@descope/node-sdk 1.6.3 → 1.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +186 -29
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +283 -15
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +4 -4
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import * as _descope_core_js_sdk from '@descope/core-js-sdk';
2
- import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, SdkResponse, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
2
+ import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, SdkResponse, AccessKeyLoginOptions, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
3
3
  export { DeliveryMethod, JWTResponse, OAuthProvider, ResponseData, SdkResponse } from '@descope/core-js-sdk';
4
4
  import { JWTHeaderParameters, KeyLike } from 'jose';
5
5
 
@@ -18,7 +18,9 @@ interface AuthenticationInfo {
18
18
  }
19
19
  declare type DeliveryMethodForTestUser = DeliveryMethod | 'Embedded';
20
20
 
21
- /** Represents a tenant association for a User or Access Key. The tenantId is required to denote
21
+ declare type ExpirationUnit = 'minutes' | 'hours' | 'days' | 'weeks';
22
+ /**
23
+ * Represents a tenant association for a User or Access Key. The tenantId is required to denote
22
24
  * which tenant the user or access key belongs to. The roleNames array is an optional list of
23
25
  * roles for the user or access key in this specific tenant.
24
26
  */
@@ -30,6 +32,71 @@ declare type AssociatedTenant = {
30
32
  declare type CreateTenantResponse = {
31
33
  id: string;
32
34
  };
35
+ /**
36
+ * Options to create or update an OIDC application.
37
+ *
38
+ * **Note:** When updating, `id` will be required to perform the operation
39
+ */
40
+ declare type OidcApplicationOptions = {
41
+ name: string;
42
+ loginPageUrl: string;
43
+ id?: string;
44
+ description?: string;
45
+ logo?: string;
46
+ enabled?: boolean;
47
+ };
48
+ /**
49
+ * Options to create or update a SAML application.
50
+ *
51
+ * **Note:** When updating, `id` will be required to perform the operation
52
+ */
53
+ declare type SamlApplicationOptions = {
54
+ name: string;
55
+ loginPageUrl: string;
56
+ id?: string;
57
+ description?: string;
58
+ logo?: string;
59
+ enabled?: boolean;
60
+ useMetadataInfo?: boolean;
61
+ metadataUrl?: string;
62
+ entityId?: string;
63
+ acsUrl?: string;
64
+ certificate?: string;
65
+ attributeMapping?: SamlIdpAttributeMappingInfo[];
66
+ groupsMapping?: SamlIdpGroupsMappingInfo[];
67
+ acsAllowedCallbacks?: string[];
68
+ subjectNameIdType?: string;
69
+ subjectNameIdFormat?: string;
70
+ };
71
+ /**
72
+ * Represents a SAML IDP attribute mapping object. Use this class for mapping Descope attribute
73
+ * to the relevant SAML Assertion attributes matching your expected SP attributes names.
74
+ */
75
+ declare type SamlIdpAttributeMappingInfo = {
76
+ name: string;
77
+ type: string;
78
+ value: string;
79
+ };
80
+ /** Represents a SAML IDP Role Group mapping object. */
81
+ declare type SAMLIDPRoleGroupMappingInfo = {
82
+ id: string;
83
+ name: string;
84
+ };
85
+ /**
86
+ * Represents a SAML IDP groups mapping object. Use this class for mapping Descope roles
87
+ * to the relevant SAML Assertion groups attributes that matching your expected SP groups attributes names.
88
+ */
89
+ declare type SamlIdpGroupsMappingInfo = {
90
+ name: string;
91
+ type: string;
92
+ filterType: string;
93
+ value: string;
94
+ roles: SAMLIDPRoleGroupMappingInfo[];
95
+ };
96
+ /** The ID of a newly created SSO application */
97
+ declare type CreateSSOApplicationResponse = {
98
+ id: string;
99
+ };
33
100
  /** An access key that can be used to access descope */
34
101
  declare type AccessKey = {
35
102
  id: string;
@@ -42,6 +109,7 @@ declare type AccessKey = {
42
109
  expiresTime: number;
43
110
  createdBy: string;
44
111
  clientId: string;
112
+ boundUserId?: string;
45
113
  };
46
114
  /** Access Key extended details including created key cleartext */
47
115
  declare type CreatedAccessKeyResponse = {
@@ -73,6 +141,77 @@ declare type Tenant = {
73
141
  name: string;
74
142
  selfProvisioningDomains: string[];
75
143
  customAttributes?: Record<string, string | number | boolean>;
144
+ domains?: string[];
145
+ authType?: 'none' | 'saml' | 'oidc';
146
+ };
147
+ /** Represents settings of a tenant in a project. It has an id, a name and an array of
148
+ * self provisioning domains used to associate users with that tenant.
