@descope/node-sdk 1.7.2 → 1.7.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +36 -0
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +73 -13
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +3 -3
package/dist/index.d.ts CHANGED
@@ -161,6 +161,8 @@ declare type Tenant = {
161
161
  customAttributes?: Record<string, string | number | boolean>;
162
162
  domains?: string[];
163
163
  authType?: 'none' | 'saml' | 'oidc';
164
+ forceSSO?: boolean;
165
+ disabled?: boolean;
164
166
  };
165
167
  /** Represents settings of a tenant in a project. It has an id, a name and an array of
166
168
  * self provisioning domains used to associate users with that tenant.
@@ -260,6 +262,7 @@ declare type RoleSearchOptions = {
260
262
  roleNames?: string[];
261
263
  roleNameLike?: string;
262
264
  permissionNames?: string[];
265
+ includeProjectRoles?: boolean;
263
266
  };
264
267
  /** Represents a group in a project. It has an id and display name and a list of group members. */
265
268
  declare type Group = {
@@ -343,6 +346,7 @@ declare type User = {
343
346
  password?: string;
344
347
  hashedPassword?: UserPasswordHashed;
345
348
  seed?: string;
349
+ status?: UserStatus;
346
350
  };
347
351
  declare type UserPasswordHashed = {
348
352
  bcrypt?: UserPasswordBcrypt;
@@ -420,6 +424,7 @@ declare type SSOSAMLSettingsResponse = {
420
424
  spCertificate: string;
421
425
  attributeMapping: AttributeMapping;
422
426
  groupsMapping: RoleMappings;
427
+ defaultSSORoles: string[];
423
428
  redirectUrl: string;
424
429
  };
425
430
  declare type SSOSettings = {
@@ -466,6 +471,7 @@ declare type SSOSAMLSettings = {
466
471
  entityId: string;
467
472
  roleMappings?: RoleMappings;
468
473
  attributeMapping?: AttributeMapping;
474
+ defaultSSORoles?: string[];
469
475
  spACSUrl?: string;
470
476
  spEntityId?: string;
471
477
  };
@@ -473,6 +479,7 @@ declare type SSOSAMLByMetadataSettings = {
473
479
  idpMetadataUrl: string;
474
480
  roleMappings?: RoleMappings;
475
481
  attributeMapping?: AttributeMapping;
482
+ defaultSSORoles?: string[];
476
483
  spACSUrl?: string;
477
484
  spEntityId?: string;
478
485
  };
@@ -707,11 +714,22 @@ declare type CheckResponseRelation = {
707
714
  allowed: boolean;
708
715
  tuple: FGARelation;
709
716
  };
717
+ interface FGAResourceIdentifier {
718
+ resourceId: string;
719
+ resourceType: string;
720
+ }
721
+ interface FGAResourceDetails {
722
+ resourceId: string;
723
+ resourceType: string;
724
+ displayName: string;
725
+ }
710
726
  declare type MgmtLoginOptions = Omit<LoginOptions, 'templateId' | 'templateOptions'> & {
711
727
  jwt?: string;
728
+ refreshDuration?: number;
712
729
  };
713
730
  declare type MgmtSignUpOptions = {
714
731
  customClaims?: Record<string, any>;
732
+ refreshDuration?: number;
715
733
  };
716
734
  interface UserOptions {
717
735
  email?: string;
@@ -747,6 +765,7 @@ interface PatchUserOptions {
747
765
  middleName?: string;
748
766
  familyName?: string;
749
767
  ssoAppIds?: string[];
768
+ scim?: boolean;
750
769
  }
751
770
 
752
771
  /** Configuration arguments which include the Descope core SDK args and an optional management key */
@@ -895,19 +914,15 @@ declare const nodeSdk: {
895
914
  delete: (id: string) => Promise<SdkResponse<never>>;
896
915
  };
897
916
  tenant: {
898
- create: (name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<CreateTenantResponse>>;
899
- createWithId: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<never>>;
900
- update: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<never>>;
917
+ create: (name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean) => Promise<SdkResponse<CreateTenantResponse>>;
918
+ createWithId: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean) => Promise<SdkResponse<never>>;
919
+ update: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean) => Promise<SdkResponse<never>>;
901
920
  delete: (id: string, cascade?: boolean) => Promise<SdkResponse<never>>;
902
921
  load: (id: string) => Promise<SdkResponse<Tenant>>;
903
922
  loadAll: () => Promise<SdkResponse<Tenant[]>>;
904
923
  searchAll: (ids?: string[], names?: string[], selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<Tenant[]>>;
905
924
  getSettings: (tenantId: string) => Promise<SdkResponse<TenantSettings>>;
906
- configureSettings: (tenantId: string, settings: TenantSettings) => Promise<SdkResponse<never>>; /**
907
- * Validate the given JWT with the right key and make sure the issuer is correct
908
- * @param jwt the JWT string to parse and validate
909
- * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.
