@descope/node-sdk 1.0.4-alpha.7 → 1.0.4-alpha.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +154 -101
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/dist/index.umd.js +1 -1
- package/dist/index.umd.js.map +1 -1
- package/package.json +3 -3
package/dist/cjs/index.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";var e=require("@descope/core-js-sdk"),t=require("jose"),s=require("node-fetch"),o=require("tslib");function
|
|
1
|
+
"use strict";var e=require("@descope/core-js-sdk"),t=require("jose"),s=require("node-fetch"),o=require("tslib");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=n(e),r=n(s);const i=(e,t,s)=>`${e}=${t}; Domain=${(null==s?void 0:s.cookieDomain)||""}; Max-Age=${(null==s?void 0:s.cookieMaxAge)||""}; Path=${(null==s?void 0:s.cookiePath)||"/"}; HttpOnly; SameSite=Strict`,l=e=>async(...t)=>{var s,n,a;const r=await e(...t);if(!r.data)return r;let l=r.data,{sessionJwt:d,refreshJwt:c}=l,p=o.__rest(l,["sessionJwt","refreshJwt"]);const m=[i("DS",d,p)];return c?m.push(i("DSR",c,p)):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(c=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:c,cookies:m})})},d=(e,t,s)=>{if(!e)return;const o="string"==typeof t?t.split("."):t,n=o.shift()||"";if(0===o.length||"*"===n){const t=t=>{if(!t||"function"!=typeof e[t])throw Error(`cannot wrap value at key "${t.toString()}"`);e[t]=s(e[t])};"*"===n?Object.keys(e).forEach(t):t(n)}else d(e[n],o,s)};function c(e,t,s){var o,n;const a=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(a)?a:[]}var p={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",load:"/v1/mgmt/user/load",search:"/v1/mgmt/user/search"},m={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete"},u={update:"/v1/mgmt/jwt/update"},h={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},v={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"};const f=(t,s)=>({create:(o,n,a,r,i,l)=>e.transformResponse(t.httpClient.post(p.create,{identifier:o,email:n,phone:a,displayName:r,roleNames:i,userTenants:l},{token:s}),(e=>e.user)),update:(o,n,a,r,i,l)=>e.transformResponse(t.httpClient.post(p.update,{identifier:o,email:n,phone:a,displayName:r,roleNames:i,userTenants:l},{token:s}),(e=>e.user)),delete:o=>e.transformResponse(t.httpClient.post(p.delete,{identifier:o},{token:s})),load:o=>e.transformResponse(t.httpClient.get(p.load,{queryParams:{identifier:o},token:s}),(e=>e.user)),searchAll:(o,n,a)=>e.transformResponse(t.httpClient.post(p.search,{tenantIds:o,roleNames:n,limit:a},{token:s}),(e=>e.users))}),k=(t,s)=>({create:(o,n)=>e.transformResponse(t.httpClient.post(m.create,{name:o,selfProvisioningDomains:n},{token:s})),createWithId:(o,n,a)=>e.transformResponse(t.httpClient.post(m.create,{tenantId:o,name:n,selfProvisioningDomains:a},{token:s})),update:(o,n,a)=>e.transformResponse(t.httpClient.post(m.update,{tenantId:o,name:n,selfProvisioningDomains:a},{token:s})),delete:o=>e.transformResponse(t.httpClient.post(m.delete,{tenantId:o},{token:s}))}),g=(t,s)=>({update:(o,n)=>e.transformResponse(t.httpClient.post(u.update,{jwt:o,customClaims:n},{token:s}))}),y=(t,s)=>({create:(o,n)=>e.transformResponse(t.httpClient.post(h.create,{name:o,description:n},{token:s})),update:(o,n,a)=>e.transformResponse(t.httpClient.post(h.update,{name:o,newName:n,description:a},{token:s})),delete:o=>e.transformResponse(t.httpClient.post(h.delete,{name:o},{token:s})),loadAll:()=>e.transformResponse(t.httpClient.get(h.loadAll,{token:s}),(e=>e.permissions))}),w=(t,s)=>({create:(o,n,a)=>e.transformResponse(t.httpClient.post(v.create,{name:o,description:n,permissionNames:a},{token:s})),update:(o,n,a,r)=>e.transformResponse(t.httpClient.post(v.update,{name:o,newName:n,description:a,permissionNames:r},{token:s})),delete:o=>e.transformResponse(t.httpClient.post(v.delete,{name:o},{token:s})),loadAll:()=>e.transformResponse(t.httpClient.get(v.loadAll,{token:s}),(e=>e.roles))});globalThis.fetch||(globalThis.fetch=r.default,globalThis.Headers=s.Headers,globalThis.Request=s.Request,globalThis.Response=s.Response);const R=e=>{e.hooks=e.hooks||{};const s=e.hooks.beforeRequest;e.hooks.beforeRequest=e=>{var t;const o=e;return o.headers=Object.assign(Object.assign({},o.headers),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(t=null===process||void 0===process?void 0:process.versions)||void 0===t?void 0:t.node)||"","x-descope-sdk-version":"1.0.4-alpha.9"}),(null==s?void 0:s(o))||o};const o=a.default(e);var n,r;n=o,r=l,["otp.verify.*","magicLink.verify","enchantedLink.signUp.*","enchantedLink.signIn.*","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"].forEach((e=>d(n,e,r)));const{projectId:i,logger:p}=e,m={},u=((e,t)=>({user:f(e,t),tenant:k(e,t),jwt:g(e,t),permission:y(e,t),role:w(e,t)}))(o,e.managementKey),h=Object.assign(Object.assign({},o),{management:u,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(m[e.kid])return m[e.kid];if(Object.assign(m,await(async()=>{const e=(await o.httpClient.get(`v2/keys/${i}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await t.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!m[e.kid])throw Error("failed to fetch matching key");return m[e.kid]},async validateJwt(e){var s;const o=(await t.jwtVerify(e,h.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(s=o.iss)||void 0===s?void 0:s.split("/").pop(),o.iss!==i))throw new t.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e,t){var s,o;if(!e&&!t)throw Error("both refresh token and session token are empty");if(e)try{return await h.validateJwt(e)}catch(e){if(!t)throw null==p||p.error("failed to validate session token and no refresh token provided",e),Error("could not validate tokens")}if(t)try{await h.validateJwt(t);const e=await h.refresh(t);if(e.ok){return await h.validateJwt(null===(s=e.data)||void 0===s?void 0:s.sessionJwt)}throw Error(null===(o=e.error)||void 0===o?void 0:o.message)}catch(e){throw null==p||p.error("failed to validate refresh token",e),Error("could not validate tokens")}throw Error("could not validate token")},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await h.accessKey.exchange(e)}catch(e){throw null==p||p.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:s}=t.data;if(!s)throw null==p||p.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await h.validateJwt(s)}catch(e){throw null==p||p.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>h.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){const o=c(e,"permissions",t);return s.every((e=>o.includes(e)))},validateRoles:(e,t)=>h.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){const o=c(e,"roles",t);return s.every((e=>o.includes(e)))}});return h};R.DeliveryMethods=a.default.DeliveryMethods,R.RefreshTokenCookieName="DSR",R.SessionTokenCookieName="DS",module.exports=R;
|
|
2
2
|