149
+ */
150
+ declare type TenantSettings = {
151
+ selfProvisioningDomains: string[];
152
+ domains?: string[];
153
+ authType?: 'none' | 'saml' | 'oidc';
154
+ sessionSettingsEnabled?: boolean;
155
+ refreshTokenExpiration?: number;
156
+ refreshTokenExpirationUnit?: ExpirationUnit;
157
+ sessionTokenExpiration?: number;
158
+ sessionTokenExpirationUnit?: ExpirationUnit;
159
+ stepupTokenExpiration?: number;
160
+ stepupTokenExpirationUnit?: ExpirationUnit;
161
+ enableInactivity?: boolean;
162
+ InactivityTime?: number;
163
+ InactivityTimeUnit?: ExpirationUnit;
164
+ JITDisabled?: boolean;
165
+ };
166
+ /** Represents password settings of a tenant in a project. It has the password policy details. */
167
+ declare type PasswordSettings = {
168
+ enabled: boolean;
169
+ minLength: number;
170
+ lowercase: boolean;
171
+ uppercase: boolean;
172
+ number: boolean;
173
+ nonAlphaNumeric: boolean;
174
+ expiration: boolean;
175
+ expirationWeeks: number;
176
+ reuse: boolean;
177
+ reuseAmount: number;
178
+ lock: boolean;
179
+ lockAttempts: number;
180
+ };
181
+ /** Represents OIDC settings of an SSO application in a project. */
182
+ declare type SSOApplicationOIDCSettings = {
183
+ loginPageUrl: string;
184
+ issuer: string;
185
+ discoveryUrl: string;
186
+ };
187
+ /** Represents SAML settings of an SSO application in a project. */
188
+ declare type SSOApplicationSAMLSettings = {
189
+ loginPageUrl: string;
190
+ idpCert: string;
191
+ useMetadataInfo: boolean;
192
+ metadataUrl: string;
193
+ entityId: string;
194
+ acsUrl: string;
195
+ certificate: string;
196
+ attributeMapping: SamlIdpAttributeMappingInfo[];
197
+ groupsMapping: SamlIdpGroupsMappingInfo[];
198
+ idpMetadataUrl: string;
199
+ idpEntityId: string;
200
+ idpSsoUrl: string;
201
+ acsAllowedCallbacks: string[];
202
+ subjectNameIdType: string;
203
+ subjectNameIdFormat: string;
204
+ };
205
+ /** Represents an SSO application in a project. */
206
+ declare type SSOApplication = {
207
+ id: string;
208
+ name: string;
209
+ description: string;
210
+ enabled: boolean;
211
+ logo: string;
212
+ appType: string;
213
+ samlSettings: SSOApplicationSAMLSettings;
214
+ oidcSettings: SSOApplicationOIDCSettings;
76
215
  };
77
216
  /** Represents a permission in a project. It has a name and optionally a description.
78
217
  * It also has a flag indicating whether it is system default or not.
@@ -90,6 +229,14 @@ declare type Role = {
90
229
  description?: string;
91
230
  permissionNames: string[];
92
231
  createdTime: number;
232
+ tenantId?: string;
233
+ };
234
+ /** Search roles based on the parameters */
235
+ declare type RoleSearchOptions = {
236
+ tenantIds?: string[];
237
+ roleNames?: string[];
238
+ roleNameLike?: string;
239
+ permissionNames?: string[];
93
240
  };
94
241
  /** Represents a group in a project. It has an id and display name and a list of group members. */
95
242
  declare type Group = {
@@ -169,6 +316,34 @@ declare type User = {
169
316
  verifiedPhone?: boolean;
170
317
  test?: boolean;
171
318
  additionalLoginIds?: string[];
319
+ password?: string;
320
+ hashedPassword?: UserPasswordHashed;
321
+ };
322
+ declare type UserPasswordHashed = {
323
+ bcrypt?: UserPasswordBcrypt;
324
+ pbkdf2?: UserPasswordPbkdf2;
325
+ firebase?: UserPasswordFirebase;
326
+ django?: UserPasswordDjango;
327
+ };
328
+ declare type UserPasswordBcrypt = {
329
+ hash: string;
330
+ };
331
+ declare type UserPasswordPbkdf2 = {
332
+ hash: string;
333
+ salt: string;
334
+ iterations: number;
335
+ type: 'sha1' | 'sha256' | 'sha512';
336
+ };
337
+ declare type UserPasswordFirebase = {
338
+ hash: string;
339
+ salt: string;
340
+ saltSeparator: string;
341
+ signerKey: string;
342
+ memory: number;
343
+ rounds: number;
344
+ };
345
+ declare type UserPasswordDjango = {
346
+ hash: string;
172
347
  };
173
348
  declare type UserMapping = {
174
349
  name: string;
@@ -200,6 +375,66 @@ declare type SSOSettingsResponse = {
200
375
  domains: string[];
201
376
  domain: string;
202
377
  };
378
+ declare type SSOSAMLSettingsResponse = {
379
+ idpEntityId: string;
380
+ idpSSOUrl: string;
381
+ idpCertificate: string;
382
+ idpMetadataUrl: string;
383
+ spEntityId: string;
384
+ spACSUrl: string;
385
+ spCertificate: string;
386
+ attributeMapping: AttributeMapping;
387
+ groupsMapping: RoleMappings;
388
+ redirectUrl: string;
389
+ };
390
+ declare type SSOSettings = {
391
+ tenant: Tenant;
392
+ saml?: SSOSAMLSettingsResponse;
393
+ oidc?: SSOOIDCSettings;
394
+ };
395
+ declare type OIDCAttributeMapping = {
396
+ loginId?: string;
397
+ name?: string;
398
+ givenName?: string;
399
+ middleName?: string;
400
+ familyName?: string;
401
+ email?: string;
402
+ verifiedEmail?: string;
403
+ username?: string;
404
+ phoneNumber?: string;
405
+ verifiedPhone?: string;
406
+ picture?: string;
407
+ };
408
+ declare type Prompt = 'none' | 'login' | 'consent' | 'select_account';
409
+ declare type SSOOIDCSettings = {
410
+ name: string;
411
+ clientId: string;
412
+ clientSecret?: string;
413
+ redirectUrl?: string;
414
+ authUrl?: string;
415
+ tokenUrl?: string;
416
+ userDataUrl?: string;
417
+ scope?: string[];
418
+ JWKsUrl?: string;
419
+ attributeMapping?: OIDCAttributeMapping;
420
+ manageProviderTokens?: boolean;
421
+ callbackDomain?: string;
422
+ prompt?: Prompt[];
423
+ grantType?: 'authorization_code' | 'implicit';
424
+ issuer?: string;
425
+ };
426
+ declare type SSOSAMLSettings = {
427
+ idpUrl: string;
428
+ idpCert: string;
429
+ entityId: string;
430
+ roleMappings?: RoleMappings;
431
+ attributeMapping?: AttributeMapping;
432
+ };
433
+ declare type SSOSAMLByMetadataSettings = {
434
+ idpMetadataUrl: string;
435
+ roleMappings?: RoleMappings;
436
+ attributeMapping?: AttributeMapping;
437
+ };
203
438
  declare type ProviderTokenResponse = {
