@descope/node-sdk 1.5.10 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +208 -5
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +145 -13
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/package.json +9 -9
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as _descope_core_js_sdk from '@descope/core-js-sdk';
|
|
2
|
-
import _descope_core_js_sdk__default, { SdkResponse, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
|
|
2
|
+
import _descope_core_js_sdk__default, { UserResponse, SdkResponse, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
|
|
3
3
|
export { DeliveryMethod, JWTResponse, OAuthProvider, ResponseData, SdkResponse } from '@descope/core-js-sdk';
|
|
4
4
|
import { JWTHeaderParameters, KeyLike } from 'jose';
|
|
5
5
|
|
|
@@ -26,6 +26,7 @@ declare type AccessKey = {
|
|
|
26
26
|
createdTime: number;
|
|
27
27
|
expiresTime: number;
|
|
28
28
|
createdBy: string;
|
|
29
|
+
clientId: string;
|
|
29
30
|
};
|
|
30
31
|
/** Access Key extended details including created key cleartext */
|
|
31
32
|
declare type CreatedAccessKeyResponse = {
|
|
@@ -139,6 +140,19 @@ declare type GenerateEmbeddedLinkResponse = {
|
|
|
139
140
|
token: string;
|
|
140
141
|
};
|
|
141
142
|
declare type AttributesTypes = string | boolean | number;
|
|
143
|
+
declare type User = {
|
|
144
|
+
loginId: string;
|
|
145
|
+
email?: string;
|
|
146
|
+
phone?: string;
|
|
147
|
+
displayName?: string;
|
|
148
|
+
roles?: string[];
|
|
149
|
+
userTenants?: AssociatedTenant[];
|
|
150
|
+
customAttributes?: Record<string, AttributesTypes>;
|
|
151
|
+
picture?: string;
|
|
152
|
+
verifiedEmail?: boolean;
|
|
153
|
+
verifiedPhone?: boolean;
|
|
154
|
+
test?: boolean;
|
|
155
|
+
};
|
|
142
156
|
declare type UserMapping = {
|
|
143
157
|
name: string;
|
|
144
158
|
email: string;
|
|
@@ -175,6 +189,14 @@ declare type ProviderTokenResponse = {
|
|
|
175
189
|
expiration: number;
|
|
176
190
|
scopes: string[];
|
|
177
191
|
};
|
|
192
|
+
declare type UserFailedResponse = {
|
|
193
|
+
failure: string;
|
|
194
|
+
user: UserResponse;
|
|
195
|
+
};
|
|
196
|
+
declare type InviteBatchResponse = {
|
|
197
|
+
createdUsers: UserResponse[];
|
|
198
|
+
failedUsers: UserFailedResponse[];
|
|
199
|
+
};
|
|
178
200
|
/**
|
|
179
201
|
* Search options to filter which audit records we should retrieve.
|
|
180
202
|
* All parameters are optional. `From` is currently limited to 30 days.
|
|
@@ -208,11 +230,100 @@ declare type AuditRecord = {
|
|
|
208
230
|
tenants: string[];
|
|
209
231
|
data: Record<string, any>;
|
|
210
232
|
};
|
|
211
|
-
declare
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
233
|
+
declare type UserStatus = 'enabled' | 'disabled' | 'invited';
|
|
234
|
+
declare type AuthzNodeExpressionType = 'self' | 'targetSet' | 'relationLeft' | 'relationRight';
|
|
235
|
+
/**
|
|
236
|
+
* AuthzNodeExpression holds the definition of a child node
|
|
237
|
+
*/
|
|
238
|
+
declare type AuthzNodeExpression = {
|
|
239
|
+
neType: AuthzNodeExpressionType;
|
|
240
|
+
relationDefinition?: string;
|
|
241
|
+
relationDefinitionNamespace?: string;
|
|
242
|
+
targetRelationDefinition?: string;
|
|
243
|
+
targetRelationDefinitionNamespace?: string;
|
|
244
|
+
};
|
|
245
|
+
declare type AuthzNodeType = 'child' | 'union' | 'intersect' | 'sub';
|
|
246
|
+
/**