//# sourceMappingURL=index.cjs.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.cjs.js","sources":["../../lib/constants.ts","../../lib/helpers.ts","../../lib/index.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name */\nexport const refreshTokenCookieName = 'DSR';\n/** Session JWT cookie name */\nexport const sessionTokenCookieName = 'DS';\n/** The key of the tenants claims in the claims map */\nexport const authorizedTenantsClaimName = 'tenants';\n/** The key of the permissions claims in the claims map either under tenant or top level */\nexport const permissionsClaimName = 'permissions';\n/** The key of the roles claims in the claims map either under tenant or top level */\nexport const rolesClaimName = 'roles';\n","import type { ResponseData, SdkResponse } from '@descope/core-js-sdk';\nimport { AuthenticationInfo } from './types';\nimport {\n refreshTokenCookieName,\n sessionTokenCookieName,\n authorizedTenantsClaimName,\n} from './constants';\n\n/**\n * Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n */\nconst generateCookie = (name: string, value: string, options?: Record<string, string | number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain || ''}; Max-Age=${\n options?.cookieMaxAge || ''\n }; Path=${options?.cookiePath || '/'}; HttpOnly; SameSite=Strict`;\n\n/**\n * Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n */\nconst getCookieValue = (cookie: string | null | undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^|;\\\\s*)${name}=([^;]*)`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/**\n * Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n */\nexport const withCookie =\n <T extends Array<any>, U extends Promise<SdkResponse<ResponseData>>>(fn: (...args: T) => U) =>\n async (...args: T): Promise<SdkResponse<ResponseData>> => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { sessionJwt, refreshJwt, ...rest } = resp.data;\n const cookies = [generateCookie(sessionTokenCookieName, sessionJwt, rest)];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/**\n * Wrap given object internal functions (can be deep inside the object) with the given wrapping function\n * @param obj we will deep wrap functions inside this object based on the given path\n * @param path the path of internal objects to walk before wrapping the final result. Path is collection of parts separated by '.' that support '*' to say all of the keys for the part.\n * @param wrappingFn function to wrap with\n * @returns void, we update the functions in place\n */\nexport const wrapWith = <T extends Record<string, any>>(\n obj: T,\n path: string | string[],\n wrappingFn: Function,\n // eslint-disable-next-line consistent-return\n): void => {\n if (!obj) return;\n\n const pathSections = typeof path === 'string' ? path.split('.') : path;\n const section = pathSections.shift() || ('' as keyof T);\n\n if (pathSections.length === 0 || section === '*') {\n const wrap = (key: keyof T) => {\n if (key && typeof obj[key] === 'function') {\n // eslint-disable-next-line no-param-reassign\n obj[key] = wrappingFn(obj[key]);\n } else {\n // istanbul ignore next\n throw Error(`cannot wrap value at key \"${key.toString()}\"`);\n }\n };\n if (section === '*') {\n Object.keys(obj).forEach(wrap);\n } else {\n wrap(section);\n }\n } else {\n wrapWith(obj[section], pathSections, wrappingFn);\n }\n};\n\n/**\n * Wrap given object internal functions (can be deep inside the object) with the given wrapping function based on multiple paths.\n * @param obj we will deep wrap functions inside this object based on the given paths\n * @param paths multiple paths of internal objects to walk before wrapping the final result. Path is collection of parts separated by '.' that support '*' to say all of the keys for the part.\n * @param wrappingFn function to wrap with\n * @returns void, we update the functions in place\n */\nexport const bulkWrapWith = (\n obj: Parameters<typeof wrapWith>[0],\n paths: string[],\n wrappingFn: Parameters<typeof wrapWith>[2],\n) => paths.forEach((path: string) => wrapWith(obj, path, wrappingFn));\n\n/**\n * Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns\n */\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n","import createSdk, {\n SdkResponse,\n ExchangeAccessKeyResponse,\n RequestConfig,\n} from '@descope/core-js-sdk';\nimport { KeyLike, jwtVerify, JWK, JWTHeaderParameters, importJWK } from 'jose';\nimport fetch, { Headers, Response, Request } from 'node-fetch';\nimport { bulkWrapWith, withCookie, getAuthorizationClaimItems } from './helpers';\nimport { AuthenticationInfo } from './types';\nimport {\n refreshTokenCookieName,\n sessionTokenCookieName,\n permissionsClaimName,\n rolesClaimName,\n} from './constants';\n\ndeclare const BUILD_VERSION: string;\n\n/* istanbul ignore next */\nif (!globalThis.fetch) {\n // @ts-ignore\n globalThis.fetch = fetch;\n // @ts-ignore\n globalThis.Headers = Headers;\n // @ts-ignore\n globalThis.Request = Request;\n // @ts-ignore\n globalThis.Response = Response;\n}\n\nconst nodeSdk = (...args: Parameters<typeof createSdk>) => {\n const funcArgs: typeof args = [...args];\n funcArgs[0].hooks = funcArgs[0].hooks || {};\n const origBeforeRequest = funcArgs[0].hooks.beforeRequest;\n funcArgs[0].hooks.beforeRequest = (config: RequestConfig) => {\n const conf = config;\n conf.headers = {\n ...conf.headers,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node || '',\n 'x-descope-sdk-version': BUILD_VERSION,\n };\n return origBeforeRequest?.(conf) || conf;\n };\n const coreSdk = createSdk(...funcArgs);\n\n bulkWrapWith(\n coreSdk,\n [\n 'otp.verify.*',\n 'magicLink.verify',\n 'magicLink.crossDevice.signUp.*',\n 'magicLink.crossDevice.signIn.*',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ],\n withCookie,\n );\n\n const { projectId, logger } = args[0];\n\n const keys: Record<string, KeyLike | Uint8Array> = {};\n\n /** Fetch the public keys (JWKs) from Descope for the configured project */\n const fetchKeys = async () => {\n const publicKeys: JWK[] = await coreSdk.httpClient\n .get(`v1/keys/${projectId}`)\n .then((resp) => resp.json());\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const sdk = {\n ...coreSdk,\n\n /** Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. */\n async getKey(header: JWTHeaderParameters): Promise<KeyLike | Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /**\n * Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n */\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { issuer: projectId, clockTolerance: 5 });\n\n return { jwt, token: res.payload };\n },\n\n /**\n * Validate session based on at least one of session and refresh JWTs. You must provide at least one of them.\n *\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n */\n async validateSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken)\n throw Error('both refresh token and session token are empty');\n\n if (sessionToken) {\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n if (!refreshToken) {\n logger?.error('failed to validate session token and no refresh token provided', error);\n throw Error('could not validate tokens');\n }\n }\n }\n if (refreshToken) {\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n throw Error(jwtResp.error?.message);\n } catch (refreshTokenErr) {\n logger?.error('failed to validate refresh token', refreshTokenErr);\n throw Error('could not validate tokens');\n }\n }\n /* istanbul ignore next */\n throw Error('could not validate token');\n },\n\n /**\n * Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @returns AuthneticationInfo with session JWT data\n */\n async exchangeAccessKey(accessKey: string): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error('could not exchange access key');\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error('could not exchange access key');\n }\n },\n\n /**\n * Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n */\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, null, permissions);\n },\n\n /**\n * Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n */\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /**\n * Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n */\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, null, roles);\n },\n\n /**\n * Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n */\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n };\n\n return sdk;\n};\n\n/** Descope SDK client with delivery methods enum.