@descope/node-sdk 1.0.4-alpha.6 → 1.0.4-alpha.8

package/README.md

@@ -14,7 +14,7 @@ npm i --save @descope/node-sdk
 
 ## What do you want to implement?
 
-Click one of the following links to open the documentation for that specific functionality.  
+Click one of the following links to open the documentation for that specific functionality.
 
 - [x] [One time passwords (OTP)](./docs/otp.md)
 - [x] [Magic Links](./docs/magiclink.md)
@@ -26,7 +26,7 @@ Instantly run the end-to-end ExpresSDK for NodeJS examples, as shown below. The
 
 ### Prerequisites
 
-Run the following commands in your project. Replace any instance of  `<ProjectID>` in the code below with your company's Project ID, which can be found in the [Descope console](https://app.descope.com).
+Run the following commands in your project. Replace any instance of `<ProjectID>` in the code below with your company's Project ID, which can be found in the [Descope console](https://app.descope.com).
 
 This commands will add the Descope NodeJS SDK as a project dependency, clone the SDK repository locally, and set the `DESCOPE_PROJECT_ID`.
 
@@ -40,25 +40,28 @@ export DESCOPE_PROJECT_ID=<ProjectID>
 **TL;DR**: Run `npm run quick`
 
 Run the following commands in the root of the project to build and run the examples.
+
 1. Run this to start the ES6 typescript module example
 
-    ```code bash
-    npm i
-    npm run build
-    cd examples/es6
-    npm i
-    npm start
-    ```
+   ```code bash
+   npm i && \
+   npm run build && \
+   cd examples/es6 && \
+   npm i && \
+   npm run generateCerts && \
+   npm start
+   ```
 
 2. Run this to start the commonjs example
 
-    ```code bash
-    npm i
-    npm run build
-    cd examples/commonjs
-    npm i
-    npm start
-    ```
+   ```code bash
+   npm i && \
+   npm run build && \
+   cd examples/commonjs && \
+   npm i && \
+   npm run generateCerts && \
+   npm start
+   ```
 
 ## License
 

package/dist/cjs/examples/es6/src/index.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cjs/index.cjs.js

@@ -1,2 +1,2 @@
-"use strict";var e=require("@descope/core-js-sdk"),t=require("jose"),s=require("node-fetch"),i=require("tslib");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=o(e),r=o(s);const n=(e,t,s)=>`${e}=${t}; Domain=${(null==s?void 0:s.cookieDomain)||""}; Max-Age=${(null==s?void 0:s.cookieMaxAge)||""}; Path=${(null==s?void 0:s.cookiePath)||"/"}; HttpOnly; SameSite=Strict`,c=e=>async(...t)=>{var s,o,a;const r=await e(...t);if(!r.data)return r;let c=r.data,{sessionJwt:l,refreshJwt:h}=c,d=i.__rest(c,["sessionJwt","refreshJwt"]);const u=[n("DS",l,d)];return h?u.push(n("DSR",h,d)):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(h=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),u.push(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:h,cookies:u})})},l=(e,t,s)=>{if(!e)return;const i="string"==typeof t?t.split("."):t,o=i.shift()||"";if(0===i.length||"*"===o){const t=t=>{if(!t||"function"!=typeof e[t])throw Error(`cannot wrap value at key "${t.toString()}"`);e[t]=s(e[t])};"*"===o?Object.keys(e).forEach(t):t(o)}else l(e[o],i,s)};globalThis.fetch||(globalThis.fetch=r.default,globalThis.Headers=s.Headers,globalThis.Request=s.Request,globalThis.Response=s.Response);const h=(...e)=>{const s=a.default(...e);var i,o;i=s,o=c,["otp.verify.*","magicLink.verify","magicLink.crossDevice.signUp.*","magicLink.crossDevice.signIn.*","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"].forEach((e=>l(i,e,o)));const{projectId:r,logger:n}=e[0],h={};return Object.assign(Object.assign({},s),{async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{const e=await s.httpClient.get(`v1/keys/${r}`).then((e=>e.json()));return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await t.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateToken(e){return{token:(await t.jwtVerify(e,this.getKey,{algorithms:["ES384"]})).payload}},async validateSession(e,t){if(!e)throw Error("session token must not be empty");try{return await this.validateToken(e)}catch(e){try{return await this.validateToken(t),(await this.refresh(t)).data}catch(e){throw null==n||n.error("failed to validate refresh token",e),Error("could not validate tokens")}}}})};h.DeliveryMethods=a.default.DeliveryMethods,h.RefreshTokenCookieName="DSR",h.SessionTokenCookieName="DS",module.exports=h;
+"use strict";var e=require("@descope/core-js-sdk"),t=require("jose"),s=require("node-fetch"),o=require("tslib");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=n(e),r=n(s);const i=(e,t,s)=>`${e}=${t}; Domain=${(null==s?void 0:s.cookieDomain)||""}; Max-Age=${(null==s?void 0:s.cookieMaxAge)||""}; Path=${(null==s?void 0:s.cookiePath)||"/"}; HttpOnly; SameSite=Strict`,l=e=>async(...t)=>{var s,n,a;const r=await e(...t);if(!r.data)return r;let l=r.data,{sessionJwt:d,refreshJwt:c}=l,u=o.__rest(l,["sessionJwt","refreshJwt"]);const h=[i("DS",d,u)];return c?h.push(i("DSR",c,u)):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(c=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),h.push(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:c,cookies:h})})},d=(e,t,s)=>{if(!e)return;const o="string"==typeof t?t.split("."):t,n=o.shift()||"";if(0===o.length||"*"===n){const t=t=>{if(!t||"function"!=typeof e[t])throw Error(`cannot wrap value at key "${t.toString()}"`);e[t]=s(e[t])};"*"===n?Object.keys(e).forEach(t):t(n)}else d(e[n],o,s)};function c(e,t,s){var o,n;const a=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(a)?a:[]}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",load:"/v1/mgmt/user/load",search:"/v1/mgmt/user/search"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete"},p={update:"/v1/mgmt/jwt/update"};const v=(t,s)=>({create:(o,n,a,r,i,l)=>e.transformResponse(t.httpClient.post(u.create,{identifier:o,email:n,phone:a,displayName:r,roleNames:i,userTenants:l},{token:s}),(e=>e.user)),update:(o,n,a,r,i,l)=>e.transformResponse(t.httpClient.post(u.update,{identifier:o,email:n,phone:a,displayName:r,roleNames:i,userTenants:l},{token:s}),(e=>e.user)),delete:o=>e.transformResponse(t.httpClient.post(u.delete,{identifier:o},{token:s})),load:o=>e.transformResponse(t.httpClient.get(u.load,{queryParams:{identifier:o},token:s}),(e=>e.user)),searchAll:(o,n,a)=>e.transformResponse(t.httpClient.post(u.search,{tenantIds:o,roleNames:n,limit:a},{token:s}),(e=>e.users))}),m=(t,s)=>({create:(o,n)=>e.transformResponse(t.httpClient.post(h.create,{name:o,selfProvisioningDomains:n},{token:s})),createWithId:(o,n,a)=>e.transformResponse(t.httpClient.post(h.create,{tenantId:o,name:n,selfProvisioningDomains:a},{token:s})),update:(o,n,a)=>e.transformResponse(t.httpClient.post(h.update,{tenantId:o,name:n,selfProvisioningDomains:a},{token:s})),delete:o=>e.transformResponse(t.httpClient.post(h.delete,{tenantId:o},{token:s}))}),f=(t,s)=>({update:(o,n)=>e.transformResponse(t.httpClient.post(p.update,{jwt:o,customClaims:n},{token:s}))});globalThis.fetch||(globalThis.fetch=r.default,globalThis.Headers=s.Headers,globalThis.Request=s.Request,globalThis.Response=s.Response);const k=e=>{e.hooks=e.hooks||{};const s=e.hooks.beforeRequest;e.hooks.beforeRequest=e=>{var t;const o=e;return o.headers=Object.assign(Object.assign({},o.headers),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(t=null===process||void 0===process?void 0:process.versions)||void 0===t?void 0:t.node)||"","x-descope-sdk-version":"1.0.4-alpha.8"}),(null==s?void 0:s(o))||o};const o=a.default(e);var n,r;n=o,r=l,["otp.verify.*","magicLink.verify","enchantedLink.signUp.*","enchantedLink.signIn.*","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"].forEach((e=>d(n,e,r)));const{projectId:i,logger:u}=e,h={},p=((e,t)=>({user:v(e,t),tenant:m(e,t),jwt:f(e,t)}))(o,e.managementKey),k=Object.assign(Object.assign({},o),{management:p,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{const e=await o.httpClient.get(`v1/keys/${i}`).then((e=>e.json()));return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await t.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var s;const o=(await t.jwtVerify(e,k.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(s=o.iss)||void 0===s?void 0:s.split("/").pop(),o.iss!==i))throw new t.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e,t){var s,o;if(!e&&!t)throw Error("both refresh token and session token are empty");if(e)try{return await k.validateJwt(e)}catch(e){if(!t)throw null==u||u.error("failed to validate session token and no refresh token provided",e),Error("could not validate tokens")}if(t)try{await k.validateJwt(t);const e=await k.refresh(t);if(e.ok){return await k.validateJwt(null===(s=e.data)||void 0===s?void 0:s.sessionJwt)}throw Error(null===(o=e.error)||void 0===o?void 0:o.message)}catch(e){throw null==u||u.error("failed to validate refresh token",e),Error("could not validate tokens")}throw Error("could not validate token")},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await k.accessKey.exchange(e)}catch(e){throw null==u||u.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:s}=t.data;if(!s)throw null==u||u.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await k.validateJwt(s)}catch(e){throw null==u||u.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>k.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){const o=c(e,"permissions",t);return s.every((e=>o.includes(e)))},validateRoles:(e,t)=>k.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){const o=c(e,"roles",t);return s.every((e=>o.includes(e)))}});return k};k.DeliveryMethods=a.default.DeliveryMethods,k.RefreshTokenCookieName="DSR",k.SessionTokenCookieName="DS",module.exports=k;
 //# sourceMappingURL=index.cjs.js.map

