@descope/node-sdk 1.6.2 → 1.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +201 -62
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +440 -46
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +3 -4
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as r}from"jose";import{Headers as i,fetch as l}from"cross-fetch";const d=t=>async(...a)=>{var s,n,o;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const m=[];var p;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(p=d)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:m})})};function m(e,t,a){var s,n;const o=a?null===(n=null===(s=e.token.tenants)||void 0===s?void 0:s[a])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function p(e,t){var a;return!!(null===(a=e.token.tenants)||void 0===a?void 0:a[t])}var u={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},c={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},y={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},I={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},b={search:"/v1/mgmt/audit/search"},N={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall"};const A=(e,t)=>({create:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),createTestUser:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),invite:(s,n,o,r,i,l,d,m,p,c,g,h,v,k,C,f,y)=>a(e.httpClient.post(u.create,{loginId:s,email:n,phone:o,displayName:r,givenName:k,middleName:C,familyName:f,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y},{token:t}),(e=>e.user)),inviteBatch:(s,n,o,r)=>a(e.httpClient.post(u.createBatch,{users:s,invite:!0,inviteUrl:n,sendMail:o,sendSMS:r},{token:t}),(e=>e)),update:(s,n,o,r,i,l,d,m,p,c,g,h,v,k)=>a(e.httpClient.post(u.update,{loginId:s,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(u.delete,{loginId:s},{token:t})),deleteAllTestUsers:()=>a(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:s=>a(e.httpClient.get(u.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(u.load,{queryParams:{userId:s},token:t}),(e=>e.user)),logoutUser:s=>a(e.httpClient.post(u.logout,{loginId:s},{token:t})),logoutUserByUserId:s=>a(e.httpClient.post(u.logout,{userId:s},{token:t})),searchAll:(s,n,o,r,i,l,d,m,p,c)=>a(e.httpClient.post(u.search,{tenantIds:s,roleNames:n,limit:o,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:p,phones:c},{token:t}),(e=>e.users)),getProviderToken:(s,n)=>a(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:s,provider:n},token:t}),(e=>e)),activate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(s,n)=>a(e.httpClient.post(u.updateLoginId,{loginId:s,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(s,n,o)=>a(e.httpClient.post(u.updateEmail,{loginId:s,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(s,n,o)=>a(e.httpClient.post(u.updatePhone,{loginId:s,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(s,n,o,r,i)=>a(e.httpClient.post(u.updateDisplayName,{loginId:s,displayName:n,givenName:o,middleName:r,familyName:i},{token:t}),(e=>e.user)),updatePicture:(s,n)=>a(e.httpClient.post(u.updatePicture,{loginId:s,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(s,n,o)=>a(e.httpClient.post(u.updateCustomAttribute,{loginId:s,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(s,n)=>a(e.httpClient.post(u.setRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),addRoles:(s,n)=>a(e.httpClient.post(u.addRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(s,n)=>a(e.httpClient.post(u.removeRole,{loginId:s,roleNames:n},{token:t}),(e=>e.user)),addTenant:(s,n)=>a(e.httpClient.post(u.addTenant,{loginId:s,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(s,n)=>a(e.httpClient.post(u.removeTenant,{loginId:s,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(s,n,o)=>a(e.httpClient.post(u.setRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(s,n,o)=>a(e.httpClient.post(u.addRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(s,n,o)=>a(e.httpClient.post(u.removeRole,{loginId:s,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(s,n,o)=>a(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:s,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(s,n,o,r)=>a(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:s,loginId:n,URI:o,loginOptions:r},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(s,n,o)=>a(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:s,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(s,n)=>a(e.httpClient.post(u.generateEmbeddedLink,{loginId:s,customClaims:n},{token:t}),(e=>e)),setPassword:(s,n)=>a(e.httpClient.post(u.setPassword,{loginId:s,password:n},{token:t}),(e=>e)),expirePassword:s=>a(e.httpClient.post(u.expirePassword,{loginId:s},{token:t}),(e=>e))}),T=(e,t)=>({updateName:s=>a(e.httpClient.post(c.updateName,{name:s},{token:t})),clone:(s,n)=>a(e.httpClient.post(c.clone,{name:s,tag:n},{token:t}))}),R=(e,t)=>({create:(s,n,o)=>a(e.httpClient.post(h.create,{name:s,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(s,n,o,r)=>a(e.httpClient.post(h.create,{id:s