@auth0/auth0-spa-js 2.18.1 → 2.18.2

package/dist/typings/Auth0Client.d.ts

@@ -0,0 +1,439 @@
+import { Auth0ClientOptions, RedirectLoginOptions, PopupLoginOptions, PopupConfigOptions, RedirectLoginResult, GetTokenSilentlyOptions, GetTokenWithPopupOptions, LogoutOptions, User, IdToken, GetTokenSilentlyVerboseResponse, TokenEndpointResponse, ConnectAccountRedirectResult, RedirectConnectAccountOptions, ClientConfiguration } from './global';
+import { CustomTokenExchangeOptions } from './TokenExchange';
+import { Dpop } from './dpop/dpop';
+import { Fetcher, type FetcherConfig, type CustomFetchMinimalOutput } from './fetcher';
+import { MfaApiClient } from './mfa';
+/**
+ * Auth0 SDK for Single Page Applications using [Authorization Code Grant Flow with PKCE](https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce).
+ */
+export declare class Auth0Client {
+    private readonly transactionManager;
+    private readonly cacheManager;
+    private readonly lockManager;
+    private readonly domainUrl;
+    private readonly tokenIssuer;
+    private readonly scope;
+    private readonly cookieStorage;
+    private readonly dpop;
+    private readonly sessionCheckExpiryDays;
+    private readonly orgHintCookieName;
+    private readonly isAuthenticatedCookieName;
+    private readonly nowProvider;
+    private readonly httpTimeoutMs;
+    private readonly options;
+    private readonly userCache;
+    private readonly myAccountApi;
+    /**
+     * MFA API client for multi-factor authentication operations.
+     *
+     * Provides methods for:
+     * - Listing enrolled authenticators
+     * - Enrolling new authenticators (OTP, SMS, Voice, Push, Email)
+     * - Initiating MFA challenges
+     * - Verifying MFA challenges
+     */
+    readonly mfa: MfaApiClient;
+    private worker?;
+    private readonly authJsClient;
+    private readonly defaultOptions;
+    constructor(options: Auth0ClientOptions);
+    /**
+     * Returns a readonly copy of the initialization configuration.
+     *
+     * @returns An object containing domain and clientId
+     *
+     * @example
+     * ```typescript
+     * const auth0 = new Auth0Client({
+     *   domain: 'tenant.auth0.com',
+     *   clientId: 'abc123'
+     * });
+     *
+     * const config = auth0.getConfiguration();
+     * // { domain: 'tenant.auth0.com', clientId: 'abc123' }
+     * ```
+     */
+    getConfiguration(): Readonly<ClientConfiguration>;
+    private _url;
+    private _authorizeUrl;
+    private _verifyIdToken;
+    private _processOrgHint;
+    /**
+     * Extracts the session transfer token from the current URL query parameters
+     * for Native to Web SSO flows.
+     *
+     * @param paramName The query parameter name to extract from the URL
+     * @returns The session transfer token if present, undefined otherwise
+     */
+    private _extractSessionTransferToken;
+    /**
+     * Clears the session transfer token from the current URL using the History API.
+     * This prevents the token from being re-sent on subsequent authentication requests,
+     * which is important since session transfer tokens are typically single-use.
+     *
+     * @param paramName The query parameter name to remove from the URL
+     */
+    private _clearSessionTransferTokenFromUrl;
+    /**
+     * Applies the session transfer token from the URL to the authorization parameters
+     * if configured and not already provided.
+     *
+     * @param authorizationParams The authorization parameters to enhance
+     * @returns The authorization parameters with session_transfer_token added if applicable
+     */
+    private _applySessionTransferToken;
+    private _prepareAuthorizeUrl;
+    /**
+     * ```js
+     * try {
+     *  await auth0.loginWithPopup(options);
+     * } catch(e) {
+     *  if (e instanceof PopupCancelledError) {
+     *    // Popup was closed before login completed
+     *  }
+     * }
+     * ```
+     *
+     * Opens a popup with the `/authorize` URL using the parameters
+     * provided as arguments. Random and secure `state` and `nonce`
+     * parameters will be auto-generated. If the response is successful,
+     * results will be valid according to their expiration times.
+     *
+     * IMPORTANT: This method has to be called from an event handler
+     * that was started by the user like a button click, for example,
+     * otherwise the popup will be blocked in most browsers.
