@descope/node-sdk 1.6.7 → 1.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +24 -7
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +181 -6
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +3 -3
package/dist/index.d.ts CHANGED
@@ -110,6 +110,8 @@ declare type AccessKey = {
110
110
  createdBy: string;
111
111
  clientId: string;
112
112
  boundUserId?: string;
113
+ description?: string;
114
+ permittedIps?: string[];
113
115
  };
114
116
  /** Access Key extended details including created key cleartext */
115
117
  declare type CreatedAccessKeyResponse = {
@@ -319,6 +321,7 @@ declare type User = {
319
321
  additionalLoginIds?: string[];
320
322
  password?: string;
321
323
  hashedPassword?: UserPasswordHashed;
324
+ seed?: string;
322
325
  };
323
326
  declare type UserPasswordHashed = {
324
327
  bcrypt?: UserPasswordBcrypt;
@@ -436,6 +439,10 @@ declare type SSOSAMLByMetadataSettings = {
436
439
  roleMappings?: RoleMappings;
437
440
  attributeMapping?: AttributeMapping;
438
441
  };
442
+ declare type ProviderTokenOptions = {
443
+ withRefreshToken?: boolean;
444
+ forceRefresh?: boolean;
445
+ };
439
446
  declare type ProviderTokenResponse = {
440
447
  provider: string;
441
448
  providerUserId: string;
@@ -470,6 +477,16 @@ declare type AuditSearchOptions = {
470
477
  from?: number;
471
478
  to?: number;
472
479
  };
480
+ declare type AuditType = 'info' | 'warn' | 'error';
481
+ /** Audit create options for creating audit event */
482
+ declare type AuditCreateOptions = {
483
+ userId?: string;
484
+ action: string;
485
+ type: AuditType;
486
+ actorId: string;
487
+ tenantId: string;
488
+ data?: Record<string, any>;
489
+ };
473
490
  /** Audit record response from the audit trail. Occurred is in milliseconds. */
474
491
  declare type AuditRecord = {
475
492
  projectId: string;
@@ -591,6 +608,21 @@ interface UserOptions {
591
608
  additionalLoginIds?: string[];
592
609
  ssoAppIds?: string[];
593
610
  }
611
+ interface PatchUserOptions {
612
+ email?: string;
613
+ phone?: string;
614
+ displayName?: string;
615
+ roles?: string[];
616
+ userTenants?: AssociatedTenant[];
617
+ customAttributes?: Record<string, AttributesTypes>;
618
+ picture?: string;
619
+ verifiedEmail?: boolean;
620
+ verifiedPhone?: boolean;
621
+ givenName?: string;
622
+ middleName?: string;
623
+ familyName?: string;
624
+ ssoAppIds?: string[];
625
+ }
594
626
 
595
627
  /** Common Error Codes */
596
628
  declare const descopeErrors: {
@@ -635,6 +667,23 @@ declare const nodeSdk: {
635
667
  (loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
636
668
  (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
637
669
  };
670
+ patch: (loginId: string, options: PatchUserOptions) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
671
+ /** Descope SDK client with delivery methods enum.
672
+ *
673
+ * Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}
674
+ * @example Usage
675
+ *
676
+ * ```js
677
+ * import descopeSdk from '@descope/node-sdk';
678
+ *
679
+ * const myProjectId = 'xxx';
680
+ * const sdk = descopeSdk({ projectId: myProjectId });
681
+ *
682
+ * const userLoginId = 'loginId';
683
+ * sdk.otp.signIn.email(userLoginId);
684
+ * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);
685
+ * ```
686
+ */
638
687
  delete: (loginId: string) => Promise<SdkResponse<never>>;
639
688
  deleteByUserId: (userId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
640
689
  deleteAllTestUsers: () => Promise<SdkResponse<never>>;
@@ -661,7 +710,7 @@ declare const nodeSdk: {
661
710
  testUsersOnly?: boolean;
662
711
  ssoAppIds?: string[];
663
712
  }) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
664
- getProviderToken: (loginId: string, provider: string) => Promise<SdkResponse<ProviderTokenResponse>>;
713
+ getProviderToken: (loginId: string, provider: string, providerTokenOptions?: ProviderTokenOptions) => Promise<SdkResponse<ProviderTokenResponse>>;
665
714
  activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
666
715
  deactivate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
667
716
  updateLoginId: (loginId: string, newLoginId?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -699,10 +748,10 @@ declare const nodeSdk: {
699
748
  import: (files: Record<string, any>) => Promise<SdkResponse<never>>;
700
749
  };
701
750
  accessKey: {
702
- create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[], userId?: string, customClaims?: Record<string, any>) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
751
+ create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[], userId?: string, customClaims?: Record<string, any>, description?: string, permittedIps?: string[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
703
752
  load: (id: string) => Promise<SdkResponse<AccessKey>>;
704
753
  searchAll: (tenantIds?: string[]) => Promise<SdkResponse<AccessKey[]>>;
705
- update: (id: string, name: string) => Promise<SdkResponse<AccessKey>>;
754
