npm - @descope/node-sdk - Versions diffs - 1.7.7 → 1.7.9 - Mend

@descope/node-sdk 1.7.7 → 1.7.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.esm.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.esm.js","sources":["../lib/fetch-polyfill.ts","../lib/helpers.ts","../lib/constants.ts","../lib/management/paths.ts","../lib/management/user.ts","../lib/management/project.ts","../lib/management/tenant.ts","../lib/management/jwt.ts","../lib/management/permission.ts","../lib/management/role.ts","../lib/management/group.ts","../lib/management/sso.ts","../lib/management/accesskey.ts","../lib/management/flow.ts","../lib/management/theme.ts","../lib/management/audit.ts","../lib/management/authz.ts","../lib/management/ssoapplication.ts","../lib/management/password.ts","../lib/management/fga.ts","../lib/management/inboundapplication.ts","../lib/index.ts","../lib/management/index.ts","../lib/errors.ts"],"sourcesContent":["import { fetch as crossFetch, Headers } from 'cross-fetch';\n\nglobalThis.Headers ??= Headers;\n\nconst highWaterMarkMb = 1024 * 1024 * 30; // 30MB\n\n// we are increasing the response buffer size due to an issue where node-fetch hangs when response is too big\nconst patchedFetch = (...args: Parameters<typeof crossFetch>) => {\n // we can get Request on the first arg, or RequestInfo on the second arg\n // we want to make sure we are setting the \"highWaterMark\" so we are doing it on both args\n args.forEach((arg) => {\n // Updated to only apply highWaterMark to objects, as it can't be applied to strings (it breaks it)\n if (arg && typeof arg === 'object') {\n // eslint-disable-next-line no-param-reassign, @typescript-eslint/no-unused-expressions\n (arg as any).highWaterMark ??= highWaterMarkMb;\n }\n });\n\n return crossFetch(...args);\n};\n\nexport default patchedFetch as unknown as typeof fetch;\n","import type { SdkFnWrapper } from '@descope/core-js-sdk';\nimport { authorizedTenantsClaimName, refreshTokenCookieName } from './constants';\nimport { AuthenticationInfo } from './types';\n\n/*\n Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n /\nconst generateCookie = (name: string, value: string, options?: Record<string, string \| number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain \|\| ''}; Max-Age=${\n options?.cookieMaxAge \|\| ''\n }; Path=${options?.cookiePath \|\| '/'}; HttpOnly; SameSite=Strict`;\n\n/\n Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n /\nconst getCookieValue = (cookie: string \| null \| undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^\|;\\\\s)${name}=([^;])`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/\n Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n /\nexport const withCookie: SdkFnWrapper<{ refreshJwt?: string; cookies?: string[] }> =\n (fn) =>\n async (...args) => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { refreshJwt, ...rest } = resp.data;\n const cookies: string[] = [];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/\n Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns the claim for the given tenant or top level if tenant is empty\n /\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n\n/\n Check if the user is associated with the given tenant\n * @param authInfo The parsed authentication info from the JWT\n * @param tenant tenant to check if user is associated with\n * @returns true if user is associated with the tenant\n /\nexport function isUserAssociatedWithTenant(authInfo: AuthenticationInfo, tenant: string): boolean {\n return !!authInfo.token[authorizedTenantsClaimName]?.[tenant];\n}\n","// eslint-disable-next-line import/prefer-default-export\n/* Refresh JWT cookie name /\nexport const refreshTokenCookieName = 'DSR';\n/* Session JWT cookie name /\nexport const sessionTokenCookieName = 'DS';\n/* The key of the tenants claims in the claims map /\nexport const authorizedTenantsClaimName = 'tenants';\n/* The key of the permissions claims in the claims map either under tenant or top level /\nexport const permissionsClaimName = 'permissions';\n/* The key of the roles claims in the claims map either under tenant or top level /\nexport const rolesClaimName = 'roles';\n","/* API paths for the Descope service Management APIs /\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n createTestUser: '/v1/mgmt/user/create/test',\n createBatch: '/v1/mgmt/user/create/batch',\n update: '/v1/mgmt/user/update',\n patch: '/v1/mgmt/user/patch',\n delete: '/v1/mgmt/user/delete',\n deleteAllTestUsers: '/v1/mgmt/user/test/delete/all',\n load: '/v1/mgmt/user',\n logout: '/v1/mgmt/user/logout',\n search: '/v2/mgmt/user/search',\n searchTestUsers: '/v2/mgmt/user/search/test',\n getProviderToken: '/v1/mgmt/user/provider/token',\n updateStatus: '/v1/mgmt/user/update/status',\n updateLoginId: '/v1/mgmt/user/update/loginid',\n updateEmail: '/v1/mgmt/user/update/email',\n updatePhone: '/v1/mgmt/user/update/phone',\n updateDisplayName: '/v1/mgmt/user/update/name',\n updatePicture: '/v1/mgmt/user/update/picture',\n updateCustomAttribute: '/v1/mgmt/user/update/customAttribute',\n setRole: '/v1/mgmt/user/update/role/set',\n addRole: '/v2/mgmt/user/update/role/add',\n removeRole: '/v1/mgmt/user/update/role/remove',\n setSSOApps: '/v1/mgmt/user/update/ssoapp/set',\n addSSOApps: '/v1/mgmt/user/update/ssoapp/add',\n removeSSOApps: '/v1/mgmt/user/update/ssoapp/remove',\n addTenant: '/v1/mgmt/user/update/tenant/add',\n removeTenant: '/v1/mgmt/user/update/tenant/remove',\n setPassword: '/v1/mgmt/user/password/set', // Deprecated\n setTemporaryPassword: '/v1/mgmt/user/password/set/temporary',\n setActivePassword: '/v1/mgmt/user/password/set/active',\n expirePassword: '/v1/mgmt/user/password/expire',\n removeAllPasskeys: '/v1/mgmt/user/passkeys/delete',\n removeTOTPSeed: '/v1/mgmt/user/totp/delete',\n generateOTPForTest: '/v1/mgmt/tests/generate/otp',\n generateMagicLinkForTest: '/v1/mgmt/tests/generate/magiclink',\n generateEnchantedLinkForTest: '/v1/mgmt/tests/generate/enchantedlink',\n generateEmbeddedLink: '/v1/mgmt/user/signin/embeddedlink',\n generateSignUpEmbeddedLink: '/v1/mgmt/user/signup/embeddedlink',\n history: '/v1/mgmt/user/history',\n },\n project: {\n updateName: '/v1/mgmt/project/update/name',\n updateTags: '/v1/mgmt/project/update/tags',\n clone: '/v1/mgmt/project/clone',\n projectsList: '/v1/mgmt/projects/list',\n exportSnapshot: '/v1/mgmt/project/snapshot/export',\n importSnapshot: '/v1/mgmt/project/snapshot/import',\n validateSnapshot: '/v1/mgmt/project/snapshot/validate',\n },\n accessKey: {\n create: '/v1/mgmt/accesskey/create',\n load: '/v1/mgmt/accesskey',\n search: '/v1/mgmt/accesskey/search',\n update: '/v1/mgmt/accesskey/update',\n deactivate: '/v1/mgmt/accesskey/deactivate',\n activate: '/v1/mgmt/accesskey/activate',\n delete: '/v1/mgmt/accesskey/delete',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n load: '/v1/mgmt/tenant',\n settings: '/v1/mgmt/tenant/settings',\n loadAll: '/v1/mgmt/tenant/all',\n searchAll: '/v1/mgmt/tenant/search',\n generateSSOConfigurationLink: '/v2/mgmt/tenant/adminlinks/sso/generate',\n },\n ssoApplication: {\n oidcCreate: '/v1/mgmt/sso/idp/app/oidc/create',\n samlCreate: '/v1/mgmt/sso/idp/app/saml/create',\n oidcUpdate: '/v1/mgmt/sso/idp/app/oidc/update',\n samlUpdate: '/v1/mgmt/sso/idp/app/saml/update',\n delete: '/v1/mgmt/sso/idp/app/delete',\n load: '/v1/mgmt/sso/idp/app/load',\n loadAll: '/v1/mgmt/sso/idp/apps/load',\n },\n inboundApplication: {\n create: '/v1/mgmt/thirdparty/app/create',\n update: '/v1/mgmt/thirdparty/app/update',\n patch: '/v1/mgmt/thirdparty/app/patch',\n delete: '/v1/mgmt/thirdparty/app/delete',\n load: '/v1/mgmt/thirdparty/app/load',\n loadAll: '/v1/mgmt/thirdparty/apps/load',\n secret: '/v1/mgmt/thirdparty/app/secret',\n rotate: '/v1/mgmt/thirdparty/app/rotate',\n },\n inboundApplicationConsents: {\n delete: '/v1/mgmt/thirdparty/consents/delete',\n search: '/v1/mgmt/thirdparty/consents/search',\n },\n sso: {\n settings: '/v1/mgmt/sso/settings',\n settingsNew: '/v1/mgmt/sso/settings/new',\n metadata: '/v1/mgmt/sso/metadata',\n mapping: '/v1/mgmt/sso/mapping',\n settingsv2: '/v2/mgmt/sso/settings',\n settingsAllV2: '/v2/mgmt/sso/settings/all',\n oidc: {\n configure: '/v1/mgmt/sso/oidc',\n },\n saml: {\n configure: '/v1/mgmt/sso/saml',\n metadata: '/v1/mgmt/sso/saml/metadata',\n },\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n impersonate: '/v1/mgmt/impersonate',\n stopImpersonation: '/v1/mgmt/stop/impersonation',\n signIn: '/v1/mgmt/auth/signin',\n signUp: '/v1/mgmt/auth/signup',\n signUpOrIn: '/v1/mgmt/auth/signup-in',\n anonymous: '/v1/mgmt/auth/anonymous',\n },\n password: {\n settings: '/v1/mgmt/password/settings',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n search: '/v1/mgmt/role/search',\n },\n flow: {\n list: '/v1/mgmt/flow/list',\n delete: '/v1/mgmt/flow/delete',\n export: '/v1/mgmt/flow/export',\n import: '/v1/mgmt/flow/import',\n },\n theme: {\n export: '/v1/mgmt/theme/export',\n import: '/v1/mgmt/theme/import',\n },\n group: {\n loadAllGroups: '/v1/mgmt/group/all',\n loadAllGroupsForMember: '/v1/mgmt/group/member/all',\n loadAllGroupMembers: '/v1/mgmt/group/members',\n },\n audit: {\n search: '/v1/mgmt/audit/search',\n createEvent: '/v1/mgmt/audit/event',\n },\n authz: {\n schemaSave: '/v1/mgmt/authz/schema/save',\n schemaDelete: '/v1/mgmt/authz/schema/delete',\n schemaLoad: '/v1/mgmt/authz/schema/load',\n nsSave: '/v1/mgmt/authz/ns/save',\n nsDelete: '/v1/mgmt/authz/ns/delete',\n rdSave: '/v1/mgmt/authz/rd/save',\n rdDelete: '/v1/mgmt/authz/rd/delete',\n reCreate: '/v1/mgmt/authz/re/create',\n reDelete: '/v1/mgmt/authz/re/delete',\n reDeleteResources: '/v1/mgmt/authz/re/deleteresources',\n reDeleteResourceRelationsForResources: '/v1/mgmt/authz/re/deleteresourcesrelations',\n hasRelations: '/v1/mgmt/authz/re/has',\n who: '/v1/mgmt/authz/re/who',\n resource: '/v1/mgmt/authz/re/resource',\n targets: '/v1/mgmt/authz/re/targets',\n targetAll: '/v1/mgmt/authz/re/targetall',\n targetWithRelation: '/v1/mgmt/authz/re/targetwithrelation',\n getModified: '/v1/mgmt/authz/getmodified',\n },\n fga: {\n schema: '/v1/mgmt/fga/schema',\n relations: '/v1/mgmt/fga/relations',\n deleteRelations: '/v1/mgmt/fga/relations/delete',\n check: '/v1/mgmt/fga/check',\n resourcesLoad: '/v1/mgmt/fga/resources/load',\n resourcesSave: '/v1/mgmt/fga/resources/save',\n },\n};\n","import {\n SdkResponse,\n transformResponse,\n UserHistoryResponse,\n UserResponse,\n LoginOptions,\n} from '@descope/core-js-sdk';\nimport {\n ProviderTokenResponse,\n AssociatedTenant,\n GenerateEnchantedLinkForTestResponse,\n GenerateMagicLinkForTestResponse,\n GenerateOTPForTestResponse,\n GenerateEmbeddedLinkResponse,\n AttributesTypes,\n UserStatus,\n User,\n InviteBatchResponse,\n TemplateOptions,\n ProviderTokenOptions,\n UserOptions,\n} from './types';\nimport { CoreSdk, DeliveryMethodForTestUser } from '../types';\nimport apiPaths from './paths';\n\ntype SearchSort = {\n field: string;\n desc?: boolean;\n};\n\ntype SearchRequest = {\n page?: number;\n limit?: number;\n sort?: SearchSort[];\n text?: string;\n emails?: string[];\n phones?: string[];\n statuses?: UserStatus[];\n roles?: string[];\n tenantIds?: string[];\n customAttributes?: Record<string, AttributesTypes>;\n withTestUser?: boolean;\n testUsersOnly?: boolean;\n ssoAppIds?: string[];\n loginIds?: string[];\n userIds?: string[];\n fromCreatedTime?: number; // Search users created after this time (epoch in milliseconds)\n toCreatedTime?: number; // Search users created before this time (epoch in milliseconds)\n fromModifiedTime?: number; // Search users modified after this time (epoch in milliseconds)\n toModifiedTime?: number; // Search users modified before this time (epoch in milliseconds)\n};\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => {\n / Create User /\n function create(loginId: string, options?: UserOptions): Promise<SdkResponse<UserResponse>>;\n function create(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function create(\n loginId: string,\n emailOrOptions?: string \| UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of create user\n // 1. The new form - create(loginId, { email, phone, ... }})\n // 2. The old form - create(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n / Create User End /\n\n / Create Test User /\n function createTestUser(\n loginId: string,\n options?: UserOptions,\n ): Promise<SdkResponse<UserResponse>>;\n function createTestUser(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function createTestUser(\n loginId: string,\n emailOrOptions?: string \| UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of create test user\n // 1. The new form - createTestUser(loginId, { email, phone, ... }})\n // 2. The old form - createTestUser(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n test: true,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n test: true,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.createTestUser, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n / Create Test User End /\n\n / Invite User /\n function invite(\n loginId: string,\n options?: UserOptions & {\n inviteUrl?: string;\n sendMail?: boolean; // send invite via mail, default is according to project settings\n sendSMS?: boolean; // send invite via text message, default is according to project settings\n templateOptions?: TemplateOptions;\n templateId?: string;\n },\n ): Promise<SdkResponse<UserResponse>>;\n function invite(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n templateId?: string,\n ): Promise<SdkResponse<UserResponse>>;\n\n function invite(\n loginId: string,\n emailOrOptions?: string \| UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n templateId?: string,\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of invite user\n // 1. The new form - invite(loginId, { email, phone, ... }})\n // 2. The old form - invite(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n invite: true,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n inviteUrl,\n sendMail,\n sendSMS,\n additionalLoginIds,\n templateId,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n invite: true,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n / Invite User End /\n\n / Update User /\n function update(loginId: string, options?: UserOptions): Promise<SdkResponse<UserResponse>>;\n function update(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function update(\n loginId: string,\n emailOrOptions?: string \| UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of update user\n // 1. The new form - update(loginId, { email, phone, ... }})\n // 2. The old form - update(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.update, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n / Update User End /\n\n /\n Patches an existing user.\n * @param loginId The login ID of the user\n * @param options The fields to update. Only the provided ones will be updated.