@descope/node-sdk 1.7.12 → 1.7.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +62 -0
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +39 -106
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +2 -2
package/dist/index.d.ts CHANGED
@@ -153,6 +153,10 @@ declare type AttributeMapping = {
153
153
  declare type UpdateJWTResponse = {
154
154
  jwt: string;
155
155
  };
156
+ /** Client assertion JWT response for OAuth flows */
157
+ declare type ClientAssertionResponse = {
158
+ jwt: string;
159
+ };
156
160
  /** Represents a tenant in a project. It has an id, a name and an array of
157
161
  * self provisioning domains used to associate users with that tenant.
158
162
  */
@@ -882,7 +886,7 @@ declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] &
882
886
  };
883
887
  declare const nodeSdk: {
884
888
  ({ authManagementKey, managementKey, publicKey, ...config }: NodeSdkArgs): {
885
- refresh: (token?: string) => Promise<SdkResponse<JWTResponse & {
889
+ refresh: (token?: string, externalToken?: string) => Promise<SdkResponse<JWTResponse & {
886
890
  refreshJwt?: string;
887
891
  cookies?: string[];
888
892
  }>>;
@@ -908,6 +912,7 @@ declare const nodeSdk: {
908
912
  };
909
913
  inviteBatch: (users: User[], inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean, templateOptions?: TemplateOptions, templateId?: string) => Promise<SdkResponse<CreateOrInviteBatchResponse>>;
910
914
  createBatch: (users: User[]) => Promise<SdkResponse<CreateOrInviteBatchResponse>>;
915
+ deleteBatch: (userIds: string[]) => Promise<SdkResponse<never>>;
911
916
  update: {
912
917
  (loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
913
918
  (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -931,6 +936,7 @@ declare const nodeSdk: {
931
936
  text?: string;
932
937
  emails?: string[];
933
938
  phones?: string[];
939
+ /** Configuration arguments which include the Descope core SDK args and an optional management key */
934
940
  statuses?: UserStatus[];
935
941
  roles?: string[];
936
942
  tenantIds?: string[];
@@ -944,8 +950,14 @@ declare const nodeSdk: {
944
950
  toCreatedTime?: number;
945
951
  fromModifiedTime?: number;
946
952
  toModifiedTime?: number;
947
- tenantRoleIds?: Record<string, string[]>;
948
- tenantRoleNames?: Record<string, string[]>;
953
+ tenantRoleIds?: Record<string, {
954
+ values: string[];
955
+ and?: boolean;
956
+ }>;
957
+ tenantRoleNames?: Record<string, {
958
+ values: string[];
959
+ and?: boolean;
960
+ }>;
949
961
  }) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
950
962
  search: (searchReq: {
951
963
  page?: number;
@@ -957,6 +969,7 @@ declare const nodeSdk: {
957
969
  text?: string;
958
970
  emails?: string[];
959
971
  phones?: string[];
972
+ /** Configuration arguments which include the Descope core SDK args and an optional management key */
960
973
  statuses?: UserStatus[];
961
974
  roles?: string[];
962
975
  tenantIds?: string[];
@@ -970,8 +983,14 @@ declare const nodeSdk: {
970
983
  toCreatedTime?: number;
971
984
  fromModifiedTime?: number;
972
985
  toModifiedTime?: number;
973
- tenantRoleIds?: Record<string, string[]>;
974
- tenantRoleNames?: Record<string, string[]>;
986
+ tenantRoleIds?: Record<string, {
987
+ values: string[];
988
+ and?: boolean;
989
+ }>;
990
+ tenantRoleNames?: Record<string, {
991
+ values: string[];
992
+ and?: boolean;
993
+ }>;
975
994
  }) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
976
995
  getProviderToken: (loginId: string, provider: string, providerTokenOptions?: ProviderTokenOptions) => Promise<SdkResponse<ProviderTokenResponse>>;
977
996
  activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -1118,6 +1137,7 @@ declare const nodeSdk: {
1118
1137
  cookieExpiration?: number;
1119
1138
  sessionExpiration: number;
1120
1139
  }>>;
1140
+ generateClientAssertionJwt: (issuer: string, subject: string, audience: string[], expiresIn: number) => Promise<SdkResponse<ClientAssertionResponse>>;
1121
1141
  };
1122
1142
  permission: {
1123
1143
  create: (name: string, description?: string) => Promise<SdkResponse<never>>;
@@ -1145,7 +1165,6 @@ declare const nodeSdk: {
1145
1165
  list: () => Promise<SdkResponse<FlowsResponse>>;
1146
1166
  delete: (flowIds: string[]) => Promise<SdkResponse<never>>;
1147
1167
  export: (flowId: string) => Promise<SdkResponse<FlowResponse>>;
1148
- /** Configuration arguments which include the Descope core SDK args and an optional management key */
1149
1168
  import: (flowId: string, flow: Flow, screens?: Screen[]) => Promise<SdkResponse<FlowResponse>>;
1150
1169
  run: (flowId: string, options?: ManagementFlowOptions) => Promise<SdkResponse<Record<string, any>>>;
1151
1170
  };
@@ -1321,12 +1340,7 @@ declare const nodeSdk: {
1321
1340
  };
1322
1341
  update: {
1323
1342
  email: <T extends boolean>(loginId: string, email: string, token?: string, updateOptions?: {
1324
- addToLoginIDs?: T; /**
1325
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1326
- * @param authInfo JWT parsed info containing the permissions
1327
- * @param permissions List of permissions to match against the JWT claims
1328
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1329
- */
1343
+ addToLoginIDs?: T;
1330
1344
  onMergeUseExisting?: T extends true ? boolean : never;
1331
1345
  templateOptions?: {
1332
1346
  [x: string]: string;
@@ -1338,12 +1352,7 @@ declare const nodeSdk: {
1338
1352
  }>>;
1339
1353
  phone: {
1340
1354
  sms: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1341
- addToLoginIDs?: T_1; /**
1342
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1343
- * @param authInfo JWT parsed info containing the permissions
1344
- * @param permissions List of permissions to match against the JWT claims
1345
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1346
- */
1355
+ addToLoginIDs?: T_1;
1347
1356
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1348
1357
  templateOptions?: {
1349
1358
  [x: string]: string;
@@ -1354,12 +1363,7 @@ declare const nodeSdk: {
1354
1363
  maskedPhone: string;
1355
1364
  }>>;
1356
1365
  voice: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1357
- addToLoginIDs?: T_1; /**
1358
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1359
- * @param authInfo JWT parsed info containing the permissions
1360
- * @param permissions List of permissions to match against the JWT claims
1361
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1362
- */
1366
+ addToLoginIDs?: T_1;
1363
1367
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1364
1368
  templateOptions?: {
1365
1369
  [x: string]: string;
@@ -1370,12 +1374,7 @@ declare const nodeSdk: {
1370
1374
  maskedPhone: string;
1371
1375
  }>>;
1372
1376
  whatsapp: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1373
- addToLoginIDs?: T_1; /**
1374
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1375
- * @param authInfo JWT parsed info containing the permissions
1376
- * @param permissions List of permissions to match against the JWT claims
1377
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1378
- */
1377
+ addToLoginIDs?: T_1;
1379
1378
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1380
1379
  templateOptions?: {
1381
1380
  [x: string]: string;
@@ -1513,12 +1512,7 @@ declare const nodeSdk: {
1513
1512
  };
1514
1513
  update: {
1515
1514
