@descope/node-sdk 1.6.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +25 -33
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +171 -37
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +2 -3
package/dist/index.d.ts CHANGED
@@ -72,6 +72,7 @@ declare type Tenant = {
72
72
  id: string;
73
73
  name: string;
74
74
  selfProvisioningDomains: string[];
75
+ customAttributes?: Record<string, string | number | boolean>;
75
76
  };
76
77
  /** Represents a permission in a project. It has a name and optionally a description.
77
78
  * It also has a flag indicating whether it is system default or not.
@@ -324,24 +325,36 @@ declare type AuthzRelationQuery = {
324
325
  target: string;
325
326
  hasRelation?: boolean;
326
327
  };
327
- declare type NewProjectResponse = {
328
+ /**
329
+ * AuthzModified has the list of resources and targets that were modified since given time returned from GetModified
330
+ */
331
+ declare type AuthzModified = {
332
+ resources: string[];
333
+ targets: string[];
334
+ schemaChanged: boolean;
335
+ };
336
+ declare type CloneProjectResponse = {
328
337
  projectId: string;
329
338
  projectName: string;
330
- projectSettingsWeb: Record<string, any>;
331
- authMethodsMagicLink: Record<string, any>;
332
- authMethodsOTP: Record<string, any>;
333
- authMethodsSAML: Record<string, any>;
334
- authMethodsOAuth: Record<string, any>;
335
- authMethodsWebAuthn: Record<string, any>;
336
- authMethodsTOTP: Record<string, any>;
337
- messagingProvidersWeb: Record<string, any>;
338
- authMethodsEnchantedLink: Record<string, any>;
339
- authMethodsPassword: Record<string, any>;
340
- authMethodsOIDCIDP: Record<string, any>;
341
- authMethodsEmbeddedLink: Record<string, any>;
342
339
  tag?: string;
343
340
  };
344
341
 
342
+ interface UserOptions {
343
+ email?: string;
344
+ phone?: string;
345
+ displayName?: string;
346
+ roles?: string[];
347
+ userTenants?: AssociatedTenant[];
348
+ customAttributes?: Record<string, AttributesTypes>;
349
+ picture?: string;
350
+ verifiedEmail?: boolean;
351
+ verifiedPhone?: boolean;
352
+ givenName?: string;
353
+ middleName?: string;
354
+ familyName?: string;
355
+ additionalLoginIds?: string[];
356
+ }
357
+
345
358
  /** Common Error Codes */
346
359
  declare const descopeErrors: {
347
360
  badRequest: string;
@@ -363,18 +376,57 @@ declare const nodeSdk: {
363
376
  ({ managementKey, publicKey, ...config }: NodeSdkArgs): {
364
377
  management: {
365
378
  user: {
366
- create: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
367
- createTestUser: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
368
- invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
379
+ create: {
380
+ (loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
381
+ (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
382
+ };
383
+ createTestUser: {
384
+ (loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
385
+ (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
386
+ };
387
+ invite: {
388
+ (loginId: string, options?: UserOptions & {
389
+ inviteUrl?: string;
390
+ sendMail?: boolean;
391
+ sendSMS?: boolean;
392
+ }): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
393
+ (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
394
+ }; /**
395
+ * Retrieves the roles from JWT top level claims that match the specified roles list
396
+ * @param authInfo JWT parsed info containing the roles
397
+ * @param roles List of roles to match against the JWT claims
398
+ * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
399
+ */
369
400
  inviteBatch: (users: User[], inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean) => Promise<SdkResponse<InviteBatchResponse>>;
370
- update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
401
+ update: {
402
+ (loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
403
+ (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
404
+ };
371
405
  delete: (loginId: string) => Promise<SdkResponse<never>>;
406
+ deleteByUserId: (userId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
372
407
  deleteAllTestUsers: () => Promise<SdkResponse<never>>;
373
408
  load: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
374
409
  loadByUserId: (userId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
375
410
  logoutUser: (loginId: string) => Promise<SdkResponse<never>>;
376
411
  logoutUserByUserId: (userId: string) => Promise<SdkResponse<never>>;
377
412
  searchAll: (tenantIds?: string[], roles?: string[], limit?: number, page?: number, testUsersOnly?: boolean, withTestUser?: boolean, customAttributes?: Record<string, AttributesTypes>, statuses?: UserStatus[], emails?: string[], phones?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
413
+ search: (searchReq: {
414
+ page?: number;
415
+ limit?: number;
