@twin.org/api-auth-entity-storage-models 0.0.3-next.2 → 0.0.3-next.21

package/README.md

@@ -1,6 +1,6 @@
-# TWIN Auth Entity Storage Models
+# TWIN API Auth Entity Storage Models
 
-Models which define the structure of the Auth Entity Storage contracts.
+This package provides contracts for authentication flows and admin user management with entity storage.
 
 ## Installation
 

package/dist/es/index.js

@@ -1,5 +1,12 @@
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
+export * from "./models/api/IAdminUserCreateRequest.js";
+export * from "./models/api/IAdminUserGetRequest.js";
+export * from "./models/api/IAdminUserGetByIdentityRequest.js";
+export * from "./models/api/IAdminUserGetResponse.js";
+export * from "./models/api/IAdminUserRemoveRequest.js";
+export * from "./models/api/IAdminUserUpdatePasswordRequest.js";
+export * from "./models/api/IAdminUserUpdateRequest.js";
 export * from "./models/api/ILoginRequest.js";
 export * from "./models/api/ILoginResponse.js";
 export * from "./models/api/ILogoutRequest.js";
@@ -8,4 +15,5 @@ export * from "./models/api/IRefreshTokenResponse.js";
 export * from "./models/api/IUpdatePasswordRequest.js";
 export * from "./models/IAuthenticationAdminComponent.js";
 export * from "./models/IAuthenticationComponent.js";
+export * from "./models/IAuthenticationUser.js";
 //# sourceMappingURL=index.js.map

package/dist/es/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sCAAsC,CAAC;AACrD,cAAc,uCAAuC,CAAC;AACtD,cAAc,wCAAwC,CAAC;AACvD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,sCAAsC,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nexport * from \"./models/api/ILoginRequest.js\";\nexport * from \"./models/api/ILoginResponse.js\";\nexport * from \"./models/api/ILogoutRequest.js\";\nexport * from \"./models/api/IRefreshTokenRequest.js\";\nexport * from \"./models/api/IRefreshTokenResponse.js\";\nexport * from \"./models/api/IUpdatePasswordRequest.js\";\nexport * from \"./models/IAuthenticationAdminComponent.js\";\nexport * from \"./models/IAuthenticationComponent.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,cAAc,yCAAyC,CAAC;AACxD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gDAAgD,CAAC;AAC/D,cAAc,uCAAuC,CAAC;AACtD,cAAc,yCAAyC,CAAC;AACxD,cAAc,iDAAiD,CAAC;AAChE,cAAc,yCAAyC,CAAC;AACxD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sCAAsC,CAAC;AACrD,cAAc,uCAAuC,CAAC;AACtD,cAAc,wCAAwC,CAAC;AACvD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,sCAAsC,CAAC;AACrD,cAAc,iCAAiC,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nexport * from \"./models/api/IAdminUserCreateRequest.js\";\nexport * from \"./models/api/IAdminUserGetRequest.js\";\nexport * from \"./models/api/IAdminUserGetByIdentityRequest.js\";\nexport * from \"./models/api/IAdminUserGetResponse.js\";\nexport * from \"./models/api/IAdminUserRemoveRequest.js\";\nexport * from \"./models/api/IAdminUserUpdatePasswordRequest.js\";\nexport * from \"./models/api/IAdminUserUpdateRequest.js\";\nexport * from \"./models/api/ILoginRequest.js\";\nexport * from \"./models/api/ILoginResponse.js\";\nexport * from \"./models/api/ILogoutRequest.js\";\nexport * from \"./models/api/IRefreshTokenRequest.js\";\nexport * from \"./models/api/IRefreshTokenResponse.js\";\nexport * from \"./models/api/IUpdatePasswordRequest.js\";\nexport * from \"./models/IAuthenticationAdminComponent.js\";\nexport * from \"./models/IAuthenticationComponent.js\";\nexport * from \"./models/IAuthenticationUser.js\";\n"]}

package/dist/es/models/IAuthenticationAdminComponent.js.map

@@ -1 +1 @@
-{"version":3,"file":"IAuthenticationAdminComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationAdminComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\n\n/**\n * Contract definition for authentication admin component.\n */\nexport interface IAuthenticationAdminComponent extends IComponent {\n\t/**\n\t * Create a login for the user.\n\t * @param email The email address for the user.\n\t * @param password The password for the user.\n\t * @param userIdentity The DID to associate with the account.\n\t * @param organizationIdentity The organization of the user.\n\t * @returns Nothing.\n\t */\n\tcreate(\n\t\temail: string,\n\t\tpassword: string,\n\t\tuserIdentity: string,\n\t\torganizationIdentity: string\n\t): Promise<void>;\n\n\t/**\n\t * Remove the current user.\n\t * @param email The email address of the user to remove.\n\t * @returns Nothing.\n\t */\n\tremove(email: string): Promise<void>;\n\n\t/**\n\t * Update the user's password.\n\t * @param email The email address of the user to update.\n\t * @param newPassword The new password for the user.\n\t * @param currentPassword The current password, optional, if supplied will check against existing.\n\t * @returns Nothing.\n\t */\n\tupdatePassword(email: string, newPassword: string, currentPassword?: string): Promise<void>;\n}\n"]}
+{"version":3,"file":"IAuthenticationAdminComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationAdminComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\nimport type { IAuthenticationUser } from \"./IAuthenticationUser.js\";\n\n/**\n * Contract definition for authentication admin component.\n */\nexport interface IAuthenticationAdminComponent extends IComponent {\n\t/**\n\t * Create a login for the user.\n\t * @param user The user to create.\n\t * @returns Nothing.\n\t */\n\tcreate(user: Omit<IAuthenticationUser, \"salt\">): Promise<void>;\n\n\t/**\n\t * Update a login for the user.\n\t * @param user The user to update.\n\t * @returns Nothing.\n\t */\n\tupdate(user: Partial<Omit<IAuthenticationUser, \"password\" | \"salt\">>): Promise<void>;\n\n\t/**\n\t * Get a user by email.\n\t * @param email The email address of the user to get.\n\t * @returns The user details.\n\t */\n\tget(email: string): Promise<Omit<IAuthenticationUser, \"password\" | \"salt\">>;\n\n\t/**\n\t * Get a user by identity.\n\t * @param identity The identity of the user to get.\n\t * @returns The user details.\n\t */\n\tgetByIdentity(identity: string): Promise<Omit<IAuthenticationUser, \"password\" | \"salt\">>;\n\n\t/**\n\t * Remove a user.\n\t * @param email The email address of the user to remove.\n\t * @returns Nothing.\n\t */\n\tremove(email: string): Promise<void>;\n\n\t/**\n\t * Update the user's password.\n\t * @param email The email address of the user to update.\n\t * @param newPassword The new password for the user.\n\t * @param currentPassword The current password, optional, if supplied will check against existing.\n\t * @returns Nothing.\n\t */\n\tupdatePassword(email: string, newPassword: string, currentPassword?: string): Promise<void>;\n}\n"]}