|
|
247
|
+
* AuthzNode holds the definition of a complex relation definition
|
|
248
|
+
*/
|
|
249
|
+
declare type AuthzNode = {
|
|
250
|
+
nType: AuthzNodeType;
|
|
251
|
+
children?: AuthzNode[];
|
|
252
|
+
expression?: AuthzNodeExpression;
|
|
253
|
+
};
|
|
254
|
+
/**
|
|
255
|
+
* AuthzRelationDefinition defines a relation within a namespace
|
|
256
|
+
*/
|
|
257
|
+
declare type AuthzRelationDefinition = {
|
|
258
|
+
name: string;
|
|
259
|
+
complexDefinition?: AuthzNode;
|
|
260
|
+
};
|
|
261
|
+
/**
|
|
262
|
+
* AuthzNamespace defines an entity in the authorization schema
|
|
263
|
+
*/
|
|
264
|
+
declare type AuthzNamespace = {
|
|
265
|
+
name: string;
|
|
266
|
+
relationDefinitions: AuthzRelationDefinition[];
|
|
267
|
+
};
|
|
268
|
+
/**
|
|
269
|
+
* AuthzSchema holds the full schema (all namespaces) for a project
|
|
270
|
+
*/
|
|
271
|
+
declare type AuthzSchema = {
|
|
272
|
+
name?: string;
|
|
273
|
+
namespaces: AuthzNamespace[];
|
|
274
|
+
};
|
|
275
|
+
/**
|
|
276
|
+
* AuthzUserQuery represents a target of a relation for ABAC (query on users)
|
|
277
|
+
*/
|
|
278
|
+
declare type AuthzUserQuery = {
|
|
279
|
+
tenants?: string[];
|
|
280
|
+
roles?: string[];
|
|
281
|
+
text?: string;
|
|
282
|
+
statuses?: UserStatus[];
|
|
283
|
+
ssoOnly?: boolean;
|
|
284
|
+
withTestUser?: boolean;
|
|
285
|
+
customAttributes?: Record<string, any>;
|
|
286
|
+
};
|
|
287
|
+
/**
|
|
288
|
+
* AuthzRelation defines a relation between resource and target
|
|
289
|
+
*/
|
|
290
|
+
declare type AuthzRelation = {
|
|
291
|
+
resource: string;
|
|
292
|
+
relationDefinition: string;
|
|
293
|
+
namespace: string;
|
|
294
|
+
target?: string;
|
|
295
|
+
targetSetResource?: string;
|
|
296
|
+
targetSetRelationDefinition?: string;
|
|
297
|
+
targetSetRelationDefinitionNamespace?: string;
|
|
298
|
+
query?: AuthzUserQuery;
|
|
299
|
+
};
|
|
300
|
+
/**
|
|
301
|
+
* AuthzRelationQuery queries the service if a given relation exists
|
|
302
|
+
*/
|
|
303
|
+
declare type AuthzRelationQuery = {
|
|
304
|
+
resource: string;
|
|
305
|
+
relationDefinition: string;
|
|
306
|
+
namespace: string;
|
|
307
|
+
target: string;
|
|
308
|
+
hasRelation?: boolean;
|
|
309
|
+
};
|
|
310
|
+
declare type NewProjectResponse = {
|
|
311
|
+
projectId: string;
|
|
312
|
+
projectName: string;
|
|
313
|
+
projectSettingsWeb: Record<string, any>;
|
|
314
|
+
authMethodsMagicLink: Record<string, any>;
|
|
315
|
+
authMethodsOTP: Record<string, any>;
|
|
316
|
+
authMethodsSAML: Record<string, any>;
|
|
317
|
+
authMethodsOAuth: Record<string, any>;
|
|
318
|
+
authMethodsWebAuthn: Record<string, any>;
|
|
319
|
+
authMethodsTOTP: Record<string, any>;
|
|
320
|
+
messagingProvidersWeb: Record<string, any>;
|
|
321
|
+
authMethodsEnchantedLink: Record<string, any>;
|
|
322
|
+
authMethodsPassword: Record<string, any>;
|
|
323
|
+
authMethodsOIDCIDP: Record<string, any>;
|
|
324
|
+
authMethodsEmbeddedLink: Record<string, any>;
|
|
325
|
+
tag?: string;
|
|
326
|
+
};
|
|
216
327
|
|
|
217
328
|
/** Parsed JWT token */
|
|
218
329
|
interface Token {
|
|
@@ -239,7 +350,8 @@ declare const nodeSdk: {
|
|
|
239
350
|
user: {
|
|
240
351
|
create: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
241
352
|
createTestUser: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
