@descope/node-sdk 1.6.0 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +89 -14
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +139 -116
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +10 -10
package/dist/index.d.ts CHANGED
@@ -1,8 +1,23 @@
1
1
  import * as _descope_core_js_sdk from '@descope/core-js-sdk';
2
- import _descope_core_js_sdk__default, { SdkResponse, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
2
+ import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, SdkResponse, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
3
3
  export { DeliveryMethod, JWTResponse, OAuthProvider, ResponseData, SdkResponse } from '@descope/core-js-sdk';
4
4
  import { JWTHeaderParameters, KeyLike } from 'jose';
5
5
 
6
+ /** Parsed JWT token */
7
+ interface Token {
8
+ sub?: string;
9
+ exp?: number;
10
+ iss?: string;
11
+ [claim: string]: unknown;
12
+ }
13
+ /** All information regarding token including the raw JWT, parsed JWT and cookies */
14
+ interface AuthenticationInfo {
15
+ jwt: string;
16
+ token: Token;
17
+ cookies?: string[];
18
+ }
19
+ declare type DeliveryMethodForTestUser = DeliveryMethod | 'Embedded';
20
+
6
21
  /** Represents a tenant association for a User or Access Key. The tenantId is required to denote
7
22
  * which tenant the user or access key belongs to. The roleNames array is an optional list of
8
23
  * roles for the user or access key in this specific tenant.
@@ -26,6 +41,7 @@ declare type AccessKey = {
26
41
  createdTime: number;
27
42
  expiresTime: number;
28
43
  createdBy: string;
44
+ clientId: string;
29
45
  };
30
46
  /** Access Key extended details including created key cleartext */
31
47
  declare type CreatedAccessKeyResponse = {
@@ -139,6 +155,20 @@ declare type GenerateEmbeddedLinkResponse = {
139
155
  token: string;
140
156
  };
141
157
  declare type AttributesTypes = string | boolean | number;
158
+ declare type User = {
159
+ loginId: string;
160
+ email?: string;
161
+ phone?: string;
162
+ displayName?: string;
163
+ roles?: string[];
164
+ userTenants?: AssociatedTenant[];
165
+ customAttributes?: Record<string, AttributesTypes>;
166
+ picture?: string;
167
+ verifiedEmail?: boolean;
168
+ verifiedPhone?: boolean;
169
+ test?: boolean;
170
+ additionalLoginIds?: string[];
171
+ };
142
172
  declare type UserMapping = {
143
173
  name: string;
144
174
  email: string;
@@ -166,6 +196,7 @@ declare type SSOSettingsResponse = {
166
196
  userMapping: UserMapping;
167
197
  groupsMapping: GroupsMapping[];
168
198
  redirectUrl: string;
199
+ domains: string[];
169
200
  domain: string;
170
201
  };
171
202
  declare type ProviderTokenResponse = {
@@ -175,6 +206,14 @@ declare type ProviderTokenResponse = {
175
206
  expiration: number;
176
207
  scopes: string[];
177
208
  };
209
+ declare type UserFailedResponse = {
210
+ failure: string;
211
+ user: UserResponse;
212
+ };
213
+ declare type InviteBatchResponse = {
214
+ createdUsers: UserResponse[];
215
+ failedUsers: UserFailedResponse[];
216
+ };
178
217
  /**
179
218
  * Search options to filter which audit records we should retrieve.
180
219
  * All parameters are optional. `From` is currently limited to 30 days.
@@ -208,17 +247,8 @@ declare type AuditRecord = {
208
247
  tenants: string[];
209
248
  data: Record<string, any>;
210
249
  };
211
- declare enum UserStatus {
212
- enabled = "enabled",
213
- disabled = "disabled",
214
- invited = "invited"
215
- }
216
- declare enum AuthzNodeExpressionType {
217
- self = "self",
218
- targetSet = "targetSet",
219
- relationLeft = "relationLeft",
220
- relationRight = "relationRight"
221
- }
250
+ declare type UserStatus = 'enabled' | 'disabled' | 'invited';
251
+ declare type AuthzNodeExpressionType = 'self' | 'targetSet' | 'relationLeft' | 'relationRight';
222
252
  /**
223
253
  * AuthzNodeExpression holds the definition of a child node
224
254
  */
@@ -229,12 +259,7 @@ declare type AuthzNodeExpression = {
229
259
  targetRelationDefinition?: string;
230
260
  targetRelationDefinitionNamespace?: string;
231
261
  };
232
- declare enum AuthzNodeType {
233
- child = "child",
234
- union = "union",
235
- intersect = "intersect",
236
- sub = "sub"
237
- }
262
+ declare type AuthzNodeType = 'child' | 'union' | 'intersect' | 'sub';
238
263
  /**
239
264
  * AuthzNode holds the definition of a complex relation definition
240
265
  */
@@ -299,20 +324,35 @@ declare type AuthzRelationQuery = {
299
324
  target: string;
300
325
  hasRelation?: boolean;
301
326
  };
327
+ declare type NewProjectResponse = {
328
+ projectId: string;
329
+ projectName: string;
330
+ projectSettingsWeb: Record<string, any>;
331
+ authMethodsMagicLink: Record<string, any>;
332
+ authMethodsOTP: Record<string, any>;
333
+ authMethodsSAML: Record<string, any>;
334
+ authMethodsOAuth: Record<string, any>;
335
+ authMethodsWebAuthn: Record<string, any>;