910
- */
925
+ configureSettings: (tenantId: string, settings: TenantSettings) => Promise<SdkResponse<never>>;
911
926
  generateSSOConfigurationLink: (tenantId: string, expireDuration: number, ssoId?: string, email?: string, templateId?: string) => Promise<SdkResponse<GenerateSSOConfigurationLinkResponse>>;
912
927
  };
913
928
  ssoApplication: {
@@ -938,11 +953,12 @@ declare const nodeSdk: {
938
953
  };
939
954
  jwt: {
940
955
  update: (jwt: string, customClaims?: Record<string, any>, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
941
- impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean, customClaims?: Record<string, any>, selectedTenant?: string) => Promise<SdkResponse<UpdateJWTResponse>>;
956
+ impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean, customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
957
+ stopImpersonation: (jwt: string, customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
942
958
  signIn: (loginId: string, loginOptions?: MgmtLoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
943
959
  signUp: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
944
960
  signUpOrIn: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
945
- anonymous: (customClaims?: Record<string, any>, selectedTenant?: string) => Promise<SdkResponse<{
961
+ anonymous: (customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<{
946
962
  refreshJwt?: string;
947
963
  cookieDomain?: string;
948
964
  cookieMaxAge?: number;
@@ -999,10 +1015,12 @@ declare const nodeSdk: {
999
1015
  createRelations: (relations: AuthzRelation[]) => Promise<SdkResponse<never>>;
1000
1016
  deleteRelations: (relations: AuthzRelation[]) => Promise<SdkResponse<never>>;
1001
1017
  deleteRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
1018
+ deleteResourceRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
1019
+ deleteRelationsForIds: (ids: string[]) => Promise<SdkResponse<never>>;
1002
1020
  hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>;
1003
1021
  whoCanAccess: (resource: string, relationDefinition: string, namespace: string) => Promise<SdkResponse<string[]>>;
1004
- resourceRelations: (resource: string) => Promise<SdkResponse<AuthzRelation[]>>;
1005
- targetsRelations: (targets: string[]) => Promise<SdkResponse<AuthzRelation[]>>;
1022
+ resourceRelations: (resource: string, ignoreTargetSetRelations?: boolean) => Promise<SdkResponse<AuthzRelation[]>>;
1023
+ targetsRelations: (targets: string[], includeTargetSetRelations?: boolean) => Promise<SdkResponse<AuthzRelation[]>>;
1006
1024
  whatCanTargetAccess: (target: string) => Promise<SdkResponse<AuthzRelation[]>>;
1007
1025
  whatCanTargetAccessWithRelation: (target: string, relationDefinition: string, namespace: string) => Promise<SdkResponse<AuthzResource[]>>;
1008
1026
  getModified: (since: Date) => Promise<SdkResponse<AuthzModified>>;
@@ -1013,6 +1031,9 @@ declare const nodeSdk: {
1013
1031
  createRelations: (relations: FGARelation[]) => Promise<SdkResponse<never>>;
1014
1032
  deleteRelations: (relations: FGARelation[]) => Promise<SdkResponse<never>>;
1015
1033
  check: (relations: FGARelation[]) => Promise<SdkResponse<CheckResponseRelation[]>>;
1034
+ loadResourcesDetails: (resourceIdentifiers: FGAResourceIdentifier[]) => Promise<SdkResponse<FGAResourceDetails[]>>;
1035
+ saveResourcesDetails: (resourcesDetails: FGAResourceDetails[]) => Promise<SdkResponse<never>>;
1036
+ deleteAllRelations: () => Promise<SdkResponse<never>>;
1016
1037
  };
1017
1038
  };
1018
1039
  getKey: (header: JWTHeaderParameters) => Promise<KeyLike | Uint8Array>;
@@ -1152,6 +1173,8 @@ declare const nodeSdk: {
1152
1173
  templateOptions?: {
1153
1174
  [x: string]: string;
1154
1175
  };
1176
+ templateId?: string;
1177
+ providerId?: string;
1155
1178
  }) => Promise<SdkResponse<{
1156
1179
  maskedEmail: string;
1157
1180
  }>>;
@@ -1162,6 +1185,8 @@ declare const nodeSdk: {
1162
1185
  templateOptions?: {
1163
1186
  [x: string]: string;
1164
1187
  };
1188
+ templateId?: string;
1189
+ providerId?: string;
1165
1190
  }) => Promise<SdkResponse<{
1166
1191
  maskedPhone: string;
1167
1192
  }>>;
@@ -1171,6 +1196,8 @@ declare const nodeSdk: {
1171
1196
  templateOptions?: {
1172
1197
  [x: string]: string;
1173
1198
  };
1199
+ templateId?: string;
1200
+ providerId?: string;
1174
1201
  }) => Promise<SdkResponse<{
1175
1202
  maskedPhone: string;
1176
1203
  }>>;
@@ -1180,6 +1207,8 @@ declare const nodeSdk: {
1180
1207
  templateOptions?: {
1181
1208
  [x: string]: string;
1182
1209
  };
1210
+ templateId?: string;
1211
+ providerId?: string;
1183
1212
  }) => Promise<SdkResponse<{
1184
1213
  maskedPhone: string;
1185
1214
  }>>;
@@ -1316,6 +1345,8 @@ declare const nodeSdk: {
1316
1345
  templateOptions?: {
1317
1346
  [x: string]: string;
1318
1347
  };
1348
+ templateId?: string;
1349
+ providerId?: string;
1319
1350
  }) => Promise<SdkResponse<{
1320
1351
  maskedEmail: string;
1321
1352
  }>>;
@@ -1326,6 +1357,8 @@ declare const nodeSdk: {
1326
1357
  templateOptions?: {
1327
1358
  [x: string]: string;
1328
1359
  };
1360
+ templateId?: string;
1361
+ providerId?: string;
1329
1362
  }) => Promise<SdkResponse<{
1330
1363
  maskedPhone: string;
1331
1364
  }>>;
@@ -1335,6 +1368,8 @@ declare const nodeSdk: {
1335
1368
  templateOptions?: {
1336
1369
  [x: string]: string;
1337
1370
  };
1371
+ templateId?: string;
1372
+ providerId?: string;
1338
1373
  }) => Promise<SdkResponse<{
1339
1374
  maskedPhone: string;
1340
1375
  }>>;
@@ -1344,6 +1379,8 @@ declare const nodeSdk: {
1344
1379
  templateOptions?: {
1345
1380
  [x: string]: string;
1346
1381
  };
1382
+ templateId?: string;
1383
+ providerId?: string;
1347
1384
  }) => Promise<SdkResponse<{
1348
1385
  maskedPhone: string;
1349
1386
  }>>;
@@ -1391,6 +1428,8 @@ declare const nodeSdk: {
1391
1428
  templateOptions?: {
1392
1429
  [x: string]: string;
1393
1430
  };
1431
+ templateId?: string;
1432
+ providerId?: string;
1394
1433
  }) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
1395
1434
  };
1396
1435
  };
@@ -1412,6 +1451,19 @@ declare const nodeSdk: {
1412
1451
  }>>;
1413
1452
  startNative: (provider: string, loginOptions?: _descope_core_js_sdk.LoginOptions, implicit?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
1414
1453
  finishNative: (provider: string, stateId: string, user?: string, code?: string, idToken?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
1454
+ getOneTapClientId: (provider: string) => Promise<SdkResponse<{
1455
+ clientId: string;
1456
+ }>>;
1457
+ verifyOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<{
1458
+ code: string;
1459
+ }>>;
1460
+ exchangeOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1461
+ };
1462
+ outbound: {
1463
+ connect: (appId: string, options?: {
1464
+ redirectURL?: string;
1465
+ scopes?: string[];
1466
+ }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1415
1467
  };
1416
1468
  saml: {
1417
1469
  start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
@@ -1506,7 +1558,7 @@ declare const nodeSdk: {
1506
1558
  }>>;
1507
1559
  };
1508
1560
  update: {
1509
- start: (loginId: string, origin: string, token: string, passkeyOptions?: _descope_core_js_sdk.PasskeyOptions) => Promise<SdkResponse<{
1561
+ start: (loginId: string, origin: string, token?: string, passkeyOptions?: _descope_core_js_sdk.PasskeyOptions) => Promise<SdkResponse<{
1510
1562
  transactionId: string;
1511
1563
  options: string;
1512
1564
  create: boolean;
@@ -1586,6 +1638,8 @@ declare const nodeSdk: {
1586
1638
  };
1587
1639
  thirdPartyAppStateId?: string;
1588
1640
  applicationScopes?: string;
1641
+ outboundAppId?: string;
1642
+ outboundAppScopes?: string[];
1589
1643
  }, conditionInteractionId?: string, interactionId?: string, componentsVersion?: string, flowVersions?: Record<string, number>, input?: {
1590
1644
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
1591
1645
  }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
@@ -1618,6 +1672,12 @@ declare const nodeSdk: {
1618
1672
  };
1619
1673
  token?: string;
1620
1674
  }) => Promise<Response>;
1675
+ /**
1676
+ * Retrieves the roles from JWT top level claims that match the specified roles list
1677
+ * @param authInfo JWT parsed info containing the roles
1678
+ * @param roles List of roles to match against the JWT claims
1679
+ * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1680
+ */
1621
1681
  post: (path: string, body?: any, config?: {
1622
1682
  headers?: HeadersInit;
1623
1683
  queryParams?: {
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as n}from"@descope/core-js-sdk";import{jwtVerify as a,errors as o,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var d;null!==(d=globalThis.Headers)&&void 0!==d||(globalThis.Headers=r);const p=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=t=>async(...s)=>{var n,a,o;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"),"DSR"),p.push(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function g(e,t,s){var n,a;const o=s?null===(a=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===a?void 0:a[t]:e.token[t];return Array.isArray(o)?o:[]}function c(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},h={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},C={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},y={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},I={settings:"/v1/mgmt/password/settings"},b={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},w={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},A={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},O={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},S={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},T={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},j={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},N={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check"};const P=(e,t)=>({create:function(n,a,o,i,r,l,d,p,m,g,c,h,v,k){const C="string"==typeof a?{loginId:n,email:a,phone:o,displayName:i,givenName:c,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},a),{roleNames:null==a?void 0:a.roles,roles:void 0});return s(e.httpClient.post(u.create,C,{token:t}),(e=>e.user))},createTestUser:function(n,a,o,i,r,l,d,p,m,g,c,h,v,k){const C="string"==typeof a?{loginId:n,email:a,phone:o,displayName:i,givenName:c,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:n},a),{roleNames:null==a?void 0:a.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.createTestUser,C,{token:t}),(e=>e.user))},invite:function(n,a,o,i,r,l,d,p,m,g,c,h,v,k,C,f,y,I){const b="string"==typeof a?{loginId:n,email:a,phone:o,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,inviteUrl:c,sendMail:h,sendSMS:v,additionalLoginIds:y,templateId:I}:Object.assign(Object.assign({loginId:n},a),{roleNames:null==a?void 0:a.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,b,{token:t}),(e=>e.user))},inviteBatch:(n,a,o,i,r,l)=>s(e.httpClient.post(u.createBatch,{users:n.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:a,sendMail:o,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(n,a,o,i,r,l,d,p,m,g,c,h,v,k){const C="string"==typeof a?{loginId:n,email:a,phone:o,displayName:i,givenName:c,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:g,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},a),{roleNames:null==a?void 0:a.roles,roles:void 0});return s(e.httpClient.post(u.update,C,{token:t}),(e=>e.user))},patch:function(n,a){const o={loginId:n};return void 0!==a.email&&(o.email=a.email),void 0!==a.phone&&(o.phone=a.phone),void 0!==a.displayName&&(o.displayName=a.displayName),void 0!==a.givenName&&(o.givenName=a.givenName),void 0!==a.middleName&&(o.middleName=a.middleName),void 0!==a.familyName&&(o.familyName=a.familyName),void 0!==a.roles&&(o.roleNames=a.roles),void 0!==a.userTenants&&(o.userTenants=a.userTenants),void 0!==a.customAttributes&&(o.customAttributes=a.customAttributes),void 0!==a.picture&&(o.picture=a.picture),void 0!==a.verifiedEmail&&(o.verifiedEmail=a.verifiedEmail),void 0!==a.verifiedPhone&&(o.verifiedPhone=a.verifiedPhone),void 0!==a.ssoAppIds&&(o.ssoAppIds=a.ssoAppIds),s(e.httpClient.patch(u.patch,o,{token:t}),(e=>e.user))},delete:n=>s(e.httpClient.post(u.delete,{loginId:n},{token:t})),deleteByUserId:n=>s(e.httpClient.post(u.delete,{userId:n},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:n=>s(e.httpClient.get(u.load,{queryParams:{loginId:n},token:t}),(e=>e.user)),loadByUserId:n=>s(e.httpClient.get(u.load,{queryParams:{userId:n},token:t}),(e=>e.user)),logoutUser:n=>s(e.httpClient.post(u.logout,{loginId:n},{token:t})),logoutUserByUserId:n=>s(e.httpClient.post(u.logout,{userId:n},{token:t})),searchAll:(n,a,o,i,r,l,d,p,m,g)=>s(e.httpClient.post(u.search,{tenantIds:n,roleNames:a,limit:o,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:g},{token:t}),(e=>e.users)),searchTestUsers:n=>s(e.httpClient.post(u.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),search:n=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(n,a,o)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:n,provider:a,withRefreshToken:(null==o?void 0:o.withRefreshToken)?"true":"false",forceRefresh:(null==o?void 0:o.