npm - @descope/node-sdk - Versions diffs - 1.5.3 → 1.5.5 - Mend

@descope/node-sdk 1.5.3 → 1.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -488,6 +488,9 @@ await descopeClient.management.tenant.update('my-custom-id', 'My Tenant', [
 // Tenant deletion cannot be undone. Use carefully.
 await descopeClient.management.tenant.delete('my-custom-id');
+// Load tenant by id
+const tenant = await descopeClient.management.tenant.load('my-custom-id');
 // Load all tenants
 const tenantsRes = await descopeClient.management.tenant.loadAll();
 tenantsRes.data.forEach((tenant) => {
@@ -629,7 +632,7 @@ const domain = 'tenant-users.com' // Users authentication with this domain will
 await descopeClient.management.sso.configureSettings(tenantID, idpURL, entityID, idpCert, redirectURL, domain)
 // Alternatively, configure using an SSO metadata URL
-await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata')
+await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata', redirectURL, domain)
 // Map IDP groups to Descope roles, or map user attributes.
 // This function overrides any previous mapping (even when empty). Use carefully.

package/dist/cjs/index.cjs.js CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),o=require("node-fetch-commonjs");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=n(t),a=n(o);const i=t=>async(...s)=>{var o,n,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,d=e.__rest(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:p})})};function l(e,t,s){var o,n;const r=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(r)?r:[]}function d(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var p={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink"},m={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},u={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},c={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},h={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},v={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},f={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},k={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},R={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},y={search:"/v1/mgmt/audit/search"};const C=(e,s)=>({create:(o,n,r,a,i,l,d,m)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:d,picture:m},{token:s}),(e=>e.user)),createTestUser:(o,n,r,a,i,l,d,m)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:m},{token:s}),(e=>e.user)),invite:(o,n,r,a,i,l,d,m)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m},{token:s}),(e=>e.user)),update:(o,n,r,a,i,l,d,m)=>t.transformResponse(e.httpClient.post(p.update,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:d,picture:m},{token:s}),(e=>e.user)),delete:o=>t.transformResponse(e.httpClient.post(p.delete,{loginId:o},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(p.deleteAllTestUsers,{token:s})),load:o=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{loginId:o},token:s}),(e=>e.user)),loadByUserId:o=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{userId:o},token:s}),(e=>e.user)),searchAll:(o,n,r,a,i,l,d)=>t.transformResponse(e.httpClient.post(p.search,{tenantIds:o,roleNames:n,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:d},{token:s}),(e=>e.users)),getProviderToken:(o,n)=>t.transformResponse(e.httpClient.get(p.getProviderToken,{queryParams:{loginId:o,provider:n},token:s}),(e=>e)),activate:o=>t.transformResponse(e.httpClient.post(p.updateStatus,{loginId:o,status:"enabled"},{token:s}),(e=>e.user)),deactivate:o=>t.transformResponse(e.httpClient.post(p.updateStatus,{loginId:o,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(o,n)=>t.transformResponse(e.httpClient.post(p.updateLoginId,{loginId:o,newLoginId:n},{token:s}),(e=>e.user)),updateEmail:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updateEmail,{loginId:o,email:n,verified:r},{token:s}),(e=>e.user)),updatePhone:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updatePhone,{loginId:o,phone:n,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(o,n)=>t.transformResponse(e.httpClient.post(p.updateDisplayName,{loginId:o,displayName:n},{token:s}),(e=>e.user)),updatePicture:(o,n)=>t.transformResponse(e.httpClient.post(p.updatePicture,{loginId:o,picture:n},{token:s}),(e=>e.user)),updateCustomAttribute:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(o,n)=>t.transformResponse(e.httpClient.post(p.addRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),removeRoles:(o,n)=>t.transformResponse(e.httpClient.post(p.removeRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),addTenant:(o,n)=>t.transformResponse(e.httpClient.post(p.addTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),removeTenant:(o,n)=>t.transformResponse(e.httpClient.post(p.removeTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),addTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(p.addRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(p.removeRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(p.generateOTPForTest,{deliveryMethod:o,loginId:n},{token:s}),(e=>e)),generateMagicLinkForTestUser:(o,n,r)=>t.transformResponse(e.httpClient.post(p.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(p.generateEnchantedLinkForTest,{loginId:o,URI:n},{token:s}),(e=>e)),setPassword:(o,n)=>t.transformResponse(e.httpClient.post(p.setPassword,{loginId:o,password:n},{token:s}),(e=>e)),expirePassword:o=>t.transformResponse(e.httpClient.post(p.expirePassword,{loginId:o},{token:s}),(e=>e))}),w=(e,s)=>({create:(o,n)=>t.transformResponse(e.httpClient.post(u.create,{name:o,selfProvisioningDomains:n},{token:s})),createWithId:(o,n,r)=>t.transformResponse(e.httpClient.post(u.create,{id:o,name:n,selfProvisioningDomains:r},{token:s})),update:(o,n,r)=>t.transformResponse(e.httpClient.post(u.update,{id:o,name:n,selfProvisioningDomains:r},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(u.delete,{id:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(u.loadAll,{token:s}),(e=>e.tenants))}),I=(e,s)=>({update:(o,n)=>t.transformResponse(e.httpClient.post(g.update,{jwt:o,customClaims:n},{token:s}))}),b=(e,s)=>({create:(o,n)=>t.transformResponse(e.httpClient.post(h.create,{name:o,description:n},{token:s})),update:(o,n,r)=>t.transformResponse(e.httpClient.post(h.update,{name:o,newName:n,description:r},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(h.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(h.loadAll,{token:s}),(e=>e.permissions))}),T=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(v.create,{name:o,description:n,permissionNames:r},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(v.update,{name:o,newName:n,description:r,permissionNames:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(v.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.roles))}),A=(e,s)=>({loadAllGroups:o=>t.transformResponse(e.httpClient.post(R.loadAllGroups,{tenantId:o},{token:s})),loadAllGroupsForMember:(o,n,r)=>t.transformResponse(e.httpClient.post(R.loadAllGroupsForMember,{tenantId:o,loginIds:r,userIds:n},{token:s})),loadAllGroupMembers:(o,n)=>t.transformResponse(e.httpClient.post(R.loadAllGroupMembers,{tenantId:o,groupId:n},{token:s}))}),x=(e,s)=>({getSettings:o=>t.transformResponse(e.httpClient.get(c.settings,{queryParams:{tenantId:o},token:s}),(e=>e)),deleteSettings:o=>t.transformResponse(e.httpClient.delete(c.settings,{queryParams:{tenantId:o},token:s})),configureSettings:(o,n,r,a,i,l)=>t.transformResponse(e.httpClient.post(c.settings,{tenantId:o,idpURL:n,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(o,n)=>t.transformResponse(e.httpClient.post(c.metadata,{tenantId:o,idpMetadataURL:n},{token:s})),configureMapping:(o,n,r)=>t.transformResponse(e.httpClient.post(c.mapping,{tenantId:o,roleMappings:n,attributeMapping:r},{token:s}))}),P=(e,s)=>({create:(o,n,r,a)=>t.transformResponse(e.httpClient.post(m.create,{name:o,expireTime:n,roleNames:r,keyTenants:a},{token:s})),load:o=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{id:o},token:s}),(e=>e.key)),searchAll:o=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:o},{token:s}),(e=>e.keys)),update:(o,n)=>t.transformResponse(e.httpClient.post(m.update,{id:o,name:n},{token:s}),(e=>e.key)),deactivate:o=>t.transformResponse(e.httpClient.post(m.deactivate,{id:o},{token:s})),activate:o=>t.transformResponse(e.httpClient.post(m.activate,{id:o},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(m.delete,{id:o},{token:s}))}),j=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(f.list,{},{token:s})),export:o=>t.transformResponse(e.httpClient.post(f.export,{flowId:o},{token:s})),import:(o,n,r)=>t.transformResponse(e.httpClient.post(f.import,{flowId:o,flow:n,screens:r},{token:s}))}),E=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(k.export,{},{token:s})),import:o=>t.transformResponse(e.httpClient.post(k.import,{theme:o},{token:s}))}),N=(e,s)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,t.transformResponse(e.httpClient.post(y.search,n,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var O;null!==(O=globalThis.Headers)&&void 0!==O||(globalThis.Headers=o.Headers);const M=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),S=o=>{var n,{managementKey:a,publicKey:p}=o,m=e.__rest(o,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({},m),{fetch:M,baseHeaders:Object.assign(Object.assign({},m.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(n=null===process||void 0===process?void 0:process.versions)||void 0===n?void 0:n.node)||"","x-descope-sdk-version":"1.5.3"})})),{projectId:c,logger:g}=m,h={},v=((e,t)=>({user:C(e,t),accessKey:P(e,t),tenant:w(e,t),sso:x(e,t),jwt:I(e,t),permission:b(e,t),role:T(e,t),group:A(e,t),flow:j(e,t),theme:E(e,t),audit:N(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{if(p)try{const e=JSON.parse(p),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==g||g.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const o=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(t=o.iss)||void 0===t?void 0:t.split("/").pop(),o.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==g||g.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const o=await f.refresh(e);if(o.ok){return await f.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==g||g.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==g||g.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!d(e,t))return!1;const o=l(e,"permissions",t);return s.every((e=>o.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!d(e,t))return!1;const o=l(e,"roles",t);return s.every((e=>o.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};S.RefreshTokenCookieName="DSR",S.SessionTokenCookieName="DS",module.exports=S;
+"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),o=require("node-fetch-commonjs");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=n(t),a=n(o);const i="DSR",l="tenants",d=t=>async(...s)=>{var o,n,r;const a=await t(...s);if(!a.data)return a;let l=a.data,{refreshJwt:d}=l,p=e.__rest(l,["refreshJwt"]);const m=[];var u;return d?m.push(`${i}=${d}; Domain=${(null==(u=p)?void 0:u.cookieDomain)||""}; Max-Age=${(null==u?void 0:u.cookieMaxAge)||""}; Path=${(null==u?void 0:u.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(d=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"),i),m.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:d,cookies:m})})};function p(e,t,s){var o,n;const r=s?null===(n=null===(o=e.token[l])||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(r)?r:[]}function m(e,t){var s;return!!(null===(s=e.token[l])||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink"},c={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},g={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},v={update:"/v1/mgmt/jwt/update"},f={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},k={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},R={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},y={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},w={search:"/v1/mgmt/audit/search"};const I=(e,s)=>({create:(o,n,r,a,i,l,d,p)=>t.transformResponse(e.httpClient.post(u.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:d,picture:p},{token:s}),(e=>e.user)),createTestUser:(o,n,r,a,i,l,d,p)=>t.transformResponse(e.httpClient.post(u.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p},{token:s}),(e=>e.user)),invite:(o,n,r,a,i,l,d,p)=>t.transformResponse(e.httpClient.post(u.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p},{token:s}),(e=>e.user)),update:(o,n,r,a,i,l,d,p,m,c)=>t.transformResponse(e.httpClient.post(u.update,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:s}),(e=>e.user)),delete:o=>t.transformResponse(e.httpClient.post(u.delete,{loginId:o},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(u.deleteAllTestUsers,{token:s})),load:o=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{loginId:o},token:s}),(e=>e.user)),loadByUserId:o=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{userId:o},token:s}),(e=>e.user)),searchAll:(o,n,r,a,i,l,d)=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:o,roleNames:n,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:d},{token:s}),(e=>e.users)),getProviderToken:(o,n)=>t.transformResponse(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:o,provider:n},token:s}),(e=>e)),activate:o=>t.transformResponse(e.httpClient.post(u.updateStatus,{loginId:o,status:"enabled"},{token:s}),(e=>e.user)),deactivate:o=>t.transformResponse(e.httpClient.post(u.updateStatus,{loginId:o,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(o,n)=>t.transformResponse(e.httpClient.post(u.updateLoginId,{loginId:o,newLoginId:n},{token:s}),(e=>e.user)),updateEmail:(o,n,r)=>t.transformResponse(e.httpClient.post(u.updateEmail,{loginId:o,email:n,verified:r},{token:s}),(e=>e.user)),updatePhone:(o,n,r)=>t.transformResponse(e.httpClient.post(u.updatePhone,{loginId:o,phone:n,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(o,n)=>t.transformResponse(e.httpClient.post(u.updateDisplayName,{loginId:o,displayName:n},{token:s}),(e=>e.user)),updatePicture:(o,n)=>t.transformResponse(e.httpClient.post(u.updatePicture,{loginId:o,picture:n},{token:s}),(e=>e.user)),updateCustomAttribute:(o,n,r)=>t.transformResponse(e.httpClient.post(u.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(o,n)=>t.transformResponse(e.httpClient.post(u.addRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),removeRoles:(o,n)=>t.transformResponse(e.httpClient.post(u.removeRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),addTenant:(o,n)=>t.transformResponse(e.httpClient.post(u.addTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),removeTenant:(o,n)=>t.transformResponse(e.httpClient.post(u.removeTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),addTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(u.addRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(u.removeRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:o,loginId:n},{token:s}),(e=>e)),generateMagicLinkForTestUser:(o,n,r)=>t.transformResponse(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:o,URI:n},{token:s}),(e=>e)),setPassword:(o,n)=>t.transformResponse(e.httpClient.post(u.setPassword,{loginId:o,password:n},{token:s}),(e=>e)),expirePassword:o=>t.transformResponse(e.httpClient.post(u.expirePassword,{loginId:o},{token:s}),(e=>e))}),b=(e,s)=>({create:(o,n)=>t.transformResponse(e.httpClient.post(g.create,{name:o,selfProvisioningDomains:n},{token:s})),createWithId:(o,n,r)=>t.transformResponse(e.httpClient.post(g.create,{id:o,name:n,selfProvisioningDomains:r},{token:s})),update:(o,n,r)=>t.transformResponse(e.httpClient.post(g.update,{id:o,name:n,selfProvisioningDomains:r},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(g.delete,{id:o},{token:s})),load:o=>t.transformResponse(e.httpClient.get(g.load,{queryParams:{id:o},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(g.loadAll,{token:s}),(e=>e.tenants))}),T=(e,s)=>({update:(o,n)=>t.transformResponse(e.httpClient.post(v.update,{jwt:o,customClaims:n},{token:s}))}),A=(e,s)=>({create:(o,n)=>t.transformResponse(e.httpClient.post(f.create,{name:o,description:n},{token:s})),update:(o,n,r)=>t.transformResponse(e.httpClient.post(f.update,{name:o,newName:n,description:r},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(f.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.permissions))}),P=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(k.create,{name:o,description:n,permissionNames:r},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(k.update,{name:o,newName:n,description:r,permissionNames:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(k.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(k.loadAll,{token:s}),(e=>e.roles))}),x=(e,s)=>({loadAllGroups:o=>t.transformResponse(e.httpClient.post(C.loadAllGroups,{tenantId:o},{token:s})),loadAllGroupsForMember:(o,n,r)=>t.transformResponse(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:o,loginIds:r,userIds:n},{token:s})),loadAllGroupMembers:(o,n)=>t.transformResponse(e.httpClient.post(C.loadAllGroupMembers,{tenantId:o,groupId:n},{token:s}))}),j=(e,s)=>({getSettings:o=>t.transformResponse(e.httpClient.get(h.settings,{queryParams:{tenantId:o},token:s}),(e=>e)),deleteSettings:o=>t.transformResponse(e.httpClient.delete(h.settings,{queryParams:{tenantId:o},token:s})),configureSettings:(o,n,r,a,i,l)=>t.transformResponse(e.httpClient.post(h.settings,{tenantId:o,idpURL:n,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(o,n,r,a)=>t.transformResponse(e.httpClient.post(h.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:r,domain:a},{token:s})),configureMapping:(o,n,r)=>t.transformResponse(e.httpClient.post(h.mapping,{tenantId:o,roleMappings:n,attributeMapping:r},{token:s}))}),E=(e,s)=>({create:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.create,{name:o,expireTime:n,roleNames:r,keyTenants:a},{token:s})),load:o=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:o},token:s}),(e=>e.key)),searchAll:o=>t.transformResponse(e.httpClient.post(c.search,{tenantIds:o},{token:s}),(e=>e.keys)),update:(o,n)=>t.transformResponse(e.httpClient.post(c.update,{id:o,name:n},{token:s}),(e=>e.key)),deactivate:o=>t.transformResponse(e.httpClient.post(c.deactivate,{id:o},{token:s})),activate:o=>t.transformResponse(e.httpClient.post(c.activate,{id:o},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(c.delete,{id:o},{token:s}))}),N=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(R.list,{},{token:s})),export:o=>t.transformResponse(e.httpClient.post(R.export,{flowId:o},{token:s})),import:(o,n,r)=>t.transformResponse(e.httpClient.post(R.import,{flowId:o,flow:n,screens:r},{token:s}))}),O=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(y.export,{},{token:s})),import:o=>t.transformResponse(e.httpClient.post(y.import,{theme:o},{token:s}))}),M=(e,s)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,t.transformResponse(e.httpClient.post(w.search,n,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var S;null!==(S=globalThis.Headers)&&void 0!==S||(globalThis.Headers=o.Headers);const U=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),F=o=>{var n,{managementKey:a,publicKey:i}=o,l=e.__rest(o,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({},l),{fetch:U,baseHeaders:Object.assign(Object.assign({},l.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(n=null===process||void 0===process?void 0:process.versions)||void 0===n?void 0:n.node)||"","x-descope-sdk-version":"1.5.5"})})),{projectId:c,logger:g}=l,h={},v=((e,t)=>({user:I(e,t),accessKey:E(e,t),tenant:b(e,t),sso:j(e,t),jwt:T(e,t),permission:A(e,t),role:P(e,t),group:x(e,t),flow:N(e,t),theme:O(e,t),audit:M(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{if(i)try{const e=JSON.parse(i),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==g||g.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const o=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(t=o.iss)||void 0===t?void 0:t.split("/").pop(),o.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==g||g.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const o=await f.refresh(e);if(o.ok){return await f.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==g||g.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==g||g.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!m(e,t))return!1;const o=p(e,"permissions",t);return s.every((e=>o.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!m(e,t))return!1;const o=p(e,"roles",t);return s.every((e=>o.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};F.RefreshTokenCookieName=i,F.SessionTokenCookieName="DS",module.exports=F;
 //# sourceMappingURL=index.cjs.js.map

package/dist/cjs/index.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.cjs.js","sources":["../../lib/constants.ts","../../lib/helpers.ts","../../lib/management/paths.ts","../../lib/management/user.ts","../../lib/management/tenant.ts","../../lib/management/jwt.ts","../../lib/management/permission.ts","../../lib/management/role.ts","../../lib/management/group.ts","../../lib/management/sso.ts","../../lib/management/accesskey.ts","../../lib/management/flow.ts","../../lib/management/theme.ts","../../lib/management/audit.ts","../../lib/fetch-polyfill.ts","../../lib/index.ts","../../lib/management/index.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name /\nexport const refreshTokenCookieName = 'DSR';\n/* Session JWT cookie name /\nexport const sessionTokenCookieName = 'DS';\n/* The key of the tenants claims in the claims map /\nexport const authorizedTenantsClaimName = 'tenants';\n/* The key of the permissions claims in the claims map either under tenant or top level /\nexport const permissionsClaimName = 'permissions';\n/* The key of the roles claims in the claims map either under tenant or top level /\nexport const rolesClaimName = 'roles';\n","import type { SdkFnWrapper } from '@descope/core-js-sdk';\nimport { authorizedTenantsClaimName, refreshTokenCookieName } from './constants';\nimport { AuthenticationInfo } from './types';\n\n/\n Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n /\nconst generateCookie = (name: string, value: string, options?: Record<string, string \| number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain \|\| ''}; Max-Age=${\n options?.cookieMaxAge \|\| ''\n }; Path=${options?.cookiePath \|\| '/'}; HttpOnly; SameSite=Strict`;\n\n/\n Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n /\nconst getCookieValue = (cookie: string \| null \| undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^\|;\\\\s)${name}=([^;])`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/\n Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n /\nexport const withCookie: SdkFnWrapper<{ refreshJwt?: string; cookies?: string[] }> =\n (fn) =>\n async (...args) => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { refreshJwt, ...rest } = resp.data;\n const cookies: string[] = [];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/\n Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns the claim for the given tenant or top level if tenant is empty\n /\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n\n/\n Check if the user is associated with the given tenant\n * @param authInfo The parsed authentication info from the JWT\n * @param tenant tenant to check if user is associated with\n * @returns true if user is associated with the tenant\n /\nexport function isUserAssociatedWithTenant(authInfo: AuthenticationInfo, tenant: string): boolean {\n return !!authInfo.token[authorizedTenantsClaimName]?.[tenant];\n}\n","/* API paths for the Descope service Management APIs /\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n update: '/v1/mgmt/user/update',\n delete: '/v1/mgmt/user/delete',\n deleteAllTestUsers: '/v1/mgmt/user/test/delete/all',\n load: '/v1/mgmt/user',\n search: '/v1/mgmt/user/search',\n getProviderToken: '/v1/mgmt/user/provider/token',\n updateStatus: '/v1/mgmt/user/update/status',\n updateLoginId: '/v1/mgmt/user/update/loginid',\n updateEmail: '/v1/mgmt/user/update/email',\n updatePhone: '/v1/mgmt/user/update/phone',\n updateDisplayName: '/v1/mgmt/user/update/name',\n updatePicture: '/v1/mgmt/user/update/picture',\n updateCustomAttribute: '/v1/mgmt/user/update/customAttribute',\n addRole: '/v1/mgmt/user/update/role/add',\n removeRole: '/v1/mgmt/user/update/role/remove',\n addTenant: '/v1/mgmt/user/update/tenant/add',\n removeTenant: '/v1/mgmt/user/update/tenant/remove',\n setPassword: '/v1/mgmt/user/password/set',\n expirePassword: '/v1/mgmt/user/password/expire',\n generateOTPForTest: '/v1/mgmt/tests/generate/otp',\n generateMagicLinkForTest: '/v1/mgmt/tests/generate/magiclink',\n generateEnchantedLinkForTest: '/v1/mgmt/tests/generate/enchantedlink',\n },\n accessKey: {\n create: '/v1/mgmt/accesskey/create',\n load: '/v1/mgmt/accesskey',\n search: '/v1/mgmt/accesskey/search',\n update: '/v1/mgmt/accesskey/update',\n deactivate: '/v1/mgmt/accesskey/deactivate',\n activate: '/v1/mgmt/accesskey/activate',\n delete: '/v1/mgmt/accesskey/delete',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n loadAll: '/v1/mgmt/tenant/all',\n },\n sso: {\n settings: '/v1/mgmt/sso/settings',\n metadata: '/v1/mgmt/sso/metadata',\n mapping: '/v1/mgmt/sso/mapping',\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n },\n flow: {\n list: '/v1/mgmt/flow/list',\n export: '/v1/mgmt/flow/export',\n import: '/v1/mgmt/flow/import',\n },\n theme: {\n export: '/v1/mgmt/theme/export',\n import: '/v1/mgmt/theme/import',\n },\n group: {\n loadAllGroups: '/v1/mgmt/group/all',\n loadAllGroupsForMember: '/v1/mgmt/group/member/all',\n loadAllGroupMembers: '/v1/mgmt/group/members',\n },\n audit: {\n search: '/v1/mgmt/audit/search',\n },\n};\n","import { DeliveryMethod, SdkResponse, transformResponse, UserResponse } from '@descope/core-js-sdk';\nimport {\n ProviderTokenResponse,\n AssociatedTenant,\n GenerateEnchantedLinkForTestResponse,\n GenerateMagicLinkForTestResponse,\n GenerateOTPForTestResponse,\n AttributesTypes,\n} from './types';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n /\n Create a new test user.\n * The loginID is required and will determine what the user will use to sign in.\n * Make sure the login id is unique for test. All other fields are optional.\n \n You can later generate OTP, Magic link and enchanted link to use in the test without the need\n * of 3rd party messaging services.\n * Those users are not counted as part of the monthly active users\n * @returns The UserResponse if found, throws otherwise.\n /\n createTestUser: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n test: true,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n invite: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n invite: true,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n update: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.update,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n delete: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { loginId }, { token: managementKey }),\n ),\n /\n Delete all test users in the project.\n /\n deleteAllTestUsers: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.user.deleteAllTestUsers, { token: managementKey }),\n ),\n load: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { loginId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Load an existing user by user ID. The ID can be found\n * on the user's JWT.\n * @param userId load a user by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n /\n loadByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { userId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Search all users. Results can be filtered according to tenants and/or\n * roles, and also paginated used the limit and page parameters.\n * @param tenantIds optional list of tenant IDs to filter by\n * @param roles optional list of roles to filter by\n * @param limit optionally limit the response, leave out for default limit\n * @param page optionally paginate over the response\n * @param testUsersOnly optionally filter only test users\n * @param withTestUser optionally include test users in search\n * @returns An array of UserResponse found by the query\n /\n searchAll: (\n tenantIds?: string[],\n roles?: string[],\n limit?: number,\n page?: number,\n testUsersOnly?: boolean,\n withTestUser?: boolean,\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n { tenantIds, roleNames: roles, limit, page, testUsersOnly, withTestUser, customAttributes },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /\n Get the provider token for the given login ID.\n * Only users that logged-in using social providers will have token.\n * Note: The 'Manage tokens from provider' setting must be enabled.\n * @param loginId the login ID of the user\n * @param provider the provider name (google, facebook, etc.).