336
+ authMethodsTOTP: Record<string, any>;
337
+ messagingProvidersWeb: Record<string, any>;
338
+ authMethodsEnchantedLink: Record<string, any>;
339
+ authMethodsPassword: Record<string, any>;
340
+ authMethodsOIDCIDP: Record<string, any>;
341
+ authMethodsEmbeddedLink: Record<string, any>;
342
+ tag?: string;
343
+ };
302
344
 
303
- /** Parsed JWT token */
304
- interface Token {
305
- sub?: string;
306
- exp?: number;
307
- iss?: string;
308
- [claim: string]: unknown;
309
- }
310
- /** All information regarding token including the raw JWT, parsed JWT and cookies */
311
- interface AuthenticationInfo {
312
- jwt: string;
313
- token: Token;
314
- cookies?: string[];
315
- }
345
+ /** Common Error Codes */
346
+ declare const descopeErrors: {
347
+ badRequest: string;
348
+ missingArguments: string;
349
+ invalidRequest: string;
350
+ invalidArguments: string;
351
+ wrongOTPCode: string;
352
+ tooManyOTPAttempts: string;
353
+ enchantedLinkPending: string;
354
+ userNotFound: string;
355
+ };
316
356
 
317
357
  /** Configuration arguments which include the Descope core SDK args and an optional management key */
318
358
  declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {
@@ -323,10 +363,11 @@ declare const nodeSdk: {
323
363
  ({ managementKey, publicKey, ...config }: NodeSdkArgs): {
324
364
  management: {
325
365
  user: {
326
- create: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
327
- createTestUser: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
328
- invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
329
- update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
366
+ create: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
367
+ createTestUser: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
368
+ invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
369
+ inviteBatch: (users: User[], inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean) => Promise<SdkResponse<InviteBatchResponse>>;
370
+ update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
330
371
  delete: (loginId: string) => Promise<SdkResponse<never>>;
331
372
  deleteAllTestUsers: () => Promise<SdkResponse<never>>;
332
373
  load: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -340,24 +381,27 @@ declare const nodeSdk: {
340
381
  updateLoginId: (loginId: string, newLoginId?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
341
382
  updateEmail: (loginId: string, email: string, isVerified: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
342
383
  updatePhone: (loginId: string, phone: string, isVerified: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
343
- updateDisplayName: (loginId: string, displayName: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
384
+ updateDisplayName: (loginId: string, displayName?: string, givenName?: string, middleName?: string, familyName?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
344
385
  updatePicture: (loginId: string, picture: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
345
386
  updateCustomAttribute: (loginId: string, attributeKey: string, attributeValue: AttributesTypes) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
387
+ setRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
346
388
  addRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
347
389
  removeRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
348
390
  addTenant: (loginId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
349
391
  removeTenant: (loginId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
392
+ setTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
350
393
  addTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
351
394
  removeTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
352
- generateOTPForTestUser: (deliveryMethod: "email" | "sms" | "whatsapp", loginId: string) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
353
- generateMagicLinkForTestUser: (deliveryMethod: "email" | "sms" | "whatsapp", loginId: string, uri: string) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
354
- generateEnchantedLinkForTestUser: (loginId: string, uri: string) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
395
+ generateOTPForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
396
+ generateMagicLinkForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
397
+ generateEnchantedLinkForTestUser: (loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
355
398
  generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
356
399
  setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
357
400
  expirePassword: (loginId: string) => Promise<SdkResponse<never>>;
358
401
  };
359
402
  project: {
360
403
  updateName: (name: string) => Promise<SdkResponse<never>>;
404
+ clone: (name: string, tag?: "production") => Promise<SdkResponse<NewProjectResponse>>;
