@descope/node-sdk 1.6.1 → 1.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +86 -42
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +255 -127
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/package.json +4 -5
package/README.md
CHANGED
|
@@ -81,6 +81,36 @@ If you're performing end-to-end testing, check out the [Utils for your end to en
|
|
|
81
81
|
|
|
82
82
|
---
|
|
83
83
|
|
|
84
|
+
## Error Handling
|
|
85
|
+
|
|
86
|
+
Every `async` operation may fail. In case it does, there will be information regarding what happened on the response object.
|
|
87
|
+
A typical case of error handling might look something like:
|
|
88
|
+
|
|
89
|
+
```ts
|
|
90
|
+
import { SdkResponse, descopeErrors } from '@descope/node-sdk';
|
|
91
|
+
|
|
92
|
+
// ...
|
|
93
|
+
|
|
94
|
+
try {
|
|
95
|
+
const resp = await sdk.otp.signIn.email(loginId);
|
|
96
|
+
if (resp.error) {
|
|
97
|
+
switch (resp.error.errorCode) {
|
|
98
|
+
case descopeErrors.userNotFound:
|
|
99
|
+
// Handle specifically
|
|
100
|
+
break;
|
|
101
|
+
default:
|
|
102
|
+
// Handle generally
|
|
103
|
+
// `resp.error` will contain `errorCode`, `errorDescription` and sometimes `errorMessage` to
|
|
104
|
+
// help understand what went wrong. See SdkResponse for more information.
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
} catch (e) {
|
|
108
|
+
// Handle technical error
|
|
109
|
+
}
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
84
114
|
### OTP Authentication
|
|
85
115
|
|
|
86
116
|
Send a user a one-time password (OTP) using your preferred delivery method (_email / SMS_). An email address or phone number must be provided accordingly.
|
|
@@ -400,7 +430,7 @@ For multi-tenant uses:
|
|
|
400
430
|
|
|
401
431
|
```typescript
|
|
402
432
|
// You can validate specific permissions
|
|
403
|
-
const validTenantPermissions =
|
|
433
|
+
const validTenantPermissions = descopeClient.validateTenantPermissions(
|
|
404
434
|
authInfo,
|
|
405
435
|
'my-tenant-ID',
|
|
406
436
|
['Permission to validate'],
|
|
@@ -410,30 +440,51 @@ if (!validTenantPermissions) {
|
|
|
410
440
|
}
|
|
411
441
|
|
|
412
442
|
// Or validate roles directly
|
|
413
|
-
const validTenantRoles =
|
|
443
|
+
const validTenantRoles = descopeClient.validateTenantRoles(authInfo, 'my-tenant-ID', [
|
|
414
444
|
'Role to validate',
|
|
415
445
|
]);
|
|
416
446
|
if (!validTenantRoles) {
|
|
417
447
|
// Deny access
|
|
418
448
|
}
|
|
449
|
+
|
|
450
|
+
// Or get the matched roles/permissions
|
|
451
|
+
const matchedTenantRoles = descopeClient.getMatchedTenantRoles(authInfo, 'my-tenant-ID', [
|
|
452
|
+
'Role to validate',
|
|
453
|
+
'Another role to validate'
|
|
454
|
+
]);
|
|
455
|
+
|
|
456
|
+
const matchedTenantPermissions = descopeClient.getMatchedTenantPermissions(
|
|
457
|
+
authInfo,
|
|
458
|
+
'my-tenant-ID',
|
|
459
|
+
['Permission to validate', 'Another permission to validate']],
|
|
460
|
+
);
|
|
419
461
|
```
|
|
420
462
|
|
|
421
463
|
When not using tenants use:
|
|
422
464
|
|
|
423
465
|
```typescript
|
|
424
466
|
// You can validate specific permissions
|
|
425
|
-
const validPermissions =
|
|
426
|
-
'Permission to validate',
|
|
427
|
-
]);
|
|
467
|
+
const validPermissions = descopeClient.validatePermissions(authInfo, ['Permission to validate']);
|
|
428
468
|
if (!validPermissions) {
|
|
429
469
|
// Deny access
|
|
430
470
|
}
|
|
431
471
|
|
|
432
472
|
// Or validate roles directly
|
|
433
|
-
const validRoles =
|
|
473
|
+
const validRoles = descopeClient.validateRoles(authInfo, ['Role to validate']);
|
|
434
474
