npm - @descope/node-sdk - Versions diffs - 1.7.6 → 1.7.7 - Mend

@descope/node-sdk 1.7.6 → 1.7.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -161,7 +161,7 @@ declare type Tenant = {
     customAttributes?: Record<string, string | number | boolean>;
     domains?: string[];
     authType?: 'none' | 'saml' | 'oidc';
-    forceSSO?: boolean;
+    enforceSSO?: boolean;
     disabled?: boolean;
 };
 /** Represents settings of a tenant in a project. It has an id, a name and an array of
@@ -255,6 +255,7 @@ declare type Role = {
     permissionNames: string[];
     createdTime: number;
     tenantId?: string;
+    default?: boolean;
 };
 /** Search roles based on the parameters */
 declare type RoleSearchOptions = {
@@ -750,6 +751,62 @@ interface UserOptions {
 declare type MgmtUserOptions = Omit<UserOptions, 'roles' | 'userTenants' | 'customAttributes' | 'picture' | 'additionalLoginIds' | 'displayName'> & {
     name?: string;
 };
+declare type InboundApplicationScope = {
+    name: string;
+    description: string;
+    values?: string[];
+    optional?: boolean;
+};
+/**
+ * Represents an inbound application request in a project.
+ * This type is used to create a new inbound application in a project.
+ */
+declare type InboundApplicationOptions = {
+    name: string;
+    description?: string;
+    logo?: string;
+    loginPageUrl?: string;
+    approvedCallbackUrls?: string[];
+    permissionsScopes: InboundApplicationScope[];
+    attributesScopes?: InboundApplicationScope[];
+};
+/**
+ * Represents an inbound application in a project.
+ */
+declare type InboundApplication = InboundApplicationOptions & {
+    id: string;
+    clientId: string;
+};
+declare type InboundApplicationSecretResponse = {
+    cleartext: string;
+};
+declare type CreateInboundApplicationResponse = {
+    id: string;
+    clientId: string;
+} & InboundApplicationSecretResponse;
+/**
+ * Represents an inbound application consent for a single application
+ * for a specific user within the project.
+ */
+declare type InboundApplicationConsent = {
+    id: string;
+    appId: string;
+    userId: string;
+    scopes: string[];
+    grantedBy: string;
+    createdTime: number;
+};
+declare type InboundApplicationConsentSearchOptions = {
+    appId?: string;
+    userId?: string;
+    consentId?: string;
+    page?: number;
+};
+declare type InboundApplicationConsentDeleteOptions = {
+    consentIds?: string[];
+    appId?: string;
+    userIds?: string[];
+};
 interface PatchUserOptions {
     email?: string;
@@ -884,7 +941,15 @@ declare const nodeSdk: {
                 generateOTPForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
                 generateMagicLinkForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
                 generateEnchantedLinkForTestUser: (loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
-                generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
+                generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>, timeout?: number) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
+                generateSignUpEmbeddedLink: (loginId: string, user?: {
+                    name?: string;
+                    givenName?: string;
+                    middleName?: string;
+                    familyName?: string;
+                    phone?: string;
+                    email?: string;
+                }, emailVerified?: boolean, phoneVerified?: boolean, loginOptions?: _descope_core_js_sdk.LoginOptions, timeout?: number) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
                 setTemporaryPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
                 setActivePassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
                 setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
@@ -938,6 +1003,22 @@ declare const nodeSdk: {
                 load: (id: string) => Promise<SdkResponse<SSOApplication>>;
                 loadAll: () => Promise<SdkResponse<SSOApplication[]>>;
             };
+            inboundApplication: {
+                createApplication: (options: InboundApplicationOptions) => Promise<SdkResponse<CreateInboundApplicationResponse>>;
+                updateApplication: (options: InboundApplicationOptions & {
+                    id: string;
+                }) => Promise<SdkResponse<never>>;
+                patchApplication: (options: Partial<InboundApplicationOptions> & {
+                    id: string;
+                }) => Promise<SdkResponse<never>>;
+                deleteApplication: (id: string) => Promise<SdkResponse<never>>;
+                loadApplication: (id: string) => Promise<SdkResponse<InboundApplication>>;
+                loadAllApplications: () => Promise<SdkResponse<InboundApplication[]>>;
+                getApplicationSecret: (id: string) => Promise<SdkResponse<InboundApplicationSecretResponse>>;
+                rotateApplicationSecret: (id: string) => Promise<SdkResponse<never>>;
+                searchConsents: (options?: InboundApplicationConsentSearchOptions) => Promise<SdkResponse<InboundApplicationConsent[]>>;
+                deleteConsents: (options: InboundApplicationConsentDeleteOptions) => Promise<SdkResponse<never>>;
+            };
             sso: {
                 getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
                 newSettings: (tenantId: string, ssoId: string, displayName: string) => Promise<SdkResponse<SSOSettings>>;
@@ -979,8 +1060,8 @@ declare const nodeSdk: {
                 configureSettings: (tenantId: string, settings: PasswordSettings) => Promise<SdkResponse<never>>;
             };
             role: {
-                create: (name: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
-                update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
+                create: (name: string, description?: string, permissionNames?: string[], tenantId?: string, defaultRole?: boolean) => Promise<SdkResponse<never>>;
+                update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string, defaultRole?: boolean) => Promise<SdkResponse<never>>;
                 delete: (name: string, tenantId?: string) => Promise<SdkResponse<never>>;
                 loadAll: () => Promise<SdkResponse<Role[]>>;
                 search: (options: RoleSearchOptions) => Promise<SdkResponse<Role[]>>;
@@ -1168,7 +1249,13 @@ declare const nodeSdk: {
             };