,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),update:(s,n,o,r)=>a(e.httpClient.post(h.update,{id:s,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),delete:s=>a(e.httpClient.post(h.delete,{id:s},{token:t})),load:s=>a(e.httpClient.get(h.load,{queryParams:{id:s},token:t}),(e=>e)),loadAll:()=>a(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants)),searchAll:(s,n,o,r)=>a(e.httpClient.post(h.searchAll,{tenantIds:s,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:r},{token:t}),(e=>e.tenants))}),P=(e,t)=>({update:(s,n)=>a(e.httpClient.post(k.update,{jwt:s,customClaims:n},{token:t}))}),E=(e,t)=>({create:(s,n)=>a(e.httpClient.post(C.create,{name:s,description:n},{token:t})),update:(s,n,o)=>a(e.httpClient.post(C.update,{name:s,newName:n,description:o},{token:t})),delete:s=>a(e.httpClient.post(C.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),S=(e,t)=>({create:(s,n,o)=>a(e.httpClient.post(f.create,{name:s,description:n,permissionNames:o},{token:t})),update:(s,n,o,r)=>a(e.httpClient.post(f.update,{name:s,newName:n,description:o,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(f.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(f.loadAll,{token:t}),(e=>e.roles))}),x=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(I.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,n,o)=>a(e.httpClient.post(I.loadAllGroupsForMember,{tenantId:s,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(s,n)=>a(e.httpClient.post(I.loadAllGroupMembers,{tenantId:s,groupId:n},{token:t}))}),M=(e,t)=>({getSettings:s=>a(e.httpClient.get(v.settings,{queryParams:{tenantId:s},token:t}),(e=>e)),deleteSettings:s=>a(e.httpClient.delete(v.settings,{queryParams:{tenantId:s},token:t})),configureSettings:(s,n,o,r,i,l)=>a(e.httpClient.post(v.settings,{tenantId:s,idpURL:n,entityId:r,idpCert:o,redirectURL:i,domains:l},{token:t})),configureMetadata:(s,n,o,r)=>a(e.httpClient.post(v.metadata,{tenantId:s,idpMetadataURL:n,redirectURL:o,domains:r},{token:t})),configureMapping:(s,n,o)=>a(e.httpClient.post(v.mapping,{tenantId:s,roleMappings:n,attributeMapping:o},{token:t}))}),j=(e,t)=>({create:(s,n,o,r)=>a(e.httpClient.post(g.create,{name:s,expireTime:n,roleNames:o,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(g.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(g.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,n)=>a(e.httpClient.post(g.update,{id:s,name:n},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(g.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(g.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(g.delete,{id:s},{token:t}))}),O=(e,t)=>({list:()=>a(e.httpClient.post(y.list,{},{token:t})),export:s=>a(e.httpClient.post(y.export,{flowId:s},{token:t})),import:(s,n,o)=>a(e.httpClient.post(y.import,{flowId:s,flow:n,screens:o},{token:t}))}),D=(e,t)=>({export:()=>a(e.httpClient.post(w.export,{},{token:t})),import:s=>a(e.httpClient.post(w.import,{theme:s},{token:t}))}),L=(e,t)=>({search:s=>{const n=Object.assign(Object.assign({},s),{externalIds:s.loginIds});return delete n.loginIds,a(e.httpClient.post(b.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),U=(e,t)=>({saveSchema:(s,n)=>a(e.httpClient.post(N.schemaSave,{schema:s,upgrade:n},{token:t})),deleteSchema:()=>a(e.httpClient.post(N.schemaDelete,{},{token:t})),loadSchema:()=>a(e.httpClient.post(N.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(s,n,o)=>a(e.httpClient.post(N.nsSave,{namespace:s,oldName:n,schemaName:o},{token:t})),deleteNamespace:(s,n)=>a(e.httpClient.post(N.nsDelete,{name:s,schemaName:n},{token:t})),saveRelationDefinition:(s,n,o,r)=>a(e.httpClient.post(N.rdSave,{relationDefinition:s,namespace:n,oldName:o,schemaName:r},{token:t})),deleteRelationDefinition:(s,n,o)=>a(e.httpClient.post(N.rdDelete,{name:s,namespace:n,schemaName:o},{token:t})),createRelations:s=>a(e.httpClient.post(N.reCreate,{relations:s},{token:t})),deleteRelations:s=>a(e.httpClient.post(N.reDelete,{relations:s},{token:t})),deleteRelationsForResources:s=>a(e.httpClient.post(N.reDeleteResources,{resources:s},{token:t})),hasRelations:s=>a(e.httpClient.post(N.hasRelations,{relationQueries:s},{token:t}),(e=>e.relationQueries)),whoCanAccess:(s,n,o)=>a(e.httpClient.post(N.who,{resource:s,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:s=>a(e.httpClient.post(N.resource,{resource:s},{token:t}),(e=>e.relations)),targetsRelations:s=>a(e.httpClient.post(N.targets,{targets:s},{token:t}),(e=>e.relations)),whatCanTargetAccess:s=>a(e.httpClient.post(N.targetAll,{target:s},{token:t}),(e=>e.relations))});var F;null!==(F=globalThis.Headers)&&void 0!==F||(globalThis.Headers=i);const z=(...e)=>(e.forEach((e=>{var t,a;e&&(null!==(t=(a=e).highWaterMark)&&void 0!