@descope/node-sdk 1.1.1 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +152 -7
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +134 -74
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +11 -5
package/dist/index.d.ts CHANGED
@@ -71,6 +71,7 @@ declare type Role = {
71
71
  name: string;
72
72
  description?: string;
73
73
  permissionNames: string[];
74
+ createdTime: number;
74
75
  };
75
76
  /** Represents a group in a project. It has an id and display name and a list of group members. */
76
77
  declare type Group = {
@@ -110,6 +111,49 @@ declare type Theme = {
110
111
  declare type ThemeResponse = {
111
112
  theme: Theme;
112
113
  };
114
+ declare type GenerateOTPForTestResponse = {
115
+ loginId: string;
116
+ code: string;
117
+ };
118
+ declare type GenerateMagicLinkForTestResponse = {
119
+ loginId: string;
120
+ link: string;
121
+ };
122
+ declare type GenerateEnchantedLinkForTestResponse = {
123
+ loginId: string;
124
+ link: string;
125
+ pendingRef: string;
126
+ };
127
+ declare type AttributesTypes = string | boolean | number;
128
+ declare type UserMapping = {
129
+ name: string;
130
+ email: string;
131
+ username: string;
132
+ phoneNumber: string;
133
+ group: string;
134
+ };
135
+ declare type RoleItem = {
136
+ id: string;
137
+ name: string;
138
+ };
139
+ declare type GroupsMapping = {
140
+ role: RoleItem;
141
+ groups: string[];
142
+ };
143
+ declare type SSOSettingsResponse = {
144
+ tenantId: string;
145
+ idpEntityId: string;
146
+ idpSSOUrl: string;
147
+ idpCertificate: string;
148
+ idpMetadataUrl: string;
149
+ spEntityId: string;
150
+ spACSUrl: string;
151
+ spCertificate: string;
152
+ userMapping: UserMapping;
153
+ groupsMapping: GroupsMapping[];
154
+ redirectUrl: string;
155
+ domain: string;
156
+ };
113
157
 
114
158
  /** Parsed JWT token */
115
159
  interface Token {
@@ -133,24 +177,33 @@ declare const nodeSdk: {
133
177
  ({ managementKey, ...config }: NodeSdkArgs): {
134
178
  management: {
135
179
  user: {
136
- create: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
137
- invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
138
- update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
180
+ create: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
181
+ createTestUser: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
182
+ invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
183
+ update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
139
184
  delete: (loginId: string) => Promise<SdkResponse<never>>;
185
+ deleteAllTestUsers: () => Promise<SdkResponse<never>>;
140
186
  load: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
141
187
  loadByUserId: (userId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
142
- searchAll: (tenantIds?: string[], roles?: string[], limit?: number, page?: number) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
188
+ searchAll: (tenantIds?: string[], roles?: string[], limit?: number, page?: number, testUsersOnly?: boolean, withTestUser?: boolean, customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
143
189
  activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
144
190
  deactivate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
145
191
  updateEmail: (loginId: string, email: string, isVerified: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
146
192
  updatePhone: (loginId: string, phone: string, isVerified: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
147
193
  updateDisplayName: (loginId: string, displayName: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
194
+ updatePicture: (loginId: string, picture: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
195
+ updateCustomAttribute: (loginId: string, attributeKey: string, attributeValue: AttributesTypes) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
148
196
  addRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
149
197
  removeRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
150
198
  addTenant: (loginId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
151
199
  removeTenant: (loginId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
