@descope/node-sdk 1.7.6 → 1.7.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +126 -7
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +156 -36
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +6 -6
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import * as _descope_core_js_sdk from '@descope/core-js-sdk';
2
- import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, LoginOptions, SdkResponse, AccessKeyLoginOptions, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
2
+ import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, LoginOptions, SdkResponse, JWTResponse, AccessKeyLoginOptions, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
3
3
  export { DeliveryMethod, JWTResponse, OAuthProvider, ResponseData, SdkResponse } from '@descope/core-js-sdk';
4
4
  import { JWTHeaderParameters, KeyLike } from 'jose';
5
5
 
@@ -16,6 +16,9 @@ interface AuthenticationInfo {
16
16
  token: Token;
17
17
  cookies?: string[];
18
18
  }
19
+ interface RefreshAuthenticationInfo extends AuthenticationInfo {
20
+ refreshJwt?: string;
21
+ }
19
22
  declare type DeliveryMethodForTestUser = DeliveryMethod | 'Embedded';
20
23
 
21
24
  declare type ExpirationUnit = 'minutes' | 'hours' | 'days' | 'weeks';
@@ -161,7 +164,7 @@ declare type Tenant = {
161
164
  customAttributes?: Record<string, string | number | boolean>;
162
165
  domains?: string[];
163
166
  authType?: 'none' | 'saml' | 'oidc';
164
- forceSSO?: boolean;
167
+ enforceSSO?: boolean;
165
168
  disabled?: boolean;
166
169
  };
167
170
  /** Represents settings of a tenant in a project. It has an id, a name and an array of
@@ -255,6 +258,7 @@ declare type Role = {
255
258
  permissionNames: string[];
256
259
  createdTime: number;
257
260
  tenantId?: string;
261
+ default?: boolean;
258
262
  };
259
263
  /** Search roles based on the parameters */
260
264
  declare type RoleSearchOptions = {
@@ -750,6 +754,87 @@ interface UserOptions {
750
754
  declare type MgmtUserOptions = Omit<UserOptions, 'roles' | 'userTenants' | 'customAttributes' | 'picture' | 'additionalLoginIds' | 'displayName'> & {
751
755
  name?: string;
752
756
  };
757
+ declare type InboundApplicationScope = {
758
+ name: string;
759
+ description: string;
760
+ values?: string[];
761
+ optional?: boolean;
762
+ };
763
+ /**
764
+ * Represents an inbound application request in a project.
765
+ * This type is used to create a new inbound application in a project.
766
+ */
767
+ declare type InboundApplicationOptions = {
768
+ name: string;
769
+ description?: string;
770
+ logo?: string;
771
+ loginPageUrl?: string;
772
+ approvedCallbackUrls?: string[];
773
+ permissionsScopes: InboundApplicationScope[];
774
+ attributesScopes?: InboundApplicationScope[];
775
+ };
776
+ /**
777
+ * Represents an inbound application in a project.
778
+ */
779
+ declare type InboundApplication = InboundApplicationOptions & {
780
+ id: string;
781
+ clientId: string;
782
+ };
783
+ declare type InboundApplicationSecretResponse = {
784
+ cleartext: string;
785
+ };
786
+ declare type CreateInboundApplicationResponse = {
787
+ id: string;
788
+ clientId: string;
789
+ } & InboundApplicationSecretResponse;
790
+ /**
791
+ * Represents an inbound application consent for a single application
792
+ * for a specific user within the project.
793
+ */
794
+ declare type InboundApplicationConsent = {
795
+ id: string;
796
+ appId: string;
797
+ userId: string;
798
+ scopes: string[];
799
+ grantedBy: string;
800
+ createdTime: number;
801
+ };
802
+ declare type InboundApplicationConsentSearchOptions = {
803
+ appId?: string;
804
+ userId?: string;
805
+ consentId?: string;
806
+ page?: number;
807
+ };
808
+ declare type InboundApplicationConsentDeleteOptions = {
809
+ consentIds?: string[];
810
+ appId?: string;
811
+ userIds?: string[];
812
+ };
813
+ declare type PromptType = 'none' | 'login' | 'consent' | 'select_account';
814
+ declare type AccessType = 'offline' | 'online';
815
+ declare type OutboundApplication = {
816
+ id: string;
817
+ name: string;
818
+ description?: string;
819
+ clientId?: string;
820
+ logo?: string;
821
+ discoveryUrl?: string;
822
+ authorizationUrl?: string;
823
+ authorizationUrlParams?: URLParam[];
824
+ tokenUrl?: string;
825
+ tokenUrlParams?: URLParam[];
826
+ revocationUrl?: string;
827
+ defaultScopes?: string[];
828
+ defaultRedirectUrl?: string;
829
+ callbackDomain?: string;
830
+ pkce?: boolean;
831
+ accessType?: AccessType;
832
+ prompt?: Array<PromptType>;
833
+ };
834
+ declare type URLParam = {
835
+ key: string;
836
+ value: string;
837
+ };
753
838
 
754
839
  interface PatchUserOptions {
755
840
  email?: string;
@@ -775,7 +860,7 @@ declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] &
775
860
  };
776
861
  declare const nodeSdk: {
777
862
  ({ managementKey, publicKey, ...config }: NodeSdkArgs): {
778
- refresh: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
863
+ refresh: (token?: string) => Promise<SdkResponse<JWTResponse & {
779
864
  refreshJwt?: string;
780
865
  cookies?: string[];
781
866
  }>>;
@@ -884,7 +969,15 @@ declare const nodeSdk: {
884
969
  generateOTPForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
885
970
  generateMagicLinkForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
886
971
  generateEnchantedLinkForTestUser: (loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
887
- generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
972
+ generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>, timeout?: number) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
973
+ generateSignUpEmbeddedLink: (loginId: string, user?: {
974
+ name?: string;
975
+ givenName?: string;
976
+ middleName?: string;
977
+ familyName?: string;
978
+ phone?: string;
979
+ email?: string;
980
+ }, emailVerified?: boolean, phoneVerified?: boolean, loginOptions?: _descope_core_js_sdk.LoginOptions, timeout?: number) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
888
981
  setTemporaryPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
889
982
  setActivePassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
890
983
  setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
@@ -938,6 +1031,33 @@ declare const nodeSdk: {
938
1031
  load: (id: string) => Promise<SdkResponse<SSOApplication>>;
939
1032
  loadAll: () => Promise<SdkResponse<SSOApplication[]>>;
940
1033
  };
1034
+ inboundApplication: {
1035
+ createApplication: (options: InboundApplicationOptions) => Promise<SdkResponse<CreateInboundApplicationResponse>>;
1036
+ updateApplication: (options: InboundApplicationOptions & {
1037
+ id: string;
1038
+ }) => Promise<SdkResponse<never>>;
1039
+ patchApplication: (options: Partial<InboundApplicationOptions> & {
1040
+ id: string;
1041
+ }) => Promise<SdkResponse<never>>;
1042
+ deleteApplication: (id: string) => Promise<SdkResponse<never>>;
1043
+ loadApplication: (id: string) => Promise<SdkResponse<InboundApplication>>;
1044
+ loadAllApplications: () => Promise<SdkResponse<InboundApplication[]>>;
1045
+ getApplicationSecret: (id: string) => Promise<SdkResponse<InboundApplicationSecretResponse>>;
1046
+ rotateApplicationSecret: (id: string) => Promise<SdkResponse<never>>;
1047
+ searchConsents: (options?: InboundApplicationConsentSearchOptions) => Promise<SdkResponse<InboundApplicationConsent[]>>;
1048
+ deleteConsents: (options: InboundApplicationConsentDeleteOptions) => Promise<SdkResponse<never>>;
1049
+ };
1050
+ outboundApplication: {
1051
+ createApplication: (app: Omit<OutboundApplication, "id"> & Partial<Pick<OutboundApplication, "id">> & {
1052
+ clientSecret?: string;
1053