204
439
  provider: string;
205
440
  providerUserId: string;
@@ -353,6 +588,7 @@ interface UserOptions {
353
588
  middleName?: string;
354
589
  familyName?: string;
355
590
  additionalLoginIds?: string[];
591
+ ssoAppIds?: string[];
356
592
  }
357
593
 
358
594
  /** Common Error Codes */
@@ -391,12 +627,7 @@ declare const nodeSdk: {
391
627
  sendSMS?: boolean;
392
628
  }): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
393
629
  (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
394
- }; /**
395
- * Retrieves the roles from JWT top level claims that match the specified roles list
396
- * @param authInfo JWT parsed info containing the roles
397
- * @param roles List of roles to match against the JWT claims
398
- * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
399
- */
630
+ };
400
631
  inviteBatch: (users: User[], inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean) => Promise<SdkResponse<InviteBatchResponse>>;
401
632
  update: {
402
633
  (loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -426,6 +657,7 @@ declare const nodeSdk: {
426
657
  customAttributes?: Record<string, AttributesTypes>;
427
658
  withTestUser?: boolean;
428
659
  testUsersOnly?: boolean;
660
+ ssoAppIds?: string[];
429
661
  }) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
430
662
  getProviderToken: (loginId: string, provider: string) => Promise<SdkResponse<ProviderTokenResponse>>;
431
663
  activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -444,20 +676,28 @@ declare const nodeSdk: {
444
676
  setTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
445
677
  addTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
446
678
  removeTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
679
+ addSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
680
+ setSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
681
+ removeSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
447
682
  generateOTPForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
448
683
  generateMagicLinkForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
449
684
  generateEnchantedLinkForTestUser: (loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
450
685
  generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
686
+ setTemporaryPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
687
+ setActivePassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
451
688
  setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
452
689
  expirePassword: (loginId: string) => Promise<SdkResponse<never>>;
453
690
  removeAllPasskeys: (loginId: string) => Promise<SdkResponse<never>>;
691
+ history: (userIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserHistoryResponse[]>>;
454
692
  };
455
693
  project: {
456
694
  updateName: (name: string) => Promise<SdkResponse<never>>;
457
695
  clone: (name: string, tag?: "production") => Promise<SdkResponse<CloneProjectResponse>>;
696
+ export: () => Promise<SdkResponse<Record<string, any>>>;
697
+ import: (files: Record<string, any>) => Promise<SdkResponse<never>>;
458
698
  };
459
699
  accessKey: {
460
- create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
700
+ create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[], userId?: string, customClaims?: Record<string, any>) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
461
701
  load: (id: string) => Promise<SdkResponse<AccessKey>>;
462
702
  searchAll: (tenantIds?: string[]) => Promise<SdkResponse<AccessKey[]>>;
463
703
  update: (id: string, name: string) => Promise<SdkResponse<AccessKey>>;
@@ -473,6 +713,21 @@ declare const nodeSdk: {
473
713
  load: (id: string) => Promise<SdkResponse<Tenant>>;
474
714
  loadAll: () => Promise<SdkResponse<Tenant[]>>;
475
715
  searchAll: (ids?: string[], names?: string[], selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<Tenant[]>>;
716
+ getSettings: (tenantId: string) => Promise<SdkResponse<TenantSettings>>;
717
+ configureSettings: (tenantId: string, settings: TenantSettings) => Promise<SdkResponse<never>>;
718
+ };
719
+ ssoApplication: {
720
+ createOidcApplication: (options: OidcApplicationOptions) => Promise<SdkResponse<CreateSSOApplicationResponse>>;
721
+ createSamlApplication: (options: SamlApplicationOptions) => Promise<SdkResponse<CreateSSOApplicationResponse>>;
722
+ updateOidcApplication: (options: OidcApplicationOptions & {
723
+ id: string;
724
+ }) => Promise<SdkResponse<never>>;
725
+ updateSamlApplication: (options: SamlApplicationOptions & {
726
+ id: string;
727
+ }) => Promise<SdkResponse<never>>;
728
+ delete: (id: string) => Promise<SdkResponse<never>>;
729
+ load: (id: string) => Promise<SdkResponse<SSOApplication>>;
730
+ loadAll: () => Promise<SdkResponse<SSOApplication[]>>;
476
731
  };
477
732
  sso: {
478
733
  getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
@@ -480,9 +735,14 @@ declare const nodeSdk: {
480
735
  configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
481
736
  configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
482
737
  configureMapping: (tenantId: string, roleMappings?: RoleMappings, attributeMapping?: AttributeMapping) => Promise<SdkResponse<never>>;
738
+ configureOIDCSettings: (tenantId: string, settings: SSOOIDCSettings, domains?: string[]) => Promise<SdkResponse<never>>;
739
+ configureSAMLSettings: (tenantId: string, settings: SSOSAMLSettings, redirectUrl?: string, domains?: string[]) => Promise<SdkResponse<never>>;
740
+ configureSAMLByMetadata: (tenantId: string, settings: SSOSAMLByMetadataSettings, redirectUrl?: string, domains?: string[]) => Promise<SdkResponse<never>>;
741
+ loadSettings: (tenantId: string) => Promise<SdkResponse<SSOSettings>>;
483
742
  };
484
743
  jwt: {
485
744
  update: (jwt: string, customClaims?: Record<string, any>) => Promise<SdkResponse<UpdateJWTResponse>>;