152
200
  addTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
153
201
  removeTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
202
+ generateOTPForTestUser: (deliveryMethod: "email" | "sms" | "whatsapp", loginId: string) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
203
+ generateMagicLinkForTestUser: (deliveryMethod: "email" | "sms" | "whatsapp", loginId: string, uri: string) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
204
+ generateEnchantedLinkForTestUser: (loginId: string, uri: string) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
205
+ setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
206
+ expirePassword: (loginId: string) => Promise<SdkResponse<never>>;
154
207
  };
155
208
  accessKey: {
156
209
  create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
@@ -169,6 +222,8 @@ declare const nodeSdk: {
169
222
  loadAll: () => Promise<SdkResponse<Tenant[]>>;
170
223
  };
171
224
  sso: {
225
+ getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
226
+ deleteSettings: (tenantId: string) => Promise<SdkResponse<never>>;
172
227
  configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL?: string, domain?: string) => Promise<SdkResponse<never>>;
173
228
  configureMetadata: (tenantId: string, idpMetadataURL: string) => Promise<SdkResponse<never>>;
174
229
  configureMapping: (tenantId: string, roleMapping?: RoleMapping, attributeMapping?: AttributeMapping) => Promise<SdkResponse<never>>;
@@ -217,76 +272,82 @@ declare const nodeSdk: {
217
272
  };
218
273
  otp: {
219
274
  verify: {
220
- email: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
275
+ sms: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
221
276
  refreshJwt?: string;
222
277
  cookies?: string[];
223
278
  }>>;
224
- sms: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
279
+ whatsapp: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
225
280
  refreshJwt?: string;
226
281
  cookies?: string[];
227
282
  }>>;
228
- whatsapp: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
283
+ email: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
229
284
  refreshJwt?: string;
230
285
  cookies?: string[];
231
286
  }>>;
232
287
  };
233
288
  signIn: {
234
- email: (loginId: string) => Promise<SdkResponse<{
235
- maskedEmail: string;
236
- }>>;
237
289
  sms: (loginId: string) => Promise<SdkResponse<{
238
290
  maskedPhone: string;
239
291
  }>>;
240
292
  whatsapp: (loginId: string) => Promise<SdkResponse<{
241
293
  maskedPhone: string;
242
294
  }>>;
295
+ email: (loginId: string) => Promise<SdkResponse<{
296
+ maskedEmail: string;
297
+ }>>;
243
298
  };
244
299
  signUp: {
245
- email: (loginId: string, user?: {
300
+ sms: (loginId: string, user?: {
246
301
  email?: string;
247
302
  name?: string;
248
303
  phone?: string;
249
304
  }) => Promise<SdkResponse<{
250
- maskedEmail: string;
305
+ maskedPhone: string;
251
306
  }>>;
252
- sms: (loginId: string, user?: {
307
+ whatsapp: (loginId: string, user?: {
253
308
  email?: string;
254
309
  name?: string;
255
310
  phone?: string;
256
311
  }) => Promise<SdkResponse<{
257
312
  maskedPhone: string;
258
313
  }>>;
259
- whatsapp: (loginId: string, user?: {
314
+ email: (loginId: string, user?: {
260
315
  email?: string;
261
316
  name?: string;
262
317
  phone?: string;
263
318
  }) => Promise<SdkResponse<{
264
- maskedPhone: string;
319
+ maskedEmail: string;
265
320
  }>>;
266
321
  };
267
322
  signUpOrIn: {
268
- email: (loginId: string) => Promise<SdkResponse<{
269
- maskedEmail: string;
270
- }>>;
271
323
  sms: (loginId: string) => Promise<SdkResponse<{
272
324
  maskedPhone: string;
273
325
  }>>;
274
326
  whatsapp: (loginId: string) => Promise<SdkResponse<{
275
327
  maskedPhone: string;
276
328
  }>>;
329
+ email: (loginId: string) => Promise<SdkResponse<{
330
+ maskedEmail: string;
331
+ }>>;
277
332
  };
278
333
  update: {
279
- email: (loginId: string, email: string, token?: string) => Promise<SdkResponse<{
334
+ email: <T extends boolean>(loginId: string, email: string, token?: string, updateOptions?: {
335
+ addToLoginIDs?: T;
336
+ onMergeUseExisting?: T extends true ? boolean : never;
