@descope/node-sdk 1.5.4 → 1.5.6

package/dist/index.d.ts

@@ -7,16 +7,16 @@ import { JWTHeaderParameters, KeyLike } from 'jose';
  * which tenant the user or access key belongs to. The roleNames array is an optional list of
  * roles for the user or access key in this specific tenant.
  */
-declare type AssociatedTenant = {
+type AssociatedTenant = {
     tenantId: string;
     roleNames: string[];
 };
 /** The tenantId of a newly created tenant */
-declare type CreateTenantResponse = {
+type CreateTenantResponse = {
     id: string;
 };
 /** An access key that can be used to access descope */
-declare type AccessKey = {
+type AccessKey = {
     id: string;
     name: string;
     expiredTime: number;
@@ -28,31 +28,31 @@ declare type AccessKey = {
     createdBy: string;
 };
 /** Access Key extended details including created key cleartext */
-declare type CreatedAccessKeyResponse = {
+type CreatedAccessKeyResponse = {
     key: AccessKey;
     cleartext: string;
 };
 /** Represents a mapping between a set of groups of users and a role that will be assigned to them */
-declare type RoleMapping = {
+type RoleMapping = {
     groups: string[];
     roleName: string;
 };
-declare type RoleMappings = RoleMapping[];
+type RoleMappings = RoleMapping[];
 /** Represents a mapping between Descope and IDP user attributes */
-declare type AttributeMapping = {
+type AttributeMapping = {
     name?: string;
     email?: string;
     phoneNumber?: string;
     group?: string;
 };
 /** UpdateJWT response with a new JWT value with the added custom claims */
-declare type UpdateJWTResponse = {
+type UpdateJWTResponse = {
     jwt: string;
 };
 /** Represents a tenant in a project. It has an id, a name and an array of
  * self provisioning domains used to associate users with that tenant.
  */
-declare type Tenant = {
+type Tenant = {
     id: string;
     name: string;
     selfProvisioningDomains: string[];
@@ -60,7 +60,7 @@ declare type Tenant = {
 /** Represents a permission in a project. It has a name and optionally a description.
  * It also has a flag indicating whether it is system default or not.
  */
-declare type Permission = {
+type Permission = {
     name: string;
     description?: string;
     systemDefault: boolean;
@@ -68,25 +68,25 @@ declare type Permission = {
 /** Represents a role in a project. It has a name and optionally a description and
  * a list of permissions it grants.
  */
-declare type Role = {
+type Role = {
     name: string;
     description?: string;
     permissionNames: string[];
     createdTime: number;
 };
 /** Represents a group in a project. It has an id and display name and a list of group members. */
-declare type Group = {
+type Group = {
     id: string;
     display: string;
     members?: GroupMember[];
 };
 /** Represents a group member. It has loginId, userId and display. */
-declare type GroupMember = {
+type GroupMember = {
     loginId: string;
     userId: string;
     display: string;
 };
-declare type Flow = {
+type Flow = {
     id: string;
     name: string;
     description?: string;
@@ -94,64 +94,67 @@ declare type Flow = {
     disabled: boolean;
     etag?: string;
 };
-declare type FlowMetadata = {
+type FlowMetadata = {
     id: string;
     name: string;
     description?: string;
     disabled: boolean;
 };
-declare type Screen = {
+type Screen = {
     id: string;
     flowId: string;
     inputs?: any;
     interactions?: any;
     htmlTemplate: any;
 };
-declare type FlowsResponse = {
+type FlowsResponse = {
     flows: FlowMetadata[];
     total: number;
 };
-declare type FlowResponse = {
+type FlowResponse = {
     flow: Flow;
     screens: Screen[];
 };
-declare type Theme = {
+type Theme = {
     id: string;
     cssTemplate?: any;
 };
-declare type ThemeResponse = {
+type ThemeResponse = {
     theme: Theme;
 };
-declare type GenerateOTPForTestResponse = {
+type GenerateOTPForTestResponse = {
     loginId: string;
     code: string;
 };
-declare type GenerateMagicLinkForTestResponse = {
+type GenerateMagicLinkForTestResponse = {
     loginId: string;
     link: string;
 };
-declare type GenerateEnchantedLinkForTestResponse = {
+type GenerateEnchantedLinkForTestResponse = {
     loginId: string;
     link: string;
     pendingRef: string;
 };
-declare type AttributesTypes = string | boolean | number;
-declare type UserMapping = {
+type GenerateEmbeddedLinkResponse = {
+    token: string;
+};
+type AttributesTypes = string | boolean | number;
+type UserMapping = {
     name: string;
     email: string;