package/dist/es/models/IAuthenticationComponent.js.map

@@ -1 +1 @@
-{"version":3,"file":"IAuthenticationComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\n\n/**\n * Contract definition for authentication component.\n */\nexport interface IAuthenticationComponent extends IComponent {\n\t/**\n\t * Perform a login for the user.\n\t * @param email The email address for the user.\n\t * @param password The password for the user.\n\t * @returns The authentication token for the user, if it uses a mechanism with public access.\n\t */\n\tlogin(\n\t\temail: string,\n\t\tpassword: string\n\t): Promise<{\n\t\ttoken?: string;\n\t\texpiry: number;\n\t}>;\n\n\t/**\n\t * Logout the current user.\n\t * @param token The token to logout, if it uses a mechanism with public access.\n\t * @returns Nothing.\n\t */\n\tlogout(token?: string): Promise<void>;\n\n\t/**\n\t * Refresh the token.\n\t * @param token The token to refresh, if it uses a mechanism with public access.\n\t * @returns The refreshed token, if it uses a mechanism with public access.\n\t */\n\trefresh(token?: string): Promise<{\n\t\ttoken?: string;\n\t\texpiry: number;\n\t}>;\n\n\t/**\n\t * Update the user's password.\n\t * @param email The email address of the user to update.\n\t * @param currentPassword The current password for the user.\n\t * @param newPassword The new password for the user.\n\t * @returns Nothing.\n\t */\n\tupdatePassword(email: string, currentPassword: string, newPassword: string): Promise<void>;\n}\n"]}
+{"version":3,"file":"IAuthenticationComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\n\n/**\n * Contract definition for authentication component.\n */\nexport interface IAuthenticationComponent extends IComponent {\n\t/**\n\t * Perform a login for the user.\n\t * @param email The email address for the user.\n\t * @param password The password for the user.\n\t * @returns The authentication token for the user, if it uses a mechanism with public access.\n\t */\n\tlogin(\n\t\temail: string,\n\t\tpassword: string\n\t): Promise<{\n\t\ttoken?: string;\n\t\texpiry: number;\n\t}>;\n\n\t/**\n\t * Logout the current user.\n\t * @param token The token to logout, if it uses a mechanism with public access.\n\t * @returns Nothing.\n\t */\n\tlogout(token?: string): Promise<void>;\n\n\t/**\n\t * Refresh the token.\n\t * @param token The token to refresh, if it uses a mechanism with public access.\n\t * @returns The refreshed token, if it uses a mechanism with public access.\n\t */\n\trefresh(token?: string): Promise<{\n\t\ttoken?: string;\n\t\texpiry: number;\n\t}>;\n\n\t/**\n\t * Update the user's password.\n\t * @param currentPassword The current password for the user.\n\t * @param newPassword The new password for the user.\n\t * @returns Nothing.\n\t */\n\tupdatePassword(currentPassword: string, newPassword: string): Promise<void>;\n}\n"]}

package/dist/es/models/IAuthenticationUser.js

@@ -0,0 +1,4 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAuthenticationUser.js.map

package/dist/es/models/IAuthenticationUser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationUser.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationUser.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Contract definition for authentication user.\n */\nexport interface IAuthenticationUser {\n\t/**\n\t * The user e-mail address.\n\t */\n\temail: string;\n\n\t/**\n\t * The encrypted password for the user.\n\t */\n\tpassword: string;\n\n\t/**\n\t * The salt for the password.\n\t */\n\tsalt: string;\n\n\t/**\n\t * The user identity.\n\t */\n\tuserIdentity: string;\n\n\t/**\n\t * The users organization.\n\t */\n\torganizationIdentity: string;\n\n\t/**\n\t * The scope assigned to the user, comma separated.\n\t */\n\tscope: string[];\n}\n"]}

package/dist/es/models/api/IAdminUserCreateRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAdminUserCreateRequest.js.map

package/dist/es/models/api/IAdminUserCreateRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserCreateRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserCreateRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationUser } from \"../IAuthenticationUser.js\";\n\n/**\n * Create a new user as an admin.\n */\nexport interface IAdminUserCreateRequest {\n\t/**\n\t * The body of the request.\n\t */\n\tbody: Omit<IAuthenticationUser, \"salt\">;\n}\n"]}

package/dist/es/models/api/IAdminUserGetByIdentityRequest.js

@@ -0,0 +1,4 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAdminUserGetByIdentityRequest.js.map

package/dist/es/models/api/IAdminUserGetByIdentityRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserGetByIdentityRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserGetByIdentityRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Get a user as an admin.\n */\nexport interface IAdminUserGetByIdentityRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user identity.\n\t\t */\n\t\tidentity: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAdminUserGetRequest.js