416
+ sort?: {
417
+ field: string;
418
+ desc?: boolean;
419
+ }[];
420
+ text?: string;
421
+ emails?: string[];
422
+ phones?: string[];
423
+ statuses?: UserStatus[];
424
+ roles?: string[];
425
+ tenantIds?: string[];
426
+ customAttributes?: Record<string, AttributesTypes>;
427
+ withTestUser?: boolean;
428
+ testUsersOnly?: boolean;
429
+ }) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
378
430
  getProviderToken: (loginId: string, provider: string) => Promise<SdkResponse<ProviderTokenResponse>>;
379
431
  activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
380
432
  deactivate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -398,10 +450,11 @@ declare const nodeSdk: {
398
450
  generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
399
451
  setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
400
452
  expirePassword: (loginId: string) => Promise<SdkResponse<never>>;
453
+ removeAllPasskeys: (loginId: string) => Promise<SdkResponse<never>>;
401
454
  };
402
455
  project: {
403
456
  updateName: (name: string) => Promise<SdkResponse<never>>;
404
- clone: (name: string, tag?: "production") => Promise<SdkResponse<NewProjectResponse>>;
457
+ clone: (name: string, tag?: "production") => Promise<SdkResponse<CloneProjectResponse>>;
405
458
  };
406
459
  accessKey: {
407
460
  create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
@@ -450,6 +503,7 @@ declare const nodeSdk: {
450
503
  };
451
504
  flow: {
452
505
  list: () => Promise<SdkResponse<FlowsResponse>>;
506
+ delete: (flowIds: string[]) => Promise<SdkResponse<never>>;
453
507
  export: (flowId: string) => Promise<SdkResponse<FlowResponse>>;
454
508
  import: (flowId: string, flow: Flow, screens?: Screen[]) => Promise<SdkResponse<FlowResponse>>;
455
509
  };
@@ -476,6 +530,7 @@ declare const nodeSdk: {
476
530
  resourceRelations: (resource: string) => Promise<SdkResponse<AuthzRelation[]>>;
477
531
  targetsRelations: (targets: string[]) => Promise<SdkResponse<AuthzRelation[]>>;
478
532
  whatCanTargetAccess: (target: string) => Promise<SdkResponse<AuthzRelation[]>>;
533
+ getModified: (since: Date) => Promise<SdkResponse<AuthzModified>>;
479
534
  };
480
535
  };
481
536
  getKey: (header: JWTHeaderParameters) => Promise<KeyLike | Uint8Array>;
@@ -511,13 +566,13 @@ declare const nodeSdk: {
511
566
  }>>;
512
567
  };
513
568
  signIn: {
514
- sms: (loginId: string) => Promise<SdkResponse<{
569
+ sms: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
515
570
  maskedPhone: string;
516
571
  }>>;
517
- whatsapp: (loginId: string) => Promise<SdkResponse<{
572
+ whatsapp: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
518
573
  maskedPhone: string;
519
574
  }>>;
520
- email: (loginId: string) => Promise<SdkResponse<{
575
+ email: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
521
576
  maskedEmail: string;
522
577
  }>>;
523
578
  };
@@ -529,6 +584,11 @@ declare const nodeSdk: {
529
584
  middleName?: string;
530
585
  familyName?: string;
531
586
  phone?: string;
587
+ }, signUpOptions?: {
588
+ customClaims?: Record<string, any>;
589
+ templateOptions?: {
590
+ [x: string]: string;
591
+ };
532
592
  }) => Promise<SdkResponse<{
533
593
  maskedPhone: string;
534
594
  }>>;
@@ -539,6 +599,11 @@ declare const nodeSdk: {
539
599
  middleName?: string;
540
600
  familyName?: string;
541
601
  phone?: string;
602
+ }, signUpOptions?: {
603
+ customClaims?: Record<string, any>;
604
+ templateOptions?: {
605
+ [x: string]: string;
606
+ };
542
607
  }) => Promise<SdkResponse<{
543
608
  maskedPhone: string;
544
609
  }>>;
@@ -549,18 +614,23 @@ declare const nodeSdk: {
549
614
  middleName?: string;
550
615
  familyName?: string;
551
616
  phone?: string;
617
+ }, signUpOptions?: {
618
+ customClaims?: Record<string, any>;
619
+ templateOptions?: {
620
+ [x: string]: string;
621
+ };
552
622
  }) => Promise<SdkResponse<{
553
623
  maskedEmail: string;
554
624
  }>>;
555
625
  };
556
626
  signUpOrIn: {
557
- sms: (loginId: string) => Promise<SdkResponse<{
627
+ sms: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
558
628
  maskedPhone: string;
559
629
  }>>;
560
- whatsapp: (loginId: string) => Promise<SdkResponse<{
630
+ whatsapp: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
561
631
  maskedPhone: string;
562
632
  }>>;
563
- email: (loginId: string) => Promise<SdkResponse<{
633
+ email: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
564
634
  maskedEmail: string;
565
635
  }>>;
566
636
  };
@@ -568,6 +638,9 @@ declare const nodeSdk: {
568
638
  email: <T extends boolean>(loginId: string, email: string, token?: string, updateOptions?: {
569
639
  addToLoginIDs?: T;
570
640
  onMergeUseExisting?: T extends true ? boolean : never;
641
+ templateOptions?: {
642
+ [x: string]: string;
643
+ };
571
