GloriousFlywheel Dashboard Auth Audit Events 2026-04-16
Snapshot date: 2026-04-16
Purpose
Capture the first executed auth event-history surface for #172.
This follows the earlier admin-auth and permission-policy slices by making security-sensitive auth actions visible after they happen.
Companion notes:
- gloriousflywheel-tailnet-operator-identity-2026-04-16.md
- gloriousflywheel-dashboard-operator-permission-policy-2026-04-16.md
- gloriousflywheel-dashboard-read-data-policy-2026-04-16.md
- gloriousflywheel-dashboard-admin-auth-workflows-2026-04-16.md
Current Executed Event Set
The dashboard now records auth audit events in PostgreSQL for:
- successful GitLab OAuth session establishment
- successful WebAuthn session establishment
- interactive dashboard logout
- dashboard passkey registration
- self-service personal passkey removal
- admin passkey revocation across users
Each event currently records:
- actor username
- actor email
- actor role
- actor auth method
- action name
- scope
- target username when available
- target credential id when available
- event timestamp
Current implementation detail:
- passkey lifecycle events are written inline with the current PostgreSQL-backed auth flows
- interactive login and logout events use best-effort writes so the OAuth or WebAuthn session path does not become hard-dependent on the audit table
Current Admin Surface
Admins can now inspect recent auth event history through the Settings surface.
That feed is intentionally narrow:
- it is admin-only
- it currently focuses on interactive session and passkey lifecycle actions
- it is for visibility and review, not policy editing
Why This Matters
This is the safest next step after passkey inventory and revocation:
- the repo already has a PostgreSQL-backed auth store
- interactive login, logout, and passkey governance are security-sensitive enough to deserve a durable trail
- the workflow improves admin visibility without pretending there is already a broader dashboard-native IAM control plane
Current Boundary
This does not yet provide:
- request-by-request proxy-auth history for tailscale or mTLS traffic
- mutation audit coverage outside auth workflows
- policy change history for allowlists or proxy trust posture
- org-scoped admin operations beyond current passkey governance
Exit Condition
- interactive session and passkey lifecycle actions are no longer silent
- admins have a durable in-app auth event history surface
- the next auth-admin slice can focus on expanding event coverage or policy authority instead of basic visibility