@descope/node-sdk 1.7.12 → 1.7.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +62 -0
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +39 -106
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -81,6 +81,54 @@ If you wish to run any of our code samples and play with them, check out our [Co
|
|
|
81
81
|
|
|
82
82
|
If you're performing end-to-end testing, check out the [Utils for your end to end (e2e) tests and integration tests](#utils-for-your-end-to-end-e2e-tests-and-integration-tests) section. You will need to use the `descopeClient` you created under the setup of [Management Functions](#management-functions).
|
|
83
83
|
|
|
84
|
+
## Authentication Management Key
|
|
85
|
+
|
|
86
|
+
The `authManagementKey` is an alternative to the `managementKey` that provides a way to perform management operations while maintaining separation between authentication and management clients.
|
|
87
|
+
|
|
88
|
+
### Key Differences
|
|
89
|
+
|
|
90
|
+
- **Purpose**: Use `authManagementKey` for authentication-related management operations, while `managementKey` is for general management operations
|
|
91
|
+
- **Client Separation**: You can have one client for management operations and another for authentication operations
|
|
92
|
+
- **Mutual Exclusivity**: You cannot pass both `authManagementKey` and `managementKey` together - choose one based on your use case
|
|
93
|
+
|
|
94
|
+
### Usage Examples
|
|
95
|
+
|
|
96
|
+
**Using authManagementKey for authentication operations:**
|
|
97
|
+
|
|
98
|
+
```typescript
|
|
99
|
+
import DescopeClient from '@descope/node-sdk';
|
|
100
|
+
|
|
101
|
+
const authClient = DescopeClient({
|
|
102
|
+
projectId: 'my-project-ID',
|
|
103
|
+
authManagementKey: 'auth-management-key',
|
|
104
|
+
});
|
|
105
|
+
|
|
106
|
+
// This client can be used for authentication-related management operations
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
**Separate clients for different operations:**
|
|
110
|
+
|
|
111
|
+
```typescript
|
|
112
|
+
import DescopeClient from '@descope/node-sdk';
|
|
113
|
+
|
|
114
|
+
// Client for general management operations
|
|
115
|
+
const managementClient = DescopeClient({
|
|
116
|
+
projectId: 'my-project-ID',
|
|
117
|
+
managementKey: 'management-key',
|
|
118
|
+
});
|
|
119
|
+
|
|
120
|
+
// Client for authentication operations
|
|
121
|
+
const authClient = DescopeClient({
|
|
122
|
+
projectId: 'my-project-ID',
|
|
123
|
+
authManagementKey: 'auth-management-key',
|
|
124
|
+
});
|
|
125
|
+
|
|
126
|
+
// Use managementClient for user management, tenant management, etc.
|
|
127
|
+
// Use authClient for authentication-related operations
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
**Note**: Create your authentication management key in the [Descope Console](https://app.descope.com/settings/company/managementkeys), similar to how you create a regular management key.
|
|
131
|
+
|
|
84
132
|
---
|
|
85
133
|
|
|
86
134
|
## Error Handling
|
|
@@ -779,6 +827,8 @@ await descopeClient.management.user.patch('desmond@descope.com', options);
|
|
|
779
827
|
|
|
780
828
|
// User deletion cannot be undone. Use carefully.
|
|
781
829
|
await descopeClient.management.user.delete('desmond@descope.com');
|
|
830
|
+
// Delete a batch of users. This requires Descope user IDs.
|
|
831
|
+
await descopeClient.management.user.deleteBatch(['<user-ID-1>', '<user-ID-2>']);
|
|
782
832
|
|
|
783
833
|
// Load specific user
|
|
784
834
|
const userRes = await descopeClient.management.user.load('desmond@descope.com');
|
|
@@ -1155,6 +1205,18 @@ Generate a JWT for a user, simulating a signup or in request.
|
|
|
1155
1205
|
const res = await descopeClient.management.jwt.signUpOrIn('dummy');
|
|
1156
1206
|
```
|
|
1157
1207
|
|
|
1208
|
+
Generate a client assertion JWT for OAuth flows.
|
|
1209
|
+
|
|
1210
|
+
```typescript
|
|
1211
|
+
const clientAssertionRes = await descopeClient.management.jwt.generateClientAssertionJwt(
|
|
1212
|
+
'https://example.com/issuer', // issuer
|
|
1213
|
+
'client-id-123', // subject
|
|
1214
|
+
['https://example.com/token'], // audience
|
|
1215
|
+
300, // expiresIn - number of seconds the token will will be valid for
|
|
1216
|
+
);
|
|
1217
|
+
// clientAssertionRes.data.jwt contains the client assertion JWT
|
|
1218
|
+
```
|
|
1219
|
+
|
|
1158
1220
|
### Impersonate
|
|
1159
1221
|
|
|
1160
1222
|
You can impersonate to another user
|
package/dist/cjs/index.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("cross-fetch");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=o(t);var r;null!==(r=globalThis.Headers)&&void 0!==r||(globalThis.Headers=n.Headers);const i=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),n.fetch(...e)),p=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null},l=t=>async(...s)=>{var n,o,a;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,m=e.__rest(i,["refreshJwt"]);const d=[];var c;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(c=m)?void 0:c.cookieDomain)||""}; Max-Age=${(null==c?void 0:c.cookieMaxAge)||""}; Path=${(null==c?void 0:c.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=p(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:d})})};function m(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function d(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var c={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},u={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},v={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},k={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},R={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps",fetchToken:"/v1/mgmt/outbound/app/user/token/latest",fetchTokenByScopes:"/v1/mgmt/outbound/app/user/token",fetchTenantToken:"/v1/mgmt/outbound/app/tenant/token/latest",fetchTenantTokenByScopes:"/v1/mgmt/outbound/app/tenant/token"},C={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},y={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},I={settings:"/v1/mgmt/password/settings"},b={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},A={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},S={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import",run:"/v1/mgmt/flow/run"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},O={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},T={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},j={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},N={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};function P(t){return t.map((t=>{var{roles:s}=t,n=e.__rest(t,["roles"]);return Object.assign(Object.assign({},n),{roleNames:s})}))}function E(e){if(e&&0!==Object.keys(e).length)return Object.fromEntries(Object.entries(e).map((([e,t])=>[e,{values:t}])))}const M=(e,s)=>({create:function(n,o,a,r,i,p,l,m,d,u,g,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:p,customAttributes:l,picture:m,verifiedEmail:d,verifiedPhone:u,additionalLoginIds:f}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return t.transformResponse(e.httpClient.post(c.create,k,{token:s}),(e=>e.user))},createTestUser:function(n,o,a,r,i,p,l,m,d,u,g,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:p,customAttributes:l,picture:m,verifiedEmail:d,verifiedPhone:u,additionalLoginIds:f,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return t.transformResponse(e.httpClient.post(c.createTestUser,k,{token:s}),(e=>e.user))},invite:function(n,o,a,r,i,p,l,m,d,u,g,h,v,f,k,R,C,y){const I="string"==typeof o?