  email: <T_2 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
1516
- addToLoginIDs?: T_2; /**
1517
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1518
- * @param authInfo JWT parsed info containing the permissions
1519
- * @param permissions List of permissions to match against the JWT claims
1520
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1521
- */
1515
+ addToLoginIDs?: T_2;
1522
1516
  onMergeUseExisting?: T_2 extends true ? boolean : never;
1523
1517
  templateOptions?: {
1524
1518
  [x: string]: string;
@@ -1530,12 +1524,7 @@ declare const nodeSdk: {
1530
1524
  }>>;
1531
1525
  phone: {
1532
1526
  sms: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1533
- addToLoginIDs?: T_3; /**
1534
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1535
- * @param authInfo JWT parsed info containing the permissions
1536
- * @param permissions List of permissions to match against the JWT claims
1537
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1538
- */
1527
+ addToLoginIDs?: T_3;
1539
1528
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1540
1529
  templateOptions?: {
1541
1530
  [x: string]: string;
@@ -1546,12 +1535,7 @@ declare const nodeSdk: {
1546
1535
  maskedPhone: string;
1547
1536
  }>>;
1548
1537
  voice: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1549
- addToLoginIDs?: T_3; /**
1550
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1551
- * @param authInfo JWT parsed info containing the permissions
1552
- * @param permissions List of permissions to match against the JWT claims
1553
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1554
- */
1538
+ addToLoginIDs?: T_3;
1555
1539
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1556
1540
  templateOptions?: {
1557
1541
  [x: string]: string;
@@ -1562,12 +1546,7 @@ declare const nodeSdk: {
1562
1546
  maskedPhone: string;
1563
1547
  }>>;
1564
1548
  whatsapp: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1565
- addToLoginIDs?: T_3; /**
1566
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1567
- * @param authInfo JWT parsed info containing the permissions
1568
- * @param permissions List of permissions to match against the JWT claims
1569
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1570
- */
1549
+ addToLoginIDs?: T_3;
1571
1550
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1572
1551
  templateOptions?: {
1573
1552
  [x: string]: string;
@@ -1616,12 +1595,7 @@ declare const nodeSdk: {
1616
1595
  }) => Promise<SdkResponse<JWTResponse>>;
1617
1596
  update: {
1618
1597
  email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
1619
- addToLoginIDs?: T_4; /**
1620
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1621
- * @param authInfo JWT parsed info containing the permissions
1622
- * @param permissions List of permissions to match against the JWT claims
1623
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1624
- */
1598
+ addToLoginIDs?: T_4;
1625
1599
  onMergeUseExisting?: T_4 extends true ? boolean : never;
1626
1600
  templateOptions?: {
1627
1601
  [x: string]: string;
@@ -1661,10 +1635,12 @@ declare const nodeSdk: {
1661
1635
  connect: (appId: string, options?: {
1662
1636
  redirectUrl?: string;
1663
1637
  scopes?: string[];
1638
+ tenantId?: string;
1639
+ tenantLevel?: boolean;
1664
1640
  }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1665
1641
  };
1666
1642
  saml: {
1667
- start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1643
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1668
1644
  exchange: (code: string) => Promise<SdkResponse<JWTResponse & {
1669
1645
  refreshJwt?: string;
1670
1646
  cookies?: string[];
@@ -1829,6 +1805,7 @@ declare const nodeSdk: {
1829
1805
  locale?: string;
1830
1806
  oidcPrompt?: string;
1831
1807
  oidcErrorRedirectUri?: string;
1808
+ oidcResource?: string;
1832
1809
  nativeOptions?: {
1833
1810
  platform: "ios" | "android";
1834
1811
  oauthProvider?: string;
@@ -1862,51 +1839,7 @@ declare const nodeSdk: {
1862
1839
  getJwtPermissions: (token: string, tenant?: string) => string[];
1863
1840
  getJwtRoles: (token: string, tenant?: string) => string[];
1864
1841
  getCurrentTenant: (token: string) => string;
1865
- httpClient: {
1866
- get: (path: string, config?: {
1867
- headers?: HeadersInit;
1868
- queryParams?: {
1869
- [key: string]: string;
1870
- };
1871
- token?: string;
1872
- }) => Promise<Response>;
1873
- post: (path: string, body?: any, config?: {
1874
- headers?: HeadersInit;
1875
- queryParams?: {
1876
- [key: string]: string;
1877
- };
1878
- token?: string;
1879
- }) => Promise<Response>;
1880
- patch: (path: string, body?: any, config?: {
1881
- headers?: HeadersInit;
1882
- queryParams?: {
1883
- [key: string]: string;
1884
- };
1885
- token?: string;
1886
- }) => Promise<Response>;
1887
- put: (path: string, body?: any, config?: {
1888
- headers?: HeadersInit;
1889
- queryParams?: {
1890
- [key: string]: string;
1891
- };
1892
- token?: string;
1893
- }) => Promise<Response>;
1894
- delete: (path: string, config?: {
1895
- headers?: HeadersInit;
1896
- queryParams?: {
1897
- [key: string]: string;
1898
- };
1899
- token?: string;
1900
- }) => Promise<Response>;
1901
- hooks?: {
1902
- beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
1903
- afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
1904
- transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
1905
- };
1906
- buildUrl: (path: string, queryParams?: {
1907
- [key: string]: string;
1908
- }) => string;
1909
- };
1842
+ httpClient: _descope_core_js_sdk.HttpClient;
1910
1843
  };
1911
1844
  /** Descope SDK client with delivery methods enum.
1912
1845
  *
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as n}from"@descope/core-js-sdk";import{jwtVerify as o,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=r);const d=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null},c=t=>async(...s)=>{var n,o,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,p=e(r,["refreshJwt"]);const d=[];var c;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(c=p)?void 0:c.cookieDomain)||""}; Max-Age=${(null==c?void 0:c.cookieMaxAge)||""}; Path=${(null==c?void 0:c.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=m(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:d})})};function g(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function u(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var h={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},v={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},k={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},C={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},f={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},y={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},I={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},b={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps",fetchToken:"/v1/mgmt/outbound/app/user/token/latest",fetchTokenByScopes:"/v1/mgmt/outbound/app/user/token",fetchTenantToken:"/v1/mgmt/outbound/app/tenant/token/latest",fetchTenantTokenByScopes:"/v1/mgmt/outbound/app/tenant/token"},A={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},S={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},O={settings:"/v1/mgmt/password/settings"},w={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},T={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},j={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import",run:"/v1/mgmt/flow/run"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},N={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},P={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},E={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},M={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};function U(t){return t.map((t=>{var{roles:s}=t,n=e(t,["roles"]);return Object.assign(Object.assign({},n),{roleNames:s})}))}function x(e){if(e&&0!