@descope/node-sdk 1.6.0 → 1.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +89 -14
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +139 -116
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/package.json +10 -10
package/README.md
CHANGED
|
@@ -73,6 +73,7 @@ Then, you can use that to work with the following functions:
|
|
|
73
73
|
10. [Embedded Links](#embedded-links)
|
|
74
74
|
11. [Search Audit](#search-audit)
|
|
75
75
|
12. [Manage Authz](#manage-authz)
|
|
76
|
+
13. [Manage Project](#manage-project)
|
|
76
77
|
|
|
77
78
|
If you wish to run any of our code samples and play with them, check out our [Code Examples](#code-examples) section.
|
|
78
79
|
|
|
@@ -80,6 +81,36 @@ If you're performing end-to-end testing, check out the [Utils for your end to en
|
|
|
80
81
|
|
|
81
82
|
---
|
|
82
83
|
|
|
84
|
+
## Error Handling
|
|
85
|
+
|
|
86
|
+
Every `async` operation may fail. In case it does, there will be information regarding what happened on the response object.
|
|
87
|
+
A typical case of error handling might look something like:
|
|
88
|
+
|
|
89
|
+
```ts
|
|
90
|
+
import { SdkResponse, descopeErrors } from '@descope/node-sdk';
|
|
91
|
+
|
|
92
|
+
// ...
|
|
93
|
+
|
|
94
|
+
try {
|
|
95
|
+
const resp = await sdk.otp.signIn.email(loginId);
|
|
96
|
+
if (resp.error) {
|
|
97
|
+
switch (resp.error.errorCode) {
|
|
98
|
+
case descopeErrors.userNotFound:
|
|
99
|
+
// Handle specifically
|
|
100
|
+
break;
|
|
101
|
+
default:
|
|
102
|
+
// Handle generally
|
|
103
|
+
// `resp.error` will contain `errorCode`, `errorDescription` and sometimes `errorMessage` to
|
|
104
|
+
// help understand what went wrong. See SdkResponse for more information.
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
} catch (e) {
|
|
108
|
+
// Handle technical error
|
|
109
|
+
}
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
83
114
|
### OTP Authentication
|
|
84
115
|
|
|
85
116
|
Send a user a one-time password (OTP) using your preferred delivery method (_email / SMS_). An email address or phone number must be provided accordingly.
|
|
@@ -383,7 +414,7 @@ const authMiddleware = async (req: Request, res: Response, next: NextFunction) =
|
|
|
383
414
|
next();
|
|
384
415
|
} catch (e) {
|
|
385
416
|
res.status(401).json({
|
|
386
|
-
error:
|
|
417
|
+
error: 'Unauthorized!',
|
|
387
418
|
});
|
|
388
419
|
}
|
|
389
420
|
};
|
|
@@ -399,7 +430,7 @@ For multi-tenant uses:
|
|
|
399
430
|
|
|
400
431
|
```typescript
|
|
401
432
|
// You can validate specific permissions
|
|
402
|
-
const validTenantPermissions =
|
|
433
|
+
const validTenantPermissions = descopeClient.validateTenantPermissions(
|
|
403
434
|
authInfo,
|
|
404
435
|
'my-tenant-ID',
|
|
405
436
|
['Permission to validate'],
|
|
@@ -409,30 +440,51 @@ if (!validTenantPermissions) {
|
|
|
409
440
|
}
|
|
410
441
|
|
|
411
442
|
// Or validate roles directly
|
|
412
|
-
const validTenantRoles =
|
|
443
|
+
const validTenantRoles = descopeClient.validateTenantRoles(authInfo, 'my-tenant-ID', [
|
|
413
444
|
'Role to validate',
|
|
414
445
|
]);
|
|
415
446
|
if (!validTenantRoles) {
|
|
416
447
|
// Deny access
|
|
417
448
|
}
|
|
449
|
+
|
|
450
|
+
// Or get the matched roles/permissions
|
|
451
|
+