+ }) => Promise<SdkResponse<OutboundApplication>>;
1054
+ updateApplication: (app: OutboundApplication & {
1055
+ clientSecret?: string;
1056
+ }) => Promise<SdkResponse<OutboundApplication>>;
1057
+ deleteApplication: (id: string) => Promise<SdkResponse<never>>;
1058
+ loadApplication: (id: string) => Promise<SdkResponse<OutboundApplication>>;
1059
+ loadAllApplications: () => Promise<SdkResponse<OutboundApplication[]>>;
1060
+ };
941
1061
  sso: {
942
1062
  getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
943
1063
  newSettings: (tenantId: string, ssoId: string, displayName: string) => Promise<SdkResponse<SSOSettings>>;
@@ -955,9 +1075,9 @@ declare const nodeSdk: {
955
1075
  update: (jwt: string, customClaims?: Record<string, any>, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
956
1076
  impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean, customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
957
1077
  stopImpersonation: (jwt: string, customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
958
- signIn: (loginId: string, loginOptions?: MgmtLoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
959
- signUp: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
960
- signUpOrIn: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1078
+ signIn: (loginId: string, loginOptions?: MgmtLoginOptions) => Promise<SdkResponse<JWTResponse>>;
1079
+ signUp: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<JWTResponse>>;
1080
+ signUpOrIn: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<JWTResponse>>;
961
1081
  anonymous: (customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<{
962
1082
  refreshJwt?: string;
963
1083
  cookieDomain?: string;
@@ -979,8 +1099,8 @@ declare const nodeSdk: {
979
1099
  configureSettings: (tenantId: string, settings: PasswordSettings) => Promise<SdkResponse<never>>;
980
1100
  };
981
1101
  role: {
982
- create: (name: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
983
- update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
1102
+ create: (name: string, description?: string, permissionNames?: string[], tenantId?: string, defaultRole?: boolean) => Promise<SdkResponse<never>>;
1103
+ update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string, defaultRole?: boolean) => Promise<SdkResponse<never>>;
984
1104
  delete: (name: string, tenantId?: string) => Promise<SdkResponse<never>>;
985
1105
  loadAll: () => Promise<SdkResponse<Role[]>>;
986
1106
  search: (options: RoleSearchOptions) => Promise<SdkResponse<Role[]>>;
@@ -990,6 +1110,7 @@ declare const nodeSdk: {
990
1110
  loadAllGroupsForMember: (tenantId: string, userIds: string[], loginIds: string[]) => Promise<SdkResponse<Group[]>>;
991
1111
  loadAllGroupMembers: (tenantId: string, groupId: string) => Promise<SdkResponse<Group[]>>;
992
1112
  };
1113
+ /** Fetch the public keys (JWKs) from Descope for the configured project */
993
1114
  flow: {
994
1115
  list: () => Promise<SdkResponse<FlowsResponse>>;
995
1116
  delete: (flowIds: string[]) => Promise<SdkResponse<never>>;
@@ -1017,7 +1138,12 @@ declare const nodeSdk: {
1017
1138
  deleteRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
1018
1139
  deleteResourceRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
1019
1140
  deleteRelationsForIds: (ids: string[]) => Promise<SdkResponse<never>>;
1020
- hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>;
1141
+ hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>; /**
1142
+ * Validate session and refresh it if it expired
1143
+ * @param sessionToken session JWT
1144
+ * @param refreshToken refresh JWT
1145
+ * @returns RefreshAuthenticationInfo promise or throws Error if there is an issue with JWTs
1146
+ */
1021
1147
  whoCanAccess: (resource: string, relationDefinition: string, namespace: string) => Promise<SdkResponse<string[]>>;
1022
1148
  resourceRelations: (resource: string, ignoreTargetSetRelations?: boolean) => Promise<SdkResponse<AuthzRelation[]>>;
1023
1149
  targetsRelations: (targets: string[], includeTargetSetRelations?: boolean) => Promise<SdkResponse<AuthzRelation[]>>;
@@ -1039,8 +1165,8 @@ declare const nodeSdk: {
1039
1165
  getKey: (header: JWTHeaderParameters) => Promise<KeyLike | Uint8Array>;
1040
1166
  validateJwt: (jwt: string) => Promise<AuthenticationInfo>;
1041
1167
  validateSession: (sessionToken: string) => Promise<AuthenticationInfo>;
1042
- refreshSession: (refreshToken: string) => Promise<AuthenticationInfo>;
1043
- validateAndRefreshSession: (sessionToken?: string, refreshToken?: string) => Promise<AuthenticationInfo>;
1168
+ refreshSession: (refreshToken: string) => Promise<RefreshAuthenticationInfo>;
1169
+ validateAndRefreshSession: (sessionToken?: string, refreshToken?: string) => Promise<RefreshAuthenticationInfo>;
1044
1170
  exchangeAccessKey: (accessKey: string, loginOptions?: AccessKeyLoginOptions) => Promise<AuthenticationInfo>;
1045
1171
  validatePermissions: (authInfo: AuthenticationInfo, permissions: string[]) => boolean;
1046
1172
  getMatchedPermissions: (authInfo: AuthenticationInfo, permissions: string[]) => string[];
@@ -1055,19 +1181,19 @@ declare const nodeSdk: {
1055
1181
  };
1056
1182
  otp: {
1057
1183
  verify: {
1058
- sms: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1184
+ sms: (loginId: string, code: string) => Promise<SdkResponse<JWTResponse & {
1059
1185
  refreshJwt?: string;
1060
1186
  cookies?: string[];
1061
1187
  }>>;
1062
- voice: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1188
+ voice: (loginId: string, code: string) => Promise<SdkResponse<JWTResponse & {
1063
1189
  refreshJwt?: string;
1064
1190
  cookies?: string[];
1065
1191
  }>>;
1066
- whatsapp: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1192
+ whatsapp: (loginId: string, code: string) => Promise<SdkResponse<JWTResponse & {
1067
1193
  refreshJwt?: string;
1068
1194
  cookies?: string[];
1069
1195
  }>>;
1070
- email: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1196
+ email: (loginId: string, code: string) => Promise<SdkResponse<JWTResponse & {
1071
1197
  refreshJwt?: string;
1072
1198
  cookies?: string[];
1073
1199
  }>>;
@@ -1216,7 +1342,7 @@ declare const nodeSdk: {
1216
1342
  };
1217
1343
  };
1218
1344
  magicLink: {
1219
- verify: (token: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1345
+ verify: (token: string) => Promise<SdkResponse<JWTResponse & {
1220
1346
  refreshJwt?: string;
1221
1347
  cookies?: string[];
1222
1348
  }>>;
@@ -1420,7 +1546,7 @@ declare const nodeSdk: {
1420
1546
  waitForSession: (pendingRef: string, config?: {
1421
1547
  pollingIntervalMs: number;
1422
1548
  timeoutMs: number;
1423
- }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1549
+ }) => Promise<SdkResponse<JWTResponse>>;
1424
1550
  update: {
1425
1551
  email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
1426
1552
  addToLoginIDs?: T_4;
@@ -1434,7 +1560,7 @@ declare const nodeSdk: {
1434
1560
  };
1435
1561
  };
1436
1562
  oauth: {
1437
- start: ((provider: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
1563
+ start: ((provider: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, loginHint?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
1438
1564
  facebook: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1439
1565
  github: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1440
1566
  google: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
@@ -1445,7 +1571,7 @@ declare const nodeSdk: {
1445
1571
  linkedin: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1446
1572
  slack: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1447