==Object.keys(e).length)return Object.fromEntries(Object.entries(e).map((([e,t])=>[e,{values:t}])))}const D=(e,t)=>({create:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(h.create,C,{token:t}),(e=>e.user))},createTestUser:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(h.createTestUser,C,{token:t}),(e=>e.user))},invite:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k,C,f,y,I){const b="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:u,sendSMS:v,additionalLoginIds:y,templateId:I}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(h.create,b,{token:t}),(e=>e.user))},inviteBatch:(n,o,a,i,r,l)=>s(e.httpClient.post(h.createBatch,{users:U(n),invite:!0,inviteUrl:o,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),createBatch:n=>s(e.httpClient.post(h.createBatch,{users:U(n)},{token:t}),(e=>e)),update:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(h.update,C,{token:t}),(e=>e.user))},patch:function(n,o){const a={loginId:n};return void 0!==o.email&&(a.email=o.email),void 0!==o.phone&&(a.phone=o.phone),void 0!==o.displayName&&(a.displayName=o.displayName),void 0!==o.givenName&&(a.givenName=o.givenName),void 0!==o.middleName&&(a.middleName=o.middleName),void 0!==o.familyName&&(a.familyName=o.familyName),void 0!==o.roles&&(a.roleNames=o.roles),void 0!==o.userTenants&&(a.userTenants=o.userTenants),void 0!==o.customAttributes&&(a.customAttributes=o.customAttributes),void 0!==o.picture&&(a.picture=o.picture),void 0!==o.verifiedEmail&&(a.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(a.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(a.ssoAppIds=o.ssoAppIds),void 0!==o.scim&&(a.scim=o.scim),s(e.httpClient.patch(h.patch,a,{token:t}),(e=>e.user))},delete:n=>s(e.httpClient.post(h.delete,{loginId:n},{token:t})),deleteByUserId:n=>s(e.httpClient.post(h.delete,{userId:n},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(h.deleteAllTestUsers,{token:t})),load:n=>s(e.httpClient.get(h.load,{queryParams:{loginId:n},token:t}),(e=>e.user)),loadByUserId:n=>s(e.httpClient.get(h.load,{queryParams:{userId:n},token:t}),(e=>e.user)),logoutUser:n=>s(e.httpClient.post(h.logout,{loginId:n},{token:t})),logoutUserByUserId:n=>s(e.httpClient.post(h.logout,{userId:n},{token:t})),searchAll:(n,o,a,i,r,l,p,d,m,c)=>s(e.httpClient.post(h.search,{tenantIds:n,roleNames:o,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:p,statuses:d,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:n=>s(e.httpClient.post(h.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0,tenantRoleIds:x(n.tenantRoleIds),tenantRoleNames:x(n.tenantRoleNames)}),{token:t}),(e=>e.users)),search:n=>s(e.httpClient.post(h.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0,tenantRoleIds:x(n.tenantRoleIds),tenantRoleNames:x(n.tenantRoleNames)}),{token:t}),(e=>e.users)),getProviderToken:(n,o,a)=>s(e.httpClient.get(h.getProviderToken,{queryParams:{loginId:n,provider:o,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:n=>s(e.httpClient.post(h.updateStatus,{loginId:n,status:"enabled"},{token:t}),(e=>e.user)),deactivate:n=>s(e.httpClient.post(h.updateStatus,{loginId:n,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(n,o)=>s(e.httpClient.post(h.updateLoginId,{loginId:n,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(n,o,a)=>s(e.httpClient.post(h.updateEmail,{loginId:n,email:o,verified:a},{token:t}),(e=>e.user)),updatePhone:(n,o,a)=>s(e.httpClient.post(h.updatePhone,{loginId:n,phone:o,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(n,o,a,i,r)=>s(e.httpClient.post(h.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(n,o)=>s(e.httpClient.post(h.updatePicture,{loginId:n,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>s(e.httpClient.post(h.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(n,o)=>s(e.httpClient.post(h.setRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addRoles:(n,o)=>s(e.httpClient.post(h.addRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(n,o)=>s(e.httpClient.post(h.removeRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addTenant:(n,o)=>s(e.httpClient.post(h.addTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(n,o)=>s(e.httpClient.post(h.removeTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(n,o,a)=>s(e.httpClient.post(h.setRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(n,o,a)=>s(e.httpClient.post(h.addRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(n,o,a)=>s(e.httpClient.post(h.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(n,o)=>s(e.httpClient.post(h.addSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(n,o)=>s(e.httpClient.post(h.setSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(n,o)=>s(e.httpClient.post(h.removeSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>s(e.httpClient.post(h.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,i)=>s(e.httpClient.post(h.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>s(e.httpClient.post(h.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(n,o,a)=>s(e.httpClient.post(h.generateEmbeddedLink,{loginId:n,customClaims:o,timeout:a},{token:t}),(e=>e)),generateSignUpEmbeddedLink:(n,o,a,i,r,l)=>s(e.httpClient.post(h.generateSignUpEmbeddedLink,{loginId:n,user:o,emailVerified:a,phoneVerified:i,loginOptions:r,timeout:l},{token:t}),(e=>e)),setTemporaryPassword:(n,o)=>s(e.httpClient.post(h.setTemporaryPassword,{loginId:n,password:o},{token:t}),(e=>e)),setActivePassword:(n,o)=>s(e.httpClient.post(h.setActivePassword,{loginId:n,password:o},{token:t}),(e=>e)),setPassword:(n,o)=>s(e.httpClient.post(h.setPassword,{loginId:n,password:o},{token:t}),(e=>e)),expirePassword:n=>s(e.httpClient.post(h.expirePassword,{loginId:n},{token:t}),(e=>e)),removeAllPasskeys:n=>s(e.httpClient.post(h.removeAllPasskeys,{loginId:n},{token:t}),(e=>e)),removeTOTPSeed:n=>s(e.httpClient.post(h.removeTOTPSeed,{loginId:n},{token:t}),(e=>e)),history:n=>s(e.httpClient.post(h.history,n,{token:t}),(e=>e))}),L=(e,t)=>({updateName:n=>s(e.httpClient.post(v.updateName,{name:n},{token:t})),updateTags:n=>s(e.httpClient.post(v.updateTags,{tags:n},{token:t})),clone:(n,o,a)=>s(e.httpClient.post(v.clone,{name:n,environment:o,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(v.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t})),importSnapshot:n=>s(e.httpClient.post(v.importSnapshot,n,{token:t})),validateSnapshot:n=>s(e.httpClient.post(v.validateSnapshot,n,{token:t})),export:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t}),(e=>e.files)),import:n=>s(e.httpClient.post(v.importSnapshot,{files:n},{token:t}))}),F=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(C.create,{name:n,selfProvisioningDomains:o,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(n,o,a,i,r,l)=>s(e.httpClient.post(C.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(C.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(C.delete,{id:n,cascade:o},{token:t})),load:n=>s(e.httpClient.get(C.