\n /\n function patch(loginId: string, options: PatchUserOptions): Promise<SdkResponse<UserResponse>> {\n const body = {\n loginId,\n } as any;\n\n if (options.email !== undefined) {\n body.email = options.email;\n }\n if (options.phone !== undefined) {\n body.phone = options.phone;\n }\n if (options.displayName !== undefined) {\n body.displayName = options.displayName;\n }\n if (options.givenName !== undefined) {\n body.givenName = options.givenName;\n }\n if (options.middleName !== undefined) {\n body.middleName = options.middleName;\n }\n if (options.familyName !== undefined) {\n body.familyName = options.familyName;\n }\n if (options.roles !== undefined) {\n body.roleNames = options.roles;\n }\n if (options.userTenants !== undefined) {\n body.userTenants = options.userTenants;\n }\n if (options.customAttributes !== undefined) {\n body.customAttributes = options.customAttributes;\n }\n if (options.picture !== undefined) {\n body.picture = options.picture;\n }\n if (options.verifiedEmail !== undefined) {\n body.verifiedEmail = options.verifiedEmail;\n }\n if (options.verifiedPhone !== undefined) {\n body.verifiedPhone = options.verifiedPhone;\n }\n if (options.ssoAppIds !== undefined) {\n body.ssoAppIds = options.ssoAppIds;\n }\n if (options.scim !== undefined) {\n body.scim = options.scim;\n }\n\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.patch(apiPaths.user.patch, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n\n return {\n create,\n /\n Create a new test user.\n * The loginID is required and will determine what the user will use to sign in.\n * Make sure the login id is unique for test. All other fields are optional.\n \n You can later generate OTP, Magic link and enchanted link to use in the test without the need\n * of 3rd party messaging services.\n * Those users are not counted as part of the monthly active users\n * @returns The UserResponse if found, throws otherwise.\n /\n createTestUser,\n invite,\n inviteBatch: (\n users: User[],\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n templateOptions?: TemplateOptions,\n templateId?: string,\n ): Promise<SdkResponse<InviteBatchResponse>> =>\n transformResponse<InviteBatchResponse, InviteBatchResponse>(\n sdk.httpClient.post(\n apiPaths.user.createBatch,\n {\n users: users.map((u) => {\n const res = {\n ...u,\n roleNames: u.roles,\n };\n delete res.roles;\n return res;\n }),\n invite: true,\n inviteUrl,\n sendMail,\n sendSMS,\n templateOptions,\n templateId,\n },\n { token: managementKey },\n ),\n (data) => data,\n ),\n update,\n patch,\n /\n Delete an existing user.\n * @param loginId The login ID of the user\n /\n delete: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { loginId }, { token: managementKey }),\n ),\n /\n Delete an existing user by User ID.\n * @param userId The user ID can be found in the Subject (`sub`) claim\n * in the user's JWT.\n /\n deleteByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { userId }, { token: managementKey }),\n ),\n /\n Delete all test users in the project.\n /\n deleteAllTestUsers: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.user.deleteAllTestUsers, { token: managementKey }),\n ),\n load: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { loginId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Load an existing user by user ID. The ID can be found\n * on the user's JWT.\n * @param userId load a user by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n /\n loadByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { userId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Logout a user from all devices by the login ID\n * @param loginId logout user by login ID\n * @returns The UserResponse if found, throws otherwise.\n /\n logoutUser: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.logout, { loginId }, { token: managementKey }),\n ),\n /\n Logout a user from all devices by user ID. The ID can be found\n * on the user's JWT.\n * @param userId Logout a user from all devices by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n /\n logoutUserByUserId: (userId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.logout, { userId }, { token: managementKey }),\n ),\n /\n Search all users. Results can be filtered according to tenants and/or\n * roles, and also paginated used the limit and page parameters.\n * @deprecated Use search instead\n * @param tenantIds optional list of tenant IDs to filter by\n * @param roles optional list of roles to filter by\n * @param limit optionally limit the response, leave out for default limit\n * @param page optionally paginate over the response\n * @param testUsersOnly optionally filter only test users\n * @param withTestUser optionally include test users in search\n * @returns An array of UserResponse found by the query\n /\n searchAll: (\n tenantIds?: string[],\n roles?: string[],\n limit?: number,\n page?: number,\n testUsersOnly?: boolean,\n withTestUser?: boolean,\n customAttributes?: Record<string, AttributesTypes>,\n statuses?: UserStatus[],\n emails?: string[],\n phones?: string[],\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n {\n tenantIds,\n roleNames: roles,\n limit,\n page,\n testUsersOnly,\n withTestUser,\n customAttributes,\n statuses,\n emails,\n phones,\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n searchTestUsers: (searchReq: SearchRequest): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.searchTestUsers,\n {\n ...searchReq,\n withTestUser: true,\n testUsersOnly: true,\n roleNames: searchReq.roles,\n roles: undefined,\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n search: (searchReq: SearchRequest): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n {\n ...searchReq,\n roleNames: searchReq.roles,\n roles: undefined,\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /\n Get the provider token for the given login ID.\n * Only users that logged-in using social providers will have token.\n * Note: The 'Manage tokens from provider' setting must be enabled.\n * @param loginId the login ID of the user\n * @param provider the provider name (google, facebook, etc.).\n * @param providerTokenOptions optional, includes options for getting the provider token:\n * withRefreshToken - include the refresh token in the response\n * forceRefresh - force to refresh the token\n * @returns The ProviderTokenResponse of the given user and provider\n /\n getProviderToken: (\n loginId: string,\n provider: string,\n providerTokenOptions?: ProviderTokenOptions,\n ): Promise<SdkResponse<ProviderTokenResponse>> =>\n transformResponse<ProviderTokenResponse>(\n sdk.httpClient.get(apiPaths.user.getProviderToken, {\n queryParams: {\n loginId,\n provider,\n withRefreshToken: providerTokenOptions?.withRefreshToken ? 'true' : 'false',\n forceRefresh: providerTokenOptions?.forceRefresh ? 'true' : 'false',\n },\n token: managementKey,\n }),\n (data) => data,\n ),\n activate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'enabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n deactivate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'disabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateLoginId: (loginId: string, newLoginId?: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateLoginId,\n { loginId, newLoginId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateEmail: (\n loginId: string,\n email: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateEmail,\n { loginId, email, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePhone: (\n loginId: string,\n phone: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePhone,\n { loginId, phone, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateDisplayName: (\n loginId: string,\n displayName?: string,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateDisplayName,\n { loginId, displayName, givenName, middleName, familyName },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePicture: (loginId: string, picture: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePicture,\n { loginId, picture },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateCustomAttribute: (\n loginId: string,\n attributeKey: string,\n attributeValue: AttributesTypes,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateCustomAttribute,\n { loginId, attributeKey, attributeValue },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n\n /\n Generate OTP for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * Returns the code for the login (exactly as it sent via Email, SMS, Voice call or WhatsApp)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateOTPForTestResponse which includes the loginId and the OTP code\n /\n generateOTPForTestUser: (\n deliveryMethod: DeliveryMethodForTestUser,\n loginId: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateOTPForTestResponse>> =>\n transformResponse<GenerateOTPForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateOTPForTest,\n { deliveryMethod, loginId, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Magic Link for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * It returns the link for the login (exactly as it sent via Email)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateMagicLinkForTestResponse which includes the loginId and the magic link\n /\n generateMagicLinkForTestUser: (\n deliveryMethod: DeliveryMethodForTestUser,\n loginId: string,\n uri: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateMagicLinkForTestResponse>> =>\n transformResponse<GenerateMagicLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateMagicLinkForTest,\n { deliveryMethod, loginId, URI: uri, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Enchanted Link for the given login ID of a test user.\n * It returns the link for the login (exactly as it sent via Email)\n * and pendingRef which is used to poll for a valid session\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateEnchantedLinkForTestResponse which includes the loginId, the enchanted link and the pendingRef\n /\n generateEnchantedLinkForTestUser: (\n loginId: string,\n uri: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>> =>\n transformResponse<GenerateEnchantedLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEnchantedLinkForTest,\n { loginId, URI: uri, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n generateEmbeddedLink: (\n loginId: string,\n customClaims?: Record<string, any>,\n timeout?: number,\n ): Promise<SdkResponse<GenerateEmbeddedLinkResponse>> =>\n transformResponse<GenerateEmbeddedLinkResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEmbeddedLink,\n { loginId, customClaims, timeout },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n generateSignUpEmbeddedLink: (\n loginId: string,\n user?: {\n name?: string;\n givenName?: string;\n middleName?: string;\n familyName?: string;\n phone?: string;\n email?: string;\n },\n emailVerified?: boolean,\n phoneVerified?: boolean,\n loginOptions?: LoginOptions,\n timeout?: number,\n ): Promise<SdkResponse<GenerateEmbeddedLinkResponse>> =>\n transformResponse<GenerateEmbeddedLinkResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateSignUpEmbeddedLink,\n { loginId, user, emailVerified, phoneVerified, loginOptions, timeout },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Set temporary password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n /\n setTemporaryPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setTemporaryPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Set password for the given login ID of user.\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n /\n setActivePassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setActivePassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /* Deprecated (user setTemporaryPassword instead)\n * Set password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n /\n setPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Expire password for the given login ID.\n * Note: user sign-in with an expired password, the user will get an error with code.\n * Use the `ResetPassword` or `ReplacePassword` methods to reset/replace the password.\n * @param loginId The login ID of the user\n /\n expirePassword: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.expirePassword, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /\n Removes all registered passkeys (WebAuthn devices) for the user with the given login ID.\n * Note: The user might not be able to login anymore if they have no other authentication\n * methods or a verified email/phone.\n * @param loginId The login ID of the user\n /\n removeAllPasskeys: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.removeAllPasskeys, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /\n Removes TOTP seed for the user with the given login ID.\n * Note: The user might not be able to login anymore if they have no other authentication\n * methods or a verified email/phone.\n * @param loginId The login ID of the user\n /\n removeTOTPSeed: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.removeTOTPSeed, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /\n Retrieve users' authentication history, by the given user's ids.\n * @param userIds The user IDs\n /\n history: (userIds: string[]): Promise<SdkResponse<UserHistoryResponse[]>> =>\n transformResponse<UserHistoryResponse[]>(\n sdk.httpClient.post(apiPaths.user.history, userIds, { token: managementKey }),\n (data) => data,\n ),\n };\n};\n\nexport interface PatchUserOptions {\n email?: string;\n phone?: string;\n displayName?: string;\n roles?: string[];\n userTenants?: AssociatedTenant[];\n customAttributes?: Record<string, AttributesTypes>;\n picture?: string;\n verifiedEmail?: boolean;\n verifiedPhone?: boolean;\n givenName?: string;\n middleName?: string;\n familyName?: string;\n ssoAppIds?: string[];\n scim?: boolean;\n}\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CloneProjectResponse,\n ExportSnapshotResponse,\n ImportSnapshotRequest,\n Project,\n ProjectEnvironment,\n ValidateSnapshotRequest,\n ValidateSnapshotResponse,\n} from './types';\n\ntype ListProjectsResponse = {\n projects: Project[];\n};\n\nconst withProject = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Update the current project name.\n * @param name The new name of the project\n /\n updateName: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.updateName,\n {\n name,\n },\n { token: managementKey },\n ),\n ),\n\n /\n Update the current project tags.\n * @param tags The wanted tags\n /\n updateTags: (tags: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.updateTags,\n {\n tags,\n },\n { token: managementKey },\n ),\n ),\n /\n Clone the current project, including its settings and configurations.\n * - This action is supported only with a pro license or above.\n * - Users, tenants and access keys are not cloned.\n * @param name The name of the new project\n * @param environment Determine if the project is in production or not.