@descope/node-sdk 1.5.10 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +208 -5
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +145 -13
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/package.json +9 -9
package/README.md
CHANGED
|
@@ -72,6 +72,8 @@ Then, you can use that to work with the following functions:
|
|
|
72
72
|
9. [Manage JWTs](#manage-jwts)
|
|
73
73
|
10. [Embedded Links](#embedded-links)
|
|
74
74
|
11. [Search Audit](#search-audit)
|
|
75
|
+
12. [Manage Authz](#manage-authz)
|
|
76
|
+
13. [Manage Project](#manage-project)
|
|
75
77
|
|
|
76
78
|
If you wish to run any of our code samples and play with them, check out our [Code Examples](#code-examples) section.
|
|
77
79
|
|
|
@@ -382,7 +384,7 @@ const authMiddleware = async (req: Request, res: Response, next: NextFunction) =
|
|
|
382
384
|
next();
|
|
383
385
|
} catch (e) {
|
|
384
386
|
res.status(401).json({
|
|
385
|
-
error:
|
|
387
|
+
error: 'Unauthorized!',
|
|
386
388
|
});
|
|
387
389
|
}
|
|
388
390
|
};
|
|
@@ -530,9 +532,9 @@ await descopeClient.management.user.create(
|
|
|
530
532
|
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
531
533
|
);
|
|
532
534
|
|
|
533
|
-
// Alternatively, a user can be created and invited via an email message.
|
|
535
|
+
// Alternatively, a user can be created and invited via an email / text message.
|
|
534
536
|
// Make sure to configure the invite URL in the Descope console prior to using this function,
|
|
535
|
-
// and that an email address is provided in the information.
|
|
537
|
+
// and that an email address / phone number is provided in the information.
|
|
536
538
|
await descopeClient.management.user.invite(
|
|
537
539
|
'desmond@descope.com',
|
|
538
540
|
'desmond@descope.com',
|
|
@@ -542,6 +544,24 @@ await descopeClient.management.user.invite(
|
|
|
542
544
|
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
543
545
|
);
|
|
544
546
|
|
|
547
|
+
// You can invite batch of users via an email / text message.
|
|
548
|
+
// Make sure to configure the invite URL in the Descope console prior to using this function,
|
|
549
|
+
// and that an email address / phone number is provided in the information.
|
|
550
|
+
await descopeClient.management.user.inviteBatch(
|
|
551
|
+
[
|
|
552
|
+
{
|
|
553
|
+
loginId: 'desmond@descope.com',
|
|
554
|
+
email: 'desmond@descope.com',
|
|
555
|
+
phone: '+123456789123',
|
|
556
|
+
displayName: 'Desmond Copeland',
|
|
557
|
+
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
558
|
+
},
|
|
559
|
+
],
|
|
560
|
+
'<invite_url>',
|
|
561
|
+
true,
|
|
562
|
+
false,
|
|
563
|
+
);
|
|
564
|
+
|
|
545
565
|
// Update will override all fields as is. Use carefully.
|
|
546
566
|
await descopeClient.management.user.update(
|
|
547
567
|
'desmond@descope.com',
|
|
@@ -596,13 +616,17 @@ await descopeClient.management.user.setPassword('<login-ID>', '<some-password>')
|
|
|
596
616
|
await descopeClient.management.user.expirePassword('<login-ID>');
|
|
597
617
|
```
|
|
598
618
|
|
|
599
|
-
### Manage
|
|
619
|
+
### Manage Project
|
|
600
620
|
|
|
601
|
-
You can update project name
|
|
621
|
+
You can update project name, as well as to clone the current project to a new one:
|
|
602
622
|
|
|
603
623
|
```typescript
|
|
604
624
|
// Update will override all fields as is. Use carefully.
|
|
605
625
|
await descopeClient.management.project.updateName('new-project-name');
|
|
626
|
+
|
|
627
|
+
// Clone the current project to a new one
|
|
628
|
+
// Note that this action is supported only with a pro license or above.
