@descope/node-sdk 1.6.3 → 1.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +176 -29
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +275 -15
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +3 -3
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import * as _descope_core_js_sdk from '@descope/core-js-sdk';
2
- import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, SdkResponse, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
2
+ import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, SdkResponse, AccessKeyLoginOptions, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
3
3
  export { DeliveryMethod, JWTResponse, OAuthProvider, ResponseData, SdkResponse } from '@descope/core-js-sdk';
4
4
  import { JWTHeaderParameters, KeyLike } from 'jose';
5
5
 
@@ -18,7 +18,9 @@ interface AuthenticationInfo {
18
18
  }
19
19
  declare type DeliveryMethodForTestUser = DeliveryMethod | 'Embedded';
20
20
 
21
- /** Represents a tenant association for a User or Access Key. The tenantId is required to denote
21
+ declare type ExpirationUnit = 'minutes' | 'hours' | 'days' | 'weeks';
22
+ /**
23
+ * Represents a tenant association for a User or Access Key. The tenantId is required to denote
22
24
  * which tenant the user or access key belongs to. The roleNames array is an optional list of
23
25
  * roles for the user or access key in this specific tenant.
24
26
  */
@@ -30,6 +32,71 @@ declare type AssociatedTenant = {
30
32
  declare type CreateTenantResponse = {
31
33
  id: string;
32
34
  };
35
+ /**
36
+ * Options to create or update an OIDC application.
37
+ *
38
+ * **Note:** When updating, `id` will be required to perform the operation
39
+ */
40
+ declare type OidcApplicationOptions = {
41
+ name: string;
42
+ loginPageUrl: string;
43
+ id?: string;
44
+ description?: string;
45
+ logo?: string;
46
+ enabled?: boolean;
47
+ };
48
+ /**
49
+ * Options to create or update a SAML application.
50
+ *
51
+ * **Note:** When updating, `id` will be required to perform the operation
52
+ */
53
+ declare type SamlApplicationOptions = {
54
+ name: string;
55
+ loginPageUrl: string;
56
+ id?: string;
57
+ description?: string;
58
+ logo?: string;
59
+ enabled?: boolean;
60
+ useMetadataInfo?: boolean;
61
+ metadataUrl?: string;
62
+ entityId?: string;
63
+ acsUrl?: string;
64
+ certificate?: string;
65
+ attributeMapping?: SamlIdpAttributeMappingInfo[];
66
+ groupsMapping?: SamlIdpGroupsMappingInfo[];
67
+ acsAllowedCallbacks?: string[];
68
+ subjectNameIdType?: string;
69
+ subjectNameIdFormat?: string;
70
+ };
71
+ /**
72
+ * Represents a SAML IDP attribute mapping object. Use this class for mapping Descope attribute
73
+ * to the relevant SAML Assertion attributes matching your expected SP attributes names.
74
+ */
75
+ declare type SamlIdpAttributeMappingInfo = {
76
+ name: string;
77
+ type: string;
78
+ value: string;
79
+ };
80
+ /** Represents a SAML IDP Role Group mapping object. */
81
+ declare type SAMLIDPRoleGroupMappingInfo = {
82
+ id: string;
83
+ name: string;
84
+ };
85
+ /**
86
+ * Represents a SAML IDP groups mapping object. Use this class for mapping Descope roles
87
+ * to the relevant SAML Assertion groups attributes that matching your expected SP groups attributes names.
88
+ */
89
+ declare type SamlIdpGroupsMappingInfo = {
90
+ name: string;
91
+ type: string;
92
+ filterType: string;
93
+ value: string;
94
+ roles: SAMLIDPRoleGroupMappingInfo[];
95
+ };
96
+ /** The ID of a newly created SSO application */
97
+ declare type CreateSSOApplicationResponse = {
98
+ id: string;
99
+ };
33
100
  /** An access key that can be used to access descope */
34
101
  declare type AccessKey = {
35
102
  id: string;
@@ -42,6 +109,7 @@ declare type AccessKey = {
42
109
  expiresTime: number;
43
110
  createdBy: string;
44
111
  clientId: string;
112
+ boundUserId?: string;
45
113
  };
46
114
  /** Access Key extended details including created key cleartext */
47
115
  declare type CreatedAccessKeyResponse = {
@@ -73,6 +141,77 @@ declare type Tenant = {
73
141
  name: string;
74
142
  selfProvisioningDomains: string[];
75
143
  customAttributes?: Record<string, string | number | boolean>;
144
+ domains?: string[];
145
+ authType?: 'none' | 'saml' | 'oidc';
146
+ };
147
+ /** Represents settings of a tenant in a project. It has an id, a name and an array of
148
+ * self provisioning domains used to associate users with that tenant.