\n * @param tags array of free text tags\n * @returns The new project details (name, id, environment and tags)\n /\n clone: (\n name: string,\n environment?: ProjectEnvironment,\n tags?: string[],\n ): Promise<SdkResponse<CloneProjectResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.clone,\n {\n name,\n environment,\n tags,\n },\n { token: managementKey },\n ),\n ),\n\n /\n list of all the projects in the company\n * @returns List of projects details (name, id, environment and tags)\n /\n listProjects: async (): Promise<SdkResponse<Project[]>> =>\n transformResponse<ListProjectsResponse, Project[]>(\n sdk.httpClient.post(\n apiPaths.project.projectsList,\n {},\n {\n token: managementKey,\n },\n ),\n (data) =>\n data.projects.map(({ id, name, environment, tags }) => ({\n id,\n name,\n environment,\n tags,\n })),\n ),\n\n /\n \n * Exports a snapshot of all the settings and configurations for a project and returns\n * the raw JSON files as a mape. Note that users, tenants and access keys are not exported.\n \n This call is supported only with a pro license or above.\n \n Note: The values for secrets such as tokens and keys are left blank in the snapshot.\n * When a snapshot is imported into a project, the secrets for entities that already\n * exist such as connectors or OAuth providers are preserved if the matching values\n * in the snapshot are left blank. See below for more details.\n \n This API is meant to be used via the 'descope' CLI tool that can be\n * found at https://github.com/descope/descopecli\n \n @returns An `ExportSnapshotResponse` object containing the exported JSON files.\n /\n exportSnapshot: (): Promise<SdkResponse<ExportSnapshotResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.exportSnapshot, {}, { token: managementKey }),\n ),\n\n /\n Imports a snapshot of all settings and configurations into a project, overriding any\n * current configuration.\n \n This call is supported only with a pro license or above.\n \n The request is expected to be an `ImportSnapshotRequest` object with a raw JSON map of\n * files in the same format as the one returned in the `files` field of an `exportSnapshot`\n * response.\n \n Note: The values for secrets such as tokens and keys are left blank in exported\n * snapshots. When a snapshot is imported into a project, the secrets for entities that\n * already exist such as connectors or OAuth providers are preserved if the matching values\n * in the snapshot are left blank. However, new entities that need to be created during\n * the import operation must any required secrets provided in the request, otherwise the\n * import operation will fail. The ValidateImport method can be used to get a human and\n * machine readable JSON of missing secrets that be passed to the ImportSnapshot call.\n \n This API is meant to be used via the 'descope' CLI tool that can be\n * found at https://github.com/descope/descopecli\n /\n importSnapshot: (request: ImportSnapshotRequest): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.importSnapshot, request, { token: managementKey }),\n ),\n\n /\n Validates a snapshot by performing an import dry run and reporting any validation\n * failures or missing data. This should be called right before `importSnapshot` to\n * minimize the risk of the import failing.\n \n This call is supported only with a pro license or above.\n \n The response will have `ok: true` if the validation passes. Otherwise, a list of\n * failures will be provided in the `failures` field, and any missing secrets will\n * be listed along with details about which entity requires them.\n \n Validation can be retried by setting the required cleartext secret values in the\n * `value` field of each missing secret and setting this object as the `inputSecrets`\n * field of the validate request. The same `inputSecrets` object should then be\n * provided to the `importSnapshot` call afterwards so it doesn't fail as well.\n \n This API is meant to be used via the 'descope' CLI tool that can be\n * found at https://github.com/descope/descopecli\n /\n validateSnapshot: (\n request: ValidateSnapshotRequest,\n ): Promise<SdkResponse<ValidateSnapshotResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.validateSnapshot, request, { token: managementKey }),\n ),\n\n /\n @deprecated Use exportSnapshot instead\n /\n export: (): Promise<SdkResponse<Record<string, any>>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.exportSnapshot, {}, { token: managementKey }),\n (data) => data.files,\n ),\n\n /\n @deprecated Use importSnapshot instead\n /\n import: (files: Record<string, any>): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.importSnapshot,\n {\n files,\n },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withProject;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CreateTenantResponse,\n Tenant,\n AttributesTypes,\n TenantSettings,\n GenerateSSOConfigurationLinkResponse,\n} from './types';\n\ntype MultipleTenantResponse = {\n tenants: Tenant[];\n};\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n enforceSSO?: boolean,\n disabled?: boolean,\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains, customAttributes, enforceSSO, disabled },\n { token: managementKey },\n ),\n ),\n createWithId: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n enforceSSO?: boolean,\n disabled?: boolean,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { id, name, selfProvisioningDomains, customAttributes, enforceSSO, disabled },\n { token: managementKey },\n ),\n ),\n update: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n enforceSSO?: boolean,\n disabled?: boolean,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { id, name, selfProvisioningDomains, customAttributes, enforceSSO, disabled },\n { token: managementKey },\n ),\n ),\n delete: (id: string, cascade?: boolean): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { id, cascade }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<Tenant>> =>\n transformResponse<Tenant, Tenant>(\n sdk.httpClient.get(apiPaths.tenant.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.get(apiPaths.tenant.loadAll, {\n token: managementKey,\n }),\n (data) => data.tenants,\n ),\n searchAll: (\n ids?: string[],\n names?: string[],\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.post(\n apiPaths.tenant.searchAll,\n {\n tenantIds: ids,\n tenantNames: names,\n tenantSelfProvisioningDomains: selfProvisioningDomains,\n customAttributes,\n },\n { token: managementKey },\n ),\n (data) => data.tenants,\n ),\n getSettings: (tenantId: string): Promise<SdkResponse<TenantSettings>> =>\n transformResponse<TenantSettings, TenantSettings>(\n sdk.httpClient.get(apiPaths.tenant.settings, {\n queryParams: { id: tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n configureSettings: (tenantId: string, settings: TenantSettings): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.settings,\n { ...settings, tenantId },\n {\n token: managementKey,\n },\n ),\n ),\n generateSSOConfigurationLink: (\n tenantId: string,\n expireDuration: number,\n ssoId?: string,\n email?: string,\n templateId?: string,\n ): Promise<SdkResponse<GenerateSSOConfigurationLinkResponse>> =>\n transformResponse<GenerateSSOConfigurationLinkResponse, GenerateSSOConfigurationLinkResponse>(\n sdk.httpClient.post(\n apiPaths.tenant.generateSSOConfigurationLink,\n { tenantId, expireTime: expireDuration, ssoId, email, templateId },\n {\n token: managementKey,\n },\n ),\n (data) => data,\n ),\n});\n\nexport default withTenant;\n","import { JWTResponse, SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { MgmtLoginOptions, MgmtSignUpOptions, MgmtUserOptions, UpdateJWTResponse } from './types';\n\ntype AnonymousJWTResponse = Omit<JWTResponse, 'user' \| 'firstSeen'>;\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n refreshDuration?: number,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.update,\n { jwt, customClaims, refreshDuration },\n { token: managementKey },\n ),\n ),\n impersonate: (\n impersonatorId: string,\n loginId: string,\n validateConsent: boolean,\n customClaims?: Record<string, any>,\n selectedTenant?: string,\n refreshDuration?: number,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.impersonate,\n { impersonatorId, loginId, validateConsent, customClaims, selectedTenant, refreshDuration },\n { token: managementKey },\n ),\n ),\n stopImpersonation: (\n jwt: string,\n customClaims?: Record<string, any>,\n selectedTenant?: string,\n refreshDuration?: number,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.stopImpersonation,\n { jwt, customClaims, selectedTenant, refreshDuration },\n { token: managementKey },\n ),\n ),\n signIn: (loginId: string, loginOptions?: MgmtLoginOptions): Promise<SdkResponse<JWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.signIn,\n { loginId, ...loginOptions },\n { token: managementKey },\n ),\n ),\n signUp: (\n loginId: string,\n user?: MgmtUserOptions,\n signUpOptions?: MgmtSignUpOptions,\n ): Promise<SdkResponse<JWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.signUp,\n { loginId, user, ...signUpOptions },\n { token: managementKey },\n ),\n ),\n signUpOrIn: (\n loginId: string,\n user?: MgmtUserOptions,\n signUpOptions?: MgmtSignUpOptions,\n ): Promise<SdkResponse<JWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.signUpOrIn,\n { loginId, user, ...signUpOptions },\n { token: managementKey },\n ),\n ),\n anonymous: (\n customClaims?: Record<string, any>,\n selectedTenant?: string,\n refreshDuration?: number,\n ): Promise<SdkResponse<AnonymousJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.anonymous,\n { customClaims, selectedTenant, refreshDuration },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role, RoleSearchOptions } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n tenantId?: string,\n defaultRole?: boolean,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames, tenantId, default: defaultRole },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n tenantId?: string,\n defaultRole?: boolean,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames, tenantId, default: defaultRole },\n { token: managementKey },\n ),\n ),\n delete: (name: string, tenantId?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name, tenantId }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n search: (options: RoleSearchOptions): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.post(apiPaths.role.search, options, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Group } from './types';\n\nconst withGroup = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Load all groups for a specific tenant id.\n * @param tenantId Tenant ID to load groups from.\n * @returns Group[] list of groups\n /\n loadAllGroups: (tenantId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(apiPaths.group.loadAllGroups, { tenantId }, { token: managementKey }),\n ),\n\n /\n Load all groups for the provided user IDs or login IDs.\n * @param tenantId Tenant ID to load groups from.\n * @param userIds Optional List of user IDs, with the format of \"U2J5ES9S8TkvCgOvcrkpzUgVTEBM\" (example), which can be found on the user's JWT.\n * @param loginIds Optional List of login IDs, how the user identifies when logging in.\n * @returns Group[] list of groups\n /\n loadAllGroupsForMember: (\n tenantId: string,\n userIds: string[],\n loginIds: string[],\n ): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupsForMember,\n { tenantId, loginIds, userIds },\n { token: managementKey },\n ),\n ),\n\n /\n Load all members of the provided group id.\n * @param tenantId Tenant ID to load groups from.\n * @param groupId Group ID to load members for.\n * @returns Group[] list of groups\n /\n loadAllGroupMembers: (tenantId: string, groupId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupMembers,\n { tenantId, groupId },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withGroup;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n RoleMappings,\n AttributeMapping,\n SSOSettingsResponse,\n SSOOIDCSettings,\n SSOSAMLSettings,\n SSOSAMLByMetadataSettings,\n SSOSettings,\n} from './types';\n\nfunction transformSettingsResponse(data) {\n const readySettings = data as any;\n if (readySettings.oidc) {\n readySettings.oidc = {\n ...readySettings.oidc,\n attributeMapping: readySettings.oidc.userAttrMapping,\n };\n delete readySettings.oidc.userAttrMapping;\n }\n if (readySettings.saml?.groupsMapping) {\n readySettings.saml.groupsMapping = readySettings.saml?.groupsMapping.map((gm: any) => {\n const rm = gm;\n rm.roleName = rm.role.name;\n delete rm.role;\n return rm;\n });\n }\n return readySettings;\n}\n\nfunction transformAllSettingsResponse(data) {\n const readySettings = data.SSOSettings as any[];\n const res = [];\n readySettings.forEach((setting) => res.push(transformSettingsResponse(setting)));\n return res;\n}\n\nconst withSSOSettings = (sdk: CoreSdk, managementKey?: string) => ({\n /\n @deprecated Use loadSettings instead\n /\n getSettings: (tenantId: string): Promise<SdkResponse<SSOSettingsResponse>> =>\n transformResponse<SSOSettingsResponse>(\n sdk.httpClient.get(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n newSettings: (\n tenantId: string,\n ssoId: string,\n displayName: string,\n ): Promise<SdkResponse<SSOSettings>> =>\n transformResponse<SSOSettings>(\n sdk.httpClient.post(\n apiPaths.sso.settingsNew,\n { tenantId, ...(ssoId ? { ssoId } : {}), displayName },\n { token: managementKey },\n ),\n (data) => transformSettingsResponse(data),\n ),\n deleteSettings: (tenantId: string, ssoId?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.sso.settings, {\n queryParams: { tenantId, ...(ssoId ? { ssoId } : {}) },\n token: managementKey,\n }),\n ),\n /\n @deprecated Use configureSAMLSettings or configureOIDCSettings instead\n /\n configureSettings: (\n tenantId: string,\n idpURL: string,\n idpCert: string,\n entityId: string,\n redirectURL: string,\n domains: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.settings,\n { tenantId, idpURL, entityId, idpCert, redirectURL, domains },\n { token: managementKey },\n ),\n ),\n /\n @deprecated Use configureSAMLByMetadata instead\n /\n configureMetadata: (\n tenantId: string,\n idpMetadataURL: string,\n redirectURL: string,\n domains: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.metadata,\n { tenantId, idpMetadataURL, redirectURL, domains },\n { token: managementKey },\n ),\n ),\n /\n @deprecated Use configureSAMLSettings, configureSAMLByMetadata or configureOIDCSettings instead\n /\n configureMapping: (\n tenantId: string,\n roleMappings?: RoleMappings,\n attributeMapping?: AttributeMapping,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.mapping,\n { tenantId, roleMappings, attributeMapping },\n { token: managementKey },\n ),\n ),\n configureOIDCSettings: (\n tenantId: string,\n settings: SSOOIDCSettings,\n domains?: string[],\n ssoId?: string,\n ): Promise<SdkResponse<never>> => {\n const readySettings = { ...settings, userAttrMapping: settings.attributeMapping };\n delete readySettings.attributeMapping;\n return transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.oidc.configure,\n {\n tenantId,\n settings: readySettings,\n domains,\n ...