const matchedTenantRoles = descopeClient.getMatchedTenantRoles(authInfo, 'my-tenant-ID', [
|
|
452
|
+
'Role to validate',
|
|
453
|
+
'Another role to validate'
|
|
454
|
+
]);
|
|
455
|
+
|
|
456
|
+
const matchedTenantPermissions = descopeClient.getMatchedTenantPermissions(
|
|
457
|
+
authInfo,
|
|
458
|
+
'my-tenant-ID',
|
|
459
|
+
['Permission to validate', 'Another permission to validate']],
|
|
460
|
+
);
|
|
418
461
|
```
|
|
419
462
|
|
|
420
463
|
When not using tenants use:
|
|
421
464
|
|
|
422
465
|
```typescript
|
|
423
466
|
// You can validate specific permissions
|
|
424
|
-
const validPermissions =
|
|
425
|
-
'Permission to validate',
|
|
426
|
-
]);
|
|
467
|
+
const validPermissions = descopeClient.validatePermissions(authInfo, ['Permission to validate']);
|
|
427
468
|
if (!validPermissions) {
|
|
428
469
|
// Deny access
|
|
429
470
|
}
|
|
430
471
|
|
|
431
472
|
// Or validate roles directly
|
|
432
|
-
const validRoles =
|
|
473
|
+
const validRoles = descopeClient.validateRoles(authInfo, ['Role to validate']);
|
|
433
474
|
if (!validRoles) {
|
|
434
475
|
// Deny access
|
|
435
476
|
}
|
|
477
|
+
|
|
478
|
+
// Or get the matched roles/permissions
|
|
479
|
+
const matchedRoles = descopeClient.getMatchedRoles(authInfo, [
|
|
480
|
+
'Role to validate',
|
|
481
|
+
'Another role to validate',
|
|
482
|
+
]);
|
|
483
|
+
|
|
484
|
+
const matchedPermissions = descopeClient.getMatchedPermissions(authInfo, [
|
|
485
|
+
'Permission to validate',
|
|
486
|
+
'Another permission to validate',
|
|
487
|
+
]);
|
|
436
488
|
```
|
|
437
489
|
|
|
438
490
|
### Logging Out
|
|
@@ -531,9 +583,9 @@ await descopeClient.management.user.create(
|
|
|
531
583
|
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
532
584
|
);
|
|
533
585
|
|
|
534
|
-
// Alternatively, a user can be created and invited via an email message.
|
|
586
|
+
// Alternatively, a user can be created and invited via an email / text message.
|
|
535
587
|
// Make sure to configure the invite URL in the Descope console prior to using this function,
|
|
536
|
-
// and that an email address is provided in the information.
|
|
588
|
+
// and that an email address / phone number is provided in the information.
|
|
537
589
|
await descopeClient.management.user.invite(
|
|
538
590
|
'desmond@descope.com',
|
|
539
591
|
'desmond@descope.com',
|
|
@@ -543,6 +595,24 @@ await descopeClient.management.user.invite(
|
|
|
543
595
|
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
544
596
|
);
|
|
545
597
|
|
|
598
|
+
// You can invite batch of users via an email / text message.
|
|
599
|
+
// Make sure to configure the invite URL in the Descope console prior to using this function,
|
|
600
|
+
// and that an email address / phone number is provided in the information.
|
|
601
|
+
await descopeClient.management.user.inviteBatch(
|
|
602
|
+
[
|
|
603
|
+
{
|
|
604
|
+
loginId: 'desmond@descope.com',
|
|
605
|
+
email: 'desmond@descope.com',
|
|
606
|
+
phone: '+123456789123',
|
|
607
|
+
displayName: 'Desmond Copeland',
|
|
608
|
+
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
609
|
+
},
|
|
610
|
+
],
|
|
611
|
+
'<invite_url>',
|
|
612
|
+
true,
|
|
613
|
+
false,
|
|
614
|
+
);
|
|
615
|
+
|
|
546
616
|
// Update will override all fields as is. Use carefully.
