@descope/node-sdk 1.7.5 → 1.7.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +99 -7
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +176 -30
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +3 -3
package/dist/index.d.ts CHANGED
@@ -161,6 +161,8 @@ declare type Tenant = {
161
161
  customAttributes?: Record<string, string | number | boolean>;
162
162
  domains?: string[];
163
163
  authType?: 'none' | 'saml' | 'oidc';
164
+ enforceSSO?: boolean;
165
+ disabled?: boolean;
164
166
  };
165
167
  /** Represents settings of a tenant in a project. It has an id, a name and an array of
166
168
  * self provisioning domains used to associate users with that tenant.
@@ -253,6 +255,7 @@ declare type Role = {
253
255
  permissionNames: string[];
254
256
  createdTime: number;
255
257
  tenantId?: string;
258
+ default?: boolean;
256
259
  };
257
260
  /** Search roles based on the parameters */
258
261
  declare type RoleSearchOptions = {
@@ -712,11 +715,22 @@ declare type CheckResponseRelation = {
712
715
  allowed: boolean;
713
716
  tuple: FGARelation;
714
717
  };
718
+ interface FGAResourceIdentifier {
719
+ resourceId: string;
720
+ resourceType: string;
721
+ }
722
+ interface FGAResourceDetails {
723
+ resourceId: string;
724
+ resourceType: string;
725
+ displayName: string;
726
+ }
715
727
  declare type MgmtLoginOptions = Omit<LoginOptions, 'templateId' | 'templateOptions'> & {
716
728
  jwt?: string;
729
+ refreshDuration?: number;
717
730
  };
718
731
  declare type MgmtSignUpOptions = {
719
732
  customClaims?: Record<string, any>;
733
+ refreshDuration?: number;
720
734
  };
721
735
  interface UserOptions {
722
736
  email?: string;
@@ -737,6 +751,62 @@ interface UserOptions {
737
751
  declare type MgmtUserOptions = Omit<UserOptions, 'roles' | 'userTenants' | 'customAttributes' | 'picture' | 'additionalLoginIds' | 'displayName'> & {
738
752
  name?: string;
739
753
  };
754
+ declare type InboundApplicationScope = {
755
+ name: string;
756
+ description: string;
757
+ values?: string[];
758
+ optional?: boolean;
759
+ };
760
+ /**
761
+ * Represents an inbound application request in a project.
762
+ * This type is used to create a new inbound application in a project.
763
+ */
764
+ declare type InboundApplicationOptions = {
765
+ name: string;
766
+ description?: string;
767
+ logo?: string;
768
+ loginPageUrl?: string;
769
+ approvedCallbackUrls?: string[];
770
+ permissionsScopes: InboundApplicationScope[];
771
+ attributesScopes?: InboundApplicationScope[];
772
+ };
773
+ /**
774
+ * Represents an inbound application in a project.
775
+ */
776
+ declare type InboundApplication = InboundApplicationOptions & {
777
+ id: string;
778
+ clientId: string;
779
+ };
780
+ declare type InboundApplicationSecretResponse = {
781
+ cleartext: string;
782
+ };
783
+ declare type CreateInboundApplicationResponse = {
784
+ id: string;
785
+ clientId: string;
786
+ } & InboundApplicationSecretResponse;
787
+ /**
788
+ * Represents an inbound application consent for a single application
789
+ * for a specific user within the project.
790
+ */
791
+ declare type InboundApplicationConsent = {
792
+ id: string;
793
+ appId: string;
794
+ userId: string;
795
+ scopes: string[];
796
+ grantedBy: string;
797
+ createdTime: number;
798
+ };
799
+ declare type InboundApplicationConsentSearchOptions = {
800
+ appId?: string;
801
+ userId?: string;
802
+ consentId?: string;
803
+ page?: number;
804
+ };
805
+ declare type InboundApplicationConsentDeleteOptions = {
806
+ consentIds?: string[];
807
+ appId?: string;
808
+ userIds?: string[];
809
+ };
740
810
 
741
811
  interface PatchUserOptions {
742
812
  email?: string;
@@ -871,7 +941,15 @@ declare const nodeSdk: {
871
941
  generateOTPForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
872
942
  generateMagicLinkForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
873
943
  generateEnchantedLinkForTestUser: (loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
874
- generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
944
+ generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>, timeout?: number) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
945
+ generateSignUpEmbeddedLink: (loginId: string, user?: {
946
+ name?: string;
947
+ givenName?: string;
948
+ middleName?: string;
949
+ familyName?: string;
950
+ phone?: string;
951
+ email?: string;
952
+ }, emailVerified?: boolean, phoneVerified?: boolean, loginOptions?: _descope_core_js_sdk.LoginOptions, timeout?: number) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
875
953
  setTemporaryPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
876
954
  setActivePassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
877
955
  setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
@@ -901,19 +979,15 @@ declare const nodeSdk: {
901
979
  delete: (id: string) => Promise<SdkResponse<never>>;
902
980
  };
903
981
  tenant: {
904
- create: (name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<CreateTenantResponse>>;
905
- createWithId: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<never>>;
906
- update: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<never>>;
982
+ create: (name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean) => Promise<SdkResponse<CreateTenantResponse>>;
983
+ createWithId: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean) => Promise<SdkResponse<never>>;
984
+ update: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean) => Promise<SdkResponse<never>>;
907
985
  delete: (id: string, cascade?: boolean) => Promise<SdkResponse<never>>;
908
986
  load: (id: string) => Promise<SdkResponse<Tenant>>;
909
987
  loadAll: () => Promise<SdkResponse<Tenant[]>>;
910
988
  searchAll: (ids?: string[], names?: string[], selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<Tenant[]>>;
911
989
  getSettings: (tenantId: string) => Promise<SdkResponse<TenantSettings>>;
912
- configureSettings: (tenantId: string, settings: TenantSettings) => Promise<SdkResponse<never>>; /**
913
- * Validate the given JWT with the right key and make sure the issuer is correct
914
- * @param jwt the JWT string to parse and validate
915
- * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.
