@descope/node-sdk 1.6.0 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +28 -5
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +54 -25
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/package.json +9 -9
package/README.md
CHANGED
|
@@ -73,6 +73,7 @@ Then, you can use that to work with the following functions:
|
|
|
73
73
|
10. [Embedded Links](#embedded-links)
|
|
74
74
|
11. [Search Audit](#search-audit)
|
|
75
75
|
12. [Manage Authz](#manage-authz)
|
|
76
|
+
13. [Manage Project](#manage-project)
|
|
76
77
|
|
|
77
78
|
If you wish to run any of our code samples and play with them, check out our [Code Examples](#code-examples) section.
|
|
78
79
|
|
|
@@ -383,7 +384,7 @@ const authMiddleware = async (req: Request, res: Response, next: NextFunction) =
|
|
|
383
384
|
next();
|
|
384
385
|
} catch (e) {
|
|
385
386
|
res.status(401).json({
|
|
386
|
-
error:
|
|
387
|
+
error: 'Unauthorized!',
|
|
387
388
|
});
|
|
388
389
|
}
|
|
389
390
|
};
|
|
@@ -531,9 +532,9 @@ await descopeClient.management.user.create(
|
|
|
531
532
|
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
532
533
|
);
|
|
533
534
|
|
|
534
|
-
// Alternatively, a user can be created and invited via an email message.
|
|
535
|
+
// Alternatively, a user can be created and invited via an email / text message.
|
|
535
536
|
// Make sure to configure the invite URL in the Descope console prior to using this function,
|
|
536
|
-
// and that an email address is provided in the information.
|
|
537
|
+
// and that an email address / phone number is provided in the information.
|
|
537
538
|
await descopeClient.management.user.invite(
|
|
538
539
|
'desmond@descope.com',
|
|
539
540
|
'desmond@descope.com',
|
|
@@ -543,6 +544,24 @@ await descopeClient.management.user.invite(
|
|
|
543
544
|
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
544
545
|
);
|
|
545
546
|
|
|
547
|
+
// You can invite batch of users via an email / text message.
|
|
548
|
+
// Make sure to configure the invite URL in the Descope console prior to using this function,
|
|
549
|
+
// and that an email address / phone number is provided in the information.
|
|
550
|
+
await descopeClient.management.user.inviteBatch(
|
|
551
|
+
[
|
|
552
|
+
{
|
|
553
|
+
loginId: 'desmond@descope.com',
|
|
554
|
+
email: 'desmond@descope.com',
|
|
555
|
+
phone: '+123456789123',
|
|
556
|
+
displayName: 'Desmond Copeland',
|
|
557
|
+
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
558
|
+
},
|
|
559
|
+
],
|
|
560
|
+
'<invite_url>',
|
|
561
|
+
true,
|
|
562
|
+
false,
|
|
563
|
+
);
|
|
564
|
+
|
|
546
565
|
// Update will override all fields as is. Use carefully.
|
|
547
566
|
await descopeClient.management.user.update(
|
|
548
567
|
'desmond@descope.com',
|
|
@@ -597,13 +616,17 @@ await descopeClient.management.user.setPassword('<login-ID>', '<some-password>')
|
|
|
597
616
|
await descopeClient.management.user.expirePassword('<login-ID>');
|
|
598
617
|
```
|
|
599
618
|
|
|
600
|
-
### Manage
|
|
619
|
+
### Manage Project
|
|
601
620
|
|
|
602
|
-
You can update project name
|
|
621
|
+
You can update project name, as well as to clone the current project to a new one:
|
|
603
622
|
|
|
604
623
|
```typescript
|
|
605
624
|
// Update will override all fields as is. Use carefully.
|
|
606
625
|
await descopeClient.management.project.updateName('new-project-name');
|
|
626
|
+
|
|
627
|
+
// Clone the current project to a new one
|
|
628
|
+
// Note that this action is supported only with a pro license or above.