644
  }) => Promise<SdkResponse<{
572
645
  maskedEmail: string;
573
646
  }>>;
@@ -575,12 +648,18 @@ declare const nodeSdk: {
575
648
  sms: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
576
649
  addToLoginIDs?: T_1;
577
650
  onMergeUseExisting?: T_1 extends true ? boolean : never;
651
+ templateOptions?: {
652
+ [x: string]: string;
653
+ };
578
654
  }) => Promise<SdkResponse<{
579
655
  maskedPhone: string;
580
656
  }>>;
581
657
  whatsapp: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
582
658
  addToLoginIDs?: T_1;
583
659
  onMergeUseExisting?: T_1 extends true ? boolean : never;
660
+ templateOptions?: {
661
+ [x: string]: string;
662
+ };
584
663
  }) => Promise<SdkResponse<{
585
664
  maskedPhone: string;
586
665
  }>>;
@@ -593,56 +672,86 @@ declare const nodeSdk: {
593
672
  cookies?: string[];
594
673
  }>>;
595
674
  signIn: {
596
- sms: (loginId: string, uri: string) => Promise<SdkResponse<{
675
+ sms: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
597
676
  maskedPhone: string;
598
677
  }>>;
599
- whatsapp: (loginId: string, uri: string) => Promise<SdkResponse<{
678
+ whatsapp: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
600
679
  maskedPhone: string;
601
680
  }>>;
602
- email: (loginId: string, uri: string) => Promise<SdkResponse<{
681
+ email: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
603
682
  maskedEmail: string;
604
683
  }>>;
605
684
  };
606
685
  signUp: {
607
- sms: (loginId: string, uri: string, user?: {
686
+ sms: (loginId: string, URI: string, user?: {
608
687
  email?: string;
609
688
  name?: string;
610
689
  givenName?: string;
611
690
  middleName?: string;
612
691
  familyName?: string;
613
692
  phone?: string;
693
+ }, signUpOptions?: {
694
+ customClaims?: Record<string, any>;
695
+ templateOptions?: {
696
+ [x: string]: string;
697
+ };
614
698
  }) => Promise<SdkResponse<{
615
699
  maskedPhone: string;
616
700
  }>>;
617
- whatsapp: (loginId: string, uri: string, user?: {
701
+ whatsapp: (loginId: string, URI: string, user?: {
618
702
  email?: string;
619
703
  name?: string;
620
704
  givenName?: string;
621
705
  middleName?: string;
622
706
  familyName?: string;
623
707
  phone?: string;
708
+ }, signUpOptions?: {
709
+ customClaims?: Record<string, any>;
710
+ templateOptions?: {
711
+ [x: string]: string;
712
+ };
624
713
  }) => Promise<SdkResponse<{
625
714
  maskedPhone: string;
626
715
  }>>;
627
- email: (loginId: string, uri: string, user?: {
716
+ email: (loginId: string, URI: string, user?: {
628
717
  email?: string;
629
718
  name?: string;
630
719
  givenName?: string;
631
720
  middleName?: string;
632
721
  familyName?: string;
633
722
  phone?: string;
723
+ }, signUpOptions?: {
724
+ customClaims?: Record<string, any>;
725
+ templateOptions?: {
726
+ [x: string]: string;
727
+ };
634
728
  }) => Promise<SdkResponse<{
635
729
  maskedEmail: string;
636
730
  }>>;
637
731
  };
638
732
  signUpOrIn: {
639
- sms: (loginId: string, uri: string) => Promise<SdkResponse<{
733
+ sms: (loginId: string, URI?: string, signUpOptions?: {
734
+ customClaims?: Record<string, any>;
735
+ templateOptions?: {
736
+ [x: string]: string;
737
+ };
738
+ }) => Promise<SdkResponse<{
640
739
  maskedPhone: string;
641
740
  }>>;
642
- whatsapp: (loginId: string, uri: string) => Promise<SdkResponse<{
741
+ whatsapp: (loginId: string, URI?: string, signUpOptions?: {
742
+ customClaims?: Record<string, any>;
743
+ templateOptions?: {
744
+ [x: string]: string;
745
+ };
746
+ }) => Promise<SdkResponse<{
643
747
  maskedPhone: string;
644
748
  }>>;
645
- email: (loginId: string, uri: string) => Promise<SdkResponse<{
749
+ email: (loginId: string, URI?: string, signUpOptions?: {
750
+ customClaims?: Record<string, any>;
751
+ templateOptions?: {
752
+ [x: string]: string;
753
+ };
754
+ }) => Promise<SdkResponse<{
646
755
  maskedEmail: string;
647
756
  }>>;
648
757
  };
@@ -650,6 +759,9 @@ declare const nodeSdk: {
650
759
  email: <T_2 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
651
760
  addToLoginIDs?: T_2;
652
761
  onMergeUseExisting?: T_2 extends true ? boolean : never;
762
+ templateOptions?: {
763
+ [x: string]: string;
764
+ };
653
765
  }) => Promise<SdkResponse<{
654
766
  maskedEmail: string;
655
767
  }>>;
@@ -657,12 +769,18 @@ declare const nodeSdk: {
657
769
  sms: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
658
770
  addToLoginIDs?: T_3;
659
771
  onMergeUseExisting?: T_3 extends true ? boolean : never;
772
+ templateOptions?: {
773
+ [x: string]: string;
774
+ };
660
775
  }) => Promise<SdkResponse<{
661
776
  maskedPhone: string;
662
777
  }>>;
663
778
  whatsapp: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
664
779
  addToLoginIDs?: T_3;
665
780
  onMergeUseExisting?: T_3 extends true ? boolean : never;