+ update: (id: string, name: string, description?: string) => Promise<SdkResponse<AccessKey>>;
706
755
  deactivate: (id: string) => Promise<SdkResponse<never>>;
707
756
  activate: (id: string) => Promise<SdkResponse<never>>;
708
757
  delete: (id: string) => Promise<SdkResponse<never>>;
@@ -711,7 +760,7 @@ declare const nodeSdk: {
711
760
  create: (name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<CreateTenantResponse>>;
712
761
  createWithId: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<never>>;
713
762
  update: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<never>>;
714
- delete: (id: string) => Promise<SdkResponse<never>>;
763
+ delete: (id: string, cascade?: boolean) => Promise<SdkResponse<never>>;
715
764
  load: (id: string) => Promise<SdkResponse<Tenant>>;
716
765
  loadAll: () => Promise<SdkResponse<Tenant[]>>;
717
766
  searchAll: (ids?: string[], names?: string[], selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<Tenant[]>>;
@@ -780,6 +829,7 @@ declare const nodeSdk: {
780
829
  };
781
830
  audit: {
782
831
  search: (searchOptions: AuditSearchOptions) => Promise<SdkResponse<AuditRecord[]>>;
832
+ createEvent: (createOptions: AuditCreateOptions) => Promise<SdkResponse<never>>;
783
833
  };
784
834
  authz: {
785
835
  saveSchema: (schema: AuthzSchema, upgrade: boolean) => Promise<SdkResponse<never>>;
@@ -823,6 +873,10 @@ declare const nodeSdk: {
823
873
  refreshJwt?: string;
824
874
  cookies?: string[];
825
875
  }>>;
876
+ voice: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
877
+ refreshJwt?: string;
878
+ cookies?: string[];
879
+ }>>;
826
880
  whatsapp: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
827
881
  refreshJwt?: string;
828
882
  cookies?: string[];
@@ -836,6 +890,9 @@ declare const nodeSdk: {
836
890
  sms: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
837
891
  maskedPhone: string;
838
892
  }>>;
893
+ voice: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
894
+ maskedPhone: string;
895
+ }>>;
839
896
  whatsapp: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
840
897
  maskedPhone: string;
841
898
  }>>;
@@ -859,6 +916,21 @@ declare const nodeSdk: {
859
916
  }) => Promise<SdkResponse<{
860
917
  maskedPhone: string;
861
918
  }>>;
919
+ voice: (loginId: string, user?: {
920
+ email?: string;
921
+ name?: string;
922
+ givenName?: string;
923
+ middleName?: string;
924
+ familyName?: string;
925
+ phone?: string;
926
+ }, signUpOptions?: {
927
+ customClaims?: Record<string, any>;
928
+ templateOptions?: {
929
+ [x: string]: string;
930
+ };
931
+ }) => Promise<SdkResponse<{
932
+ maskedPhone: string;
933
+ }>>;
862
934
  whatsapp: (loginId: string, user?: {
863
935
  email?: string;
864
936
  name?: string;
@@ -894,6 +966,9 @@ declare const nodeSdk: {
894
966
  sms: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
895
967
  maskedPhone: string;
896
968
  }>>;
969
+ voice: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
970
+ maskedPhone: string;
971
+ }>>;
897
972
  whatsapp: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
898
973
  maskedPhone: string;
899
974
  }>>;
@@ -921,6 +996,15 @@ declare const nodeSdk: {
921
996
  }) => Promise<SdkResponse<{
922
997
  maskedPhone: string;
923
998
  }>>;
999
+ voice: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1000
+ addToLoginIDs?: T_1;
1001
+ onMergeUseExisting?: T_1 extends true ? boolean : never;
1002
+ templateOptions?: {
1003
+ [x: string]: string;
1004
+ };
1005
+ }) => Promise<SdkResponse<{
1006
+ maskedPhone: string;
1007
+ }>>;
924
1008
  whatsapp: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
925
1009
  addToLoginIDs?: T_1;
926
1010
  onMergeUseExisting?: T_1 extends true ? boolean : never;
@@ -942,6 +1026,9 @@ declare const nodeSdk: {
942
1026
  sms: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
943
1027
  maskedPhone: string;
944
1028
  }>>;
1029
+ voice: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
1030
+ maskedPhone: string;
1031
+ }>>;
945
1032
  whatsapp: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
946
1033
  maskedPhone: string;
947
1034
  }>>;
@@ -965,6 +1052,21 @@ declare const nodeSdk: {
965
1052
  }) => Promise<SdkResponse<{
966
1053
  maskedPhone: string;
967
1054
  }>>;
1055
+ voice: (loginId: string, URI: string, user?: {
1056
+ email?: string;
1057
+ name?: string;
1058
+ givenName?: string;
1059
+ middleName?: string;
1060
+ familyName?: string;
1061
+ phone?: string;
1062
+ }, signUpOptions?: {
1063
+ customClaims?: Record<string, any>;
1064
+ templateOptions?: {
1065
+ [x: string]: string;
1066
+ };
1067
+ }) => Promise<SdkResponse<{
1068
+ maskedPhone: string;
1069
+ }>>;
968
1070
  whatsapp: (loginId: string, URI: string, user?: {
969
1071
  email?: string;
970
1072
  name?: string;
@@ -1005,6 +1107,14 @@ declare const nodeSdk: {
1005
1107
  }) => Promise<SdkResponse<{
1006
1108
  maskedPhone: string;
1007
1109
  }>>;
1110
+ voice: (loginId: string, URI?: string, signUpOptions?: {
1111