{loginId:n,email:o,phone:a,displayName:r,givenName:f,middleName:k,familyName:R,roleNames:i,userTenants:p,invite:!0,customAttributes:l,picture:m,verifiedEmail:d,verifiedPhone:u,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:C,templateId:y}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return t.transformResponse(e.httpClient.post(c.create,I,{token:s}),(e=>e.user))},inviteBatch:(n,o,a,r,i,p)=>t.transformResponse(e.httpClient.post(c.createBatch,{users:P(n),invite:!0,inviteUrl:o,sendMail:a,sendSMS:r,templateOptions:i,templateId:p},{token:s}),(e=>e)),createBatch:n=>t.transformResponse(e.httpClient.post(c.createBatch,{users:P(n)},{token:s}),(e=>e)),update:function(n,o,a,r,i,p,l,m,d,u,g,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:a,displayName:r,givenName:g,middleName:h,familyName:v,roleNames:i,userTenants:p,customAttributes:l,picture:m,verifiedEmail:d,verifiedPhone:u,additionalLoginIds:f}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return t.transformResponse(e.httpClient.post(c.update,k,{token:s}),(e=>e.user))},patch:function(n,o){const a={loginId:n};return void 0!==o.email&&(a.email=o.email),void 0!==o.phone&&(a.phone=o.phone),void 0!==o.displayName&&(a.displayName=o.displayName),void 0!==o.givenName&&(a.givenName=o.givenName),void 0!==o.middleName&&(a.middleName=o.middleName),void 0!==o.familyName&&(a.familyName=o.familyName),void 0!==o.roles&&(a.roleNames=o.roles),void 0!==o.userTenants&&(a.userTenants=o.userTenants),void 0!==o.customAttributes&&(a.customAttributes=o.customAttributes),void 0!==o.picture&&(a.picture=o.picture),void 0!==o.verifiedEmail&&(a.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(a.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(a.ssoAppIds=o.ssoAppIds),void 0!==o.scim&&(a.scim=o.scim),t.transformResponse(e.httpClient.patch(c.patch,a,{token:s}),(e=>e.user))},delete:n=>t.transformResponse(e.httpClient.post(c.delete,{loginId:n},{token:s})),deleteByUserId:n=>t.transformResponse(e.httpClient.post(c.delete,{userId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(c.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(c.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(c.logout,{userId:n},{token:s})),searchAll:(n,o,a,r,i,p,l,m,d,u)=>t.transformResponse(e.httpClient.post(c.search,{tenantIds:n,roleNames:o,limit:a,page:r,testUsersOnly:i,withTestUser:p,customAttributes:l,statuses:m,emails:d,phones:u},{token:s}),(e=>e.users)),searchTestUsers:n=>t.transformResponse(e.httpClient.post(c.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0,tenantRoleIds:E(n.tenantRoleIds),tenantRoleNames:E(n.tenantRoleNames)}),{token:s}),(e=>e.users)),search:n=>t.transformResponse(e.httpClient.post(c.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0,tenantRoleIds:E(n.tenantRoleIds),tenantRoleNames:E(n.tenantRoleNames)}),{token:s}),(e=>e.users)),getProviderToken:(n,o,a)=>t.transformResponse(e.httpClient.get(c.getProviderToken,{queryParams:{loginId:n,provider:o,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(c.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(c.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(c.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,a)=>t.transformResponse(e.httpClient.post(c.updateEmail,{loginId:n,email:o,verified:a},{token:s}),(e=>e.user)),updatePhone:(n,o,a)=>t.transformResponse(e.httpClient.post(c.updatePhone,{loginId:n,phone:o,verified:a},{token:s}),(e=>e.user)),updateDisplayName:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(c.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:r,familyName:i},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(c.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>t.transformResponse(e.httpClient.post(c.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:s}),(e=>e.user)),setRoles:(n,o)=>t.transformResponse(e.httpClient.post(c.setRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(c.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(c.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(c.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(c.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),setTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(c.setRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),addTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(c.addRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(c.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),addSSOapps:(n,o)=>t.transformResponse(e.httpClient.post(c.addSSOApps,{loginId:n,ssoAppIds:o},{token:s}),(e=>e.user)),setSSOapps:(n,o)=>t.transformResponse(e.httpClient.post(c.setSSOApps,{loginId:n,ssoAppIds:o},{token:s}),(e=>e.user)),removeSSOapps:(n,o)=>t.transformResponse(e.httpClient.post(c.removeSSOApps,{loginId:n,ssoAppIds:o},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>t.transformResponse(e.httpClient.post(c.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,r)=>t.transformResponse(e.httpClient.post(c.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>t.transformResponse(e.httpClient.post(c.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:s}),(e=>e)),generateEmbeddedLink:(n,o,a)=>t.transformResponse(e.httpClient.post(c.generateEmbeddedLink,{loginId:n,customClaims:o,timeout:a},{token:s}),(e=>e)),generateSignUpEmbeddedLink:(n,o,a,r,i,p)=>t.transformResponse(e.httpClient.post(c.generateSignUpEmbeddedLink,{loginId:n,user:o,emailVerified:a,phoneVerified:r,loginOptions:i,timeout:p},{token:s}),(e=>e)),setTemporaryPassword:(n,o)=>t.transformResponse(e.httpClient.post(c.setTemporaryPassword,{loginId:n,password:o},{token:s}),(e=>e)),setActivePassword:(n,o)=>t.transformResponse(e.httpClient.post(c.setActivePassword,{loginId:n,password:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(c.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(c.expirePassword,{loginId:n},{token:s}),(e=>e)),removeAllPasskeys:n=>t.transformResponse(e.httpClient.post(c.removeAllPasskeys,{loginId:n},{token:s}),(e=>e)),removeTOTPSeed:n=>t.transformResponse(e.httpClient.post(c.removeTOTPSeed,{loginId:n},{token:s}),(e=>e)),history:n=>t.transformResponse(e.httpClient.post(c.history,n,{token:s}),(e=>e))}),U=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(u.updateName,{name:n},{token:s})),updateTags:n=>t.transformResponse(e.httpClient.post(u.updateTags,{tags:n},{token:s})),clone:(n,o,a)=>t.transformResponse(e.httpClient.post(u.clone,{name:n,environment:o,tags:a},{token:s})),listProjects:async()=>t.transformResponse(e.httpClient.post(u.projectsList,{},{token:s}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>t.transformResponse(e.httpClient.post(u.exportSnapshot,{},{token:s})),importSnapshot:n=>t.transformResponse(e.httpClient.post(u.importSnapshot,n,{token:s})),validateSnapshot:n=>t.transformResponse(e.httpClient.post(u.validateSnapshot,n,{token:s})),export:()=>t.transformResponse(e.httpClient.post(u.exportSnapshot,{},{token:s}),(e=>e.files)),import:n=>t.transformResponse(e.httpClient.post(u.importSnapshot,{files:n},{token:s}))}),x=(e,s)=>({create:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(h.create,{name:n,selfProvisioningDomains:o,customAttributes:a,enforceSSO:r,disabled:i},{token:s})),createWithId:(n,o,a,r,i,p)=>t.transformResponse(e.httpClient.post(h.