781
+ templateOptions?: {
782
+ [x: string]: string;
783
+ };
666
784
  }) => Promise<SdkResponse<{
667
785
  maskedPhone: string;
668
786
  }>>;
@@ -671,18 +789,28 @@ declare const nodeSdk: {
671
789
  };
672
790
  enchantedLink: {
673
791
  verify: (token: string) => Promise<SdkResponse<never>>;
674
- signIn: (loginId: string, uri: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse & {
792
+ signIn: (loginId: string, URI?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse & {
675
793
  refreshJwt?: string;
676
794
  cookies?: string[];
677
795
  }>>;
678
- signUpOrIn: (loginId: string, uri: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
679
- signUp: (loginId: string, uri: string, user?: {
796
+ signUpOrIn: (loginId: string, URI?: string, signUpOptions?: {
797
+ customClaims?: Record<string, any>;
798
+ templateOptions?: {
799
+ [x: string]: string;
800
+ };
801
+ }) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
802
+ signUp: (loginId: string, URI?: string, user?: {
680
803
  email?: string;
681
804
  name?: string;
682
805
  givenName?: string;
683
806
  middleName?: string;
684
807
  familyName?: string;
685
808
  phone?: string;
809
+ }, signUpOptions?: {
810
+ customClaims?: Record<string, any>;
811
+ templateOptions?: {
812
+ [x: string]: string;
813
+ };
686
814
  }) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse & {
687
815
  refreshJwt?: string;
688
816
  cookies?: string[];
@@ -695,6 +823,9 @@ declare const nodeSdk: {
695
823
  email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
696
824
  addToLoginIDs?: T_4;
697
825
  onMergeUseExisting?: T_4 extends true ? boolean : never;
826
+ templateOptions?: {
827
+ [x: string]: string;
828
+ };
698
829
  }) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
699
830
  };
700
831
  };
@@ -786,7 +917,9 @@ declare const nodeSdk: {
786
917
  phone?: string;
787
918
  }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
788
919
  signIn: (loginId: string, password: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
789
- sendReset: (loginId: string, redirectUrl?: string) => Promise<SdkResponse<{
920
+ sendReset: (loginId: string, redirectUrl?: string, templateOptions?: {
921
+ [x: string]: string;
922
+ }) => Promise<SdkResponse<{
790
923
  resetMethod: string;
791
924
  pendingRef?: string;
792
925
  linkId?: string;
@@ -825,6 +958,7 @@ declare const nodeSdk: {
825
958
  samlIdpStateId?: string;
826
959
  samlIdpUsername?: string;
827
960
  ssoAppId?: string;
961
+ oidcLoginHint?: string;
828
962
  abTestingKey?: number;
829
963
  startOptionsVersion?: number;
830
964
  client?: Record<string, any>;
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as r}from"jose";import{Headers as i,fetch as l}from"cross-fetch";const d=t=>async(...a)=>{var s,n,o;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const m=[];var p;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(p=d)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:m})})};function m(e,t,a){var s,n;const o=a?null===(n=null===(s=e.token.tenants)||void 0===s?void 0:s[a])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function p(e,t){var a;return!!(null===(a=e.token.tenants)||void 0===a?void 0:a[t])}var u={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},c={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},y={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},I={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},b={search:"/v1/mgmt/audit/search"},N={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const A=(e,t)=>({create:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),createTestUser:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),invite:(s,n,o,r,i,l,d,m,p,c,g,h,v,k,C,f,y)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:k,middleName:C,familyName:f,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y},{token:t}),(e=>e.user)),inviteBatch:(s,n,o,r)=>a(e.httpClient.post(u.createBatch,{users:s,invite:!0,inviteUrl:n,sendMail:o,sendSMS:r},{token:t}),(e=>e)),update:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.update,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(u.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(u.