1573
  };
1448
- exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1574
+ exchange: (code: string) => Promise<SdkResponse<JWTResponse & {
1449
1575
  refreshJwt?: string;
1450
1576
  cookies?: string[];
1451
1577
  }>>;
@@ -1457,7 +1583,7 @@ declare const nodeSdk: {
1457
1583
  verifyOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<{
1458
1584
  code: string;
1459
1585
  }>>;
1460
- exchangeOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1586
+ exchangeOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<JWTResponse>>;
1461
1587
  };
1462
1588
  outbound: {
1463
1589
  connect: (appId: string, options?: {
@@ -1467,7 +1593,7 @@ declare const nodeSdk: {
1467
1593
  };
1468
1594
  saml: {
1469
1595
  start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1470
- exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1596
+ exchange: (code: string) => Promise<SdkResponse<JWTResponse & {
1471
1597
  refreshJwt?: string;
1472
1598
  cookies?: string[];
1473
1599
  }>>;
@@ -1481,7 +1607,7 @@ declare const nodeSdk: {
1481
1607
  familyName?: string;
1482
1608
  phone?: string;
1483
1609
  }) => Promise<SdkResponse<_descope_core_js_sdk.TOTPResponse>>;
1484
- verify: (loginId: string, code: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1610
+ verify: (loginId: string, code: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<JWTResponse & {
1485
1611
  refreshJwt?: string;
1486
1612
  cookies?: string[];
1487
1613
  }>>;
@@ -1525,7 +1651,7 @@ declare const nodeSdk: {
1525
1651
  waitForSession: (pendingRef: string, config?: {
1526
1652
  pollingIntervalMs: number;
1527
1653
  timeoutMs: number;
1528
- }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1654
+ }) => Promise<SdkResponse<JWTResponse>>;
1529
1655
  };
1530
1656
  webauthn: {
1531
1657
  signUp: {
@@ -1534,7 +1660,7 @@ declare const nodeSdk: {
1534
1660
  options: string;
1535
1661
  create: boolean;
1536
1662
  }>>;
1537
- finish: (transactionId: string, response: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1663
+ finish: (transactionId: string, response: string) => Promise<SdkResponse<JWTResponse & {
1538
1664
  refreshJwt?: string;
1539
1665
  cookies?: string[];
1540
1666
  }>>;
@@ -1545,7 +1671,7 @@ declare const nodeSdk: {
1545
1671
  options: string;
1546
1672
  create: boolean;
1547
1673
  }>>;
1548
- finish: (transactionId: string, response: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1674
+ finish: (transactionId: string, response: string) => Promise<SdkResponse<JWTResponse & {
1549
1675
  refreshJwt?: string;
1550
1676
  cookies?: string[];
1551
1677
  }>>;
@@ -1580,8 +1706,8 @@ declare const nodeSdk: {
1580
1706
  templateOptions?: {
1581
1707
  [x: string]: string;
1582
1708
  };
1583
- }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1584
- signIn: (loginId: string, password: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1709
+ }) => Promise<SdkResponse<JWTResponse>>;
1710
+ signIn: (loginId: string, password: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<JWTResponse>>;
1585
1711
  sendReset: (loginId: string, redirectUrl?: string, templateOptions?: {
1586
1712
  [x: string]: string;
1587
1713
  }) => Promise<SdkResponse<{
@@ -1591,7 +1717,7 @@ declare const nodeSdk: {
1591
1717
  maskedEmail: string;
1592
1718
  }>>;
1593
1719
  update: (loginId: string, newPassword: string, token?: string) => Promise<SdkResponse<never>>;
1594
- replace: (loginId: string, oldPassword: string, newPassword: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1720
+ replace: (loginId: string, oldPassword: string, newPassword: string) => Promise<SdkResponse<JWTResponse>>;
1595
1721
  policy: () => Promise<SdkResponse<{
1596
1722
  minLength: number;
1597
1723
  lowercase: boolean;
@@ -1647,7 +1773,7 @@ declare const nodeSdk: {
1647
1773
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
1648
1774
  }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
1649
1775
  };
1650
- selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1776
+ selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<JWTResponse>>;
1651
1777
  logout: (token?: string) => Promise<SdkResponse<never>>;
1652
1778
  logoutAll: (token?: string) => Promise<SdkResponse<never>>;
1653
1779
  me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -1672,12 +1798,6 @@ declare const nodeSdk: {
1672
1798
  };
1673
1799
  token?: string;
1674
1800
  }) => Promise<Response>;
1675
- /**
1676
- * Retrieves the roles from JWT top level claims that match the specified roles list
1677
- * @param authInfo JWT parsed info containing the roles
1678
- * @param roles List of roles to match against the JWT claims
1679
- * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1680
- */
1681
1801
  post: (path: string, body?: any, config?: {
1682
1802
  headers?: HeadersInit;
1683
1803
  queryParams?: {
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as n,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var d;null!==(d=globalThis.Headers)&&void 0!==d||(globalThis.Headers=r);const p=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=t=>async(...s)=>{var o,n,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function c(e,t,s){var o,n;const a=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(a)?a:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},h={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},C={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},I={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},y={settings:"/v1/mgmt/password/settings"},b={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},S={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},w={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},O={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},A={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},T={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},j={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},N={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};const R=(e,t)=>({create:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(u.create,C,{token:t}),(e=>e.user))},createTestUser:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.createTestUser,C,{token:t}),(e=>e.user))},invite:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k,C,f,I,y){const b="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:I,templateId:y}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,b,{token:t}),(e=>e.user))},inviteBatch:(o,n,a,i,r,l)=>s(e.httpClient.post(u.createBatch,{users:o.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:n,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(o,n,a,i,r,l,d,p,m,c,g,h,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(u.update,C,{token:t}),(e=>e.user))},patch:function(o,n){const a={loginId:o};return void 0!==n.email&&(a.email=n.email),void 0!==n.phone&&(a.phone=n.phone),void 0!==n.displayName&&(a.displayName=n.displayName),void 0!==n.givenName&&(a.givenName=n.givenName),void 0!==n.middleName&&(a.middleName=n.middleName),void 0!==n.familyName&&(a.familyName=n.familyName),void 0!==n.roles&&(a.roleNames=n.roles),void 0!==n.userTenants&&(a.userTenants=n.userTenants),void 0!==n.customAttributes&&(a.customAttributes=n.customAttributes),void 0!==n.picture&&(a.picture=n.picture),void 0!==n.verifiedEmail&&(a.verifiedEmail=n.verifiedEmail),void 0!==n.verifiedPhone&&(a.verifiedPhone=n.verifiedPhone),void 0!==n.ssoAppIds&&(a.ssoAppIds=n.ssoAppIds),void 0!