|
|
629
|
+
const cloneRes = await descopeClient.management.project.clone('new-project-name');
|
|
607
630
|
```
|
|
608
631
|
|
|
609
632
|
### Manage Access Keys
|
package/dist/cjs/index.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),o=require("node-fetch-commonjs");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=n(t),a=n(o);const i=t=>async(...s)=>{var o,n,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,p=e.__rest(i,["refreshJwt"]);const m=[];var d;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(d=p)?void 0:d.cookieDomain)||""}; Max-Age=${(null==d?void 0:d.cookieMaxAge)||""}; Path=${(null==d?void 0:d.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:m})})};function l(e,t,s){var o,n;const r=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(r)?r:[]}function p(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},d={updateName:"/v1/mgmt/project/update/name"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},y={search:"/v1/mgmt/audit/search"},w={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const I=(e,s)=>({create:(o,n,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),createTestUser:(o,n,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),invite:(o,n,r,a,i,l,p,d,u,c,h)=>t.transformResponse(e.httpClient.post(m.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c,inviteUrl:h},{token:s}),(e=>e.user)),update:(o,n,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.update,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),delete:o=>t.transformResponse(e.httpClient.post(m.delete,{loginId:o},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:o=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:o},token:s}),(e=>e.user)),loadByUserId:o=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:o},token:s}),(e=>e.user)),logoutUser:o=>t.transformResponse(e.httpClient.post(m.logout,{loginId:o},{token:s})),logoutUserByUserId:o=>t.transformResponse(e.httpClient.post(m.logout,{userId:o},{token:s})),searchAll:(o,n,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:o,roleNames:n,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:p,statuses:d,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(o,n)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:o,provider:n},token:s}),(e=>e)),activate:o=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:o,status:"enabled"},{token:s}),(e=>e.user)),deactivate:o=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:o,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(o,n)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:o,newLoginId:n},{token:s}),(e=>e.user)),updateEmail:(o,n,r)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:o,email:n,verified:r},{token:s}),(e=>e.user)),updatePhone:(o,n,r)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:o,phone:n,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(o,n)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:o,displayName:n},{token:s}),(e=>e.user)),updatePicture:(o,n)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:o,picture:n},{token:s}),(e=>e.user)),updateCustomAttribute:(o,n,r)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(o,n)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),removeRoles:(o,n)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),addTenant:(o,n)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),removeTenant:(o,n)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),addTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:o,loginId:n},{token:s}),(e=>e)),generateMagicLinkForTestUser:(o,n,r)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:o,URI:n},{token:s}),(e=>e)),generateEmbeddedLink:(o,n)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:o,customClaims:n},{token:s}),(e=>e)),setPassword:(o,n)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:o,password:n},{token:s}),(e=>e)),expirePassword:o=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:o},{token:s}),(e=>e))}),b=(e,s)=>({updateName:o=>t.transformResponse(e.httpClient.post(d.updateName,{name:o},{token:s}))}),A=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(c.create,{name:o,selfProvisioningDomains:n,customAttributes:r},{token:s})),createWithId:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:o,name:n,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:o,name:n,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(c.delete,{id:o},{token:s})),load:o=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:o},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),T=(e,s)=>({update:(o,n)=>t.transformResponse(e.httpClient.post(g.update,{jwt:o,customClaims:n},{token:s}))}),P=(e,s)=>({create:(o,n)=>t.transformResponse(e.httpClient.post(v.create,{name:o,description:n},{token:s})),update:(o,n,r)=>t.transformResponse(e.httpClient.post(v.update,{name:o,newName:n,description:r},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(v.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),N=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(f.create,{name:o,description:n,permissionNames:r},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:o,newName:n,description:r,permissionNames:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(f.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),x=(e,s)=>({loadAllGroups:o=>t.transformResponse(e.httpClient.post(C.loadAllGroups,{tenantId:o},{token:s})),loadAllGroupsForMember:(o,n,r)=>t.transformResponse(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:o,loginIds:r,userIds:n},{token:s})),loadAllGroupMembers:(o,n)=>t.transformResponse(e.httpClient.post(C.loadAllGroupMembers,{tenantId:o,groupId:n},{token:s}))}),j=(e,s)=>({getSettings:o=>t.transformResponse(e.httpClient.get(h.settings,{queryParams:{tenantId:o},token:s}),(e=>e)),deleteSettings:o=>t.transformResponse(e.httpClient.delete(h.settings,{queryParams:{tenantId:o},token:s})),configureSettings:(o,n,r,a,i,l)=>t.transformResponse(e.httpClient.post(h.settings,{tenantId:o,idpURL:n,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(o,n,r,a)=>t.transformResponse(e.httpClient.post(h.