149
+ */
150
+ declare type TenantSettings = {
151
+ selfProvisioningDomains: string[];
152
+ domains?: string[];
153
+ authType?: 'none' | 'saml' | 'oidc';
154
+ sessionSettingsEnabled?: boolean;
155
+ refreshTokenExpiration?: number;
156
+ refreshTokenExpirationUnit?: ExpirationUnit;
157
+ sessionTokenExpiration?: number;
158
+ sessionTokenExpirationUnit?: ExpirationUnit;
159
+ stepupTokenExpiration?: number;
160
+ stepupTokenExpirationUnit?: ExpirationUnit;
161
+ enableInactivity?: boolean;
162
+ InactivityTime?: number;
163
+ InactivityTimeUnit?: ExpirationUnit;
164
+ JITDisabled?: boolean;
165
+ };
166
+ /** Represents password settings of a tenant in a project. It has the password policy details. */
167
+ declare type PasswordSettings = {
168
+ enabled: boolean;
169
+ minLength: number;
170
+ lowercase: boolean;
171
+ uppercase: boolean;
172
+ number: boolean;
173
+ nonAlphaNumeric: boolean;
174
+ expiration: boolean;
175
+ expirationWeeks: number;
176
+ reuse: boolean;
177
+ reuseAmount: number;
178
+ lock: boolean;
179
+ lockAttempts: number;
180
+ };
181
+ /** Represents OIDC settings of an SSO application in a project. */
182
+ declare type SSOApplicationOIDCSettings = {
183
+ loginPageUrl: string;
184
+ issuer: string;
185
+ discoveryUrl: string;
186
+ };
187
+ /** Represents SAML settings of an SSO application in a project. */
188
+ declare type SSOApplicationSAMLSettings = {
189
+ loginPageUrl: string;
190
+ idpCert: string;
191
+ useMetadataInfo: boolean;
192
+ metadataUrl: string;
193
+ entityId: string;
194
+ acsUrl: string;
195
+ certificate: string;
196
+ attributeMapping: SamlIdpAttributeMappingInfo[];
197
+ groupsMapping: SamlIdpGroupsMappingInfo[];
198
+ idpMetadataUrl: string;
199
+ idpEntityId: string;
200
+ idpSsoUrl: string;
201
+ acsAllowedCallbacks: string[];
202
+ subjectNameIdType: string;
203
+ subjectNameIdFormat: string;
204
+ };
205
+ /** Represents an SSO application in a project. */
206
+ declare type SSOApplication = {
207
+ id: string;
208
+ name: string;
209
+ description: string;
210
+ enabled: boolean;
211
+ logo: string;
212
+ appType: string;
213
+ samlSettings: SSOApplicationSAMLSettings;
214
+ oidcSettings: SSOApplicationOIDCSettings;
76
215
  };
77
216
  /** Represents a permission in a project. It has a name and optionally a description.
78
217
  * It also has a flag indicating whether it is system default or not.
@@ -90,6 +229,7 @@ declare type Role = {
90
229
  description?: string;
91
230
  permissionNames: string[];
92
231
  createdTime: number;
232
+ tenantId?: string;
93
233
  };
94
234
  /** Represents a group in a project. It has an id and display name and a list of group members. */
95
235
  declare type Group = {
@@ -169,6 +309,34 @@ declare type User = {
169
309
  verifiedPhone?: boolean;
170
310
  test?: boolean;
171
311
  additionalLoginIds?: string[];
312
+ password?: string;
313
+ hashedPassword?: UserPasswordHashed;
314
+ };
315
+ declare type UserPasswordHashed = {
316
+ bcrypt?: UserPasswordBcrypt;
317
+ pbkdf2?: UserPasswordPbkdf2;
318
+ firebase?: UserPasswordFirebase;
319
+ django?: UserPasswordDjango;
320
+ };
321
+ declare type UserPasswordBcrypt = {
322
+ hash: string;
323
+ };
324
+ declare type UserPasswordPbkdf2 = {
325
+ hash: string;
326
+ salt: string;
327
+ iterations: number;
328
+ type: 'sha1' | 'sha256' | 'sha512';
329
+ };
330
+ declare type UserPasswordFirebase = {
331
+ hash: string;
332
+ salt: string;
333
+ saltSeparator: string;
334
+ signerKey: string;
335
+ memory: number;
336
+ rounds: number;
337
+ };
338
+ declare type UserPasswordDjango = {
339
+ hash: string;
172
340
  };
173
341
  declare type UserMapping = {
174
342
  name: string;
@@ -200,6 +368,66 @@ declare type SSOSettingsResponse = {
200
368
  domains: string[];
201
369
  domain: string;
202
370
  };
371
+ declare type SSOSAMLSettingsResponse = {
372
+ idpEntityId: string;
373
+ idpSSOUrl: string;
374
+ idpCertificate: string;
375
+ idpMetadataUrl: string;
376
+ spEntityId: string;
377
+ spACSUrl: string;
378
+ spCertificate: string;
379
+ attributeMapping: AttributeMapping;
380
+ groupsMapping: RoleMappings;
381
+ redirectUrl: string;
382
+ };
383
+ declare type SSOSettings = {
384
+ tenant: Tenant;
385
+ saml?: SSOSAMLSettingsResponse;
386
+ oidc?: SSOOIDCSettings;
387
+ };
388
+ declare type OIDCAttributeMapping = {
389
+ loginId?: string;
390
+ name?: string;
391
+ givenName?: string;
392
+ middleName?: string;
393
+ familyName?: string;
394
+ email?: string;
395
+ verifiedEmail?: string;
396
+ username?: string;
397
+ phoneNumber?: string;
398
+ verifiedPhone?: string;
399
+ picture?: string;
400
+ };
401
+ declare type Prompt = 'none' | 'login' | 'consent' | 'select_account';
402
+ declare type SSOOIDCSettings = {
403
+ name: string;
404
+ clientId: string;
405
+ clientSecret?: string;
406
+ redirectUrl?: string;
407
+ authUrl?: string;
408
+ tokenUrl?: string;
409
+ userDataUrl?: string;
410
+ scope?: string[];
411
+ JWKsUrl?: string;
412
+ attributeMapping?: OIDCAttributeMapping;
413
+ manageProviderTokens?: boolean;
414
+ callbackDomain?: string;
415
+ prompt?: Prompt[];
416
+ grantType?: 'authorization_code' | 'implicit';
417
+ issuer?: string;
418
+ };
419
+ declare type SSOSAMLSettings = {
420
+ idpUrl: string;
421
+ idpCert: string;
422
+ entityId: string;
423
+ roleMappings?: RoleMappings;
424
+ attributeMapping?: AttributeMapping;
425
+ };
426
+ declare type SSOSAMLByMetadataSettings = {
427
+ idpMetadataUrl: string;
428
+ roleMappings?: RoleMappings;
429
+ attributeMapping?: AttributeMapping;
430
+ };
203
431
  declare type ProviderTokenResponse = {
204
432
  provider: string;
205
433
  providerUserId: string;
@@ -353,6 +581,7 @@ interface UserOptions {