+     *
+     * @param options
+     * @param config
+     */
+    loginWithPopup(options?: PopupLoginOptions, config?: PopupConfigOptions): Promise<void>;
+    /**
+     * ```js
+     * const user = await auth0.getUser();
+     * ```
+     *
+     * Returns the user information if available (decoded
+     * from the `id_token`).
+     *
+     * @typeparam TUser The type to return, has to extend {@link User}.
+     */
+    getUser<TUser extends User>(): Promise<TUser | undefined>;
+    /**
+     * ```js
+     * const claims = await auth0.getIdTokenClaims();
+     * ```
+     *
+     * Returns all claims from the id_token if available.
+     */
+    getIdTokenClaims(): Promise<IdToken | undefined>;
+    /**
+     * ```js
+     * await auth0.loginWithRedirect(options);
+     * ```
+     *
+     * Performs a redirect to `/authorize` using the parameters
+     * provided as arguments. Random and secure `state` and `nonce`
+     * parameters will be auto-generated.
+     *
+     * @param options
+     */
+    loginWithRedirect<TAppState = any>(options?: RedirectLoginOptions<TAppState>): Promise<void>;
+    /**
+     * After the browser redirects back to the callback page,
+     * call `handleRedirectCallback` to handle success and error
+     * responses from Auth0. If the response is successful, results
+     * will be valid according to their expiration times.
+     */
+    handleRedirectCallback<TAppState = any>(url?: string): Promise<RedirectLoginResult<TAppState> | ConnectAccountRedirectResult<TAppState>>;
+    /**
+     * Handles the redirect callback from the login flow.
+     *
+     * @template AppState - The application state persisted from the /authorize redirect.
+     * @param {string} authenticationResult - The parsed authentication result from the URL.
+     * @param {string} transaction - The login transaction.
+     *
+     * @returns {RedirectLoginResult} Resolves with the persisted app state.
+     * @throws {GenericError | Error} If the transaction is missing, invalid, or the code exchange fails.
+     */
+    private _handleLoginRedirectCallback;
+    /**
+     * Handles the redirect callback from the connect account flow.
+     * This works the same as the redirect from the login flow expect it verifies the `connect_code`
+     * with the My Account API rather than the `code` with the Authorization Server.
+     *
+     * @template AppState - The application state persisted from the connect redirect.
+     * @param {string} connectResult - The parsed connect accounts result from the URL.
+     * @param {string} transaction - The login transaction.
+     * @returns {Promise<ConnectAccountRedirectResult>} The result of the My Account API, including any persisted app state.
+     * @throws {GenericError | MyAccountApiError} If the transaction is missing, invalid, or an error is returned from the My Account API.
+     */
+    private _handleConnectAccountRedirectCallback;
+    /**
+     * ```js
+     * await auth0.checkSession();
+     * ```
+     *
+     * Check if the user is logged in using `getTokenSilently`. The difference
+     * with `getTokenSilently` is that this doesn't return a token, but it will
+     * pre-fill the token cache.
+     *
+     * This method also heeds the `auth0.{clientId}.is.authenticated` cookie, as an optimization
+     *  to prevent calling Auth0 unnecessarily. If the cookie is not present because
+     * there was no previous login (or it has expired) then tokens will not be refreshed.
+     *
+     * It should be used for silently logging in the user when you instantiate the
+     * `Auth0Client` constructor. You should not need this if you are using the
+     * `createAuth0Client` factory.
+     *
+     * **Note:** the cookie **may not** be present if running an app using a private tab, as some
+     * browsers clear JS cookie data and local storage when the tab or page is closed, or on page reload. This effectively
+     * means that `checkSession` could silently return without authenticating the user on page refresh when
+     * using a private tab, despite having previously logged in. As a workaround, use `getTokenSilently` instead
+     * and handle the possible `login_required` error [as shown in the readme](https://github.com/auth0/auth0-spa-js#creating-the-client).
+     *
+     * @param options
+     */
+    checkSession(options?: GetTokenSilentlyOptions): Promise<void>;
+    /**
+     * Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.
+     *
+     * @param options
+     */
+    getTokenSilently(options: GetTokenSilentlyOptions & {
+        detailedResponse: true;
+    }): Promise<GetTokenSilentlyVerboseResponse>;
+    /**
+     * Fetches a new access token and returns it.
