@corvushold/guard-sdk 0.13.4 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +77 -1
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +507 -1
  4. package/dist/index.d.ts +507 -1
  5. package/dist/index.js +77 -1
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -159,6 +159,8 @@ interface components {
159
159
  /** @description Recommended/preferred login method based on context
160
160
  * Values: "sso", "password", "magic_link", "social" */
161
161
  preferred_method?: string;
162
+ /** @description Whether new user signup is enabled for this tenant */
163
+ signup_enabled?: boolean;
162
164
  /** @description Social login providers (tenant-wide or global) */
163
165
  social_providers?: components["schemas"]["controller.SocialProviderOption"][];
164
166
  /** @description SSO providers configured for this tenant */
@@ -167,6 +169,8 @@ interface components {
167
169
  sso_required?: boolean;
168
170
  /** @description Tenant information (if discovered) */
169
171
  tenant_id?: string;
172
+ /** @description Tenant logo URL for branding on the login page */
173
+ tenant_logo_url?: string;
170
174
  tenant_name?: string;
171
175
  /** @description If email is present in multiple tenants, list them so the UI can prompt the user.
172
176
  * When multiple tenants are present, tenant_id/tenant_name will only be set when
@@ -202,6 +206,54 @@ interface components {
202
206
  */
203
207
  name: string;
204
208
  };
209
+ "controller.acceptInvitationReq": {
210
+ /** @description Optional first name */
211
+ first_name?: string;
212
+ /** @description Optional last name */
213
+ last_name?: string;
214
+ /** @description Password for the new account (min 8 chars) */
215
+ password: string;
216
+ /** @description Invitation token from the invite URL */
217
+ token: string;
218
+ };
219
+ "controller.adminCreateUserReq": {
220
+ /** @description User email address */
221
+ email: string;
222
+ /** @description Mark email as verified */
223
+ email_verified?: boolean;
224
+ /** @description Optional first name */
225
+ first_name?: string;
226
+ /** @description Optional last name */
227
+ last_name?: string;
228
+ /** @description Password (min 8 chars) */
229
+ password: string;
230
+ /** @description Optional roles to assign */
231
+ roles?: string[];
232
+ /** @description Send welcome email to user */
233
+ send_welcome?: boolean;
234
+ /** @description Tenant ID (UUID) */
235
+ tenant_id: string;
236
+ };
237
+ "controller.adminCreateUserResp": {
238
+ /** @description Creation timestamp */
239
+ created_at?: string;
240
+ /** @description User email */
241
+ email?: string;
242
+ /** @description Whether email is verified */
243
+ email_verified?: boolean;
244
+ /** @description First name */
245
+ first_name?: string;
246
+ /** @description User ID */
247
+ id?: string;
248
+ /** @description Whether user is active */
249
+ is_active?: boolean;
250
+ /** @description Last name */
251
+ last_name?: string;
252
+ /** @description Assigned roles */
253
+ roles?: string[];
254
+ /** @description Tenant ID */
255
+ tenant_id?: string;
256
+ };
205
257
  "controller.adminUpdateNamesReq": {
206
258
  first_name?: string;
207
259
  last_name?: string;
@@ -211,6 +263,7 @@ interface components {
211
263
  };
212
264
  "controller.adminUser": {
213
265
  created_at?: string;
266
+ email?: string;
214
267
  email_verified?: boolean;
215
268