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(u.load,{queryParams:{userId:s},token:t}),(e=>e.user)),logoutUser:s=>a(e.httpClient.post(u.logout,{loginId:s},{token:t})),logoutUserByUserId:s=>a(e.httpClient.post(u.logout,{userId:s},{token:t})),searchAll:(s,n,o,r,i,l,d,m,p,c)=>a(e.httpClient.post(u.search,{tenantIds:s,roleNames:n,limit:o,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:p,phones:c},{token:t}),(e=>e.users)),getProviderToken:(s,n)=>a(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:s,provider:n},token:t}),(e=>e)),activate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(s,n)=>a(e.httpClient.post(u.updateLoginId,{loginId:s,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(s,n,o)=>a(e.httpClient.post(u.updateEmail,{loginId:s,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(s,n,o)=>a(e.httpClient.post(u.updatePhone,{loginId:s,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(s,n,o,r,i)=>a(e.httpClient.post(u.updateDisplayName,{loginId:s,displayName:n,givenName:o,middleName:r,familyName:i},{token:t}),(e=>e.user)),updatePicture:(s,n)=>a(e.httpClient.post(u.updatePicture,{loginId:s,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(s,n,o)=>a(e.httpClient.post(u.updateCustomAttribute,{loginId:s,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(s,n)=>a(e.httpClient.post(u.setRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),addRoles:(s,n)=>a(e.httpClient.post(u.addRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(s,n)=>a(e.httpClient.post(u.removeRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),addTenant:(s,n)=>a(e.httpClient.post(u.addTenant,{loginId:s,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(s,n)=>a(e.httpClient.post(u.removeTenant,{loginId:s,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(s,n,o)=>a(e.httpClient.post(u.setRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(s,n,o)=>a(e.httpClient.post(u.addRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(s,n,o)=>a(e.httpClient.post(u.removeRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,n,o)=>a(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:s,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,n,o,r)=>a(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:s,loginId:n,URI:o,loginOptions:r},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,n,o)=>a(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:s,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(s,n)=>a(e.httpClient.post(u.generateEmbeddedLink,{loginId:s,customClaims:n},{token:t}),(e=>e)),setPassword:(s,n)=>a(e.httpClient.post(u.setPassword,{loginId:s,password:n},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(u.expirePassword,{loginId:s},{token:t}),(e=>e))}),T=(e,t)=>({updateName:s=>a(e.httpClient.post(c.updateName,{name:s},{token:t})),clone:(s,n)=>a(e.httpClient.post(c.clone,{name:s,tag:n},{token:t}))}),R=(e,t)=>({create:(s,n,o)=>a(e.httpClient.post(h.create,{name:s,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(s,n,o,r)=>a(e.httpClient.post(h.create,{id:s,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),update:(s,n,o,r)=>a(e.httpClient.post(h.update,{id:s,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),delete:s=>a(e.httpClient.post(h.delete,{id:s},{token:t})),load:s=>a(e.httpClient.get(h.load,{queryParams:{id:s},token:t}),(e=>e)),loadAll:()=>a(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants)),searchAll:(s,n,o,r)=>a(e.httpClient.post(h.searchAll,{tenantIds:s,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:r},{token:t}),(e=>e.tenants))}),P=(e,t)=>({update:(s,n)=>a(e.httpClient.post(k.update,{jwt:s,customClaims:n},{token:t}))}),E=(e,t)=>({create:(s,n)=>a(e.httpClient.post(C.create,{name:s,description:n},{token:t})),update:(s,n,o)=>a(e.httpClient.post(C.update,{name:s,newName:n,description:o},{token:t})),delete:s=>a(e.httpClient.post(C.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),S=(e,t)=>({create:(s,n,o)=>a(e.httpClient.post(f.create,{name:s,description:n,permissionNames:o},{token:t})),update:(s,n,o,r)=>a(e.httpClient.post(f.update,{name:s,newName:n,description:o,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(f.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(f.loadAll,{token:t}),(e=>e.roles))}),x=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(I.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,n,o)=>a(e.httpClient.post(I.loadAllGroupsForMember,{tenantId:s,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(s,n)=>a(e.httpClient.post(I.loadAllGroupMembers,{tenantId:s,groupId:n},{token:t}))}),M=(e,t)=>({getSettings:s=>a(e.httpClient.get(v.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(v.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,n,o,r,i,l)=>a(e.httpClient.post(v.settings,{tenantId:s,idpURL:n,entityId:r,idpCert:o,redirectURL:i,domains:l},{token:t})),configureMetadata:(s,n,o,r)=>a(e.httpClient.post(v.metadata,{tenantId:s,idpMetadataURL:n,redirectURL:o,domains:r},{token:t})),configureMapping:(s,n,o)=>a(e.httpClient.post(v.mapping,{tenantId:s,roleMappings:n,attributeMapping:o},{token:t}))}),j=(e,t)=>({create:(s,n,o,r)=>a(e.httpClient.post(g.create,{name:s,expireTime:n,roleNames:o,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(g.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(g.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,n)=>a(e.httpClient.post(g.update,{id:s,name:n},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(g.