353
581
  middleName?: string;
354
582
  familyName?: string;
355
583
  additionalLoginIds?: string[];
584
+ ssoAppIds?: string[];
356
585
  }
357
586
 
358
587
  /** Common Error Codes */
@@ -391,12 +620,7 @@ declare const nodeSdk: {
391
620
  sendSMS?: boolean;
392
621
  }): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
393
622
  (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
394
- }; /**
395
- * Retrieves the roles from JWT top level claims that match the specified roles list
396
- * @param authInfo JWT parsed info containing the roles
397
- * @param roles List of roles to match against the JWT claims
398
- * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
399
- */
623
+ };
400
624
  inviteBatch: (users: User[], inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean) => Promise<SdkResponse<InviteBatchResponse>>;
401
625
  update: {
402
626
  (loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -426,6 +650,7 @@ declare const nodeSdk: {
426
650
  customAttributes?: Record<string, AttributesTypes>;
427
651
  withTestUser?: boolean;
428
652
  testUsersOnly?: boolean;
653
+ ssoAppIds?: string[];
429
654
  }) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
430
655
  getProviderToken: (loginId: string, provider: string) => Promise<SdkResponse<ProviderTokenResponse>>;
431
656
  activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -444,20 +669,28 @@ declare const nodeSdk: {
444
669
  setTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
445
670
  addTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
446
671
  removeTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
672
+ addSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
673
+ setSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
674
+ removeSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
447
675
  generateOTPForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
448
676
  generateMagicLinkForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
449
677
  generateEnchantedLinkForTestUser: (loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
450
678
  generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
679
+ setTemporaryPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
680
+ setActivePassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
451
681
  setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
452
682
  expirePassword: (loginId: string) => Promise<SdkResponse<never>>;
453
683
  removeAllPasskeys: (loginId: string) => Promise<SdkResponse<never>>;
684
+ history: (userIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserHistoryResponse[]>>;
454
685
  };
455
686
  project: {
456
687
  updateName: (name: string) => Promise<SdkResponse<never>>;
457
688
  clone: (name: string, tag?: "production") => Promise<SdkResponse<CloneProjectResponse>>;
689
+ export: () => Promise<SdkResponse<Record<string, any>>>;
690
+ import: (files: Record<string, any>) => Promise<SdkResponse<never>>;
458
691
  };
459
692
  accessKey: {
460
- create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
693
+ create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[], userId?: string) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
461
694
  load: (id: string) => Promise<SdkResponse<AccessKey>>;
462
695
  searchAll: (tenantIds?: string[]) => Promise<SdkResponse<AccessKey[]>>;
463
696
  update: (id: string, name: string) => Promise<SdkResponse<AccessKey>>;
@@ -473,6 +706,21 @@ declare const nodeSdk: {
473
706
  load: (id: string) => Promise<SdkResponse<Tenant>>;
474
707
  loadAll: () => Promise<SdkResponse<Tenant[]>>;
475
708
  searchAll: (ids?: string[], names?: string[], selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<Tenant[]>>;
709
+ getSettings: (tenantId: string) => Promise<SdkResponse<TenantSettings>>;
710
+ configureSettings: (tenantId: string, settings: TenantSettings) => Promise<SdkResponse<never>>;
711
+ };
712
+ ssoApplication: {
713
+ createOidcApplication: (options: OidcApplicationOptions) => Promise<SdkResponse<CreateSSOApplicationResponse>>;
714
+ createSamlApplication: (options: SamlApplicationOptions) => Promise<SdkResponse<CreateSSOApplicationResponse>>;
715
+ updateOidcApplication: (options: OidcApplicationOptions & {
716
+ id: string;
717
+ }) => Promise<SdkResponse<never>>;
718
+ updateSamlApplication: (options: SamlApplicationOptions & {
719
+ id: string;
720
+ }) => Promise<SdkResponse<never>>;
721
+ delete: (id: string) => Promise<SdkResponse<never>>;
722
+ load: (id: string) => Promise<SdkResponse<SSOApplication>>;
723
+ loadAll: () => Promise<SdkResponse<SSOApplication[]>>;
476
724
  };
477
725
  sso: {
478
726
  getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
@@ -480,9 +728,14 @@ declare const nodeSdk: {
480
728
  configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
481
729
  configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
482
730
  configureMapping: (tenantId: string, roleMappings?: RoleMappings, attributeMapping?: AttributeMapping) => Promise<SdkResponse<never>>;
731
+ configureOIDCSettings: (tenantId: string, settings: SSOOIDCSettings, domains?: string[]) => Promise<SdkResponse<never>>;
732
+ configureSAMLSettings: (tenantId: string, settings: SSOSAMLSettings, redirectUrl?: string, domains?: string[]) => Promise<SdkResponse<never>>;
733
+ configureSAMLByMetadata: (tenantId: string, settings: SSOSAMLByMetadataSettings, redirectUrl?: string, domains?: string[]) => Promise<SdkResponse<never>>;
734
+ loadSettings: (tenantId: string) => Promise<SdkResponse<SSOSettings>>;
483
735
  };
484
736
  jwt: {
485
737
  update: (jwt: string, customClaims?: Record<string, any>) => Promise<SdkResponse<UpdateJWTResponse>>;