+ customClaims?: Record<string, any>;
1112
+ templateOptions?: {
1113
+ [x: string]: string;
1114
+ };
1115
+ }) => Promise<SdkResponse<{
1116
+ maskedPhone: string;
1117
+ }>>;
1008
1118
  whatsapp: (loginId: string, URI?: string, signUpOptions?: {
1009
1119
  customClaims?: Record<string, any>;
1010
1120
  templateOptions?: {
@@ -1042,6 +1152,15 @@ declare const nodeSdk: {
1042
1152
  }) => Promise<SdkResponse<{
1043
1153
  maskedPhone: string;
1044
1154
  }>>;
1155
+ voice: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1156
+ addToLoginIDs?: T_3;
1157
+ onMergeUseExisting?: T_3 extends true ? boolean : never;
1158
+ templateOptions?: {
1159
+ [x: string]: string;
1160
+ };
1161
+ }) => Promise<SdkResponse<{
1162
+ maskedPhone: string;
1163
+ }>>;
1045
1164
  whatsapp: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1046
1165
  addToLoginIDs?: T_3;
1047
1166
  onMergeUseExisting?: T_3 extends true ? boolean : never;
@@ -1112,7 +1231,7 @@ declare const nodeSdk: {
1112
1231
  refreshJwt?: string;
1113
1232
  cookies?: string[];
1114
1233
  }>>;
1115
- startNative: (provider: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
1234
+ startNative: (provider: string, loginOptions?: _descope_core_js_sdk.LoginOptions, implicit?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
1116
1235
  finishNative: (provider: string, stateId: string, user?: string, code?: string, idToken?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
1117
1236
  };
1118
1237
  saml: {
@@ -1137,6 +1256,44 @@ declare const nodeSdk: {
1137
1256
  }>>;
1138
1257
  update: (loginId: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.TOTPResponse>>;
1139
1258
  };
1259
+ notp: {
1260
+ signUpOrIn: (loginId?: string, signUpOptions?: {
1261
+ customClaims?: Record<string, any>;
1262
+ templateOptions?: {
1263
+ [x: string]: string;
1264
+ };
1265
+ }) => Promise<SdkResponse<{
1266
+ pendingRef: string;
1267
+ redirectUrl: string;
1268
+ image: string;
1269
+ }>>;
1270
+ signUp: (loginId?: string, user?: {
1271
+ email?: string;
1272
+ name?: string;
1273
+ givenName?: string;
1274
+ middleName?: string;
1275
+ familyName?: string;
1276
+ phone?: string;
1277
+ }, signUpOptions?: {
1278
+ customClaims?: Record<string, any>;
1279
+ templateOptions?: {
1280
+ [x: string]: string;
1281
+ };
1282
+ }) => Promise<SdkResponse<{
1283
+ pendingRef: string;
1284
+ redirectUrl: string;
1285
+ image: string;
1286
+ }>>;
1287
+ signIn: (loginId?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
1288
+ pendingRef: string;
1289
+ redirectUrl: string;
1290
+ image: string;
1291
+ }>>;
1292
+ waitForSession: (pendingRef: string, config?: {
1293
+ pollingIntervalMs: number;
1294
+ timeoutMs: number;
1295
+ }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1296
+ };
1140
1297
  webauthn: {
1141
1298
  signUp: {
1142
1299
  start: (loginId: string, origin: string, name: string) => Promise<SdkResponse<{
@@ -1184,8 +1341,13 @@ declare const nodeSdk: {
1184
1341
  middleName?: string;
1185
1342
  familyName?: string;
1186
1343
  phone?: string;
1344
+ }, signUpOptions?: {
1345
+ customClaims?: Record<string, any>;
1346
+ templateOptions?: {
1347
+ [x: string]: string;
1348
+ };
1187
1349
  }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1188
- signIn: (loginId: string, password: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1350
+ signIn: (loginId: string, password: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1189
1351
  sendReset: (loginId: string, redirectUrl?: string, templateOptions?: {
1190
1352
  [x: string]: string;
1191
1353
  }) => Promise<SdkResponse<{
@@ -1231,6 +1393,8 @@ declare const nodeSdk: {
1231
1393
  abTestingKey?: number;
1232
1394
  startOptionsVersion?: number;
1233
1395
  client?: Record<string, any>;
1396
+ locale?: string;
1397
+ oidcPrompt?: string;
1234
1398
  }, conditionInteractionId?: string, interactionId?: string, version?: number, componentsVersion?: string, input?: {
1235
1399
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
1236
1400
  }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
@@ -1266,6 +1430,13 @@ declare const nodeSdk: {
1266
1430
  };
1267
1431
  token?: string;
1268
1432
  }) => Promise<Response>;
1433
+ patch: (path: string, body?: any, config?: {
1434
+ headers?: HeadersInit;
1435
+ queryParams?: {
1436
+ [key: string]: string;
1437
+ };
1438
+ token?: string;
1439
+ }) => Promise<Response>;
1269
1440
  put: (path: string, body?: any, config?: {
1270
1441
  headers?: HeadersInit;
1271
1442
  queryParams?: {
@@ -1283,7 +1454,11 @@ declare const nodeSdk: {
1283
1454
  hooks?: {
1284
1455
  beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
1285
1456
  afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
1457
+ transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
1286
1458
  };
1459
+ buildUrl: (path: string, queryParams?: {
1460
+ [key: string]: string;
1461
+ }) => string;
1287
1462
  };
1288
1463
  };
1289
1464
  /** Descope SDK client with delivery methods enum.