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(g.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(g.delete,{id:s},{token:t}))}),O=(e,t)=>({list:()=>a(e.httpClient.post(y.list,{},{token:t})),export:s=>a(e.httpClient.post(y.export,{flowId:s},{token:t})),import:(s,n,o)=>a(e.httpClient.post(y.import,{flowId:s,flow:n,screens:o},{token:t}))}),D=(e,t)=>({export:()=>a(e.httpClient.post(w.export,{},{token:t})),import:s=>a(e.httpClient.post(w.import,{theme:s},{token:t}))}),L=(e,t)=>({search:s=>{const n=Object.assign(Object.assign({},s),{externalIds:s.loginIds});return delete n.loginIds,a(e.httpClient.post(b.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),U=(e,t)=>({saveSchema:(s,n)=>a(e.httpClient.post(N.schemaSave,{schema:s,upgrade:n},{token:t})),deleteSchema:()=>a(e.httpClient.post(N.schemaDelete,{},{token:t})),loadSchema:()=>a(e.httpClient.post(N.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(s,n,o)=>a(e.httpClient.post(N.nsSave,{namespace:s,oldName:n,schemaName:o},{token:t})),deleteNamespace:(s,n)=>a(e.httpClient.post(N.nsDelete,{name:s,schemaName:n},{token:t})),saveRelationDefinition:(s,n,o,r)=>a(e.httpClient.post(N.rdSave,{relationDefinition:s,namespace:n,oldName:o,schemaName:r},{token:t})),deleteRelationDefinition:(s,n,o)=>a(e.httpClient.post(N.rdDelete,{name:s,namespace:n,schemaName:o},{token:t})),createRelations:s=>a(e.httpClient.post(N.reCreate,{relations:s},{token:t})),deleteRelations:s=>a(e.httpClient.post(N.reDelete,{relations:s},{token:t})),deleteRelationsForResources:s=>a(e.httpClient.post(N.reDeleteResources,{resources:s},{token:t})),hasRelations:s=>a(e.httpClient.post(N.hasRelations,{relationQueries:s},{token:t}),(e=>e.relationQueries)),whoCanAccess:(s,n,o)=>a(e.httpClient.post(N.who,{resource:s,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:s=>a(e.httpClient.post(N.resource,{resource:s},{token:t}),(e=>e.relations)),targetsRelations:s=>a(e.httpClient.post(N.targets,{targets:s},{token:t}),(e=>e.relations)),whatCanTargetAccess:s=>a(e.httpClient.post(N.targetAll,{target:s},{token:t}),(e=>e.relations))});var F;null!==(F=globalThis.Headers)&&void 0!==F||(globalThis.Headers=i);const z=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),l(...e)),$={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},J=a=>{var i,{managementKey:l,publicKey:u}=a,c=e(a,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:z},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.6.2"})})),{projectId:h,logger:v}=c,k={},C=((e,t)=>({user:A(e,t),project:T(e,t),accessKey:j(e,t),tenant:R(e,t),sso:M(e,t),jwt:P(e,t),permission:E(e,t),role:S(e,t),group:x(e,t),flow:O(e,t),theme:D(e,t),audit:L(e,t),authz:U(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const a=(await n(e,f.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const s=await f.refresh(e);if(s.ok){return await f.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=t.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,a){if(t&&!p(e,t))return!1;const s=m(e,"permissions",t);return a.every((e=>s.includes(e)))},getMatchedTenantPermissions(e,t,a){if(t&&!p(e,t))return[];const s=m(e,"permissions",t);return a.filter((e=>s.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,a){if(t&&!p(e,t))return!1;const s=m(e,"roles",t);return a.every((e=>s.includes(e)))},getMatchedTenantRoles(e,t,a){if(t&&!p(e,t))return[];const s=m(e,"roles",t);return a.filter((e=>s.includes(e)))}});return s(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};J.RefreshTokenCookieName="DSR",J.SessionTokenCookieName="DS";export{J as default,$ as descopeErrors};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as r}from"jose";import{deprecate as i}from"util";import{Headers as l,fetch as d}from"cross-fetch";const m=t=>async(...s)=>{var a,n,o;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const m=[];var p;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(p=d)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:m})})};function p(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function c(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},g={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},k={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},f={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},y={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},I={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},b={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},N={search:"/v1/mgmt/audit/search"},A={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const T=(e,t)=>({create:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0});return s(e.httpClient.post(u.create,f,{token:t}),(e=>e.user))},createTestUser:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.create,f,{token:t}),(e=>e.user))},invite:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k,f,C,y){const I="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:k,middleName:f,familyName:C,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,n,o,r)=>s(e.httpClient.post(u.createBatch,{users:a,invite:!0,inviteUrl:n,sendMail:o,sendSMS:r},{token:t}),(e=>e)),update:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0});return s(e.httpClient.post(u.update,f,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(u.