361
405
  };
362
406
  accessKey: {
363
407
  create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
@@ -380,8 +424,8 @@ declare const nodeSdk: {
380
424
  sso: {
381
425
  getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
382
426
  deleteSettings: (tenantId: string) => Promise<SdkResponse<never>>;
383
- configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domain: string) => Promise<SdkResponse<never>>;
384
- configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domain: string) => Promise<SdkResponse<never>>;
427
+ configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
428
+ configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
385
429
  configureMapping: (tenantId: string, roleMappings?: RoleMappings, attributeMapping?: AttributeMapping) => Promise<SdkResponse<never>>;
386
430
  };
387
431
  jwt: {
@@ -441,9 +485,13 @@ declare const nodeSdk: {
441
485
  validateAndRefreshSession: (sessionToken?: string, refreshToken?: string) => Promise<AuthenticationInfo>;
442
486
  exchangeAccessKey: (accessKey: string) => Promise<AuthenticationInfo>;
443
487
  validatePermissions: (authInfo: AuthenticationInfo, permissions: string[]) => boolean;
488
+ getMatchedPermissions: (authInfo: AuthenticationInfo, permissions: string[]) => string[];
444
489
  validateTenantPermissions: (authInfo: AuthenticationInfo, tenant: string, permissions: string[]) => boolean;
490
+ getMatchedTenantPermissions: (authInfo: AuthenticationInfo, tenant: string, permissions: string[]) => string[];
445
491
  validateRoles: (authInfo: AuthenticationInfo, roles: string[]) => boolean;
492
+ getMatchedRoles: (authInfo: AuthenticationInfo, roles: string[]) => string[];
446
493
  validateTenantRoles: (authInfo: AuthenticationInfo, tenant: string, roles: string[]) => boolean;
494
+ getMatchedTenantRoles: (authInfo: AuthenticationInfo, tenant: string, roles: string[]) => string[];
447
495
  accessKey: {
448
496
  exchange: (accessKey: string) => Promise<SdkResponse<ExchangeAccessKeyResponse>>;
449
497
  };
@@ -477,6 +525,9 @@ declare const nodeSdk: {
477
525
  sms: (loginId: string, user?: {
478
526
  email?: string;
479
527
  name?: string;
528
+ givenName?: string;
529
+ middleName?: string;
530
+ familyName?: string;
480
531
  phone?: string;
481
532
  }) => Promise<SdkResponse<{
482
533
  maskedPhone: string;
@@ -484,6 +535,9 @@ declare const nodeSdk: {
484
535
  whatsapp: (loginId: string, user?: {
485
536
  email?: string;
486
537
  name?: string;
538
+ givenName?: string;
539
+ middleName?: string;
540
+ familyName?: string;
487
541
  phone?: string;
488
542
  }) => Promise<SdkResponse<{
489
543
  maskedPhone: string;
@@ -491,6 +545,9 @@ declare const nodeSdk: {
491
545
  email: (loginId: string, user?: {
492
546
  email?: string;
493
547
  name?: string;
548
+ givenName?: string;
549
+ middleName?: string;
550
+ familyName?: string;
494
551
  phone?: string;
495
552
  }) => Promise<SdkResponse<{
496
553
  maskedEmail: string;
@@ -550,6 +607,9 @@ declare const nodeSdk: {
550
607
  sms: (loginId: string, uri: string, user?: {
551
608
  email?: string;
552
609
  name?: string;
610
+ givenName?: string;
611
+ middleName?: string;
612
+ familyName?: string;
553
613
  phone?: string;
554
614
  }) => Promise<SdkResponse<{
555
615
  maskedPhone: string;
@@ -557,6 +617,9 @@ declare const nodeSdk: {
557
617
  whatsapp: (loginId: string, uri: string, user?: {
558
618
  email?: string;
559
619
  name?: string;
620
+ givenName?: string;
621
+ middleName?: string;
622
+ familyName?: string;
560
623
  phone?: string;
561
624
  }) => Promise<SdkResponse<{
562
625
  maskedPhone: string;
@@ -564,6 +627,9 @@ declare const nodeSdk: {
564
627
  email: (loginId: string, uri: string, user?: {
565
628
  email?: string;
566
629
  name?: string;
630
+ givenName?: string;
631
+ middleName?: string;
632
+ familyName?: string;
567
633
  phone?: string;
568
634
  }) => Promise<SdkResponse<{
569
635
  maskedEmail: string;
@@ -613,6 +679,9 @@ declare const nodeSdk: {
613
679
  signUp: (loginId: string, uri: string, user?: {
614
680
  email?: string;
615
681
  name?: string;
682
+ givenName?: string;
683
+ middleName?: string;
684
+ familyName?: string;
616
685
  phone?: string;
617
686
  }) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse & {
618
687
  refreshJwt?: string;
@@ -630,56 +699,16 @@ declare const nodeSdk: {
630
699
  };
631
700
  };
632
701
  oauth: {
633
- start: ((provider: string, redirectUrl?: string, loginOptions?: {
634
- stepup?: boolean;
635
- mfa?: boolean;
636
- customClaims?: Record<string, any>;
637
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
638
- facebook: (redirectURL?: string, loginOptions?: {
639
- stepup?: boolean;
640
- mfa?: boolean;
641
- customClaims?: Record<string, any>;
642
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
643