\n *\n * Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n *\n * ```js\n * import descopeSdk from '@descope/node-sdk';\n *\n * const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n *\n * const userIdentifier = 'identifier';\n * sdk.otp.signIn.email(userIdentifier);\n * const jwtResponse = sdk.otp.verify.email(userIdentifier, codeFromEmail);\n * ```\n */\nconst sdkWithAttributes = nodeSdk as typeof nodeSdk & {\n DeliveryMethods: typeof createSdk.DeliveryMethods;\n RefreshTokenCookieName: typeof refreshTokenCookieName;\n SessionTokenCookieName: typeof sessionTokenCookieName;\n};\n\nsdkWithAttributes.DeliveryMethods = createSdk.DeliveryMethods;\nsdkWithAttributes.RefreshTokenCookieName = refreshTokenCookieName;\nsdkWithAttributes.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default sdkWithAttributes;\n\nexport type { DeliveryMethod, OAuthProvider } from '@descope/core-js-sdk';\n"],"names":["generateCookie","name","value","options","cookieDomain","cookieMaxAge","cookiePath","withCookie","fn","async","args","resp","data","_d","sessionJwt","refreshJwt","rest","__rest","cookies","push","_a","response","headers","get","cookie","match","RegExp","getCookieValue","_b","_c","Object","assign","wrapWith","obj","path","wrappingFn","pathSections","split","section","shift","length","wrap","key","Error","toString","keys","forEach","getAuthorizationClaimItems","authInfo","claim","tenant","token","Array","isArray","globalThis","fetch","Headers","Request","Response","sdkWithAttributes","funcArgs","hooks","origBeforeRequest","beforeRequest","config","conf","process","versions","node","coreSdk","createSdk","projectId","logger","sdk","header","kid","publicKeys","httpClient","then","json","Promise","all","map","importJWK","reduce","acc","jwk","fetchKeys","jwt","jwtVerify","getKey","issuer","clockTolerance","payload","sessionToken","refreshToken","validateJwt","error","jwtResp","refresh","ok","message","refreshTokenErr","accessKey","exchange","validatePermissions","permissions","validateTenantPermissions","granted","every","perm","includes","validateRoles","roles","validateTenantRoles","membership","role","DeliveryMethods","RefreshTokenCookieName","SessionTokenCookieName"],"mappings":"0MAEO,MCaDA,EAAiB,CAACC,EAAcC,EAAeC,IACnD,GAAGF,KAAQC,cAAiBC,aAAA,EAAAA,EAASC,eAAgB,gBACnDD,aAAA,EAAAA,EAASE,eAAgB,aACjBF,aAAA,EAAAA,EAASG,aAAc,iCAmBtBC,EAC0DC,GACrEC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAAsCF,EAAKC,MAA3CE,WAAEA,EAAUC,WAAEA,KAAeC,EAA7BC,EAAAA,OAAAJ,EAAA,CAAA,aAAA,eACJ,MAAMK,EAAU,CAAClB,ED7CiB,KC6CsBc,EAAYE,IAcpE,OAZKD,EASHG,EAAQC,KAAKnB,ED1DmB,MC0DoBe,EAAYC,KAR/C,QAAbI,EAAAT,EAAKU,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BR,EA3Be,EAACS,EAAmCvB,KACzD,MAAMwB,EAAQD,eAAAA,EAAQC,MAAMC,OAAO,cAAczB,cACjD,OAAOwB,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAAjB,EAAKU,gBAAQ,IAAAO,OAAA,EAAAA,EAAEN,QAAQC,IAAI,cDpDC,OCuD9BL,EAAQC,KAAoB,QAAfU,EAAAlB,EAAKU,gBAAU,IAAAQ,OAAA,EAAAA,EAAAP,QAAQC,IAAI,gBAMhCO,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAApB,GAAM,CAAAC,KAAWkB,OAAAC,OAAAD,OAAAC,OAAA,GAAApB,EAAKC,MAAM,CAAAG,aAAYG,aAAY,EAUvDc,EAAW,CACtBC,EACAC,EACAC,KAGA,IAAKF,EAAK,OAEV,MAAMG,EAA+B,iBAATF,EAAoBA,EAAKG,MAAM,KAAOH,EAC5DI,EAAUF,EAAaG,SAAY,GAEzC,GAA4B,IAAxBH,EAAaI,QAA4B,MAAZF,EAAiB,CAChD,MAAMG,EAAQC,IACZ,IAAIA,GAA2B,mBAAbT,EAAIS,GAKpB,MAAMC,MAAM,6BAA6BD,EAAIE,eAH7CX,EAAIS,GAAOP,EAAWF,EAAIS,GAI3B,EAEa,MAAZJ,EACFR,OAAOe,KAAKZ,GAAKa,QAAQL,GAEzBA,EAAKH,EAER,MACCN,EAASC,EAAIK,GAAUF,EAAcD,EACtC,WAuBaY,EACdC,EACAC,EACAC,WAEA,MAAMhD,EAAQgD,EAC0C,QAApDtB,EAA6C,QAA7CR,EAAA4B,EAASG,MAAgC,eAAI,IAAA/B,OAAA,EAAAA,EAAA8B,UAAO,IAAAtB,OAAA,EAAAA,EAAGqB,GACvDD,EAASG,MAAMF,GACnB,OAAOG,MAAMC,QAAQnD,GAASA,EAAQ,EACxC,CClHKoD,WAAWC,QAEdD,WAAWC,MAAQA,UAEnBD,WAAWE,QAAUA,UAErBF,WAAWG,QAAUA,UAErBH,WAAWI,SAAWA,YAGxB,MA8NMC,EA9NU,IAAIjD,KAClB,MAAMkD,EAAwB,IAAIlD,GAClCkD,EAAS,GAAGC,MAAQD,EAAS,GAAGC,OAAS,GACzC,MAAMC,EAAoBF,EAAS,GAAGC,MAAME,cAC5CH,EAAS,GAAGC,MAAME,cAAiBC,UACjC,MAAMC,EAAOD,EAOb,OANAC,EAAK3C,QACAQ,OAAAC,OAAAD,OAAAC,OAAA,GAAAkC,EAAK3C,SACR,CAAA,qBAAsB,SACtB,8BAAiD,QAAnBF,EAAO,OAAP8C,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAA/C,OAAA,EAAAA,EAAAgD,OAAQ,GACzD,wBAAyB,mBAEpBN,aAAiB,EAAjBA,EAAoBG,KAASA,CAAI,EAE1C,MAAMI,EAAUC,EAAAA,WAAaV,GDmEH,IAC1B3B,EAEAE,EAFAF,ECjEEoC,EDmEFlC,ECtDE5B,EAZA,CACE,eACA,mBACA,iCACA,iCACA,iBACA,gBACA,cACA,yBACA,yBACA,WDyDKuC,SAASZ,GAAiBF,EAASC,EAAKC,EAAMC,KCpDvD,MAAMoC,UAAEA,EAASC,OAAEA,GAAW9D,EAAK,GAE7BmC,EAA6C,CAAA,EAkB7C4B,iCACDJ,GAAO,CAGV5D,aAAaiE,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMhC,MAAM,gCAE9B,GAAIE,EAAK6B,EAAOC,KAAM,OAAO9B,EAAK6B,EAAOC,KAKzC,GAFA7C,OAAOC,OAAOc,OAzBApC,WAChB,MAAMmE,QAA0BP,EAAQQ,WACrCtD,IAAI,WAAWgD,KACfO,MAAMnE,GAASA,EAAKoE,SACvB,OAAK3B,MAAMC,QAAQuB,UACQI,QAAQC,IACjCL,EAAWM,KAAIzE,MAAOiC,GAAQ,CAACA,EAAIiC,UAAWQ,EAAAA,UAAUzC,QAGtC0C,QAClB,CAACC,GAAMV,EAAKW,KAAUX,EAAW7C,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAsD,IAAK,CAACV,EAAI/B,YAAa0C,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAa2BE,KAErB1C,EAAK6B,EAAOC,KAAM,MAAMhC,MAAM,gCAEnC,OAAOE,EAAK6B,EAAOC,IACpB,EAODlE,YAAiB,MAAC+E,IAIT,CAAEA,MAAKrC,aAFIsC,YAAUD,EAAKf,EAAIiB,OAAQ,CAAEC,OAAQpB,EAAWqB,eAAgB,KAEzDC,UAU3BpF,sBACEqF,EACAC,WAEA,IAAKD,IAAiBC,EACpB,MAAMpD,MAAM,kDAEd,GAAImD,EACF,IAEE,aADoBrB,EAAIuB,YAAYF,EAOrC,CALC,MAAOG,GACP,IAAKF,EAEH,MADAvB,SAAAA,EAAQyB,MAAM,iEAAkEA,GAC1EtD,MAAM,4BAEf,CAEH,GAAIoD,EACF,UACQtB,EAAIuB,YAAYD,GACtB,MAAMG,QAAgBzB,EAAI0B,QAAQJ,GAClC,GAAIG,EAAQE,GAAI,CAEd,aADoB3B,EAAIuB,YAA0B,QAAd5E,EAAA8E,EAAQtF,YAAM,IAAAQ,OAAA,EAAAA,EAAAN,WAEnD,CACD,MAAM6B,MAAmB,QAAbf,EAAAsE,EAAQD,aAAK,IAAArE,OAAA,EAAAA,EAAEyE,QAI5B,CAHC,MAAOC,GAEP,MADA9B,SAAAA,EAAQyB,MAAM,mCAAoCK,GAC5C3D,MAAM,4BACb,CAGH,MAAMA,MAAM,2BACb,EAODlC,wBAAwB8F,GACtB,IAAKA,EAAW,MAAM5D,MAAM,gCAE5B,IAAIhC,EACJ,IACEA,QAAa8D,EAAI8B,UAAUC,SAASD,EAIrC,CAHC,MAAON,GAEP,MADAzB,SAAAA,EAAQyB,MAAM,gCAAiCA,GACzCtD,MAAM,gCACb,CAED,MAAM7B,WAAEA,GAAeH,EAAKC,KAC5B,IAAKE,EAEH,MADA0D,SAAAA,EAAQyB,MAAM,gDACRtD,MAAM,iCAGd,IAEE,aADoB8B,EAAIuB,YAAYlF,EAKrC,CAHC,MAAOmF,GAEP,MADAzB,SAAAA,EAAQyB,MAAM,sCAAuCA,GAC/CtD,MAAM,gCACb,CACF,EAQD8D,oBAAmB,CAACzD,EAA8B0D,IACzCjC,EAAIkC,0BAA0B3D,EAAU,KAAM0D,GASvDC,0BACE3D,EACAE,EACAwD,GAEA,MAAME,EAAU7D,EAA2BC,EFvMb,cEuM6CE,GAC3E,OAAOwD,EAAYG,OAAOC,GAASF,EAAQG,SAASD,IACrD,EAQDE,cAAa,CAAChE,EAA8BiE,IACnCxC,EAAIyC,oBAAoBlE,EAAU,KAAMiE,GASjDC,oBAAoBlE,EAA8BE,EAAgB+D,GAChE,MAAME,EAAapE,EAA2BC,EF1NtB,QE0NgDE,GACxE,OAAO+D,EAAMJ,OAAOO,GAASD,EAAWJ,SAASK,IAClD,IAGH,OAAO3C,CAAG,EAyBZd,EAAkB0D,gBAAkB/C,EAAS,QAAC+C,gBAC9C1D,EAAkB2D,uBFjQoB,MEkQtC3D,EAAkB4D,uBFhQoB"}
|
|
1
|
+
{"version":3,"file":"index.cjs.js","sources":["../../lib/constants.ts","../../lib/helpers.ts","../../lib/management/paths.ts","../../lib/management/user.ts","../../lib/management/tenant.ts","../../lib/management/jwt.ts","../../lib/management/permission.ts","../../lib/management/role.ts","../../lib/index.ts","../../lib/management/index.