     username: string;
     phoneNumber: string;
     group: string;
 };
-declare type RoleItem = {
+type RoleItem = {
     id: string;
     name: string;
 };
-declare type GroupsMapping = {
+type GroupsMapping = {
     role: RoleItem;
     groups: string[];
 };
-declare type SSOSettingsResponse = {
+type SSOSettingsResponse = {
     tenantId: string;
     idpEntityId: string;
     idpSSOUrl: string;
@@ -165,7 +168,7 @@ declare type SSOSettingsResponse = {
     redirectUrl: string;
     domain: string;
 };
-declare type ProviderTokenResponse = {
+type ProviderTokenResponse = {
     provider: string;
     providerUserId: string;
     accessToken: string;
@@ -176,7 +179,7 @@ declare type ProviderTokenResponse = {
  * Search options to filter which audit records we should retrieve.
  * All parameters are optional. `From` is currently limited to 30 days.
  */
-declare type AuditSearchOptions = {
+type AuditSearchOptions = {
     userIds?: string[];
     actions?: string[];
     excludedActions?: string[];
@@ -192,7 +195,7 @@ declare type AuditSearchOptions = {
     to?: number;
 };
 /** Audit record response from the audit trail. Occurred is in milliseconds. */
-declare type AuditRecord = {
+type AuditRecord = {
     projectId: string;
     userId: string;
     action: string;
@@ -205,6 +208,11 @@ declare type AuditRecord = {
     tenants: string[];
     data: Record<string, any>;
 };
+declare enum UserStatus {
+    enabled = "enabled",
+    disabled = "disabled",
+    invited = "invited"
+}
 
 /** Parsed JWT token */
 interface Token {
@@ -221,7 +229,7 @@ interface AuthenticationInfo {
 }
 
 /** Configuration arguments which include the Descope core SDK args and an optional management key */
-declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {
+type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {
     managementKey?: string;
     publicKey?: string;
 };
@@ -237,7 +245,7 @@ declare const nodeSdk: {
                 deleteAllTestUsers: () => Promise<SdkResponse<never>>;
                 load: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
                 loadByUserId: (userId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
-                searchAll: (tenantIds?: string[], roles?: string[], limit?: number, page?: number, testUsersOnly?: boolean, withTestUser?: boolean, customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
+                searchAll: (tenantIds?: string[], roles?: string[], limit?: number, page?: number, testUsersOnly?: boolean, withTestUser?: boolean, customAttributes?: Record<string, AttributesTypes>, statuses?: UserStatus[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
                 getProviderToken: (loginId: string, provider: string) => Promise<SdkResponse<ProviderTokenResponse>>;
                 activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
                 deactivate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -256,9 +264,13 @@ declare const nodeSdk: {
                 generateOTPForTestUser: (deliveryMethod: "email" | "sms" | "whatsapp", loginId: string) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
                 generateMagicLinkForTestUser: (deliveryMethod: "email" | "sms" | "whatsapp", loginId: string, uri: string) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
                 generateEnchantedLinkForTestUser: (loginId: string, uri: string) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
+                generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
                 setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
                 expirePassword: (loginId: string) => Promise<SdkResponse<never>>;
             };
+            project: {
+                updateName: (name: string) => Promise<SdkResponse<never>>;
+            };
             accessKey: {
                 create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
                 load: (id: string) => Promise<SdkResponse<AccessKey>>;
@@ -273,13 +285,14 @@ declare const nodeSdk: {
                 createWithId: (id: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>;
                 update: (id: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>;
                 delete: (id: string) => Promise<SdkResponse<never>>;
+                load: (id: string) => Promise<SdkResponse<Tenant>>;
                 loadAll: () => Promise<SdkResponse<Tenant[]>>;
             };
             sso: {
                 getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