745
+ impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean) => Promise<SdkResponse<UpdateJWTResponse>>;
486
746
  };
487
747
  permission: {
488
748
  create: (name: string, description?: string) => Promise<SdkResponse<never>>;
@@ -490,11 +750,16 @@ declare const nodeSdk: {
490
750
  delete: (name: string) => Promise<SdkResponse<never>>;
491
751
  loadAll: () => Promise<SdkResponse<Permission[]>>;
492
752
  };
753
+ password: {
754
+ getSettings: (tenantId: string) => Promise<SdkResponse<PasswordSettings>>;
755
+ configureSettings: (tenantId: string, settings: PasswordSettings) => Promise<SdkResponse<never>>;
756
+ };
493
757
  role: {
494
- create: (name: string, description?: string, permissionNames?: string[]) => Promise<SdkResponse<never>>;
495
- update: (name: string, newName: string, description?: string, permissionNames?: string[]) => Promise<SdkResponse<never>>;
496
- delete: (name: string) => Promise<SdkResponse<never>>;
758
+ create: (name: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
759
+ update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
760
+ delete: (name: string, tenantId?: string) => Promise<SdkResponse<never>>;
497
761
  loadAll: () => Promise<SdkResponse<Role[]>>;
762
+ search: (options: RoleSearchOptions) => Promise<SdkResponse<Role[]>>;
498
763
  };
499
764
  group: {
500
765
  loadAllGroups: (tenantId: string) => Promise<SdkResponse<Group[]>>;
@@ -538,7 +803,7 @@ declare const nodeSdk: {
538
803
  validateSession: (sessionToken: string) => Promise<AuthenticationInfo>;
539
804
  refreshSession: (refreshToken: string) => Promise<AuthenticationInfo>;
540
805
  validateAndRefreshSession: (sessionToken?: string, refreshToken?: string) => Promise<AuthenticationInfo>;
541
- exchangeAccessKey: (accessKey: string) => Promise<AuthenticationInfo>;
806
+ exchangeAccessKey: (accessKey: string, loginOptions?: AccessKeyLoginOptions) => Promise<AuthenticationInfo>;
542
807
  validatePermissions: (authInfo: AuthenticationInfo, permissions: string[]) => boolean;
543
808
  getMatchedPermissions: (authInfo: AuthenticationInfo, permissions: string[]) => string[];
544
809
  validateTenantPermissions: (authInfo: AuthenticationInfo, tenant: string, permissions: string[]) => boolean;
@@ -548,7 +813,7 @@ declare const nodeSdk: {
548
813
  validateTenantRoles: (authInfo: AuthenticationInfo, tenant: string, roles: string[]) => boolean;
549
814
  getMatchedTenantRoles: (authInfo: AuthenticationInfo, tenant: string, roles: string[]) => string[];
550
815
  accessKey: {
551
- exchange: (accessKey: string) => Promise<SdkResponse<ExchangeAccessKeyResponse>>;
816
+ exchange: (accessKey: string, loginOptions?: AccessKeyLoginOptions) => Promise<SdkResponse<ExchangeAccessKeyResponse>>;
552
817
  };
553
818
  otp: {
554
819
  verify: {
@@ -845,6 +1110,8 @@ declare const nodeSdk: {
845
1110
  refreshJwt?: string;
846
1111
  cookies?: string[];
847
1112
  }>>;
1113
+ startNative: (provider: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
1114
+ finishNative: (provider: string, stateId: string, user?: string, code?: string, idToken?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
848
1115
  };
849
1116
  saml: {
850
1117
  start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
@@ -944,7 +1211,7 @@ declare const nodeSdk: {
944
1211
  webAuthnSupport?: boolean;
945
1212
  };
946
1213
  lastAuth?: {
947
- authMethod?: "otp" | "oauth" | "saml" | "totp" | "webauthn" | "magiclink" | "enchantedlink";
1214
+ authMethod?: "saml" | "otp" | "oauth" | "totp" | "webauthn" | "magiclink" | "enchantedlink";
948
1215
  oauthProvider?: string;
949
1216
  name?: string;
950
1217
  loginId?: string;
@@ -977,6 +1244,7 @@ declare const nodeSdk: {
977
1244
  logout: (token?: string) => Promise<SdkResponse<never>>;
978
1245
  logoutAll: (token?: string) => Promise<SdkResponse<never>>;
979
1246
  me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1247
+ history: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserHistoryResponse>>;
980
1248
  isJwtExpired: (token: string) => boolean;
981
1249
  getTenants: (token: string) => string[];
982
1250
  getJwtPermissions: (token: string, tenant?: string) => string[];
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as r}from"jose";import{deprecate as i}from"util";import{Headers as l,fetch as d}from"cross-fetch";const m=t=>async(...s)=>{var a,n,o;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const m=[];var p;return l?m.push(`${"DSR"}=${l}; Domain=${(null==(p=d)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),m.push(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:m})})};function p(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function c(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},g={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},k={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},f={update:"/v1/mgmt/jwt/update"},C={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},y={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},I={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},b={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},N={search:"/v1/mgmt/audit/search"},A={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const T=(e,t)=>({create:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0});return s(e.httpClient.post(u.create,f,{token:t}),(e=>e.user))},createTestUser:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.create,f,{token:t}),(e=>e.user))},invite:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k,f,C,y){const I="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:k,middleName:f,familyName:C,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,n,o,r)=>s(e.httpClient.post(u.createBatch,{users:a,invite:!0,inviteUrl:n,sendMail:o,sendSMS:r},{token:t}),(e=>e)),update:function(a,n,o,r,i,l,d,m,p,c,g,h,v,k){const f="string"==typeof n?