|
if (!validRoles) {
|
|
435
475
|
// Deny access
|
|
436
476
|
}
|
|
477
|
+
|
|
478
|
+
// Or get the matched roles/permissions
|
|
479
|
+
const matchedRoles = descopeClient.getMatchedRoles(authInfo, [
|
|
480
|
+
'Role to validate',
|
|
481
|
+
'Another role to validate',
|
|
482
|
+
]);
|
|
483
|
+
|
|
484
|
+
const matchedPermissions = descopeClient.getMatchedPermissions(authInfo, [
|
|
485
|
+
'Permission to validate',
|
|
486
|
+
'Another permission to validate',
|
|
487
|
+
]);
|
|
437
488
|
```
|
|
438
489
|
|
|
439
490
|
### Logging Out
|
|
@@ -523,26 +574,20 @@ You can create, update, delete or load users, as well as search according to fil
|
|
|
523
574
|
// A user must have a login ID, other fields are optional.
|
|
524
575
|
// Roles should be set directly if no tenants exist, otherwise set
|
|
525
576
|
// on a per-tenant basis.
|
|
526
|
-
await descopeClient.management.user.create(
|
|
527
|
-
'desmond@descope.com',
|
|
528
|
-
'
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
null,
|
|
532
|
-
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
533
|
-
);
|
|
577
|
+
await descopeClient.management.user.create('desmond@descope.com', {
|
|
578
|
+
email: 'desmond@descope.com',
|
|
579
|
+
displayName: 'Desmond Copeland',
|
|
580
|
+
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
581
|
+
});
|
|
534
582
|
|
|
535
583
|
// Alternatively, a user can be created and invited via an email / text message.
|
|
536
584
|
// Make sure to configure the invite URL in the Descope console prior to using this function,
|
|
537
585
|
// and that an email address / phone number is provided in the information.
|
|
538
|
-
await descopeClient.management.user.invite(
|
|
539
|
-
'desmond@descope.com',
|
|
540
|
-
'
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
null,
|
|
544
|
-
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
545
|
-
);
|
|
586
|
+
await descopeClient.management.user.invite('desmond@descope.com', {
|
|
587
|
+
email: 'desmond@descope.com',
|
|
588
|
+
displayName: 'Desmond Copeland',
|
|
589
|
+
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
590
|
+
});
|
|
546
591
|
|
|
547
592
|
// You can invite batch of users via an email / text message.
|
|
548
593
|
// Make sure to configure the invite URL in the Descope console prior to using this function,
|
|
@@ -563,14 +608,11 @@ await descopeClient.management.user.inviteBatch(
|
|
|
563
608
|
);
|
|
564
609
|
|
|
565
610
|
// Update will override all fields as is. Use carefully.
|
|
566
|
-
await descopeClient.management.user.update(
|
|
567
|
-
'desmond@descope.com',
|
|
568
|
-
'
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
null,
|
|
572
|
-
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1', 'role-name2'] }],
|
|
573
|
-
);
|
|
611
|
+
await descopeClient.management.user.update('desmond@descope.com', {
|
|
612
|
+
email: 'desmond@descope.com',
|
|
613
|
+
displayName: 'Desmond Copeland',
|
|
614
|
+
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
615
|
+
});
|
|
574
616
|
|
|
575
617
|
// Update explicit data for a user rather than overriding all fields
|
|
576
618
|
await descopeClient.management.user.updatePhone('desmond@descope.com', '+18005551234', true);
|
|
@@ -592,7 +634,7 @@ const userRes = await descopeClient.management.user.loadByUserId('<user-ID>');
|
|
|
592
634
|
|
|
593
635
|
// Search all users, optionally according to tenant and/or role filter
|
|
594
636
|
// Results can be paginated using the limit and page parameters
|
|
595
|
-
const usersRes = await descopeClient.management.user.
