Class: Supabase::Auth::AdminApi

Inherits:

Api

• Object
• Api
• Supabase::Auth::AdminApi

Defined in:

lib/supabase/auth/admin_api.rb

Overview

Admin API for managing users with a service role key. Provides CRUD operations on users, link generation, and MFA management.

Direct Known Subclasses

Supabase::Auth::Async::AdminApi

Constant Summary

Constants inherited from Api

Supabase::Auth::Api::CONTENT_TYPE, Supabase::Auth::Api::UUID_REGEX

Instance Attribute Summary

• #mfa ⇒ AdminMfaApi readonly

  MFA administration accessor.

• #oauth ⇒ AdminOAuthApi readonly

  OAuth 2.1 client administration accessor.

Attributes inherited from Api

#headers, #url

Instance Method Summary

• #_create_oauth_client(params) ⇒ Types::OAuthClientResponse

  Creates a new OAuth client.

• #_delete_factor(params) ⇒ Types::AuthMFAAdminDeleteFactorResponse

  Deletes an MFA factor for a user (admin).

• #_delete_oauth_client(client_id) ⇒ Object

  Deletes an OAuth client.

• #_get_oauth_client(client_id) ⇒ Types::OAuthClientResponse

  Gets details of a specific OAuth client.

• #_list_factors(params) ⇒ Types::AuthMFAAdminListFactorsResponse

  Lists MFA factors for a user (admin).

• #_list_oauth_clients(params = nil) ⇒ Types::OAuthClientListResponse

  Lists OAuth clients with optional pagination.

• #_regenerate_oauth_client_secret(client_id) ⇒ Types::OAuthClientResponse

  Regenerates the secret for an OAuth client.

• #_update_oauth_client(client_id, params) ⇒ Types::OAuthClientResponse

  Updates an OAuth client.

• #create_user(attributes) ⇒ Types::UserResponse

  Creates a new user via the admin API.

• #delete_user(uid, should_soft_delete: false) ⇒ Object

  Deletes a user by their ID.

• #generate_link(params) ⇒ Object

  Generates email links and OTPs.

• #get_user_by_id(uid) ⇒ Types::UserResponse

  Gets a user by their ID.

• #initialize(url:, headers: {}, http_client: nil, verify: true, proxy: nil, timeout: nil) ⇒ AdminApi constructor

  A new instance of AdminApi.

• #invite_user_by_email(email, options = {}) ⇒ Object

  Invites a user by email.

• #list_users(page: nil, per_page: nil) ⇒ Array<Types::User>

  Lists all users.

• #sign_out(access_token, scope = "global") ⇒ Object

  Signs out a user by revoking their session via the admin API.

• #update_user_by_id(uid, attributes) ⇒ Types::UserResponse

  Updates a user by their ID.

Methods inherited from Api

#_request, #_validate_uuid, #delete, #get, #post, #put

Constructor Details

#initialize(url:, headers: {}, http_client: nil, verify: true, proxy: nil, timeout: nil) ⇒ AdminApi

Returns a new instance of AdminApi.

Parameters:

• url (String) —

  The GoTrue API base URL

• headers (Hash) (defaults to: {}) —

  Headers including Authorization bearer token

• http_client (Faraday::Connection, nil) (defaults to: nil) —

  Optional custom Faraday client

• verify (Boolean) (defaults to: true) —

  Verify TLS certificates (default true)

• proxy (String, nil) (defaults to: nil) —

  HTTP proxy URL

• timeout (Numeric, nil) (defaults to: nil) —

  Per-request timeout in seconds

# File 'lib/supabase/auth/admin_api.rb', line 22

def initialize(url:, headers: {}, http_client: nil, verify: true, proxy: nil, timeout: nil)
  super(url: url, headers: headers, http_client: http_client, verify: verify, proxy: proxy, timeout: timeout)
  @oauth = AdminOAuthApi.new(self)
  @mfa = AdminMfaApi.new(self)
end

Instance Attribute Details

#mfa ⇒ AdminMfaApi (readonly)

Returns MFA administration accessor.

Returns:

• (AdminMfaApi) —

  MFA administration accessor

# File 'lib/supabase/auth/admin_api.rb', line 14

def mfa
  @mfa
end

#oauth ⇒ AdminOAuthApi (readonly)

Returns OAuth 2.1 client administration accessor.

Returns:

• (AdminOAuthApi) —

  OAuth 2.1 client administration accessor

# File 'lib/supabase/auth/admin_api.rb', line 11

def oauth
  @oauth
end

Instance Method Details

#_create_oauth_client(params) ⇒ Types::OAuthClientResponse

Creates a new OAuth client. Only relevant when the OAuth 2.1 server is enabled.

Parameters:

• params (Hash) —

  OAuth client attributes (client_name, redirect_uris, etc.)