==t||(a.highWaterMark=31457280))})),l(...e)),$={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},J=a=>{var i,{managementKey:l,publicKey:u}=a,c=e(a,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:z},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.6.2"})})),{projectId:h,logger:v}=c,k={},C=((e,t)=>({user:A(e,t),project:T(e,t),accessKey:j(e,t),tenant:R(e,t),sso:M(e,t),jwt:P(e,t),permission:E(e,t),role:S(e,t),group:x(e,t),flow:O(e,t),theme:D(e,t),audit:L(e,t),authz:U(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const a=(await n(e,f.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const s=await f.refresh(e);if(s.ok){return await f.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=t.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,a){if(t&&!p(e,t))return!1;const s=m(e,"permissions",t);return a.every((e=>s.includes(e)))},getMatchedTenantPermissions(e,t,a){if(t&&!p(e,t))return[];const s=m(e,"permissions",t);return a.filter((e=>s.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,a){if(t&&!p(e,t))return!1;const s=m(e,"roles",t);return a.every((e=>s.includes(e)))},getMatchedTenantRoles(e,t,a){if(t&&!p(e,t))return[];const s=m(e,"roles",t);return a.filter((e=>s.includes(e)))}});return s(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};J.RefreshTokenCookieName="DSR",J.SessionTokenCookieName="DS";export{J as default,$ as descopeErrors};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as i}from"jose";import{deprecate as r}from"util";import{Headers as l,fetch as d}from"cross-fetch";const p=t=>async(...s)=>{var a,n,o;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function m(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var c={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},u={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone",export:"/v1/mgmt/project/export",import:"/v1/mgmt/project/import"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},k={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},C={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},f={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate"},y={settings:"/v1/mgmt/password/settings"},I={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},b={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},w={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},A={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},S={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},O={search:"/v1/mgmt/audit/search"},N={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const P=(e,t)=>({create:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(c.create,C,{token:t}),(e=>e.user))},createTestUser:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(c.create,C,{token:t}),(e=>e.user))},invite:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k,C,f,y){const I="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,inviteUrl:u,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(c.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,n,o,i)=>s(e.httpClient.post(c.createBatch,{users:a,invite:!0,inviteUrl:n,sendMail:o,sendSMS:i},{token:t}),(e=>e)),update:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(c.update,C,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(c.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(c.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(c.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(c.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(c.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(c.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(c.logout,{userId:a},{token:t})),searchAll:r(((a,n,o,i,r,l,d,p,m,g)=>s(e.httpClient.post(c.search,{tenantIds:a,roleNames:n,limit:o,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:g},{token:t}),(e=>e.users))),"searchAll is deprecated please use search() instead"),search:a=>s(e.httpClient.post(c.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,n)=>s(e.httpClient.get(c.getProviderToken,{queryParams:{loginId:a,provider:n},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(c.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(c.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,n)=>s(e.httpClient.post(c.updateLoginId,{loginId:a,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(a,n,o)=>s(e.httpClient.post(c.updateEmail,{loginId:a,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(a,n,o)=>s(e.httpClient.post(c.updatePhone,{loginId:a,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(a,n,o,i,r)=>s(e.httpClient.post(c.updateDisplayName,{loginId:a,displayName:n,givenName:o,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(a,n)=>s(e.httpClient.post(c.updatePicture,{loginId:a,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(a,n,o)=>s(e.httpClient.post(c.updateCustomAttribute,{loginId:a,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(a,n)=>s(e.httpClient.post(c.setRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addRoles:(a,n)=>s(e.httpClient.post(c.addRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(a,n)=>s(e.httpClient.post(c.removeRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addTenant:(a,n)=>s(e.httpClient.post(c.addTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(a,n)=>s(e.httpClient.post(c.removeTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(a,n,o)=>s(e.httpClient.post(c.setRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(a,n,o)=>s(e.httpClient.post(c.addRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(a,n,o)=>s(e.httpClient.post(c.