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"enabled"},{token:t}),(e=>e.user)),deactivate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(n,a)=>s(e.httpClient.post(u.updateLoginId,{loginId:n,newLoginId:a},{token:t}),(e=>e.user)),updateEmail:(n,a,o)=>s(e.httpClient.post(u.updateEmail,{loginId:n,email:a,verified:o},{token:t}),(e=>e.user)),updatePhone:(n,a,o)=>s(e.httpClient.post(u.updatePhone,{loginId:n,phone:a,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(n,a,o,i,r)=>s(e.httpClient.post(u.updateDisplayName,{loginId:n,displayName:a,givenName:o,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(n,a)=>s(e.httpClient.post(u.updatePicture,{loginId:n,picture:a},{token:t}),(e=>e.user)),updateCustomAttribute:(n,a,o)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:n,attributeKey:a,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(n,a)=>s(e.httpClient.post(u.setRole,{loginId:n,roleNames:a},{token:t}),(e=>e.user)),addRoles:(n,a)=>s(e.httpClient.post(u.addRole,{loginId:n,roleNames:a},{token:t}),(e=>e.user)),removeRoles:(n,a)=>s(e.httpClient.post(u.removeRole,{loginId:n,roleNames:a},{token:t}),(e=>e.user)),addTenant:(n,a)=>s(e.httpClient.post(u.addTenant,{loginId:n,tenantId:a},{token:t}),(e=>e.user)),removeTenant:(n,a)=>s(e.httpClient.post(u.removeTenant,{loginId:n,tenantId:a},{token:t}),(e=>e.user)),setTenantRoles:(n,a,o)=>s(e.httpClient.post(u.setRole,{loginId:n,tenantId:a,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(n,a,o)=>s(e.httpClient.post(u.addRole,{loginId:n,tenantId:a,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(n,a,o)=>s(e.httpClient.post(u.removeRole,{loginId:n,tenantId:a,roleNames:o},{token:t}),(e=>e.user)),addSSOapps:(n,a)=>s(e.httpClient.post(u.addSSOApps,{loginId:n,ssoAppIds:a},{token:t}),(e=>e.user)),setSSOapps:(n,a)=>s(e.httpClient.post(u.setSSOApps,{loginId:n,ssoAppIds:a},{token:t}),(e=>e.user)),removeSSOapps:(n,a)=>s(e.httpClient.post(u.removeSSOApps,{loginId:n,ssoAppIds:a},{token:t}),(e=>e.user)),generateOTPForTestUser:(n,a,o)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:n,loginId:a,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(n,a,o,i)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:n,loginId:a,URI:o,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(n,a,o)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:n,URI:a,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(n,a)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:n,customClaims:a},{token:t}),(e=>e)),setTemporaryPassword:(n,a)=>s(e.httpClient.post(u.setTemporaryPassword,{loginId:n,password:a},{token:t}),(e=>e)),setActivePassword:(n,a)=>s(e.httpClient.post(u.setActivePassword,{loginId:n,password:a},{token:t}),(e=>e)),setPassword:(n,a)=>s(e.httpClient.post(u.setPassword,{loginId:n,password:a},{token:t}),(e=>e)),expirePassword:n=>s(e.httpClient.post(u.expirePassword,{loginId:n},{token:t}),(e=>e)),removeAllPasskeys:n=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:n},{token:t}),(e=>e)),removeTOTPSeed:n=>s(e.httpClient.post(u.removeTOTPSeed,{loginId:n},{token:t}),(e=>e)),history:n=>s(e.httpClient.post(u.history,n,{token:t}),(e=>e))}),R=(e,t)=>({updateName:n=>s(e.httpClient.post(h.updateName,{name:n},{token:t})),updateTags:n=>s(e.httpClient.post(h.updateTags,{tags:n},{token:t})),clone:(n,a,o)=>s(e.httpClient.post(h.clone,{name:n,environment:a,tags:o},{token:t})),listProjects:async()=>s(e.httpClient.post(h.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t})),importSnapshot:n=>s(e.httpClient.post(h.importSnapshot,n,{token:t})),validateSnapshot:n=>s(e.httpClient.post(h.validateSnapshot,n,{token:t})),export:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t}),(e=>e.files)),import:n=>s(e.httpClient.post(h.importSnapshot,{files:n},{token:t}))}),E=(e,t)=>({create:(n,a,o)=>s(e.httpClient.post(k.create,{name:n,selfProvisioningDomains:a,customAttributes:o},{token:t})),createWithId:(n,a,o,i)=>s(e.httpClient.post(k.create,{id:n,name:a,selfProvisioningDomains:o,customAttributes:i},{token:t})),update:(n,a,o,i)=>s(e.httpClient.post(k.update,{id:n,name:a,selfProvisioningDomains:o,customAttributes:i},{token:t})),delete:(n,a)=>s(e.httpClient.post(k.delete,{id:n,cascade:a},{token:t})),load:n=>s(e.httpClient.get(k.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants)),searchAll:(n,a,o,i)=>s(e.httpClient.post(k.searchAll,{tenantIds:n,tenantNames:a,tenantSelfProvisioningDomains:o,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:n=>s(e.httpClient.get(k.settings,{queryParams:{id:n},token:t}),(e=>e)),configureSettings:(n,a)=>s(e.httpClient.post(k.settings,Object.assign(Object.assign({},a),{tenantId:n}),{token:t})),generateSSOConfigurationLink:(n,a,o,i,r)=>s(e.httpClient.post(k.generateSSOConfigurationLink,{tenantId:n,expireTime:a,ssoId:o,email:i,templateId:r},{token:t}),(e=>e))}),M=(e,t)=>({update:(n,a,o)=>s(e.httpClient.post(y.update,{jwt:n,customClaims:a,refreshDuration:o},{token:t})),impersonate:(n,a,o,i,r)=>s(e.httpClient.post(y.impersonate,{impersonatorId:n,loginId:a,validateConsent:o,customClaims:i,selectedTenant:r},{token:t})),signIn:(n,a)=>s(e.httpClient.post(y.signIn,Object.assign({loginId:n},a),{token:t})),signUp:(n,a,o)=>s(e.httpClient.post(y.signUp,Object.assign({loginId:n,user:a},o),{token:t})),signUpOrIn:(n,a,o)=>s(e.httpClient.post(y.signUpOrIn,Object.assign({loginId:n,user:a},o),{token:t})),anonymous:(n,a)=>s(e.httpClient.post(y.anonymous,{customClaims:n,selectedTenant:a},{token:t}))}),x=(e,t)=>({create:(n,a)=>s(e.httpClient.post(b.create,{name:n,description:a},{token:t})),update:(n,a,o)=>s(e.httpClient.post(b.update,{name:n,newName:a,description:o},{token:t})),delete:n=>s(e.httpClient.post(b.delete,{name:n},{token:t})),loadAll:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.permissions))}),U=(e,t)=>({create:(n,a,o,i)=>s(e.httpClient.post(w.create,{name:n,description:a,permissionNames:o,tenantId:i},{token:t})),update:(n,a,o,i,r)=>s(e.httpClient.post(w.update,{name:n,newName:a,description:o,permissionNames:i,tenantId:r},{token:t})),delete:(n,a)=>s(e.httpClient.post(w.delete,{name:n,tenantId:a},{token:t})),loadAll:()=>s(e.httpClient.get(w.loadAll,{token:t}),(e=>e.roles)),search:n=>s(e.httpClient.post(w.search,n,{token:t}),(e=>e.roles))}),L=(e,t)=>({loadAllGroups:n=>s(e.httpClient.post(S.loadAllGroups,{tenantId:n},{token:t})),loadAllGroupsForMember:(n,a,o)=>s(e.httpClient.post(S.loadAllGroupsForMember,{tenantId:n,loginIds:o,userIds:a},{token:t})),loadAllGroupMembers:(n,a)=>s(e.httpClient.post(S.loadAllGroupMembers,{tenantId:n,groupId:a},{token:t}))});function D(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const F=(e,t)=>({getSettings:n=>s(e.httpClient.get(f.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),newSettings:(n,a,o)=>s(e.httpClient.post(f.settingsNew,Object.assign(Object.assign({tenantId:n},a?