@@ -0,0 +1,4 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAdminUserGetRequest.js.map

package/dist/es/models/api/IAdminUserGetRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserGetRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserGetRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Get a user as an admin.\n */\nexport interface IAdminUserGetRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAdminUserGetResponse.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAdminUserGetResponse.js.map

package/dist/es/models/api/IAdminUserGetResponse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserGetResponse.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserGetResponse.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationUser } from \"../IAuthenticationUser.js\";\n\n/**\n * Get a user as an admin.\n */\nexport interface IAdminUserGetResponse {\n\t/**\n\t * The body of the request.\n\t */\n\tbody: Omit<IAuthenticationUser, \"password\" | \"salt\">;\n}\n"]}

package/dist/es/models/api/IAdminUserRemoveRequest.js

@@ -0,0 +1,4 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAdminUserRemoveRequest.js.map

package/dist/es/models/api/IAdminUserRemoveRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserRemoveRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserRemoveRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Remove a user as an admin.\n */\nexport interface IAdminUserRemoveRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAdminUserUpdatePasswordRequest.js

@@ -0,0 +1,4 @@
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAdminUserUpdatePasswordRequest.js.map

package/dist/es/models/api/IAdminUserUpdatePasswordRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserUpdatePasswordRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserUpdatePasswordRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Update a users password as an admin.\n */\nexport interface IAdminUserUpdatePasswordRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n\n\t/**\n\t * The body of the request.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The new password for the user.\n\t\t */\n\t\tnewPassword: string;\n\n\t\t/**\n\t\t * The current password for the user.\n\t\t */\n\t\tcurrentPassword?: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAdminUserUpdateRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAdminUserUpdateRequest.js.map

package/dist/es/models/api/IAdminUserUpdateRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAdminUserUpdateRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAdminUserUpdateRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationUser } from \"../IAuthenticationUser.js\";\n\n/**\n * Update a user as an admin.\n */\nexport interface IAdminUserUpdateRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n\n\t/**\n\t * The body of the request.\n\t */\n\tbody: Partial<Omit<IAuthenticationUser, \"email\" | \"password\" | \"salt\">>;\n}\n"]}

package/dist/es/models/api/ILoginResponse.js

@@ -1,4 +1,2 @@
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
 export {};
 //# sourceMappingURL=ILoginResponse.js.map

package/dist/es/models/api/ILoginResponse.js.map

@@ -1 +1 @@
-{"version":3,"file":"ILoginResponse.js","sourceRoot":"","sources":["../../../../src/models/api/ILoginResponse.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Response from a login on the server.\n */\nexport interface ILoginResponse {\n\t/**\n\t * The login response details.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The access token, if it uses a mechanism with public access.\n\t\t */\n\t\ttoken?: string;\n\n\t\t/**\n\t\t * The expiry time of the token.\n\t\t */\n\t\texpiry: number;\n\t};\n}\n"]}
+{"version":3,"file":"ILoginResponse.js","sourceRoot":"","sources":["../../../../src/models/api/ILoginResponse.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { HeaderTypes } from \"@twin.org/web\";\n\n/**\n * Response from a login on the server.\n */\nexport interface ILoginResponse {\n\t/**\n\t * Response headers.\n\t */\n\theaders?: {\n\t\t/**\n\t\t * The cookie containing the auth token.\n\t\t */\n\t\t[HeaderTypes.SetCookie]?: string;\n\t};\n\n\t/**\n\t * The login response details.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The expiry time of the token.\n\t\t */\n\t\texpiry: number;\n\t};\n}\n"]}

package/dist/es/models/api/IRefreshTokenResponse.js

@@ -1,4 +1,2 @@
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
 export {};
 //# sourceMappingURL=IRefreshTokenResponse.js.map

package/dist/es/models/api/IRefreshTokenResponse.js.map

@@ -1 +1 @@
-{"version":3,"file":"IRefreshTokenResponse.js","sourceRoot":"","sources":["../../../../src/models/api/IRefreshTokenResponse.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Response from a refresh on the auth token.\n */\nexport interface IRefreshTokenResponse {\n\t/**\n\t * The refresh token details.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The refreshed token, if it uses a mechanism with public access.\n\t\t */\n\t\ttoken?: string;\n\n\t\t/**\n\t\t * The expiry time of the token.\n\t\t */\n\t\texpiry: number;\n\t};\n}\n"]}
+{"version":3,"file":"IRefreshTokenResponse.js","sourceRoot":"","sources":["../../../../src/models/api/IRefreshTokenResponse.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { HeaderTypes } from \"@twin.org/web\";\n\n/**\n * Response from a refresh on the auth token.\n */\nexport interface IRefreshTokenResponse {\n\t/**\n\t * Response headers.\n\t */\n\theaders?: {\n\t\t/**\n\t\t * The cookie containing the auth token.\n\t\t */\n\t\t[HeaderTypes.SetCookie]?: string;\n\t};\n\n\t/**\n\t * The refresh token details.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The expiry time of the token.\n\t\t */\n\t\texpiry: number;\n\t};\n}\n"]}