|
|
547
617
|
await descopeClient.management.user.update(
|
|
548
618
|
'desmond@descope.com',
|
|
@@ -597,13 +667,17 @@ await descopeClient.management.user.setPassword('<login-ID>', '<some-password>')
|
|
|
597
667
|
await descopeClient.management.user.expirePassword('<login-ID>');
|
|
598
668
|
```
|
|
599
669
|
|
|
600
|
-
### Manage
|
|
670
|
+
### Manage Project
|
|
601
671
|
|
|
602
|
-
You can update project name
|
|
672
|
+
You can update project name, as well as to clone the current project to a new one:
|
|
603
673
|
|
|
604
674
|
```typescript
|
|
605
675
|
// Update will override all fields as is. Use carefully.
|
|
606
676
|
await descopeClient.management.project.updateName('new-project-name');
|
|
677
|
+
|
|
678
|
+
// Clone the current project to a new one
|
|
679
|
+
// Note that this action is supported only with a pro license or above.
|
|
680
|
+
const cloneRes = await descopeClient.management.project.clone('new-project-name');
|
|
607
681
|
```
|
|
608
682
|
|
|
609
683
|
### Manage Access Keys
|
|
@@ -657,11 +731,11 @@ const idpURL = 'https://idp.com'
|
|
|
657
731
|
const entityID = 'my-idp-entity-id'
|
|
658
732
|
const idpCert = '<your-cert-here>'
|
|
659
733
|
const redirectURL = 'https://my-app.com/handle-saml' // Global redirect URL for SSO/SAML
|
|
660
|
-
const
|
|
661
|
-
await descopeClient.management.sso.configureSettings(tenantID, idpURL, entityID, idpCert, redirectURL,
|
|
734
|
+
const domains = ['tenant-users.com'] // Users authentication with this domain will be logged in to this tenant
|
|
735
|
+
await descopeClient.management.sso.configureSettings(tenantID, idpURL, entityID, idpCert, redirectURL, domains)
|
|
662
736
|
|
|
663
737
|
// Alternatively, configure using an SSO metadata URL
|
|
664
|
-
await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata', redirectURL,
|
|
738
|
+
await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata', redirectURL, domains)
|
|
665
739
|
|
|
666
740
|
// Map IDP groups to Descope roles, or map user attributes.
|
|
667
741
|
// This function overrides any previous mapping (even when empty). Use carefully.
|
|
@@ -1051,6 +1125,7 @@ const { code } = await descopeClient.management.user.generateOTPForTestUser(
|
|
|
1051
1125
|
'desmond@descope.com',
|
|
1052
1126
|
);
|
|
1053
1127
|
// Now you can verify the code is valid (using descopeClient.auth.*.verify for example)
|
|
1128
|
+
// LoginOptions can be provided to set custom claims to the generated jwt.