- github: (redirectURL?: string, loginOptions?: {
644
- stepup?: boolean;
645
- mfa?: boolean;
646
- customClaims?: Record<string, any>;
647
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
648
- google: (redirectURL?: string, loginOptions?: {
649
- stepup?: boolean;
650
- mfa?: boolean;
651
- customClaims?: Record<string, any>;
652
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
653
- microsoft: (redirectURL?: string, loginOptions?: {
654
- stepup?: boolean;
655
- mfa?: boolean;
656
- customClaims?: Record<string, any>;
657
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
658
- gitlab: (redirectURL?: string, loginOptions?: {
659
- stepup?: boolean;
660
- mfa?: boolean;
661
- customClaims?: Record<string, any>;
662
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
663
- apple: (redirectURL?: string, loginOptions?: {
664
- stepup?: boolean;
665
- mfa?: boolean;
666
- customClaims?: Record<string, any>;
667
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
668
- discord: (redirectURL?: string, loginOptions?: {
669
- stepup?: boolean;
670
- mfa?: boolean;
671
- customClaims?: Record<string, any>;
672
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
673
- linkedin: (redirectURL?: string, loginOptions?: {
674
- stepup?: boolean;
675
- mfa?: boolean;
676
- customClaims?: Record<string, any>;
677
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
678
- slack: (redirectURL?: string, loginOptions?: {
679
- stepup?: boolean;
680
- mfa?: boolean;
681
- customClaims?: Record<string, any>;
682
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
702
+ start: ((provider: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
703
+ facebook: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
704
+ github: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
705
+ google: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
706
+ microsoft: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
707
+ gitlab: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
708
+ apple: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
709
+ discord: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
710
+ linkedin: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
711
+ slack: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
683
712
  };
684
713
  exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
685
714
  refreshJwt?: string;
@@ -687,11 +716,7 @@ declare const nodeSdk: {
687
716
  }>>;
688
717
  };
689
718
  saml: {
690
- start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: {
691
- stepup?: boolean;
692
- mfa?: boolean;
693
- customClaims?: Record<string, any>;
694
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
719
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
695
720
  exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
696
721
  refreshJwt?: string;
697
722
  cookies?: string[];
@@ -701,13 +726,12 @@ declare const nodeSdk: {
701
726
  signUp: (loginId: string, user?: {
702
727
  email?: string;
703
728
  name?: string;
729
+ givenName?: string;
730
+ middleName?: string;
731
+ familyName?: string;
704
732
  phone?: string;
705
733
  }) => Promise<SdkResponse<_descope_core_js_sdk.TOTPResponse>>;
706
- verify: (loginId: string, code: string, loginOptions?: {
707
- stepup?: boolean;
708
- mfa?: boolean;
709
- customClaims?: Record<string, any>;
710
- }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
734
+ verify: (loginId: string, code: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
711
735
  refreshJwt?: string;
712
736
  cookies?: string[];
713
737
  }>>;
@@ -726,11 +750,7 @@ declare const nodeSdk: {
726
750
  }>>;
727
751
  };
728
752
  signIn: {
729
- start: (loginId: string, origin: string, loginOptions?: {
730
- stepup?: boolean;
731
- mfa?: boolean;
732
- customClaims?: Record<string, any>;
733
- }, token?: string) => Promise<SdkResponse<{
753
+ start: (loginId: string, origin: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
734
754
  transactionId: string;
735
755
  options: string;
736
756
  create: boolean;
@@ -760,6 +780,9 @@ declare const nodeSdk: {
760
780
  signUp: (loginId: string, password: string, user?: {
761
781
  email?: string;
762
782
  name?: string;
783
+ givenName?: string;
784
+ middleName?: string;
785
+ familyName?: string;
763
786
  phone?: string;
764
787
  }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
765
788
  signIn: (loginId: string, password: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
@@ -774,11 +797,7 @@ declare const nodeSdk: {
774
797
  policy: () => Promise<SdkResponse<{
775
798
  minLength: number;
776
799
  lowercase: boolean;
777
- uppercase: boolean; /**
778
- * Validate the given JWT with the right key and make sure the issuer is correct
779
- * @param jwt the JWT string to parse and validate
780
- * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.