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name */\nexport const refreshTokenCookieName = 'DSR';\n/** Session JWT cookie name */\nexport const sessionTokenCookieName = 'DS';\n/** The key of the tenants claims in the claims map */\nexport const authorizedTenantsClaimName = 'tenants';\n/** The key of the permissions claims in the claims map either under tenant or top level */\nexport const permissionsClaimName = 'permissions';\n/** The key of the roles claims in the claims map either under tenant or top level */\nexport const rolesClaimName = 'roles';\n","import type { ResponseData, SdkResponse } from '@descope/core-js-sdk';\nimport { AuthenticationInfo } from './types';\nimport {\n refreshTokenCookieName,\n sessionTokenCookieName,\n authorizedTenantsClaimName,\n} from './constants';\n\n/**\n * Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n */\nconst generateCookie = (name: string, value: string, options?: Record<string, string | number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain || ''}; Max-Age=${\n options?.cookieMaxAge || ''\n }; Path=${options?.cookiePath || '/'}; HttpOnly; SameSite=Strict`;\n\n/**\n * Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n */\nconst getCookieValue = (cookie: string | null | undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^|;\\\\s*)${name}=([^;]*)`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/**\n * Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n */\nexport const withCookie =\n <T extends Array<any>, U extends Promise<SdkResponse<ResponseData>>>(fn: (...args: T) => U) =>\n async (...args: T): Promise<SdkResponse<ResponseData>> => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { sessionJwt, refreshJwt, ...rest } = resp.data;\n const cookies = [generateCookie(sessionTokenCookieName, sessionJwt, rest)];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/**\n * Wrap given object internal functions (can be deep inside the object) with the given wrapping function\n * @param obj we will deep wrap functions inside this object based on the given path\n * @param path the path of internal objects to walk before wrapping the final result. Path is collection of parts separated by '.' that support '*' to say all of the keys for the part.\n * @param wrappingFn function to wrap with\n * @returns void, we update the functions in place\n */\nexport const wrapWith = <T extends Record<string, any>>(\n obj: T,\n path: string | string[],\n wrappingFn: Function,\n // eslint-disable-next-line consistent-return\n): void => {\n if (!obj) return;\n\n const pathSections = typeof path === 'string' ? path.split('.') : path;\n const section = pathSections.shift() || ('' as keyof T);\n\n if (pathSections.length === 0 || section === '*') {\n const wrap = (key: keyof T) => {\n if (key && typeof obj[key] === 'function') {\n // eslint-disable-next-line no-param-reassign\n obj[key] = wrappingFn(obj[key]);\n } else {\n // istanbul ignore next\n throw Error(`cannot wrap value at key \"${key.toString()}\"`);\n }\n };\n if (section === '*') {\n Object.keys(obj).forEach(wrap);\n } else {\n wrap(section);\n }\n } else {\n wrapWith(obj[section], pathSections, wrappingFn);\n }\n};\n\n/**\n * Wrap given object internal functions (can be deep inside the object) with the given wrapping function based on multiple paths.\n * @param obj we will deep wrap functions inside this object based on the given paths\n * @param paths multiple paths of internal objects to walk before wrapping the final result. Path is collection of parts separated by '.' that support '*' to say all of the keys for the part.\n * @param wrappingFn function to wrap with\n * @returns void, we update the functions in place\n */\nexport const bulkWrapWith = (\n obj: Parameters<typeof wrapWith>[0],\n paths: string[],\n wrappingFn: Parameters<typeof wrapWith>[2],\n) => paths.forEach((path: string) => wrapWith(obj, path, wrappingFn));\n\n/**\n * Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns\n */\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n","/** API paths for the Descope service Management APIs */\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n update: '/v1/mgmt/user/update',\n delete: '/v1/mgmt/user/delete',\n load: '/v1/mgmt/user/load',\n search: '/v1/mgmt/user/search',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n },\n};\n","import { SdkResponse, transformResponse, UserResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UserTenant } from './types';\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n identifier: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roleNames?: string[],\n userTenants?: UserTenant[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n { identifier, email, phone, displayName, roleNames, userTenants },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n update: (\n identifier: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roleNames?: string[],\n userTenants?: UserTenant[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.update,\n { identifier, email, phone, displayName, roleNames, userTenants },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n delete: (identifier: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { identifier }, { token: managementKey }),\n ),\n load: (identifier: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { identifier },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n searchAll: (\n tenantIds?: string[],\n roleNames?: string[],\n limit?: number,\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n { tenantIds, roleNames, limit },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n});\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CreateTenantResponse } from './types';\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n createWithId: (\n tenantId: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { tenantId, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n update: (\n tenantId: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { tenantId, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n delete: (tenantId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { tenantId }, { token: managementKey }),\n ),\n});\n\nexport default withTenant;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UpdateJWTResponse } from './types';\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import createSdk, {\n SdkResponse,\n ExchangeAccessKeyResponse,\n RequestConfig,\n} from '@descope/core-js-sdk';\nimport { KeyLike, jwtVerify, JWK, JWTHeaderParameters, importJWK, errors } from 'jose';\nimport fetch, { Headers, Response, Request } from 'node-fetch';\nimport { bulkWrapWith, withCookie, getAuthorizationClaimItems } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport {\n refreshTokenCookieName,\n sessionTokenCookieName,\n permissionsClaimName,\n rolesClaimName,\n} from './constants';\n\ndeclare const BUILD_VERSION: string;\n\n/* istanbul ignore next */\nif (!globalThis.fetch) {\n // @ts-ignore\n globalThis.fetch = fetch;\n // @ts-ignore\n globalThis.Headers = Headers;\n // @ts-ignore\n globalThis.Request = Request;\n // @ts-ignore\n globalThis.Response = Response;\n}\n\n/** Configuration arguments which include the Descope core SDK args and an optional management key */\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n};\n\nconst nodeSdk = (args: NodeSdkArgs) => {\n // eslint-disable-next-line no-param-reassign\n args.hooks = args.hooks || {};\n\n const origBeforeRequest = args.hooks.beforeRequest;\n // eslint-disable-next-line no-param-reassign\n args.hooks.beforeRequest = (config: RequestConfig) => {\n const conf = config;\n conf.headers = {\n ...conf.headers,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node || '',\n 'x-descope-sdk-version': BUILD_VERSION,\n };\n return origBeforeRequest?.(conf) || conf;\n };\n\n const coreSdk = createSdk(args);\n\n bulkWrapWith(\n coreSdk,\n [\n 'otp.verify.*',\n 'magicLink.verify',\n 'enchantedLink.signUp.*',\n 'enchantedLink.signIn.*',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ],\n withCookie,\n );\n\n const { projectId, logger } = args;\n\n const keys: Record<string, KeyLike | Uint8Array> = {};\n\n /** Fetch the public keys (JWKs) from Descope for the configured project */\n const fetchKeys = async () => {\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, args.managementKey);\n\n const sdk = {\n ...coreSdk,\n\n /**\n * Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n */\n management,\n\n /** Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. */\n async getKey(header: JWTHeaderParameters): Promise<KeyLike | Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /**\n * Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n */\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /**\n * Validate session based on at least one of session and refresh JWTs. You must provide at least one of them.