Skip to content
rw3iss Auth

AppsFlow

AppsFlow

Defined in: auth-client/src/core/flows/apps.flow.ts:39

Constructors

Constructor

new AppsFlow(deps): AppsFlow

Defined in: auth-client/src/core/flows/apps.flow.ts:40

Parameters

deps

FlowDeps

Returns

AppsFlow

Methods

create()

create(body): Promise<AppRecord>

Defined in: auth-client/src/core/flows/apps.flow.ts:121

POST /admin/apps — register a new consuming app. system_admin only.

Parameters

body

CreateAppRequest

Returns

Promise<AppRecord>


delete()

delete(appId): Promise<void>

Defined in: auth-client/src/core/flows/apps.flow.ts:156

DELETE /admin/apps/{appId} — soft-delete. The row stays in the DB for audit; user_apps memberships are NOT auto-revoked. To fully revoke access for a user, call DELETE /admin/users/{userId}/apps/{appId} (RevokeUserApp).

Parameters

appId

string

Returns

Promise<void>


get()

get(appId): Promise<AppRecord>

Defined in: auth-client/src/core/flows/apps.flow.ts:111

GET /admin/apps/{appId} — single app row.

Parameters

appId

string

Returns

Promise<AppRecord>


getRegistrationPolicy()

getRegistrationPolicy(appCode): Promise<RegistrationPolicy>

Defined in: auth-client/src/core/flows/apps.flow.ts:101

GET /apps/{code}/registration-policy — the PUBLIC (anonymous) registration policy: UX hints a login/register form reads BEFORE submit (pre-filter SSO buttons, show domain hints). The server re-enforces on the actual register call — client signal is UX only, never security. Throws if the app code is unknown.

Parameters

appCode

string

Returns

Promise<RegistrationPolicy>


grantUser()

grantUser(userId, appId): Promise<void>

Defined in: auth-client/src/core/flows/apps.flow.ts:74

POST /admin/users/{userId}/apps/{appId} — grant app access (user_apps row). Idempotent — re-grants reactivate a revoked row.

Parameters

userId

string

appId

string

Returns

Promise<void>


list()

list(): Promise<AppRecord[]>

Defined in: auth-client/src/core/flows/apps.flow.ts:47

GET /admin/apps — every non-deleted app in the system. Returns an array (the server wraps it as { apps: [...] }; we unwrap here for the canonical SDK shape).

Returns

Promise<AppRecord[]>


listForUser()

listForUser(userId): Promise<AppRecord[]>

Defined in: auth-client/src/core/flows/apps.flow.ts:61

GET /admin/users/{userId}/apps — admin view of a user’s active app memberships (same shape as /me/apps). Pair with grantUserApp / revokeUserApp for management.

Parameters

userId

string

Returns

Promise<AppRecord[]>


revokeUser()

revokeUser(userId, appId): Promise<void>

Defined in: auth-client/src/core/flows/apps.flow.ts:86

DELETE /admin/users/{userId}/apps/{appId} — revoke app access. Identity (pools, roles, other apps) is untouched.

Parameters

userId

string

appId

string

Returns

Promise<void>


update()

update(appId, body): Promise<AppRecord>

Defined in: auth-client/src/core/flows/apps.flow.ts:140

PATCH /admin/apps/{appId} — partial update. Only fields in the body get applied; everything else is preserved.

To disable an app, pass { status: 'disabled' }. Disabling doesn’t currently revoke outstanding access tokens for that app — they expire naturally at their exp. Refresh requests against a disabled app are rejected by the auth-server.

Parameters

appId

string

body

UpdateAppRequest

Returns

Promise<AppRecord>