781
- */
800
+ uppercase: boolean;
782
801
  number: boolean;
783
802
  nonAlphanumeric: boolean;
784
803
  }>>;
@@ -806,17 +825,21 @@ declare const nodeSdk: {
806
825
  samlIdpStateId?: string;
807
826
  samlIdpUsername?: string;
808
827
  ssoAppId?: string;
809
- }, conditionInteractionId?: string, interactionId?: string, input?: {
828
+ abTestingKey?: number;
829
+ startOptionsVersion?: number;
830
+ client?: Record<string, any>;
831
+ }, conditionInteractionId?: string, interactionId?: string, version?: number, componentsVersion?: string, input?: {
810
832
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
811
- }, version?: number) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
812
- next: (executionId: string, stepId: string, interactionId: string, input?: {
833
+ }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
834
+ next: (executionId: string, stepId: string, interactionId: string, version?: number, componentsVersion?: string, input?: {
813
835
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
814
- }, version?: number) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
836
+ }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
815
837
  };
816
838
  refresh: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
817
839
  refreshJwt?: string;
818
840
  cookies?: string[];
819
841
  }>>;
842
+ selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
820
843
  logout: (token?: string) => Promise<SdkResponse<never>>;
821
844
  logoutAll: (token?: string) => Promise<SdkResponse<never>>;
822
845
  me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -879,4 +902,4 @@ declare const nodeSdk: {
879
902
  SessionTokenCookieName: string;
880
903
  };
881
904
 
882
- export { AuthenticationInfo, nodeSdk as default };
905
+ export { AuthenticationInfo, nodeSdk as default, descopeErrors };
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d=t=>async(...a)=>{var s,o,n;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function p(e,t,a){var s,o;const n=a?null===(o=null===(s=e.token.tenants)||void 0===s?void 0:s[a])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function m(e,t){var a;return!!(null===(a=e.token.tenants)||void 0===a?void 0:a[t])}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},c={updateName:"/v1/mgmt/project/update/name"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},g={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},y={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},I={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},b={search:"/v1/mgmt/audit/search"},A={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const T=(e,t)=>({create:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),createTestUser:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),invite:(s,o,n,r,i,l,d,p,m,c,h)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:h},{token:t}),(e=>e.user)),update:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.update,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(u.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(u.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(u.load,{queryParams:{userId:s},token:t}),(e=>e.user)),logoutUser:s=>a(e.httpClient.post(u.logout,{loginId:s},{token:t})),logoutUserByUserId:s=>a(e.httpClient.post(u.logout,{userId:s},{token:t})),searchAll:(s,o,n,r,i,l,d,p,m,c)=>a(e.httpClient.post(u.search,{tenantIds:s,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),getProviderToken:(s,o)=>a(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:s,provider:o},token:t}),(e=>e)),activate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(s,o)=>a(e.httpClient.post(u.updateLoginId,{loginId:s,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(s,o,n)=>a(e.httpClient.post(u.updateEmail,{loginId:s,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(s,o,n)=>a(e.httpClient.post(u.updatePhone,{loginId:s,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(s,o)=>a(e.httpClient.post(u.updateDisplayName,{loginId:s,displayName:o},{token:t}),(e=>e.user)),updatePicture:(s,o)=>a(e.httpClient.post(u.updatePicture,{loginId:s,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(s,o,n)=>a(e.httpClient.post(u.updateCustomAttribute,{loginId:s,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(s,o)=>a(e.httpClient.post(u.addRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(s,o)=>a(e.httpClient.post(u.removeRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),addTenant:(s,o)=>a(e.httpClient.post(u.addTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(s,o)=>a(e.httpClient.post(u.removeTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(s,o,n)=>a(e.httpClient.post(u.addRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(s,o,n)=>a(e.httpClient.post(u.removeRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,o)=>a(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:s,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,o,n)=>a(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:s,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,o)=>a(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:s,URI:o},{token:t}),(e=>e)),generateEmbeddedLink:(s,o)=>a(e.httpClient.post(u.generateEmbeddedLink,{loginId:s,customClaims:o},{token:t}),(e=>e)),setPassword:(s,o)=>a(e.httpClient.post(u.setPassword,{loginId:s,password:o},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(u.expirePassword,{loginId:s},{token:t}),(e=>e))}),P=(e,t)=>({updateName:s=>a(e.httpClient.post(c.updateName,{name:s},{token:t}))}),R=