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addSSOapps:(a,n)=>s(e.httpClient.post(c.addSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(a,n)=>s(e.httpClient.post(c.setSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(a,n)=>s(e.httpClient.post(c.removeSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,n,o)=>s(e.httpClient.post(c.generateOTPForTest,{deliveryMethod:a,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,n,o,i)=>s(e.httpClient.post(c.generateMagicLinkForTest,{deliveryMethod:a,loginId:n,URI:o,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,n,o)=>s(e.httpClient.post(c.generateEnchantedLinkForTest,{loginId:a,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,n)=>s(e.httpClient.post(c.generateEmbeddedLink,{loginId:a,customClaims:n},{token:t}),(e=>e)),setTemporaryPassword:(a,n)=>s(e.httpClient.post(c.setTemporaryPassword,{loginId:a,password:n},{token:t}),(e=>e)),setActivePassword:(a,n)=>s(e.httpClient.post(c.setActivePassword,{loginId:a,password:n},{token:t}),(e=>e)),setPassword:(a,n)=>s(e.httpClient.post(c.setPassword,{loginId:a,password:n},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(c.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(c.removeAllPasskeys,{loginId:a},{token:t}),(e=>e)),history:a=>s(e.httpClient.post(c.history,a,{token:t}),(e=>e))}),j=(e,t)=>({updateName:a=>s(e.httpClient.post(u.updateName,{name:a},{token:t})),clone:(a,n)=>s(e.httpClient.post(u.clone,{name:a,tag:n},{token:t})),export:()=>s(e.httpClient.post(u.export,{},{token:t}),(e=>e.files)),import:a=>s(e.httpClient.post(u.export,{files:a},{token:t}))}),T=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(v.create,{name:a,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(a,n,o,i)=>s(e.httpClient.post(v.create,{id:a,name:n,selfProvisioningDomains:o,customAttributes:i},{token:t})),update:(a,n,o,i)=>s(e.httpClient.post(v.update,{id:a,name:n,selfProvisioningDomains:o,customAttributes:i},{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,n,o,i)=>s(e.httpClient.post(v.searchAll,{tenantIds:a,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:a=>s(e.httpClient.get(v.settings,{queryParams:{id:a},token:t}),(e=>e)),configureSettings:(a,n)=>s(e.httpClient.post(v.settings,Object.assign(Object.assign({},n),{tenantId:a}),{token:t}))}),M=(e,t)=>({update:(a,n)=>s(e.httpClient.post(f.update,{jwt:a,customClaims:n},{token:t})),impersonate:(a,n,o)=>s(e.httpClient.post(f.impersonate,{impersonatorId:a,loginId:n,validateConsent:o},{token:t}))}),R=(e,t)=>({create:(a,n)=>s(e.httpClient.post(I.create,{name:a,description:n},{token:t})),update:(a,n,o)=>s(e.httpClient.post(I.update,{name:a,newName:n,description:o},{token:t})),delete:a=>s(e.httpClient.post(I.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(I.loadAll,{token:t}),(e=>e.permissions))}),E=(e,t)=>({create:(a,n,o,i)=>s(e.httpClient.post(b.create,{name:a,description:n,permissionNames:o,tenantId:i},{token:t})),update:(a,n,o,i,r)=>s(e.httpClient.post(b.update,{name:a,newName:n,description:o,permissionNames:i,tenantId:r},{token:t})),delete:(a,n)=>s(e.httpClient.post(b.delete,{name:a,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.roles))}),x=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(S.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,n,o)=>s(e.httpClient.post(S.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(a,n)=>s(e.httpClient.post(S.loadAllGroupMembers,{tenantId:a,groupId:n},{token:t}))}),L=(e,t)=>({getSettings:r((a=>s(e.httpClient.get(C.settings,{queryParams:{tenantId:a},token:t}),(e=>e))),"getSettings is deprecated, please use loadSettings instead"),deleteSettings:a=>s(e.httpClient.delete(C.settings,{queryParams:{tenantId:a},token:t})),configureSettings:r(((a,n,o,i,r,l)=>s(e.httpClient.post(C.settings,{tenantId:a,idpURL:n,entityId:i,idpCert:o,redirectURL:r,domains:l},{token:t}))),"configureSettings is deprecated, please use configureSAMLSettings instead "),configureMetadata:r(((a,n,o,i)=>s(e.httpClient.post(C.metadata,{tenantId:a,idpMetadataURL:n,redirectURL:o,domains:i},{token:t}))),"configureMetadata is deprecated, please use configureSAMLByMetadata instead"),configureMapping:(a,n,o)=>s(e.httpClient.post(C.mapping,{tenantId:a,roleMappings:n,attributeMapping:o},{token:t})),configureOIDCSettings:(a,n,o)=>{const i=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete i.attributeMapping,s(e.httpClient.post(C.oidc.configure,{tenantId:a,settings:i,domains:o},{token:t}))},configureSAMLSettings:(a,n,o,i)=>s(e.httpClient.post(C.saml.configure,{tenantId:a,settings:n,redirectUrl:o,domains:i},{token:t})),configureSAMLByMetadata:(a,n,o,i)=>s(e.httpClient.post(C.saml.metadata,{tenantId:a,settings:n,redirectUrl:o,domains:i},{token:t})),loadSettings:a=>s(e.httpClient.get(C.settingsv2,{queryParams:{tenantId:a},token:t}),(e=>{var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}))}),U=(e,t)=>({create:(a,n,o,i,r)=>s(e.httpClient.post(h.create,{name:a,expireTime:n,roleNames:o,keyTenants:i,userId:r},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(h.