Personal Sessions: add create, list, get, revoke, regenerate Admin APIs #5141

reivilibre · 2025-10-14T11:12:11Z

Follows: #5106
Part of: #4492

This PR introduces some admin API endpoints for Personal Sessions.

add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
get: Shows the information about a personal session
list: Shows many personal sessions
revoke: Revokes a personal session, so it can't be used anymore
regenerate: Revoke the active personal access token for a session and issue a new one to replace it.

cloudflare-workers-and-pages · 2025-10-14T11:17:47Z

Deploying matrix-authentication-service-docs with Cloudflare Pages

Latest commit:	`dda3a49`
Status:	✅ Deploy successful!
Preview URL:	https://b755e684.matrix-authentication-service-docs.pages.dev
Branch Preview URL:	https://rei-pat-admin.matrix-authentication-service-docs.pages.dev

View logs

crates/storage/src/personal/access_token.rs

crates/storage/src/personal/session.rs

sandhose · 2025-10-20T16:34:45Z

crates/storage-pg/src/oauth2/client.rs

            .await?;
        }

+        // Delete any personal access tokens & sessions owned


sandhose · 2025-10-20T17:06:03Z

crates/handlers/src/admin/model.rs

+    revoked_at: Option<DateTime<Utc>>,
+
+    /// The ID of the user who owns this session (if user-owned)
+    #[schemars(with = "super::schema::Ulid")]


should be #[schemars(with = "Option<super::schema::Ulid>")] I think

hm hm, I think I got this from CompatSession, which also doesn't have the Option in the with type. Any idea if this is on purpose?

→ 6102a4b

Any idea if this is on purpose?

definitely not on purpose

crates/handlers/src/admin/v1/personal_sessions/regenerate.rs

crates/handlers/src/admin/v1/personal_sessions/list.rs

…last time

…ame as last time

sandhose

Alright, take your tick and run!

reivilibre force-pushed the rei/pat_admin branch from f35dcf8 to 8bc8857 Compare October 14, 2025 11:13

reivilibre force-pushed the rei/pat_admin branch from 8bc8857 to 3260f51 Compare October 14, 2025 11:31

reivilibre marked this pull request as ready for review October 14, 2025 11:51

reivilibre requested a review from sandhose October 14, 2025 11:51

storage: introduce find_active_for_session for PATs

34b3462

reivilibre force-pushed the rei/pat_admin branch from 5e5911c to 6dec565 Compare October 20, 2025 13:00

reivilibre changed the title ~~Personal Sessions: add create, list, get, revoke Admin APIs~~ Personal Sessions: add create, list, get, revoke, regenerate Admin APIs Oct 20, 2025

reivilibre added 4 commits October 20, 2025 14:33

storage: include PATs alongside personal sessions

98c765c

When revoking a personal session, also revoke its PAT

353d234

Delete owned PATs & personal sessions when pruning OAuth2 clients

01c89cd

Add personal session data models to admin API

2e5b386

reivilibre force-pushed the rei/pat_admin branch 2 times, most recently from 11f9074 to 9ba5df4 Compare October 20, 2025 13:44

Add personal sessions admin API

1030ec9

reivilibre force-pushed the rei/pat_admin branch from 9ba5df4 to 129b7f3 Compare October 20, 2025 13:51

reivilibre added 4 commits October 20, 2025 16:42

Add Admin API to regenerate a personal session (getting a new PAT)

4e70f83

drive-by clippy fixes

1fc8145

drive-by formatting fixes

30abb7c

drive-by update.sh chmod +x

4863026

reivilibre force-pushed the rei/pat_admin branch from 129b7f3 to 4863026 Compare October 20, 2025 15:42

sandhose requested changes Oct 20, 2025

View reviewed changes

reivilibre added 8 commits October 21, 2025 09:43

find_active_by_session: take &PersonalSession

78b010d

Add expires filter to personal sessions list

52c04c1

Make expires_in u32 and (on regenerate) not default to the same as …

ba9fc35

…last time

Use Option<Ulid> in schemars

6102a4b

axum_extra: enable query feature flag

cc57e33

Add scope filter to personal sessions list

d516b3d

fixup! Make expires_in u32 and (on regenerate) not default to the s…

a0c5583

…ame as last time

use axum_extract's version of Query everywhere

db3dcce

fixup! Add expires filter to personal sessions list

8fb0caf

reivilibre requested a review from sandhose October 21, 2025 10:35

(update JSONSchema)

dda3a49

sandhose approved these changes Oct 22, 2025

View reviewed changes

sandhose added A-Admin-API Related to the admin API T-Enhancement New feature of request labels Oct 22, 2025

reivilibre merged commit eeba7e1 into main Oct 22, 2025
32 of 36 checks passed

reivilibre deleted the rei/pat_admin branch October 22, 2025 10:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Personal Sessions: add create, list, get, revoke, regenerate Admin APIs #5141

Personal Sessions: add create, list, get, revoke, regenerate Admin APIs #5141

Uh oh!

reivilibre commented Oct 14, 2025 •

edited

Loading

Uh oh!

cloudflare-workers-and-pages bot commented Oct 14, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

sandhose Oct 20, 2025

Uh oh!

sandhose Oct 20, 2025

Uh oh!

reivilibre Oct 21, 2025

Uh oh!

reivilibre Oct 21, 2025

Uh oh!

sandhose Oct 22, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sandhose left a comment •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Personal Sessions: add create, list, get, revoke, regenerate Admin APIs #5141

Personal Sessions: add create, list, get, revoke, regenerate Admin APIs #5141

Uh oh!

Conversation

reivilibre commented Oct 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cloudflare-workers-and-pages bot commented Oct 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Deploying matrix-authentication-service-docs with Cloudflare Pages

Uh oh!

Uh oh!

Uh oh!

sandhose Oct 20, 2025

Choose a reason for hiding this comment

Uh oh!

sandhose Oct 20, 2025

Choose a reason for hiding this comment

Uh oh!

reivilibre Oct 21, 2025

Choose a reason for hiding this comment

Uh oh!

reivilibre Oct 21, 2025

Choose a reason for hiding this comment

Uh oh!

sandhose Oct 22, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sandhose left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

reivilibre commented Oct 14, 2025 •

edited

Loading

cloudflare-workers-and-pages bot commented Oct 14, 2025 •

edited

Loading

sandhose left a comment •

edited

Loading