@descope/node-sdk 1.7.7 → 1.7.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +37 -0
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +80 -94
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +5 -5
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import * as _descope_core_js_sdk from '@descope/core-js-sdk';
2
- import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, LoginOptions, SdkResponse, AccessKeyLoginOptions, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
2
+ import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, LoginOptions, SdkResponse, JWTResponse, AccessKeyLoginOptions, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
3
3
  export { DeliveryMethod, JWTResponse, OAuthProvider, ResponseData, SdkResponse } from '@descope/core-js-sdk';
4
4
  import { JWTHeaderParameters, KeyLike } from 'jose';
5
5
 
@@ -16,6 +16,9 @@ interface AuthenticationInfo {
16
16
  token: Token;
17
17
  cookies?: string[];
18
18
  }
19
+ interface RefreshAuthenticationInfo extends AuthenticationInfo {
20
+ refreshJwt?: string;
21
+ }
19
22
  declare type DeliveryMethodForTestUser = DeliveryMethod | 'Embedded';
20
23
 
21
24
  declare type ExpirationUnit = 'minutes' | 'hours' | 'days' | 'weeks';
@@ -807,6 +810,31 @@ declare type InboundApplicationConsentDeleteOptions = {
807
810
  appId?: string;
808
811
  userIds?: string[];
809
812
  };
813
+ declare type PromptType = 'none' | 'login' | 'consent' | 'select_account';
814
+ declare type AccessType = 'offline' | 'online';
815
+ declare type OutboundApplication = {
816
+ id: string;
817
+ name: string;
818
+ description?: string;
819
+ clientId?: string;
820
+ logo?: string;
821
+ discoveryUrl?: string;
822
+ authorizationUrl?: string;
823
+ authorizationUrlParams?: URLParam[];
824
+ tokenUrl?: string;
825
+ tokenUrlParams?: URLParam[];
826
+ revocationUrl?: string;
827
+ defaultScopes?: string[];
828
+ defaultRedirectUrl?: string;
829
+ callbackDomain?: string;
830
+ pkce?: boolean;
831
+ accessType?: AccessType;
832
+ prompt?: Array<PromptType>;
833
+ };
834
+ declare type URLParam = {
835
+ key: string;
836
+ value: string;
837
+ };
810
838
 
811
839
  interface PatchUserOptions {
812
840
  email?: string;
@@ -832,7 +860,7 @@ declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] &
832
860
  };
833
861
  declare const nodeSdk: {
834
862
  ({ managementKey, publicKey, ...config }: NodeSdkArgs): {
835
- refresh: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
863
+ refresh: (token?: string) => Promise<SdkResponse<JWTResponse & {
836
864
  refreshJwt?: string;
837
865
  cookies?: string[];
838
866
  }>>;
@@ -1019,6 +1047,17 @@ declare const nodeSdk: {
1019
1047
  searchConsents: (options?: InboundApplicationConsentSearchOptions) => Promise<SdkResponse<InboundApplicationConsent[]>>;
1020
1048
  deleteConsents: (options: InboundApplicationConsentDeleteOptions) => Promise<SdkResponse<never>>;
1021
1049
  };
1050
+ outboundApplication: {
1051
+ createApplication: (app: Omit<OutboundApplication, "id"> & Partial<Pick<OutboundApplication, "id">> & {
1052
+ clientSecret?: string;
1053
+ }) => Promise<SdkResponse<OutboundApplication>>;
1054
+ updateApplication: (app: OutboundApplication & {
1055
+ clientSecret?: string;
1056
+ }) => Promise<SdkResponse<OutboundApplication>>;
1057
+ deleteApplication: (id: string) => Promise<SdkResponse<never>>;
1058
+ loadApplication: (id: string) => Promise<SdkResponse<OutboundApplication>>;
1059
+ loadAllApplications: () => Promise<SdkResponse<OutboundApplication[]>>;
1060
+ };
1022
1061
  sso: {
1023
1062
  getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
1024
1063
  newSettings: (tenantId: string, ssoId: string, displayName: string) => Promise<SdkResponse<SSOSettings>>;
@@ -1036,9 +1075,9 @@ declare const nodeSdk: {
1036
1075
  update: (jwt: string, customClaims?: Record<string, any>, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
1037
1076
  impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean, customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
1038
1077
  stopImpersonation: (jwt: string, customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<UpdateJWTResponse>>;
1039
- signIn: (loginId: string, loginOptions?: MgmtLoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1040
- signUp: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1041
- signUpOrIn: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1078
+ signIn: (loginId: string, loginOptions?: MgmtLoginOptions) => Promise<SdkResponse<JWTResponse>>;
1079
+ signUp: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<JWTResponse>>;
1080
+ signUpOrIn: (loginId: string, user?: MgmtUserOptions, signUpOptions?: MgmtSignUpOptions) => Promise<SdkResponse<JWTResponse>>;
1042
1081
  anonymous: (customClaims?: Record<string, any>, selectedTenant?: string, refreshDuration?: number) => Promise<SdkResponse<{
1043
1082
  refreshJwt?: string;
1044
1083
  cookieDomain?: string;
@@ -1071,6 +1110,7 @@ declare const nodeSdk: {
1071
1110
  loadAllGroupsForMember: (tenantId: string, userIds: string[], loginIds: string[]) => Promise<SdkResponse<Group[]>>;
1072
1111
  loadAllGroupMembers: (tenantId: string, groupId: string) => Promise<SdkResponse<Group[]>>;
1073
1112
  };
1113
+ /** Fetch the public keys (JWKs) from Descope for the configured project */
1074
1114
  flow: {
1075
1115
  list: () => Promise<SdkResponse<FlowsResponse>>;
1076
1116
  delete: (flowIds: string[]) => Promise<SdkResponse<never>>;
@@ -1098,7 +1138,12 @@ declare const nodeSdk: {
1098
1138
  deleteRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
1099
1139
  deleteResourceRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
1100
1140
  deleteRelationsForIds: (ids: string[]) => Promise<SdkResponse<never>>;
1101
- hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>;
1141
+ hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>; /**
1142
+ * Validate session and refresh it if it expired
1143
+ * @param sessionToken session JWT
1144
+ * @param refreshToken refresh JWT
1145
+ * @returns RefreshAuthenticationInfo promise or throws Error if there is an issue with JWTs
1146
+ */
1102
1147
  whoCanAccess: (resource: string, relationDefinition: string, namespace: string) => Promise<SdkResponse<string[]>>;
1103
1148
  resourceRelations: (resource: string, ignoreTargetSetRelations?: boolean) => Promise<SdkResponse<AuthzRelation[]>>;
1104
1149
  targetsRelations: (targets: string[], includeTargetSetRelations?: boolean) => Promise<SdkResponse<AuthzRelation[]>>;
@@ -1120,8 +1165,8 @@ declare const nodeSdk: {
1120
1165
  getKey: (header: JWTHeaderParameters) => Promise<KeyLike | Uint8Array>;
1121
1166
  validateJwt: (jwt: string) => Promise<AuthenticationInfo>;
1122
1167
  validateSession: (sessionToken: string) => Promise<AuthenticationInfo>;
1123
- refreshSession: (refreshToken: string) => Promise<AuthenticationInfo>;
1124
- validateAndRefreshSession: (sessionToken?: string, refreshToken?: string) => Promise<AuthenticationInfo>;
1168
+ refreshSession: (refreshToken: string) => Promise<RefreshAuthenticationInfo>;
1169
+ validateAndRefreshSession: (sessionToken?: string, refreshToken?: string) => Promise<RefreshAuthenticationInfo>;
1125
1170
  exchangeAccessKey: (accessKey: string, loginOptions?: AccessKeyLoginOptions) => Promise<AuthenticationInfo>;
1126
1171
  validatePermissions: (authInfo: AuthenticationInfo, permissions: string[]) => boolean;
1127
1172
  getMatchedPermissions: (authInfo: AuthenticationInfo, permissions: string[]) => string[];
@@ -1136,19 +1181,19 @@ declare const nodeSdk: {
1136
1181
  };
1137
1182
  otp: {
1138
1183
  verify: {
1139
- sms: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1184
+ sms: (loginId: string, code: string) => Promise<SdkResponse<JWTResponse & {
1140
1185
  refreshJwt?: string;
1141
1186
  cookies?: string[];
1142