package/dist/es/models/api/IUpdatePasswordRequest.js.map

@@ -1 +1 @@
-{"version":3,"file":"IUpdatePasswordRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IUpdatePasswordRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Update a users password.\n */\nexport interface IUpdatePasswordRequest {\n\t/**\n\t * The path parameters for the request.\n\t */\n\tpathParams: {\n\t\t/**\n\t\t * The user email.\n\t\t */\n\t\temail: string;\n\t};\n\n\t/**\n\t * The body of the request.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The current password for the user.\n\t\t */\n\t\tcurrentPassword: string;\n\n\t\t/**\n\t\t * The new password for the user.\n\t\t */\n\t\tnewPassword: string;\n\t};\n}\n"]}
+{"version":3,"file":"IUpdatePasswordRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IUpdatePasswordRequest.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Update the current user's password.\n */\nexport interface IUpdatePasswordRequest {\n\t/**\n\t * The body of the request.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The current password for the user.\n\t\t */\n\t\tcurrentPassword: string;\n\n\t\t/**\n\t\t * The new password for the user.\n\t\t */\n\t\tnewPassword: string;\n\t};\n}\n"]}

package/dist/types/index.d.ts

@@ -1,3 +1,10 @@
+export * from "./models/api/IAdminUserCreateRequest.js";
+export * from "./models/api/IAdminUserGetRequest.js";
+export * from "./models/api/IAdminUserGetByIdentityRequest.js";
+export * from "./models/api/IAdminUserGetResponse.js";
+export * from "./models/api/IAdminUserRemoveRequest.js";
+export * from "./models/api/IAdminUserUpdatePasswordRequest.js";
+export * from "./models/api/IAdminUserUpdateRequest.js";
 export * from "./models/api/ILoginRequest.js";
 export * from "./models/api/ILoginResponse.js";
 export * from "./models/api/ILogoutRequest.js";
@@ -6,3 +13,4 @@ export * from "./models/api/IRefreshTokenResponse.js";
 export * from "./models/api/IUpdatePasswordRequest.js";
 export * from "./models/IAuthenticationAdminComponent.js";
 export * from "./models/IAuthenticationComponent.js";
+export * from "./models/IAuthenticationUser.js";

package/dist/types/models/IAuthenticationAdminComponent.d.ts

@@ -1,19 +1,35 @@
 import type { IComponent } from "@twin.org/core";
+import type { IAuthenticationUser } from "./IAuthenticationUser.js";
 /**
  * Contract definition for authentication admin component.
  */
 export interface IAuthenticationAdminComponent extends IComponent {
     /**
      * Create a login for the user.
-     * @param email The email address for the user.
-     * @param password The password for the user.
-     * @param userIdentity The DID to associate with the account.
-     * @param organizationIdentity The organization of the user.
+     * @param user The user to create.
      * @returns Nothing.
      */
-    create(email: string, password: string, userIdentity: string, organizationIdentity: string): Promise<void>;
+    create(user: Omit<IAuthenticationUser, "salt">): Promise<void>;
     /**
-     * Remove the current user.
+     * Update a login for the user.
+     * @param user The user to update.
+     * @returns Nothing.
+     */
+    update(user: Partial<Omit<IAuthenticationUser, "password" | "salt">>): Promise<void>;
+    /**
+     * Get a user by email.
+     * @param email The email address of the user to get.
+     * @returns The user details.
+     */
+    get(email: string): Promise<Omit<IAuthenticationUser, "password" | "salt">>;
+    /**
+     * Get a user by identity.
+     * @param identity The identity of the user to get.
+     * @returns The user details.
+     */
+    getByIdentity(identity: string): Promise<Omit<IAuthenticationUser, "password" | "salt">>;
+    /**
+     * Remove a user.
      * @param email The email address of the user to remove.
      * @returns Nothing.
      */

package/dist/types/models/IAuthenticationComponent.d.ts

@@ -30,10 +30,9 @@ export interface IAuthenticationComponent extends IComponent {
     }>;
     /**
      * Update the user's password.
-     * @param email The email address of the user to update.
      * @param currentPassword The current password for the user.
      * @param newPassword The new password for the user.
      * @returns Nothing.
      */
-    updatePassword(email: string, currentPassword: string, newPassword: string): Promise<void>;
+    updatePassword(currentPassword: string, newPassword: string): Promise<void>;
 }

package/dist/types/models/IAuthenticationUser.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Contract definition for authentication user.
+ */
+export interface IAuthenticationUser {
+    /**
+     * The user e-mail address.
+     */
+    email: string;
+    /**
+     * The encrypted password for the user.
+     */
+    password: string;
+    /**
+     * The salt for the password.
+     */
+    salt: string;
+    /**
+     * The user identity.
+     */
+    userIdentity: string;
+    /**
+     * The users organization.
+     */
+    organizationIdentity: string;
+    /**
+     * The scope assigned to the user, comma separated.
+     */
+    scope: string[];
+}

package/dist/types/models/api/IAdminUserCreateRequest.d.ts

@@ -0,0 +1,10 @@
+import type { IAuthenticationUser } from "../IAuthenticationUser.js";
+/**
+ * Create a new user as an admin.
+ */
+export interface IAdminUserCreateRequest {
+    /**
+     * The body of the request.
+     */
+    body: Omit<IAuthenticationUser, "salt">;
+}

package/dist/types/models/api/IAdminUserGetByIdentityRequest.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Get a user as an admin.
+ */
+export interface IAdminUserGetByIdentityRequest {
+    /**
+     * The path parameters for the request.
+     */
+    pathParams: {
+        /**
+         * The user identity.
+         */
+        identity: string;
+    };
+}