337
+ }) => Promise<SdkResponse<{
280
338
  maskedEmail: string;
281
339
  }>>;
282
340
  phone: {
283
- email: (loginId: string, phone: string) => Promise<SdkResponse<{
284
- maskedPhone: string;
285
- }>>;
286
- sms: (loginId: string, phone: string) => Promise<SdkResponse<{
341
+ sms: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
342
+ addToLoginIDs?: T_1;
343
+ onMergeUseExisting?: T_1 extends true ? boolean : never;
344
+ }) => Promise<SdkResponse<{
287
345
  maskedPhone: string;
288
346
  }>>;
289
- whatsapp: (loginId: string, phone: string) => Promise<SdkResponse<{
347
+ whatsapp: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
348
+ addToLoginIDs?: T_1;
349
+ onMergeUseExisting?: T_1 extends true ? boolean : never;
350
+ }) => Promise<SdkResponse<{
290
351
  maskedPhone: string;
291
352
  }>>;
292
353
  };
@@ -298,60 +359,68 @@ declare const nodeSdk: {
298
359
  cookies?: string[];
299
360
  }>>;
300
361
  signIn: {
301
- email: (loginId: string, uri: string) => Promise<SdkResponse<{
302
- maskedEmail: string;
303
- }>>;
304
362
  sms: (loginId: string, uri: string) => Promise<SdkResponse<{
305
363
  maskedPhone: string;
306
364
  }>>;
307
365
  whatsapp: (loginId: string, uri: string) => Promise<SdkResponse<{
308
366
  maskedPhone: string;
309
367
  }>>;
368
+ email: (loginId: string, uri: string) => Promise<SdkResponse<{
369
+ maskedEmail: string;
370
+ }>>;
310
371
  };
311
372
  signUp: {
312
- email: (loginId: string, uri: string, user?: {
373
+ sms: (loginId: string, uri: string, user?: {
313
374
  email?: string;
314
375
  name?: string;
315
376
  phone?: string;
316
377
  }) => Promise<SdkResponse<{
317
- maskedEmail: string;
378
+ maskedPhone: string;
318
379
  }>>;
319
- sms: (loginId: string, uri: string, user?: {
380
+ whatsapp: (loginId: string, uri: string, user?: {
320
381
  email?: string;
321
382
  name?: string;
322
383
  phone?: string;
323
384
  }) => Promise<SdkResponse<{
324
385
  maskedPhone: string;
325
386
  }>>;
326
- whatsapp: (loginId: string, uri: string, user?: {
387
+ email: (loginId: string, uri: string, user?: {
327
388
  email?: string;
328
389
  name?: string;
329
390
  phone?: string;
330
391
  }) => Promise<SdkResponse<{
331
- maskedPhone: string;
392
+ maskedEmail: string;
332
393
  }>>;
333
394
  };
334
395
  signUpOrIn: {
335
- email: (loginId: string, uri: string) => Promise<SdkResponse<{
336
- maskedEmail: string;
337
- }>>;
338
396
  sms: (loginId: string, uri: string) => Promise<SdkResponse<{
339
397
  maskedPhone: string;
340
398
  }>>;
341
399
  whatsapp: (loginId: string, uri: string) => Promise<SdkResponse<{
342
400
  maskedPhone: string;
343
401
  }>>;
402
+ email: (loginId: string, uri: string) => Promise<SdkResponse<{
403
+ maskedEmail: string;
404
+ }>>;
344
405
  };
345
406
  update: {
346
- email: (loginId: string, email: string, URI?: string, token?: string) => Promise<SdkResponse<never>>;
407
+ email: <T_2 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
408
+ addToLoginIDs?: T_2;
409
+ onMergeUseExisting?: T_2 extends true ? boolean : never;
410
+ }) => Promise<SdkResponse<{
411
+ maskedEmail: string;
412
+ }>>;
347
413
  phone: {
348
- email: (loginId: string, phone: string) => Promise<SdkResponse<{
349
- maskedPhone: string;
350
- }>>;
351
- sms: (loginId: string, phone: string) => Promise<SdkResponse<{
414
+ sms: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
415
+ addToLoginIDs?: T_3;
416
+ onMergeUseExisting?: T_3 extends true ? boolean : never;
417
+ }) => Promise<SdkResponse<{
352
418
  maskedPhone: string;
353
419
  }>>;
354
- whatsapp: (loginId: string, phone: string) => Promise<SdkResponse<{
420
+ whatsapp: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
421
+ addToLoginIDs?: T_3;
422
+ onMergeUseExisting?: T_3 extends true ? boolean : never;
423
+ }) => Promise<SdkResponse<{
355
424
  maskedPhone: string;
356
425
  }>>;
357
426
  };
@@ -377,51 +446,38 @@ declare const nodeSdk: {
377
446
  timeoutMs: number;
378
447
  }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
379
448
  update: {
380
- email: (loginId: string, email: string, URI?: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