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:r,enforceSSO:i,disabled:p},{token:s})),update:(n,o,a,r,i,p)=>t.transformResponse(e.httpClient.post(h.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:r,enforceSSO:i,disabled:p},{token:s})),delete:(n,o)=>t.transformResponse(e.httpClient.post(h.delete,{id:n,cascade:o},{token:s})),load:n=>t.transformResponse(e.httpClient.get(h.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(h.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,a,r)=>t.transformResponse(e.httpClient.post(h.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:r},{token:s}),(e=>e.tenants)),getSettings:n=>t.transformResponse(e.httpClient.get(h.settings,{queryParams:{id:n},token:s}),(e=>e)),configureSettings:(n,o)=>t.transformResponse(e.httpClient.post(h.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:s})),generateSSOConfigurationLink:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(h.generateSSOConfigurationLink,{tenantId:n,expireTime:o,ssoId:a,email:r,templateId:i},{token:s}),(e=>e))}),D=(e,s)=>({update:(n,o,a)=>t.transformResponse(e.httpClient.post(y.update,{jwt:n,customClaims:o,refreshDuration:a},{token:s})),impersonate:(n,o,a,r,i,p)=>t.transformResponse(e.httpClient.post(y.impersonate,{impersonatorId:n,loginId:o,validateConsent:a,customClaims:r,selectedTenant:i,refreshDuration:p},{token:s})),stopImpersonation:(n,o,a,r)=>t.transformResponse(e.httpClient.post(y.stopImpersonation,{jwt:n,customClaims:o,selectedTenant:a,refreshDuration:r},{token:s})),signIn:(n,o)=>t.transformResponse(e.httpClient.post(y.signIn,Object.assign({loginId:n},o),{token:s})),signUp:(n,o,a)=>t.transformResponse(e.httpClient.post(y.signUp,Object.assign({loginId:n,user:o},a),{token:s})),signUpOrIn:(n,o,a)=>t.transformResponse(e.httpClient.post(y.signUpOrIn,Object.assign({loginId:n,user:o},a),{token:s})),anonymous:(n,o,a)=>t.transformResponse(e.httpClient.post(y.anonymous,{customClaims:n,selectedTenant:o,refreshDuration:a},{token:s}))}),L=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(b.create,{name:n,description:o},{token:s})),update:(n,o,a)=>t.transformResponse(e.httpClient.post(b.update,{name:n,newName:o,description:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(b.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(b.loadAll,{token:s}),(e=>e.permissions))}),q=(e,s)=>({create:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(A.create,{name:n,description:o,permissionNames:a,tenantId:r,default:i},{token:s})),update:(n,o,a,r,i,p)=>t.transformResponse(e.httpClient.post(A.update,{name:n,newName:o,description:a,permissionNames:r,tenantId:i,default:p},{token:s})),delete:(n,o)=>t.transformResponse(e.httpClient.post(A.delete,{name:n,tenantId:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(A.loadAll,{token:s}),(e=>e.roles)),search:n=>t.transformResponse(e.httpClient.post(A.search,n,{token:s}),(e=>e.roles))}),F=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(O.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,a)=>t.transformResponse(e.httpClient.post(O.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(O.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))});function z(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const $=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(C.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),newSettings:(n,o,a)=>t.transformResponse(e.httpClient.post(C.settingsNew,Object.assign(Object.assign({tenantId:n},o?{ssoId:o}:{}),{displayName:a}),{token:s}),(e=>z(e))),deleteSettings:(n,o)=>t.transformResponse(e.httpClient.delete(C.settings,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:s})),configureSettings:(n,o,a,r,i,p)=>t.transformResponse(e.httpClient.post(C.settings,{tenantId:n,idpURL:o,entityId:r,idpCert:a,redirectURL:i,domains:p},{token:s})),configureMetadata:(n,o,a,r)=>t.transformResponse(e.httpClient.post(C.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:r},{token:s})),configureMapping:(n,o,a)=>t.transformResponse(e.httpClient.post(C.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:s})),configureOIDCSettings:(n,o,a,r)=>{const i=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete i.attributeMapping,t.transformResponse(e.httpClient.post(C.oidc.configure,Object.assign({tenantId:n,settings:i,domains:a},r?{ssoId:r}:{}),{token:s}))},configureSAMLSettings:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(C.saml.configure,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:r},i?{ssoId:i}:{}),{token:s})),configureSAMLByMetadata:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(C.saml.metadata,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:r},i?{ssoId:i}:{}),{token:s})),loadSettings:(n,o)=>t.transformResponse(e.httpClient.get(C.settingsv2,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:s}),(e=>z(e))),loadAllSettings:n=>t.transformResponse(e.httpClient.get(C.settingsAllV2,{queryParams:{tenantId:n},token:s}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(z(e)))),s}(e)))}),J=(e,s)=>({create:(n,o,a,r,i,p,l,m)=>t.transformResponse(e.httpClient.post(g.create,{name:n,expireTime:o,roleNames:a,keyTenants:r,userId:i,customClaims:p,description:l,permittedIps:m},{token:s})),load:n=>t.transformResponse(e.httpClient.get(g.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(g.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o,a,r,i,p,l)=>t.transformResponse(e.httpClient.post(g.update,{id:n,name:o,description:a,roleNames:r,keyTenants:i,customClaims:p,permittedIps:l},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(g.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(g.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(g.delete,{id:n},{token:s}))}),B=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(S.list,{},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(S.delete,{ids:n},{token:s})),export:n=>t.transformResponse(e.httpClient.post(S.export,{flowId:n},{token:s})),import:(n,o,a)=>t.transformResponse(e.httpClient.post(S.import,{flowId:n,flow:o,screens:a},{token:s})),run:(n,o)=>t.transformResponse(e.httpClient.post(S.run,{flowId:n,options:o},{token:s}),(e=>null==e?void 0:e.output))}),K=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(w.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(w.import,{theme:n},{token:s}))}),W=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(T.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const o=Object.assign({},n);return t.transformResponse(e.httpClient.post(T.createEvent,o,{token:s}))}}),G=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(j.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(j.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(j.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,a)=>t.transformResponse(e.httpClient.post(j.nsSave,{namespace:n,oldName:o,schemaName:a},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(j.