@descope/node-sdk 1.6.1 → 1.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +61 -9
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +89 -95
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/package.json +4 -4
package/README.md
CHANGED
|
@@ -81,6 +81,36 @@ If you're performing end-to-end testing, check out the [Utils for your end to en
|
|
|
81
81
|
|
|
82
82
|
---
|
|
83
83
|
|
|
84
|
+
## Error Handling
|
|
85
|
+
|
|
86
|
+
Every `async` operation may fail. In case it does, there will be information regarding what happened on the response object.
|
|
87
|
+
A typical case of error handling might look something like:
|
|
88
|
+
|
|
89
|
+
```ts
|
|
90
|
+
import { SdkResponse, descopeErrors } from '@descope/node-sdk';
|
|
91
|
+
|
|
92
|
+
// ...
|
|
93
|
+
|
|
94
|
+
try {
|
|
95
|
+
const resp = await sdk.otp.signIn.email(loginId);
|
|
96
|
+
if (resp.error) {
|
|
97
|
+
switch (resp.error.errorCode) {
|
|
98
|
+
case descopeErrors.userNotFound:
|
|
99
|
+
// Handle specifically
|
|
100
|
+
break;
|
|
101
|
+
default:
|
|
102
|
+
// Handle generally
|
|
103
|
+
// `resp.error` will contain `errorCode`, `errorDescription` and sometimes `errorMessage` to
|
|
104
|
+
// help understand what went wrong. See SdkResponse for more information.
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
} catch (e) {
|
|
108
|
+
// Handle technical error
|
|
109
|
+
}
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
84
114
|
### OTP Authentication
|
|
85
115
|
|
|
86
116
|
Send a user a one-time password (OTP) using your preferred delivery method (_email / SMS_). An email address or phone number must be provided accordingly.
|
|
@@ -400,7 +430,7 @@ For multi-tenant uses:
|
|
|
400
430
|
|
|
401
431
|
```typescript
|
|
402
432
|
// You can validate specific permissions
|
|
403
|
-
const validTenantPermissions =
|
|
433
|
+
const validTenantPermissions = descopeClient.validateTenantPermissions(
|
|
404
434
|
authInfo,
|
|
405
435
|
'my-tenant-ID',
|
|
406
436
|
['Permission to validate'],
|
|
@@ -410,30 +440,51 @@ if (!validTenantPermissions) {
|
|
|
410
440
|
}
|
|
411
441
|
|
|
412
442
|
// Or validate roles directly
|
|
413
|
-
const validTenantRoles =
|
|
443
|
+
const validTenantRoles = descopeClient.validateTenantRoles(authInfo, 'my-tenant-ID', [
|
|
414
444
|
'Role to validate',
|
|
415
445
|
]);
|
|
416
446
|
if (!validTenantRoles) {
|
|
417
447
|
// Deny access
|
|
418
448
|
}
|
|
449
|
+
|
|
450
|
+
// Or get the matched roles/permissions
|
|
451
|
+
const matchedTenantRoles = descopeClient.getMatchedTenantRoles(authInfo, 'my-tenant-ID', [
|
|
452
|
+
'Role to validate',
|
|
453
|
+
'Another role to validate'
|
|
454
|
+
]);
|
|
455
|
+
|
|
456
|
+
const matchedTenantPermissions = descopeClient.getMatchedTenantPermissions(
|
|
457
|
+
authInfo,
|
|
458
|
+
'my-tenant-ID',
|
|
459
|
+
['Permission to validate', 'Another permission to validate']],
|
|
460
|
+
);
|
|
419
461
|
```
|
|
420
462
|
|
|
421
463
|
When not using tenants use:
|
|
422
464
|
|
|
423
465
|
```typescript
|
|
424
466
|
// You can validate specific permissions
|
|
425
|
-
const validPermissions =
|
|
426
|
-
'Permission to validate',
|
|
427
|
-
]);
|
|
467
|
+
const validPermissions = descopeClient.validatePermissions(authInfo, ['Permission to validate']);
|
|
428
468
|
if (!validPermissions) {
|
|
429
469
|
// Deny access
|
|
430
470
|
}
|
|
431
471
|
|
|
432
472
|
// Or validate roles directly
|
|
433
|
-
const validRoles =
|
|
473
|
+
const validRoles = descopeClient.validateRoles(authInfo, ['Role to validate']);
|
|
434
474
|
if (!validRoles) {
|
|
435
475
|
// Deny access
|
|
436
476
|
}
|
|
477
|
+
|
|
478
|
+
// Or get the matched roles/permissions
|
|
479
|
+
const matchedRoles = descopeClient.getMatchedRoles(authInfo, [
|
|
480
|
+
'Role to validate',
|
|
481
|
+
'Another role to validate',
|
|
482
|
+
]);
|
|
483
|
+
|
|
484
|
+
const matchedPermissions = descopeClient.getMatchedPermissions(authInfo, [
|
|
485
|
+
'Permission to validate',
|
|
486
|
+
'Another permission to validate',
|
|
487
|
+
]);
|
|
437
488
|
```
|
|
438
489
|
|
|
439
490
|
### Logging Out
|
|
@@ -680,11 +731,11 @@ const idpURL = 'https://idp.com'
|
|
|
680
731
|
const entityID = 'my-idp-entity-id'
|
|
681
732
|
const idpCert = '<your-cert-here>'
|
|
682
733
|
const redirectURL = 'https://my-app.com/handle-saml' // Global redirect URL for SSO/SAML
|
|
683
|
-
const
|
|
684
|
-
await descopeClient.management.sso.configureSettings(tenantID, idpURL, entityID, idpCert, redirectURL,
|
|
734
|
+
const domains = ['tenant-users.com'] // Users authentication with this domain will be logged in to this tenant
|
|
735
|
+
await descopeClient.management.sso.configureSettings(tenantID, idpURL, entityID, idpCert, redirectURL, domains)
|
|
685
736
|
|
|
686
737
|
// Alternatively, configure using an SSO metadata URL
|
|