|
|
629
|
+
const cloneRes = await descopeClient.management.project.clone('new-project-name');
|
|
606
630
|
```
|
|
607
631
|
|
|
608
632
|
### Manage Access Keys
|
|
@@ -840,6 +864,185 @@ const audits = await descopeClient.management.audit.search({ actions: ['LoginSuc
|
|
|
840
864
|
console.log(audits);
|
|
841
865
|
```
|
|
842
866
|
|
|
867
|
+
### Manage Authz
|
|
868
|
+
|
|
869
|
+
Descope support full relation based access control (ReBAC) using a zanzibar like schema and operations.
|
|
870
|
+
A schema is comprized of namespaces (entities like documents, folders, orgs, etc.) and each namespace has relation definitions to define relations.
|
|
871
|
+
Each relation definition can be simple (either you have it or not) or complex (union of nodes).
|
|
872
|
+
|
|
873
|
+
A simple example for a file system like schema would be:
|
|
874
|
+
|
|
875
|
+
```yaml
|
|
876
|
+
# Example schema for the authz tests
|
|
877
|
+
name: Files
|
|
878
|
+
namespaces:
|
|
879
|
+
- name: org
|
|
880
|
+
relationDefinitions:
|
|
881
|
+
- name: parent
|
|
882
|
+
- name: member
|
|
883
|
+
complexDefinition:
|
|
884
|
+
nType: union
|
|
885
|
+
children:
|
|
886
|
+
- nType: child
|
|
887
|
+
expression:
|
|
888
|
+
neType: self
|
|
889
|
+
- nType: child
|
|
890
|
+
expression:
|
|
891
|
+
neType: relationLeft
|
|
892
|
+
relationDefinition: parent
|
|
893
|
+
relationDefinitionNamespace: org
|
|
894
|
+
targetRelationDefinition: member
|
|
895
|
+
targetRelationDefinitionNamespace: org
|
|
896
|
+
- name: folder
|
|
897
|
+
relationDefinitions:
|
|
898
|
+
- name: parent
|
|
899
|
+
- name: owner
|
|
900
|
+
complexDefinition:
|
|
901
|
+
nType: union
|
|
902
|
+
children:
|
|
903
|
+
- nType: child
|
|
904
|
+
expression:
|
|
905
|
+
neType: self
|
|
906
|
+
- nType: child
|
|
907
|
+
expression:
|
|
908
|
+
neType: relationRight
|
|
909
|
+
relationDefinition: parent
|
|
910
|
+
relationDefinitionNamespace: folder
|
|
911
|
+
targetRelationDefinition: owner
|
|
912
|
+
targetRelationDefinitionNamespace: folder
|
|
913
|
+
- name: editor
|
|
914
|
+
complexDefinition:
|
|
915
|
+
nType: union
|
|
916
|
+
children:
|
|
917
|
+
- nType: child
|
|
918
|
+
expression:
|
|
919
|
+
neType: self
|
|
920
|
+
- nType: child
|
|
921
|
+
expression:
|
|
922
|
+
neType: relationRight
|
|
923
|
+
relationDefinition: parent
|
|
924
|
+
relationDefinitionNamespace: folder
|
|
925
|
+
targetRelationDefinition: editor
|
|
926
|
+
targetRelationDefinitionNamespace: folder
|
|
927
|
+
- nType: child
|
|
928
|
+
expression:
|
|
929
|
+
neType: targetSet
|
|
930
|
+
targetRelationDefinition: owner
|
|
931
|
+