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(g.create,{name:s,selfProvisioningDomains:o,customAttributes:n},{token:t})),createWithId:(s,o,n,r)=>a(e.httpClient.post(g.create,{id:s,name:o,selfProvisioningDomains:n,customAttributes:r},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(g.update,{id:s,name:o,selfProvisioningDomains:n,customAttributes:r},{token:t})),delete:s=>a(e.httpClient.post(g.delete,{id:s},{token:t})),load:s=>a(e.httpClient.get(g.load,{queryParams:{id:s},token:t}),(e=>e)),loadAll:()=>a(e.httpClient.get(g.loadAll,{token:t}),(e=>e.tenants)),searchAll:(s,o,n,r)=>a(e.httpClient.post(g.searchAll,{tenantIds:s,tenantNames:o,tenantSelfProvisioningDomains:n,customAttributes:r},{token:t}),(e=>e.tenants))}),N=(e,t)=>({update:(s,o)=>a(e.httpClient.post(k.update,{jwt:s,customClaims:o},{token:t}))}),x=(e,t)=>({create:(s,o)=>a(e.httpClient.post(C.create,{name:s,description:o},{token:t})),update:(s,o,n)=>a(e.httpClient.post(C.update,{name:s,newName:o,description:n},{token:t})),delete:s=>a(e.httpClient.post(C.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),E=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(f.create,{name:s,description:o,permissionNames:n},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(f.update,{name:s,newName:o,description:n,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(f.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(f.loadAll,{token:t}),(e=>e.roles))}),j=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(I.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,o,n)=>a(e.httpClient.post(I.loadAllGroupsForMember,{tenantId:s,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(s,o)=>a(e.httpClient.post(I.loadAllGroupMembers,{tenantId:s,groupId:o},{token:t}))}),S=(e,t)=>({getSettings:s=>a(e.httpClient.get(v.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(v.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,o,n,r,i,l)=>a(e.httpClient.post(v.settings,{tenantId:s,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(s,o,n,r)=>a(e.httpClient.post(v.metadata,{tenantId:s,idpMetadataURL:o,redirectURL:n,domain:r},{token:t})),configureMapping:(s,o,n)=>a(e.httpClient.post(v.mapping,{tenantId:s,roleMappings:o,attributeMapping:n},{token:t}))}),D=(e,t)=>({create:(s,o,n,r)=>a(e.httpClient.post(h.create,{name:s,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(h.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(h.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,o)=>a(e.httpClient.post(h.update,{id:s,name:o},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(h.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(h.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(h.delete,{id:s},{token:t}))}),O=(e,t)=>({list:()=>a(e.httpClient.post(y.list,{},{token:t})),export:s=>a(e.httpClient.post(y.export,{flowId:s},{token:t})),import:(s,o,n)=>a(e.httpClient.post(y.import,{flowId:s,flow:o,screens:n},{token:t}))}),L=(e,t)=>({export:()=>a(e.httpClient.post(w.export,{},{token:t})),import:s=>a(e.httpClient.post(w.import,{theme:s},{token:t}))}),U=(e,t)=>({search:s=>{const o=Object.assign(Object.assign({},s),{externalIds:s.loginIds});return delete o.loginIds,a(e.httpClient.post(b.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),M=(e,t)=>({saveSchema:(s,o)=>a(e.httpClient.post(A.schemaSave,{schema:s,upgrade:o},{token:t})),deleteSchema:()=>a(e.httpClient.post(A.schemaDelete,{},{token:t})),loadSchema:()=>a(e.httpClient.post(A.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(s,o,n)=>a(e.httpClient.post(A.nsSave,{namespace:s,oldName:o,schemaName:n},{token:t})),deleteNamespace:(s,o)=>a(e.httpClient.post(A.nsDelete,{name:s,schemaName:o},{token:t})),saveRelationDefinition:(s,o,n,r)=>a(e.httpClient.post(A.rdSave,{relationDefinition:s,namespace:o,oldName:n,schemaName:r},{token:t})),deleteRelationDefinition:(s,o,n)=>a(e.httpClient.post(A.rdDelete,{name:s,namespace:o,schemaName:n},{token:t})),createRelations:s=>a(e.httpClient.post(A.reCreate,{relations:s},{token:t})),deleteRelations:s=>a(e.httpClient.post(A.reDelete,{relations:s},{token:t})),deleteRelationsForResources:s=>a(e.httpClient.post(A.reDeleteResources,{resources:s},{token:t})),hasRelations:s=>a(e.httpClient.post(A.hasRelations,{relationQueries:s},{token:t}),(e=>e.relationQueries)),whoCanAccess:(s,o,n)=>a(e.httpClient.post(A.who,{resource:s,relationDefinition:o,namespace:n},{token:t}),(e=>e.targets)),resourceRelations:s=>a(e.httpClient.post(A.resource,{resource:s},{token:t}),(e=>e.relations)),targetsRelations:s=>a(e.httpClient.post(A.targets,{targets:s},{token:t}),(e=>e.relations)),whatCanTargetAccess:s=>a(e.httpClient.post(A.targetAll,{target:s},{token:t}),(e=>e.relations))});var F;null!==(F=globalThis.Headers)&&void 0!==F||(globalThis.Headers=l);const z=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),i(...e)),$=a=>{var i,{managementKey:l,publicKey:u}=a,c=e(a,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:z},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.6.0"})})),{projectId:g,logger:v}=c,k={},C=((e,t)=>({user:T(e,t),project:P(e,t),accessKey:D(e,t),tenant:R(e,t),sso:S(e,t),jwt:N(e,t),permission:x(e,t),role:E(e,t),group:j(e,t),flow:O(e,t),theme:L(e,t),audit:U(e,t),authz:M(e,t)}))(h,l),f=Object.assign(Object.assign({},h),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${g}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const a=(await o(e,f.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==g))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const s=await f.refresh(e);if(s.ok){return await f.