738
+ impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean) => Promise<SdkResponse<UpdateJWTResponse>>;
486
739
  };
487
740
  permission: {
488
741
  create: (name: string, description?: string) => Promise<SdkResponse<never>>;
@@ -490,10 +743,14 @@ declare const nodeSdk: {
490
743
  delete: (name: string) => Promise<SdkResponse<never>>;
491
744
  loadAll: () => Promise<SdkResponse<Permission[]>>;
492
745
  };
746
+ password: {
747
+ getSettings: (tenantId: string) => Promise<SdkResponse<PasswordSettings>>;
748
+ configureSettings: (tenantId: string, settings: PasswordSettings) => Promise<SdkResponse<never>>;
749
+ };
493
750
  role: {
494
- create: (name: string, description?: string, permissionNames?: string[]) => Promise<SdkResponse<never>>;
495
- update: (name: string, newName: string, description?: string, permissionNames?: string[]) => Promise<SdkResponse<never>>;
496
- delete: (name: string) => Promise<SdkResponse<never>>;
751
+ create: (name: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
752
+ update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
753
+ delete: (name: string, tenantId?: string) => Promise<SdkResponse<never>>;
497
754
  loadAll: () => Promise<SdkResponse<Role[]>>;
498
755
  };
499
756
  group: {
@@ -538,7 +795,7 @@ declare const nodeSdk: {
538
795
  validateSession: (sessionToken: string) => Promise<AuthenticationInfo>;
539
796
  refreshSession: (refreshToken: string) => Promise<AuthenticationInfo>;
540
797
  validateAndRefreshSession: (sessionToken?: string, refreshToken?: string) => Promise<AuthenticationInfo>;
541
- exchangeAccessKey: (accessKey: string) => Promise<AuthenticationInfo>;
798
+ exchangeAccessKey: (accessKey: string, loginOptions?: AccessKeyLoginOptions) => Promise<AuthenticationInfo>;
542
799
  validatePermissions: (authInfo: AuthenticationInfo, permissions: string[]) => boolean;
543
800
  getMatchedPermissions: (authInfo: AuthenticationInfo, permissions: string[]) => string[];
544
801
  validateTenantPermissions: (authInfo: AuthenticationInfo, tenant: string, permissions: string[]) => boolean;
@@ -548,7 +805,7 @@ declare const nodeSdk: {
548
805
  validateTenantRoles: (authInfo: AuthenticationInfo, tenant: string, roles: string[]) => boolean;
549
806
  getMatchedTenantRoles: (authInfo: AuthenticationInfo, tenant: string, roles: string[]) => string[];
550
807
  accessKey: {
551
- exchange: (accessKey: string) => Promise<SdkResponse<ExchangeAccessKeyResponse>>;
808
+ exchange: (accessKey: string, loginOptions?: AccessKeyLoginOptions) => Promise<SdkResponse<ExchangeAccessKeyResponse>>;
552
809
  };
553
810
  otp: {
554
811
  verify: {
@@ -845,6 +1102,8 @@ declare const nodeSdk: {
845
1102
  refreshJwt?: string;
846
1103
  cookies?: string[];
847
1104
  }>>;
1105
+ startNative: (provider: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
1106
+ finishNative: (provider: string, stateId: string, user?: string, code?: string, idToken?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
848
1107
  };
849
1108
  saml: {
850
1109
  start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
@@ -944,7 +1203,7 @@ declare const nodeSdk: {
944
1203
  webAuthnSupport?: boolean;
945
1204
  };
946
1205
  lastAuth?: {
947
- authMethod?: "otp" | "oauth" | "saml" | "totp" | "webauthn" | "magiclink" | "enchantedlink";
1206
+ authMethod?: "saml" | "otp" | "oauth" | "totp" | "webauthn" | "magiclink" | "enchantedlink";
948
1207
  oauthProvider?: string;
949
1208
  name?: string;
950
1209
  loginId?: string;
@@ -977,6 +1236,7 @@ declare const nodeSdk: {
977
1236
  logout: (token?: string) => Promise<SdkResponse<never>>;
978
1237
  logoutAll: (token?: string) => Promise<SdkResponse<never>>;
979
1238
  me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1239
+ history: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserHistoryResponse>>;
980
1240
  isJwtExpired: (token: string) => boolean;
981
1241
  getTenants: (token: string) => string[];
982
1242
  getJwtPermissions: (token: string, tenant?: string) => string[];
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as r}from"jose";import{deprecate as i}from"util";import{Headers as l,fetch as d}from"cross-fetch";const m=t=>async(...s)=>{var a,n,o;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const m=[];var p;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(p=d)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:m})})};function p(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function c(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},g={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},k={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},f={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},y={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},I={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},b={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},N={search:"/v1/mgmt/audit/search"},A={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const T=(e,t)=>({create:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0});return s(e.httpClient.post(u.create,f,{token:t}),(e=>e.user))},createTestUser:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.create,f,{token:t}),(e=>e.user))},invite:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k,f,C,y){const I="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:k,middleName:f,familyName:C,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,n,o,r)=>s(e.httpClient.post(u.createBatch,{users:a,invite:!0,inviteUrl:n,sendMail:o,sendSMS:r},{token:t}),(e=>e)),update:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0});return s(e.httpClient.post(u.update,f,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(u.