\n * @returns The ProviderTokenResponse of the given user and provider\n /\n getProviderToken: (\n loginId: string,\n provider: string,\n ): Promise<SdkResponse<ProviderTokenResponse>> =>\n transformResponse<ProviderTokenResponse>(\n sdk.httpClient.get(apiPaths.user.getProviderToken, {\n queryParams: { loginId, provider },\n token: managementKey,\n }),\n (data) => data,\n ),\n activate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'enabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n deactivate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'disabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateLoginId: (loginId: string, newLoginId?: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateLoginId,\n { loginId, newLoginId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateEmail: (\n loginId: string,\n email: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateEmail,\n { loginId, email, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePhone: (\n loginId: string,\n phone: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePhone,\n { loginId, phone, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateDisplayName: (loginId: string, displayName: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateDisplayName,\n { loginId, displayName },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePicture: (loginId: string, picture: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePicture,\n { loginId, picture },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateCustomAttribute: (\n loginId: string,\n attributeKey: string,\n attributeValue: AttributesTypes,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateCustomAttribute,\n { loginId, attributeKey, attributeValue },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.addTenant, { loginId, tenantId }, { token: managementKey }),\n (data) => data.user,\n ),\n removeTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n\n /\n Generate OTP for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * Returns the code for the login (exactly as it sent via Email or SMS)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @returns GenerateOTPForTestResponse which includes the loginId and the OTP code\n /\n generateOTPForTestUser: (\n deliveryMethod: DeliveryMethod,\n loginId: string,\n ): Promise<SdkResponse<GenerateOTPForTestResponse>> =>\n transformResponse<GenerateOTPForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateOTPForTest,\n { deliveryMethod, loginId },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Magic Link for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * It returns the link for the login (exactly as it sent via Email)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @returns GenerateMagicLinkForTestResponse which includes the loginId and the magic link\n /\n generateMagicLinkForTestUser: (\n deliveryMethod: DeliveryMethod,\n loginId: string,\n uri: string,\n ): Promise<SdkResponse<GenerateMagicLinkForTestResponse>> =>\n transformResponse<GenerateMagicLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateMagicLinkForTest,\n { deliveryMethod, loginId, URI: uri },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Enchanted Link for the given login ID of a test user.\n * It returns the link for the login (exactly as it sent via Email)\n * and pendingRef which is used to poll for a valid session\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @returns GenerateEnchantedLinkForTestResponse which includes the loginId, the enchanted link and the pendingRef\n /\n generateEnchantedLinkForTestUser: (\n loginId: string,\n uri: string,\n ): Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>> =>\n transformResponse<GenerateEnchantedLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEnchantedLinkForTest,\n { loginId, URI: uri },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Set password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId login ID of a test user\n * @param password The password to set for the user\n /\n setPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Expire password for the given login ID.\n * Note: user sign-in with an expired password, the user will get an error with code.\n * Use the `ResetPassword` or `ReplacePassword` methods to reset/replace the password.\n * @param loginId login ID of a test user\n /\n expirePassword: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.expirePassword, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n});\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CreateTenantResponse, Tenant } from './types';\n\ntype MultipleTenantResponse = {\n tenants: Tenant[];\n};\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n createWithId: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { id, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n update: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { id, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { id }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.get(apiPaths.tenant.loadAll, {\n token: managementKey,\n }),\n (data) => data.tenants,\n ),\n});\n\nexport default withTenant;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UpdateJWTResponse } from './types';\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Group } from './types';\n\nconst withGroup = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Load all groups for a specific tenant id.\n * @param tenantId Tenant ID to load groups from.\n * @returns Group[] list of groups\n /\n loadAllGroups: (tenantId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(apiPaths.group.loadAllGroups, { tenantId }, { token: managementKey }),\n ),\n\n /\n Load all groups for the provided user IDs or login IDs.\n * @param tenantId Tenant ID to load groups from.\n * @param userIds Optional List of user IDs, with the format of \"U2J5ES9S8TkvCgOvcrkpzUgVTEBM\" (example), which can be found on the user's JWT.\n * @param loginIds Optional List of login IDs, how the user identifies when logging in.\n * @returns Group[] list of groups\n /\n loadAllGroupsForMember: (\n tenantId: string,\n userIds: string[],\n loginIds: string[],\n ): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupsForMember,\n { tenantId, loginIds, userIds },\n { token: managementKey },\n ),\n ),\n\n /\n Load all members of the provided group id.\n * @param tenantId Tenant ID to load groups from.\n * @param groupId Group ID to load members for.\n * @returns Group[] list of groups\n /\n loadAllGroupMembers: (tenantId: string, groupId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupMembers,\n { tenantId, groupId },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withGroup;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { RoleMappings, AttributeMapping, SSOSettingsResponse } from './types';\n\nconst withSSOSettings = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: (tenantId: string): Promise<SdkResponse<SSOSettingsResponse>> =>\n transformResponse<SSOSettingsResponse>(\n sdk.httpClient.get(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n deleteSettings: (tenantId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n ),\n configureSettings: (\n tenantId: string,\n idpURL: string,\n idpCert: string,\n entityId: string,\n redirectURL?: string,\n domain?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.settings,\n { tenantId, idpURL, entityId, idpCert, redirectURL, domain },\n { token: managementKey },\n ),\n ),\n configureMetadata: (tenantId: string, idpMetadataURL: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.metadata,\n { tenantId, idpMetadataURL },\n { token: managementKey },\n ),\n ),\n configureMapping: (\n tenantId: string,\n roleMappings?: RoleMappings,\n attributeMapping?: AttributeMapping,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.mapping,\n { tenantId, roleMappings, attributeMapping },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withSSOSettings;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AccessKey, AssociatedTenant, CreatedAccessKeyResponse } from './types';\n\ntype SingleKeyResponse = {\n key: AccessKey;\n};\n\ntype MultipleKeysResponse = {\n keys: AccessKey[];\n};\n\nconst withAccessKey = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Create a new access key for a project.\n * @param name Access key name\n * @param expireTime When the access key expires. Keep at 0 to make it indefinite.\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param keyTenants Optional associated tenants for this key and its roles for each.\n * @returns A newly created key and its cleartext. Make sure to save the cleartext securely.\n /\n create: (\n name: string,\n expireTime: number,\n roles?: string[],\n keyTenants?: AssociatedTenant[],\n ): Promise<SdkResponse<CreatedAccessKeyResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.accessKey.create,\n { name, expireTime, roleNames: roles, keyTenants },\n { token: managementKey },\n ),\n ),\n /\n Load an access key.\n * @param id Access key ID to load\n * @returns The loaded access key.\n /\n load: (id: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.get(apiPaths.accessKey.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data.key,\n ),\n /\n Search all access keys\n * @param tenantIds Optional tenant ID filter to apply on the search results\n * @returns An array of found access keys\n /\n searchAll: (tenantIds?: string[]): Promise<SdkResponse<AccessKey[]>> =>\n transformResponse<MultipleKeysResponse, AccessKey[]>(\n sdk.httpClient.post(apiPaths.accessKey.search, { tenantIds }, { token: managementKey }),\n (data) => data.keys,\n ),\n /\n Update an access key.\n * @param id Access key ID to load\n * @param name The updated access key name\n * @returns The updated access key\n /\n update: (id: string, name: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.post(apiPaths.accessKey.update, { id, name }, { token: managementKey }),\n (data) => data.key,\n ),\n /\n Deactivate an access key. Deactivated access keys cannot be used until they are\n * activated again.\n * @param id Access key ID to deactivate\n /\n deactivate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.deactivate, { id }, { token: managementKey }),\n ),\n /\n Activate an access key. Only deactivated access keys can be activated again.\n * @param id Access key ID to activate\n /\n activate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.activate, { id }, { token: managementKey }),\n ),\n /\n Delete an access key. IMPORTANT: This cannot be undone. Use carefully.\n * @param id Access key ID to delete\n /\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.delete, { id }, { token: managementKey }),\n ),\n});\n\nexport default withAccessKey;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { FlowResponse, FlowsResponse, Screen, Flow } from './types';\n\nconst WithFlow = (sdk: CoreSdk, managementKey?: string) => ({\n list: (): Promise<SdkResponse<FlowsResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.flow.list, {}, { token: managementKey })),\n export: (flowId: string): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.export, { flowId }, { token: managementKey }),\n ),\n import: (flowId: string, flow: Flow, screens?: Screen[]): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.flow.import,\n { flowId, flow, screens },\n { token: managementKey },\n ),\n ),\n});\n\nexport default WithFlow;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Theme, ThemeResponse } from './types';\n\nconst WithTheme = (sdk: CoreSdk, managementKey?: string) => ({\n export: (): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.theme.export, {}, { token: managementKey })),\n import: (theme: Theme): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.theme.import, { theme }, { token: managementKey }),\n ),\n});\n\nexport default WithTheme;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AuditSearchOptions, AuditRecord } from './types';\n\nconst WithAudit = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Search the audit trail for up to last 30 days based on given optional parameters\n * @param searchOptions to filter which audit records to return\n * @returns the audit records array\n /\n search: (searchOptions: AuditSearchOptions): Promise<SdkResponse<AuditRecord[]>> => {\n const body = { ...searchOptions, externalIds: searchOptions.loginIds };\n delete body.loginIds;\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.search, body, { token: managementKey }),\n (data) =>\n data?.audits.map((a) => {\n const res = {\n ...a,\n occurred: parseFloat(a.occurred),\n loginIds: a.externalIds,\n };\n delete res.externalIds;\n return res;\n }),\n );\n },\n});\n\nexport default WithAudit;\n","import nodeFetch, { Headers } from 'node-fetch-commonjs';\n\nglobalThis.Headers ??= Headers;\n\nconst highWaterMarkMb = 1024 1024 * 30; // 30MB\n\n// we are increasing the response buffer size due to an issue where node-fetch hangs when response is too big\nconst patchedFetch = (...args: Parameters<typeof nodeFetch>) => {\n // we can get Request on the first arg, or RequestInfo on the second arg\n // we want to make sure we are setting the \"highWaterMark\" so we are doing it on both args\n args.forEach((arg) => {\n // eslint-disable-next-line no-param-reassign, @typescript-eslint/no-unused-expressions\n arg && ((arg as any).highWaterMark ??= highWaterMarkMb);\n });\n\n return nodeFetch(...args);\n};\n\nexport default patchedFetch as unknown as typeof fetch;\n","import createSdk, { ExchangeAccessKeyResponse, SdkResponse, wrapWith } from '@descope/core-js-sdk';\nimport { JWK, JWTHeaderParameters, KeyLike, errors, importJWK, jwtVerify } from 'jose';\nimport {\n permissionsClaimName,\n refreshTokenCookieName,\n rolesClaimName,\n sessionTokenCookieName,\n} from './constants';\nimport { getAuthorizationClaimItems, isUserAssociatedWithTenant, withCookie } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport fetch from './fetch-polyfill';\n\ndeclare const BUILD_VERSION: string;\n\n/** Configuration arguments which include the Descope core SDK args and an optional management key /\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n publicKey?: string;\n};\n\nconst nodeSdk = ({ managementKey, publicKey, ...config }: NodeSdkArgs) => {\n const coreSdk = createSdk({\n ...config,\n fetch,\n baseHeaders: {\n ...config.baseHeaders,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node \|\| '',\n 'x-descope-sdk-version': BUILD_VERSION,\n },\n });\n\n const { projectId, logger } = config;\n\n const keys: Record<string, KeyLike \| Uint8Array> = {};\n\n /* Fetch the public keys (JWKs) from Descope for the configured project /\n const fetchKeys = async () => {\n if (publicKey) {\n try {\n const parsedKey = JSON.parse(publicKey);\n const key = await importJWK(parsedKey);\n return {\n [parsedKey.kid]: key,\n };\n } catch (e) {\n logger?.error('Failed to parse the provided public key', e);\n throw new Error(`Failed to parse public key. Error: ${e}`);\n }\n }\n\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, managementKey);\n\n const sdk = {\n ...coreSdk,\n\n /\n Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n /\n management,\n\n /* Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. /\n async getKey(header: JWTHeaderParameters): Promise<KeyLike \| Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /\n Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n /\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /\n Validate an active session\n * @param sessionToken session JWT to validate\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateSession(sessionToken: string): Promise<AuthenticationInfo> {\n if (!sessionToken) throw Error('session token is required for validation');\n\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.error('session validation failed', error);\n throw Error(`session validation failed. Error: ${error}`);\n }\n },\n\n /\n Refresh the session using a refresh token\n * @param refreshToken refresh JWT to refresh the session with\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async refreshSession(refreshToken: string): Promise<AuthenticationInfo> {\n if (!refreshToken) throw Error('refresh token is required to refresh a session');\n\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n / istanbul ignore next /\n throw Error(jwtResp.error?.errorMessage);\n } catch (refreshTokenErr) {\n / istanbul ignore next /\n logger?.error('refresh token validation failed', refreshTokenErr);\n throw Error(`refresh token validation failed, Error: ${refreshTokenErr}`);\n }\n },\n\n /\n Validate session and refresh it if it expired\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateAndRefreshSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken) throw Error('both session and refresh tokens are empty');\n\n try {\n const token = await sdk.validateSession(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.log(`session validation failed with error ${error} - trying to refresh it`);\n }\n\n return sdk.refreshSession(refreshToken);\n },\n\n /\n Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @returns AuthneticationInfo with session JWT data\n /\n async exchangeAccessKey(accessKey: string): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error(`could not exchange access key - Failed to exchange. Error: ${error}`);\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error(`could not exchange access key - failed to validate jwt. Error: ${error}`);\n }\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, null, permissions);\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /\n Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, null, roles);\n },\n\n /\n Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n };\n\n return wrapWith(\n sdk,\n [\n 'otp.verify.email',\n 'otp.verify.sms',\n 'otp.verify.whatsapp',\n 'magicLink.verify',\n 'enchantedLink.signUp',\n 'enchantedLink.signIn',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ] as const,\n withCookie,\n );\n};\n\n/* Descope SDK client with delivery methods enum.\n \n Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n \n ```js\n * import descopeSdk from '@descope/node-sdk';\n \n const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n \n const userLoginId = 'loginId';\n * sdk.otp.signIn.email(userLoginId);\n * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);\n * ```\n /\n\nnodeSdk.RefreshTokenCookieName = refreshTokenCookieName;\nnodeSdk.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default nodeSdk;\nexport type {\n DeliveryMethod,\n OAuthProvider,\n ResponseData,\n SdkResponse,\n JWTResponse,\n} from '@descope/core-js-sdk';\nexport type { AuthenticationInfo };\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\nimport withGroup from './group';\nimport withSSOSettings from './sso';\nimport withAccessKey from './accesskey';\nimport WithFlow from './flow';\nimport WithTheme from './theme';\nimport WithAudit from './audit';\n\n/* Constructs a higher level Management API that wraps the functions from code-js-sdk */\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n accessKey: withAccessKey(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n sso: withSSOSettings(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n role: withRole(sdk, managementKey),\n group: withGroup(sdk, managementKey),\n flow: WithFlow(sdk, managementKey),\n theme: WithTheme(sdk, managementKey),\n audit: WithAudit(sdk, managementKey),\n});\n\nexport default withManagement;\n"],"names":["withCookie","fn","async","args","resp","data","_d","refreshJwt","rest","__rest","cookies","options","push","cookieDomain","cookieMaxAge","cookiePath","_a","response","headers","get","cookie","name","match","RegExp","getCookieValue","_b","_c","Object","assign","getAuthorizationClaimItems","authInfo","claim","tenant","value","token","Array","isArray","isUserAssociatedWithTenant","apiPaths","create","update","delete","deleteAllTestUsers","load","search","getProviderToken","updateStatus","updateLoginId","updateEmail","updatePhone","updateDisplayName","updatePicture","updateCustomAttribute","addRole","removeRole","addTenant","removeTenant","setPassword","expirePassword","generateOTPForTest","generateMagicLinkForTest","generateEnchantedLinkForTest","deactivate","activate","loadAll","settings","metadata","mapping","list","export","import","loadAllGroups","loadAllGroupsForMember","loadAllGroupMembers","withUser","sdk","managementKey","loginId","email","phone","displayName","roles","userTenants","customAttributes","picture","transformResponse","httpClient","post","roleNames","user","createTestUser","test","invite","queryParams","loadByUserId","userId","searchAll","tenantIds","limit","page","testUsersOnly","withTestUser","users","provider","status","newLoginId","isVerified","verified","attributeKey","attributeValue","addRoles","removeRoles","tenantId","addTenantRoles","removeTenantRoles","generateOTPForTestUser","deliveryMethod","generateMagicLinkForTestUser","uri","URI","generateEnchantedLinkForTestUser","password","withTenant","selfProvisioningDomains","createWithId","id","tenants","withJWT","jwt","customClaims","withPermission","description","newName","permissions","withRole","permissionNames","withGroup","userIds","loginIds","groupId","withSSOSettings","getSettings","deleteSettings","configureSettings","idpURL","idpCert","entityId","redirectURL","domain","configureMetadata","idpMetadataURL","configureMapping","roleMappings","attributeMapping","withAccessKey","expireTime","keyTenants","key","keys","WithFlow","flowId","flow","screens","WithTheme","theme","WithAudit","searchOptions","body","externalIds","audits","map","a","res","occurred","parseFloat","globalThis","Headers","patchedFetch","forEach","arg","highWaterMark","nodeFetch","nodeSdk","publicKey","config","coreSdk","createSdk","fetch","baseHeaders","process","versions","node","projectId","logger","management","accessKey","sso","permission","role","group","audit","withManagement","header","kid","Error","parsedKey","JSON","parse","importJWK","e","error","publicKeys","then","json","Promise","all","reduce","acc","jwk","toString","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","split","pop","errors","JWTClaimValidationFailed","sessionToken","validateJwt","refreshToken","jwtResp","refresh","ok","sessionJwt","errorMessage","refreshTokenErr","validateSession","log","refreshSession","exchange","validatePermissions","validateTenantPermissions","granted","every","perm","includes","validateRoles","validateTenantRoles","membership","wrapWith","RefreshTokenCookieName","SessionTokenCookieName"],"mappings":"mNAEO,MC+BMA,EACVC,GACDC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAA0BF,EAAKC,MAA/BE,WAAEA,GAAUD,EAAKE,EAAjBC,EAAAA,OAAAH,EAAA,CAAA,eACJ,MAAMI,EAAoB,GAlCP,IAA8BC,EAgDjD,OAZKJ,EASHG,EAAQE,KA5CZ,GDVoC,SCsDoBL,cA5C5BI,OADuBA,EA6CiBH,QA5CxC,EAAAG,EAASE,eAAgB,gBACnDF,aAAA,EAAAA,EAASG,eAAgB,aACjBH,aAAA,EAAAA,EAASI,aAAc,mCAkCZ,QAAbC,EAAAZ,EAAKa,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BZ,EA3Be,EAACa,EAAmCC,KACzD,MAAMC,EAAQF,eAAAA,EAAQE,MAAMC,OAAO,cAAcF,cACjD,OAAOC,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAArB,EAAKa,gBAAQ,IAAAQ,OAAA,EAAAA,EAAEP,QAAQC,IAAI,cDhDC,OCmD9BT,EAAQE,KAAoB,QAAfc,EAAAtB,EAAKa,gBAAU,IAAAS,OAAA,EAAAA,EAAAR,QAAQC,IAAI,gBAMhCQ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAxB,GAAM,CAAAC,KAAWsB,OAAAC,OAAAD,OAAAC,OAAA,GAAAxB,EAAKC,MAAM,CAAAE,aAAYG,aAAY,WAUpDmB,EACdC,EACAC,EACAC,WAEA,MAAMC,EAAQD,EAC0C,QAApDP,EAA6C,QAA7CT,EAAAc,EAASI,MAAgC,eAAI,IAAAlB,OAAA,EAAAA,EAAAgB,UAAO,IAAAP,OAAA,EAAAA,EAAGM,GACvDD,EAASI,MAAMH,GACnB,OAAOI,MAAMC,QAAQH,GAASA,EAAQ,EACxC,CAQgB,SAAAI,EAA2BP,EAA8BE,SACvE,SAAmD,QAA1ChB,EAAAc,EAASI,MAAgC,eAAC,IAAAlB,OAAA,EAAAA,EAAGgB,GACxD,CCvFA,IAAeM,EACP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRC,mBAAoB,gCACpBC,KAAM,gBACNC,OAAQ,uBACRC,iBAAkB,+BAClBC,aAAc,8BACdC,cAAe,+BACfC,YAAa,6BACbC,YAAa,6BACbC,kBAAmB,4BACnBC,cAAe,+BACfC,sBAAuB,uCACvBC,QAAS,gCACTC,WAAY,mCACZC,UAAW,kCACXC,aAAc,qCACdC,YAAa,6BACbC,eAAgB,gCAChBC,mBAAoB,8BACpBC,yBAA0B,oCAC1BC,6BAA8B,yCAxBnBvB,EA0BF,CACTC,OAAQ,4BACRI,KAAM,qBACNC,OAAQ,4BACRJ,OAAQ,4BACRsB,WAAY,gCACZC,SAAU,8BACVtB,OAAQ,6BAjCGH,EAmCL,CACNC,OAAQ,yBACRC,OAAQ,yBACRC,OAAQ,yBACRuB,QAAS,uBAvCE1B,EAyCR,CACH2B,SAAU,wBACVC,SAAU,wBACVC,QAAS,wBA5CE7B,EA8CR,CACHE,OAAQ,uBA/CGF,EAiDD,CACVC,OAAQ,6BACRC,OAAQ,6BACRC,OAAQ,6BACRuB,QAAS,2BArDE1B,EAuDP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRuB,QAAS,qBA3DE1B,EA6DP,CACJ8B,KAAM,qBACNC,OAAQ,uBACRC,OAAQ,wBAhEGhC,EAkEN,CACL+B,OAAQ,wBACRC,OAAQ,yBApEGhC,EAsEN,CACLiC,cAAe,qBACfC,uBAAwB,4BACxBC,oBAAqB,0BAzEVnC,EA2EN,CACLM,OAAQ,yBCzDZ,MAAM8B,EAAW,CAACC,EAAcC,KAA4B,CAC1DrC,OAAQ,CACNsC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAC,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAYnBC,eAAgB,CACdb,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAS,MAAM,EACNR,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBG,OAAQ,CACNf,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAU,QAAQ,EACRT,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBjD,OAAQ,CACNqC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcE,OACd,CACEqC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAC,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBhD,OAASoC,GACPQ,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAcG,OAAQ,CAAEoC,WAAW,CAAE3C,MAAO0C,KAKpElC,mBAAoB,IAClB2C,EAAAA,kBACEV,EAAIW,WAAW7C,OAAOH,EAAcI,mBAAoB,CAAER,MAAO0C,KAErEjC,KAAOkC,GACLQ,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAcK,KAAM,CACrCkD,YAAa,CAAEhB,WACf3C,MAAO0C,KAERvE,GAASA,EAAKoF,OAQnBK,aAAeC,GACbV,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAcK,KAAM,CACrCkD,YAAa,CAAEE,UACf7D,MAAO0C,KAERvE,GAASA,EAAKoF,OAanBO,UAAW,CACTC,EACAhB,EACAiB,EACAC,EACAC,EACAC,EACAlB,IAEAE,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcM,OACd,CAAEqD,YAAWT,UAAWP,EAAOiB,QAAOC,OAAMC,gBAAeC,eAAclB,oBACzE,CAAEjD,MAAO0C,KAEVvE,GAASA,EAAKiG,QAUnBzD,iBAAkB,CAChBgC,EACA0B,IAEAlB,oBACEV,EAAIW,WAAWnE,IAAImB,EAAcO,iBAAkB,CACjDgD,YAAa,CAAEhB,UAAS0B,YACxBrE,MAAO0C,KAERvE,GAASA,IAEd0D,SAAWc,GACTQ,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcQ,aACd,CAAE+B,UAAS2B,OAAQ,WACnB,CAAEtE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB3B,WAAae,GACXQ,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcQ,aACd,CAAE+B,UAAS2B,OAAQ,YACnB,CAAEtE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB1C,cAAe,CAAC8B,EAAiB4B,IAC/BpB,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcS,cACd,CAAE8B,UAAS4B,cACX,CAAEvE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBzC,YAAa,CACX6B,EACAC,EACA4B,IAEArB,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcU,YACd,CAAE6B,UAASC,QAAO6B,SAAUD,GAC5B,CAAExE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBxC,YAAa,CACX4B,EACAE,EACA2B,IAEArB,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcW,YACd,CAAE4B,UAASE,QAAO4B,SAAUD,GAC5B,CAAExE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBvC,kBAAmB,CAAC2B,EAAiBG,IACnCK,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcY,kBACd,CAAE2B,UAASG,eACX,CAAE9C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBtC,cAAe,CAAC0B,EAAiBO,IAC/BC,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAca,cACd,CAAE0B,UAASO,WACX,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBrC,sBAAuB,CACrByB,EACA+B,EACAC,IAEAxB,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcc,sBACd,CAAEyB,UAAS+B,eAAcC,kBACzB,CAAE3E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBqB,SAAU,CAACjC,EAAiBI,IAC1BI,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAce,QACd,CAAEwB,UAASW,UAAWP,GACtB,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBsB,YAAa,CAAClC,EAAiBI,IAC7BI,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcgB,WACd,CAAEuB,UAASW,UAAWP,GACtB,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBlC,UAAW,CAACsB,EAAiBmC,IAC3B3B,EAAiBA,kBACfV,EAAIW,WAAWC,KAAKjD,EAAciB,UAAW,CAAEsB,UAASmC,YAAY,CAAE9E,MAAO0C,KAC5EvE,GAASA,EAAKoF,OAEnBjC,aAAc,CAACqB,EAAiBmC,IAC9B3B,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAckB,aACd,CAAEqB,UAASmC,YACX,CAAE9E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBwB,eAAgB,CACdpC,EACAmC,EACA/B,IAEAI,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAce,QACd,CAAEwB,UAASmC,WAAUxB,UAAWP,GAChC,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnByB,kBAAmB,CACjBrC,EACAmC,EACA/B,IAEAI,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcgB,WACd,CAAEuB,UAASmC,WAAUxB,UAAWP,GAChC,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAanB0B,uBAAwB,CACtBC,EACAvC,IAEAQ,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcqB,mBACd,CAAEyD,iBAAgBvC,WAClB,CAAE3C,MAAO0C,KAEVvE,GAASA,IAcdgH,6BAA8B,CAC5BD,EACAvC,EACAyC,IAEAjC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcsB,yBACd,CAAEwD,iBAAgBvC,UAAS0C,IAAKD,GAChC,CAAEpF,MAAO0C,KAEVvE,GAASA,IAadmH,iCAAkC,CAChC3C,EACAyC,IAEAjC,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcuB,6BACd,CAAEgB,UAAS0C,IAAKD,GAChB,CAAEpF,MAAO0C,KAEVvE,GAASA,IAWdoD,YAAa,CAACoB,EAAiB4C,IAC7BpC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcmB,YACd,CAAEoB,UAAS4C,YACX,CAAEvF,MAAO0C,KAEVvE,GAASA,IASdqD,eAAiBmB,GACfQ,EAAiBA,kBACfV,EAAIW,WAAWC,KAAKjD,EAAcoB,eAAgB,CAAEmB,WAAW,CAAE3C,MAAO0C,KACvEvE,GAASA,MCrcVqH,EAAa,CAAC/C,EAAcC,KAA4B,CAC5DrC,OAAQ,CACNlB,EACAsG,IAEAtC,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAgBC,OAChB,CAAElB,OAAMsG,2BACR,CAAEzF,MAAO0C,KAGfgD,aAAc,CACZC,EACAxG,EACAsG,IAEAtC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAgBC,OAChB,CAAEsF,KAAIxG,OAAMsG,2BACZ,CAAEzF,MAAO0C,KAGfpC,OAAQ,CACNqF,EACAxG,EACAsG,IAEAtC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAgBE,OAChB,CAAEqF,KAAIxG,OAAMsG,2BACZ,CAAEzF,MAAO0C,KAGfnC,OAASoF,GACPxC,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAgBG,OAAQ,CAAEoF,MAAM,CAAE3F,MAAO0C,KAEjEZ,QAAS,IACPqB,EAAiBA,kBACfV,EAAIW,WAAWnE,IAAImB,EAAgB0B,QAAS,CAC1C9B,MAAO0C,KAERvE,GAASA,EAAKyH,YCjDfC,EAAU,CAACpD,EAAcC,KAA4B,CACzDpC,OAAQ,CACNwF,EACAC,IAEA5C,EAAiBA,kBACfV,EAAIW,WAAWC,KAAKjD,EAAaE,OAAQ,CAAEwF,MAAKC,gBAAgB,CAAE/F,MAAO0C,OCFzEsD,EAAiB,CAACvD,EAAcC,KAA4B,CAChErC,OAAQ,CAAClB,EAAc8G,IACrB9C,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAoBC,OACpB,CAAElB,OAAM8G,eACR,CAAEjG,MAAO0C,KAGfpC,OAAQ,CAACnB,EAAc+G,EAAiBD,IACtC9C,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAoBE,OACpB,CAAEnB,OAAM+G,UAASD,eACjB,CAAEjG,MAAO0C,KAGfnC,OAASpB,GACPgE,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAoBG,OAAQ,CAAEpB,QAAQ,CAAEa,MAAO0C,KAEvEZ,QAAS,IACPqB,EAAiBA,kBACfV,EAAIW,WAAWnE,IAAImB,EAAoB0B,QAAS,CAC9C9B,MAAO0C,KAERvE,GAASA