package/dist/types/models/api/IAdminUserGetRequest.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Get a user as an admin.
+ */
+export interface IAdminUserGetRequest {
+    /**
+     * The path parameters for the request.
+     */
+    pathParams: {
+        /**
+         * The user email.
+         */
+        email: string;
+    };
+}

package/dist/types/models/api/IAdminUserGetResponse.d.ts

@@ -0,0 +1,10 @@
+import type { IAuthenticationUser } from "../IAuthenticationUser.js";
+/**
+ * Get a user as an admin.
+ */
+export interface IAdminUserGetResponse {
+    /**
+     * The body of the request.
+     */
+    body: Omit<IAuthenticationUser, "password" | "salt">;
+}

package/dist/types/models/api/IAdminUserRemoveRequest.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Remove a user as an admin.
+ */
+export interface IAdminUserRemoveRequest {
+    /**
+     * The path parameters for the request.
+     */
+    pathParams: {
+        /**
+         * The user email.
+         */
+        email: string;
+    };
+}

package/dist/types/models/api/IAdminUserUpdatePasswordRequest.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Update a users password as an admin.
+ */
+export interface IAdminUserUpdatePasswordRequest {
+    /**
+     * The path parameters for the request.
+     */
+    pathParams: {
+        /**
+         * The user email.
+         */
+        email: string;
+    };
+    /**
+     * The body of the request.
+     */
+    body: {
+        /**
+         * The new password for the user.
+         */
+        newPassword: string;
+        /**
+         * The current password for the user.
+         */
+        currentPassword?: string;
+    };
+}

package/dist/types/models/api/IAdminUserUpdateRequest.d.ts

@@ -0,0 +1,19 @@
+import type { IAuthenticationUser } from "../IAuthenticationUser.js";
+/**
+ * Update a user as an admin.
+ */
+export interface IAdminUserUpdateRequest {
+    /**
+     * The path parameters for the request.
+     */
+    pathParams: {
+        /**
+         * The user email.
+         */
+        email: string;
+    };
+    /**
+     * The body of the request.
+     */
+    body: Partial<Omit<IAuthenticationUser, "email" | "password" | "salt">>;
+}

package/dist/types/models/api/ILoginResponse.d.ts

@@ -1,15 +1,21 @@
+import type { HeaderTypes } from "@twin.org/web";
 /**
  * Response from a login on the server.
  */
 export interface ILoginResponse {
     /**
-     * The login response details.
+     * Response headers.
      */
-    body: {
+    headers?: {
         /**
-         * The access token, if it uses a mechanism with public access.
+         * The cookie containing the auth token.
          */
-        token?: string;
+        [HeaderTypes.SetCookie]?: string;
+    };
+    /**
+     * The login response details.
+     */
+    body: {
         /**
          * The expiry time of the token.
          */

package/dist/types/models/api/IRefreshTokenResponse.d.ts

@@ -1,15 +1,21 @@
+import type { HeaderTypes } from "@twin.org/web";
 /**
  * Response from a refresh on the auth token.
  */
 export interface IRefreshTokenResponse {
     /**
-     * The refresh token details.
+     * Response headers.
      */
-    body: {
+    headers?: {
         /**
-         * The refreshed token, if it uses a mechanism with public access.
+         * The cookie containing the auth token.
          */
-        token?: string;
+        [HeaderTypes.SetCookie]?: string;
+    };
+    /**
+     * The refresh token details.
+     */
+    body: {
         /**
          * The expiry time of the token.
          */

package/dist/types/models/api/IUpdatePasswordRequest.d.ts

@@ -1,16 +1,7 @@
 /**
- * Update a users password.
+ * Update the current user's password.
  */
 export interface IUpdatePasswordRequest {
-    /**
-     * The path parameters for the request.
-     */
-    pathParams: {
-        /**
-         * The user email.
-         */
-        email: string;
-    };
     /**
      * The body of the request.
      */