|
|
637
|
+
const usersRes = await descopeClient.management.user.search({ tenantIds: ['tenant-ID'] });
|
|
596
638
|
usersRes.data.forEach((user) => {
|
|
597
639
|
// do something
|
|
598
640
|
});
|
|
@@ -680,11 +722,11 @@ const idpURL = 'https://idp.com'
|
|
|
680
722
|
const entityID = 'my-idp-entity-id'
|
|
681
723
|
const idpCert = '<your-cert-here>'
|
|
682
724
|
const redirectURL = 'https://my-app.com/handle-saml' // Global redirect URL for SSO/SAML
|
|
683
|
-
const
|
|
684
|
-
await descopeClient.management.sso.configureSettings(tenantID, idpURL, entityID, idpCert, redirectURL,
|
|
725
|
+
const domains = ['tenant-users.com'] // Users authentication with this domain will be logged in to this tenant
|
|
726
|
+
await descopeClient.management.sso.configureSettings(tenantID, idpURL, entityID, idpCert, redirectURL, domains)
|
|
685
727
|
|
|
686
728
|
// Alternatively, configure using an SSO metadata URL
|
|
687
|
-
await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata', redirectURL,
|
|
729
|
+
await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata', redirectURL, domains)
|
|
688
730
|
|
|
689
731
|
// Map IDP groups to Descope roles, or map user attributes.
|
|
690
732
|
// This function overrides any previous mapping (even when empty). Use carefully.
|
|
@@ -798,6 +840,10 @@ console.log('found total flows', res.total);
|
|
|
798
840
|
res.flows.forEach((flowMetadata) => {
|
|
799
841
|
// do something
|
|
800
842
|
});
|
|
843
|
+
|
|
844
|
+
// Delete flows by ids
|
|
845
|
+
await descopeClient.management.flow.delete(['flow-1', 'flow-2']);
|
|
846
|
+
|
|
801
847
|
// Export the flow and it's matching screens based on the given id
|
|
802
848
|
const res = await descopeClient.management.flow.export('sign-up');
|
|
803
849
|
console.log('found flow', res.data.flow);
|
|
@@ -1054,14 +1100,11 @@ that way, you don't need to use 3rd party messaging services in order to receive
|
|
|
1054
1100
|
// Test user must have a loginId, other fields are optional.
|
|
1055
1101
|
// Roles should be set directly if no tenants exist, otherwise set
|
|
1056
1102
|
// on a per-tenant basis.
|
|
1057
|
-
await descopeClient.management.user.createTestUser(
|
|
1058
|
-
'desmond@descope.com',
|
|
1059
|
-
'
|
|
1060
|
-
|
|
1061
|
-
|
|
1062
|
-
null,
|
|
1063
|
-
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
1064
|
-
);
|
|
1103
|
+
await descopeClient.management.user.createTestUser('desmond@descope.com', {
|
|
1104
|
+
email: 'desmond@descope.com',
|
|
1105
|
+
displayName: 'Desmond Copeland',
|
|
1106
|
+
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
|
|
1107
|
+
});
|
|
1065
1108
|
|
|
1066
1109
|
// Now test user got created, and this user will be available until you delete it,
|
|
1067
1110
|
// you can use any management operation for test user CRUD.