Returns:

• (Types::OAuthClientResponse)

# File 'lib/supabase/auth/admin_api.rb', line 177

def _create_oauth_client(params)
  data = post("admin/oauth/clients", body: params)
  Types::OAuthClientResponse.new(client: Types::OAuthClient.from_hash(data))
end

#_delete_factor(params) ⇒ Types::AuthMFAAdminDeleteFactorResponse

Deletes an MFA factor for a user (admin).

Parameters:

• params (Hash) —

  :user_id and :id (both required)

Returns:

• (Types::AuthMFAAdminDeleteFactorResponse)

# File 'lib/supabase/auth/admin_api.rb', line 124

def _delete_factor(params)
  user_id = params[:user_id] || params["user_id"]
  factor_id = params[:id] || params["id"]
  _validate_uuid(user_id)
  _validate_uuid(factor_id)
  data = delete("admin/users/#{user_id}/factors/#{factor_id}")
  Types::AuthMFAAdminDeleteFactorResponse.from_hash(data)
end

#_delete_oauth_client(client_id) ⇒ Object

Deletes an OAuth client.

Parameters:

• client_id (String) —

  OAuth client UUID

Raises:

• (ArgumentError) —

  if client_id is not a valid UUID

# File 'lib/supabase/auth/admin_api.rb', line 206

def _delete_oauth_client(client_id)
  _validate_uuid(client_id)
  _request("DELETE", "admin/oauth/clients/#{client_id}")
end

#_get_oauth_client(client_id) ⇒ Types::OAuthClientResponse

Gets details of a specific OAuth client.

Parameters:

• client_id (String) —

  OAuth client UUID

Returns:

• (Types::OAuthClientResponse)

Raises:

• (ArgumentError) —

  if client_id is not a valid UUID

# File 'lib/supabase/auth/admin_api.rb', line 186

def _get_oauth_client(client_id)
  _validate_uuid(client_id)
  data = get("admin/oauth/clients/#{client_id}")
  Types::OAuthClientResponse.new(client: Types::OAuthClient.from_hash(data))
end

#_list_factors(params) ⇒ Types::AuthMFAAdminListFactorsResponse

Lists MFA factors for a user (admin).

Parameters:

• params (Hash) —

  :user_id (required)

Returns:

• (Types::AuthMFAAdminListFactorsResponse)

# File 'lib/supabase/auth/admin_api.rb', line 114

def _list_factors(params)
  user_id = params[:user_id] || params["user_id"]
  _validate_uuid(user_id)
  data = get("admin/users/#{user_id}/factors")
  Types::AuthMFAAdminListFactorsResponse.from_hash(data)
end

#_list_oauth_clients(params = nil) ⇒ Types::OAuthClientListResponse

Lists OAuth clients with optional pagination. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

Parameters:

• params (Hash, Types::PageParams, nil) (defaults to: nil) —

  optional :page and :per_page

Returns:

• (Types::OAuthClientListResponse)

# File 'lib/supabase/auth/admin_api.rb', line 137

def _list_oauth_clients(params = nil)
  query = {}
  if params
    page = params[:page] || params["page"]
    per_page = params[:per_page] || params["per_page"]
    query[:page] = page if page
    query[:per_page] = per_page if per_page
  end

  response = _request("GET", "admin/oauth/clients", params: query, no_resolve_json: true)
  body = response.body.is_a?(String) ? JSON.parse(response.body) : (response.body || {})
  result = Types::OAuthClientListResponse.from_hash(body)

  total = response.headers["x-total-count"] || response.headers["X-Total-Count"]
  result.total = total.to_i if total

  links = response.headers["link"] || response.headers["Link"]
  if links
    links.split(",").each do |link|
      parts = link.split(";")
      next unless parts.length >= 2

      page_match = parts[0].split("page=")
      next unless page_match.length >= 2

      page_num = page_match[1].split("&")[0].sub(/>$/, "").to_i
      rel = parts[1].split("=")[1].to_s.delete('"').strip
      case rel
      when "next" then result.next_page = page_num
      when "last" then result.last_page = page_num
      end
    end
  end

  result
end

#_regenerate_oauth_client_secret(client_id) ⇒ Types::OAuthClientResponse

Regenerates the secret for an OAuth client.

Parameters:

• client_id (String) —

  OAuth client UUID

Returns:

• (Types::OAuthClientResponse)

Raises:

• (ArgumentError) —

  if client_id is not a valid UUID

# File 'lib/supabase/auth/admin_api.rb', line 215

def _regenerate_oauth_client_secret(client_id)
  _validate_uuid(client_id)
  data = post("admin/oauth/clients/#{client_id}/regenerate_secret")
  Types::OAuthClientResponse.new(client: Types::OAuthClient.from_hash(data))
end

#_update_oauth_client(client_id, params) ⇒ Types::OAuthClientResponse

Updates an OAuth client.