,EAAKgI,gBC1BfC,EAAW,CAAC3D,EAAcC,KAA4B,CAC1DrC,OAAQ,CACNlB,EACA8G,EACAI,IAEAlD,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CAAElB,OAAM8G,cAAaI,mBACrB,CAAErG,MAAO0C,KAGfpC,OAAQ,CACNnB,EACA+G,EACAD,EACAI,IAEAlD,oBACEV,EAAIW,WAAWC,KACbjD,EAAcE,OACd,CAAEnB,OAAM+G,UAASD,cAAaI,mBAC9B,CAAErG,MAAO0C,KAGfnC,OAASpB,GACPgE,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAcG,OAAQ,CAAEpB,QAAQ,CAAEa,MAAO0C,KAEjEZ,QAAS,IACPqB,EAAiBA,kBACfV,EAAIW,WAAWnE,IAAImB,EAAc0B,QAAS,CACxC9B,MAAO0C,KAERvE,GAASA,EAAK4E,UCvCfuD,EAAY,CAAC7D,EAAcC,KAA4B,CAM3DL,cAAgByC,GACd3B,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAeiC,cAAe,CAAEyC,YAAY,CAAE9E,MAAO0C,KAU7EJ,uBAAwB,CACtBwC,EACAyB,EACAC,IAEArD,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAekC,uBACf,CAAEwC,WAAU0B,WAAUD,WACtB,CAAEvG,MAAO0C,KAUfH,oBAAqB,CAACuC,EAAkB2B,IACtCtD,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAemC,oBACf,CAAEuC,WAAU2B,WACZ,CAAEzG,MAAO0C,OC1CXgE,EAAkB,CAACjE,EAAcC,KAA4B,CACjEiE,YAAc7B,GACZ3B,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAa2B,SAAU,CACxC4B,YAAa,CAAEmB,YACf9E,MAAO0C,KAERvE,GAASA,IAEdyI,eAAiB9B,GACf3B,EAAAA,kBACEV,EAAIW,WAAW7C,OAAOH,EAAa2B,SAAU,CAC3C4B,YAAa,CAAEmB,YACf9E,MAAO0C,KAGbmE,kBAAmB,CACjB/B,EACAgC,EACAC,EACAC,EACAC,EACAC,IAEA/D,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAa2B,SACb,CAAE+C,WAAUgC,SAAQE,WAAUD,UAASE,cAAaC,UACpD,CAAElH,MAAO0C,KAGfyE,kBAAmB,CAACrC,EAAkBsC,IACpCjE,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAa4B,SACb,CAAE8C,WAAUsC,kBACZ,CAAEpH,MAAO0C,KAGf2E,iBAAkB,CAChBvC,EACAwC,EACAC,IAEApE,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAa6B,QACb,CAAE6C,WAAUwC,eAAcC,oBAC1B,CAAEvH,MAAO0C,OCxCX8E,EAAgB,CAAC/E,EAAcC,KAA4B,CAS/DrC,OAAQ,CACNlB,EACAsI,EACA1E,EACA2E,IAEAvE,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAmBC,OACnB,CAAElB,OAAMsI,aAAYnE,UAAWP,EAAO2E,cACtC,CAAE1H,MAAO0C,KAQfjC,KAAOkF,GACLxC,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAmBK,KAAM,CAC1CkD,YAAa,CAAEgC,MACf3F,MAAO0C,KAERvE,GAASA,EAAKwJ,MAOnB7D,UAAYC,GACVZ,oBACEV,EAAIW,WAAWC,KAAKjD,EAAmBM,OAAQ,CAAEqD,aAAa,CAAE/D,MAAO0C,KACtEvE,GAASA,EAAKyJ,OAQnBtH,OAAQ,CAACqF,EAAYxG,IACnBgE,EAAiBA,kBACfV,EAAIW,WAAWC,KAAKjD,EAAmBE,OAAQ,CAAEqF,KAAIxG,QAAQ,CAAEa,MAAO0C,KACrEvE,GAASA,EAAKwJ,MAOnB/F,WAAa+D,GACXxC,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAmBwB,WAAY,CAAE+D,MAAM,CAAE3F,MAAO0C,KAMxEb,SAAW8D,GACTxC,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAmByB,SAAU,CAAE8D,MAAM,CAAE3F,MAAO0C,KAMtEnC,OAASoF,GACPxC,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAmBG,OAAQ,CAAEoF,MAAM,CAAE3F,MAAO0C,OCvFhEmF,EAAW,CAACpF,EAAcC,KAA4B,CAC1DR,KAAM,IACJiB,EAAiBA,kBAACV,EAAIW,WAAWC,KAAKjD,EAAc8B,KAAM,CAAE,EAAE,CAAElC,MAAO0C,KACzEP,OAAS2F,GACP3E,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAc+B,OAAQ,CAAE2F,UAAU,CAAE9H,MAAO0C,KAEnEN,OAAQ,CAAC0F,EAAgBC,EAAYC,IACnC7E,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcgC,OACd,CAAE0F,SAAQC,OAAMC,WAChB,CAAEhI,MAAO0C,OCZXuF,EAAY,CAACxF,EAAcC,KAA4B,CAC3DP,OAAQ,IACNgB,EAAiBA,kBAACV,EAAIW,WAAWC,KAAKjD,EAAe+B,OAAQ,CAAE,EAAE,CAAEnC,MAAO0C,KAC5EN,OAAS8F,GACP/E,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAegC,OAAQ,CAAE8F,SAAS,CAAElI,MAAO0C,OCL/DyF,EAAY,CAAC1F,EAAcC,KAA4B,CAM3DhC,OAAS0H,IACP,MAAMC,EAAY5I,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA0I,GAAe,CAAAE,YAAaF,EAAc5B,WAE5D,cADO6B,EAAK7B,SACLrD,oBACLV,EAAIW,WAAWC,KAAKjD,EAAeM,OAAQ2H,EAAM,CAAErI,MAAO0C,KACzDvE,GACCA,eAAAA,EAAMoK,OAAOC,KAAKC,IAChB,MAAMC,EACDjJ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA+I,IACHE,SAAUC,WAAWH,EAAEE,UACvBnC,SAAUiC,EAAEH,cAGd,cADOI,EAAIJ,YACJI,CAAG,KAEf,UCxBa,QAAlB5J,EAAA+J,WAAWC,eAAO,IAAAhK,IAAlB+J,WAAWC,QAAYA,EAAOA,SAE9B,MAGMC,EAAe,IAAI9K,KAGvBA,EAAK+K,SAASC,YAEZA,YAASnK,GAAAS,EAAA0J,GAAYC,+BAAAA,cARD,UAQmC,IAGlDC,EAAS,WAAIlL,ICMhBmL,EAAWtK,WAAA4D,cAAEA,EAAa2G,UAAEA,GAASvK,EAAKwK,EAAM/K,EAAAA,OAAAO,EAArC,+BACf,MAAMyK,EAAUC,UACX/J,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA4J,UACHG,EACAC,YAAWjK,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EACN4J,EAAOI,cACV,qBAAsB,SACtB,8BAAiD,UAAZ,OAAPC,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAArK,OAAA,EAAAA,EAAAsK,OAAQ,GACzD,wBAAyB,cAIvBC,UAAEA,EAASC,OAAEA,GAAWT,EAExB1B,EAA6C,CAAA,EAgC7CoC,ECrDe,EAACvH,EAAcC,KAA4B,CAChEa,KAAMf,EAASC,EAAKC,GACpBuH,UAAWzC,EAAc/E,EAAKC,GAC9B5C,OAAQ0F,EAAW/C,EAAKC,GACxBwH,IAAKxD,EAAgBjE,EAAKC,GAC1BoD,IAAKD,EAAQpD,EAAKC,GAClByH,WAAYnE,EAAevD,EAAKC,GAChC0H,KAAMhE,EAAS3D,EAAKC,GACpB2H,MAAO/D,EAAU7D,EAAKC,GACtBqF,KAAMF,EAASpF,EAAKC,GACpBwF,MAAOD,EAAUxF,EAAKC,GACtB4H,MAAOnC,EAAU1F,EAAKC,KD0CH6H,CAAehB,EAAS7G,GAErCD,iCACD8G,GAAO,CAOVS,aAGAhM,aAAawM,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMC,MAAM,gCAE9B,GAAI9C,EAAK4C,EAAOC,KAAM,OAAO7C,EAAK4C,EAAOC,KAKzC,GAFAhL,OAAOC,OAAOkI,OAhDA5J,WAChB,GAAIqL,EACF,IACE,MAAMsB,EAAYC,KAAKC,MAAMxB,GACvB1B,QAAYmD,YAAUH,GAC5B,MAAO,CACL,CAACA,EAAUF,KAAM9C,EAKpB,CAHC,MAAOoD,GAEP,MADAhB,SAAAA,EAAQiB,MAAM,0CAA2CD,GACnD,IAAIL,MAAM,sCAAsCK,IACvD,CAGH,MAGME,SAHoB1B,EAAQnG,WAC/BnE,IAAI,WAAW6K,KACfoB,MAAMhN,GAASA,EAAKiN,UACevD,KACtC,OAAK3H,MAAMC,QAAQ+K,UACQG,QAAQC,IACjCJ,EAAWzC,KAAIxK,MAAO2J,GAAQ,CAACA,EAAI8C,UAAWK,EAAAA,UAAUnD,QAGtC2D,QAClB,CAACC,GAAMd,EAAKe,KAAUf,EAAWhL,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA6L,IAAK,CAACd,EAAIgB,YAAaD,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAsB2BG,KAErB9D,EAAK4C,EAAOC,KAAM,MAAMC,MAAM,gCAEnC,OAAO9C,EAAK4C,EAAOC,IACpB,EAODzM,kBAAkB8H,SAEhB,MACM9F,SADY2L,EAASA,UAAC7F,EAAKrD,EAAImJ,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAI9L,IACFA,EAAM+L,IAAe,QAATjN,EAAAkB,EAAM+L,WAAG,IAAAjN,OAAA,EAAAA,EAAEkN,MAAM,KAAKC,MAC9BjM,EAAM+L,MAAQjC,GAEhB,MAAM,IAAIoC,EAAMA,OAACC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAErG,MAAK9F,QACf,EAODhC,sBAAsBoO,GACpB,IAAKA,EAAc,MAAM1B,MAAM,4CAE/B,IAEE,aADoBjI,EAAI4J,YAAYD,EAMrC,CAJC,MAAOpB,GAGP,MADAjB,SAAAA,EAAQiB,MAAM,4BAA6BA,GACrCN,MAAM,qCAAqCM,IAClD,CACF,EAODhN,qBAAqBsO,WACnB,IAAKA,EAAc,MAAM5B,MAAM,kDAE/B,UACQjI,EAAI4J,YAAYC,GACtB,MAAMC,QAAgB9J,EAAI+J,QAAQF,GAClC,GAAIC,EAAQE,GAAI,CAEd,aADoBhK,EAAI4J,YAA0B,QAAdvN,EAAAyN,EAAQpO,YAAM,IAAAW,OAAA,EAAAA,EAAA4N,WAEnD,CAED,MAAMhC,MAAmB,QAAbnL,EAAAgN,EAAQvB,aAAK,IAAAzL,OAAA,EAAAA,EAAEoN,aAK5B,CAJC,MAAOC,GAGP,MADA7C,SAAAA,EAAQiB,MAAM,kCAAmC4B,GAC3ClC,MAAM,2CAA2CkC,IACxD,CACF,EAQD5O,gCACEoO,EACAE,GAEA,IAAKF,IAAiBE,EAAc,MAAM5B,MAAM,6CAEhD,IAEE,aADoBjI,EAAIoK,gBAAgBT,EAKzC,CAHC,MAAOpB,GAEPjB,SAAAA,EAAQ+C,IAAI,wCAAwC9B,2BACrD,CAED,OAAOvI,EAAIsK,eAAeT,EAC3B,EAODtO,wBAAwBiM,GACtB,IAAKA,EAAW,MAAMS,MAAM,gCAE5B,IAAIxM,EACJ,IACEA,QAAauE,EAAIwH,UAAU+C,SAAS/C,EAIrC,CAHC,MAAOe,GAEP,MADAjB,SAAAA,EAAQiB,MAAM,gCAAiCA,GACzCN,MAAM,8DAA8DM,IAC3E,CAED,MAAM0B,WAAEA,GAAexO,EAAKC,KAC5B,IAAKuO,EAEH,MADA3C,SAAAA,EAAQiB,MAAM,gDACRN,MAAM,iCAGd,IAEE,aADoBjI,EAAI4J,YAAYK,EAKrC,CAHC,MAAO1B,GAEP,MADAjB,SAAAA,EAAQiB,MAAM,sCAAuCA,GAC/CN,MAAM,kEAAkEM,IAC/E,CACF,EAQDiC,oBAAmB,CAACrN,EAA8BuG,IACzC1D,EAAIyK,0BAA0BtN,EAAU,KAAMuG,GASvD+G,0BACEtN,EACAE,EACAqG,GAGA,GAAIrG,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAMqN,EAAUxN,EAA2BC,EftOb,cesO6CE,GAC3E,OAAOqG,EAAYiH,OAAOC,GAASF,EAAQG,SAASD,IACrD,EAQDE,cAAa,CAAC3N,EAA8BmD,IACnCN,EAAI+K,oBAAoB5N,EAAU,KAAMmD,GASjDyK,oBAAoB5N,EAA8BE,EAAgBiD,GAEhE,GAAIjD,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAM2N,EAAa9N,EAA2BC,Ef5PtB,Qe4PgDE,GACxE,OAAOiD,EAAMqK,OAAOhD,GAASqD,EAAWH,SAASlD,IAClD,IAGH,OAAOsD,EAAAA,SACLjL,EACA,CACE,mBACA,iBACA,sBACA,mBACA,uBACA,uBACA,iBACA,gBACA,cACA,yBACA,yBACA,WAEF3E,EACD,EAoBHsL,EAAQuE,uBf9S8B,Me+StCvE,EAAQwE,uBf7S8B"}
1	+ {"version":3,"file":"index.cjs.js","sources":["../../lib/constants.ts","../../lib/helpers.ts","../../lib/management/paths.ts","../../lib/management/user.ts","../../lib/management/tenant.ts","../../lib/management/jwt.ts","../../lib/management/permission.ts","../../lib/management/role.ts","../../lib/management/group.ts","../../lib/management/sso.ts","../../lib/management/accesskey.ts","../../lib/management/flow.ts","../../lib/management/theme.ts","../../lib/management/audit.ts","../../lib/fetch-polyfill.ts","../../lib/index.ts","../../lib/management/index.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name /\nexport const refreshTokenCookieName = 'DSR';\n/* Session JWT cookie name /\nexport const sessionTokenCookieName = 'DS';\n/* The key of the tenants claims in the claims map /\nexport const authorizedTenantsClaimName = 'tenants';\n/* The key of the permissions claims in the claims map either under tenant or top level /\nexport const permissionsClaimName = 'permissions';\n/* The key of the roles claims in the claims map either under tenant or top level /\nexport const rolesClaimName = 'roles';\n","import type { SdkFnWrapper } from '@descope/core-js-sdk';\nimport { authorizedTenantsClaimName, refreshTokenCookieName } from './constants';\nimport { AuthenticationInfo } from './types';\n\n/\n Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n /\nconst generateCookie = (name: string, value: string, options?: Record<string, string \| number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain \|\| ''}; Max-Age=${\n options?.cookieMaxAge \|\| ''\n }; Path=${options?.cookiePath \|\| '/'}; HttpOnly; SameSite=Strict`;\n\n/\n Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n /\nconst getCookieValue = (cookie: string \| null \| undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^\|;\\\\s)${name}=([^;])`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/\n Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n /\nexport const withCookie: SdkFnWrapper<{ refreshJwt?: string; cookies?: string[] }> =\n (fn) =>\n async (...args) => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { refreshJwt, ...rest } = resp.data;\n const cookies: string[] = [];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/\n Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns the claim for the given tenant or top level if tenant is empty\n /\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n\n/\n Check if the user is associated with the given tenant\n * @param authInfo The parsed authentication info from the JWT\n * @param tenant tenant to check if user is associated with\n * @returns true if user is associated with the tenant\n /\nexport function isUserAssociatedWithTenant(authInfo: AuthenticationInfo, tenant: string): boolean {\n return !!authInfo.token[authorizedTenantsClaimName]?.[tenant];\n}\n","/* API paths for the Descope service Management APIs /\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n update: '/v1/mgmt/user/update',\n delete: '/v1/mgmt/user/delete',\n deleteAllTestUsers: '/v1/mgmt/user/test/delete/all',\n load: '/v1/mgmt/user',\n search: '/v1/mgmt/user/search',\n getProviderToken: '/v1/mgmt/user/provider/token',\n updateStatus: '/v1/mgmt/user/update/status',\n updateLoginId: '/v1/mgmt/user/update/loginid',\n updateEmail: '/v1/mgmt/user/update/email',\n updatePhone: '/v1/mgmt/user/update/phone',\n updateDisplayName: '/v1/mgmt/user/update/name',\n updatePicture: '/v1/mgmt/user/update/picture',\n updateCustomAttribute: '/v1/mgmt/user/update/customAttribute',\n addRole: '/v1/mgmt/user/update/role/add',\n removeRole: '/v1/mgmt/user/update/role/remove',\n addTenant: '/v1/mgmt/user/update/tenant/add',\n removeTenant: '/v1/mgmt/user/update/tenant/remove',\n setPassword: '/v1/mgmt/user/password/set',\n expirePassword: '/v1/mgmt/user/password/expire',\n generateOTPForTest: '/v1/mgmt/tests/generate/otp',\n generateMagicLinkForTest: '/v1/mgmt/tests/generate/magiclink',\n generateEnchantedLinkForTest: '/v1/mgmt/tests/generate/enchantedlink',\n },\n accessKey: {\n create: '/v1/mgmt/accesskey/create',\n load: '/v1/mgmt/accesskey',\n search: '/v1/mgmt/accesskey/search',\n update: '/v1/mgmt/accesskey/update',\n deactivate: '/v1/mgmt/accesskey/deactivate',\n activate: '/v1/mgmt/accesskey/activate',\n delete: '/v1/mgmt/accesskey/delete',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n load: '/v1/mgmt/tenant',\n loadAll: '/v1/mgmt/tenant/all',\n },\n sso: {\n settings: '/v1/mgmt/sso/settings',\n metadata: '/v1/mgmt/sso/metadata',\n mapping: '/v1/mgmt/sso/mapping',\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n },\n flow: {\n list: '/v1/mgmt/flow/list',\n export: '/v1/mgmt/flow/export',\n import: '/v1/mgmt/flow/import',\n },\n theme: {\n export: '/v1/mgmt/theme/export',\n import: '/v1/mgmt/theme/import',\n },\n group: {\n loadAllGroups: '/v1/mgmt/group/all',\n loadAllGroupsForMember: '/v1/mgmt/group/member/all',\n loadAllGroupMembers: '/v1/mgmt/group/members',\n },\n audit: {\n search: '/v1/mgmt/audit/search',\n },\n};\n","import { DeliveryMethod, SdkResponse, transformResponse, UserResponse } from '@descope/core-js-sdk';\nimport {\n ProviderTokenResponse,\n AssociatedTenant,\n GenerateEnchantedLinkForTestResponse,\n GenerateMagicLinkForTestResponse,\n GenerateOTPForTestResponse,\n AttributesTypes,\n} from './types';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n /\n Create a new test user.\n * The loginID is required and will determine what the user will use to sign in.\n * Make sure the login id is unique for test. All other fields are optional.\n \n You can later generate OTP, Magic link and enchanted link to use in the test without the need\n * of 3rd party messaging services.\n * Those users are not counted as part of the monthly active users\n * @returns The UserResponse if found, throws otherwise.\n /\n createTestUser: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n test: true,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n invite: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n invite: true,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n update: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.update,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n delete: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { loginId }, { token: managementKey }),\n ),\n /\n Delete all test users in the project.\n /\n deleteAllTestUsers: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.user.deleteAllTestUsers, { token: managementKey }),\n ),\n load: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { loginId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Load an existing user by user ID. The ID can be found\n * on the user's JWT.\n * @param userId load a user by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n /\n loadByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { userId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Search all users. Results can be filtered according to tenants and/or\n * roles, and also paginated used the limit and page parameters.\n * @param tenantIds optional list of tenant IDs to filter by\n * @param roles optional list of roles to filter by\n * @param limit optionally limit the response, leave out for default limit\n * @param page optionally paginate over the response\n * @param testUsersOnly optionally filter only test users\n * @param withTestUser optionally include test users in search\n * @returns An array of UserResponse found by the query\n /\n searchAll: (\n tenantIds?: string[],\n roles?: string[],\n limit?: number,\n page?: number,\n testUsersOnly?: boolean,\n withTestUser?: boolean,\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n { tenantIds, roleNames: roles, limit, page, testUsersOnly, withTestUser, customAttributes },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /\n Get the provider token for the given login ID.\n * Only users that logged-in using social providers will have token.\n * Note: The 'Manage tokens from provider' setting must be enabled.\n * @param loginId the login ID of the user\n * @param provider the provider name (google, facebook, etc.).\n * @returns The ProviderTokenResponse of the given user and provider\n /\n getProviderToken: (\n loginId: string,\n provider: string,\n ): Promise<SdkResponse<ProviderTokenResponse>> =>\n transformResponse<ProviderTokenResponse>(\n sdk.httpClient.get(apiPaths.user.getProviderToken, {\n queryParams: { loginId, provider },\n token: managementKey,\n }),\n (data) => data,\n ),\n activate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'enabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n deactivate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'disabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateLoginId: (loginId: string, newLoginId?: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateLoginId,\n { loginId, newLoginId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateEmail: (\n loginId: string,\n email: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateEmail,\n { loginId, email, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePhone: (\n loginId: string,\n phone: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePhone,\n { loginId, phone, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateDisplayName: (loginId: string, displayName: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateDisplayName,\n { loginId, displayName },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePicture: (loginId: string, picture: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePicture,\n { loginId, picture },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateCustomAttribute: (\n loginId: string,\n attributeKey: string,\n attributeValue: AttributesTypes,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateCustomAttribute,\n { loginId, attributeKey, attributeValue },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.addTenant, { loginId, tenantId }, { token: managementKey }),\n (data) => data.user,\n ),\n removeTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n\n /\n Generate OTP for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * Returns the code for the login (exactly as it sent via Email or SMS)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @returns GenerateOTPForTestResponse which includes the loginId and the OTP code\n /\n generateOTPForTestUser: (\n deliveryMethod: DeliveryMethod,\n loginId: string,\n ): Promise<SdkResponse<GenerateOTPForTestResponse>> =>\n transformResponse<GenerateOTPForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateOTPForTest,\n { deliveryMethod, loginId },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Magic Link for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * It returns the link for the login (exactly as it sent via Email)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @returns GenerateMagicLinkForTestResponse which includes the loginId and the magic link\n /\n generateMagicLinkForTestUser: (\n deliveryMethod: DeliveryMethod,\n loginId: string,\n uri: string,\n ): Promise<SdkResponse<GenerateMagicLinkForTestResponse>> =>\n transformResponse<GenerateMagicLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateMagicLinkForTest,\n { deliveryMethod, loginId, URI: uri },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Enchanted Link for the given login ID of a test user.\n * It returns the link for the login (exactly as it sent via Email)\n * and pendingRef which is used to poll for a valid session\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @returns GenerateEnchantedLinkForTestResponse which includes the loginId, the enchanted link and the pendingRef\n /\n generateEnchantedLinkForTestUser: (\n loginId: string,\n uri: string,\n ): Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>> =>\n transformResponse<GenerateEnchantedLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEnchantedLinkForTest,\n { loginId, URI: uri },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Set password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId login ID of a test user\n * @param password The password to set for the user\n /\n setPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Expire password for the given login ID.\n * Note: user sign-in with an expired password, the user will get an error with code.\n * Use the `ResetPassword` or `ReplacePassword` methods to reset/replace the password.\n * @param loginId login ID of a test user\n /\n expirePassword: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.expirePassword, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n});\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CreateTenantResponse, Tenant } from './types';\n\ntype MultipleTenantResponse = {\n tenants: Tenant[];\n};\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n createWithId: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { id, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n update: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { id, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { id }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<Tenant>> =>\n transformResponse<Tenant, Tenant>(\n sdk.httpClient.get(apiPaths.tenant.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.get(apiPaths.tenant.loadAll, {\n token: managementKey,\n }),\n (data) => data.tenants,\n ),\n});\n\nexport default withTenant;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UpdateJWTResponse } from './types';\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Group } from './types';\n\nconst withGroup = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Load all groups for a specific tenant id.\n * @param tenantId Tenant ID to load groups from.\n * @returns Group[] list of groups\n /\n loadAllGroups: (tenantId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(apiPaths.group.loadAllGroups, { tenantId }, { token: managementKey }),\n ),\n\n /\n Load all groups for the provided user IDs or login IDs.\n * @param tenantId Tenant ID to load groups from.\n * @param userIds Optional List of user IDs, with the format of \"U2J5ES9S8TkvCgOvcrkpzUgVTEBM\" (example), which can be found on the user's JWT.\n * @param loginIds Optional List of login IDs, how the user identifies when logging in.\n * @returns Group[] list of groups\n /\n loadAllGroupsForMember: (\n tenantId: string,\n userIds: string[],\n loginIds: string[],\n ): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupsForMember,\n { tenantId, loginIds, userIds },\n { token: managementKey },\n ),\n ),\n\n /\n Load all members of the provided group id.\n * @param tenantId Tenant ID to load groups from.\n * @param groupId Group ID to load members for.\n * @returns Group[] list of groups\n /\n loadAllGroupMembers: (tenantId: string, groupId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupMembers,\n { tenantId, groupId },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withGroup;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { RoleMappings, AttributeMapping, SSOSettingsResponse } from './types';\n\nconst withSSOSettings = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: (tenantId: string): Promise<SdkResponse<SSOSettingsResponse>> =>\n transformResponse<SSOSettingsResponse>(\n sdk.httpClient.get(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n deleteSettings: (tenantId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n ),\n configureSettings: (\n tenantId: string,\n idpURL: string,\n idpCert: string,\n entityId: string,\n redirectURL: string,\n domain: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.settings,\n { tenantId, idpURL, entityId, idpCert, redirectURL, domain },\n { token: managementKey },\n ),\n ),\n configureMetadata: (\n tenantId: string,\n idpMetadataURL: string,\n redirectURL: string,\n domain: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.metadata,\n { tenantId, idpMetadataURL, redirectURL, domain },\n { token: managementKey },\n ),\n ),\n configureMapping: (\n tenantId: string,\n roleMappings?: RoleMappings,\n attributeMapping?: AttributeMapping,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.mapping,\n { tenantId, roleMappings, attributeMapping },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withSSOSettings;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AccessKey, AssociatedTenant, CreatedAccessKeyResponse } from './types';\n\ntype SingleKeyResponse = {\n key: AccessKey;\n};\n\ntype MultipleKeysResponse = {\n keys: AccessKey[];\n};\n\nconst withAccessKey = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Create a new access key for a project.\n * @param name Access key name\n * @param expireTime When the access key expires. Keep at 0 to make it indefinite.\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param keyTenants Optional associated tenants for this key and its roles for each.\n * @returns A newly created key and its cleartext. Make sure to save the cleartext securely.\n /\n create: (\n name: string,\n expireTime: number,\n roles?: string[],\n keyTenants?: AssociatedTenant[],\n ): Promise<SdkResponse<CreatedAccessKeyResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.accessKey.create,\n { name, expireTime, roleNames: roles, keyTenants },\n { token: managementKey },\n ),\n ),\n /\n Load an access key.\n * @param id Access key ID to load\n * @returns The loaded access key.\n /\n load: (id: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.get(apiPaths.accessKey.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data.key,\n ),\n /\n Search all access keys\n * @param tenantIds Optional tenant ID filter to apply on the search results\n * @returns An array of found access keys\n /\n searchAll: (tenantIds?: string[]): Promise<SdkResponse<AccessKey[]>> =>\n transformResponse<MultipleKeysResponse, AccessKey[]>(\n sdk.httpClient.post(apiPaths.accessKey.search, { tenantIds }, { token: managementKey }),\n (data) => data.keys,\n ),\n /\n Update an access key.\n * @param id Access key ID to load\n * @param name The updated access key name\n * @returns The updated access key\n /\n update: (id: string, name: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.post(apiPaths.accessKey.update, { id, name }, { token: managementKey }),\n (data) => data.key,\n ),\n /\n Deactivate an access key. Deactivated access keys cannot be used until they are\n * activated again.\n * @param id Access key ID to deactivate\n /\n deactivate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.deactivate, { id }, { token: managementKey }),\n ),\n /\n Activate an access key. Only deactivated access keys can be activated again.\n * @param id Access key ID to activate\n /\n activate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.activate, { id }, { token: managementKey }),\n ),\n /\n Delete an access key. IMPORTANT: This cannot be undone. Use carefully.\n * @param id Access key ID to delete\n /\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.delete, { id }, { token: managementKey }),\n ),\n});\n\nexport default withAccessKey;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { FlowResponse, FlowsResponse, Screen, Flow } from './types';\n\nconst WithFlow = (sdk: CoreSdk, managementKey?: string) => ({\n list: (): Promise<SdkResponse<FlowsResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.flow.list, {}, { token: managementKey })),\n export: (flowId: string): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.export, { flowId }, { token: managementKey }),\n ),\n import: (flowId: string, flow: Flow, screens?: Screen[]): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.flow.import,\n { flowId, flow, screens },\n { token: managementKey },\n ),\n ),\n});\n\nexport default WithFlow;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Theme, ThemeResponse } from './types';\n\nconst WithTheme = (sdk: CoreSdk, managementKey?: string) => ({\n export: (): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.theme.export, {}, { token: managementKey })),\n import: (theme: Theme): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.theme.import, { theme }, { token: managementKey }),\n ),\n});\n\nexport default WithTheme;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AuditSearchOptions, AuditRecord } from './types';\n\nconst WithAudit = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Search the audit trail for up to last 30 days based on given optional parameters\n * @param searchOptions to filter which audit records to return\n * @returns the audit records array\n /\n search: (searchOptions: AuditSearchOptions): Promise<SdkResponse<AuditRecord[]>> => {\n const body = { ...searchOptions, externalIds: searchOptions.loginIds };\n delete body.loginIds;\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.search, body, { token: managementKey }),\n (data) =>\n data?.audits.map((a) => {\n const res = {\n ...a,\n occurred: parseFloat(a.occurred),\n loginIds: a.externalIds,\n };\n delete res.externalIds;\n return res;\n }),\n );\n },\n});\n\nexport default WithAudit;\n","import nodeFetch, { Headers } from 'node-fetch-commonjs';\n\nglobalThis.Headers ??= Headers;\n\nconst highWaterMarkMb = 1024 1024 * 30; // 30MB\n\n// we are increasing the response buffer size due to an issue where node-fetch hangs when response is too big\nconst patchedFetch = (...args: Parameters<typeof nodeFetch>) => {\n // we can get Request on the first arg, or RequestInfo on the second arg\n // we want to make sure we are setting the \"highWaterMark\" so we are doing it on both args\n args.forEach((arg) => {\n // eslint-disable-next-line no-param-reassign, @typescript-eslint/no-unused-expressions\n arg && ((arg as any).highWaterMark ??