                 deleteSettings: (tenantId: string) => Promise<SdkResponse<never>>;
-                configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL?: string, domain?: string) => Promise<SdkResponse<never>>;
-                configureMetadata: (tenantId: string, idpMetadataURL: string) => Promise<SdkResponse<never>>;
+                configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domain: string) => Promise<SdkResponse<never>>;
+                configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domain: string) => Promise<SdkResponse<never>>;
                 configureMapping: (tenantId: string, roleMappings?: RoleMappings, attributeMapping?: AttributeMapping) => Promise<SdkResponse<never>>;
             };
             jwt: {
@@ -652,6 +665,7 @@ declare const nodeSdk: {
                     callbackUrl: string;
                     codeChallenge: string;
                 };
+                oidcIdpStateId?: string;
             }, conditionInteractionId?: string, interactionId?: string, input?: {
                 [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
             }, version?: number) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
@@ -667,6 +681,7 @@ declare const nodeSdk: {
         logoutAll: (token?: string) => Promise<SdkResponse<never>>;
         me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
         isJwtExpired: (token: string) => boolean;
+        getTenants: (token: string) => string[];
         getJwtPermissions: (token: string, tenant?: string) => string[];
         getJwtRoles: (token: string, tenant?: string) => string[];
         httpClient: {

package/dist/index.esm.js

@@ -1,2 +1,2 @@
-import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d=t=>async(...a)=>{var s,o,n;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function p(e,t,a){var s,o;const n=a?null===(o=null===(s=e.token.tenants)||void 0===s?void 0:s[a])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function m(e,t){var a;return!!(null===(a=e.token.tenants)||void 0===a?void 0:a[t])}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink"},c={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},g={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},v={update:"/v1/mgmt/jwt/update"},k={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},y={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},f={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},C={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},w={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},I={search:"/v1/mgmt/audit/search"};const b=(e,t)=>({create:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p},{token:t}),(e=>e.user)),createTestUser:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),invite:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),update:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.update,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(u.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(u.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(u.load,{queryParams:{userId:s},token:t}),(e=>e.user)),searchAll:(s,o,n,r,i,l,d)=>a(e.httpClient.post(u.search,{tenantIds:s,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d},{token:t}),(e=>e.users)),getProviderToken:(s,o)=>a(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:s,provider:o},token:t}),(e=>e)),activate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(s,o)=>a(e.httpClient.post(u.updateLoginId,{loginId:s,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(s,o,n)=>a(e.httpClient.post(u.updateEmail,{loginId:s,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(s,o,n)=>a(e.httpClient.post(u.updatePhone,{loginId:s,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(s,o)=>a(e.httpClient.post(u.updateDisplayName,{loginId:s,displayName:o},{token:t}),(e=>e.user)),updatePicture:(s,o)=>a(e.httpClient.post(u.updatePicture,{loginId:s,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(s,o,n)=>a(e.httpClient.post(u.updateCustomAttribute,{loginId:s,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(s,o)=>a(e.httpClient.post(u.addRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(s,o)=>a(e.httpClient.post(u.removeRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),addTenant:(s,o)=>a(e.httpClient.post(u.addTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(s,o)=>a(e.httpClient.post(u.removeTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(s,o,n)=>a(e.httpClient.post(u.addRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(s,o,n)=>a(e.httpClient.post(