             update: {
                 email: <T extends boolean>(loginId: string, email: string, token?: string, updateOptions?: {
-                    addToLoginIDs?: T;
+                    addToLoginIDs?: T; /**
+                     * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                     * @param authInfo JWT parsed info containing the permissions
+                     * @param tenant tenant to match the permissions for
+                     * @param permissions List of permissions to match against the JWT claims
+                     * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                     * */
                     onMergeUseExisting?: T extends true ? boolean : never;
                     templateOptions?: {
                         [x: string]: string;
@@ -1180,7 +1267,13 @@ declare const nodeSdk: {
                 }>>;
                 phone: {
                     sms: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_1;
+                        addToLoginIDs?: T_1; /**
+                         * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param tenant tenant to match the permissions for
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         * */
                         onMergeUseExisting?: T_1 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1191,7 +1284,13 @@ declare const nodeSdk: {
                         maskedPhone: string;
                     }>>;
                     voice: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_1;
+                        addToLoginIDs?: T_1; /**
+                         * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param tenant tenant to match the permissions for
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         * */
                         onMergeUseExisting?: T_1 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1202,7 +1301,13 @@ declare const nodeSdk: {
                         maskedPhone: string;
                     }>>;
                     whatsapp: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_1;
+                        addToLoginIDs?: T_1; /**
+                         * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param tenant tenant to match the permissions for
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         * */
                         onMergeUseExisting?: T_1 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1340,7 +1445,13 @@ declare const nodeSdk: {
             };
             update: {
                 email: <T_2 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
-                    addToLoginIDs?: T_2;
+                    addToLoginIDs?: T_2; /**
+                     * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                     * @param authInfo JWT parsed info containing the permissions
+                     * @param tenant tenant to match the permissions for
+                     * @param permissions List of permissions to match against the JWT claims
+                     * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                     * */
                     onMergeUseExisting?: T_2 extends true ? boolean : never;
                     templateOptions?: {
                         [x: string]: string;
@@ -1352,7 +1463,13 @@ declare const nodeSdk: {
                 }>>;
                 phone: {
                     sms: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_3;
+                        addToLoginIDs?: T_3; /**
+                         * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param tenant tenant to match the permissions for
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         * */
                         onMergeUseExisting?: T_3 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1363,7 +1480,13 @@ declare const nodeSdk: {
                         maskedPhone: string;
                     }>>;
                     voice: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_3;
+                        addToLoginIDs?: T_3; /**
+                         * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param tenant tenant to match the permissions for
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         * */
                         onMergeUseExisting?: T_3 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1374,7 +1497,13 @@ declare const nodeSdk: {
                         maskedPhone: string;
                     }>>;
                     whatsapp: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_3;
+                        addToLoginIDs?: T_3; /**
+                         * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param tenant tenant to match the permissions for
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         * */
                         onMergeUseExisting?: T_3 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1423,7 +1552,13 @@ declare const nodeSdk: {
             }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
             update: {
                 email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
-                    addToLoginIDs?: T_4;
+                    addToLoginIDs?: T_4; /**
+                     * Retrieves the permissions from JWT tenant claims that match the specified permissions list
+                     * @param authInfo JWT parsed info containing the permissions
+                     * @param tenant tenant to match the permissions for
+                     * @param permissions List of permissions to match against the JWT claims
+                     * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                     * */
                     onMergeUseExisting?: T_4 extends true ? boolean : never;
                     templateOptions?: {
                         [x: string]: string;
@@ -1434,7 +1569,7 @@ declare const nodeSdk: {
             };
         };
         oauth: {
-            start: ((provider: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
+            start: ((provider: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, loginHint?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
                 facebook: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
                 github: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
                 google: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
@@ -1627,7 +1762,12 @@ declare const nodeSdk: {