916
- */
990
+ configureSettings: (tenantId: string, settings: TenantSettings) => Promise<SdkResponse<never>>;
917
991
  generateSSOConfigurationLink: (tenantId: string, expireDuration: number, ssoId?: string, email?: string, templateId?: string) => Promise<SdkResponse<GenerateSSOConfigurationLinkResponse>>;
918
992
  };
919
993
  ssoApplication: {
@@ -929,6 +1003,22 @@ declare const nodeSdk: {
929
1003
  load: (id: string) => Promise<SdkResponse<SSOApplication>>;
930
1004
  loadAll: () => Promise<SdkResponse<SSOApplication[]>>;
931
1005
  };
1006
+ inboundApplication: {
1007
+ createApplication: (options: InboundApplicationOptions) => Promise<SdkResponse<CreateInboundApplicationResponse>>;
1008
+ updateApplication: (options: InboundApplicationOptions & {
1009
+ id: string;
1010
+ }) => Promise<SdkResponse<never>>;
1011
+ patchApplication: (options: Partial<InboundApplicationOptions> & {
1012
+ id: string;
1013
+ }) => Promise<SdkResponse<never>>;
1014
+ deleteApplication: (id: string) => Promise<SdkResponse<never>>;
1015
+ loadApplication: (id: string) => Promise<SdkResponse<InboundApplication>>;
1016
+ loadAllApplications: () => Promise<SdkResponse<InboundApplication[]>>;
1017
+ getApplicationSecret: (id: string) => Promise<SdkResponse<InboundApplicationSecretResponse>>;
1018
+ rotateApplicationSecret: (id: string) => Promise<SdkResponse<never>>;
1019
+ searchConsents: (options?: InboundApplicationConsentSearchOptions) => Promise<SdkResponse<InboundApplicationConsent[]>>;
1020
+ deleteConsents: (options: InboundApplicationConsentDeleteOptions) => Promise<SdkResponse<never>>;
1021
+ };
932
1022
  sso: {
933
1023
  getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
934
1024
  newSettings: (tenantId: string, ssoId: string, displayName: string) => Promise<SdkResponse<SSOSettings>>;
@@ -944,11 +1034,12 @@ declare const nodeSdk: {
944
1034
  };
945
1035
  jwt: {
946
1036
  update: (jwt: string, customClaims?: Record<string, any>, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
947
- impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean, customClaims?: Record<string, any>, selectedTenant?: string) => Promise<SdkResponse<UpdateJWTResponse>>;
1037
+ impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean, customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
1038
+ stopImpersonation: (jwt: string, customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
948
1039
  signIn: (loginId: string, loginOptions?: MgmtLoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
949
1040
  signUp: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
950
1041
  signUpOrIn: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
951
- anonymous: (customClaims?: Record<string, any>, selectedTenant?: string) => Promise<SdkResponse<{
1042
+ anonymous: (customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<{
952
1043
  refreshJwt?: string;
953
1044
  cookieDomain?: string;
954
1045
  cookieMaxAge?: number;
@@ -969,8 +1060,8 @@ declare const nodeSdk: {
969
1060
  configureSettings: (tenantId: string, settings: PasswordSettings) => Promise<SdkResponse<never>>;
970
1061
  };
971
1062
  role: {
972
- create: (name: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
973
- update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
1063
+ create: (name: string, description?: string, permissionNames?: string[], tenantId?: string, defaultRole?: boolean) => Promise<SdkResponse<never>>;
1064
+ update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string, defaultRole?: boolean) => Promise<SdkResponse<never>>;
974
1065
  delete: (name: string, tenantId?: string) => Promise<SdkResponse<never>>;
975
1066
  loadAll: () => Promise<SdkResponse<Role[]>>;
976
1067
  search: (options: RoleSearchOptions) => Promise<SdkResponse<Role[]>>;
@@ -1021,6 +1112,8 @@ declare const nodeSdk: {
1021
1112
  createRelations: (relations: FGARelation[]) => Promise<SdkResponse<never>>;
1022
1113
  deleteRelations: (relations: FGARelation[]) => Promise<SdkResponse<never>>;
1023
1114
  check: (relations: FGARelation[]) => Promise<SdkResponse<CheckResponseRelation[]>>;
1115
+ loadResourcesDetails: (resourceIdentifiers: FGAResourceIdentifier[]) => Promise<SdkResponse<FGAResourceDetails[]>>;
1116
+ saveResourcesDetails: (resourcesDetails: FGAResourceDetails[]) => Promise<SdkResponse<never>>;
1024
1117
  deleteAllRelations: () => Promise<SdkResponse<never>>;
1025
1118
  };
1026
1119
  };
@@ -1156,7 +1249,13 @@ declare const nodeSdk: {
1156
1249
  };
1157
1250
  update: {
1158
1251
  email: <T extends boolean>(loginId: string, email: string, token?: string, updateOptions?: {
1159
- addToLoginIDs?: T;
1252
+ addToLoginIDs?: T; /**
1253
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1254
+ * @param authInfo JWT parsed info containing the permissions
1255
+ * @param tenant tenant to match the permissions for
1256
+ * @param permissions List of permissions to match against the JWT claims
1257
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1258
+ * */
1160
1259
  onMergeUseExisting?: T extends true ? boolean : never;
1161
1260
  templateOptions?: {
1162
1261
  [x: string]: string;
@@ -1168,7 +1267,13 @@ declare const nodeSdk: {
1168
1267
  }>>;
1169
1268
  phone: {
1170
1269
  sms: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1171
- addToLoginIDs?: T_1;
1270
+ addToLoginIDs?: T_1; /**
1271
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1272
+ * @param authInfo JWT parsed info containing the permissions
1273
+ * @param tenant tenant to match the permissions for
1274
+ * @param permissions List of permissions to match against the JWT claims
1275
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1276
+ * */
1172
1277
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1173
1278
  templateOptions?: {
1174
1279
  [x: string]: string;
@@ -1179,7 +1284,13 @@ declare const nodeSdk: {
1179
1284
  maskedPhone: string;
1180
1285
  }>>;
1181
1286
  voice: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1182
- addToLoginIDs?: T_1;
1287
+ addToLoginIDs?: T_1; /**
1288
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1289
+ * @param authInfo JWT parsed info containing the permissions
1290
+ * @param tenant tenant to match the permissions for
1291
+ * @param permissions List of permissions to match against the JWT claims
1292
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1293
+ * */
1183
1294
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1184
1295
  templateOptions?: {
1185
1296
  [x: string]: string;
@@ -1190,7 +1301,13 @@ declare const nodeSdk: {
1190
1301
  maskedPhone: string;
1191
1302
  }>>;
1192
1303
  whatsapp: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1193
- addToLoginIDs?: T_1;
1304
+ addToLoginIDs?: T_1; /**
1305
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1306
+ * @param authInfo JWT parsed info containing the permissions
1307
