Auth0​
Auth0 authentication endpoints for Admin2 UI
Operations​
Get Auth0 authorization URL​
Returns the Auth0 authorization URL for both TS and non-TS users. Only available when SITE_AUTH_METHOD=auth0 (returns 403 with error=ticketsocket_user_restricted otherwise).
Authorizations​
Request Body​
Responses​
Auth0 authorization URL
Get Auth0 authorization URL for TicketSocket users​
Deprecated. Use POST /auth/login instead. Returns the Auth0 authorization URL with a ticketsocket login channel flag in the state parameter. After Auth0 authentication, the callback will reject non-TicketSocket users (ticketSocketUser != 1), revoke their tokens, and redirect through Auth0 logout to clear the SSO session.
Authorizations​
Request Body​
Responses​
Auth0 authorization URL with ticketsocket login channel
Auth0 callback handler​
Handles the Auth0 callback, exchanges code for tokens, validates user in system_administrators, sets JWT cookie, and redirects. The deprecated ticketsocket login channel rejects non-TicketSocket users (?error_code=not_ticketsocket_user).
Authorizations​
Parameters​
Query Parameters
Authorization code from Auth0
State parameter containing redirect URI
Responses​
Redirect to Admin2 UI after successful authentication
Get current user profile​
Get current user profile (deprecation test)​
Logout current user​
Clears the authentication cookie and returns the Auth0 logout URL. The client should redirect the browser to logout_url to clear the Auth0 SSO session.
Authorizations​
Parameters​
Query Parameters
URL to redirect to after Auth0 logout completes
Responses​
Logout successful. Auth cookie cleared. Client should redirect to logout_url.
Refresh authentication token​
Legacy login (bypasses Auth0)​
Authenticates user directly against the database using login and password, bypassing Auth0. Only available when SITE_AUTH_METHOD=legacy (returns 403 otherwise). Returns JWT token on success. TicketSocket users (ticketSocketUser=1) are rejected and must use the TicketSocket login channel instead.
Authorizations​
Request Body​
Responses​
Login successful
Legacy logout (bypasses Auth0)​
Clears the authentication cookie without redirecting to Auth0 logout URL. Returns JSON response instead of redirect.
Authorizations​
Responses​
Logout successful
Request password change via Auth0​
Triggers a password reset email via Auth0. Only for users authenticated via Auth0.
Authorizations​
Responses​
Password reset email sent
Change password for legacy authenticated users​
Changes password by verifying old password and setting new password. Only for users authenticated via legacy login.
Authorizations​
Request Body​
Responses​
Password changed successfully
Request password reset email for legacy users​
Generates a password reset token, stores it in the database, and sends a reset email to the user. Rate limited to 3 attempts per 24 hours. Response is intentionally vague to prevent email enumeration.
Authorizations​
Request Body​
Responses​
Reset email sent (or account not found - same response to prevent enumeration)
Reset password using token from email​
Validates the reset token and sets a new password. Token must be valid, not expired (24h), and not previously used. The token is tied to the specific administrator who requested the reset.
Authorizations​
Request Body​
Responses​
Password reset successfully