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";const d=t=>async(...s)=>{var a,o,n;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function p(e,t,s){var a,o;const n=s?null===(o=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function m(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var g={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},c={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone",export:"/v1/mgmt/project/export",import:"/v1/mgmt/project/import"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},k={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},C={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate"},f={settings:"/v1/mgmt/password/settings"},y={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},I={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},b={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},A={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},O={search:"/v1/mgmt/audit/search"},S={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const N=(e,t)=>({create:function(a,o,n,i,r,l,d,p,m,c,u,h,v,k){const C="string"==typeof o?{loginId:a,email:o,phone:n,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(g.create,C,{token:t}),(e=>e.user))},createTestUser:function(a,o,n,i,r,l,d,p,m,c,u,h,v,k){const C="string"==typeof o?{loginId:a,email:o,phone:n,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(g.create,C,{token:t}),(e=>e.user))},invite:function(a,o,n,i,r,l,d,p,m,c,u,h,v,k,C,f,y){const I="string"==typeof o?{loginId:a,email:o,phone:n,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:u,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(g.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,o,n,i,r)=>s(e.httpClient.post(g.createBatch,{users:a,invite:!0,inviteUrl:o,sendMail:n,sendSMS:i,templateOptions:r},{token:t}),(e=>e)),update:function(a,o,n,i,r,l,d,p,m,c,u,h,v,k){const C="string"==typeof o?{loginId:a,email:o,phone:n,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(g.update,C,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(g.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(g.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(g.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(g.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(g.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(g.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(g.logout,{userId:a},{token:t})),searchAll:(a,o,n,i,r,l,d,p,m,c)=>s(e.httpClient.post(g.search,{tenantIds:a,roleNames:o,limit:n,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),search:a=>s(e.httpClient.post(g.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,o)=>s(e.httpClient.get(g.getProviderToken,{queryParams:{loginId:a,provider:o},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(g.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(g.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,o)=>s(e.httpClient.post(g.updateLoginId,{loginId:a,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(a,o,n)=>s(e.httpClient.post(g.updateEmail,{loginId:a,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(a,o,n)=>s(e.httpClient.post(g.updatePhone,{loginId:a,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(a,o,n,i,r)=>s(e.httpClient.post(g.updateDisplayName,{loginId:a,displayName:o,givenName:n,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(a,o)=>s(e.httpClient.post(g.updatePicture,{loginId:a,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(a,o,n)=>s(e.httpClient.post(g.updateCustomAttribute,{loginId:a,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),setRoles:(a,o)=>s(e.httpClient.post(g.setRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),addRoles:(a,o)=>s(e.httpClient.post(g.addRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(a,o)=>s(e.httpClient.post(g.removeRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),addTenant:(a,o)=>s(e.httpClient.post(g.addTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(a,o)=>s(e.httpClient.post(g.removeTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(a,o,n)=>s(e.httpClient.post(g.setRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),addTenantRoles:(a,o,n)=>s(e.httpClient.post(g.addRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(a,o,n)=>s(e.httpClient.post(g.removeRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),addSSOapps:(a,o)=>s(e.httpClient.post(g.addSSOApps,{loginId:a,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(a,o)=>s(e.httpClient.post(g.setSSOApps,{loginId:a,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(a,o)=>s(e.httpClient.post(g.removeSSOApps,{loginId:a,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,o,n)=>s(e.httpClient.post(g.generateOTPForTest,{deliveryMethod:a,loginId:o,loginOptions:n},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,o,n,i)=>s(e.httpClient.post(g.generateMagicLinkForTest,{deliveryMethod:a,loginId:o,URI:n,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,o,n)=>s(e.httpClient.post(g.generateEnchantedLinkForTest,{loginId:a,URI:o,loginOptions:n},{token:t}),(e=>e)),generateEmbeddedLink:(a,o)=>s(e.httpClient.post(g.generateEmbeddedLink,{loginId:a,customClaims:o},{token:t}),(e=>e)),setTemporaryPassword:(a,o)=>s(e.httpClient.post(g.setTemporaryPassword,{loginId:a,password:o},{token:t}),(e=>e)),setActivePassword:(a,o)=>s(e.httpClient.post(g.setActivePassword,{loginId:a,password:o},{token:t}),(e=>e)),setPassword:(a,o)=>s(e.httpClient.post(g.setPassword,{loginId:a,password:o},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(g.