+ * @param tenant tenant to match the permissions for
1308
+ * @param permissions List of permissions to match against the JWT claims
1309
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1310
+ * */
1194
1311
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1195
1312
  templateOptions?: {
1196
1313
  [x: string]: string;
@@ -1328,7 +1445,13 @@ declare const nodeSdk: {
1328
1445
  };
1329
1446
  update: {
1330
1447
  email: <T_2 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
1331
- addToLoginIDs?: T_2;
1448
+ addToLoginIDs?: T_2; /**
1449
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1450
+ * @param authInfo JWT parsed info containing the permissions
1451
+ * @param tenant tenant to match the permissions for
1452
+ * @param permissions List of permissions to match against the JWT claims
1453
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1454
+ * */
1332
1455
  onMergeUseExisting?: T_2 extends true ? boolean : never;
1333
1456
  templateOptions?: {
1334
1457
  [x: string]: string;
@@ -1340,7 +1463,13 @@ declare const nodeSdk: {
1340
1463
  }>>;
1341
1464
  phone: {
1342
1465
  sms: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1343
- addToLoginIDs?: T_3;
1466
+ addToLoginIDs?: T_3; /**
1467
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1468
+ * @param authInfo JWT parsed info containing the permissions
1469
+ * @param tenant tenant to match the permissions for
1470
+ * @param permissions List of permissions to match against the JWT claims
1471
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1472
+ * */
1344
1473
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1345
1474
  templateOptions?: {
1346
1475
  [x: string]: string;
@@ -1351,7 +1480,13 @@ declare const nodeSdk: {
1351
1480
  maskedPhone: string;
1352
1481
  }>>;
1353
1482
  voice: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1354
- addToLoginIDs?: T_3;
1483
+ addToLoginIDs?: T_3; /**
1484
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1485
+ * @param authInfo JWT parsed info containing the permissions
1486
+ * @param tenant tenant to match the permissions for
1487
+ * @param permissions List of permissions to match against the JWT claims
1488
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1489
+ * */
1355
1490
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1356
1491
  templateOptions?: {
1357
1492
  [x: string]: string;
@@ -1362,7 +1497,13 @@ declare const nodeSdk: {
1362
1497
  maskedPhone: string;
1363
1498
  }>>;
1364
1499
  whatsapp: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1365
- addToLoginIDs?: T_3;
1500
+ addToLoginIDs?: T_3; /**
1501
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1502
+ * @param authInfo JWT parsed info containing the permissions
1503
+ * @param tenant tenant to match the permissions for
1504
+ * @param permissions List of permissions to match against the JWT claims
1505
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1506
+ * */
1366
1507
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1367
1508
  templateOptions?: {
1368
1509
  [x: string]: string;
@@ -1411,7 +1552,13 @@ declare const nodeSdk: {
1411
1552
  }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1412
1553
  update: {
1413
1554
  email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
1414
- addToLoginIDs?: T_4;
1555
+ addToLoginIDs?: T_4; /**
1556
+ * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1557
+ * @param authInfo JWT parsed info containing the permissions
1558
+ * @param tenant tenant to match the permissions for
1559
+ * @param permissions List of permissions to match against the JWT claims
1560
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1561
+ * */
1415
1562
  onMergeUseExisting?: T_4 extends true ? boolean : never;
1416
1563
  templateOptions?: {
1417
1564
  [x: string]: string;
@@ -1422,7 +1569,7 @@ declare const nodeSdk: {
1422
1569
  };
1423
1570
  };
1424
1571
  oauth: {
1425
- start: ((provider: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
1572
+ start: ((provider: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, loginHint?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
1426
1573
  facebook: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1427
1574
  github: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1428
1575
  google: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
@@ -1615,7 +1762,12 @@ declare const nodeSdk: {
1615
1762
  oidcLoginHint?: string;
1616
1763
  abTestingKey?: number;
1617
1764
  startOptionsVersion?: number;
1618
- client?: Record<string, any>;
1765
+ client?: Record<string, any>; /**
1766
+ * Retrieves the permissions from JWT top level claims that match the specified permissions list
1767
+ * @param authInfo JWT parsed info containing the permissions
1768
+ * @param permissions List of permissions to match against the JWT claims
1769
+ * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1770
+ */
1619
1771
  locale?: string;
1620
1772
  oidcPrompt?: string;
1621
1773
  oidcErrorRedirectUri?: string;
@@ -1660,12 +1812,6 @@ declare const nodeSdk: {
1660
1812
  };
1661
1813
  token?: string;
1662
1814
  }) => Promise<Response>;
1663
- /**
1664
- * Retrieves the roles from JWT top level claims that match the specified roles list
1665
- * @param authInfo JWT parsed info containing the roles
1666
- * @param roles List of roles to match against the JWT claims
1667
- * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1668
- */
1669
1815
  post: (path: string, body?: any, config?: {
1670
1816
  headers?: HeadersInit;
1671
1817
  queryParams?: {
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as n}from"@descope/core-js-sdk";import{jwtVerify as o,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var d;null!==(d=globalThis.Headers)&&void 0!==d||(globalThis.Headers=r);const p=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=t=>async(...s)=>{var n,o,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function c(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},h={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},C={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},I={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},y={settings:"/v1/mgmt/password/settings"},b={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},w={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},A={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},S={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},O={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},T={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},j={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},N={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check"};const R=(e,t)=>({create:function(n,o,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(u.create,C,{token:t}),(e=>e.user))},createTestUser:function(n,o,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.createTestUser,C,{token:t}),(e=>e.user))},invite:function(n,o,a,i,r,l,d,p,m,c,g,h,v,k,C,f,I,y){const b="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:I,templateId:y}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,b,{token:t}),(e=>e.user))},inviteBatch:(n,o,a,i,r,l)=>s(e.httpClient.post(u.createBatch,{users:n.