687
|
-
await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata', redirectURL,
|
|
738
|
+
await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata', redirectURL, domains)
|
|
688
739
|
|
|
689
740
|
// Map IDP groups to Descope roles, or map user attributes.
|
|
690
741
|
// This function overrides any previous mapping (even when empty). Use carefully.
|
|
@@ -1074,6 +1125,7 @@ const { code } = await descopeClient.management.user.generateOTPForTestUser(
|
|
|
1074
1125
|
'desmond@descope.com',
|
|
1075
1126
|
);
|
|
1076
1127
|
// Now you can verify the code is valid (using descopeClient.auth.*.verify for example)
|
|
1128
|
+
// LoginOptions can be provided to set custom claims to the generated jwt.
|
|
1077
1129
|
|
|
1078
1130
|
// Same as OTP, magic link can be generated for test user, for example:
|
|
1079
1131
|
const { link } = await descopeClient.management.user.generateMagicLinkForTestUser(
|
package/dist/cjs/index.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("node-fetch-commonjs");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=o(t),a=o(n);const i=t=>async(...s)=>{var n,o,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,p=e.__rest(i,["refreshJwt"]);const m=[];var d;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(d=p)?void 0:d.cookieDomain)||""}; Max-Age=${(null==d?void 0:d.cookieMaxAge)||""}; Path=${(null==d?void 0:d.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),m.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:m})})};function l(e,t,s){var n,o;const r=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(r)?r:[]}function p(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},d={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},y={search:"/v1/mgmt/audit/search"},w={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const I=(e,s)=>({create:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),createTestUser:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),invite:(n,o,r,a,i,l,p,d,u,c,h,g,v)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c,inviteUrl:h,sendMail:g,sendSMS:v},{token:s}),(e=>e.user)),inviteBatch:(n,o,r,a)=>t.transformResponse(e.httpClient.post(m.createBatch,{users:n,invite:!0,inviteUrl:o,sendMail:r,sendSMS:a},{token:s}),(e=>e)),update:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.update,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),delete:n=>t.transformResponse(e.httpClient.post(m.delete,{loginId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(m.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(m.logout,{userId:n},{token:s})),searchAll:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:n,roleNames:o,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:p,statuses:d,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(n,o)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:n,provider:o},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:n,email:o,verified:r},{token:s}),(e=>e.user)),updatePhone:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:n,phone:o,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(n,o)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:n,displayName:o},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),addTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:n,loginId:o},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,r)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:n,URI:o},{token:s}),(e=>e)),generateEmbeddedLink:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:n,customClaims:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:n},{token:s}),(e=>e))}),b=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(d.updateName,{name:n},{token:s})),clone:(n,o)=>t.transformResponse(e.httpClient.post(d.clone,{name:n,tag:o},{token:s}))}),A=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(c.create,{name:n,selfProvisioningDomains:o,customAttributes:r},{token:s})),createWithId:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(c.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),T=(e,s)=>({update:(n,o)=>t.transformResponse(e.httpClient.post(g.update,{jwt:n,customClaims:o},{token:s}))}),P=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(v.create,{name:n,description:o},{token:s})),update:(n,o,r)=>t.transformResponse(e.httpClient.post(v.update,{name:n,newName:o,description:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(v.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),N=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(f.create,{name:n,description:o,permissionNames:r},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:n,newName:o,description:r,permissionNames:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(f.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),S=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(C.