targetRelationDefinitionNamespace: folder
|
|
932
|
+
- name: viewer
|
|
933
|
+
complexDefinition:
|
|
934
|
+
nType: union
|
|
935
|
+
children:
|
|
936
|
+
- nType: child
|
|
937
|
+
expression:
|
|
938
|
+
neType: self
|
|
939
|
+
- nType: child
|
|
940
|
+
expression:
|
|
941
|
+
neType: relationRight
|
|
942
|
+
relationDefinition: parent
|
|
943
|
+
relationDefinitionNamespace: folder
|
|
944
|
+
targetRelationDefinition: viewer
|
|
945
|
+
targetRelationDefinitionNamespace: folder
|
|
946
|
+
- nType: child
|
|
947
|
+
expression:
|
|
948
|
+
neType: targetSet
|
|
949
|
+
targetRelationDefinition: editor
|
|
950
|
+
targetRelationDefinitionNamespace: folder
|
|
951
|
+
- name: doc
|
|
952
|
+
relationDefinitions:
|
|
953
|
+
- name: parent
|
|
954
|
+
- name: owner
|
|
955
|
+
complexDefinition:
|
|
956
|
+
nType: union
|
|
957
|
+
children:
|
|
958
|
+
- nType: child
|
|
959
|
+
expression:
|
|
960
|
+
neType: self
|
|
961
|
+
- nType: child
|
|
962
|
+
expression:
|
|
963
|
+
neType: relationRight
|
|
964
|
+
relationDefinition: parent
|
|
965
|
+
relationDefinitionNamespace: doc
|
|
966
|
+
targetRelationDefinition: owner
|
|
967
|
+
targetRelationDefinitionNamespace: folder
|
|
968
|
+
- name: editor
|
|
969
|
+
complexDefinition:
|
|
970
|
+
nType: union
|
|
971
|
+
children:
|
|
972
|
+
- nType: child
|
|
973
|
+
expression:
|
|
974
|
+
neType: self
|
|
975
|
+
- nType: child
|
|
976
|
+
expression:
|
|
977
|
+
neType: relationRight
|
|
978
|
+
relationDefinition: parent
|
|
979
|
+
relationDefinitionNamespace: doc
|
|
980
|
+
targetRelationDefinition: editor
|
|
981
|
+
targetRelationDefinitionNamespace: folder
|
|
982
|
+
- nType: child
|
|
983
|
+
expression:
|
|
984
|
+
neType: targetSet
|
|
985
|
+
targetRelationDefinition: owner
|
|
986
|
+
targetRelationDefinitionNamespace: doc
|
|
987
|
+
- name: viewer
|
|
988
|
+
complexDefinition:
|
|
989
|
+
nType: union
|
|
990
|
+
children:
|
|
991
|
+
- nType: child
|
|
992
|
+
expression:
|
|
993
|
+
neType: self
|
|
994
|
+
- nType: child
|
|
995
|
+
expression:
|
|
996
|
+
neType: relationRight
|
|
997
|
+
relationDefinition: parent
|
|
998
|
+
relationDefinitionNamespace: doc
|
|
999
|
+
targetRelationDefinition: viewer
|
|
1000
|
+
targetRelationDefinitionNamespace: folder
|
|
1001
|
+
- nType: child
|
|
1002
|
+
expression:
|
|
1003
|
+
neType: targetSet
|
|
1004
|
+
targetRelationDefinition: editor
|
|
1005
|
+
targetRelationDefinitionNamespace: doc
|
|
1006
|
+
```
|
|
1007
|
+
|
|
1008
|
+
Descope SDK allows you to fully manage the schema and relations as well as perform simple (and not so simple) checks regarding the existence of relations.
