Expand description
Cross-cutting admin HTTP API.
Phase 8b adds admin endpoints for user / session / Zanzibar / key
management. Each endpoint requires an admin api-key (compared in
constant time against crate::state::AdminApiKeys) — same auth
pattern as crate::oidc_provider::admin.
Surface (mounted under /api/v1/engine/auth/ by the engine, so the
actual paths are /api/v1/engine/auth/admin/...):
-
GET /admin/users?limit=&offset=&search= -
POST /admin/users→ mint user -
GET /admin/users/{id}→ user + linked passkeys + sessions + upstream -
PUT /admin/users/{id}→ update email / display_name / verified -
DELETE /admin/users/{id}→ cascade delete via FKs -
POST /admin/users/{id}/password-reset→ set new password (admin override) -
GET /admin/sessions?limit=&offset=&user_id= -
DELETE /admin/sessions/{id} -
DELETE /admin/sessions/by-user/{user_id}→ revoke all -
GET /admin/biscuit→ active root key info (kid + public PEM) -
GET /admin/jwks→ JWKS public document (proxy /well-known) -
GET /admin/zanzibar/namespaces -
POST /admin/zanzibar/namespaces→ define / replace schema -
GET /admin/zanzibar/namespaces/{name} -
POST /admin/zanzibar/tuples→ write -
DELETE /admin/zanzibar/tuples→ delete -
POST /admin/zanzibar/check→ permission check -
POST /admin/zanzibar/expand→ userset tree -
GET /admin/audit?limit=&offset=&actor=&action=→ empty response today (audit table is deferred per V1 schema notes)
Structs§
- Audit
Response - Biscuit
Info - Check
Body - Check
Response - Create
User Body - Expand
Body - List
Audit Query - List
Sessions Query - List
Sessions Response - List
Users Query - List
Users Response - Passkey
Summary - Password
Reset Body - Revoke
AllResponse - Tuple
Body - Update
User Body - Upstream
Link - User
Detail Response
Functions§
- router
- Build the cross-cutting admin router. Generic over a parent state
Sfrom whichAuthCtxandAdminApiKeyscan be extracted viaaxum::extract::FromRef.