242
|
-
invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
353
|
+
invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
354
|
+
inviteBatch: (users: User[], inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean) => Promise<SdkResponse<InviteBatchResponse>>;
|
|
243
355
|
update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
|
244
356
|
delete: (loginId: string) => Promise<SdkResponse<never>>;
|
|
245
357
|
deleteAllTestUsers: () => Promise<SdkResponse<never>>;
|
|
@@ -272,6 +384,7 @@ declare const nodeSdk: {
|
|
|
272
384
|
};
|
|
273
385
|
project: {
|
|
274
386
|
updateName: (name: string) => Promise<SdkResponse<never>>;
|
|
387
|
+
clone: (name: string, tag?: "production") => Promise<SdkResponse<NewProjectResponse>>;
|
|
275
388
|
};
|
|
276
389
|
accessKey: {
|
|
277
390
|
create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
|
|
@@ -330,6 +443,23 @@ declare const nodeSdk: {
|
|
|
330
443
|
audit: {
|
|
331
444
|
search: (searchOptions: AuditSearchOptions) => Promise<SdkResponse<AuditRecord[]>>;
|
|
332
445
|
};
|
|
446
|
+
authz: {
|
|
447
|
+
saveSchema: (schema: AuthzSchema, upgrade: boolean) => Promise<SdkResponse<never>>;
|
|
448
|
+
deleteSchema: () => Promise<SdkResponse<never>>;
|
|
449
|
+
loadSchema: () => Promise<SdkResponse<AuthzSchema>>;
|
|
450
|
+
saveNamespace: (namespace: AuthzNamespace, oldName?: string, schemaName?: string) => Promise<SdkResponse<never>>;
|
|
451
|
+
deleteNamespace: (name: string, schemaName?: string) => Promise<SdkResponse<never>>;
|
|
452
|
+
saveRelationDefinition: (relationDefinition: AuthzRelationDefinition, namespace: string, oldName?: string, schemaName?: string) => Promise<SdkResponse<never>>;
|
|
453
|
+
deleteRelationDefinition: (name: string, namespace: string, schemaName?: string) => Promise<SdkResponse<never>>;
|
|
454
|
+
createRelations: (relations: AuthzRelation[]) => Promise<SdkResponse<never>>;
|
|
455
|
+
deleteRelations: (relations: AuthzRelation[]) => Promise<SdkResponse<never>>;
|
|
456
|
+
deleteRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
|
|
457
|
+
hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>;
|
|
458
|
+
whoCanAccess: (resource: string, relationDefinition: string, namespace: string) => Promise<SdkResponse<string[]>>;
|
|
459
|
+
resourceRelations: (resource: string) => Promise<SdkResponse<AuthzRelation[]>>;
|
|
460
|
+
targetsRelations: (targets: string[]) => Promise<SdkResponse<AuthzRelation[]>>;
|
|
461
|
+
whatCanTargetAccess: (target: string) => Promise<SdkResponse<AuthzRelation[]>>;
|
|
462
|
+
};
|
|
333
463
|
};
|
|
334
464
|
getKey: (header: JWTHeaderParameters) => Promise<KeyLike | Uint8Array>;
|
|
335
465
|
validateJwt: (jwt: string) => Promise<AuthenticationInfo>;
|
|
@@ -670,12 +800,12 @@ declare const nodeSdk: {
|
|
|
670
800
|
replace: (loginId: string, oldPassword: string, newPassword: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
671
801
|
policy: () => Promise<SdkResponse<{
|
|
672
802
|
minLength: number;
|
|
673
|
-
lowercase: boolean;
|
|
674
|
-
uppercase: boolean; /**
|
|
803
|
+
lowercase: boolean; /**
|
|
675
804
|
* Validate the given JWT with the right key and make sure the issuer is correct
|
|
676
805
|
* @param jwt the JWT string to parse and validate
|
|
677
806
|
* @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.