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(u.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(u.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(u.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(u.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(u.logout,{userId:a},{token:t})),searchAll:i(((a,n,o,r,i,l,d,m,p,c)=>s(e.httpClient.post(u.search,{tenantIds:a,roleNames:n,limit:o,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:p,phones:c},{token:t}),(e=>e.users))),"searchAll is deprecated please use search() instead"),search:a=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,n)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:a,provider:n},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,n)=>s(e.httpClient.post(u.updateLoginId,{loginId:a,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(a,n,o)=>s(e.httpClient.post(u.updateEmail,{loginId:a,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(a,n,o)=>s(e.httpClient.post(u.updatePhone,{loginId:a,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(a,n,o,r,i)=>s(e.httpClient.post(u.updateDisplayName,{loginId:a,displayName:n,givenName:o,middleName:r,familyName:i},{token:t}),(e=>e.user)),updatePicture:(a,n)=>s(e.httpClient.post(u.updatePicture,{loginId:a,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(a,n,o)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:a,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(a,n)=>s(e.httpClient.post(u.setRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addRoles:(a,n)=>s(e.httpClient.post(u.addRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(a,n)=>s(e.httpClient.post(u.removeRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addTenant:(a,n)=>s(e.httpClient.post(u.addTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(a,n)=>s(e.httpClient.post(u.removeTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(a,n,o)=>s(e.httpClient.post(u.setRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(a,n,o)=>s(e.httpClient.post(u.addRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(a,n,o)=>s(e.httpClient.post(u.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,n,o)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:a,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,n,o,r)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:a,loginId:n,URI:o,loginOptions:r},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,n,o)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:a,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,n)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:a,customClaims:n},{token:t}),(e=>e)),setPassword:(a,n)=>s(e.httpClient.post(u.setPassword,{loginId:a,password:n},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(u.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:a},{token:t}),(e=>e))}),P=(e,t)=>({updateName:a=>s(e.httpClient.post(g.updateName,{name:a},{token:t})),clone:(a,n)=>s(e.httpClient.post(g.clone,{name:a,tag:n},{token:t}))}),R=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(v.create,{name:a,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(a,n,o,r)=>s(e.httpClient.post(v.create,{id:a,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),update:(a,n,o,r)=>s(e.httpClient.post(v.update,{id:a,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,n,o,r)=>s(e.httpClient.post(v.searchAll,{tenantIds:a,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:r},{token:t}),(e=>e.tenants))}),j=(e,t)=>({update:(a,n)=>s(e.httpClient.post(f.update,{jwt:a,customClaims:n},{token:t}))}),E=(e,t)=>({create:(a,n)=>s(e.httpClient.post(C.create,{name:a,description:n},{token:t})),update:(a,n,o)=>s(e.httpClient.post(C.update,{name:a,newName:n,description:o},{token:t})),delete:a=>s(e.httpClient.post(C.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),O=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(y.create,{name:a,description:n,permissionNames:o},{token:t})),update:(a,n,o,r)=>s(e.httpClient.post(y.update,{name:a,newName:n,description:o,permissionNames:r},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.roles))}),M=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(b.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,n,o)=>s(e.httpClient.post(b.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(a,n)=>s(e.httpClient.post(b.loadAllGroupMembers,{tenantId:a,groupId:n},{token:t}))}),S=(e,t)=>({getSettings:a=>s(e.httpClient.get(k.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(k.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,n,o,r,i,l)=>s(e.httpClient.post(k.settings,{tenantId:a,idpURL:n,entityId:r,idpCert:o,redirectURL:i,domains:l},{token:t})),configureMetadata:(a,n,o,r)=>s(e.httpClient.post(k.metadata,{tenantId:a,idpMetadataURL:n,redirectURL:o,domains:r},{token:t})),configureMapping:(a,n,o)=>s(e.httpClient.post(k.mapping,{tenantId:a,roleMappings:n,attributeMapping:o},{token:t}))}),x=(e,t)=>({create:(a,n,o,r)=>s(e.httpClient.post(h.create,{name:a,expireTime:n,roleNames:o,keyTenants:r},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(h.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,n)=>s(e.httpClient.post(h.update,{id:a,name:n},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(h.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(h.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t}))}),D=(e,t)=>({list:()=>s(e.httpClient.post(I.list,{},{token:t})),delete:a=>s(e.httpClient.post(I.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(I.export,{flowId:a},{token:t})),import:(a,n,o)=>s(e.httpClient.post(I.import,{flowId:a,flow:n,screens:o},{token:t}))}),L=(e,t)=>({export:()=>s(e.httpClient.post(w.export,{},{token:t})),import:a=>s(e.httpClient.post(w.import,{theme:a},{token:t}))}),U=(e,t)=>({search:a=>{const n=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete n.loginIds,s(e.httpClient.post(N.