|
|
@@ -1074,6 +1117,7 @@ const { code } = await descopeClient.management.user.generateOTPForTestUser(
|
|
|
1074
1117
|
'desmond@descope.com',
|
|
1075
1118
|
);
|
|
1076
1119
|
// Now you can verify the code is valid (using descopeClient.auth.*.verify for example)
|
|
1120
|
+
// LoginOptions can be provided to set custom claims to the generated jwt.
|
|
1077
1121
|
|
|
1078
1122
|
// Same as OTP, magic link can be generated for test user, for example:
|
|
1079
1123
|
const { link } = await descopeClient.management.user.generateMagicLinkForTestUser(
|
package/dist/cjs/index.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("node-fetch-commonjs");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=o(t),a=o(n);const i=t=>async(...s)=>{var n,o,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,p=e.__rest(i,["refreshJwt"]);const m=[];var d;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(d=p)?void 0:d.cookieDomain)||""}; Max-Age=${(null==d?void 0:d.cookieMaxAge)||""}; Path=${(null==d?void 0:d.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),m.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:m})})};function l(e,t,s){var n,o;const r=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(r)?r:[]}function p(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},d={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},h={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},g={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},y={search:"/v1/mgmt/audit/search"},w={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const I=(e,s)=>({create:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),createTestUser:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),invite:(n,o,r,a,i,l,p,d,u,c,h,g,v)=>t.transformResponse(e.httpClient.post(m.create,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c,inviteUrl:h,sendMail:g,sendSMS:v},{token:s}),(e=>e.user)),inviteBatch:(n,o,r,a)=>t.transformResponse(e.httpClient.post(m.createBatch,{users:n,invite:!0,inviteUrl:o,sendMail:r,sendSMS:a},{token:s}),(e=>e)),update:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.update,{loginId:n,email:o,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:p,picture:d,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),delete:n=>t.transformResponse(e.httpClient.post(m.delete,{loginId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(m.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(m.logout,{userId:n},{token:s})),searchAll:(n,o,r,a,i,l,p,d,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:n,roleNames:o,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:p,statuses:d,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(n,o)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:n,provider:o},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:n,email:o,verified:r},{token:s}),(e=>e.user)),updatePhone:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:n,phone:o,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(n,o)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:n,displayName:o},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),addTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:n,loginId:o},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,r)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:n,URI:o},{token:s}),(e=>e)),generateEmbeddedLink:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:n,customClaims:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:n},{token:s}),(e=>e))}),b=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(d.updateName,{name:n},{token:s})),clone:(n,o)=>t.transformResponse(e.httpClient.post(d.clone,{name:n,tag:o},{token:s}))}),A=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(c.create,{name:n,selfProvisioningDomains:o,customAttributes:r},{token:s})),createWithId:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(c.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),T=(e,s)=>({update:(n,o)=>t.transformResponse(e.httpClient.post(g.update,{jwt:n,customClaims:o},{token:s}))}),P=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(v.create,{name:n,description:o},{token:s})),update:(n,o,r)=>t.transformResponse(e.httpClient.post(v.update,{name:n,newName:o,description:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(v.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),N=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(f.create,{name:n,description:o,permissionNames:r},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:n,newName:o,description:r,permissionNames:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(f.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),S=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(C.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,r)=>t.transformResponse(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:n,loginIds:r,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(C.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))}),j=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(h.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),deleteSettings:n=>t.transformResponse(e.httpClient.delete(h.settings,{queryParams:{tenantId:n},token:s})),configureSettings:(n,o,r,a,i,l)=>t.transformResponse(e.httpClient.post(h.settings,{tenantId:n,idpURL:o,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(n,o,r,a)=>t.transformResponse(e.httpClient.post(h.