🔐 Just‑In‑Time Admin Access
Sign in with your IdP, then click Request Admin to receive a short‑lived JWT with roles:['admin']. It expires in 5 minutes (or revoke any time).
Identity
User: Not signed in
Email: —
Groups/Roles: —
Session
User: —
Roles: —
Reason: —
Approver: —
Expires in
—
No active admin
Admin‑only Action
Proves server enforcement. Tries a protected endpoint that checks roles.includes('admin').
Tip: Try after expiry or after Revoke to see denial.
Audit (client‑side demo)
| Time | Event | Detail |
|---|