(ssoId ? { ssoId } : {}),\n },\n { token: managementKey },\n ),\n );\n },\n configureSAMLSettings: (\n tenantId: string,\n settings: SSOSAMLSettings,\n redirectUrl?: string,\n domains?: string[],\n ssoId?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.saml.configure,\n { tenantId, settings, redirectUrl, domains, ...(ssoId ? { ssoId } : {}) },\n { token: managementKey },\n ),\n ),\n configureSAMLByMetadata: (\n tenantId: string,\n settings: SSOSAMLByMetadataSettings,\n redirectUrl?: string,\n domains?: string[],\n ssoId?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.saml.metadata,\n { tenantId, settings, redirectUrl, domains, ...(ssoId ? { ssoId } : {}) },\n { token: managementKey },\n ),\n ),\n loadSettings: (tenantId: string, ssoId?: string): Promise<SdkResponse<SSOSettings>> =>\n transformResponse<SSOSettings>(\n sdk.httpClient.get(apiPaths.sso.settingsv2, {\n queryParams: { tenantId, ...(ssoId ? { ssoId } : {}) },\n token: managementKey,\n }),\n (data) => transformSettingsResponse(data),\n ),\n loadAllSettings: (tenantId: string): Promise<SdkResponse<SSOSettings[]>> =>\n transformResponse<SSOSettings[]>(\n sdk.httpClient.get(apiPaths.sso.settingsAllV2, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => transformAllSettingsResponse(data),\n ),\n});\n\nexport default withSSOSettings;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AccessKey, AssociatedTenant, CreatedAccessKeyResponse } from './types';\n\ntype SingleKeyResponse = {\n key: AccessKey;\n};\n\ntype MultipleKeysResponse = {\n keys: AccessKey[];\n};\n\nconst withAccessKey = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Create a new access key for a project.\n * @param name Access key name\n * @param expireTime When the access key expires. Keep at 0 to make it indefinite.\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param tenants Optional associated tenants for this key and its roles for each.\n * @param userId Optional bind this access key to a specific user.\n * @param customClaims Optional map of claims and their values that will be present in the JWT.\n * @param description Optional free text description\n * @param permittedIps Optional list of IP addresses or CIDR ranges that are allowed to use this access key.\n * @returns A newly created key and its cleartext. Make sure to save the cleartext securely.\n /\n create: (\n name: string,\n expireTime: number,\n roles?: string[],\n tenants?: AssociatedTenant[],\n userId?: string,\n customClaims?: Record<string, any>,\n description?: string,\n permittedIps?: string[],\n ): Promise<SdkResponse<CreatedAccessKeyResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.accessKey.create,\n {\n name,\n expireTime,\n roleNames: roles,\n keyTenants: tenants,\n userId,\n customClaims,\n description,\n permittedIps,\n },\n { token: managementKey },\n ),\n ),\n /\n Load an access key.\n * @param id Access key ID to load\n * @returns The loaded access key.\n /\n load: (id: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.get(apiPaths.accessKey.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data.key,\n ),\n /\n Search all access keys\n * @param tenantIds Optional tenant ID filter to apply on the search results\n * @returns An array of found access keys\n /\n searchAll: (tenantIds?: string[]): Promise<SdkResponse<AccessKey[]>> =>\n transformResponse<MultipleKeysResponse, AccessKey[]>(\n sdk.httpClient.post(apiPaths.accessKey.search, { tenantIds }, { token: managementKey }),\n (data) => data.keys,\n ),\n /\n Update an access key.\n * @param id Access key ID to load\n * @param name The updated access key name\n * @param description Optional updated access key description\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param tenants Optional associated tenants for this key and its roles for each.\n * @param customClaims Optional map of claims and their values that will be present in the JWT.\n * @param permittedIps Optional list of IP addresses or CIDR ranges that are allowed to use this access key.\n * @returns The updated access key\n /\n update: (\n id: string,\n name: string,\n description?: string,\n roles?: string[],\n tenants?: AssociatedTenant[],\n customClaims?: Record<string, any>,\n permittedIps?: string[],\n ): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.post(\n apiPaths.accessKey.update,\n {\n id,\n name,\n description,\n roleNames: roles,\n keyTenants: tenants,\n customClaims,\n permittedIps,\n },\n { token: managementKey },\n ),\n (data) => data.key,\n ),\n /\n Deactivate an access key. Deactivated access keys cannot be used until they are\n * activated again.\n * @param id Access key ID to deactivate\n /\n deactivate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.deactivate, { id }, { token: managementKey }),\n ),\n /\n Activate an access key. Only deactivated access keys can be activated again.\n * @param id Access key ID to activate\n /\n activate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.activate, { id }, { token: managementKey }),\n ),\n /\n Delete an access key. IMPORTANT: This cannot be undone. Use carefully.\n * @param id Access key ID to delete\n /\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.delete, { id }, { token: managementKey }),\n ),\n});\n\nexport default withAccessKey;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { FlowResponse, FlowsResponse, Screen, Flow } from './types';\n\nconst WithFlow = (sdk: CoreSdk, managementKey?: string) => ({\n list: (): Promise<SdkResponse<FlowsResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.flow.list, {}, { token: managementKey })),\n delete: (flowIds: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.delete, { ids: flowIds }, { token: managementKey }),\n ),\n export: (flowId: string): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.export, { flowId }, { token: managementKey }),\n ),\n import: (flowId: string, flow: Flow, screens?: Screen[]): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.flow.import,\n { flowId, flow, screens },\n { token: managementKey },\n ),\n ),\n});\n\nexport default WithFlow;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Theme, ThemeResponse } from './types';\n\nconst WithTheme = (sdk: CoreSdk, managementKey?: string) => ({\n export: (): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.theme.export, {}, { token: managementKey })),\n import: (theme: Theme): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.theme.import, { theme }, { token: managementKey }),\n ),\n});\n\nexport default WithTheme;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AuditSearchOptions, AuditRecord, AuditCreateOptions } from './types';\n\nconst WithAudit = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Search the audit trail for up to last 30 days based on given optional parameters\n * @param searchOptions to filter which audit records to return\n * @returns the audit records array\n /\n search: (searchOptions: AuditSearchOptions): Promise<SdkResponse<AuditRecord[]>> => {\n const body = { ...searchOptions, externalIds: searchOptions.loginIds };\n delete body.loginIds;\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.search, body, { token: managementKey }),\n (data) =>\n data?.audits.map((a) => {\n const res = {\n ...a,\n occurred: parseFloat(a.occurred),\n loginIds: a.externalIds,\n };\n delete res.externalIds;\n return res;\n }),\n );\n },\n /\n Create audit event\n * @param createOptions to define which audit event to create\n * @returns the audit records array\n /\n createEvent: (createOptions: AuditCreateOptions): Promise<SdkResponse<never>> => {\n const body = { ...createOptions };\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.createEvent, body, { token: managementKey }),\n );\n },\n});\n\nexport default WithAudit;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n AuthzSchema,\n AuthzNamespace,\n AuthzRelationDefinition,\n AuthzRelation,\n AuthzRelationQuery,\n AuthzModified,\n AuthzResource,\n} from './types';\n\nconst WithAuthz = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Save (create or update) the given schema.\n * In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.\n * Schema name can be used for projects to track versioning.\n \n @param schema the schema to save\n * @param upgrade should we upgrade existing schema or ignore any namespace not provided\n * @returns standard success or failure response\n /\n saveSchema: (schema: AuthzSchema, upgrade: boolean): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaSave, { schema, upgrade }, { token: managementKey }),\n ),\n /\n Delete the schema for the project which will also delete all relations.\n \n @returns standard success or failure response\n /\n deleteSchema: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaDelete, {}, { token: managementKey }),\n ),\n /\n Load the schema for the project.\n \n @returns the schema associated with the project\n /\n loadSchema: (): Promise<SdkResponse<AuthzSchema>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaLoad, {}, { token: managementKey }),\n (data) => data.schema,\n ),\n /\n Save (create or update) the given namespace.\n * Will not delete relation definitions not mentioned in the namespace.\n \n @param namespace the namespace to save\n * @param oldName if we are changing the namespace name, what was the old name we are updating.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n /\n saveNamespace: (\n namespace: AuthzNamespace,\n oldName?: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.nsSave,\n { namespace, oldName, schemaName },\n { token: managementKey },\n ),\n ),\n /\n Delete the given namespace.\n * Will also delete the relevant relations.\n \n @param name to delete.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n /\n deleteNamespace: (name: string, schemaName?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.nsDelete, { name, schemaName }, { token: managementKey }),\n ),\n /\n Save (create or update) the given relation definition.\n \n @param relationDefinition rd to save.\n * @param namespace that it belongs to.\n * @param oldName if we are changing the relation definition name, what was the old name we are updating.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n /\n saveRelationDefinition: (\n relationDefinition: AuthzRelationDefinition,\n namespace: string,\n oldName?: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.rdSave,\n { relationDefinition, namespace, oldName, schemaName },\n { token: managementKey },\n ),\n ),\n /\n Delete the given relation definition.\n * Will also delete the relevant relations.\n \n @param name to delete.\n * @param namespace it belongs to.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n /\n deleteRelationDefinition: (\n name: string,\n namespace: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.rdDelete,\n { name, namespace, schemaName },\n { token: managementKey },\n ),\n ),\n /\n Create the given relations.\n \n @param relations to create.\n * @returns standard success or failure response\n /\n createRelations: (relations: AuthzRelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.reCreate, { relations }, { token: managementKey }),\n ),\n /\n Delete the given relations.\n \n @param relations to delete.\n * @returns standard success or failure response\n /\n deleteRelations: (relations: AuthzRelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.reDelete, { relations }, { token: managementKey }),\n ),\n /\n @deprecated use `deleteRelationsForIds` instead for better clarity\n \n Delete any relations with matching resourceIds OR targetIds\n \n @param resources ids to delete relations for.\n * @returns standard success or failure response\n /\n deleteRelationsForResources: (resources: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.reDeleteResources,\n { resources },\n { token: managementKey },\n ),\n ),\n /\n \n * Delete any relations with matching resourceIds\n \n @param resources resource ids to delete relations for.\n * @returns\n /\n deleteResourceRelationsForResources: (resources: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.reDeleteResourceRelationsForResources,\n { resources },\n { token: managementKey },\n ),\n ),\n /\n Delete any relations with matching resourceIds OR targetIds\n \n @param ids ids to delete relations for.\n * @returns standard success or failure response\n /\n deleteRelationsForIds: (ids: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.reDeleteResources,\n { resources: ids },\n { token: managementKey },\n ),\n ),\n /\n Query relations to see what relations exists.\n \n @param relationQueries array of relation queries to check.\n * @returns array of relation query responses with the boolean flag indicating if relation exists\n /\n hasRelations: (\n relationQueries: AuthzRelationQuery[],\n ): Promise<SdkResponse<AuthzRelationQuery[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.hasRelations,\n { relationQueries },\n { token: managementKey },\n ),\n (data) => data.relationQueries,\n ),\n /\n List all the users that have the given relation definition to the given resource.\n \n @param resource The resource we are checking\n * @param relationDefinition The relation definition we are querying\n * @param namespace The namespace for the relation definition\n * @returns array of users who have the given relation definition\n /\n whoCanAccess: (\n resource: string,\n relationDefinition: string,\n namespace: string,\n ): Promise<SdkResponse<string[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.who,\n { resource, relationDefinition, namespace },\n { token: managementKey },\n ),\n (data) => data.targets,\n ),\n /\n Return the list of all defined relations (not recursive) on the given resource.\n \n @param resource The resource we are checking\n * @param ignoreTargetSetRelations if true, will not return target set relations even if they exist\n * @returns array of relations that exist for the given resource\n /\n resourceRelations: (\n resource: string,\n ignoreTargetSetRelations = false,\n ): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.resource,\n { resource, ignoreTargetSetRelations },\n { token: managementKey },\n ),\n (data) => data.relations,\n ),\n /\n Return the list of all defined relations (not recursive) for the given targets.\n \n @param targets array of targets we want to check\n * @param includeTargetSetRelations if true, will include target set relations as well as target relations\n * @returns array of relations that exist for the given targets\n /\n targetsRelations: (\n targets: string[],\n includeTargetSetRelations = false,\n ): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.targets,\n { targets, includeTargetSetRelations },\n { token: managementKey },\n ),\n (data) => data.relations,\n ),\n /\n Return the list of all relations for the given target including derived relations from the schema tree.