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:r,domain:a},{token:s})),configureMapping:(n,o,r)=>t.transformResponse(e.httpClient.post(h.mapping,{tenantId:n,roleMappings:o,attributeMapping:r},{token:s}))}),x=(e,s)=>({create:(n,o,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:n,expireTime:o,roleNames:r,keyTenants:a},{token:s})),load:n=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o)=>t.transformResponse(e.httpClient.post(u.update,{id:n,name:o},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(u.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(u.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(u.delete,{id:n},{token:s}))}),E=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),export:n=>t.transformResponse(e.httpClient.post(k.export,{flowId:n},{token:s})),import:(n,o,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:n,flow:o,screens:r},{token:s}))}),D=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(R.import,{theme:n},{token:s}))}),M=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(y.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),O=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(w.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(w.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(w.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,r)=>t.transformResponse(e.httpClient.post(w.nsSave,{namespace:n,oldName:o,schemaName:r},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(w.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,r,a)=>t.transformResponse(e.httpClient.post(w.rdSave,{relationDefinition:n,namespace:o,oldName:r,schemaName:a},{token:s})),deleteRelationDefinition:(n,o,r)=>t.transformResponse(e.httpClient.post(w.rdDelete,{name:n,namespace:o,schemaName:r},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(w.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(w.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(w.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(w.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,r)=>t.transformResponse(e.httpClient.post(w.who,{resource:n,relationDefinition:o,namespace:r},{token:s}),(e=>e.targets)),resourceRelations:n=>t.transformResponse(e.httpClient.post(w.resource,{resource:n},{token:s}),(e=>e.relations)),targetsRelations:n=>t.transformResponse(e.httpClient.post(w.targets,{targets:n},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(w.targetAll,{target:n},{token:s}),(e=>e.relations))});var U;null!==(U=globalThis.Headers)&&void 0!==U||(globalThis.Headers=n.Headers);const L=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),F=n=>{var o,{managementKey:a,publicKey:m}=n,d=e.__rest(n,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({fetch:L},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"1.6.1"})})),{projectId:c,logger:h}=d,g={},v=((e,t)=>({user:I(e,t),project:b(e,t),accessKey:x(e,t),tenant:A(e,t),sso:j(e,t),jwt:T(e,t),permission:P(e,t),role:N(e,t),group:S(e,t),flow:E(e,t),theme:D(e,t),audit:M(e,t),authz:O(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(g[e.kid])return g[e.kid];if(Object.assign(g,await(async()=>{if(m)try{const e=JSON.parse(m),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==h||h.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!g[e.kid])throw Error("failed to fetch matching key");return g[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==h||h.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const n=await f.refresh(e);if(n.ok){return await f.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==h||h.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==h||h.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==h||h.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==h||h.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==h||h.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!p(e,t))return!1;const n=l(e,"permissions",t);return s.every((e=>n.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!p(e,t))return!1;const n=l(e,"roles",t);return s.every((e=>n.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};F.RefreshTokenCookieName="DSR",F.SessionTokenCookieName="DS",module.exports=F;
|
|
1
|
+
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("util"),o=require("cross-fetch");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=r(t);const i=t=>async(...s)=>{var n,o,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,d=e.__rest(i,["refreshJwt"]);const m=[];var p;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(p=d)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),m.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:m})})};function l(e,t,s){var n,o;const r=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(r)?r:[]}function d(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var m={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},p={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},g={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},h={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},y={search:"/v1/mgmt/audit/search"},I={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const w=(e,s)=>({create:function(n,o,r,a,i,l,d,p,u,c,g,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:r,displayName:a,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f}:Object.assign(Object.assign({loginId:n},o),{roleNames:o.roles,roles:void 0});return t.transformResponse(e.httpClient.post(m.create,k,{token:s}),(e=>e.user))},createTestUser:function(n,o,r,a,i,l,d,p,u,c,g,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:r,displayName:a,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:o.roles,roles:void 0,test:!0});return t.transformResponse(e.httpClient.post(m.create,k,{token:s}),(e=>e.user))},invite:function(n,o,r,a,i,l,d,p,u,c,g,h,v,f,k,R,C){const y="string"==typeof o?