1187
  }>>;
1143
- voice: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1188
+ voice: (loginId: string, code: string) => Promise<SdkResponse<JWTResponse & {
1144
1189
  refreshJwt?: string;
1145
1190
  cookies?: string[];
1146
1191
  }>>;
1147
- whatsapp: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1192
+ whatsapp: (loginId: string, code: string) => Promise<SdkResponse<JWTResponse & {
1148
1193
  refreshJwt?: string;
1149
1194
  cookies?: string[];
1150
1195
  }>>;
1151
- email: (loginId: string, code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1196
+ email: (loginId: string, code: string) => Promise<SdkResponse<JWTResponse & {
1152
1197
  refreshJwt?: string;
1153
1198
  cookies?: string[];
1154
1199
  }>>;
@@ -1249,13 +1294,7 @@ declare const nodeSdk: {
1249
1294
  };
1250
1295
  update: {
1251
1296
  email: <T extends boolean>(loginId: string, email: string, token?: string, updateOptions?: {
1252
- addToLoginIDs?: T; /**
1253
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1254
- * @param authInfo JWT parsed info containing the permissions
1255
- * @param tenant tenant to match the permissions for
1256
- * @param permissions List of permissions to match against the JWT claims
1257
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1258
- * */
1297
+ addToLoginIDs?: T;
1259
1298
  onMergeUseExisting?: T extends true ? boolean : never;
1260
1299
  templateOptions?: {
1261
1300
  [x: string]: string;
@@ -1267,13 +1306,7 @@ declare const nodeSdk: {
1267
1306
  }>>;
1268
1307
  phone: {
1269
1308
  sms: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1270
- addToLoginIDs?: T_1; /**
1271
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1272
- * @param authInfo JWT parsed info containing the permissions
1273
- * @param tenant tenant to match the permissions for
1274
- * @param permissions List of permissions to match against the JWT claims
1275
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1276
- * */
1309
+ addToLoginIDs?: T_1;
1277
1310
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1278
1311
  templateOptions?: {
1279
1312
  [x: string]: string;
@@ -1284,13 +1317,7 @@ declare const nodeSdk: {
1284
1317
  maskedPhone: string;
1285
1318
  }>>;
1286
1319
  voice: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1287
- addToLoginIDs?: T_1; /**
1288
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1289
- * @param authInfo JWT parsed info containing the permissions
1290
- * @param tenant tenant to match the permissions for
1291
- * @param permissions List of permissions to match against the JWT claims
1292
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1293
- * */
1320
+ addToLoginIDs?: T_1;
1294
1321
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1295
1322
  templateOptions?: {
1296
1323
  [x: string]: string;
@@ -1301,13 +1328,7 @@ declare const nodeSdk: {
1301
1328
  maskedPhone: string;
1302
1329
  }>>;
1303
1330
  whatsapp: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
1304
- addToLoginIDs?: T_1; /**
1305
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1306
- * @param authInfo JWT parsed info containing the permissions
1307
- * @param tenant tenant to match the permissions for
1308
- * @param permissions List of permissions to match against the JWT claims
1309
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1310
- * */
1331
+ addToLoginIDs?: T_1;
1311
1332
  onMergeUseExisting?: T_1 extends true ? boolean : never;
1312
1333
  templateOptions?: {
1313
1334
  [x: string]: string;
@@ -1321,7 +1342,7 @@ declare const nodeSdk: {
1321
1342
  };
1322
1343
  };
1323
1344
  magicLink: {
1324
- verify: (token: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1345
+ verify: (token: string) => Promise<SdkResponse<JWTResponse & {
1325
1346
  refreshJwt?: string;
1326
1347
  cookies?: string[];
1327
1348
  }>>;
@@ -1445,13 +1466,7 @@ declare const nodeSdk: {
1445
1466
  };
1446
1467
  update: {
1447
1468
  email: <T_2 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
1448
- addToLoginIDs?: T_2; /**
1449
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1450
- * @param authInfo JWT parsed info containing the permissions
1451
- * @param tenant tenant to match the permissions for
1452
- * @param permissions List of permissions to match against the JWT claims
1453
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1454
- * */
1469
+ addToLoginIDs?: T_2;
1455
1470
  onMergeUseExisting?: T_2 extends true ? boolean : never;
1456
1471
  templateOptions?: {
1457
1472
  [x: string]: string;
@@ -1463,13 +1478,7 @@ declare const nodeSdk: {
1463
1478
  }>>;
1464
1479
  phone: {
1465
1480
  sms: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1466
- addToLoginIDs?: T_3; /**
1467
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1468
- * @param authInfo JWT parsed info containing the permissions
1469
- * @param tenant tenant to match the permissions for
1470
- * @param permissions List of permissions to match against the JWT claims
1471
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1472
- * */
1481
+ addToLoginIDs?: T_3;
1473
1482
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1474
1483
  templateOptions?: {
1475
1484
  [x: string]: string;
@@ -1480,13 +1489,7 @@ declare const nodeSdk: {
1480
1489
  maskedPhone: string;
1481
1490
  }>>;
1482
1491
  voice: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1483
- addToLoginIDs?: T_3; /**
1484
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1485
- * @param authInfo JWT parsed info containing the permissions
1486
- * @param tenant tenant to match the permissions for
1487
- * @param permissions List of permissions to match against the JWT claims
1488
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1489
- * */
1492
+ addToLoginIDs?: T_3;
1490
1493
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1491
1494
  templateOptions?: {
1492
1495
  [x: string]: string;
@@ -1497,13 +1500,7 @@ declare const nodeSdk: {
1497
1500
  maskedPhone: string;
1498
1501
  }>>;
1499
1502
  whatsapp: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
1500
- addToLoginIDs?: T_3; /**
1501
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1502
- * @param authInfo JWT parsed info containing the permissions
1503
- * @param tenant tenant to match the permissions for
1504
- * @param permissions List of permissions to match against the JWT claims
1505
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1506
- * */
1503
+ addToLoginIDs?: T_3;
1507
1504
  onMergeUseExisting?: T_3 extends true ? boolean : never;
1508
1505
  templateOptions?: {
1509
1506
  [x: string]: string;
@@ -1549,16 +1546,10 @@ declare const nodeSdk: {
1549
1546
  waitForSession: (pendingRef: string, config?: {
1550
1547
  pollingIntervalMs: number;
1551
1548
  timeoutMs: number;
1552
- }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1549
+ }) => Promise<SdkResponse<JWTResponse>>;
1553
1550
  update: {
1554
1551
  email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
1555
- addToLoginIDs?: T_4; /**
1556
- * Retrieves the permissions from JWT tenant claims that match the specified permissions list
1557
- * @param authInfo JWT parsed info containing the permissions
1558
- * @param tenant tenant to match the permissions for
1559
- * @param permissions List of permissions to match against the JWT claims
1560
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1561
- * */
1552
+ addToLoginIDs?: T_4;
1562
1553
  onMergeUseExisting?: T_4 extends true ? boolean : never;
1563
1554
  templateOptions?: {
1564
1555
  [x: string]: string;
@@ -1580,7 +1571,7 @@ declare const nodeSdk: {
1580
1571
  linkedin: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1581
1572
  slack: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1582
1573
  };
1583
- exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1574