package/dist/cjs/index.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs.js","sources":["../../lib/constants.ts","../../lib/helpers.ts","../../lib/index.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\nexport const refreshTokenCookieName = 'DSR'\nexport const sessionTokenCookieName = 'DS'\n","import type { SdkResponse } from '@descope/core-js-sdk'\nimport { refreshTokenCookieName, sessionTokenCookieName } from './constants'\n\nconst generateCookie = (name: string, value: string, options?: any) =>\n  `${name}=${value}; Domain=${options?.cookieDomain || ''}; Max-Age=${\n    options?.cookieMaxAge || ''\n  }; Path=${options?.cookiePath || '/'}; HttpOnly; SameSite=Strict`\n\nconst getCookieValue = (cookie: string | null | undefined, name: string) => {\n  const match = cookie?.match(RegExp(`(?:^|;\\\\s*)${name}=([^;]*)`))\n  return match ? match[1] : null\n}\n\n// eslint-disable-next-line import/prefer-default-export\nexport const withCookie =\n  <T extends Array<any>, U extends Promise<SdkResponse>>(fn: (...args: T) => U) =>\n  async (...args: T): Promise<SdkResponse> => {\n    const resp = await fn(...args)\n\n    if (!resp.data) {\n      return resp\n    }\n\n    // eslint-disable-next-line prefer-const\n    let { sessionJwt, refreshJwt, ...rest } = resp.data\n    const cookies = [generateCookie(sessionTokenCookieName, sessionJwt, rest)]\n\n    if (!refreshJwt) {\n      if (resp.response?.headers.get('set-cookie')) {\n        refreshJwt = getCookieValue(\n          resp.response?.headers.get('set-cookie'),\n          refreshTokenCookieName,\n        )\n        cookies.push(resp.response?.headers.get('set-cookie')!)\n      }\n    } else {\n      cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest))\n    }\n\n    return { ...resp, data: { ...resp.data, refreshJwt, cookies } }\n  }\n\nexport const wrapWith = <T extends Record<string, any>>(\n  obj: T,\n  path: string | string[],\n  wrappingFn: Function,\n  // eslint-disable-next-line consistent-return\n): void => {\n  if (!obj) return\n\n  const pathSections = typeof path === 'string' ? path.split('.') : path\n  const section = pathSections.shift() || ('' as keyof T)\n\n  if (pathSections.length === 0 || section === '*') {\n    const wrap = (key: keyof T) => {\n      if (key && typeof obj[key] === 'function') {\n        // eslint-disable-next-line no-param-reassign\n        obj[key] = wrappingFn(obj[key])\n      } else {\n        throw Error(`cannot wrap value at key \"${key.toString()}\"`)\n      }\n    }\n    if (section === '*') {\n      Object.keys(obj).forEach(wrap)\n    } else {\n      wrap(section)\n    }\n  } else {\n    wrapWith(obj[section], pathSections, wrappingFn)\n  }\n}\n\nexport const bulkWrapWith = (\n  obj: Parameters<typeof wrapWith>[0],\n  paths: string[],\n  wrappingFn: Parameters<typeof wrapWith>[2],\n) => paths.forEach((path: string) => wrapWith(obj, path, wrappingFn))\n","import createSdk from '@descope/core-js-sdk'\nimport { KeyLike, jwtVerify, JWK, JWTHeaderParameters, importJWK } from 'jose'\nimport fetch, { Headers, Response, Request } from 'node-fetch'\nimport { bulkWrapWith, withCookie } from './helpers'\nimport { AuthenticationInfo } from './types'\nimport { refreshTokenCookieName, sessionTokenCookieName } from './constants'\n\nif (!globalThis.fetch) {\n  // @ts-ignore\n  globalThis.fetch = fetch\n  // @ts-ignore\n  globalThis.Headers = Headers\n  // @ts-ignore\n  globalThis.Request = Request\n  // @ts-ignore\n  globalThis.Response = Response\n}\n\nconst sdk = (...args: Parameters<typeof createSdk>) => {\n  const coreSdk = createSdk(...args)\n\n  bulkWrapWith(\n    coreSdk,\n    [\n      'otp.verify.*',\n      'magicLink.verify',\n      'magicLink.crossDevice.signUp.*',\n      'magicLink.crossDevice.signIn.*',\n      'oauth.exchange',\n      'saml.exchange',\n      'totp.verify',\n      'webauthn.signIn.finish',\n      'webauthn.signUp.finish',\n      'refresh',\n    ],\n    withCookie,\n  )\n\n  const { projectId, logger } = args[0]\n\n  const keys: Record<string, KeyLike | Uint8Array> = {}\n\n  const fetchKeys = async () => {\n    const publicKeys: JWK[] = await coreSdk.httpClient\n      .get(`v1/keys/${projectId}`)\n      .then((resp) => resp.json())\n    if (!Array.isArray(publicKeys)) return {}\n    const kidJwksPairs = await Promise.all(\n      publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n    )\n\n    return kidJwksPairs.reduce(\n      (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n      {},\n    )\n  }\n\n  return {\n    ...coreSdk,\n\n    async getKey(header: JWTHeaderParameters): Promise<KeyLike | Uint8Array> {\n      if (!header?.kid) throw Error('header.kid must not be empty')\n\n      if (keys[header.kid]) return keys[header.kid]\n\n      // do we need to fetch once or every time?