{loginId:n,email:o,phone:r,displayName:a,givenName:f,middleName:k,familyName:R,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:C}:Object.assign(Object.assign({loginId:n},o),{roleNames:o.roles,roles:void 0,invite:!0});return t.transformResponse(e.httpClient.post(m.create,y,{token:s}),(e=>e.user))},inviteBatch:(n,o,r,a)=>t.transformResponse(e.httpClient.post(m.createBatch,{users:n,invite:!0,inviteUrl:o,sendMail:r,sendSMS:a},{token:s}),(e=>e)),update:function(n,o,r,a,i,l,d,p,u,c,g,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:r,displayName:a,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:u,verifiedPhone:c,additionalLoginIds:f}:Object.assign(Object.assign({loginId:n},o),{roleNames:o.roles,roles:void 0});return t.transformResponse(e.httpClient.post(m.update,k,{token:s}),(e=>e.user))},delete:n=>t.transformResponse(e.httpClient.post(m.delete,{loginId:n},{token:s})),deleteByUserId:n=>t.transformResponse(e.httpClient.post(m.delete,{userId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(m.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(m.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(m.logout,{userId:n},{token:s})),searchAll:n.deprecate(((n,o,r,a,i,l,d,p,u,c)=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:n,roleNames:o,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:p,emails:u,phones:c},{token:s}),(e=>e.users))),"searchAll is deprecated please use search() instead"),search:n=>t.transformResponse(e.httpClient.post(m.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0}),{token:s}),(e=>e.users)),getProviderToken:(n,o)=>t.transformResponse(e.httpClient.get(m.getProviderToken,{queryParams:{loginId:n,provider:o},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(m.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(m.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateEmail,{loginId:n,email:o,verified:r},{token:s}),(e=>e.user)),updatePhone:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updatePhone,{loginId:n,phone:o,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(n,o,r,a,i)=>t.transformResponse(e.httpClient.post(m.updateDisplayName,{loginId:n,displayName:o,givenName:r,middleName:a,familyName:i},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(m.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,r)=>t.transformResponse(e.httpClient.post(m.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:r},{token:s}),(e=>e.user)),setRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.setRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(m.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),setTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.setRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),addTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.addRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,r)=>t.transformResponse(e.httpClient.post(m.removeRole,{loginId:n,tenantId:o,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o,r)=>t.transformResponse(e.httpClient.post(m.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:r},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,r,a)=>t.transformResponse(e.httpClient.post(m.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:r,loginOptions:a},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,r)=>t.transformResponse(e.httpClient.post(m.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:r},{token:s}),(e=>e)),generateEmbeddedLink:(n,o)=>t.transformResponse(e.httpClient.post(m.generateEmbeddedLink,{loginId:n,customClaims:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(m.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(m.expirePassword,{loginId:n},{token:s}),(e=>e)),removeAllPasskeys:n=>t.transformResponse(e.httpClient.post(m.removeAllPasskeys,{loginId:n},{token:s}),(e=>e))}),b=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(p.updateName,{name:n},{token:s})),clone:(n,o)=>t.transformResponse(e.httpClient.post(p.clone,{name:n,tag:o},{token:s}))}),N=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(c.create,{name:n,selfProvisioningDomains:o,customAttributes:r},{token:s})),createWithId:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:n,name:o,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(c.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),A=(e,s)=>({update:(n,o)=>t.transformResponse(e.httpClient.post(h.update,{jwt:n,customClaims:o},{token:s}))}),T=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(v.create,{name:n,description:o},{token:s})),update:(n,o,r)=>t.transformResponse(e.httpClient.post(v.update,{name:n,newName:o,description:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(v.