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(u.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(u.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(u.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(u.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(u.logout,{userId:a},{token:t})),searchAll:i(((a,n,o,r,i,l,d,m,p,c)=>s(e.httpClient.post(u.search,{tenantIds:a,roleNames:n,limit:o,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:p,phones:c},{token:t}),(e=>e.users))),"searchAll is deprecated please use search() instead"),search:a=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,n)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:a,provider:n},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,n)=>s(e.httpClient.post(u.updateLoginId,{loginId:a,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(a,n,o)=>s(e.httpClient.post(u.updateEmail,{loginId:a,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(a,n,o)=>s(e.httpClient.post(u.updatePhone,{loginId:a,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(a,n,o,r,i)=>s(e.httpClient.post(u.updateDisplayName,{loginId:a,displayName:n,givenName:o,middleName:r,familyName:i},{token:t}),(e=>e.user)),updatePicture:(a,n)=>s(e.httpClient.post(u.updatePicture,{loginId:a,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(a,n,o)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:a,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(a,n)=>s(e.httpClient.post(u.setRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addRoles:(a,n)=>s(e.httpClient.post(u.addRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(a,n)=>s(e.httpClient.post(u.removeRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addTenant:(a,n)=>s(e.httpClient.post(u.addTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(a,n)=>s(e.httpClient.post(u.removeTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(a,n,o)=>s(e.httpClient.post(u.setRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(a,n,o)=>s(e.httpClient.post(u.addRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(a,n,o)=>s(e.httpClient.post(u.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,n,o)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:a,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,n,o,r)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:a,loginId:n,URI:o,loginOptions:r},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,n,o)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:a,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,n)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:a,customClaims:n},{token:t}),(e=>e)),setPassword:(a,n)=>s(e.httpClient.post(u.setPassword,{loginId:a,password:n},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(u.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:a},{token:t}),(e=>e))}),P=(e,t)=>({updateName:a=>s(e.httpClient.post(g.updateName,{name:a},{token:t})),clone:(a,n)=>s(e.httpClient.post(g.clone,{name:a,tag:n},{token:t}))}),R=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(v.create,{name:a,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(a,n,o,r)=>s(e.httpClient.post(v.create,{id:a,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),update:(a,n,o,r)=>s(e.httpClient.post(v.update,{id:a,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,n,o,r)=>s(e.httpClient.post(v.searchAll,{tenantIds:a,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:r},{token:t}),(e=>e.tenants))}),j=(e,t)=>({update:(a,n)=>s(e.httpClient.post(f.update,{jwt:a,customClaims:n},{token:t}))}),E=(e,t)=>({create:(a,n)=>s(e.httpClient.post(C.create,{name:a,description:n},{token:t})),update:(a,n,o)=>s(e.httpClient.post(C.update,{name:a,newName:n,description:o},{token:t})),delete:a=>s(e.httpClient.post(C.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),O=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(y.create,{name:a,description:n,permissionNames:o},{token:t})),update:(a,n,o,r)=>s(e.httpClient.post(y.update,{name:a,newName:n,description:o,permissionNames:r},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.roles))}),M=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(b.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,n,o)=>s(e.httpClient.post(b.