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:o,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(n,o,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(u.update,C,{token:t}),(e=>e.user))},patch:function(n,o){const a={loginId:n};return void 0!==o.email&&(a.email=o.email),void 0!==o.phone&&(a.phone=o.phone),void 0!==o.displayName&&(a.displayName=o.displayName),void 0!==o.givenName&&(a.givenName=o.givenName),void 0!==o.middleName&&(a.middleName=o.middleName),void 0!==o.familyName&&(a.familyName=o.familyName),void 0!==o.roles&&(a.roleNames=o.roles),void 0!==o.userTenants&&(a.userTenants=o.userTenants),void 0!==o.customAttributes&&(a.customAttributes=o.customAttributes),void 0!==o.picture&&(a.picture=o.picture),void 0!==o.verifiedEmail&&(a.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(a.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(a.ssoAppIds=o.ssoAppIds),void 0!==o.scim&&(a.scim=o.scim),s(e.httpClient.patch(u.patch,a,{token:t}),(e=>e.user))},delete:n=>s(e.httpClient.post(u.delete,{loginId:n},{token:t})),deleteByUserId:n=>s(e.httpClient.post(u.delete,{userId:n},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:n=>s(e.httpClient.get(u.load,{queryParams:{loginId:n},token:t}),(e=>e.user)),loadByUserId:n=>s(e.httpClient.get(u.load,{queryParams:{userId:n},token:t}),(e=>e.user)),logoutUser:n=>s(e.httpClient.post(u.logout,{loginId:n},{token:t})),logoutUserByUserId:n=>s(e.httpClient.post(u.logout,{userId:n},{token:t})),searchAll:(n,o,a,i,r,l,d,p,m,c)=>s(e.httpClient.post(u.search,{tenantIds:n,roleNames:o,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:n=>s(e.httpClient.post(u.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),search:n=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(n,o,a)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:n,provider:o,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"enabled"},{token:t}),(e=>e.user)),deactivate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(n,o)=>s(e.httpClient.post(u.updateLoginId,{loginId:n,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(n,o,a)=>s(e.httpClient.post(u.updateEmail,{loginId:n,email:o,verified:a},{token:t}),(e=>e.user)),updatePhone:(n,o,a)=>s(e.httpClient.post(u.updatePhone,{loginId:n,phone:o,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(n,o,a,i,r)=>s(e.httpClient.post(u.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(n,o)=>s(e.httpClient.post(u.updatePicture,{loginId:n,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(n,o)=>s(e.httpClient.post(u.setRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addRoles:(n,o)=>s(e.httpClient.post(u.addRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(n,o)=>s(e.httpClient.post(u.removeRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addTenant:(n,o)=>s(e.httpClient.post(u.addTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(n,o)=>s(e.httpClient.post(u.removeTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(n,o,a)=>s(e.httpClient.post(u.setRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(n,o,a)=>s(e.httpClient.post(u.addRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(n,o,a)=>s(e.httpClient.post(u.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(n,o)=>s(e.httpClient.post(u.addSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(n,o)=>s(e.httpClient.post(u.setSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(n,o)=>s(e.httpClient.post(u.removeSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,i)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(n,o)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:n,customClaims:o},{token:t}),(e=>e)),setTemporaryPassword:(n,o)=>s(e.httpClient.post(u.setTemporaryPassword,{loginId:n,password:o},{token:t}),(e=>e)),setActivePassword:(n,o)=>s(e.httpClient.post(u.setActivePassword,{loginId:n,password:o},{token:t}),(e=>e)),setPassword:(n,o)=>s(e.httpClient.post(u.setPassword,{loginId:n,password:o},{token:t}),(e=>e)),expirePassword:n=>s(e.httpClient.post(u.expirePassword,{loginId:n},{token:t}),(e=>e)),removeAllPasskeys:n=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:n},{token:t}),(e=>e)),removeTOTPSeed:n=>s(e.httpClient.post(u.removeTOTPSeed,{loginId:n},{token:t}),(e=>e)),history:n=>s(e.httpClient.post(u.history,n,{token:t}),(e=>e))}),P=(e,t)=>({updateName:n=>s(e.httpClient.post(h.updateName,{name:n},{token:t})),updateTags:n=>s(e.httpClient.post(h.updateTags,{tags:n},{token:t})),clone:(n,o,a)=>s(e.httpClient.post(h.clone,{name:n,environment:o,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(h.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t})),importSnapshot:n=>s(e.httpClient.post(h.importSnapshot,n,{token:t})),validateSnapshot:n=>s(e.httpClient.post(h.validateSnapshot,n,{token:t})),export:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t}),(e=>e.files)),import:n=>s(e.httpClient.post(h.importSnapshot,{files:n},{token:t}))}),E=(e,t)=>({create:(n,o,a)=>s(e.httpClient.post(k.create,{name:n,selfProvisioningDomains:o,customAttributes:a},{token:t})),createWithId:(n,o,a,i)=>s(e.httpClient.post(k.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i},{token:t})),update:(n,o,a,i)=>s(e.httpClient.post(k.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i},{token:t})),delete:(n,o)=>s(e.httpClient.post(k.delete,{id:n,cascade:o},{token:t})),load:n=>s(e.httpClient.get(k.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants)),searchAll:(n,o,a,i)=>s(e.httpClient.post(k.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:n=>s(e.httpClient.get(k.settings,{queryParams:{id:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(k.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t})),generateSSOConfigurationLink:(n,o,a,i,r)=>s(e.httpClient.post(k.generateSSOConfigurationLink,{tenantId:n,expireTime:o,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),M=(e,t)=>({update:(n,o,a)=>s(e.httpClient.post(I.update,{jwt:n,customClaims:o,refreshDuration:a},{token:t})),impersonate:(n,o,a,i,r)=>s(e.httpClient.post(I.impersonate,{impersonatorId:n,loginId:o,validateConsent:a,customClaims:i,selectedTenant:r},{token:t})),signIn:(n,o)=>s(e.httpClient.post(I.signIn,Object.assign({loginId:n},o),{token:t})),signUp:(n,o,a)=>s(e.httpClient.post(I.signUp,Object.assign({loginId:n,user:o},a),{token:t})),signUpOrIn:(n,o,a)=>s(e.httpClient.post(I.signUpOrIn,Object.assign({loginId:n,user:o},a),{token:t})),anonymous:(n,o)=>s(e.httpClient.post(I.anonymous,{customClaims:n,selectedTenant:o},{token:t}))}),x=(e,t)=>({create:(n,o)=>s(e.httpClient.post(b.create,{name:n,description:o},{token:t})),update:(n,o,a)=>s(e.httpClient.post(b.update,{name:n,newName:o,description:a},{token:t})),delete:n=>s(e.httpClient.post(b.delete,{name:n},{token:t})),loadAll:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.permissions))}),U=(e,t)=>({create:(n,o,a,i)=>s(e.httpClient.post(w.create,{name:n,description:o,permissionNames:a,tenantId:i},{token:t})),update:(n,o,a,i,r)=>s(e.httpClient.post(w.update,{name:n,newName:o,description:a,permissionNames:i,tenantId:r},{token:t})),delete:(n,o)=>s(e.httpClient.post(w.delete,{name:n,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(w.loadAll,{token:t}),(e=>e.roles)),search:n=>s(e.httpClient.post(w.search,n,{token:t}),(e=>e.roles))}),D=(e,t)=>({loadAllGroups:n=>s(e.httpClient.post(O.loadAllGroups,{tenantId:n},{token:t})),loadAllGroupsForMember:(n,o,a)=>s(e.httpClient.post(O.