                 oidcLoginHint?: string;
                 abTestingKey?: number;
                 startOptionsVersion?: number;
-                client?: Record<string, any>;
+                client?: Record<string, any>; /**
+                 * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                 * @param authInfo JWT parsed info containing the permissions
+                 * @param permissions List of permissions to match against the JWT claims
+                 * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                 */
                 locale?: string;
                 oidcPrompt?: string;
                 oidcErrorRedirectUri?: string;
@@ -1672,12 +1812,6 @@ declare const nodeSdk: {
                 };
                 token?: string;
             }) => Promise<Response>;
-            /**
-             * Retrieves the roles from JWT top level claims that match the specified roles list
-             * @param authInfo JWT parsed info containing the roles
-             * @param roles List of roles to match against the JWT claims
-             * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
-             */
             post: (path: string, body?: any, config?: {
                 headers?: HeadersInit;
                 queryParams?: {

package/dist/index.esm.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as n,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var d;null!==(d=globalThis.Headers)&&void 0!==d||(globalThis.Headers=r);const p=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=t=>async(...s)=>{var o,n,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function c(e,t,s){var o,n;const a=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(a)?a:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},h={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},C={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},I={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},y={settings:"/v1/mgmt/password/settings"},b={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},S={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},w={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},O={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},A={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},T={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},j={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},N={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};const R=(e,t)=>({create:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(u.create,C,{token:t}),(e=>e.user))},createTestUser:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.createTestUser,C,{token:t}),(e=>e.user))},invite:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k,C,f,I,y){const b="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:I,templateId:y}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,b,{token:t}),(e=>e.user))},inviteBatch:(o,n,a,i,r,l)=>s(e.httpClient.post(u.createBatch,{users:o.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:n,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(u.update,C,{token:t}),(e=>e.user))},patch:function(o,n){const a={loginId:o};return void 0!==n.email&&(a.email=n.email),void 0!==n.phone&&(a.phone=n.phone),void 0!==n.displayName&&(a.displayName=n.displayName),void 0!==n.givenName&&(a.givenName=n.givenName),void 0!==n.middleName&&(a.middleName=n.middleName),void 0!==n.familyName&&(a.familyName=n.familyName),void 0!==n.roles&&(a.roleNames=n.roles),void 0!==n.userTenants&&(a.userTenants=n.userTenants),void 0!==n.customAttributes&&(a.customAttributes=n.customAttributes),void 0!==n.picture&&(a.picture=n.picture),void 0!==n.verifiedEmail&&(a.verifiedEmail=n.verifiedEmail),void 0!==n.verifiedPhone&&(a.verifiedPhone=n.verifiedPhone),void 0!==n.ssoAppIds&&(a.ssoAppIds=n.ssoAppIds),void 0!==n.scim&&(a.scim=n.scim),s(e.httpClient.patch(u.patch,a,{token:t}),(e=>e.user))},delete:o=>s(e.httpClient.post(u.delete,{loginId:o},{token:t})),deleteByUserId:o=>s(e.httpClient.post(u.delete,{userId:o},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:o=>s(e.httpClient.get(u.load,{queryParams:{loginId:o},token:t}),(e=>e.user)),loadByUserId:o=>s(e.httpClient.get(u.load,{queryParams:{userId:o},token:t}),(e=>e.user)),logoutUser:o=>s(e.httpClient.post(u.logout,{loginId:o},{token:t})),logoutUserByUserId:o=>s(e.httpClient.post(u.logout,{userId:o},{token:t})),searchAll:(o,n,a,i,r,l,d,p,m,c)=>s(e.httpClient.post(u.search,{tenantIds:o,roleNames:n,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:o=>s(e.httpClient.post(u.searchTestUsers,Object.assign(Object.assign({},o),{withTestUser:!0,testUsersOnly:!0,roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),search:o=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},o),{roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(o,n,a)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:o,provider:n,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:o=>s(e.httpClient.post(u.updateStatus,{loginId:o,status:"enabled"},{token:t}),(e=>e.user)),deactivate:o=>s(e.httpClient.post(u.updateStatus,{loginId:o,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(o,n)=>s(e.httpClient.post(u.updateLoginId,{loginId:o,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(o,n,a)=>s(e.httpClient.post(u.updateEmail,{loginId:o,email:n,verified:a},{token:t}),(e=>e.user)),updatePhone:(o,n,a)=>s(e.httpClient.post(u.updatePhone,{loginId:o,phone:n,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(o,n,a,i,r)=>s(e.httpClient.post(u.updateDisplayName,{loginId:o,displayName:n,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(o,n)=>s(e.httpClient.post(u.updatePicture,{loginId:o,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(o,n,a)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(o,n)=>s(e.httpClient.post(u.setRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addRoles:(o,n)=>s(e.httpClient.post(u.addRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(o,n)=>s(e.httpClient.post(u.removeRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addTenant:(o,n)=>s(e.httpClient.post(u.addTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(o,n)=>s(e.httpClient.post(u.removeTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(o,n,a)=>s(e.httpClient.post(u.setRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(o,n,a)=>s(e.httpClient.post(u.addRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(o,n,a)=>s(e.httpClient