package/docs/changelog.md

@@ -1,4 +1,158 @@
-# @twin.org/api-auth-entity-storage-models - Changelog
+# Changelog
+
+## [0.0.3-next.21](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.20...api-auth-entity-storage-models-v0.0.3-next.21) (2026-03-11)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.20](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.19...api-auth-entity-storage-models-v0.0.3-next.20) (2026-02-09)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.19](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.18...api-auth-entity-storage-models-v0.0.3-next.19) (2026-02-06)
+
+
+### Features
+
+* user admin service ([#77](https://github.com/twinfoundation/api/issues/77)) ([c8491df](https://github.com/twinfoundation/api/commit/c8491df7b07c1f45560c8a78c6adc806d0ececbb))
+
+## [0.0.3-next.18](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.17...api-auth-entity-storage-models-v0.0.3-next.18) (2026-02-04)
+
+
+### Features
+
+* tenant api and scopes ([#75](https://github.com/twinfoundation/api/issues/75)) ([c663141](https://github.com/twinfoundation/api/commit/c663141091e8974d769f8f9904ecdab009ebd083))
+
+## [0.0.3-next.17](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.16...api-auth-entity-storage-models-v0.0.3-next.17) (2026-01-26)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.16](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.15...api-auth-entity-storage-models-v0.0.3-next.16) (2026-01-26)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.15](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.14...api-auth-entity-storage-models-v0.0.3-next.15) (2026-01-22)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.14](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.13...api-auth-entity-storage-models-v0.0.3-next.14) (2026-01-20)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.13](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.12...api-auth-entity-storage-models-v0.0.3-next.13) (2026-01-19)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.12](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.11...api-auth-entity-storage-models-v0.0.3-next.12) (2026-01-12)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.11](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.10...api-auth-entity-storage-models-v0.0.3-next.11) (2026-01-08)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.10](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.9...api-auth-entity-storage-models-v0.0.3-next.10) (2026-01-05)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.9](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.8...api-auth-entity-storage-models-v0.0.3-next.9) (2026-01-05)
+
+
+### Features
+
+* add context id features ([#42](https://github.com/twinfoundation/api/issues/42)) ([0186055](https://github.com/twinfoundation/api/commit/0186055c48afde842a4254b4df9ac9249c40fe40))
+* add json-ld mime type processor and auth admin component ([8861791](https://github.com/twinfoundation/api/commit/88617916e23bfbca023dbae1976fe421983a02ff))
+* add validate-locales ([cdba610](https://github.com/twinfoundation/api/commit/cdba610a0acb5022d2e3ce729732e6646a297e5e))
+* eslint migration to flat config ([0dd5820](https://github.com/twinfoundation/api/commit/0dd5820e3af97350fd08b8d226f4a6c1a9246805))
+* improve description ([d28185c](https://github.com/twinfoundation/api/commit/d28185c799a97455fee72fb23c744c8e71325f0b))
+* improve socket route logging ([b8d9519](https://github.com/twinfoundation/api/commit/b8d95199f838ac6ba9f45c30ef7c4e613201ff53))
+* modify authHeaderProcessor to retain token in response body ([#53](https://github.com/twinfoundation/api/issues/53)) ([5d9ae76](https://github.com/twinfoundation/api/commit/5d9ae76b5b52a8e10dac391b2d5784638a186583))
+* remove unused namespace ([08478f2](https://github.com/twinfoundation/api/commit/08478f27efda9beb0271fdb22f6972e918361965))
+* update dependencies ([1171dc4](https://github.com/twinfoundation/api/commit/1171dc416a9481737f6a640e3cf30145768f37e9))
+* update framework core ([d8eebf2](https://github.com/twinfoundation/api/commit/d8eebf267fa2a0abaa84e58590496e9d20490cfa))
+* update IComponent signatures ([915ce37](https://github.com/twinfoundation/api/commit/915ce37712326ab4aa6869c350eabaa4622e8430))
+* use shared store mechanism ([#19](https://github.com/twinfoundation/api/issues/19)) ([32116df](https://github.com/twinfoundation/api/commit/32116df3b4380a30137f5056f242a5c99afa2df9))
+
+## [0.0.3-next.8](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.7...api-auth-entity-storage-models-v0.0.3-next.8) (2025-12-17)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.7](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.6...api-auth-entity-storage-models-v0.0.3-next.7) (2025-11-26)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.6](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.5...api-auth-entity-storage-models-v0.0.3-next.6) (2025-11-20)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.5](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.4...api-auth-entity-storage-models-v0.0.3-next.5) (2025-11-14)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
+## [0.0.3-next.4](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.3...api-auth-entity-storage-models-v0.0.3-next.4) (2025-11-14)
+
+
+### Features
+
+* add context id features ([#42](https://github.com/twinfoundation/api/issues/42)) ([0186055](https://github.com/twinfoundation/api/commit/0186055c48afde842a4254b4df9ac9249c40fe40))
+* add json-ld mime type processor and auth admin component ([8861791](https://github.com/twinfoundation/api/commit/88617916e23bfbca023dbae1976fe421983a02ff))
+* add validate-locales ([cdba610](https://github.com/twinfoundation/api/commit/cdba610a0acb5022d2e3ce729732e6646a297e5e))
+* eslint migration to flat config ([0dd5820](https://github.com/twinfoundation/api/commit/0dd5820e3af97350fd08b8d226f4a6c1a9246805))
+* improve description ([d28185c](https://github.com/twinfoundation/api/commit/d28185c799a97455fee72fb23c744c8e71325f0b))
+* improve socket route logging ([b8d9519](https://github.com/twinfoundation/api/commit/b8d95199f838ac6ba9f45c30ef7c4e613201ff53))
+* remove unused namespace ([08478f2](https://github.com/twinfoundation/api/commit/08478f27efda9beb0271fdb22f6972e918361965))
+* update dependencies ([1171dc4](https://github.com/twinfoundation/api/commit/1171dc416a9481737f6a640e3cf30145768f37e9))
+* update framework core ([d8eebf2](https://github.com/twinfoundation/api/commit/d8eebf267fa2a0abaa84e58590496e9d20490cfa))
+* update IComponent signatures ([915ce37](https://github.com/twinfoundation/api/commit/915ce37712326ab4aa6869c350eabaa4622e8430))
+* use shared store mechanism ([#19](https://github.com/twinfoundation/api/issues/19)) ([32116df](https://github.com/twinfoundation/api/commit/32116df3b4380a30137f5056f242a5c99afa2df9))
+
+## [0.0.3-next.3](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.2...api-auth-entity-storage-models-v0.0.3-next.3) (2025-11-14)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
 