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:t})),loadAllGroupMembers:(n,o)=>s(e.httpClient.post(O.loadAllGroupMembers,{tenantId:n,groupId:o},{token:t}))});function L(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const F=(e,t)=>({getSettings:n=>s(e.httpClient.get(f.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),newSettings:(n,o,a)=>s(e.httpClient.post(f.settingsNew,Object.assign(Object.assign({tenantId:n},o?{ssoId:o}:{}),{displayName:a}),{token:t}),(e=>L(e))),deleteSettings:(n,o)=>s(e.httpClient.delete(f.settings,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t})),configureSettings:(n,o,a,i,r,l)=>s(e.httpClient.post(f.settings,{tenantId:n,idpURL:o,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(n,o,a,i)=>s(e.httpClient.post(f.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:i},{token:t})),configureMapping:(n,o,a)=>s(e.httpClient.post(f.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:t})),configureOIDCSettings:(n,o,a,i)=>{const r=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(f.oidc.configure,Object.assign({tenantId:n,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(n,o,a,i,r)=>s(e.httpClient.post(f.saml.configure,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(n,o,a,i,r)=>s(e.httpClient.post(f.saml.metadata,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(n,o)=>s(e.httpClient.get(f.settingsv2,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t}),(e=>L(e))),loadAllSettings:n=>s(e.httpClient.get(f.settingsAllV2,{queryParams:{tenantId:n},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(L(e)))),s}(e)))}),z=(e,t)=>({create:(n,o,a,i,r,l,d,p)=>s(e.httpClient.post(v.create,{name:n,expireTime:o,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:d,permittedIps:p},{token:t})),load:n=>s(e.httpClient.get(v.load,{queryParams:{id:n},token:t}),(e=>e.key)),searchAll:n=>s(e.httpClient.post(v.search,{tenantIds:n},{token:t}),(e=>e.keys)),update:(n,o,a,i,r,l,d)=>s(e.httpClient.post(v.update,{id:n,name:o,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:d},{token:t}),(e=>e.key)),deactivate:n=>s(e.httpClient.post(v.deactivate,{id:n},{token:t})),activate:n=>s(e.httpClient.post(v.activate,{id:n},{token:t})),delete:n=>s(e.httpClient.post(v.delete,{id:n},{token:t}))}),q=(e,t)=>({list:()=>s(e.httpClient.post(A.list,{},{token:t})),delete:n=>s(e.httpClient.post(A.delete,{ids:n},{token:t})),export:n=>s(e.httpClient.post(A.export,{flowId:n},{token:t})),import:(n,o,a)=>s(e.httpClient.post(A.import,{flowId:n,flow:o,screens:a},{token:t}))}),$=(e,t)=>({export:()=>s(e.httpClient.post(S.export,{},{token:t})),import:n=>s(e.httpClient.post(S.import,{theme:n},{token:t}))}),J=(e,t)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,s(e.httpClient.post(T.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const o=Object.assign({},n);return s(e.httpClient.post(T.createEvent,o,{token:t}))}}),K=(e,t)=>({saveSchema:(n,o)=>s(e.httpClient.post(j.schemaSave,{schema:n,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(j.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(n,o,a)=>s(e.httpClient.post(j.nsSave,{namespace:n,oldName:o,schemaName:a},{token:t})),deleteNamespace:(n,o)=>s(e.httpClient.post(j.nsDelete,{name:n,schemaName:o},{token:t})),saveRelationDefinition:(n,o,a,i)=>s(e.httpClient.post(j.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(n,o,a)=>s(e.httpClient.post(j.rdDelete,{name:n,namespace:o,schemaName:a},{token:t})),createRelations:n=>s(e.httpClient.post(j.reCreate,{relations:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(j.reDelete,{relations:n},{token:t})),deleteRelationsForResources:n=>s(e.httpClient.post(j.reDeleteResources,{resources:n},{token:t})),deleteResourceRelationsForResources:n=>s(e.httpClient.post(j.reDeleteResourceRelationsForResources,{resources:n},{token:t})),deleteRelationsForIds:n=>s(e.httpClient.post(j.reDeleteResources,{resources:n},{token:t})),hasRelations:n=>s(e.httpClient.post(j.hasRelations,{relationQueries:n},{token:t}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>s(e.httpClient.post(j.who,{resource:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(n,o=!1)=>s(e.httpClient.post(j.resource,{resource:n,ignoreTargetSetRelations:o},{token:t}),(e=>e.relations)),targetsRelations:(n,o=!1)=>s(e.httpClient.post(j.targets,{targets:n,includeTargetSetRelations:o},{token:t}),(e=>e.relations)),whatCanTargetAccess:n=>s(e.httpClient.post(j.targetAll,{target:n},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,o,a)=>s(e.httpClient.post(j.targetWithRelation,{target:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>s(e.httpClient.post(j.getModified,{since:n?n.getTime():0},{token:t}),(e=>e))}),G=(e,t)=>({createOidcApplication:n=>{var o;return s(e.httpClient.post(C.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:n=>{var o;return s(e.httpClient.post(C.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:n=>s(e.httpClient.post(C.oidcUpdate,Object.assign({},n),{token:t})),updateSamlApplication:n=>s(e.httpClient.post(C.samlUpdate,Object.assign({},n),{token:t})),delete:n=>s(e.httpClient.post(C.delete,{id:n},{token:t})),load:n=>s(e.httpClient.get(C.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.apps))}),B=(e,t)=>({getSettings:n=>s(e.httpClient.get(y.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(y.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t}))}),W=(e,t)=>({saveSchema:n=>s(e.httpClient.post(N.schema,n,{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),createRelations:n=>s(e.httpClient.post(N.relations,{tuples:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(N.deleteRelations,{tuples:n},{token:t})),check:n=>s(e.httpClient.post(N.check,{tuples:n},{token:t}),(e=>e.tuples)),deleteAllRelations:()=>s(e.httpClient.delete(N.relations,{token:t}))});const H=s=>{var r,{managementKey:l,publicKey:d}=s,u=e(s,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:p},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.5"})})),{projectId:v,logger:k}=u,C={},f=((e,t)=>({user:R(e,t),project:P(e,t),accessKey:z(e,t),tenant:E(e,t),ssoApplication:G(e,t),sso:F(e,t),jwt:M(e,t),permission:x(e,t),password:B(e,t),role:U(e,t),group:D(e,t),flow:q(e,t),theme:$(e,t),audit:J(e,t),authz:K(e,t),fga:W(e,t)}))(h,l),I=Object.assign(Object.assign({},h),{refresh:async e=>h.refresh(e),management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(C[e.kid])return C[e.kid];if(Object.assign(C,await(async()=>{if(d)try{const e=JSON.parse(d),t=await i(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${v}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!C[e.kid])throw Error("failed to fetch matching key");return C[e.kid]},async validateJwt(e){var t;const s=(await o(e,I.