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),P=(e,s)=>({create:(n,o,r)=>t.transformResponse(e.httpClient.post(f.create,{name:n,description:o,permissionNames:r},{token:s})),update:(n,o,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:n,newName:o,description:r,permissionNames:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(f.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),j=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(C.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,r)=>t.transformResponse(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:n,loginIds:r,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(C.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))}),E=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(g.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),deleteSettings:n=>t.transformResponse(e.httpClient.delete(g.settings,{queryParams:{tenantId:n},token:s})),configureSettings:(n,o,r,a,i,l)=>t.transformResponse(e.httpClient.post(g.settings,{tenantId:n,idpURL:o,entityId:a,idpCert:r,redirectURL:i,domains:l},{token:s})),configureMetadata:(n,o,r,a)=>t.transformResponse(e.httpClient.post(g.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:r,domains:a},{token:s})),configureMapping:(n,o,r)=>t.transformResponse(e.httpClient.post(g.mapping,{tenantId:n,roleMappings:o,attributeMapping:r},{token:s}))}),O=(e,s)=>({create:(n,o,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:n,expireTime:o,roleNames:r,keyTenants:a},{token:s})),load:n=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o)=>t.transformResponse(e.httpClient.post(u.update,{id:n,name:o},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(u.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(u.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(u.delete,{id:n},{token:s}))}),x=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(k.delete,{ids:n},{token:s})),export:n=>t.transformResponse(e.httpClient.post(k.export,{flowId:n},{token:s})),import:(n,o,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:n,flow:o,screens:r},{token:s}))}),M=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(R.import,{theme:n},{token:s}))}),S=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(y.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),D=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(I.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(I.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(I.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,r)=>t.transformResponse(e.httpClient.post(I.nsSave,{namespace:n,oldName:o,schemaName:r},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(I.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,r,a)=>t.transformResponse(e.httpClient.post(I.rdSave,{relationDefinition:n,namespace:o,oldName:r,schemaName:a},{token:s})),deleteRelationDefinition:(n,o,r)=>t.transformResponse(e.httpClient.post(I.rdDelete,{name:n,namespace:o,schemaName:r},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(I.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(I.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(I.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(I.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,r)=>t.transformResponse(e.httpClient.post(I.who,{resource:n,relationDefinition:o,namespace:r},{token:s}),(e=>e.targets)),resourceRelations:n=>t.transformResponse(e.httpClient.post(I.resource,{resource:n},{token:s}),(e=>e.relations)),targetsRelations:n=>t.transformResponse(e.httpClient.post(I.targets,{targets:n},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(I.targetAll,{target:n},{token:s}),(e=>e.relations)),getModified:n=>t.transformResponse(e.httpClient.post(I.getModified,{since:n?n.getTime():0},{token:s}),(e=>e))});var L;null!==(L=globalThis.Headers)&&void 0!==L||(globalThis.Headers=o.Headers);const U=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),o.fetch(...e)),F=n=>{var o,{managementKey:r,publicKey:m}=n,p=e.__rest(n,["managementKey","publicKey"]);const u=a.default(Object.assign(Object.assign({fetch:U},p),{baseHeaders:Object.assign(Object.assign({},p.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"1.6.3"})})),{projectId:c,logger:g}=p,h={},v=((e,t)=>({user:w(e,t),project:b(e,t),accessKey:O(e,t),tenant:N(e,t),sso:E(e,t),jwt:A(e,t),permission:T(e,t),role:P(e,t),group:j(e,t),flow:x(e,t),theme:M(e,t),audit:S(e,t),authz:D(e,t)}))(u,r),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{if(m)try{const e=JSON.parse(m),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==g||g.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==g||g.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const n=await f.refresh(e);if(n.ok){return await f.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==g||g.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==g||g.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!d(e,t))return!1;const n=l(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!d(e,t))return[];const n=l(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!d(e,t))return!1;const n=l(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!d(e,t))return[];const n=l(e,"roles",t);return s.filter((e=>n.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};F.RefreshTokenCookieName="DSR",F.SessionTokenCookieName="DS",exports.default=F,exports.descopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};
|
|
2
2
|
//# sourceMappingURL=index.cjs.js.map
|