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=t.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){if(t&&!m(e,t))return!1;const s=p(e,"permissions",t);return a.every((e=>s.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){if(t&&!m(e,t))return!1;const s=p(e,"roles",t);return a.every((e=>s.includes(e)))}});return s(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};$.RefreshTokenCookieName="DSR",$.SessionTokenCookieName="DS";export{$ as default};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as r}from"jose";import{Headers as i,fetch as l}from"cross-fetch";const d=t=>async(...a)=>{var s,n,o;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const m=[];var p;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(p=d)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:m})})};function m(e,t,a){var s,n;const o=a?null===(n=null===(s=e.token.tenants)||void 0===s?void 0:s[a])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function p(e,t){var a;return!!(null===(a=e.token.tenants)||void 0===a?void 0:a[t])}var u={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},c={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},y={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},I={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},b={search:"/v1/mgmt/audit/search"},N={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const A=(e,t)=>({create:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),createTestUser:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),invite:(s,n,o,r,i,l,d,m,p,c,g,h,v,k,C,f,y)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:k,middleName:C,familyName:f,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y},{token:t}),(e=>e.user)),inviteBatch:(s,n,o,r)=>a(e.httpClient.post(u.createBatch,{users:s,invite:!0,inviteUrl:n,sendMail:o,sendSMS:r},{token:t}),(e=>e)),update:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.update,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(u.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(u.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(u.load,{queryParams:{userId:s},token:t}),(e=>e.user)),logoutUser:s=>a(e.httpClient.post(u.logout,{loginId:s},{token:t})),logoutUserByUserId:s=>a(e.httpClient.post(u.logout,{userId:s},{token:t})),searchAll:(s,n,o,r,i,l,d,m,p,c)=>a(e.httpClient.post(u.search,{tenantIds:s,roleNames:n,limit:o,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:p,phones:c},{token:t}),(e=>e.users)),getProviderToken:(s,n)=>a(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:s,provider:n},token:t}),(e=>e)),activate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(s,n)=>a(e.httpClient.post(u.updateLoginId,{loginId:s,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(s,n,o)=>a(e.httpClient.post(u.updateEmail,{loginId:s,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(s,n,o)=>a(e.httpClient.post(u.updatePhone,{loginId:s,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(s,n,o,r,i)=>a(e.httpClient.post(u.updateDisplayName,{loginId:s,displayName:n,givenName:o,middleName:r,familyName:i},{token:t}),(e=>e.user)),updatePicture:(s,n)=>a(e.httpClient.post(u.updatePicture,{loginId:s,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(s,n,o)=>a(e.httpClient.post(u.updateCustomAttribute,{loginId:s,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(s,n)=>a(e.httpClient.post(u.setRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),addRoles:(s,n)=>a(e.httpClient.post(u.addRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(s,n)=>a(e.httpClient.post(u.removeRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),addTenant:(s,n)=>a(e.httpClient.post(u.addTenant,{loginId:s,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(s,n)=>a(e.httpClient.post(u.removeTenant,{loginId:s,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(s,n,o)=>a(e.httpClient.post(u.setRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(s,n,o)=>a(e.httpClient.post(u.addRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(s,n,o)=>a(e.httpClient.post(u.removeRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,n,o)=>a(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:s,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,n,o,r)=>a(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:s,loginId:n,URI:o,loginOptions:r},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,n,o)=>a(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:s,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(s,n)=>a(e.httpClient.post(u.generateEmbeddedLink,{loginId:s,customClaims:n},{token:t}),(e=>e)),setPassword:(s,n)=>a(e.httpClient.post(u.setPassword,{loginId:s,password:n},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(u.expirePassword,{loginId:s},{token:t}),(e=>e))}),T=(e,t)=>({updateName:s=>a(e.httpClient.post(c.updateName,{name:s},{token:t})),clone:(s,n)=>a(e.httpClient.post(c.clone,{name:s,tag:n},{token:t}))}),R=(e,t)=>({create:(s,n,o)=>a(e.httpClient.post(h.create,{name:s,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(s,n,o,r)=>a(e.httpClient.post(h.create,{id:s,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),update:(s,n,o,r)=>a(e.httpClient.post(h.update,{id:s,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),delete:s=>a(e.httpClient.post(h.delete,{id:s},{token:t})),load:s=>a(e.httpClient.get(h.load,{queryParams:{id:s},token:t}),(e=>e)),loadAll:()=>a(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants)),searchAll:(s,n,o,r)=>a(e.httpClient.post(h.searchAll,{tenantIds:s,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:r},{token:t}),(e=>e.tenants))}),P=(e,t)=>({update:(s,n)=>a(e.httpClient.post(k.update,{jwt:s,customClaims:n},{token:t}))}),E=(e,t)=>({create:(s,n)=>a(e.httpClient.post(C.create,{name:s,description:n},{token:t})),update:(s,n,o)=>a(e.httpClient.post(C.update,{name:s,newName:n,description:o},{token:t})),delete:s=>a(e.httpClient.post(C.