.post(u.removeRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(o,n)=>s(e.httpClient.post(u.addSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(o,n)=>s(e.httpClient.post(u.setSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(o,n)=>s(e.httpClient.post(u.removeSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(o,n,a)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:o,loginId:n,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(o,n,a,i)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(o,n,a)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:o,URI:n,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(o,n)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:o,customClaims:n},{token:t}),(e=>e)),setTemporaryPassword:(o,n)=>s(e.httpClient.post(u.setTemporaryPassword,{loginId:o,password:n},{token:t}),(e=>e)),setActivePassword:(o,n)=>s(e.httpClient.post(u.setActivePassword,{loginId:o,password:n},{token:t}),(e=>e)),setPassword:(o,n)=>s(e.httpClient.post(u.setPassword,{loginId:o,password:n},{token:t}),(e=>e)),expirePassword:o=>s(e.httpClient.post(u.expirePassword,{loginId:o},{token:t}),(e=>e)),removeAllPasskeys:o=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:o},{token:t}),(e=>e)),removeTOTPSeed:o=>s(e.httpClient.post(u.removeTOTPSeed,{loginId:o},{token:t}),(e=>e)),history:o=>s(e.httpClient.post(u.history,o,{token:t}),(e=>e))}),P=(e,t)=>({updateName:o=>s(e.httpClient.post(h.updateName,{name:o},{token:t})),updateTags:o=>s(e.httpClient.post(h.updateTags,{tags:o},{token:t})),clone:(o,n,a)=>s(e.httpClient.post(h.clone,{name:o,environment:n,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(h.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:o})=>({id:e,name:t,environment:s,tags:o}))))),exportSnapshot:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t})),importSnapshot:o=>s(e.httpClient.post(h.importSnapshot,o,{token:t})),validateSnapshot:o=>s(e.httpClient.post(h.validateSnapshot,o,{token:t})),export:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t}),(e=>e.files)),import:o=>s(e.httpClient.post(h.importSnapshot,{files:o},{token:t}))}),E=(e,t)=>({create:(o,n,a,i,r)=>s(e.httpClient.post(k.create,{name:o,selfProvisioningDomains:n,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(o,n,a,i,r,l)=>s(e.httpClient.post(k.create,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(o,n,a,i,r,l)=>s(e.httpClient.post(k.update,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(o,n)=>s(e.httpClient.post(k.delete,{id:o,cascade:n},{token:t})),load:o=>s(e.httpClient.get(k.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants)),searchAll:(o,n,a,i)=>s(e.httpClient.post(k.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:o=>s(e.httpClient.get(k.settings,{queryParams:{id:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(k.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t})),generateSSOConfigurationLink:(o,n,a,i,r)=>s(e.httpClient.post(k.generateSSOConfigurationLink,{tenantId:o,expireTime:n,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),M=(e,t)=>({update:(o,n,a)=>s(e.httpClient.post(I.update,{jwt:o,customClaims:n,refreshDuration:a},{token:t})),impersonate:(o,n,a,i,r,l)=>s(e.httpClient.post(I.impersonate,{impersonatorId:o,loginId:n,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(o,n,a,i)=>s(e.httpClient.post(I.stopImpersonation,{jwt:o,customClaims:n,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(o,n)=>s(e.httpClient.post(I.signIn,Object.assign({loginId:o},n),{token:t})),signUp:(o,n,a)=>s(e.httpClient.post(I.signUp,Object.assign({loginId:o,user:n},a),{token:t})),signUpOrIn:(o,n,a)=>s(e.httpClient.post(I.signUpOrIn,Object.assign({loginId:o,user:n},a),{token:t})),anonymous:(o,n,a)=>s(e.httpClient.post(I.anonymous,{customClaims:o,selectedTenant:n,refreshDuration:a},{token:t}))}),x=(e,t)=>({create:(o,n)=>s(e.httpClient.post(b.create,{name:o,description:n},{token:t})),update:(o,n,a)=>s(e.httpClient.post(b.update,{name:o,newName:n,description:a},{token:t})),delete:o=>s(e.httpClient.post(b.delete,{name:o},{token:t})),loadAll:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.permissions))}),U=(e,t)=>({create:(o,n,a,i)=>s(e.httpClient.post(S.create,{name:o,description:n,permissionNames:a,tenantId:i},{token:t})),update:(o,n,a,i,r)=>s(e.httpClient.post(S.update,{name:o,newName:n,description:a,permissionNames:i,tenantId:r},{token:t})),delete:(o,n)=>s(e.httpClient.post(S.delete,{name:o,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(S.loadAll,{token:t}),(e=>e.roles)),search:o=>s(e.httpClient.post(S.search,o,{token:t}),(e=>e.roles))}),D=(e,t)=>({loadAllGroups:o=>s(e.httpClient.post(A.loadAllGroups,{tenantId:o},{token:t})),loadAllGroupsForMember:(o,n,a)=>s(e.httpClient.post(A.loadAllGroupsForMember,{tenantId:o,loginIds:a,userIds:n},{token:t})),loadAllGroupMembers:(o,n)=>s(e.httpClient.post(A.loadAllGroupMembers,{tenantId:o,groupId:n},{token:t}))});function L(e){var t,s;const o=e;return o.oidc&&(o.oidc=Object.assign(Object.assign({},o.oidc),{attributeMapping:o.oidc.userAttrMapping}),delete o.oidc.userAttrMapping),(null===(t=o.saml)||void 0===t?void 0:t.groupsMapping)&&(o.saml.groupsMapping=null===(s=o.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),o}const F=(e,t)=>({getSettings:o=>s(e.httpClient.get(f.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),newSettings:(o,n,a)=>s(e.httpClient.post(f.settingsNew,Object.assign(Object.assign({tenantId:o},n?{ssoId:n}:{}),{displayName:a}),{token:t}),(e=>L(e))),deleteSettings:(o,n)=>s(e.httpClient.delete(f.settings,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t})),configureSettings:(o,n,a,i,r,l)=>s(e.httpClient.post(f.settings,{tenantId:o,idpURL:n,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(o,n,a,i)=>s(e.httpClient.post(f.