449
+ email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
450
+ addToLoginIDs?: T_4;
451
+ onMergeUseExisting?: T_4 extends true ? boolean : never;
452
+ }) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
381
453
  };
382
454
  };
383
455
  oauth: {
384
456
  start: {
385
457
  facebook: <B extends {
386
458
  redirect: boolean;
387
- }>(redirectURL?: string, config?: B) => Promise<B extends {
388
- redirect: true;
389
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
459
+ }>(redirectURL?: string, config?: B) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
390
460
  github: <B_1 extends {
391
461
  redirect: boolean;
392
- }>(redirectURL?: string, config?: B_1) => Promise<B_1 extends {
393
- redirect: true;
394
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
462
+ }>(redirectURL?: string, config?: B_1) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
395
463
  google: <B_2 extends {
396
464
  redirect: boolean;
397
- }>(redirectURL?: string, config?: B_2) => Promise<B_2 extends {
398
- redirect: true;
399
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
465
+ }>(redirectURL?: string, config?: B_2) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
400
466
  microsoft: <B_3 extends {
401
467
  redirect: boolean;
402
- }>(redirectURL?: string, config?: B_3) => Promise<B_3 extends {
403
- redirect: true;
404
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
468
+ }>(redirectURL?: string, config?: B_3) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
405
469
  gitlab: <B_4 extends {
406
470
  redirect: boolean;
407
- }>(redirectURL?: string, config?: B_4) => Promise<B_4 extends {
408
- redirect: true;
409
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
471
+ }>(redirectURL?: string, config?: B_4) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
410
472
  apple: <B_5 extends {
411
473
  redirect: boolean;
412
- }>(redirectURL?: string, config?: B_5) => Promise<B_5 extends {
413
- redirect: true;
414
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
474
+ }>(redirectURL?: string, config?: B_5) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
415
475
  discord: <B_6 extends {
416
476
  redirect: boolean;
417
- }>(redirectURL?: string, config?: B_6) => Promise<B_6 extends {
418
- redirect: true;
419
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
477
+ }>(redirectURL?: string, config?: B_6) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
420
478
  linkedin: <B_7 extends {
421
479
  redirect: boolean;
422
- }>(redirectURL?: string, config?: B_7) => Promise<B_7 extends {
423
- redirect: true;
424
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
480
+ }>(redirectURL?: string, config?: B_7) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
425
481
  };
426
482
  exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
427
483
  refreshJwt?: string;
@@ -429,11 +485,11 @@ declare const nodeSdk: {
429
485
  }>>;
430
486
  };
431
487
  saml: {
432
- start: <B_1 extends {
433
- redirect: boolean;
434
- }>(tenantNameOrEmail: string, config?: B_1) => Promise<B_1 extends {
435
- redirect: true;
436
- } ? undefined : SdkResponse<_descope_core_js_sdk.URLResponse>>;
488
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: {
489
+ stepup?: boolean;
490
+ mfa?: boolean;
491
+ customClaims?: Record<string, any>;
492
+ }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
437
493
  exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
438
494
  refreshJwt?: string;
439
495
  cookies?: string[];
@@ -534,12 +590,16 @@ declare const nodeSdk: {
534
590
  name?: string;
535
591
  loginId?: string;
536
592
  };
593
+ redirectAuth?: {
594
+ callbackUrl: string;
595
+ codeChallenge: string;
596
+ };
537
597
  }, conditionInteractionId?: string, interactionId?: string, input?: {
538
598
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
539
- }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
599
+ }, version?: number) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
540
600
  next: (executionId: string, stepId: string, interactionId: string, input?: {
541
601
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