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,r)=>t.transformResponse(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:n,loginIds:r,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(C.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))}),j=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(h.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),deleteSettings:n=>t.transformResponse(e.httpClient.delete(h.settings,{queryParams:{tenantId:n},token:s})),configureSettings:(n,o,r,a,i,l)=>t.transformResponse(e.httpClient.post(h.settings,{tenantId:n,idpURL:o,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(n,o,r,a)=>t.transformResponse(e.httpClient.post(h.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:r,domain:a},{token:s})),configureMapping:(n,o,r)=>t.transformResponse(e.httpClient.post(h.mapping,{tenantId:n,roleMappings:o,attributeMapping:r},{token:s}))}),x=(e,s)=>({create:(n,o,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:n,expireTime:o,roleNames:r,keyTenants:a},{token:s})),load:n=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o)=>t.transformResponse(e.httpClient.post(u.update,{id:n,name:o},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(u.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(u.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(u.delete,{id:n},{token:s}))}),E=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),export:n=>t.transformResponse(e.httpClient.post(k.export,{flowId:n},{token:s})),import:(n,o,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:n,flow:o,screens:r},{token:s}))}),D=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(R.import,{theme:n},{token:s}))}),M=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(y.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),O=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(w.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(w.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(w.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,r)=>t.transformResponse(e.httpClient.post(w.nsSave,{namespace:n,oldName:o,schemaName:r},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(w.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,r,a)=>t.transformResponse(e.httpClient.post(w.rdSave,{relationDefinition:n,namespace:o,oldName:r,schemaName:a},{token:s})),deleteRelationDefinition:(n,o,r)=>t.transformResponse(e.httpClient.post(w.rdDelete,{name:n,namespace:o,schemaName:r},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(w.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(w.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(w.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(w.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,r)=>t.transformResponse(e.httpClient.post(w.who,{resource:n,relationDefinition:o,namespace:r},{token:s}),(e=>e.targets)),resourceRelations:n=>t.transformResponse(e.httpClient.post(w.resource,{resource:n},{token:s}),(e=>e.relations)),targetsRelations:n=>t.transformResponse(e.httpClient.post(w.targets,{targets:n},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(w.targetAll,{target:n},{token:s}),(e=>e.relations))});var U;null!==(U=globalThis.Headers)&&void 0!==U||(globalThis.Headers=n.Headers);const L=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),F=n=>{var o,{managementKey:a,publicKey:m}=n,d=e.__rest(n,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({fetch:L},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"1.6.1"})})),{projectId:c,logger:h}=d,g={},v=((e,t)=>({user:I(e,t),project:b(e,t),accessKey:x(e,t),tenant:A(e,t),sso:j(e,t),jwt:T(e,t),permission:P(e,t),role:N(e,t),group:S(e,t),flow:E(e,t),theme:D(e,t),audit:M(e,t),authz:O(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(g[e.kid])return g[e.kid];if(Object.assign(g,await(async()=>{if(m)try{const e=JSON.parse(m),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==h||h.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!g[e.kid])throw Error("failed to fetch matching key");return g[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==h||h.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const n=await f.refresh(e);if(n.ok){return await f.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==h||h.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==h||h.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==h||h.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==h||h.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==h||h.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!p(e,t))return!1;const n=l(e,"permissions",t);return s.every((e=>n.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!p(e,t))return!1;const n=l(e,"roles",t);return s.every((e=>n.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};F.RefreshTokenCookieName="DSR",F.SessionTokenCookieName="DS",module.exports=F;
|
|
1
|
+
