AdminOperations
Package: @nauth-toolkit/client
Type: Class
Admin operations service for user and system management. Provides admin-level operations including user CRUD, password management, session control, MFA management, and audit history.
import { AdminOperations } from '@nauth-toolkit/client';
Access
Admin operations are accessed via the admin property on NAuthClient:
const client = new NAuthClient({
baseUrl: 'https://api.example.com/auth',
tokenDelivery: 'cookies',
admin: {
pathPrefix: '/admin',
},
});
// Access admin operations
const users = await client.admin.getUsers({ page: 1 });
User Management
createUser()
Create a new user (admin operation). Allows creating users with pre-verified email/phone, auto-generated passwords, and force password change flag.
async createUser(request: AdminSignupRequest): Promise<AdminSignupResponse>
Parameters
request-AdminSignupRequest
Returns
AdminSignupResponse- Created user and optional generated password
Example
const result = await client.admin.createUser({
email: 'user@example.com',
password: 'SecurePass123!',
isEmailVerified: true,
});
// With auto-generated password
const result = await client.admin.createUser({
email: 'user@example.com',
generatePassword: true,
mustChangePassword: true,
});
console.log('Generated password:', result.generatedPassword);
importSocialUser()
Import social user (admin operation). Imports existing social users from external platforms (e.g., Cognito, Auth0) with social account linkage.
async importSocialUser(request: AdminSignupSocialRequest): Promise<AdminSignupSocialResponse>
Parameters
request-AdminSignupSocialRequest
Returns
AdminSignupSocialResponse- Created user and social account info
Example
const result = await client.admin.importSocialUser({
email: 'user@example.com',
provider: 'google',
providerId: 'google_12345',
providerEmail: 'user@gmail.com',
});
getUsers()
Get users with filters and pagination.
async getUsers(params?: GetUsersRequest): Promise<GetUsersResponse>
Parameters
params-GetUsersRequest- Filter and pagination params. Optional, defaults to{}.
Returns
GetUsersResponse- Paginated user list
Example
const result = await client.admin.getUsers({
page: 1,
limit: 20,
isEmailVerified: true,
mfaEnabled: false,
sortBy: 'createdAt',
sortOrder: 'DESC',
});
getUser()
Get user by sub (UUID).
async getUser(sub: string): Promise<AuthUser>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
Returns
AuthUser- User object
Example
const user = await client.admin.getUser('a21b654c-2746-4168-acee-c175083a65cd');
deleteUser()
Delete user with cascade cleanup.
async deleteUser(sub: string): Promise<DeleteUserResponse>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
Returns
DeleteUserResponse- Deletion confirmation with cascade counts
Example
const result = await client.admin.deleteUser('user-uuid');
console.log('Deleted records:', result.deletedRecords);
disableUser()
Disable user account (permanent lock).
async disableUser(sub: string, reason?: string): Promise<DisableUserResponse>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
reason | string | Optional reason for disabling. |
Returns
DisableUserResponse- Disable confirmation with revoked session count
Example
const result = await client.admin.disableUser('user-uuid', 'Account compromised');
console.log('Revoked sessions:', result.revokedSessions);
enableUser()
Enable (unlock) user account.
async enableUser(sub: string): Promise<EnableUserResponse>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
Returns
EnableUserResponse- Enable confirmation with updated user
Example
const result = await client.admin.enableUser('user-uuid');
console.log('User enabled:', result.user);
Password Management
forcePasswordChange()
Force password change on next login.
async forcePasswordChange(sub: string): Promise<{ success: boolean }>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
Returns
| Property | Type | Description |
|---|---|---|
success | boolean | Success confirmation |
Example
await client.admin.forcePasswordChange('user-uuid');
setPassword()
Set password for any user (admin operation).
async setPassword(identifier: string, newPassword: string): Promise<{ success: boolean }>
Parameters
| Parameter | Type | Description |
|---|---|---|
identifier | string | User email, username, or phone |
newPassword | string | New password |
Returns
| Property | Type | Description |
|---|---|---|
success | boolean | Success confirmation |
Example
await client.admin.setPassword('user@example.com', 'NewSecurePass123!');
initiatePasswordReset()
Initiate password reset workflow (sends code/link to user).