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(g.removeAllPasskeys,{loginId:a},{token:t}),(e=>e)),history:a=>s(e.httpClient.post(g.history,a,{token:t}),(e=>e))}),P=(e,t)=>({updateName:a=>s(e.httpClient.post(c.updateName,{name:a},{token:t})),clone:(a,o)=>s(e.httpClient.post(c.clone,{name:a,tag:o},{token:t})),export:()=>s(e.httpClient.post(c.export,{},{token:t}),(e=>e.files)),import:a=>s(e.httpClient.post(c.import,{files:a},{token:t}))}),j=(e,t)=>({create:(a,o,n)=>s(e.httpClient.post(h.create,{name:a,selfProvisioningDomains:o,customAttributes:n},{token:t})),createWithId:(a,o,n,i)=>s(e.httpClient.post(h.create,{id:a,name:o,selfProvisioningDomains:n,customAttributes:i},{token:t})),update:(a,o,n,i)=>s(e.httpClient.post(h.update,{id:a,name:o,selfProvisioningDomains:n,customAttributes:i},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,o,n,i)=>s(e.httpClient.post(h.searchAll,{tenantIds:a,tenantNames:o,tenantSelfProvisioningDomains:n,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:a=>s(e.httpClient.get(h.settings,{queryParams:{id:a},token:t}),(e=>e)),configureSettings:(a,o)=>s(e.httpClient.post(h.settings,Object.assign(Object.assign({},o),{tenantId:a}),{token:t}))}),T=(e,t)=>({update:(a,o)=>s(e.httpClient.post(C.update,{jwt:a,customClaims:o},{token:t})),impersonate:(a,o,n)=>s(e.httpClient.post(C.impersonate,{impersonatorId:a,loginId:o,validateConsent:n},{token:t}))}),R=(e,t)=>({create:(a,o)=>s(e.httpClient.post(y.create,{name:a,description:o},{token:t})),update:(a,o,n)=>s(e.httpClient.post(y.update,{name:a,newName:o,description:n},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.permissions))}),M=(e,t)=>({create:(a,o,n,i)=>s(e.httpClient.post(I.create,{name:a,description:o,permissionNames:n,tenantId:i},{token:t})),update:(a,o,n,i,r)=>s(e.httpClient.post(I.update,{name:a,newName:o,description:n,permissionNames:i,tenantId:r},{token:t})),delete:(a,o)=>s(e.httpClient.post(I.delete,{name:a,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(I.loadAll,{token:t}),(e=>e.roles)),search:a=>s(e.httpClient.post(I.search,a,{token:t}),(e=>e.roles))}),E=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(A.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,o,n)=>s(e.httpClient.post(A.loadAllGroupsForMember,{tenantId:a,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(a,o)=>s(e.httpClient.post(A.loadAllGroupMembers,{tenantId:a,groupId:o},{token:t}))}),x=(e,t)=>({getSettings:a=>s(e.httpClient.get(k.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(k.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,o,n,i,r,l)=>s(e.httpClient.post(k.settings,{tenantId:a,idpURL:o,entityId:i,idpCert:n,redirectURL:r,domains:l},{token:t})),configureMetadata:(a,o,n,i)=>s(e.httpClient.post(k.metadata,{tenantId:a,idpMetadataURL:o,redirectURL:n,domains:i},{token:t})),configureMapping:(a,o,n)=>s(e.httpClient.post(k.mapping,{tenantId:a,roleMappings:o,attributeMapping:n},{token:t})),configureOIDCSettings:(a,o,n)=>{const i=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete i.attributeMapping,s(e.httpClient.post(k.oidc.configure,{tenantId:a,settings:i,domains:n},{token:t}))},configureSAMLSettings:(a,o,n,i)=>s(e.httpClient.post(k.saml.configure,{tenantId:a,settings:o,redirectUrl:n,domains:i},{token:t})),configureSAMLByMetadata:(a,o,n,i)=>s(e.httpClient.post(k.saml.metadata,{tenantId:a,settings:o,redirectUrl:n,domains:i},{token:t})),loadSettings:a=>s(e.httpClient.get(k.settingsv2,{queryParams:{tenantId:a},token:t}),(e=>{var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}))}),U=(e,t)=>({create:(a,o,n,i,r,l)=>s(e.httpClient.post(u.create,{name:a,expireTime:o,roleNames:n,keyTenants:i,userId:r,customClaims:l},{token:t})),load:a=>s(e.httpClient.get(u.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(u.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,o)=>s(e.httpClient.post(u.update,{id:a,name:o},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(u.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(u.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(u.delete,{id:a},{token:t}))}),L=(e,t)=>({list:()=>s(e.httpClient.post(b.list,{},{token:t})),delete:a=>s(e.httpClient.post(b.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(b.export,{flowId:a},{token:t})),import:(a,o,n)=>s(e.httpClient.post(b.import,{flowId:a,flow:o,screens:n},{token:t}))}),D=(e,t)=>({export:()=>s(e.httpClient.post(w.export,{},{token:t})),import:a=>s(e.httpClient.post(w.import,{theme:a},{token:t}))}),F=(e,t)=>({search:a=>{const o=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete o.loginIds,s(e.httpClient.post(O.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),z=(e,t)=>({saveSchema:(a,o)=>s(e.httpClient.post(S.schemaSave,{schema:a,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(S.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(S.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,o,n)=>s(e.httpClient.post(S.nsSave,{namespace:a,oldName:o,schemaName:n},{token:t})),deleteNamespace:(a,o)=>s(e.httpClient.post(S.nsDelete,{name:a,schemaName:o},{token:t})),saveRelationDefinition:(a,o,n,i)=>s(e.httpClient.post(S.rdSave,{relationDefinition:a,namespace:o,oldName:n,schemaName:i},{token:t})),deleteRelationDefinition:(a,o,n)=>s(e.httpClient.post(S.rdDelete,{name:a,namespace:o,schemaName:n},{token:t})),createRelations:a=>s(e.httpClient.post(S.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(S.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(S.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(S.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,o,n)=>s(e.httpClient.post(S.who,{resource:a,relationDefinition:o,namespace:n},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(S.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(S.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(S.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(S.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))}),q=(e,t)=>({createOidcApplication:a=>{var o;return s(e.httpClient.post(v.oidcCreate,Object.assign(Object.assign({},a),{enabled:null===(o=a.