|
|
678
807
|
*/
|
|
808
|
+
uppercase: boolean;
|
|
679
809
|
number: boolean;
|
|
680
810
|
nonAlphanumeric: boolean;
|
|
681
811
|
}>>;
|
|
@@ -703,17 +833,19 @@ declare const nodeSdk: {
|
|
|
703
833
|
samlIdpStateId?: string;
|
|
704
834
|
samlIdpUsername?: string;
|
|
705
835
|
ssoAppId?: string;
|
|
706
|
-
|
|
836
|
+
abTestingKey?: number;
|
|
837
|
+
}, conditionInteractionId?: string, interactionId?: string, version?: number, componentsVersion?: string, input?: {
|
|
707
838
|
[x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
|
|
708
|
-
}
|
|
709
|
-
next: (executionId: string, stepId: string, interactionId: string, input?: {
|
|
839
|
+
}) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
|
|
840
|
+
next: (executionId: string, stepId: string, interactionId: string, version?: number, componentsVersion?: string, input?: {
|
|
710
841
|
[x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
|
|
711
|
-
}
|
|
842
|
+
}) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
|
|
712
843
|
};
|
|
713
844
|
refresh: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
|
|
714
845
|
refreshJwt?: string;
|
|
715
846
|
cookies?: string[];
|
|
716
847
|
}>>;
|
|
848
|
+
selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
|
|
717
849
|
logout: (token?: string) => Promise<SdkResponse<never>>;
|
|
718
850
|
logoutAll: (token?: string) => Promise<SdkResponse<never>>;
|
|
719
851
|
me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
|
package/dist/index.esm.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d=t=>async(...s)=>{var a,o,n;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function p(e,t,s){var a,o;const n=s?null===(o=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function m(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},c={updateName:"/v1/mgmt/project/update/name"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},y={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},C={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},I={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},b={search:"/v1/mgmt/audit/search"};const A=(e,t)=>({create:(a,o,n,r,i,l,d,p,m,c)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),createTestUser:(a,o,n,r,i,l,d,p,m,c)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),invite:(a,o,n,r,i,l,d,p,m,c,g)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:g},{token:t}),(e=>e.user)),update:(a,o,n,r,i,l,d,p,m,c)=>s(e.httpClient.post(u.update,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),delete:a=>s(e.httpClient.post(u.delete,{loginId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(u.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(u.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(u.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(u.logout,{userId:a},{token:t})),searchAll:(a,o,n,r,i,l,d,p,m,c)=>s(e.httpClient.post(u.search,{tenantIds:a,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),getProviderToken:(a,o)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:a,provider:o},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,o)=>s(e.httpClient.post(u.updateLoginId,{loginId:a,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(a,o,n)=>s(e.httpClient.post(u.updateEmail,{loginId:a,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(a,o,n)=>s(e.httpClient.post(u.updatePhone,{loginId:a,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(a,o)=>s(e.httpClient.post(u.updateDisplayName,{loginId:a,displayName:o},{token:t}),(e=>e.user)),updatePicture:(a,o)=>s(e.httpClient.post(u.updatePicture,{loginId:a,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(a,o,n)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:a,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(a,o)=>s(e.httpClient.post(u.addRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(a,o)=>s(e.httpClient.post(u.removeRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),addTenant:(a,o)=>s(e.httpClient.post(u.addTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(a,o)=>s(e.httpClient.post(u.removeTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(a,o,n)=>s(e.httpClient.post(u.addRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(a,o,n)=>s(e.httpClient.post(u.removeRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,o)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:a,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,o,n)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:a,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,o)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:a,URI:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,o)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:a,customClaims:o},{token:t}),(e=>e)),