+     *
+     * @param options
+     */
+    getTokenSilently(options?: GetTokenSilentlyOptions): Promise<string>;
+    private _getTokenSilently;
+    /**
+     * Checks if an error should be handled by the interactive error handler.
+     * Matches:
+     * - MfaRequiredError (refresh token path, error='mfa_required')
+     * - GenericError from iframe path (error='login_required',
+     *   error_description='Multifactor authentication required')
+     * Extensible for future interactive error types.
+     */
+    private _isInteractiveError;
+    /**
+     * Checks if a login_required error from the iframe flow is actually
+     * an MFA step-up requirement. The /authorize endpoint returns
+     * error='login_required' with error_description='Multifactor authentication required'
+     * when MFA is needed but prompt=none prevents interaction.
+     */
+    private _isIframeMfaError;
+    /**
+     * Handles MFA errors by opening a popup to complete authentication,
+     * then reads the resulting token from cache.
+     */
+    private _handleInteractiveErrorWithPopup;
+    /**
+     * ```js
+     * const token = await auth0.getTokenWithPopup(options);
+     * ```
+     * Opens a popup with the `/authorize` URL using the parameters
+     * provided as arguments. Random and secure `state` and `nonce`
+     * parameters will be auto-generated. If the response is successful,
+     * results will be valid according to their expiration times.
+     *
+     * @param options
+     * @param config
+     */
+    getTokenWithPopup(options?: GetTokenWithPopupOptions, config?: PopupConfigOptions): Promise<string | undefined>;
+    /**
+     * ```js
+     * const isAuthenticated = await auth0.isAuthenticated();
+     * ```
+     *
+     * Returns `true` if there's valid information stored,
+     * otherwise returns `false`.
+     *
+     */
+    isAuthenticated(): Promise<boolean>;
+    /**
+     * ```js
+     * await auth0.buildLogoutUrl(options);
+     * ```
+     *
+     * Builds a URL to the logout endpoint using the parameters provided as arguments.
+     * @param options
+     */
+    private _buildLogoutUrl;
+    /**
+     * ```js
+     * await auth0.logout(options);
+     * ```
+     *
+     * Clears the application session and performs a redirect to `/v2/logout`, using
+     * the parameters provided as arguments, to clear the Auth0 session.
+     *
+     * If the `federated` option is specified it also clears the Identity Provider session.
+     * [Read more about how Logout works at Auth0](https://auth0.com/docs/logout).
+     *
+     * @param options
+     */
+    logout(options?: LogoutOptions): Promise<void>;
+    private _getTokenFromIFrame;
+    private _getTokenUsingRefreshToken;
+    private _saveEntryInCache;
+    private _getIdTokenFromCache;
+    private _getEntryFromCache;
+    private _requestToken;
+    /**
+     * ```js
+     * await auth0.loginWithCustomTokenExchange(options);
+     * ```
+     *
+     * Exchanges an external subject token for Auth0 tokens and logs the user in.
+     * This method implements the Custom Token Exchange grant as specified in RFC 8693.
+     *
+     * The exchanged tokens are automatically cached, establishing an authenticated session.
+     * After calling this method, you can use `getUser()`, `getIdTokenClaims()`, and
+     * `getTokenSilently()` to access the user's information and tokens.
+     *
+     * @param {CustomTokenExchangeOptions} options - The options required to perform the token exchange.
+     *
+     * @returns {Promise<TokenEndpointResponse>} A promise that resolves to the token endpoint response,
+     * which contains the issued Auth0 tokens (access_token, id_token, etc.).