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),F=(e,t)=>({saveSchema:(a,n)=>s(e.httpClient.post(A.schemaSave,{schema:a,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(A.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(A.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,n,o)=>s(e.httpClient.post(A.nsSave,{namespace:a,oldName:n,schemaName:o},{token:t})),deleteNamespace:(a,n)=>s(e.httpClient.post(A.nsDelete,{name:a,schemaName:n},{token:t})),saveRelationDefinition:(a,n,o,r)=>s(e.httpClient.post(A.rdSave,{relationDefinition:a,namespace:n,oldName:o,schemaName:r},{token:t})),deleteRelationDefinition:(a,n,o)=>s(e.httpClient.post(A.rdDelete,{name:a,namespace:n,schemaName:o},{token:t})),createRelations:a=>s(e.httpClient.post(A.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(A.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(A.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(A.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,n,o)=>s(e.httpClient.post(A.who,{resource:a,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(A.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(A.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(A.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(A.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))});var z;null!==(z=globalThis.Headers)&&void 0!==z||(globalThis.Headers=l);const $=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),d(...e)),J={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},q=s=>{var i,{managementKey:l,publicKey:d}=s,u=e(s,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:$},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.6.3"})})),{projectId:h,logger:v}=u,k={},f=((e,t)=>({user:T(e,t),project:P(e,t),accessKey:x(e,t),tenant:R(e,t),sso:S(e,t),jwt:j(e,t),permission:E(e,t),role:O(e,t),group:M(e,t),flow:D(e,t),theme:L(e,t),audit:U(e,t),authz:F(e,t)}))(g,l),C=Object.assign(Object.assign({},g),{management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(d)try{const e=JSON.parse(d),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await n(e,C.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await C.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await C.validateJwt(e);const a=await C.refresh(e);if(a.ok){return await C.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await C.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return C.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await C.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await C.validateJwt(s)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>C.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>C.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!c(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!c(e,t))return[];const a=p(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>C.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>C.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!c(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!c(e,t))return[];const a=p(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(C,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};q.RefreshTokenCookieName="DSR",q.SessionTokenCookieName="DS";export{q as default,J as descopeErrors};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as i}from"jose";import{deprecate as r}from"util";import{Headers as l,fetch as d}from"cross-fetch";const p=t=>async(...s)=>{var a,n,o;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function m(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var c={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},u={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone",export:"/v1/mgmt/project/export",import:"/v1/mgmt/project/import"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},k={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},C={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},f={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate"},y={settings:"/v1/mgmt/password/settings"},I={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},b={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},w={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},A={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},S={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},O={search:"/v1/mgmt/audit/search"},N={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const P=(e,t)=>({create:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(c.create,C,{token:t}),(e=>e.user))},createTestUser:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(c.create,C,{token:t}),(e=>e.user))},invite:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k,C,f,y){const I="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,inviteUrl:u,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(c.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,n,o,i)=>s(e.httpClient.post(c.createBatch,{users:a,invite:!0,inviteUrl:n,sendMail:o,sendSMS:i},{token:t}),(e=>e)),update:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(c.update,C,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(c.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(c.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(c.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(c.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(c.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(c.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(c.logout,{userId:a},{token:t})),searchAll:r(((a,n,o,i,r,l,d,p,m,g)=>s(e.httpClient.post(c.search,{tenantIds:a,roleNames:n,limit:o,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:g},{token:t}),(e=>e.users))),"searchAll is deprecated please use search() instead"),search:a=>s(e.httpClient.post(c.