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("cross-fetch");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=o(t);const r=t=>async(...s)=>{var n,o,a;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,m=e.__rest(i,["refreshJwt"]);const d=[];var p;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(p=m)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:d})})};function i(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function l(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},d={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},p={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},u={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},c={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},h={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},v={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},f={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},k={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},R={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},C={search:"/v1/mgmt/audit/search"},y={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const w=(e,s)=>({create:(n,o,a,r,i,l,d,p,u,c,g,h,v,f)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f},{token:s}),(e=>e.user)),createTestUser:(n,o,a,r,i,l,d,p,u,c,g,h,v,f)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f},{token:s}),(e=>e.user)),invite:(n,o,a,r,i,l,d,p,u,c,g,h,v,f,k,R,C)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:a,displayName:r,givenName:f,middleName:k,familyName:R,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:C},{token:s}),(e=>e.user)),inviteBatch:(n,o,a,r)=>t.transformResponse(e.httpClient.post(m.createBatch,{users:n,invite:!0,inviteUrl:o,sendMail:a,sendSMS:r},{token:s}),(e=>e)),update:(n,o,a,r,i,l,d,p,u,c,g,h,v,f)=>t.transformResponse(e.httpClient.post(m.update,{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f},{token:s}),(e=>e.user)),delete:n=>t.transformResponse(e.httpClient.post(m.delete,{loginId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(m.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(m.logout,{userId:n},{token:s})),searchAll:(n,o,a,r,i,l,d,p,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:n,roleNames:o,limit:a,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:p,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(n,o)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:n,provider:o},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,a)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:n,email:o,verified:a},{token:s}),(e=>e.user)),updatePhone:(n,o,a)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:n,phone:o,verified:a},{token:s}),(e=>e.user)),updateDisplayName:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:r,familyName:i},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:s}),(e=>e.user)),setRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.setRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),setTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(m.setRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),addTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,r)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:s}),(e=>e)),generateEmbeddedLink:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:n,customClaims:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:n},{token:s}),(e=>e))}),I=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(d.updateName,{name:n},{token:s})),clone:(n,o)=>t.transformResponse(e.httpClient.post(d.clone,{name:n,tag:o},{token:s}))}),b=(e,s)=>({create:(n,o,a)=>t.transformResponse(e.httpClient.post(u.create,{name:n,selfProvisioningDomains:o,customAttributes:a},{token:s})),createWithId:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:r},{token:s})),update:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(u.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(u.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:r},{token:s}),(e=>e.tenants))}),N=(e,s)=>({update:(n,o)=>t.transformResponse(e.httpClient.post(g.update,{jwt:n,customClaims:o},{token:s}))}),A=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(h.create,{name:n,description:o},{token:s})),update:(n,o,a)=>t.transformResponse(e.httpClient.post(h.update,{name:n,newName:o,description:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(h.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(h.loadAll,{token:s}),(e=>e.permissions))}),T=(e,s)=>({create:(n,o,a)=>t.transformResponse(e.httpClient.post(v.create,{name:n,description:o,permissionNames:a},{token:s})),update:(n,o,a,r)=>t.transformResponse(e.httpClient.post(v.update,{name:n,newName:o,description:a,permissionNames:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(v.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.roles))}),P=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(R.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,a)=>t.transformResponse(e.httpClient.post(R.