  first_name?: string;
216
269
  id?: string;
@@ -223,16 +276,85 @@ interface components {
223
276
  "controller.adminUsersResp": {
224
277
  users?: components["schemas"]["controller.adminUser"][];
225
278
  };
279
+ "controller.apiKeyItem": {
280
+ created_at?: string;
281
+ created_by?: string;
282
+ expires_at?: string;
283
+ id?: string;
284
+ key_prefix?: string;
285
+ last_used_at?: string;
286
+ name?: string;
287
+ revoked_at?: string;
288
+ scopes?: string[];
289
+ tenant_id?: string;
290
+ updated_at?: string;
291
+ };
292
+ "controller.apiKeysListResp": {
293
+ api_keys?: components["schemas"]["controller.apiKeyItem"][];
294
+ };
226
295
  "controller.authExchangeResp": {
227
296
  access_token?: string;
228
297
  refresh_token?: string;
229
298
  /** @example true */
230
299
  success?: boolean;
231
300
  };
301
+ "controller.authorizeDecisionReq": {
302
+ approved?: boolean;
303
+ client_id: string;
304
+ code_challenge?: string;
305
+ code_challenge_method?: string;
306
+ consent_challenge: string;
307
+ nonce?: string;
308
+ redirect_uri: string;
309
+ response_type: string;
310
+ scope?: string;
311
+ state?: string;
312
+ };
313
+ "controller.bulkImportResult": {
314
+ created?: number;
315
+ errors?: string[];
316
+ skipped?: number;
317
+ };
232
318
  "controller.changePasswordReq": {
233
319
  current_password: string;
234
320
  new_password: string;
235
321
  };
322
+ "controller.createAPIKeyReq": {
323
+ /** @description RFC3339 timestamp */
324
+ expires_at?: string;
325
+ name: string;
326
+ scopes?: string[];
327
+ };
328
+ "controller.createAPIKeyResp": {
329
+ created_at?: string;
330
+ expires_at?: string;
331
+ id?: string;
332
+ key_prefix?: string;
333
+ name?: string;
334
+ /** @description Only returned on creation */
335
+ raw_key?: string;
336
+ scopes?: string[];
337
+ tenant_id?: string;
338
+ };
339
+ "controller.createAppRequest": {
340
+ description?: string;
341
+ homepage_url?: string;
342
+ logo_uri?: string;
343
+ name: string;
344
+ };
345
+ "controller.createClientReq": {
346
+ /** @enum {string} */
347
+ client_type?: "confidential" | "public";
348
+ grant_types?: string[];
349
+ logo_uri?: string;
350
+ name: string;
351
+ redirect_uris: string[];
352
+ scopes?: string[];
353
+ };
354
+ "controller.createClientResp": {
355
+ client?: components["schemas"]["domain.OAuthClient"];
356
+ client_secret?: string;
357
+ };
236
358
  "controller.createProviderRequest": {
237
359
  acs_url?: string;
238
360
  allow_signup?: boolean;
@@ -278,6 +400,11 @@ interface components {
278
400
  name: string;
279
401
  parent_tenant_id?: string;
280
402
  };
403
+ "controller.createWebhookRequest": {
404
+ events: string[];
405
+ secret: string;
406
+ url: string;
407
+ };
281
408
  "controller.fgaAuthorizeReq": {
282
409
  object_id?: string;
283
410
  object_type: string;
@@ -331,6 +458,33 @@ interface components {
331
458
  "controller.introspectReq": {
332
459
  token?: string;
333
460
  };
461
+ "controller.invitationResp": {
462
+ accepted_at?: string;
463
+ created_at?: string;
464
+ email?: string;
465
+ expires_at?: string;
466
+ id?: string;
467
+ role?: string;
468
+ status?: string;
469
+ tenant_id?: string;
470
+ };
471
+ "controller.invitationsListResp": {
472
+ invitations?: components["schemas"]["controller.invitationResp"][];
473
+ };
474
+ "controller.inviteUserReq": {
475
+ email: string;
476