\n *\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n */\n async validateSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken)\n throw Error('both refresh token and session token are empty');\n\n if (sessionToken) {\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n if (!refreshToken) {\n logger?.error('failed to validate session token and no refresh token provided', error);\n throw Error('could not validate tokens');\n }\n }\n }\n if (refreshToken) {\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n throw Error(jwtResp.error?.message);\n } catch (refreshTokenErr) {\n logger?.error('failed to validate refresh token', refreshTokenErr);\n throw Error('could not validate tokens');\n }\n }\n /* istanbul ignore next */\n throw Error('could not validate token');\n },\n\n /**\n * Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @returns AuthneticationInfo with session JWT data\n */\n async exchangeAccessKey(accessKey: string): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error('could not exchange access key');\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error('could not exchange access key');\n }\n },\n\n /**\n * Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n */\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, null, permissions);\n },\n\n /**\n * Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n */\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /**\n * Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n */\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, null, roles);\n },\n\n /**\n * Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n */\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n };\n\n return sdk;\n};\n\n/** Descope SDK client with delivery methods enum.\n *\n * Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n *\n * ```js\n * import descopeSdk from '@descope/node-sdk';\n *\n * const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n *\n * const userIdentifier = 'identifier';\n * sdk.otp.signIn.email(userIdentifier);\n * const jwtResponse = sdk.otp.verify.email(userIdentifier, codeFromEmail);\n * ```\n */\nconst sdkWithAttributes = nodeSdk as typeof nodeSdk & {\n DeliveryMethods: typeof createSdk.DeliveryMethods;\n RefreshTokenCookieName: typeof refreshTokenCookieName;\n SessionTokenCookieName: typeof sessionTokenCookieName;\n};\n\nsdkWithAttributes.DeliveryMethods = createSdk.DeliveryMethods;\nsdkWithAttributes.RefreshTokenCookieName = refreshTokenCookieName;\nsdkWithAttributes.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default sdkWithAttributes;\n\nexport type { NodeSdkArgs };\n\nexport type { DeliveryMethod, OAuthProvider } from '@descope/core-js-sdk';\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\n\n/** Constructs a higher level Management API that wraps the functions from code-js-sdk */\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n role: withRole(sdk, managementKey),\n});\n\nexport default withManagement;\n"],"names":["generateCookie","name","value","options","cookieDomain","cookieMaxAge","cookiePath","withCookie","fn","async","args","resp","data","_d","sessionJwt","refreshJwt","rest","__rest","cookies","push","_a","response","headers","get","cookie","match","RegExp","getCookieValue","_b","_c","Object","assign","wrapWith","obj","path","wrappingFn","pathSections","split","section","shift","length","wrap","key","Error","toString","keys","forEach","getAuthorizationClaimItems","authInfo","claim","tenant","token","Array","isArray","apiPaths","create","update","delete","load","search","loadAll","withUser","sdk","managementKey","identifier","email","phone","displayName","roleNames","userTenants","transformResponse","httpClient","post","user","queryParams","searchAll","tenantIds","limit","users","withTenant","selfProvisioningDomains","createWithId","tenantId","withJWT","jwt","customClaims","withPermission","description","newName","permissions","withRole","permissionNames","roles","globalThis","fetch","Headers","Request","Response","sdkWithAttributes","hooks","origBeforeRequest","beforeRequest","config","conf","process","versions","node","coreSdk","createSdk","projectId","logger","management","permission","role","withManagement","header","kid","publicKeys","then","json","Promise","all","map","importJWK","reduce","acc","jwk","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","pop","errors","JWTClaimValidationFailed","sessionToken","refreshToken","validateJwt","error","jwtResp","refresh","ok","message","refreshTokenErr","accessKey","exchange","validatePermissions","validateTenantPermissions","granted","every","perm","includes","validateRoles","validateTenantRoles","membership","DeliveryMethods","RefreshTokenCookieName","SessionTokenCookieName"],"mappings":"0MAEO,MCaDA,EAAiB,CAACC,EAAcC,EAAeC,IACnD,GAAGF,KAAQC,cAAiBC,aAAA,EAAAA,EAASC,eAAgB,gBACnDD,aAAA,EAAAA,EAASE,eAAgB,aACjBF,aAAA,EAAAA,EAASG,aAAc,iCAmBtBC,EAC0DC,GACrEC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAAsCF,EAAKC,MAA3CE,WAAEA,EAAUC,WAAEA,KAAeC,EAA7BC,EAAAA,OAAAJ,EAAA,CAAA,aAAA,eACJ,MAAMK,EAAU,CAAClB,ED7CiB,KC6CsBc,EAAYE,IAcpE,OAZKD,EASHG,EAAQC,KAAKnB,ED1DmB,MC0DoBe,EAAYC,KAR/C,QAAbI,EAAAT,EAAKU,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BR,EA3Be,EAACS,EAAmCvB,KACzD,MAAMwB,EAAQD,eAAAA,EAAQC,MAAMC,OAAO,cAAczB,cACjD,OAAOwB,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAAjB,EAAKU,gBAAQ,IAAAO,OAAA,EAAAA,EAAEN,QAAQC,IAAI,cDpDC,OCuD9BL,EAAQC,KAAoB,QAAfU,EAAAlB,EAAKU,gBAAU,IAAAQ,OAAA,EAAAA,EAAAP,QAAQC,IAAI,gBAMhCO,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAApB,GAAM,CAAAC,KAAWkB,OAAAC,OAAAD,OAAAC,OAAA,GAAApB,EAAKC,MAAM,CAAAG,aAAYG,aAAY,EAUvDc,EAAW,CACtBC,EACAC,EACAC,KAGA,IAAKF,EAAK,OAEV,MAAMG,EAA+B,iBAATF,EAAoBA,EAAKG,MAAM,KAAOH,EAC5DI,EAAUF,EAAaG,SAAY,GAEzC,GAA4B,IAAxBH,EAAaI,QAA4B,MAAZF,EAAiB,CAChD,MAAMG,EAAQC,IACZ,IAAIA,GAA2B,mBAAbT,EAAIS,GAKpB,MAAMC,MAAM,6BAA6BD,EAAIE,eAH7CX,EAAIS,GAAOP,EAAWF,EAAIS,GAI3B,EAEa,MAAZJ,EACFR,OAAOe,KAAKZ,GAAKa,QAAQL,GAEzBA,EAAKH,EAER,MACCN,EAASC,EAAIK,GAAUF,EAAcD,EACtC,WAuBaY,EACdC,EACAC,EACAC,WAEA,MAAMhD,EAAQgD,EAC0C,QAApDtB,EAA6C,QAA7CR,EAAA4B,EAASG,MAAgC,eAAI,IAAA/B,OAAA,EAAAA,EAAA8B,UAAO,IAAAtB,OAAA,EAAAA,EAAGqB,GACvDD,EAASG,MAAMF,GACnB,OAAOG,MAAMC,QAAQnD,GAASA,EAAQ,EACxC,CCpIA,IAAeoD,EACP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRC,KAAM,qBACNC,OAAQ,wBANGL,EAQL,CACNC,OAAQ,yBACRC,OAAQ,yBACRC,OAAQ,0BAXGH,EAaR,CACHE,OAAQ,uBAdGF,EAgBD,CACVC,OAAQ,6BACRC,OAAQ,6BACRC,OAAQ,6BACRG,QAAS,2BApBEN,EAsBP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRG,QAAS,qBCdb,MAAMC,EAAW,CAACC,EAAcC,KAA4B,CAC1DR,OAAQ,CACNS,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACER,EAAIS,WAAWC,KACblB,EAAcC,OACd,CAAES,aAAYC,QAAOC,QAAOC,cAAaC,YAAWC,eACpD,CAAElB,MAAOY,KAEVnD,GAASA,EAAK6D,OAEnBjB,OAAQ,CACNQ,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACER,EAAIS,WAAWC,KACblB,EAAcE,OACd,CAAEQ,aAAYC,QAAOC,QAAOC,cAAaC,YAAWC,eACpD,CAAElB,MAAOY,KAEVnD,GAASA,EAAK6D,OAEnBhB,OAASO,GACPM,EAAAA,kBACER,EAAIS,WAAWC,KAAKlB,EAAcG,OAAQ,CAAEO,cAAc,CAAEb,MAAOY,KAEvEL,KAAOM,GACLM,EAAAA,kBACER,EAAIS,WAAWhD,IAAI+B,EAAcI,KAAM,CACrCgB,YAAa,CAAEV,cACfb,MAAOY,KAERnD,GAASA,EAAK6D,OAEnBE,UAAW,CACTC,EACAR,EACAS,IAEAP,EAAAA,kBACER,EAAIS,WAAWC,KACblB,EAAcK,OACd,CAAEiB,YAAWR,YAAWS,SACxB,CAAE1B,MAAOY,KAEVnD,GAASA,EAAKkE,UChEfC,EAAa,CAACjB,EAAcC,KAA4B,CAC5DR,OAAQ,CACNtD,EACA+E,IAEAV,EAAiBA,kBACfR,EAAIS,WAAWC,KACblB,EAAgBC,OAChB,CAAEtD,OAAM+E,2BACR,CAAE7B,MAAOY,KAGfkB,aAAc,CACZC,EACAjF,EACA+E,IAEAV,EAAAA,kBACER,EAAIS,WAAWC,KACblB,EAAgBC,OAChB,CAAE2B,WAAUjF,OAAM+E,2BAClB,CAAE7B,MAAOY,KAGfP,OAAQ,CACN0B,EACAjF,EACA+E,IAEAV,EAAAA,kBACER,EAAIS,WAAWC,KACblB,EAAgBE,OAChB,CAAE0B,WAAUjF,OAAM+E,2BAClB,CAAE7B,MAAOY,KAGfN,OAASyB,GACPZ,EAAAA,kBACER,EAAIS,WAAWC,KAAKlB,EAAgBG,OAAQ,CAAEyB,YAAY,CAAE/B,MAAOY,OCtCnEoB,EAAU,CAACrB,EAAcC,KAA4B,CACzDP,OAAQ,CACN4B,EACAC,IAEAf,EAAiBA,kBACfR,EAAIS,WAAWC,KAAKlB,EAAaE,OAAQ,CAAE4B,MAAKC,gBAAgB,CAAElC,MAAOY,OCFzEuB,EAAiB,CAACxB,EAAcC,KAA4B,CAChER,OAAQ,CAACtD,EAAcsF,IACrBjB,EAAiBA,kBACfR,EAAIS,WAAWC,KACblB,EAAoBC,OACpB,CAAEtD,OAAMsF,eACR,CAAEpC,MAAOY,KAGfP,OAAQ,CAACvD,EAAcuF,EAAiBD,IACtCjB,EAAAA,kBACER,EAAIS,WAAWC,KACblB,EAAoBE,OACpB,CAAEvD,OAAMuF,UAASD,eACjB,CAAEpC,MAAOY,KAGfN,OAASxD,GACPqE,EAAAA,kBACER,EAAIS,WAAWC,KAAKlB,EAAoBG,OAAQ,CAAExD,QAAQ,CAAEkD,MAAOY,KAEvEH,QAAS,IACPU,EAAiBA,kBACfR,EAAIS,WAAWhD,IAAI+B,EAAoBM,QAAS,CAC9CT,MAAOY,KAERnD,GAASA,EAAK6E,gBC1BfC,EAAW,CAAC5B,EAAcC,KAA4B,CAC1DR,OAAQ,CACNtD,EACAsF,EACAI,IAEArB,EAAAA,kBACER,EAAIS,WAAWC,KACblB,EAAcC,OACd,CAAEtD,OAAMsF,cAAaI,mBACrB,CAAExC,MAAOY,KAGfP,OAAQ,CACNvD,EACAuF,EACAD,EACAI,IAEArB,oBACER,EAAIS,WAAWC,KACblB,EAAcE,OACd,CAAEvD,OAAMuF,UAASD,cAAaI,mBAC9B,CAAExC,MAAOY,KAGfN,OAASxD,GACPqE,EAAAA,kBACER,EAAIS,WAAWC,KAAKlB,EAAcG,OAAQ,CAAExD,QAAQ,CAAEkD,MAAOY,KAEjEH,QAAS,IACPU,EAAiBA,kBACfR,EAAIS,WAAWhD,IAAI+B,EAAcM,QAAS,CACxCT,MAAOY,KAERnD,GAASA,EAAKgF,UCxBhBC,WAAWC,QAEdD,WAAWC,MAAQA,UAEnBD,WAAWE,QAAUA,UAErBF,WAAWG,QAAUA,UAErBH,WAAWI,SAAWA,YAQxB,MAwPMC,EAxPWxF,IAEfA,EAAKyF,MAAQzF,EAAKyF,OAAS,CAAA,EAE3B,MAAMC,EAAoB1F,EAAKyF,MAAME,cAErC3F,EAAKyF,MAAME,cAAiBC,UAC1B,MAAMC,EAAOD,EAOb,OANAC,EAAKjF,QACAQ,OAAAC,OAAAD,OAAAC,OAAA,GAAAwE,EAAKjF,SACR,CAAA,qBAAsB,SACtB,8BAAiD,QAAnBF,EAAO,OAAPoF,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAArF,OAAA,EAAAA,EAAAsF,OAAQ,GACzD,wBAAyB,mBAEpBN,aAAiB,EAAjBA,EAAoBG,KAASA,CAAI,EAG1C,MAAMI,EAAUC,UAAUlG,GP0DA,IAC1BuB,EAEAE,EAFAF,EOxDE0E,EP0DFxE,EO7CE5B,EAZA,CACE,eACA,mBACA,yBACA,yBACA,iBACA,gBACA,cACA,yBACA,yBACA,WPgDKuC,SAASZ,GAAiBF,EAASC,EAAKC,EAAMC,KO3CvD,MAAM0E,UAAEA,EAASC,OAAEA,GAAWpG,EAExBmC,EAA6C,CAAA,EAmB7CkE,ECrFe,EAACjD,EAAcC,KAA4B,CAChEU,KAAMZ,EAASC,EAAKC,GACpBb,OAAQ6B,EAAWjB,EAAKC,GACxBqB,IAAKD,EAAQrB,EAAKC,GAClBiD,WAAY1B,EAAexB,EAAKC,GAChCkD,KAAMvB,EAAS5B,EAAKC,KDgFDmD,CAAeP,EAASjG,EAAKqD,eAE1CD,iCACD6C,GAAO,CAOVI,aAGAtG,aAAa0G,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMzE,MAAM,gCAE9B,GAAIE,EAAKsE,EAAOC,KAAM,OAAOvE,EAAKsE,EAAOC,KAKzC,GAFAtF,OAAOC,OAAOc,OAnCApC,WAChB,MAGM4G,SAHoBV,EAAQpC,WAC/BhD,IAAI,WAAWsF,KACfS,MAAM3G,GAASA,EAAK4G,UACe1E,KACtC,OAAKO,MAAMC,QAAQgE,UACQG,QAAQC,IACjCJ,EAAWK,KAAIjH,MAAOiC,GAAQ,CAACA,EAAI0E,UAAWO,EAAAA,UAAUjF,QAGtCkF,QAClB,CAACC,GAAMT,EAAKU,KAAUV,EAAWtF,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA8F,IAAK,CAACT,EAAIxE,YAAakF,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAsB2BE,KAErBlF,EAAKsE,EAAOC,KAAM,MAAMzE,MAAM,gCAEnC,OAAOE,EAAKsE,EAAOC,IACpB,EAOD3G,kBAAkB2E,SAEhB,MACMjC,SADY6E,EAASA,UAAC5C,EAAKtB,EAAImE,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAIhF,IACFA,EAAMiF,IAAe,QAAThH,EAAA+B,EAAMiF,WAAG,IAAAhH,OAAA,EAAAA,EAAEiB,MAAM,KAAKgG,MAC9BlF,EAAMiF,MAAQvB,GAEhB,MAAM,IAAIyB,EAAMA,OAACC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAEnD,MAAKjC,QACf,EASD1C,sBACE+H,EACAC,WAEA,IAAKD,IAAiBC,EACpB,MAAM9F,MAAM,kDAEd,GAAI6F,EACF,IAEE,aADoB1E,EAAI4E,YAAYF,EAOrC,CALC,MAAOG,GACP,IAAKF,EAEH,MADA3B,SAAAA,EAAQ6B,MAAM,iEAAkEA,GAC1EhG,MAAM,4BAEf,CAEH,GAAI8F,EACF,UACQ3E,EAAI4E,YAAYD,GACtB,MAAMG,QAAgB9E,EAAI+E,QAAQJ,GAClC,GAAIG,EAAQE,GAAI,CAEd,aADoBhF,EAAI4E,YAA0B,QAAdtH,EAAAwH,EAAQhI,YAAM,IAAAQ,OAAA,EAAAA,EAAAN,WAEnD,CACD,MAAM6B,MAAmB,QAAbf,EAAAgH,EAAQD,aAAK,IAAA/G,OAAA,EAAAA,EAAEmH,QAI5B,CAHC,MAAOC,GAEP,MADAlC,SAAAA,EAAQ6B,MAAM,mCAAoCK,GAC5CrG,MAAM,4BACb,CAGH,MAAMA,MAAM,2BACb,EAODlC,wBAAwBwI,GACtB,IAAKA,EAAW,MAAMtG,MAAM,gCAE5B,IAAIhC,EACJ,IACEA,QAAamD,EAAImF,UAAUC,SAASD,EAIrC,CAHC,MAAON,GAEP,MADA7B,SAAAA,EAAQ6B,MAAM,gCAAiCA,GACzChG,MAAM,gCACb,CAED,MAAM7B,WAAEA,GAAeH,EAAKC,KAC5B,IAAKE,EAEH,MADAgG,SAAAA,EAAQ6B,MAAM,gDACRhG,MAAM,iCAGd,IAEE,aADoBmB,EAAI4E,YAAY5H,EAKrC,CAHC,MAAO6H,GAEP,MADA7B,SAAAA,EAAQ6B,MAAM,sCAAuCA,GAC/ChG,MAAM,gCACb,CACF,EAQDwG,oBAAmB,CAACnG,EAA8ByC,IACzC3B,EAAIsF,0BAA0BpG,EAAU,KAAMyC,GASvD2D,0BACEpG,EACAE,EACAuC,GAEA,MAAM4D,EAAUtG,EAA2BC,ERvOb,cQuO6CE,GAC3E,OAAOuC,EAAY6D,OAAOC,GAASF,EAAQG,SAASD,IACrD,EAQDE,cAAa,CAACzG,EAA8B4C,IACnC9B,EAAI4F,oBAAoB1G,EAAU,KAAM4C,GASjD8D,oBAAoB1G,EAA8BE,EAAgB0C,GAChE,MAAM+D,EAAa5G,EAA2BC,ER1PtB,QQ0PgDE,GACxE,OAAO0C,EAAM0D,OAAOrC,GAAS0C,EAAWH,SAASvC,IAClD,IAGH,OAAOnD,CAAG,EAyBZoC,EAAkB0D,gBAAkBhD,EAAS,QAACgD,gBAC9C1D,EAAkB2D,uBRjSoB,MQkStC3D,EAAkB4D,uBRhSoB"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,8 +1,41 @@
|
|
|
1
1
|
import * as _descope_core_js_sdk from '@descope/core-js-sdk';
|
|
2
|
-
import _descope_core_js_sdk__default, {
|
|
2
|
+
import _descope_core_js_sdk__default, { SdkResponse, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
|
|
3
3
|
export { DeliveryMethod, OAuthProvider } from '@descope/core-js-sdk';
|
|
4
4
|
import { JWTHeaderParameters, KeyLike } from 'jose';
|
|
5
5
|
|
|
6
|
+
/** Represents a tenant association for a User. The tenantId is required to denote
|
|
7
|
+
* which tenant the user belongs to. The roleNames array is an optional list of
|
|
8
|
+
* roles for the user in this specific tenant.
|
|
9
|
+
*/
|
|
10
|
+
declare type UserTenant = {
|
|
11
|
+
tenantId: string;
|
|
12
|
+
roleNames: string[];
|
|
13
|
+
};
|
|
14
|
+
/** The tenantId of a newly created tenant */
|
|
15
|
+
declare type CreateTenantResponse = {
|
|
16
|
+
tenantId: string;
|
|
17
|
+
};
|
|
18
|
+
/** UpdateJWT response with a new JWT value with the added custom claims */
|
|
19
|
+
declare type UpdateJWTResponse = {
|
|
20
|
+
jwt: string;
|
|
21
|
+
};
|
|
22
|
+
/** Represents a permission in a project. It has a name and optionally a description.
|
|
23
|
+
* It also has a flag indicating whether it is system default or not.
|
|
24
|
+
*/
|
|
25
|
+
declare type Permission = {
|
|
26
|
+
name: string;
|
|
27
|
+
description?: string;
|
|
28
|
+
systemDefault: boolean;
|
|
29
|
+
};
|
|
30
|
+
/** Represents a role in a project. It has a name and optionally a description and
|
|
31
|
+
* a list of permissions it grants.
|
|
32
|
+
*/
|
|
33
|
+
declare type Role = {
|
|
34
|
+
name: string;
|
|
35
|
+
description?: string;
|
|
36
|
+
permissionNames: string[];
|
|
37
|
+
};
|
|
38
|
+
|
|
6
39
|
/** Parsed JWT token */
|
|
7
40
|
interface Token {
|
|
8
41
|
sub?: string;
|
|
@@ -22,6 +55,10 @@ declare const refreshTokenCookieName = "DSR";
|
|
|
22
55
|
/** Session JWT cookie name */
|
|
23
56
|
declare const sessionTokenCookieName = "DS";
|
|
24
57
|
|
|
58
|
+
/** Configuration arguments which include the Descope core SDK args and an optional management key */
|
|
59
|
+
declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {
|
|
60
|
+
managementKey?: string;
|
|
61
|
+
};
|
|
25
62
|
/** Descope SDK client with delivery methods enum.
|
|
26
63
|
*
|
|
27
64
|
* Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}
|
|
@@ -38,29 +75,42 @@ declare const sessionTokenCookieName = "DS";
|
|
|
38
75
|
* const jwtResponse = sdk.otp.verify.email(userIdentifier, codeFromEmail);
|
|
39
76
|
* ```
|
|
40
77
|
*/
|
|
41
|
-
declare const sdkWithAttributes: ((
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
78
|
+
declare const sdkWithAttributes: ((args: NodeSdkArgs) => {
|
|
79
|
+
/**
|
|
80
|
+
* Provides various APIs for managing a Descope project programmatically. A management key must
|
|
81
|
+
* be provided as an argument when initializing the SDK to use these APIs. Management keys can be
|
|
82
|
+
* generated in the Descope console.