async initiatePasswordReset(request: AdminResetPasswordRequest): Promise<AdminResetPasswordResponse>
Parameters
request-AdminResetPasswordRequest
Returns
AdminResetPasswordResponse- Reset confirmation with delivery details
Example
const result = await client.admin.initiatePasswordReset({
sub: 'user-uuid',
deliveryMethod: 'email',
baseUrl: 'https://myapp.com/reset-password',
reason: 'User requested password reset',
});
console.log('Code sent to:', result.destination);
Session Management
getUserSessions()
Get all sessions for a user.
async getUserSessions(sub: string): Promise<GetUserSessionsResponse>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
Returns
GetUserSessionsResponse- User sessions
Example
const result = await client.admin.getUserSessions('user-uuid');
console.log('Active sessions:', result.sessions);
logoutAllSessions()
Logout all sessions for a user (admin-initiated).
async logoutAllSessions(sub: string, forgetDevices?: boolean): Promise<{ revokedCount: number }>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
forgetDevices | boolean | If true, also revokes all trusted devices. Default: false. |
Returns
| Property | Type | Description |
|---|---|---|
revokedCount | number | Number of sessions revoked |
Example
const result = await client.admin.logoutAllSessions('user-uuid', true);
console.log(`Revoked ${result.revokedCount} sessions`);
MFA Management
getMfaStatus()
Get MFA status for a user.
async getMfaStatus(sub: string): Promise<MFAStatus>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
Returns
MFAStatus- MFA status
Example
const status = await client.admin.getMfaStatus('user-uuid');
console.log('MFA enabled:', status.enabled);
getMfaDevices()
Get all MFA devices for a user.
async getMfaDevices(sub: string): Promise<GetMFADevicesResponse>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
Returns
| Property | Type | Description |
|---|---|---|
devices | MFADevice[] | Array of user's MFA devices |
Each device contains:
| Property | Type | Description |
|---|---|---|
id | number | Device ID |
type | string | Device type (totp, sms, email, passkey) |
name | string | Device name |
isPreferred | boolean | Whether this is the preferred device |
isActive | boolean | Whether the device is active |
createdAt | Date | Device creation timestamp |
Example
const result = await client.admin.getMfaDevices('user-uuid');
console.log('Devices:', result.devices);
// [{ id: 1, name: 'Google Authenticator', type: 'totp', isPreferred: true, ... }]
removeMfaDeviceById()
Remove a single MFA device by device ID.
async removeMfaDeviceById(deviceId: number): Promise<RemoveMFADeviceResponse>
Parameters
| Parameter | Type | Description |
|---|---|---|
deviceId | number | MFA device ID |
Returns
| Property | Type | Description |
|---|---|---|
removedDeviceId | number | ID of the removed device |
removedMethod | string | Type of the removed device |
mfaDisabled | boolean | Whether MFA was disabled (last device) |
Example
const result = await client.admin.removeMfaDeviceById(123);
console.log('Removed:', result.removedDeviceId);
setPreferredMfaDevice()
Set a specific device as the user's preferred MFA device.
async setPreferredMfaDevice(
sub: string,
deviceId: number
): Promise<{ message: string }>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
deviceId | number | Device ID to set as preferred |
Returns
| Property | Type | Description |
|---|---|---|
message | string | Success message |
Example
// First get devices to find the ID
const devices = await client.admin.getMfaDevices('user-uuid');
const totpDevice = devices.devices.find(d => d.type === 'totp');
// Set as preferred
await client.admin.setPreferredMfaDevice('user-uuid', totpDevice.id);
setMfaExemption()
Grant or revoke MFA exemption for a user.
async setMfaExemption(
sub: string,
exempt: boolean,
reason?: string
): Promise<{ message: string }>
Parameters
| Parameter | Type | Description |
|---|---|---|
sub | string | User UUID |
exempt | boolean | true to exempt from MFA, false to require |
reason | string | Optional reason for exemption. |
Returns
| Property | Type | Description |
|---|---|---|
message | string | Success message |
Example
await client.admin.setMfaExemption('user-uuid', true, 'Service account');
Audit
getAuditHistory()
Get audit history for a user.
async getAuditHistory(params: AdminAuditHistoryRequest): Promise<AuditHistoryResponse>
Parameters
params-AdminAuditHistoryRequest- Audit history request params
Returns
AuditHistoryResponse- Paginated audit events
Example
const history = await client.admin.getAuditHistory({
sub: 'user-uuid',
page: 1,
limit: 50,
eventType: 'LOGIN_SUCCESS',
});
Related APIs
- NAuthClient - Main client class
- NAuthClientConfig - Configuration options
- NAuthClientError - Error handling