+ exchange: (code: string) => Promise<SdkResponse<JWTResponse & {
1584
1575
  refreshJwt?: string;
1585
1576
  cookies?: string[];
1586
1577
  }>>;
@@ -1592,7 +1583,7 @@ declare const nodeSdk: {
1592
1583
  verifyOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<{
1593
1584
  code: string;
1594
1585
  }>>;
1595
- exchangeOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1586
+ exchangeOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<JWTResponse>>;
1596
1587
  };
1597
1588
  outbound: {
1598
1589
  connect: (appId: string, options?: {
@@ -1602,7 +1593,7 @@ declare const nodeSdk: {
1602
1593
  };
1603
1594
  saml: {
1604
1595
  start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1605
- exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1596
+ exchange: (code: string) => Promise<SdkResponse<JWTResponse & {
1606
1597
  refreshJwt?: string;
1607
1598
  cookies?: string[];
1608
1599
  }>>;
@@ -1616,7 +1607,7 @@ declare const nodeSdk: {
1616
1607
  familyName?: string;
1617
1608
  phone?: string;
1618
1609
  }) => Promise<SdkResponse<_descope_core_js_sdk.TOTPResponse>>;
1619
- verify: (loginId: string, code: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1610
+ verify: (loginId: string, code: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<JWTResponse & {
1620
1611
  refreshJwt?: string;
1621
1612
  cookies?: string[];
1622
1613
  }>>;
@@ -1660,7 +1651,7 @@ declare const nodeSdk: {
1660
1651
  waitForSession: (pendingRef: string, config?: {
1661
1652
  pollingIntervalMs: number;
1662
1653
  timeoutMs: number;
1663
- }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1654
+ }) => Promise<SdkResponse<JWTResponse>>;
1664
1655
  };
1665
1656
  webauthn: {
1666
1657
  signUp: {
@@ -1669,7 +1660,7 @@ declare const nodeSdk: {
1669
1660
  options: string;
1670
1661
  create: boolean;
1671
1662
  }>>;
1672
- finish: (transactionId: string, response: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1663
+ finish: (transactionId: string, response: string) => Promise<SdkResponse<JWTResponse & {
1673
1664
  refreshJwt?: string;
1674
1665
  cookies?: string[];
1675
1666
  }>>;
@@ -1680,7 +1671,7 @@ declare const nodeSdk: {
1680
1671
  options: string;
1681
1672
  create: boolean;
1682
1673
  }>>;
1683
- finish: (transactionId: string, response: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
1674
+ finish: (transactionId: string, response: string) => Promise<SdkResponse<JWTResponse & {
1684
1675
  refreshJwt?: string;
1685
1676
  cookies?: string[];
1686
1677
  }>>;
@@ -1715,8 +1706,8 @@ declare const nodeSdk: {
1715
1706
  templateOptions?: {
1716
1707
  [x: string]: string;
1717
1708
  };
1718
- }) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1719
- signIn: (loginId: string, password: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1709
+ }) => Promise<SdkResponse<JWTResponse>>;
1710
+ signIn: (loginId: string, password: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<JWTResponse>>;
1720
1711
  sendReset: (loginId: string, redirectUrl?: string, templateOptions?: {
1721
1712
  [x: string]: string;
1722
1713
  }) => Promise<SdkResponse<{
@@ -1726,7 +1717,7 @@ declare const nodeSdk: {
1726
1717
  maskedEmail: string;
1727
1718
  }>>;
1728
1719
  update: (loginId: string, newPassword: string, token?: string) => Promise<SdkResponse<never>>;
1729
- replace: (loginId: string, oldPassword: string, newPassword: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1720
+ replace: (loginId: string, oldPassword: string, newPassword: string) => Promise<SdkResponse<JWTResponse>>;
1730
1721
  policy: () => Promise<SdkResponse<{
1731
1722
  minLength: number;
1732
1723
  lowercase: boolean;
@@ -1762,12 +1753,7 @@ declare const nodeSdk: {
1762
1753
  oidcLoginHint?: string;
1763
1754
  abTestingKey?: number;
1764
1755
  startOptionsVersion?: number;
1765
- client?: Record<string, any>; /**
1766
- * Retrieves the permissions from JWT top level claims that match the specified permissions list
1767
- * @param authInfo JWT parsed info containing the permissions
1768
- * @param permissions List of permissions to match against the JWT claims
1769
- * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
1770
- */
1756
+ client?: Record<string, any>;
1771
1757
  locale?: string;
1772
1758
  oidcPrompt?: string;
1773
1759
  oidcErrorRedirectUri?: string;
@@ -1787,7 +1773,7 @@ declare const nodeSdk: {
1787
1773
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
1788
1774
  }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
1789
1775
  };
1790
- selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1776
+ selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<JWTResponse>>;
1791
1777
  logout: (token?: string) => Promise<SdkResponse<never>>;
1792
1778
  logoutAll: (token?: string) => Promise<SdkResponse<never>>;
1793
1779
  me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as n}from"@descope/core-js-sdk";import{jwtVerify as o,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=r);const d=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=t=>async(...s)=>{var n,o,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,p=e(r,["refreshJwt"]);const d=[];var m;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(m=p)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:d})})};function c(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function g(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},h={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},v={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},k={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},C={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},f={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},y={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},I={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},b={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},S={settings:"/v1/mgmt/password/settings"},A={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},w={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},O={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},j={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},T={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},N={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},R={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},P={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};const E=(e,t)=>({create:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(u.create,C,{token:t}),(e=>e.user))},createTestUser:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(u.createTestUser,C,{token:t}),(e=>e.user))},invite:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k,C,f,y,I){const b="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:h,sendSMS:v,additionalLoginIds:y,templateId:I}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(u.create,b,{token:t}),(e=>e.user))},inviteBatch:(n,o,a,i,r,l)=>s(e.httpClient.post(u.createBatch,{users:n.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:o,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(n,o,a,i,r,l,p,d,m,c,g,h,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(u.update,C,{token:t}),(e=>e.user))},patch:function(n,o){const a={loginId:n};return void 0!==o.email&&(a.email=o.email),void 0!==o.phone&&(a.phone=o.phone),void 0!==o.displayName&&(a.displayName=o.displayName),void 0!==o.givenName&&(a.givenName=o.givenName),void 0!==o.middleName&&(a.middleName=o.middleName),void 0!==o.familyName&&(a.familyName=o.familyName),void 0!==o.roles&&(a.roleNames=o.roles),void 0!==o.userTenants&&(a.userTenants=o.userTenants),void 0!==o.customAttributes&&(a.customAttributes=o.customAttributes),void 0!==o.picture&&(a.picture=o.picture),void 0!==o.verifiedEmail&&(a.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(a.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(a.ssoAppIds=o.ssoAppIds),void 0!