\n      Object.assign(keys, await fetchKeys())\n\n      if (!keys[header.kid]) throw Error('failed to fetch matching key')\n\n      return keys[header.kid]\n    },\n\n    async validateToken(token: string): Promise<AuthenticationInfo> {\n      const res = await jwtVerify(token, this.getKey, { algorithms: ['ES384'] })\n\n      return { token: res.payload }\n    },\n\n    async validateSession(\n      sessionToken: string,\n      refreshToken: string,\n    ): Promise<AuthenticationInfo | undefined> {\n      if (!sessionToken) throw Error('session token must not be empty')\n\n      try {\n        const token = await this.validateToken(sessionToken)\n        return token\n      } catch (error) {\n        try {\n          await this.validateToken(refreshToken)\n\n          return (await this.refresh(refreshToken)).data\n        } catch (refreshTokenErr) {\n          logger?.error('failed to validate refresh token', refreshTokenErr)\n\n          throw Error('could not validate tokens')\n        }\n      }\n    },\n  }\n}\n\nconst sdkWithAttributes = sdk as typeof sdk & {\n  DeliveryMethods: typeof createSdk.DeliveryMethods\n  RefreshTokenCookieName: typeof refreshTokenCookieName\n  SessionTokenCookieName: typeof sessionTokenCookieName\n}\n\nsdkWithAttributes.DeliveryMethods = createSdk.DeliveryMethods\nsdkWithAttributes.RefreshTokenCookieName = refreshTokenCookieName\nsdkWithAttributes.SessionTokenCookieName = sessionTokenCookieName\n\nexport default sdkWithAttributes\n\nexport type { DeliveryMethod, OAuthProvider } from '@descope/core-js-sdk'\n"],"names":["generateCookie","name","value","options","cookieDomain","cookieMaxAge","cookiePath","withCookie","fn","async","args","resp","data","_d","sessionJwt","refreshJwt","rest","__rest","cookies","push","_a","response","headers","get","cookie","match","RegExp","getCookieValue","_b","_c","Object","assign","wrapWith","obj","path","wrappingFn","pathSections","split","section","shift","length","wrap","key","Error","toString","keys","forEach","globalThis","fetch","Headers","Request","Response","sdkWithAttributes","coreSdk","createSdk","projectId","logger","header","kid","publicKeys","httpClient","then","json","Array","isArray","Promise","all","map","importJWK","reduce","acc","jwk","fetchKeys","token","jwtVerify","this","getKey","algorithms","payload","sessionToken","refreshToken","validateToken","error","refresh","refreshTokenErr","DeliveryMethods","RefreshTokenCookieName","SessionTokenCookieName"],"mappings":"0MACO,MCEDA,EAAiB,CAACC,EAAcC,EAAeC,IACnD,GAAGF,KAAQC,cAAiBC,aAAA,EAAAA,EAASC,eAAgB,gBACnDD,aAAA,EAAAA,EAASE,eAAgB,aACjBF,aAAA,EAAAA,EAASG,aAAc,iCAQtBC,EAC4CC,GACvDC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAEzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAAsCF,EAAKC,MAA3CE,WAAEA,EAAUC,WAAEA,KAAeC,EAA7BC,EAAAA,OAAAJ,EAAA,CAAA,aAAA,eACJ,MAAMK,EAAU,CAAClB,EDvBiB,KCuBsBc,EAAYE,IAcpE,OAZKD,EASHG,EAAQC,KAAKnB,EDnCmB,MCmCoBe,EAAYC,KAR/C,QAAbI,EAAAT,EAAKU,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BR,EArBe,EAACS,EAAmCvB,KACzD,MAAMwB,EAAQD,eAAAA,EAAQC,MAAMC,OAAO,cAAczB,cACjD,OAAOwB,EAAQA,EAAM,GAAK,IAAI,EAmBXE,CACE,QAAbC,EAAAjB,EAAKU,gBAAQ,IAAAO,OAAA,EAAAA,EAAEN,QAAQC,IAAI,cD7BC,OCgC9BL,EAAQC,KAAoB,QAAfU,EAAAlB,EAAKU,gBAAU,IAAAQ,OAAA,EAAAA,EAAAP,QAAQC,IAAI,gBAMhCO,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAApB,GAAM,CAAAC,KAAWkB,OAAAC,OAAAD,OAAAC,OAAA,GAAApB,EAAKC,MAAM,CAAAG,aAAYG,aAAW,EAGtDc,EAAW,CACtBC,EACAC,EACAC,KAGA,IAAKF,EAAK,OAEV,MAAMG,EAA+B,iBAATF,EAAoBA,EAAKG,MAAM,KAAOH,EAC5DI,EAAUF,EAAaG,SAAY,GAEzC,GAA4B,IAAxBH,EAAaI,QAA4B,MAAZF,EAAiB,CAChD,MAAMG,EAAQC,IACZ,IAAIA,GAA2B,mBAAbT,EAAIS,GAIpB,MAAMC,MAAM,6BAA6BD,EAAIE,eAF7CX,EAAIS,GAAOP,EAAWF,EAAIS,GAG3B,EAEa,MAAZJ,EACFR,OAAOe,KAAKZ,GAAKa,QAAQL,GAEzBA,EAAKH,EAER,MACCN,EAASC,EAAIK,GAAUF,EAAcD,EACtC,EC9DEY,WAAWC,QAEdD,WAAWC,MAAQA,UAEnBD,WAAWE,QAAUA,UAErBF,WAAWG,QAAUA,UAErBH,WAAWI,SAAWA,YAGxB,MAqFMC,EArFM,IAAI1C,KACd,MAAM2C,EAAUC,EAAAA,WAAa5C,GDqDH,IAC1BuB,EAEAE,EAFAF,ECnDEoB,EDqDFlB,ECxCE5B,EAZA,CACE,eACA,mBACA,iCACA,iCACA,iBACA,gBACA,cACA,yBACA,yBACA,WD2CKuC,SAASZ,GAAiBF,EAASC,EAAKC,EAAMC,KCtCvD,MAAMoB,UAAEA,EAASC,OAAEA,GAAW9C,EAAK,GAE7BmC,EAA6C,CAAA,EAiBnD,OAAAf,OAAAC,OAAAD,OAAAC,OAAA,GACKsB,GAEH,CAAA5C,aAAagD,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMf,MAAM,gCAE9B,GAAIE,EAAKY,EAAOC,KAAM,OAAOb,EAAKY,EAAOC,KAKzC,GAFA5B,OAAOC,OAAOc,OAxBApC,WAChB,MAAMkD,QAA0BN,EAAQO,WACrCrC,IAAI,WAAWgC,KACfM,MAAMlD,GAASA,EAAKmD,SACvB,OAAKC,MAAMC,QAAQL,UACQM,QAAQC,IACjCP,EAAWQ,KAAI1D,MAAOiC,GAAQ,CAACA,EAAIgB,UAAWU,EAAAA,UAAU1B,QAGtC2B,QAClB,CAACC,GAAMZ,EAAKa,KAAUb,EAAW5B,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAuC,IAAK,CAACZ,EAAId,YAAa2B,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAY2BE,KAErB3B,EAAKY,EAAOC,KAAM,MAAMf,MAAM,gCAEnC,OAAOE,EAAKY,EAAOC,IACpB,EAEDjD,oBAAoBgE,GAGlB,MAAO,CAAEA,aAFSC,YAAUD,EAAOE,KAAKC,OAAQ,CAAEC,WAAY,CAAC,YAE3CC,QACrB,EAEDrE,sBACEsE,EACAC,GAEA,IAAKD,EAAc,MAAMpC,MAAM,mCAE/B,IAEE,aADoBgC,KAAKM,cAAcF,EAYxC,CAVC,MAAOG,GACP,IAGE,aAFMP,KAAKM,cAAcD,UAEXL,KAAKQ,QAAQH,IAAepE,IAK3C,CAJC,MAAOwE,GAGP,MAFA5B,SAAAA,EAAQ0B,MAAM,mCAAoCE,GAE5CzC,MAAM,4BACb,CACF,CACF,GACF,EASHS,EAAkBiC,gBAAkB/B,EAAS,QAAC+B,gBAC9CjC,EAAkBkC,uBF7GoB,ME8GtClC,EAAkBmC,uBF7GoB"}