|
|
1054
1129
|
|
|
1055
1130
|
// Same as OTP, magic link can be generated for test user, for example:
|
|
1056
1131
|
const { link } = await descopeClient.management.user.generateMagicLinkForTestUser(
|
package/dist/cjs/index.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),o=require("node-fetch-commonjs");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=n(t),a=n(o);const i=t=>async(...s)=>{var o,n,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,p=e.__rest(i,["refreshJwt"]);const m=[];var d;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(d=p)?void 0:d.cookieDomain)||""}; Max-Age=${(null==d?void 0:d.cookieMaxAge)||""}; Path=${(null==d?void 0:d.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:m})})};function l(e,t,s){var o,n;const r=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(r)?r:[]}function p(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},d={updateName:"/v1/mgmt/project/update/name"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},y={search:"/v1/mgmt/audit/search"},w={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const I=(e,s)=>({create:(o,n,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),createTestUser:(o,n,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),invite:(o,n,r,a,i,l,p,d,u,c,h)=>t.transformResponse(e.httpClient.post(m.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c,inviteUrl:h},{token:s}),(e=>e.user)),update:(o,n,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.update,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),delete:o=>t.transformResponse(e.httpClient.post(m.delete,{loginId:o},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:o=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:o},token:s}),(e=>e.user)),loadByUserId:o=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:o},token:s}),(e=>e.user)),logoutUser:o=>t.transformResponse(e.httpClient.post(m.logout,{loginId:o},{token:s})),logoutUserByUserId:o=>t.transformResponse(e.httpClient.post(m.logout,{userId:o},{token:s})),searchAll:(o,n,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:o,roleNames:n,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:p,statuses:d,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(o,n)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:o,provider:n},token:s}),(e=>e)),activate:o=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:o,status:"enabled"},{token:s}),(e=>e.user)),deactivate:o=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:o,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(o,n)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:o,newLoginId:n},{token:s}),(e=>e.user)),updateEmail:(o,n,r)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:o,email:n,verified:r},{token:s}),(e=>e.user)),updatePhone:(o,n,r)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:o,phone:n,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(o,n)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:o,displayName:n},{token:s}),(e=>e.user)),updatePicture:(o,n)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:o,picture:n},{token:s}),(e=>e.user)),updateCustomAttribute:(o,n,r)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(o,n)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),removeRoles:(o,n)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),addTenant:(o,n)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),removeTenant:(o,n)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),addTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:o,loginId:n},{token:s}),(e=>e)),generateMagicLinkForTestUser:(o,n,r)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:o,URI:n},{token:s}),(e=>e)),generateEmbeddedLink:(o,n)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:o,customClaims:n},{token:s}),(e=>e)),setPassword:(o,n)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:o,password:n},{token:s}),(e=>e)),expirePassword:o=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:o},{token:s}),(e=>e))}),b=(e,s)=>({updateName:o=>t.transformResponse(e.httpClient.post(d.updateName,{name:o},{token:s}))}),A=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(c.create,{name:o,selfProvisioningDomains:n,customAttributes:r},{token:s})),createWithId:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:o,name:n,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:o,name:n,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(c.delete,{id:o},{token:s})),load:o=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:o},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),T=(e,s)=>({update:(o,n)=>t.transformResponse(e.httpClient.post(g.update,{jwt:o,customClaims:n},{token:s}))}),P=(e,s)=>({create:(o,n)=>t.transformResponse(e.httpClient.post(v.create,{name:o,description:n},{token:s})),update:(o,n,r)=>t.transformResponse(e.httpClient.post(v.update,{name:o,newName:n,description:r},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(v.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),N=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(f.create,{name:o,description:n,permissionNames:r},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:o,newName:n,description:r,permissionNames:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(f.