|
|
1009
|
+
|
|
1010
|
+
```typescript
|
|
1011
|
+
// Load the existing schema
|
|
1012
|
+
const s = await descopeClient.management.authz.loadSchema();
|
|
1013
|
+
console.log(s);
|
|
1014
|
+
|
|
1015
|
+
// Save schema and make sure to remove all namespaces not listed
|
|
1016
|
+
await descopeClient.management.authz.saveSchema(s, true);
|
|
1017
|
+
|
|
1018
|
+
// Create a relation between a resource and user
|
|
1019
|
+
await descopeClient.management.authz.createRelations([
|
|
1020
|
+
{
|
|
1021
|
+
resource: 'some-doc',
|
|
1022
|
+
relationDefinition: 'owner',
|
|
1023
|
+
namespace: 'doc',
|
|
1024
|
+
target: 'u1',
|
|
1025
|
+
},
|
|
1026
|
+
{
|
|
1027
|
+
resource: 'some-doc',
|
|
1028
|
+
relationDefinition: 'editor',
|
|
1029
|
+
namespace: 'doc',
|
|
1030
|
+
target: 'u2',
|
|
1031
|
+
},
|
|
1032
|
+
]);
|
|
1033
|
+
|
|
1034
|
+
// Check if target has the relevant relation
|
|
1035
|
+
// The answer should be true because an owner is also a viewer
|
|
1036
|
+
const q = await descopeClient.management.authz.hasRelations([
|
|
1037
|
+
{
|
|
1038
|
+
resource: 'some-doc',
|
|
1039
|
+
relationDefinition: 'viewer',
|
|
1040
|
+
namespace: 'doc',
|
|
1041
|
+
target: 'u1',
|
|
1042
|
+
},
|
|
1043
|
+
]);
|
|
1044
|
+
```
|
|
1045
|
+
|
|
843
1046
|
### Utils for your end to end (e2e) tests and integration tests
|
|
844
1047
|
|
|
845
1048
|
To ease your e2e tests, we exposed dedicated management methods,
|
package/dist/cjs/index.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),o=require("node-fetch-commonjs");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=n(t),a=n(o);const i=t=>async(...s)=>{var o,n,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,d=e.__rest(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:p})})};function l(e,t,s){var o,n;const r=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(r)?r:[]}function d(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var p={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},m={updateName:"/v1/mgmt/project/update/name"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},g={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},h={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},y={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},C={search:"/v1/mgmt/audit/search"};const w=(e,s)=>({create:(o,n,r,a,i,l,d,m,u,c)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),createTestUser:(o,n,r,a,i,l,d,m,u,c)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:m,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),invite:(o,n,r,a,i,l,d,m,u,c,g)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:u,verifiedPhone:c,inviteUrl:g},{token:s}),(e=>e.user)),update:(o,n,r,a,i,l,d,m,u,c)=>t.transformResponse(e.httpClient.post(p.update,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),delete:o=>t.transformResponse(e.httpClient.post(p.delete,{loginId:o},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(p.deleteAllTestUsers,{token:s})),load:o=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{loginId:o},token:s}),(e=>e.user)),loadByUserId:o=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{userId:o},token:s}),(e=>e.user)),logoutUser:o=>t.transformResponse(e.httpClient.post(p.logout,{loginId:o},{token:s})),logoutUserByUserId:o=>t.transformResponse(e.httpClient.post(p.logout,{userId:o},{token:s})),searchAll:(o,n,r,a,i,l,d,m,u,c)=>t.transformResponse(e.httpClient.post(p.search,{tenantIds:o,roleNames:n,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(o,n)=>t.transformResponse(e.httpClient.get(p.getProviderToken,{queryParams:{loginId:o,provider:n},token:s}),(e=>e)),activate:o=>t.transformResponse(e.httpClient.post(p.updateStatus,{loginId:o,status:"enabled"},{token:s}),(e=>e.user)),deactivate:o=>t.transformResponse(e.httpClient.post(p.updateStatus,{loginId:o,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(o,n)=>t.transformResponse(e.httpClient.post(p.updateLoginId,{loginId:o,newLoginId:n},{token:s}),(e=>e.user)),updateEmail:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updateEmail,{loginId:o,email:n,verified:r},{token:s}),(e=>e.user)),updatePhone:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updatePhone,{loginId:o,phone:n,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(o,n)=>t.transformResponse(e.httpClient.post(p.updateDisplayName,{loginId:o,displayName:n},{token:s}),(e=>e.user)),updatePicture:(o,n)=>t.transformResponse(e.httpClient.post(p.updatePicture,{loginId:o,picture:n},{token:s}),(e=>e.user)),updateCustomAttribute:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(o,n)=>t.transformResponse(e.httpClient.post(p.addRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),removeRoles:(o,n)=>t.transformResponse(e.httpClient.post(p.removeRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),addTenant:(o,n)=>t.transformResponse(e.httpClient.post(p.addTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),removeTenant:(o,n)=>t.transformResponse(e.httpClient.post(p.removeTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),addTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(p.addRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(p.removeRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(p.generateOTPForTest,{deliveryMethod:o,loginId:n},{token:s}),(e=>e)),generateMagicLinkForTestUser:(o,n,r)=>t.transformResponse(e.httpClient.post(p.