setPassword:(a,o)=>s(e.httpClient.post(u.setPassword,{loginId:a,password:o},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(u.expirePassword,{loginId:a},{token:t}),(e=>e))}),T=(e,t)=>({updateName:a=>s(e.httpClient.post(c.updateName,{name:a},{token:t}))}),P=(e,t)=>({create:(a,o,n)=>s(e.httpClient.post(h.create,{name:a,selfProvisioningDomains:o,customAttributes:n},{token:t})),createWithId:(a,o,n,r)=>s(e.httpClient.post(h.create,{id:a,name:o,selfProvisioningDomains:n,customAttributes:r},{token:t})),update:(a,o,n,r)=>s(e.httpClient.post(h.update,{id:a,name:o,selfProvisioningDomains:n,customAttributes:r},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,o,n,r)=>s(e.httpClient.post(h.searchAll,{tenantIds:a,tenantNames:o,tenantSelfProvisioningDomains:n,customAttributes:r},{token:t}),(e=>e.tenants))}),x=(e,t)=>({update:(a,o)=>s(e.httpClient.post(k.update,{jwt:a,customClaims:o},{token:t}))}),E=(e,t)=>({create:(a,o)=>s(e.httpClient.post(y.create,{name:a,description:o},{token:t})),update:(a,o,n)=>s(e.httpClient.post(y.update,{name:a,newName:o,description:n},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.permissions))}),j=(e,t)=>({create:(a,o,n)=>s(e.httpClient.post(f.create,{name:a,description:o,permissionNames:n},{token:t})),update:(a,o,n,r)=>s(e.httpClient.post(f.update,{name:a,newName:o,description:n,permissionNames:r},{token:t})),delete:a=>s(e.httpClient.post(f.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.roles))}),N=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(I.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,o,n)=>s(e.httpClient.post(I.loadAllGroupsForMember,{tenantId:a,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(a,o)=>s(e.httpClient.post(I.loadAllGroupMembers,{tenantId:a,groupId:o},{token:t}))}),R=(e,t)=>({getSettings:a=>s(e.httpClient.get(v.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(v.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,o,n,r,i,l)=>s(e.httpClient.post(v.settings,{tenantId:a,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(a,o,n,r)=>s(e.httpClient.post(v.metadata,{tenantId:a,idpMetadataURL:o,redirectURL:n,domain:r},{token:t})),configureMapping:(a,o,n)=>s(e.httpClient.post(v.mapping,{tenantId:a,roleMappings:o,attributeMapping:n},{token:t}))}),O=(e,t)=>({create:(a,o,n,r)=>s(e.httpClient.post(g.create,{name:a,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:a=>s(e.httpClient.get(g.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(g.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,o)=>s(e.httpClient.post(g.update,{id:a,name:o},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(g.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(g.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(g.delete,{id:a},{token:t}))}),S=(e,t)=>({list:()=>s(e.httpClient.post(C.list,{},{token:t})),export:a=>s(e.httpClient.post(C.export,{flowId:a},{token:t})),import:(a,o,n)=>s(e.httpClient.post(C.import,{flowId:a,flow:o,screens:n},{token:t}))}),U=(e,t)=>({export:()=>s(e.httpClient.post(w.export,{},{token:t})),import:a=>s(e.httpClient.post(w.import,{theme:a},{token:t}))}),M=(e,t)=>({search:a=>{const o=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete o.loginIds,s(e.httpClient.post(b.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var L;null!==(L=globalThis.Headers)&&void 0!==L||(globalThis.Headers=l);const F=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),i(...e)),D=s=>{var i,{managementKey:l,publicKey:u}=s,c=e(s,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:F},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.5.10"})})),{projectId:h,logger:v}=c,k={},y=((e,t)=>({user:A(e,t),project:T(e,t),accessKey:O(e,t),tenant:P(e,t),sso:R(e,t),jwt:x(e,t),permission:E(e,t),role:j(e,t),group:N(e,t),flow:S(e,t),theme:U(e,t),audit:M(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:y,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await o(e,f.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const a=await f.refresh(e);if(a.ok){return await f.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))}});return a(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};D.RefreshTokenCookieName="DSR",D.SessionTokenCookieName="DS";export{D as default};
|
|
1
|
+