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),x=(e,s)=>({loadAllGroups:o=>t.transformResponse(e.httpClient.post(C.loadAllGroups,{tenantId:o},{token:s})),loadAllGroupsForMember:(o,n,r)=>t.transformResponse(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:o,loginIds:r,userIds:n},{token:s})),loadAllGroupMembers:(o,n)=>t.transformResponse(e.httpClient.post(C.loadAllGroupMembers,{tenantId:o,groupId:n},{token:s}))}),j=(e,s)=>({getSettings:o=>t.transformResponse(e.httpClient.get(h.settings,{queryParams:{tenantId:o},token:s}),(e=>e)),deleteSettings:o=>t.transformResponse(e.httpClient.delete(h.settings,{queryParams:{tenantId:o},token:s})),configureSettings:(o,n,r,a,i,l)=>t.transformResponse(e.httpClient.post(h.settings,{tenantId:o,idpURL:n,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(o,n,r,a)=>t.transformResponse(e.httpClient.post(h.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:r,domain:a},{token:s})),configureMapping:(o,n,r)=>t.transformResponse(e.httpClient.post(h.mapping,{tenantId:o,roleMappings:n,attributeMapping:r},{token:s}))}),E=(e,s)=>({create:(o,n,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:o,expireTime:n,roleNames:r,keyTenants:a},{token:s})),load:o=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:o},token:s}),(e=>e.key)),searchAll:o=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:o},{token:s}),(e=>e.keys)),update:(o,n)=>t.transformResponse(e.httpClient.post(u.update,{id:o,name:n},{token:s}),(e=>e.key)),deactivate:o=>t.transformResponse(e.httpClient.post(u.deactivate,{id:o},{token:s})),activate:o=>t.transformResponse(e.httpClient.post(u.activate,{id:o},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(u.delete,{id:o},{token:s}))}),S=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),export:o=>t.transformResponse(e.httpClient.post(k.export,{flowId:o},{token:s})),import:(o,n,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:o,flow:n,screens:r},{token:s}))}),D=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:o=>t.transformResponse(e.httpClient.post(R.import,{theme:o},{token:s}))}),O=(e,s)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,t.transformResponse(e.httpClient.post(y.search,n,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),L=(e,s)=>({saveSchema:(o,n)=>t.transformResponse(e.httpClient.post(w.schemaSave,{schema:o,upgrade:n},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(w.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(w.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(o,n,r)=>t.transformResponse(e.httpClient.post(w.nsSave,{namespace:o,oldName:n,schemaName:r},{token:s})),deleteNamespace:(o,n)=>t.transformResponse(e.httpClient.post(w.nsDelete,{name:o,schemaName:n},{token:s})),saveRelationDefinition:(o,n,r,a)=>t.transformResponse(e.httpClient.post(w.rdSave,{relationDefinition:o,namespace:n,oldName:r,schemaName:a},{token:s})),deleteRelationDefinition:(o,n,r)=>t.transformResponse(e.httpClient.post(w.rdDelete,{name:o,namespace:n,schemaName:r},{token:s})),createRelations:o=>t.transformResponse(e.httpClient.post(w.reCreate,{relations:o},{token:s})),deleteRelations:o=>t.transformResponse(e.httpClient.post(w.reDelete,{relations:o},{token:s})),deleteRelationsForResources:o=>t.transformResponse(e.httpClient.post(w.reDeleteResources,{resources:o},{token:s})),hasRelations:o=>t.transformResponse(e.httpClient.post(w.hasRelations,{relationQueries:o},{token:s}),(e=>e.relationQueries)),whoCanAccess:(o,n,r)=>t.transformResponse(e.httpClient.post(w.who,{resource:o,relationDefinition:n,namespace:r},{token:s}),(e=>e.targets)),resourceRelations:o=>t.transformResponse(e.httpClient.post(w.resource,{resource:o},{token:s}),(e=>e.relations)),targetsRelations:o=>t.transformResponse(e.httpClient.post(w.targets,{targets:o},{token:s}),(e=>e.relations)),whatCanTargetAccess:o=>t.transformResponse(e.httpClient.post(w.targetAll,{target:o},{token:s}),(e=>e.relations))});var U;null!==(U=globalThis.Headers)&&void 0!==U||(globalThis.Headers=o.Headers);const M=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),F=o=>{var n,{managementKey:a,publicKey:m}=o,d=e.__rest(o,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({fetch:M},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(n=null===process||void 0===process?void 0:process.versions)||void 0===n?void 0:n.node)||"","x-descope-sdk-version":"1.6.0"})})),{projectId:c,logger:h}=d,g={},v=((e,t)=>({user:I(e,t),project:b(e,t),accessKey:E(e,t),tenant:A(e,t),sso:j(e,t),jwt:T(e,t),permission:P(e,t),role:N(e,t),group:x(e,t),flow:S(e,t),theme:D(e,t),audit:O(e,t),authz:L(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(g[e.kid])return g[e.kid];if(Object.assign(g,await(async()=>{if(m)try{const e=JSON.parse(m),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==h||h.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!g[e.kid])throw Error("failed to fetch matching key");return g[e.kid]},async validateJwt(e){var t;const o=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(t=o.iss)||void 0===t?void 0:t.split("/").pop(),o.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==h||h.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const o=await f.refresh(e);if(o.ok){return await f.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==h||h.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==h||h.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==h||h.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==h||h.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==h||h.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!p(e,t))return!1;const o=l(e,"permissions",t);return s.every((e=>o.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!p(e,t))return!1;const o=l(e,"roles",t);return s.every((e=>o.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};F.RefreshTokenCookieName="DSR",F.SessionTokenCookieName="DS",module.exports=F;