{ssoId:a}:{}),{displayName:o}),{token:t}),(e=>D(e))),deleteSettings:(n,a)=>s(e.httpClient.delete(f.settings,{queryParams:Object.assign({tenantId:n},a?{ssoId:a}:{}),token:t})),configureSettings:(n,a,o,i,r,l)=>s(e.httpClient.post(f.settings,{tenantId:n,idpURL:a,entityId:i,idpCert:o,redirectURL:r,domains:l},{token:t})),configureMetadata:(n,a,o,i)=>s(e.httpClient.post(f.metadata,{tenantId:n,idpMetadataURL:a,redirectURL:o,domains:i},{token:t})),configureMapping:(n,a,o)=>s(e.httpClient.post(f.mapping,{tenantId:n,roleMappings:a,attributeMapping:o},{token:t})),configureOIDCSettings:(n,a,o,i)=>{const r=Object.assign(Object.assign({},a),{userAttrMapping:a.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(f.oidc.configure,Object.assign({tenantId:n,settings:r,domains:o},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(n,a,o,i,r)=>s(e.httpClient.post(f.saml.configure,Object.assign({tenantId:n,settings:a,redirectUrl:o,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(n,a,o,i,r)=>s(e.httpClient.post(f.saml.metadata,Object.assign({tenantId:n,settings:a,redirectUrl:o,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(n,a)=>s(e.httpClient.get(f.settingsv2,{queryParams:Object.assign({tenantId:n},a?{ssoId:a}:{}),token:t}),(e=>D(e))),loadAllSettings:n=>s(e.httpClient.get(f.settingsAllV2,{queryParams:{tenantId:n},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(D(e)))),s}(e)))}),z=(e,t)=>({create:(n,a,o,i,r,l,d,p)=>s(e.httpClient.post(v.create,{name:n,expireTime:a,roleNames:o,keyTenants:i,userId:r,customClaims:l,description:d,permittedIps:p},{token:t})),load:n=>s(e.httpClient.get(v.load,{queryParams:{id:n},token:t}),(e=>e.key)),searchAll:n=>s(e.httpClient.post(v.search,{tenantIds:n},{token:t}),(e=>e.keys)),update:(n,a,o,i,r,l,d)=>s(e.httpClient.post(v.update,{id:n,name:a,description:o,roleNames:i,keyTenants:r,customClaims:l,permittedIps:d},{token:t}),(e=>e.key)),deactivate:n=>s(e.httpClient.post(v.deactivate,{id:n},{token:t})),activate:n=>s(e.httpClient.post(v.activate,{id:n},{token:t})),delete:n=>s(e.httpClient.post(v.delete,{id:n},{token:t}))}),q=(e,t)=>({list:()=>s(e.httpClient.post(A.list,{},{token:t})),delete:n=>s(e.httpClient.post(A.delete,{ids:n},{token:t})),export:n=>s(e.httpClient.post(A.export,{flowId:n},{token:t})),import:(n,a,o)=>s(e.httpClient.post(A.import,{flowId:n,flow:a,screens:o},{token:t}))}),$=(e,t)=>({export:()=>s(e.httpClient.post(O.export,{},{token:t})),import:n=>s(e.httpClient.post(O.import,{theme:n},{token:t}))}),J=(e,t)=>({search:n=>{const a=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete a.loginIds,s(e.httpClient.post(T.search,a,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const a=Object.assign({},n);return s(e.httpClient.post(T.createEvent,a,{token:t}))}}),K=(e,t)=>({saveSchema:(n,a)=>s(e.httpClient.post(j.schemaSave,{schema:n,upgrade:a},{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(j.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(n,a,o)=>s(e.httpClient.post(j.nsSave,{namespace:n,oldName:a,schemaName:o},{token:t})),deleteNamespace:(n,a)=>s(e.httpClient.post(j.nsDelete,{name:n,schemaName:a},{token:t})),saveRelationDefinition:(n,a,o,i)=>s(e.httpClient.post(j.rdSave,{relationDefinition:n,namespace:a,oldName:o,schemaName:i},{token:t})),deleteRelationDefinition:(n,a,o)=>s(e.httpClient.post(j.rdDelete,{name:n,namespace:a,schemaName:o},{token:t})),createRelations:n=>s(e.httpClient.post(j.reCreate,{relations:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(j.reDelete,{relations:n},{token:t})),deleteRelationsForResources:n=>s(e.httpClient.post(j.reDeleteResources,{resources:n},{token:t})),hasRelations:n=>s(e.httpClient.post(j.hasRelations,{relationQueries:n},{token:t}),(e=>e.relationQueries)),whoCanAccess:(n,a,o)=>s(e.httpClient.post(j.who,{resource:n,relationDefinition:a,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:n=>s(e.httpClient.post(j.resource,{resource:n},{token:t}),(e=>e.relations)),targetsRelations:n=>s(e.httpClient.post(j.targets,{targets:n},{token:t}),(e=>e.relations)),whatCanTargetAccess:n=>s(e.httpClient.post(j.targetAll,{target:n},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,a,o)=>s(e.httpClient.post(j.targetWithRelation,{target:n,relationDefinition:a,namespace:o},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>s(e.httpClient.post(j.getModified,{since:n?n.getTime():0},{token:t}),(e=>e))}),G=(e,t)=>({createOidcApplication:n=>{var a;return s(e.httpClient.post(C.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(a=n.enabled)||void 0===a||a}),{token:t}))},createSamlApplication:n=>{var a;return s(e.httpClient.post(C.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(a=n.enabled)||void 0===a||a}),{token:t}))},updateOidcApplication:n=>s(e.httpClient.post(C.oidcUpdate,Object.assign({},n),{token:t})),updateSamlApplication:n=>s(e.httpClient.post(C.samlUpdate,Object.assign({},n),{token:t})),delete:n=>s(e.httpClient.post(C.delete,{id:n},{token:t})),load:n=>s(e.httpClient.get(C.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.apps))}),B=(e,t)=>({getSettings:n=>s(e.httpClient.get(I.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),configureSettings:(n,a)=>s(e.httpClient.post(I.settings,Object.assign(Object.assign({},a),{tenantId:n}),{token:t}))}),W=(e,t)=>({saveSchema:n=>s(e.httpClient.post(N.schema,n,{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),createRelations:n=>s(e.httpClient.post(N.relations,{tuples:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(N.deleteRelations,{tuples:n},{token:t})),check:n=>s(e.httpClient.post(N.check,{tuples:n},{token:t}),(e=>e.tuples))});const H=s=>{var r,{managementKey:l,publicKey:d}=s,u=e(s,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:p},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.2"})})),{projectId:v,logger:k}=u,C={},f=((e,t)=>({user:P(e,t),project:R(e,t),accessKey:z(e,t),tenant:E(e,t),ssoApplication:G(e,t),sso:F(e,t),jwt:M(e,t),permission:x(e,t),password:B(e,t),role:U(e,t),group:L(e,t),flow:q(e,t),theme:$(e,t),audit:J(e,t),authz:K(e,t),fga:W(e,t)}))(h,l),y=Object.assign(Object.assign({},h),{refresh:async e=>h.refresh(e),management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(C[e.kid])return C[e.kid];if(Object.assign(C,await(async()=>{if(d)try{const e=JSON.parse(d),t=await i(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${v}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!C[e.kid])throw Error("failed to fetch matching key");return C[e.kid]},async validateJwt(e){var t;const s=(await a(e,y.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==v))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await y.