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(p.generateEnchantedLinkForTest,{loginId:o,URI:n},{token:s}),(e=>e)),generateEmbeddedLink:(o,n)=>t.transformResponse(e.httpClient.post(p.generateEmbeddedLink,{loginId:o,customClaims:n},{token:s}),(e=>e)),setPassword:(o,n)=>t.transformResponse(e.httpClient.post(p.setPassword,{loginId:o,password:n},{token:s}),(e=>e)),expirePassword:o=>t.transformResponse(e.httpClient.post(p.expirePassword,{loginId:o},{token:s}),(e=>e))}),I=(e,s)=>({updateName:o=>t.transformResponse(e.httpClient.post(m.updateName,{name:o},{token:s}))}),b=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(c.create,{name:o,selfProvisioningDomains:n,customAttributes:r},{token:s})),createWithId:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:o,name:n,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:o,name:n,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(c.delete,{id:o},{token:s})),load:o=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:o},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),A=(e,s)=>({update:(o,n)=>t.transformResponse(e.httpClient.post(h.update,{jwt:o,customClaims:n},{token:s}))}),T=(e,s)=>({create:(o,n)=>t.transformResponse(e.httpClient.post(v.create,{name:o,description:n},{token:s})),update:(o,n,r)=>t.transformResponse(e.httpClient.post(v.update,{name:o,newName:n,description:r},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(v.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),P=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(f.create,{name:o,description:n,permissionNames:r},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:o,newName:n,description:r,permissionNames:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(f.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),x=(e,s)=>({loadAllGroups:o=>t.transformResponse(e.httpClient.post(y.loadAllGroups,{tenantId:o},{token:s})),loadAllGroupsForMember:(o,n,r)=>t.transformResponse(e.httpClient.post(y.loadAllGroupsForMember,{tenantId:o,loginIds:r,userIds:n},{token:s})),loadAllGroupMembers:(o,n)=>t.transformResponse(e.httpClient.post(y.loadAllGroupMembers,{tenantId:o,groupId:n},{token:s}))}),j=(e,s)=>({getSettings:o=>t.transformResponse(e.httpClient.get(g.settings,{queryParams:{tenantId:o},token:s}),(e=>e)),deleteSettings:o=>t.transformResponse(e.httpClient.delete(g.settings,{queryParams:{tenantId:o},token:s})),configureSettings:(o,n,r,a,i,l)=>t.transformResponse(e.httpClient.post(g.settings,{tenantId:o,idpURL:n,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(o,n,r,a)=>t.transformResponse(e.httpClient.post(g.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:r,domain:a},{token:s})),configureMapping:(o,n,r)=>t.transformResponse(e.httpClient.post(g.mapping,{tenantId:o,roleMappings:n,attributeMapping:r},{token:s}))}),E=(e,s)=>({create:(o,n,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:o,expireTime:n,roleNames:r,keyTenants:a},{token:s})),load:o=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:o},token:s}),(e=>e.key)),searchAll:o=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:o},{token:s}),(e=>e.keys)),update:(o,n)=>t.transformResponse(e.httpClient.post(u.update,{id:o,name:n},{token:s}),(e=>e.key)),deactivate:o=>t.transformResponse(e.httpClient.post(u.deactivate,{id:o},{token:s})),activate:o=>t.transformResponse(e.httpClient.post(u.activate,{id:o},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(u.delete,{id:o},{token:s}))}),N=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),export:o=>t.transformResponse(e.httpClient.post(k.export,{flowId:o},{token:s})),import:(o,n,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:o,flow:n,screens:r},{token:s}))}),O=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:o=>t.transformResponse(e.httpClient.post(R.import,{theme:o},{token:s}))}),S=(e,s)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,t.transformResponse(e.httpClient.post(C.search,n,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var U;null!==(U=globalThis.Headers)&&void 0!==U||(globalThis.Headers=o.Headers);const M=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),L=o=>{var n,{managementKey:a,publicKey:p}=o,m=e.__rest(o,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({fetch:M},m),{baseHeaders:Object.assign(Object.assign({},m.