542
- }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
602
+ }, version?: number) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
543
603
  };
544
604
  refresh: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
545
605
  refreshJwt?: string;
@@ -573,7 +633,7 @@ declare const nodeSdk: {
573
633
  };
574
634
  token?: string;
575
635
  }) => Promise<Response>;
576
- delete: (path: string, body?: any, config?: {
636
+ delete: (path: string, config?: {
577
637
  headers?: HeadersInit;
578
638
  queryParams?: {
579
639
  [key: string]: string;
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as n,errors as s,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d=t=>async(...a)=>{var o,n,s;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function p(e,t,a){var o,n;const s=a?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[a])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(s)?s:[]}var m={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",updateStatus:"/v1/mgmt/user/update/status",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove"},c={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},u={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},h={configure:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},k={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},f={export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},y={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"};const w=(e,t)=>({create:(o,n,s,r,i,l)=>a(e.httpClient.post(m.create,{loginId:o,email:n,phone:s,displayName:r,roleNames:i,userTenants:l},{token:t}),(e=>e.user)),invite:(o,n,s,r,i,l)=>a(e.httpClient.post(m.create,{loginId:o,email:n,phone:s,displayName:r,roleNames:i,userTenants:l,invite:!0},{token:t}),(e=>e.user)),update:(o,n,s,r,i,l)=>a(e.httpClient.post(m.update,{loginId:o,email:n,phone:s,displayName:r,roleNames:i,userTenants:l},{token:t}),(e=>e.user)),delete:o=>a(e.httpClient.post(m.delete,{loginId:o},{token:t})),load:o=>a(e.httpClient.get(m.load,{queryParams:{loginId:o},token:t}),(e=>e.user)),loadByUserId:o=>a(e.httpClient.get(m.load,{queryParams:{userId:o},token:t}),(e=>e.user)),searchAll:(o,n,s,r)=>a(e.httpClient.post(m.search,{tenantIds:o,roleNames:n,limit:s,page:r},{token:t}),(e=>e.users)),activate:o=>a(e.httpClient.post(m.updateStatus,{loginId:o,status:"enabled"},{token:t}),(e=>e.user)),deactivate:o=>a(e.httpClient.post(m.updateStatus,{loginId:o,status:"disabled"},{token:t}),(e=>e.user)),updateEmail:(o,n,s)=>a(e.httpClient.post(m.updateEmail,{loginId:o,email:n,verified:s},{token:t}),(e=>e.user)),updatePhone:(o,n,s)=>a(e.httpClient.post(m.updatePhone,{loginId:o,phone:n,verified:s},{token:t}),(e=>e.user)),updateDisplayName:(o,n)=>a(e.httpClient.post(m.updateDisplayName,{loginId:o,displayName:n},{token:t}),(e=>e.user)),addRoles:(o,n)=>a(e.httpClient.post(m.addRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(o,n)=>a(e.httpClient.post(m.removeRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addTenant:(o,n)=>a(e.httpClient.post(m.addTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(o,n)=>a(e.httpClient.post(m.removeTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),addTenantRoles:(o,n,s)=>a(e.httpClient.post(m.addRole,{loginId:o,tenantId:n,roleNames:s},{token:t}),(e=>e.user)),removeTenantRoles:(o,n,s)=>a(e.httpClient.post(m.removeRole,{loginId:o,tenantId:n,roleNames:s},{token:t}),(e=>e.user))}),I=(e,t)=>({create:(o,n)=>a(e.httpClient.post(u.create,{name:o,selfProvisioningDomains:n},{token:t})),createWithId:(o,n,s)=>a(e.httpClient.post(u.create,{id:o,name:n,selfProvisioningDomains:s},{token:t})),update:(o,n,s)=>a(e.httpClient.post(u.update,{id:o,name:n,selfProvisioningDomains:s},{token:t})),delete:o=>a(e.httpClient.post(u.delete,{id:o},{token:t})),loadAll:()=>a(e.httpClient.get(u.loadAll,{token:t}),(e=>e.tenants))}),b=(e,t)=>({update:(o,n)=>a(e.httpClient.post(g.update,{jwt:o,customClaims:n},{token:t}))}),A=(e,t)=>({create:(o,n)=>a(e.httpClient.post(v.create,{name:o,description:n},{token:t})),update:(o,n,s)=>a(e.httpClient.post(v.update,{name:o,newName:n,description:s},{token:t})),delete:o=>a(e.httpClient.post(v.delete,{name:o},{token