summary refs log tree commit diff
path: root/docs/admin_api/user_admin_api.rst
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2020-11-17 10:51:25 +0000
committerGitHub <noreply@github.com>2020-11-17 10:51:25 +0000
commitf737368a26bb9eea401fcc3a5bdd7e0b59e91f09 (patch)
treeee8e6f8e971c5d9f3dd136f0c036d77245bb100d /docs/admin_api/user_admin_api.rst
parentMerge pull request #8757 from matrix-org/rav/pass_site_to_make_request (diff)
downloadsynapse-f737368a26bb9eea401fcc3a5bdd7e0b59e91f09.tar.xz
Add admin API for logging in as a user (#8617)
Diffstat (limited to 'docs/admin_api/user_admin_api.rst')
-rw-r--r--docs/admin_api/user_admin_api.rst35
1 files changed, 35 insertions, 0 deletions
diff --git a/docs/admin_api/user_admin_api.rst b/docs/admin_api/user_admin_api.rst
index d4051d0257..95b3da27c4 100644
--- a/docs/admin_api/user_admin_api.rst
+++ b/docs/admin_api/user_admin_api.rst
@@ -424,6 +424,41 @@ The following fields are returned in the JSON response body:
 - ``next_token``: integer - Indication for pagination. See above.
 - ``total`` - integer - Total number of media.
 
+Login as a user
+===============
+
+Get an access token that can be used to authenticate as that user. Useful for
+when admins wish to do actions on behalf of a user.
+
+The API is::
+
+    POST /_synapse/admin/v1/users/<user_id>/login
+    {}
+
+An optional ``valid_until_ms`` field can be specified in the request body as an
+integer timestamp that specifies when the token should expire. By default tokens
+do not expire.
+
+A response body like the following is returned:
+
+.. code:: json
+
+    {
+        "access_token": "<opaque_access_token_string>"
+    }
+
+
+This API does *not* generate a new device for the user, and so will not appear
+their ``/devices`` list, and in general the target user should not be able to
+tell they have been logged in as.
+
+To expire the token call the standard ``/logout`` API with the token.
+
+Note: The token will expire if the *admin* user calls ``/logout/all`` from any
+of their devices, but the token will *not* expire if the target user does the
+same.
+
+
 User devices
 ============