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,n)=>s(e.httpClient.post(h.update,{id:a,name:n},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(h.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(h.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t}))}),D=(e,t)=>({list:()=>s(e.httpClient.post(w.list,{},{token:t})),delete:a=>s(e.httpClient.post(w.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(w.export,{flowId:a},{token:t})),import:(a,n,o)=>s(e.httpClient.post(w.import,{flowId:a,flow:n,screens:o},{token:t}))}),F=(e,t)=>({export:()=>s(e.httpClient.post(A.export,{},{token:t})),import:a=>s(e.httpClient.post(A.import,{theme:a},{token:t}))}),z=(e,t)=>({search:a=>{const n=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete n.loginIds,s(e.httpClient.post(O.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),q=(e,t)=>({saveSchema:(a,n)=>s(e.httpClient.post(N.schemaSave,{schema:a,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(N.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(N.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,n,o)=>s(e.httpClient.post(N.nsSave,{namespace:a,oldName:n,schemaName:o},{token:t})),deleteNamespace:(a,n)=>s(e.httpClient.post(N.nsDelete,{name:a,schemaName:n},{token:t})),saveRelationDefinition:(a,n,o,i)=>s(e.httpClient.post(N.rdSave,{relationDefinition:a,namespace:n,oldName:o,schemaName:i},{token:t})),deleteRelationDefinition:(a,n,o)=>s(e.httpClient.post(N.rdDelete,{name:a,namespace:n,schemaName:o},{token:t})),createRelations:a=>s(e.httpClient.post(N.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(N.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(N.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(N.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,n,o)=>s(e.httpClient.post(N.who,{resource:a,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(N.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(N.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(N.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(N.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))}),$=(e,t)=>({createOidcApplication:a=>{var n;return s(e.httpClient.post(k.oidcCreate,Object.assign(Object.assign({},a),{enabled:null===(n=a.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:a=>{var n;return s(e.httpClient.post(k.samlCreate,Object.assign(Object.assign({},a),{enabled:null===(n=a.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:a=>s(e.httpClient.post(k.oidcUpdate,Object.assign({},a),{token:t})),updateSamlApplication:a=>s(e.httpClient.post(k.samlUpdate,Object.assign({},a),{token:t})),delete:a=>s(e.httpClient.post(k.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(k.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.apps))}),J=(e,t)=>({getSettings:a=>s(e.httpClient.get(y.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),configureSettings:(a,n)=>s(e.httpClient.post(y.settings,Object.assign(Object.assign({},n),{tenantId:a}),{token:t}))});var K;null!==(K=globalThis.Headers)&&void 0!==K||(globalThis.Headers=l);const G=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),d(...e)),B={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},H=s=>{var r,{managementKey:l,publicKey:d}=s,c=e(s,["managementKey","publicKey"]);const u=t(Object.assign(Object.assign({fetch:G},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.6.4"})})),{projectId:h,logger:v}=c,k={},C=((e,t)=>({user:P(e,t),project:j(e,t),accessKey:U(e,t),tenant:T(e,t),ssoApplication:$(e,t),sso:L(e,t),jwt:M(e,t),permission:R(e,t),password:J(e,t),role:E(e,t),group:x(e,t),flow:D(e,t),theme:F(e,t),audit:z(e,t),authz:q(e,t)}))(u,l),f=Object.assign(Object.assign({},u),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(d)try{const e=JSON.parse(d),t=await i(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await n(e,f.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const a=await f.refresh(e);if(a.ok){return await f.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e,t){if(!e)throw Error("access key must not be empty");let s;try{s=await f.accessKey.exchange(e,t)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=s.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const a=m(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const a=m(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const a=m(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const a=m(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],p)};H.RefreshTokenCookieName="DSR",H.SessionTokenCookieName="DS";export{H as default,B as descopeErrors};
2
2
  //# sourceMappingURL=index.esm.js.map