{loginId:a,email:n,phone:o,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:p,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:n.roles,roles:void 0});return s(e.httpClient.post(u.update,f,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(u.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(u.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(u.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(u.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(u.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(u.logout,{userId:a},{token:t})),searchAll:i(((a,n,o,r,i,l,d,m,p,c)=>s(e.httpClient.post(u.search,{tenantIds:a,roleNames:n,limit:o,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:p,phones:c},{token:t}),(e=>e.users))),"searchAll is deprecated please use search() instead"),search:a=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,n)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:a,provider:n},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,n)=>s(e.httpClient.post(u.updateLoginId,{loginId:a,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(a,n,o)=>s(e.httpClient.post(u.updateEmail,{loginId:a,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(a,n,o)=>s(e.httpClient.post(u.updatePhone,{loginId:a,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(a,n,o,r,i)=>s(e.httpClient.post(u.updateDisplayName,{loginId:a,displayName:n,givenName:o,middleName:r,familyName:i},{token:t}),(e=>e.user)),updatePicture:(a,n)=>s(e.httpClient.post(u.updatePicture,{loginId:a,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(a,n,o)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:a,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(a,n)=>s(e.httpClient.post(u.setRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addRoles:(a,n)=>s(e.httpClient.post(u.addRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(a,n)=>s(e.httpClient.post(u.removeRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addTenant:(a,n)=>s(e.httpClient.post(u.addTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(a,n)=>s(e.httpClient.post(u.removeTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(a,n,o)=>s(e.httpClient.post(u.setRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(a,n,o)=>s(e.httpClient.post(u.addRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(a,n,o)=>s(e.httpClient.post(u.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,n,o)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:a,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,n,o,r)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:a,loginId:n,URI:o,loginOptions:r},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,n,o)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:a,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,n)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:a,customClaims:n},{token:t}),(e=>e)),setPassword:(a,n)=>s(e.httpClient.post(u.setPassword,{loginId:a,password:n},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(u.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:a},{token:t}),(e=>e))}),P=(e,t)=>({updateName:a=>s(e.httpClient.post(g.updateName,{name:a},{token:t})),clone:(a,n)=>s(e.httpClient.post(g.clone,{name:a,tag:n},{token:t}))}),R=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(v.create,{name:a,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(a,n,o,r)=>s(e.httpClient.post(v.create,{id:a,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),update:(a,n,o,r)=>s(e.httpClient.post(v.update,{id:a,name:n,selfProvisioningDomains:o,customAttributes:r},{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,n,o,r)=>s(e.httpClient.post(v.searchAll,{tenantIds:a,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:r},{token:t}),(e=>e.tenants))}),j=(e,t)=>({update:(a,n)=>s(e.httpClient.post(f.update,{jwt:a,customClaims:n},{token:t}))}),E=(e,t)=>({create:(a,n)=>s(e.httpClient.post(C.create,{name:a,description:n},{token:t})),update:(a,n,o)=>s(e.httpClient.post(C.update,{name:a,newName:n,description:o},{token:t})),delete:a=>s(e.httpClient.post(C.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.permissions))}),O=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(y.create,{name:a,description:n,permissionNames:o},{token:t})),update:(a,n,o,r)=>s(e.httpClient.post(y.update,{name:a,newName:n,description:o,permissionNames:r},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.roles))}),M=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(b.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,n,o)=>s(e.httpClient.post(b.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(a,n)=>s(e.httpClient.post(b.loadAllGroupMembers,{tenantId:a,groupId:n},{token:t}))}),S=(e,t)=>({getSettings:a=>s(e.httpClient.get(k.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(k.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,n,o,r,i,l)=>s(e.httpClient.post(k.settings,{tenantId:a,idpURL:n,entityId:r,idpCert:o,redirectURL:i,domains:l},{token:t})),configureMetadata:(a,n,o,r)=>s(e.httpClient.post(k.metadata,{tenantId:a,idpMetadataURL:n,redirectURL:o,domains:r},{token:t})),configureMapping:(a,n,o)=>s(e.httpClient.post(k.mapping,{tenantId:a,roleMappings:n,attributeMapping:o},{token:t}))}),x=(e,t)=>({create:(a,n,o,r)=>s(e.httpClient.post(h.create,{name:a,expireTime:n,roleNames:o,keyTenants:r},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(h.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,n)=>s(e.httpClient.post(h.update,{id:a,name:n},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(h.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(h.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t}))}),D=(e,t)=>({list:()=>s(e.httpClient.post(I.list,{},{token:t})),delete:a=>s(e.httpClient.post(I.