= highWaterMarkMb);\n });\n\n return nodeFetch(...args);\n};\n\nexport default patchedFetch as unknown as typeof fetch;\n","import createSdk, { ExchangeAccessKeyResponse, SdkResponse, wrapWith } from '@descope/core-js-sdk';\nimport { JWK, JWTHeaderParameters, KeyLike, errors, importJWK, jwtVerify } from 'jose';\nimport {\n permissionsClaimName,\n refreshTokenCookieName,\n rolesClaimName,\n sessionTokenCookieName,\n} from './constants';\nimport { getAuthorizationClaimItems, isUserAssociatedWithTenant, withCookie } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport fetch from './fetch-polyfill';\n\ndeclare const BUILD_VERSION: string;\n\n/** Configuration arguments which include the Descope core SDK args and an optional management key /\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n publicKey?: string;\n};\n\nconst nodeSdk = ({ managementKey, publicKey, ...config }: NodeSdkArgs) => {\n const coreSdk = createSdk({\n ...config,\n fetch,\n baseHeaders: {\n ...config.baseHeaders,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node \|\| '',\n 'x-descope-sdk-version': BUILD_VERSION,\n },\n });\n\n const { projectId, logger } = config;\n\n const keys: Record<string, KeyLike \| Uint8Array> = {};\n\n /* Fetch the public keys (JWKs) from Descope for the configured project /\n const fetchKeys = async () => {\n if (publicKey) {\n try {\n const parsedKey = JSON.parse(publicKey);\n const key = await importJWK(parsedKey);\n return {\n [parsedKey.kid]: key,\n };\n } catch (e) {\n logger?.error('Failed to parse the provided public key', e);\n throw new Error(`Failed to parse public key. Error: ${e}`);\n }\n }\n\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, managementKey);\n\n const sdk = {\n ...coreSdk,\n\n /\n Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n /\n management,\n\n /* Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. /\n async getKey(header: JWTHeaderParameters): Promise<KeyLike \| Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /\n Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n /\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /\n Validate an active session\n * @param sessionToken session JWT to validate\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateSession(sessionToken: string): Promise<AuthenticationInfo> {\n if (!sessionToken) throw Error('session token is required for validation');\n\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.error('session validation failed', error);\n throw Error(`session validation failed. Error: ${error}`);\n }\n },\n\n /\n Refresh the session using a refresh token\n * @param refreshToken refresh JWT to refresh the session with\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async refreshSession(refreshToken: string): Promise<AuthenticationInfo> {\n if (!refreshToken) throw Error('refresh token is required to refresh a session');\n\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n / istanbul ignore next /\n throw Error(jwtResp.error?.errorMessage);\n } catch (refreshTokenErr) {\n / istanbul ignore next /\n logger?.error('refresh token validation failed', refreshTokenErr);\n throw Error(`refresh token validation failed, Error: ${refreshTokenErr}`);\n }\n },\n\n /\n Validate session and refresh it if it expired\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateAndRefreshSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken) throw Error('both session and refresh tokens are empty');\n\n try {\n const token = await sdk.validateSession(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.log(`session validation failed with error ${error} - trying to refresh it`);\n }\n\n return sdk.refreshSession(refreshToken);\n },\n\n /\n Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @returns AuthenticationInfo with session JWT data\n /\n async exchangeAccessKey(accessKey: string): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error(`could not exchange access key - Failed to exchange. Error: ${error}`);\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error(`could not exchange access key - failed to validate jwt. Error: ${error}`);\n }\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, null, permissions);\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /\n Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, null, roles);\n },\n\n /\n Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n };\n\n return wrapWith(\n sdk,\n [\n 'otp.verify.email',\n 'otp.verify.sms',\n 'otp.verify.whatsapp',\n 'magicLink.verify',\n 'enchantedLink.signUp',\n 'enchantedLink.signIn',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ] as const,\n withCookie,\n );\n};\n\n/* Descope SDK client with delivery methods enum.\n \n Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n \n ```js\n * import descopeSdk from '@descope/node-sdk';\n \n const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n \n const userLoginId = 'loginId';\n * sdk.otp.signIn.email(userLoginId);\n * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);\n * ```\n /\n\nnodeSdk.RefreshTokenCookieName = refreshTokenCookieName;\nnodeSdk.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default nodeSdk;\nexport type {\n DeliveryMethod,\n OAuthProvider,\n ResponseData,\n SdkResponse,\n JWTResponse,\n} from '@descope/core-js-sdk';\nexport type { AuthenticationInfo };\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\nimport withGroup from './group';\nimport withSSOSettings from './sso';\nimport withAccessKey from './accesskey';\nimport WithFlow from './flow';\nimport WithTheme from './theme';\nimport WithAudit from './audit';\n\n/* Constructs a higher level Management API that wraps the functions from code-js-sdk */\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n accessKey: withAccessKey(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n sso: withSSOSettings(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n role: withRole(sdk, managementKey),\n group: withGroup(sdk, managementKey),\n flow: WithFlow(sdk, managementKey),\n theme: WithTheme(sdk, managementKey),\n audit: WithAudit(sdk, managementKey),\n});\n\nexport default withManagement;\n"],"names":["refreshTokenCookieName","authorizedTenantsClaimName","withCookie","fn","async","args","resp","data","_d","refreshJwt","rest","__rest","cookies","options","push","cookieDomain","cookieMaxAge","cookiePath","_a","response","headers","get","cookie","name","match","RegExp","getCookieValue","_b","_c","Object","assign","getAuthorizationClaimItems","authInfo","claim","tenant","value","token","Array","isArray","isUserAssociatedWithTenant","apiPaths","create","update","delete","deleteAllTestUsers","load","search","getProviderToken","updateStatus","updateLoginId","updateEmail","updatePhone","updateDisplayName","updatePicture","updateCustomAttribute","addRole","removeRole","addTenant","removeTenant","setPassword","expirePassword","generateOTPForTest","generateMagicLinkForTest","generateEnchantedLinkForTest","deactivate","activate","loadAll","settings","metadata","mapping","list","export","import","loadAllGroups","loadAllGroupsForMember","loadAllGroupMembers","withUser","sdk","managementKey","loginId","email","phone","displayName","roles","userTenants","customAttributes","picture","transformResponse","httpClient","post","roleNames","user","createTestUser","test","invite","verifiedEmail","verifiedPhone","queryParams","loadByUserId","userId","searchAll","tenantIds","limit","page","testUsersOnly","withTestUser","users","provider","status","newLoginId","isVerified","verified","attributeKey","attributeValue","addRoles","removeRoles","tenantId","addTenantRoles","removeTenantRoles","generateOTPForTestUser","deliveryMethod","generateMagicLinkForTestUser","uri","URI","generateEnchantedLinkForTestUser","password","withTenant","selfProvisioningDomains","createWithId","id","tenants","withJWT","jwt","customClaims","withPermission","description","newName","permissions","withRole","permissionNames","withGroup","userIds","loginIds","groupId","withSSOSettings","getSettings","deleteSettings","configureSettings","idpURL","idpCert","entityId","redirectURL","domain","configureMetadata","idpMetadataURL","configureMapping","roleMappings","attributeMapping","withAccessKey","expireTime","keyTenants","key","keys","WithFlow","flowId","flow","screens","WithTheme","theme","WithAudit","searchOptions","body","externalIds","audits","map","a","res","occurred","parseFloat","globalThis","Headers","patchedFetch","forEach","arg","highWaterMark","nodeFetch","nodeSdk","publicKey","config","coreSdk","createSdk","fetch","baseHeaders","process","versions","node","projectId","logger","management","accessKey","sso","permission","role","group","audit","withManagement","header","kid","Error","parsedKey","JSON","parse","importJWK","e","error","publicKeys","then","json","Promise","all","reduce","acc","jwk","toString","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","split","pop","errors","JWTClaimValidationFailed","sessionToken","validateJwt","refreshToken","jwtResp","refresh","ok","sessionJwt","errorMessage","refreshTokenErr","validateSession","log","refreshSession","exchange","validatePermissions","validateTenantPermissions","granted","every","perm","includes","validateRoles","validateTenantRoles","membership","wrapWith","RefreshTokenCookieName","SessionTokenCookieName"],"mappings":"mNAEO,MAAMA,EAAyB,MAIzBC,EAA6B,UC2B7BC,EACVC,GACDC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAA0BF,EAAKC,MAA/BE,WAAEA,GAAUD,EAAKE,EAAjBC,EAAAA,OAAAH,EAAA,CAAA,eACJ,MAAMI,EAAoB,GAlCP,IAA8BC,EAgDjD,OAZKJ,EASHG,EAAQE,KA5CZ,GA4CgCd,KAAwBS,cA5C5BI,OADuBA,EA6CiBH,QA5CxC,EAAAG,EAASE,eAAgB,gBACnDF,aAAA,EAAAA,EAASG,eAAgB,aACjBH,aAAA,EAAAA,EAASI,aAAc,mCAkCZ,QAAbC,EAAAZ,EAAKa,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BZ,EA3Be,EAACa,EAAmCC,KACzD,MAAMC,EAAQF,eAAAA,EAAQE,MAAMC,OAAO,cAAcF,cACjD,OAAOC,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAArB,EAAKa,gBAAQ,IAAAQ,OAAA,EAAAA,EAAEP,QAAQC,IAAI,cAC3BrB,GAEFY,EAAQE,KAAoB,QAAfc,EAAAtB,EAAKa,gBAAU,IAAAS,OAAA,EAAAA,EAAAR,QAAQC,IAAI,gBAMhCQ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAxB,GAAM,CAAAC,KAAWsB,OAAAC,OAAAD,OAAAC,OAAA,GAAAxB,EAAKC,MAAM,CAAAE,aAAYG,aAAY,WAUpDmB,EACdC,EACAC,EACAC,WAEA,MAAMC,EAAQD,EAC0C,QAApDP,EAA6C,QAA7CT,EAAAc,EAASI,MAAMnC,UAA8B,IAAAiB,OAAA,EAAAA,EAAAgB,UAAO,IAAAP,OAAA,EAAAA,EAAGM,GACvDD,EAASI,MAAMH,GACnB,OAAOI,MAAMC,QAAQH,GAASA,EAAQ,EACxC,CAQgB,SAAAI,EAA2BP,EAA8BE,SACvE,SAAmD,QAA1ChB,EAAAc,EAASI,MAAMnC,UAA2B,IAAAiB,OAAA,EAAAA,EAAGgB,GACxD,CCvFA,IAAeM,EACP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRC,mBAAoB,gCACpBC,KAAM,gBACNC,OAAQ,uBACRC,iBAAkB,+BAClBC,aAAc,8BACdC,cAAe,+BACfC,YAAa,6BACbC,YAAa,6BACbC,kBAAmB,4BACnBC,cAAe,+BACfC,sBAAuB,uCACvBC,QAAS,gCACTC,WAAY,mCACZC,UAAW,kCACXC,aAAc,qCACdC,YAAa,6BACbC,eAAgB,gCAChBC,mBAAoB,8BACpBC,yBAA0B,oCAC1BC,6BAA8B,yCAxBnBvB,EA0BF,CACTC,OAAQ,4BACRI,KAAM,qBACNC,OAAQ,4BACRJ,OAAQ,4BACRsB,WAAY,gCACZC,SAAU,8BACVtB,OAAQ,6BAjCGH,EAmCL,CACNC,OAAQ,yBACRC,OAAQ,yBACRC,OAAQ,yBACRE,KAAM,kBACNqB,QAAS,uBAxCE1B,EA0CR,CACH2B,SAAU,wBACVC,SAAU,wBACVC,QAAS,wBA7CE7B,EA+CR,CACHE,OAAQ,uBAhDGF,EAkDD,CACVC,OAAQ,6BACRC,OAAQ,6BACRC,OAAQ,6BACRuB,QAAS,2BAtDE1B,EAwDP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRuB,QAAS,qBA5DE1B,EA8DP,CACJ8B,KAAM,qBACNC,OAAQ,uBACRC,OAAQ,wBAjEGhC,EAmEN,CACL+B,OAAQ,wBACRC,OAAQ,yBArEGhC,EAuEN,CACLiC,cAAe,qBACfC,uBAAwB,4BACxBC,oBAAqB,0BA1EVnC,EA4EN,CACLM,OAAQ,yBC1DZ,MAAM8B,EAAW,CAACC,EAAcC,KAA4B,CAC1DrC,OAAQ,CACNsC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAC,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAYnBC,eAAgB,CACdb,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAS,MAAM,EACNR,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBG,OAAQ,CACNf,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAU,QAAQ,EACRT,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBjD,OAAQ,CACNqC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAS,EACAC,IAEAT,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcE,OACd,CACEqC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAC,mBACAC,UACAS,gBACAC,iBAEF,CAAE5D,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBhD,OAASoC,GACPQ,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAcG,OAAQ,CAAEoC,WAAW,CAAE3C,MAAO0C,KAKpElC,mBAAoB,IAClB2C,EAAAA,kBACEV,EAAIW,WAAW7C,OAAOH,EAAcI,mBAAoB,CAAER,MAAO0C,KAErEjC,KAAOkC,GACLQ,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAcK,KAAM,CACrCoD,YAAa,CAAElB,WACf3C,MAAO0C,KAERvE,GAASA,EAAKoF,OAQnBO,aAAeC,GACbZ,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAcK,KAAM,CACrCoD,YAAa,CAAEE,UACf/D,MAAO0C,KAERvE,GAASA,EAAKoF,OAanBS,UAAW,CACTC,EACAlB,EACAmB,EACAC,EACAC,EACAC,EACApB,IAEAE,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcM,OACd,CAAEuD,YAAWX,UAAWP,EAAOmB,QAAOC,OAAMC,gBAAeC,eAAcpB,oBACzE,CAAEjD,MAAO0C,KAEVvE,GAASA,EAAKmG,QAUnB3D,iBAAkB,CAChBgC,EACA4B,IAEApB,oBACEV,EAAIW,WAAWnE,IAAImB,EAAcO,iBAAkB,CACjDkD,YAAa,CAAElB,UAAS4B,YACxBvE,MAAO0C,KAERvE,GAASA,IAEd0D,SAAWc,GACTQ,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcQ,aACd,CAAE+B,UAAS6B,OAAQ,WACnB,CAAExE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB3B,WAAae,GACXQ,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcQ,aACd,CAAE+B,UAAS6B,OAAQ,YACnB,CAAExE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB1C,cAAe,CAAC8B,EAAiB8B,IAC/BtB,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcS,cACd,CAAE8B,UAAS8B,cACX,CAAEzE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBzC,YAAa,CACX6B,EACAC,EACA8B,IAEAvB,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcU,YACd,CAAE6B,UAASC,QAAO+B,SAAUD,GAC5B,CAAE1E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBxC,YAAa,CACX4B,EACAE,EACA6B,IAEAvB,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcW,YACd,CAAE4B,UAASE,QAAO8B,SAAUD,GAC5B,CAAE1E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBvC,kBAAmB,CAAC2B,EAAiBG,IACnCK,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcY,kBACd,CAAE2B,UAASG,eACX,CAAE9C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBtC,cAAe,CAAC0B,EAAiBO,IAC/BC,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAca,cACd,CAAE0B,UAASO,WACX,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBrC,sBAAuB,CACrByB,EACAiC,EACAC,IAEA1B,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcc,sBACd,CAAEyB,UAASiC,eAAcC,kBACzB,CAAE7E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBuB,SAAU,CAACnC,EAAiBI,IAC1BI,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAce,QACd,CAAEwB,UAASW,UAAWP,GACtB,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBwB,YAAa,CAACpC,EAAiBI,IAC7BI,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcgB,WACd,CAAEuB,UAASW,UAAWP,GACtB,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBlC,UAAW,CAACsB,EAAiBqC,IAC3B7B,EAAiBA,kBACfV,EAAIW,WAAWC,KAAKjD,EAAciB,UAAW,CAAEsB,UAASqC,YAAY,CAAEhF,MAAO0C,KAC5EvE,GAASA,EAAKoF,OAEnBjC,aAAc,CAACqB,EAAiBqC,IAC9B7B,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAckB,aACd,CAAEqB,UAASqC,YACX,CAAEhF,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB0B,eAAgB,CACdtC,EACAqC,EACAjC,IAEAI,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAce,QACd,CAAEwB,UAASqC,WAAU1B,UAAWP,GAChC,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB2B,kBAAmB,CACjBvC,EACAqC,EACAjC,IAEAI,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcgB,WACd,CAAEuB,UAASqC,WAAU1B,UAAWP,GAChC,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAanB4B,uBAAwB,CACtBC,EACAzC,IAEAQ,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcqB,mBACd,CAAE2D,iBAAgBzC,WAClB,CAAE3C,MAAO0C,KAEVvE,GAASA,IAcdkH,6BAA8B,CAC5BD,EACAzC,EACA2C,IAEAnC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcsB,yBACd,CAAE0D,iBAAgBzC,UAAS4C,IAAKD,GAChC,CAAEtF,MAAO0C,KAEVvE,GAASA,IAadqH,iCAAkC,CAChC7C,EACA2C,IAEAnC,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAcuB,6BACd,CAAEgB,UAAS4C,IAAKD,GAChB,CAAEtF,MAAO0C,KAEVvE,GAASA,IAWdoD,YAAa,CAACoB,EAAiB8C,IAC7BtC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcmB,YACd,CAAEoB,UAAS8C,YACX,CAAEzF,MAAO0C,KAEVvE,GAASA,IASdqD,eAAiBmB,GACfQ,EAAiBA,kBACfV,EAAIW,WAAWC,KAAKjD,EAAcoB,eAAgB,CAAEmB,WAAW,CAAE3C,MAAO0C,KACvEvE,GAASA,MCzcVuH,EAAa,CAACjD,EAAcC,KAA4B,CAC5DrC,OAAQ,CACNlB,EACAwG,IAEAxC,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAgBC,OAChB,CAAElB,OAAMwG,2BACR,CAAE3F,MAAO0C,KAGfkD,aAAc,CACZC,EACA1G,EACAwG,IAEAxC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAgBC,OAChB,CAAEwF,KAAI1G,OAAMwG,2BACZ,CAAE3F,MAAO0C,KAGfpC,OAAQ,CACNuF,EACA1G,EACAwG,IAEAxC,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAgBE,OAChB,CAAEuF,KAAI1G,OAAMwG,2BACZ,CAAE3F,MAAO0C,KAGfnC,OAASsF,GACP1C,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAgBG,OAAQ,CAAEsF,MAAM,CAAE7F,MAAO0C,KAEjEjC,KAAOoF,GACL1C,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAgBK,KAAM,CACvCoD,YAAa,CAAEgC,MACf7F,MAAO0C,KAERvE,GAASA,IAEd2D,QAAS,IACPqB,EAAiBA,kBACfV,EAAIW,WAAWnE,IAAImB,EAAgB0B,QAAS,CAC1C9B,MAAO0C,KAERvE,GAASA,EAAK2H,YCzDfC,EAAU,CAACtD,EAAcC,KAA4B,CACzDpC,OAAQ,CACN0F,EACAC,IAEA9C,EAAiBA,kBACfV,EAAIW,WAAWC,KAAKjD,EAAaE,OAAQ,CAAE0F,MAAKC,gBAAgB,CAAEjG,MAAO0C,OCFzEwD,EAAiB,CAACzD,EAAcC,KAA4B,CAChErC,OAAQ,CAAClB,EAAcgH,IACrBhD,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAoBC,OACpB,CAAElB,OAAMgH,eACR,CAAEnG,MAAO0C,KAGfpC,OAAQ,CAACnB,EAAciH,EAAiBD,IACtChD,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAoBE,OACpB,CAAEnB,OAAMiH,UAASD,eACjB,CAAEnG,MAAO0C,KAGfnC,OAASpB,GACPgE,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAoBG,OAAQ,CAAEpB,QAAQ,CAAEa,MAAO0C,KAEvEZ,QAAS,IACPqB,EAAiBA,kBACfV,EAAIW,WAAWnE,IAAImB,EAAoB0B,QAAS,CAC9C9B,MAAO0C,KAERvE,GAASA,EAAKkI,gBC1BfC,EAAW,CAAC7D,EAAcC,KAA4B,CAC1DrC,OAAQ,CACNlB,EACAgH,EACAI,IAEApD,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CAAElB,OAAMgH,cAAaI,mBACrB,CAAEvG,MAAO0C,KAGfpC,OAAQ,CACNnB,EACAiH,EACAD,EACAI,IAEApD,oBACEV,EAAIW,WAAWC,KACbjD,EAAcE,OACd,CAAEnB,OAAMiH,UAASD,cAAaI,mBAC9B,CAAEvG,MAAO0C,KAGfnC,OAASpB,GACPgE,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAcG,OAAQ,CAAEpB,QAAQ,CAAEa,MAAO0C,KAEjEZ,QAAS,IACPqB,EAAiBA,kBACfV,EAAIW,WAAWnE,IAAImB,EAAc0B,QAAS,CACxC9B,MAAO0C,KAERvE,GAASA,EAAK4E,UCvCfyD,EAAY,CAAC/D,EAAcC,KAA4B,CAM3DL,cAAgB2C,GACd7B,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAeiC,cAAe,CAAE2C,YAAY,CAAEhF,MAAO0C,KAU7EJ,uBAAwB,CACtB0C,EACAyB,EACAC,IAEAvD,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAekC,uBACf,CAAE0C,WAAU0B,WAAUD,WACtB,CAAEzG,MAAO0C,KAUfH,oBAAqB,CAACyC,EAAkB2B,IACtCxD,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAemC,oBACf,CAAEyC,WAAU2B,WACZ,CAAE3G,MAAO0C,OC1CXkE,EAAkB,CAACnE,EAAcC,KAA4B,CACjEmE,YAAc7B,GACZ7B,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAa2B,SAAU,CACxC8B,YAAa,CAAEmB,YACfhF,MAAO0C,KAERvE,GAASA,IAEd2I,eAAiB9B,GACf7B,EAAAA,kBACEV,EAAIW,WAAW7C,OAAOH,EAAa2B,SAAU,CAC3C8B,YAAa,CAAEmB,YACfhF,MAAO0C,KAGbqE,kBAAmB,CACjB/B,EACAgC,EACAC,EACAC,EACAC,EACAC,IAEAjE,EAAiBA,kBACfV,EAAIW,WAAWC,KACbjD,EAAa2B,SACb,CAAEiD,WAAUgC,SAAQE,WAAUD,UAASE,cAAaC,UACpD,CAAEpH,MAAO0C,KAGf2E,kBAAmB,CACjBrC,EACAsC,EACAH,EACAC,IAEAjE,oBACEV,EAAIW,WAAWC,KACbjD,EAAa4B,SACb,CAAEgD,WAAUsC,iBAAgBH,cAAaC,UACzC,CAAEpH,MAAO0C,KAGf6E,iBAAkB,CAChBvC,EACAwC,EACAC,IAEAtE,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAa6B,QACb,CAAE+C,WAAUwC,eAAcC,oBAC1B,CAAEzH,MAAO0C,OC7CXgF,EAAgB,CAACjF,EAAcC,KAA4B,CAS/DrC,OAAQ,CACNlB,EACAwI,EACA5E,EACA6E,IAEAzE,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAmBC,OACnB,CAAElB,OAAMwI,aAAYrE,UAAWP,EAAO6E,cACtC,CAAE5H,MAAO0C,KAQfjC,KAAOoF,GACL1C,EAAAA,kBACEV,EAAIW,WAAWnE,IAAImB,EAAmBK,KAAM,CAC1CoD,YAAa,CAAEgC,MACf7F,MAAO0C,KAERvE,GAASA,EAAK0J,MAOnB7D,UAAYC,GACVd,oBACEV,EAAIW,WAAWC,KAAKjD,EAAmBM,OAAQ,CAAEuD,aAAa,CAAEjE,MAAO0C,KACtEvE,GAASA,EAAK2J,OAQnBxH,OAAQ,CAACuF,EAAY1G,IACnBgE,EAAiBA,kBACfV,EAAIW,WAAWC,KAAKjD,EAAmBE,OAAQ,CAAEuF,KAAI1G,QAAQ,CAAEa,MAAO0C,KACrEvE,GAASA,EAAK0J,MAOnBjG,WAAaiE,GACX1C,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAmBwB,WAAY,CAAEiE,MAAM,CAAE7F,MAAO0C,KAMxEb,SAAWgE,GACT1C,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAmByB,SAAU,CAAEgE,MAAM,CAAE7F,MAAO0C,KAMtEnC,OAASsF,GACP1C,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAmBG,OAAQ,CAAEsF,MAAM,CAAE7F,MAAO0C,OCvFhEqF,EAAW,CAACtF,EAAcC,KAA4B,CAC1DR,KAAM,IACJiB,EAAiBA,kBAACV,EAAIW,WAAWC,KAAKjD,EAAc8B,KAAM,CAAE,EAAE,CAAElC,MAAO0C,KACzEP,OAAS6F,GACP7E,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAc+B,OAAQ,CAAE6F,UAAU,CAAEhI,MAAO0C,KAEnEN,OAAQ,CAAC4F,EAAgBC,EAAYC,IACnC/E,EAAAA,kBACEV,EAAIW,WAAWC,KACbjD,EAAcgC,OACd,CAAE4F,SAAQC,OAAMC,WAChB,CAAElI,MAAO0C,OCZXyF,EAAY,CAAC1F,EAAcC,KAA4B,CAC3DP,OAAQ,IACNgB,EAAiBA,kBAACV,EAAIW,WAAWC,KAAKjD,EAAe+B,OAAQ,CAAE,EAAE,CAAEnC,MAAO0C,KAC5EN,OAASgG,GACPjF,EAAAA,kBACEV,EAAIW,WAAWC,KAAKjD,EAAegC,OAAQ,CAAEgG,SAAS,CAAEpI,MAAO0C,OCL/D2F,EAAY,CAAC5F,EAAcC,KAA4B,CAM3DhC,OAAS4H,IACP,MAAMC,EAAY9I,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA4I,GAAe,CAAAE,YAAaF,EAAc5B,WAE5D,cADO6B,EAAK7B,SACLvD,oBACLV,EAAIW,WAAWC,KAAKjD,EAAeM,OAAQ6H,EAAM,CAAEvI,MAAO0C,KACzDvE,GACCA,eAAAA,EAAMsK,OAAOC,KAAKC,IAChB,MAAMC,EACDnJ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAiJ,IACHE,SAAUC,WAAWH,EAAEE,UACvBnC,SAAUiC,EAAEH,cAGd,cADOI,EAAIJ,YACJI,CAAG,KAEf,UCxBa,QAAlB9J,EAAAiK,WAAWC,eAAO,IAAAlK,IAAlBiK,WAAWC,QAAYA,EAAOA,SAE9B,MAGMC,EAAe,IAAIhL,KAGvBA,EAAKiL,SAASC,YAEZA,YAASrK,GAAAS,EAAA4J,GAAYC,+BAAAA,cARD,UAQmC,IAGlDC,EAAS,WAAIpL,ICMhBqL,EAAWxK,WAAA4D,cAAEA,EAAa6G,UAAEA,GAASzK,EAAK0K,EAAMjL,EAAAA,OAAAO,EAArC,+BACf,MAAM2K,EAAUC,UACXjK,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA8J,UACHG,EACAC,YAAWnK,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EACN8J,EAAOI,cACV,qBAAsB,SACtB,8BAAiD,UAAZ,OAAPC,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAAvK,OAAA,EAAAA,EAAAwK,OAAQ,GACzD,wBAAyB,cAIvBC,UAAEA,EAASC,OAAEA,GAAWT,EAExB1B,EAA6C,CAAA,EAgC7CoC,ECrDe,EAACzH,EAAcC,KAA4B,CAChEa,KAAMf,EAASC,EAAKC,GACpByH,UAAWzC,EAAcjF,EAAKC,GAC9B5C,OAAQ4F,EAAWjD,EAAKC,GACxB0H,IAAKxD,EAAgBnE,EAAKC,GAC1BsD,IAAKD,EAAQtD,EAAKC,GAClB2H,WAAYnE,EAAezD,EAAKC,GAChC4H,KAAMhE,EAAS7D,EAAKC,GACpB6H,MAAO/D,EAAU/D,EAAKC,GACtBuF,KAAMF,EAAStF,EAAKC,GACpB0F,MAAOD,EAAU1F,EAAKC,GACtB8H,MAAOnC,EAAU5F,EAAKC,KD0CH+H,CAAehB,EAAS/G,GAErCD,iCACDgH,GAAO,CAOVS,aAGAlM,aAAa0M,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMC,MAAM,gCAE9B,GAAI9C,EAAK4C,EAAOC,KAAM,OAAO7C,EAAK4C,EAAOC,KAKzC,GAFAlL,OAAOC,OAAOoI,OAhDA9J,WAChB,GAAIuL,EACF,IACE,MAAMsB,EAAYC,KAAKC,MAAMxB,GACvB1B,QAAYmD,YAAUH,GAC5B,MAAO,CACL,CAACA,EAAUF,KAAM9C,EAEpB,CAAC,MAAOoD,GAEP,MADAhB,SAAAA,EAAQiB,MAAM,0CAA2CD,GACnD,IAAIL,MAAM,sCAAsCK,IACvD,CAGH,MAGME,SAHoB1B,EAAQrG,WAC/BnE,IAAI,WAAW+K,KACfoB,MAAMlN,GAASA,EAAKmN,UACevD,KACtC,OAAK7H,MAAMC,QAAQiL,UACQG,QAAQC,IACjCJ,EAAWzC,KAAI1K,MAAO6J,GAAQ,CAACA,EAAI8C,UAAWK,EAAAA,UAAUnD,QAGtC2D,QAClB,CAACC,GAAMd,EAAKe,KAAUf,EAAWlL,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA+L,IAAK,CAACd,EAAIgB,YAAaD,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAsB2BG,KAErB9D,EAAK4C,EAAOC,KAAM,MAAMC,MAAM,gCAEnC,OAAO9C,EAAK4C,EAAOC,IACpB,EAOD3M,kBAAkBgI,SAEhB,MACMhG,SADY6L,EAASA,UAAC7F,EAAKvD,EAAIqJ,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAIhM,IACFA,EAAMiM,IAAe,QAATnN,EAAAkB,EAAMiM,WAAG,IAAAnN,OAAA,EAAAA,EAAEoN,MAAM,KAAKC,MAC9BnM,EAAMiM,MAAQjC,GAEhB,MAAM,IAAIoC,EAAMA,OAACC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAErG,MAAKhG,QACf,EAODhC,sBAAsBsO,GACpB,IAAKA,EAAc,MAAM1B,MAAM,4CAE/B,IAEE,aADoBnI,EAAI8J,YAAYD,EAErC,CAAC,MAAOpB,GAGP,MADAjB,SAAAA,EAAQiB,MAAM,4BAA6BA,GACrCN,MAAM,qCAAqCM,IAClD,CACF,EAODlN,qBAAqBwO,WACnB,IAAKA,EAAc,MAAM5B,MAAM,kDAE/B,UACQnI,EAAI8J,YAAYC,GACtB,MAAMC,QAAgBhK,EAAIiK,QAAQF,GAClC,GAAIC,EAAQE,GAAI,CAEd,aADoBlK,EAAI8J,YAA0B,QAAdzN,EAAA2N,EAAQtO,YAAM,IAAAW,OAAA,EAAAA,EAAA8N,WAEnD,CAED,MAAMhC,MAAmB,QAAbrL,EAAAkN,EAAQvB,aAAK,IAAA3L,OAAA,EAAAA,EAAEsN,aAC5B,CAAC,MAAOC,GAGP,MADA7C,SAAAA,EAAQiB,MAAM,kCAAmC4B,GAC3ClC,MAAM,2CAA2CkC,IACxD,CACF,EAQD9O,gCACEsO,EACAE,GAEA,IAAKF,IAAiBE,EAAc,MAAM5B,MAAM,6CAEhD,IAEE,aADoBnI,EAAIsK,gBAAgBT,EAEzC,CAAC,MAAOpB,GAEPjB,SAAAA,EAAQ+C,IAAI,wCAAwC9B,2BACrD,CAED,OAAOzI,EAAIwK,eAAeT,EAC3B,EAODxO,wBAAwBmM,GACtB,IAAKA,EAAW,MAAMS,MAAM,gCAE5B,IAAI1M,EACJ,IACEA,QAAauE,EAAI0H,UAAU+C,SAAS/C,EACrC,CAAC,MAAOe,GAEP,MADAjB,SAAAA,EAAQiB,MAAM,gCAAiCA,GACzCN,MAAM,8DAA8DM,IAC3E,CAED,MAAM0B,WAAEA,GAAe1O,EAAKC,KAC5B,IAAKyO,EAEH,MADA3C,SAAAA,EAAQiB,MAAM,gDACRN,MAAM,iCAGd,IAEE,aADoBnI,EAAI8J,YAAYK,EAErC,CAAC,MAAO1B,GAEP,MADAjB,SAAAA,EAAQiB,MAAM,sCAAuCA,GAC/CN,MAAM,kEAAkEM,IAC/E,CACF,EAQDiC,oBAAmB,CAACvN,EAA8ByG,IACzC5D,EAAI2K,0BAA0BxN,EAAU,KAAMyG,GASvD+G,0BACExN,EACAE,EACAuG,GAGA,GAAIvG,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAMuN,EAAU1N,EAA2BC,EftOb,cesO6CE,GAC3E,OAAOuG,EAAYiH,OAAOC,GAASF,EAAQG,SAASD,IACrD,EAQDE,cAAa,CAAC7N,EAA8BmD,IACnCN,EAAIiL,oBAAoB9N,EAAU,KAAMmD,GASjD2K,oBAAoB9N,EAA8BE,EAAgBiD,GAEhE,GAAIjD,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAM6N,EAAahO,EAA2BC,Ef5PtB,Qe4PgDE,GACxE,OAAOiD,EAAMuK,OAAOhD,GAASqD,EAAWH,SAASlD,IAClD,IAGH,OAAOsD,EAAAA,SACLnL,EACA,CACE,mBACA,iBACA,sBACA,mBACA,uBACA,uBACA,iBACA,gBACA,cACA,yBACA,yBACA,WAEF3E,EACD,EAoBHwL,EAAQuE,uBAAyBjQ,EACjC0L,EAAQwE,uBf7S8B"}

package/dist/index.d.ts CHANGED Viewed

@@ -7,16 +7,16 @@ import { JWTHeaderParameters, KeyLike } from 'jose';
  * which tenant the user or access key belongs to. The roleNames array is an optional list of
  * roles for the user or access key in this specific tenant.
  */
-declare type AssociatedTenant = {
+type AssociatedTenant = {
     tenantId: string;
     roleNames: string[];
 };
 /** The tenantId of a newly created tenant */
-declare type CreateTenantResponse = {
+type CreateTenantResponse = {
     id: string;
 };
 /** An access key that can be used to access descope */
-declare type AccessKey = {
+type AccessKey = {
     id: string;
     name: string;
     expiredTime: number;
@@ -28,31 +28,31 @@ declare type AccessKey = {
     createdBy: string;
 };
 /** Access Key extended details including created key cleartext */
-declare type CreatedAccessKeyResponse = {
+type CreatedAccessKeyResponse = {
     key: AccessKey;
     cleartext: string;
 };
 /** Represents a mapping between a set of groups of users and a role that will be assigned to them */
-declare type RoleMapping = {
+type RoleMapping = {
     groups: string[];
     roleName: string;
 };
-declare type RoleMappings = RoleMapping[];
+type RoleMappings = RoleMapping[];
 /** Represents a mapping between Descope and IDP user attributes */
-declare type AttributeMapping = {
+type AttributeMapping = {
     name?: string;
     email?: string;
     phoneNumber?: string;
     group?: string;
 };
 /** UpdateJWT response with a new JWT value with the added custom claims */
-declare type UpdateJWTResponse = {
+type UpdateJWTResponse = {
     jwt: string;
 };
 /** Represents a tenant in a project. It has an id, a name and an array of
  * self provisioning domains used to associate users with that tenant.
  */
-declare type Tenant = {
+type Tenant = {
     id: string;
     name: string;
     selfProvisioningDomains: string[];
@@ -60,7 +60,7 @@ declare type Tenant = {
 /** Represents a permission in a project. It has a name and optionally a description.
  * It also has a flag indicating whether it is system default or not.
  */
-declare type Permission = {
+type Permission = {
     name: string;
     description?: string;
     systemDefault: boolean;
@@ -68,25 +68,25 @@ declare type Permission = {
 /** Represents a role in a project. It has a name and optionally a description and
  * a list of permissions it grants.
  */
-declare type Role = {
+type Role = {
     name: string;
     description?: string;
     permissionNames: string[];
     createdTime: number;
 };
 /** Represents a group in a project. It has an id and display name and a list of group members. */
-declare type Group = {
+type Group = {
     id: string;
     display: string;
     members?: GroupMember[];
 };
 /** Represents a group member. It has loginId, userId and display. */
-declare type GroupMember = {
+type GroupMember = {
     loginId: string;
     userId: string;
     display: string;
 };
-declare type Flow = {
+type Flow = {
     id: string;
     name: string;
     description?: string;
@@ -94,64 +94,64 @@ declare type Flow = {
     disabled: boolean;
     etag?: string;
 };
-declare type FlowMetadata = {
+type FlowMetadata = {
     id: string;
     name: string;
     description?: string;
     disabled: boolean;
 };
-declare type Screen = {
+type Screen = {
     id: string;
     flowId: string;
     inputs?: any;
     interactions?: any;
     htmlTemplate: any;
 };
-declare type FlowsResponse = {
+type FlowsResponse = {
     flows: FlowMetadata[];
     total: number;
 };
-declare type FlowResponse = {
+type FlowResponse = {
     flow: Flow;
     screens: Screen[];
 };
-declare type Theme = {
+type Theme = {
     id: string;
     cssTemplate?: any;
 };
-declare type ThemeResponse = {
+type ThemeResponse = {
     theme: Theme;
 };
-declare type GenerateOTPForTestResponse = {
+type GenerateOTPForTestResponse = {
     loginId: string;
     code: string;
 };
-declare type GenerateMagicLinkForTestResponse = {
+type GenerateMagicLinkForTestResponse = {
     loginId: string;
     link: string;
 };
-declare type GenerateEnchantedLinkForTestResponse = {
+type GenerateEnchantedLinkForTestResponse = {
     loginId: string;
     link: string;
     pendingRef: string;
 };
-declare type AttributesTypes = string | boolean | number;
-declare type UserMapping = {
+type AttributesTypes = string | boolean | number;
+type UserMapping = {
     name: string;
     email: string;
     username: string;
     phoneNumber: string;
     group: string;
 };
-declare type RoleItem = {
+type RoleItem = {
     id: string;
     name: string;
 };
-declare type GroupsMapping = {
+type GroupsMapping = {
     role: RoleItem;
     groups: string[];
 };
-declare type SSOSettingsResponse = {
+type SSOSettingsResponse = {
     tenantId: string;
     idpEntityId: string;
     idpSSOUrl: string;
@@ -165,7 +165,7 @@ declare type SSOSettingsResponse = {
     redirectUrl: string;
     domain: string;
 };
-declare type ProviderTokenResponse = {
+type ProviderTokenResponse = {
     provider: string;
     providerUserId: string;
     accessToken: string;
@@ -176,7 +176,7 @@ declare type ProviderTokenResponse = {
  * Search options to filter which audit records we should retrieve.
