search

teamhanko / passkeys

FIDO2-certified passkey server and SDKs for adding passkey support to any auth system
https://hanko.io/passkey-api
GNU Affero General Public License v3.0
125 stars 10 forks source link

Add endpoint in admin api to list/delete users #22

Closed FreddyDevelop closed 5 months ago

FreddyDevelop commented 11 months ago

Add an endpoint to the admin API to list, get and delete users (including the credentials).

shentschel commented 11 months ago

A question for clarification: As we want to introduce transactions in #23, do we also want to be able to delete users who made a transaction? Without the user we would loose some information about the person who initiated the transaction. I don't know which impact this will have on regulations and their compliance.

FreddyDevelop commented 11 months ago

I would say yes, you can delete a user with transactions but I also think we need a way to get those transaction data. Then we can show (e.g. in Hanko Cloud) that a user has transactions and the Hanko Cloud user must confirm that he really wants to delete the user. This way we can also allow the Hanko Cloud user to download the transactions for the user before he deletes the user. What do you think @FlxMgdnz?

Also forgot to mention, each credential from each user should also be deletable from the admin api.

FlxMgdnz commented 11 months ago

User deletion seems reasonable. I assume there's still an immutable audit log entry for each transaction, right?

shentschel commented 11 months ago

there will be one, yes but we only persist the userId in that audit log entry. Information like userName/displayname will be lost on delete.