|
|
1
|
+
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("cross-fetch");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=o(t);const r=t=>async(...s)=>{var n,o,a;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,m=e.__rest(i,["refreshJwt"]);const d=[];var p;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(p=m)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:d})})};function i(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function l(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},d={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},p={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},u={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},c={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},h={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},v={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},f={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},k={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},R={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},C={search:"/v1/mgmt/audit/search"},y={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const w=(e,s)=>({create:(n,o,a,r,i,l,d,p,u,c,g,h,v,f)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f},{token:s}),(e=>e.user)),createTestUser:(n,o,a,r,i,l,d,p,u,c,g,h,v,f)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f},{token:s}),(e=>e.user)),invite:(n,o,a,r,i,l,d,p,u,c,g,h,v,f,k,R,C)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:a,displayName:r,givenName:f,middleName:k,familyName:R,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:C},{token:s}),(e=>e.user)),inviteBatch:(n,o,a,r)=>t.transformResponse(e.httpClient.post(m.createBatch,{users:n,invite:!0,inviteUrl:o,sendMail:a,sendSMS:r},{token:s}),(e=>e)),update:(n,o,a,r,i,l,d,p,u,c,g,h,v,f)=>t.transformResponse(e.httpClient.post(m.update,{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f},{token:s}),(e=>e.user)),delete:n=>t.transformResponse(e.httpClient.post(m.delete,{loginId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(m.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(m.logout,{userId:n},{token:s})),searchAll:(n,o,a,r,i,l,d,p,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:n,roleNames:o,limit:a,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:p,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(n,o)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:n,provider:o},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,a)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:n,email:o,verified:a},{token:s}),(e=>e.user)),updatePhone:(n,o,a)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:n,phone:o,verified:a},{token:s}),(e=>e.user)),updateDisplayName:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:r,familyName:i},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:s}),(e=>e.user)),setRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.setRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),setTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(m.setRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),addTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,r)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:s}),(e=>e)),generateEmbeddedLink:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:n,customClaims:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:n},{token:s}),(e=>e))}),I=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(d.updateName,{name:n},{token:s})),clone:(n,o)=>t.transformResponse(e.httpClient.post(d.clone,{name:n,tag:o},{token:s}))}),b=(e,s)=>({create:(n,o,a)=>t.transformResponse(e.httpClient.post(u.create,{name:n,selfProvisioningDomains:o,customAttributes:a},{token:s})),createWithId:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:r},{token:s})),update:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(u.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(u.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:r},{token:s}),(e=>e.tenants))}),N=(e,s)=>({update:(n,o)=>t.transformResponse(e.httpClient.post(g.update,{jwt:n,customClaims:o},{token:s}))}),A=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(h.create,{name:n,description:o},{token:s})),update:(n,o,a)=>t.transformResponse(e.httpClient.post(h.update,{name:n,newName:o,description:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(h.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(h.loadAll,{token:s}),(e=>e.permissions))}),T=(e,s)=>({create:(n,o,a)=>t.transformResponse(e.httpClient.post(v.create,{name:n,description:o,permissionNames:a},{token:s})),update:(n,o,a,r)=>t.transformResponse(e.httpClient.post(v.update,{name:n,newName:o,description:a,permissionNames:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(v.