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.tenants)),searchAll:(n,o,a,i)=>s(e.httpClient.post(C.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:n=>s(e.httpClient.get(C.settings,{queryParams:{id:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(C.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t})),generateSSOConfigurationLink:(n,o,a,i,r)=>s(e.httpClient.post(C.generateSSOConfigurationLink,{tenantId:n,expireTime:o,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),q=(e,t)=>({update:(n,o,a)=>s(e.httpClient.post(S.update,{jwt:n,customClaims:o,refreshDuration:a},{token:t})),impersonate:(n,o,a,i,r,l)=>s(e.httpClient.post(S.impersonate,{impersonatorId:n,loginId:o,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(n,o,a,i)=>s(e.httpClient.post(S.stopImpersonation,{jwt:n,customClaims:o,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(n,o)=>s(e.httpClient.post(S.signIn,Object.assign({loginId:n},o),{token:t})),signUp:(n,o,a)=>s(e.httpClient.post(S.signUp,Object.assign({loginId:n,user:o},a),{token:t})),signUpOrIn:(n,o,a)=>s(e.httpClient.post(S.signUpOrIn,Object.assign({loginId:n,user:o},a),{token:t})),anonymous:(n,o,a)=>s(e.httpClient.post(S.anonymous,{customClaims:n,selectedTenant:o,refreshDuration:a},{token:t}))}),z=(e,t)=>({create:(n,o)=>s(e.httpClient.post(w.create,{name:n,description:o},{token:t})),update:(n,o,a)=>s(e.httpClient.post(w.update,{name:n,newName:o,description:a},{token:t})),delete:n=>s(e.httpClient.post(w.delete,{name:n},{token:t})),loadAll:()=>s(e.httpClient.get(w.loadAll,{token:t}),(e=>e.permissions))}),$=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(T.create,{name:n,description:o,permissionNames:a,tenantId:i,default:r},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(T.update,{name:n,newName:o,description:a,permissionNames:i,tenantId:r,default:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(T.delete,{name:n,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(T.loadAll,{token:t}),(e=>e.roles)),search:n=>s(e.httpClient.post(T.search,n,{token:t}),(e=>e.roles))}),B=(e,t)=>({loadAllGroups:n=>s(e.httpClient.post(N.loadAllGroups,{tenantId:n},{token:t})),loadAllGroupsForMember:(n,o,a)=>s(e.httpClient.post(N.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:t})),loadAllGroupMembers:(n,o)=>s(e.httpClient.post(N.loadAllGroupMembers,{tenantId:n,groupId:o},{token:t}))});function J(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const K=(e,t)=>({getSettings:n=>s(e.httpClient.get(A.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),newSettings:(n,o,a)=>s(e.httpClient.post(A.settingsNew,Object.assign(Object.assign({tenantId:n},o?{ssoId:o}:{}),{displayName:a}),{token:t}),(e=>J(e))),deleteSettings:(n,o)=>s(e.httpClient.delete(A.settings,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t})),configureSettings:(n,o,a,i,r,l)=>s(e.httpClient.post(A.settings,{tenantId:n,idpURL:o,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(n,o,a,i)=>s(e.httpClient.post(A.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:i},{token:t})),configureMapping:(n,o,a)=>s(e.httpClient.post(A.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:t})),configureOIDCSettings:(n,o,a,i)=>{const r=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(A.oidc.configure,Object.assign({tenantId:n,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(n,o,a,i,r)=>s(e.httpClient.post(A.saml.configure,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(n,o,a,i,r)=>s(e.httpClient.post(A.saml.metadata,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(n,o)=>s(e.httpClient.get(A.settingsv2,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t}),(e=>J(e))),loadAllSettings:n=>s(e.httpClient.get(A.settingsAllV2,{queryParams:{tenantId:n},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(J(e)))),s}(e)))}),G=(e,t)=>({create:(n,o,a,i,r,l,p,d)=>s(e.httpClient.post(k.create,{name:n,expireTime:o,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:p,permittedIps:d},{token:t})),load:n=>s(e.httpClient.get(k.load,{queryParams:{id:n},token:t}),(e=>e.key)),searchAll:n=>s(e.httpClient.post(k.search,{tenantIds:n},{token:t}),(e=>e.keys)),update:(n,o,a,i,r,l,p)=>s(e.httpClient.post(k.update,{id:n,name:o,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:p},{token:t}),(e=>e.key)),deactivate:n=>s(e.httpClient.post(k.deactivate,{id:n},{token:t})),activate:n=>s(e.httpClient.post(k.activate,{id:n},{token:t})),delete:n=>s(e.httpClient.post(k.delete,{id:n},{token:t}))}),W=(e,t)=>({list:()=>s(e.httpClient.post(j.list,{},{token:t})),delete:n=>s(e.httpClient.post(j.delete,{ids:n},{token:t})),export:n=>s(e.httpClient.post(j.export,{flowId:n},{token:t})),import:(n,o,a)=>s(e.httpClient.post(j.import,{flowId:n,flow:o,screens:a},{token:t})),run:(n,o)=>s(e.httpClient.post(j.run,{flowId:n,options:o},{token:t}),(e=>null==e?void 0:e.output))}),V=(e,t)=>({export:()=>s(e.httpClient.post(R.export,{},{token:t})),import:n=>s(e.httpClient.post(R.import,{theme:n},{token:t}))}),H=(e,t)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,s(e.httpClient.post(P.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const o=Object.assign({},n);return s(e.httpClient.post(P.createEvent,o,{token:t}))}}),Q=(e,t)=>({saveSchema:(n,o)=>s(e.httpClient.post(E.schemaSave,{schema:n,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(E.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(n,o,a)=>s(e.httpClient.post(E.nsSave,{namespace:n,oldName:o,schemaName:a},{token:t})),deleteNamespace:(n,o)=>s(e.httpClient.post(E.nsDelete,{name:n,schemaName:o},{token:t})),saveRelationDefinition:(n,o,a,i)=>s(e.httpClient.post(E.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(n,o,a)=>s(e.httpClient.post(E.rdDelete,{name:n,namespace:o,schemaName:a},{token:t})),createRelations:n=>s(e.httpClient.post(E.reCreate,{relations:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(E.reDelete,{relations:n},{token:t})),deleteRelationsForResources:n=>s(e.httpClient.post(E.reDeleteResources,{resources:n},{token:t})),deleteResourceRelationsForResources:n=>s(e.httpClient.post(E.reDeleteResourceRelationsForResources,{resources:n},{token:t})),deleteRelationsForIds:n=>s(e.httpClient.post(E.reDeleteResources,{resources:n},{token:t})),hasRelations:n=>s(e.httpClient.post(E.hasRelations,{relationQueries:n},{token:t}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>s(e.httpClient.post(E.who,{resource:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(n,o=!1)=>s(e.httpClient.post(E.resource,{resource:n,ignoreTargetSetRelations:o},{token:t}),(e=>e.relations)),targetsRelations:(n,o=!1)=>s(e.httpClient.post(E.targets,{targets:n,includeTargetSetRelations:o},{token:t}),(e=>e.relations)),whatCanTargetAccess:n=>s(e.httpClient.post(E.targetAll,{target:n},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,o,a)=>s(e.httpClient.post(E.targetWithRelation,{target:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>s(e.httpClient.post(E.getModified,{since:n?n.getTime():0},{token:t}),(e=>e))}),_=(e,t)=>({createOidcApplication:n=>{var o;return s(e.httpClient.post(f.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:n=>{var o;return s(e.httpClient.post(f.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:n=>s(e.httpClient.post(f.oidcUpdate,Object.assign({},n),{token:t})),updateSamlApplication:n=>s(e.httpClient.post(f.samlUpdate,Object.assign({},n),{token:t})),delete:n=>s(e.httpClient.post(f.delete,{id:n},{token:t})),load:n=>s(e.httpClient.get(f.