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,n)=>s(e.httpClient.get(c.getProviderToken,{queryParams:{loginId:a,provider:n},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(c.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(c.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,n)=>s(e.httpClient.post(c.updateLoginId,{loginId:a,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(a,n,o)=>s(e.httpClient.post(c.updateEmail,{loginId:a,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(a,n,o)=>s(e.httpClient.post(c.updatePhone,{loginId:a,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(a,n,o,i,r)=>s(e.httpClient.post(c.updateDisplayName,{loginId:a,displayName:n,givenName:o,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(a,n)=>s(e.httpClient.post(c.updatePicture,{loginId:a,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(a,n,o)=>s(e.httpClient.post(c.updateCustomAttribute,{loginId:a,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(a,n)=>s(e.httpClient.post(c.setRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addRoles:(a,n)=>s(e.httpClient.post(c.addRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(a,n)=>s(e.httpClient.post(c.removeRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addTenant:(a,n)=>s(e.httpClient.post(c.addTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(a,n)=>s(e.httpClient.post(c.removeTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(a,n,o)=>s(e.httpClient.post(c.setRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(a,n,o)=>s(e.httpClient.post(c.addRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(a,n,o)=>s(e.httpClient.post(c.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addSSOapps:(a,n)=>s(e.httpClient.post(c.addSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(a,n)=>s(e.httpClient.post(c.setSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(a,n)=>s(e.httpClient.post(c.removeSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,n,o)=>s(e.httpClient.post(c.generateOTPForTest,{deliveryMethod:a,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,n,o,i)=>s(e.httpClient.post(c.generateMagicLinkForTest,{deliveryMethod:a,loginId:n,URI:o,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,n,o)=>s(e.httpClient.post(c.generateEnchantedLinkForTest,{loginId:a,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,n)=>s(e.httpClient.post(c.generateEmbeddedLink,{loginId:a,customClaims:n},{token:t}),(e=>e)),setTemporaryPassword:(a,n)=>s(e.httpClient.post(c.setTemporaryPassword,{loginId:a,password:n},{token:t}),(e=>e)),setActivePassword:(a,n)=>s(e.httpClient.post(c.setActivePassword,{loginId:a,password:n},{token:t}),(e=>e)),setPassword:(a,n)=>s(e.httpClient.post(c.setPassword,{loginId:a,password:n},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(c.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(c.removeAllPasskeys,{loginId:a},{token:t}),(e=>e)),history:a=>s(e.httpClient.post(c.history,a,{token:t}),(e=>e))}),j=(e,t)=>({updateName:a=>s(e.httpClient.post(u.updateName,{name:a},{token:t})),clone:(a,n)=>s(e.httpClient.post(u.clone,{name:a,tag:n},{token:t})),export:()=>s(e.httpClient.post(u.export,{},{token:t}),(e=>e.files)),import:a=>s(e.httpClient.post(u.export,{files:a},{token:t}))}),T=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(v.create,{name:a,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(a,n,o,i)=>s(e.httpClient.post(v.create,{id:a,name:n,selfProvisioningDomains:o,customAttributes:i},{token:t})),update:(a,n,o,i)=>s(e.httpClient.post(v.update,{id:a,name:n,selfProvisioningDomains:o,customAttributes:i},{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,n,o,i)=>s(e.httpClient.post(v.searchAll,{tenantIds:a,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:a=>s(e.httpClient.get(v.settings,{queryParams:{id:a},token:t}),(e=>e)),configureSettings:(a,n)=>s(e.httpClient.post(v.settings,Object.assign(Object.assign({},n),{tenantId:a}),{token:t}))}),M=(e,t)=>({update:(a,n)=>s(e.httpClient.post(f.update,{jwt:a,customClaims:n},{token:t})),impersonate:(a,n,o)=>s(e.httpClient.post(f.impersonate,{impersonatorId:a,loginId:n,validateConsent:o},{token:t}))}),R=(e,t)=>({create:(a,n)=>s(e.httpClient.post(I.create,{name:a,description:n},{token:t})),update:(a,n,o)=>s(e.httpClient.post(I.update,{name:a,newName:n,description:o},{token:t})),delete:a=>s(e.httpClient.post(I.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(I.loadAll,{token:t}),(e=>e.permissions))}),E=(e,t)=>({create:(a,n,o,i)=>s(e.httpClient.post(b.create,{name:a,description:n,permissionNames:o,tenantId:i},{token:t})),update:(a,n,o,i,r)=>s(e.httpClient.post(b.update,{name:a,newName:n,description:o,permissionNames:i,tenantId:r},{token:t})),delete:(a,n)=>s(e.httpClient.post(b.delete,{name:a,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.roles))}),x=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(S.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,n,o)=>s(e.httpClient.post(S.