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(n=null===process||void 0===process?void 0:process.versions)||void 0===n?void 0:n.node)||"","x-descope-sdk-version":"1.5.10"})})),{projectId:c,logger:g}=m,h={},v=((e,t)=>({user:w(e,t),project:I(e,t),accessKey:E(e,t),tenant:b(e,t),sso:j(e,t),jwt:A(e,t),permission:T(e,t),role:P(e,t),group:x(e,t),flow:N(e,t),theme:O(e,t),audit:S(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{if(p)try{const e=JSON.parse(p),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==g||g.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const o=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(t=o.iss)||void 0===t?void 0:t.split("/").pop(),o.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==g||g.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const o=await f.refresh(e);if(o.ok){return await f.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==g||g.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==g||g.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!d(e,t))return!1;const o=l(e,"permissions",t);return s.every((e=>o.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!d(e,t))return!1;const o=l(e,"roles",t);return s.every((e=>o.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};L.RefreshTokenCookieName="DSR",L.SessionTokenCookieName="DS",module.exports=L;
|
|
1
|
+
"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("node-fetch-commonjs");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=o(t),a=o(n);const i=t=>async(...s)=>{var n,o,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,p=e.__rest(i,["refreshJwt"]);const m=[];var d;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(d=p)?void 0:d.cookieDomain)||""}; Max-Age=${(null==d?void 0:d.cookieMaxAge)||""}; Path=${(null==d?void 0:d.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),m.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:m})})};function l(e,t,s){var n,o;const r=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(r)?r:[]}function p(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},d={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},y={search:"/v1/mgmt/audit/search"},w={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const I=(e,s)=>({create:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),createTestUser:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),invite:(n,o,r,a,i,l,p,d,u,c,h,g,v)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c,inviteUrl:h,sendMail:g,sendSMS:v},{token:s}),(e=>e.user)),inviteBatch:(n,o,r,a)=>t.transformResponse(e.httpClient.post(m.createBatch,{users:n,invite:!0,inviteUrl:o,sendMail:r,sendSMS:a},{token:s}),(e=>e)),update:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.update,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),delete:n=>t.transformResponse(e.httpClient.post(m.delete,{loginId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(m.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(m.logout,{userId:n},{token:s})),searchAll:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:n,roleNames:o,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:p,statuses:d,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(n,o)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:n,provider:o},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:n,email:o,verified:r},{token:s}),(e=>e.user)),updatePhone:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:n,phone:o,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(n,o)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:n,displayName:o},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),addTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:n,loginId:o},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,r)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:n,URI:o},{token:s}),(e=>e)),generateEmbeddedLink:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:n,customClaims:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:n},{token:s}),(e=>e))}),b=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(d.updateName,{name:n},{token:s})),clone:(n,o)=>t.transformResponse(e.httpClient.post(d.clone,{name:n,tag:o},{token:s}))}),A=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(c.create,{name:n,selfProvisioningDomains:o,customAttributes:r},{token:s})),createWithId:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(c.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),T=(e,s)=>({update:(n,o)=>t.transformResponse(e.httpClient.post(g.update,{jwt:n,customClaims:o},{token:s}))}),P=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(v.create,{name:n,description:o},{token:s})),update:(n,o,r)=>t.transformResponse(e.httpClient.post(v.update,{name:n,newName:o,description:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(v.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),N=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(f.create,{name:n,description:o,permissionNames:r},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:n,newName:o,description:r,permissionNames:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(f.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),S=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(C.