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:a,domains:i},{token:t})),configureMapping:(o,n,a)=>s(e.httpClient.post(f.mapping,{tenantId:o,roleMappings:n,attributeMapping:a},{token:t})),configureOIDCSettings:(o,n,a,i)=>{const r=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(f.oidc.configure,Object.assign({tenantId:o,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(o,n,a,i,r)=>s(e.httpClient.post(f.saml.configure,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(o,n,a,i,r)=>s(e.httpClient.post(f.saml.metadata,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(o,n)=>s(e.httpClient.get(f.settingsv2,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t}),(e=>L(e))),loadAllSettings:o=>s(e.httpClient.get(f.settingsAllV2,{queryParams:{tenantId:o},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(L(e)))),s}(e)))}),z=(e,t)=>({create:(o,n,a,i,r,l,d,p)=>s(e.httpClient.post(v.create,{name:o,expireTime:n,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:d,permittedIps:p},{token:t})),load:o=>s(e.httpClient.get(v.load,{queryParams:{id:o},token:t}),(e=>e.key)),searchAll:o=>s(e.httpClient.post(v.search,{tenantIds:o},{token:t}),(e=>e.keys)),update:(o,n,a,i,r,l,d)=>s(e.httpClient.post(v.update,{id:o,name:n,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:d},{token:t}),(e=>e.key)),deactivate:o=>s(e.httpClient.post(v.deactivate,{id:o},{token:t})),activate:o=>s(e.httpClient.post(v.activate,{id:o},{token:t})),delete:o=>s(e.httpClient.post(v.delete,{id:o},{token:t}))}),q=(e,t)=>({list:()=>s(e.httpClient.post(w.list,{},{token:t})),delete:o=>s(e.httpClient.post(w.delete,{ids:o},{token:t})),export:o=>s(e.httpClient.post(w.export,{flowId:o},{token:t})),import:(o,n,a)=>s(e.httpClient.post(w.import,{flowId:o,flow:n,screens:a},{token:t}))}),$=(e,t)=>({export:()=>s(e.httpClient.post(O.export,{},{token:t})),import:o=>s(e.httpClient.post(O.import,{theme:o},{token:t}))}),J=(e,t)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,s(e.httpClient.post(T.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:o=>{const n=Object.assign({},o);return s(e.httpClient.post(T.createEvent,n,{token:t}))}}),K=(e,t)=>({saveSchema:(o,n)=>s(e.httpClient.post(j.schemaSave,{schema:o,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(j.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(o,n,a)=>s(e.httpClient.post(j.nsSave,{namespace:o,oldName:n,schemaName:a},{token:t})),deleteNamespace:(o,n)=>s(e.httpClient.post(j.nsDelete,{name:o,schemaName:n},{token:t})),saveRelationDefinition:(o,n,a,i)=>s(e.httpClient.post(j.rdSave,{relationDefinition:o,namespace:n,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(o,n,a)=>s(e.httpClient.post(j.rdDelete,{name:o,namespace:n,schemaName:a},{token:t})),createRelations:o=>s(e.httpClient.post(j.reCreate,{relations:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(j.reDelete,{relations:o},{token:t})),deleteRelationsForResources:o=>s(e.httpClient.post(j.reDeleteResources,{resources:o},{token:t})),deleteResourceRelationsForResources:o=>s(e.httpClient.post(j.reDeleteResourceRelationsForResources,{resources:o},{token:t})),deleteRelationsForIds:o=>s(e.httpClient.post(j.reDeleteResources,{resources:o},{token:t})),hasRelations:o=>s(e.httpClient.post(j.hasRelations,{relationQueries:o},{token:t}),(e=>e.relationQueries)),whoCanAccess:(o,n,a)=>s(e.httpClient.post(j.who,{resource:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(o,n=!1)=>s(e.httpClient.post(j.resource,{resource:o,ignoreTargetSetRelations:n},{token:t}),(e=>e.relations)),targetsRelations:(o,n=!1)=>s(e.httpClient.post(j.targets,{targets:o,includeTargetSetRelations:n},{token:t}),(e=>e.relations)),whatCanTargetAccess:o=>s(e.httpClient.post(j.targetAll,{target:o},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(o,n,a)=>s(e.httpClient.post(j.targetWithRelation,{target:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:o=>s(e.httpClient.post(j.getModified,{since:o?o.getTime():0},{token:t}),(e=>e))}),G=(e,t)=>({createOidcApplication:o=>{var n;return s(e.httpClient.post(C.oidcCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:o=>{var n;return s(e.httpClient.post(C.samlCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:o=>s(e.httpClient.post(C.oidcUpdate,Object.assign({},o),{token:t})),updateSamlApplication:o=>s(e.httpClient.post(C.samlUpdate,Object.assign({},o),{token:t})),delete:o=>s(e.httpClient.post(C.delete,{id:o},{token:t})),load:o=>s(e.httpClient.get(C.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.apps))}),B=(e,t)=>({getSettings:o=>s(e.httpClient.get(y.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(y.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t}))}),W=(e,t)=>({saveSchema:o=>s(e.httpClient.post(N.schema,o,{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),createRelations:o=>s(e.httpClient.post(N.relations,{tuples:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(N.deleteRelations,{tuples:o},{token:t})),check:o=>s(e.httpClient.post(N.check,{tuples:o},{token:t}),(e=>e.tuples)),loadResourcesDetails:o=>s(e.httpClient.post(N.resourcesLoad,{resourceIdentifiers:o},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:o=>s(e.httpClient.post(N.resourcesSave,{resourcesDetails:o},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(N.relations,{token:t}))});const H=s=>{var r,{managementKey:l,publicKey:d}=s,u=e(s,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:p},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.6"})})),{projectId:v,logger:k}=u,C={},f=((e,t)=>({user:R(e,t),project:P(e,t),accessKey:z(e,t),tenant:E(e,t),ssoApplication:G(e,t),sso:F(e,t),jwt:M(e,t),permission:x(e,t),password:B(e,t),role:U(e,t),group:D(e,t),flow:q(e,t),theme:$(e,t),audit:J(e,t),authz:K(e,t),fga:W(e,t)}))(h,l),I=Object.assign(Object.assign({},h),{refresh:async e=>h.refresh(e),management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(C[e.kid])return C[e.kid];if(Object.assign(C,await(async()=>{if(d)try{const e=JSON.parse(d),t=await i(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${v}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!C[e.kid])throw Error("failed to fetch matching key");return C[e.kid]},async validateJwt(e){var t;const s=(await n(e,I.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==v))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await I.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await I.validateJwt(e);const o=await I.refresh(e);if(o.ok){return await I.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await I.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return I.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let o;try{o=await I.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!o.ok)throw null==k||k.error("failed to exchange access key",o.error),Error(`could not exchange access key - ${null===(s=o.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:n}=o.data;if(!n)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await I.validateJwt(n)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>I.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>I.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const o=c(e,"permissions",t);return s.every((e=>o.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const o=c(e,"permissions",t);return s.filter((e=>o.includes(e)))},validateRoles:(e,t)=>I.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>I.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const o=c(e,"roles",t);return s.every((e=>o.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const o=c(e,"roles",t);return s.filter((e=>o.includes(e)))}});return o(I,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};H.RefreshTokenCookieName="DSR",H.SessionTokenCookieName="DS",H.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{H as default};