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(a,n)=>s(e.httpClient.post(S.loadAllGroupMembers,{tenantId:a,groupId:n},{token:t}))}),L=(e,t)=>({getSettings:r((a=>s(e.httpClient.get(C.settings,{queryParams:{tenantId:a},token:t}),(e=>e))),"getSettings is deprecated, please use loadSettings instead"),deleteSettings:a=>s(e.httpClient.delete(C.settings,{queryParams:{tenantId:a},token:t})),configureSettings:r(((a,n,o,i,r,l)=>s(e.httpClient.post(C.settings,{tenantId:a,idpURL:n,entityId:i,idpCert:o,redirectURL:r,domains:l},{token:t}))),"configureSettings is deprecated, please use configureSAMLSettings instead "),configureMetadata:r(((a,n,o,i)=>s(e.httpClient.post(C.metadata,{tenantId:a,idpMetadataURL:n,redirectURL:o,domains:i},{token:t}))),"configureMetadata is deprecated, please use configureSAMLByMetadata instead"),configureMapping:(a,n,o)=>s(e.httpClient.post(C.mapping,{tenantId:a,roleMappings:n,attributeMapping:o},{token:t})),configureOIDCSettings:(a,n,o)=>{const i=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete i.attributeMapping,s(e.httpClient.post(C.oidc.configure,{tenantId:a,settings:i,domains:o},{token:t}))},configureSAMLSettings:(a,n,o,i)=>s(e.httpClient.post(C.saml.configure,{tenantId:a,settings:n,redirectUrl:o,domains:i},{token:t})),configureSAMLByMetadata:(a,n,o,i)=>s(e.httpClient.post(C.saml.metadata,{tenantId:a,settings:n,redirectUrl:o,domains:i},{token:t})),loadSettings:a=>s(e.httpClient.get(C.settingsv2,{queryParams:{tenantId:a},token:t}),(e=>{var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}))}),U=(e,t)=>({create:(a,n,o,i,r)=>s(e.httpClient.post(h.create,{name:a,expireTime:n,roleNames:o,keyTenants:i,userId:r},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(h.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,n)=>s(e.httpClient.post(h.update,{id:a,name:n},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(h.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(h.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t}))}),D=(e,t)=>({list:()=>s(e.httpClient.post(w.list,{},{token:t})),delete:a=>s(e.httpClient.post(w.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(w.export,{flowId:a},{token:t})),import:(a,n,o)=>s(e.httpClient.post(w.import,{flowId:a,flow:n,screens:o},{token:t}))}),F=(e,t)=>({export:()=>s(e.httpClient.post(A.export,{},{token:t})),import:a=>s(e.httpClient.post(A.import,{theme:a},{token:t}))}),z=(e,t)=>({search:a=>{const n=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete n.loginIds,s(e.httpClient.post(O.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),q=(e,t)=>({saveSchema:(a,n)=>s(e.httpClient.post(N.schemaSave,{schema:a,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(N.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(N.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,n,o)=>s(e.httpClient.post(N.nsSave,{namespace:a,oldName:n,schemaName:o},{token:t})),deleteNamespace:(a,n)=>s(e.httpClient.post(N.nsDelete,{name:a,schemaName:n},{token:t})),saveRelationDefinition:(a,n,o,i)=>s(e.httpClient.post(N.rdSave,{relationDefinition:a,namespace:n,oldName:o,schemaName:i},{token:t})),deleteRelationDefinition:(a,n,o)=>s(e.httpClient.post(N.rdDelete,{name:a,namespace:n,schemaName:o},{token:t})),createRelations:a=>s(e.httpClient.post(N.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(N.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(N.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(N.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,n,o)=>s(e.httpClient.post(N.who,{resource:a,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(N.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(N.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(N.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(N.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))}),$=(e,t)=>({createOidcApplication:a=>{var n;return s(e.httpClient.post(k.oidcCreate,Object.assign(Object.assign({},a),{enabled:null===(n=a.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:a=>{var n;return s(e.httpClient.post(k.samlCreate,Object.assign(Object.assign({},a),{enabled:null===(n=a.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:a=>s(e.httpClient.post(k.oidcUpdate,Object.assign({},a),{token:t})),updateSamlApplication:a=>s(e.httpClient.post(k.samlUpdate,Object.assign({},a),{token:t})),delete:a=>s(e.httpClient.post(k.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(k.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.apps))}),J=(e,t)=>({getSettings:a=>s(e.httpClient.get(y.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),configureSettings:(a,n)=>s(e.httpClient.post(y.settings,Object.assign(Object.assign({},n),{tenantId:a}),{token:t}))});var K;null!==(K=globalThis.Headers)&&void 0!==K||(globalThis.Headers=l);const G=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),d(...e)),B={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},H=s=>{var r,{managementKey:l,publicKey:d}=s,c=e(s,["managementKey","publicKey"]);const u=t(Object.assign(Object.assign({fetch:G},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.6.4"})})),{projectId:h,logger:v}=c,k={},C=((e,t)=>({user:P(e,t),project:j(e,t),accessKey:U(e,t),tenant:T(e,t),ssoApplication:$(e,t),sso:L(e,t),jwt:M(e,t),permission:R(e,t),password:J(e,t),role:E(e,t),group:x(e,t),flow:D(e,t),theme:F(e,t),audit:z(e,t),authz:q(e,t)}))(u,l),f=Object.assign(Object.assign({},u),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(d)try{const e=JSON.parse(d),t=await i(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await n(e,f.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const a=await f.refresh(e);if(a.ok){return await f.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e,t){if(!e)throw Error("access key must not be empty");let s;try{s=await f.accessKey.exchange(e,t)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=s.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const a=m(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const a=m(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const a=m(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const a=m(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],p)};H.RefreshTokenCookieName="DSR",H.SessionTokenCookieName="DS";export{H as default,B as descopeErrors};
2
2
  //# sourceMappingURL=index.esm.js.map