  * All parameters are optional. `From` is currently limited to 30 days.
  */
-declare type AuditSearchOptions = {
+type AuditSearchOptions = {
     userIds?: string[];
     actions?: string[];
     excludedActions?: string[];
@@ -192,7 +192,7 @@ declare type AuditSearchOptions = {
     to?: number;
 };
 /** Audit record response from the audit trail. Occurred is in milliseconds. */
-declare type AuditRecord = {
+type AuditRecord = {
     projectId: string;
     userId: string;
     action: string;
@@ -221,7 +221,7 @@ interface AuthenticationInfo {
 }
 /** Configuration arguments which include the Descope core SDK args and an optional management key */
-declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {
+type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {
     managementKey?: string;
     publicKey?: string;
 };
@@ -232,7 +232,7 @@ declare const nodeSdk: {
                 create: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
                 createTestUser: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
                 invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
-                update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
+                update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
                 delete: (loginId: string) => Promise<SdkResponse<never>>;
                 deleteAllTestUsers: () => Promise<SdkResponse<never>>;
                 load: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -273,13 +273,14 @@ declare const nodeSdk: {
                 createWithId: (id: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>;
                 update: (id: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>;
                 delete: (id: string) => Promise<SdkResponse<never>>;
+                load: (id: string) => Promise<SdkResponse<Tenant>>;
                 loadAll: () => Promise<SdkResponse<Tenant[]>>;
             };
             sso: {
                 getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
                 deleteSettings: (tenantId: string) => Promise<SdkResponse<never>>;
-                configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL?: string, domain?: string) => Promise<SdkResponse<never>>;
-                configureMetadata: (tenantId: string, idpMetadataURL: string) => Promise<SdkResponse<never>>;
+                configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domain: string) => Promise<SdkResponse<never>>;
+                configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domain: string) => Promise<SdkResponse<never>>;
                 configureMapping: (tenantId: string, roleMappings?: RoleMappings, attributeMapping?: AttributeMapping) => Promise<SdkResponse<never>>;
             };
             jwt: {
@@ -652,6 +653,7 @@ declare const nodeSdk: {
                     callbackUrl: string;
                     codeChallenge: string;
                 };
+                oidcIdpStateId?: string;
             }, conditionInteractionId?: string, interactionId?: string, input?: {
                 [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
             }, version?: number) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
@@ -667,6 +669,7 @@ declare const nodeSdk: {
         logoutAll: (token?: string) => Promise<SdkResponse<never>>;
         me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
         isJwtExpired: (token: string) => boolean;
+        getTenants: (token: string) => string[];
         getJwtPermissions: (token: string, tenant?: string) => string[];
         getJwtRoles: (token: string, tenant?: string) => string[];
         httpClient: {

package/dist/index.esm.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d=t=>async(...s)=>{var a,o,n;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function p(e,t,s){var a,o;const n=s?null===(o=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function m(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink"},c={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},g={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},v={update:"/v1/mgmt/jwt/update"},k={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},y={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},f={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},C={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},w={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},I={search:"/v1/mgmt/audit/search"};const b=(e,t)=>({create:(a,o,n,r,i,l,d,p)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p},{token:t}),(e=>e.user)),createTestUser:(a,o,n,r,i,l,d,p)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),invite:(a,o,n,r,i,l,d,p)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),update:(a,o,n,r,i,l,d,p)=>s(e.httpClient.post(u.update,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p},{token:t}),(e=>e.user)),delete:a=>s(e.httpClient.post(u.delete,{loginId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(u.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(u.load,{queryParams:{userId:a},token:t}),(e=>e.user)),searchAll:(a,o,n,r,i,l,d)=>s(e.httpClient.post(u.search,{tenantIds:a,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d},{token:t}),(e=>e.users)),getProviderToken:(a,o)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:a,provider:o},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,o)=>s(e.httpClient.post(u.updateLoginId,{loginId:a,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(a,o,n)=>s(e.httpClient.post(u.updateEmail,{loginId:a,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(a,o,n)=>s(e.httpClient.post(u.updatePhone,{loginId:a,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(a,o)=>s(e.httpClient.post(u.updateDisplayName,{loginId:a,displayName:o},{token:t}),(e=>e.user)),updatePicture:(a,o)=>s(e.httpClient.post(u.updatePicture,{loginId:a,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(a,o,n)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:a,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(a,o)=>s(e.httpClient.post(u.addRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(a,o)=>s(e.httpClient.post(u.removeRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),addTenant:(a,o)=>s(e.httpClient.post(u.addTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(a,o)=>s(e.httpClient.post(u.removeTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(a,o,n)=>s(e.httpClient.post(u.addRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(a,o,n)=>s(e.httpClient.post(u.removeRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,o)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:a,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,o,n)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:a,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,o)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:a,URI:o},{token:t}),(e=>e)),setPassword:(a,o)=>s(e.httpClient.post(u.setPassword,{loginId:a,password:o},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(u.expirePassword,{loginId:a},{token:t}),(e=>e))}),T=(e,t)=>({create:(a,o)=>s(e.httpClient.post(g.create,{name:a,selfProvisioningDomains:o},{token:t})),createWithId:(a,o,n)=>s(e.httpClient.post(g.create,{id:a,name:o,selfProvisioningDomains:n},{token:t})),update:(a,o,n)=>s(e.httpClient.post(g.update,{id:a,name:o,selfProvisioningDomains:n},{token:t})),delete:a=>s(e.httpClient.post(g.delete,{id:a},{token:t})),loadAll:()=>s(e.httpClient.get(g.loadAll,{token:t}),(e=>e.tenants))}),A=(e,t)=>({update:(a,o)=>s(e.httpClient.post(v.update,{jwt:a,customClaims:o},{token:t}))}),x=(e,t)=>({create:(a,o)=>s(e.httpClient.post(k.create,{name:a,description:o},{token:t})),update:(a,o,n)=>s(e.httpClient.post(k.update,{name:a,newName:o,description:n},{token:t})),delete:a=>s(e.httpClient.post(k.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.permissions))}),P=(e,t)=>({create:(a,o,n)=>s(e.httpClient.post(y.create,{name:a,description:o,permissionNames:n},{token:t})),update:(a,o,n,r)=>s(e.httpClient.post(y.update,{name:a,newName:o,description:n,permissionNames:r},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.roles))}),j=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(w.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,o,n)=>s(e.httpClient.post(w.loadAllGroupsForMember,{tenantId:a,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(a,o)=>s(e.httpClient.post(w.loadAllGroupMembers,{tenantId:a,groupId:o},{token:t}))}),E=(e,t)=>({getSettings:a=>s(e.httpClient.get(h.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(h.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,o,n,r,i,l)=>s(e.httpClient.post(h.settings,{tenantId:a,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(a,o)=>s(e.httpClient.post(h.metadata,{tenantId:a,idpMetadataURL:o},{token:t})),configureMapping:(a,o,n)=>s(e.httpClient.post(h.mapping,{tenantId:a,roleMappings:o,attributeMapping:n},{token:t}))}),N=(e,t)=>({create:(a,o,n,r)=>s(e.httpClient.post(c.create,{name:a,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:a=>s(e.httpClient.get(c.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(c.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,o)=>s(e.httpClient.post(c.update,{id:a,name:o},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(c.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(c.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(c.delete,{id:a},{token:t}))}),R=(e,t)=>({list:()=>s(e.httpClient.post(f.list,{},{token:t})),export:a=>s(e.httpClient.post(f.export,{flowId:a},{token:t})),import:(a,o,n)=>s(e.httpClient.post(f.import,{flowId:a,flow:o,screens:n},{token:t}))}),O=(e,t)=>({export:()=>s(e.httpClient.post(C.export,{},{token:t})),import:a=>s(e.httpClient.post(C.import,{theme:a},{token:t}))}),M=(e,t)=>({search:a=>{const o=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete o.loginIds,s(e.httpClient.post(I.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var S;null!==(S=globalThis.Headers)&&void 0!==S||(globalThis.Headers=l);const F=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),i(...e)),U=s=>{var i,{managementKey:l,publicKey:u}=s,c=e(s,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({},c),{fetch:F,baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.5.3"})})),{projectId:h,logger:v}=c,k={},y=((e,t)=>({user:b(e,t),accessKey:N(e,t),tenant:T(e,t),sso:E(e,t),jwt:A(e,t),permission:x(e,t),role:P(e,t),group:j(e,t),flow:R(e,t),theme:O(e,t),audit:M(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:y,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await o(e,f.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const a=await f.refresh(e);if(a.ok){return await f.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))}});return a(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};U.RefreshTokenCookieName="DSR",U.SessionTokenCookieName="DS";export{U as default};
+import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d="DSR",p="tenants",m=t=>async(...a)=>{var s,o,n;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,p=e(i,["refreshJwt"]);const m=[];var u;return l?m.push(`${d}=${l}; Domain=${(null==(u=p)?void 0:u.cookieDomain)||""}; Max-Age=${(null==u?void 0:u.cookieMaxAge)||""}; Path=${(null==u?void 0:u.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),d),m.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:m})})};function u(e,t,a){var s,o;const n=a?null===(o=null===(s=e.token[p])||void 0===s?void 0:s[a])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function c(e,t){var a;return!!(null===(a=e.token[p])||void 0===a?void 0:a[t])}var g={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all"},k={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},y={update:"/v1/mgmt/jwt/update"},f={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},C={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},w={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},I={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},b={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},T={search:"/v1/mgmt/audit/search"};const A=(e,t)=>({create:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(g.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p},{token:t}),(e=>e.user)),createTestUser:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(g.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),invite:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(g.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),update:(s,o,n,r,i,l,d,p,m,u)=>a(e.httpClient.post(g.update,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:u},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(g.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(g.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(g.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(g.load,{queryParams:{userId:s},token:t}),(e=>e.user)),searchAll:(s,o,n,r,i,l,d)=>a(e.httpClient.post(g.search,{tenantIds:s,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d},{token:t}),(e=>e.users)),getProviderToken:(s,o)=>a(e.httpClient.get(g.getProviderToken,{queryParams:{loginId:s,provider:o},token:t}),(e=>e)),activate:s=>a(e.httpClient.post(g.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(g.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(s,o)=>a(e.httpClient.post(g.updateLoginId,{loginId:s,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(s,o,n)=>a(e.httpClient.post(g.updateEmail,{loginId:s,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(s,o,n)=>a(e.httpClient.post(g.updatePhone,{loginId:s,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(s,o)=>a(e.httpClient.post(g.updateDisplayName,{loginId:s,displayName:o},{token:t}),(e=>e.user)),updatePicture:(s,o)=>a(e.httpClient.post(g.updatePicture,{loginId:s,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(s,o,n)=>a(e.httpClient.post(g.updateCustomAttribute,{loginId:s,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(s,o)=>a(e.httpClient.post(g.addRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(s,o)=>a(e.httpClient.post(g.removeRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),addTenant:(s,o)=>a(e.httpClient.post(g.addTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(s,o)=>a(e.httpClient.post(g.removeTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(s,o,n)=>a(e.httpClient.post(g.addRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(s,o,n)=>a(e.httpClient.post(g.removeRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,o)=>a(e.httpClient.post(g.generateOTPForTest,{deliveryMethod:s,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,o,n)=>a(e.httpClient.post(g.generateMagicLinkForTest,{deliveryMethod:s,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,o)=>a(e.httpClient.post(g.generateEnchantedLinkForTest,{loginId:s,URI:o},{token:t}),(e=>e)),setPassword:(s,o)=>a(e.httpClient.post(g.setPassword,{loginId:s,password:o},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(g.expirePassword,{loginId:s},{token:t}),(e=>e))}),P=(e,t)=>({create:(s,o)=>a(e.httpClient.post(v.create,{name:s,selfProvisioningDomains:o},{token:t})),createWithId:(s,o,n)=>a(e.httpClient.post(v.create,{id:s,name:o,selfProvisioningDomains:n},{token:t})),update:(s,o,n)=>a(e.httpClient.post(v.update,{id:s,name:o,selfProvisioningDomains:n},{token:t})),delete:s=>a(e.httpClient.post(v.delete,{id:s},{token:t})),load:s=>a(e.httpClient.get(v.load,{queryParams:{id:s},token:t}),(e=>e)),loadAll:()=>a(e.httpClient.get(v.loadAll,{token:t}),(e=>e.tenants))}),x=(e,t)=>({update:(s,o)=>a(e.httpClient.post(y.update,{jwt:s,customClaims:o},{token:t}))}),j=(e,t)=>({create:(s,o)=>a(e.httpClient.post(f.create,{name:s,description:o},{token:t})),update:(s,o,n)=>a(e.httpClient.post(f.update,{name:s,newName:o,description:n},{token:t})),delete:s=>a(e.httpClient.post(f.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(f.loadAll,{token:t}),(e=>e.permissions))}),E=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(C.create,{name:s,description:o,permissionNames:n},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(C.update,{name:s,newName:o,description:n,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(C.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(C.loadAll,{token:t}),(e=>e.roles))}),N=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(b.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,o,n)=>a(e.httpClient.post(b.loadAllGroupsForMember,{tenantId:s,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(s,o)=>a(e.httpClient.post(b.loadAllGroupMembers,{tenantId:s,groupId:o},{token:t}))}),O=(e,t)=>({getSettings:s=>a(e.httpClient.get(k.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(k.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,o,n,r,i,l)=>a(e.httpClient.post(k.settings,{tenantId:s,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(s,o,n,r)=>a(e.httpClient.post(k.metadata,{tenantId:s,idpMetadataURL:o,redirectURL:n,domain:r},{token:t})),configureMapping:(s,o,n)=>a(e.httpClient.post(k.mapping,{tenantId:s,roleMappings:o,attributeMapping:n},{token:t}))}),R=(e,t)=>({create:(s,o,n,r)=>a(e.httpClient.post(h.create,{name:s,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(h.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(h.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,o)=>a(e.httpClient.post(h.update,{id:s,name:o},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(h.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(h.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(h.delete,{id:s},{token:t}))}),M=(e,t)=>({list:()=>a(e.httpClient.post(w.list,{},{token:t})),export:s=>a(e.httpClient.post(w.export,{flowId:s},{token:t})),import:(s,o,n)=>a(e.httpClient.post(w.import,{flowId:s,flow:o,screens:n},{token:t}))}),S=(e,t)=>({export:()=>a(e.httpClient.post(I.export,{},{token:t})),import:s=>a(e.httpClient.post(I.import,{theme:s},{token:t}))}),U=(e,t)=>({search:s=>{const o=Object.assign(Object.assign({},s),{externalIds:s.loginIds});return delete o.loginIds,a(e.httpClient.post(T.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var F;null!==(F=globalThis.Headers)&&void 0!==F||(globalThis.Headers=l);const L=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),i(...e)),$=a=>{var i,{managementKey:l,publicKey:d}=a,p=e(a,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({},p),{fetch:L,baseHeaders:Object.assign(Object.assign({},p.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.5.5"})})),{projectId:h,logger:v}=p,k={},y=((e,t)=>({user:A(e,t),accessKey:R(e,t),tenant:P(e,t),sso:O(e,t),jwt:x(e,t),permission:j(e,t),role:E(e,t),group:N(e,t),flow:M(e,t),theme:S(e,t),audit:U(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:y,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(d)try{const e=JSON.parse(d),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const a=(await o(e,f.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==h))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const s=await f.refresh(e);if(s.ok){return await f.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=t.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){if(t&&!c(e,t))return!1;const s=u(e,"permissions",t);return a.every((e=>s.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){if(t&&!c(e,t))return!1;const s=u(e,"roles",t);return a.every((e=>s.includes(e)))}});return s(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};$.RefreshTokenCookieName=d,$.SessionTokenCookieName="DS";export{$ as default};
 //# sourceMappingURL=index.esm.js.map

package/dist/index.esm.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.esm.js","sources":["../lib/constants.ts","../lib/helpers.ts","../lib/management/paths.ts","../lib/management/user.ts","../lib/management/tenant.ts","../lib/management/jwt.ts","../lib/management/permission.ts","../lib/management/role.ts","../lib/management/group.ts","../lib/management/sso.ts","../lib/management/accesskey.ts","../lib/management/flow.ts","../lib/management/theme.ts","../lib/management/audit.ts","../lib/fetch-polyfill.ts","../lib/index.ts","../lib/management/index.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name /\nexport const refreshTokenCookieName = 'DSR';\n/* Session JWT cookie name /\nexport const sessionTokenCookieName = 'DS';\n/* The key of the tenants claims in the claims map /\nexport const authorizedTenantsClaimName = 'tenants';\n/* The key of the permissions claims in the claims map either under tenant or top level /\nexport const permissionsClaimName = 'permissions';\n/* The key of the roles claims in the claims map either under tenant or top level /\nexport const rolesClaimName = 'roles';\n","import type { SdkFnWrapper } from '@descope/core-js-sdk';\nimport { authorizedTenantsClaimName, refreshTokenCookieName } from './constants';\nimport { AuthenticationInfo } from './types';\n\n/\n Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n /\nconst generateCookie = (name: string, value: string, options?: Record<string, string \| number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain \|\| ''}; Max-Age=${\n options?.cookieMaxAge \|\| ''\n }; Path=${options?.cookiePath \|\| '/'}; HttpOnly; SameSite=Strict`;\n\n/\n Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n /\nconst getCookieValue = (cookie: string \| null \| undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^\|;\\\\s)${name}=([^;])`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/\n Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n /\nexport const withCookie: SdkFnWrapper<{ refreshJwt?: string; cookies?: string[] }> =\n (fn) =>\n async (...args) => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { refreshJwt, ...rest } = resp.data;\n const cookies: string[] = [];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/\n Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns the claim for the given tenant or top level if tenant is empty\n /\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n\n/\n Check if the user is associated with the given tenant\n * @param authInfo The parsed authentication info from the JWT\n * @param tenant tenant to check if user is associated with\n * @returns true if user is associated with the tenant\n /\nexport function isUserAssociatedWithTenant(authInfo: AuthenticationInfo, tenant: string): boolean {\n return !!authInfo.token[authorizedTenantsClaimName]?.[tenant];\n}\n","/* API paths for the Descope service Management APIs /\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n update: '/v1/mgmt/user/update',\n delete: '/v1/mgmt/user/delete',\n deleteAllTestUsers: '/v1/mgmt/user/test/delete/all',\n load: '/v1/mgmt/user',\n search: '/v1/mgmt/user/search',\n getProviderToken: '/v1/mgmt/user/provider/token',\n updateStatus: '/v1/mgmt/user/update/status',\n updateLoginId: '/v1/mgmt/user/update/loginid',\n updateEmail: '/v1/mgmt/user/update/email',\n updatePhone: '/v1/mgmt/user/update/phone',\n updateDisplayName: '/v1/mgmt/user/update/name',\n updatePicture: '/v1/mgmt/user/update/picture',\n updateCustomAttribute: '/v1/mgmt/user/update/customAttribute',\n addRole: '/v1/mgmt/user/update/role/add',\n removeRole: '/v1/mgmt/user/update/role/remove',\n addTenant: '/v1/mgmt/user/update/tenant/add',\n removeTenant: '/v1/mgmt/user/update/tenant/remove',\n setPassword: '/v1/mgmt/user/password/set',\n expirePassword: '/v1/mgmt/user/password/expire',\n generateOTPForTest: '/v1/mgmt/tests/generate/otp',\n generateMagicLinkForTest: '/v1/mgmt/tests/generate/magiclink',\n generateEnchantedLinkForTest: '/v1/mgmt/tests/generate/enchantedlink',\n },\n accessKey: {\n create: '/v1/mgmt/accesskey/create',\n load: '/v1/mgmt/accesskey',\n search: '/v1/mgmt/accesskey/search',\n update: '/v1/mgmt/accesskey/update',\n deactivate: '/v1/mgmt/accesskey/deactivate',\n activate: '/v1/mgmt/accesskey/activate',\n delete: '/v1/mgmt/accesskey/delete',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n loadAll: '/v1/mgmt/tenant/all',\n },\n sso: {\n settings: '/v1/mgmt/sso/settings',\n metadata: '/v1/mgmt/sso/metadata',\n mapping: '/v1/mgmt/sso/mapping',\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n },\n flow: {\n list: '/v1/mgmt/flow/list',\n export: '/v1/mgmt/flow/export',\n import: '/v1/mgmt/flow/import',\n },\n theme: {\n export: '/v1/mgmt/theme/export',\n import: '/v1/mgmt/theme/import',\n },\n group: {\n loadAllGroups: '/v1/mgmt/group/all',\n loadAllGroupsForMember: '/v1/mgmt/group/member/all',\n loadAllGroupMembers: '/v1/mgmt/group/members',\n },\n audit: {\n search: '/v1/mgmt/audit/search',\n },\n};\n","import { DeliveryMethod, SdkResponse, transformResponse, UserResponse } from '@descope/core-js-sdk';\nimport {\n ProviderTokenResponse,\n AssociatedTenant,\n GenerateEnchantedLinkForTestResponse,\n GenerateMagicLinkForTestResponse,\n GenerateOTPForTestResponse,\n AttributesTypes,\n} from './types';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n /\n Create a new test user.\n * The loginID is required and will determine what the user will use to sign in.\n * Make sure the login id is unique for test. All other fields are optional.\n \n You can later generate OTP, Magic link and enchanted link to use in the test without the need\n * of 3rd party messaging services.\n * Those users are not counted as part of the monthly active users\n * @returns The UserResponse if found, throws otherwise.\n /\n createTestUser: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n test: true,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n invite: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n invite: true,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n update: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.update,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n delete: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { loginId }, { token: managementKey }),\n ),\n /\n Delete all test users in the project.\n /\n deleteAllTestUsers: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.user.deleteAllTestUsers, { token: managementKey }),\n ),\n load: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { loginId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Load an existing user by user ID. The ID can be found\n * on the user's JWT.\n * @param userId load a user by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n /\n loadByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { userId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Search all users. Results can be filtered according to tenants and/or\n * roles, and also paginated used the limit and page parameters.\n * @param tenantIds optional list of tenant IDs to filter by\n * @param roles optional list of roles to filter by\n * @param limit optionally limit the response, leave out for default limit\n * @param page optionally paginate over the response\n * @param testUsersOnly optionally filter only test users\n * @param withTestUser optionally include test users in search\n * @returns An array of UserResponse found by the query\n /\n searchAll: (\n tenantIds?: string[],\n roles?: string[],\n limit?: number,\n page?: number,\n testUsersOnly?: boolean,\n withTestUser?: boolean,\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n { tenantIds, roleNames: roles, limit, page, testUsersOnly, withTestUser, customAttributes },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /\n Get the provider token for the given login ID.\n * Only users that logged-in using social providers will have token.\n * Note: The 'Manage tokens from provider' setting must be enabled.\n * @param loginId the login ID of the user\n * @param provider the provider name (google, facebook, etc.).