\n \n @param target The target to check relations for\n * @returns array of relations that exist for the given targets\n /\n whatCanTargetAccess: (target: string): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.targetAll, { target }, { token: managementKey }),\n (data) => data.relations,\n ),\n\n /\n Return all resources which the target can access via relation paths that end with the given relation definition\n \n @param target The target to check resource access for, e.g. user:123\n * @param relationDefinition A relation on a resource, e.g. owner\n * @param namespace The namespace (type) of the resource in which the relation is defined, e.g. folder\n * @returns array of resources that the target can access on relation paths which include the given relation definition\n /\n whatCanTargetAccessWithRelation: (\n target: string,\n relationDefinition: string,\n namespace: string,\n ): Promise<SdkResponse<AuthzResource[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.targetWithRelation,\n { target, relationDefinition, namespace },\n { token: managementKey },\n ),\n (data) => data.resources.map((resource: string) => ({ resource })),\n ),\n\n /\n Return the list of all relations for the given target including derived relations from the schema tree.\n \n @param target The target to check relations for\n * @returns array of relations that exist for the given targets\n /\n getModified: (since: Date): Promise<SdkResponse<AuthzModified>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.getModified,\n { since: since ? since.getTime() : 0 },\n { token: managementKey },\n ),\n (data) => data as AuthzModified,\n ),\n});\n\nexport default WithAuthz;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CreateSSOApplicationResponse,\n SSOApplication,\n OidcApplicationOptions,\n SamlApplicationOptions,\n} from './types';\n\ntype MultipleSSOApplicationResponse = {\n apps: SSOApplication[];\n};\n\nconst withSSOApplication = (sdk: CoreSdk, managementKey?: string) => ({\n createOidcApplication: (\n options: OidcApplicationOptions,\n ): Promise<SdkResponse<CreateSSOApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.oidcCreate,\n {\n ...options,\n enabled: options.enabled ?? true,\n },\n { token: managementKey },\n ),\n ),\n createSamlApplication: (\n options: SamlApplicationOptions,\n ): Promise<SdkResponse<CreateSSOApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.samlCreate,\n {\n ...options,\n enabled: options.enabled ?? true,\n },\n { token: managementKey },\n ),\n ),\n updateOidcApplication: (\n options: OidcApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.oidcUpdate,\n { ...options },\n { token: managementKey },\n ),\n ),\n updateSamlApplication: (\n options: SamlApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.samlUpdate,\n { ...options },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.ssoApplication.delete, { id }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<SSOApplication>> =>\n transformResponse<SSOApplication, SSOApplication>(\n sdk.httpClient.get(apiPaths.ssoApplication.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<SSOApplication[]>> =>\n transformResponse<MultipleSSOApplicationResponse, SSOApplication[]>(\n sdk.httpClient.get(apiPaths.ssoApplication.loadAll, {\n token: managementKey,\n }),\n (data) => data.apps,\n ),\n});\n\nexport default withSSOApplication;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { PasswordSettings } from './types';\n\nconst withPassword = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: (tenantId: string): Promise<SdkResponse<PasswordSettings>> =>\n transformResponse<PasswordSettings, PasswordSettings>(\n sdk.httpClient.get(apiPaths.password.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n configureSettings: (tenantId: string, settings: PasswordSettings): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.password.settings,\n { ...settings, tenantId },\n {\n token: managementKey,\n },\n ),\n ),\n});\n\nexport default withPassword;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CheckResponseRelation,\n FGARelation,\n FGASchema,\n FGAResourceDetails,\n FGAResourceIdentifier,\n} from './types';\n\nconst WithFGA = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Save (create or update) the given schema.\n * In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.\n \n @param schema the schema to save\n * @returns standard success or failure response\n /\n saveSchema: (schema: FGASchema): Promise<SdkResponse<never>> =>\n transformResponse(sdk.httpClient.post(apiPaths.fga.schema, schema, { token: managementKey })),\n /\n Delete the schema for the project which will also delete all relations.\n \n @returns standard success or failure response\n /\n deleteSchema: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaDelete, {}, { token: managementKey }),\n ),\n /\n Create the given relations.\n \n @param relations to create.\n * @returns standard success or failure response\n /\n createRelations: (relations: FGARelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.fga.relations, { tuples: relations }, { token: managementKey }),\n ),\n\n /\n Delete the given relations.\n * This is a bulk operation and will delete all the given relations.\n \n @param relations to delete.\n * @returns standard success or failure response\n /\n\n deleteRelations: (relations: FGARelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.fga.deleteRelations,\n { tuples: relations },\n { token: managementKey },\n ),\n ),\n\n /\n Check if the given relations exist.\n * This is a read-only operation and will not create any relations.\n * It will return the relations with the boolean flag indicating if relation exists.\n * This is useful to check if a relation exists before creating it.\n \n @param relations to check.\n * @returns array of relations with the boolean flag indicating if relation exists\n /\n check: (relations: FGARelation[]): Promise<SdkResponse<CheckResponseRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.fga.check, { tuples: relations }, { token: managementKey }),\n (data) => data.tuples,\n ),\n\n /\n Load details for the given resource identifiers.\n * @param resourceIdentifiers the resource identifiers (resourceId and resourceType tuples) to load details for\n /\n loadResourcesDetails: (\n resourceIdentifiers: FGAResourceIdentifier[],\n ): Promise<SdkResponse<FGAResourceDetails[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.fga.resourcesLoad,\n { resourceIdentifiers },\n { token: managementKey },\n ),\n (data) => data.resourcesDetails,\n ),\n\n /\n Save details for the given resources.\n * @param resourcesDetails the resources details to save\n /\n saveResourcesDetails: (resourcesDetails: FGAResourceDetails[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.fga.resourcesSave,\n { resourcesDetails },\n { token: managementKey },\n ),\n ),\n\n /\n Delete all relations.\n \n @returns standard success or failure response\n /\n deleteAllRelations: (): Promise<SdkResponse<never>> =>\n transformResponse(sdk.httpClient.delete(apiPaths.fga.relations, { token: managementKey })),\n});\n\nexport default WithFGA;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n InboundApplication,\n InboundApplicationConsent,\n InboundApplicationConsentDeleteOptions,\n InboundApplicationConsentSearchOptions,\n CreateInboundApplicationResponse,\n InboundApplicationOptions,\n InboundApplicationSecretResponse,\n} from './types';\n\ntype MultipleInboundApplicationResponse = {\n apps: InboundApplication[];\n};\n\ntype MultipleInboundApplicationConsentsResponse = {\n consents: InboundApplicationConsent[];\n};\n\nconst withInboundApplication = (sdk: CoreSdk, managementKey?: string) => ({\n createApplication: (\n options: InboundApplicationOptions,\n ): Promise<SdkResponse<CreateInboundApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.inboundApplication.create,\n {\n ...options,\n },\n { token: managementKey },\n ),\n ),\n updateApplication: (\n options: InboundApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.inboundApplication.update,\n { ...options },\n { token: managementKey },\n ),\n ),\n patchApplication: (\n options: Partial<InboundApplicationOptions> & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.inboundApplication.patch,\n { ...options },\n { token: managementKey },\n ),\n ),\n deleteApplication: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.inboundApplication.delete, { id }, { token: managementKey }),\n ),\n loadApplication: (id: string): Promise<SdkResponse<InboundApplication>> =>\n transformResponse<InboundApplication, InboundApplication>(\n sdk.httpClient.get(apiPaths.inboundApplication.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAllApplications: (): Promise<SdkResponse<InboundApplication[]>> =>\n transformResponse<MultipleInboundApplicationResponse, InboundApplication[]>(\n sdk.httpClient.get(apiPaths.inboundApplication.loadAll, {\n token: managementKey,\n }),\n (data) => data.apps,\n ),\n getApplicationSecret: (id: string): Promise<SdkResponse<InboundApplicationSecretResponse>> =>\n transformResponse<InboundApplicationSecretResponse, InboundApplicationSecretResponse>(\n sdk.httpClient.get(apiPaths.inboundApplication.secret, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n rotateApplicationSecret: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.inboundApplication.rotate, { id }, { token: managementKey }),\n ),\n searchConsents: (\n options?: InboundApplicationConsentSearchOptions,\n ): Promise<SdkResponse<InboundApplicationConsent[]>> =>\n transformResponse<MultipleInboundApplicationConsentsResponse, InboundApplicationConsent[]>(\n sdk.httpClient.post(\n apiPaths.inboundApplicationConsents.search,\n { ...options },\n { token: managementKey },\n ),\n (data) => data.consents,\n ),\n deleteConsents: (options: InboundApplicationConsentDeleteOptions): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.inboundApplicationConsents.delete,\n { ...options },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withInboundApplication;\n","import createSdk, {\n AccessKeyLoginOptions,\n ExchangeAccessKeyResponse,\n SdkResponse,\n wrapWith,\n} from '@descope/core-js-sdk';\nimport { JWK, JWTHeaderParameters, KeyLike, errors, importJWK, jwtVerify } from 'jose';\nimport {\n permissionsClaimName,\n refreshTokenCookieName,\n rolesClaimName,\n sessionTokenCookieName,\n} from './constants';\nimport fetch from './fetch-polyfill';\nimport { getAuthorizationClaimItems, isUserAssociatedWithTenant, withCookie } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport descopeErrors from './errors';\n\ndeclare const BUILD_VERSION: string;\n\n/* Configuration arguments which include the Descope core SDK args and an optional management key /\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n publicKey?: string;\n};\n\nconst nodeSdk = ({ managementKey, publicKey, ...config }: NodeSdkArgs) => {\n const coreSdk = createSdk({\n fetch,\n ...config,\n baseHeaders: {\n ...config.baseHeaders,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node \|\| '',\n 'x-descope-sdk-version': BUILD_VERSION,\n },\n });\n\n const { projectId, logger } = config;\n\n const keys: Record<string, KeyLike \| Uint8Array> = {};\n\n /* Fetch the public keys (JWKs) from Descope for the configured project /\n const fetchKeys = async () => {\n if (publicKey) {\n try {\n const parsedKey = JSON.parse(publicKey);\n const key = await importJWK(parsedKey);\n return {\n [parsedKey.kid]: key,\n };\n } catch (e) {\n logger?.error('Failed to parse the provided public key', e);\n throw new Error(`Failed to parse public key. Error: ${e}`);\n }\n }\n\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, managementKey);\n\n const sdk = {\n ...coreSdk,\n\n // Overrides core-sdk refresh, because the core-sdk exposes queryParams, which is for internal use only\n refresh: async (token?: string) => coreSdk.refresh(token),\n\n /\n Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n /\n management,\n\n /* Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. /\n async getKey(header: JWTHeaderParameters): Promise<KeyLike \| Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /\n Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n /\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /\n Validate an active session\n * @param sessionToken session JWT to validate\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateSession(sessionToken: string): Promise<AuthenticationInfo> {\n if (!sessionToken) throw Error('session token is required for validation');\n\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.error('session validation failed', error);\n throw Error(`session validation failed. Error: ${error}`);\n }\n },\n\n /\n Refresh the session using a refresh token\n * @param refreshToken refresh JWT to refresh the session with\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async refreshSession(refreshToken: string): Promise<AuthenticationInfo> {\n if (!refreshToken) throw Error('refresh token is required to refresh a session');\n\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n / istanbul ignore next /\n throw Error(jwtResp.error?.errorMessage);\n } catch (refreshTokenErr) {\n / istanbul ignore next /\n logger?.error('refresh token validation failed', refreshTokenErr);\n throw Error(`refresh token validation failed, Error: ${refreshTokenErr}`);\n }\n },\n\n /\n Validate session and refresh it if it expired\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateAndRefreshSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken) throw Error('both session and refresh tokens are empty');\n\n try {\n const token = await sdk.validateSession(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.log(`session validation failed with error ${error} - trying to refresh it`);\n }\n\n return sdk.refreshSession(refreshToken);\n },\n\n /\n Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @param loginOptions Optional advanced controls over login parameters\n * @returns AuthenticationInfo with session JWT data\n /\n async exchangeAccessKey(\n accessKey: string,\n loginOptions?: AccessKeyLoginOptions,\n ): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey, loginOptions);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error(`could not exchange access key - Failed to exchange. Error: ${error}`);\n }\n\n if (!resp.ok) {\n logger?.error('failed to exchange access key', resp.error);\n throw Error(`could not exchange access key - ${resp.error?.errorMessage}`);\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error(`could not exchange access key - failed to validate jwt. Error: ${error}`);\n }\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, '', permissions);\n },\n\n /\n Retrieves the permissions from JWT top level claims that match the specified permissions list\n * @param authInfo JWT parsed info containing the permissions\n * @param permissions List of permissions