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==v))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await I.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await I.validateJwt(e);const n=await I.refresh(e);if(n.ok){return await I.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await I.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return I.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await I.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==k||k.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=n.data;if(!o)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await I.validateJwt(o)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>I.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>I.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const n=c(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const n=c(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>I.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>I.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const n=c(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const n=c(e,"roles",t);return s.filter((e=>n.includes(e)))}});return n(I,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};H.RefreshTokenCookieName="DSR",H.SessionTokenCookieName="DS",H.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{H as default};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as n}from"@descope/core-js-sdk";import{jwtVerify as o,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=r);const d=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=t=>async(...s)=>{var n,o,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,p=e(r,["refreshJwt"]);const d=[];var m;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(m=p)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:d})})};function c(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},h={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},C={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},y={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},I={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},b={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},S={settings:"/v1/mgmt/password/settings"},A={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},w={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},O={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},j={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},T={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},N={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},R={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},P={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};const E=(e,t)=>({create:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(u.create,C,{token:t}),(e=>e.user))},createTestUser:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.createTestUser,C,{token:t}),(e=>e.user))},invite:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k,C,f,y,I){const b="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y,templateId:I}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,b,{token:t}),(e=>e.user))},inviteBatch:(n,o,a,i,r,l)=>s(e.httpClient.post(u.createBatch,{users:n.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:o,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(u.update,C,{token:t}),(e=>e.user))},patch:function(n,o){const a={loginId:n};return void 0!==o.email&&(a.email=o.email),void 0!==o.phone&&(a.phone=o.phone),void 0!==o.displayName&&(a.displayName=o.displayName),void 0!==o.givenName&&(a.givenName=o.givenName),void 0!==o.middleName&&(a.middleName=o.middleName),void 0!==o.familyName&&(a.familyName=o.familyName),void 0!==o.roles&&(a.roleNames=o.roles),void 0!==o.userTenants&&(a.userTenants=o.userTenants),void 0!==o.customAttributes&&(a.customAttributes=o.customAttributes),void 0!==o.picture&&(a.picture=o.picture),void 0!==o.verifiedEmail&&(a.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(a.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(a.ssoAppIds=o.ssoAppIds),void 0!==o.scim&&(a.scim=o.scim),s(e.httpClient.patch(u.patch,a,{token:t}),(e=>e.user))},delete:n=>s(e.httpClient.post(u.delete,{loginId:n},{token:t})),deleteByUserId:n=>s(e.httpClient.post(u.delete,{userId:n},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:n=>s(e.httpClient.get(u.load,{queryParams:{loginId:n},token:t}),(e=>e.user)),loadByUserId:n=>s(e.httpClient.get(u.load,{queryParams:{userId:n},token:t}),(e=>e.user)),logoutUser:n=>s(e.httpClient.post(u.logout,{loginId:n},{token:t})),logoutUserByUserId:n=>s(e.httpClient.post(u.logout,{userId:n},{token:t})),searchAll:(n,o,a,i,r,l,p,d,m,c)=>s(e.httpClient.post(u.search,{tenantIds:n,roleNames:o,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:p,statuses:d,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:n=>s(e.httpClient.post(u.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),search:n=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(n,o,a)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:n,provider:o,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"enabled"},{token:t}),(e=>e.user)),deactivate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(n,o)=>s(e.httpClient.post(u.updateLoginId,{loginId:n,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(n,o,a)=>s(e.httpClient.post(u.updateEmail,{loginId:n,email:o,verified:a},{token:t}),(e=>e.user)),updatePhone:(n,o,a)=>s(e.httpClient.post(u.updatePhone,{loginId:n,phone:o,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(n,o,a,i,r)=>s(e.httpClient.post(u.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(n,o)=>s(e.httpClient.post(u.updatePicture,{loginId:n,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(n,o)=>s(e.httpClient.post(u.setRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addRoles:(n,o)=>s(e.httpClient.post(u.addRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(n,o)=>s(e.httpClient.post(u.removeRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addTenant:(n,o)=>s(e.httpClient.post(u.addTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(n,o)=>s(e.httpClient.post(u.removeTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(n,o,a)=>s(e.httpClient.post(u.setRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(n,o,a)=>s(e.httpClient.post(u.addRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(n,o,a)=>s(e.httpClient.post(u.