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,a,r)=>t.transformResponse(e.httpClient.post(j.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:r},{token:s})),deleteRelationDefinition:(n,o,a)=>t.transformResponse(e.httpClient.post(j.rdDelete,{name:n,namespace:o,schemaName:a},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(j.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(j.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(j.reDeleteResources,{resources:n},{token:s})),deleteResourceRelationsForResources:n=>t.transformResponse(e.httpClient.post(j.reDeleteResourceRelationsForResources,{resources:n},{token:s})),deleteRelationsForIds:n=>t.transformResponse(e.httpClient.post(j.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(j.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>t.transformResponse(e.httpClient.post(j.who,{resource:n,relationDefinition:o,namespace:a},{token:s}),(e=>e.targets)),resourceRelations:(n,o=!1)=>t.transformResponse(e.httpClient.post(j.resource,{resource:n,ignoreTargetSetRelations:o},{token:s}),(e=>e.relations)),targetsRelations:(n,o=!1)=>t.transformResponse(e.httpClient.post(j.targets,{targets:n,includeTargetSetRelations:o},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(j.targetAll,{target:n},{token:s}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,o,a)=>t.transformResponse(e.httpClient.post(j.targetWithRelation,{target:n,relationDefinition:o,namespace:a},{token:s}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>t.transformResponse(e.httpClient.post(j.getModified,{since:n?n.getTime():0},{token:s}),(e=>e))}),V=(e,s)=>({createOidcApplication:n=>{var o;return t.transformResponse(e.httpClient.post(v.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:s}))},createSamlApplication:n=>{var o;return t.transformResponse(e.httpClient.post(v.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:s}))},updateOidcApplication:n=>t.transformResponse(e.httpClient.post(v.oidcUpdate,Object.assign({},n),{token:s})),updateSamlApplication:n=>t.transformResponse(e.httpClient.post(v.samlUpdate,Object.assign({},n),{token:s})),delete:n=>t.transformResponse(e.httpClient.post(v.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(v.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.apps))}),_=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(I.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),configureSettings:(n,o)=>t.transformResponse(e.httpClient.post(I.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:s}))}),H=(e,s)=>({saveSchema:n=>t.transformResponse(e.httpClient.post(N.schema,n,{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(j.schemaDelete,{},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(N.relations,{tuples:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(N.deleteRelations,{tuples:n},{token:s})),check:n=>t.transformResponse(e.httpClient.post(N.check,{tuples:n},{token:s}),(e=>e.tuples)),loadResourcesDetails:n=>t.transformResponse(e.httpClient.post(N.resourcesLoad,{resourceIdentifiers:n},{token:s}),(e=>e.resourcesDetails)),saveResourcesDetails:n=>t.transformResponse(e.httpClient.post(N.resourcesSave,{resourcesDetails:n},{token:s})),deleteAllRelations:()=>t.transformResponse(e.httpClient.delete(N.relations,{token:s}))}),Q=(e,s)=>({createApplication:n=>t.transformResponse(e.httpClient.post(f.create,Object.assign({},n),{token:s})),updateApplication:n=>t.transformResponse(e.httpClient.post(f.update,Object.assign({},n),{token:s})),patchApplication:n=>t.transformResponse(e.httpClient.post(f.patch,Object.assign({},n),{token:s})),deleteApplication:n=>t.transformResponse(e.httpClient.post(f.delete,{id:n},{token:s})),loadApplication:n=>t.transformResponse(e.httpClient.get(f.load,{queryParams:{id:n},token:s}),(e=>e)),loadAllApplications:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.apps)),getApplicationSecret:n=>t.transformResponse(e.httpClient.get(f.secret,{queryParams:{id:n},token:s}),(e=>e)),rotateApplicationSecret:n=>t.transformResponse(e.httpClient.post(f.rotate,{id:n},{token:s})),searchConsents:n=>t.transformResponse(e.httpClient.post(k.search,Object.assign({},n),{token:s}),(e=>e.consents)),deleteConsents:n=>t.transformResponse(e.httpClient.post(k.delete,Object.assign({},n),{token:s}))}),X=(e,s)=>({createApplication:n=>t.transformResponse(e.httpClient.post(R.create,Object.assign({},n),{token:s}),(e=>e.app)),updateApplication:n=>t.transformResponse(e.httpClient.post(R.update,{app:n},{token:s}),(e=>e.app)),deleteApplication:n=>t.transformResponse(e.httpClient.post(R.delete,{id:n},{token:s})),loadApplication:n=>t.transformResponse(e.httpClient.get(`${R.load}/${n}`,{token:s}),(e=>e.app)),loadAllApplications:()=>t.transformResponse(e.httpClient.get(R.loadAll,{token:s}),(e=>e.apps)),fetchTokenByScopes:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(R.fetchTokenByScopes,{appId:n,userId:o,scopes:a,options:r,tenantId:i},{token:s}),(e=>e.token)),fetchToken:(n,o,a,r)=>t.transformResponse(e.httpClient.post(R.fetchToken,{appId:n,userId:o,tenantId:a,options:r},{token:s}),(e=>e.token)),fetchTenantTokenByScopes:(n,o,a,r)=>t.transformResponse(e.httpClient.post(R.fetchTenantTokenByScopes,{appId:n,tenantId:o,scopes:a,options:r},{token:s}),(e=>e.token)),fetchTenantToken:(n,o,a)=>t.transformResponse(e.httpClient.post(R.fetchTenantToken,{appId:n,tenantId:o,options:a},{token:s}),(e=>e.token))});const Y=n=>{var o,r,{authManagementKey:c,managementKey:u,publicKey:g}=n,h=e.__rest(n,["authManagementKey","managementKey","publicKey"]);const v=a.default(Object.assign(Object.assign({fetch:i},h),{baseHeaders:Object.assign(Object.assign({},h.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"1.7.12"}),hooks:Object.assign(Object.assign({},h.hooks),{beforeRequest:[e=>(c&&(e.token=e.token?`${e.token}:${c}`:c),e)].concat((null===(r=h.hooks)||void 0===r?void 0:r.beforeRequest)||[])})})),{projectId:f,logger:k}=h,R={},C=((e,t)=>({user:M(e,t),project:U(e,t),accessKey:J(e,t),tenant:x(e,t),ssoApplication:V(e,t),inboundApplication:Q(e,t),outboundApplication:X(e,t),sso:$(e,t),jwt:D(e,t),permission:L(e,t),password:_(e,t),role:q(e,t),group:F(e,t),flow:B(e,t),theme:K(e,t),audit:W(e,t),authz:G(e,t),fga:H(e,t)}))(v,u),y=Object.assign(Object.assign({},v),{refresh:async e=>v.refresh(e),management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(R[e.kid])return R[e.kid];if(Object.assign(R,await(async()=>{if(g)try{const e=JSON.parse(g),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await v.httpClient.get(`v2/keys/${f}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!R[e.kid])throw Error("failed to fetch matching key");return R[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,y.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==f))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await y.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s,n,o,a,r;if(!e)throw Error("refresh token is required to refresh a session");try{await y.validateJwt(e);const i=await y.refresh(e);if(i.ok){const e=p(null===(s=null===(t=i.data)||void 0===t?void 0:t.cookies)||void 0===s?void 0:s.join(";"),"DS")||(null===(n=i.data)||void 0===n?void 0:n.sessionJwt),r=await y.validateJwt(e);return r.cookies=(null===(o=i.data)||void 0===o?void 0:o.cookies)||[],(null===(a=i.data)||void 0===a?void 0:a.refreshJwt)&&(r.refreshJwt=i.data.refreshJwt),r}throw Error(null===(r=i.error)||void 0===r?void 0:r.