|
|
83
|
+
*/
|
|
84
|
+
management: {
|
|
85
|
+
user: {
|
|
86
|
+
create: (identifier: string, email?: string, phone?: string, displayName?: string, roleNames?: string[], userTenants?: UserTenant[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
87
|
+
update: (identifier: string, email?: string, phone?: string, displayName?: string, roleNames?: string[], userTenants?: UserTenant[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
88
|
+
delete: (identifier: string) => Promise<SdkResponse<never>>;
|
|
89
|
+
load: (identifier: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
90
|
+
searchAll: (tenantIds?: string[], roleNames?: string[], limit?: number) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
|
|
47
91
|
};
|
|
48
|
-
|
|
49
|
-
(
|
|
50
|
-
(
|
|
92
|
+
tenant: {
|
|
93
|
+
create: (name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<CreateTenantResponse>>;
|
|
94
|
+
createWithId: (tenantId: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>;
|
|
95
|
+
update: (tenantId: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>;
|
|
96
|
+
delete: (tenantId: string) => Promise<SdkResponse<never>>;
|
|
51
97
|
};
|
|
52
|
-
|
|
53
|
-
(
|
|
54
|
-
|
|
98
|
+
jwt: {
|
|
99
|
+
update: (jwt: string, customClaims?: Record<string, any>) => Promise<SdkResponse<UpdateJWTResponse>>;
|
|
100
|
+
};
|
|
101
|
+
permission: {
|
|
102
|
+
create: (name: string, description?: string) => Promise<SdkResponse<never>>;
|
|
103
|
+
update: (name: string, newName: string, description?: string) => Promise<SdkResponse<never>>;
|
|
104
|
+
delete: (name: string) => Promise<SdkResponse<never>>;
|
|
105
|
+
loadAll: () => Promise<SdkResponse<Permission[]>>;
|
|
106
|
+
};
|
|
107
|
+
role: {
|
|
108
|
+
create: (name: string, description?: string, permissionNames?: string[]) => Promise<SdkResponse<never>>;
|
|
109
|
+
update: (name: string, newName: string, description?: string, permissionNames?: string[]) => Promise<SdkResponse<never>>;
|
|
110
|
+
delete: (name: string) => Promise<SdkResponse<never>>;
|
|
111
|
+
loadAll: () => Promise<SdkResponse<Role[]>>;
|
|
55
112
|
};
|
|
56
113
|
};
|
|
57
|
-
baseUrl?: string;
|
|
58
|
-
hooks?: {
|
|
59
|
-
beforeRequest?: (config: RequestConfig) => RequestConfig;
|
|
60
|
-
afterRequest?: (req: RequestConfig, res: globalThis.Response) => void;
|
|
61
|
-
};
|
|
62
|
-
cookiePolicy?: RequestCredentials;
|
|
63
|
-
}) => {
|
|
64
114
|
/** Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. */
|
|
65
115
|
getKey(header: JWTHeaderParameters): Promise<KeyLike | Uint8Array>;
|
|
66
116
|
/**
|
|
@@ -153,37 +203,42 @@ declare const sdkWithAttributes: ((args_0: {
|
|
|
153
203
|
email: (identifier: string, phone: string) => Promise<SdkResponse<never>>;
|
|
154
204
|
sms: (identifier: string, phone: string) => Promise<SdkResponse<never>>;
|
|
155
205
|
whatsapp: (identifier: string, phone: string) => Promise<SdkResponse<never>>;
|
|
156
|
-
};
|
|
206
|
+
}; /**
|
|
207
|
+
* Make sure that all given roles exist on the parsed JWT top level claims
|
|
208
|
+
* @param authInfo JWT parsed info
|
|
209
|
+
* @param roles list of roles to make sure they exist on te JWT claims
|
|
210
|
+
* @returns true if all roles exist, false otherwise
|
|
211
|
+
*/
|
|
157
212
|
};
|
|
158
213
|
};
|
|
159
214
|
magicLink: {
|
|
160
215
|
verify: (token: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
161
216
|
signIn: {
|
|
162
|
-
email: (identifier: string, uri: string) => Promise<SdkResponse<
|
|
163
|
-
sms: (identifier: string, uri: string) => Promise<SdkResponse<
|
|
164
|
-
whatsapp: (identifier: string, uri: string) => Promise<SdkResponse<
|
|
217
|
+
email: (identifier: string, uri: string) => Promise<SdkResponse<never>>;
|
|
218
|
+
sms: (identifier: string, uri: string) => Promise<SdkResponse<never>>;
|
|
219
|
+
whatsapp: (identifier: string, uri: string) => Promise<SdkResponse<never>>;
|
|
165
220
|
};
|
|
166
221
|
signUp: {
|
|
167
222
|
email: (identifier: string, uri: string, user?: {
|
|
168
223
|
email?: string;
|
|
169
224
|
name?: string;
|
|
170
225
|
phone?: string;
|
|
171
|
-
}) => Promise<SdkResponse<
|
|
226
|
+
}) => Promise<SdkResponse<never>>;
|
|
172
227
|
sms: (identifier: string, uri: string, user?: {
|
|
173
228
|
email?: string;
|
|
174
229
|
name?: string;
|
|
175
230
|
phone?: string;
|
|
176
|
-
}) => Promise<SdkResponse<
|
|
231
|
+
}) => Promise<SdkResponse<never>>;
|
|
177
232
|
whatsapp: (identifier: string, uri: string, user?: {
|
|
178
233
|
email?: string;
|
|
179
234
|
name?: string;
|
|
180
235
|
phone?: string;
|
|
181
|
-
}) => Promise<SdkResponse<
|
|
236
|
+
}) => Promise<SdkResponse<never>>;
|
|
182
237
|
};
|
|
183
238
|
signUpOrIn: {
|
|
184
|
-
email: (identifier: string, uri: string) => Promise<SdkResponse<
|
|
185
|
-
sms: (identifier: string, uri: string) => Promise<SdkResponse<
|
|
186
|
-
whatsapp: (identifier: string, uri: string) => Promise<SdkResponse<
|
|
239
|
+
email: (identifier: string, uri: string) => Promise<SdkResponse<never>>;
|
|
240
|
+
sms: (identifier: string, uri: string) => Promise<SdkResponse<never>>;
|
|
241
|
+
whatsapp: (identifier: string, uri: string) => Promise<SdkResponse<never>>;
|
|
187
242
|
};
|
|
188
243
|
update: {
|
|
189
244
|
email: (identifier: string, email: string, uri: string, token?: string) => Promise<SdkResponse<never>>;
|
|
@@ -192,53 +247,28 @@ declare const sdkWithAttributes: ((args_0: {
|
|
|
192
247
|
sms: (identifier: string, phone: string) => Promise<SdkResponse<never>>;
|
|
193
248
|
whatsapp: (identifier: string, phone: string) => Promise<SdkResponse<never>>;
|
|
194
249
|
};
|
|
195
|
-
};
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
phone?: string;
|
|
218
|
-
}) => Promise<SdkResponse<_descope_core_js_sdk.PendingRefResponse>>;
|
|
219
|
-
whatsapp: (identifier: string, uri: string, user?: {
|
|
220
|
-
email?: string;
|
|
221
|
-
name?: string;
|
|
222
|
-
phone?: string;
|
|
223
|
-
}) => Promise<SdkResponse<_descope_core_js_sdk.PendingRefResponse>>;
|
|
224
|
-
};
|
|
225
|
-
waitForSession: (pendingRef: string, config?: {
|
|
226
|
-
pollingIntervalMs: number;
|
|
227
|
-
timeoutMs: number;
|
|
228
|
-
}) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>; /**
|
|
229
|
-
* Make sure that all given roles exist on the parsed JWT tenant claims
|
|
230
|
-
* @param authInfo JWT parsed info
|
|
231
|
-
* @param roles list of roles to make sure they exist on te JWT claims
|
|
232
|
-
* @returns true if all roles exist, false otherwise
|
|
233
|
-
*/
|
|
234
|
-
update: {
|
|
235
|
-
email: (identifier: string, email: string, uri: string, token?: string) => Promise<SdkResponse<never>>;
|
|
236
|
-
phone: {
|
|
237
|
-
email: (identifier: string, phone: string) => Promise<SdkResponse<never>>;
|
|
238
|
-
sms: (identifier: string, phone: string) => Promise<SdkResponse<never>>;
|
|
239
|
-
whatsapp: (identifier: string, phone: string) => Promise<SdkResponse<never>>;
|
|
240
|
-
};
|
|
241
|
-
};
|
|
250
|
+
}; /**
|
|
251
|
+
* Make sure that all given roles exist on the parsed JWT tenant claims
|
|
252
|
+
* @param authInfo JWT parsed info
|
|
253
|
+
* @param roles list of roles to make sure they exist on te JWT claims
|
|
254
|
+
* @returns true if all roles exist, false otherwise
|
|
255
|
+
*/
|
|
256
|
+
};
|
|
257
|
+
enchantedLink: {
|
|
258
|
+
verify: (token: string) => Promise<SdkResponse<never>>;
|
|
259
|
+
signIn: (identifier: string, uri: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
|
|
260
|
+
signUpOrIn: (identifier: string, uri: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
|
|
261
|
+
signUp: (identifier: string, uri: string, user?: {
|
|
262
|
+
email?: string;
|
|
263
|
+
name?: string;
|
|
264
|
+
phone?: string;
|
|
265
|
+
}) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
|
|
266
|
+
waitForSession: (pendingRef: string, config?: {
|
|
267
|
+
pollingIntervalMs: number;
|
|
268
|
+
timeoutMs: number;
|
|
269
|
+
}) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
270
|
+
update: {
|
|
271
|
+
email: (identifier: string, email: string, uri: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
|
|
242
272
|
};
|
|
243
273
|
};
|
|
244
274
|
oauth: {
|
|
@@ -274,10 +304,7 @@ declare const sdkWithAttributes: ((args_0: {
|
|
|
274
304
|
redirect: true;
|
|
275
305
|
} ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
|
|
276
306
|
};
|
|
277
|
-
exchange: (code: string
|
|
278
|
-
stepup: boolean;
|
|
279
|
-
customClaims: Map<string, any>;
|
|
280
|
-
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
307
|
+
exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
281
308
|
};
|
|
282
309
|
saml: {
|
|
283
310
|
start: <B_1 extends {
|
|
@@ -285,10 +312,7 @@ declare const sdkWithAttributes: ((args_0: {
|
|
|
285
312
|
}>(tenantNameOrEmail: string, config?: B_1) => Promise<B_1 extends {
|
|
286
313
|
redirect: true;
|
|
287
314
|
} ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
|
|
288
|
-
exchange: (code: string
|
|
289
|
-
stepup: boolean;
|
|
290
|
-
customClaims: Map<string, any>;
|
|
291
|
-
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
315
|
+
exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
292
316
|
};
|
|
293
317
|
totp: {
|
|
294
318
|
signUp: (identifier: string, user?: {
|
|
@@ -297,38 +321,67 @@ declare const sdkWithAttributes: ((args_0: {
|
|
|
297
321
|
phone?: string;
|
|
298
322
|
}) => Promise<SdkResponse<_descope_core_js_sdk.TOTPResponse>>;
|
|
299
323
|
verify: (identifier: string, code: string, loginOptions?: {
|
|
300
|
-
stepup
|
|
301
|
-
|
|
324
|
+
stepup?: boolean;
|
|
325
|
+
mfa?: boolean;
|
|
326
|
+
customClaims?: Record<string, any>;
|
|
302
327
|
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
303
328
|
update: (identifier: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.TOTPResponse>>;