+     *
+     * The request includes the following parameters:
+     * - `grant_type`: "urn:ietf:params:oauth:grant-type:token-exchange"
+     * - `subject_token`: The external token to exchange
+     * - `subject_token_type`: The type identifier of the external token
+     * - `scope`: Merged scopes from the request and SDK defaults
+     * - `audience`: Target audience (defaults to SDK configuration)
+     * - `organization`: Optional organization ID/name for org-scoped authentication
+     *
+     * **Example Usage:**
+     *
+     * ```js
+     * const options = {
+     *   subject_token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp...',
+     *   subject_token_type: 'urn:acme:legacy-system-token',
+     *   scope: 'openid profile email',
+     *   audience: 'https://api.example.com',
+     *   organization: 'org_12345'
+     * };
+     *
+     * try {
+     *   const tokenResponse = await auth0.loginWithCustomTokenExchange(options);
+     *   console.log('Access token:', tokenResponse.access_token);
+     *
+     *   // User is now logged in - access user info
+     *   const user = await auth0.getUser();
+     *   console.log('Logged in user:', user);
+     * } catch (error) {
+     *   console.error('Token exchange failed:', error);
+     * }
+     * ```
+     */
+    loginWithCustomTokenExchange(options: CustomTokenExchangeOptions): Promise<TokenEndpointResponse>;
+    /**
+     * @deprecated Use `loginWithCustomTokenExchange()` instead. This method will be removed in the next major version.
+     *
+     * Exchanges an external subject token for Auth0 tokens.
+     *
+     * @param {CustomTokenExchangeOptions} options - The options required to perform the token exchange.
+     * @returns {Promise<TokenEndpointResponse>} A promise that resolves to the token endpoint response.
+     *
+     * **Example:**
+     * ```js
+     * // Instead of:
+     * const tokens = await auth0.exchangeToken(options);
+     *
+     * // Use:
+     * const tokens = await auth0.loginWithCustomTokenExchange(options);
+     * ```
+     */
+    exchangeToken(options: CustomTokenExchangeOptions): Promise<TokenEndpointResponse>;
+    protected _assertDpop(dpop: Dpop | undefined): asserts dpop is Dpop;
+    /**
+     * Returns the current DPoP nonce used for making requests to Auth0.
+     *
+     * It can return `undefined` because when starting fresh it will not
+     * be populated until after the first response from the server.
+     *
+     * It requires enabling the {@link Auth0ClientOptions.useDpop} option.
+     *
+     * @param nonce The nonce value.
+     * @param id    The identifier of a nonce: if absent, it will get the nonce
+     *              used for requests to Auth0. Otherwise, it will be used to
+     *              select a specific non-Auth0 nonce.
+     */
+    getDpopNonce(id?: string): Promise<string | undefined>;
+    /**
+     * Sets the current DPoP nonce used for making requests to Auth0.
+     *
+     * It requires enabling the {@link Auth0ClientOptions.useDpop} option.
+     *
+     * @param nonce The nonce value.
+     * @param id    The identifier of a nonce: if absent, it will set the nonce
+     *              used for requests to Auth0. Otherwise, it will be used to
+     *              select a specific non-Auth0 nonce.
+     */
+    setDpopNonce(nonce: string, id?: string): Promise<void>;
+    /**
+     * Returns a string to be used to demonstrate possession of the private
+     * key used to cryptographically bind access tokens with DPoP.
+     *
+     * It requires enabling the {@link Auth0ClientOptions.useDpop} option.
+     */
+    generateDpopProof(params: {
+        url: string;
+        method: string;
+        nonce?: string;
+        accessToken: string;
+    }): Promise<string>;
+    /**
+     * Returns a new `Fetcher` class that will contain a `fetchWithAuth()` method.
+     * This is a drop-in replacement for the Fetch API's `fetch()` method, but will
+     * handle certain authentication logic for you, like building the proper auth
+     * headers or managing DPoP nonces and retries automatically.
+     *
+     * Check the `EXAMPLES.md` file for a deeper look into this method.
+     */
+    createFetcher<TOutput extends CustomFetchMinimalOutput = Response>(config?: FetcherConfig<TOutput>): Fetcher<TOutput>;
+    /**
+     * Initiates a redirect to connect the user's account with a specified connection.
+     * This method generates PKCE parameters, creates a transaction, and redirects to the /connect endpoint.
+     *
+     * You must enable `Offline Access` from the Connection Permissions settings to be able to use the connection with Connected Accounts.
+     *
+     * @template TAppState - The application state to persist through the transaction.
+     * @param {RedirectConnectAccountOptions<TAppState>} options - Options for the connect account redirect flow.
+     * @param   {string} options.connection - The name of the connection to link (e.g. 'google-oauth2').
+     * @param   {string[]} [options.scopes] - Array of scopes to request from the Identity Provider during the connect account flow.
+     * @param   {AuthorizationParams} [options.authorization_params] - Additional authorization parameters for the request to the upstream IdP.