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,r)=>t.transformResponse(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:n,loginIds:r,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(C.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))}),j=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(h.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),deleteSettings:n=>t.transformResponse(e.httpClient.delete(h.settings,{queryParams:{tenantId:n},token:s})),configureSettings:(n,o,r,a,i,l)=>t.transformResponse(e.httpClient.post(h.settings,{tenantId:n,idpURL:o,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(n,o,r,a)=>t.transformResponse(e.httpClient.post(h.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:r,domain:a},{token:s})),configureMapping:(n,o,r)=>t.transformResponse(e.httpClient.post(h.mapping,{tenantId:n,roleMappings:o,attributeMapping:r},{token:s}))}),x=(e,s)=>({create:(n,o,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:n,expireTime:o,roleNames:r,keyTenants:a},{token:s})),load:n=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o)=>t.transformResponse(e.httpClient.post(u.update,{id:n,name:o},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(u.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(u.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(u.delete,{id:n},{token:s}))}),E=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),export:n=>t.transformResponse(e.httpClient.post(k.export,{flowId:n},{token:s})),import:(n,o,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:n,flow:o,screens:r},{token:s}))}),D=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(R.import,{theme:n},{token:s}))}),M=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(y.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),O=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(w.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(w.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(w.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,r)=>t.transformResponse(e.httpClient.post(w.nsSave,{namespace:n,oldName:o,schemaName:r},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(w.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,r,a)=>t.transformResponse(e.httpClient.post(w.rdSave,{relationDefinition:n,namespace:o,oldName:r,schemaName:a},{token:s})),deleteRelationDefinition:(n,o,r)=>t.transformResponse(e.httpClient.post(w.rdDelete,{name:n,namespace:o,schemaName:r},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(w.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(w.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(w.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(w.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,r)=>t.transformResponse(e.httpClient.post(w.who,{resource:n,relationDefinition:o,namespace:r},{token:s}),(e=>e.targets)),resourceRelations:n=>t.transformResponse(e.httpClient.post(w.resource,{resource:n},{token:s}),(e=>e.relations)),targetsRelations:n=>t.transformResponse(e.httpClient.post(w.targets,{targets:n},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(w.targetAll,{target:n},{token:s}),(e=>e.relations))});var U;null!==(U=globalThis.Headers)&&void 0!==U||(globalThis.Headers=n.Headers);const L=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),F=n=>{var o,{managementKey:a,publicKey:m}=n,d=e.__rest(n,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({fetch:L},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"1.6.1"})})),{projectId:c,logger:h}=d,g={},v=((e,t)=>({user:I(e,t),project:b(e,t),accessKey:x(e,t),tenant:A(e,t),sso:j(e,t),jwt:T(e,t),permission:P(e,t),role:N(e,t),group:S(e,t),flow:E(e,t),theme:D(e,t),audit:M(e,t),authz:O(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(g[e.kid])return g[e.kid];if(Object.assign(g,await(async()=>{if(m)try{const e=JSON.parse(m),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==h||h.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!g[e.kid])throw Error("failed to fetch matching key");return g[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==h||h.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const n=await f.refresh(e);if(n.ok){return await f.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==h||h.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==h||h.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==h||h.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==h||h.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==h||h.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!p(e,t))return!1;const n=l(e,"permissions",t);return s.every((e=>n.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!p(e,t))return!1;const n=l(e,"roles",t);return s.every((e=>n.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};F.RefreshTokenCookieName="DSR",F.SessionTokenCookieName="DS",module.exports=F;
|
|
2
2
|
//# sourceMappingURL=index.cjs.js.map
|