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.apps))}),X=(e,t)=>({getSettings:n=>s(e.httpClient.get(O.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(O.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t}))}),Y=(e,t)=>({saveSchema:n=>s(e.httpClient.post(M.schema,n,{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),createRelations:n=>s(e.httpClient.post(M.relations,{tuples:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(M.deleteRelations,{tuples:n},{token:t})),check:n=>s(e.httpClient.post(M.check,{tuples:n},{token:t}),(e=>e.tuples)),loadResourcesDetails:n=>s(e.httpClient.post(M.resourcesLoad,{resourceIdentifiers:n},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:n=>s(e.httpClient.post(M.resourcesSave,{resourcesDetails:n},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(M.relations,{token:t}))}),Z=(e,t)=>({createApplication:n=>s(e.httpClient.post(y.create,Object.assign({},n),{token:t})),updateApplication:n=>s(e.httpClient.post(y.update,Object.assign({},n),{token:t})),patchApplication:n=>s(e.httpClient.post(y.patch,Object.assign({},n),{token:t})),deleteApplication:n=>s(e.httpClient.post(y.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(y.load,{queryParams:{id:n},token:t}),(e=>e)),loadAllApplications:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.apps)),getApplicationSecret:n=>s(e.httpClient.get(y.secret,{queryParams:{id:n},token:t}),(e=>e)),rotateApplicationSecret:n=>s(e.httpClient.post(y.rotate,{id:n},{token:t})),searchConsents:n=>s(e.httpClient.post(I.search,Object.assign({},n),{token:t}),(e=>e.consents)),deleteConsents:n=>s(e.httpClient.post(I.delete,Object.assign({},n),{token:t}))}),ee=(e,t)=>({createApplication:n=>s(e.httpClient.post(b.create,Object.assign({},n),{token:t}),(e=>e.app)),updateApplication:n=>s(e.httpClient.post(b.update,{app:n},{token:t}),(e=>e.app)),deleteApplication:n=>s(e.httpClient.post(b.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(`${b.load}/${n}`,{token:t}),(e=>e.app)),loadAllApplications:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.apps)),fetchTokenByScopes:(n,o,a,i,r)=>s(e.httpClient.post(b.fetchTokenByScopes,{appId:n,userId:o,scopes:a,options:i,tenantId:r},{token:t}),(e=>e.token)),fetchToken:(n,o,a,i)=>s(e.httpClient.post(b.fetchToken,{appId:n,userId:o,tenantId:a,options:i},{token:t}),(e=>e.token)),fetchTenantTokenByScopes:(n,o,a,i)=>s(e.httpClient.post(b.fetchTenantTokenByScopes,{appId:n,tenantId:o,scopes:a,options:i},{token:t}),(e=>e.token)),fetchTenantToken:(n,o,a)=>s(e.httpClient.post(b.fetchTenantToken,{appId:n,tenantId:o,options:a},{token:t}),(e=>e.token))});const te=s=>{var r,l,{authManagementKey:p,managementKey:h,publicKey:v}=s,k=e(s,["authManagementKey","managementKey","publicKey"]);const C=t(Object.assign(Object.assign({fetch:d},k),{baseHeaders:Object.assign(Object.assign({},k.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.12"}),hooks:Object.assign(Object.assign({},k.hooks),{beforeRequest:[e=>(p&&(e.token=e.token?`${e.token}:${p}`:p),e)].concat((null===(l=k.hooks)||void 0===l?void 0:l.beforeRequest)||[])})})),{projectId:f,logger:y}=k,I={},b=((e,t)=>({user:D(e,t),project:L(e,t),accessKey:G(e,t),tenant:F(e,t),ssoApplication:_(e,t),inboundApplication:Z(e,t),outboundApplication:ee(e,t),sso:K(e,t),jwt:q(e,t),permission:z(e,t),password:X(e,t),role:$(e,t),group:B(e,t),flow:W(e,t),theme:V(e,t),audit:H(e,t),authz:Q(e,t),fga:Y(e,t)}))(C,h),A=Object.assign(Object.assign({},C),{refresh:async e=>C.refresh(e),management:b,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(I[e.kid])return I[e.kid];if(Object.assign(I,await(async()=>{if(v)try{const e=JSON.parse(v),t=await i(e);return{[e.kid]:t}}catch(e){throw null==y||y.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await C.httpClient.get(`v2/keys/${f}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!I[e.kid])throw Error("failed to fetch matching key");return I[e.kid]},async validateJwt(e){var t;const s=(await o(e,A.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==f))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await A.validateJwt(e)}catch(e){throw null==y||y.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s,n,o,a,i;if(!e)throw Error("refresh token is required to refresh a session");try{await A.validateJwt(e);const r=await A.refresh(e);if(r.ok){const e=m(null===(s=null===(t=r.data)||void 0===t?void 0:t.cookies)||void 0===s?void 0:s.join(";"),"DS")||(null===(n=r.data)||void 0===n?void 0:n.sessionJwt),i=await A.validateJwt(e);return i.cookies=(null===(o=r.data)||void 0===o?void 0:o.cookies)||[],(null===(a=r.data)||void 0===a?void 0:a.refreshJwt)&&(i.refreshJwt=r.data.refreshJwt),i}throw Error(null===(i=r.error)||void 0===i?void 0:i.errorMessage)}catch(e){throw null==y||y.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await A.validateSession(e)}catch(e){null==y||y.log(`session validation failed with error ${e} - trying to refresh it`)}return A.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await A.accessKey.exchange(e,t)}catch(e){throw null==y||y.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==y||y.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=n.data;if(!o)throw null==y||y.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await A.validateJwt(o)}catch(e){throw null==y||y.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>A.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>A.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!u(e,t))return!1;const n=g(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!u(e,t))return[];const n=g(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>A.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>A.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!u(e,t))return!1;const n=g(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!u(e,t))return[];const n=g(e,"roles",t);return s.filter((e=>n.includes(e)))}});return n(A,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],c)};te.RefreshTokenCookieName="DSR",te.SessionTokenCookieName="DS",te.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{te as default};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,createHttpClient as a,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as r,errors as n,importJWK as i}from"jose";import{Headers as d,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=d);const m=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),c=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|[;,]\\s*)${t}=([^;]*)`));return s?s[1]:null},g=t=>async(...s)=>{var a,o,r;const n=await t(...s);if(!n.data)return n;let i=n.data,{refreshJwt:d}=i,l=e(i,["refreshJwt"]);const p=[];var m;return d?p.push(`${"DSR"}=${d}; Domain=${(null==(m=l)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=n.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(d=c(null===(o=n.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(r=n.