==o.scim&&(a.scim=o.scim),s(e.httpClient.patch(u.patch,a,{token:t}),(e=>e.user))},delete:n=>s(e.httpClient.post(u.delete,{loginId:n},{token:t})),deleteByUserId:n=>s(e.httpClient.post(u.delete,{userId:n},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:n=>s(e.httpClient.get(u.load,{queryParams:{loginId:n},token:t}),(e=>e.user)),loadByUserId:n=>s(e.httpClient.get(u.load,{queryParams:{userId:n},token:t}),(e=>e.user)),logoutUser:n=>s(e.httpClient.post(u.logout,{loginId:n},{token:t})),logoutUserByUserId:n=>s(e.httpClient.post(u.logout,{userId:n},{token:t})),searchAll:(n,o,a,i,r,l,p,d,m,c)=>s(e.httpClient.post(u.search,{tenantIds:n,roleNames:o,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:p,statuses:d,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:n=>s(e.httpClient.post(u.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),search:n=>s(e.httpClient.post(u.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(n,o,a)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:n,provider:o,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"enabled"},{token:t}),(e=>e.user)),deactivate:n=>s(e.httpClient.post(u.updateStatus,{loginId:n,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(n,o)=>s(e.httpClient.post(u.updateLoginId,{loginId:n,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(n,o,a)=>s(e.httpClient.post(u.updateEmail,{loginId:n,email:o,verified:a},{token:t}),(e=>e.user)),updatePhone:(n,o,a)=>s(e.httpClient.post(u.updatePhone,{loginId:n,phone:o,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(n,o,a,i,r)=>s(e.httpClient.post(u.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(n,o)=>s(e.httpClient.post(u.updatePicture,{loginId:n,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(n,o)=>s(e.httpClient.post(u.setRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addRoles:(n,o)=>s(e.httpClient.post(u.addRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(n,o)=>s(e.httpClient.post(u.removeRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addTenant:(n,o)=>s(e.httpClient.post(u.addTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(n,o)=>s(e.httpClient.post(u.removeTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(n,o,a)=>s(e.httpClient.post(u.setRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(n,o,a)=>s(e.httpClient.post(u.addRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(n,o,a)=>s(e.httpClient.post(u.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(n,o)=>s(e.httpClient.post(u.addSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(n,o)=>s(e.httpClient.post(u.setSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(n,o)=>s(e.httpClient.post(u.removeSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,i)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(n,o,a)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:n,customClaims:o,timeout:a},{token:t}),(e=>e)),generateSignUpEmbeddedLink:(n,o,a,i,r,l)=>s(e.httpClient.post(u.generateSignUpEmbeddedLink,{loginId:n,user:o,emailVerified:a,phoneVerified:i,loginOptions:r,timeout:l},{token:t}),(e=>e)),setTemporaryPassword:(n,o)=>s(e.httpClient.post(u.setTemporaryPassword,{loginId:n,password:o},{token:t}),(e=>e)),setActivePassword:(n,o)=>s(e.httpClient.post(u.setActivePassword,{loginId:n,password:o},{token:t}),(e=>e)),setPassword:(n,o)=>s(e.httpClient.post(u.setPassword,{loginId:n,password:o},{token:t}),(e=>e)),expirePassword:n=>s(e.httpClient.post(u.expirePassword,{loginId:n},{token:t}),(e=>e)),removeAllPasskeys:n=>s(e.httpClient.post(u.removeAllPasskeys,{loginId:n},{token:t}),(e=>e)),removeTOTPSeed:n=>s(e.httpClient.post(u.removeTOTPSeed,{loginId:n},{token:t}),(e=>e)),history:n=>s(e.httpClient.post(u.history,n,{token:t}),(e=>e))}),M=(e,t)=>({updateName:n=>s(e.httpClient.post(h.updateName,{name:n},{token:t})),updateTags:n=>s(e.httpClient.post(h.updateTags,{tags:n},{token:t})),clone:(n,o,a)=>s(e.httpClient.post(h.clone,{name:n,environment:o,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(h.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t})),importSnapshot:n=>s(e.httpClient.post(h.importSnapshot,n,{token:t})),validateSnapshot:n=>s(e.httpClient.post(h.validateSnapshot,n,{token:t})),export:()=>s(e.httpClient.post(h.exportSnapshot,{},{token:t}),(e=>e.files)),import:n=>s(e.httpClient.post(h.importSnapshot,{files:n},{token:t}))}),U=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(k.create,{name:n,selfProvisioningDomains:o,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(n,o,a,i,r,l)=>s(e.httpClient.post(k.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(k.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(k.delete,{id:n,cascade:o},{token:t})),load:n=>s(e.httpClient.get(k.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(k.loadAll,{token:t}),(e=>e.tenants)),searchAll:(n,o,a,i)=>s(e.httpClient.post(k.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:n=>s(e.httpClient.get(k.settings,{queryParams:{id:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(k.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t})),generateSSOConfigurationLink:(n,o,a,i,r)=>s(e.httpClient.post(k.generateSSOConfigurationLink,{tenantId:n,expireTime:o,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),x=(e,t)=>({update:(n,o,a)=>s(e.httpClient.post(b.update,{jwt:n,customClaims:o,refreshDuration:a},{token:t})),impersonate:(n,o,a,i,r,l)=>s(e.httpClient.post(b.impersonate,{impersonatorId:n,loginId:o,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(n,o,a,i)=>s(e.httpClient.post(b.stopImpersonation,{jwt:n,customClaims:o,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(n,o)=>s(e.httpClient.post(b.signIn,Object.assign({loginId:n},o),{token:t})),signUp:(n,o,a)=>s(e.httpClient.post(b.signUp,Object.assign({loginId:n,user:o},a),{token:t})),signUpOrIn:(n,o,a)=>s(e.httpClient.post(b.signUpOrIn,Object.assign({loginId:n,user:o},a),{token:t})),anonymous:(n,o,a)=>s(e.httpClient.post(b.anonymous,{customClaims:n,selectedTenant:o,refreshDuration:a},{token:t}))}),D=(e,t)=>({create:(n,o)=>s(e.httpClient.post(A.create,{name:n,description:o},{token:t})),update:(n,o,a)=>s(e.httpClient.post(A.update,{name:n,newName:o,description:a},{token:t})),delete:n=>s(e.httpClient.post(A.delete,{name:n},{token:t})),loadAll:()=>s(e.httpClient.get(A.loadAll,{token:t}),(e=>e.permissions))}),L=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(w.create,{name:n,description:o,permissionNames:a,tenantId:i,default:r},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(w.update,{name:n,newName:o,description:a,permissionNames:i,tenantId:r,default:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(w.delete,{name:n,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(w.loadAll,{token:t}),(e=>e.roles)),search:n=>s(e.httpClient.post(w.search,n,{token:t}),(e=>e.roles))}),F=(e,t)=>({loadAllGroups:n=>s(e.httpClient.post(T.loadAllGroups,{tenantId:n},{token:t})),loadAllGroupsForMember:(n,o,a)=>s(e.httpClient.post(T.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:t})),loadAllGroupMembers:(n,o)=>s(e.httpClient.post(T.loadAllGroupMembers,{tenantId:n,groupId:o},{token:t}))});function z(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const q=(e,t)=>({getSettings:n=>s(e.httpClient.get(I.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),newSettings:(n,o,a)=>s(e.httpClient.post(I.settingsNew,Object.assign(Object.assign({tenantId:n},o?{ssoId:o}:{}),{displayName:a}),{token:t}),(e=>z(e))),deleteSettings:(n,o)=>s(e.httpClient.delete(I.settings,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t})),configureSettings:(n,o,a,i,r,l)=>s(e.httpClient.post(I.settings,{tenantId:n,idpURL:o,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(n,o,a,i)=>s(e.httpClient.post(I.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:i},{token:t})),configureMapping:(n,o,a)=>s(e.httpClient.post(I.