AppsFlow
AppsFlow
Defined in: auth-client/src/core/flows/apps.flow.ts:39
Constructors
Constructor
new AppsFlow(
deps):AppsFlow
Defined in: auth-client/src/core/flows/apps.flow.ts:40
Parameters
deps
Returns
AppsFlow
Methods
create()
create(
body):Promise<AppRecord>
Defined in: auth-client/src/core/flows/apps.flow.ts:121
POST /admin/apps — register a new consuming app. system_admin only.
Parameters
body
Returns
Promise<AppRecord>
delete()
delete(
appId):Promise<void>
Defined in: auth-client/src/core/flows/apps.flow.ts:156
DELETE /admin/apps/{appId} — soft-delete. The row stays in the
DB for audit; user_apps memberships are NOT auto-revoked.
To fully revoke access for a user, call
DELETE /admin/users/{userId}/apps/{appId} (RevokeUserApp).
Parameters
appId
string
Returns
Promise<void>
get()
get(
appId):Promise<AppRecord>
Defined in: auth-client/src/core/flows/apps.flow.ts:111
GET /admin/apps/{appId} — single app row.
Parameters
appId
string
Returns
Promise<AppRecord>
getRegistrationPolicy()
getRegistrationPolicy(
appCode):Promise<RegistrationPolicy>
Defined in: auth-client/src/core/flows/apps.flow.ts:101
GET /apps/{code}/registration-policy — the PUBLIC (anonymous) registration policy: UX hints a login/register form reads BEFORE submit (pre-filter SSO buttons, show domain hints). The server re-enforces on the actual register call — client signal is UX only, never security. Throws if the app code is unknown.
Parameters
appCode
string
Returns
Promise<RegistrationPolicy>
grantUser()
grantUser(
userId,appId):Promise<void>
Defined in: auth-client/src/core/flows/apps.flow.ts:74
POST /admin/users/{userId}/apps/{appId} — grant app access (user_apps row). Idempotent — re-grants reactivate a revoked row.
Parameters
userId
string
appId
string
Returns
Promise<void>
list()
list():
Promise<AppRecord[]>
Defined in: auth-client/src/core/flows/apps.flow.ts:47
GET /admin/apps — every non-deleted app in the system.
Returns an array (the server wraps it as { apps: [...] };
we unwrap here for the canonical SDK shape).
Returns
Promise<AppRecord[]>
listForUser()
listForUser(
userId):Promise<AppRecord[]>
Defined in: auth-client/src/core/flows/apps.flow.ts:61
GET /admin/users/{userId}/apps — admin view of a user’s active app memberships (same shape as /me/apps). Pair with grantUserApp / revokeUserApp for management.
Parameters
userId
string
Returns
Promise<AppRecord[]>
revokeUser()
revokeUser(
userId,appId):Promise<void>
Defined in: auth-client/src/core/flows/apps.flow.ts:86
DELETE /admin/users/{userId}/apps/{appId} — revoke app access. Identity (pools, roles, other apps) is untouched.
Parameters
userId
string
appId
string
Returns
Promise<void>
update()
update(
appId,body):Promise<AppRecord>
Defined in: auth-client/src/core/flows/apps.flow.ts:140
PATCH /admin/apps/{appId} — partial update. Only fields in the
body get applied; everything else is preserved.
To disable an app, pass { status: 'disabled' }. Disabling
doesn’t currently revoke outstanding access tokens for that
app — they expire naturally at their exp. Refresh requests
against a disabled app are rejected by the auth-server.
Parameters
appId
string
body
Returns
Promise<AppRecord>