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),S=(e,t)=>({create:(s,n,o)=>a(e.httpClient.post(f.create,{name:s,description:n,permissionNames:o},{token:t})),update:(s,n,o,r)=>a(e.httpClient.post(f.update,{name:s,newName:n,description:o,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(f.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(f.loadAll,{token:t}),(e=>e.roles))}),x=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(I.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,n,o)=>a(e.httpClient.post(I.loadAllGroupsForMember,{tenantId:s,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(s,n)=>a(e.httpClient.post(I.loadAllGroupMembers,{tenantId:s,groupId:n},{token:t}))}),M=(e,t)=>({getSettings:s=>a(e.httpClient.get(v.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(v.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,n,o,r,i,l)=>a(e.httpClient.post(v.settings,{tenantId:s,idpURL:n,entityId:r,idpCert:o,redirectURL:i,domains:l},{token:t})),configureMetadata:(s,n,o,r)=>a(e.httpClient.post(v.metadata,{tenantId:s,idpMetadataURL:n,redirectURL:o,domains:r},{token:t})),configureMapping:(s,n,o)=>a(e.httpClient.post(v.mapping,{tenantId:s,roleMappings:n,attributeMapping:o},{token:t}))}),j=(e,t)=>({create:(s,n,o,r)=>a(e.httpClient.post(g.create,{name:s,expireTime:n,roleNames:o,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(g.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(g.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,n)=>a(e.httpClient.post(g.update,{id:s,name:n},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(g.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(g.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(g.delete,{id:s},{token:t}))}),O=(e,t)=>({list:()=>a(e.httpClient.post(y.list,{},{token:t})),export:s=>a(e.httpClient.post(y.export,{flowId:s},{token:t})),import:(s,n,o)=>a(e.httpClient.post(y.import,{flowId:s,flow:n,screens:o},{token:t}))}),D=(e,t)=>({export:()=>a(e.httpClient.post(w.export,{},{token:t})),import:s=>a(e.httpClient.post(w.import,{theme:s},{token:t}))}),L=(e,t)=>({search:s=>{const n=Object.assign(Object.assign({},s),{externalIds:s.loginIds});return delete n.loginIds,a(e.httpClient.post(b.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),U=(e,t)=>({saveSchema:(s,n)=>a(e.httpClient.post(N.schemaSave,{schema:s,upgrade:n},{token:t})),deleteSchema:()=>a(e.httpClient.post(N.schemaDelete,{},{token:t})),loadSchema:()=>a(e.httpClient.post(N.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(s,n,o)=>a(e.httpClient.post(N.nsSave,{namespace:s,oldName:n,schemaName:o},{token:t})),deleteNamespace:(s,n)=>a(e.httpClient.post(N.nsDelete,{name:s,schemaName:n},{token:t})),saveRelationDefinition:(s,n,o,r)=>a(e.httpClient.post(N.rdSave,{relationDefinition:s,namespace:n,oldName:o,schemaName:r},{token:t})),deleteRelationDefinition:(s,n,o)=>a(e.httpClient.post(N.rdDelete,{name:s,namespace:n,schemaName:o},{token:t})),createRelations:s=>a(e.httpClient.post(N.reCreate,{relations:s},{token:t})),deleteRelations:s=>a(e.httpClient.post(N.reDelete,{relations:s},{token:t})),deleteRelationsForResources:s=>a(e.httpClient.post(N.reDeleteResources,{resources:s},{token:t})),hasRelations:s=>a(e.httpClient.post(N.hasRelations,{relationQueries:s},{token:t}),(e=>e.relationQueries)),whoCanAccess:(s,n,o)=>a(e.httpClient.post(N.who,{resource:s,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:s=>a(e.httpClient.post(N.resource,{resource:s},{token:t}),(e=>e.relations)),targetsRelations:s=>a(e.httpClient.post(N.targets,{targets:s},{token:t}),(e=>e.relations)),whatCanTargetAccess:s=>a(e.httpClient.post(N.targetAll,{target:s},{token:t}),(e=>e.relations))});var F;null!==(F=globalThis.Headers)&&void 0!==F||(globalThis.Headers=i);const z=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),l(...e)),$={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},J=a=>{var i,{managementKey:l,publicKey:u}=a,c=e(a,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:z},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.6.2"})})),{projectId:h,logger:v}=c,k={},C=((e,t)=>({user:A(e,t),project:T(e,t),accessKey:j(e,t),tenant:R(e,t),sso:M(e,t),jwt:P(e,t),permission:E(e,t),role:S(e,t),group:x(e,t),flow:O(e,t),theme:D(e,t),audit:L(e,t),authz:U(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const a=(await n(e,f.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const s=await f.refresh(e);if(s.ok){return await f.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=t.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,a){if(t&&!p(e,t))return!1;const s=m(e,"permissions",t);return a.every((e=>s.includes(e)))},getMatchedTenantPermissions(e,t,a){if(t&&!p(e,t))return[];const s=m(e,"permissions",t);return a.filter((e=>s.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,a){if(t&&!p(e,t))return!1;const s=m(e,"roles",t);return a.every((e=>s.includes(e)))},getMatchedTenantRoles(e,t,a){if(t&&!p(e,t))return[];const s=m(e,"roles",t);return a.filter((e=>s.includes(e)))}});return s(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};J.RefreshTokenCookieName="DSR",J.SessionTokenCookieName="DS";export{J as default,$ as descopeErrors};
2
2
  //# sourceMappingURL=index.esm.js.map