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:t})),configureOIDCSettings:(n,o,a,i)=>{const r=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(I.oidc.configure,Object.assign({tenantId:n,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(n,o,a,i,r)=>s(e.httpClient.post(I.saml.configure,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(n,o,a,i,r)=>s(e.httpClient.post(I.saml.metadata,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(n,o)=>s(e.httpClient.get(I.settingsv2,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t}),(e=>z(e))),loadAllSettings:n=>s(e.httpClient.get(I.settingsAllV2,{queryParams:{tenantId:n},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(z(e)))),s}(e)))}),$=(e,t)=>({create:(n,o,a,i,r,l,p,d)=>s(e.httpClient.post(v.create,{name:n,expireTime:o,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:p,permittedIps:d},{token:t})),load:n=>s(e.httpClient.get(v.load,{queryParams:{id:n},token:t}),(e=>e.key)),searchAll:n=>s(e.httpClient.post(v.search,{tenantIds:n},{token:t}),(e=>e.keys)),update:(n,o,a,i,r,l,p)=>s(e.httpClient.post(v.update,{id:n,name:o,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:p},{token:t}),(e=>e.key)),deactivate:n=>s(e.httpClient.post(v.deactivate,{id:n},{token:t})),activate:n=>s(e.httpClient.post(v.activate,{id:n},{token:t})),delete:n=>s(e.httpClient.post(v.delete,{id:n},{token:t}))}),J=(e,t)=>({list:()=>s(e.httpClient.post(O.list,{},{token:t})),delete:n=>s(e.httpClient.post(O.delete,{ids:n},{token:t})),export:n=>s(e.httpClient.post(O.export,{flowId:n},{token:t})),import:(n,o,a)=>s(e.httpClient.post(O.import,{flowId:n,flow:o,screens:a},{token:t}))}),K=(e,t)=>({export:()=>s(e.httpClient.post(j.export,{},{token:t})),import:n=>s(e.httpClient.post(j.import,{theme:n},{token:t}))}),G=(e,t)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,s(e.httpClient.post(N.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const o=Object.assign({},n);return s(e.httpClient.post(N.createEvent,o,{token:t}))}}),B=(e,t)=>({saveSchema:(n,o)=>s(e.httpClient.post(R.schemaSave,{schema:n,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(R.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(R.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(n,o,a)=>s(e.httpClient.post(R.nsSave,{namespace:n,oldName:o,schemaName:a},{token:t})),deleteNamespace:(n,o)=>s(e.httpClient.post(R.nsDelete,{name:n,schemaName:o},{token:t})),saveRelationDefinition:(n,o,a,i)=>s(e.httpClient.post(R.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(n,o,a)=>s(e.httpClient.post(R.rdDelete,{name:n,namespace:o,schemaName:a},{token:t})),createRelations:n=>s(e.httpClient.post(R.reCreate,{relations:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(R.reDelete,{relations:n},{token:t})),deleteRelationsForResources:n=>s(e.httpClient.post(R.reDeleteResources,{resources:n},{token:t})),deleteResourceRelationsForResources:n=>s(e.httpClient.post(R.reDeleteResourceRelationsForResources,{resources:n},{token:t})),deleteRelationsForIds:n=>s(e.httpClient.post(R.reDeleteResources,{resources:n},{token:t})),hasRelations:n=>s(e.httpClient.post(R.hasRelations,{relationQueries:n},{token:t}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>s(e.httpClient.post(R.who,{resource:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(n,o=!1)=>s(e.httpClient.post(R.resource,{resource:n,ignoreTargetSetRelations:o},{token:t}),(e=>e.relations)),targetsRelations:(n,o=!1)=>s(e.httpClient.post(R.targets,{targets:n,includeTargetSetRelations:o},{token:t}),(e=>e.relations)),whatCanTargetAccess:n=>s(e.httpClient.post(R.targetAll,{target:n},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,o,a)=>s(e.httpClient.post(R.targetWithRelation,{target:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>s(e.httpClient.post(R.getModified,{since:n?n.getTime():0},{token:t}),(e=>e))}),W=(e,t)=>({createOidcApplication:n=>{var o;return s(e.httpClient.post(C.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:n=>{var o;return s(e.httpClient.post(C.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:n=>s(e.httpClient.post(C.oidcUpdate,Object.assign({},n),{token:t})),updateSamlApplication:n=>s(e.httpClient.post(C.samlUpdate,Object.assign({},n),{token:t})),delete:n=>s(e.httpClient.post(C.delete,{id:n},{token:t})),load:n=>s(e.httpClient.get(C.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.apps))}),V=(e,t)=>({getSettings:n=>s(e.httpClient.get(S.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(S.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t}))}),H=(e,t)=>({saveSchema:n=>s(e.httpClient.post(P.schema,n,{token:t})),deleteSchema:()=>s(e.httpClient.post(R.schemaDelete,{},{token:t})),createRelations:n=>s(e.httpClient.post(P.relations,{tuples:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(P.deleteRelations,{tuples:n},{token:t})),check:n=>s(e.httpClient.post(P.check,{tuples:n},{token:t}),(e=>e.tuples)),loadResourcesDetails:n=>s(e.httpClient.post(P.resourcesLoad,{resourceIdentifiers:n},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:n=>s(e.httpClient.post(P.resourcesSave,{resourcesDetails:n},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(P.relations,{token:t}))}),Q=(e,t)=>({createApplication:n=>s(e.httpClient.post(f.create,Object.assign({},n),{token:t})),updateApplication:n=>s(e.httpClient.post(f.update,Object.assign({},n),{token:t})),patchApplication:n=>s(e.httpClient.post(f.patch,Object.assign({},n),{token:t})),deleteApplication:n=>s(e.httpClient.post(f.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(f.load,{queryParams:{id:n},token:t}),(e=>e)),loadAllApplications:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.apps)),getApplicationSecret:n=>s(e.httpClient.get(f.secret,{queryParams:{id:n},token:t}),(e=>e)),rotateApplicationSecret:n=>s(e.httpClient.post(f.rotate,{id:n},{token:t})),searchConsents:n=>s(e.httpClient.post(y.search,Object.assign({},n),{token:t}),(e=>e.consents)),deleteConsents:n=>s(e.httpClient.post(y.delete,Object.assign({},n),{token:t}))});const _=s=>{var r,{managementKey:l,publicKey:p}=s,u=e(s,["managementKey","publicKey"]);const h=t(Object.assign(Object.assign({fetch:d},u),{baseHeaders:Object.assign(Object.assign({},u.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.7"})})),{projectId:v,logger:k}=u,C={},f=((e,t)=>({user:E(e,t),project:M(e,t),accessKey:$(e,t),tenant:U(e,t),ssoApplication:W(e,t),inboundApplication:Q(e,t),sso:q(e,t),jwt:x(e,t),permission:D(e,t),password:V(e,t),role:L(e,t),group:F(e,t),flow:J(e,t),theme:K(e,t),audit:G(e,t),authz:B(e,t),fga:H(e,t)}))(h,l),y=Object.assign(Object.assign({},h),{refresh:async e=>h.refresh(e),management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(C[e.kid])return C[e.kid];if(Object.assign(C,await(async()=>{if(p)try{const e=JSON.parse(p),t=await i(e);return{[e.kid]:t}}catch(e){throw null==k||k.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await h.httpClient.get(`v2/keys/${v}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!C[e.kid])throw Error("failed to fetch matching key");return C[e.kid]},async validateJwt(e){var t;const s=(await o(e,y.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==v))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await y.validateJwt(e)}catch(e){throw null==k||k.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await y.validateJwt(e);const n=await y.refresh(e);if(n.ok){return await y.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==k||k.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await y.validateSession(e)}catch(e){null==k||k.log(`session validation failed with error ${e} - trying to refresh it`)}return y.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await y.accessKey.exchange(e,t)}catch(e){throw null==k||k.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==k||k.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=n.data;if(!o)throw null==k||k.