:t})),loadAll:()=>a(e.httpClient.get(v.loadAll,{token:t}),(e=>e.permissions))}),x=(e,t)=>({create:(o,n,s)=>a(e.httpClient.post(k.create,{name:o,description:n,permissionNames:s},{token:t})),update:(o,n,s,r)=>a(e.httpClient.post(k.update,{name:o,newName:n,description:s,permissionNames:r},{token:t})),delete:o=>a(e.httpClient.post(k.delete,{name:o},{token:t})),loadAll:()=>a(e.httpClient.get(k.loadAll,{token:t}),(e=>e.roles))}),j=(e,t)=>({loadAllGroups:o=>a(e.httpClient.post(C.loadAllGroups,{tenantId:o},{token:t})),loadAllGroupsForMember:(o,n,s)=>a(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:o,loginIds:s,userIds:n},{token:t})),loadAllGroupMembers:(o,n)=>a(e.httpClient.post(C.loadAllGroupMembers,{tenantId:o,groupId:n},{token:t}))}),T=(e,t)=>({configureSettings:(o,n,s,r,i,l)=>a(e.httpClient.post(h.configure,{tenantId:o,idpURL:n,entityId:r,idpCert:s,redirectURL:i,domain:l},{token:t})),configureMetadata:(o,n)=>a(e.httpClient.post(h.metadata,{tenantId:o,idpMetadataURL:n},{token:t})),configureMapping:(o,n,s)=>a(e.httpClient.post(h.mapping,{tenantId:o,roleMapping:n,attributeMapping:s},{token:t}))}),N=(e,t)=>({create:(o,n,s,r)=>a(e.httpClient.post(c.create,{name:o,expireTime:n,roleNames:s,keyTenants:r},{token:t})),load:o=>a(e.httpClient.get(c.load,{queryParams:{id:o},token:t}),(e=>e.key)),searchAll:o=>a(e.httpClient.post(c.search,{tenantIds:o},{token:t}),(e=>e.keys)),update:(o,n)=>a(e.httpClient.post(c.update,{id:o,name:n},{token:t}),(e=>e.key)),deactivate:o=>a(e.httpClient.post(c.deactivate,{id:o},{token:t})),activate:o=>a(e.httpClient.post(c.activate,{id:o},{token:t})),delete:o=>a(e.httpClient.post(c.delete,{id:o},{token:t}))}),R=(e,t)=>({export:o=>a(e.httpClient.post(f.export,{flowId:o},{token:t})),import:(o,n,s)=>a(e.httpClient.post(f.import,{flowId:o,flow:n,screens:s},{token:t}))}),S=(e,t)=>({export:()=>a(e.httpClient.post(y.export,{},{token:t})),import:o=>a(e.httpClient.post(y.import,{theme:o},{token:t}))});var E;null!==(E=globalThis.Headers)&&void 0!==E||(globalThis.Headers=l);const M=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=32212254720))})),i(...e)),P=a=>{var i,{managementKey:l}=a,m=e(a,["managementKey"]);const c=t(Object.assign(Object.assign({},m),{fetch:M,baseHeaders:Object.assign(Object.assign({},m.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.1.1"})})),{projectId:u,logger:h}=m,g={},v=((e,t)=>({user:w(e,t),accessKey:N(e,t),tenant:I(e,t),sso:T(e,t),jwt:b(e,t),permission:A(e,t),role:x(e,t),group:j(e,t),flow:R(e,t),theme:S(e,t)}))(c,l),k=Object.assign(Object.assign({},c),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(g[e.kid])return g[e.kid];if(Object.assign(g,await(async()=>{const e=(await c.httpClient.get(`v2/keys/${u}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!g[e.kid])throw Error("failed to fetch matching key");return g[e.kid]},async validateJwt(e){var t;const a=(await n(e,k.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==u))throw new s.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await k.validateJwt(e)}catch(e){throw null==h||h.error("session validation failed",e),Error("session validation failed")}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await k.validateJwt(e);const o=await k.refresh(e);if(o.ok){return await k.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=o.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==h||h.error("refresh token validation failed",e),Error("refresh token validation failed")}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await k.validateSession(e)}catch(e){null==h||h.log("session validation failed - trying to refresh it")}return k.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await k.accessKey.exchange(e)}catch(e){throw null==h||h.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:a}=t.data;if(!a)throw null==h||h.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await k.validateJwt(a)}catch(e){throw null==h||h.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>k.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){const o=p(e,"permissions",t);return a.every((e=>o.includes(e)))},validateRoles:(e,t)=>k.