Parameters:

• client_id (String) —

  OAuth client UUID

• params (Hash) —

  attributes to update

Returns:

• (Types::OAuthClientResponse)

Raises:

• (ArgumentError) —

  if client_id is not a valid UUID

# File 'lib/supabase/auth/admin_api.rb', line 197

def _update_oauth_client(client_id, params)
  _validate_uuid(client_id)
  data = put("admin/oauth/clients/#{client_id}", body: params)
  Types::OAuthClientResponse.new(client: Types::OAuthClient.from_hash(data))
end

#create_user(attributes) ⇒ Types::UserResponse

Creates a new user via the admin API.

Parameters:

• attributes (Hash) —

  user attributes (email, password, user_metadata, app_metadata, etc.)

Returns:

• (Types::UserResponse)

# File 'lib/supabase/auth/admin_api.rb', line 31

def create_user(attributes)
  data = post("admin/users", body: attributes)
  Helpers.parse_user_response(data)
end

#delete_user(uid, should_soft_delete: false) ⇒ Object

Deletes a user by their ID.

Parameters:

• uid (String) —

  user UUID

• should_soft_delete (Boolean) (defaults to: false) —

  soft delete instead of hard delete

Raises:

• (ArgumentError) —

  if uid is not a valid UUID

# File 'lib/supabase/auth/admin_api.rb', line 74

def delete_user(uid, should_soft_delete: false)
  _validate_uuid(uid)
  _request("DELETE", "admin/users/#{uid}", body: { should_soft_delete: should_soft_delete })
end

#generate_link(params) ⇒ Object

Generates email links and OTPs.

# File 'lib/supabase/auth/admin_api.rb', line 80

def generate_link(params)
  options = params[:options] || params["options"] || {}
  body = {
    type: params[:type] || params["type"],
    email: params[:email] || params["email"],
    password: params[:password] || params["password"],
    new_email: params[:new_email] || params["new_email"],
    data: options[:data] || options["data"]
  }
  redirect_to = options[:redirect_to] || options["redirect_to"]
  query = {}
  query["redirect_to"] = redirect_to if redirect_to
  data = post("admin/generate_link", body: body, params: query)
  Helpers.parse_link_response(data)
end

#get_user_by_id(uid) ⇒ Types::UserResponse

Gets a user by their ID.

Parameters:

• uid (String) —

  user UUID

Returns:

• (Types::UserResponse)

Raises:

• (ArgumentError) —

  if uid is not a valid UUID

# File 'lib/supabase/auth/admin_api.rb', line 53

def get_user_by_id(uid)
  _validate_uuid(uid)
  data = get("admin/users/#{uid}")
  Helpers.parse_user_response(data)
end

#invite_user_by_email(email, options = {}) ⇒ Object

Invites a user by email.

# File 'lib/supabase/auth/admin_api.rb', line 97

def invite_user_by_email(email, options = {})
  body = { email: email, data: options[:data] || options["data"] }
  redirect_to = options[:redirect_to] || options["redirect_to"]
  query = {}
  query["redirect_to"] = redirect_to if redirect_to
  data = post("invite", body: body, params: query)
  Helpers.parse_user_response(data)
end

#list_users(page: nil, per_page: nil) ⇒ Array<Types::User>

Lists all users.

Parameters:

• page (Integer, nil) (defaults to: nil) —

  page number

• per_page (Integer, nil) (defaults to: nil) —

  users per page

Returns:

• (Array<Types::User>)

# File 'lib/supabase/auth/admin_api.rb', line 40

def list_users(page: nil, per_page: nil)
  params = {}
  params[:page] = page if page
  params[:per_page] = per_page if per_page
  data = get("admin/users", params: params)
  users = data["users"] || []
  users.map { |u| Types::User.from_hash(u) }
end

#sign_out(access_token, scope = "global") ⇒ Object

Signs out a user by revoking their session via the admin API.

# File 'lib/supabase/auth/admin_api.rb', line 107

def sign_out(access_token, scope = "global")
  _request("POST", "logout", jwt: access_token, params: { "scope" => scope }, no_resolve_json: true)
end

#update_user_by_id(uid, attributes) ⇒ Types::UserResponse

Updates a user by their ID.

Parameters:

• uid (String) —

  user UUID

• attributes (Hash) —

  attributes to update

Returns:

• (Types::UserResponse)

Raises:

• (ArgumentError) —

  if uid is not a valid UUID

# File 'lib/supabase/auth/admin_api.rb', line 64

def update_user_by_id(uid, attributes)
  _validate_uuid(uid)
  data = put("admin/users/#{uid}", body: attributes)
  Helpers.parse_user_response(data)
end