 ## [0.0.3-next.2](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.1...api-auth-entity-storage-models-v0.0.3-next.2) (2025-11-12)
 

package/docs/examples.md

@@ -1 +1,80 @@
-# @twin.org/api-auth-entity-storage-models - Examples
+# Auth Entity Storage Models Examples
+
+Use these snippets to shape request and response data consistently across sign-in flows, admin operations, and token refresh handling.
+
+## Authentication Requests
+
+```typescript
+import type {
+  ILoginRequest,
+  IRefreshTokenRequest,
+  IUpdatePasswordRequest
+} from '@twin.org/api-auth-entity-storage-models';
+
+const loginRequest: ILoginRequest = {
+  body: {
+    email: 'alice@example.org',
+    password: 'correct-horse-battery-staple'
+  }
+};
+
+const refreshRequest: IRefreshTokenRequest = {
+  query: {
+    token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.refresh'
+  }
+};
+
+const updatePasswordRequest: IUpdatePasswordRequest = {
+  body: {
+    currentPassword: 'old-password',
+    newPassword: 'new-password-2026'
+  }
+};
+
+console.log(loginRequest.body.email); // alice@example.org
+```
+
+## Admin User Models
+
+```typescript
+import type {
+  IAdminUserCreateRequest,
+  IAdminUserUpdateRequest
+} from '@twin.org/api-auth-entity-storage-models';
+
+const createRequest: IAdminUserCreateRequest = {
+  body: {
+    email: 'bob@example.org',
+    password: 'initial-password',
+    userIdentity: 'did:example:bob',
+    organizationIdentity: 'did:example:org',
+    scope: ['admin', 'auditor']
+  }
+};
+
+const updateRequest: IAdminUserUpdateRequest = {
+  pathParams: {
+    email: 'bob@example.org'
+  },
+  body: {
+    userIdentity: 'did:example:bob:ops',
+    scope: ['admin']
+  }
+};
+
+console.log(createRequest.body.scope.length); // 2
+```
+
+## Authentication Responses
+
+```typescript
+import type { ILoginResponse } from '@twin.org/api-auth-entity-storage-models';
+
+const loginResponse: ILoginResponse = {
+  body: {
+    expiry: 3600
+  }
+};
+
+console.log(loginResponse.body.expiry); // 3600
+```

package/docs/reference/index.md

@@ -4,6 +4,14 @@
 
 - [IAuthenticationAdminComponent](interfaces/IAuthenticationAdminComponent.md)
 - [IAuthenticationComponent](interfaces/IAuthenticationComponent.md)
+- [IAuthenticationUser](interfaces/IAuthenticationUser.md)
+- [IAdminUserCreateRequest](interfaces/IAdminUserCreateRequest.md)
+- [IAdminUserGetByIdentityRequest](interfaces/IAdminUserGetByIdentityRequest.md)
+- [IAdminUserGetRequest](interfaces/IAdminUserGetRequest.md)
+- [IAdminUserGetResponse](interfaces/IAdminUserGetResponse.md)
+- [IAdminUserRemoveRequest](interfaces/IAdminUserRemoveRequest.md)
+- [IAdminUserUpdatePasswordRequest](interfaces/IAdminUserUpdatePasswordRequest.md)
+- [IAdminUserUpdateRequest](interfaces/IAdminUserUpdateRequest.md)
 - [ILoginRequest](interfaces/ILoginRequest.md)
 - [ILoginResponse](interfaces/ILoginResponse.md)
 - [ILogoutRequest](interfaces/ILogoutRequest.md)

package/docs/reference/interfaces/IAdminUserCreateRequest.md

@@ -0,0 +1,11 @@
+# Interface: IAdminUserCreateRequest
+
+Create a new user as an admin.
+
+## Properties
+
+### body
+
+> **body**: `Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"salt"`\>
+
+The body of the request.

package/docs/reference/interfaces/IAdminUserGetByIdentityRequest.md

@@ -0,0 +1,17 @@
+# Interface: IAdminUserGetByIdentityRequest
+
+Get a user as an admin.
+
+## Properties
+
+### pathParams
+
+> **pathParams**: `object`
+
+The path parameters for the request.
+
+#### identity
+
+> **identity**: `string`
+
+The user identity.

package/docs/reference/interfaces/IAdminUserGetRequest.md

@@ -0,0 +1,17 @@
+# Interface: IAdminUserGetRequest
+
+Get a user as an admin.
+
+## Properties
+
+### pathParams
+
+> **pathParams**: `object`
+
+The path parameters for the request.
+
+#### email
+
+> **email**: `string`
+
+The user email.

package/docs/reference/interfaces/IAdminUserGetResponse.md

@@ -0,0 +1,11 @@
+# Interface: IAdminUserGetResponse
+
+Get a user as an admin.
+
+## Properties
+
+### body
+
+> **body**: `Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"password"` \| `"salt"`\>
+
+The body of the request.

package/docs/reference/interfaces/IAdminUserRemoveRequest.md

@@ -0,0 +1,17 @@
+# Interface: IAdminUserRemoveRequest
+
+Remove a user as an admin.
+
+## Properties
+
+### pathParams
+
+> **pathParams**: `object`
+
+The path parameters for the request.
+
+#### email
+
+> **email**: `string`
+
+The user email.

package/docs/reference/interfaces/IAdminUserUpdatePasswordRequest.md

@@ -0,0 +1,37 @@
+# Interface: IAdminUserUpdatePasswordRequest
+
+Update a users password as an admin.
+
+## Properties
+
+### pathParams
+
+> **pathParams**: `object`
+
+The path parameters for the request.
+
+#### email
+
+> **email**: `string`
+
+The user email.
+
+***
+
+### body
+
+> **body**: `object`
+
+The body of the request.
+
+#### newPassword
+
+> **newPassword**: `string`
+
+The new password for the user.
+
+#### currentPassword?
+
+> `optional` **currentPassword**: `string`
+
+The current password for the user.

package/docs/reference/interfaces/IAdminUserUpdateRequest.md

@@ -0,0 +1,25 @@
+# Interface: IAdminUserUpdateRequest
+
+Update a user as an admin.
+
+## Properties
+
+### pathParams
+
+> **pathParams**: `object`
+
+The path parameters for the request.
+
+#### email
+
+> **email**: `string`
+
+The user email.
+
+***
+
+### body
+
+> **body**: `Partial`\<`Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"email"` \| `"password"` \| `"salt"`\>\>
+
+The body of the request.

package/docs/reference/interfaces/IAuthenticationAdminComponent.md

@@ -10,41 +10,89 @@ Contract definition for authentication admin component.
 