to match against the JWT claims\n * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n /\n getMatchedPermissions(authInfo: AuthenticationInfo, permissions: string[]): string[] {\n return sdk.getMatchedTenantPermissions(authInfo, '', permissions);\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param tenant tenant to validate the permissions for\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /\n Retrieves the permissions from JWT tenant claims that match the specified permissions list\n * @param authInfo JWT parsed info containing the permissions\n * @param tenant tenant to match the permissions for\n * @param permissions List of permissions to match against the JWT claims\n * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n * /\n getMatchedTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): string[] {\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return [];\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.filter((perm) => granted.includes(perm));\n },\n\n /\n Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, '', roles);\n },\n\n /\n Retrieves the roles from JWT top level claims that match the specified roles list\n * @param authInfo JWT parsed info containing the roles\n * @param roles List of roles to match against the JWT claims\n * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n /\n getMatchedRoles(authInfo: AuthenticationInfo, roles: string[]): string[] {\n return sdk.getMatchedTenantRoles(authInfo, '', roles);\n },\n\n /\n Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param tenant tenant to validate the roles for\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n\n /\n Retrieves the roles from JWT tenant claims that match the specified roles list\n * @param authInfo JWT parsed info containing the roles\n * @param tenant tenant to match the roles for\n * @param roles List of roles to match against the JWT claims\n * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n /\n getMatchedTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): string[] {\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return [];\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.filter((role) => membership.includes(role));\n },\n };\n\n return wrapWith(\n sdk,\n [\n 'otp.verify.email',\n 'otp.verify.sms',\n 'otp.verify.voice',\n 'otp.verify.whatsapp',\n 'magicLink.verify',\n 'enchantedLink.signUp',\n 'enchantedLink.signIn',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ] as const,\n withCookie,\n );\n};\n\n/* Descope SDK client with delivery methods enum.\n \n Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n \n ```js\n * import descopeSdk from '@descope/node-sdk';\n \n const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n \n const userLoginId = 'loginId';\n * sdk.otp.signIn.email(userLoginId);\n * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);\n * ```\n /\n\nnodeSdk.RefreshTokenCookieName = refreshTokenCookieName;\nnodeSdk.SessionTokenCookieName = sessionTokenCookieName;\nnodeSdk.DescopeErrors = descopeErrors;\n\nexport default nodeSdk;\nexport type {\n DeliveryMethod,\n JWTResponse,\n OAuthProvider,\n ResponseData,\n SdkResponse,\n} from '@descope/core-js-sdk';\nexport type { AuthenticationInfo };\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withProject from './project';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\nimport withGroup from './group';\nimport withSSOSettings from './sso';\nimport withAccessKey from './accesskey';\nimport WithFlow from './flow';\nimport WithTheme from './theme';\nimport WithAudit from './audit';\nimport WithAuthz from './authz';\nimport withSSOApplication from './ssoapplication';\nimport withPassword from './password';\nimport WithFGA from './fga';\nimport withInboundApplication from './inboundapplication';\n\n/* Constructs a higher level Management API that wraps the functions from code-js-sdk /\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n project: withProject(sdk, managementKey),\n accessKey: withAccessKey(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n ssoApplication: withSSOApplication(sdk, managementKey),\n inboundApplication: withInboundApplication(sdk, managementKey),\n sso: withSSOSettings(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n password: withPassword(sdk, managementKey),\n role: withRole(sdk, managementKey),\n group: withGroup(sdk, managementKey),\n flow: WithFlow(sdk, managementKey),\n theme: WithTheme(sdk, managementKey),\n audit: WithAudit(sdk, managementKey),\n authz: WithAuthz(sdk, managementKey),\n fga: WithFGA(sdk, managementKey),\n});\n\nexport default withManagement;\n","// eslint-disable-next-line import/prefer-default-export\n/* Common Error Codes */\nexport default {\n badRequest: 'E011001',\n missingArguments: 'E011002',\n invalidRequest: 'E011003',\n invalidArguments: 'E011004',\n wrongOTPCode: 'E061102',\n tooManyOTPAttempts: 'E061103',\n enchantedLinkPending: 'E062503',\n userNotFound: 'E062108',\n};\n"],"names":["_a","globalThis","Headers","patchedFetch","args","forEach","arg","_b","highWaterMark","crossFetch","withCookie","fn","async","resp","data","_d","refreshJwt","rest","__rest","cookies","options","push","cookieDomain","cookieMaxAge","cookiePath","response","headers","get","cookie","name","match","RegExp","getCookieValue","_c","Object","assign","getAuthorizationClaimItems","authInfo","claim","tenant","value","token","Array","isArray","isUserAssociatedWithTenant","apiPaths","create","createTestUser","createBatch","update","patch","delete","deleteAllTestUsers","load","logout","search","searchTestUsers","getProviderToken","updateStatus","updateLoginId","updateEmail","updatePhone","updateDisplayName","updatePicture","updateCustomAttribute","setRole","addRole","removeRole","setSSOApps","addSSOApps","removeSSOApps","addTenant","removeTenant","setPassword","setTemporaryPassword","setActivePassword","expirePassword","removeAllPasskeys","removeTOTPSeed","generateOTPForTest","generateMagicLinkForTest","generateEnchantedLinkForTest","generateEmbeddedLink","generateSignUpEmbeddedLink","history","updateName","updateTags","clone","projectsList","exportSnapshot","importSnapshot","validateSnapshot","deactivate","activate","settings","loadAll","searchAll","generateSSOConfigurationLink","oidcCreate","samlCreate","oidcUpdate","samlUpdate","secret","rotate","settingsNew","metadata","mapping","settingsv2","settingsAllV2","oidc","configure","saml","impersonate","stopImpersonation","signIn","signUp","signUpOrIn","anonymous","list","export","import","loadAllGroups","loadAllGroupsForMember","loadAllGroupMembers","createEvent","schemaSave","schemaDelete","schemaLoad","nsSave","nsDelete","rdSave","rdDelete","reCreate","reDelete","reDeleteResources","reDeleteResourceRelationsForResources","hasRelations","who","resource","targets","targetAll","targetWithRelation","getModified","schema","relations","deleteRelations","check","resourcesLoad","resourcesSave","withUser","sdk","managementKey","loginId","emailOrOptions","phone","displayName","roles","userTenants","customAttributes","picture","verifiedEmail","verifiedPhone","givenName","middleName","familyName","additionalLoginIds","body","email","roleNames","undefined","transformResponse","httpClient","post","user","test","invite","inviteUrl","sendMail","sendSMS","templateId","inviteBatch","users","templateOptions","map","u","res","ssoAppIds","scim","deleteByUserId","userId","queryParams","loadByUserId","logoutUser","logoutUserByUserId","tenantIds","limit","page","testUsersOnly","withTestUser","statuses","emails","phones","searchReq","provider","providerTokenOptions","withRefreshToken","forceRefresh","status","newLoginId","isVerified","verified","attributeKey","attributeValue","setRoles","addRoles","removeRoles","tenantId","setTenantRoles","addTenantRoles","removeTenantRoles","addSSOapps","setSSOapps","removeSSOapps","generateOTPForTestUser","deliveryMethod","loginOptions","generateMagicLinkForTestUser","uri","URI","generateEnchantedLinkForTestUser","customClaims","timeout","emailVerified","phoneVerified","password","userIds","withProject","tags","environment","listProjects","projects","id","request","files","withTenant","selfProvisioningDomains","enforceSSO","disabled","createWithId","cascade","tenants","ids","names","tenantNames","tenantSelfProvisioningDomains","getSettings","configureSettings","expireDuration","ssoId","expireTime","withJWT","jwt","refreshDuration","impersonatorId","validateConsent","selectedTenant","signUpOptions","withPermission","description","newName","permissions","withRole","permissionNames","defaultRole","default","withGroup","loginIds","groupId","transformSettingsResponse","readySettings","attributeMapping","userAttrMapping","groupsMapping","gm","rm","roleName","role","withSSOSettings","newSettings","deleteSettings","idpURL","idpCert","entityId","redirectURL","domains","configureMetadata","idpMetadataURL","configureMapping","roleMappings","configureOIDCSettings","configureSAMLSettings","redirectUrl","configureSAMLByMetadata","loadSettings","loadAllSettings","SSOSettings","setting","transformAllSettingsResponse","withAccessKey","permittedIps","keyTenants","key","keys","WithFlow","flowIds","flowId","flow","screens","WithTheme","theme","WithAudit","searchOptions","externalIds","audits","a","occurred","parseFloat","createOptions","WithAuthz","saveSchema","upgrade","deleteSchema","loadSchema","saveNamespace","namespace","oldName","schemaName","deleteNamespace","saveRelationDefinition","relationDefinition","deleteRelationDefinition","createRelations","deleteRelationsForResources","resources","deleteResourceRelationsForResources","deleteRelationsForIds","relationQueries","whoCanAccess","resourceRelations","ignoreTargetSetRelations","targetsRelations","includeTargetSetRelations","whatCanTargetAccess","target","whatCanTargetAccessWithRelation","since","getTime","withSSOApplication","createOidcApplication","enabled","createSamlApplication","updateOidcApplication","updateSamlApplication","apps","withPassword","WithFGA","tuples","loadResourcesDetails","resourceIdentifiers","resourcesDetails","saveResourcesDetails","deleteAllRelations","withInboundApplication","createApplication","updateApplication","patchApplication","deleteApplication","loadApplication","loadAllApplications","getApplicationSecret","rotateApplicationSecret","searchConsents","consents","deleteConsents","nodeSdk","publicKey","config","coreSdk","createSdk","fetch","baseHeaders","process","versions","node","projectId","logger","management","project","accessKey","ssoApplication","inboundApplication","sso","permission","group","audit","authz","fga","withManagement","refresh","header","kid","Error","parsedKey","JSON","parse","importJWK","e","error","publicKeys","then","json","Promise","all","reduce","acc","jwk","toString","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","split","pop","errors","JWTClaimValidationFailed","sessionToken","validateJwt","refreshToken","jwtResp","ok","sessionJwt","errorMessage","refreshTokenErr","validateSession","log","refreshSession","exchange","validatePermissions","validateTenantPermissions","getMatchedPermissions","getMatchedTenantPermissions","granted","every","perm","includes","filter","validateRoles","validateTenantRoles","getMatchedRoles","getMatchedTenantRoles","membership","wrapWith","RefreshTokenCookieName","SessionTokenCookieName","DescopeErrors","badRequest","missingArguments","invalidRequest","invalidArguments","wrongOTPCode","tooManyOTPAttempts","enchantedLinkPending","userNotFound"],"mappings":"4NAEkB,QAAlBA,EAAAC,WAAWC,eAAO,IAAAF,IAAlBC,WAAWC,QAAYA,GAEvB,MAGMC,EAAe,IAAIC,KAGvBA,EAAKC,SAASC,YAERA,GAAsB,iBAARA,YAEhBN,GAAAO,EAACD,GAAYE,+BAAAA,cAVK,UAWnB,IAGIC,KAAcL,ICeVM,EACVC,GACDC,SAAUR,eACR,MAAMS,QAAaF,KAAMP,GAGzB,IAAKS,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAA0BF,EAAKC,MAA/BE,WAAEA,GAAUD,EAAKE,EAAjBC,EAAAH,EAAA,CAAA,eACJ,MAAMI,EAAoB,GAlCP,IAA8BC,EAgDjD,OAZKJ,EASHG,EAAQE,KA5CZ,GCVoC,SDsDoBL,cA5C5BI,OADuBA,EA6CiBH,QA5CxC,EAAAG,EAASE,eAAgB,gBACnDF,aAAA,EAAAA,EAASG,eAAgB,aACjBH,aAAA,EAAAA,EAASI,aAAc,mCAkCZ,QAAbxB,EAAAa,EAAKY,gBAAQ,IAAAzB,OAAA,EAAAA,EAAE0B,QAAQC,IAAI,iBAC7BX,EA3Be,EAACY,EAAmCC,KACzD,MAAMC,EAAQF,eAAAA,EAAQE,MAAMC,OAAO,cAAcF,cACjD,OAAOC,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbzB,EAAAM,EAAKY,gBAAQ,IAAAlB,OAAA,EAAAA,EAAEmB,QAAQC,IAAI,cChDC,ODmD9BR,EAAQE,KAAoB,QAAfY,EAAApB,EAAKY,gBAAU,IAAAQ,OAAA,EAAAA,EAAAP,QAAQC,IAAI,gBAMhCO,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAtB,GAAM,CAAAC,KAAWoB,OAAAC,OAAAD,OAAAC,OAAA,GAAAtB,EAAKC,MAAM,CAAAE,aAAYG,aAAY,WAUpDiB,EACdC,EACAC,EACAC,WAEA,MAAMC,EAAQD,EAC0C,QAApDhC,EAA6C,QAA7CP,EAAAqC,EAASI,MAAgC,eAAI,IAAAzC,OAAA,EAAAA,EAAAuC,UAAO,IAAAhC,OAAA,EAAAA,EAAG+B,GACvDD,EAASI,MAAMH,GACnB,OAAOI,MAAMC,QAAQH,GAASA,EAAQ,EACxC,CAQgB,SAAAI,EAA2BP,EAA8BE,SACvE,SAAmD,QAA1CvC,EAAAqC,EAASI,MAAgC,eAAC,IAAAzC,OAAA,EAAAA,EAAGuC,GACxD,CEvFA,IAAeM,EACP,CACJC,OAAQ,uBACRC,eAAgB,4BAChBC,YAAa,6BACbC,OAAQ,uBACRC,MAAO,sBACPC,OAAQ,uBACRC,mBAAoB,gCACpBC,KAAM,gBACNC,OAAQ,uBACRC,OAAQ,uBACRC,gBAAiB,4BACjBC,iBAAkB,+BAClBC,aAAc,8BACdC,cAAe,+BACfC,YAAa,6BACbC,YAAa,6BACbC,kBAAmB,4BACnBC,cAAe,+BACfC,sBAAuB,uCACvBC,QAAS,gCACTC,QAAS,gCACTC,WAAY,mCACZC,WAAY,kCACZC,WAAY,kCACZC,cAAe,qCACfC,UAAW,kCACXC,aAAc,qCACdC,YAAa,6BACbC,qBAAsB,uCACtBC,kBAAmB,oCACnBC,eAAgB,gCAChBC,kBAAmB,gCACnBC,eAAgB,4BAChBC,mBAAoB,8BACpBC,yBAA0B,oCAC1BC,6BAA8B,wCAC9BC,qBAAsB,oCACtBC,2BAA4B,oCAC5BC,QAAS,yBAxCEvC,EA0CJ,CACPwC,WAAY,+BACZC,WAAY,+BACZC,MAAO,yBACPC,aAAc,yBACdC,eAAgB,mCAChBC,eAAgB,mCAChBC,iBAAkB,sCAjDP9C,EAmDF,CACTC,OAAQ,4BACRO,KAAM,qBACNE,OAAQ,4BACRN,OAAQ,4BACR2C,WAAY,gCACZC,SAAU,8BACV1C,OAAQ,6BA1DGN,EA4DL,CACNC,OAAQ,yBACRG,OAAQ,yBACRE,OAAQ,yBACRE,KAAM,kBACNyC,SAAU,2BACVC,QAAS,sBACTC,UAAW,yBACXC,6BAA8B,2CApEnBpD,EAsEG,CACdqD,WAAY,mCACZC,WAAY,mCACZC,WAAY,mCACZC,WAAY,mCACZlD,OAAQ,8BACRE,KAAM,4BACN0C,QAAS,8BA7EElD,EA+EO,CAClBC,OAAQ,iCACRG,OAAQ,iCACRC,MAAO,gCACPC,OAAQ,iCACRE,KAAM,+BACN0C,QAAS,gCACTO,OAAQ,iCACRC,OAAQ,kCAvFG1D,EAyFe,CAC1BM,OAAQ,sCACRI,OAAQ,uCA3FGV,EA6FR,CACHiD,SAAU,wBACVU,YAAa,4BACbC,SAAU,wBACVC,QAAS,uBACTC,WAAY,wBACZC,cAAe,4BACfC,KAAM,CACJC,UAAW,qBAEbC,KAAM,CACJD,UAAW,oBACXL,SAAU,+BAzGD5D,EA4GR,CACHI,OAAQ,sBACR+D,YAAa,uBACbC,kBAAmB,8BACnBC,OAAQ,uBACRC,OAAQ,uBACRC,WAAY,0BACZC,UAAW,2BAnHAxE,EAqHH,CACRiD,SAAU,8BAtHCjD,EAwHD,CACVC,OAAQ,6BACRG,OAAQ,6BACRE,OAAQ,6BACR4C,QAAS,2BA5HElD,EA8HP,CACJC,OAAQ,uBACRG,OAAQ,uBACRE,OAAQ,uBACR4C,QAAS,oBACTxC,OAAQ,wBAnIGV,EAqIP,CACJyE,KAAM,qBACNnE,OAAQ,uBACRoE,OAAQ,uBACRC,OAAQ,wBAzIG3E,EA2IN,CACL0E,OAAQ,wBACRC,OAAQ,yBA7IG3E,EA+IN,CACL4E,cAAe,qBACfC,uBAAwB,4BACxBC,oBAAqB,0BAlJV9E,EAoJN,CACLU,OAAQ,wBACRqE,YAAa,wBAtJF/E,EAwJN,CACLgF,WAAY,6BACZC,aAAc,+BACdC,WAAY,6BACZC,OAAQ,yBACRC,SAAU,2BACVC,OAAQ,yBACRC,SAAU,2BACVC,SAAU,2BACVC,SAAU,2BACVC,kBAAmB,oCACnBC,sCAAuC,6CACvCC,aAAc,wBACdC,IAAK,wBACLC,SAAU,6BACVC,QAAS,4BACTC,UAAW,8BACXC,mBAAoB,uCACpBC,YAAa,8BA1KFjG,EA4KR,CACHkG,OAAQ,sBACRC,UAAW,yBACXC,gBAAiB,gCACjBC,MAAO,qBACPC,cAAe,8BACfC,cAAe,+BCvHnB,MAAMC,EAAW,CAACC,EAAcC,KA4WvB,CACLzG,OAzVF,SACE0G,