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(n,o)=>s(e.httpClient.post(u.addSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(n,o)=>s(e.httpClient.post(u.setSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(n,o)=>s(e.httpClient.post(u.removeSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,i)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(n,o,a)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:n,customClaims:o,timeout:a},{token:t}),(e=>e)),generateSignUpEmbeddedLink:(n,o,a,i,r,l)=>s(e.httpClient.post(u.generateSignUpEmbeddedLink,{loginId:n,user:o,emailVerified:a,phoneVerified:i,loginOptions:r,timeout:l},{token:t}),(e=>e)),setTemporaryPassword:(n,o)=>s(e.httpClient.post(u.setTemporaryPassword,{loginId:n,password:o},{token:t}),(e=>e)),setActivePassword:(n,o)=>s(e.httpClient.post(u.setActivePassword,{loginId:n,password:o},{token:t}),(e=>e)),setPassword:(n,o)=>s(e.httpClient.post(u.setPassword,{loginId:n,password:o},{token:t}),(e=>e)),expirePassword:n=>s(e.httpClient.post(u.expirePassword,{loginId:n},{token:t}),(e=>e)),removeAllPasskeys:n=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:n},{token:t}),(e=>e)),removeTOTPSeed:n=>s(e.httpClient.post(u.removeTOTPSeed,{loginId:n},{token:t}),(e=>e)),history:n=>s(e.httpClient.post(u.history,n,{token:t}),(e=>e))}),M=(e,t)=>({updateName:n=>s(e.httpClient.post(h.updateName,{name:n},{token:t})),updateTags:n=>s(e.httpClient.post(h.updateTags,{tags:n},{token:t})),clone:(n,o,a)=>s(e.httpClient.post(h.clone,{name:n,environment:o,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(h.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t})),importSnapshot:n=>s(e.httpClient.post(h.importSnapshot,n,{token:t})),validateSnapshot:n=>s(e.httpClient.post(h.validateSnapshot,n,{token:t})),export:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t}),(e=>e.files)),import:n=>s(e.httpClient.post(h.importSnapshot,{files:n},{token:t}))}),U=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(k.create,{name:n,selfProvisioningDomains:o,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(n,o,a,i,r,l)=>s(e.httpClient.post(k.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(k.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(k.delete,{id:n,cascade:o},{token:t})),load:n=>s(e.httpClient.get(k.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants)),searchAll:(n,o,a,i)=>s(e.httpClient.post(k.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:n=>s(e.httpClient.get(k.settings,{queryParams:{id:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(k.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t})),generateSSOConfigurationLink:(n,o,a,i,r)=>s(e.httpClient.post(k.generateSSOConfigurationLink,{tenantId:n,expireTime:o,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),x=(e,t)=>({update:(n,o,a)=>s(e.httpClient.post(b.update,{jwt:n,customClaims:o,refreshDuration:a},{token:t})),impersonate:(n,o,a,i,r,l)=>s(e.httpClient.post(b.impersonate,{impersonatorId:n,loginId:o,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(n,o,a,i)=>s(e.httpClient.post(b.stopImpersonation,{jwt:n,customClaims:o,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(n,o)=>s(e.httpClient.post(b.signIn,Object.assign({loginId:n},o),{token:t})),signUp:(n,o,a)=>s(e.httpClient.post(b.signUp,Object.assign({loginId:n,user:o},a),{token:t})),signUpOrIn:(n,o,a)=>s(e.httpClient.post(b.signUpOrIn,Object.assign({loginId:n,user:o},a),{token:t})),anonymous:(n,o,a)=>s(e.httpClient.post(b.anonymous,{customClaims:n,selectedTenant:o,refreshDuration:a},{token:t}))}),D=(e,t)=>({create:(n,o)=>s(e.httpClient.post(A.create,{name:n,description:o},{token:t})),update:(n,o,a)=>s(e.httpClient.post(A.update,{name:n,newName:o,description:a},{token:t})),delete:n=>s(e.httpClient.post(A.delete,{name:n},{token:t})),loadAll:()=>s(e.httpClient.get(A.loadAll,{token:t}),(e=>e.permissions))}),L=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(w.create,{name:n,description:o,permissionNames:a,tenantId:i,default:r},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(w.update,{name:n,newName:o,description:a,permissionNames:i,tenantId:r,default:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(w.delete,{name:n,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(w.loadAll,{token:t}),(e=>e.roles)),search:n=>s(e.httpClient.post(w.search,n,{token:t}),(e=>e.roles))}),F=(e,t)=>({loadAllGroups:n=>s(e.httpClient.post(T.loadAllGroups,{tenantId:n},{token:t})),loadAllGroupsForMember:(n,o,a)=>s(e.httpClient.post(T.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:t})),loadAllGroupMembers:(n,o)=>s(e.httpClient.post(T.loadAllGroupMembers,{tenantId:n,groupId:o},{token:t}))});function z(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const q=(e,t)=>({getSettings:n=>s(e.httpClient.get(I.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),newSettings:(n,o,a)=>s(e.httpClient.post(I.settingsNew,Object.assign(Object.assign({tenantId:n},o?{ssoId:o}:{}),{displayName:a}),{token:t}),(e=>z(e))),deleteSettings:(n,o)=>s(e.httpClient.delete(I.settings,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t})),configureSettings:(n,o,a,i,r,l)=>s(e.httpClient.post(I.settings,{tenantId:n,idpURL:o,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(n,o,a,i)=>s(e.httpClient.post(I.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:i},{token:t})),configureMapping:(n,o,a)=>s(e.httpClient.post(I.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:t})),configureOIDCSettings:(n,o,a,i)=>{const r=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(I.oidc.configure,Object.assign({tenantId:n,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(n,o,a,i,r)=>s(e.httpClient.post(I.saml.configure,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(n,o,a,i,r)=>s(e.httpClient.post(I.saml.metadata,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(n,o)=>s(e.httpClient.get(I.settingsv2,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t}),(e=>z(e))),loadAllSettings:n=>s(e.httpClient.get(I.settingsAllV2,{queryParams:{tenantId:n},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(z(e)))),s}(e)))}),$=(e,t)=>({create:(n,o,a,i,r,l,p,d)=>s(e.httpClient.post(v.create,{name:n,expireTime:o,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:p,permittedIps:d},{token:t})),load:n=>s(e.httpClient.get(v.load,{queryParams:{id:n},token:t}),(e=>e.key)),searchAll:n=>s(e.httpClient.post(v.search,{tenantIds:n},{token:t}),(e=>e.keys)),update:(n,o,a,i,r,l,p)=>s(e.httpClient.post(v.update,{id:n,name:o,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:p},{token:t}),(e=>e.key)),deactivate:n=>s(e.httpClient.post(v.deactivate,{id:n},{token:t})),activate:n=>s(e.httpClient.post(v.activate,{id:n},{token:t})),delete:n=>s(e.httpClient.post(v.delete,{id:n},{token:t}))}),J=(e,t)=>({list:()=>s(e.httpClient.post(O.list,{},{token:t})),delete:n=>s(e.httpClient.post(O.delete,{ids:n},{token:t})),export:n=>s(e.httpClient.post(O.export,{flowId:n},{token:t})),import:(n,o,a)=>s(e.httpClient.post(O.import,{flowId:n,flow:o,screens:a},{token:t}))}),K=(e,t)=>({export:()=>s(e.httpClient.post(j.export,{},{token:t})),import:n=>s(e.httpClient.post(j.import,{theme:n},{token:t}))}),G=(e,t)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,s(e.httpClient.post(N.