+{"version":3,"file":"index.cjs.js","sources":["../../lib/constants.ts","../../lib/helpers.ts","../../lib/management/paths.ts","../../lib/management/user.ts","../../lib/management/tenant.ts","../../lib/management/jwt.ts","../../lib/index.ts","../../lib/management/index.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name */\nexport const refreshTokenCookieName = 'DSR';\n/** Session JWT cookie name */\nexport const sessionTokenCookieName = 'DS';\n/** The key of the tenants claims in the claims map */\nexport const authorizedTenantsClaimName = 'tenants';\n/** The key of the permissions claims in the claims map either under tenant or top level */\nexport const permissionsClaimName = 'permissions';\n/** The key of the roles claims in the claims map either under tenant or top level */\nexport const rolesClaimName = 'roles';\n","import type { ResponseData, SdkResponse } from '@descope/core-js-sdk';\nimport { AuthenticationInfo } from './types';\nimport {\n  refreshTokenCookieName,\n  sessionTokenCookieName,\n  authorizedTenantsClaimName,\n} from './constants';\n\n/**\n * Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n */\nconst generateCookie = (name: string, value: string, options?: Record<string, string | number>) =>\n  `${name}=${value}; Domain=${options?.cookieDomain || ''}; Max-Age=${\n    options?.cookieMaxAge || ''\n  }; Path=${options?.cookiePath || '/'}; HttpOnly; SameSite=Strict`;\n\n/**\n * Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n */\nconst getCookieValue = (cookie: string | null | undefined, name: string) => {\n  const match = cookie?.match(RegExp(`(?:^|;\\\\s*)${name}=([^;]*)`));\n  return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/**\n * Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n */\nexport const withCookie =\n  <T extends Array<any>, U extends Promise<SdkResponse<ResponseData>>>(fn: (...args: T) => U) =>\n  async (...args: T): Promise<SdkResponse<ResponseData>> => {\n    const resp = await fn(...args);\n\n    // istanbul ignore next\n    if (!resp.data) {\n      return resp;\n    }\n\n    // eslint-disable-next-line prefer-const\n    let { sessionJwt, refreshJwt, ...rest } = resp.data;\n    const cookies = [generateCookie(sessionTokenCookieName, sessionJwt, rest)];\n\n    if (!refreshJwt) {\n      if (resp.response?.headers.get('set-cookie')) {\n        refreshJwt = getCookieValue(\n          resp.response?.headers.get('set-cookie'),\n          refreshTokenCookieName,\n        );\n        cookies.push(resp.response?.headers.get('set-cookie')!);\n      }\n    } else {\n      cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n    }\n\n    return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n  };\n\n/**\n * Wrap given object internal functions (can be deep inside the object) with the given wrapping function\n * @param obj we will deep wrap functions inside this object based on the given path\n * @param path the path of internal objects to walk before wrapping the final result. Path is collection of parts separated by '.' that support '*' to say all of the keys for the part.\n * @param wrappingFn function to wrap with\n * @returns void, we update the functions in place\n */\nexport const wrapWith = <T extends Record<string, any>>(\n  obj: T,\n  path: string | string[],\n  wrappingFn: Function,\n  // eslint-disable-next-line consistent-return\n): void => {\n  if (!obj) return;\n\n  const pathSections = typeof path === 'string' ? path.split('.') : path;\n  const section = pathSections.shift() || ('' as keyof T);\n\n  if (pathSections.length === 0 || section === '*') {\n    const wrap = (key: keyof T) => {\n      if (key && typeof obj[key] === 'function') {\n        // eslint-disable-next-line no-param-reassign\n        obj[key] = wrappingFn(obj[key]);\n      } else {\n        // istanbul ignore next\n        throw Error(`cannot wrap value at key \"${key.toString()}\"`);\n      }\n    };\n    if (section === '*') {\n      Object.keys(obj).forEach(wrap);\n    } else {\n      wrap(section);\n    }\n  } else {\n    wrapWith(obj[section], pathSections, wrappingFn);\n  }\n};\n\n/**\n * Wrap given object internal functions (can be deep inside the object) with the given wrapping function based on multiple paths.\n * @param obj we will deep wrap functions inside this object based on the given paths\n * @param paths multiple paths of internal objects to walk before wrapping the final result. Path is collection of parts separated by '.' that support '*' to say all of the keys for the part.\n * @param wrappingFn function to wrap with\n * @returns void, we update the functions in place\n */\nexport const bulkWrapWith = (\n  obj: Parameters<typeof wrapWith>[0],\n  paths: string[],\n  wrappingFn: Parameters<typeof wrapWith>[2],\n) => paths.forEach((path: string) => wrapWith(obj, path, wrappingFn));\n\n/**\n * Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns\n */\nexport function getAuthorizationClaimItems(\n  authInfo: AuthenticationInfo,\n  claim: string,\n  tenant?: string,\n): string[] {\n  const value = tenant\n    ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n    : authInfo.token[claim];\n  return Array.isArray(value) ? value : [];\n}\n","/** API paths for the Descope service Management APIs */\nexport default {\n  user: {\n    create: '/v1/mgmt/user/create',\n    update: '/v1/mgmt/user/update',\n    delete: '/v1/mgmt/user/delete',\n    load: '/v1/mgmt/user/load',\n    search: '/v1/mgmt/user/search',\n  },\n  tenant: {\n    create: '/v1/mgmt/tenant/create',\n    update: '/v1/mgmt/tenant/update',\n    delete: '/v1/mgmt/tenant/delete',\n  },\n  jwt: {\n    update: '/v1/mgmt/jwt/update',\n  },\n};\n","import { SdkResponse, transformResponse, UserResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UserTenant } from './types';\n\ntype SingleUserResponse = {\n  user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n  users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => ({\n  create: (\n    identifier: string,\n    email?: string,\n    phone?: string,\n    displayName?: string,\n    roleNames?: string[],\n    userTenants?: UserTenant[],\n  ): Promise<SdkResponse<UserResponse>> =>\n    transformResponse<SingleUserResponse, UserResponse>(\n      sdk.httpClient.post(\n        apiPaths.user.create,\n        { identifier, email, phone, displayName, roleNames, userTenants },\n        { token: managementKey },\n      ),\n      (data) => data.user,\n    ),\n  update: (\n    identifier: string,\n    email?: string,\n    phone?: string,\n    displayName?: string,\n    roleNames?: string[],\n    userTenants?: UserTenant[],\n  ): Promise<SdkResponse<UserResponse>> =>\n    transformResponse<SingleUserResponse, UserResponse>(\n      sdk.httpClient.post(\n        apiPaths.user.update,\n        { identifier, email, phone, displayName, roleNames, userTenants },\n        { token: managementKey },\n      ),\n      (data) => data.user,\n    ),\n  delete: (identifier: string): Promise<SdkResponse<never>> =>\n    transformResponse(\n      sdk.httpClient.post(apiPaths.user.delete, { identifier }, { token: managementKey }),\n    ),\n  load: (identifier: string): Promise<SdkResponse<UserResponse>> =>\n    transformResponse<SingleUserResponse, UserResponse>(\n      sdk.httpClient.get(apiPaths.user.load, {\n        queryParams: { identifier },\n        token: managementKey,\n      }),\n      (data) => data.user,\n    ),\n  searchAll: (\n    tenantIds?: string[],\n    roleNames?: string[],\n    limit?: number,\n  ): Promise<SdkResponse<UserResponse[]>> =>\n    transformResponse<MultipleUsersResponse, UserResponse[]>(\n      sdk.httpClient.post(\n        apiPaths.user.search,\n        { tenantIds, roleNames, limit },\n        { token: managementKey },\n      ),\n      (data) => data.users,\n    ),\n});\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CreateTenantResponse } from './types';\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n  create: (\n    name: string,\n    selfProvisioningDomains?: string[],\n  ): Promise<SdkResponse<CreateTenantResponse>> =>\n    transformResponse(\n      sdk.httpClient.post(\n        apiPaths.tenant.create,\n        { name, selfProvisioningDomains },\n        { token: managementKey },\n      ),\n    ),\n  createWithId: (\n    tenantId: string,\n    name: string,\n    selfProvisioningDomains?: string[],\n  ): Promise<SdkResponse<never>> =>\n    transformResponse(\n      sdk.httpClient.post(\n        apiPaths.tenant.create,\n        { tenantId, name, selfProvisioningDomains },\n        { token: managementKey },\n      ),\n    ),\n  update: (\n    tenantId: string,\n    name: string,\n    selfProvisioningDomains?: string[],\n  ): Promise<SdkResponse<never>> =>\n    transformResponse(\n      sdk.httpClient.post(\n        apiPaths.tenant.update,\n        { tenantId, name, selfProvisioningDomains },\n        { token: managementKey },\n      ),\n    ),\n  delete: (tenantId: string): Promise<SdkResponse<never>> =>\n    transformResponse(\n      sdk.httpClient.post(apiPaths.tenant.delete, { tenantId }, { token: managementKey }),\n    ),\n});\n\nexport default withTenant;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UpdateJWTResponse } from './types';\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n  update: (\n    jwt: string,\n    customClaims?: Record<string, any>,\n  ): Promise<SdkResponse<UpdateJWTResponse>> =>\n    transformResponse(\n      sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),\n    ),\n});\n\nexport default withJWT;\n","import createSdk, {\n  SdkResponse,\n  ExchangeAccessKeyResponse,\n  RequestConfig,\n} from '@descope/core-js-sdk';\nimport { KeyLike, jwtVerify, JWK, JWTHeaderParameters, importJWK, errors } from 'jose';\nimport fetch, { Headers, Response, Request } from 'node-fetch';\nimport { bulkWrapWith, withCookie, getAuthorizationClaimItems } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport {\n  refreshTokenCookieName,\n  sessionTokenCookieName,\n  permissionsClaimName,\n  rolesClaimName,\n} from './constants';\n\ndeclare const BUILD_VERSION: string;\n\n/* istanbul ignore next */\nif (!globalThis.fetch) {\n  // @ts-ignore\n  globalThis.fetch = fetch;\n  // @ts-ignore\n  globalThis.Headers = Headers;\n  // @ts-ignore\n  globalThis.Request = Request;\n  // @ts-ignore\n  globalThis.Response = Response;\n}\n\n/** Configuration arguments which include the Descope core SDK args and an optional management key */\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n  managementKey?: string;\n};\n\nconst nodeSdk = (args: NodeSdkArgs) => {\n  // eslint-disable-next-line no-param-reassign\n  args.hooks = args.hooks || {};\n\n  const origBeforeRequest = args.hooks.beforeRequest;\n  // eslint-disable-next-line no-param-reassign\n  args.hooks.beforeRequest = (config: RequestConfig) => {\n    const conf = config;\n    conf.headers = {\n      ...conf.headers,\n      'x-descope-sdk-name': 'nodejs',\n      'x-descope-sdk-node-version': process?.versions?.node || '',\n      'x-descope-sdk-version': BUILD_VERSION,\n    };\n    return origBeforeRequest?.(conf) || conf;\n  };\n\n  const coreSdk = createSdk(args);\n\n  bulkWrapWith(\n    coreSdk,\n    [\n      'otp.verify.*',\n      'magicLink.verify',\n      'enchantedLink.signUp.*',\n      'enchantedLink.signIn.