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:r,domain:a},{token:s})),configureMapping:(o,n,r)=>t.transformResponse(e.httpClient.post(h.mapping,{tenantId:o,roleMappings:n,attributeMapping:r},{token:s}))}),E=(e,s)=>({create:(o,n,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:o,expireTime:n,roleNames:r,keyTenants:a},{token:s})),load:o=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:o},token:s}),(e=>e.key)),searchAll:o=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:o},{token:s}),(e=>e.keys)),update:(o,n)=>t.transformResponse(e.httpClient.post(u.update,{id:o,name:n},{token:s}),(e=>e.key)),deactivate:o=>t.transformResponse(e.httpClient.post(u.deactivate,{id:o},{token:s})),activate:o=>t.transformResponse(e.httpClient.post(u.activate,{id:o},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(u.delete,{id:o},{token:s}))}),S=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),export:o=>t.transformResponse(e.httpClient.post(k.export,{flowId:o},{token:s})),import:(o,n,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:o,flow:n,screens:r},{token:s}))}),D=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:o=>t.transformResponse(e.httpClient.post(R.import,{theme:o},{token:s}))}),O=(e,s)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,t.transformResponse(e.httpClient.post(y.search,n,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),L=(e,s)=>({saveSchema:(o,n)=>t.transformResponse(e.httpClient.post(w.schemaSave,{schema:o,upgrade:n},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(w.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(w.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(o,n,r)=>t.transformResponse(e.httpClient.post(w.nsSave,{namespace:o,oldName:n,schemaName:r},{token:s})),deleteNamespace:(o,n)=>t.transformResponse(e.httpClient.post(w.nsDelete,{name:o,schemaName:n},{token:s})),saveRelationDefinition:(o,n,r,a)=>t.transformResponse(e.httpClient.post(w.rdSave,{relationDefinition:o,namespace:n,oldName:r,schemaName:a},{token:s})),deleteRelationDefinition:(o,n,r)=>t.transformResponse(e.httpClient.post(w.rdDelete,{name:o,namespace:n,schemaName:r},{token:s})),createRelations:o=>t.transformResponse(e.httpClient.post(w.reCreate,{relations:o},{token:s})),deleteRelations:o=>t.transformResponse(e.httpClient.post(w.reDelete,{relations:o},{token:s})),deleteRelationsForResources:o=>t.transformResponse(e.httpClient.post(w.reDeleteResources,{resources:o},{token:s})),hasRelations:o=>t.transformResponse(e.httpClient.post(w.hasRelations,{relationQueries:o},{token:s}),(e=>e.relationQueries)),whoCanAccess:(o,n,r)=>t.transformResponse(e.httpClient.post(w.who,{resource:o,relationDefinition:n,namespace:r},{token:s}),(e=>e.targets)),resourceRelations:o=>t.transformResponse(e.httpClient.post(w.resource,{resource:o},{token:s}),(e=>e.relations)),targetsRelations:o=>t.transformResponse(e.httpClient.post(w.targets,{targets:o},{token:s}),(e=>e.relations)),whatCanTargetAccess:o=>t.transformResponse(e.httpClient.post(w.targetAll,{target:o},{token:s}),(e=>e.relations))});var U;null!==(U=globalThis.Headers)&&void 0!==U||(globalThis.Headers=o.Headers);const M=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),F=o=>{var n,{managementKey:a,publicKey:m}=o,d=e.__rest(o,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({fetch:M},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(n=null===process||void 0===process?void 0:process.versions)||void 0===n?void 0:n.node)||"","x-descope-sdk-version":"1.6.0"})})),{projectId:c,logger:h}=d,g={},v=((e,t)=>({user:I(e,t),project:b(e,t),accessKey:E(e,t),tenant:A(e,t),sso:j(e,t),jwt:T(e,t),permission:P(e,t),role:N(e,t),group:x(e,t),flow:S(e,t),theme:D(e,t),audit:O(e,t),authz:L(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(g[e.kid])return g[e.kid];if(Object.assign(g,await(async()=>{if(m)try{const e=JSON.parse(m),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==h||h.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!g[e.kid])throw Error("failed to fetch matching key");return g[e.kid]},async validateJwt(e){var t;const o=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(t=o.iss)||void 0===t?void 0:t.split("/").pop(),o.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==h||h.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const o=await f.refresh(e);if(o.ok){return await f.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==h||h.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==h||h.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==h||h.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==h||h.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==h||h.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!p(e,t))return!1;const o=l(e,"permissions",t);return s.every((e=>o.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!p(e,t))return!1;const o=l(e,"roles",t);return s.every((e=>o.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};F.RefreshTokenCookieName="DSR",F.SessionTokenCookieName="DS",module.exports=F;
|
|
1
|
+
"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("node-fetch-commonjs");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=o(t),a=o(n);const i=t=>async(...s)=>{var n,o,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,p=e.__rest(i,["refreshJwt"]);const m=[];var d;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(d=p)?void 0:d.cookieDomain)||""}; Max-Age=${(null==d?void 0:d.cookieMaxAge)||""}; Path=${(null==d?void 0:d.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),m.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:m})})};function l(e,t,s){var n,o;const r=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(r)?r:[]}function p(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},d={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},y={search:"/v1/mgmt/audit/search"},w={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const I=(e,s)=>({create:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),createTestUser:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),invite:(n,o,r,a,i,l,p,d,u,c,h,g,v)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c,inviteUrl:h,sendMail:g,sendSMS:v},{token:s}),(e=>e.user)),inviteBatch:(n,o,r,a)=>t.transformResponse(e.httpClient.post(m.createBatch,{users:n,invite:!0,inviteUrl:o,sendMail:r,sendSMS:a},{token:s}),(e=>e)),update:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.update,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),delete:n=>t.transformResponse(e.httpClient.post(m.delete,{loginId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(m.