+ role?: string;
477
+ tenant_id: string;
478
+ };
479
+ "controller.inviteUserResp": {
480
+ created_at?: string;
481
+ email?: string;
482
+ expires_at?: string;
483
+ id?: string;
484
+ invite_url?: string;
485
+ role?: string;
486
+ status?: string;
487
+ };
334
488
  "controller.listResponse": {
335
489
  items?: components["schemas"]["controller.tenantResp"][];
336
490
  page?: number;
@@ -387,6 +541,8 @@ interface components {
387
541
  method: "totp" | "backup_code";
388
542
  };
389
543
  "controller.oauth2MetadataResp": {
544
+ authorization_endpoint?: string;
545
+ code_challenge_methods_supported?: string[];
390
546
  grant_types_supported?: string[];
391
547
  guard_auth_mode_default?: string;
392
548
  /** @description Guard-specific extensions */
@@ -395,6 +551,7 @@ interface components {
395
551
  introspection_endpoint?: string;
396
552
  introspection_endpoint_auth_methods_supported?: string[];
397
553
  issuer?: string;
554
+ jwks_uri?: string;
398
555
  response_types_supported?: string[];
399
556
  revocation_endpoint?: string;
400
557
  revocation_endpoint_auth_methods_supported?: string[];
@@ -403,6 +560,12 @@ interface components {
403
560
  token_endpoint_auth_methods_supported?: string[];
404
561
  userinfo_endpoint?: string;
405
562
  };
563
+ "controller.passkeyResponse": {
564
+ created_at?: string;
565
+ friendly_name?: string;
566
+ id?: string;
567
+ last_used_at?: string;
568
+ };
406
569
  "controller.permissionGrantItem": {
407
570
  key?: string;
408
571
  object_id?: string;
@@ -422,11 +585,27 @@ interface components {
422
585
  app_cors_allowed_origins?: string;
423
586
  /** @description Auth */
424
587
  jwt_signing_key?: string;
588
+ /** @description Rate limits (per-endpoint, tenant-scoped overrides) */
589
+ rl_login_limit?: string;
590
+ rl_login_window?: string;
591
+ rl_magic_limit?: string;
592
+ rl_magic_window?: string;
593
+ rl_mfa_limit?: string;
594
+ rl_mfa_window?: string;
595
+ rl_signup_limit?: string;
596
+ rl_signup_window?: string;
597
+ rl_sso_limit?: string;
598
+ rl_sso_window?: string;
599
+ rl_token_limit?: string;
600
+ rl_token_window?: string;
425
601
  /** @description Scope is deprecated and ignored. Kept for backward compatibility with older SDKs. */
426
602
  scope?: string;
603
+ /** @description Signup & branding */
604
+ signup_enabled?: string;
427
605
  sso_provider?: string;
428
606
  sso_redirect_allowlist?: string;
429
607
  sso_state_ttl?: string;
608
+ tenant_logo_url?: string;
430
609
  workos_api_key?: string;
431
610
  workos_client_id?: string;
432
611
  workos_client_secret?: string;
@@ -479,10 +658,19 @@ interface components {
479
658
  };
480
659
  "controller.rbacUserRolesResp": {
481
660
  role_ids?: string[];
661
+ roles?: components["schemas"]["controller.rbacRoleItem"][];
482
662
  };
483
663
  "controller.refreshReq": {
484
664
  refresh_token?: string;
485
665
  };
666
+ "controller.registerPasskeyRequest": {
667
+ aaguid?: string;
668
+ attestation_type?: string;
669
+ credential_id: string;
670
+ friendly_name?: string;
671
+ public_key: string;
672
+ transports?: string[];
673
+ };
486
674
  "controller.resetPasswordConfirmReq": {
487
675
  new_password: string;
488
676
  tenant_id?: string;
@@ -514,10 +702,26 @@ interface components {
514
702
  "controller.settingsResponse": {
515
703
  /** @description App */
516
704
  app_cors_allowed_origins?: string;
