--- a/mod_http_admin_api/mod_http_admin_api.lua	Tue Mar 28 12:43:05 2023 +0100
+++ b/mod_http_admin_api/mod_http_admin_api.lua	Tue Mar 28 20:45:11 2023 +0200
@@ -48,6 +48,9 @@
 			event.response.headers.authorization = www_authenticate_header;
 			return false, 401;
 		end
+		-- FIXME this should probably live in mod_tokenauth or similar
+		session.type = "c2s";
+		session.full_jid = jid.join(session.username, session.host, session.resource);
 		event.session = session;
 		if not module:may(":access-admin-api", event) then
 			return false, 403;