+import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as n}from"@descope/core-js-sdk";import{jwtVerify as o,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=r);const d=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=t=>async(...s)=>{var n,o,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,p=e(r,["refreshJwt"]);const d=[];var m;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(m=p)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:d})})};function c(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},h={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},C={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},y={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},I={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},b={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},S={settings:"/v1/mgmt/password/settings"},A={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},w={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},O={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},j={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},T={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},N={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},R={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},P={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};const E=(e,t)=>({create:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(u.create,C,{token:t}),(e=>e.user))},createTestUser:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.createTestUser,C,{token:t}),(e=>e.user))},invite:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k,C,f,y,I){const b="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y,templateId:I}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,b,{token:t}),(e=>e.user))},inviteBatch:(n,o,a,i,r,l)=>s(e.httpClient.post(u.createBatch,{users:n.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:o,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(u.update,C,{token:t}),(e=>e.user))},patch:function(n,o){const a={loginId:n};return void 0!==o.email&&(a.email=o.email),void 0!==o.phone&&(a.phone=o.phone),void 0!==o.displayName&&(a.displayName=o.displayName),void 0!==o.givenName&&(a.givenName=o.givenName),void 0!==o.middleName&&(a.middleName=o.middleName),void 0!==o.familyName&&(a.familyName=o.familyName),void 0!==o.roles&&(a.roleNames=o.roles),void 0!==o.userTenants&&(a.userTenants=o.userTenants),void 0!==o.customAttributes&&(a.customAttributes=o.customAttributes),void 0!==o.picture&&(a.picture=o.picture),void 0!==o.verifiedEmail&&(a.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(a.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(a.ssoAppIds=o.ssoAppIds),void 0!==o.scim&&(a.scim=o.scim),s(e.httpClient.patch(u.patch,a,{token:t}),(e=>e.user))},delete:n=>s(e.httpClient.post(u.delete,{loginId:n},{token:t})),deleteByUserId:n=>s(e.httpClient.post(u.delete,{userId:n},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:n=>s(e.httpClient.get(u.load,{queryParams:{loginId:n},token:t}),(e=>e.user)),loadByUserId:n=>s(e.httpClient.get(u.load,{queryParams:{userId:n},token:t}),(e=>e.user)),logoutUser:n=>s(e.httpClient.post(u.logout,{loginId:n},{token:t})),logoutUserByUserId:n=>s(e.httpClient.post(u.logout,{userId:n},{token:t})),searchAll:(n,o,a,i,r,l,p,d,m,c)=>s(e.httpClient.post(u.search,{tenantIds:n,roleNames:o,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:p,statuses:d,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:n=>s(e.httpClient.post(u.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),search:n=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(n,o,a)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:n,provider:o,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"enabled"},{token:t}),(e=>e.user)),deactivate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(n,o)=>s(e.httpClient.post(u.updateLoginId,{loginId:n,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(n,o,a)=>s(e.httpClient.post(u.updateEmail,{loginId:n,email:o,verified:a},{token:t}),(e=>e.user)),updatePhone:(n,o,a)=>s(e.httpClient.post(u.updatePhone,{loginId:n,phone:o,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(n,o,a,i,r)=>s(e.httpClient.post(u.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(n,o)=>s(e.httpClient.post(u.updatePicture,{loginId:n,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(n,o)=>s(e.httpClient.post(u.setRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addRoles:(n,o)=>s(e.httpClient.post(u.addRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(n,o)=>s(e.httpClient.post(u.removeRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addTenant:(n,o)=>s(e.httpClient.post(u.addTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(n,o)=>s(e.httpClient.post(u.removeTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(n,o,a)=>s(e.httpClient.post(u.setRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(n,o,a)=>s(e.httpClient.post(u.addRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(n,o,a)=>s(e.httpClient.post(u.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(n,o)=>s(e.httpClient.post(u.addSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(n,o)=>s(e.httpClient.post(u.setSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(n,o)=>s(e.httpClient.post(u.removeSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,i)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(n,o,a)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:n,customClaims:o,timeout:a},{token:t}),(e=>e)),generateSignUpEmbeddedLink:(n,o,a,i,r,l)=>s(e.httpClient.post(u.generateSignUpEmbeddedLink,{loginId:n,user:o,emailVerified:a,phoneVerified:i,loginOptions:r,timeout:l},{token:t}),(e=>e)),setTemporaryPassword:(n,o)=>s(e.httpClient.post(u.setTemporaryPassword,{loginId:n,password:o},{token:t}),(e=>e)),setActivePassword:(n,o)=>s(e.httpClient.post(u.setActivePassword,{loginId:n,password:o},{token:t}),(e=>e)),setPassword:(n,o)=>s(e.httpClient.post(u.setPassword,{loginId:n,password:o},{token:t}),(e=>e)),expirePassword:n=>s(e.httpClient.post(u.expirePassword,{loginId:n},{token:t}),(e=>e)),removeAllPasskeys:n=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:n},{token:t}),(e=>e)),removeTOTPSeed:n=>s(e.httpClient.post(u.removeTOTPSeed,{loginId:n},{token:t}),(e=>e)),history:n=>s(e.httpClient.post(u.history,n,{token:t}),(e=>e))}),M=(e,t)=>({updateName:n=>s(e.httpClient.post(h.updateName,{name:n},{token:t})),updateTags:n=>s(e.httpClient.post(h.updateTags,{tags:n},{token:t})),clone:(n,o,a)=>s(e.httpClient.post(h.clone,{name:n,environment:o,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(h.