705
+ /** @description Rate limits (per-endpoint, tenant-scoped overrides) */
706
+ rl_login_limit?: string;
707
+ rl_login_window?: string;
708
+ rl_magic_limit?: string;
709
+ rl_magic_window?: string;
710
+ rl_mfa_limit?: string;
711
+ rl_mfa_window?: string;
712
+ rl_signup_limit?: string;
713
+ rl_signup_window?: string;
714
+ rl_sso_limit?: string;
715
+ rl_sso_window?: string;
716
+ rl_token_limit?: string;
717
+ rl_token_window?: string;
718
+ /** @description Signup & branding */
719
+ signup_enabled?: string;
517
720
  /** @description SSO */
518
721
  sso_provider?: string;
519
722
  sso_redirect_allowlist?: string;
520
723
  sso_state_ttl?: string;
724
+ tenant_logo_url?: string;
521
725
  /** @description masked */
522
726
  workos_api_key?: string;
523
727
  workos_client_id?: string;
@@ -552,10 +756,32 @@ interface components {
552
756
  parent_tenant_id?: string;
553
757
  updated_at?: string;
554
758
  };
759
+ "controller.updateAppRequest": {
760
+ description?: string;
761
+ homepage_url?: string;
762
+ is_active?: boolean;
763
+ logo_uri?: string;
764
+ name?: string;
765
+ };
766
+ "controller.updateClientReq": {
767
+ grant_types?: string[];
768
+ is_active?: boolean;
769
+ logo_uri?: string;
770
+ name?: string;
771
+ redirect_uris?: string[];
772
+ scopes?: string[];
773
+ };
774
+ "controller.updateParentReq": {
775
+ parent_tenant_id?: string;
776
+ };
555
777
  "controller.updateProfileReq": {
556
778
  first_name?: string;
557
779
  last_name?: string;
558
780
  };
781
+ "controller.updateProfileRequest": {
782
+ first_name?: string;
783
+ last_name?: string;
784
+ };
559
785
  "controller.updateProviderRequest": {
560
786
  acs_url?: string;
561
787
  allow_signup?: boolean;
@@ -599,6 +825,26 @@ interface components {
599
825
  want_assertions_signed?: boolean;
600
826
  want_response_signed?: boolean;
601
827
  };
828
+ "controller.updateWebhookRequest": {
829
+ events?: string[];
830
+ is_active?: boolean;
831
+ url?: string;
832
+ };
833
+ "controller.verifyEmailReq": {
834
+ token: string;
835
+ };
836
+ "domain.Application": {
837
+ created_at?: string;
838
+ created_by?: string;
839
+ description?: string;
840
+ homepage_url?: string;
841
+ id?: string;
842
+ is_active?: boolean;
843
+ logo_uri?: string;
844
+ name?: string;
845
+ tenant_id?: string;
846
+ updated_at?: string;
847
+ };
602
848
  "domain.Introspection": {
603
849
  active?: boolean;
604
850
  email?: string;
@@ -610,11 +856,105 @@ interface components {
610
856
  tenant_id?: string;
611
857
  user_id?: string;
612
858
  };
859
+ "domain.OAuthClient": {
860
+ client_id?: string;
861
+ /**
862
+ * @description confidential | public
863
+ * @enum {string}
864
+ */
865
+ client_type?: "confidential" | "public";
866
+ created_at?: string;
867
+ created_by?: string;
868
+ grant_types?: string[];
869
+ id?: string;
870
+ is_active?: boolean;
871
+ logo_uri?: string;
872
+ name?: string;
873
+ redirect_uris?: string[];
874
+ scopes?: string[];
875
+ tenant_id?: string;
876
+ updated_at?: string;
877
+ };
613
878
  "domain.PortalLink": {
614
879
  link?: string;
615
880
  };
616
881
  /** @enum {string} */
617
882
  "domain.ProviderType": "oidc" | "saml" | "oauth2" | "workos" | "dev";
883
+ "domain.SCIMEmail": {
884
+ primary?: boolean;
885
+ type?: string;
886
+ value?: string;
887
+ };
888
+ "domain.SCIMError": {
889
+ detail?: string;