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){const o=p(e,"roles",t);return a.every((e=>o.includes(e)))}});return o(k,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};P.RefreshTokenCookieName="DSR",P.SessionTokenCookieName="DS";export{P as default};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d=t=>async(...a)=>{var s,o,n;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function p(e,t,a){var s,o;const n=a?null===(o=null===(s=e.token.tenants)||void 0===s?void 0:s[a])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}var m={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",updateStatus:"/v1/mgmt/user/update/status",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},g={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},h={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},k={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},y={export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},f={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"};const w=(e,t)=>({create:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(m.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p},{token:t}),(e=>e.user)),createTestUser:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(m.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),invite:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(m.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),update:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(m.update,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(m.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(m.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(m.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(m.load,{queryParams:{userId:s},token:t}),(e=>e.user)),searchAll:(s,o,n,r,i,l,d)=>a(e.httpClient.post(m.search,{tenantIds:s,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d},{token:t}),(e=>e.users)),activate:s=>a(e.httpClient.post(m.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(m.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateEmail:(s,o,n)=>a(e.httpClient.post(m.updateEmail,{loginId:s,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(s,o,n)=>a(e.httpClient.post(m.updatePhone,{loginId:s,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(s,o)=>a(e.httpClient.post(m.updateDisplayName,{loginId:s,displayName:o},{token:t}),(e=>e.user)),updatePicture:(s,o)=>a(e.httpClient.post(m.updatePicture,{loginId:s,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(s,o,n)=>a(e.httpClient.post(m.updateCustomAttribute,{loginId:s,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(s,o)=>a(e.httpClient.post(m.addRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(s,o)=>a(e.httpClient.post(m.removeRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),addTenant:(s,o)=>a(e.httpClient.post(m.addTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(s,o)=>a(e.httpClient.post(m.removeTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(s,o,n)=>a(e.httpClient.post(m.addRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(s,o,n)=>a(e.httpClient.post(m.removeRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,o)=>a(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:s,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,o,n)=>a(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:s,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,o)=>a(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:s,URI:o},{token:t}),(e=>e)),setPassword:(s,o)=>a(e.httpClient.post(m.setPassword,{loginId:s,password:o},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(m.expirePassword,{loginId:s},{token:t}),(e=>e))}),I=(e,t)=>({create:(s,o)=>a(e.httpClient.post(c.create,{name:s,selfProvisioningDomains:o},{token:t})),createWithId:(s,o,n)=>a(e.httpClient.post(c.create,{id:s,name:o,selfProvisioningDomains:n},{token:t})),update:(s,o,n)=>a(e.httpClient.post(c.update,{id:s,name:o,selfProvisioningDomains:n},{token:t})),delete:s=>a(e.httpClient.post(c.delete,{id:s},{token:t})),loadAll:()=>a(e.httpClient.get(c.loadAll,{token:t}),(e=>e.tenants))}),b=(e,t)=>({update:(s,o)=>a(e.httpClient.post(h.update,{jwt:s,customClaims:o},{token:t}))}),T=(e,t)=>({create:(s,o)=>a(e.httpClient.post(v.create,{name:s,description:o},{token:t})),update:(s,o,n)=>a(e.httpClient.post(v.update,{name:s,newName:o,description:n},{token:t})),delete:s=>a(e.httpClient.post(v.