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await y.validateJwt(e);const n=await y.refresh(e);if(n.ok){return await y.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await y.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return y.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await y.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==k||k.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:a}=n.data;if(!a)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await y.validateJwt(a)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>y.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>y.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!c(e,t))return!1;const n=g(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!c(e,t))return[];const n=g(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>y.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>y.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!c(e,t))return!1;const n=g(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!c(e,t))return[];const n=g(e,"roles",t);return s.filter((e=>n.includes(e)))}});return n(y,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};H.RefreshTokenCookieName="DSR",H.SessionTokenCookieName="DS",H.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{H as default};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as n,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var d;null!==(d=globalThis.Headers)&&void 0!==d||(globalThis.Headers=r);const p=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=t=>async(...s)=>{var o,n,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function c(e,t,s){var o,n;const a=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(a)?a:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},h={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},C={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},I={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},y={settings:"/v1/mgmt/password/settings"},b={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},S={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},w={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},O={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},A={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},T={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},j={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},N={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};const R=(e,t)=>({create:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(u.create,C,{token:t}),(e=>e.user))},createTestUser:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.createTestUser,C,{token:t}),(e=>e.user))},invite:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k,C,f,I,y){const b="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:I,templateId:y}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,b,{token:t}),(e=>e.user))},inviteBatch:(o,n,a,i,r,l)=>s(e.httpClient.post(u.createBatch,{users:o.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:n,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(u.update,C,{token:t}),(e=>e.user))},patch:function(o,n){const a={loginId:o};return void 0!==n.email&&(a.email=n.email),void 0!==n.phone&&(a.phone=n.phone),void 0!==n.displayName&&(a.displayName=n.displayName),void 0!==n.givenName&&(a.givenName=n.givenName),void 0!==n.middleName&&(a.middleName=n.middleName),void 0!==n.familyName&&(a.familyName=n.familyName),void 0!==n.roles&&(a.roleNames=n.roles),void 0!==n.userTenants&&(a.userTenants=n.userTenants),void 0!==n.customAttributes&&(a.customAttributes=n.customAttributes),void 0!==n.picture&&(a.picture=n.picture),void 0!==n.verifiedEmail&&(a.verifiedEmail=n.verifiedEmail),void 0!==n.verifiedPhone&&(a.verifiedPhone=n.verifiedPhone),void 0!==n.ssoAppIds&&(a.ssoAppIds=n.ssoAppIds),void 0!==n.scim&&(a.scim=n.scim),s(e.httpClient.patch(u.patch,a,{token:t}),(e=>e.user))},delete:o=>s(e.httpClient.post(u.delete,{loginId:o},{token:t})),deleteByUserId:o=>s(e.httpClient.post(u.delete,{userId:o},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:o=>s(e.httpClient.get(u.load,{queryParams:{loginId:o},token:t}),(e=>e.user)),loadByUserId:o=>s(e.httpClient.get(u.load,{queryParams:{userId:o},token:t}),(e=>e.user)),logoutUser:o=>s(e.httpClient.post(u.logout,{loginId:o},{token:t})),logoutUserByUserId:o=>s(e.httpClient.post(u.logout,{userId:o},{token:t})),searchAll:(o,n,a,i,r,l,d,p,m,c)=>s(e.httpClient.post(u.search,{tenantIds:o,roleNames:n,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:o=>s(e.httpClient.post(u.searchTestUsers,Object.assign(Object.assign({},o),{withTestUser:!0,testUsersOnly:!0,roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),search:o=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},o),{roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(o,n,a)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:o,provider:n,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:o=>s(e.httpClient.post(u.updateStatus,{loginId:o,status:"enabled"},{token:t}),(e=>e.user)),deactivate:o=>s(e.httpClient.post(u.updateStatus,{loginId:o,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(o,n)=>s(e.httpClient.post(u.updateLoginId,{loginId:o,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(o,n,a)=>s(e.httpClient.post(u.updateEmail,{loginId:o,email:n,verified:a},{token:t}),(e=>e.user)),updatePhone:(o,n,a)=>s(e.httpClient.post(u.updatePhone,{loginId:o,phone:n,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(o,n,a,i,r)=>s(e.httpClient.post(u.updateDisplayName,{loginId:o,displayName:n,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(o,n)=>s(e.httpClient.post(u.updatePicture,{loginId:o,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(o,n,a)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(o,n)=>s(e.httpClient.post(u.setRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addRoles:(o,n)=>s(e.httpClient.post(u.addRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(o,n)=>s(e.httpClient.post(u.removeRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addTenant:(o,n)=>s(e.httpClient.post(u.addTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(o,n)=>s(e.httpClient.post(u.removeTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(o,n,a)=>s(e.httpClient.post(u.setRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(o,n,a)=>s(e.httpClient.post(u.addRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(o,n,a)=>s(e.httpClient.post(u.removeRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(o,n)=>s(e.httpClient.post(u.addSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(o,n)=>s(e.httpClient.post(u.setSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(o,n)=>s(e.httpClient.post(u.removeSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(o,n,a)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:o,loginId:n,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(o,n,a,i)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(o,n,a)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:o,URI:n,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(o,n)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:o,customClaims:n},{token:t}),(e=>e)),setTemporaryPassword:(o,n)=>s(e.httpClient.post(u.setTemporaryPassword,{loginId:o,password:n},{token:t}),(e=>e)),setActivePassword:(o,n)=>s(e.httpClient.post(u.setActivePassword,{loginId:o,password:n},{token:t}),(e=>e)),setPassword:(o,n)=>s(e.httpClient.post(u.setPassword,{loginId:o,password:n},{token:t}),(e=>e)),expirePassword:o=>s(e.httpClient.post(u.expirePassword,{loginId:o},{token:t}),(e=>e)),removeAllPasskeys:o=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:o},{token:t}),(e=>e)),removeTOTPSeed:o=>s(e.httpClient.post(u.removeTOTPSeed,{loginId:o},{token:t}),(e=>e)),history:o=>s(e.httpClient.post(u.history,o,{token:t}),(e=>e))}),P=(e,t)=>({updateName:o=>s(e.httpClient.post(h.updateName,{name:o},{token:t})),updateTags:o=>s(e.httpClient.post(h.updateTags,{tags:o},{token:t})),clone:(o,n,a)=>s(e.httpClient.post(h.clone,{name:o,environment:n,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(h.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:o})=>({id:e,name:t,environment:s,tags:o}))))),exportSnapshot:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t})),importSnapshot:o=>s(e.httpClient.post(h.importSnapshot,o,{token:t})),validateSnapshot:o=>s(e.httpClient.post(h.validateSnapshot,o,{token:t})),export:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t}),(e=>e.files)),import:o=>s(e.httpClient.post(h.importSnapshot,{files:o},{token:t}))}),E=(e,t)=>({create:(o,n,a,i,r)=>s(e.httpClient.post(k.create,{name:o,selfProvisioningDomains:n,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(o,n,a,i,r,l)=>s(e.httpClient.post(k.create,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(o,n,a,i,r,l)=>s(e.httpClient.post(k.update,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(o,n)=>s(e.httpClient.post(k.delete,{id:o,cascade:n},{token:t})),load:o=>s(e.httpClient.get(k.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants)),searchAll:(o,n,a,i)=>s(e.httpClient.post(k.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:o=>s(e.httpClient.get(k.settings,{queryParams:{id:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(k.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t})),generateSSOConfigurationLink:(o,n,a,i,r)=>s(e.httpClient.post(k.generateSSOConfigurationLink,{tenantId:o,expireTime:n,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),M=(e,t)=>({update:(o,n,a)=>s(e.httpClient.post(I.update,{jwt:o,customClaims:n,refreshDuration:a},{token:t})),impersonate:(o,n,a,i,r,l)=>s(e.httpClient.post(I.impersonate,{impersonatorId:o,loginId:n,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(o,n,a,i)=>s(e.httpClient.post(I.stopImpersonation,{jwt:o,customClaims:n,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(o,n)=>s(e.httpClient.post(I.signIn,Object.assign({loginId:o},n),{token:t})),signUp:(o,n,a)=>s(e.httpClient.post(I.signUp,Object.assign({loginId:o,user:n},a),{token:t})),signUpOrIn:(o,n,a)=>s(e.httpClient.post(I.signUpOrIn,Object.assign({loginId:o,user:n},a),{token:t})),anonymous:(o,n,a)=>s(e.httpClient.post(I.anonymous,{customClaims:o,selectedTenant:n,refreshDuration:a},{token:t}))}),x=(e,t)=>({create:(o,n)=>s(e.httpClient.post(b.create,{name:o,description:n},{token:t})),update:(o,n,a)=>s(e.httpClient.post(b.update,{name:o,newName:n,description:a},{token:t})),delete:o=>s(e.httpClient.post(b.delete,{name:o},{token:t})),loadAll:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.permissions))}),U=(e,t)=>({create:(o,n,a,i)=>s(e.httpClient.post(S.create,{name:o,description:n,permissionNames:a,tenantId:i},{token:t})),update:(o,n,a,i,r)=>s(e.httpClient.post(S.update,{name:o,newName:n,description:a,permissionNames:i,tenantId:r},{token:t})),delete:(o,n)=>s(e.httpClient.post(S.delete,{name:o,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(S.loadAll,{token:t}),(e=>e.roles)),search:o=>s(e.httpClient.post(S.search,o,{token:t}),(e=>e.roles))}),D=(e,t)=>({loadAllGroups:o=>s(e.httpClient.post(A.loadAllGroups,{tenantId:o},{token:t})),loadAllGroupsForMember:(o,n,a)=>s(e.httpClient.post(A.loadAllGroupsForMember,{tenantId:o,loginIds:a,userIds:n},{token:t})),loadAllGroupMembers:(o,n)=>s(e.httpClient.post(A.loadAllGroupMembers,{tenantId:o,groupId:n},{token:t}))});function L(e){var t,s;const o=e;return o.oidc&&(o.oidc=Object.assign(Object.assign({},o.oidc),{attributeMapping:o.oidc.userAttrMapping}),delete o.oidc.userAttrMapping),(null===(t=o.saml)||void 0===t?void 0:t.groupsMapping)&&(o.saml.groupsMapping=null===(s=o.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),o}const F=(e,t)=>({getSettings:o=>s(e.httpClient.get(f.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),newSettings:(o,n,a)=>s(e.httpClient.post(f.settingsNew,Object.assign(Object.assign({tenantId:o},n?{ssoId:n}:{}),{displayName:a}),{token:t}),(e=>L(e))),deleteSettings:(o,n)=>s(e.httpClient.delete(f.settings,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t})),configureSettings:(o,n,a,i,r,l)=>s(e.httpClient.post(f.settings,{tenantId:o,idpURL:n,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(o,n,a,i)=>s(e.httpClient.post(f.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:a,domains:i},{token:t})),configureMapping:(o,n,a)=>s(e.httpClient.post(f.mapping,{tenantId:o,roleMappings:n,attributeMapping:a},{token:t})),configureOIDCSettings:(o,n,a,i)=>{const r=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(f.oidc.configure,Object.assign({tenantId:o,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(o,n,a,i,r)=>s(e.httpClient.post(f.saml.configure,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(o,n,a,i,r)=>s(e.httpClient.post(f.saml.metadata,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(o,n)=>s(e.httpClient.get(f.settingsv2,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t}),(e=>L(e))),loadAllSettings:o=>s(e.httpClient.get(f.settingsAllV2,{queryParams:{tenantId:o},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(L(e)))),s}(e)))}),z=(e,t)=>({create:(o,n,a,i,r,l,d,p)=>s(e.httpClient.post(v.create,{name:o,expireTime:n,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:d,permittedIps:p},{token:t})),load:o=>s(e.httpClient.get(v.load,{queryParams:{id:o},token:t}),(e=>e.key)),searchAll:o=>s(e.httpClient.post(v.search,{tenantIds:o},{token:t}),(e=>e.keys)),update:(o,n,a,i,r,l,d)=>s(e.httpClient.post(v.update,{id:o,name:n,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:d},{token:t}),(e=>e.key)),deactivate:o=>s(e.httpClient.post(v.deactivate,{id:o},{token:t})),activate:o=>s(e.httpClient.post(v.activate,{id:o},{token:t})),delete:o=>s(e.httpClient.post(v.delete,{id:o},{token:t}))}),q=(e,t)=>({list:()=>s(e.httpClient.post(w.list,{},{token:t})),delete:o=>s(e.httpClient.post(w.delete,{ids:o},{token:t})),export:o=>s(e.httpClient.post(w.export,{flowId:o},{token:t})),import:(o,n,a)=>s(e.httpClient.post(w.import,{flowId:o,flow:n,screens:a},{token:t}))}),$=(e,t)=>({export:()=>s(e.httpClient.post(O.export,{},{token:t})),import:o=>s(e.httpClient.post(O.import,{theme:o},{token:t}))}),J=(e,t)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,s(e.httpClient.post(T.