890
+ schemas?: string[];
891
+ status?: number;
892
+ };
893
+ "domain.SCIMGroup": {
894
+ displayName?: string;
895
+ id?: string;
896
+ members?: components["schemas"]["domain.SCIMMemberRef"][];
897
+ meta?: components["schemas"]["domain.SCIMMeta"];
898
+ schemas?: string[];
899
+ };
900
+ "domain.SCIMGroupRef": {
901
+ $ref?: string;
902
+ display?: string;
903
+ value?: string;
904
+ };
905
+ "domain.SCIMListResponse": {
906
+ Resources?: unknown;
907
+ itemsPerPage?: number;
908
+ schemas?: string[];
909
+ startIndex?: number;
910
+ totalResults?: number;
911
+ };
912
+ "domain.SCIMMemberRef": {
913
+ $ref?: string;
914
+ display?: string;
915
+ value?: string;
916
+ };
917
+ "domain.SCIMMeta": {
918
+ created?: string;
919
+ lastModified?: string;
920
+ location?: string;
921
+ resourceType?: string;
922
+ };
923
+ "domain.SCIMName": {
924
+ familyName?: string;
925
+ givenName?: string;
926
+ };
927
+ "domain.SCIMPatchOp": {
928
+ /** @description add, remove, replace */
929
+ op?: string;
930
+ /** @description attribute path, e.g. "name.givenName" */
931
+ path?: string;
932
+ /** @description new value */
933
+ value?: unknown;
934
+ };
935
+ "domain.SCIMPatchRequest": {
936
+ Operations?: components["schemas"]["domain.SCIMPatchOp"][];
937
+ schemas?: string[];
938
+ };
939
+ "domain.SCIMUser": {
940
+ active?: boolean;
941
+ emails?: components["schemas"]["domain.SCIMEmail"][];
942
+ externalId?: string;
943
+ groups?: components["schemas"]["domain.SCIMGroupRef"][];
944
+ id?: string;
945
+ meta?: components["schemas"]["domain.SCIMMeta"];
946
+ name?: components["schemas"]["domain.SCIMName"];
947
+ schemas?: string[];
948
+ userName?: string;
949
+ };
950
+ "domain.TokenResponse": {
951
+ access_token?: string;
952
+ expires_in?: number;
953
+ id_token?: string;
954
+ refresh_token?: string;
955
+ scope?: string;
956
+ token_type?: string;
957
+ };
618
958
  "domain.UserProfile": {
619
959
  email?: string;
620
960
  email_verified?: boolean;
@@ -626,6 +966,15 @@ interface components {
626
966
  roles?: string[];
627
967
  tenant_id?: string;
628
968
  };
969
+ "domain.Webhook": {
970
+ created_at?: string;
971
+ events?: string[];
972
+ id?: string;
973
+ is_active?: boolean;
974
+ tenant_id?: string;
975
+ updated_at?: string;
976
+ url?: string;
977
+ };
629
978
  };
630
979
  responses: never;
631
980
  parameters: never;
@@ -636,6 +985,12 @@ interface components {
636
985
  "application/json": components["schemas"]["controller.magicVerifyReq"];
637
986
  };
638
987
  };
988
+ /** @description Group resource */
989
+ "domain.SCIMGroup": {
990
+ content: {
991
+ "application/json": components["schemas"]["domain.SCIMGroup"];
992
+ };
993
+ };
639
994
  /** @description permission_key, scope_type, optional resource_type/resource_id */
640
995
  "controller.rbacRolePermissionReq": {
641
996
  content: {
@@ -654,6 +1009,18 @@ interface components {
654
1009
  "application/json": components["schemas"]["controller.rbacModifyUserRoleReq"];
655
1010
  };
656
1011
  };
1012
+ /** @description Patch operations */
1013
+ "domain.SCIMPatchRequest": {
1014
+ content: {
1015
+ "application/json": components["schemas"]["domain.SCIMPatchRequest"];
1016
+ };
1017
+ };
1018
+ /** @description User resource */
1019
+ "domain.SCIMUser": {
1020
+ content: {
1021
+ "application/json": components["schemas"]["domain.SCIMUser"];
1022
+ };
1023