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(v.loadAll,{token:t}),(e=>e.permissions))}),A=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(k.create,{name:s,description:o,permissionNames:n},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(k.update,{name:s,newName:o,description:n,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(k.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(k.loadAll,{token:t}),(e=>e.roles))}),x=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(C.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,o,n)=>a(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:s,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(s,o)=>a(e.httpClient.post(C.loadAllGroupMembers,{tenantId:s,groupId:o},{token:t}))}),P=(e,t)=>({getSettings:s=>a(e.httpClient.get(g.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(g.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,o,n,r,i,l)=>a(e.httpClient.post(g.settings,{tenantId:s,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(s,o)=>a(e.httpClient.post(g.metadata,{tenantId:s,idpMetadataURL:o},{token:t})),configureMapping:(s,o,n)=>a(e.httpClient.post(g.mapping,{tenantId:s,roleMapping:o,attributeMapping:n},{token:t}))}),j=(e,t)=>({create:(s,o,n,r)=>a(e.httpClient.post(u.create,{name:s,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(u.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(u.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,o)=>a(e.httpClient.post(u.update,{id:s,name:o},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(u.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(u.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(u.delete,{id:s},{token:t}))}),N=(e,t)=>({export:s=>a(e.httpClient.post(y.export,{flowId:s},{token:t})),import:(s,o,n)=>a(e.httpClient.post(y.import,{flowId:s,flow:o,screens:n},{token:t}))}),R=(e,t)=>({export:()=>a(e.httpClient.post(f.export,{},{token:t})),import:s=>a(e.httpClient.post(f.import,{theme:s},{token:t}))});var M;null!==(M=globalThis.Headers)&&void 0!==M||(globalThis.Headers=l);const E=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),i(...e)),S=a=>{var i,{managementKey:l}=a,m=e(a,["managementKey"]);const u=t(Object.assign(Object.assign({},m),{fetch:E,baseHeaders:Object.assign(Object.assign({},m.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.5.1"})})),{projectId:c,logger:g}=m,h={},v=((e,t)=>({user:w(e,t),accessKey:j(e,t),tenant:I(e,t),sso:P(e,t),jwt:b(e,t),permission:T(e,t),role:A(e,t),group:x(e,t),flow:N(e,t),theme:R(e,t)}))(u,l),k=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const a=(await o(e,k.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==c))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await k.validateJwt(e)}catch(e){throw null==g||g.error("session validation failed",e),Error("session validation failed")}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await k.validateJwt(e);const s=await k.refresh(e);if(s.ok){return await k.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==g||g.error("refresh token validation failed",e),Error("refresh token validation failed")}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await k.validateSession(e)}catch(e){null==g||g.log("session validation failed - trying to refresh it")}return k.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await k.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:a}=t.data;if(!a)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await k.validateJwt(a)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>k.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){const s=p(e,"permissions",t);return a.every((e=>s.includes(e)))},validateRoles:(e,t)=>k.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){const s=p(e,"roles",t);return a.every((e=>s.includes(e)))}});return s(k,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};S.RefreshTokenCookieName="DSR",S.SessionTokenCookieName="DS";export{S as default};
2
2
  //# sourceMappingURL=index.esm.js.map