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await y.validateJwt(o)}catch(e){throw null==k||k.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>y.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>y.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!g(e,t))return!1;const n=c(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!g(e,t))return[];const n=c(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>y.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>y.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!g(e,t))return!1;const n=c(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!g(e,t))return[];const n=c(e,"roles",t);return s.filter((e=>n.includes(e)))}});return n(y,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};_.RefreshTokenCookieName="DSR",_.SessionTokenCookieName="DS",_.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{_ as default};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as n,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=r);const d=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null},c=t=>async(...s)=>{var o,n,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,p=e(r,["refreshJwt"]);const d=[];var c;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(c=p)?void 0:c.cookieDomain)||""}; Max-Age=${(null==c?void 0:c.cookieMaxAge)||""}; Path=${(null==c?void 0:c.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=m(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),d.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:d})})};function g(e,t,s){var o,n;const a=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(a)?a:[]}function u(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var h={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},v={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},k={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},C={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},f={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},y={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},I={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},b={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps"},A={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},S={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},w={settings:"/v1/mgmt/password/settings"},O={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},j={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},T={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},N={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},R={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},P={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},E={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},M={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};const U=(e,t)=>({create:function(o,n,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(h.create,C,{token:t}),(e=>e.user))},createTestUser:function(o,n,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(h.createTestUser,C,{token:t}),(e=>e.user))},invite:function(o,n,a,i,r,l,p,d,m,c,g,u,v,k,C,f,y,I){const b="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:u,sendSMS:v,additionalLoginIds:y,templateId:I}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(h.create,b,{token:t}),(e=>e.user))},inviteBatch:(o,n,a,i,r,l)=>s(e.httpClient.post(h.createBatch,{users:o.map((e=>{const t=Object.assign(Object.assign({},e),{roleNames:e.roles});return delete t.roles,t})),invite:!0,inviteUrl:n,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),update:function(o,n,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof n?{loginId:o,email:n,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:o},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(h.update,C,{token:t}),(e=>e.user))},patch:function(o,n){const a={loginId:o};return void 0!==n.email&&(a.email=n.email),void 0!==n.phone&&(a.phone=n.phone),void 0!==n.displayName&&(a.displayName=n.displayName),void 0!==n.givenName&&(a.givenName=n.givenName),void 0!==n.middleName&&(a.middleName=n.middleName),void 0!==n.familyName&&(a.familyName=n.familyName),void 0!==n.roles&&(a.roleNames=n.roles),void 0!==n.userTenants&&(a.userTenants=n.userTenants),void 0!==n.customAttributes&&(a.customAttributes=n.customAttributes),void 0!==n.picture&&(a.picture=n.picture),void 0!==n.verifiedEmail&&(a.verifiedEmail=n.verifiedEmail),void 0!==n.verifiedPhone&&(a.verifiedPhone=n.verifiedPhone),void 0!==n.ssoAppIds&&(a.ssoAppIds=n.ssoAppIds),void 0!==n.scim&&(a.scim=n.scim),s(e.httpClient.patch(h.patch,a,{token:t}),(e=>e.user))},delete:o=>s(e.httpClient.post(h.delete,{loginId:o},{token:t})),deleteByUserId:o=>s(e.httpClient.post(h.delete,{userId:o},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(h.deleteAllTestUsers,{token:t})),load:o=>s(e.httpClient.get(h.load,{queryParams:{loginId:o},token:t}),(e=>e.user)),loadByUserId:o=>s(e.httpClient.get(h.load,{queryParams:{userId:o},token:t}),(e=>e.user)),logoutUser:o=>s(e.httpClient.post(h.logout,{loginId:o},{token:t})),logoutUserByUserId:o=>s(e.httpClient.post(h.logout,{userId:o},{token:t})),searchAll:(o,n,a,i,r,l,p,d,m,c)=>s(e.httpClient.post(h.search,{tenantIds:o,roleNames:n,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:p,statuses:d,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:o=>s(e.httpClient.post(h.searchTestUsers,Object.assign(Object.assign({},o),{withTestUser:!0,testUsersOnly:!0,roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),search:o=>s(e.httpClient.post(h.search,Object.assign(Object.assign({},o),{roleNames:o.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(o,n,a)=>s(e.httpClient.get(h.getProviderToken,{queryParams:{loginId:o,provider:n,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:o=>s(e.httpClient.post(h.updateStatus,{loginId:o,status:"enabled"},{token:t}),(e=>e.user)),deactivate:o=>s(e.httpClient.post(h.updateStatus,{loginId:o,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(o,n)=>s(e.httpClient.post(h.updateLoginId,{loginId:o,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(o,n,a)=>s(e.httpClient.post(h.updateEmail,{loginId:o,email:n,verified:a},{token:t}),(e=>e.user)),updatePhone:(o,n,a)=>s(e.httpClient.post(h.updatePhone,{loginId:o,phone:n,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(o,n,a,i,r)=>s(e.httpClient.post(h.updateDisplayName,{loginId:o,displayName:n,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(o,n)=>s(e.httpClient.post(h.updatePicture,{loginId:o,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(o,n,a)=>s(e.httpClient.post(h.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(o,n)=>s(e.httpClient.post(h.setRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addRoles:(o,n)=>s(e.httpClient.post(h.addRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(o,n)=>s(e.httpClient.post(h.removeRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addTenant:(o,n)=>s(e.httpClient.post(h.addTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(o,n)=>s(e.httpClient.post(h.removeTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(o,n,a)=>s(e.httpClient.post(h.setRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(o,n,a)=>s(e.httpClient.post(h.addRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(o,n,a)=>s(e.httpClient.post(h.removeRole,{loginId:o,tenantId:n,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(o,n)=>s(e.httpClient.post(h.addSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(o,n)=>s(e.httpClient.post(h.setSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(o,n)=>s(e.httpClient.post(h.removeSSOApps,{loginId:o,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(o,n,a)=>s(e.httpClient.post(h.generateOTPForTest,{deliveryMethod:o,loginId:n,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(o,n,a,i)=>s(e.httpClient.post(h.