 ### create()
 
-> **create**(`email`, `password`, `userIdentity`, `organizationIdentity`): `Promise`\<`void`\>
+> **create**(`user`): `Promise`\<`void`\>
 
 Create a login for the user.
 
 #### Parameters
 
+##### user
+
+`Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"salt"`\>
+
+The user to create.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+***
+
+### update()
+
+> **update**(`user`): `Promise`\<`void`\>
+
+Update a login for the user.
+
+#### Parameters
+
+##### user
+
+`Partial`\<`Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"password"` \| `"salt"`\>\>
+
+The user to update.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+***
+
+### get()
+
+> **get**(`email`): `Promise`\<`Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"salt"` \| `"password"`\>\>
+
+Get a user by email.
+
+#### Parameters
+
 ##### email
 
 `string`
 
-The email address for the user.
+The email address of the user to get.
 
-##### password
+#### Returns
 
-`string`
+`Promise`\<`Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"salt"` \| `"password"`\>\>
 
-The password for the user.
+The user details.
 
-##### userIdentity
+***
 
-`string`
+### getByIdentity()
 
-The DID to associate with the account.
+> **getByIdentity**(`identity`): `Promise`\<`Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"salt"` \| `"password"`\>\>
 
-##### organizationIdentity
+Get a user by identity.
+
+#### Parameters
+
+##### identity
 
 `string`
 
-The organization of the user.
+The identity of the user to get.
 
 #### Returns
 
-`Promise`\<`void`\>
+`Promise`\<`Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"salt"` \| `"password"`\>\>
 
-Nothing.
+The user details.
 
 ***
 
@@ -52,7 +100,7 @@ Nothing.
 
 > **remove**(`email`): `Promise`\<`void`\>
 
-Remove the current user.
+Remove a user.
 
 #### Parameters
 

package/docs/reference/interfaces/IAuthenticationComponent.md

@@ -82,18 +82,12 @@ The refreshed token, if it uses a mechanism with public access.
 
 ### updatePassword()
 
-> **updatePassword**(`email`, `currentPassword`, `newPassword`): `Promise`\<`void`\>
+> **updatePassword**(`currentPassword`, `newPassword`): `Promise`\<`void`\>
 
 Update the user's password.
 
 #### Parameters
 
-##### email
-
-`string`
-
-The email address of the user to update.
-
 ##### currentPassword
 
 `string`

package/docs/reference/interfaces/IAuthenticationUser.md

@@ -0,0 +1,51 @@
+# Interface: IAuthenticationUser
+
+Contract definition for authentication user.
+
+## Properties
+
+### email
+
+> **email**: `string`
+
+The user e-mail address.
+
+***
+
+### password
+
+> **password**: `string`
+
+The encrypted password for the user.
+
+***
+
+### salt
+
+> **salt**: `string`
+
+The salt for the password.
+
+***
+
+### userIdentity
+
+> **userIdentity**: `string`
+
+The user identity.
+
+***
+
+### organizationIdentity
+
+> **organizationIdentity**: `string`
+
+The users organization.
+
+***
+
+### scope
+
+> **scope**: `string`[]
+
+The scope assigned to the user, comma separated.

package/docs/reference/interfaces/ILoginResponse.md

@@ -4,17 +4,25 @@ Response from a login on the server.
 
 ## Properties
 
-### body
+### headers?
 
-> **body**: `object`
+> `optional` **headers**: `object`
 
-The login response details.
+Response headers.
+
+#### set-cookie?
+
+> `optional` **set-cookie**: `string`
 
-#### token?
+The cookie containing the auth token.
 
-> `optional` **token**: `string`
+***
 
-The access token, if it uses a mechanism with public access.
+### body
+
+> **body**: `object`
+
+The login response details.
 
 #### expiry
 

package/docs/reference/interfaces/IRefreshTokenResponse.md

@@ -4,17 +4,25 @@ Response from a refresh on the auth token.
 
 ## Properties
 
-### body
+### headers?
 
-> **body**: `object`
+> `optional` **headers**: `object`
 
-The refresh token details.
+Response headers.
+
+#### set-cookie?
+
+> `optional` **set-cookie**: `string`
 
-#### token?
+The cookie containing the auth token.
 
-> `optional` **token**: `string`
+***
 
-The refreshed token, if it uses a mechanism with public access.
+### body
+
+> **body**: `object`
+
+The refresh token details.
 
 #### expiry
 

package/docs/reference/interfaces/IUpdatePasswordRequest.md

@@ -1,23 +1,9 @@
 # Interface: IUpdatePasswordRequest
 
-Update a users password.
+Update the current user's password.
 
 ## Properties
 
-### pathParams
-
-> **pathParams**: `object`
-
-The path parameters for the request.
-
-#### email
-
-> **email**: `string`
-
-The user email.
-
-***
-
 ### body
 
 > **body**: `object`

package/package.json

@@ -1,7 +1,7 @@
 {
 	"name": "@twin.org/api-auth-entity-storage-models",
-	"version": "0.0.3-next.2",
-	"description": "Models which define the structure of the Auth Entity Storage contracts.",
+	"version": "0.0.3-next.21",
+	"description": "Contracts for authentication flows and admin user management with entity storage.",
 	"repository": {
 		"type": "git",
 		"url": "git+https://github.com/twinfoundation/api.git",