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(I.export,{flowId:a},{token:t})),import:(a,n,o)=>s(e.httpClient.post(I.import,{flowId:a,flow:n,screens:o},{token:t}))}),L=(e,t)=>({export:()=>s(e.httpClient.post(w.export,{},{token:t})),import:a=>s(e.httpClient.post(w.import,{theme:a},{token:t}))}),U=(e,t)=>({search:a=>{const n=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete n.loginIds,s(e.httpClient.post(N.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),F=(e,t)=>({saveSchema:(a,n)=>s(e.httpClient.post(A.schemaSave,{schema:a,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(A.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(A.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,n,o)=>s(e.httpClient.post(A.nsSave,{namespace:a,oldName:n,schemaName:o},{token:t})),deleteNamespace:(a,n)=>s(e.httpClient.post(A.nsDelete,{name:a,schemaName:n},{token:t})),saveRelationDefinition:(a,n,o,r)=>s(e.httpClient.post(A.rdSave,{relationDefinition:a,namespace:n,oldName:o,schemaName:r},{token:t})),deleteRelationDefinition:(a,n,o)=>s(e.httpClient.post(A.rdDelete,{name:a,namespace:n,schemaName:o},{token:t})),createRelations:a=>s(e.httpClient.post(A.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(A.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(A.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(A.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,n,o)=>s(e.httpClient.post(A.who,{resource:a,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(A.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(A.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(A.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(A.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))});var z;null!==(z=globalThis.Headers)&&void 0!==z||(globalThis.Headers=l);const $=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),d(...e)),J={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},q=s=>{var i,{managementKey:l,publicKey:d}=s,u=e(s,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:$},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.6.3"})})),{projectId:h,logger:v}=u,k={},f=((e,t)=>({user:T(e,t),project:P(e,t),accessKey:x(e,t),tenant:R(e,t),sso:S(e,t),jwt:j(e,t),permission:E(e,t),role:O(e,t),group:M(e,t),flow:D(e,t),theme:L(e,t),audit:U(e,t),authz:F(e,t)}))(g,l),C=Object.assign(Object.assign({},g),{management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(d)try{const e=JSON.parse(d),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await n(e,C.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await C.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await C.validateJwt(e);const a=await C.refresh(e);if(a.ok){return await C.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await C.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return C.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await C.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await C.validateJwt(s)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>C.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>C.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!c(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!c(e,t))return[];const a=p(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>C.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>C.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!c(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!c(e,t))return[];const a=p(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(C,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};q.RefreshTokenCookieName="DSR",q.SessionTokenCookieName="DS";export{q as default,J as descopeErrors};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as i}from"jose";import{deprecate as r}from"util";import{Headers as l,fetch as d}from"cross-fetch";const p=t=>async(...s)=>{var a,n,o;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function m(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var c={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},u={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone",export:"/v1/mgmt/project/export",import:"/v1/mgmt/project/import"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},k={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},C={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},f={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate"},y={settings:"/v1/mgmt/password/settings"},I={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},b={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},w={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},A={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},S={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},O={search:"/v1/mgmt/audit/search"},N={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const P=(e,t)=>({create:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(c.create,C,{token:t}),(e=>e.user))},createTestUser:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(c.create,C,{token:t}),(e=>e.user))},invite:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k,C,f,y){const I="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,inviteUrl:u,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(c.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,n,o,i)=>s(e.httpClient.post(c.createBatch,{users:a,invite:!0,inviteUrl:n,sendMail:o,sendSMS:i},{token:t}),(e=>e)),update:function(a,n,o,i,r,l,d,p,m,g,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(c.update,C,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(c.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(c.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(c.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(c.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(c.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(c.