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(o,n,a)=>s(e.httpClient.post(h.generateEnchantedLinkForTest,{loginId:o,URI:n,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(o,n,a)=>s(e.httpClient.post(h.generateEmbeddedLink,{loginId:o,customClaims:n,timeout:a},{token:t}),(e=>e)),generateSignUpEmbeddedLink:(o,n,a,i,r,l)=>s(e.httpClient.post(h.generateSignUpEmbeddedLink,{loginId:o,user:n,emailVerified:a,phoneVerified:i,loginOptions:r,timeout:l},{token:t}),(e=>e)),setTemporaryPassword:(o,n)=>s(e.httpClient.post(h.setTemporaryPassword,{loginId:o,password:n},{token:t}),(e=>e)),setActivePassword:(o,n)=>s(e.httpClient.post(h.setActivePassword,{loginId:o,password:n},{token:t}),(e=>e)),setPassword:(o,n)=>s(e.httpClient.post(h.setPassword,{loginId:o,password:n},{token:t}),(e=>e)),expirePassword:o=>s(e.httpClient.post(h.expirePassword,{loginId:o},{token:t}),(e=>e)),removeAllPasskeys:o=>s(e.httpClient.post(h.removeAllPasskeys,{loginId:o},{token:t}),(e=>e)),removeTOTPSeed:o=>s(e.httpClient.post(h.removeTOTPSeed,{loginId:o},{token:t}),(e=>e)),history:o=>s(e.httpClient.post(h.history,o,{token:t}),(e=>e))}),x=(e,t)=>({updateName:o=>s(e.httpClient.post(v.updateName,{name:o},{token:t})),updateTags:o=>s(e.httpClient.post(v.updateTags,{tags:o},{token:t})),clone:(o,n,a)=>s(e.httpClient.post(v.clone,{name:o,environment:n,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(v.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:o})=>({id:e,name:t,environment:s,tags:o}))))),exportSnapshot:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t})),importSnapshot:o=>s(e.httpClient.post(v.importSnapshot,o,{token:t})),validateSnapshot:o=>s(e.httpClient.post(v.validateSnapshot,o,{token:t})),export:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t}),(e=>e.files)),import:o=>s(e.httpClient.post(v.importSnapshot,{files:o},{token:t}))}),D=(e,t)=>({create:(o,n,a,i,r)=>s(e.httpClient.post(C.create,{name:o,selfProvisioningDomains:n,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(o,n,a,i,r,l)=>s(e.httpClient.post(C.create,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(o,n,a,i,r,l)=>s(e.httpClient.post(C.update,{id:o,name:n,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(o,n)=>s(e.httpClient.post(C.delete,{id:o,cascade:n},{token:t})),load:o=>s(e.httpClient.get(C.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.tenants)),searchAll:(o,n,a,i)=>s(e.httpClient.post(C.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:o=>s(e.httpClient.get(C.settings,{queryParams:{id:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(C.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t})),generateSSOConfigurationLink:(o,n,a,i,r)=>s(e.httpClient.post(C.generateSSOConfigurationLink,{tenantId:o,expireTime:n,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),L=(e,t)=>({update:(o,n,a)=>s(e.httpClient.post(S.update,{jwt:o,customClaims:n,refreshDuration:a},{token:t})),impersonate:(o,n,a,i,r,l)=>s(e.httpClient.post(S.impersonate,{impersonatorId:o,loginId:n,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(o,n,a,i)=>s(e.httpClient.post(S.stopImpersonation,{jwt:o,customClaims:n,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(o,n)=>s(e.httpClient.post(S.signIn,Object.assign({loginId:o},n),{token:t})),signUp:(o,n,a)=>s(e.httpClient.post(S.signUp,Object.assign({loginId:o,user:n},a),{token:t})),signUpOrIn:(o,n,a)=>s(e.httpClient.post(S.signUpOrIn,Object.assign({loginId:o,user:n},a),{token:t})),anonymous:(o,n,a)=>s(e.httpClient.post(S.anonymous,{customClaims:o,selectedTenant:n,refreshDuration:a},{token:t}))}),F=(e,t)=>({create:(o,n)=>s(e.httpClient.post(O.create,{name:o,description:n},{token:t})),update:(o,n,a)=>s(e.httpClient.post(O.update,{name:o,newName:n,description:a},{token:t})),delete:o=>s(e.httpClient.post(O.delete,{name:o},{token:t})),loadAll:()=>s(e.httpClient.get(O.loadAll,{token:t}),(e=>e.permissions))}),z=(e,t)=>({create:(o,n,a,i,r)=>s(e.httpClient.post(j.create,{name:o,description:n,permissionNames:a,tenantId:i,default:r},{token:t})),update:(o,n,a,i,r,l)=>s(e.httpClient.post(j.update,{name:o,newName:n,description:a,permissionNames:i,tenantId:r,default:l},{token:t})),delete:(o,n)=>s(e.httpClient.post(j.delete,{name:o,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(j.loadAll,{token:t}),(e=>e.roles)),search:o=>s(e.httpClient.post(j.search,o,{token:t}),(e=>e.roles))}),q=(e,t)=>({loadAllGroups:o=>s(e.httpClient.post(R.loadAllGroups,{tenantId:o},{token:t})),loadAllGroupsForMember:(o,n,a)=>s(e.httpClient.post(R.loadAllGroupsForMember,{tenantId:o,loginIds:a,userIds:n},{token:t})),loadAllGroupMembers:(o,n)=>s(e.httpClient.post(R.loadAllGroupMembers,{tenantId:o,groupId:n},{token:t}))});function $(e){var t,s;const o=e;return o.oidc&&(o.oidc=Object.assign(Object.assign({},o.oidc),{attributeMapping:o.oidc.userAttrMapping}),delete o.oidc.userAttrMapping),(null===(t=o.saml)||void 0===t?void 0:t.groupsMapping)&&(o.saml.groupsMapping=null===(s=o.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),o}const J=(e,t)=>({getSettings:o=>s(e.httpClient.get(A.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),newSettings:(o,n,a)=>s(e.httpClient.post(A.settingsNew,Object.assign(Object.assign({tenantId:o},n?{ssoId:n}:{}),{displayName:a}),{token:t}),(e=>$(e))),deleteSettings:(o,n)=>s(e.httpClient.delete(A.settings,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t})),configureSettings:(o,n,a,i,r,l)=>s(e.httpClient.post(A.settings,{tenantId:o,idpURL:n,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(o,n,a,i)=>s(e.httpClient.post(A.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:a,domains:i},{token:t})),configureMapping:(o,n,a)=>s(e.httpClient.post(A.mapping,{tenantId:o,roleMappings:n,attributeMapping:a},{token:t})),configureOIDCSettings:(o,n,a,i)=>{const r=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(A.oidc.configure,Object.assign({tenantId:o,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(o,n,a,i,r)=>s(e.httpClient.post(A.saml.configure,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(o,n,a,i,r)=>s(e.httpClient.post(A.saml.metadata,Object.assign({tenantId:o,settings:n,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(o,n)=>s(e.httpClient.get(A.settingsv2,{queryParams:Object.assign({tenantId:o},n?{ssoId:n}:{}),token:t}),(e=>$(e))),loadAllSettings:o=>s(e.httpClient.get(A.settingsAllV2,{queryParams:{tenantId:o},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push($(e)))),s}(e)))}),K=(e,t)=>({create:(o,n,a,i,r,l,p,d)=>s(e.httpClient.post(k.create,{name:o,expireTime:n,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:p,permittedIps:d},{token:t})),load:o=>s(e.httpClient.get(k.load,{queryParams:{id:o},token:t}),(e=>e.key)),searchAll:o=>s(e.httpClient.post(k.search,{tenantIds:o},{token:t}),(e=>e.keys)),update:(o,n,a,i,r,l,p)=>s(e.httpClient.post(k.update,{id:o,name:n,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:p},{token:t}),(e=>e.key)),deactivate:o=>s(e.httpClient.post(k.deactivate,{id:o},{token:t})),activate:o=>s(e.httpClient.post(k.activate,{id:o},{token:t})),delete:o=>s(e.httpClient.post(k.delete,{id:o},{token:t}))}),G=(e,t)=>({list:()=>s(e.httpClient.post(T.list,{},{token:t})),delete:o=>s(e.httpClient.post(T.delete,{ids:o},{token:t})),export:o=>s(e.httpClient.post(T.export,{flowId:o},{token:t})),import:(o,n,a)=>s(e.httpClient.post(T.import,{flowId:o,flow:n,screens:a},{token:t}))}),B=(e,t)=>({export:()=>s(e.httpClient.post(N.export,{},{token:t})),import:o=>s(e.httpClient.post(N.import,{theme:o},{token:t}))}),W=(e,t)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,s(e.httpClient.post(P.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:o=>{const n=Object.assign({},o);return s(e.httpClient.post(P.createEvent,n,{token:t}))}}),V=(e,t)=>({saveSchema:(o,n)=>s(e.httpClient.post(E.schemaSave,{schema:o,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(E.