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t})),importSnapshot:n=>s(e.httpClient.post(h.importSnapshot,n,{token:t})),validateSnapshot:n=>s(e.httpClient.post(h.validateSnapshot,n,{token:t})),export:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t}),(e=>e.files)),import:n=>s(e.httpClient.post(h.importSnapshot,{files:n},{token:t}))}),U=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(k.create,{name:n,selfProvisioningDomains:o,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(n,o,a,i,r,l)=>s(e.httpClient.post(k.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(k.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(k.delete,{id:n,cascade:o},{token:t})),load:n=>s(e.httpClient.get(k.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants)),searchAll:(n,o,a,i)=>s(e.httpClient.post(k.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:n=>s(e.httpClient.get(k.settings,{queryParams:{id:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(k.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t})),generateSSOConfigurationLink:(n,o,a,i,r)=>s(e.httpClient.post(k.generateSSOConfigurationLink,{tenantId:n,expireTime:o,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),x=(e,t)=>({update:(n,o,a)=>s(e.httpClient.post(b.update,{jwt:n,customClaims:o,refreshDuration:a},{token:t})),impersonate:(n,o,a,i,r,l)=>s(e.httpClient.post(b.impersonate,{impersonatorId:n,loginId:o,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(n,o,a,i)=>s(e.httpClient.post(b.stopImpersonation,{jwt:n,customClaims:o,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(n,o)=>s(e.httpClient.post(b.signIn,Object.assign({loginId:n},o),{token:t})),signUp:(n,o,a)=>s(e.httpClient.post(b.signUp,Object.assign({loginId:n,user:o},a),{token:t})),signUpOrIn:(n,o,a)=>s(e.httpClient.post(b.signUpOrIn,Object.assign({loginId:n,user:o},a),{token:t})),anonymous:(n,o,a)=>s(e.httpClient.post(b.anonymous,{customClaims:n,selectedTenant:o,refreshDuration:a},{token:t}))}),D=(e,t)=>({create:(n,o)=>s(e.httpClient.post(A.create,{name:n,description:o},{token:t})),update:(n,o,a)=>s(e.httpClient.post(A.update,{name:n,newName:o,description:a},{token:t})),delete:n=>s(e.httpClient.post(A.delete,{name:n},{token:t})),loadAll:()=>s(e.httpClient.get(A.loadAll,{token:t}),(e=>e.permissions))}),L=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(w.create,{name:n,description:o,permissionNames:a,tenantId:i,default:r},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(w.update,{name:n,newName:o,description:a,permissionNames:i,tenantId:r,default:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(w.delete,{name:n,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(w.loadAll,{token:t}),(e=>e.roles)),search:n=>s(e.httpClient.post(w.search,n,{token:t}),(e=>e.roles))}),F=(e,t)=>({loadAllGroups:n=>s(e.httpClient.post(T.loadAllGroups,{tenantId:n},{token:t})),loadAllGroupsForMember:(n,o,a)=>s(e.httpClient.post(T.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:t})),loadAllGroupMembers:(n,o)=>s(e.httpClient.post(T.loadAllGroupMembers,{tenantId:n,groupId:o},{token:t}))});function z(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const q=(e,t)=>({getSettings:n=>s(e.httpClient.get(I.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),newSettings:(n,o,a)=>s(e.httpClient.post(I.settingsNew,Object.assign(Object.assign({tenantId:n},o?{ssoId:o}:{}),{displayName:a}),{token:t}),(e=>z(e))),deleteSettings:(n,o)=>s(e.httpClient.delete(I.settings,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t})),configureSettings:(n,o,a,i,r,l)=>s(e.httpClient.post(I.settings,{tenantId:n,idpURL:o,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(n,o,a,i)=>s(e.httpClient.post(I.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:i},{token:t})),configureMapping:(n,o,a)=>s(e.httpClient.post(I.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:t})),configureOIDCSettings:(n,o,a,i)=>{const r=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(I.oidc.configure,Object.assign({tenantId:n,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(n,o,a,i,r)=>s(e.httpClient.post(I.saml.configure,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(n,o,a,i,r)=>s(e.httpClient.post(I.saml.metadata,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(n,o)=>s(e.httpClient.get(I.settingsv2,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t}),(e=>z(e))),loadAllSettings:n=>s(e.httpClient.get(I.settingsAllV2,{queryParams:{tenantId:n},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(z(e)))),s}(e)))}),$=(e,t)=>({create:(n,o,a,i,r,l,p,d)=>s(e.httpClient.post(v.create,{name:n,expireTime:o,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:p,permittedIps:d},{token:t})),load:n=>s(e.httpClient.get(v.load,{queryParams:{id:n},token:t}),(e=>e.key)),searchAll:n=>s(e.httpClient.post(v.search,{tenantIds:n},{token:t}),(e=>e.keys)),update:(n,o,a,i,r,l,p)=>s(e.httpClient.post(v.update,{id:n,name:o,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:p},{token:t}),(e=>e.key)),deactivate:n=>s(e.httpClient.post(v.deactivate,{id:n},{token:t})),activate:n=>s(e.httpClient.post(v.activate,{id:n},{token:t})),delete:n=>s(e.httpClient.post(v.delete,{id:n},{token:t}))}),J=(e,t)=>({list:()=>s(e.httpClient.post(O.list,{},{token:t})),delete:n=>s(e.httpClient.post(O.delete,{ids:n},{token:t})),export:n=>s(e.httpClient.post(O.export,{flowId:n},{token:t})),import:(n,o,a)=>s(e.httpClient.post(O.import,{flowId:n,flow:o,screens:a},{token:t}))}),K=(e,t)=>({export:()=>s(e.httpClient.post(j.export,{},{token:t})),import:n=>s(e.httpClient.post(j.import,{theme:n},{token:t}))}),G=(e,t)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,s(e.httpClient.post(N.