+     * @param   {string} [options.redirectUri] - The URI to redirect back to after connecting the account.
+     * @param   {TAppState} [options.appState] - Application state to persist through the transaction.
+     * @param   {(url: string) => Promise<void>} [options.openUrl] - Custom function to open the URL.
+     *
+     * @returns {Promise<void>} Resolves when the redirect is initiated.
+     * @throws {MyAccountApiError} If the connect request to the My Account API fails.
+     */
+    connectAccountWithRedirect<TAppState = any>(options: RedirectConnectAccountOptions<TAppState>): Promise<void>;
+    /**
+     * @internal
+     * Internal method used by MfaApiClient to exchange MFA tokens for access tokens.
+     * This method should not be called directly by applications.
+     */
+    _requestTokenForMfa(options: {
+        grant_type: string;
+        mfaToken: string;
+        scope?: string;
+        audience?: string;
+        otp?: string;
+        binding_code?: string;
+        oob_code?: string;
+        recovery_code?: string;
+    }, additionalParameters?: RequestTokenAdditionalParameters): Promise<TokenEndpointResponse>;
+}
+interface RequestTokenAdditionalParameters {
+    nonceIn?: string;
+    organization?: string;
+    scopesToRequest?: string;
+}
+export {};

package/dist/typings/Auth0Client.utils.d.ts

@@ -0,0 +1,90 @@
+import { ICache } from './cache';
+import { Auth0ClientOptions, AuthorizationParams, AuthorizeOptions, ClientAuthorizationParams, LogoutOptions } from './global';
+/**
+ * @ignore
+ */
+export declare const GET_TOKEN_SILENTLY_LOCK_KEY = "auth0.lock.getTokenSilently";
+/**
+ * @ignore
+ */
+export declare const GET_TOKEN_FROM_IFRAME_LOCK_KEY = "auth0.lock.getTokenFromIFrame";
+/**
+ * @ignore
+ */
+export declare const buildGetTokenSilentlyLockKey: (clientId: string, audience: string) => string;
+/**
+ * @ignore
+ * Builds a global lock key for iframe-based authentication flows.
+ * This ensures only one iframe authorization request runs at a time per client,
+ * preventing "Invalid state" errors from concurrent iframe requests overwriting
+ * each other's state in the Auth0 session.
+ */
+export declare const buildIframeLockKey: (clientId: string) => string;
+/**
+ * @ignore
+ */
+export declare const buildOrganizationHintCookieName: (clientId: string) => string;
+/**
+ * @ignore
+ */
+export declare const OLD_IS_AUTHENTICATED_COOKIE_NAME = "auth0.is.authenticated";
+/**
+ * @ignore
+ */
+export declare const buildIsAuthenticatedCookieName: (clientId: string) => string;
+/**
+ * @ignore
+ */
+export declare const cacheFactory: (location: string) => () => ICache;
+/**
+ * @ignore
+ */
+export declare const getAuthorizeParams: (clientOptions: Auth0ClientOptions & {
+    authorizationParams: ClientAuthorizationParams;
+}, scope: Record<string, string>, authorizationParams: AuthorizationParams & {
+    scope?: string | undefined;
+}, state: string, nonce: string, code_challenge: string, redirect_uri: string | undefined, response_mode: string | undefined, thumbprint: string | undefined) => AuthorizeOptions;
+/**
+ * @ignore
+ *
+ * Function used to provide support for the deprecated onRedirect through openUrl.
+ */
+export declare const patchOpenUrlWithOnRedirect: <T extends Pick<LogoutOptions, "onRedirect" | "openUrl">>(options: T) => T;
+/**
+ * @ignore
+ *
+ * Checks if all scopes are included inside other array of scopes
+ */
+export declare const allScopesAreIncluded: (scopeToInclude?: string, scopes?: string) => boolean;
+/**
+ * @ignore
+ *
+ * Returns the scopes that are missing after a refresh
+ */
+export declare const getMissingScopes: (requestedScope?: string, respondedScope?: string) => string;
+/**
+ * @ignore
+ *
+ * For backward compatibility we are going to check if we are going to downscope while doing a refresh request
+ * while MRRT is allowed. If the audience is the same for the refresh_token we are going to use and it has
+ * lower scopes than the ones originally in the token, we are going to return the scopes that were stored
+ * with the refresh_token in the tokenset.