==n.scim&&(a.scim=n.scim),s(e.httpClient.patch(u.patch,a,{token:t}),(e=>e.user))},delete:o=>s(e.httpClient.post(u.delete,{loginId:o},{token:t})),deleteByUserId:o=>s(e.httpClient.post(u.delete,{userId:o},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:o=>s(e.httpClient.get(u.load,{queryParams:{loginId:o},token:t}),(e=>e.user)),loadByUserId:o=>s(e.httpClient.get(u.load,{queryParams:{userId:o},token:t}),(e=>e.user)),logoutUser:o=>s(e.httpClient.post(u.logout,{loginId:o},{token:t})),logoutUserByUserId:o=>s(e.httpClient.post(u.logout,{userId:o},{token:t})),searchAll:(o,n,a,i,r,l,d,p,m,c)=>s(e.httpClient.post(u.search,{tenantIds:o,roleNames:n,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:o=>s(e.httpClient.post(u.searchTestUsers,Object.assign(Object.assign({},o),{withTestUser:!0,testUsersOnly:!0,roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),search:o=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},o),{roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(o,n,a)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:o,provider:n,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:o=>s(e.httpClient.post(u.updateStatus,{loginId:o,status:"enabled"},{token:t}),(e=>e.user)),deactivate:o=>s(e.httpClient.post(u.updateStatus,{loginId:o,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(o,n)=>s(e.httpClient.post(u.updateLoginId,{loginId:o,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(o,n,a)=>s(e.httpClient.post(u.updateEmail,{loginId:o,email:n,verified:a},{token:t}),(e=>e.user)),updatePhone:(o,n,a)=>s(e.httpClient.post(u.updatePhone,{loginId:o,phone:n,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(o,n,a,i,r)=>s(e.httpClient.post(u.updateDisplayName,{loginId:o,displayName:n,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(o,n)=>s(e.httpClient.post(u.updatePicture,{loginId:o,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(o,n,a)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(o,n)=>s(e.httpClient.post(u.setRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addRoles:(o,n)=>s(e.httpClient.post(u.addRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(o,n)=>s(e.httpClient.post(u.removeRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addTenant:(o,n)=>s(e.httpClient.post(u.addTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(o,n)=>s(e.httpClient.post(u.removeTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(o,n,a)=>s(e.httpClient.post(u.setRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(o,n,a)=>s(e.httpClient.post(u.addRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(o,n,a)=>s(e.httpClient.post(u.removeRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(o,n)=>s(e.httpClient.post(u.addSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(o,n)=>s(e.httpClient.post(u.setSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(o,n)=>s(e.httpClient.post(u.removeSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(o,n,a)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:o,loginId:n,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(o,n,a,i)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(o,n,a)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:o,URI:n,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(o,n)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:o,customClaims:n},{token:t}),(e=>e)),setTemporaryPassword:(o,n)=>s(e.httpClient.post(u.setTemporaryPassword,{loginId:o,password:n},{token:t}),(e=>e)),setActivePassword:(o,n)=>s(e.httpClient.post(u.setActivePassword,{loginId:o,password:n},{token:t}),(e=>e)),setPassword:(o,n)=>s(e.httpClient.post(u.setPassword,{loginId:o,password:n},{token:t}),(e=>e)),expirePassword:o=>s(e.httpClient.post(u.expirePassword,{loginId:o},{token:t}),(e=>e)),removeAllPasskeys:o=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:o},{token:t}),(e=>e)),removeTOTPSeed:o=>s(e.httpClient.post(u.removeTOTPSeed,{loginId:o},{token:t}),(e=>e)),history:o=>s(e.httpClient.post(u.history,o,{token:t}),(e=>e))}),P=(e,t)=>({updateName:o=>s(e.httpClient.post(h.updateName,{name:o},{token:t})),updateTags:o=>s(e.httpClient.post(h.updateTags,{tags:o},{token:t})),clone:(o,n,a)=>s(e.httpClient.post(h.clone,{name:o,environment:n,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(h.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:o})=>({id:e,name:t,environment:s,tags:o}))))),exportSnapshot:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t})),importSnapshot:o=>s(e.httpClient.post(h.importSnapshot,o,{token:t})),validateSnapshot:o=>s(e.httpClient.post(h.validateSnapshot,o,{token:t})),export:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t}),(e=>e.files)),import:o=>s(e.httpClient.post(h.importSnapshot,{files:o},{token:t}))}),E=(e,t)=>({create:(o,n,a,i,r)=>s(e.httpClient.post(k.create,{name:o,selfProvisioningDomains:n,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(o,n,a,i,r,l)=>s(e.httpClient.post(k.create,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(o,n,a,i,r,l)=>s(e.httpClient.post(k.update,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(o,n)=>s(e.httpClient.post(k.delete,{id:o,cascade:n},{token:t})),load:o=>s(e.httpClient.get(k.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants)),searchAll:(o,n,a,i)=>s(e.httpClient.post(k.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:o=>s(e.httpClient.get(k.settings,{queryParams:{id:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(k.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t})),generateSSOConfigurationLink:(o,n,a,i,r)=>s(e.httpClient.post(k.generateSSOConfigurationLink,{tenantId:o,expireTime:n,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),M=(e,t)=>({update:(o,n,a)=>s(e.httpClient.post(I.update,{jwt:o,customClaims:n,refreshDuration:a},{token:t})),impersonate:(o,n,a,i,r,l)=>s(e.httpClient.post(I.impersonate,{impersonatorId:o,loginId:n,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(o,n,a,i)=>s(e.httpClient.post(I.stopImpersonation,{jwt:o,customClaims:n,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(o,n)=>s(e.httpClient.post(I.signIn,Object.assign({loginId:o},n),{token:t})),signUp:(o,n,a)=>s(e.httpClient.post(I.signUp,Object.assign({loginId:o,user:n},a),{token:t})),signUpOrIn:(o,n,a)=>s(e.httpClient.post(I.signUpOrIn,Object.assign({loginId:o,user:n},a),{token:t})),anonymous:(o,n,a)=>s(e.httpClient.post(I.anonymous,{customClaims:o,selectedTenant:n,refreshDuration:a},{token:t}))}),x=(e,t)=>({create:(o,n)=>s(e.httpClient.post(b.create,{name:o,description:n},{token:t})),update:(o,n,a)=>s(e.httpClient.post(b.update,{name:o,newName:n,description:a},{token:t})),delete:o=>s(e.httpClient.post(b.delete,{name:o},{token:t})),loadAll:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.permissions))}),U=(e,t)=>({create:(o,n,a,i)=>s(e.httpClient.post(S.create,{name:o,description:n,permissionNames:a,tenantId:i},{token:t})),update:(o,n,a,i,r)=>s(e.httpClient.post(S.update,{name:o,newName:n,description:a,permissionNames:i,tenantId:r},{token:t})),delete:(o,n)=>s(e.httpClient.post(S.delete,{name:o,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(S.loadAll,{token:t}),(e=>e.roles)),search:o=>s(e.httpClient.post(S.search,o,{token:t}),(e=>e.roles))}),D=(e,t)=>({loadAllGroups:o=>s(e.httpClient.post(A.loadAllGroups,{tenantId:o},{token:t})),loadAllGroupsForMember:(o,n,a)=>s(e.httpClient.post(A.loadAllGroupsForMember,{tenantId:o,loginIds:a,userIds:n},{token:t})),loadAllGroupMembers:(o,n)=>s(e.httpClient.post(A.loadAllGroupMembers,{tenantId:o,groupId:n},{token:t}))});function L(e){var t,s;const o=e;return o.oidc&&(o.oidc=Object.assign(Object.assign({},o.oidc),{attributeMapping:o.oidc.userAttrMapping}),delete o.oidc.userAttrMapping),(null===(t=o.saml)||void 0===t?void 0:t.groupsMapping)&&(o.saml.groupsMapping=null===(s=o.