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(o,n,a)=>s(e.httpClient.post(E.nsSave,{namespace:o,oldName:n,schemaName:a},{token:t})),deleteNamespace:(o,n)=>s(e.httpClient.post(E.nsDelete,{name:o,schemaName:n},{token:t})),saveRelationDefinition:(o,n,a,i)=>s(e.httpClient.post(E.rdSave,{relationDefinition:o,namespace:n,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(o,n,a)=>s(e.httpClient.post(E.rdDelete,{name:o,namespace:n,schemaName:a},{token:t})),createRelations:o=>s(e.httpClient.post(E.reCreate,{relations:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(E.reDelete,{relations:o},{token:t})),deleteRelationsForResources:o=>s(e.httpClient.post(E.reDeleteResources,{resources:o},{token:t})),deleteResourceRelationsForResources:o=>s(e.httpClient.post(E.reDeleteResourceRelationsForResources,{resources:o},{token:t})),deleteRelationsForIds:o=>s(e.httpClient.post(E.reDeleteResources,{resources:o},{token:t})),hasRelations:o=>s(e.httpClient.post(E.hasRelations,{relationQueries:o},{token:t}),(e=>e.relationQueries)),whoCanAccess:(o,n,a)=>s(e.httpClient.post(E.who,{resource:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(o,n=!1)=>s(e.httpClient.post(E.resource,{resource:o,ignoreTargetSetRelations:n},{token:t}),(e=>e.relations)),targetsRelations:(o,n=!1)=>s(e.httpClient.post(E.targets,{targets:o,includeTargetSetRelations:n},{token:t}),(e=>e.relations)),whatCanTargetAccess:o=>s(e.httpClient.post(E.targetAll,{target:o},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(o,n,a)=>s(e.httpClient.post(E.targetWithRelation,{target:o,relationDefinition:n,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:o=>s(e.httpClient.post(E.getModified,{since:o?o.getTime():0},{token:t}),(e=>e))}),H=(e,t)=>({createOidcApplication:o=>{var n;return s(e.httpClient.post(f.oidcCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:o=>{var n;return s(e.httpClient.post(f.samlCreate,Object.assign(Object.assign({},o),{enabled:null===(n=o.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:o=>s(e.httpClient.post(f.oidcUpdate,Object.assign({},o),{token:t})),updateSamlApplication:o=>s(e.httpClient.post(f.samlUpdate,Object.assign({},o),{token:t})),delete:o=>s(e.httpClient.post(f.delete,{id:o},{token:t})),load:o=>s(e.httpClient.get(f.load,{queryParams:{id:o},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.apps))}),Q=(e,t)=>({getSettings:o=>s(e.httpClient.get(w.settings,{queryParams:{tenantId:o},token:t}),(e=>e)),configureSettings:(o,n)=>s(e.httpClient.post(w.settings,Object.assign(Object.assign({},n),{tenantId:o}),{token:t}))}),_=(e,t)=>({saveSchema:o=>s(e.httpClient.post(M.schema,o,{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),createRelations:o=>s(e.httpClient.post(M.relations,{tuples:o},{token:t})),deleteRelations:o=>s(e.httpClient.post(M.deleteRelations,{tuples:o},{token:t})),check:o=>s(e.httpClient.post(M.check,{tuples:o},{token:t}),(e=>e.tuples)),loadResourcesDetails:o=>s(e.httpClient.post(M.resourcesLoad,{resourceIdentifiers:o},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:o=>s(e.httpClient.post(M.resourcesSave,{resourcesDetails:o},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(M.relations,{token:t}))}),X=(e,t)=>({createApplication:o=>s(e.httpClient.post(y.create,Object.assign({},o),{token:t})),updateApplication:o=>s(e.httpClient.post(y.update,Object.assign({},o),{token:t})),patchApplication:o=>s(e.httpClient.post(y.patch,Object.assign({},o),{token:t})),deleteApplication:o=>s(e.httpClient.post(y.delete,{id:o},{token:t})),loadApplication:o=>s(e.httpClient.get(y.load,{queryParams:{id:o},token:t}),(e=>e)),loadAllApplications:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.apps)),getApplicationSecret:o=>s(e.httpClient.get(y.secret,{queryParams:{id:o},token:t}),(e=>e)),rotateApplicationSecret:o=>s(e.httpClient.post(y.rotate,{id:o},{token:t})),searchConsents:o=>s(e.httpClient.post(I.search,Object.assign({},o),{token:t}),(e=>e.consents)),deleteConsents:o=>s(e.httpClient.post(I.delete,Object.assign({},o),{token:t}))}),Y=(e,t)=>({createApplication:o=>s(e.httpClient.post(b.create,Object.assign({},o),{token:t}),(e=>e.app)),updateApplication:o=>s(e.httpClient.post(b.update,{app:o},{token:t}),(e=>e.app)),deleteApplication:o=>s(e.httpClient.post(b.delete,{id:o},{token:t})),loadApplication:o=>s(e.httpClient.get(`${b.load}/${o}`,{token:t}),(e=>e.app)),loadAllApplications:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.apps))});const Z=s=>{var r,{managementKey:l,publicKey:p}=s,h=e(s,["managementKey","publicKey"]);const v=t(Object.assign(Object.assign({fetch:d},h),{baseHeaders:Object.assign(Object.assign({},h.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.8"})})),{projectId:k,logger:C}=h,f={},y=((e,t)=>({user:U(e,t),project:x(e,t),accessKey:K(e,t),tenant:D(e,t),ssoApplication:H(e,t),inboundApplication:X(e,t),outboundApplication:Y(e,t),sso:J(e,t),jwt:L(e,t),permission:F(e,t),password:Q(e,t),role:z(e,t),group:q(e,t),flow:G(e,t),theme:B(e,t),audit:W(e,t),authz:V(e,t),fga:_(e,t)}))(v,l),I=Object.assign(Object.assign({},v),{refresh:async e=>v.refresh(e),management:y,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(f[e.kid])return f[e.kid];if(Object.assign(f,await(async()=>{if(p)try{const e=JSON.parse(p),t=await i(e);return{[e.kid]:t}}catch(e){throw null==C||C.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await v.httpClient.get(`v2/keys/${k}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!f[e.kid])throw Error("failed to fetch matching key");return f[e.kid]},async validateJwt(e){var t;const s=(await n(e,I.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==k))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await I.validateJwt(e)}catch(e){throw null==C||C.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s,o,n,a,i;if(!e)throw Error("refresh token is required to refresh a session");try{await I.validateJwt(e);const r=await I.refresh(e);if(r.ok){const e=m(null===(s=null===(t=r.data)||void 0===t?void 0:t.cookies)||void 0===s?void 0:s.join(";"),"DS")||(null===(o=r.data)||void 0===o?void 0:o.sessionJwt),i=await I.validateJwt(e);return i.cookies=(null===(n=r.data)||void 0===n?void 0:n.cookies)||[],(null===(a=r.data)||void 0===a?void 0:a.refreshJwt)&&(i.refreshJwt=r.data.refreshJwt),i}throw Error(null===(i=r.error)||void 0===i?void 0:i.errorMessage)}catch(e){throw null==C||C.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await I.validateSession(e)}catch(e){null==C||C.log(`session validation failed with error ${e} - trying to refresh it`)}return I.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let o;try{o=await I.accessKey.exchange(e,t)}catch(e){throw null==C||C.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!o.ok)throw null==C||C.error("failed to exchange access key",o.error),Error(`could not exchange access key - ${null===(s=o.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:n}=o.data;if(!n)throw null==C||C.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await I.validateJwt(n)}catch(e){throw null==C||C.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>I.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>I.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!u(e,t))return!1;const o=g(e,"permissions",t);return s.every((e=>o.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!u(e,t))return[];const o=g(e,"permissions",t);return s.filter((e=>o.includes(e)))},validateRoles:(e,t)=>I.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>I.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!u(e,t))return!1;const o=g(e,"roles",t);return s.every((e=>o.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!u(e,t))return[];const o=g(e,"roles",t);return s.filter((e=>o.includes(e)))}});return o(I,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],c)};Z.RefreshTokenCookieName="DSR",Z.SessionTokenCookieName="DS",Z.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{Z as default};
2
2
  //# sourceMappingURL=index.esm.js.map