u.removeRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,o)=>a(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:s,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,o,n)=>a(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:s,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,o)=>a(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:s,URI:o},{token:t}),(e=>e)),setPassword:(s,o)=>a(e.httpClient.post(u.setPassword,{loginId:s,password:o},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(u.expirePassword,{loginId:s},{token:t}),(e=>e))}),T=(e,t)=>({create:(s,o)=>a(e.httpClient.post(g.create,{name:s,selfProvisioningDomains:o},{token:t})),createWithId:(s,o,n)=>a(e.httpClient.post(g.create,{id:s,name:o,selfProvisioningDomains:n},{token:t})),update:(s,o,n)=>a(e.httpClient.post(g.update,{id:s,name:o,selfProvisioningDomains:n},{token:t})),delete:s=>a(e.httpClient.post(g.delete,{id:s},{token:t})),loadAll:()=>a(e.httpClient.get(g.loadAll,{token:t}),(e=>e.tenants))}),A=(e,t)=>({update:(s,o)=>a(e.httpClient.post(v.update,{jwt:s,customClaims:o},{token:t}))}),x=(e,t)=>({create:(s,o)=>a(e.httpClient.post(k.create,{name:s,description:o},{token:t})),update:(s,o,n)=>a(e.httpClient.post(k.update,{name:s,newName:o,description:n},{token:t})),delete:s=>a(e.httpClient.post(k.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(k.loadAll,{token:t}),(e=>e.permissions))}),P=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(y.create,{name:s,description:o,permissionNames:n},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(y.update,{name:s,newName:o,description:n,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(y.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(y.loadAll,{token:t}),(e=>e.roles))}),j=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(w.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,o,n)=>a(e.httpClient.post(w.loadAllGroupsForMember,{tenantId:s,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(s,o)=>a(e.httpClient.post(w.loadAllGroupMembers,{tenantId:s,groupId:o},{token:t}))}),E=(e,t)=>({getSettings:s=>a(e.httpClient.get(h.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(h.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,o,n,r,i,l)=>a(e.httpClient.post(h.settings,{tenantId:s,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(s,o)=>a(e.httpClient.post(h.metadata,{tenantId:s,idpMetadataURL:o},{token:t})),configureMapping:(s,o,n)=>a(e.httpClient.post(h.mapping,{tenantId:s,roleMappings:o,attributeMapping:n},{token:t}))}),N=(e,t)=>({create:(s,o,n,r)=>a(e.httpClient.post(c.create,{name:s,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(c.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(c.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,o)=>a(e.httpClient.post(c.update,{id:s,name:o},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(c.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(c.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(c.delete,{id:s},{token:t}))}),R=(e,t)=>({list:()=>a(e.httpClient.post(f.list,{},{token:t})),export:s=>a(e.httpClient.post(f.export,{flowId:s},{token:t})),import:(s,o,n)=>a(e.httpClient.post(f.import,{flowId:s,flow:o,screens:n},{token:t}))}),O=(e,t)=>({export:()=>a(e.httpClient.post(C.export,{},{token:t})),import:s=>a(e.httpClient.post(C.import,{theme:s},{token:t}))}),M=(e,t)=>({search:s=>{const o=Object.assign(Object.assign({},s),{externalIds:s.loginIds});return delete o.loginIds,a(e.httpClient.post(I.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var S;null!==(S=globalThis.Headers)&&void 0!==S||(globalThis.Headers=l);const F=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),i(...e)),U=a=>{var i,{managementKey:l,publicKey:u}=a,c=e(a,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({},c),{fetch:F,baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.5.4"})})),{projectId:h,logger:v}=c,k={},y=((e,t)=>({user:b(e,t),accessKey:N(e,t),tenant:T(e,t),sso:E(e,t),jwt:A(e,t),permission:x(e,t),role:P(e,t),group:j(e,t),flow:R(e,t),theme:O(e,t),audit:M(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:y,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const a=(await o(e,f.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==h))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const s=await f.refresh(e);if(s.ok){return await f.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=t.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){if(t&&!m(e,t))return!1;const s=p(e,"permissions",t);return a.every((e=>s.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){if(t&&!m(e,t))return!1;const s=p(e,"roles",t);return a.every((e=>s.includes(e)))}});return s(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};U.RefreshTokenCookieName="DSR",U.SessionTokenCookieName="DS";export{U as default};