+ };
657
1024
  };
658
1025
  headers: never;
659
1026
  pathItems: never;
@@ -781,6 +1148,62 @@ interface SessionItem {
781
1148
  interface SessionsListResp {
782
1149
  sessions: SessionItem[];
783
1150
  }
1151
+ type InvitationStatus = 'pending' | 'accepted' | 'revoked' | 'expired';
1152
+ interface Invitation {
1153
+ id: string;
1154
+ tenant_id: string | null;
1155
+ email: string;
1156
+ role?: string;
1157
+ status: InvitationStatus;
1158
+ expires_at: string;
1159
+ created_at: string;
1160
+ accepted_at: string | null;
1161
+ revoked_at?: string | null;
1162
+ }
1163
+ interface InvitationsListResp {
1164
+ invitations: Invitation[];
1165
+ }
1166
+ interface InviteUserReq {
1167
+ tenant_id?: string;
1168
+ email: string;
1169
+ role?: string;
1170
+ }
1171
+ interface InviteUserResp {
1172
+ id: string;
1173
+ email: string;
1174
+ role?: string;
1175
+ status: string;
1176
+ expires_at: string;
1177
+ created_at: string;
1178
+ invite_url?: string;
1179
+ }
1180
+ interface AcceptInvitationReq {
1181
+ token: string;
1182
+ password: string;
1183
+ first_name?: string;
1184
+ last_name?: string;
1185
+ }
1186
+ interface AdminCreateUserReq {
1187
+ tenant_id?: string;
1188
+ email: string;
1189
+ password: string;
1190
+ first_name?: string;
1191
+ last_name?: string;
1192
+ roles?: string[];
1193
+ email_verified?: boolean;
1194
+ send_welcome?: boolean;
1195
+ }
1196
+ interface AdminCreateUserResp {
1197
+ id: string;
1198
+ email: string;
1199
+ first_name: string;
1200
+ last_name: string;
1201
+ roles: string[];
1202
+ tenant_id: string;
1203
+ email_verified: boolean;
1204
+ is_active: boolean;
1205
+ created_at: string;
1206
+ }
784
1207
  interface TenantSettingsResponse {
785
1208
  sso_provider: string;
786
1209
  workos_client_id: string;
@@ -790,6 +1213,19 @@ interface TenantSettingsResponse {
790
1213
  workos_default_organization_id?: string;
791
1214
  sso_state_ttl: string;
792
1215
  sso_redirect_allowlist: string;
1216
+ app_cors_allowed_origins?: string;
1217
+ rl_login_limit?: string;
1218
+ rl_login_window?: string;
1219
+ rl_signup_limit?: string;
1220
+ rl_signup_window?: string;
1221
+ rl_magic_limit?: string;
1222
+ rl_magic_window?: string;
1223
+ rl_sso_limit?: string;
1224
+ rl_sso_window?: string;
1225
+ rl_token_limit?: string;
1226
+ rl_token_window?: string;
1227
+ rl_mfa_limit?: string;
1228
+ rl_mfa_window?: string;
793
1229
  }
794
1230
  interface TenantSettingsPutRequest {
795
1231
  sso_provider?: string | null;
@@ -800,6 +1236,55 @@ interface TenantSettingsPutRequest {
800
1236
  workos_default_organization_id?: string | null;
801
1237
  sso_state_ttl?: string | null;
802
1238
  sso_redirect_allowlist?: string | null;
1239
+ app_cors_allowed_origins?: string | null;
1240
+ jwt_signing_key?: string | null;
1241
+ rl_login_limit?: string | null;
1242
+ rl_login_window?: string | null;
1243
+ rl_signup_limit?: string | null;
1244
+ rl_signup_window?: string | null;
1245
+ rl_magic_limit?: string | null;
1246
+ rl_magic_window?: string | null;
1247
+ rl_sso_limit?: string | null;
1248
+ rl_sso_window?: string | null;
1249
+ rl_token_limit?: string | null;
1250
+ rl_token_window?: string | null;
1251
+ rl_mfa_limit?: string | null;
1252
+ rl_mfa_window?: string | null;
1253
+ }
1254
+ interface OAuthClientItem {
1255
+ id: string;
1256
+ tenant_id: string;
1257
+ client_id: string;
1258