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(c.logout,{userId:a},{token:t})),searchAll:r(((a,n,o,i,r,l,d,p,m,g)=>s(e.httpClient.post(c.search,{tenantIds:a,roleNames:n,limit:o,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:g},{token:t}),(e=>e.users))),"searchAll is deprecated please use search() instead"),search:a=>s(e.httpClient.post(c.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,n)=>s(e.httpClient.get(c.getProviderToken,{queryParams:{loginId:a,provider:n},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(c.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(c.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,n)=>s(e.httpClient.post(c.updateLoginId,{loginId:a,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(a,n,o)=>s(e.httpClient.post(c.updateEmail,{loginId:a,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(a,n,o)=>s(e.httpClient.post(c.updatePhone,{loginId:a,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(a,n,o,i,r)=>s(e.httpClient.post(c.updateDisplayName,{loginId:a,displayName:n,givenName:o,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(a,n)=>s(e.httpClient.post(c.updatePicture,{loginId:a,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(a,n,o)=>s(e.httpClient.post(c.updateCustomAttribute,{loginId:a,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(a,n)=>s(e.httpClient.post(c.setRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addRoles:(a,n)=>s(e.httpClient.post(c.addRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(a,n)=>s(e.httpClient.post(c.removeRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addTenant:(a,n)=>s(e.httpClient.post(c.addTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(a,n)=>s(e.httpClient.post(c.removeTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(a,n,o)=>s(e.httpClient.post(c.setRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(a,n,o)=>s(e.httpClient.post(c.addRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(a,n,o)=>s(e.httpClient.post(c.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addSSOapps:(a,n)=>s(e.httpClient.post(c.addSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(a,n)=>s(e.httpClient.post(c.setSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(a,n)=>s(e.httpClient.post(c.removeSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,n,o)=>s(e.httpClient.post(c.generateOTPForTest,{deliveryMethod:a,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,n,o,i)=>s(e.httpClient.post(c.generateMagicLinkForTest,{deliveryMethod:a,loginId:n,URI:o,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,n,o)=>s(e.httpClient.post(c.generateEnchantedLinkForTest,{loginId:a,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,n)=>s(e.httpClient.post(c.generateEmbeddedLink,{loginId:a,customClaims:n},{token:t}),(e=>e)),setTemporaryPassword:(a,n)=>s(e.httpClient.post(c.setTemporaryPassword,{loginId:a,password:n},{token:t}),(e=>e)),setActivePassword:(a,n)=>s(e.httpClient.post(c.setActivePassword,{loginId:a,password:n},{token:t}),(e=>e)),setPassword:(a,n)=>s(e.httpClient.post(c.setPassword,{loginId:a,password:n},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(c.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(c.removeAllPasskeys,{loginId:a},{token:t}),(e=>e)),history:a=>s(e.httpClient.post(c.history,a,{token:t}),(e=>e))}),j=(e,t)=>({updateName:a=>s(e.httpClient.post(u.updateName,{name:a},{token:t})),clone:(a,n)=>s(e.httpClient.post(u.clone,{name:a,tag:n},{token:t})),export:()=>s(e.httpClient.post(u.export,{},{token:t}),(e=>e.files)),import:a=>s(e.httpClient.post(u.export,{files:a},{token:t}))}),T=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(v.create,{name:a,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(a,n,o,i)=>s(e.httpClient.post(v.create,{id:a,name:n,selfProvisioningDomains:o,customAttributes:i},{token:t})),update:(a,n,o,i)=>s(e.httpClient.post(v.update,{id:a,name:n,selfProvisioningDomains:o,customAttributes:i},{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,n,o,i)=>s(e.httpClient.post(v.searchAll,{tenantIds:a,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:a=>s(e.httpClient.get(v.settings,{queryParams:{id:a},token:t}),(e=>e)),configureSettings:(a,n)=>s(e.httpClient.post(v.settings,Object.assign(Object.assign({},n),{tenantId:a}),{token:t}))}),M=(e,t)=>({update:(a,n)=>s(e.httpClient.post(f.update,{jwt:a,customClaims:n},{token:t})),impersonate:(a,n,o)=>s(e.httpClient.post(f.impersonate,{impersonatorId:a,loginId:n,validateConsent:o},{token:t}))}),R=(e,t)=>({create:(a,n)=>s(e.httpClient.post(I.create,{name:a,description:n},{token:t})),update:(a,n,o)=>s(e.httpClient.post(I.update,{name:a,newName:n,description:o},{token:t})),delete:a=>s(e.httpClient.post(I.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(I.loadAll,{token:t}),(e=>e.permissions))}),E=(e,t)=>({create:(a,n,o,i)=>s(e.httpClient.post(b.create,{name:a,description:n,permissionNames:o,tenantId:i},{token:t})),update:(a,n,o,i,r)=>s(e.httpClient.post(b.update,{name:a,newName:n,description:o,permissionNames:i,tenantId:r},{token:t})),delete:(a,n)=>s(e.httpClient.post(b.delete,{name:a,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.roles)),search:a=>s(e.httpClient.post(b.search,a,{token:t}),(e=>e.roles))}),x=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(S.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,n,o)=>s(e.httpClient.post(S.