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await y.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return y.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await y.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==k||k.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=n.data;if(!o)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await y.validateJwt(o)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>y.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>y.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!d(e,t))return!1;const n=m(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!d(e,t))return[];const n=m(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>y.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>y.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!d(e,t))return!1;const n=m(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!d(e,t))return[];const n=m(e,"roles",t);return s.filter((e=>n.includes(e)))}});return t.wrapWith(y,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],l)};Y.RefreshTokenCookieName="DSR",Y.SessionTokenCookieName="DS",Y.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},module.exports=Y;
|
|
1
|
+
"use strict";var e=require("tslib"),s=require("@descope/core-js-sdk"),t=require("jose"),o=require("cross-fetch");function a(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=a(s);var n;null!==(n=globalThis.Headers)&&void 0!==n||(globalThis.Headers=o.Headers);const i=(...e)=>(e.forEach((e=>{var s,t;e&&"object"==typeof e&&(null!==(s=(t=e).highWaterMark)&&void 0!==s||(t.highWaterMark=31457280))})),o.fetch(...e)),p=(e,s)=>{const t=null==e?void 0:e.match(RegExp(`(?:^|[;,]\\s*)${s}=([^;]*)`));return t?t[1]:null},m=s=>async(...t)=>{var o,a,r;const n=await s(...t);if(!n.data)return n;let i=n.data,{refreshJwt:m}=i,d=e.__rest(i,["refreshJwt"]);const l=[];var c;return m?l.push(`${"DSR"}=${m}; Domain=${(null==(c=d)?void 0:c.cookieDomain)||""}; Max-Age=${(null==c?void 0:c.cookieMaxAge)||""}; Path=${(null==c?void 0:c.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=n.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(m=p(null===(a=n.response)||void 0===a?void 0:a.headers.get("set-cookie"),"DSR"),l.push(null===(r=n.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},n),{data:Object.assign(Object.assign({},n.data),{refreshJwt:m,cookies:l})})};function d(e,s,t){var o,a;const r=t?null===(a=null===(o=e.token.tenants)||void 0===o?void 0:o[t])||void 0===a?void 0:a[s]:e.token[s];return Array.isArray(r)?r:[]}function l(e,s){var t;return!!(null===(t=e.token.tenants)||void 0===t?void 0:t[s])}var c={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteBatch:"/v1/mgmt/user/delete/batch",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},u={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},v={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},f={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},h={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},R={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},y={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps",fetchToken:"/v1/mgmt/outbound/app/user/token/latest",fetchTokenByScopes:"/v1/mgmt/outbound/app/user/token",fetchTenantToken:"/v1/mgmt/outbound/app/tenant/token/latest",fetchTenantTokenByScopes:"/v1/mgmt/outbound/app/tenant/token"},b={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},I={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous",clientAssertion:"/v1/mgmt/token/clientassertion"},k={settings:"/v1/mgmt/password/settings"},A={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},S={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},O={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import",run:"/v1/mgmt/flow/run"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},T={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},j={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},N={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},P={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};function E(s){return s.map((s=>{var{roles:t}=s,o=e.__rest(s,["roles"]);return Object.assign(Object.assign({},o),{roleNames:t})}))}const M=e=>({updateName:t=>s.transformResponse(e.post(u.updateName,{name:t})),updateTags:t=>s.transformResponse(e.post(u.updateTags,{tags:t})),clone:(t,o,a)=>s.transformResponse(e.post(u.clone,{name:t,environment:o,tags:a})),listProjects:async()=>s.transformResponse(e.post(u.projectsList,{}),(e=>e.projects.map((({id:e,name:s,environment:t,tags:o})=>({id:e,name:s,environment:t,tags:o}))))),exportSnapshot:()=>s.transformResponse(e.post(u.exportSnapshot,{})),importSnapshot:t=>s.transformResponse(e.post(u.importSnapshot,t)),validateSnapshot:t=>s.transformResponse(e.post(u.validateSnapshot,t)),export:()=>s.transformResponse(e.post(u.exportSnapshot,{}),(e=>e.files)),import:t=>s.transformResponse(e.post(u.importSnapshot,{files:t}))}),U=e=>({create:(t,o,a,r,n)=>s.transformResponse(e.post(v.create,{name:t,selfProvisioningDomains:o,customAttributes:a,enforceSSO:r,disabled:n})),createWithId:(t,o,a,r,n,i)=>s.transformResponse(e.post(v.create,{id:t,name:o,selfProvisioningDomains:a,customAttributes:r,enforceSSO:n,disabled:i})),update:(t,o,a,r,n,i)=>s.transformResponse(e.post(v.update,{id:t,name:o,selfProvisioningDomains:a,customAttributes:r,enforceSSO:n,disabled:i})),delete:(t,o)=>s.transformResponse(e.post(v.delete,{id:t,cascade:o})),load:t=>s.transformResponse(e.get(v.load,{queryParams:{id:t}}),(e=>e)),loadAll:()=>s.transformResponse(e.get(v.loadAll,{}),(e=>e.tenants)),searchAll:(t,o,a,r)=>s.transformResponse(e.post(v.searchAll,{tenantIds:t,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:r}),(e=>e.tenants)),getSettings:t=>s.transformResponse(e.get(v.settings,{queryParams:{id:t}}),(e=>e)),configureSettings:(t,o)=>s.transformResponse(e.post(v.settings,Object.assign(Object.assign({},o),{tenantId:t}),{})),generateSSOConfigurationLink:(t,o,a,r,n)=>s.transformResponse(e.post(v.generateSSOConfigurationLink,{tenantId:t,expireTime:o,ssoId:a,email:r,templateId:n},{}),(e=>e))}),x=e=>({update:(t,o,a)=>s.transformResponse(e.post(I.update,{jwt:t,customClaims:o,refreshDuration:a})),impersonate:(t,o,a,r,n,i)=>s.transformResponse(e.post(I.impersonate,{impersonatorId:t,loginId:o,validateConsent:a,customClaims:r,selectedTenant:n,refreshDuration:i})),stopImpersonation:(t,o,a,r)=>s.transformResponse(e.post(I.stopImpersonation,{jwt:t,customClaims:o,selectedTenant:a,refreshDuration:r})),signIn:(t,o)=>s.transformResponse(e.post(I.signIn,Object.assign({loginId:t},o))),signUp:(t,o,a)=>s.transformResponse(e.post(I.signUp,Object.assign({loginId:t,user:o},a))),signUpOrIn:(t,o,a)=>s.transformResponse(e.post(I.signUpOrIn,Object.assign({loginId:t,user:o},a))),anonymous:(t,o,a)=>s.transformResponse(e.post(I.anonymous,{customClaims:t,selectedTenant:o,refreshDuration:a})),generateClientAssertionJwt:(t,o,a,r)=>s.transformResponse(e.post(I.clientAssertion,{issuer:t,subject:o,audience:a,expiresIn:r}))}),D=e=>({create:(t,o)=>s.transformResponse(e.post(A.create,{name:t,description:o})),update:(t,o,a)=>s.transformResponse(e.post(A.update,{name:t,newName:o,description:a})),delete:t=>s.transformResponse(e.post(A.delete,{name:t})),loadAll:()=>s.transformResponse(e.get(A.loadAll,{}),(e=>e.permissions))}),L=e=>({create:(t,o,a,r,n)=>s.transformResponse(e.post(S.create,{name:t,description:o,permissionNames:a,tenantId:r,default:n})),update:(t,o,a,r,n,i)=>s.transformResponse(e.post(S.update,{name:t,newName:o,description:a,permissionNames:r,tenantId:n,default:i})),delete:(t,o)=>s.transformResponse(e.post(S.delete,{name:t,tenantId:o})),loadAll:()=>s.transformResponse(e.get(S.loadAll,{}),(e=>e.roles)),search:t=>s.transformResponse(e.post(S.search,t,{}),(e=>e.roles))}),C=e=>({loadAllGroups:t=>s.transformResponse(e.post(T.loadAllGroups,{tenantId:t})),loadAllGroupsForMember:(t,o,a)=>s.transformResponse(e.post(T.loadAllGroupsForMember,{tenantId:t,loginIds:a,userIds:o})),loadAllGroupMembers:(t,o)=>s.transformResponse(e.post(T.loadAllGroupMembers,{tenantId:t,groupId:o}))});function q(e){var s,t;const o=e;return o.oidc&&(o.oidc=Object.assign(Object.assign({},o.oidc),{attributeMapping:o.oidc.userAttrMapping}),delete o.oidc.userAttrMapping),(null===(s=o.saml)||void 0===s?void 0:s.groupsMapping)&&(o.saml.groupsMapping=null===(t=o.saml)||void 0===t?void 0:t.groupsMapping.map((e=>{const s=e;return s.roleName=s.role.name,delete s.role,s}))),o}const F=e=>({getSettings:t=>s.transformResponse(e.get(b.settings,{queryParams:{tenantId:t}}),(e=>e)),newSettings:(t,o,a)=>s.transformResponse(e.post(b.settingsNew,Object.assign(Object.assign({tenantId:t},o?{ssoId:o}:{}),{displayName:a})),(e=>q(e))),deleteSettings:(t,o)=>s.transformResponse(e.delete(b.settings,{queryParams:Object.assign({tenantId:t},o?{ssoId:o}:{})})),configureSettings:(t,o,a,r,n,i)=>s.transformResponse(e.post(b.settings,{tenantId:t,idpURL:o,entityId:r,idpCert:a,redirectURL:n,domains:i})),configureMetadata:(t,o,a,r)=>s.transformResponse(e.post(b.metadata,{tenantId:t,idpMetadataURL:o,redirectURL:a,domains:r})),configureMapping:(t,o,a)=>s.transformResponse(e.post(b.mapping,{tenantId:t,roleMappings:o,attributeMapping:a})),configureOIDCSettings:(t,o,a,r)=>{const n=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete n.attributeMapping,s.transformResponse(e.post(b.oidc.configure,Object.assign({tenantId:t,settings:n,domains:a},r?{ssoId:r}:{})))},configureSAMLSettings:(t,o,a,r,n)=>s.transformResponse(e.post(b.saml.configure,Object.assign({tenantId:t,settings:o,redirectUrl:a,domains:r},n?{ssoId:n}:{}))),configureSAMLByMetadata:(t,o,a,r,n)=>s.transformResponse(e.post(b.saml.metadata,Object.assign({tenantId:t,settings:o,redirectUrl:a,domains:r},n?{ssoId:n}:{}))),loadSettings:(t,o)=>s.transformResponse(e.get(b.settingsv2,{queryParams:Object.assign({tenantId:t},o?{ssoId:o}:{})}),(e=>q(e))),loadAllSettings:t=>s.transformResponse(e.get(b.settingsAllV2,{queryParams:{tenantId:t}}),(e=>function(e){const s=e.SSOSettings,t=[];return s.forEach((e=>t.push(q(e)))),t}(e)))}),z=e=>({create:(t,o,a,r,n,i,p,m)=>s.transformResponse(e.post(g.create,{name:t,expireTime:o,roleNames:a,keyTenants:r,userId:n,customClaims:i,description:p,permittedIps:m})),load:t=>s.transformResponse(e.get(g.load,{queryParams:{id:t}}),(e=>e.key)),searchAll:t=>s.transformResponse(e.post(g.search,{tenantIds:t}),(e=>e.keys)),update:(t,o,a,r,n,i,p)=>s.transformResponse(e.post(g.update,{id:t,name:o,description:a,roleNames:r,keyTenants:n,customClaims:i,permittedIps:p}),(e=>e.key)),deactivate:t=>s.transformResponse(e.post(g.deactivate,{id:t})),activate:t=>s.transformResponse(e.post(g.activate,{id:t})),delete:t=>s.transformResponse(e.post(g.delete,{id:t}))}),B=e=>({list:()=>s.transformResponse(e.post(O.list,{})),delete:t=>s.transformResponse(e.post(O.delete,{ids:t})),export:t=>s.transformResponse(e.post(O.export,{flowId:t})),import:(t,o,a)=>s.transformResponse(e.post(O.import,{flowId:t,flow:o,screens:a})),run:(t,o)=>s.transformResponse(e.post(O.run,{flowId:t,options:o}),(e=>null==e?void 0:e.output))}),J=e=>({export:()=>s.transformResponse(e.post(w.export,{})),import:t=>s.transformResponse(e.post(w.import,{theme:t}))}),$=e=>({search:t=>{const o=Object.assign(Object.assign({},t),{externalIds:t.loginIds});return delete o.loginIds,s.transformResponse(e.post(j.search,o),(e=>null==e?void 0:e.audits.map((e=>{const s=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete s.externalIds,s}))))},createEvent:t=>{const o=Object.assign({},t);return s.transformResponse(e.post(j.createEvent,o))}}),K=e=>({saveSchema:(t,o)=>s.transformResponse(e.post(N.schemaSave,{schema:t,upgrade:o})),deleteSchema:()=>s.transformResponse(e.post(N.schemaDelete,{})),loadSchema:()=>s.transformResponse(e.post(N.schemaLoad,{}),(e=>e.schema)),saveNamespace:(t,o,a)=>s.transformResponse(e.post(N.nsSave,{namespace:t,oldName:o,schemaName:a})),deleteNamespace:(t,o)=>s.transformResponse(e.post(N.nsDelete,{name:t,schemaName:o})),saveRelationDefinition:(t,o,a,r)=>s.transformResponse(e.post(N.rdSave,{relationDefinition:t,namespace:o,oldName:a,schemaName:r})),deleteRelationDefinition:(t,o,a)=>s.transformResponse(e.post(N.rdDelete,{name:t,namespace:o,schemaName:a})),createRelations:t=>s.transformResponse(e.post(N.reCreate,{relations:t})),deleteRelations:t=>s.transformResponse(e.post(N.reDelete,{relations:t})),deleteRelationsForResources:t=>s.transformResponse(e.post(N.reDeleteResources,{resources:t})),deleteResourceRelationsForResources:t=>s.transformResponse(e.post(N.reDeleteResourceRelationsForResources,{resources:t})),deleteRelationsForIds:t=>s.transformResponse(e.post(N.reDeleteResources,{resources:t})),hasRelations:t=>s.transformResponse(e.post(N.hasRelations,{relationQueries:t}),(e=>e.relationQueries)),whoCanAccess:(t,o,a)=>s.transformResponse(e.post(N.who,{resource:t,relationDefinition:o,namespace:a}),(e=>e.targets)),resourceRelations:(t,o=!1)=>s.transformResponse(e.post(N.resource,{resource:t,ignoreTargetSetRelations:o}),(e=>e.relations)),targetsRelations:(t,o=!1)=>s.transformResponse(e.post(N.targets,{targets:t,includeTargetSetRelations:o}),(e=>e.relations)),whatCanTargetAccess:t=>s.transformResponse(e.post(N.targetAll,{target:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(t,o,a)=>s.transformResponse(e.post(N.targetWithRelation,{target:t,relationDefinition:o,namespace:a}),(e=>e.resources.map((e=>({resource:e}))))),getModified:t=>s.transformResponse(e.post(N.getModified,{since:t?t.getTime():0}),(e=>e))}),W=e=>({createOidcApplication:t=>{var o;return s.transformResponse(e.post(f.oidcCreate,Object.assign(Object.assign({},t),{enabled:null===(o=t.enabled)||void 0===o||o})))},createSamlApplication:t=>{var o;return s.transformResponse(e.post(f.samlCreate,Object.assign(Object.assign({},t),{enabled:null===(o=t.enabled)||void 