Skip to content
rw3iss Auth

UsersModule

UsersModule

Defined in: auth-client/src/core/modules/users.module.ts:15

Constructors

Constructor

new UsersModule(ctx): UsersModule

Defined in: auth-client/src/core/modules/users.module.ts:16

Parameters

ctx

ModuleContext

Returns

UsersModule

Methods

getOrganizations()

getOrganizations(userId): Promise<AdminUserOrgMembership[]>

Defined in: auth-client/src/core/modules/users.module.ts:44

GET /admin/users/{id}/organizations — a user’s org memberships.

Parameters

userId

string

Returns

Promise<AdminUserOrgMembership[]>


hardDelete()

hardDelete(params): Promise<void>

Defined in: auth-client/src/core/modules/users.module.ts:107

Hard-delete a user (AUDIT C8). system_admin only — server-side gate.

Parameters

params
reason

string

userId

string

Returns

Promise<void>


impersonate()

impersonate(params): Promise<AuthResponse>

Defined in: auth-client/src/core/modules/users.module.ts:101

Impersonate another user (AUDIT C7). The caller’s token must carry a role authorized for impersonation (system_admin / super_admin anywhere, org_admin within their org). On success, the SDK swaps in the new token pair so subsequent requests act as the target.

Parameters

params

ImpersonateParams

Returns

Promise<AuthResponse>


list()

list(req?): Promise<ListUsersResult>

Defined in: auth-client/src/core/modules/users.module.ts:19

GET /admin/users — paginated list. Admin only.

Parameters

req?

ListUsersRequest

Returns

Promise<ListUsersResult>


listRoles()

listRoles(userId): Promise<UserRoleRecord[]>

Defined in: auth-client/src/core/modules/users.module.ts:50

GET /admin/users/{id}/roles — list a target user’s current base roles. Admin only.

Parameters

userId

string

Returns

Promise<UserRoleRecord[]>


listSessions()

listSessions(userId): Promise<SessionRecord[]>

Defined in: auth-client/src/core/modules/users.module.ts:72

GET /admin/users/{userId}/sessions — list a target user’s active sessions. Admin only. See getSessions() for the self-service equivalent.

Parameters

userId

string

Returns

Promise<SessionRecord[]>


lookup()

lookup(req): Promise<LookupUserRecord[]>

Defined in: auth-client/src/core/modules/users.module.ts:35

Bulk-resolve users by email and/or id in a single call. Admin only (system_admin or super_admin); 403 otherwise. Either input array may be omitted; both empty returns an empty array.

Use this when a back-office tool needs to render N users from a mix of identifiers — e.g. “look up these 30 emails” — instead of issuing N separate /admin/users requests.

Parameters

req
emails?

string[]

ids?

string[]

Returns

Promise<LookupUserRecord[]>


revokeSessions()

revokeSessions(userId): Promise<void>

Defined in: auth-client/src/core/modules/users.module.ts:92

POST /admin/users/{userId}/revoke-sessions — terminate every session for a target user. Admin only. Equivalent of logoutAll() applied to someone else.

Parameters

userId

string

Returns

Promise<void>


setPassword()

setPassword(userId, newPassword): Promise<void>

Defined in: auth-client/src/core/modules/users.module.ts:62

POST /auth/admin/set-password — reset a user’s password. Admin only.

Parameters

userId

string

newPassword

string

Returns

Promise<void>


setRoles()

setRoles(userId, roleCodes): Promise<void>

Defined in: auth-client/src/core/modules/users.module.ts:56

PUT /admin/users/{id}/roles — replace base roles. Admin only.

Parameters

userId

string

roleCodes

string[]

Returns

Promise<void>


terminateSession()

terminateSession(userId, sessionId): Promise<void>

Defined in: auth-client/src/core/modules/users.module.ts:82

DELETE /admin/users/{userId}/sessions/{sessionId} — terminate one specific session belonging to a target user. Admin only. Granular counterpart to adminRevokeUserSessions().

Parameters

userId

string

sessionId

string

Returns

Promise<void>