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),o}const F=(e,t)=>({getSettings:o=>s(e.httpClient.get(f.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),newSettings:(o,n,a)=>s(e.httpClient.post(f.settingsNew,Object.assign(Object.assign({tenantId:o},n?{ssoId:n}:{}),{displayName:a}),{token:t}),(e=>L(e))),deleteSettings:(o,n)=>s(e.httpClient.delete(f.settings,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t})),configureSettings:(o,n,a,i,r,l)=>s(e.httpClient.post(f.settings,{tenantId:o,idpURL:n,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(o,n,a,i)=>s(e.httpClient.post(f.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:a,domains:i},{token:t})),configureMapping:(o,n,a)=>s(e.httpClient.post(f.mapping,{tenantId:o,roleMappings:n,attributeMapping:a},{token:t})),configureOIDCSettings:(o,n,a,i)=>{const r=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(f.oidc.configure,Object.assign({tenantId:o,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(o,n,a,i,r)=>s(e.httpClient.post(f.saml.configure,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(o,n,a,i,r)=>s(e.httpClient.post(f.saml.metadata,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(o,n)=>s(e.httpClient.get(f.settingsv2,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t}),(e=>L(e))),loadAllSettings:o=>s(e.httpClient.get(f.settingsAllV2,{queryParams:{tenantId:o},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(L(e)))),s}(e)))}),z=(e,t)=>({create:(o,n,a,i,r,l,d,p)=>s(e.httpClient.post(v.create,{name:o,expireTime:n,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:d,permittedIps:p},{token:t})),load:o=>s(e.httpClient.get(v.load,{queryParams:{id:o},token:t}),(e=>e.key)),searchAll:o=>s(e.httpClient.post(v.search,{tenantIds:o},{token:t}),(e=>e.keys)),update:(o,n,a,i,r,l,d)=>s(e.httpClient.post(v.update,{id:o,name:n,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:d},{token:t}),(e=>e.key)),deactivate:o=>s(e.httpClient.post(v.deactivate,{id:o},{token:t})),activate:o=>s(e.httpClient.post(v.activate,{id:o},{token:t})),delete:o=>s(e.httpClient.post(v.delete,{id:o},{token:t}))}),q=(e,t)=>({list:()=>s(e.httpClient.post(w.list,{},{token:t})),delete:o=>s(e.httpClient.post(w.delete,{ids:o},{token:t})),export:o=>s(e.httpClient.post(w.export,{flowId:o},{token:t})),import:(o,n,a)=>s(e.httpClient.post(w.import,{flowId:o,flow:n,screens:a},{token:t}))}),$=(e,t)=>({export:()=>s(e.httpClient.post(O.export,{},{token:t})),import:o=>s(e.httpClient.post(O.import,{theme:o},{token:t}))}),J=(e,t)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,s(e.httpClient.post(T.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:o=>{const n=Object.assign({},o);return s(e.httpClient.post(T.createEvent,n,{token:t}))}}),K=(e,t)=>({saveSchema:(o,n)=>s(e.httpClient.post(j.schemaSave,{schema:o,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(j.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(o,n,a)=>s(e.httpClient.post(j.nsSave,{namespace:o,oldName:n,schemaName:a},{token:t})),deleteNamespace:(o,n)=>s(e.httpClient.post(j.nsDelete,{name:o,schemaName:n},{token:t})),saveRelationDefinition:(o,n,a,i)=>s(e.httpClient.post(j.rdSave,{relationDefinition:o,namespace:n,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(o,n,a)=>s(e.httpClient.post(j.rdDelete,{name:o,namespace:n,schemaName:a},{token:t})),createRelations:o=>s(e.httpClient.post(j.reCreate,{relations:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(j.reDelete,{relations:o},{token:t})),deleteRelationsForResources:o=>s(e.httpClient.post(j.reDeleteResources,{resources:o},{token:t})),deleteResourceRelationsForResources:o=>s(e.httpClient.post(j.reDeleteResourceRelationsForResources,{resources:o},{token:t})),deleteRelationsForIds:o=>s(e.httpClient.post(j.reDeleteResources,{resources:o},{token:t})),hasRelations:o=>s(e.httpClient.post(j.hasRelations,{relationQueries:o},{token:t}),(e=>e.relationQueries)),whoCanAccess:(o,n,a)=>s(e.httpClient.post(j.who,{resource:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(o,n=!1)=>s(e.httpClient.post(j.resource,{resource:o,ignoreTargetSetRelations:n},{token:t}),(e=>e.relations)),targetsRelations:(o,n=!1)=>s(e.httpClient.post(j.targets,{targets:o,includeTargetSetRelations:n},{token:t}),(e=>e.relations)),whatCanTargetAccess:o=>s(e.httpClient.post(j.targetAll,{target:o},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(o,n,a)=>s(e.httpClient.post(j.targetWithRelation,{target:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:o=>s(e.httpClient.post(j.getModified,{since:o?o.getTime():0},{token:t}),(e=>e))}),G=(e,t)=>({createOidcApplication:o=>{var n;return s(e.httpClient.post(C.oidcCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:o=>{var n;return s(e.httpClient.post(C.samlCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:o=>s(e.httpClient.post(C.oidcUpdate,Object.assign({},o),{token:t})),updateSamlApplication:o=>s(e.httpClient.post(C.samlUpdate,Object.assign({},o),{token:t})),delete:o=>s(e.httpClient.post(C.delete,{id:o},{token:t})),load:o=>s(e.httpClient.get(C.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.apps))}),B=(e,t)=>({getSettings:o=>s(e.httpClient.get(y.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(y.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t}))}),W=(e,t)=>({saveSchema:o=>s(e.httpClient.post(N.schema,o,{token:t})),deleteSchema:()=>s(e.httpClient.post(j.schemaDelete,{},{token:t})),createRelations:o=>s(e.httpClient.post(N.relations,{tuples:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(N.deleteRelations,{tuples:o},{token:t})),check:o=>s(e.httpClient.post(N.check,{tuples:o},{token:t}),(e=>e.tuples)),loadResourcesDetails:o=>s(e.httpClient.post(N.resourcesLoad,{resourceIdentifiers:o},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:o=>s(e.httpClient.post(N.resourcesSave,{resourcesDetails:o},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(N.relations,{token:t}))});const H=s=>{var r,{managementKey:l,publicKey:d}=s,u=e(s,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:p},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.6"})})),{projectId:v,logger:k}=u,C={},f=((e,t)=>({user:R(e,t),project:P(e,t),accessKey:z(e,t),tenant:E(e,t),ssoApplication:G(e,t),sso:F(e,t),jwt:M(e,t),permission:x(e,t),password:B(e,t),role:U(e,t),group:D(e,t),flow:q(e,t),theme:$(e,t),audit:J(e,t),authz:K(e,t),fga:W(e,t)}))(h,l),I=Object.assign(Object.assign({},h),{refresh:async e=>h.refresh(e),management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(C[e.kid])return C[e.kid];if(Object.assign(C,await(async()=>{if(d)try{const e=JSON.parse(d),t=await i(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${v}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!C[e.kid])throw Error("failed to fetch matching key");return C[e.kid]},async validateJwt(e){var t;const s=(await n(e,I.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==v))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await I.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await I.validateJwt(e);const o=await I.refresh(e);if(o.ok){return await I.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await I.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return I.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let o;try{o=await I.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!o.ok)throw null==k||k.error("failed to exchange access key",o.error),Error(`could not exchange access key - ${null===(s=o.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:n}=o.data;if(!n)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await I.validateJwt(n)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>I.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>I.