+ * @param useMrrt Setting that the user can activate to use MRRT in their requests
+ * @param authorizationParams Contains the audience and scope that the user requested to obtain a token
+ * @param cachedAudience Audience stored with the refresh_token wich we are going to use in the request
+ * @param cachedScope Scope stored with the refresh_token wich we are going to use in the request
+ */
+export declare const getScopeToRequest: (useMrrt: boolean | undefined, authorizationParams: {
+    audience?: string;
+    scope: string;
+}, cachedAudience?: string, cachedScope?: string) => string;
+/**
+ * @ignore
+ *
+ * Checks if the refresh request has been done using MRRT
+ * @param cachedAudience Audience from the refresh token used to refresh
+ * @param cachedScope Scopes from the refresh token used to refresh
+ * @param requestAudience Audience sent to the server
+ * @param requestScope Scopes sent to the server
+ */
+export declare const isRefreshWithMrrt: (cachedAudience: string | undefined, cachedScope: string | undefined, requestAudience: string | undefined, requestScope: string) => boolean;

package/dist/typings/MyAccountApiClient.d.ts

@@ -0,0 +1,92 @@
+import { AuthorizationParams } from './global';
+import { Fetcher } from './fetcher';
+interface ConnectRequest {
+    /** The name of the connection to link the account with (e.g., 'google-oauth2', 'facebook'). */
+    connection: string;
+    /** Array of scopes to request from the Identity Provider during the connect account flow. */
+    scopes?: string[];
+    /** The URI to redirect to after the connection process completes. */
+    redirect_uri: string;
+    /** An opaque value used to maintain state between the request and callback. */
+    state?: string;
+    /** The PKCE code challenge derived from the code verifier. */
+    code_challenge?: string;
+    /** The method used to derive the code challenge. Required when code_challenge is provided. */
+    code_challenge_method?: 'S256';
+    authorization_params?: AuthorizationParams;
+}
+interface ConnectResponse {
+    /** The base URI to initiate the account connection flow. */
+    connect_uri: string;
+    /** The authentication session identifier. */
+    auth_session: string;
+    /** Parameters to be used with the connect URI. */
+    connect_params: {
+        /** The ticket identifier to be used with the connection URI. */
+        ticket: string;
+    };
+    /** The number of seconds until the ticket expires. */
+    expires_in: number;
+}
+interface CompleteRequest {
+    /** The authentication session identifier */
+    auth_session: string;
+    /** The authorization code returned from the connect flow */
+    connect_code: string;
+    /** The redirect URI used in the original request */
+    redirect_uri: string;
+    /** The PKCE code verifier */
+    code_verifier?: string;
+}
+export interface CompleteResponse {
+    /** The unique identifier of the connected account */
+    id: string;
+    /** The connection name */
+    connection: string;
+    /** The access type, always 'offline' */
+    access_type: 'offline';
+    /** Array of scopes granted */
+    scopes?: string[];
+    /** ISO date string of when the connected account was created */
+    created_at: string;
+    /** ISO date string of when the refresh token expires (optional) */
+    expires_at?: string;
+}
+export interface ErrorResponse {
+    type: string;
+    status: number;
+    title: string;
+    detail: string;
+    validation_errors?: {
+        detail: string;
+        field?: string;
+        pointer?: string;
+        source?: string;
+    }[];
+}
+/**
+ * Subset of the MyAccount API that handles the connect accounts flow.
+ */
+export declare class MyAccountApiClient {
+    private myAccountFetcher;
+    private apiBase;
+    constructor(myAccountFetcher: Fetcher<Response>, apiBase: string);
+    /**
+     * Get a ticket for the connect account flow.
+     */
+    connectAccount(params: ConnectRequest): Promise<ConnectResponse>;
+    /**
+     * Verify the redirect from the connect account flow and complete the connecting of the account.
+     */
+    completeAccount(params: CompleteRequest): Promise<CompleteResponse>;
+    private _handleResponse;
+}
+export declare class MyAccountApiError extends Error {
+    readonly type: string;
+    readonly status: number;
+    readonly title: string;
+    readonly detail: string;
+    readonly validation_errors?: ErrorResponse['validation_errors'];
+    constructor({ type, status, title, detail, validation_errors }: ErrorResponse);
+}
+export {};