import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d=t=>async(...a)=>{var s,o,n;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function p(e,t,a){var s,o;const n=a?null===(o=null===(s=e.token.tenants)||void 0===s?void 0:s[a])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function m(e,t){var a;return!!(null===(a=e.token.tenants)||void 0===a?void 0:a[t])}var u={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},c={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},g={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},y={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},I={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},b={search:"/v1/mgmt/audit/search"},A={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const T=(e,t)=>({create:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),createTestUser:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),invite:(s,o,n,r,i,l,d,p,m,c,h,g,v)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:h,sendMail:g,sendSMS:v},{token:t}),(e=>e.user)),inviteBatch:(s,o,n,r)=>a(e.httpClient.post(u.createBatch,{users:s,invite:!0,inviteUrl:o,sendMail:n,sendSMS:r},{token:t}),(e=>e)),update:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.update,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(u.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(u.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(u.load,{queryParams:{userId:s},token:t}),(e=>e.user)),logoutUser:s=>a(e.httpClient.post(u.logout,{loginId:s},{token:t})),logoutUserByUserId:s=>a(e.httpClient.post(u.logout,{userId:s},{token:t})),searchAll:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.search,{tenantIds:s,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),getProviderToken:(s,o)=>a(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:s,provider:o},token:t}),(e=>e)),activate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(s,o)=>a(e.httpClient.post(u.updateLoginId,{loginId:s,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(s,o,n)=>a(e.httpClient.post(u.updateEmail,{loginId:s,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(s,o,n)=>a(e.httpClient.post(u.updatePhone,{loginId:s,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(s,o)=>a(e.httpClient.post(u.updateDisplayName,{loginId:s,displayName:o},{token:t}),(e=>e.user)),updatePicture:(s,o)=>a(e.httpClient.post(u.updatePicture,{loginId:s,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(s,o,n)=>a(e.httpClient.post(u.updateCustomAttribute,{loginId:s,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(s,o)=>a(e.httpClient.post(u.addRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(s,o)=>a(e.httpClient.post(u.removeRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),addTenant:(s,o)=>a(e.httpClient.post(u.addTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(s,o)=>a(e.httpClient.post(u.removeTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(s,o,n)=>a(e.httpClient.post(u.addRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(s,o,n)=>a(e.httpClient.post(u.removeRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,o)=>a(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:s,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,o,n)=>a(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:s,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,o)=>a(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:s,URI:o},{token:t}),(e=>e)),generateEmbeddedLink:(s,o)=>a(e.httpClient.post(u.generateEmbeddedLink,{loginId:s,customClaims:o},{token:t}),(e=>e)),setPassword:(s,o)=>a(e.httpClient.post(u.setPassword,{loginId:s,password:o},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(u.expirePassword,{loginId:s},{token:t}),(e=>e))}),P=(e,t)=>({updateName:s=>a(e.httpClient.post(c.updateName,{name:s},{token:t})),clone:(s,o)=>a(e.httpClient.post(c.clone,{name:s,tag:o},{token:t}))}),R=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(g.create,{name:s,selfProvisioningDomains:o,customAttributes:n},{token:t})),createWithId:(s,o,n,r)=>a(e.httpClient.post(g.create,{id:s,name:o,selfProvisioningDomains:n,customAttributes:r},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(g.update,{id:s,name:o,selfProvisioningDomains:n,customAttributes:r},{token:t})),delete:s=>a(e.httpClient.post(g.delete,{id:s},{token:t})),load:s=>a(e.httpClient.get(g.load,{queryParams:{id:s},token:t}),(e=>e)),loadAll:()=>a(e.httpClient.get(g.loadAll,{token:t}),(e=>e.tenants)),searchAll:(s,o,n,r)=>a(e.httpClient.post(g.searchAll,{tenantIds:s,tenantNames:o,tenantSelfProvisioningDomains:n,customAttributes:r},{token:t}),(e=>e.tenants))}),N=(e,t)=>({update:(s,o)=>a(e.httpClient.post(k.update,{jwt:s,customClaims:o},{token:t}))}),S=(e,t)=>({create:(s,o)=>a(e.httpClient.post(C.create,{name:s,description:o},{token:t})),update:(s,o,n)=>a(e.httpClient.post(C.update,{name:s,newName:o,description:n},{token:t})),delete:s=>a(e.httpClient.post(C.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),x=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(f.create,{name:s,description:o,permissionNames:n},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(f.update,{name:s,newName:o,description:n,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(f.