0===o||o})))},updateOidcApplication:t=>s.transformResponse(e.post(f.oidcUpdate,Object.assign({},t))),updateSamlApplication:t=>s.transformResponse(e.post(f.samlUpdate,Object.assign({},t))),delete:t=>s.transformResponse(e.post(f.delete,{id:t})),load:t=>s.transformResponse(e.get(f.load,{queryParams:{id:t}}),(e=>e)),loadAll:()=>s.transformResponse(e.get(f.loadAll,{}),(e=>e.apps))}),G=e=>({getSettings:t=>s.transformResponse(e.get(k.settings,{queryParams:{tenantId:t}}),(e=>e)),configureSettings:(t,o)=>s.transformResponse(e.post(k.settings,Object.assign(Object.assign({},o),{tenantId:t})))}),H=e=>({saveSchema:t=>s.transformResponse(e.post(P.schema,t)),deleteSchema:()=>s.transformResponse(e.post(N.schemaDelete,{})),createRelations:t=>s.transformResponse(e.post(P.relations,{tuples:t})),deleteRelations:t=>s.transformResponse(e.post(P.deleteRelations,{tuples:t})),check:t=>s.transformResponse(e.post(P.check,{tuples:t}),(e=>e.tuples)),loadResourcesDetails:t=>s.transformResponse(e.post(P.resourcesLoad,{resourceIdentifiers:t}),(e=>e.resourcesDetails)),saveResourcesDetails:t=>s.transformResponse(e.post(P.resourcesSave,{resourcesDetails:t})),deleteAllRelations:()=>s.transformResponse(e.delete(P.relations))}),V=e=>({createApplication:t=>s.transformResponse(e.post(h.create,Object.assign({},t))),updateApplication:t=>s.transformResponse(e.post(h.update,Object.assign({},t))),patchApplication:t=>s.transformResponse(e.post(h.patch,Object.assign({},t))),deleteApplication:t=>s.transformResponse(e.post(h.delete,{id:t})),loadApplication:t=>s.transformResponse(e.get(h.load,{queryParams:{id:t}}),(e=>e)),loadAllApplications:()=>s.transformResponse(e.get(h.loadAll,{}),(e=>e.apps)),getApplicationSecret:t=>s.transformResponse(e.get(h.secret,{queryParams:{id:t}}),(e=>e)),rotateApplicationSecret:t=>s.transformResponse(e.post(h.rotate,{id:t})),searchConsents:t=>s.transformResponse(e.post(R.search,Object.assign({},t)),(e=>e.consents)),deleteConsents:t=>s.transformResponse(e.post(R.delete,Object.assign({},t)))}),_=e=>({createApplication:t=>s.transformResponse(e.post(y.create,Object.assign({},t)),(e=>e.app)),updateApplication:t=>s.transformResponse(e.post(y.update,{app:t}),(e=>e.app)),deleteApplication:t=>s.transformResponse(e.post(y.delete,{id:t})),loadApplication:t=>s.transformResponse(e.get(`${y.load}/${t}`),(e=>e.app)),loadAllApplications:()=>s.transformResponse(e.get(y.loadAll,{}),(e=>e.apps)),fetchTokenByScopes:(t,o,a,r,n)=>s.transformResponse(e.post(y.fetchTokenByScopes,{appId:t,userId:o,scopes:a,options:r,tenantId:n}),(e=>e.token)),fetchToken:(t,o,a,r)=>s.transformResponse(e.post(y.fetchToken,{appId:t,userId:o,tenantId:a,options:r}),(e=>e.token)),fetchTenantTokenByScopes:(t,o,a,r)=>s.transformResponse(e.post(y.fetchTenantTokenByScopes,{appId:t,tenantId:o,scopes:a,options:r}),(e=>e.token)),fetchTenantToken:(t,o,a)=>s.transformResponse(e.post(y.fetchTenantToken,{appId:t,tenantId:o,options:a}),(e=>e.token))});const Q=o=>{var a,n,u,{authManagementKey:g,managementKey:v,publicKey:f}=o,h=e.__rest(o,["authManagementKey","managementKey","publicKey"]);const R={"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(a=null===process||void 0===process?void 0:process.versions)||void 0===a?void 0:a.node)||"","x-descope-sdk-version":"1.7.14"},y=Object.assign(Object.assign({fetch:i},h),{baseHeaders:Object.assign(Object.assign({},h.baseHeaders),R),hooks:Object.assign(Object.assign({},h.hooks),{beforeRequest:[e=>(g&&(e.token=e.token?`${e.token}:${g}`:g),e)].concat((null===(n=h.hooks)||void 0===n?void 0:n.beforeRequest)||[])})}),b=r.default(y),{projectId:I,logger:k}=h,A={},S=Object.assign(Object.assign({fetch:i},h),{baseConfig:{baseHeaders:Object.assign(Object.assign({},h.baseHeaders),R)},hooks:Object.assign(Object.assign({},h.hooks),{beforeRequest:[e=>(e.token=v,e)].concat((null===(u=h.hooks)||void 0===u?void 0:u.beforeRequest)||[])})}),O=s.createHttpClient(S),w={user:(j=T=O,{create:function(e,t,o,a,r,n,i,p,m,d,l,u,g,v){const f="string"==typeof t?{loginId:e,email:t,phone:o,displayName:a,givenName:l,middleName:u,familyName:g,roleNames:r,userTenants:n,customAttributes:i,picture:p,verifiedEmail:m,verifiedPhone:d,additionalLoginIds:v}:Object.assign(Object.assign({loginId:e},t),{roleNames:null==t?void 0:t.roles,roles:void 0});return s.transformResponse(j.post(c.create,f),(e=>e.user))},createTestUser:function(e,t,o,a,r,n,i,p,m,d,l,u,g,v){const f="string"==typeof t?{loginId:e,email:t,phone:o,displayName:a,givenName:l,middleName:u,familyName:g,roleNames:r,userTenants:n,customAttributes:i,picture:p,verifiedEmail:m,verifiedPhone:d,additionalLoginIds:v,test:!0}:Object.assign(Object.assign({loginId:e},t),{roleNames:null==t?void 0:t.roles,roles:void 0,test:!0});return s.transformResponse(j.post(c.createTestUser,f),(e=>e.user))},invite:function(e,t,o,a,r,n,i,p,m,d,l,u,g,v,f,h,R,y){const b="string"==typeof t?{loginId:e,email:t,phone:o,displayName:a,givenName:v,middleName:f,familyName:h,roleNames:r,userTenants:n,invite:!0,customAttributes:i,picture:p,verifiedEmail:m,verifiedPhone:d,inviteUrl:l,sendMail:u,sendSMS:g,additionalLoginIds:R,templateId:y}:Object.assign(Object.assign({loginId:e},t),{roleNames:null==t?void 0:t.roles,roles:void 0,invite:!0});return s.transformResponse(j.post(c.create,b),(e=>e.user))},inviteBatch:(e,t,o,a,r,n)=>s.transformResponse(j.post(c.createBatch,{users:E(e),invite:!0,inviteUrl:t,sendMail:o,sendSMS:a,templateOptions:r,templateId:n}),(e=>e)),createBatch:e=>s.transformResponse(j.post(c.createBatch,{users:E(e)}),(e=>e)),deleteBatch:e=>s.transformResponse(j.post(c.deleteBatch,{userIds:e})),update:function(e,t,o,a,r,n,i,p,m,d,l,u,g,v){const f="string"==typeof t?{loginId:e,email:t,phone:o,displayName:a,givenName:l,middleName:u,familyName:g,roleNames:r,userTenants:n,customAttributes:i,picture:p,verifiedEmail:m,verifiedPhone:d,additionalLoginIds:v}:Object.assign(Object.assign({loginId:e},t),{roleNames:null==t?void 0:t.roles,roles:void 0});return s.transformResponse(j.post(c.update,f),(e=>e.user))},patch:function(e,t){const o={loginId:e};return void 0!==t.email&&(o.email=t.email),void 0!==t.phone&&(o.phone=t.phone),void 0!==t.displayName&&(o.displayName=t.displayName),void 0!==t.givenName&&(o.givenName=t.givenName),void 0!==t.middleName&&(o.middleName=t.middleName),void 0!==t.familyName&&(o.familyName=t.familyName),void 0!==t.roles&&(o.roleNames=t.roles),void 0!==t.userTenants&&(o.userTenants=t.userTenants),void 0!==t.customAttributes&&(o.customAttributes=t.customAttributes),void 0!==t.picture&&(o.picture=t.picture),void 0!==t.verifiedEmail&&(o.verifiedEmail=t.verifiedEmail),void 0!==t.verifiedPhone&&(o.verifiedPhone=t.verifiedPhone),void 0!==t.ssoAppIds&&(o.ssoAppIds=t.ssoAppIds),void 0!