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:a=>{var o;return s(e.httpClient.post(v.samlCreate,Object.assign(Object.assign({},a),{enabled:null===(o=a.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:a=>s(e.httpClient.post(v.oidcUpdate,Object.assign({},a),{token:t})),updateSamlApplication:a=>s(e.httpClient.post(v.samlUpdate,Object.assign({},a),{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.apps))}),$=(e,t)=>({getSettings:a=>s(e.httpClient.get(f.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),configureSettings:(a,o)=>s(e.httpClient.post(f.settings,Object.assign(Object.assign({},o),{tenantId:a}),{token:t}))});var J;null!==(J=globalThis.Headers)&&void 0!==J||(globalThis.Headers=r);const K=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),G={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},B=s=>{var r,{managementKey:l,publicKey:g}=s,c=e(s,["managementKey","publicKey"]);const u=t(Object.assign(Object.assign({fetch:K},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.6.7"})})),{projectId:h,logger:v}=c,k={},C=((e,t)=>({user:N(e,t),project:P(e,t),accessKey:U(e,t),tenant:j(e,t),ssoApplication:q(e,t),sso:x(e,t),jwt:T(e,t),permission:R(e,t),password:$(e,t),role:M(e,t),group:E(e,t),flow:L(e,t),theme:D(e,t),audit:F(e,t),authz:z(e,t)}))(u,l),f=Object.assign(Object.assign({},u),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(g)try{const e=JSON.parse(g),t=await i(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await o(e,f.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const a=await f.refresh(e);if(a.ok){return await f.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e,t){if(!e)throw Error("access key must not be empty");let s;try{s=await f.accessKey.exchange(e,t)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=s.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!m(e,t))return[];const a=p(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!m(e,t))return[];const a=p(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};B.RefreshTokenCookieName="DSR",B.SessionTokenCookieName="DS";export{B as default,G as descopeErrors};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";const d=t=>async(...s)=>{var a,o,n;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function p(e,t,s){var a,o;const n=s?null===(o=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function m(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var c={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},u={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone",export:"/v1/mgmt/project/export",import:"/v1/mgmt/project/import"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},k={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},C={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate"},f={settings:"/v1/mgmt/password/settings"},y={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},I={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},b={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},A={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},N={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},O={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const S=(e,t)=>({create:function(a,o,n,i,r,l,d,p,m,u,g,h,v,k){const C="string"==typeof o?{loginId:a,email:o,phone:n,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:u,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(c.create,C,{token:t}),(e=>e.user))},createTestUser:function(a,o,n,i,r,l,d,p,m,u,g,h,v,k){const C="string"==typeof o?{loginId:a,email:o,phone:n,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:u,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(c.create,C,{token:t}),(e=>e.user))},invite:function(a,o,n,i,r,l,d,p,m,u,g,h,v,k,C,f,y){const I="string"==typeof o?{loginId:a,email:o,phone:n,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:u,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(c.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,o,n,i,r)=>s(e.httpClient.post(c.createBatch,{users:a,invite:!0,inviteUrl:o,sendMail:n,sendSMS:i,templateOptions:r},{token:t}),(e=>e)),update:function(a,o,n,i,r,l,d,p,m,u,g,h,v,k){const C="string"==typeof o?{loginId:a,email:o,phone:n,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:u,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(c.update,C,{token:t}),(e=>e.user))},patch:function(a,o){const n={loginId:a};return void 0!==o.email&&(n.email=o.email),void 0!==o.phone&&(n.phone=o.phone),void 0!==o.displayName&&(n.displayName=o.displayName),void 0!==o.givenName&&(n.givenName=o.givenName),void 0!==o.middleName&&(n.middleName=o.middleName),void 0!==o.familyName&&(n.familyName=o.familyName),void 0!==o.roles&&(n.roleNames=o.roles),void 0!==o.userTenants&&(n.userTenants=o.userTenants),void 0!==o.customAttributes&&(n.customAttributes=o.customAttributes),void 0!==o.picture&&(n.picture=o.picture),void 0!==o.verifiedEmail&&(n.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(n.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(n.ssoAppIds=o.ssoAppIds),s(e.httpClient.patch(c.patch,n,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(c.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(c.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(c.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(c.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(c.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(c.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(c.logout,{userId:a},{token:t})),searchAll:(a,o,n,i,r,l,d,p,m,u)=>s(e.httpClient.post(c.search,{tenantIds:a,roleNames:o,limit:n,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:u},{token:t}),(e=>e.users)),search:a=>s(e.httpClient.post(c.