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(a,n)=>s(e.httpClient.post(S.loadAllGroupMembers,{tenantId:a,groupId:n},{token:t}))}),L=(e,t)=>({getSettings:r((a=>s(e.httpClient.get(C.settings,{queryParams:{tenantId:a},token:t}),(e=>e))),"getSettings is deprecated, please use loadSettings instead"),deleteSettings:a=>s(e.httpClient.delete(C.settings,{queryParams:{tenantId:a},token:t})),configureSettings:r(((a,n,o,i,r,l)=>s(e.httpClient.post(C.settings,{tenantId:a,idpURL:n,entityId:i,idpCert:o,redirectURL:r,domains:l},{token:t}))),"configureSettings is deprecated, please use configureSAMLSettings instead "),configureMetadata:r(((a,n,o,i)=>s(e.httpClient.post(C.metadata,{tenantId:a,idpMetadataURL:n,redirectURL:o,domains:i},{token:t}))),"configureMetadata is deprecated, please use configureSAMLByMetadata instead"),configureMapping:(a,n,o)=>s(e.httpClient.post(C.mapping,{tenantId:a,roleMappings:n,attributeMapping:o},{token:t})),configureOIDCSettings:(a,n,o)=>{const i=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete i.attributeMapping,s(e.httpClient.post(C.oidc.configure,{tenantId:a,settings:i,domains:o},{token:t}))},configureSAMLSettings:(a,n,o,i)=>s(e.httpClient.post(C.saml.configure,{tenantId:a,settings:n,redirectUrl:o,domains:i},{token:t})),configureSAMLByMetadata:(a,n,o,i)=>s(e.httpClient.post(C.saml.metadata,{tenantId:a,settings:n,redirectUrl:o,domains:i},{token:t})),loadSettings:a=>s(e.httpClient.get(C.settingsv2,{queryParams:{tenantId:a},token:t}),(e=>{var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}))}),U=(e,t)=>({create:(a,n,o,i,r,l)=>s(e.httpClient.post(h.create,{name:a,expireTime:n,roleNames:o,keyTenants:i,userId:r,customClaims:l},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(h.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,n)=>s(e.httpClient.post(h.update,{id:a,name:n},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(h.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(h.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t}))}),D=(e,t)=>({list:()=>s(e.httpClient.post(w.list,{},{token:t})),delete:a=>s(e.httpClient.post(w.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(w.export,{flowId:a},{token:t})),import:(a,n,o)=>s(e.httpClient.post(w.import,{flowId:a,flow:n,screens:o},{token:t}))}),F=(e,t)=>({export:()=>s(e.httpClient.post(A.export,{},{token:t})),import:a=>s(e.httpClient.post(A.import,{theme:a},{token:t}))}),z=(e,t)=>({search:a=>{const n=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete n.loginIds,s(e.httpClient.post(O.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),q=(e,t)=>({saveSchema:(a,n)=>s(e.httpClient.post(N.schemaSave,{schema:a,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(N.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(N.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,n,o)=>s(e.httpClient.post(N.nsSave,{namespace:a,oldName:n,schemaName:o},{token:t})),deleteNamespace:(a,n)=>s(e.httpClient.post(N.nsDelete,{name:a,schemaName:n},{token:t})),saveRelationDefinition:(a,n,o,i)=>s(e.httpClient.post(N.rdSave,{relationDefinition:a,namespace:n,oldName:o,schemaName:i},{token:t})),deleteRelationDefinition:(a,n,o)=>s(e.httpClient.post(N.rdDelete,{name:a,namespace:n,schemaName:o},{token:t})),createRelations:a=>s(e.httpClient.post(N.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(N.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(N.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(N.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,n,o)=>s(e.httpClient.post(N.who,{resource:a,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(N.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(N.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(N.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(N.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))}),$=(e,t)=>({createOidcApplication:a=>{var n;return s(e.httpClient.post(k.oidcCreate,Object.assign(Object.assign({},a),{enabled:null===(n=a.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:a=>{var n;return s(e.httpClient.post(k.samlCreate,Object.assign(Object.assign({},a),{enabled:null===(n=a.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:a=>s(e.httpClient.post(k.oidcUpdate,Object.assign({},a),{token:t})),updateSamlApplication:a=>s(e.httpClient.post(k.samlUpdate,Object.assign({},a),{token:t})),delete:a=>s(e.httpClient.post(k.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(k.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.apps))}),J=(e,t)=>({getSettings:a=>s(e.httpClient.get(y.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),configureSettings:(a,n)=>s(e.httpClient.post(y.settings,Object.assign(Object.assign({},n),{tenantId:a}),{token:t}))});var K;null!==(K=globalThis.Headers)&&void 0!==K||(globalThis.Headers=l);const G=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),d(...e)),B={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},H=s=>{var r,{managementKey:l,publicKey:d}=s,c=e(s,["managementKey","publicKey"]);const u=t(Object.assign(Object.assign({fetch:G},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.6.5"})})),{projectId:h,logger:v}=c,k={},C=((e,t)=>({user:P(e,t),project:j(e,t),accessKey:U(e,t),tenant:T(e,t),ssoApplication:$(e,t),sso:L(e,t),jwt:M(e,t),permission:R(e,t),password:J(e,t),role:E(e,t),group:x(e,t),flow:D(e,t),theme:F(e,t),audit:z(e,t),authz:q(e,t)}))(u,l),f=Object.assign(Object.assign({},u),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(d)try{const e=JSON.parse(d),t=await i(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await n(e,f.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const a=await f.refresh(e);if(a.ok){return await f.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e,t){if(!e)throw Error("access key must not be empty");let s;try{s=await f.accessKey.exchange(e,t)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=s.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const a=m(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const a=m(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const a=m(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const a=m(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],p)};H.RefreshTokenCookieName="DSR",H.SessionTokenCookieName="DS";export{H as default,B as descopeErrors};
2
2
  //# sourceMappingURL=index.esm.js.map