+import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d="DSR",p="tenants",m=t=>async(...a)=>{var s,o,n;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,p=e(i,["refreshJwt"]);const m=[];var u;return l?m.push(`${d}=${l}; Domain=${(null==(u=p)?void 0:u.cookieDomain)||""}; Max-Age=${(null==u?void 0:u.cookieMaxAge)||""}; Path=${(null==u?void 0:u.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),d),m.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:m})})};function u(e,t,a){var s,o;const n=a?null===(o=null===(s=e.token[p])||void 0===s?void 0:s[a])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function c(e,t){var a;return!!(null===(a=e.token[p])||void 0===a?void 0:a[t])}var g={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},h={updateName:"/v1/mgmt/project/update/name"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all"},y={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},f={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},w={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},I={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},b={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},T={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},A={search:"/v1/mgmt/audit/search"};const P=(e,t)=>({create:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(g.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p},{token:t}),(e=>e.user)),createTestUser:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(g.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),invite:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(g.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p},{token:t}),(e=>e.user)),update:(s,o,n,r,i,l,d,p,m,u)=>a(e.httpClient.post(g.update,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:u},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(g.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(g.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(g.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(g.load,{queryParams:{userId:s},token:t}),(e=>e.user)),searchAll:(s,o,n,r,i,l,d,p)=>a(e.httpClient.post(g.search,{tenantIds:s,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:p},{token:t}),(e=>e.users)),getProviderToken:(s,o)=>a(e.httpClient.get(g.getProviderToken,{queryParams:{loginId:s,provider:o},token:t}),(e=>e)),activate:s=>a(e.httpClient.post(g.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(g.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(s,o)=>a(e.httpClient.post(g.updateLoginId,{loginId:s,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(s,o,n)=>a(e.httpClient.post(g.updateEmail,{loginId:s,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(s,o,n)=>a(e.httpClient.post(g.updatePhone,{loginId:s,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(s,o)=>a(e.httpClient.post(g.updateDisplayName,{loginId:s,displayName:o},{token:t}),(e=>e.user)),updatePicture:(s,o)=>a(e.httpClient.post(g.updatePicture,{loginId:s,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(s,o,n)=>a(e.httpClient.post(g.updateCustomAttribute,{loginId:s,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(s,o)=>a(e.httpClient.post(g.addRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(s,o)=>a(e.httpClient.post(g.removeRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),addTenant:(s,o)=>a(e.httpClient.post(g.addTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(s,o)=>a(e.httpClient.post(g.removeTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(s,o,n)=>a(e.httpClient.post(g.addRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(s,o,n)=>a(e.httpClient.post(g.removeRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,o)=>a(e.httpClient.post(g.generateOTPForTest,{deliveryMethod:s,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,o,n)=>a(e.httpClient.post(g.generateMagicLinkForTest,{deliveryMethod:s,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,o)=>a(e.httpClient.post(g.generateEnchantedLinkForTest,{loginId:s,URI:o},{token:t}),(e=>e)),generateEmbeddedLink:(s,o)=>a(e.httpClient.post(g.generateEmbeddedLink,{loginId:s,customClaims:o},{token:t}),(e=>e)),setPassword:(s,o)=>a(e.httpClient.post(g.setPassword,{loginId:s,password:o},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(g.expirePassword,{loginId:s},{token:t}),(e=>e))}