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const o=Object.assign({},n);return s(e.httpClient.post(N.createEvent,o,{token:t}))}}),B=(e,t)=>({saveSchema:(n,o)=>s(e.httpClient.post(R.schemaSave,{schema:n,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(R.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(R.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(n,o,a)=>s(e.httpClient.post(R.nsSave,{namespace:n,oldName:o,schemaName:a},{token:t})),deleteNamespace:(n,o)=>s(e.httpClient.post(R.nsDelete,{name:n,schemaName:o},{token:t})),saveRelationDefinition:(n,o,a,i)=>s(e.httpClient.post(R.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(n,o,a)=>s(e.httpClient.post(R.rdDelete,{name:n,namespace:o,schemaName:a},{token:t})),createRelations:n=>s(e.httpClient.post(R.reCreate,{relations:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(R.reDelete,{relations:n},{token:t})),deleteRelationsForResources:n=>s(e.httpClient.post(R.reDeleteResources,{resources:n},{token:t})),deleteResourceRelationsForResources:n=>s(e.httpClient.post(R.reDeleteResourceRelationsForResources,{resources:n},{token:t})),deleteRelationsForIds:n=>s(e.httpClient.post(R.reDeleteResources,{resources:n},{token:t})),hasRelations:n=>s(e.httpClient.post(R.hasRelations,{relationQueries:n},{token:t}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>s(e.httpClient.post(R.who,{resource:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(n,o=!1)=>s(e.httpClient.post(R.resource,{resource:n,ignoreTargetSetRelations:o},{token:t}),(e=>e.relations)),targetsRelations:(n,o=!1)=>s(e.httpClient.post(R.targets,{targets:n,includeTargetSetRelations:o},{token:t}),(e=>e.relations)),whatCanTargetAccess:n=>s(e.httpClient.post(R.targetAll,{target:n},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,o,a)=>s(e.httpClient.post(R.targetWithRelation,{target:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>s(e.httpClient.post(R.getModified,{since:n?n.getTime():0},{token:t}),(e=>e))}),W=(e,t)=>({createOidcApplication:n=>{var o;return s(e.httpClient.post(C.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:n=>{var o;return s(e.httpClient.post(C.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:n=>s(e.httpClient.post(C.oidcUpdate,Object.assign({},n),{token:t})),updateSamlApplication:n=>s(e.httpClient.post(C.samlUpdate,Object.assign({},n),{token:t})),delete:n=>s(e.httpClient.post(C.delete,{id:n},{token:t})),load:n=>s(e.httpClient.get(C.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.apps))}),V=(e,t)=>({getSettings:n=>s(e.httpClient.get(S.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(S.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t}))}),H=(e,t)=>({saveSchema:n=>s(e.httpClient.post(P.schema,n,{token:t})),deleteSchema:()=>s(e.httpClient.post(R.schemaDelete,{},{token:t})),createRelations:n=>s(e.httpClient.post(P.relations,{tuples:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(P.deleteRelations,{tuples:n},{token:t})),check:n=>s(e.httpClient.post(P.check,{tuples:n},{token:t}),(e=>e.tuples)),loadResourcesDetails:n=>s(e.httpClient.post(P.resourcesLoad,{resourceIdentifiers:n},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:n=>s(e.httpClient.post(P.resourcesSave,{resourcesDetails:n},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(P.relations,{token:t}))}),Q=(e,t)=>({createApplication:n=>s(e.httpClient.post(f.create,Object.assign({},n),{token:t})),updateApplication:n=>s(e.httpClient.post(f.update,Object.assign({},n),{token:t})),patchApplication:n=>s(e.httpClient.post(f.patch,Object.assign({},n),{token:t})),deleteApplication:n=>s(e.httpClient.post(f.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(f.load,{queryParams:{id:n},token:t}),(e=>e)),loadAllApplications:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.apps)),getApplicationSecret:n=>s(e.httpClient.get(f.secret,{queryParams:{id:n},token:t}),(e=>e)),rotateApplicationSecret:n=>s(e.httpClient.post(f.rotate,{id:n},{token:t})),searchConsents:n=>s(e.httpClient.post(y.search,Object.assign({},n),{token:t}),(e=>e.consents)),deleteConsents:n=>s(e.httpClient.post(y.delete,Object.assign({},n),{token:t}))});const _=s=>{var r,{managementKey:l,publicKey:p}=s,u=e(s,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:d},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.7"})})),{projectId:v,logger:k}=u,C={},f=((e,t)=>({user:E(e,t),project:M(e,t),accessKey:$(e,t),tenant:U(e,t),ssoApplication:W(e,t),inboundApplication:Q(e,t),sso:q(e,t),jwt:x(e,t),permission:D(e,t),password:V(e,t),role:L(e,t),group:F(e,t),flow:J(e,t),theme:K(e,t),audit:G(e,t),authz:B(e,t),fga:H(e,t)}))(h,l),y=Object.assign(Object.assign({},h),{refresh:async e=>h.refresh(e),management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(C[e.kid])return C[e.kid];if(Object.assign(C,await(async()=>{if(p)try{const e=JSON.parse(p),t=await i(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${v}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!C[e.kid])throw Error("failed to fetch matching key");return C[e.kid]},async validateJwt(e){var t;const s=(await o(e,y.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==v))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await y.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await y.validateJwt(e);const n=await y.refresh(e);if(n.ok){return await y.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await y.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return y.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await y.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==k||k.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=n.data;if(!o)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await y.validateJwt(o)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>y.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>y.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const n=c(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const n=c(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>y.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>y.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const n=c(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const n=c(e,"roles",t);return s.filter((e=>n.includes(e)))}});return n(y,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};_.RefreshTokenCookieName="DSR",_.SessionTokenCookieName="DS",_.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{_ as default};
2
2
  //# sourceMappingURL=index.esm.js.map