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(m.logout,{userId:n},{token:s})),searchAll:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:n,roleNames:o,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:p,statuses:d,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(n,o)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:n,provider:o},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:n,email:o,verified:r},{token:s}),(e=>e.user)),updatePhone:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:n,phone:o,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(n,o)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:n,displayName:o},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),addTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:n,loginId:o},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,r)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:n,URI:o},{token:s}),(e=>e)),generateEmbeddedLink:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:n,customClaims:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:n},{token:s}),(e=>e))}),b=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(d.updateName,{name:n},{token:s})),clone:(n,o)=>t.transformResponse(e.httpClient.post(d.clone,{name:n,tag:o},{token:s}))}),A=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(c.create,{name:n,selfProvisioningDomains:o,customAttributes:r},{token:s})),createWithId:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(c.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),T=(e,s)=>({update:(n,o)=>t.transformResponse(e.httpClient.post(g.update,{jwt:n,customClaims:o},{token:s}))}),P=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(v.create,{name:n,description:o},{token:s})),update:(n,o,r)=>t.transformResponse(e.httpClient.post(v.update,{name:n,newName:o,description:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(v.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),N=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(f.create,{name:n,description:o,permissionNames:r},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:n,newName:o,description:r,permissionNames:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(f.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),S=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(C.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,r)=>t.transformResponse(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:n,loginIds:r,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(C.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))}),j=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(h.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),deleteSettings:n=>t.transformResponse(e.httpClient.delete(h.settings,{queryParams:{tenantId:n},token:s})),configureSettings:(n,o,r,a,i,l)=>t.transformResponse(e.httpClient.post(h.settings,{tenantId:n,idpURL:o,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(n,o,r,a)=>t.transformResponse(e.httpClient.post(h.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:r,domain:a},{token:s})),configureMapping:(n,o,r)=>t.transformResponse(e.httpClient.post(h.mapping,{tenantId:n,roleMappings:o,attributeMapping:r},{token:s}))}),x=(e,s)=>({create:(n,o,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:n,expireTime:o,roleNames:r,keyTenants:a},{token:s})),load:n=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o)=>t.transformResponse(e.httpClient.post(u.update,{id:n,name:o},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(u.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(u.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(u.delete,{id:n},{token:s}))}),E=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),export:n=>t.transformResponse(e.httpClient.post(k.export,{flowId:n},{token:s})),import:(n,o,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:n,flow:o,screens:r},{token:s}))}),D=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(R.import,{theme:n},{token:s}))}),M=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(y.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),O=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(w.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(w.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(w.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,r)=>t.transformResponse(e.httpClient.post(w.nsSave,{namespace:n,oldName:o,schemaName:r},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(w.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,r,a)=>t.transformResponse(e.httpClient.post(w.rdSave,{relationDefinition:n,namespace:o,oldName:r,schemaName:a},{token:s})),deleteRelationDefinition:(n,o,r)=>t.transformResponse(e.httpClient.post(w.rdDelete,{name:n,namespace:o,schemaName:r},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(w.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(w.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(w.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(w.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,r)=>t.transformResponse(e.httpClient.post(w.who,{resource:n,relationDefinition:o,namespace:r},{token:s}),(e=>e.targets)),resourceRelations:n=>t.transformResponse(e.httpClient.post(w.resource,{resource:n},{token:s}),(e=>e.relations)),targetsRelations:n=>t.transformResponse(e.httpClient.post(w.targets,{targets:n},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(w.targetAll,{target:n},{token:s}),(e=>e.relations))});var U;null!==(U=globalThis.Headers)&&void 0!==U||(globalThis.Headers=n.Headers);const L=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),F=n=>{var o,{managementKey:a,publicKey:m}=n,d=e.__rest(n,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({fetch:L},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"1.6.1"})})),{projectId:c,logger:h}=d,g={},v=((e,t)=>({user:I(e,t),project:b(e,t),accessKey:x(e,t),tenant:A(e,t),sso:j(e,t),jwt:T(e,t),permission:P(e,t),role:N(e,t),group:S(e,t),flow:E(e,t),theme:D(e,t),audit:M(e,t),authz:O(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(g[e.kid])return g[e.kid];if(Object.assign(g,await(async()=>{if(m)try{const e=JSON.parse(m),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==h||h.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!g[e.kid])throw Error("failed to fetch matching key");return g[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==h||h.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const n=await f.refresh(e);if(n.ok){return await f.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==h||h.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==h||h.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==h||h.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==h||h.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==h||h.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!p(e,t))return!1;const n=l(e,"permissions",t);return s.every((e=>n.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!p(e,t))return!1;const n=l(e,"roles",t);return s.every((e=>n.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};F.RefreshTokenCookieName="DSR",F.SessionTokenCookieName="DS",module.exports=F;
|
|
2
2
|
//# sourceMappingURL=index.cjs.js.map
|