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const o=c(e,"permissions",t);return s.every((e=>o.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const o=c(e,"permissions",t);return s.filter((e=>o.includes(e)))},validateRoles:(e,t)=>I.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>I.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const o=c(e,"roles",t);return s.every((e=>o.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const o=c(e,"roles",t);return s.filter((e=>o.includes(e)))}});return o(I,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};H.RefreshTokenCookieName="DSR",H.SessionTokenCookieName="DS",H.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{H as default};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as n,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=r);const d=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null},c=t=>async(...s)=>{var o,n,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,p=e(r,["refreshJwt"]);const d=[];var c;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(c=p)?void 0:c.cookieDomain)||""}; Max-Age=${(null==c?void 0:c.cookieMaxAge)||""}; Path=${(null==c?void 0:c.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=m(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),d.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:d})})};function g(e,t,s){var o,n;const a=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(a)?a:[]}function u(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var h={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},v={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},k={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},C={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},f={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},y={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},I={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},b={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps"},A={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},S={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},w={settings:"/v1/mgmt/password/settings"},O={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},j={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},T={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},N={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},R={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},P={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},E={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},M={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};const U=(e,t)=>({create:function(o,n,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(h.create,C,{token:t}),(e=>e.user))},createTestUser:function(o,n,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(h.createTestUser,C,{token:t}),(e=>e.user))},invite:function(o,n,a,i,r,l,p,d,m,c,g,u,v,k,C,f,y,I){const b="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:u,sendSMS:v,additionalLoginIds:y,templateId:I}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(h.create,b,{token:t}),(e=>e.user))},inviteBatch:(o,n,a,i,r,l)=>s(e.httpClient.post(h.createBatch,{users:o.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:n,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(o,n,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(h.update,C,{token:t}),(e=>e.user))},patch:function(o,n){const a={loginId:o};return void 0!==n.email&&(a.email=n.email),void 0!==n.phone&&(a.phone=n.phone),void 0!==n.displayName&&(a.displayName=n.displayName),void 0!==n.givenName&&(a.givenName=n.givenName),void 0!==n.middleName&&(a.middleName=n.middleName),void 0!==n.familyName&&(a.familyName=n.familyName),void 0!==n.roles&&(a.roleNames=n.roles),void 0!==n.userTenants&&(a.userTenants=n.userTenants),void 0!==n.customAttributes&&(a.customAttributes=n.customAttributes),void 0!==n.picture&&(a.picture=n.picture),void 0!==n.verifiedEmail&&(a.verifiedEmail=n.verifiedEmail),void 0!==n.verifiedPhone&&(a.verifiedPhone=n.verifiedPhone),void 0!==n.ssoAppIds&&(a.ssoAppIds=n.ssoAppIds),void 0!==n.scim&&(a.scim=n.scim),s(e.httpClient.patch(h.patch,a,{token:t}),(e=>e.user))},delete:o=>s(e.httpClient.post(h.delete,{loginId:o},{token:t})),deleteByUserId:o=>s(e.httpClient.post(h.delete,{userId:o},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(h.deleteAllTestUsers,{token:t})),load:o=>s(e.httpClient.get(h.load,{queryParams:{loginId:o},token:t}),(e=>e.user)),loadByUserId:o=>s(e.httpClient.get(h.load,{queryParams:{userId:o},token:t}),(e=>e.user)),logoutUser:o=>s(e.httpClient.post(h.logout,{loginId:o},{token:t})),logoutUserByUserId:o=>s(e.httpClient.post(h.logout,{userId:o},{token:t})),searchAll:(o,n,a,i,r,l,p,d,m,c)=>s(e.httpClient.post(h.search,{tenantIds:o,roleNames:n,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:p,statuses:d,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:o=>s(e.httpClient.post(h.searchTestUsers,Object.assign(Object.assign({},o),{withTestUser:!0,testUsersOnly:!0,roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),search:o=>s(e.httpClient.post(h.search,Object.assign(Object.assign({},o),{roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(o,n,a)=>s(e.httpClient.get(h.getProviderToken,{queryParams:{loginId:o,provider:n,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:o=>s(e.httpClient.post(h.updateStatus,{loginId:o,status:"enabled"},{token:t}),(e=>e.user)),deactivate:o=>s(e.httpClient.post(h.updateStatus,{loginId:o,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(o,n)=>s(e.httpClient.post(h.updateLoginId,{loginId:o,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(o,n,a)=>s(e.httpClient.post(h.updateEmail,{loginId:o,email:n,verified:a},{token:t}),(e=>e.user)),updatePhone:(o,n,a)=>s(e.httpClient.post(h.updatePhone,{loginId:o,phone:n,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(o,n,a,i,r)=>s(e.httpClient.post(h.updateDisplayName,{loginId:o,displayName:n,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(o,n)=>s(e.httpClient.post(h.updatePicture,{loginId:o,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(o,n,a)=>s(e.httpClient.post(h.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(o,n)=>s(e.httpClient.post(h.setRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addRoles:(o,n)=>s(e.httpClient.post(h.addRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(o,n)=>s(e.httpClient.post(h.removeRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addTenant:(o,n)=>s(e.httpClient.post(h.addTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(o,n)=>s(e.httpClient.post(h.removeTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(o,n,a)=>s(e.httpClient.post(h.setRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(o,n,a)=>s(e.httpClient.post(h.addRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(o,n,a)=>s(e.httpClient.post(h.removeRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(o,n)=>s(e.httpClient.post(h.addSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(o,n)=>s(e.httpClient.post(h.setSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(o,n)=>s(e.httpClient.post(h.removeSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(o,n,a)=>s(e.httpClient.post(h.generateOTPForTest,{deliveryMethod:o,loginId:n,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(o,n,a,i)=>s(e.httpClient.post(h.