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const o=Object.assign({},n);return s(e.httpClient.post(N.createEvent,o,{token:t}))}}),B=(e,t)=>({saveSchema:(n,o)=>s(e.httpClient.post(R.schemaSave,{schema:n,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(R.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(R.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(n,o,a)=>s(e.httpClient.post(R.nsSave,{namespace:n,oldName:o,schemaName:a},{token:t})),deleteNamespace:(n,o)=>s(e.httpClient.post(R.nsDelete,{name:n,schemaName:o},{token:t})),saveRelationDefinition:(n,o,a,i)=>s(e.httpClient.post(R.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(n,o,a)=>s(e.httpClient.post(R.rdDelete,{name:n,namespace:o,schemaName:a},{token:t})),createRelations:n=>s(e.httpClient.post(R.reCreate,{relations:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(R.reDelete,{relations:n},{token:t})),deleteRelationsForResources:n=>s(e.httpClient.post(R.reDeleteResources,{resources:n},{token:t})),deleteResourceRelationsForResources:n=>s(e.httpClient.post(R.reDeleteResourceRelationsForResources,{resources:n},{token:t})),deleteRelationsForIds:n=>s(e.httpClient.post(R.reDeleteResources,{resources:n},{token:t})),hasRelations:n=>s(e.httpClient.post(R.hasRelations,{relationQueries:n},{token:t}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>s(e.httpClient.post(R.who,{resource:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(n,o=!1)=>s(e.httpClient.post(R.resource,{resource:n,ignoreTargetSetRelations:o},{token:t}),(e=>e.relations)),targetsRelations:(n,o=!1)=>s(e.httpClient.post(R.targets,{targets:n,includeTargetSetRelations:o},{token:t}),(e=>e.relations)),whatCanTargetAccess:n=>s(e.httpClient.post(R.targetAll,{target:n},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,o,a)=>s(e.httpClient.post(R.targetWithRelation,{target:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>s(e.httpClient.post(R.getModified,{since:n?n.getTime():0},{token:t}),(e=>e))}),W=(e,t)=>({createOidcApplication:n=>{var o;return s(e.httpClient.post(C.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:n=>{var o;return s(e.httpClient.post(C.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:n=>s(e.httpClient.post(C.oidcUpdate,Object.assign({},n),{token:t})),updateSamlApplication:n=>s(e.httpClient.post(C.samlUpdate,Object.assign({},n),{token:t})),delete:n=>s(e.httpClient.post(C.delete,{id:n},{token:t})),load:n=>s(e.httpClient.get(C.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.apps))}),V=(e,t)=>({getSettings:n=>s(e.httpClient.get(S.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(S.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t}))}),H=(e,t)=>({saveSchema:n=>s(e.httpClient.post(P.schema,n,{token:t})),deleteSchema:()=>s(e.httpClient.post(R.schemaDelete,{},{token:t})),createRelations:n=>s(e.httpClient.post(P.relations,{tuples:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(P.deleteRelations,{tuples:n},{token:t})),check:n=>s(e.httpClient.post(P.check,{tuples:n},{token:t}),(e=>e.tuples)),loadResourcesDetails:n=>s(e.httpClient.post(P.resourcesLoad,{resourceIdentifiers:n},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:n=>s(e.httpClient.post(P.resourcesSave,{resourcesDetails:n},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(P.relations,{token:t}))}),Q=(e,t)=>({createApplication:n=>s(e.httpClient.post(f.create,Object.assign({},n),{token:t})),updateApplication:n=>s(e.httpClient.post(f.update,Object.assign({},n),{token:t})),patchApplication:n=>s(e.httpClient.post(f.patch,Object.assign({},n),{token:t})),deleteApplication:n=>s(e.httpClient.post(f.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(f.load,{queryParams:{id:n},token:t}),(e=>e)),loadAllApplications:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.apps)),getApplicationSecret:n=>s(e.httpClient.get(f.secret,{queryParams:{id:n},token:t}),(e=>e)),rotateApplicationSecret:n=>s(e.httpClient.post(f.rotate,{id:n},{token:t})),searchConsents:n=>s(e.httpClient.post(y.search,Object.assign({},n),{token:t}),(e=>e.consents)),deleteConsents:n=>s(e.httpClient.post(y.delete,Object.assign({},n),{token:t}))});const _=s=>{var r,{managementKey:l,publicKey:p}=s,u=e(s,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:d},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.7"})})),{projectId:v,logger:k}=u,C={},f=((e,t)=>({user:E(e,t),project:M(e,t),accessKey:$(e,t),tenant:U(e,t),ssoApplication:W(e,t),inboundApplication:Q(e,t),sso:q(e,t),jwt:x(e,t),permission:D(e,t),password:V(e,t),role:L(e,t),group:F(e,t),flow:J(e,t),theme:K(e,t),audit:G(e,t),authz:B(e,t),fga:H(e,t)}))(h,l),y=Object.assign(Object.assign({},h),{refresh:async e=>h.refresh(e),management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(C[e.kid])return C[e.kid];if(Object.assign(C,await(async()=>{if(p)try{const e=JSON.parse(p),t=await i(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${v}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!C[e.kid])throw Error("failed to fetch matching key");return C[e.kid]},async validateJwt(e){var t;const s=(await o(e,y.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==v))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await y.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await y.validateJwt(e);const n=await y.refresh(e);if(n.ok){return await y.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await y.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return y.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await y.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==k||k.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=n.data;if(!o)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await y.validateJwt(o)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>y.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>y.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const n=c(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const n=c(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>y.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>y.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const n=c(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const n=c(e,"roles",t);return s.filter((e=>n.includes(e)))}});return n(y,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};_.RefreshTokenCookieName="DSR",_.SessionTokenCookieName="DS",_.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{_ as default};
 //# sourceMappingURL=index.esm.js.map