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},n),{data:Object.assign(Object.assign({},n.data),{refreshJwt:d,cookies:p})})};function u(e,t,s){var a,o;const r=s?null===(o=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(r)?r:[]}function v(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var h={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteBatch:"/v1/mgmt/user/delete/batch",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},f={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},b={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},y={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},I={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},k={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},A={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},S={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps",fetchToken:"/v1/mgmt/outbound/app/user/token/latest",fetchTokenByScopes:"/v1/mgmt/outbound/app/user/token",fetchTenantToken:"/v1/mgmt/outbound/app/tenant/token/latest",fetchTenantTokenByScopes:"/v1/mgmt/outbound/app/tenant/token"},O={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},w={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous",clientAssertion:"/v1/mgmt/token/clientassertion"},T={settings:"/v1/mgmt/password/settings"},j={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},N={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},R={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import",run:"/v1/mgmt/flow/run"},P={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},E={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},M={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},U={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},x={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};function D(t){return t.map((t=>{var{roles:s}=t,a=e(t,["roles"]);return Object.assign(Object.assign({},a),{roleNames:s})}))}const L=e=>({updateName:t=>s(e.post(f.updateName,{name:t})),updateTags:t=>s(e.post(f.updateTags,{tags:t})),clone:(t,a,o)=>s(e.post(f.clone,{name:t,environment:a,tags:o})),listProjects:async()=>s(e.post(f.projectsList,{}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:a})=>({id:e,name:t,environment:s,tags:a}))))),exportSnapshot:()=>s(e.post(f.exportSnapshot,{})),importSnapshot:t=>s(e.post(f.importSnapshot,t)),validateSnapshot:t=>s(e.post(f.validateSnapshot,t)),export:()=>s(e.post(f.exportSnapshot,{}),(e=>e.files)),import:t=>s(e.post(f.importSnapshot,{files:t}))}),C=e=>({create:(t,a,o,r,n)=>s(e.post(y.create,{name:t,selfProvisioningDomains:a,customAttributes:o,enforceSSO:r,disabled:n})),createWithId:(t,a,o,r,n,i)=>s(e.post(y.create,{id:t,name:a,selfProvisioningDomains:o,customAttributes:r,enforceSSO:n,disabled:i})),update:(t,a,o,r,n,i)=>s(e.post(y.update,{id:t,name:a,selfProvisioningDomains:o,customAttributes:r,enforceSSO:n,disabled:i})),delete:(t,a)=>s(e.post(y.delete,{id:t,cascade:a})),load:t=>s(e.get(y.load,{queryParams:{id:t}}),(e=>e)),loadAll:()=>s(e.get(y.loadAll,{}),(e=>e.tenants)),searchAll:(t,a,o,r)=>s(e.post(y.searchAll,{tenantIds:t,tenantNames:a,tenantSelfProvisioningDomains:o,customAttributes:r}),(e=>e.tenants)),getSettings:t=>s(e.get(y.settings,{queryParams:{id:t}}),(e=>e)),configureSettings:(t,a)=>s(e.post(y.settings,Object.assign(Object.assign({},a),{tenantId:t}),{})),generateSSOConfigurationLink:(t,a,o,r,n)=>s(e.post(y.generateSSOConfigurationLink,{tenantId:t,expireTime:a,ssoId:o,email:r,templateId:n},{}),(e=>e))}),F=e=>({update:(t,a,o)=>s(e.post(w.update,{jwt:t,customClaims:a,refreshDuration:o})),impersonate:(t,a,o,r,n,i)=>s(e.post(w.impersonate,{impersonatorId:t,loginId:a,validateConsent:o,customClaims:r,selectedTenant:n,refreshDuration:i})),stopImpersonation:(t,a,o,r)=>s(e.post(w.stopImpersonation,{jwt:t,customClaims:a,selectedTenant:o,refreshDuration:r})),signIn:(t,a)=>s(e.post(w.signIn,Object.assign({loginId:t},a))),signUp:(t,a,o)=>s(e.post(w.signUp,Object.assign({loginId:t,user:a},o))),signUpOrIn:(t,a,o)=>s(e.post(w.signUpOrIn,Object.assign({loginId:t,user:a},o))),anonymous:(t,a,o)=>s(e.post(w.anonymous,{customClaims:t,selectedTenant:a,refreshDuration:o})),generateClientAssertionJwt:(t,a,o,r)=>s(e.post(w.clientAssertion,{issuer:t,subject:a,audience:o,expiresIn:r}))}),q=e=>({create:(t,a)=>s(e.post(j.create,{name:t,description:a})),update:(t,a,o)=>s(e.post(j.update,{name:t,newName:a,description:o})),delete:t=>s(e.post(j.delete,{name:t})),loadAll:()=>s(e.get(j.loadAll,{}),(e=>e.permissions))}),z=e=>({create:(t,a,o,r,n)=>s(e.post(N.create,{name:t,description:a,permissionNames:o,tenantId:r,default:n})),update:(t,a,o,r,n,i)=>s(e.post(N.update,{name:t,newName:a,description:o,permissionNames:r,tenantId:n,default:i})),delete:(t,a)=>s(e.post(N.delete,{name:t,tenantId:a})),loadAll:()=>s(e.get(N.loadAll,{}),(e=>e.roles)),search:t=>s(e.post(N.search,t,{}),(e=>e.roles))}),B=e=>({loadAllGroups:t=>s(e.post(E.loadAllGroups,{tenantId:t})),loadAllGroupsForMember:(t,a,o)=>s(e.post(E.loadAllGroupsForMember,{tenantId:t,loginIds:o,userIds:a})),loadAllGroupMembers:(t,a)=>s(e.post(E.loadAllGroupMembers,{tenantId:t,groupId:a}))});function $(e){var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}const J=e=>({getSettings:t=>s(e.get(O.settings,{queryParams:{tenantId:t}}),(e=>e)),newSettings:(t,a,o)=>s(e.post(O.settingsNew,Object.assign(Object.assign({tenantId:t},a?{ssoId:a}:{}),{displayName:o})),(e=>$(e))),deleteSettings:(t,a)=>s(e.delete(O.settings,{queryParams:Object.assign({tenantId:t},a?{ssoId:a}:{})})),configureSettings:(t,a,o,r,n,i)=>s(e.post(O.settings,{tenantId:t,idpURL:a,entityId:r,idpCert:o,redirectURL:n,domains:i})),configureMetadata:(t,a,o,r)=>s(e.post(O.metadata,{tenantId:t,idpMetadataURL:a,redirectURL:o,domains:r})),configureMapping:(t,a,o)=>s(e.post(O.mapping,{tenantId:t,roleMappings:a,attributeMapping:o})),configureOIDCSettings:(t,a,o,r)=>{const n=Object.assign(Object.assign({},a),{userAttrMapping:a.attributeMapping});return delete n.attributeMapping,s(e.post(O.oidc.configure,Object.assign({tenantId:t,settings:n,domains:o},r?{ssoId:r}:{})))},configureSAMLSettings:(t,a,o,r,n)=>s(e.post(O.saml.configure,Object.assign({tenantId:t,settings:a,redirectUrl:o,domains:r},n?{ssoId:n}:{}))),configureSAMLByMetadata:(t,a,o,r,n)=>s(e.post(O.saml.metadata,Object.assign({tenantId:t,settings:a,redirectUrl:o,domains:r},n?{ssoId:n}:{}))),loadSettings:(t,a)=>s(e.get(O.settingsv2,{queryParams:Object.assign({tenantId:t},a?{ssoId:a}:{})}),(e=>$(e))),loadAllSettings:t=>s(e.get(O.settingsAllV2,{queryParams:{tenantId:t}}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push($(e)))),s}(e)))}),K=e=>({create:(t,a,o,r,n,i,d,l)=>s(e.post(b.create,{name:t,expireTime:a,roleNames:o,keyTenants:r,userId:n,customClaims:i,description:d,permittedIps:l})),load:t=>s(e.get(b.load,{queryParams:{id:t}}),(e=>e.key)),searchAll:t=>s(e.post(b.search,{tenantIds:t}),(e=>e.keys)),update:(t,a,o,r,n,i,d)=>s(e.post(b.update,{id:t,name:a,description:o,roleNames:r,keyTenants:n,customClaims:i,permittedIps:d}),(e=>e.key)),deactivate:t=>s(e.post(b.deactivate,{id:t})),activate:t=>s(e.post(b.activate,{id:t})),delete:t=>s(e.post(b.delete,{id:t}))}),G=e=>({list:()=>s(e.post(R.list,{})),delete:t=>s(e.post(R.delete,{ids:t})),export:t=>s(e.post(R.export,{flowId:t})),import:(t,a,o)=>s(e.post(R.import,{flowId:t,flow:a,screens:o})),run:(t,a)=>s(e.post(R.run,{flowId:t,options:a}),(e=>null==e?void 0:e.output))}),H=e=>({export:()=>s(e.post(P.export,{})),import:t=>s(e.post(P.import,{theme:t}))}),W=e=>({search:t=>{const a=Object.assign(Object.assign({},t),{externalIds:t.loginIds});return delete a.loginIds,s(e.post(M.search,a),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:t=>{const a=Object.assign({},t);return