|
|
304
329
|
};
|
|
305
330
|
webauthn: {
|
|
306
331
|
signUp: {
|
|
307
|
-
start: (identifier: string, origin: string, name: string) => Promise<SdkResponse<
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
}
|
|
332
|
+
start: (identifier: string, origin: string, name: string) => Promise<SdkResponse<{
|
|
333
|
+
transactionId: string;
|
|
334
|
+
options: string;
|
|
335
|
+
create: boolean;
|
|
336
|
+
}>>;
|
|
337
|
+
finish: (transactionId: string, response: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
312
338
|
};
|
|
313
339
|
signIn: {
|
|
314
|
-
start: (identifier: string, origin: string
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
customClaims
|
|
318
|
-
}, token?: string) => Promise<SdkResponse<
|
|
340
|
+
start: (identifier: string, origin: string, loginOptions?: {
|
|
341
|
+
stepup?: boolean;
|
|
342
|
+
mfa?: boolean;
|
|
343
|
+
customClaims?: Record<string, any>;
|
|
344
|
+
}, token?: string) => Promise<SdkResponse<{
|
|
345
|
+
transactionId: string;
|
|
346
|
+
options: string;
|
|
347
|
+
create: boolean;
|
|
348
|
+
}>>;
|
|
349
|
+
finish: (transactionId: string, response: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
350
|
+
};
|
|
351
|
+
signUpOrIn: {
|
|
352
|
+
start: (identifier: string, origin: string) => Promise<SdkResponse<{
|
|
353
|
+
transactionId: string;
|
|
354
|
+
options: string;
|
|
355
|
+
create: boolean;
|
|
356
|
+
}>>;
|
|
319
357
|
};
|
|
320
358
|
update: {
|
|
321
|
-
start: (identifier: string, origin: string, token: string) => Promise<SdkResponse<
|
|
359
|
+
start: (identifier: string, origin: string, token: string) => Promise<SdkResponse<{
|
|
360
|
+
transactionId: string;
|
|
361
|
+
options: string;
|
|
362
|
+
create: boolean;
|
|
363
|
+
}>>;
|
|
322
364
|
finish: (transactionId: string, response: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
|
|
323
365
|
};
|
|
324
366
|
};
|
|
325
367
|
flow: {
|
|
326
|
-
start: (flowId: string
|
|
368
|
+
start: (flowId: string, interactionId?: string, input?: Record<string, FormDataEntryValue>, options?: {
|
|
369
|
+
redirectUrl?: string;
|
|
370
|
+
tenant?: string;
|
|
371
|
+
deviceInfo?: {
|
|
372
|
+
webAuthnSupport?: boolean;
|
|
373
|
+
};
|
|
374
|
+
lastUser?: {
|
|
375
|
+
authMethod?: "otp" | "totp" | "webauthn" | "magiclink" | "social" | "sso";
|
|
376
|
+
oauthProvider?: string;
|
|
377
|
+
externalId?: string;
|
|
378
|
+
};
|
|
379
|
+
}) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
|
|
327
380
|
next: (executionId: string, stepId: string, interactionId: string, input?: Record<string, FormDataEntryValue>) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
|
|
328
381
|
};
|
|
329
382
|
refresh: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
330
383
|
logout: (token?: string) => Promise<SdkResponse<never>>;
|
|
331
|
-
|
|
384
|
+
logoutAll: (token?: string) => Promise<SdkResponse<never>>;
|
|
332
385
|
me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
333
386
|
isJwtExpired: (token: string) => boolean;
|
|
334
387
|
getJwtPermissions: (token: string, tenant?: string) => string[];
|
|
@@ -369,4 +422,4 @@ declare const sdkWithAttributes: ((args_0: {
|
|
|
369
422
|
SessionTokenCookieName: typeof sessionTokenCookieName;
|
|
370
423
|
};
|
|
371
424
|
|
|
372
|
-
export { sdkWithAttributes as default };
|
|
425
|
+
export { NodeSdkArgs, sdkWithAttributes as default };
|
package/dist/index.esm.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import e from"@descope/core-js-sdk";import{jwtVerify as o,importJWK as
|
|
1
|
+
import e,{transformResponse as t}from"@descope/core-js-sdk";import{jwtVerify as o,errors as s,importJWK as a}from"jose";import n,{Headers as r,Request as i,Response as l}from"node-fetch";import{__rest as d}from"tslib";const c=(e,t,o)=>`${e}=${t}; Domain=${(null==o?void 0:o.cookieDomain)||""}; Max-Age=${(null==o?void 0:o.cookieMaxAge)||""}; Path=${(null==o?void 0:o.cookiePath)||"/"}; HttpOnly; SameSite=Strict`,p=e=>async(...t)=>{var o,s,a;const n=await e(...t);if(!n.data)return n;let r=n.data,{sessionJwt:i,refreshJwt:l}=r,p=d(r,["sessionJwt","refreshJwt"]);const m=[c("DS",i,p)];return l?m.push(c("DSR",l,p)):(null===(o=n.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const o=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return o?o[1]:null})(null===(s=n.response)||void 0===s?void 0:s.headers.get("set-cookie"),"DSR"),m.push(null===(a=n.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},n),{data:Object.assign(Object.assign({},n.data),{refreshJwt:l,cookies:m})})},m=(e,t,o)=>{if(!e)return;const s="string"==typeof t?t.split("."):t,a=s.shift()||"";if(0===s.length||"*"===a){const t=t=>{if(!t||"function"!=typeof e[t])throw Error(`cannot wrap value at key "${t.toString()}"`);e[t]=o(e[t])};"*"===a?Object.keys(e).forEach(t):t(a)}else m(e[a],s,o)};function h(e,t,o){var s,a;const n=o?null===(a=null===(s=e.token.tenants)||void 0===s?void 0:s[o])||void 0===a?void 0:a[t]:e.token[t];return Array.isArray(n)?n:[]}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",load:"/v1/mgmt/user/load",search:"/v1/mgmt/user/search"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete"},k={update:"/v1/mgmt/jwt/update"},g={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"};const y=(e,o)=>({create:(s,a,n,r,i,l)=>t(e.httpClient.post(u.create,{identifier:s,email:a,phone:n,displayName:r,roleNames:i,userTenants:l},{token:o}),(e=>e.user)),update:(s,a,n,r,i,l)=>t(e.httpClient.post(u.update,{identifier:s,email:a,phone:n,displayName:r,roleNames:i,userTenants:l},{token:o}),(e=>e.user)),delete:s=>t(e.httpClient.post(u.delete,{identifier:s},{token:o})),load:s=>t(e.httpClient.get(u.load,{queryParams:{identifier:s},token:o}),(e=>e.user)),searchAll:(s,a,n)=>t(e.httpClient.post(u.search,{tenantIds:s,roleNames:a,limit:n},{token:o}),(e=>e.users))}),w=(e,o)=>({create:(s,a)=>t(e.httpClient.post(v.create,{name:s,selfProvisioningDomains:a},{token:o})),createWithId:(s,a,n)=>t(e.httpClient.post(v.create,{tenantId:s,name:a,selfProvisioningDomains:n},{token:o})),update:(s,a,n)=>t(e.httpClient.post(v.update,{tenantId:s,name:a,selfProvisioningDomains:n},{token:o})),delete:s=>t(e.httpClient.post(v.delete,{tenantId:s},{token:o}))}),b=(e,o)=>({update:(s,a)=>t(e.httpClient.post(k.update,{jwt:s,customClaims:a},{token:o}))}),C=(e,o)=>({create:(s,a)=>t(e.httpClient.post(g.create,{name:s,description:a},{token:o})),update:(s,a,n)=>t(e.httpClient.post(g.update,{name:s,newName:a,description:n},{token:o})),delete:s=>t(e.httpClient.post(g.delete,{name:s},{token:o})),loadAll:()=>t(e.httpClient.get(g.loadAll,{token:o}),(e=>e.permissions))}),j=(e,o)=>({create:(s,a,n)=>t(e.httpClient.post(f.create,{name:s,description:a,permissionNames:n},{token:o})),update:(s,a,n,r)=>t(e.httpClient.post(f.update,{name:s,newName:a,description:n,permissionNames:r},{token:o})),delete:s=>t(e.httpClient.post(f.delete,{name:s},{token:o})),loadAll:()=>t(e.httpClient.get(f.loadAll,{token:o}),(e=>e.roles))});globalThis.fetch||(globalThis.fetch=n,globalThis.Headers=r,globalThis.Request=i,globalThis.Response=l);const x=t=>{t.hooks=t.hooks||{};const n=t.hooks.beforeRequest;t.hooks.beforeRequest=e=>{var t;const o=e;return o.headers=Object.assign(Object.assign({},o.headers),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(t=null===process||void 0===process?void 0:process.versions)||void 0===t?void 0:t.node)||"","x-descope-sdk-version":"1.0.4-alpha.9"}),(null==n?void 0:n(o))||o};const r=e(t);var i,l;i=r,l=p,["otp.verify.*","magicLink.verify","enchantedLink.signUp.*","enchantedLink.signIn.*","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"].forEach((e=>m(i,e,l)));const{projectId:d,logger:c}=t,u={},v=((e,t)=>({user:y(e,t),tenant:w(e,t),jwt:b(e,t),permission:C(e,t),role:j(e,t)}))(r,t.managementKey),k=Object.assign(Object.assign({},r),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(u[e.kid])return u[e.kid];if(Object.assign(u,await(async()=>{const e=(await r.httpClient.get(`v2/keys/${d}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await a(e)])))).reduce(((e,[t,o])=>t?Object.assign(Object.assign({},e),{[t.toString()]:o}):e),{}):{}})()),!u[e.kid])throw Error("failed to fetch matching key");return u[e.kid]},async validateJwt(e){var t;const a=(await o(e,k.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==d))throw new s.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e,t){var o,s;if(!e&&!t)throw Error("both refresh token and session token are empty");if(e)try{return await k.validateJwt(e)}catch(e){if(!t)throw null==c||c.error("failed to validate session token and no refresh token provided",e),Error("could not validate tokens")}if(t)try{await k.validateJwt(t);const e=await k.refresh(t);if(e.ok){return await k.validateJwt(null===(o=e.data)||void 0===o?void 0:o.sessionJwt)}throw Error(null===(s=e.error)||void 0===s?void 0:s.message)}catch(e){throw null==c||c.error("failed to validate refresh token",e),Error("could not validate tokens")}throw Error("could not validate token")},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await k.accessKey.exchange(e)}catch(e){throw null==c||c.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:o}=t.data;if(!o)throw null==c||c.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await k.validateJwt(o)}catch(e){throw null==c||c.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>k.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,o){const s=h(e,"permissions",t);return o.every((e=>s.includes(e)))},validateRoles:(e,t)=>k.validateTenantRoles(e,null,t),validateTenantRoles(e,t,o){const s=h(e,"roles",t);return o.every((e=>s.includes(e)))}});return k};x.DeliveryMethods=e.DeliveryMethods,x.RefreshTokenCookieName="DSR",x.SessionTokenCookieName="DS";export{x as default};
|
|
2
2
|
//# sourceMappingURL=index.esm.js.map
|