\n * @returns The ProviderTokenResponse of the given user and provider\n /\n getProviderToken: (\n loginId: string,\n provider: string,\n ): Promise<SdkResponse<ProviderTokenResponse>> =>\n transformResponse<ProviderTokenResponse>(\n sdk.httpClient.get(apiPaths.user.getProviderToken, {\n queryParams: { loginId, provider },\n token: managementKey,\n }),\n (data) => data,\n ),\n activate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'enabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n deactivate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'disabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateLoginId: (loginId: string, newLoginId?: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateLoginId,\n { loginId, newLoginId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateEmail: (\n loginId: string,\n email: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateEmail,\n { loginId, email, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePhone: (\n loginId: string,\n phone: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePhone,\n { loginId, phone, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateDisplayName: (loginId: string, displayName: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateDisplayName,\n { loginId, displayName },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePicture: (loginId: string, picture: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePicture,\n { loginId, picture },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateCustomAttribute: (\n loginId: string,\n attributeKey: string,\n attributeValue: AttributesTypes,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateCustomAttribute,\n { loginId, attributeKey, attributeValue },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.addTenant, { loginId, tenantId }, { token: managementKey }),\n (data) => data.user,\n ),\n removeTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n\n /\n Generate OTP for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * Returns the code for the login (exactly as it sent via Email or SMS)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @returns GenerateOTPForTestResponse which includes the loginId and the OTP code\n /\n generateOTPForTestUser: (\n deliveryMethod: DeliveryMethod,\n loginId: string,\n ): Promise<SdkResponse<GenerateOTPForTestResponse>> =>\n transformResponse<GenerateOTPForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateOTPForTest,\n { deliveryMethod, loginId },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Magic Link for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * It returns the link for the login (exactly as it sent via Email)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @returns GenerateMagicLinkForTestResponse which includes the loginId and the magic link\n /\n generateMagicLinkForTestUser: (\n deliveryMethod: DeliveryMethod,\n loginId: string,\n uri: string,\n ): Promise<SdkResponse<GenerateMagicLinkForTestResponse>> =>\n transformResponse<GenerateMagicLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateMagicLinkForTest,\n { deliveryMethod, loginId, URI: uri },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Enchanted Link for the given login ID of a test user.\n * It returns the link for the login (exactly as it sent via Email)\n * and pendingRef which is used to poll for a valid session\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @returns GenerateEnchantedLinkForTestResponse which includes the loginId, the enchanted link and the pendingRef\n /\n generateEnchantedLinkForTestUser: (\n loginId: string,\n uri: string,\n ): Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>> =>\n transformResponse<GenerateEnchantedLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEnchantedLinkForTest,\n { loginId, URI: uri },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Set password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId login ID of a test user\n * @param password The password to set for the user\n /\n setPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Expire password for the given login ID.\n * Note: user sign-in with an expired password, the user will get an error with code.\n * Use the `ResetPassword` or `ReplacePassword` methods to reset/replace the password.\n * @param loginId login ID of a test user\n /\n expirePassword: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.expirePassword, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n});\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CreateTenantResponse, Tenant } from './types';\n\ntype MultipleTenantResponse = {\n tenants: Tenant[];\n};\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n createWithId: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { id, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n update: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { id, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { id }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.get(apiPaths.tenant.loadAll, {\n token: managementKey,\n }),\n (data) => data.tenants,\n ),\n});\n\nexport default withTenant;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UpdateJWTResponse } from './types';\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Group } from './types';\n\nconst withGroup = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Load all groups for a specific tenant id.\n * @param tenantId Tenant ID to load groups from.\n * @returns Group[] list of groups\n /\n loadAllGroups: (tenantId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(apiPaths.group.loadAllGroups, { tenantId }, { token: managementKey }),\n ),\n\n /\n Load all groups for the provided user IDs or login IDs.\n * @param tenantId Tenant ID to load groups from.\n * @param userIds Optional List of user IDs, with the format of \"U2J5ES9S8TkvCgOvcrkpzUgVTEBM\" (example), which can be found on the user's JWT.\n * @param loginIds Optional List of login IDs, how the user identifies when logging in.\n * @returns Group[] list of groups\n /\n loadAllGroupsForMember: (\n tenantId: string,\n userIds: string[],\n loginIds: string[],\n ): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupsForMember,\n { tenantId, loginIds, userIds },\n { token: managementKey },\n ),\n ),\n\n /\n Load all members of the provided group id.\n * @param tenantId Tenant ID to load groups from.\n * @param groupId Group ID to load members for.\n * @returns Group[] list of groups\n /\n loadAllGroupMembers: (tenantId: string, groupId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupMembers,\n { tenantId, groupId },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withGroup;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { RoleMappings, AttributeMapping, SSOSettingsResponse } from './types';\n\nconst withSSOSettings = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: (tenantId: string): Promise<SdkResponse<SSOSettingsResponse>> =>\n transformResponse<SSOSettingsResponse>(\n sdk.httpClient.get(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n deleteSettings: (tenantId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n ),\n configureSettings: (\n tenantId: string,\n idpURL: string,\n idpCert: string,\n entityId: string,\n redirectURL?: string,\n domain?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.settings,\n { tenantId, idpURL, entityId, idpCert, redirectURL, domain },\n { token: managementKey },\n ),\n ),\n configureMetadata: (tenantId: string, idpMetadataURL: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.metadata,\n { tenantId, idpMetadataURL },\n { token: managementKey },\n ),\n ),\n configureMapping: (\n tenantId: string,\n roleMappings?: RoleMappings,\n attributeMapping?: AttributeMapping,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.mapping,\n { tenantId, roleMappings, attributeMapping },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withSSOSettings;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AccessKey, AssociatedTenant, CreatedAccessKeyResponse } from './types';\n\ntype SingleKeyResponse = {\n key: AccessKey;\n};\n\ntype MultipleKeysResponse = {\n keys: AccessKey[];\n};\n\nconst withAccessKey = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Create a new access key for a project.\n * @param name Access key name\n * @param expireTime When the access key expires. Keep at 0 to make it indefinite.\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param keyTenants Optional associated tenants for this key and its roles for each.\n * @returns A newly created key and its cleartext. Make sure to save the cleartext securely.\n /\n create: (\n name: string,\n expireTime: number,\n roles?: string[],\n keyTenants?: AssociatedTenant[],\n ): Promise<SdkResponse<CreatedAccessKeyResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.accessKey.create,\n { name, expireTime, roleNames: roles, keyTenants },\n { token: managementKey },\n ),\n ),\n /\n Load an access key.\n * @param id Access key ID to load\n * @returns The loaded access key.\n /\n load: (id: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.get(apiPaths.accessKey.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data.key,\n ),\n /\n Search all access keys\n * @param tenantIds Optional tenant ID filter to apply on the search results\n * @returns An array of found access keys\n /\n searchAll: (tenantIds?: string[]): Promise<SdkResponse<AccessKey[]>> =>\n transformResponse<MultipleKeysResponse, AccessKey[]>(\n sdk.httpClient.post(apiPaths.accessKey.search, { tenantIds }, { token: managementKey }),\n (data) => data.keys,\n ),\n /\n Update an access key.\n * @param id Access key ID to load\n * @param name The updated access key name\n * @returns The updated access key\n /\n update: (id: string, name: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.post(apiPaths.accessKey.update, { id, name }, { token: managementKey }),\n (data) => data.key,\n ),\n /\n Deactivate an access key. Deactivated access keys cannot be used until they are\n * activated again.\n * @param id Access key ID to deactivate\n /\n deactivate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.deactivate, { id }, { token: managementKey }),\n ),\n /\n Activate an access key. Only deactivated access keys can be activated again.\n * @param id Access key ID to activate\n /\n activate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.activate, { id }, { token: managementKey }),\n ),\n /\n Delete an access key. IMPORTANT: This cannot be undone. Use carefully.\n * @param id Access key ID to delete\n /\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.delete, { id }, { token: managementKey }),\n ),\n});\n\nexport default withAccessKey;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { FlowResponse, FlowsResponse, Screen, Flow } from './types';\n\nconst WithFlow = (sdk: CoreSdk, managementKey?: string) => ({\n list: (): Promise<SdkResponse<FlowsResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.flow.list, {}, { token: managementKey })),\n export: (flowId: string): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.export, { flowId }, { token: managementKey }),\n ),\n import: (flowId: string, flow: Flow, screens?: Screen[]): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.flow.import,\n { flowId, flow, screens },\n { token: managementKey },\n ),\n ),\n});\n\nexport default WithFlow;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Theme, ThemeResponse } from './types';\n\nconst WithTheme = (sdk: CoreSdk, managementKey?: string) => ({\n export: (): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.theme.export, {}, { token: managementKey })),\n import: (theme: Theme): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.theme.import, { theme }, { token: managementKey }),\n ),\n});\n\nexport default WithTheme;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AuditSearchOptions, AuditRecord } from './types';\n\nconst WithAudit = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Search the audit trail for up to last 30 days based on given optional parameters\n * @param searchOptions to filter which audit records to return\n * @returns the audit records array\n /\n search: (searchOptions: AuditSearchOptions): Promise<SdkResponse<AuditRecord[]>> => {\n const body = { ...searchOptions, externalIds: searchOptions.loginIds };\n delete body.loginIds;\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.search, body, { token: managementKey }),\n (data) =>\n data?.audits.map((a) => {\n const res = {\n ...a,\n occurred: parseFloat(a.occurred),\n loginIds: a.externalIds,\n };\n delete res.externalIds;\n return res;\n }),\n );\n },\n});\n\nexport default WithAudit;\n","import nodeFetch, { Headers } from 'node-fetch-commonjs';\n\nglobalThis.Headers ??= Headers;\n\nconst highWaterMarkMb = 1024 1024 * 30; // 30MB\n\n// we are increasing the response buffer size due to an issue where node-fetch hangs when response is too big\nconst patchedFetch = (...args: Parameters<typeof nodeFetch>) => {\n // we can get Request on the first arg, or RequestInfo on the second arg\n // we want to make sure we are setting the \"highWaterMark\" so we are doing it on both args\n args.forEach((arg) => {\n // eslint-disable-next-line no-param-reassign, @typescript-eslint/no-unused-expressions\n arg && ((arg as any).highWaterMark ??= highWaterMarkMb);\n });\n\n return nodeFetch(...args);\n};\n\nexport default patchedFetch as unknown as typeof fetch;\n","import createSdk, { ExchangeAccessKeyResponse, SdkResponse, wrapWith } from '@descope/core-js-sdk';\nimport { JWK, JWTHeaderParameters, KeyLike, errors, importJWK, jwtVerify } from 'jose';\nimport {\n permissionsClaimName,\n refreshTokenCookieName,\n rolesClaimName,\n sessionTokenCookieName,\n} from './constants';\nimport { getAuthorizationClaimItems, isUserAssociatedWithTenant, withCookie } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport fetch from './fetch-polyfill';\n\ndeclare const BUILD_VERSION: string;\n\n/** Configuration arguments which include the Descope core SDK args and an optional management key /\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n publicKey?: string;\n};\n\nconst nodeSdk = ({ managementKey, publicKey, ...config }: NodeSdkArgs) => {\n const coreSdk = createSdk({\n ...config,\n fetch,\n baseHeaders: {\n ...config.baseHeaders,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node \|\| '',\n 'x-descope-sdk-version': BUILD_VERSION,\n },\n });\n\n const { projectId, logger } = config;\n\n const keys: Record<string, KeyLike \| Uint8Array> = {};\n\n /* Fetch the public keys (JWKs) from Descope for the configured project /\n const fetchKeys = async () => {\n if (publicKey) {\n try {\n const parsedKey = JSON.parse(publicKey);\n const key = await importJWK(parsedKey);\n return {\n [parsedKey.kid]: key,\n };\n } catch (e) {\n logger?.error('Failed to parse the provided public key', e);\n throw new Error(`Failed to parse public key. Error: ${e}`);\n }\n }\n\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, managementKey);\n\n const sdk = {\n ...coreSdk,\n\n /\n Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n /\n management,\n\n /* Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. /\n async getKey(header: JWTHeaderParameters): Promise<KeyLike \| Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /\n Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n /\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /\n Validate an active session\n * @param sessionToken session JWT to validate\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateSession(sessionToken: string): Promise<AuthenticationInfo> {\n if (!sessionToken) throw Error('session token is required for validation');\n\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.error('session validation failed', error);\n throw Error(`session validation failed. Error: ${error}`);\n }\n },\n\n /\n Refresh the session using a refresh token\n * @param refreshToken refresh JWT to refresh the session with\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async refreshSession(refreshToken: string): Promise<AuthenticationInfo> {\n if (!refreshToken) throw Error('refresh token is required to refresh a session');\n\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n / istanbul ignore next /\n throw Error(jwtResp.error?.errorMessage);\n } catch (refreshTokenErr) {\n / istanbul ignore next /\n logger?.error('refresh token validation failed', refreshTokenErr);\n throw Error(`refresh token validation failed, Error: ${refreshTokenErr}`);\n }\n },\n\n /\n Validate session and refresh it if it expired\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateAndRefreshSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken) throw Error('both session and refresh tokens are empty');\n\n try {\n const token = await sdk.validateSession(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.log(`session validation failed with error ${error} - trying to refresh it`);\n }\n\n return sdk.refreshSession(refreshToken);\n },\n\n /\n Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @returns AuthneticationInfo with session JWT data\n /\n async exchangeAccessKey(accessKey: string): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error(`could not exchange access key - Failed to exchange. Error: ${error}`);\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error(`could not exchange access key - failed to validate jwt. Error: ${error}`);\n }\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, null, permissions);\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /\n Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, null, roles);\n },\n\n /\n Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n };\n\n return wrapWith(\n sdk,\n [\n 'otp.verify.email',\n 'otp.verify.sms',\n 'otp.verify.whatsapp',\n 'magicLink.verify',\n 'enchantedLink.signUp',\n 'enchantedLink.signIn',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ] as const,\n withCookie,\n );\n};\n\n/* Descope SDK client with delivery methods enum.\n \n Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n \n ```js\n * import descopeSdk from '@descope/node-sdk';\n \n const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n \n const userLoginId = 'loginId';\n * sdk.otp.signIn.email(userLoginId);\n * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);\n * ```\n /\n\nnodeSdk.RefreshTokenCookieName = refreshTokenCookieName;\nnodeSdk.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default nodeSdk;\nexport type {\n DeliveryMethod,\n OAuthProvider,\n ResponseData,\n SdkResponse,\n JWTResponse,\n} from '@descope/core-js-sdk';\nexport type { AuthenticationInfo };\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\nimport withGroup from './group';\nimport withSSOSettings from './sso';\nimport withAccessKey from './accesskey';\nimport WithFlow from './flow';\nimport WithTheme from './theme';\nimport WithAudit from './audit';\n\n/* Constructs a higher level Management API that wraps the functions from code-js-sdk */\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n accessKey: withAccessKey(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n sso: withSSOSettings(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n role: withRole(sdk, managementKey),\n group: withGroup(sdk, managementKey),\n flow: WithFlow(sdk, managementKey),\n theme: WithTheme(sdk, managementKey),\n audit: WithAudit(sdk, managementKey),\n});\n\nexport default withManagement;\n"],"names":["withCookie","fn","async","args","resp","data","_d","refreshJwt","rest","__rest","cookies","options","push","cookieDomain","cookieMaxAge","cookiePath","_a","response","headers","get","cookie","name","match","RegExp","getCookieValue","_b","_c","Object","assign","getAuthorizationClaimItems","authInfo","claim","tenant","value","token","Array","isArray","isUserAssociatedWithTenant","apiPaths","create","update","delete","deleteAllTestUsers","load","search","getProviderToken","updateStatus","updateLoginId","updateEmail","updatePhone","updateDisplayName","updatePicture","updateCustomAttribute","addRole","removeRole","addTenant","removeTenant","setPassword","expirePassword","generateOTPForTest","generateMagicLinkForTest","generateEnchantedLinkForTest","deactivate","activate","loadAll","settings","metadata","mapping","list","export","import","loadAllGroups","loadAllGroupsForMember","loadAllGroupMembers","withUser","sdk","managementKey","loginId","email","phone","displayName","roles","userTenants","customAttributes","picture","transformResponse","httpClient","post","roleNames","user","createTestUser","test","invite","queryParams","loadByUserId","userId","searchAll","tenantIds","limit","page","testUsersOnly","withTestUser","users","provider","status","newLoginId","isVerified","verified","attributeKey","attributeValue","addRoles","removeRoles","tenantId","addTenantRoles","removeTenantRoles","generateOTPForTestUser","deliveryMethod","generateMagicLinkForTestUser","uri","URI","generateEnchantedLinkForTestUser","password","withTenant","selfProvisioningDomains","createWithId","id","tenants","withJWT","jwt","customClaims","withPermission","description","newName","permissions","withRole","permissionNames","withGroup","userIds","loginIds","groupId","withSSOSettings","getSettings","deleteSettings","configureSettings","idpURL","idpCert","entityId","redirectURL","domain","configureMetadata","idpMetadataURL","configureMapping","roleMappings","attributeMapping","withAccessKey","expireTime","keyTenants","key","keys","WithFlow","flowId","flow","screens","WithTheme","theme","WithAudit","searchOptions","body","externalIds","audits","map","a","res","occurred","parseFloat","globalThis","Headers","patchedFetch","forEach","arg","highWaterMark","nodeFetch","nodeSdk","publicKey","config","coreSdk","createSdk","fetch","baseHeaders","process","versions","node","projectId","logger","management","accessKey","sso","permission","role","group","audit","withManagement","header","kid","Error","parsedKey","JSON","parse","importJWK","e","error","publicKeys","then","json","Promise","all","reduce","acc","jwk","toString","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","split","pop","errors","JWTClaimValidationFailed","sessionToken","validateJwt","refreshToken","jwtResp","refresh","ok","sessionJwt","errorMessage","refreshTokenErr","validateSession","log","refreshSession","exchange","validatePermissions","validateTenantPermissions","granted","every","perm","includes","validateRoles","validateTenantRoles","membership","wrapWith","RefreshTokenCookieName","SessionTokenCookieName"],"mappings":"sNAEO,MC+BMA,EACVC,GACDC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAA0BF,EAAKC,MAA/BE,WAAEA,GAAUD,EAAKE,EAAjBC,EAAAH,EAAA,CAAA,eACJ,MAAMI,EAAoB,GAlCP,IAA8BC,EAgDjD,OAZKJ,EASHG,EAAQE,KA5CZ,GDVoC,SCsDoBL,cA5C5BI,OADuBA,EA6CiBH,QA5CxC,EAAAG,EAASE,eAAgB,gBACnDF,aAAA,EAAAA,EAASG,eAAgB,aACjBH,aAAA,EAAAA,EAASI,aAAc,mCAkCZ,QAAbC,EAAAZ,EAAKa,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BZ,EA3Be,EAACa,EAAmCC,KACzD,MAAMC,EAAQF,eAAAA,EAAQE,MAAMC,OAAO,cAAcF,cACjD,OAAOC,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAArB,EAAKa,gBAAQ,IAAAQ,OAAA,EAAAA,EAAEP,QAAQC,IAAI,cDhDC,OCmD9BT,EAAQE,KAAoB,QAAfc,EAAAtB,EAAKa,gBAAU,IAAAS,OAAA,EAAAA,EAAAR,QAAQC,IAAI,gBAMhCQ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAxB,GAAM,CAAAC,KAAWsB,OAAAC,OAAAD,OAAAC,OAAA,GAAAxB,EAAKC,MAAM,CAAAE,aAAYG,aAAY,WAUpDmB,EACdC,EACAC,EACAC,WAEA,MAAMC,EAAQD,EAC0C,QAApDP,EAA6C,QAA7CT,EAAAc,EAASI,MAAgC,eAAI,IAAAlB,OAAA,EAAAA,EAAAgB,UAAO,IAAAP,OAAA,EAAAA,EAAGM,GACvDD,EAASI,MAAMH,GACnB,OAAOI,MAAMC,QAAQH,GAASA,EAAQ,EACxC,CAQgB,SAAAI,EAA2BP,EAA8BE,SACvE,SAAmD,QAA1ChB,EAAAc,EAASI,MAAgC,eAAC,IAAAlB,OAAA,EAAAA,EAAGgB,GACxD,CCvFA,IAAeM,EACP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRC,mBAAoB,gCACpBC,KAAM,gBACNC,OAAQ,uBACRC,iBAAkB,+BAClBC,aAAc,8BACdC,cAAe,+BACfC,YAAa,6BACbC,YAAa,6BACbC,kBAAmB,4BACnBC,cAAe,+BACfC,sBAAuB,uCACvBC,QAAS,gCACTC,WAAY,mCACZC,UAAW,kCACXC,aAAc,qCACdC,YAAa,6BACbC,eAAgB,gCAChBC,mBAAoB,8BACpBC,yBAA0B,oCAC1BC,6BAA8B,yCAxBnBvB,EA0BF,CACTC,OAAQ,4BACRI,KAAM,qBACNC,OAAQ,4BACRJ,OAAQ,4BACRsB,WAAY,gCACZC,SAAU,8BACVtB,OAAQ,6BAjCGH,EAmCL,CACNC,OAAQ,yBACRC,OAAQ,yBACRC,OAAQ,yBACRuB,QAAS,uBAvCE1B,EAyCR,CACH2B,SAAU,wBACVC,SAAU,wBACVC,QAAS,wBA5CE7B,EA8CR,CACHE,OAAQ,uBA/CGF,EAiDD,CACVC,OAAQ,6BACRC,OAAQ,6BACRC,OAAQ,6BACRuB,QAAS,2BArDE1B,EAuDP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRuB,QAAS,qBA3DE1B,EA6DP,CACJ8B,KAAM,qBACNC,OAAQ,uBACRC,OAAQ,wBAhEGhC,EAkEN,CACL+B,OAAQ,wBACRC,OAAQ,yBApEGhC,EAsEN,CACLiC,cAAe,qBACfC,uBAAwB,4BACxBC,oBAAqB,0BAzEVnC,EA2EN,CACLM,OAAQ,yBCzDZ,MAAM8B,EAAW,CAACC,EAAcC,KAA4B,CAC1DrC,OAAQ,CACNsC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAC,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAYnBC,eAAgB,CACdb,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAS,MAAM,EACNR,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBG,OAAQ,CACNf,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAU,QAAQ,EACRT,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBjD,OAAQ,CACNqC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EACEV,EAAIW,WAAWC,KACbjD,EAAcE,OACd,CACEqC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAC,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBhD,OAASoC,GACPQ,EACEV,EAAIW,WAAWC,KAAKjD,EAAcG,OAAQ,CAAEoC,WAAW,CAAE3C,MAAO0C,KAKpElC,mBAAoB,IAClB2C,EACEV,EAAIW,WAAW7C,OAAOH,EAAcI,mBAAoB,CAAER,MAAO0C,KAErEjC,KAAOkC,GACLQ,EACEV,EAAIW,WAAWnE,IAAImB,EAAcK,KAAM,CACrCkD,YAAa,CAAEhB,WACf3C,MAAO0C,KAERvE,GAASA,EAAKoF,OAQnBK,aAAeC,GACbV,EACEV,EAAIW,WAAWnE,IAAImB,EAAcK,KAAM,CACrCkD,YAAa,CAAEE,UACf7D,MAAO0C,KAERvE,GAASA,EAAKoF,OAanBO,UAAW,CACTC,EACAhB,EACAiB,EACAC,EACAC,EACAC,EACAlB,IAEAE,EACEV,EAAIW,WAAWC,KACbjD,EAAcM,OACd,CAAEqD,YAAWT,UAAWP,EAAOiB,QAAOC,OAAMC,gBAAeC,eAAclB,oBACzE,CAAEjD,MAAO0C,KAEVvE,GAASA,EAAKiG,QAUnBzD,iBAAkB,CAChBgC,EACA0B,IAEAlB,EACEV,EAAIW,WAAWnE,IAAImB,EAAcO,iBAAkB,CACjDgD,YAAa,CAAEhB,UAAS0B,YACxBrE,MAAO0C,KAERvE,GAASA,IAEd0D,SAAWc,GACTQ,EACEV,EAAIW,WAAWC,KACbjD,EAAcQ,aACd,CAAE+B,UAAS2B,OAAQ,WACnB,CAAEtE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB3B,WAAae,GACXQ,EACEV,EAAIW,WAAWC,KACbjD,EAAcQ,aACd,CAAE+B,UAAS2B,OAAQ,YACnB,CAAEtE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB1C,cAAe,CAAC8B,EAAiB4B,IAC/BpB,EACEV,EAAIW,WAAWC,KACbjD,EAAcS,cACd,CAAE8B,UAAS4B,cACX,CAAEvE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBzC,YAAa,CACX6B,EACAC,EACA4B,IAEArB,EACEV,EAAIW,WAAWC,KACbjD,EAAcU,YACd,CAAE6B,UAASC,QAAO6B,SAAUD,GAC5B,CAAExE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBxC,YAAa,CACX4B,EACAE,EACA2B,IAEArB,EACEV,EAAIW,WAAWC,KACbjD,EAAcW,YACd,CAAE4B,UAASE,QAAO4B,SAAUD,GAC5B,CAAExE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBvC,kBAAmB,CAAC2B,EAAiBG,IACnCK,EACEV,EAAIW,WAAWC,KACbjD,EAAcY,kBACd,CAAE2B,UAASG,eACX,CAAE9C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBtC,cAAe,CAAC0B,EAAiBO,IAC/BC,EACEV,EAAIW,WAAWC,KACbjD,EAAca,cACd,CAAE0B,UAASO,WACX,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBrC,sBAAuB,CACrByB,EACA+B,EACAC,IAEAxB,EACEV,EAAIW,WAAWC,KACbjD,EAAcc,sBACd,CAAEyB,UAAS+B,eAAcC,kBACzB,CAAE3E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBqB,SAAU,CAACjC,EAAiBI,IAC1BI,EACEV,EAAIW,WAAWC,KACbjD,EAAce,QACd,CAAEwB,UAASW,UAAWP,GACtB,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBsB,YAAa,CAAClC,EAAiBI,IAC7BI,EACEV,EAAIW,WAAWC,KACbjD,EAAcgB,WACd,CAAEuB,UAASW,UAAWP,GACtB,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBlC,UAAW,CAACsB,EAAiBmC,IAC3B3B,EACEV,EAAIW,WAAWC,KAAKjD,EAAciB,UAAW,CAAEsB,UAASmC,YAAY,CAAE9E,MAAO0C,KAC5EvE,GAASA,EAAKoF,OAEnBjC,aAAc,CAACqB,EAAiBmC,IAC9B3B,EACEV,EAAIW,WAAWC,KACbjD,EAAckB,aACd,CAAEqB,UAASmC,YACX,CAAE9E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBwB,eAAgB,CACdpC,EACAmC,EACA/B,IAEAI,EACEV,EAAIW,WAAWC,KACbjD,EAAce,QACd,CAAEwB,UAASmC,WAAUxB,UAAWP,GAChC,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnByB,kBAAmB,CACjBrC,EACAmC,EACA/B,IAEAI,EACEV,EAAIW,WAAWC,KACbjD,EAAcgB,WACd,CAAEuB,UAASmC,WAAUxB,UAAWP,GAChC,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAanB0B,uBAAwB,CACtBC,EACAvC,IAEAQ,EACEV,EAAIW,WAAWC,KACbjD,EAAcqB,mBACd,CAAEyD,iBAAgBvC,WAClB,CAAE3C,MAAO0C,KAEVvE,GAASA,IAcdgH,6BAA8B,CAC5BD,EACAvC,EACAyC,IAEAjC,EACEV,EAAIW,WAAWC,KACbjD,EAAcsB,yBACd,CAAEwD,iBAAgBvC,UAAS0C,IAAKD,GAChC,CAAEpF,MAAO0C,KAEVvE,GAASA,IAadmH,iCAAkC,CAChC3C,EACAyC,IAEAjC,EACEV,EAAIW,WAAWC,KACbjD,EAAcuB,6BACd,CAAEgB,UAAS0C,IAAKD,GAChB,CAAEpF,MAAO0C,KAEVvE,GAASA,IAWdoD,YAAa,CAACoB,EAAiB4C,IAC7BpC,EACEV,EAAIW,WAAWC,KACbjD,EAAcmB,YACd,CAAEoB,UAAS4C,YACX,CAAEvF,MAAO0C,KAEVvE,GAASA,IASdqD,eAAiBmB,GACfQ,EACEV,EAAIW,WAAWC,KAAKjD,EAAcoB,eAAgB,CAAEmB,WAAW,CAAE3C,MAAO0C,KACvEvE,GAASA,MCrcVqH,EAAa,CAAC/C,EAAcC,KAA4B,CAC5DrC,OAAQ,CACNlB,EACAsG,IAEAtC,EACEV,EAAIW,WAAWC,KACbjD,EAAgBC,OAChB,CAAElB,OAAMsG,2BACR,CAAEzF,MAAO0C,KAGfgD,aAAc,CACZC,EACAxG,EACAsG,IAEAtC,EACEV,EAAIW,WAAWC,KACbjD,EAAgBC,OAChB,CAAEsF,KAAIxG,OAAMsG,2BACZ,CAAEzF,MAAO0C,KAGfpC,OAAQ,CACNqF,EACAxG,EACAsG,IAEAtC,EACEV,EAAIW,WAAWC,KACbjD,EAAgBE,OAChB,CAAEqF,KAAIxG,OAAMsG,2BACZ,CAAEzF,MAAO0C,KAGfnC,OAASoF,GACPxC,EACEV,EAAIW,WAAWC,KAAKjD,EAAgBG,OAAQ,CAAEoF,MAAM,CAAE3F,MAAO0C,KAEjEZ,QAAS,IACPqB,EACEV,EAAIW,WAAWnE,IAAImB,EAAgB0B,QAAS,CAC1C9B,MAAO0C,KAERvE,GAASA,EAAKyH,YCjDfC,EAAU,CAACpD,EAAcC,KAA4B,CACzDpC,OAAQ,CACNwF,EACAC,IAEA5C,EACEV,EAAIW,WAAWC,KAAKjD,EAAaE,OAAQ,CAAEwF,MAAKC,gBAAgB,CAAE/F,MAAO0C,OCFzEsD,EAAiB,CAACvD,EAAcC,KAA4B,CAChErC,OAAQ,CAAClB,EAAc8G,IACrB9C,EACEV,EAAIW,WAAWC,KACbjD,EAAoBC,OACpB,CAAElB,OAAM8G,eACR,CAAEjG,MAAO0C,KAGfpC,OAAQ,CAACnB,EAAc+G,EAAiBD,IACtC9C,EACEV,EAAIW,WAAWC,KACbjD,EAAoBE,OACpB,CAAEnB,OAAM+G,UAASD,eACjB,CAAEjG,MAAO0C,KAGfnC,OAASpB,GACPgE,EACEV,EAAIW,WAAWC,KAAKjD,EAAoBG,OAAQ,CAAEpB,QAAQ,CAAEa,MAAO0C,KAEvEZ,QAAS,IACPqB,EACEV,EAAIW,WAAWnE,IAAImB,EAAoB0B,QAAS,CAC9C9B,MAAO0C,KAERvE,GAASA,EAAKgI,gBC1BfC,EAAW,CAAC3D,EAAcC,KAA4B,CAC1DrC,OAAQ,CACNlB,EACA8G,EACAI,IAEAlD,EACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CAAElB,OAAM8G,cAAaI,mBACrB,CAAErG,MAAO0C,KAGfpC,OAAQ,CACNnB,EACA+G,EACAD,EACAI,IAEAlD,EACEV,EAAIW,WAAWC,KACbjD,EAAcE,OACd,CAAEnB,OAAM+G,UAASD,cAAaI,mBAC9B,CAAErG,MAAO0C,KAGfnC,OAASpB,GACPgE,EACEV,EAAIW,WAAWC,KAAKjD,EAAcG,OAAQ,CAAEpB,QAAQ,CAAEa,MAAO0C,KAEjEZ,QAAS,IACPqB,EACEV,EAAIW,WAAWnE,IAAImB,EAAc0B,QAAS,CACxC9B,MAAO0C,KAERvE,GAASA,EAAK4E,UCvCfuD,EAAY,CAAC7D,EAAcC,KAA4B,CAM3DL,cAAgByC,GACd3B,EACEV,EAAIW,WAAWC,KAAKjD,EAAeiC,cAAe,CAAEyC,YAAY,CAAE9E,MAAO0C,KAU7EJ,uBAAwB,CACtBwC,EACAyB,EACAC,IAEArD,EACEV,EAAIW,WAAWC,KACbjD,EAAekC,uBACf,CAAEwC,WAAU0B,WAAUD,WACtB,CAAEvG,MAAO0C,KAUfH,oBAAqB,CAACuC,EAAkB2B,IACtCtD,EACEV,EAAIW,WAAWC,KACbjD,EAAemC,oBACf,CAAEuC,WAAU2B,WACZ,CAAEzG,MAAO0C,OC1CXgE,EAAkB,CAACjE,EAAcC,KAA4B,CACjEiE,YAAc7B,GACZ3B,EACEV,EAAIW,WAAWnE,IAAImB,EAAa2B,SAAU,CACxC4B,YAAa,CAAEmB,YACf9E,MAAO0C,KAERvE,GAASA,IAEdyI,eAAiB9B,GACf3B,EACEV,EAAIW,WAAW7C,OAAOH,EAAa2B,SAAU,CAC3C4B,YAAa,CAAEmB,YACf9E,MAAO0C,KAGbmE,kBAAmB,CACjB/B,EACAgC,EACAC,EACAC,EACAC,EACAC,IAEA/D,EACEV,EAAIW,WAAWC,KACbjD,EAAa2B,SACb,CAAE+C,WAAUgC,SAAQE,WAAUD,UAASE,cAAaC,UACpD,CAAElH,MAAO0C,KAGfyE,kBAAmB,CAACrC,EAAkBsC,IACpCjE,EACEV,EAAIW,WAAWC,KACbjD,EAAa4B,SACb,CAAE8C,WAAUsC,kBACZ,CAAEpH,MAAO0C,KAGf2E,iBAAkB,CAChBvC,EACAwC,EACAC,IAEApE,EACEV,EAAIW,WAAWC,KACbjD,EAAa6B,QACb,CAAE6C,WAAUwC,eAAcC,oBAC1B,CAAEvH,MAAO0C,OCxCX8E,EAAgB,CAAC/E,EAAcC,KAA4B,CAS/DrC,OAAQ,CACNlB,EACAsI,EACA1E,EACA2E,IAEAvE,EACEV,EAAIW,WAAWC,KACbjD,EAAmBC,OACnB,CAAElB,OAAMsI,aAAYnE,UAAWP,EAAO2E,cACtC,CAAE1H,MAAO0C,KAQfjC,KAAOkF,GACLxC,EACEV,EAAIW,WAAWnE,IAAImB,EAAmBK,KAAM,CAC1CkD,YAAa,CAAEgC,MACf3F,MAAO0C,KAERvE,GAASA,EAAKwJ,MAOnB7D,UAAYC,GACVZ,EACEV,EAAIW,WAAWC,KAAKjD,EAAmBM,OAAQ,CAAEqD,aAAa,CAAE/D,MAAO0C,KACtEvE,GAASA,EAAKyJ,OAQnBtH,OAAQ,CAACqF,EAAYxG,IACnBgE,EACEV,EAAIW,WAAWC,KAAKjD,EAAmBE,OAAQ,CAAEqF,KAAIxG,QAAQ,CAAEa,MAAO0C,KACrEvE,GAASA,EAAKwJ,MAOnB/F,WAAa+D,GACXxC,EACEV,EAAIW,WAAWC,KAAKjD,EAAmBwB,WAAY,CAAE+D,MAAM,CAAE3F,MAAO0C,KAMxEb,SAAW8D,GACTxC,EACEV,EAAIW,WAAWC,KAAKjD,EAAmByB,SAAU,CAAE8D,MAAM,CAAE3F,MAAO0C,KAMtEnC,OAASoF,GACPxC,EACEV,EAAIW,WAAWC,KAAKjD,EAAmBG,OAAQ,CAAEoF,MAAM,CAAE3F,MAAO0C,OCvFhEmF,EAAW,CAACpF,EAAcC,KAA4B,CAC1DR,KAAM,IACJiB,EAAkBV,EAAIW,WAAWC,KAAKjD,EAAc8B,KAAM,CAAE,EAAE,CAAElC,MAAO0C,KACzEP,OAAS2F,GACP3E,EACEV,EAAIW,WAAWC,KAAKjD,EAAc+B,OAAQ,CAAE2F,UAAU,CAAE9H,MAAO0C,KAEnEN,OAAQ,CAAC0F,EAAgBC,EAAYC,IACnC7E,EACEV,EAAIW,WAAWC,KACbjD,EAAcgC,OACd,CAAE0F,SAAQC,OAAMC,WAChB,CAAEhI,MAAO0C,OCZXuF,EAAY,CAACxF,EAAcC,KAA4B,CAC3DP,OAAQ,IACNgB,EAAkBV,EAAIW,WAAWC,KAAKjD,EAAe+B,OAAQ,CAAE,EAAE,CAAEnC,MAAO0C,KAC5EN,OAAS8F,GACP/E,EACEV,EAAIW,WAAWC,KAAKjD,EAAegC,OAAQ,CAAE8F,SAAS,CAAElI,MAAO0C,OCL/DyF,EAAY,CAAC1F,EAAcC,KAA4B,CAM3DhC,OAAS0H,IACP,MAAMC,EAAY5I,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA0I,GAAe,CAAAE,YAAaF,EAAc5B,WAE5D,cADO6B,EAAK7B,SACLrD,EACLV,EAAIW,WAAWC,KAAKjD,EAAeM,OAAQ2H,EAAM,CAAErI,MAAO0C,KACzDvE,GACCA,eAAAA,EAAMoK,OAAOC,KAAKC,IAChB,MAAMC,EACDjJ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA+I,IACHE,SAAUC,WAAWH,EAAEE,UACvBnC,SAAUiC,EAAEH,cAGd,cADOI,EAAIJ,YACJI,CAAG,KAEf,UCxBa,QAAlB5J,EAAA+J,WAAWC,eAAO,IAAAhK,IAAlB+J,WAAWC,QAAYA,GAEvB,MAGMC,EAAe,IAAI9K,KAGvBA,EAAK+K,SAASC,YAEZA,YAASnK,GAAAS,EAAA0J,GAAYC,+BAAAA,cARD,UAQmC,IAGlDC,KAAalL,ICMhBmL,EAAWtK,WAAA4D,cAAEA,EAAa2G,UAAEA,GAASvK,EAAKwK,EAAM/K,EAAAO,EAArC,+BACf,MAAMyK,EAAUC,EACX/J,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA4J,UACHG,EACAC,YAAWjK,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EACN4J,EAAOI,cACV,qBAAsB,SACtB,8BAAiD,UAAZ,OAAPC,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAArK,OAAA,EAAAA,EAAAsK,OAAQ,GACzD,wBAAyB,cAIvBC,UAAEA,EAASC,OAAEA,GAAWT,EAExB1B,EAA6C,CAAA,EAgC7CoC,ECrDe,EAACvH,EAAcC,KAA4B,CAChEa,KAAMf,EAASC,EAAKC,GACpBuH,UAAWzC,EAAc/E,EAAKC,GAC9B5C,OAAQ0F,EAAW/C,EAAKC,GACxBwH,IAAKxD,EAAgBjE,EAAKC,GAC1BoD,IAAKD,EAAQpD,EAAKC,GAClByH,WAAYnE,EAAevD,EAAKC,GAChC0H,KAAMhE,EAAS3D,EAAKC,GACpB2H,MAAO/D,EAAU7D,EAAKC,GACtBqF,KAAMF,EAASpF,EAAKC,GACpBwF,MAAOD,EAAUxF,EAAKC,GACtB4H,MAAOnC,EAAU1F,EAAKC,KD0CH6H,CAAehB,EAAS7G,GAErCD,iCACD8G,GAAO,CAOVS,aAGAhM,aAAawM,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMC,MAAM,gCAE9B,GAAI9C,EAAK4C,EAAOC,KAAM,OAAO7C,EAAK4C,EAAOC,KAKzC,GAFAhL,OAAOC,OAAOkI,OAhDA5J,WAChB,GAAIqL,EACF,IACE,MAAMsB,EAAYC,KAAKC,MAAMxB,GACvB1B,QAAYmD,EAAUH,GAC5B,MAAO,CACL,CAACA,EAAUF,KAAM9C,EAKpB,CAHC,MAAOoD,GAEP,MADAhB,SAAAA,EAAQiB,MAAM,0CAA2CD,GACnD,IAAIL,MAAM,sCAAsCK,IACvD,CAGH,MAGME,SAHoB1B,EAAQnG,WAC/BnE,IAAI,WAAW6K,KACfoB,MAAMhN,GAASA,EAAKiN,UACevD,KACtC,OAAK3H,MAAMC,QAAQ+K,UACQG,QAAQC,IACjCJ,EAAWzC,KAAIxK,MAAO2J,GAAQ,CAACA,EAAI8C,UAAWK,EAAUnD,QAGtC2D,QAClB,CAACC,GAAMd,EAAKe,KAAUf,EAAWhL,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA6L,IAAK,CAACd,EAAIgB,YAAaD,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAsB2BG,KAErB9D,EAAK4C,EAAOC,KAAM,MAAMC,MAAM,gCAEnC,OAAO9C,EAAK4C,EAAOC,IACpB,EAODzM,kBAAkB8H,SAEhB,MACM9F,SADY2L,EAAU7F,EAAKrD,EAAImJ,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAI9L,IACFA,EAAM+L,IAAe,QAATjN,EAAAkB,EAAM+L,WAAG,IAAAjN,OAAA,EAAAA,EAAEkN,MAAM,KAAKC,MAC9BjM,EAAM+L,MAAQjC,GAEhB,MAAM,IAAIoC,EAAOC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAErG,MAAK9F,QACf,EAODhC,sBAAsBoO,GACpB,IAAKA,EAAc,MAAM1B,MAAM,4CAE/B,IAEE,aADoBjI,EAAI4J,YAAYD,EAMrC,CAJC,MAAOpB,GAGP,MADAjB,SAAAA,EAAQiB,MAAM,4BAA6BA,GACrCN,MAAM,qCAAqCM,IAClD,CACF,EAODhN,qBAAqBsO,WACnB,IAAKA,EAAc,MAAM5B,MAAM,kDAE/B,UACQjI,EAAI4J,YAAYC,GACtB,MAAMC,QAAgB9J,EAAI+J,QAAQF,GAClC,GAAIC,EAAQE,GAAI,CAEd,aADoBhK,EAAI4J,YAA0B,QAAdvN,EAAAyN,EAAQpO,YAAM,IAAAW,OAAA,EAAAA,EAAA4N,WAEnD,CAED,MAAMhC,MAAmB,QAAbnL,EAAAgN,EAAQvB,aAAK,IAAAzL,OAAA,EAAAA,EAAEoN,aAK5B,CAJC,MAAOC,GAGP,MADA7C,SAAAA,EAAQiB,MAAM,kCAAmC4B,GAC3ClC,MAAM,2CAA2CkC,IACxD,CACF,EAQD5O,gCACEoO,EACAE,GAEA,IAAKF,IAAiBE,EAAc,MAAM5B,MAAM,6CAEhD,IAEE,aADoBjI,EAAIoK,gBAAgBT,EAKzC,CAHC,MAAOpB,GAEPjB,SAAAA,EAAQ+C,IAAI,wCAAwC9B,2BACrD,CAED,OAAOvI,EAAIsK,eAAeT,EAC3B,EAODtO,wBAAwBiM,GACtB,IAAKA,EAAW,MAAMS,MAAM,gCAE5B,IAAIxM,EACJ,IACEA,QAAauE,EAAIwH,UAAU+C,SAAS/C,EAIrC,CAHC,MAAOe,GAEP,MADAjB,SAAAA,EAAQiB,MAAM,gCAAiCA,GACzCN,MAAM,8DAA8DM,IAC3E,CAED,MAAM0B,WAAEA,GAAexO,EAAKC,KAC5B,IAAKuO,EAEH,MADA3C,SAAAA,EAAQiB,MAAM,gDACRN,MAAM,iCAGd,IAEE,aADoBjI,EAAI4J,YAAYK,EAKrC,CAHC,MAAO1B,GAEP,MADAjB,SAAAA,EAAQiB,MAAM,sCAAuCA,GAC/CN,MAAM,kEAAkEM,IAC/E,CACF,EAQDiC,oBAAmB,CAACrN,EAA8BuG,IACzC1D,EAAIyK,0BAA0BtN,EAAU,KAAMuG,GASvD+G,0BACEtN,EACAE,EACAqG,GAGA,GAAIrG,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAMqN,EAAUxN,EAA2BC,EftOb,cesO6CE,GAC3E,OAAOqG,EAAYiH,OAAOC,GAASF,EAAQG,SAASD,IACrD,EAQDE,cAAa,CAAC3N,EAA8BmD,IACnCN,EAAI+K,oBAAoB5N,EAAU,KAAMmD,GASjDyK,oBAAoB5N,EAA8BE,EAAgBiD,GAEhE,GAAIjD,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAM2N,EAAa9N,EAA2BC,Ef5PtB,Qe4PgDE,GACxE,OAAOiD,EAAMqK,OAAOhD,GAASqD,EAAWH,SAASlD,IAClD,IAGH,OAAOsD,EACLjL,EACA,CACE,mBACA,iBACA,sBACA,mBACA,uBACA,uBACA,iBACA,gBACA,cACA,yBACA,yBACA,WAEF3E,EACD,EAoBHsL,EAAQuE,uBf9S8B,Me+StCvE,EAAQwE,uBf7S8B"}
1	+ {"version":3,"file":"index.esm.js","sources":["../lib/constants.ts","../lib/helpers.ts","../lib/management/paths.ts","../lib/management/user.ts","../lib/management/tenant.ts","../lib/management/jwt.ts","../lib/management/permission.ts","../lib/management/role.ts","../lib/management/group.ts","../lib/management/sso.ts","../lib/management/accesskey.ts","../lib/management/flow.ts","../lib/management/theme.ts","../lib/management/audit.ts","../lib/fetch-polyfill.ts","../lib/index.ts","../lib/management/index.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name /\nexport const refreshTokenCookieName = 'DSR';\n/* Session JWT cookie name /\nexport const sessionTokenCookieName = 'DS';\n/* The key of the tenants claims in the claims map /\nexport const authorizedTenantsClaimName = 'tenants';\n/* The key of the permissions claims in the claims map either under tenant or top level /\nexport const permissionsClaimName = 'permissions';\n/* The key of the roles claims in the claims map either under tenant or top level /\nexport const rolesClaimName = 'roles';\n","import type { SdkFnWrapper } from '@descope/core-js-sdk';\nimport { authorizedTenantsClaimName, refreshTokenCookieName } from './constants';\nimport { AuthenticationInfo } from './types';\n\n/\n Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n /\nconst generateCookie = (name: string, value: string, options?: Record<string, string \| number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain \|\| ''}; Max-Age=${\n options?.cookieMaxAge \|\| ''\n }; Path=${options?.cookiePath \|\| '/'}; HttpOnly; SameSite=Strict`;\n\n/\n Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n /\nconst getCookieValue = (cookie: string \| null \| undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^\|;\\\\s)${name}=([^;])`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/\n Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n /\nexport const withCookie: SdkFnWrapper<{ refreshJwt?: string; cookies?: string[] }> =\n (fn) =>\n async (...args) => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { refreshJwt, ...rest } = resp.data;\n const cookies: string[] = [];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/\n Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns the claim for the given tenant or top level if tenant is empty\n /\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n\n/\n Check if the user is associated with the given tenant\n * @param authInfo The parsed authentication info from the JWT\n * @param tenant tenant to check if user is associated with\n * @returns true if user is associated with the tenant\n /\nexport function isUserAssociatedWithTenant(authInfo: AuthenticationInfo, tenant: string): boolean {\n return !!authInfo.token[authorizedTenantsClaimName]?.[tenant];\n}\n","/* API paths for the Descope service Management APIs /\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n update: '/v1/mgmt/user/update',\n delete: '/v1/mgmt/user/delete',\n deleteAllTestUsers: '/v1/mgmt/user/test/delete/all',\n load: '/v1/mgmt/user',\n search: '/v1/mgmt/user/search',\n getProviderToken: '/v1/mgmt/user/provider/token',\n updateStatus: '/v1/mgmt/user/update/status',\n updateLoginId: '/v1/mgmt/user/update/loginid',\n updateEmail: '/v1/mgmt/user/update/email',\n updatePhone: '/v1/mgmt/user/update/phone',\n updateDisplayName: '/v1/mgmt/user/update/name',\n updatePicture: '/v1/mgmt/user/update/picture',\n updateCustomAttribute: '/v1/mgmt/user/update/customAttribute',\n addRole: '/v1/mgmt/user/update/role/add',\n removeRole: '/v1/mgmt/user/update/role/remove',\n addTenant: '/v1/mgmt/user/update/tenant/add',\n removeTenant: '/v1/mgmt/user/update/tenant/remove',\n setPassword: '/v1/mgmt/user/password/set',\n expirePassword: '/v1/mgmt/user/password/expire',\n generateOTPForTest: '/v1/mgmt/tests/generate/otp',\n generateMagicLinkForTest: '/v1/mgmt/tests/generate/magiclink',\n generateEnchantedLinkForTest: '/v1/mgmt/tests/generate/enchantedlink',\n },\n accessKey: {\n create: '/v1/mgmt/accesskey/create',\n load: '/v1/mgmt/accesskey',\n search: '/v1/mgmt/accesskey/search',\n update: '/v1/mgmt/accesskey/update',\n deactivate: '/v1/mgmt/accesskey/deactivate',\n activate: '/v1/mgmt/accesskey/activate',\n delete: '/v1/mgmt/accesskey/delete',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n load: '/v1/mgmt/tenant',\n loadAll: '/v1/mgmt/tenant/all',\n },\n sso: {\n settings: '/v1/mgmt/sso/settings',\n metadata: '/v1/mgmt/sso/metadata',\n mapping: '/v1/mgmt/sso/mapping',\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n },\n flow: {\n list: '/v1/mgmt/flow/list',\n export: '/v1/mgmt/flow/export',\n import: '/v1/mgmt/flow/import',\n },\n theme: {\n export: '/v1/mgmt/theme/export',\n import: '/v1/mgmt/theme/import',\n },\n group: {\n loadAllGroups: '/v1/mgmt/group/all',\n loadAllGroupsForMember: '/v1/mgmt/group/member/all',\n loadAllGroupMembers: '/v1/mgmt/group/members',\n },\n audit: {\n search: '/v1/mgmt/audit/search',\n },\n};\n","import { DeliveryMethod, SdkResponse, transformResponse, UserResponse } from '@descope/core-js-sdk';\nimport {\n ProviderTokenResponse,\n AssociatedTenant,\n GenerateEnchantedLinkForTestResponse,\n GenerateMagicLinkForTestResponse,\n GenerateOTPForTestResponse,\n AttributesTypes,\n} from './types';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n /\n Create a new test user.\n * The loginID is required and will determine what the user will use to sign in.\n * Make sure the login id is unique for test. All other fields are optional.\n \n You can later generate OTP, Magic link and enchanted link to use in the test without the need\n * of 3rd party messaging services.\n * Those users are not counted as part of the monthly active users\n * @returns The UserResponse if found, throws otherwise.\n /\n createTestUser: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n test: true,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n invite: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.create,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n invite: true,\n customAttributes,\n picture,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n update: (\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.update,\n {\n loginId,\n email,\n phone,\n displayName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n delete: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { loginId }, { token: managementKey }),\n ),\n /\n Delete all test users in the project.\n /\n deleteAllTestUsers: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.user.deleteAllTestUsers, { token: managementKey }),\n ),\n load: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { loginId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Load an existing user by user ID. The ID can be found\n * on the user's JWT.\n * @param userId load a user by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n /\n loadByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { userId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Search all users. Results can be filtered according to tenants and/or\n * roles, and also paginated used the limit and page parameters.\n * @param tenantIds optional list of tenant IDs to filter by\n * @param roles optional list of roles to filter by\n * @param limit optionally limit the response, leave out for default limit\n * @param page optionally paginate over the response\n * @param testUsersOnly optionally filter only test users\n * @param withTestUser optionally include test users in search\n * @returns An array of UserResponse found by the query\n /\n searchAll: (\n tenantIds?: string[],\n roles?: string[],\n limit?: number,\n page?: number,\n testUsersOnly?: boolean,\n withTestUser?: boolean,\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n { tenantIds, roleNames: roles, limit, page, testUsersOnly, withTestUser, customAttributes },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /\n Get the provider token for the given login ID.\n * Only users that logged-in using social providers will have token.\n * Note: The 'Manage tokens from provider' setting must be enabled.\n * @param loginId the login ID of the user\n * @param provider the provider name (google, facebook, etc.).\n * @returns The ProviderTokenResponse of the given user and provider\n /\n getProviderToken: (\n loginId: string,\n provider: string,\n ): Promise<SdkResponse<ProviderTokenResponse>> =>\n transformResponse<ProviderTokenResponse>(\n sdk.httpClient.get(apiPaths.user.getProviderToken, {\n queryParams: { loginId, provider },\n token: managementKey,\n }),\n (data) => data,\n ),\n activate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'enabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n deactivate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'disabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateLoginId: (loginId: string, newLoginId?: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateLoginId,\n { loginId, newLoginId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateEmail: (\n loginId: string,\n email: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateEmail,\n { loginId, email, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePhone: (\n loginId: string,\n phone: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePhone,\n { loginId, phone, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateDisplayName: (loginId: string, displayName: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateDisplayName,\n { loginId, displayName },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePicture: (loginId: string, picture: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePicture,\n { loginId, picture },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateCustomAttribute: (\n loginId: string,\n attributeKey: string,\n attributeValue: AttributesTypes,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateCustomAttribute,\n { loginId, attributeKey, attributeValue },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.addTenant, { loginId, tenantId }, { token: managementKey }),\n (data) => data.user,\n ),\n removeTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n\n /\n Generate OTP for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * Returns the code for the login (exactly as it sent via Email or SMS)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @returns GenerateOTPForTestResponse which includes the loginId and the OTP code\n /\n generateOTPForTestUser: (\n deliveryMethod: DeliveryMethod,\n loginId: string,\n ): Promise<SdkResponse<GenerateOTPForTestResponse>> =>\n transformResponse<GenerateOTPForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateOTPForTest,\n { deliveryMethod, loginId },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Magic Link for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * It returns the link for the login (exactly as it sent via Email)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @returns GenerateMagicLinkForTestResponse which includes the loginId and the magic link\n /\n generateMagicLinkForTestUser: (\n deliveryMethod: DeliveryMethod,\n loginId: string,\n uri: string,\n ): Promise<SdkResponse<GenerateMagicLinkForTestResponse>> =>\n transformResponse<GenerateMagicLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateMagicLinkForTest,\n { deliveryMethod, loginId, URI: uri },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Enchanted Link for the given login ID of a test user.\n * It returns the link for the login (exactly as it sent via Email)\n * and pendingRef which is used to poll for a valid session\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @returns GenerateEnchantedLinkForTestResponse which includes the loginId, the enchanted link and the pendingRef\n /\n generateEnchantedLinkForTestUser: (\n loginId: string,\n uri: string,\n ): Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>> =>\n transformResponse<GenerateEnchantedLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEnchantedLinkForTest,\n { loginId, URI: uri },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Set password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId login ID of a test user\n * @param password The password to set for the user\n /\n setPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Expire password for the given login ID.\n * Note: user sign-in with an expired password, the user will get an error with code.\n * Use the `ResetPassword` or `ReplacePassword` methods to reset/replace the password.\n * @param loginId login ID of a test user\n /\n expirePassword: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.expirePassword, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n});\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CreateTenantResponse, Tenant } from './types';\n\ntype MultipleTenantResponse = {\n tenants: Tenant[];\n};\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n createWithId: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { id, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n update: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { id, name, selfProvisioningDomains },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { id }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<Tenant>> =>\n transformResponse<Tenant, Tenant>(\n sdk.httpClient.get(apiPaths.tenant.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.get(apiPaths.tenant.loadAll, {\n token: managementKey,\n }),\n (data) => data.tenants,\n ),\n});\n\nexport default withTenant;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UpdateJWTResponse } from './types';\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Group } from './types';\n\nconst withGroup = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Load all groups for a specific tenant id.\n * @param tenantId Tenant ID to load groups from.\n * @returns Group[] list of groups\n /\n loadAllGroups: (tenantId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(apiPaths.group.loadAllGroups, { tenantId }, { token: managementKey }),\n ),\n\n /\n Load all groups for the provided user IDs or login IDs.\n * @param tenantId Tenant ID to load groups from.\n * @param userIds Optional List of user IDs, with the format of \"U2J5ES9S8TkvCgOvcrkpzUgVTEBM\" (example), which can be found on the user's JWT.\n * @param loginIds Optional List of login IDs, how the user identifies when logging in.\n * @returns Group[] list of groups\n /\n loadAllGroupsForMember: (\n tenantId: string,\n userIds: string[],\n loginIds: string[],\n ): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupsForMember,\n { tenantId, loginIds, userIds },\n { token: managementKey },\n ),\n ),\n\n /\n Load all members of the provided group id.\n * @param tenantId Tenant ID to load groups from.\n * @param groupId Group ID to load members for.\n * @returns Group[] list of groups\n /\n loadAllGroupMembers: (tenantId: string, groupId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupMembers,\n { tenantId, groupId },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withGroup;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { RoleMappings, AttributeMapping, SSOSettingsResponse } from './types';\n\nconst withSSOSettings = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: (tenantId: string): Promise<SdkResponse<SSOSettingsResponse>> =>\n transformResponse<SSOSettingsResponse>(\n sdk.httpClient.get(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n deleteSettings: (tenantId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n ),\n configureSettings: (\n tenantId: string,\n idpURL: string,\n idpCert: string,\n entityId: string,\n redirectURL: string,\n domain: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.settings,\n { tenantId, idpURL, entityId, idpCert, redirectURL, domain },\n { token: managementKey },\n ),\n ),\n configureMetadata: (\n tenantId: string,\n idpMetadataURL: string,\n redirectURL: string,\n domain: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.metadata,\n { tenantId, idpMetadataURL, redirectURL, domain },\n { token: managementKey },\n ),\n ),\n configureMapping: (\n tenantId: string,\n roleMappings?: RoleMappings,\n attributeMapping?: AttributeMapping,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.mapping,\n { tenantId, roleMappings, attributeMapping },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withSSOSettings;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AccessKey, AssociatedTenant, CreatedAccessKeyResponse } from './types';\n\ntype SingleKeyResponse = {\n key: AccessKey;\n};\n\ntype MultipleKeysResponse = {\n keys: AccessKey[];\n};\n\nconst withAccessKey = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Create a new access key for a project.\n * @param name Access key name\n * @param expireTime When the access key expires. Keep at 0 to make it indefinite.\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param keyTenants Optional associated tenants for this key and its roles for each.\n * @returns A newly created key and its cleartext. Make sure to save the cleartext securely.\n /\n create: (\n name: string,\n expireTime: number,\n roles?: string[],\n keyTenants?: AssociatedTenant[],\n ): Promise<SdkResponse<CreatedAccessKeyResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.accessKey.create,\n { name, expireTime, roleNames: roles, keyTenants },\n { token: managementKey },\n ),\n ),\n /\n Load an access key.\n * @param id Access key ID to load\n * @returns The loaded access key.\n /\n load: (id: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.get(apiPaths.accessKey.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data.key,\n ),\n /\n Search all access keys\n * @param tenantIds Optional tenant ID filter to apply on the search results\n * @returns An array of found access keys\n /\n searchAll: (tenantIds?: string[]): Promise<SdkResponse<AccessKey[]>> =>\n transformResponse<MultipleKeysResponse, AccessKey[]>(\n sdk.httpClient.post(apiPaths.accessKey.search, { tenantIds }, { token: managementKey }),\n (data) => data.keys,\n ),\n /\n Update an access key.\n * @param id Access key ID to load\n * @param name The updated access key name\n * @returns The updated access key\n /\n update: (id: string, name: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.post(apiPaths.accessKey.update, { id, name }, { token: managementKey }),\n (data) => data.key,\n ),\n /\n Deactivate an access key. Deactivated access keys cannot be used until they are\n * activated again.