-client/src/core/flows/admin.flow.ts:44
Constructors
Constructor
new AdminFlow(
deps):AdminFlow
Defined in: auth-client/src/core/flows/admin.flow.ts:45
Parameters
deps
Returns
AdminFlow
Methods
getUsersBulk()
getUsersBulk(
req):Promise<LookupUserRecord[]>
Defined in: auth-client/src/core/flows/admin.flow.ts:70
POST /admin/users/lookup — bulk-resolve users by email and/or id in a single round-trip. Replaces the awkward check-email-then-list-and-filter workflow back-office tools used to implement (AUTH-PHP-LARAVEL-DESIGN §5).
Soft-deleted users are excluded from the response. The order of the returned array is not guaranteed; consumers that need a specific order (e.g. matching the input email list) should index the response by id/email themselves.
Requires an admin token (system_admin or super_admin); 403 if the caller isn’t admin.
Parameters
req
Returns
Promise<LookupUserRecord[]>
hardDeleteUser()
hardDeleteUser(
req):Promise<void>
Defined in: auth-client/src/core/flows/admin.flow.ts:47
Parameters
req
Returns
Promise<void>
listUsers()
listUsers(
req?):Promise<ListUsersResult>
Defined in: auth-client/src/core/flows/admin.flow.ts:87
GET /admin/users — paginated list of every user the caller can
see. Optional search does a full-text match server-side (email
- display name). Page numbers are 1-indexed.
Requires an admin token (system_admin or super_admin).
Parameters
req?
ListUsersRequest = {}
Returns
Promise<ListUsersResult>
listUserSessions()
listUserSessions(
userId):Promise<SessionRecord[]>
Defined in: auth-client/src/core/flows/admin.flow.ts:141
GET /admin/users/{userId}/sessions — list every active session
for a target user. Admin-side counterpart to the self-service
getSessions() flow; lets a back-office tool surface (and
surgically terminate) a user’s sessions on their behalf.
The server returns a bare array (mirrors /auth/sessions). The
is_current flag is never set here — it’s meaningless when
the caller isn’t the session’s owner.
Requires an admin token (system_admin or super_admin).
Parameters
userId
string
Returns
Promise<SessionRecord[]>
revokeUserSessions()
revokeUserSessions(
userId):Promise<void>
Defined in: auth-client/src/core/flows/admin.flow.ts:181
POST /admin/users/{userId}/revoke-sessions — terminate every session for a target user (logout-all-for-them). Admin-side equivalent of /auth/logout/all the user might run themselves.
Revokes every refresh-token and bumps the per-user token-version so outstanding access tokens are rejected cross-replica.
Requires an admin token (system_admin or super_admin).
Parameters
userId
string
Returns
Promise<void>
setUserPassword()
setUserPassword(
userId,newPassword):Promise<void>
Defined in: auth-client/src/core/flows/admin.flow.ts:120
POST /auth/admin/set-password — set a user’s password without needing their current credentials. Authenticated admin-only.
Parameters
userId
string
newPassword
string
Returns
Promise<void>
setUserRoles()
setUserRoles(
userId,roleCodes):Promise<void>
Defined in: auth-client/src/core/flows/admin.flow.ts:107
PUT /admin/users/{userId}/roles — replace a user’s base roles
with the supplied role codes. Server validates that every code
is a known role and that the caller has the authority to grant
each (super_admin cannot grant system_admin).
Parameters
userId
string
roleCodes
string[]
Returns
Promise<void>
terminateUserSession()
terminateUserSession(
userId,sessionId):Promise<void>
Defined in: auth-client/src/core/flows/admin.flow.ts:162
DELETE /admin/users/{userId}/sessions/{sessionId} — terminate
one specific session belonging to a target user. The granular
counterpart to revokeUserSessions() (which kills every session
at once).
The server enforces that sessionId belongs to userId; an
id-mismatch returns 404 rather than silently terminating the
wrong row.
Requires an admin token (system_admin or super_admin).
Parameters
userId
string
sessionId
string
Returns
Promise<void>