+ client_type: 'confidential' | 'public';
1259
+ name: string;
1260
+ redirect_uris: string[];
1261
+ scopes: string[];
1262
+ grant_types: string[];
1263
+ logo_uri?: string;
1264
+ is_active: boolean;
1265
+ created_by?: string;
1266
+ created_at: string;
1267
+ updated_at: string;
1268
+ }
1269
+ interface CreateOAuthClientReq {
1270
+ name: string;
1271
+ client_type?: 'confidential' | 'public';
1272
+ redirect_uris: string[];
1273
+ scopes?: string[];
1274
+ grant_types?: string[];
1275
+ logo_uri?: string;
1276
+ }
1277
+ interface CreateOAuthClientResp {
1278
+ client: OAuthClientItem;
1279
+ client_secret?: string;
1280
+ }
1281
+ interface UpdateOAuthClientReq {
1282
+ name?: string;
1283
+ redirect_uris?: string[];
1284
+ scopes?: string[];
1285
+ grant_types?: string[];
1286
+ logo_uri?: string;
1287
+ is_active?: boolean;
803
1288
  }
804
1289
  type SsoProviderType = 'oidc' | 'saml';
805
1290
  type SsoLinkingPolicy = 'never' | 'verified_email' | 'always';
@@ -861,12 +1346,14 @@ interface SsoProviderOption {
861
1346
  interface LoginOptionsResp {
862
1347
  password_enabled: boolean;
863
1348
  magic_link_enabled: boolean;
1349
+ signup_enabled: boolean;
864
1350
  sso_providers: SsoProviderOption[];
865
1351
  preferred_method: AuthMethod;
866
1352
  sso_required: boolean;
867
1353
  user_exists: boolean;
868
1354
  tenant_id?: string;
869
1355
  tenant_name?: string;
1356
+ tenant_logo_url?: string;
870
1357
  tenants?: Array<{
871
1358
  id: string;
872
1359
  name?: string;
@@ -1092,6 +1579,18 @@ declare class GuardClient {
1092
1579
  unblockUser(id: string): Promise<ResponseWrapper<unknown>>;
1093
1580
  verifyUserEmail(id: string): Promise<ResponseWrapper<unknown>>;
1094
1581
  unverifyUserEmail(id: string): Promise<ResponseWrapper<unknown>>;
1582
+ listInvitations(params?: {
1583
+ tenant_id?: string;
1584
+ status?: string;
1585
+ }): Promise<ResponseWrapper<InvitationsListResp>>;
1586
+ createInvitation(body: InviteUserReq): Promise<ResponseWrapper<InviteUserResp>>;
1587
+ revokeInvitation(id: string): Promise<ResponseWrapper<unknown>>;
1588
+ deleteInvitation(id: string): Promise<ResponseWrapper<unknown>>;
1589
+ getInvitation(params: {
1590
+ token: string;
1591
+ }): Promise<ResponseWrapper<Invitation>>;
1592
+ acceptInvitation(body: AcceptInvitationReq): Promise<ResponseWrapper<TokensResp>>;
1593
+ adminCreateUser(body: AdminCreateUserReq): Promise<ResponseWrapper<AdminCreateUserResp>>;
1095
1594
  listSessions(options?: {
1096
1595
  includeAll?: boolean;
1097
1596
  }): Promise<ResponseWrapper<SessionsListResp>>;
@@ -1271,6 +1770,13 @@ declare class GuardClient {
1271
1770
  object_type: string;
1272
1771
  object_id?: string | null;
1273
1772
  }): Promise<ResponseWrapper<unknown>>;
1773
+ listOAuthClients(): Promise<ResponseWrapper<{
1774
+ clients: OAuthClientItem[];
1775
+ }>>;
1776
+ createOAuthClient(body: CreateOAuthClientReq): Promise<ResponseWrapper<CreateOAuthClientResp>>;
1777
+ getOAuthClient(id: string): Promise<ResponseWrapper<OAuthClientItem>>;
1778
+ updateOAuthClient(id: string, body: UpdateOAuthClientReq): Promise<ResponseWrapper<unknown>>;
1779
+ deleteOAuthClient(id: string): Promise<ResponseWrapper<unknown>>;
1274
1780
  /**
1275
1781
  * Fetch OAuth 2.0 Authorization Server Metadata (RFC 8414)
1276
1782
  * Returns server capabilities including supported auth modes, endpoints, and grant types.