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,o,n)=>s(e.httpClient.get(c.getProviderToken,{queryParams:{loginId:a,provider:o,withRefreshToken:(null==n?void 0:n.withRefreshToken)?"true":"false",forceRefresh:(null==n?void 0:n.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(c.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(c.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,o)=>s(e.httpClient.post(c.updateLoginId,{loginId:a,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(a,o,n)=>s(e.httpClient.post(c.updateEmail,{loginId:a,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(a,o,n)=>s(e.httpClient.post(c.updatePhone,{loginId:a,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(a,o,n,i,r)=>s(e.httpClient.post(c.updateDisplayName,{loginId:a,displayName:o,givenName:n,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(a,o)=>s(e.httpClient.post(c.updatePicture,{loginId:a,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(a,o,n)=>s(e.httpClient.post(c.updateCustomAttribute,{loginId:a,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),setRoles:(a,o)=>s(e.httpClient.post(c.setRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),addRoles:(a,o)=>s(e.httpClient.post(c.addRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(a,o)=>s(e.httpClient.post(c.removeRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),addTenant:(a,o)=>s(e.httpClient.post(c.addTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(a,o)=>s(e.httpClient.post(c.removeTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(a,o,n)=>s(e.httpClient.post(c.setRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),addTenantRoles:(a,o,n)=>s(e.httpClient.post(c.addRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(a,o,n)=>s(e.httpClient.post(c.removeRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),addSSOapps:(a,o)=>s(e.httpClient.post(c.addSSOApps,{loginId:a,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(a,o)=>s(e.httpClient.post(c.setSSOApps,{loginId:a,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(a,o)=>s(e.httpClient.post(c.removeSSOApps,{loginId:a,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,o,n)=>s(e.httpClient.post(c.generateOTPForTest,{deliveryMethod:a,loginId:o,loginOptions:n},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,o,n,i)=>s(e.httpClient.post(c.generateMagicLinkForTest,{deliveryMethod:a,loginId:o,URI:n,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,o,n)=>s(e.httpClient.post(c.generateEnchantedLinkForTest,{loginId:a,URI:o,loginOptions:n},{token:t}),(e=>e)),generateEmbeddedLink:(a,o)=>s(e.httpClient.post(c.generateEmbeddedLink,{loginId:a,customClaims:o},{token:t}),(e=>e)),setTemporaryPassword:(a,o)=>s(e.httpClient.post(c.setTemporaryPassword,{loginId:a,password:o},{token:t}),(e=>e)),setActivePassword:(a,o)=>s(e.httpClient.post(c.setActivePassword,{loginId:a,password:o},{token:t}),(e=>e)),setPassword:(a,o)=>s(e.httpClient.post(c.setPassword,{loginId:a,password:o},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(c.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(c.removeAllPasskeys,{loginId:a},{token:t}),(e=>e)),history:a=>s(e.httpClient.post(c.history,a,{token:t}),(e=>e))}),P=(e,t)=>({updateName:a=>s(e.httpClient.post(u.updateName,{name:a},{token:t})),clone:(a,o)=>s(e.httpClient.post(u.clone,{name:a,tag:o},{token:t})),export:()=>s(e.httpClient.post(u.export,{},{token:t}),(e=>e.files)),import:a=>s(e.httpClient.post(u.import,{files:a},{token:t}))}),T=(e,t)=>({create:(a,o,n)=>s(e.httpClient.post(h.create,{name:a,selfProvisioningDomains:o,customAttributes:n},{token:t})),createWithId:(a,o,n,i)=>s(e.httpClient.post(h.create,{id:a,name:o,selfProvisioningDomains:n,customAttributes:i},{token:t})),update:(a,o,n,i)=>s(e.httpClient.post(h.update,{id:a,name:o,selfProvisioningDomains:n,customAttributes:i},{token:t})),delete:(a,o)=>s(e.httpClient.post(h.delete,{id:a,cascade:o},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,o,n,i)=>s(e.httpClient.post(h.searchAll,{tenantIds:a,tenantNames:o,tenantSelfProvisioningDomains:n,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:a=>s(e.httpClient.get(h.settings,{queryParams:{id:a},token:t}),(e=>e)),configureSettings:(a,o)=>s(e.httpClient.post(h.settings,Object.assign(Object.assign({},o),{tenantId:a}),{token:t}))}),j=(e,t)=>({update:(a,o)=>s(e.httpClient.post(C.update,{jwt:a,customClaims:o},{token:t})),impersonate:(a,o,n)=>s(e.httpClient.post(C.impersonate,{impersonatorId:a,loginId:o,validateConsent:n},{token:t}))}),R=(e,t)=>({create:(a,o)=>s(e.httpClient.post(y.create,{name:a,description:o},{token:t})),update:(a,o,n)=>s(e.httpClient.post(y.update,{name:a,newName:o,description:n},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.permissions))}),E=(e,t)=>({create:(a,o,n,i)=>s(e.httpClient.post(I.create,{name:a,description:o,permissionNames:n,tenantId:i},{token:t})),update:(a,o,n,i,r)=>s(e.httpClient.post(I.update,{name:a,newName:o,description:n,permissionNames:i,tenantId:r},{token:t})),delete:(a,o)=>s(e.httpClient.post(I.delete,{name:a,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(I.loadAll,{token:t}),(e=>e.roles)),search:a=>s(e.httpClient.post(I.search,a,{token:t}),(e=>e.roles))}),M=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(A.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,o,n)=>s(e.httpClient.post(A.loadAllGroupsForMember,{tenantId:a,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(a,o)=>s(e.httpClient.post(A.loadAllGroupMembers,{tenantId:a,groupId:o},{token:t}))}),x=(e,t)=>({getSettings:a=>s(e.httpClient.get(k.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(k.