s(e.post(M.createEvent,a))}}),V=e=>({saveSchema:(t,a)=>s(e.post(U.schemaSave,{schema:t,upgrade:a})),deleteSchema:()=>s(e.post(U.schemaDelete,{})),loadSchema:()=>s(e.post(U.schemaLoad,{}),(e=>e.schema)),saveNamespace:(t,a,o)=>s(e.post(U.nsSave,{namespace:t,oldName:a,schemaName:o})),deleteNamespace:(t,a)=>s(e.post(U.nsDelete,{name:t,schemaName:a})),saveRelationDefinition:(t,a,o,r)=>s(e.post(U.rdSave,{relationDefinition:t,namespace:a,oldName:o,schemaName:r})),deleteRelationDefinition:(t,a,o)=>s(e.post(U.rdDelete,{name:t,namespace:a,schemaName:o})),createRelations:t=>s(e.post(U.reCreate,{relations:t})),deleteRelations:t=>s(e.post(U.reDelete,{relations:t})),deleteRelationsForResources:t=>s(e.post(U.reDeleteResources,{resources:t})),deleteResourceRelationsForResources:t=>s(e.post(U.reDeleteResourceRelationsForResources,{resources:t})),deleteRelationsForIds:t=>s(e.post(U.reDeleteResources,{resources:t})),hasRelations:t=>s(e.post(U.hasRelations,{relationQueries:t}),(e=>e.relationQueries)),whoCanAccess:(t,a,o)=>s(e.post(U.who,{resource:t,relationDefinition:a,namespace:o}),(e=>e.targets)),resourceRelations:(t,a=!1)=>s(e.post(U.resource,{resource:t,ignoreTargetSetRelations:a}),(e=>e.relations)),targetsRelations:(t,a=!1)=>s(e.post(U.targets,{targets:t,includeTargetSetRelations:a}),(e=>e.relations)),whatCanTargetAccess:t=>s(e.post(U.targetAll,{target:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(t,a,o)=>s(e.post(U.targetWithRelation,{target:t,relationDefinition:a,namespace:o}),(e=>e.resources.map((e=>({resource:e}))))),getModified:t=>s(e.post(U.getModified,{since:t?t.getTime():0}),(e=>e))}),Q=e=>({createOidcApplication:t=>{var a;return s(e.post(I.oidcCreate,Object.assign(Object.assign({},t),{enabled:null===(a=t.enabled)||void 0===a||a})))},createSamlApplication:t=>{var a;return s(e.post(I.samlCreate,Object.assign(Object.assign({},t),{enabled:null===(a=t.enabled)||void 0===a||a})))},updateOidcApplication:t=>s(e.post(I.oidcUpdate,Object.assign({},t))),updateSamlApplication:t=>s(e.post(I.samlUpdate,Object.assign({},t))),delete:t=>s(e.post(I.delete,{id:t})),load:t=>s(e.get(I.load,{queryParams:{id:t}}),(e=>e)),loadAll:()=>s(e.get(I.loadAll,{}),(e=>e.apps))}),_=e=>({getSettings:t=>s(e.get(T.settings,{queryParams:{tenantId:t}}),(e=>e)),configureSettings:(t,a)=>s(e.post(T.settings,Object.assign(Object.assign({},a),{tenantId:t})))}),X=e=>({saveSchema:t=>s(e.post(x.schema,t)),deleteSchema:()=>s(e.post(U.schemaDelete,{})),createRelations:t=>s(e.post(x.relations,{tuples:t})),deleteRelations:t=>s(e.post(x.deleteRelations,{tuples:t})),check:t=>s(e.post(x.check,{tuples:t}),(e=>e.tuples)),loadResourcesDetails:t=>s(e.post(x.resourcesLoad,{resourceIdentifiers:t}),(e=>e.resourcesDetails)),saveResourcesDetails:t=>s(e.post(x.resourcesSave,{resourcesDetails:t})),deleteAllRelations:()=>s(e.delete(x.relations))}),Y=e=>({createApplication:t=>s(e.post(k.create,Object.assign({},t))),updateApplication:t=>s(e.post(k.update,Object.assign({},t))),patchApplication:t=>s(e.post(k.patch,Object.assign({},t))),deleteApplication:t=>s(e.post(k.delete,{id:t})),loadApplication:t=>s(e.get(k.load,{queryParams:{id:t}}),(e=>e)),loadAllApplications:()=>s(e.get(k.loadAll,{}),(e=>e.apps)),getApplicationSecret:t=>s(e.get(k.secret,{queryParams:{id:t}}),(e=>e)),rotateApplicationSecret:t=>s(e.post(k.rotate,{id:t})),searchConsents:t=>s(e.post(A.search,Object.assign({},t)),(e=>e.consents)),deleteConsents:t=>s(e.post(A.delete,Object.assign({},t)))}),Z=e=>({createApplication:t=>s(e.post(S.create,Object.assign({},t)),(e=>e.app)),updateApplication:t=>s(e.post(S.update,{app:t}),(e=>e.app)),deleteApplication:t=>s(e.post(S.delete,{id:t})),loadApplication:t=>s(e.get(`${S.load}/${t}`),(e=>e.app)),loadAllApplications:()=>s(e.get(S.loadAll,{}),(e=>e.apps)),fetchTokenByScopes:(t,a,o,r,n)=>s(e.post(S.fetchTokenByScopes,{appId:t,userId:a,scopes:o,options:r,tenantId:n}),(e=>e.token)),fetchToken:(t,a,o,r)=>s(e.post(S.fetchToken,{appId:t,userId:a,tenantId:o,options:r}),(e=>e.token)),fetchTenantTokenByScopes:(t,a,o,r)=>s(e.post(S.fetchTenantTokenByScopes,{appId:t,tenantId:a,scopes:o,options:r}),(e=>e.token)),fetchTenantToken:(t,a,o)=>s(e.post(S.fetchTenantToken,{appId:t,tenantId:a,options:o}),(e=>e.token))});const ee=d=>{var l,p,f,{authManagementKey:b,managementKey:y,publicKey:I}=d,k=e(d,["authManagementKey","managementKey","publicKey"]);const A={"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(l=null===process||void 0===process?void 0:process.versions)||void 0===l?void 0:l.node)||"","x-descope-sdk-version":"1.7.14"},S=Object.assign(Object.assign({fetch:m},k),{baseHeaders:Object.assign(Object.assign({},k.baseHeaders),A),hooks:Object.assign(Object.assign({},k.hooks),{beforeRequest:[e=>(b&&(e.token=e.token?`${e.token}:${b}`:b),e)].concat((null===(p=k.hooks)||void 0===p?void 0:p.beforeRequest)||[])})}),O=t(S),{projectId:w,logger:T}=k,j={},N=Object.assign(Object.assign({fetch:m},k),{baseConfig:{baseHeaders:Object.assign(Object.assign({},k.baseHeaders),A)},hooks:Object.assign(Object.assign({},k.hooks),{beforeRequest:[e=>(e.token=y,e)].concat((null===(f=k.hooks)||void 0===f?void 0:f.beforeRequest)||[])})}),R=a(N),P={user:(M=E=R,{create:function(e,t,a,o,r,n,i,d,l,p,m,c,g,u){const v="string"==typeof t?{loginId:e,email:t,phone:a,displayName:o,givenName:m,middleName:c,familyName:g,roleNames:r,userTenants:n,customAttributes:i,picture:d,verifiedEmail:l,verifiedPhone:p,additionalLoginIds:u}:Object.assign(Object.assign({loginId:e},t),{roleNames:null==t?void 0:t.roles,roles:void 0});return s(M.post(h.create,v),(e=>e.user))},createTestUser:function(e,t,a,o,r,n,i,d,l,p,m,c,g,u){const v="string"==typeof t?{loginId:e,email:t,phone:a,displayName:o,givenName:m,middleName:c,familyName:g,roleNames:r,userTenants:n,customAttributes:i,picture:d,verifiedEmail:l,verifiedPhone:p,additionalLoginIds:u,test:!0}:Object.assign(Object.assign({loginId:e},t),{roleNames:null==t?void 0:t.roles,roles:void 0,test:!0});return s(M.post(h.createTestUser,v),(e=>e.user))},invite:function(e,t,a,o,r,n,i,d,l,p,m,c,g,u,v,f,b,y){const I="string"==typeof t?{loginId:e,email:t,phone:a,displayName:o,givenName:u,middleName:v,familyName:f,roleNames:r,userTenants:n,invite:!0,customAttributes:i,picture:d,verifiedEmail:l,verifiedPhone:p,inviteUrl:m,sendMail:c,sendSMS:g,additionalLoginIds:b,templateId:y}:Object.assign(Object.assign({loginId:e},t),{roleNames:null==t?void 0:t.roles,roles:void 0,invite:!0});return s(M.post(h.create,I),(e=>e.user))},inviteBatch:(e,t,a,o,r,n)=>s(M.post(h.createBatch,{users:D(e),invite:!0,inviteUrl:t,sendMail:a,sendSMS:o,templateOptions:r,templateId:n}),(e=>e)),createBatch:e=>s(M.post(h.createBatch,{users:D(e)}),(e=>e)),deleteBatch:e=>s(M.post(h.deleteBatch,{userIds:e})),update:function(e,t,a,o,r,n,i,d,l,p,m,c,g,u){const v="string"==typeof t?{loginId:e,email:t,phone:a,displayName:o,givenName:m,middleName:c,familyName:g,roleNames:r,userTenants:n,customAttributes:i,picture:d,verifiedEmail:l,verifiedPhone:p,additionalLoginIds:u}:Object.assign(Object.assign({loginId:e},t),{roleNames:null==t?void 0:t.roles,roles:void 0});return s(M.post(h.update,v),(e=>e.user))},patch:function(e,t){const a={loginId:e};return void 0!==t.email&&(a.email=t.email),void 0!==t.phone&&(a.phone=t.phone),void 0!==t.displayName&&(a.displayName=t.displayName),void 0!==t.givenName&&(a.givenName=t.givenName),void 0!==t.middleName&&(a.middleName=t.middleName),void 0!