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(f.loadAll,{token:t}),(e=>e.roles))}),E=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(I.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,o,n)=>a(e.httpClient.post(I.loadAllGroupsForMember,{tenantId:s,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(s,o)=>a(e.httpClient.post(I.loadAllGroupMembers,{tenantId:s,groupId:o},{token:t}))}),j=(e,t)=>({getSettings:s=>a(e.httpClient.get(v.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(v.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,o,n,r,i,l)=>a(e.httpClient.post(v.settings,{tenantId:s,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(s,o,n,r)=>a(e.httpClient.post(v.metadata,{tenantId:s,idpMetadataURL:o,redirectURL:n,domain:r},{token:t})),configureMapping:(s,o,n)=>a(e.httpClient.post(v.mapping,{tenantId:s,roleMappings:o,attributeMapping:n},{token:t}))}),D=(e,t)=>({create:(s,o,n,r)=>a(e.httpClient.post(h.create,{name:s,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(h.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(h.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,o)=>a(e.httpClient.post(h.update,{id:s,name:o},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(h.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(h.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(h.delete,{id:s},{token:t}))}),M=(e,t)=>({list:()=>a(e.httpClient.post(y.list,{},{token:t})),export:s=>a(e.httpClient.post(y.export,{flowId:s},{token:t})),import:(s,o,n)=>a(e.httpClient.post(y.import,{flowId:s,flow:o,screens:n},{token:t}))}),O=(e,t)=>({export:()=>a(e.httpClient.post(w.export,{},{token:t})),import:s=>a(e.httpClient.post(w.import,{theme:s},{token:t}))}),U=(e,t)=>({search:s=>{const o=Object.assign(Object.assign({},s),{externalIds:s.loginIds});return delete o.loginIds,a(e.httpClient.post(b.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),L=(e,t)=>({saveSchema:(s,o)=>a(e.httpClient.post(A.schemaSave,{schema:s,upgrade:o},{token:t})),deleteSchema:()=>a(e.httpClient.post(A.schemaDelete,{},{token:t})),loadSchema:()=>a(e.httpClient.post(A.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(s,o,n)=>a(e.httpClient.post(A.nsSave,{namespace:s,oldName:o,schemaName:n},{token:t})),deleteNamespace:(s,o)=>a(e.httpClient.post(A.nsDelete,{name:s,schemaName:o},{token:t})),saveRelationDefinition:(s,o,n,r)=>a(e.httpClient.post(A.rdSave,{relationDefinition:s,namespace:o,oldName:n,schemaName:r},{token:t})),deleteRelationDefinition:(s,o,n)=>a(e.httpClient.post(A.rdDelete,{name:s,namespace:o,schemaName:n},{token:t})),createRelations:s=>a(e.httpClient.post(A.reCreate,{relations:s},{token:t})),deleteRelations:s=>a(e.httpClient.post(A.reDelete,{relations:s},{token:t})),deleteRelationsForResources:s=>a(e.httpClient.post(A.reDeleteResources,{resources:s},{token:t})),hasRelations:s=>a(e.httpClient.post(A.hasRelations,{relationQueries:s},{token:t}),(e=>e.relationQueries)),whoCanAccess:(s,o,n)=>a(e.httpClient.post(A.who,{resource:s,relationDefinition:o,namespace:n},{token:t}),(e=>e.targets)),resourceRelations:s=>a(e.httpClient.post(A.resource,{resource:s},{token:t}),(e=>e.relations)),targetsRelations:s=>a(e.httpClient.post(A.targets,{targets:s},{token:t}),(e=>e.relations)),whatCanTargetAccess:s=>a(e.httpClient.post(A.targetAll,{target:s},{token:t}),(e=>e.relations))});var F;null!==(F=globalThis.Headers)&&void 0!==F||(globalThis.Headers=l);const z=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),i(...e)),$=a=>{var i,{managementKey:l,publicKey:u}=a,c=e(a,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:z},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.6.1"})})),{projectId:g,logger:v}=c,k={},C=((e,t)=>({user:T(e,t),project:P(e,t),accessKey:D(e,t),tenant:R(e,t),sso:j(e,t),jwt:N(e,t),permission:S(e,t),role:x(e,t),group:E(e,t),flow:M(e,t),theme:O(e,t),audit:U(e,t),authz:L(e,t)}))(h,l),f=Object.assign(Object.assign({},h),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${g}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const a=(await o(e,f.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==g))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const s=await f.refresh(e);if(s.ok){return await f.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=t.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){if(t&&!m(e,t))return!1;const s=p(e,"permissions",t);return a.every((e=>s.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){if(t&&!m(e,t))return!1;const s=p(e,"roles",t);return a.every((e=>s.includes(e)))}});return s(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};$.RefreshTokenCookieName="DSR",$.SessionTokenCookieName="DS";export{$ as default};
|
|
2
2
|
//# sourceMappingURL=index.esm.js.map
|