*',\n      'oauth.exchange',\n      'saml.exchange',\n      'totp.verify',\n      'webauthn.signIn.finish',\n      'webauthn.signUp.finish',\n      'refresh',\n    ],\n    withCookie,\n  );\n\n  const { projectId, logger } = args;\n\n  const keys: Record<string, KeyLike | Uint8Array> = {};\n\n  /** Fetch the public keys (JWKs) from Descope for the configured project */\n  const fetchKeys = async () => {\n    const publicKeys: JWK[] = await coreSdk.httpClient\n      .get(`v1/keys/${projectId}`)\n      .then((resp) => resp.json());\n    if (!Array.isArray(publicKeys)) return {};\n    const kidJwksPairs = await Promise.all(\n      publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n    );\n\n    return kidJwksPairs.reduce(\n      (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n      {},\n    );\n  };\n\n  const management = withManagement(coreSdk, args.managementKey);\n\n  const sdk = {\n    ...coreSdk,\n\n    /**\n     * Provides various APIs for managing a Descope project programmatically. A management key must\n     * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n     * generated in the Descope console.\n     */\n    management,\n\n    /** Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. */\n    async getKey(header: JWTHeaderParameters): Promise<KeyLike | Uint8Array> {\n      if (!header?.kid) throw Error('header.kid must not be empty');\n\n      if (keys[header.kid]) return keys[header.kid];\n\n      // do we need to fetch once or every time?\n      Object.assign(keys, await fetchKeys());\n\n      if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n      return keys[header.kid];\n    },\n\n    /**\n     * Validate the given JWT with the right key and make sure the issuer is correct\n     * @param jwt the JWT string to parse and validate\n     * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n     */\n    async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n      // Do not hard-code the algo because library does not support `None` so all are valid\n      const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n      const token = res.payload;\n\n      if (token) {\n        token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n        if (token.iss !== projectId) {\n          // We must do the verification here, since issuer can be either project ID or URL\n          throw new errors.JWTClaimValidationFailed(\n            'unexpected \"iss\" claim value',\n            'iss',\n            'check_failed',\n          );\n        }\n      }\n\n      return { jwt, token };\n    },\n\n    /**\n     * Validate session based on at least one of session and refresh JWTs. You must provide at least one of them.\n     *\n     * @param sessionToken session JWT\n     * @param refreshToken refresh JWT\n     * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n     */\n    async validateSession(\n      sessionToken?: string,\n      refreshToken?: string,\n    ): Promise<AuthenticationInfo> {\n      if (!sessionToken && !refreshToken)\n        throw Error('both refresh token and session token are empty');\n\n      if (sessionToken) {\n        try {\n          const token = await sdk.validateJwt(sessionToken);\n          return token;\n        } catch (error) {\n          if (!refreshToken) {\n            logger?.error('failed to validate session token and no refresh token provided', error);\n            throw Error('could not validate tokens');\n          }\n        }\n      }\n      if (refreshToken) {\n        try {\n          await sdk.validateJwt(refreshToken);\n          const jwtResp = await sdk.refresh(refreshToken);\n          if (jwtResp.ok) {\n            const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n            return token;\n          }\n          throw Error(jwtResp.error?.message);\n        } catch (refreshTokenErr) {\n          logger?.error('failed to validate refresh token', refreshTokenErr);\n          throw Error('could not validate tokens');\n        }\n      }\n      /* istanbul ignore next */\n      throw Error('could not validate token');\n    },\n\n    /**\n     * Exchange API key (access key) for a session key\n     * @param accessKey access key to exchange for a session JWT\n     * @returns AuthneticationInfo with session JWT data\n     */\n    async exchangeAccessKey(accessKey: string): Promise<AuthenticationInfo> {\n      if (!accessKey) throw Error('access key must not be empty');\n\n      let resp: SdkResponse<ExchangeAccessKeyResponse>;\n      try {\n        resp = await sdk.accessKey.exchange(accessKey);\n      } catch (error) {\n        logger?.error('failed to exchange access key', error);\n        throw Error('could not exchange access key');\n      }\n\n      const { sessionJwt } = resp.data;\n      if (!sessionJwt) {\n        logger?.error('failed to parse exchange access key response');\n        throw Error('could not exchange access key');\n      }\n\n      try {\n        const token = await sdk.validateJwt(sessionJwt);\n        return token;\n      } catch (error) {\n        logger?.error('failed to parse jwt from access key', error);\n        throw Error('could not exchange access key');\n      }\n    },\n\n    /**\n     * Make sure that all given permissions exist on the parsed JWT top level claims\n     * @param authInfo JWT parsed info\n     * @param permissions list of permissions to make sure they exist on te JWT claims\n     * @returns true if all permissions exist, false otherwise\n     */\n    validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n      return sdk.validateTenantPermissions(authInfo, null, permissions);\n    },\n\n    /**\n     * Make sure that all given permissions exist on the parsed JWT tenant claims\n     * @param authInfo JWT parsed info\n     * @param permissions list of permissions to make sure they exist on te JWT claims\n     * @returns true if all permissions exist, false otherwise\n     */\n    validateTenantPermissions(\n      authInfo: AuthenticationInfo,\n      tenant: string,\n      permissions: string[],\n    ): boolean {\n      const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n      return permissions.every((perm) => granted.includes(perm));\n    },\n\n    /**\n     * Make sure that all given roles exist on the parsed JWT top level claims\n     * @param authInfo JWT parsed info\n     * @param roles list of roles to make sure they exist on te JWT claims\n     * @returns true if all roles exist, false otherwise\n     */\n    validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n      return sdk.validateTenantRoles(authInfo, null, roles);\n    },\n\n    /**\n     * Make sure that all given roles exist on the parsed JWT tenant claims\n     * @param authInfo JWT parsed info\n     * @param roles list of roles to make sure they exist on te JWT claims\n     * @returns true if all roles exist, false otherwise\n     */\n    validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n      const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n      return roles.every((role) => membership.includes(role));\n    },\n  };\n\n  return sdk;\n};\n\n/** Descope SDK client with delivery methods enum.\n *\n * Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n *\n * ```js\n * import descopeSdk from '@descope/node-sdk';\n *\n * const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n *\n * const userIdentifier = 'identifier';\n * sdk.otp.signIn.email(userIdentifier);\n * const jwtResponse = sdk.otp.verify.email(userIdentifier, codeFromEmail);\n * ```\n */\nconst sdkWithAttributes = nodeSdk as typeof nodeSdk & {\n  DeliveryMethods: typeof createSdk.DeliveryMethods;\n  RefreshTokenCookieName: typeof refreshTokenCookieName;\n  SessionTokenCookieName: typeof sessionTokenCookieName;\n};\n\nsdkWithAttributes.DeliveryMethods = createSdk.DeliveryMethods;\nsdkWithAttributes.RefreshTokenCookieName = refreshTokenCookieName;\nsdkWithAttributes.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default sdkWithAttributes;\n\nexport type { NodeSdkArgs };\n\nexport type { DeliveryMethod, OAuthProvider } from '@descope/core-js-sdk';\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\n\n/** Constructs a higher level Management API that wraps the functions from code-js-sdk */\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n  user: withUser(sdk, managementKey),\n  tenant: withTenant(sdk, managementKey),\n  jwt: withJWT(sdk, managementKey),\n});\n\nexport default withManagement;\n"],"names":["generateCookie","name","value","options","cookieDomain","cookieMaxAge","cookiePath","withCookie","fn","async","args","resp","data","_d","sessionJwt","refreshJwt","rest","__rest","cookies","push","_a","response","headers","get","cookie","match","RegExp","getCookieValue","_b","_c","Object","assign","wrapWith","obj","path","wrappingFn","pathSections","split","section","shift","length","wrap","key","Error","toString","keys","forEach","getAuthorizationClaimItems","authInfo","claim","tenant","token","Array","isArray","apiPaths","create","update","delete","load","search","withUser","sdk","managementKey","identifier","email","phone","displayName","roleNames","userTenants","transformResponse","httpClient","post","user","queryParams","searchAll","tenantIds","limit","users","withTenant","selfProvisioningDomains","createWithId","tenantId","withJWT","jwt","customClaims","globalThis","fetch","Headers","Request","Response","sdkWithAttributes","hooks","origBeforeRequest","beforeRequest","config","conf","process","versions","node","coreSdk","createSdk","projectId","logger","management","withManagement","header","kid","publicKeys","then","json","Promise","all","map","importJWK","reduce","acc","jwk","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","pop","errors","JWTClaimValidationFailed","sessionToken","refreshToken","validateJwt","error","jwtResp","refresh","ok","message","refreshTokenErr","accessKey","exchange","validatePermissions","permissions","validateTenantPermissions","granted","every","perm","includes","validateRoles","roles","validateTenantRoles","membership","role","DeliveryMethods","RefreshTokenCookieName","SessionTokenCookieName"],"mappings":"0MAEO,MCaDA,EAAiB,CAACC,EAAcC,EAAeC,IACnD,GAAGF,KAAQC,cAAiBC,aAAA,EAAAA,EAASC,eAAgB,gBACnDD,aAAA,EAAAA,EAASE,eAAgB,aACjBF,aAAA,EAAAA,EAASG,aAAc,iCAmBtBC,EAC0DC,GACrEC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAAsCF,EAAKC,MAA3CE,WAAEA,EAAUC,WAAEA,KAAeC,EAA7BC,EAAAA,OAAAJ,EAAA,CAAA,aAAA,eACJ,MAAMK,EAAU,CAAClB,ED7CiB,KC6CsBc,EAAYE,IAcpE,OAZKD,EASHG,EAAQC,KAAKnB,ED1DmB,MC0DoBe,EAAYC,KAR/C,QAAbI,EAAAT,EAAKU,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BR,EA3Be,EAACS,EAAmCvB,KACzD,MAAMwB,EAAQD,eAAAA,EAAQC,MAAMC,OAAO,cAAczB,cACjD,OAAOwB,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAAjB,EAAKU,gBAAQ,IAAAO,OAAA,EAAAA,EAAEN,QAAQC,IAAI,cDpDC,OCuD9BL,EAAQC,KAAoB,QAAfU,EAAAlB,EAAKU,gBAAU,IAAAQ,OAAA,EAAAA,EAAAP,QAAQC,IAAI,gBAMhCO,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAApB,GAAM,CAAAC,KAAWkB,OAAAC,OAAAD,OAAAC,OAAA,GAAApB,EAAKC,MAAM,CAAAG,aAAYG,aAAY,EAUvDc,EAAW,CACtBC,EACAC,EACAC,KAGA,IAAKF,EAAK,OAEV,MAAMG,EAA+B,iBAATF,EAAoBA,EAAKG,MAAM,KAAOH,EAC5DI,EAAUF,EAAaG,SAAY,GAEzC,GAA4B,IAAxBH,EAAaI,QAA4B,MAAZF,EAAiB,CAChD,MAAMG,EAAQC,IACZ,IAAIA,GAA2B,mBAAbT,EAAIS,GAKpB,MAAMC,MAAM,6BAA6BD,EAAIE,eAH7CX,EAAIS,GAAOP,EAAWF,EAAIS,GAI3B,EAEa,MAAZJ,EACFR,OAAOe,KAAKZ,GAAKa,QAAQL,GAEzBA,EAAKH,EAER,MACCN,EAASC,EAAIK,GAAUF,EAAcD,EACtC,WAuBaY,EACdC,EACAC,EACAC,WAEA,MAAMhD,EAAQgD,EAC0C,QAApDtB,EAA6C,QAA7CR,EAAA4B,EAASG,MAAgC,eAAI,IAAA/B,OAAA,EAAAA,EAAA8B,UAAO,IAAAtB,OAAA,EAAAA,EAAGqB,GACvDD,EAASG,MAAMF,GACnB,OAAOG,MAAMC,QAAQnD,GAASA,EAAQ,EACxC,CCpIA,IAAeoD,EACP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRC,KAAM,qBACNC,OAAQ,wBANGL,EAQL,CACNC,OAAQ,yBACRC,OAAQ,yBACRC,OAAQ,0BAXGH,EAaR,CACHE,OAAQ,uBCFZ,MAAMI,EAAW,CAACC,EAAcC,KAA4B,CAC1DP,OAAQ,CACNQ,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACER,EAAIS,WAAWC,KACbjB,EAAcC,OACd,CAAEQ,aAAYC,QAAOC,QAAOC,cAAaC,YAAWC,eACpD,CAAEjB,MAAOW,KAEVlD,GAASA,EAAK4D,OAEnBhB,OAAQ,CACNO,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACER,EAAIS,WAAWC,KACbjB,EAAcE,OACd,CAAEO,aAAYC,QAAOC,QAAOC,cAAaC,YAAWC,eACpD,CAAEjB,MAAOW,KAEVlD,GAASA,EAAK4D,OAEnBf,OAASM,GACPM,EAAAA,kBACER,EAAIS,WAAWC,KAAKjB,EAAcG,OAAQ,CAAEM,cAAc,CAAEZ,MAAOW,KAEvEJ,KAAOK,GACLM,EAAAA,kBACER,EAAIS,WAAW/C,IAAI+B,EAAcI,KAAM,CACrCe,YAAa,CAAEV,cACfZ,MAAOW,KAERlD,GAASA,EAAK4D,OAEnBE,UAAW,CACTC,EACAR,EACAS,IAEAP,EAAAA,kBACER,EAAIS,WAAWC,KACbjB,EAAcK,OACd,CAAEgB,YAAWR,YAAWS,SACxB,CAAEzB,MAAOW,KAEVlD,GAASA,EAAKiE,UChEfC,EAAa,CAACjB,EAAcC,KAA4B,CAC5DP,OAAQ,CACNtD,EACA8E,IAEAV,EAAiBA,kBACfR,EAAIS,WAAWC,KACbjB,EAAgBC,OAChB,CAAEtD,OAAM8E,2BACR,CAAE5B,MAAOW,KAGfkB,aAAc,CACZC,EACAhF,EACA8E,IAEAV,EAAAA,kBACER,EAAIS,WAAWC,KACbjB,EAAgBC,OAChB,CAAE0B,WAAUhF,OAAM8E,2BAClB,CAAE5B,MAAOW,KAGfN,OAAQ,CACNyB,EACAhF,EACA8E,IAEAV,EAAAA,kBACER,EAAIS,WAAWC,KACbjB,EAAgBE,OAChB,CAAEyB,WAAUhF,OAAM8E,2BAClB,CAAE5B,MAAOW,KAGfL,OAASwB,GACPZ,EAAAA,kBACER,EAAIS,WAAWC,KAAKjB,EAAgBG,OAAQ,CAAEwB,YAAY,CAAE9B,MAAOW,OCtCnEoB,EAAU,CAACrB,EAAcC,KAA4B,CACzDN,OAAQ,CACN2B,EACAC,IAEAf,EAAiBA,kBACfR,EAAIS,WAAWC,KAAKjB,EAAaE,OAAQ,CAAE2B,MAAKC,gBAAgB,CAAEjC,MAAOW,OCS1EuB,WAAWC,QAEdD,WAAWC,MAAQA,UAEnBD,WAAWE,QAAUA,UAErBF,WAAWG,QAAUA,UAErBH,WAAWI,SAAWA,YAQxB,MAuPMC,EAvPWhF,IAEfA,EAAKiF,MAAQjF,EAAKiF,OAAS,CAAA,EAE3B,MAAMC,EAAoBlF,EAAKiF,MAAME,cAErCnF,EAAKiF,MAAME,cAAiBC,UAC1B,MAAMC,EAAOD,EAOb,OANAC,EAAKzE,QACAQ,OAAAC,OAAAD,OAAAC,OAAA,GAAAgE,EAAKzE,SACR,CAAA,qBAAsB,SACtB,8BAAiD,QAAnBF,EAAO,OAAP4E,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAA7E,OAAA,EAAAA,EAAA8E,OAAQ,GACzD,wBAAyB,mBAEpBN,aAAiB,EAAjBA,EAAoBG,KAASA,CAAI,EAG1C,MAAMI,EAAUC,UAAU1F,GL0DA,IAC1BuB,EAEAE,EAFAF,EKxDEkE,EL0DFhE,EK7CE5B,EAZA,CACE,eACA,mBACA,yBACA,yBACA,iBACA,gBACA,cACA,yBACA,yBACA,WLgDKuC,SAASZ,GAAiBF,EAASC,EAAKC,EAAMC,KK3CvD,MAAMkE,UAAEA,EAASC,OAAEA,GAAW5F,EAExBmC,EAA6C,CAAA,EAkB7C0D,ECtFe,EAAC1C,EAAcC,KAA4B,CAChEU,KAAMZ,EAASC,EAAKC,GACpBZ,OAAQ4B,EAAWjB,EAAKC,GACxBqB,IAAKD,EAAQrB,EAAKC,KDmFC0C,CAAeL,EAASzF,EAAKoD,eAE1CD,iCACDsC,GAAO,CAOVI,aAGA9F,aAAagG,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAM/D,MAAM,gCAE9B,GAAIE,EAAK4D,EAAOC,KAAM,OAAO7D,EAAK4D,EAAOC,KAKzC,GAFA5E,OAAOC,OAAOc,OAlCApC,WAChB,MAAMkG,QAA0BR,EAAQ7B,WACrC/C,IAAI,WAAW8E,KACfO,MAAMjG,GAASA,EAAKkG,SACvB,OAAKzD,MAAMC,QAAQsD,UACQG,QAAQC,IACjCJ,EAAWK,KAAIvG,MAAOiC,GAAQ,CAACA,EAAIgE,UAAWO,EAAAA,UAAUvE,QAGtCwE,QAClB,CAACC,GAAMT,EAAKU,KAAUV,EAAW5E,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAoF,IAAK,CAACT,EAAI9D,YAAawE,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAsB2BE,KAErBxE,EAAK4D,EAAOC,KAAM,MAAM/D,MAAM,gCAEnC,OAAOE,EAAK4D,EAAOC,IACpB,EAODjG,kBAAkB0E,SAEhB,MACMhC,SADYmE,EAASA,UAACnC,EAAKtB,EAAI0D,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAItE,IACFA,EAAMuE,IAAe,QAATtG,EAAA+B,EAAMuE,WAAG,IAAAtG,OAAA,EAAAA,EAAEiB,MAAM,KAAKsF,MAC9BxE,EAAMuE,MAAQrB,GAEhB,MAAM,IAAIuB,EAAMA,OAACC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAE1C,MAAKhC,QACf,EASD1C,sBACEqH,EACAC,WAEA,IAAKD,IAAiBC,EACpB,MAAMpF,MAAM,kDAEd,GAAImF,EACF,IAEE,aADoBjE,EAAImE,YAAYF,EAOrC,CALC,MAAOG,GACP,IAAKF,EAEH,MADAzB,SAAAA,EAAQ2B,MAAM,iEAAkEA,GAC1EtF,MAAM,4BAEf,CAEH,GAAIoF,EACF,UACQlE,EAAImE,YAAYD,GACtB,MAAMG,QAAgBrE,EAAIsE,QAAQJ,GAClC,GAAIG,EAAQE,GAAI,CAEd,aADoBvE,EAAImE,YAA0B,QAAd5G,EAAA8G,EAAQtH,YAAM,IAAAQ,OAAA,EAAAA,EAAAN,WAEnD,CACD,MAAM6B,MAAmB,QAAbf,EAAAsG,EAAQD,aAAK,IAAArG,OAAA,EAAAA,EAAEyG,QAI5B,CAHC,MAAOC,GAEP,MADAhC,SAAAA,EAAQ2B,MAAM,mCAAoCK,GAC5C3F,MAAM,4BACb,CAGH,MAAMA,MAAM,2BACb,EAODlC,wBAAwB8H,GACtB,IAAKA,EAAW,MAAM5F,MAAM,gCAE5B,IAAIhC,EACJ,IACEA,QAAakD,EAAI0E,UAAUC,SAASD,EAIrC,CAHC,MAAON,GAEP,MADA3B,SAAAA,EAAQ2B,MAAM,gCAAiCA,GACzCtF,MAAM,gCACb,CAED,MAAM7B,WAAEA,GAAeH,EAAKC,KAC5B,IAAKE,EAEH,MADAwF,SAAAA,EAAQ2B,MAAM,gDACRtF,MAAM,iCAGd,IAEE,aADoBkB,EAAImE,YAAYlH,EAKrC,CAHC,MAAOmH,GAEP,MADA3B,SAAAA,EAAQ2B,MAAM,sCAAuCA,GAC/CtF,MAAM,gCACb,CACF,EAQD8F,oBAAmB,CAACzF,EAA8B0F,IACzC7E,EAAI8E,0BAA0B3F,EAAU,KAAM0F,GASvDC,0BACE3F,EACAE,EACAwF,GAEA,MAAME,EAAU7F,EAA2BC,ENtOb,cMsO6CE,GAC3E,OAAOwF,EAAYG,OAAOC,GAASF,EAAQG,SAASD,IACrD,EAQDE,cAAa,CAAChG,EAA8BiG,IACnCpF,EAAIqF,oBAAoBlG,EAAU,KAAMiG,GASjDC,oBAAoBlG,EAA8BE,EAAgB+F,GAChE,MAAME,EAAapG,EAA2BC,ENzPtB,QMyPgDE,GACxE,OAAO+F,EAAMJ,OAAOO,GAASD,EAAWJ,SAASK,IAClD,IAGH,OAAOvF,CAAG,EAyBZ6B,EAAkB2D,gBAAkBjD,EAAS,QAACiD,gBAC9C3D,EAAkB4D,uBNhSoB,MMiStC5D,EAAkB6D,uBN/RoB"}

package/dist/examples/es6/src/index.d.ts

@@ -0,0 +1 @@
+export {};