Skip to content

feat(admin): expose accountAuthorizations on the admin panel#20534

Open
vbudhram wants to merge 3 commits intomainfrom
fxa-13405
Open

feat(admin): expose accountAuthorizations on the admin panel#20534
vbudhram wants to merge 3 commits intomainfrom
fxa-13405

Conversation

@vbudhram
Copy link
Copy Markdown
Contributor

@vbudhram vbudhram commented May 7, 2026

Because

  • Admins had no way to see which Firefox browser services (Sync, Smart Window, Relay, VPN) a user has authorized, making consent and connected-services support questions hard to answer

This pull request

  • Adds accountAuthorizations(uid) to DatabaseService querying fxa_oauth.accountAuthorizations, ordered by authorizedAt DESC, capped at 10
  • Adds an accountAuthorizations resolver helper to AccountController, gated by the existing ConnectedServices admin feature, wired into resolveAccountData
  • Adds AccountAuthorizations React component rendering (service, scope, authorizedAt) rows under a new "Authorized Browser Services" section in the account detail page

Issue that this pull request solves

Closes: https://mozilla-hub.atlassian.net/browse/FXA-13405

Checklist

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).
  • I have manually reviewed all AI generated code.

Other information

How to test:

  1. Start the stack, create an account, login to Sync
  2. Open http://localhost:8091/account-search, search for any account
  3. Confirm the Authorized Browser Services section renders under Connected Services
  4. For an account with no authorizations, the empty state ("This account has not authorized any browser services.") should appear
  5. To populate, exercise an OAuth flow on a configured browser service (Sync/Relay/VPN/SmartWindow) — rows show (service, scope, authorizedAt) newest first
Screenshot 2026-05-06 at 8 54 53 PM

@vbudhram vbudhram requested a review from a team as a code owner May 7, 2026 01:13
Copilot AI review requested due to automatic review settings May 7, 2026 01:13
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds visibility into a user’s authorized Firefox browser services in the FxA Admin UI by plumbing fxa_oauth.accountAuthorizations through the admin server and rendering it on the account detail page.

Changes:

  • Add DatabaseService.accountAuthorizations(uid) and wire it into AccountController.resolveAccountData.
  • Extend admin server Account type with accountAuthorizations, and add UI rendering/tests for a new “Authorized Browser Services” section.
  • Add DB test setup + integration/functional coverage for the new field/section.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
packages/fxa-shared/test/db/models/oauth/helpers.ts Includes the new oauth test schema SQL for accountAuthorizations.
packages/fxa-shared/test/db/models/oauth/accountAuthorizations.sql Creates accountAuthorizations table for oauth test DB setup.
packages/fxa-admin-server/src/types.ts Adds AccountAuthorization and accountAuthorizations to the Account shape.
packages/fxa-admin-server/src/rest/account/account.controller.ts Resolves accountAuthorizations alongside other account detail fields.
packages/fxa-admin-server/src/database/database.service.ts Implements the accountAuthorizations(uid) query (order/limit).
packages/fxa-admin-server/src/database/database.service.spec.ts Adds integration tests for ordering and empty-state behavior.
packages/fxa-admin-panel/src/components/PageAccountSearch/AccountAuthorizations/index.tsx New component to render authorizations table + empty state.
packages/fxa-admin-panel/src/components/PageAccountSearch/AccountAuthorizations/index.test.tsx Unit tests for the new component.
packages/fxa-admin-panel/src/components/PageAccountSearch/Account/index.tsx Adds the new “Authorized Browser Services” section under Connected Services.
packages/fxa-admin-panel/src/components/PageAccountSearch/Account/index.test.tsx Updates account props + tests for new section/empty state.
packages/functional-tests/tests/admin/adminPanel.spec.ts Adds API/UI functional checks for accountAuthorizations.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/fxa-admin-server/src/rest/account/account.controller.ts
Comment on lines 176 to +206
private async resolveAccountData(account: Account) {
const [
emails,
emailBounces,
securityEvents,
accountEvents,
totp,
recoveryKeys,
subscriptions,
carts,
backupCodes,
recoveryPhone,
linkedAccounts,
attachedClients,
passkeys,
accountAuthorizations,
] = await Promise.all([
this.emails(account),
this.emailBounces(account),
this.securityEvents(account),
this.accountEvents(account),
this.totp(account),
this.recoveryKeys(account),
this.subscriptions(account),
this.carts(account),
this.backupCodes(account),
this.recoveryPhone(account),
this.linkedAccounts(account),
this.attachedClients(account),
this.passkeys(account),
this.accountAuthorizations(account),
Comment thread packages/fxa-admin-server/src/database/database.service.ts Outdated
Comment on lines +146 to +150
return this.knexOauth('accountAuthorizations')
.select('scope', 'service', 'authorizedAt')
.where('uid', uidBuffer)
.orderBy('authorizedAt', 'desc')
.limit(10);
@vbudhram
feat(admin): expose accountAuthorizations on the admin panel
71f6bef 
Because:

- Admins need visibility into which Firefox browser services
  (Sync, Smart Window, Relay, VPN) a user has authorized so they
  can answer support questions about consent and connected services.

This commit:

- Adds an `accountAuthorizations` query on `DatabaseService` that
  reads the per-(uid, scope, service) rows from `fxa_oauth`
  ordered by `authorizedAt` desc.
- Resolves the new field on the account REST response, gated by
  the existing `ConnectedServices` admin feature.
- Adds an `Authorized Browser Services` section to the account
  detail page rendering one row per `(service, scope, authorizedAt)`.
- Adds an `accountAuthorizations.sql` fixture to the shared oauth
  test setup so integration tests can exercise the table.
- Adds unit tests for the resolver, the React component, and the
  containing account page, plus a functional test that asserts
  the section appears in the admin panel UI.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vbudhram