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(a,n)=>s(e.httpClient.post(b.loadAllGroupMembers,{tenantId:a,groupId:n},{token:t}))}),S=(e,t)=>({getSettings:a=>s(e.httpClient.get(k.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(k.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,n,o,r,i,l)=>s(e.httpClient.post(k.settings,{tenantId:a,idpURL:n,entityId:r,idpCert:o,redirectURL:i,domains:l},{token:t})),configureMetadata:(a,n,o,r)=>s(e.httpClient.post(k.metadata,{tenantId:a,idpMetadataURL:n,redirectURL:o,domains:r},{token:t})),configureMapping:(a,n,o)=>s(e.httpClient.post(k.mapping,{tenantId:a,roleMappings:n,attributeMapping:o},{token:t}))}),x=(e,t)=>({create:(a,n,o,r)=>s(e.httpClient.post(h.create,{name:a,expireTime:n,roleNames:o,keyTenants:r},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(h.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,n)=>s(e.httpClient.post(h.update,{id:a,name:n},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(h.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(h.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t}))}),D=(e,t)=>({list:()=>s(e.httpClient.post(I.list,{},{token:t})),delete:a=>s(e.httpClient.post(I.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(I.export,{flowId:a},{token:t})),import:(a,n,o)=>s(e.httpClient.post(I.import,{flowId:a,flow:n,screens:o},{token:t}))}),L=(e,t)=>({export:()=>s(e.httpClient.post(w.export,{},{token:t})),import:a=>s(e.httpClient.post(w.import,{theme:a},{token:t}))}),U=(e,t)=>({search:a=>{const n=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete n.loginIds,s(e.httpClient.post(N.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),F=(e,t)=>({saveSchema:(a,n)=>s(e.httpClient.post(A.schemaSave,{schema:a,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(A.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(A.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,n,o)=>s(e.httpClient.post(A.nsSave,{namespace:a,oldName:n,schemaName:o},{token:t})),deleteNamespace:(a,n)=>s(e.httpClient.post(A.nsDelete,{name:a,schemaName:n},{token:t})),saveRelationDefinition:(a,n,o,r)=>s(e.httpClient.post(A.rdSave,{relationDefinition:a,namespace:n,oldName:o,schemaName:r},{token:t})),deleteRelationDefinition:(a,n,o)=>s(e.httpClient.post(A.rdDelete,{name:a,namespace:n,schemaName:o},{token:t})),createRelations:a=>s(e.httpClient.post(A.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(A.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(A.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(A.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,n,o)=>s(e.httpClient.post(A.who,{resource:a,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(A.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(A.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(A.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(A.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))});var z;null!==(z=globalThis.Headers)&&void 0!==z||(globalThis.Headers=l);const $=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),d(...e)),J={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},q=s=>{var i,{managementKey:l,publicKey:d}=s,u=e(s,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:$},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.6.3"})})),{projectId:h,logger:v}=u,k={},f=((e,t)=>({user:T(e,t),project:P(e,t),accessKey:x(e,t),tenant:R(e,t),sso:S(e,t),jwt:j(e,t),permission:E(e,t),role:O(e,t),group:M(e,t),flow:D(e,t),theme:L(e,t),audit:U(e,t),authz:F(e,t)}))(g,l),C=Object.assign(Object.assign({},g),{management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(d)try{const e=JSON.parse(d),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await n(e,C.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await C.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await C.validateJwt(e);const a=await C.refresh(e);if(a.ok){return await C.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await C.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return C.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await C.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await C.validateJwt(s)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>C.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>C.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!c(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!c(e,t))return[];const a=p(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>C.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>C.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!c(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!c(e,t))return[];const a=p(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(C,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};q.RefreshTokenCookieName="DSR",q.SessionTokenCookieName="DS";export{q as default,J as descopeErrors};
2
2
  //# sourceMappingURL=index.esm.js.map