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.roles))}),P=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(R.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,a)=>t.transformResponse(e.httpClient.post(R.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(R.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))}),E=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(c.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),deleteSettings:n=>t.transformResponse(e.httpClient.delete(c.settings,{queryParams:{tenantId:n},token:s})),configureSettings:(n,o,a,r,i,l)=>t.transformResponse(e.httpClient.post(c.settings,{tenantId:n,idpURL:o,entityId:r,idpCert:a,redirectURL:i,domains:l},{token:s})),configureMetadata:(n,o,a,r)=>t.transformResponse(e.httpClient.post(c.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:r},{token:s})),configureMapping:(n,o,a)=>t.transformResponse(e.httpClient.post(c.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:s}))}),x=(e,s)=>({create:(n,o,a,r)=>t.transformResponse(e.httpClient.post(p.create,{name:n,expireTime:o,roleNames:a,keyTenants:r},{token:s})),load:n=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(p.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o)=>t.transformResponse(e.httpClient.post(p.update,{id:n,name:o},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(p.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(p.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(p.delete,{id:n},{token:s}))}),S=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(f.list,{},{token:s})),export:n=>t.transformResponse(e.httpClient.post(f.export,{flowId:n},{token:s})),import:(n,o,a)=>t.transformResponse(e.httpClient.post(f.import,{flowId:n,flow:o,screens:a},{token:s}))}),j=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(k.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(k.import,{theme:n},{token:s}))}),M=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(C.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),O=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(y.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(y.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(y.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,a)=>t.transformResponse(e.httpClient.post(y.nsSave,{namespace:n,oldName:o,schemaName:a},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(y.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,a,r)=>t.transformResponse(e.httpClient.post(y.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:r},{token:s})),deleteRelationDefinition:(n,o,a)=>t.transformResponse(e.httpClient.post(y.rdDelete,{name:n,namespace:o,schemaName:a},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(y.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(y.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(y.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(y.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>t.transformResponse(e.httpClient.post(y.who,{resource:n,relationDefinition:o,namespace:a},{token:s}),(e=>e.targets)),resourceRelations:n=>t.transformResponse(e.httpClient.post(y.resource,{resource:n},{token:s}),(e=>e.relations)),targetsRelations:n=>t.transformResponse(e.httpClient.post(y.targets,{targets:n},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(y.targetAll,{target:n},{token:s}),(e=>e.relations))});var D;null!==(D=globalThis.Headers)&&void 0!==D||(globalThis.Headers=n.Headers);const L=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),n.fetch(...e)),U=n=>{var o,{managementKey:m,publicKey:d}=n,p=e.__rest(n,["managementKey","publicKey"]);const u=a.default(Object.assign(Object.assign({fetch:L},p),{baseHeaders:Object.assign(Object.assign({},p.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"1.6.2"})})),{projectId:c,logger:g}=p,h={},v=((e,t)=>({user:w(e,t),project:I(e,t),accessKey:x(e,t),tenant:b(e,t),sso:E(e,t),jwt:N(e,t),permission:A(e,t),role:T(e,t),group:P(e,t),flow:S(e,t),theme:j(e,t),audit:M(e,t),authz:O(e,t)}))(u,m),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{if(d)try{const e=JSON.parse(d),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==g||g.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==g||g.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const n=await f.refresh(e);if(n.ok){return await f.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==g||g.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==g||g.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!l(e,t))return!1;const n=i(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!l(e,t))return[];const n=i(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!l(e,t))return!1;const n=i(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!l(e,t))return[];const n=i(e,"roles",t);return s.filter((e=>n.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],r)};U.RefreshTokenCookieName="DSR",U.SessionTokenCookieName="DS",exports.default=U,exports.descopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};
|
|
2
2
|
//# sourceMappingURL=index.cjs.js.map
|