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,o,n,i,r,l)=>s(e.httpClient.post(k.settings,{tenantId:a,idpURL:o,entityId:i,idpCert:n,redirectURL:r,domains:l},{token:t})),configureMetadata:(a,o,n,i)=>s(e.httpClient.post(k.metadata,{tenantId:a,idpMetadataURL:o,redirectURL:n,domains:i},{token:t})),configureMapping:(a,o,n)=>s(e.httpClient.post(k.mapping,{tenantId:a,roleMappings:o,attributeMapping:n},{token:t})),configureOIDCSettings:(a,o,n)=>{const i=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete i.attributeMapping,s(e.httpClient.post(k.oidc.configure,{tenantId:a,settings:i,domains:n},{token:t}))},configureSAMLSettings:(a,o,n,i)=>s(e.httpClient.post(k.saml.configure,{tenantId:a,settings:o,redirectUrl:n,domains:i},{token:t})),configureSAMLByMetadata:(a,o,n,i)=>s(e.httpClient.post(k.saml.metadata,{tenantId:a,settings:o,redirectUrl:n,domains:i},{token:t})),loadSettings:a=>s(e.httpClient.get(k.settingsv2,{queryParams:{tenantId:a},token:t}),(e=>{var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}))}),U=(e,t)=>({create:(a,o,n,i,r,l,d,p)=>s(e.httpClient.post(g.create,{name:a,expireTime:o,roleNames:n,keyTenants:i,userId:r,customClaims:l,description:d,permittedIps:p},{token:t})),load:a=>s(e.httpClient.get(g.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(g.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,o,n)=>s(e.httpClient.post(g.update,{id:a,name:o,description:n},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(g.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(g.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(g.delete,{id:a},{token:t}))}),L=(e,t)=>({list:()=>s(e.httpClient.post(b.list,{},{token:t})),delete:a=>s(e.httpClient.post(b.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(b.export,{flowId:a},{token:t})),import:(a,o,n)=>s(e.httpClient.post(b.import,{flowId:a,flow:o,screens:n},{token:t}))}),D=(e,t)=>({export:()=>s(e.httpClient.post(w.export,{},{token:t})),import:a=>s(e.httpClient.post(w.import,{theme:a},{token:t}))}),F=(e,t)=>({search:a=>{const o=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete o.loginIds,s(e.httpClient.post(N.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:a=>{const o=Object.assign({},a);return s(e.httpClient.post(N.createEvent,o,{token:t}))}}),z=(e,t)=>({saveSchema:(a,o)=>s(e.httpClient.post(O.schemaSave,{schema:a,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(O.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(O.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,o,n)=>s(e.httpClient.post(O.nsSave,{namespace:a,oldName:o,schemaName:n},{token:t})),deleteNamespace:(a,o)=>s(e.httpClient.post(O.nsDelete,{name:a,schemaName:o},{token:t})),saveRelationDefinition:(a,o,n,i)=>s(e.httpClient.post(O.rdSave,{relationDefinition:a,namespace:o,oldName:n,schemaName:i},{token:t})),deleteRelationDefinition:(a,o,n)=>s(e.httpClient.post(O.rdDelete,{name:a,namespace:o,schemaName:n},{token:t})),createRelations:a=>s(e.httpClient.post(O.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(O.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(O.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(O.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,o,n)=>s(e.httpClient.post(O.who,{resource:a,relationDefinition:o,namespace:n},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(O.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(O.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(O.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(O.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))}),q=(e,t)=>({createOidcApplication:a=>{var o;return s(e.httpClient.post(v.oidcCreate,Object.assign(Object.assign({},a),{enabled:null===(o=a.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:a=>{var o;return s(e.httpClient.post(v.samlCreate,Object.assign(Object.assign({},a),{enabled:null===(o=a.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:a=>s(e.httpClient.post(v.oidcUpdate,Object.assign({},a),{token:t})),updateSamlApplication:a=>s(e.httpClient.post(v.samlUpdate,Object.assign({},a),{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.apps))}),$=(e,t)=>({getSettings:a=>s(e.httpClient.get(f.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),configureSettings:(a,o)=>s(e.httpClient.post(f.settings,Object.assign(Object.assign({},o),{tenantId:a}),{token:t}))});var J;null!==(J=globalThis.Headers)&&void 0!==J||(globalThis.Headers=r);const K=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),G={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},B=s=>{var r,{managementKey:l,publicKey:c}=s,u=e(s,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:K},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.6.9"})})),{projectId:h,logger:v}=u,k={},C=((e,t)=>({user:S(e,t),project:P(e,t),accessKey:U(e,t),tenant:T(e,t),ssoApplication:q(e,t),sso:x(e,t),jwt:j(e,t),permission:R(e,t),password:$(e,t),role:E(e,t),group:M(e,t),flow:L(e,t),theme:D(e,t),audit:F(e,t),authz:z(e,t)}))(g,l),f=Object.assign(Object.assign({},g),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(c)try{const e=JSON.parse(c),t=await i(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await o(e,f.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const a=await f.refresh(e);if(a.ok){return await f.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e,t){if(!e)throw Error("access key must not be empty");let s;try{s=await f.accessKey.exchange(e,t)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=s.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!m(e,t))return[];const a=p(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!m(e,t))return[];const a=p(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(f,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};B.RefreshTokenCookieName="DSR",B.SessionTokenCookieName="DS";export{B as default,G as descopeErrors};
2
2
  //# sourceMappingURL=index.esm.js.map