@@ -1299,4 +1805,4 @@ declare class GuardClient {
1299
1805
 
1300
1806
  declare function generateTOTPCode(base32Secret: string): string;
1301
1807
 
1302
- export { type AdminUser, type AdminUsersResp, ApiError, type AsyncStorageLike, type AuthMethod, type CreateSsoProviderReq, type DiscoverTenantsResp, type FetchLike, type FgaAclTuple, type FgaGroup, type FgaGroupsResp, GuardClient, type GuardClientOptions, type HeadersMap, HttpClient, InMemoryStorage, type Interceptors, type LoginOptionsResp, type Meta, RateLimitError, type RequestInterceptor, type ResponseInterceptor, type ResponseWrapper, type SessionItem, type SessionsListResp, type SsoLinkingPolicy, type SsoPortalContext, type SsoPortalSessionResp, type SsoProvider, type SsoProviderItem, type SsoProviderOption, type SsoProviderSlug, type SsoProviderType, type SsoProvidersListResp, type SsoSPInfoResp, type SsoTestProviderResp, type TenantId, type TenantOption, type TenantSelectionRequiredResp, type TenantSettingsPutRequest, type TenantSettingsResponse, type TenantSummary, type TokenProvider, type TokenStorage, type TransportOptions, type UpdateSsoProviderReq, WebLocalStorage, applyRequestInterceptors, applyResponseInterceptors, buildRateLimitError, generateTOTPCode, isApiError, isMfaChallengeResp, isRateLimitError, isTenantSelectionRequired, isTokensResp, noopStorage, parseRetryAfter, reactNativeStorageAdapter, toHeadersMap };
1808
+ export { type AcceptInvitationReq, type AdminCreateUserReq, type AdminCreateUserResp, type AdminUser, type AdminUsersResp, ApiError, type AsyncStorageLike, type AuthMethod, type CreateOAuthClientReq, type CreateOAuthClientResp, type CreateSsoProviderReq, type DiscoverTenantsResp, type FetchLike, type FgaAclTuple, type FgaGroup, type FgaGroupsResp, GuardClient, type GuardClientOptions, type HeadersMap, HttpClient, InMemoryStorage, type Interceptors, type Invitation, type InvitationStatus, type InvitationsListResp, type InviteUserReq, type InviteUserResp, type LoginOptionsResp, type Meta, type OAuthClientItem, RateLimitError, type RequestInterceptor, type ResponseInterceptor, type ResponseWrapper, type SessionItem, type SessionsListResp, type SsoLinkingPolicy, type SsoPortalContext, type SsoPortalSessionResp, type SsoProvider, type SsoProviderItem, type SsoProviderOption, type SsoProviderSlug, type SsoProviderType, type SsoProvidersListResp, type SsoSPInfoResp, type SsoTestProviderResp, type TenantId, type TenantOption, type TenantSelectionRequiredResp, type TenantSettingsPutRequest, type TenantSettingsResponse, type TenantSummary, type TokenProvider, type TokenStorage, type TransportOptions, type UpdateOAuthClientReq, type UpdateSsoProviderReq, WebLocalStorage, applyRequestInterceptors, applyResponseInterceptors, buildRateLimitError, generateTOTPCode, isApiError, isMfaChallengeResp, isRateLimitError, isTenantSelectionRequired, isTokensResp, noopStorage, parseRetryAfter, reactNativeStorageAdapter, toHeadersMap };