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(o,n,a)=>s(e.httpClient.post(h.generateEnchantedLinkForTest,{loginId:o,URI:n,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(o,n,a)=>s(e.httpClient.post(h.generateEmbeddedLink,{loginId:o,customClaims:n,timeout:a},{token:t}),(e=>e)),generateSignUpEmbeddedLink:(o,n,a,i,r,l)=>s(e.httpClient.post(h.generateSignUpEmbeddedLink,{loginId:o,user:n,emailVerified:a,phoneVerified:i,loginOptions:r,timeout:l},{token:t}),(e=>e)),setTemporaryPassword:(o,n)=>s(e.httpClient.post(h.setTemporaryPassword,{loginId:o,password:n},{token:t}),(e=>e)),setActivePassword:(o,n)=>s(e.httpClient.post(h.setActivePassword,{loginId:o,password:n},{token:t}),(e=>e)),setPassword:(o,n)=>s(e.httpClient.post(h.setPassword,{loginId:o,password:n},{token:t}),(e=>e)),expirePassword:o=>s(e.httpClient.post(h.expirePassword,{loginId:o},{token:t}),(e=>e)),removeAllPasskeys:o=>s(e.httpClient.post(h.removeAllPasskeys,{loginId:o},{token:t}),(e=>e)),removeTOTPSeed:o=>s(e.httpClient.post(h.removeTOTPSeed,{loginId:o},{token:t}),(e=>e)),history:o=>s(e.httpClient.post(h.history,o,{token:t}),(e=>e))}),x=(e,t)=>({updateName:o=>s(e.httpClient.post(v.updateName,{name:o},{token:t})),updateTags:o=>s(e.httpClient.post(v.updateTags,{tags:o},{token:t})),clone:(o,n,a)=>s(e.httpClient.post(v.clone,{name:o,environment:n,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(v.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:o})=>({id:e,name:t,environment:s,tags:o}))))),exportSnapshot:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t})),importSnapshot:o=>s(e.httpClient.post(v.importSnapshot,o,{token:t})),validateSnapshot:o=>s(e.httpClient.post(v.validateSnapshot,o,{token:t})),export:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t}),(e=>e.files)),import:o=>s(e.httpClient.post(v.importSnapshot,{files:o},{token:t}))}),D=(e,t)=>({create:(o,n,a,i,r)=>s(e.httpClient.post(C.create,{name:o,selfProvisioningDomains:n,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(o,n,a,i,r,l)=>s(e.httpClient.post(C.create,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(o,n,a,i,r,l)=>s(e.httpClient.post(C.update,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(o,n)=>s(e.httpClient.post(C.delete,{id:o,cascade:n},{token:t})),load:o=>s(e.httpClient.get(C.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.tenants)),searchAll:(o,n,a,i)=>s(e.httpClient.post(C.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:o=>s(e.httpClient.get(C.settings,{queryParams:{id:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(C.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t})),generateSSOConfigurationLink:(o,n,a,i,r)=>s(e.httpClient.post(C.generateSSOConfigurationLink,{tenantId:o,expireTime:n,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),L=(e,t)=>({update:(o,n,a)=>s(e.httpClient.post(S.update,{jwt:o,customClaims:n,refreshDuration:a},{token:t})),impersonate:(o,n,a,i,r,l)=>s(e.httpClient.post(S.impersonate,{impersonatorId:o,loginId:n,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(o,n,a,i)=>s(e.httpClient.post(S.stopImpersonation,{jwt:o,customClaims:n,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(o,n)=>s(e.httpClient.post(S.signIn,Object.assign({loginId:o},n),{token:t})),signUp:(o,n,a)=>s(e.httpClient.post(S.signUp,Object.assign({loginId:o,user:n},a),{token:t})),signUpOrIn:(o,n,a)=>s(e.httpClient.post(S.signUpOrIn,Object.assign({loginId:o,user:n},a),{token:t})),anonymous:(o,n,a)=>s(e.httpClient.post(S.anonymous,{customClaims:o,selectedTenant:n,refreshDuration:a},{token:t}))}),F=(e,t)=>({create:(o,n)=>s(e.httpClient.post(O.create,{name:o,description:n},{token:t})),update:(o,n,a)=>s(e.httpClient.post(O.update,{name:o,newName:n,description:a},{token:t})),delete:o=>s(e.httpClient.post(O.delete,{name:o},{token:t})),loadAll:()=>s(e.httpClient.get(O.loadAll,{token:t}),(e=>e.permissions))}),z=(e,t)=>({create:(o,n,a,i,r)=>s(e.httpClient.post(j.create,{name:o,description:n,permissionNames:a,tenantId:i,default:r},{token:t})),update:(o,n,a,i,r,l)=>s(e.httpClient.post(j.update,{name:o,newName:n,description:a,permissionNames:i,tenantId:r,default:l},{token:t})),delete:(o,n)=>s(e.httpClient.post(j.delete,{name:o,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(j.loadAll,{token:t}),(e=>e.roles)),search:o=>s(e.httpClient.post(j.search,o,{token:t}),(e=>e.roles))}),q=(e,t)=>({loadAllGroups:o=>s(e.httpClient.post(R.loadAllGroups,{tenantId:o},{token:t})),loadAllGroupsForMember:(o,n,a)=>s(e.httpClient.post(R.loadAllGroupsForMember,{tenantId:o,loginIds:a,userIds:n},{token:t})),loadAllGroupMembers:(o,n)=>s(e.httpClient.post(R.loadAllGroupMembers,{tenantId:o,groupId:n},{token:t}))});function $(e){var t,s;const o=e;return o.oidc&&(o.oidc=Object.assign(Object.assign({},o.oidc),{attributeMapping:o.oidc.userAttrMapping}),delete o.oidc.userAttrMapping),(null===(t=o.saml)||void 0===t?void 0:t.groupsMapping)&&(o.saml.groupsMapping=null===(s=o.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),o}const J=(e,t)=>({getSettings:o=>s(e.httpClient.get(A.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),newSettings:(o,n,a)=>s(e.httpClient.post(A.settingsNew,Object.assign(Object.assign({tenantId:o},n?{ssoId:n}:{}),{displayName:a}),{token:t}),(e=>$(e))),deleteSettings:(o,n)=>s(e.httpClient.delete(A.settings,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t})),configureSettings:(o,n,a,i,r,l)=>s(e.httpClient.post(A.settings,{tenantId:o,idpURL:n,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(o,n,a,i)=>s(e.httpClient.post(A.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:a,domains:i},{token:t})),configureMapping:(o,n,a)=>s(e.httpClient.post(A.mapping,{tenantId:o,roleMappings:n,attributeMapping:a},{token:t})),configureOIDCSettings:(o,n,a,i)=>{const r=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(A.oidc.configure,Object.assign({tenantId:o,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(o,n,a,i,r)=>s(e.httpClient.post(A.saml.configure,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(o,n,a,i,r)=>s(e.httpClient.post(A.saml.metadata,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(o,n)=>s(e.httpClient.get(A.settingsv2,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t}),(e=>$(e))),loadAllSettings:o=>s(e.httpClient.get(A.settingsAllV2,{queryParams:{tenantId:o},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push($(e)))),s}(e)))}),K=(e,t)=>({create:(o,n,a,i,r,l,p,d)=>s(e.httpClient.post(k.create,{name:o,expireTime:n,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:p,permittedIps:d},{token:t})),load:o=>s(e.httpClient.get(k.load,{queryParams:{id:o},token:t}),(e=>e.key)),searchAll:o=>s(e.httpClient.post(k.search,{tenantIds:o},{token:t}),(e=>e.keys)),update:(o,n,a,i,r,l,p)=>s(e.httpClient.post(k.update,{id:o,name:n,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:p},{token:t}),(e=>e.key)),deactivate:o=>s(e.httpClient.post(k.deactivate,{id:o},{token:t})),activate:o=>s(e.httpClient.post(k.activate,{id:o},{token:t})),delete:o=>s(e.httpClient.post(k.delete,{id:o},{token:t}))}),G=(e,t)=>({list:()=>s(e.httpClient.post(T.list,{},{token:t})),delete:o=>s(e.httpClient.post(T.delete,{ids:o},{token:t})),export:o=>s(e.httpClient.post(T.export,{flowId:o},{token:t})),import:(o,n,a)=>s(e.httpClient.post(T.import,{flowId:o,flow:n,screens:a},{token:t}))}),B=(e,t)=>({export:()=>s(e.httpClient.post(N.export,{},{token:t})),import:o=>s(e.httpClient.post(N.import,{theme:o},{token:t}))}),W=(e,t)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,s(e.httpClient.post(P.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:o=>{const n=Object.assign({},o);return s(e.httpClient.post(P.createEvent,n,{token:t}))}}),V=(e,t)=>({saveSchema:(o,n)=>s(e.httpClient.post(E.schemaSave,{schema:o,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(E.