\n * @param id Access key ID to deactivate\n /\n deactivate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.deactivate, { id }, { token: managementKey }),\n ),\n /\n Activate an access key. Only deactivated access keys can be activated again.\n * @param id Access key ID to activate\n /\n activate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.activate, { id }, { token: managementKey }),\n ),\n /\n Delete an access key. IMPORTANT: This cannot be undone. Use carefully.\n * @param id Access key ID to delete\n /\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.delete, { id }, { token: managementKey }),\n ),\n});\n\nexport default withAccessKey;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { FlowResponse, FlowsResponse, Screen, Flow } from './types';\n\nconst WithFlow = (sdk: CoreSdk, managementKey?: string) => ({\n list: (): Promise<SdkResponse<FlowsResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.flow.list, {}, { token: managementKey })),\n export: (flowId: string): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.export, { flowId }, { token: managementKey }),\n ),\n import: (flowId: string, flow: Flow, screens?: Screen[]): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.flow.import,\n { flowId, flow, screens },\n { token: managementKey },\n ),\n ),\n});\n\nexport default WithFlow;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Theme, ThemeResponse } from './types';\n\nconst WithTheme = (sdk: CoreSdk, managementKey?: string) => ({\n export: (): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.theme.export, {}, { token: managementKey })),\n import: (theme: Theme): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.theme.import, { theme }, { token: managementKey }),\n ),\n});\n\nexport default WithTheme;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AuditSearchOptions, AuditRecord } from './types';\n\nconst WithAudit = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Search the audit trail for up to last 30 days based on given optional parameters\n * @param searchOptions to filter which audit records to return\n * @returns the audit records array\n /\n search: (searchOptions: AuditSearchOptions): Promise<SdkResponse<AuditRecord[]>> => {\n const body = { ...searchOptions, externalIds: searchOptions.loginIds };\n delete body.loginIds;\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.search, body, { token: managementKey }),\n (data) =>\n data?.audits.map((a) => {\n const res = {\n ...a,\n occurred: parseFloat(a.occurred),\n loginIds: a.externalIds,\n };\n delete res.externalIds;\n return res;\n }),\n );\n },\n});\n\nexport default WithAudit;\n","import nodeFetch, { Headers } from 'node-fetch-commonjs';\n\nglobalThis.Headers ??= Headers;\n\nconst highWaterMarkMb = 1024 1024 * 30; // 30MB\n\n// we are increasing the response buffer size due to an issue where node-fetch hangs when response is too big\nconst patchedFetch = (...args: Parameters<typeof nodeFetch>) => {\n // we can get Request on the first arg, or RequestInfo on the second arg\n // we want to make sure we are setting the \"highWaterMark\" so we are doing it on both args\n args.forEach((arg) => {\n // eslint-disable-next-line no-param-reassign, @typescript-eslint/no-unused-expressions\n arg && ((arg as any).highWaterMark ??= highWaterMarkMb);\n });\n\n return nodeFetch(...args);\n};\n\nexport default patchedFetch as unknown as typeof fetch;\n","import createSdk, { ExchangeAccessKeyResponse, SdkResponse, wrapWith } from '@descope/core-js-sdk';\nimport { JWK, JWTHeaderParameters, KeyLike, errors, importJWK, jwtVerify } from 'jose';\nimport {\n permissionsClaimName,\n refreshTokenCookieName,\n rolesClaimName,\n sessionTokenCookieName,\n} from './constants';\nimport { getAuthorizationClaimItems, isUserAssociatedWithTenant, withCookie } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport fetch from './fetch-polyfill';\n\ndeclare const BUILD_VERSION: string;\n\n/** Configuration arguments which include the Descope core SDK args and an optional management key /\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n publicKey?: string;\n};\n\nconst nodeSdk = ({ managementKey, publicKey, ...config }: NodeSdkArgs) => {\n const coreSdk = createSdk({\n ...config,\n fetch,\n baseHeaders: {\n ...config.baseHeaders,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node \|\| '',\n 'x-descope-sdk-version': BUILD_VERSION,\n },\n });\n\n const { projectId, logger } = config;\n\n const keys: Record<string, KeyLike \| Uint8Array> = {};\n\n /* Fetch the public keys (JWKs) from Descope for the configured project /\n const fetchKeys = async () => {\n if (publicKey) {\n try {\n const parsedKey = JSON.parse(publicKey);\n const key = await importJWK(parsedKey);\n return {\n [parsedKey.kid]: key,\n };\n } catch (e) {\n logger?.error('Failed to parse the provided public key', e);\n throw new Error(`Failed to parse public key. Error: ${e}`);\n }\n }\n\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, managementKey);\n\n const sdk = {\n ...coreSdk,\n\n /\n Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n /\n management,\n\n /* Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. /\n async getKey(header: JWTHeaderParameters): Promise<KeyLike \| Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /\n Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n /\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /\n Validate an active session\n * @param sessionToken session JWT to validate\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateSession(sessionToken: string): Promise<AuthenticationInfo> {\n if (!sessionToken) throw Error('session token is required for validation');\n\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.error('session validation failed', error);\n throw Error(`session validation failed. Error: ${error}`);\n }\n },\n\n /\n Refresh the session using a refresh token\n * @param refreshToken refresh JWT to refresh the session with\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async refreshSession(refreshToken: string): Promise<AuthenticationInfo> {\n if (!refreshToken) throw Error('refresh token is required to refresh a session');\n\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n / istanbul ignore next /\n throw Error(jwtResp.error?.errorMessage);\n } catch (refreshTokenErr) {\n / istanbul ignore next /\n logger?.error('refresh token validation failed', refreshTokenErr);\n throw Error(`refresh token validation failed, Error: ${refreshTokenErr}`);\n }\n },\n\n /\n Validate session and refresh it if it expired\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateAndRefreshSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken) throw Error('both session and refresh tokens are empty');\n\n try {\n const token = await sdk.validateSession(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.log(`session validation failed with error ${error} - trying to refresh it`);\n }\n\n return sdk.refreshSession(refreshToken);\n },\n\n /\n Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @returns AuthenticationInfo with session JWT data\n /\n async exchangeAccessKey(accessKey: string): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error(`could not exchange access key - Failed to exchange. Error: ${error}`);\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error(`could not exchange access key - failed to validate jwt. Error: ${error}`);\n }\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, null, permissions);\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /\n Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, null, roles);\n },\n\n /\n Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n };\n\n return wrapWith(\n sdk,\n [\n 'otp.verify.email',\n 'otp.verify.sms',\n 'otp.verify.whatsapp',\n 'magicLink.verify',\n 'enchantedLink.signUp',\n 'enchantedLink.signIn',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ] as const,\n withCookie,\n );\n};\n\n/* Descope SDK client with delivery methods enum.\n \n Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n \n ```js\n * import descopeSdk from '@descope/node-sdk';\n \n const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n \n const userLoginId = 'loginId';\n * sdk.otp.signIn.email(userLoginId);\n * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);\n * ```\n /\n\nnodeSdk.RefreshTokenCookieName = refreshTokenCookieName;\nnodeSdk.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default nodeSdk;\nexport type {\n DeliveryMethod,\n OAuthProvider,\n ResponseData,\n SdkResponse,\n JWTResponse,\n} from '@descope/core-js-sdk';\nexport type { AuthenticationInfo };\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\nimport withGroup from './group';\nimport withSSOSettings from './sso';\nimport withAccessKey from './accesskey';\nimport WithFlow from './flow';\nimport WithTheme from './theme';\nimport WithAudit from './audit';\n\n/* Constructs a higher level Management API that wraps the functions from code-js-sdk */\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n accessKey: withAccessKey(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n sso: withSSOSettings(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n role: withRole(sdk, managementKey),\n group: withGroup(sdk, managementKey),\n flow: WithFlow(sdk, managementKey),\n theme: WithTheme(sdk, managementKey),\n audit: WithAudit(sdk, managementKey),\n});\n\nexport default withManagement;\n"],"names":["refreshTokenCookieName","authorizedTenantsClaimName","withCookie","fn","async","args","resp","data","_d","refreshJwt","rest","__rest","cookies","options","push","cookieDomain","cookieMaxAge","cookiePath","_a","response","headers","get","cookie","name","match","RegExp","getCookieValue","_b","_c","Object","assign","getAuthorizationClaimItems","authInfo","claim","tenant","value","token","Array","isArray","isUserAssociatedWithTenant","apiPaths","create","update","delete","deleteAllTestUsers","load","search","getProviderToken","updateStatus","updateLoginId","updateEmail","updatePhone","updateDisplayName","updatePicture","updateCustomAttribute","addRole","removeRole","addTenant","removeTenant","setPassword","expirePassword","generateOTPForTest","generateMagicLinkForTest","generateEnchantedLinkForTest","deactivate","activate","loadAll","settings","metadata","mapping","list","export","import","loadAllGroups","loadAllGroupsForMember","loadAllGroupMembers","withUser","sdk","managementKey","loginId","email","phone","displayName","roles","userTenants","customAttributes","picture","transformResponse","httpClient","post","roleNames","user","createTestUser","test","invite","verifiedEmail","verifiedPhone","queryParams","loadByUserId","userId","searchAll","tenantIds","limit","page","testUsersOnly","withTestUser","users","provider","status","newLoginId","isVerified","verified","attributeKey","attributeValue","addRoles","removeRoles","tenantId","addTenantRoles","removeTenantRoles","generateOTPForTestUser","deliveryMethod","generateMagicLinkForTestUser","uri","URI","generateEnchantedLinkForTestUser","password","withTenant","selfProvisioningDomains","createWithId","id","tenants","withJWT","jwt","customClaims","withPermission","description","newName","permissions","withRole","permissionNames","withGroup","userIds","loginIds","groupId","withSSOSettings","getSettings","deleteSettings","configureSettings","idpURL","idpCert","entityId","redirectURL","domain","configureMetadata","idpMetadataURL","configureMapping","roleMappings","attributeMapping","withAccessKey","expireTime","keyTenants","key","keys","WithFlow","flowId","flow","screens","WithTheme","theme","WithAudit","searchOptions","body","externalIds","audits","map","a","res","occurred","parseFloat","globalThis","Headers","patchedFetch","forEach","arg","highWaterMark","nodeFetch","nodeSdk","publicKey","config","coreSdk","createSdk","fetch","baseHeaders","process","versions","node","projectId","logger","management","accessKey","sso","permission","role","group","audit","withManagement","header","kid","Error","parsedKey","JSON","parse","importJWK","e","error","publicKeys","then","json","Promise","all","reduce","acc","jwk","toString","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","split","pop","errors","JWTClaimValidationFailed","sessionToken","validateJwt","refreshToken","jwtResp","refresh","ok","sessionJwt","errorMessage","refreshTokenErr","validateSession","log","refreshSession","exchange","validatePermissions","validateTenantPermissions","granted","every","perm","includes","validateRoles","validateTenantRoles","membership","wrapWith","RefreshTokenCookieName","SessionTokenCookieName"],"mappings":"sNAEO,MAAMA,EAAyB,MAIzBC,EAA6B,UC2B7BC,EACVC,GACDC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAA0BF,EAAKC,MAA/BE,WAAEA,GAAUD,EAAKE,EAAjBC,EAAAH,EAAA,CAAA,eACJ,MAAMI,EAAoB,GAlCP,IAA8BC,EAgDjD,OAZKJ,EASHG,EAAQE,KA5CZ,GA4CgCd,KAAwBS,cA5C5BI,OADuBA,EA6CiBH,QA5CxC,EAAAG,EAASE,eAAgB,gBACnDF,aAAA,EAAAA,EAASG,eAAgB,aACjBH,aAAA,EAAAA,EAASI,aAAc,mCAkCZ,QAAbC,EAAAZ,EAAKa,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BZ,EA3Be,EAACa,EAAmCC,KACzD,MAAMC,EAAQF,eAAAA,EAAQE,MAAMC,OAAO,cAAcF,cACjD,OAAOC,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAArB,EAAKa,gBAAQ,IAAAQ,OAAA,EAAAA,EAAEP,QAAQC,IAAI,cAC3BrB,GAEFY,EAAQE,KAAoB,QAAfc,EAAAtB,EAAKa,gBAAU,IAAAS,OAAA,EAAAA,EAAAR,QAAQC,IAAI,gBAMhCQ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAxB,GAAM,CAAAC,KAAWsB,OAAAC,OAAAD,OAAAC,OAAA,GAAAxB,EAAKC,MAAM,CAAAE,aAAYG,aAAY,WAUpDmB,EACdC,EACAC,EACAC,WAEA,MAAMC,EAAQD,EAC0C,QAApDP,EAA6C,QAA7CT,EAAAc,EAASI,MAAMnC,UAA8B,IAAAiB,OAAA,EAAAA,EAAAgB,UAAO,IAAAP,OAAA,EAAAA,EAAGM,GACvDD,EAASI,MAAMH,GACnB,OAAOI,MAAMC,QAAQH,GAASA,EAAQ,EACxC,CAQgB,SAAAI,EAA2BP,EAA8BE,SACvE,SAAmD,QAA1ChB,EAAAc,EAASI,MAAMnC,UAA2B,IAAAiB,OAAA,EAAAA,EAAGgB,GACxD,CCvFA,IAAeM,EACP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRC,mBAAoB,gCACpBC,KAAM,gBACNC,OAAQ,uBACRC,iBAAkB,+BAClBC,aAAc,8BACdC,cAAe,+BACfC,YAAa,6BACbC,YAAa,6BACbC,kBAAmB,4BACnBC,cAAe,+BACfC,sBAAuB,uCACvBC,QAAS,gCACTC,WAAY,mCACZC,UAAW,kCACXC,aAAc,qCACdC,YAAa,6BACbC,eAAgB,gCAChBC,mBAAoB,8BACpBC,yBAA0B,oCAC1BC,6BAA8B,yCAxBnBvB,EA0BF,CACTC,OAAQ,4BACRI,KAAM,qBACNC,OAAQ,4BACRJ,OAAQ,4BACRsB,WAAY,gCACZC,SAAU,8BACVtB,OAAQ,6BAjCGH,EAmCL,CACNC,OAAQ,yBACRC,OAAQ,yBACRC,OAAQ,yBACRE,KAAM,kBACNqB,QAAS,uBAxCE1B,EA0CR,CACH2B,SAAU,wBACVC,SAAU,wBACVC,QAAS,wBA7CE7B,EA+CR,CACHE,OAAQ,uBAhDGF,EAkDD,CACVC,OAAQ,6BACRC,OAAQ,6BACRC,OAAQ,6BACRuB,QAAS,2BAtDE1B,EAwDP,CACJC,OAAQ,uBACRC,OAAQ,uBACRC,OAAQ,uBACRuB,QAAS,qBA5DE1B,EA8DP,CACJ8B,KAAM,qBACNC,OAAQ,uBACRC,OAAQ,wBAjEGhC,EAmEN,CACL+B,OAAQ,wBACRC,OAAQ,yBArEGhC,EAuEN,CACLiC,cAAe,qBACfC,uBAAwB,4BACxBC,oBAAqB,0BA1EVnC,EA4EN,CACLM,OAAQ,yBC1DZ,MAAM8B,EAAW,CAACC,EAAcC,KAA4B,CAC1DrC,OAAQ,CACNsC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAC,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAYnBC,eAAgB,CACdb,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAS,MAAM,EACNR,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBG,OAAQ,CACNf,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,IAEAC,EACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CACEsC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAU,QAAQ,EACRT,mBACAC,WAEF,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBjD,OAAQ,CACNqC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAS,EACAC,IAEAT,EACEV,EAAIW,WAAWC,KACbjD,EAAcE,OACd,CACEqC,UACAC,QACAC,QACAC,cACAQ,UAAWP,EACXC,cACAC,mBACAC,UACAS,gBACAC,iBAEF,CAAE5D,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBhD,OAASoC,GACPQ,EACEV,EAAIW,WAAWC,KAAKjD,EAAcG,OAAQ,CAAEoC,WAAW,CAAE3C,MAAO0C,KAKpElC,mBAAoB,IAClB2C,EACEV,EAAIW,WAAW7C,OAAOH,EAAcI,mBAAoB,CAAER,MAAO0C,KAErEjC,KAAOkC,GACLQ,EACEV,EAAIW,WAAWnE,IAAImB,EAAcK,KAAM,CACrCoD,YAAa,CAAElB,WACf3C,MAAO0C,KAERvE,GAASA,EAAKoF,OAQnBO,aAAeC,GACbZ,EACEV,EAAIW,WAAWnE,IAAImB,EAAcK,KAAM,CACrCoD,YAAa,CAAEE,UACf/D,MAAO0C,KAERvE,GAASA,EAAKoF,OAanBS,UAAW,CACTC,EACAlB,EACAmB,EACAC,EACAC,EACAC,EACApB,IAEAE,EACEV,EAAIW,WAAWC,KACbjD,EAAcM,OACd,CAAEuD,YAAWX,UAAWP,EAAOmB,QAAOC,OAAMC,gBAAeC,eAAcpB,oBACzE,CAAEjD,MAAO0C,KAEVvE,GAASA,EAAKmG,QAUnB3D,iBAAkB,CAChBgC,EACA4B,IAEApB,EACEV,EAAIW,WAAWnE,IAAImB,EAAcO,iBAAkB,CACjDkD,YAAa,CAAElB,UAAS4B,YACxBvE,MAAO0C,KAERvE,GAASA,IAEd0D,SAAWc,GACTQ,EACEV,EAAIW,WAAWC,KACbjD,EAAcQ,aACd,CAAE+B,UAAS6B,OAAQ,WACnB,CAAExE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB3B,WAAae,GACXQ,EACEV,EAAIW,WAAWC,KACbjD,EAAcQ,aACd,CAAE+B,UAAS6B,OAAQ,YACnB,CAAExE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB1C,cAAe,CAAC8B,EAAiB8B,IAC/BtB,EACEV,EAAIW,WAAWC,KACbjD,EAAcS,cACd,CAAE8B,UAAS8B,cACX,CAAEzE,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBzC,YAAa,CACX6B,EACAC,EACA8B,IAEAvB,EACEV,EAAIW,WAAWC,KACbjD,EAAcU,YACd,CAAE6B,UAASC,QAAO+B,SAAUD,GAC5B,CAAE1E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBxC,YAAa,CACX4B,EACAE,EACA6B,IAEAvB,EACEV,EAAIW,WAAWC,KACbjD,EAAcW,YACd,CAAE4B,UAASE,QAAO8B,SAAUD,GAC5B,CAAE1E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBvC,kBAAmB,CAAC2B,EAAiBG,IACnCK,EACEV,EAAIW,WAAWC,KACbjD,EAAcY,kBACd,CAAE2B,UAASG,eACX,CAAE9C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBtC,cAAe,CAAC0B,EAAiBO,IAC/BC,EACEV,EAAIW,WAAWC,KACbjD,EAAca,cACd,CAAE0B,UAASO,WACX,CAAElD,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBrC,sBAAuB,CACrByB,EACAiC,EACAC,IAEA1B,EACEV,EAAIW,WAAWC,KACbjD,EAAcc,sBACd,CAAEyB,UAASiC,eAAcC,kBACzB,CAAE7E,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBuB,SAAU,CAACnC,EAAiBI,IAC1BI,EACEV,EAAIW,WAAWC,KACbjD,EAAce,QACd,CAAEwB,UAASW,UAAWP,GACtB,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBwB,YAAa,CAACpC,EAAiBI,IAC7BI,EACEV,EAAIW,WAAWC,KACbjD,EAAcgB,WACd,CAAEuB,UAASW,UAAWP,GACtB,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnBlC,UAAW,CAACsB,EAAiBqC,IAC3B7B,EACEV,EAAIW,WAAWC,KAAKjD,EAAciB,UAAW,CAAEsB,UAASqC,YAAY,CAAEhF,MAAO0C,KAC5EvE,GAASA,EAAKoF,OAEnBjC,aAAc,CAACqB,EAAiBqC,IAC9B7B,EACEV,EAAIW,WAAWC,KACbjD,EAAckB,aACd,CAAEqB,UAASqC,YACX,CAAEhF,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB0B,eAAgB,CACdtC,EACAqC,EACAjC,IAEAI,EACEV,EAAIW,WAAWC,KACbjD,EAAce,QACd,CAAEwB,UAASqC,WAAU1B,UAAWP,GAChC,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAEnB2B,kBAAmB,CACjBvC,EACAqC,EACAjC,IAEAI,EACEV,EAAIW,WAAWC,KACbjD,EAAcgB,WACd,CAAEuB,UAASqC,WAAU1B,UAAWP,GAChC,CAAE/C,MAAO0C,KAEVvE,GAASA,EAAKoF,OAanB4B,uBAAwB,CACtBC,EACAzC,IAEAQ,EACEV,EAAIW,WAAWC,KACbjD,EAAcqB,mBACd,CAAE2D,iBAAgBzC,WAClB,CAAE3C,MAAO0C,KAEVvE,GAASA,IAcdkH,6BAA8B,CAC5BD,EACAzC,EACA2C,IAEAnC,EACEV,EAAIW,WAAWC,KACbjD,EAAcsB,yBACd,CAAE0D,iBAAgBzC,UAAS4C,IAAKD,GAChC,CAAEtF,MAAO0C,KAEVvE,GAASA,IAadqH,iCAAkC,CAChC7C,EACA2C,IAEAnC,EACEV,EAAIW,WAAWC,KACbjD,EAAcuB,6BACd,CAAEgB,UAAS4C,IAAKD,GAChB,CAAEtF,MAAO0C,KAEVvE,GAASA,IAWdoD,YAAa,CAACoB,EAAiB8C,IAC7BtC,EACEV,EAAIW,WAAWC,KACbjD,EAAcmB,YACd,CAAEoB,UAAS8C,YACX,CAAEzF,MAAO0C,KAEVvE,GAASA,IASdqD,eAAiBmB,GACfQ,EACEV,EAAIW,WAAWC,KAAKjD,EAAcoB,eAAgB,CAAEmB,WAAW,CAAE3C,MAAO0C,KACvEvE,GAASA,MCzcVuH,EAAa,CAACjD,EAAcC,KAA4B,CAC5DrC,OAAQ,CACNlB,EACAwG,IAEAxC,EACEV,EAAIW,WAAWC,KACbjD,EAAgBC,OAChB,CAAElB,OAAMwG,2BACR,CAAE3F,MAAO0C,KAGfkD,aAAc,CACZC,EACA1G,EACAwG,IAEAxC,EACEV,EAAIW,WAAWC,KACbjD,EAAgBC,OAChB,CAAEwF,KAAI1G,OAAMwG,2BACZ,CAAE3F,MAAO0C,KAGfpC,OAAQ,CACNuF,EACA1G,EACAwG,IAEAxC,EACEV,EAAIW,WAAWC,KACbjD,EAAgBE,OAChB,CAAEuF,KAAI1G,OAAMwG,2BACZ,CAAE3F,MAAO0C,KAGfnC,OAASsF,GACP1C,EACEV,EAAIW,WAAWC,KAAKjD,EAAgBG,OAAQ,CAAEsF,MAAM,CAAE7F,MAAO0C,KAEjEjC,KAAOoF,GACL1C,EACEV,EAAIW,WAAWnE,IAAImB,EAAgBK,KAAM,CACvCoD,YAAa,CAAEgC,MACf7F,MAAO0C,KAERvE,GAASA,IAEd2D,QAAS,IACPqB,EACEV,EAAIW,WAAWnE,IAAImB,EAAgB0B,QAAS,CAC1C9B,MAAO0C,KAERvE,GAASA,EAAK2H,YCzDfC,EAAU,CAACtD,EAAcC,KAA4B,CACzDpC,OAAQ,CACN0F,EACAC,IAEA9C,EACEV,EAAIW,WAAWC,KAAKjD,EAAaE,OAAQ,CAAE0F,MAAKC,gBAAgB,CAAEjG,MAAO0C,OCFzEwD,EAAiB,CAACzD,EAAcC,KAA4B,CAChErC,OAAQ,CAAClB,EAAcgH,IACrBhD,EACEV,EAAIW,WAAWC,KACbjD,EAAoBC,OACpB,CAAElB,OAAMgH,eACR,CAAEnG,MAAO0C,KAGfpC,OAAQ,CAACnB,EAAciH,EAAiBD,IACtChD,EACEV,EAAIW,WAAWC,KACbjD,EAAoBE,OACpB,CAAEnB,OAAMiH,UAASD,eACjB,CAAEnG,MAAO0C,KAGfnC,OAASpB,GACPgE,EACEV,EAAIW,WAAWC,KAAKjD,EAAoBG,OAAQ,CAAEpB,QAAQ,CAAEa,MAAO0C,KAEvEZ,QAAS,IACPqB,EACEV,EAAIW,WAAWnE,IAAImB,EAAoB0B,QAAS,CAC9C9B,MAAO0C,KAERvE,GAASA,EAAKkI,gBC1BfC,EAAW,CAAC7D,EAAcC,KAA4B,CAC1DrC,OAAQ,CACNlB,EACAgH,EACAI,IAEApD,EACEV,EAAIW,WAAWC,KACbjD,EAAcC,OACd,CAAElB,OAAMgH,cAAaI,mBACrB,CAAEvG,MAAO0C,KAGfpC,OAAQ,CACNnB,EACAiH,EACAD,EACAI,IAEApD,EACEV,EAAIW,WAAWC,KACbjD,EAAcE,OACd,CAAEnB,OAAMiH,UAASD,cAAaI,mBAC9B,CAAEvG,MAAO0C,KAGfnC,OAASpB,GACPgE,EACEV,EAAIW,WAAWC,KAAKjD,EAAcG,OAAQ,CAAEpB,QAAQ,CAAEa,MAAO0C,KAEjEZ,QAAS,IACPqB,EACEV,EAAIW,WAAWnE,IAAImB,EAAc0B,QAAS,CACxC9B,MAAO0C,KAERvE,GAASA,EAAK4E,UCvCfyD,EAAY,CAAC/D,EAAcC,KAA4B,CAM3DL,cAAgB2C,GACd7B,EACEV,EAAIW,WAAWC,KAAKjD,EAAeiC,cAAe,CAAE2C,YAAY,CAAEhF,MAAO0C,KAU7EJ,uBAAwB,CACtB0C,EACAyB,EACAC,IAEAvD,EACEV,EAAIW,WAAWC,KACbjD,EAAekC,uBACf,CAAE0C,WAAU0B,WAAUD,WACtB,CAAEzG,MAAO0C,KAUfH,oBAAqB,CAACyC,EAAkB2B,IACtCxD,EACEV,EAAIW,WAAWC,KACbjD,EAAemC,oBACf,CAAEyC,WAAU2B,WACZ,CAAE3G,MAAO0C,OC1CXkE,EAAkB,CAACnE,EAAcC,KAA4B,CACjEmE,YAAc7B,GACZ7B,EACEV,EAAIW,WAAWnE,IAAImB,EAAa2B,SAAU,CACxC8B,YAAa,CAAEmB,YACfhF,MAAO0C,KAERvE,GAASA,IAEd2I,eAAiB9B,GACf7B,EACEV,EAAIW,WAAW7C,OAAOH,EAAa2B,SAAU,CAC3C8B,YAAa,CAAEmB,YACfhF,MAAO0C,KAGbqE,kBAAmB,CACjB/B,EACAgC,EACAC,EACAC,EACAC,EACAC,IAEAjE,EACEV,EAAIW,WAAWC,KACbjD,EAAa2B,SACb,CAAEiD,WAAUgC,SAAQE,WAAUD,UAASE,cAAaC,UACpD,CAAEpH,MAAO0C,KAGf2E,kBAAmB,CACjBrC,EACAsC,EACAH,EACAC,IAEAjE,EACEV,EAAIW,WAAWC,KACbjD,EAAa4B,SACb,CAAEgD,WAAUsC,iBAAgBH,cAAaC,UACzC,CAAEpH,MAAO0C,KAGf6E,iBAAkB,CAChBvC,EACAwC,EACAC,IAEAtE,EACEV,EAAIW,WAAWC,KACbjD,EAAa6B,QACb,CAAE+C,WAAUwC,eAAcC,oBAC1B,CAAEzH,MAAO0C,OC7CXgF,EAAgB,CAACjF,EAAcC,KAA4B,CAS/DrC,OAAQ,CACNlB,EACAwI,EACA5E,EACA6E,IAEAzE,EACEV,EAAIW,WAAWC,KACbjD,EAAmBC,OACnB,CAAElB,OAAMwI,aAAYrE,UAAWP,EAAO6E,cACtC,CAAE5H,MAAO0C,KAQfjC,KAAOoF,GACL1C,EACEV,EAAIW,WAAWnE,IAAImB,EAAmBK,KAAM,CAC1CoD,YAAa,CAAEgC,MACf7F,MAAO0C,KAERvE,GAASA,EAAK0J,MAOnB7D,UAAYC,GACVd,EACEV,EAAIW,WAAWC,KAAKjD,EAAmBM,OAAQ,CAAEuD,aAAa,CAAEjE,MAAO0C,KACtEvE,GAASA,EAAK2J,OAQnBxH,OAAQ,CAACuF,EAAY1G,IACnBgE,EACEV,EAAIW,WAAWC,KAAKjD,EAAmBE,OAAQ,CAAEuF,KAAI1G,QAAQ,CAAEa,MAAO0C,KACrEvE,GAASA,EAAK0J,MAOnBjG,WAAaiE,GACX1C,EACEV,EAAIW,WAAWC,KAAKjD,EAAmBwB,WAAY,CAAEiE,MAAM,CAAE7F,MAAO0C,KAMxEb,SAAWgE,GACT1C,EACEV,EAAIW,WAAWC,KAAKjD,EAAmByB,SAAU,CAAEgE,MAAM,CAAE7F,MAAO0C,KAMtEnC,OAASsF,GACP1C,EACEV,EAAIW,WAAWC,KAAKjD,EAAmBG,OAAQ,CAAEsF,MAAM,CAAE7F,MAAO0C,OCvFhEqF,EAAW,CAACtF,EAAcC,KAA4B,CAC1DR,KAAM,IACJiB,EAAkBV,EAAIW,WAAWC,KAAKjD,EAAc8B,KAAM,CAAE,EAAE,CAAElC,MAAO0C,KACzEP,OAAS6F,GACP7E,EACEV,EAAIW,WAAWC,KAAKjD,EAAc+B,OAAQ,CAAE6F,UAAU,CAAEhI,MAAO0C,KAEnEN,OAAQ,CAAC4F,EAAgBC,EAAYC,IACnC/E,EACEV,EAAIW,WAAWC,KACbjD,EAAcgC,OACd,CAAE4F,SAAQC,OAAMC,WAChB,CAAElI,MAAO0C,OCZXyF,EAAY,CAAC1F,EAAcC,KAA4B,CAC3DP,OAAQ,IACNgB,EAAkBV,EAAIW,WAAWC,KAAKjD,EAAe+B,OAAQ,CAAE,EAAE,CAAEnC,MAAO0C,KAC5EN,OAASgG,GACPjF,EACEV,EAAIW,WAAWC,KAAKjD,EAAegC,OAAQ,CAAEgG,SAAS,CAAEpI,MAAO0C,OCL/D2F,EAAY,CAAC5F,EAAcC,KAA4B,CAM3DhC,OAAS4H,IACP,MAAMC,EAAY9I,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA4I,GAAe,CAAAE,YAAaF,EAAc5B,WAE5D,cADO6B,EAAK7B,SACLvD,EACLV,EAAIW,WAAWC,KAAKjD,EAAeM,OAAQ6H,EAAM,CAAEvI,MAAO0C,KACzDvE,GACCA,eAAAA,EAAMsK,OAAOC,KAAKC,IAChB,MAAMC,EACDnJ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAiJ,IACHE,SAAUC,WAAWH,EAAEE,UACvBnC,SAAUiC,EAAEH,cAGd,cADOI,EAAIJ,YACJI,CAAG,KAEf,UCxBa,QAAlB9J,EAAAiK,WAAWC,eAAO,IAAAlK,IAAlBiK,WAAWC,QAAYA,GAEvB,MAGMC,EAAe,IAAIhL,KAGvBA,EAAKiL,SAASC,YAEZA,YAASrK,GAAAS,EAAA4J,GAAYC,+BAAAA,cARD,UAQmC,IAGlDC,KAAapL,ICMhBqL,EAAWxK,WAAA4D,cAAEA,EAAa6G,UAAEA,GAASzK,EAAK0K,EAAMjL,EAAAO,EAArC,+BACf,MAAM2K,EAAUC,EACXjK,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA8J,UACHG,EACAC,YAAWnK,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EACN8J,EAAOI,cACV,qBAAsB,SACtB,8BAAiD,UAAZ,OAAPC,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAAvK,OAAA,EAAAA,EAAAwK,OAAQ,GACzD,wBAAyB,cAIvBC,UAAEA,EAASC,OAAEA,GAAWT,EAExB1B,EAA6C,CAAA,EAgC7CoC,ECrDe,EAACzH,EAAcC,KAA4B,CAChEa,KAAMf,EAASC,EAAKC,GACpByH,UAAWzC,EAAcjF,EAAKC,GAC9B5C,OAAQ4F,EAAWjD,EAAKC,GACxB0H,IAAKxD,EAAgBnE,EAAKC,GAC1BsD,IAAKD,EAAQtD,EAAKC,GAClB2H,WAAYnE,EAAezD,EAAKC,GAChC4H,KAAMhE,EAAS7D,EAAKC,GACpB6H,MAAO/D,EAAU/D,EAAKC,GACtBuF,KAAMF,EAAStF,EAAKC,GACpB0F,MAAOD,EAAU1F,EAAKC,GACtB8H,MAAOnC,EAAU5F,EAAKC,KD0CH+H,CAAehB,EAAS/G,GAErCD,iCACDgH,GAAO,CAOVS,aAGAlM,aAAa0M,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMC,MAAM,gCAE9B,GAAI9C,EAAK4C,EAAOC,KAAM,OAAO7C,EAAK4C,EAAOC,KAKzC,GAFAlL,OAAOC,OAAOoI,OAhDA9J,WAChB,GAAIuL,EACF,IACE,MAAMsB,EAAYC,KAAKC,MAAMxB,GACvB1B,QAAYmD,EAAUH,GAC5B,MAAO,CACL,CAACA,EAAUF,KAAM9C,EAEpB,CAAC,MAAOoD,GAEP,MADAhB,SAAAA,EAAQiB,MAAM,0CAA2CD,GACnD,IAAIL,MAAM,sCAAsCK,IACvD,CAGH,MAGME,SAHoB1B,EAAQrG,WAC/BnE,IAAI,WAAW+K,KACfoB,MAAMlN,GAASA,EAAKmN,UACevD,KACtC,OAAK7H,MAAMC,QAAQiL,UACQG,QAAQC,IACjCJ,EAAWzC,KAAI1K,MAAO6J,GAAQ,CAACA,EAAI8C,UAAWK,EAAUnD,QAGtC2D,QAClB,CAACC,GAAMd,EAAKe,KAAUf,EAAWlL,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA+L,IAAK,CAACd,EAAIgB,YAAaD,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAsB2BG,KAErB9D,EAAK4C,EAAOC,KAAM,MAAMC,MAAM,gCAEnC,OAAO9C,EAAK4C,EAAOC,IACpB,EAOD3M,kBAAkBgI,SAEhB,MACMhG,SADY6L,EAAU7F,EAAKvD,EAAIqJ,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAIhM,IACFA,EAAMiM,IAAe,QAATnN,EAAAkB,EAAMiM,WAAG,IAAAnN,OAAA,EAAAA,EAAEoN,MAAM,KAAKC,MAC9BnM,EAAMiM,MAAQjC,GAEhB,MAAM,IAAIoC,EAAOC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAErG,MAAKhG,QACf,EAODhC,sBAAsBsO,GACpB,IAAKA,EAAc,MAAM1B,MAAM,4CAE/B,IAEE,aADoBnI,EAAI8J,YAAYD,EAErC,CAAC,MAAOpB,GAGP,MADAjB,SAAAA,EAAQiB,MAAM,4BAA6BA,GACrCN,MAAM,qCAAqCM,IAClD,CACF,EAODlN,qBAAqBwO,WACnB,IAAKA,EAAc,MAAM5B,MAAM,kDAE/B,UACQnI,EAAI8J,YAAYC,GACtB,MAAMC,QAAgBhK,EAAIiK,QAAQF,GAClC,GAAIC,EAAQE,GAAI,CAEd,aADoBlK,EAAI8J,YAA0B,QAAdzN,EAAA2N,EAAQtO,YAAM,IAAAW,OAAA,EAAAA,EAAA8N,WAEnD,CAED,MAAMhC,MAAmB,QAAbrL,EAAAkN,EAAQvB,aAAK,IAAA3L,OAAA,EAAAA,EAAEsN,aAC5B,CAAC,MAAOC,GAGP,MADA7C,SAAAA,EAAQiB,MAAM,kCAAmC4B,GAC3ClC,MAAM,2CAA2CkC,IACxD,CACF,EAQD9O,gCACEsO,EACAE,GAEA,IAAKF,IAAiBE,EAAc,MAAM5B,MAAM,6CAEhD,IAEE,aADoBnI,EAAIsK,gBAAgBT,EAEzC,CAAC,MAAOpB,GAEPjB,SAAAA,EAAQ+C,IAAI,wCAAwC9B,2BACrD,CAED,OAAOzI,EAAIwK,eAAeT,EAC3B,EAODxO,wBAAwBmM,GACtB,IAAKA,EAAW,MAAMS,MAAM,gCAE5B,IAAI1M,EACJ,IACEA,QAAauE,EAAI0H,UAAU+C,SAAS/C,EACrC,CAAC,MAAOe,GAEP,MADAjB,SAAAA,EAAQiB,MAAM,gCAAiCA,GACzCN,MAAM,8DAA8DM,IAC3E,CAED,MAAM0B,WAAEA,GAAe1O,EAAKC,KAC5B,IAAKyO,EAEH,MADA3C,SAAAA,EAAQiB,MAAM,gDACRN,MAAM,iCAGd,IAEE,aADoBnI,EAAI8J,YAAYK,EAErC,CAAC,MAAO1B,GAEP,MADAjB,SAAAA,EAAQiB,MAAM,sCAAuCA,GAC/CN,MAAM,kEAAkEM,IAC/E,CACF,EAQDiC,oBAAmB,CAACvN,EAA8ByG,IACzC5D,EAAI2K,0BAA0BxN,EAAU,KAAMyG,GASvD+G,0BACExN,EACAE,EACAuG,GAGA,GAAIvG,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAMuN,EAAU1N,EAA2BC,EftOb,cesO6CE,GAC3E,OAAOuG,EAAYiH,OAAOC,GAASF,EAAQG,SAASD,IACrD,EAQDE,cAAa,CAAC7N,EAA8BmD,IACnCN,EAAIiL,oBAAoB9N,EAAU,KAAMmD,GASjD2K,oBAAoB9N,EAA8BE,EAAgBiD,GAEhE,GAAIjD,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAM6N,EAAahO,EAA2BC,Ef5PtB,Qe4PgDE,GACxE,OAAOiD,EAAMuK,OAAOhD,GAASqD,EAAWH,SAASlD,IAClD,IAGH,OAAOsD,EACLnL,EACA,CACE,mBACA,iBACA,sBACA,mBACA,uBACA,uBACA,iBACA,gBACA,cACA,yBACA,yBACA,WAEF3E,EACD,EAoBHwL,EAAQuE,uBAAyBjQ,EACjC0L,EAAQwE,uBf7S8B"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@descope/node-sdk",
-  "version": "1.5.3",
+  "version": "1.5.5",
   "description": "Node.js library used to integrate with Descope",
   "typings": "./dist/index.d.ts",
   "main": "dist/cjs/index.cjs.js",
@@ -101,11 +101,9 @@
     "typescript": "^4.6.4"
   },
   "dependencies": {
-    "@descope/core-js-sdk": "1.3.4",
+    "@descope/core-js-sdk": "1.4.6",
     "jose": "4.14.4",
-    "node-fetch-commonjs": "3.2.4"
-  },
-  "peerDependencies": {
-    "tslib": ">=1.14.1"
+    "node-fetch-commonjs": "3.3.1",
+    "tslib": "^1.14.1"
   }
 }