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(R.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))}),E=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(c.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),deleteSettings:n=>t.transformResponse(e.httpClient.delete(c.settings,{queryParams:{tenantId:n},token:s})),configureSettings:(n,o,a,r,i,l)=>t.transformResponse(e.httpClient.post(c.settings,{tenantId:n,idpURL:o,entityId:r,idpCert:a,redirectURL:i,domains:l},{token:s})),configureMetadata:(n,o,a,r)=>t.transformResponse(e.httpClient.post(c.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:r},{token:s})),configureMapping:(n,o,a)=>t.transformResponse(e.httpClient.post(c.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:s}))}),x=(e,s)=>({create:(n,o,a,r)=>t.transformResponse(e.httpClient.post(p.create,{name:n,expireTime:o,roleNames:a,keyTenants:r},{token:s})),load:n=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(p.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o)=>t.transformResponse(e.httpClient.post(p.update,{id:n,name:o},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(p.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(p.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(p.delete,{id:n},{token:s}))}),S=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(f.list,{},{token:s})),export:n=>t.transformResponse(e.httpClient.post(f.export,{flowId:n},{token:s})),import:(n,o,a)=>t.transformResponse(e.httpClient.post(f.import,{flowId:n,flow:o,screens:a},{token:s}))}),j=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(k.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(k.import,{theme:n},{token:s}))}),M=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(C.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),O=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(y.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(y.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(y.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,a)=>t.transformResponse(e.httpClient.post(y.nsSave,{namespace:n,oldName:o,schemaName:a},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(y.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,a,r)=>t.transformResponse(e.httpClient.post(y.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:r},{token:s})),deleteRelationDefinition:(n,o,a)=>t.transformResponse(e.httpClient.post(y.rdDelete,{name:n,namespace:o,schemaName:a},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(y.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(y.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(y.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(y.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>t.transformResponse(e.httpClient.post(y.who,{resource:n,relationDefinition:o,namespace:a},{token:s}),(e=>e.targets)),resourceRelations:n=>t.transformResponse(e.httpClient.post(y.resource,{resource:n},{token:s}),(e=>e.relations)),targetsRelations:n=>t.transformResponse(e.httpClient.post(y.targets,{targets:n},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(y.targetAll,{target:n},{token:s}),(e=>e.relations))});var D;null!==(D=globalThis.Headers)&&void 0!==D||(globalThis.Headers=n.Headers);const L=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),n.fetch(...e)),U=n=>{var o,{managementKey:m,publicKey:d}=n,p=e.__rest(n,["managementKey","publicKey"]);const u=a.default(Object.assign(Object.assign({fetch:L},p),{baseHeaders:Object.assign(Object.assign({},p.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"1.6.2"})})),{projectId:c,logger:g}=p,h={},v=((e,t)=>({user:w(e,t),project:I(e,t),accessKey:x(e,t),tenant:b(e,t),sso:E(e,t),jwt:N(e,t),permission:A(e,t),role:T(e,t),group:P(e,t),flow:S(e,t),theme:j(e,t),audit:M(e,t),authz:O(e,t)}))(u,m),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{if(d)try{const e=JSON.parse(d),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==g||g.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==g||g.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const n=await f.refresh(e);if(n.ok){return await f.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==g||g.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==g||g.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!l(e,t))return!1;const n=i(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!l(e,t))return[];const n=i(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!l(e,t))return!1;const n=i(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!l(e,t))return[];const n=i(e,"roles",t);return s.filter((e=>n.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],r)};U.RefreshTokenCookieName="DSR",U.SessionTokenCookieName="DS",exports.default=U,exports.descopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};
|
|
2
2
|
//# sourceMappingURL=index.cjs.js.map
|