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(o,n,a)=>s(e.httpClient.post(E.nsSave,{namespace:o,oldName:n,schemaName:a},{token:t})),deleteNamespace:(o,n)=>s(e.httpClient.post(E.nsDelete,{name:o,schemaName:n},{token:t})),saveRelationDefinition:(o,n,a,i)=>s(e.httpClient.post(E.rdSave,{relationDefinition:o,namespace:n,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(o,n,a)=>s(e.httpClient.post(E.rdDelete,{name:o,namespace:n,schemaName:a},{token:t})),createRelations:o=>s(e.httpClient.post(E.reCreate,{relations:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(E.reDelete,{relations:o},{token:t})),deleteRelationsForResources:o=>s(e.httpClient.post(E.reDeleteResources,{resources:o},{token:t})),deleteResourceRelationsForResources:o=>s(e.httpClient.post(E.reDeleteResourceRelationsForResources,{resources:o},{token:t})),deleteRelationsForIds:o=>s(e.httpClient.post(E.reDeleteResources,{resources:o},{token:t})),hasRelations:o=>s(e.httpClient.post(E.hasRelations,{relationQueries:o},{token:t}),(e=>e.relationQueries)),whoCanAccess:(o,n,a)=>s(e.httpClient.post(E.who,{resource:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(o,n=!1)=>s(e.httpClient.post(E.resource,{resource:o,ignoreTargetSetRelations:n},{token:t}),(e=>e.relations)),targetsRelations:(o,n=!1)=>s(e.httpClient.post(E.targets,{targets:o,includeTargetSetRelations:n},{token:t}),(e=>e.relations)),whatCanTargetAccess:o=>s(e.httpClient.post(E.targetAll,{target:o},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(o,n,a)=>s(e.httpClient.post(E.targetWithRelation,{target:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:o=>s(e.httpClient.post(E.getModified,{since:o?o.getTime():0},{token:t}),(e=>e))}),H=(e,t)=>({createOidcApplication:o=>{var n;return s(e.httpClient.post(f.oidcCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:o=>{var n;return s(e.httpClient.post(f.samlCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:o=>s(e.httpClient.post(f.oidcUpdate,Object.assign({},o),{token:t})),updateSamlApplication:o=>s(e.httpClient.post(f.samlUpdate,Object.assign({},o),{token:t})),delete:o=>s(e.httpClient.post(f.delete,{id:o},{token:t})),load:o=>s(e.httpClient.get(f.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.apps))}),Q=(e,t)=>({getSettings:o=>s(e.httpClient.get(w.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(w.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t}))}),_=(e,t)=>({saveSchema:o=>s(e.httpClient.post(M.schema,o,{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),createRelations:o=>s(e.httpClient.post(M.relations,{tuples:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(M.deleteRelations,{tuples:o},{token:t})),check:o=>s(e.httpClient.post(M.check,{tuples:o},{token:t}),(e=>e.tuples)),loadResourcesDetails:o=>s(e.httpClient.post(M.resourcesLoad,{resourceIdentifiers:o},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:o=>s(e.httpClient.post(M.resourcesSave,{resourcesDetails:o},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(M.relations,{token:t}))}),X=(e,t)=>({createApplication:o=>s(e.httpClient.post(y.create,Object.assign({},o),{token:t})),updateApplication:o=>s(e.httpClient.post(y.update,Object.assign({},o),{token:t})),patchApplication:o=>s(e.httpClient.post(y.patch,Object.assign({},o),{token:t})),deleteApplication:o=>s(e.httpClient.post(y.delete,{id:o},{token:t})),loadApplication:o=>s(e.httpClient.get(y.load,{queryParams:{id:o},token:t}),(e=>e)),loadAllApplications:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.apps)),getApplicationSecret:o=>s(e.httpClient.get(y.secret,{queryParams:{id:o},token:t}),(e=>e)),rotateApplicationSecret:o=>s(e.httpClient.post(y.rotate,{id:o},{token:t})),searchConsents:o=>s(e.httpClient.post(I.search,Object.assign({},o),{token:t}),(e=>e.consents)),deleteConsents:o=>s(e.httpClient.post(I.delete,Object.assign({},o),{token:t}))}),Y=(e,t)=>({createApplication:o=>s(e.httpClient.post(b.create,Object.assign({},o),{token:t}),(e=>e.app)),updateApplication:o=>s(e.httpClient.post(b.update,{app:o},{token:t}),(e=>e.app)),deleteApplication:o=>s(e.httpClient.post(b.delete,{id:o},{token:t})),loadApplication:o=>s(e.httpClient.get(`${b.load}/${o}`,{token:t}),(e=>e.app)),loadAllApplications:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.apps))});const Z=s=>{var r,{managementKey:l,publicKey:p}=s,h=e(s,["managementKey","publicKey"]);const v=t(Object.assign(Object.assign({fetch:d},h),{baseHeaders:Object.assign(Object.assign({},h.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.8"})})),{projectId:k,logger:C}=h,f={},y=((e,t)=>({user:U(e,t),project:x(e,t),accessKey:K(e,t),tenant:D(e,t),ssoApplication:H(e,t),inboundApplication:X(e,t),outboundApplication:Y(e,t),sso:J(e,t),jwt:L(e,t),permission:F(e,t),password:Q(e,t),role:z(e,t),group:q(e,t),flow:G(e,t),theme:B(e,t),audit:W(e,t),authz:V(e,t),fga:_(e,t)}))(v,l),I=Object.assign(Object.assign({},v),{refresh:async e=>v.refresh(e),management:y,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(f[e.kid])return f[e.kid];if(Object.assign(f,await(async()=>{if(p)try{const e=JSON.parse(p),t=await i(e);return{[e.kid]:t}}catch(e){throw null==C||C.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await v.httpClient.get(`v2/keys/${k}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!f[e.kid])throw Error("failed to fetch matching key");return f[e.kid]},async validateJwt(e){var t;const s=(await n(e,I.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==k))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await I.validateJwt(e)}catch(e){throw null==C||C.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s,o,n,a,i;if(!e)throw Error("refresh token is required to refresh a session");try{await I.validateJwt(e);const r=await I.refresh(e);if(r.ok){const e=m(null===(s=null===(t=r.data)||void 0===t?void 0:t.cookies)||void 0===s?void 0:s.join(";"),"DS")||(null===(o=r.data)||void 0===o?void 0:o.sessionJwt),i=await I.validateJwt(e);return i.cookies=(null===(n=r.data)||void 0===n?void 0:n.cookies)||[],(null===(a=r.data)||void 0===a?void 0:a.refreshJwt)&&(i.refreshJwt=r.data.refreshJwt),i}throw Error(null===(i=r.error)||void 0===i?void 0:i.errorMessage)}catch(e){throw null==C||C.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await I.validateSession(e)}catch(e){null==C||C.log(`session validation failed with error ${e} - trying to refresh it`)}return I.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let o;try{o=await I.accessKey.exchange(e,t)}catch(e){throw null==C||C.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!o.ok)throw null==C||C.error("failed to exchange access key",o.error),Error(`could not exchange access key - ${null===(s=o.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:n}=o.data;if(!n)throw null==C||C.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await I.validateJwt(n)}catch(e){throw null==C||C.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>I.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>I.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!u(e,t))return!1;const o=g(e,"permissions",t);return s.every((e=>o.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!u(e,t))return[];const o=g(e,"permissions",t);return s.filter((e=>o.includes(e)))},validateRoles:(e,t)=>I.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>I.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!u(e,t))return!1;const o=g(e,"roles",t);return s.every((e=>o.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!u(e,t))return[];const o=g(e,"roles",t);return s.filter((e=>o.includes(e)))}});return o(I,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],c)};Z.RefreshTokenCookieName="DSR",Z.SessionTokenCookieName="DS",Z.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{Z as default};
2
2
  //# sourceMappingURL=index.esm.js.map