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:o=>{const n=Object.assign({},o);return s(e.httpClient.post(T.createEvent,n,{token:t}))}}),K=(e,t)=>({saveSchema:(o,n)=>s(e.httpClient.post(j.schemaSave,{schema:o,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(j.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(o,n,a)=>s(e.httpClient.post(j.nsSave,{namespace:o,oldName:n,schemaName:a},{token:t})),deleteNamespace:(o,n)=>s(e.httpClient.post(j.nsDelete,{name:o,schemaName:n},{token:t})),saveRelationDefinition:(o,n,a,i)=>s(e.httpClient.post(j.rdSave,{relationDefinition:o,namespace:n,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(o,n,a)=>s(e.httpClient.post(j.rdDelete,{name:o,namespace:n,schemaName:a},{token:t})),createRelations:o=>s(e.httpClient.post(j.reCreate,{relations:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(j.reDelete,{relations:o},{token:t})),deleteRelationsForResources:o=>s(e.httpClient.post(j.reDeleteResources,{resources:o},{token:t})),deleteResourceRelationsForResources:o=>s(e.httpClient.post(j.reDeleteResourceRelationsForResources,{resources:o},{token:t})),deleteRelationsForIds:o=>s(e.httpClient.post(j.reDeleteResources,{resources:o},{token:t})),hasRelations:o=>s(e.httpClient.post(j.hasRelations,{relationQueries:o},{token:t}),(e=>e.relationQueries)),whoCanAccess:(o,n,a)=>s(e.httpClient.post(j.who,{resource:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(o,n=!1)=>s(e.httpClient.post(j.resource,{resource:o,ignoreTargetSetRelations:n},{token:t}),(e=>e.relations)),targetsRelations:(o,n=!1)=>s(e.httpClient.post(j.targets,{targets:o,includeTargetSetRelations:n},{token:t}),(e=>e.relations)),whatCanTargetAccess:o=>s(e.httpClient.post(j.targetAll,{target:o},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(o,n,a)=>s(e.httpClient.post(j.targetWithRelation,{target:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:o=>s(e.httpClient.post(j.getModified,{since:o?o.getTime():0},{token:t}),(e=>e))}),G=(e,t)=>({createOidcApplication:o=>{var n;return s(e.httpClient.post(C.oidcCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:o=>{var n;return s(e.httpClient.post(C.samlCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:o=>s(e.httpClient.post(C.oidcUpdate,Object.assign({},o),{token:t})),updateSamlApplication:o=>s(e.httpClient.post(C.samlUpdate,Object.assign({},o),{token:t})),delete:o=>s(e.httpClient.post(C.delete,{id:o},{token:t})),load:o=>s(e.httpClient.get(C.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.apps))}),B=(e,t)=>({getSettings:o=>s(e.httpClient.get(y.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(y.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t}))}),W=(e,t)=>({saveSchema:o=>s(e.httpClient.post(N.schema,o,{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),createRelations:o=>s(e.httpClient.post(N.relations,{tuples:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(N.deleteRelations,{tuples:o},{token:t})),check:o=>s(e.httpClient.post(N.check,{tuples:o},{token:t}),(e=>e.tuples)),loadResourcesDetails:o=>s(e.httpClient.post(N.resourcesLoad,{resourceIdentifiers:o},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:o=>s(e.httpClient.post(N.resourcesSave,{resourcesDetails:o},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(N.relations,{token:t}))});const H=s=>{var r,{managementKey:l,publicKey:d}=s,u=e(s,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:p},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.6"})})),{projectId:v,logger:k}=u,C={},f=((e,t)=>({user:R(e,t),project:P(e,t),accessKey:z(e,t),tenant:E(e,t),ssoApplication:G(e,t),sso:F(e,t),jwt:M(e,t),permission:x(e,t),password:B(e,t),role:U(e,t),group:D(e,t),flow:q(e,t),theme:$(e,t),audit:J(e,t),authz:K(e,t),fga:W(e,t)}))(h,l),I=Object.assign(Object.assign({},h),{refresh:async e=>h.refresh(e),management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(C[e.kid])return C[e.kid];if(Object.assign(C,await(async()=>{if(d)try{const e=JSON.parse(d),t=await i(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${v}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!C[e.kid])throw Error("failed to fetch matching key");return C[e.kid]},async validateJwt(e){var t;const s=(await n(e,I.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==v))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await I.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await I.validateJwt(e);const o=await I.refresh(e);if(o.ok){return await I.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await I.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return I.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let o;try{o=await I.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!o.ok)throw null==k||k.error("failed to exchange access key",o.error),Error(`could not exchange access key - ${null===(s=o.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:n}=o.data;if(!n)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await I.validateJwt(n)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>I.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>I.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const o=c(e,"permissions",t);return s.every((e=>o.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const o=c(e,"permissions",t);return s.filter((e=>o.includes(e)))},validateRoles:(e,t)=>I.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>I.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const o=c(e,"roles",t);return s.every((e=>o.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const o=c(e,"roles",t);return s.filter((e=>o.includes(e)))}});return o(I,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};H.RefreshTokenCookieName="DSR",H.SessionTokenCookieName="DS",H.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{H as default};
2
2
  //# sourceMappingURL=index.esm.js.map