==t.familyName&&(a.familyName=t.familyName),void 0!==t.roles&&(a.roleNames=t.roles),void 0!==t.userTenants&&(a.userTenants=t.userTenants),void 0!==t.customAttributes&&(a.customAttributes=t.customAttributes),void 0!==t.picture&&(a.picture=t.picture),void 0!==t.verifiedEmail&&(a.verifiedEmail=t.verifiedEmail),void 0!==t.verifiedPhone&&(a.verifiedPhone=t.verifiedPhone),void 0!==t.ssoAppIds&&(a.ssoAppIds=t.ssoAppIds),void 0!==t.scim&&(a.scim=t.scim),s(M.patch(h.patch,a),(e=>e.user))},delete:e=>s(M.post(h.delete,{loginId:e})),deleteByUserId:e=>s(M.post(h.delete,{userId:e})),deleteAllTestUsers:()=>s(M.delete(h.deleteAllTestUsers)),load:e=>s(M.get(h.load,{queryParams:{loginId:e}}),(e=>e.user)),loadByUserId:e=>s(M.get(h.load,{queryParams:{userId:e}}),(e=>e.user)),logoutUser:e=>s(M.post(h.logout,{loginId:e})),logoutUserByUserId:e=>s(M.post(h.logout,{userId:e})),searchAll:(e,t,a,o,r,n,i,d,l,p)=>s(M.post(h.search,{tenantIds:e,roleNames:t,limit:a,page:o,testUsersOnly:r,withTestUser:n,customAttributes:i,statuses:d,emails:l,phones:p}),(e=>e.users)),searchTestUsers:e=>s(M.post(h.searchTestUsers,Object.assign(Object.assign({},e),{withTestUser:!0,testUsersOnly:!0,roleNames:e.roles,roles:void 0})),(e=>e.users)),search:e=>s(M.post(h.search,Object.assign(Object.assign({},e),{roleNames:e.roles,roles:void 0})),(e=>e.users)),getProviderToken:(e,t,a)=>s(M.get(h.getProviderToken,{queryParams:{loginId:e,provider:t,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"}}),(e=>e)),activate:e=>s(M.post(h.updateStatus,{loginId:e,status:"enabled"}),(e=>e.user)),deactivate:e=>s(M.post(h.updateStatus,{loginId:e,status:"disabled"}),(e=>e.user)),updateLoginId:(e,t)=>s(M.post(h.updateLoginId,{loginId:e,newLoginId:t}),(e=>e.user)),updateEmail:(e,t,a)=>s(M.post(h.updateEmail,{loginId:e,email:t,verified:a}),(e=>e.user)),updatePhone:(e,t,a)=>s(M.post(h.updatePhone,{loginId:e,phone:t,verified:a}),(e=>e.user)),updateDisplayName:(e,t,a,o,r)=>s(M.post(h.updateDisplayName,{loginId:e,displayName:t,givenName:a,middleName:o,familyName:r}),(e=>e.user)),updatePicture:(e,t)=>s(M.post(h.updatePicture,{loginId:e,picture:t}),(e=>e.user)),updateCustomAttribute:(e,t,a)=>s(M.post(h.updateCustomAttribute,{loginId:e,attributeKey:t,attributeValue:a}),(e=>e.user)),setRoles:(e,t)=>s(M.post(h.setRole,{loginId:e,roleNames:t}),(e=>e.user)),addRoles:(e,t)=>s(M.post(h.addRole,{loginId:e,roleNames:t}),(e=>e.user)),removeRoles:(e,t)=>s(M.post(h.removeRole,{loginId:e,roleNames:t}),(e=>e.user)),addTenant:(e,t)=>s(M.post(h.addTenant,{loginId:e,tenantId:t}),(e=>e.user)),removeTenant:(e,t)=>s(M.post(h.removeTenant,{loginId:e,tenantId:t}),(e=>e.user)),setTenantRoles:(e,t,a)=>s(M.post(h.setRole,{loginId:e,tenantId:t,roleNames:a}),(e=>e.user)),addTenantRoles:(e,t,a)=>s(M.post(h.addRole,{loginId:e,tenantId:t,roleNames:a}),(e=>e.user)),removeTenantRoles:(e,t,a)=>s(M.post(h.removeRole,{loginId:e,tenantId:t,roleNames:a}),(e=>e.user)),addSSOapps:(e,t)=>s(M.post(h.addSSOApps,{loginId:e,ssoAppIds:t}),(e=>e.user)),setSSOapps:(e,t)=>s(M.post(h.setSSOApps,{loginId:e,ssoAppIds:t}),(e=>e.user)),removeSSOapps:(e,t)=>s(M.post(h.removeSSOApps,{loginId:e,ssoAppIds:t}),(e=>e.user)),generateOTPForTestUser:(e,t,a)=>s(M.post(h.generateOTPForTest,{deliveryMethod:e,loginId:t,loginOptions:a}),(e=>e)),generateMagicLinkForTestUser:(e,t,a,o)=>s(M.post(h.generateMagicLinkForTest,{deliveryMethod:e,loginId:t,URI:a,loginOptions:o}),(e=>e)),generateEnchantedLinkForTestUser:(e,t,a)=>s(M.post(h.generateEnchantedLinkForTest,{loginId:e,URI:t,loginOptions:a}),(e=>e)),generateEmbeddedLink:(e,t,a)=>s(M.post(h.generateEmbeddedLink,{loginId:e,customClaims:t,timeout:a}),(e=>e)),generateSignUpEmbeddedLink:(e,t,a,o,r,n)=>s(M.post(h.generateSignUpEmbeddedLink,{loginId:e,user:t,emailVerified:a,phoneVerified:o,loginOptions:r,timeout:n}),(e=>e)),setTemporaryPassword:(e,t)=>s(M.post(h.setTemporaryPassword,{loginId:e,password:t}),(e=>e)),setActivePassword:(e,t)=>s(M.post(h.setActivePassword,{loginId:e,password:t}),(e=>e)),setPassword:(e,t)=>s(M.post(h.setPassword,{loginId:e,password:t}),(e=>e)),expirePassword:e=>s(M.post(h.expirePassword,{loginId:e}),(e=>e)),removeAllPasskeys:e=>s(M.post(h.removeAllPasskeys,{loginId:e}),(e=>e)),removeTOTPSeed:e=>s(M.post(h.removeTOTPSeed,{loginId:e}),(e=>e)),history:e=>s(M.post(h.history,e),(e=>e))}),project:L(E),accessKey:K(E),tenant:C(E),ssoApplication:Q(E),inboundApplication:Y(E),outboundApplication:Z(E),sso:J(E),jwt:F(E),permission:q(E),password:_(E),role:z(E),group:B(E),flow:G(E),theme:H(E),audit:W(E),authz:V(E),fga:X(E)};var E,M;const U=Object.assign(Object.assign({},O),{refresh:async(e,t)=>O.refresh(e,void 0,t),management:P,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(j[e.kid])return j[e.kid];if(Object.assign(j,await(async()=>{if(I)try{const e=JSON.parse(I),t=await i(e);return{[e.kid]:t}}catch(e){throw null==T||T.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await O.httpClient.get(`v2/keys/${w}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!j[e.kid])throw Error("failed to fetch matching key");return j[e.kid]},async validateJwt(e){var t;const s=(await r(e,U.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==w))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await U.validateJwt(e)}catch(e){throw null==T||T.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s,a,o,r,n;if(!e)throw Error("refresh token is required to refresh a session");try{await U.validateJwt(e);const i=await U.refresh(e);if(i.ok){const e=c(null===(s=null===(t=i.data)||void 0===t?void 0:t.cookies)||void 0===s?void 0:s.join(";"),"DS")||(null===(a=i.data)||void 0===a?void 0:a.sessionJwt),n=await U.validateJwt(e);return n.cookies=(null===(o=i.data)||void 0===o?void 0:o.cookies)||[],(null===(r=i.data)||void 0===r?void 0:r.refreshJwt)&&(n.refreshJwt=i.data.refreshJwt),n}throw Error(null===(n=i.error)||void 0===n?void 0:n.errorMessage)}catch(e){throw null==T||T.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await U.validateSession(e)}catch(e){null==T||T.log(`session validation failed with error ${e} - trying to refresh it`)}return U.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let a;try{a=await U.accessKey.exchange(e,t)}catch(e){throw null==T||T.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!a.ok)throw null==T||T.error("failed to exchange access key",a.error),Error(`could not exchange access key - ${null===(s=a.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=a.data;if(!o)throw null==T||T.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await U.validateJwt(o)}catch(e){throw null==T||T.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>U.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>U.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!v(e,t))return!1;const a=u(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!v(e,t))return[];const a=u(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>U.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>U.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!v(e,t))return!1;const a=u(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!v(e,t))return[];const a=u(e,"roles",t);return s.filter((e=>a.includes(e)))}});return o(U,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],g)};ee.RefreshTokenCookieName="DSR",ee.SessionTokenCookieName="DS",ee.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{ee as default};
2
2
  //# sourceMappingURL=index.esm.js.map