==t.scim&&(o.scim=t.scim),s.transformResponse(j.patch(c.patch,o),(e=>e.user))},delete:e=>s.transformResponse(j.post(c.delete,{loginId:e})),deleteByUserId:e=>s.transformResponse(j.post(c.delete,{userId:e})),deleteAllTestUsers:()=>s.transformResponse(j.delete(c.deleteAllTestUsers)),load:e=>s.transformResponse(j.get(c.load,{queryParams:{loginId:e}}),(e=>e.user)),loadByUserId:e=>s.transformResponse(j.get(c.load,{queryParams:{userId:e}}),(e=>e.user)),logoutUser:e=>s.transformResponse(j.post(c.logout,{loginId:e})),logoutUserByUserId:e=>s.transformResponse(j.post(c.logout,{userId:e})),searchAll:(e,t,o,a,r,n,i,p,m,d)=>s.transformResponse(j.post(c.search,{tenantIds:e,roleNames:t,limit:o,page:a,testUsersOnly:r,withTestUser:n,customAttributes:i,statuses:p,emails:m,phones:d}),(e=>e.users)),searchTestUsers:e=>s.transformResponse(j.post(c.searchTestUsers,Object.assign(Object.assign({},e),{withTestUser:!0,testUsersOnly:!0,roleNames:e.roles,roles:void 0})),(e=>e.users)),search:e=>s.transformResponse(j.post(c.search,Object.assign(Object.assign({},e),{roleNames:e.roles,roles:void 0})),(e=>e.users)),getProviderToken:(e,t,o)=>s.transformResponse(j.get(c.getProviderToken,{queryParams:{loginId:e,provider:t,withRefreshToken:(null==o?void 0:o.withRefreshToken)?"true":"false",forceRefresh:(null==o?void 0:o.forceRefresh)?"true":"false"}}),(e=>e)),activate:e=>s.transformResponse(j.post(c.updateStatus,{loginId:e,status:"enabled"}),(e=>e.user)),deactivate:e=>s.transformResponse(j.post(c.updateStatus,{loginId:e,status:"disabled"}),(e=>e.user)),updateLoginId:(e,t)=>s.transformResponse(j.post(c.updateLoginId,{loginId:e,newLoginId:t}),(e=>e.user)),updateEmail:(e,t,o)=>s.transformResponse(j.post(c.updateEmail,{loginId:e,email:t,verified:o}),(e=>e.user)),updatePhone:(e,t,o)=>s.transformResponse(j.post(c.updatePhone,{loginId:e,phone:t,verified:o}),(e=>e.user)),updateDisplayName:(e,t,o,a,r)=>s.transformResponse(j.post(c.updateDisplayName,{loginId:e,displayName:t,givenName:o,middleName:a,familyName:r}),(e=>e.user)),updatePicture:(e,t)=>s.transformResponse(j.post(c.updatePicture,{loginId:e,picture:t}),(e=>e.user)),updateCustomAttribute:(e,t,o)=>s.transformResponse(j.post(c.updateCustomAttribute,{loginId:e,attributeKey:t,attributeValue:o}),(e=>e.user)),setRoles:(e,t)=>s.transformResponse(j.post(c.setRole,{loginId:e,roleNames:t}),(e=>e.user)),addRoles:(e,t)=>s.transformResponse(j.post(c.addRole,{loginId:e,roleNames:t}),(e=>e.user)),removeRoles:(e,t)=>s.transformResponse(j.post(c.removeRole,{loginId:e,roleNames:t}),(e=>e.user)),addTenant:(e,t)=>s.transformResponse(j.post(c.addTenant,{loginId:e,tenantId:t}),(e=>e.user)),removeTenant:(e,t)=>s.transformResponse(j.post(c.removeTenant,{loginId:e,tenantId:t}),(e=>e.user)),setTenantRoles:(e,t,o)=>s.transformResponse(j.post(c.setRole,{loginId:e,tenantId:t,roleNames:o}),(e=>e.user)),addTenantRoles:(e,t,o)=>s.transformResponse(j.post(c.addRole,{loginId:e,tenantId:t,roleNames:o}),(e=>e.user)),removeTenantRoles:(e,t,o)=>s.transformResponse(j.post(c.removeRole,{loginId:e,tenantId:t,roleNames:o}),(e=>e.user)),addSSOapps:(e,t)=>s.transformResponse(j.post(c.addSSOApps,{loginId:e,ssoAppIds:t}),(e=>e.user)),setSSOapps:(e,t)=>s.transformResponse(j.post(c.setSSOApps,{loginId:e,ssoAppIds:t}),(e=>e.user)),removeSSOapps:(e,t)=>s.transformResponse(j.post(c.removeSSOApps,{loginId:e,ssoAppIds:t}),(e=>e.user)),generateOTPForTestUser:(e,t,o)=>s.transformResponse(j.post(c.generateOTPForTest,{deliveryMethod:e,loginId:t,loginOptions:o}),(e=>e)),generateMagicLinkForTestUser:(e,t,o,a)=>s.transformResponse(j.post(c.generateMagicLinkForTest,{deliveryMethod:e,loginId:t,URI:o,loginOptions:a}),(e=>e)),generateEnchantedLinkForTestUser:(e,t,o)=>s.transformResponse(j.post(c.generateEnchantedLinkForTest,{loginId:e,URI:t,loginOptions:o}),(e=>e)),generateEmbeddedLink:(e,t,o)=>s.transformResponse(j.post(c.generateEmbeddedLink,{loginId:e,customClaims:t,timeout:o}),(e=>e)),generateSignUpEmbeddedLink:(e,t,o,a,r,n)=>s.transformResponse(j.post(c.generateSignUpEmbeddedLink,{loginId:e,user:t,emailVerified:o,phoneVerified:a,loginOptions:r,timeout:n}),(e=>e)),setTemporaryPassword:(e,t)=>s.transformResponse(j.post(c.setTemporaryPassword,{loginId:e,password:t}),(e=>e)),setActivePassword:(e,t)=>s.transformResponse(j.post(c.setActivePassword,{loginId:e,password:t}),(e=>e)),setPassword:(e,t)=>s.transformResponse(j.post(c.setPassword,{loginId:e,password:t}),(e=>e)),expirePassword:e=>s.transformResponse(j.post(c.expirePassword,{loginId:e}),(e=>e)),removeAllPasskeys:e=>s.transformResponse(j.post(c.removeAllPasskeys,{loginId:e}),(e=>e)),removeTOTPSeed:e=>s.transformResponse(j.post(c.removeTOTPSeed,{loginId:e}),(e=>e)),history:e=>s.transformResponse(j.post(c.history,e),(e=>e))}),project:M(T),accessKey:z(T),tenant:U(T),ssoApplication:W(T),inboundApplication:V(T),outboundApplication:_(T),sso:F(T),jwt:x(T),permission:D(T),password:G(T),role:L(T),group:C(T),flow:B(T),theme:J(T),audit:$(T),authz:K(T),fga:H(T)};var T,j;const N=Object.assign(Object.assign({},b),{refresh:async(e,s)=>b.refresh(e,void 0,s),management:w,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(A[e.kid])return A[e.kid];if(Object.assign(A,await(async()=>{if(f)try{const e=JSON.parse(f),s=await t.importJWK(e);return{[e.kid]:s}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await b.httpClient.get(`v2/keys/${I}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await t.importJWK(e)])))).reduce(((e,[s,t])=>s?Object.assign(Object.assign({},e),{[s.toString()]:t}):e),{}):{}})()),!A[e.kid])throw Error("failed to fetch matching key");return A[e.kid]},async validateJwt(e){var s;const o=(await t.jwtVerify(e,N.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(s=o.iss)||void 0===s?void 0:s.split("/").pop(),o.iss!==I))throw new t.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await N.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var s,t,o,a,r,n;if(!e)throw Error("refresh token is required to refresh a session");try{await N.validateJwt(e);const i=await N.refresh(e);if(i.ok){const e=p(null===(t=null===(s=i.data)||void 0===s?void 0:s.cookies)||void 0===t?void 0:t.join(";"),"DS")||(null===(o=i.data)||void 0===o?void 0:o.sessionJwt),n=await N.validateJwt(e);return n.cookies=(null===(a=i.data)||void 0===a?void 0:a.cookies)||[],(null===(r=i.data)||void 0===r?void 0:r.refreshJwt)&&(n.refreshJwt=i.data.refreshJwt),n}throw Error(null===(n=i.error)||void 0===n?void 0:n.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,s){if(!e&&!s)throw Error("both session and refresh tokens are empty");try{return await N.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return N.refreshSession(s)},async exchangeAccessKey(e,s){var t;if(!e)throw Error("access key must not be empty");let o;try{o=await N.accessKey.exchange(e,s)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!o.ok)throw null==k||k.error("failed to exchange access key",o.error),Error(`could not exchange access key - ${null===(t=o.error)||void 0===t?void 0:t.errorMessage}`);const{sessionJwt:a}=o.data;if(!a)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await N.validateJwt(a)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,s)=>N.validateTenantPermissions(e,"",s),getMatchedPermissions:(e,s)=>N.getMatchedTenantPermissions(e,"",s),validateTenantPermissions(e,s,t){if(s&&!l(e,s))return!1;const o=d(e,"permissions",s);return t.every((e=>o.includes(e)))},getMatchedTenantPermissions(e,s,t){if(s&&!l(e,s))return[];const o=d(e,"permissions",s);return t.filter((e=>o.includes(e)))},validateRoles:(e,s)=>N.validateTenantRoles(e,"",s),getMatchedRoles:(e,s)=>N.getMatchedTenantRoles(e,"",s),validateTenantRoles(e,s,t){if(s&&!l(e,s))return!1;const o=d(e,"roles",s);return t.every((e=>o.includes(e)))},getMatchedTenantRoles(e,s,t){if(s&&!l(e,s))return[];const o=d(e,"roles",s);return t.filter((e=>o.includes(e)))}});return s.wrapWith(N,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};Q.RefreshTokenCookieName="DSR",Q.SessionTokenCookieName="DS",Q.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},module.exports=Q;
|
|
2
2
|
//# sourceMappingURL=index.cjs.js.map
|