),x=(e,t)=>({updateName:s=>a(e.httpClient.post(h.updateName,{name:s},{token:t}))}),j=(e,t)=>({create:(s,o)=>a(e.httpClient.post(k.create,{name:s,selfProvisioningDomains:o},{token:t})),createWithId:(s,o,n)=>a(e.httpClient.post(k.create,{id:s,name:o,selfProvisioningDomains:n},{token:t})),update:(s,o,n)=>a(e.httpClient.post(k.update,{id:s,name:o,selfProvisioningDomains:n},{token:t})),delete:s=>a(e.httpClient.post(k.delete,{id:s},{token:t})),load:s=>a(e.httpClient.get(k.load,{queryParams:{id:s},token:t}),(e=>e)),loadAll:()=>a(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants))}),E=(e,t)=>({update:(s,o)=>a(e.httpClient.post(f.update,{jwt:s,customClaims:o},{token:t}))}),N=(e,t)=>({create:(s,o)=>a(e.httpClient.post(C.create,{name:s,description:o},{token:t})),update:(s,o,n)=>a(e.httpClient.post(C.update,{name:s,newName:o,description:n},{token:t})),delete:s=>a(e.httpClient.post(C.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),O=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(w.create,{name:s,description:o,permissionNames:n},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(w.update,{name:s,newName:o,description:n,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(w.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(w.loadAll,{token:t}),(e=>e.roles))}),R=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(T.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,o,n)=>a(e.httpClient.post(T.loadAllGroupsForMember,{tenantId:s,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(s,o)=>a(e.httpClient.post(T.loadAllGroupMembers,{tenantId:s,groupId:o},{token:t}))}),M=(e,t)=>({getSettings:s=>a(e.httpClient.get(y.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(y.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,o,n,r,i,l)=>a(e.httpClient.post(y.settings,{tenantId:s,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(s,o,n,r)=>a(e.httpClient.post(y.metadata,{tenantId:s,idpMetadataURL:o,redirectURL:n,domain:r},{token:t})),configureMapping:(s,o,n)=>a(e.httpClient.post(y.mapping,{tenantId:s,roleMappings:o,attributeMapping:n},{token:t}))}),L=(e,t)=>({create:(s,o,n,r)=>a(e.httpClient.post(v.create,{name:s,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(v.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(v.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,o)=>a(e.httpClient.post(v.update,{id:s,name:o},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(v.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(v.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(v.delete,{id:s},{token:t}))}),S=(e,t)=>({list:()=>a(e.httpClient.post(I.list,{},{token:t})),export:s=>a(e.httpClient.post(I.export,{flowId:s},{token:t})),import:(s,o,n)=>a(e.httpClient.post(I.import,{flowId:s,flow:o,screens:n},{token:t}))}),U=(e,t)=>({export:()=>a(e.httpClient.post(b.export,{},{token:t})),import:s=>a(e.httpClient.post(b.import,{theme:s},{token:t}))}),F=(e,t)=>({search:s=>{const o=Object.assign(Object.assign({},s),{externalIds:s.loginIds});return delete o.loginIds,a(e.httpClient.post(A.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var $;null!==($=globalThis.Headers)&&void 0!==$||(globalThis.Headers=l);const J=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),i(...e)),D=a=>{var i,{managementKey:l,publicKey:d}=a,p=e(a,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({},p),{fetch:J,baseHeaders:Object.assign(Object.assign({},p.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.5.6"})})),{projectId:h,logger:v}=p,k={},y=((e,t)=>({user:P(e,t),project:x(e,t),accessKey:L(e,t),tenant:j(e,t),sso:M(e,t),jwt:E(e,t),permission:N(e,t),role:O(e,t),group:R(e,t),flow:S(e,t),theme:U(e,t),audit:F(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:y,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(d)try{const e=JSON.parse(d),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const a=(await o(e,f.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==h))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const s=await f.refresh(e);if(s.ok){return await f.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=t.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){if(t&&!c(e,t))return!1;const s=u(e,"permissions",t);return a.every((e=>s.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){if(t&&!c(e,t))return!1;const s=u(e,"roles",t);return a.every((e=>s.includes(e)))}});return s(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};D.RefreshTokenCookieName=d,D.SessionTokenCookieName="DS";export{D as default};
 //# sourceMappingURL=index.esm.js.map