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,mDAGAb,WACGC,GACH,CAAAe,UAAWf,aAAA,EAAAA,EAAgBG,MAC3BA,WAAOa,IAEf,OAAOC,EACLpB,EAAIqB,WAAWC,KAAK/H,EAAcC,OAAQwH,EAAM,CAAE7H,MAAO8G,KACxDzI,GAASA,EAAK+J,MAElB,EAqTC9H,eA5RF,SACEyG,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,qBACAS,MAAM,GAET5I,OAAAC,OAAAD,OAAAC,OAAA,CACGqH,WACGC,IACHe,UAAWf,aAAc,EAAdA,EAAgBG,MAC3BA,WAAOa,EACPK,MAAM,IAEd,OAAOJ,EACLpB,EAAIqB,WAAWC,KAAK/H,EAAcE,eAAgBuH,EAAM,CAAE7H,MAAO8G,KAChEzI,GAASA,EAAK+J,MAElB,EA4OCE,OAzMF,SACEvB,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAe,EACAC,EACAC,EACAhB,EACAC,EACAC,EACAC,EACAc,GAKA,MAAMb,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAkB,QAAQ,EACRjB,mBACAC,UACAC,gBACAC,gBACAe,YACAC,WACAC,UACAb,qBACAc,cAEHjJ,OAAAC,OAAAD,OAAAC,OAAA,CACGqH,WACGC,IACHe,UAAWf,aAAc,EAAdA,EAAgBG,MAC3BA,WAAOa,EACPM,QAAQ,IAEhB,OAAOL,EACLpB,EAAIqB,WAAWC,KAAK/H,EAAcC,OAAQwH,EAAM,CAAE7H,MAAO8G,KACxDzI,GAASA,EAAK+J,MAElB,EAiJCO,YAAa,CACXC,EACAL,EACAC,EACAC,EACAI,EACAH,IAEAT,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcG,YACd,CACEqI,MAAOA,EAAME,KAAKC,IAChB,MAAMC,EACDvJ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAqJ,GACH,CAAAhB,UAAWgB,EAAE5B,QAGf,cADO6B,EAAI7B,MACJ6B,CAAG,IAEZV,QAAQ,EACRC,YACAC,WACAC,UACAI,kBACAH,cAEF,CAAE1I,MAAO8G,KAEVzI,GAASA,IAEdmC,OA1JF,SACEuG,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,mDAGAb,WACGC,GACH,CAAAe,UAAWf,aAAA,EAAAA,EAAgBG,MAC3BA,WAAOa,IAEf,OAAOC,EACLpB,EAAIqB,WAAWC,KAAK/H,EAAcI,OAAQqH,EAAM,CAAE7H,MAAO8G,KACxDzI,GAASA,EAAK+J,MAElB,EA4GC3H,MApGF,SAAesG,EAAiBpI,GAC9B,MAAMkJ,EAAO,CACXd,WA8CF,YA3CsBiB,IAAlBrJ,EAAQmJ,QACVD,EAAKC,MAAQnJ,EAAQmJ,YAEDE,IAAlBrJ,EAAQsI,QACVY,EAAKZ,MAAQtI,EAAQsI,YAEKe,IAAxBrJ,EAAQuI,cACVW,EAAKX,YAAcvI,EAAQuI,kBAEHc,IAAtBrJ,EAAQ8I,YACVI,EAAKJ,UAAY9I,EAAQ8I,gBAEAO,IAAvBrJ,EAAQ+I,aACVG,EAAKH,WAAa/I,EAAQ+I,iBAEDM,IAAvBrJ,EAAQgJ,aACVE,EAAKF,WAAahJ,EAAQgJ,iBAENK,IAAlBrJ,EAAQwI,QACVU,EAAKE,UAAYpJ,EAAQwI,YAECa,IAAxBrJ,EAAQyI,cACVS,EAAKT,YAAczI,EAAQyI,kBAEIY,IAA7BrJ,EAAQ0I,mBACVQ,EAAKR,iBAAmB1I,EAAQ0I,uBAEVW,IAApBrJ,EAAQ2I,UACVO,EAAKP,QAAU3I,EAAQ2I,cAEKU,IAA1BrJ,EAAQ4I,gBACVM,EAAKN,cAAgB5I,EAAQ4I,oBAEDS,IAA1BrJ,EAAQ6I,gBACVK,EAAKL,cAAgB7I,EAAQ6I,oBAELQ,IAAtBrJ,EAAQsK,YACVpB,EAAKoB,UAAYtK,EAAQsK,gBAENjB,IAAjBrJ,EAAQuK,OACVrB,EAAKqB,KAAOvK,EAAQuK,MAGfjB,EACLpB,EAAIqB,WAAWzH,MAAML,EAAcK,MAAOoH,EAAM,CAAE7H,MAAO8G,KACxDzI,GAASA,EAAK+J,MAElB,EAqDC1H,OAASqG,GACPkB,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcM,OAAQ,CAAEqG,WAAW,CAAE/G,MAAO8G,KAOpEqC,eAAiBC,GACfnB,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcM,OAAQ,CAAE0I,UAAU,CAAEpJ,MAAO8G,KAKnEnG,mBAAoB,IAClBsH,EACEpB,EAAIqB,WAAWxH,OAAON,EAAcO,mBAAoB,CAAEX,MAAO8G,KAErElG,KAAOmG,GACLkB,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAcQ,KAAM,CACrCyI,YAAa,CAAEtC,WACf/G,MAAO8G,KAERzI,GAASA,EAAK+J,OAQnBkB,aAAeF,GACbnB,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAcQ,KAAM,CACrCyI,YAAa,CAAED,UACfpJ,MAAO8G,KAERzI,GAASA,EAAK+J,OAOnBmB,WAAaxC,GACXkB,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcS,OAAQ,CAAEkG,WAAW,CAAE/G,MAAO8G,KAQpE0C,mBAAqBJ,GACnBnB,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcS,OAAQ,CAAEuI,UAAU,CAAEpJ,MAAO8G,KAcnEvD,UAAW,CACTkG,EACAtC,EACAuC,EACAC,EACAC,EACAC,EACAxC,EACAyC,EACAC,EACAC,IAEA/B,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcU,OACd,CACE2I,YACA1B,UAAWZ,EACXuC,QACAC,OACAC,gBACAC,eACAxC,mBACAyC,WACAC,SACAC,UAEF,CAAEhK,MAAO8G,KAEVzI,GAASA,EAAKuK,QAEnB7H,gBAAkBkJ,GAChBhC,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcW,gBAETtB,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAuK,GACH,CAAAJ,cAAc,EACdD,eAAe,EACf7B,UAAWkC,EAAU9C,MACrBA,WAAOa,IAET,CAAEhI,MAAO8G,KAEVzI,GAASA,EAAKuK,QAEnB9H,OAASmJ,GACPhC,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcU,OAETrB,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAuK,GACH,CAAAlC,UAAWkC,EAAU9C,MACrBA,WAAOa,IAET,CAAEhI,MAAO8G,KAEVzI,GAASA,EAAKuK,QAanB5H,iBAAkB,CAChB+F,EACAmD,EACAC,IAEAlC,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAcY,iBAAkB,CACjDqI,YAAa,CACXtC,UACAmD,WACAE,kBAAkBD,eAAAA,EAAsBC,kBAAmB,OAAS,QACpEC,cAAcF,eAAAA,EAAsBE,cAAe,OAAS,SAE9DrK,MAAO8G,KAERzI,GAASA,IAEd+E,SAAW2D,GACTkB,EACEpB,EAAIqB,WAAWC,KACb/H,EAAca,aACd,CAAE8F,UAASuD,OAAQ,WACnB,CAAEtK,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBjF,WAAa4D,GACXkB,EACEpB,EAAIqB,WAAWC,KACb/H,EAAca,aACd,CAAE8F,UAASuD,OAAQ,YACnB,CAAEtK,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBlH,cAAe,CAAC6F,EAAiBwD,IAC/BtC,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcc,cACd,CAAE6F,UAASwD,cACX,CAAEvK,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBjH,YAAa,CACX4F,EACAe,EACA0C,IAEAvC,EACEpB,EAAIqB,WAAWC,KACb/H,EAAce,YACd,CAAE4F,UAASe,QAAO2C,SAAUD,GAC5B,CAAExK,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBhH,YAAa,CACX2F,EACAE,EACAuD,IAEAvC,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcgB,YACd,CAAE2F,UAASE,QAAOwD,SAAUD,GAC5B,CAAExK,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnB/G,kBAAmB,CACjB0F,EACAG,EACAO,EACAC,EACAC,IAEAM,EACEpB,EAAIqB,WAAWC,KACb/H,EAAciB,kBACd,CAAE0F,UAASG,cAAaO,YAAWC,aAAYC,cAC/C,CAAE3H,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnB9G,cAAe,CAACyF,EAAiBO,IAC/BW,EACEpB,EAAIqB,WAAWC,KACb/H,EAAckB,cACd,CAAEyF,UAASO,WACX,CAAEtH,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnB7G,sBAAuB,CACrBwF,EACA2D,EACAC,IAEA1C,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcmB,sBACd,CAAEwF,UAAS2D,eAAcC,kBACzB,CAAE3K,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBwC,SAAU,CAAC7D,EAAiBI,IAC1Bc,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcoB,QACd,CAAEuF,UAASgB,UAAWZ,GACtB,CAAEnH,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnByC,SAAU,CAAC9D,EAAiBI,IAC1Bc,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcqB,QACd,CAAEsF,UAASgB,UAAWZ,GACtB,CAAEnH,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnB0C,YAAa,CAAC/D,EAAiBI,IAC7Bc,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcsB,WACd,CAAEqF,UAASgB,UAAWZ,GACtB,CAAEnH,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBtG,UAAW,CAACiF,EAAiBgE,IAC3B9C,EACEpB,EAAIqB,WAAWC,KACb/H,EAAc0B,UACd,CAAEiF,UAASgE,YACX,CAAE/K,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBrG,aAAc,CAACgF,EAAiBgE,IAC9B9C,EACEpB,EAAIqB,WAAWC,KACb/H,EAAc2B,aACd,CAAEgF,UAASgE,YACX,CAAE/K,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnB4C,eAAgB,CACdjE,EACAgE,EACA5D,IAEAc,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcoB,QACd,CAAEuF,UAASgE,WAAUhD,UAAWZ,GAChC,CAAEnH,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnB6C,eAAgB,CACdlE,EACAgE,EACA5D,IAEAc,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcqB,QACd,CAAEsF,UAASgE,WAAUhD,UAAWZ,GAChC,CAAEnH,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnB8C,kBAAmB,CACjBnE,EACAgE,EACA5D,IAEAc,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcsB,WACd,CAAEqF,UAASgE,WAAUhD,UAAWZ,GAChC,CAAEnH,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnB+C,WAAY,CAACpE,EAAiBkC,IAC5BhB,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcwB,WACd,CAAEmF,UAASkC,aACX,CAAEjJ,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBgD,WAAY,CAACrE,EAAiBkC,IAC5BhB,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcuB,WACd,CAAEoF,UAASkC,aACX,CAAEjJ,MAAO8G,KAEVzI,GAASA,EAAK+J,OAEnBiD,cAAe,CAACtE,EAAiBkC,IAC/BhB,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcyB,cACd,CAAEkF,UAASkC,aACX,CAAEjJ,MAAO8G,KAEVzI,GAASA,EAAK+J,OAcnBkD,uBAAwB,CACtBC,EACAxE,EACAyE,IAEAvD,EACEpB,EAAIqB,WAAWC,KACb/H,EAAckC,mBACd,CAAEiJ,iBAAgBxE,UAASyE,gBAC3B,CAAExL,MAAO8G,KAEVzI,GAASA,IAedoN,6BAA8B,CAC5BF,EACAxE,EACA2E,EACAF,IAEAvD,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcmC,yBACd,CAAEgJ,iBAAgBxE,UAAS4E,IAAKD,EAAKF,gBACrC,CAAExL,MAAO8G,KAEVzI,GAASA,IAcduN,iCAAkC,CAChC7E,EACA2E,EACAF,IAEAvD,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcoC,6BACd,CAAEuE,UAAS4E,IAAKD,EAAKF,gBACrB,CAAExL,MAAO8G,KAEVzI,GAASA,IAGdoE,qBAAsB,CACpBsE,EACA8E,EACAC,IAEA7D,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcqC,qBACd,CAAEsE,UAAS8E,eAAcC,WACzB,CAAE9L,MAAO8G,KAEVzI,GAASA,IAGdqE,2BAA4B,CAC1BqE,EACAqB,EAQA2D,EACAC,EACAR,EACAM,IAEA7D,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcsC,2BACd,CAAEqE,UAASqB,OAAM2D,gBAAeC,gBAAeR,eAAcM,WAC7D,CAAE9L,MAAO8G,KAEVzI,GAASA,IAWd4D,qBAAsB,CAAC8E,EAAiBkF,IACtChE,EACEpB,EAAIqB,WAAWC,KACb/H,EAAc6B,qBACd,CAAE8E,UAASkF,YACX,CAAEjM,MAAO8G,KAEVzI,GAASA,IAQd6D,kBAAmB,CAAC6E,EAAiBkF,IACnChE,EACEpB,EAAIqB,WAAWC,KACb/H,EAAc8B,kBACd,CAAE6E,UAASkF,YACX,CAAEjM,MAAO8G,KAEVzI,GAASA,IAWd2D,YAAa,CAAC+E,EAAiBkF,IAC7BhE,EACEpB,EAAIqB,WAAWC,KACb/H,EAAc4B,YACd,CAAE+E,UAASkF,YACX,CAAEjM,MAAO8G,KAEVzI,GAASA,IASd8D,eAAiB4E,GACfkB,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAc+B,eAAgB,CAAE4E,WAAW,CAAE/G,MAAO8G,KACvEzI,GAASA,IASd+D,kBAAoB2E,GAClBkB,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcgC,kBAAmB,CAAE2E,WAAW,CAAE/G,MAAO8G,KAC1EzI,GAASA,IASdgE,eAAiB0E,GACfkB,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAciC,eAAgB,CAAE0E,WAAW,CAAE/G,MAAO8G,KACvEzI,GAASA,IAOdsE,QAAUuJ,GACRjE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcuC,QAASuJ,EAAS,CAAElM,MAAO8G,KAC5DzI,GAASA,MCrgCZ8N,EAAc,CAACtF,EAAcC,KAA4B,CAK7DlE,WAAaxD,GACX6I,EACEpB,EAAIqB,WAAWC,KACb/H,EAAiBwC,WACjB,CACExD,QAEF,CAAEY,MAAO8G,KAQfjE,WAAauJ,GACXnE,EACEpB,EAAIqB,WAAWC,KACb/H,EAAiByC,WACjB,CACEuJ,QAEF,CAAEpM,MAAO8G,KAYfhE,MAAO,CACL1D,EACAiN,EACAD,IAEAnE,EACEpB,EAAIqB,WAAWC,KACb/H,EAAiB0C,MACjB,CACE1D,OACAiN,cACAD,QAEF,CAAEpM,MAAO8G,KAQfwF,aAAcnO,SACZ8J,EACEpB,EAAIqB,WAAWC,KACb/H,EAAiB2C,aACjB,GACA,CACE/C,MAAO8G,KAGVzI,GACCA,EAAKkO,SAASzD,KAAI,EAAG0D,KAAIpN,OAAMiN,cAAaD,WAAY,CACtDI,KACApN,OACAiN,cACAD,aAqBRpJ,eAAgB,IACdiF,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAiB4C,eAAgB,CAAE,EAAE,CAAEhD,MAAO8G,KAwBtE7D,eAAiBwJ,GACfxE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAiB6C,eAAgBwJ,EAAS,CAAEzM,MAAO8G,KAsB3E5D,iBACEuJ,GAEAxE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAiB8C,iBAAkBuJ,EAAS,CAAEzM,MAAO8G,KAM7EhC,OAAQ,IACNmD,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAiB4C,eAAgB,CAAA,EAAI,CAAEhD,MAAO8G,KACjEzI,GAASA,EAAKqO,QAMnB3H,OAAS2H,GACPzE,EACEpB,EAAIqB,WAAWC,KACb/H,EAAiB6C,eACjB,CACEyJ,SAEF,CAAE1M,MAAO8G,OC7KX6F,EAAa,CAAC9F,EAAcC,KAA4B,CAC5DzG,OAAQ,CACNjB,EACAwN,EACAvF,EACAwF,EACAC,IAEA7E,EACEpB,EAAIqB,WAAWC,KACb/H,EAAgBC,OAChB,CAAEjB,OAAMwN,0BAAyBvF,mBAAkBwF,aAAYC,YAC/D,CAAE9M,MAAO8G,KAGfiG,aAAc,CACZP,EACApN,EACAwN,EACAvF,EACAwF,EACAC,IAEA7E,EACEpB,EAAIqB,WAAWC,KACb/H,EAAgBC,OAChB,CAAEmM,KAAIpN,OAAMwN,0BAAyBvF,mBAAkBwF,aAAYC,YACnE,CAAE9M,MAAO8G,KAGftG,OAAQ,CACNgM,EACApN,EACAwN,EACAvF,EACAwF,EACAC,IAEA7E,EACEpB,EAAIqB,WAAWC,KACb/H,EAAgBI,OAChB,CAAEgM,KAAIpN,OAAMwN,0BAAyBvF,mBAAkBwF,aAAYC,YACnE,CAAE9M,MAAO8G,KAGfpG,OAAQ,CAAC8L,EAAYQ,IACnB/E,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAgBM,OAAQ,CAAE8L,KAAIQ,WAAW,CAAEhN,MAAO8G,KAE1ElG,KAAO4L,GACLvE,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAgBQ,KAAM,CACvCyI,YAAa,CAAEmD,MACfxM,MAAO8G,KAERzI,GAASA,IAEdiF,QAAS,IACP2E,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAgBkD,QAAS,CAC1CtD,MAAO8G,KAERzI,GAASA,EAAK4O,UAEnB1J,UAAW,CACT2J,EACAC,EACAP,EACAvF,IAEAY,EACEpB,EAAIqB,WAAWC,KACb/H,EAAgBmD,UAChB,CACEkG,UAAWyD,EACXE,YAAaD,EACbE,8BAA+BT,EAC/BvF,oBAEF,CAAErH,MAAO8G,KAEVzI,GAASA,EAAK4O,UAEnBK,YAAcvC,GACZ9C,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAgBiD,SAAU,CAC3CgG,YAAa,CAAEmD,GAAIzB,GACnB/K,MAAO8G,KAERzI,GAASA,IAEdkP,kBAAmB,CAACxC,EAAkB1H,IACpC4E,EACEpB,EAAIqB,WAAWC,KACb/H,EAAgBiD,SACX5D,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA2D,GAAU,CAAA0H,aACf,CACE/K,MAAO8G,KAIftD,6BAA8B,CAC5BuH,EACAyC,EACAC,EACA3F,EACAY,IAEAT,EACEpB,EAAIqB,WAAWC,KACb/H,EAAgBoD,6BAChB,CAAEuH,WAAU2C,WAAYF,EAAgBC,QAAO3F,QAAOY,cACtD,CACE1I,MAAO8G,KAGVzI,GAASA,MC5HVsP,EAAU,CAAC9G,EAAcC,KAA4B,CACzDtG,OAAQ,CACNoN,EACA/B,EACAgC,IAEA5F,EACEpB,EAAIqB,WAAWC,KACb/H,EAAaI,OACb,CAAEoN,MAAK/B,eAAcgC,mBACrB,CAAE7N,MAAO8G,KAGfvC,YAAa,CACXuJ,EACA/G,EACAgH,EACAlC,EACAmC,EACAH,IAEA5F,EACEpB,EAAIqB,WAAWC,KACb/H,EAAamE,YACb,CAAEuJ,iBAAgB/G,UAASgH,kBAAiBlC,eAAcmC,iBAAgBH,mBAC1E,CAAE7N,MAAO8G,KAGftC,kBAAmB,CACjBoJ,EACA/B,EACAmC,EACAH,IAEA5F,EACEpB,EAAIqB,WAAWC,KACb/H,EAAaoE,kBACb,CAAEoJ,MAAK/B,eAAcmC,iBAAgBH,mBACrC,CAAE7N,MAAO8G,KAGfrC,OAAQ,CAACsC,EAAiByE,IACxBvD,EACEpB,EAAIqB,WAAWC,KACb/H,EAAaqE,OAAMhF,OAAAC,OAAA,CACjBqH,WAAYyE,GACd,CAAExL,MAAO8G,KAGfpC,OAAQ,CACNqC,EACAqB,EACA6F,IAEAhG,EACEpB,EAAIqB,WAAWC,KACb/H,EAAasE,OACXjF,OAAAC,OAAA,CAAAqH,UAASqB,QAAS6F,GACpB,CAAEjO,MAAO8G,KAGfnC,WAAY,CACVoC,EACAqB,EACA6F,IAEAhG,EACEpB,EAAIqB,WAAWC,KACb/H,EAAauE,WACXlF,OAAAC,OAAA,CAAAqH,UAASqB,QAAS6F,GACpB,CAAEjO,MAAO8G,KAGflC,UAAW,CACTiH,EACAmC,EACAH,IAEA5F,EACEpB,EAAIqB,WAAWC,KACb/H,EAAawE,UACb,CAAEiH,eAAcmC,iBAAgBH,mBAChC,CAAE7N,MAAO8G,OChFXoH,EAAiB,CAACrH,EAAcC,KAA4B,CAChEzG,OAAQ,CAACjB,EAAc+O,IACrBlG,EACEpB,EAAIqB,WAAWC,KACb/H,EAAoBC,OACpB,CAAEjB,OAAM+O,eACR,CAAEnO,MAAO8G,KAGftG,OAAQ,CAACpB,EAAcgP,EAAiBD,IACtClG,EACEpB,EAAIqB,WAAWC,KACb/H,EAAoBI,OACpB,CAAEpB,OAAMgP,UAASD,eACjB,CAAEnO,MAAO8G,KAGfpG,OAAStB,GACP6I,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAoBM,OAAQ,CAAEtB,QAAQ,CAAEY,MAAO8G,KAEvExD,QAAS,IACP2E,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAoBkD,QAAS,CAC9CtD,MAAO8G,KAERzI,GAASA,EAAKgQ,gBC1BfC,EAAW,CAACzH,EAAcC,KAA4B,CAC1DzG,OAAQ,CACNjB,EACA+O,EACAI,EACAxD,EACAyD,IAEAvG,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcC,OACd,CAAEjB,OAAM+O,cAAaI,kBAAiBxD,WAAU0D,QAASD,GACzD,CAAExO,MAAO8G,KAGftG,OAAQ,CACNpB,EACAgP,EACAD,EACAI,EACAxD,EACAyD,IAEAvG,EACEpB,EAAIqB,WAAWC,KACb/H,EAAcI,OACd,CAAEpB,OAAMgP,UAASD,cAAaI,kBAAiBxD,WAAU0D,QAASD,GAClE,CAAExO,MAAO8G,KAGfpG,OAAQ,CAACtB,EAAc2L,IACrB9C,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcM,OAAQ,CAAEtB,OAAM2L,YAAY,CAAE/K,MAAO8G,KAE3ExD,QAAS,IACP2E,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAckD,QAAS,CACxCtD,MAAO8G,KAERzI,GAASA,EAAK8I,QAEnBrG,OAASnC,GACPsJ,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcU,OAAQnC,EAAS,CACjDqB,MAAO8G,KAERzI,GAASA,EAAK8I,UClDfuH,EAAY,CAAC7H,EAAcC,KAA4B,CAM3D9B,cAAgB+F,GACd9C,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAe4E,cAAe,CAAE+F,YAAY,CAAE/K,MAAO8G,KAU7E7B,uBAAwB,CACtB8F,EACAmB,EACAyC,IAEA1G,EACEpB,EAAIqB,WAAWC,KACb/H,EAAe6E,uBACf,CAAE8F,WAAU4D,WAAUzC,WACtB,CAAElM,MAAO8G,KAUf5B,oBAAqB,CAAC6F,EAAkB6D,IACtC3G,EACEpB,EAAIqB,WAAWC,KACb/H,EAAe8E,oBACf,CAAE6F,WAAU6D,WACZ,CAAE5O,MAAO8G,OClCjB,SAAS+H,EAA0BxQ,WACjC,MAAMyQ,EAAgBzQ,EAgBtB,OAfIyQ,EAAc1K,OAChB0K,EAAc1K,KACT3E,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAoP,EAAc1K,MAAI,CACrB2K,iBAAkBD,EAAc1K,KAAK4K,yBAEhCF,EAAc1K,KAAK4K,kBAEN,UAAlBF,EAAcxK,YAAI,IAAA/G,OAAA,EAAAA,EAAE0R,iBACtBH,EAAcxK,KAAK2K,cAAkC,UAAlBH,EAAcxK,YAAI,IAAAxG,OAAA,EAAAA,EAAEmR,cAAcnG,KAAKoG,IACxE,MAAMC,EAAKD,EAGX,OAFAC,EAAGC,SAAWD,EAAGE,KAAKjQ,YACf+P,EAAGE,KACHF,CAAE,KAGNL,CACT,CASA,MAAMQ,EAAkB,CAACzI,EAAcC,KAA4B,CAIjEwG,YAAcvC,GACZ9C,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAaiD,SAAU,CACxCgG,YAAa,CAAE0B,YACf/K,MAAO8G,KAERzI,GAASA,IAEdkR,YAAa,CACXxE,EACA0C,EACAvG,IAEAe,EACEpB,EAAIqB,WAAWC,KACb/H,EAAa2D,YACXtE,OAAAC,OAAAD,OAAAC,OAAA,CAAAqL,YAAc0C,EAAQ,CAAEA,SAAU,CAAE,GAAC,CAAEvG,gBACzC,CAAElH,MAAO8G,KAEVzI,GAASwQ,EAA0BxQ,KAExCmR,eAAgB,CAACzE,EAAkB0C,IACjCxF,EACEpB,EAAIqB,WAAWxH,OAAON,EAAaiD,SAAU,CAC3CgG,2BAAe0B,YAAc0C,EAAQ,CAAEA,SAAU,IACjDzN,MAAO8G,KAMbyG,kBAAmB,CACjBxC,EACA0E,EACAC,EACAC,EACAC,EACAC,IAEA5H,EACEpB,EAAIqB,WAAWC,KACb/H,EAAaiD,SACb,CAAE0H,WAAU0E,SAAQE,WAAUD,UAASE,cAAaC,WACpD,CAAE7P,MAAO8G,KAMfgJ,kBAAmB,CACjB/E,EACAgF,EACAH,EACAC,IAEA5H,EACEpB,EAAIqB,WAAWC,KACb/H,EAAa4D,SACb,CAAE+G,WAAUgF,iBAAgBH,cAAaC,WACzC,CAAE7P,MAAO8G,KAMfkJ,iBAAkB,CAChBjF,EACAkF,EACAlB,IAEA9G,EACEpB,EAAIqB,WAAWC,KACb/H,EAAa6D,QACb,CAAE8G,WAAUkF,eAAclB,oBAC1B,CAAE/O,MAAO8G,KAGfoJ,sBAAuB,CACrBnF,EACA1H,EACAwM,EACApC,KAEA,MAAMqB,EAAqBrP,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA2D,GAAU,CAAA2L,gBAAiB3L,EAAS0L,mBAE/D,cADOD,EAAcC,iBACd9G,EACLpB,EAAIqB,WAAWC,KACb/H,EAAagE,KAAKC,UAAS5E,OAAAC,OAAA,CAEzBqL,WACA1H,SAAUyL,EACVe,WACIpC,EAAQ,CAAEA,SAAU,CAAE,GAE5B,CAAEzN,MAAO8G,IAEZ,EAEHqJ,sBAAuB,CACrBpF,EACA1H,EACA+M,EACAP,EACApC,IAEAxF,EACEpB,EAAIqB,WAAWC,KACb/H,EAAakE,KAAKD,yBAChB0G,WAAU1H,WAAU+M,cAAaP,WAAapC,EAAQ,CAAEA,SAAU,CAAA,GACpE,CAAEzN,MAAO8G,KAGfuJ,wBAAyB,CACvBtF,EACA1H,EACA+M,EACAP,EACApC,IAEAxF,EACEpB,EAAIqB,WAAWC,KACb/H,EAAakE,KAAKN,wBAChB+G,WAAU1H,WAAU+M,cAAaP,WAAapC,EAAQ,CAAEA,SAAU,CAAA,GACpE,CAAEzN,MAAO8G,KAGfwJ,aAAc,CAACvF,EAAkB0C,IAC/BxF,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAa8D,WAAY,CAC1CmF,2BAAe0B,YAAc0C,EAAQ,CAAEA,SAAU,IACjDzN,MAAO8G,KAERzI,GAASwQ,EAA0BxQ,KAExCkS,gBAAkBxF,GAChB9C,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAa+D,cAAe,CAC7CkF,YAAa,CAAE0B,YACf/K,MAAO8G,KAERzI,GAvJP,SAAsCA,GACpC,MAAMyQ,EAAgBzQ,EAAKmS,YACrBxH,EAAM,GAEZ,OADA8F,EAAclR,SAAS6S,GAAYzH,EAAIpK,KAAKiQ,EAA0B4B,MAC/DzH,CACT,CAkJgB0H,CAA6BrS,OC3KvCsS,EAAgB,CAAC9J,EAAcC,KAA4B,CAa/DzG,OAAQ,CACNjB,EACAsO,EACAvG,EACA8F,EACA7D,EACAyC,EACAsC,EACAyC,IAEA3I,EACEpB,EAAIqB,WAAWC,KACb/H,EAAmBC,OACnB,CACEjB,OACAsO,aACA3F,UAAWZ,EACX0J,WAAY5D,EACZ7D,SACAyC,eACAsC,cACAyC,gBAEF,CAAE5Q,MAAO8G,KAQflG,KAAO4L,GACLvE,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAmBQ,KAAM,CAC1CyI,YAAa,CAAEmD,MACfxM,MAAO8G,KAERzI,GAASA,EAAKyS,MAOnBvN,UAAYkG,GACVxB,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAmBU,OAAQ,CAAE2I,aAAa,CAAEzJ,MAAO8G,KACtEzI,GAASA,EAAK0S,OAanBvQ,OAAQ,CACNgM,EACApN,EACA+O,EACAhH,EACA8F,EACApB,EACA+E,IAEA3I,EACEpB,EAAIqB,WAAWC,KACb/H,EAAmBI,OACnB,CACEgM,KACApN,OACA+O,cACApG,UAAWZ,EACX0J,WAAY5D,EACZpB,eACA+E,gBAEF,CAAE5Q,MAAO8G,KAEVzI,GAASA,EAAKyS,MAOnB3N,WAAaqJ,GACXvE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAmB+C,WAAY,CAAEqJ,MAAM,CAAExM,MAAO8G,KAMxE1D,SAAWoJ,GACTvE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAmBgD,SAAU,CAAEoJ,MAAM,CAAExM,MAAO8G,KAMtEpG,OAAS8L,GACPvE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAmBM,OAAQ,CAAE8L,MAAM,CAAExM,MAAO8G,OCjIhEkK,EAAW,CAACnK,EAAcC,KAA4B,CAC1DjC,KAAM,IACJoD,EAAkBpB,EAAIqB,WAAWC,KAAK/H,EAAcyE,KAAM,CAAE,EAAE,CAAE7E,MAAO8G,KACzEpG,OAASuQ,GACPhJ,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAcM,OAAQ,CAAEwM,IAAK+D,GAAW,CAAEjR,MAAO8G,KAEzEhC,OAASoM,GACPjJ,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAc0E,OAAQ,CAAEoM,UAAU,CAAElR,MAAO8G,KAEnE/B,OAAQ,CAACmM,EAAgBC,EAAYC,IACnCnJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAAc2E,OACd,CAAEmM,SAAQC,OAAMC,WAChB,CAAEpR,MAAO8G,OChBXuK,EAAY,CAACxK,EAAcC,KAA4B,CAC3DhC,OAAQ,IACNmD,EAAkBpB,EAAIqB,WAAWC,KAAK/H,EAAe0E,OAAQ,CAAE,EAAE,CAAE9E,MAAO8G,KAC5E/B,OAASuM,GACPrJ,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAe2E,OAAQ,CAAEuM,SAAS,CAAEtR,MAAO8G,OCL/DyK,EAAY,CAAC1K,EAAcC,KAA4B,CAM3DhG,OAAS0Q,IACP,MAAM3J,EAAYpI,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA8R,GAAe,CAAAC,YAAaD,EAAc7C,WAE5D,cADO9G,EAAK8G,SACL1G,EACLpB,EAAIqB,WAAWC,KAAK/H,EAAeU,OAAQ+G,EAAM,CAAE7H,MAAO8G,KACzDzI,GACCA,eAAAA,EAAMqT,OAAO5I,KAAK6I,IAChB,MAAM3I,EACDvJ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAiS,IACHC,SAAUC,WAAWF,EAAEC,UACvBjD,SAAUgD,EAAEF,cAGd,cADOzI,EAAIyI,YACJzI,CAAG,KAEf,EAOH7D,YAAc2M,IACZ,MAAMjK,EAAIpI,OAAAC,OAAA,CAAA,EAAQoS,GAClB,OAAO7J,EACLpB,EAAIqB,WAAWC,KAAK/H,EAAe+E,YAAa0C,EAAM,CAAE7H,MAAO8G,IAChE,ICxBCiL,EAAY,CAAClL,EAAcC,KAA4B,CAU3DkL,WAAY,CAAC1L,EAAqB2L,IAChChK,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAegF,WAAY,CAAEkB,SAAQ2L,WAAW,CAAEjS,MAAO8G,KAOjFoL,aAAc,IACZjK,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAeiF,aAAc,CAAE,EAAE,CAAErF,MAAO8G,KAOlEqL,WAAY,IACVlK,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAekF,WAAY,CAAA,EAAI,CAAEtF,MAAO8G,KAC3DzI,GAASA,EAAKiI,SAWnB8L,cAAe,CACbC,EACAC,EACAC,IAEAtK,EACEpB,EAAIqB,WAAWC,KACb/H,EAAemF,OACf,CAAE8M,YAAWC,UAASC,cACtB,CAAEvS,MAAO8G,KAWf0L,gBAAiB,CAACpT,EAAcmT,IAC9BtK,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAeoF,SAAU,CAAEpG,OAAMmT,cAAc,CAAEvS,MAAO8G,KAWhF2L,uBAAwB,CACtBC,EACAL,EACAC,EACAC,IAEAtK,EACEpB,EAAIqB,WAAWC,KACb/H,EAAeqF,OACf,CAAEiN,qBAAoBL,YAAWC,UAASC,cAC1C,CAAEvS,MAAO8G,KAYf6L,yBAA0B,CACxBvT,EACAiT,EACAE,IAEAtK,EACEpB,EAAIqB,WAAWC,KACb/H,EAAesF,SACf,CAAEtG,OAAMiT,YAAWE,cACnB,CAAEvS,MAAO8G,KASf8L,gBAAkBrM,GAChB0B,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAeuF,SAAU,CAAEY,aAAa,CAAEvG,MAAO8G,KAQzEN,gBAAkBD,GAChB0B,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAewF,SAAU,CAAEW,aAAa,CAAEvG,MAAO8G,KAUzE+L,4BAA8BC,GAC5B7K,EACEpB,EAAIqB,WAAWC,KACb/H,EAAeyF,kBACf,CAAEiN,aACF,CAAE9S,MAAO8G,KAUfiM,oCAAsCD,GACpC7K,EACEpB,EAAIqB,WAAWC,KACb/H,EAAe0F,sCACf,CAAEgN,aACF,CAAE9S,MAAO8G,KASfkM,sBAAwB9F,GACtBjF,EACEpB,EAAIqB,WAAWC,KACb/H,EAAeyF,kBACf,CAAEiN,UAAW5F,GACb,CAAElN,MAAO8G,KASff,aACEkN,GAEAhL,EACEpB,EAAIqB,WAAWC,KACb/H,EAAe2F,aACf,CAAEkN,mBACF,CAAEjT,MAAO8G,KAEVzI,GAASA,EAAK4U,kBAUnBC,aAAc,CACZjN,EACAyM,EACAL,IAEApK,EACEpB,EAAIqB,WAAWC,KACb/H,EAAe4F,IACf,CAAEC,WAAUyM,qBAAoBL,aAChC,CAAErS,MAAO8G,KAEVzI,GAASA,EAAK6H,UASnBiN,kBAAmB,CACjBlN,EACAmN,GAA2B,IAE3BnL,EACEpB,EAAIqB,WAAWC,KACb/H,EAAe6F,SACf,CAAEA,WAAUmN,4BACZ,CAAEpT,MAAO8G,KAEVzI,GAASA,EAAKkI,YASnB8M,iBAAkB,CAChBnN,EACAoN,GAA4B,IAE5BrL,EACEpB,EAAIqB,WAAWC,KACb/H,EAAe8F,QACf,CAAEA,UAASoN,6BACX,CAAEtT,MAAO8G,KAEVzI,GAASA,EAAKkI,YAQnBgN,oBAAsBC,GACpBvL,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAe+F,UAAW,CAAEqN,UAAU,CAAExT,MAAO8G,KAClEzI,GAASA,EAAKkI,YAWnBkN,gCAAiC,CAC/BD,EACAd,EACAL,IAEApK,EACEpB,EAAIqB,WAAWC,KACb/H,EAAegG,mBACf,CAAEoN,SAAQd,qBAAoBL,aAC9B,CAAErS,MAAO8G,KAEVzI,GAASA,EAAKyU,UAAUhK,KAAK7C,IAAsB,CAAEA,iBAS1DI,YAAcqN,GACZzL,EACEpB,EAAIqB,WAAWC,KACb/H,EAAeiG,YACf,CAAEqN,MAAOA,EAAQA,EAAMC,UAAY,GACnC,CAAE3T,MAAO8G,KAEVzI,GAASA,MCxSVuV,EAAqB,CAAC/M,EAAcC,KAA4B,CACpE+M,sBACElV,UAEA,OAAAsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAAwBqD,0CAEnB9E,GAAO,CACVmV,gBAASvW,EAAAoB,EAAQmV,0BAEnB,CAAE9T,MAAO8G,IAEZ,EACHiN,sBACEpV,UAEA,OAAAsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAAwBsD,0CAEnB/E,GAAO,CACVmV,gBAASvW,EAAAoB,EAAQmV,0BAEnB,CAAE9T,MAAO8G,IAEZ,EACHkN,sBACErV,GAEAsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAAwBuD,WAAUlE,OAAAC,OAAA,GAC7Bf,GACL,CAAEqB,MAAO8G,KAGfmN,sBACEtV,GAEAsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAAwBwD,WAAUnE,OAAAC,OAAA,GAC7Bf,GACL,CAAEqB,MAAO8G,KAGfpG,OAAS8L,GACPvE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAwBM,OAAQ,CAAE8L,MAAM,CAAExM,MAAO8G,KAEzElG,KAAO4L,GACLvE,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAwBQ,KAAM,CAC/CyI,YAAa,CAAEmD,MACfxM,MAAO8G,KAERzI,GAASA,IAEdiF,QAAS,IACP2E,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAwBkD,QAAS,CAClDtD,MAAO8G,KAERzI,GAASA,EAAK6V,SCzEfC,EAAe,CAACtN,EAAcC,KAA4B,CAC9DwG,YAAcvC,GACZ9C,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAAkBiD,SAAU,CAC7CgG,YAAa,CAAE0B,YACf/K,MAAO8G,KAERzI,GAASA,IAEdkP,kBAAmB,CAACxC,EAAkB1H,IACpC4E,EACEpB,EAAIqB,WAAWC,KACb/H,EAAkBiD,SACb5D,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA2D,GAAU,CAAA0H,aACf,CACE/K,MAAO8G,OCTXsN,EAAU,CAACvN,EAAcC,KAA4B,CAQzDkL,WAAa1L,GACX2B,EAAkBpB,EAAIqB,WAAWC,KAAK/H,EAAakG,OAAQA,EAAQ,CAAEtG,MAAO8G,KAM9EoL,aAAc,IACZjK,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAeiF,aAAc,CAAE,EAAE,CAAErF,MAAO8G,KAQlE8L,gBAAkBrM,GAChB0B,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAamG,UAAW,CAAE8N,OAAQ9N,GAAa,CAAEvG,MAAO8G,KAWhFN,gBAAkBD,GAChB0B,EACEpB,EAAIqB,WAAWC,KACb/H,EAAaoG,gBACb,CAAE6N,OAAQ9N,GACV,CAAEvG,MAAO8G,KAafL,MAAQF,GACN0B,EACEpB,EAAIqB,WAAWC,KAAK/H,EAAaqG,MAAO,CAAE4N,OAAQ9N,GAAa,CAAEvG,MAAO8G,KACvEzI,GAASA,EAAKgW,SAOnBC,qBACEC,GAEAtM,EACEpB,EAAIqB,WAAWC,KACb/H,EAAasG,cACb,CAAE6N,uBACF,CAAEvU,MAAO8G,KAEVzI,GAASA,EAAKmW,mBAOnBC,qBAAuBD,GACrBvM,EACEpB,EAAIqB,WAAWC,KACb/H,EAAauG,cACb,CAAE6N,oBACF,CAAExU,MAAO8G,KASf4N,mBAAoB,IAClBzM,EAAkBpB,EAAIqB,WAAWxH,OAAON,EAAamG,UAAW,CAAEvG,MAAO8G,OCvFvE6N,EAAyB,CAAC9N,EAAcC,KAA4B,CACxE8N,kBACEjW,GAEAsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAA4BC,OAAMZ,OAAAC,OAAA,GAE7Bf,GAEL,CAAEqB,MAAO8G,KAGf+N,kBACElW,GAEAsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAA4BI,OAAMf,OAAAC,OAAA,GAC7Bf,GACL,CAAEqB,MAAO8G,KAGfgO,iBACEnW,GAEAsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAA4BK,MAAKhB,OAAAC,OAAA,GAC5Bf,GACL,CAAEqB,MAAO8G,KAGfiO,kBAAoBvI,GAClBvE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAA4BM,OAAQ,CAAE8L,MAAM,CAAExM,MAAO8G,KAE7EkO,gBAAkBxI,GAChBvE,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAA4BQ,KAAM,CACnDyI,YAAa,CAAEmD,MACfxM,MAAO8G,KAERzI,GAASA,IAEd4W,oBAAqB,IACnBhN,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAA4BkD,QAAS,CACtDtD,MAAO8G,KAERzI,GAASA,EAAK6V,OAEnBgB,qBAAuB1I,GACrBvE,EACEpB,EAAIqB,WAAWhJ,IAAIkB,EAA4ByD,OAAQ,CACrDwF,YAAa,CAAEmD,MACfxM,MAAO8G,KAERzI,GAASA,IAEd8W,wBAA0B3I,GACxBvE,EACEpB,EAAIqB,WAAWC,KAAK/H,EAA4B0D,OAAQ,CAAE0I,MAAM,CAAExM,MAAO8G,KAE7EsO,eACEzW,GAEAsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAAoCU,OAAMrB,OAAAC,OAAA,CAAA,EACrCf,GACL,CAAEqB,MAAO8G,KAEVzI,GAASA,EAAKgX,WAEnBC,eAAiB3W,GACfsJ,EACEpB,EAAIqB,WAAWC,KACb/H,EAAoCM,OAAMjB,OAAAC,OAAA,GACrCf,GACL,CAAEqB,MAAO8G,OC1EjB,MAAMyO,EAAWhY,WAAAuJ,cAAEA,EAAa0O,UAAEA,GAASjY,EAAKkY,EAAMhX,EAAAlB,EAArC,+BACf,MAAMmY,EAAUC,EACdlW,OAAAC,OAAAD,OAAAC,OAAA,CAAAkW,MAAAA,GACGH,GAAM,CACTI,YAAWpW,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EACN+V,EAAOI,cACV,qBAAsB,SACtB,8BAAiD,UAAZ,OAAPC,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAAjY,OAAA,EAAAA,EAAAkY,OAAQ,GACzD,wBAAyB,cAIvBC,UAAEA,EAASC,OAAEA,GAAWT,EAExB1E,EAA6C,CAAA,EAgC7CoF,ECrDe,EAACtP,EAAcC,KAA4B,CAChEsB,KAAMxB,EAASC,EAAKC,GACpBsP,QAASjK,EAAYtF,EAAKC,GAC1BuP,UAAW1F,EAAc9J,EAAKC,GAC9BhH,OAAQ6M,EAAW9F,EAAKC,GACxBwP,eAAgB1C,EAAmB/M,EAAKC,GACxCyP,mBAAoB5B,EAAuB9N,EAAKC,GAChD0P,IAAKlH,EAAgBzI,EAAKC,GAC1B8G,IAAKD,EAAQ9G,EAAKC,GAClB2P,WAAYvI,EAAerH,EAAKC,GAChCmF,SAAUkI,EAAatN,EAAKC,GAC5BuI,KAAMf,EAASzH,EAAKC,GACpB4P,MAAOhI,EAAU7H,EAAKC,GACtBqK,KAAMH,EAASnK,EAAKC,GACpBwK,MAAOD,EAAUxK,EAAKC,GACtB6P,MAAOpF,EAAU1K,EAAKC,GACtB8P,MAAO7E,EAAUlL,EAAKC,GACtB+P,IAAKzC,EAAQvN,EAAKC,KDoCCgQ,CAAepB,EAAS5O,GAErCD,iCACD6O,GAAO,CAGVqB,QAAS5Y,MAAO6B,GAAmB0V,EAAQqB,QAAQ/W,GAOnDmW,aAGAhY,aAAa6Y,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMC,MAAM,gCAE9B,GAAInG,EAAKiG,EAAOC,KAAM,OAAOlG,EAAKiG,EAAOC,KAKzC,GAFAxX,OAAOC,OAAOqR,OAnDA5S,WAChB,GAAIqX,EACF,IACE,MAAM2B,EAAYC,KAAKC,MAAM7B,GACvB1E,QAAYwG,EAAUH,GAC5B,MAAO,CACL,CAACA,EAAUF,KAAMnG,EAKpB,CAHC,MAAOyG,GAEP,MADArB,SAAAA,EAAQsB,MAAM,0CAA2CD,GACnD,IAAIL,MAAM,sCAAsCK,IACvD,CAGH,MAGME,SAHoB/B,EAAQxN,WAC/BhJ,IAAI,WAAW+W,KACfyB,MAAMtZ,GAASA,EAAKuZ,UACe5G,KACtC,OAAK9Q,MAAMC,QAAQuX,UACQG,QAAQC,IACjCJ,EAAW3O,KAAI3K,MAAO2S,GAAQ,CAACA,EAAImG,UAAWK,EAAUxG,QAGtCgH,QAClB,CAACC,GAAMd,EAAKe,KAAUf,EAAWxX,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAqY,IAAK,CAACd,EAAIgB,YAAaD,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAyB2BG,KAErBnH,EAAKiG,EAAOC,KAAM,MAAMC,MAAM,gCAEnC,OAAOnG,EAAKiG,EAAOC,IACpB,EAOD9Y,kBAAkByP,SAEhB,MACM5N,SADYmY,EAAUvK,EAAK/G,EAAIuR,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAItY,IACFA,EAAMuY,IAAe,QAAThb,EAAAyC,EAAMuY,WAAG,IAAAhb,OAAA,EAAAA,EAAEib,MAAM,KAAKC,MAC9BzY,EAAMuY,MAAQtC,GAEhB,MAAM,IAAIyC,EAAOC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAE/K,MAAK5N,QACf,EAOD7B,sBAAsBya,GACpB,IAAKA,EAAc,MAAM1B,MAAM,4CAE/B,IAEE,aADoBrQ,EAAIgS,YAAYD,EAMrC,CAJC,MAAOpB,GAGP,MADAtB,SAAAA,EAAQsB,MAAM,4BAA6BA,GACrCN,MAAM,qCAAqCM,IAClD,CACF,EAODrZ,qBAAqB2a,WACnB,IAAKA,EAAc,MAAM5B,MAAM,kDAE/B,UACQrQ,EAAIgS,YAAYC,GACtB,MAAMC,QAAgBlS,EAAIkQ,QAAQ+B,GAClC,GAAIC,EAAQC,GAAI,CAEd,aADoBnS,EAAIgS,YAA0B,QAAdtb,EAAAwb,EAAQ1a,YAAM,IAAAd,OAAA,EAAAA,EAAA0b,WAEnD,CAED,MAAM/B,MAAmB,QAAbpZ,EAAAib,EAAQvB,aAAK,IAAA1Z,OAAA,EAAAA,EAAEob,aAK5B,CAJC,MAAOC,GAGP,MADAjD,SAAAA,EAAQsB,MAAM,kCAAmC2B,GAC3CjC,MAAM,2CAA2CiC,IACxD,CACF,EAQDhb,gCACEya,EACAE,GAEA,IAAKF,IAAiBE,EAAc,MAAM5B,MAAM,6CAEhD,IAEE,aADoBrQ,EAAIuS,gBAAgBR,EAKzC,CAHC,MAAOpB,GAEPtB,SAAAA,EAAQmD,IAAI,wCAAwC7B,2BACrD,CAED,OAAO3Q,EAAIyS,eAAeR,EAC3B,EAQD3a,wBACEkY,EACA7K,SAEA,IAAK6K,EAAW,MAAMa,MAAM,gCAE5B,IAAI9Y,EACJ,IACEA,QAAayI,EAAIwP,UAAUkD,SAASlD,EAAW7K,EAIhD,CAHC,MAAOgM,GAEP,MADAtB,SAAAA,EAAQsB,MAAM,gCAAiCA,GACzCN,MAAM,8DAA8DM,IAC3E,CAED,IAAKpZ,EAAK4a,GAER,MADA9C,SAAAA,EAAQsB,MAAM,gCAAiCpZ,EAAKoZ,OAC9CN,MAAM,mCAA+C,QAAZ3Z,EAAAa,EAAKoZ,aAAO,IAAAja,OAAA,EAAAA,EAAA2b,gBAG7D,MAAMD,WAAEA,GAAe7a,EAAKC,KAC5B,IAAK4a,EAEH,MADA/C,SAAAA,EAAQsB,MAAM,gDACRN,MAAM,iCAGd,IAEE,aADoBrQ,EAAIgS,YAAYI,EAKrC,CAHC,MAAOzB,GAEP,MADAtB,SAAAA,EAAQsB,MAAM,sCAAuCA,GAC/CN,MAAM,kEAAkEM,IAC/E,CACF,EAQDgC,oBAAmB,CAAC5Z,EAA8ByO,IACzCxH,EAAI4S,0BAA0B7Z,EAAU,GAAIyO,GASrDqL,sBAAqB,CAAC9Z,EAA8ByO,IAC3CxH,EAAI8S,4BAA4B/Z,EAAU,GAAIyO,GAUvDoL,0BACE7Z,EACAE,EACAuO,GAGA,GAAIvO,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAM8Z,EAAUja,EAA2BC,EnBnQb,cmBmQ6CE,GAC3E,OAAOuO,EAAYwL,OAAOC,GAASF,EAAQG,SAASD,IACrD,EASDH,4BACE/Z,EACAE,EACAuO,GAEA,GAAIvO,IAAWK,EAA2BP,EAAUE,GAAS,MAAO,GAEpE,MAAM8Z,EAAUja,EAA2BC,EnBrRb,cmBqR6CE,GAC3E,OAAOuO,EAAY2L,QAAQF,GAASF,EAAQG,SAASD,IACtD,EAQDG,cAAa,CAACra,EAA8BuH,IACnCN,EAAIqT,oBAAoBta,EAAU,GAAIuH,GAS/CgT,gBAAe,CAACva,EAA8BuH,IACrCN,EAAIuT,sBAAsBxa,EAAU,GAAIuH,GAUjD+S,oBAAoBta,EAA8BE,EAAgBqH,GAEhE,GAAIrH,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAMua,EAAa1a,EAA2BC,EnBtTtB,QmBsTgDE,GACxE,OAAOqH,EAAM0S,OAAOxK,GAASgL,EAAWN,SAAS1K,IAClD,EASD+K,sBAAsBxa,EAA8BE,EAAgBqH,GAClE,GAAIrH,IAAWK,EAA2BP,EAAUE,GAAS,MAAO,GAEpE,MAAMua,EAAa1a,EAA2BC,EnBpUtB,QmBoUgDE,GACxE,OAAOqH,EAAM6S,QAAQ3K,GAASgL,EAAWN,SAAS1K,IACnD,IAGH,OAAOiL,EACLzT,EACA,CACE,mBACA,iBACA,mBACA,sBACA,mBACA,uBACA,uBACA,iBACA,gBACA,cACA,yBACA,yBACA,WAEF5I,EACD,EAoBHsX,EAAQgF,uBnBvX8B,MmBwXtChF,EAAQiF,uBnBtX8B,KmBuXtCjF,EAAQkF,cEzXO,CACbC,WAAY,UACZC,iBAAkB,UAClBC,eAAgB,UAChBC,iBAAkB,UAClBC,aAAc,UACdC,mBAAoB,UACpBC,qBAAsB,UACtBC,aAAc"}
1	+ {"version":3,"file":"index.esm.js","sources":["../lib/fetch-polyfill.ts","../lib/helpers.ts","../lib/constants.ts","../lib/management/paths.ts","../lib/management/helpers.ts","../lib/management/user.ts","../lib/management/project.ts","../lib/management/tenant.ts","../lib/management/jwt.ts","../lib/management/permission.ts","../lib/management/role.ts","../lib/management/group.ts","../lib/management/sso.ts","../lib/management/accesskey.ts","../lib/management/flow.ts","../lib/management/theme.ts","../lib/management/audit.ts","../lib/management/authz.ts","../lib/management/ssoapplication.ts","../lib/management/password.ts","../lib/management/fga.ts","../lib/management/inboundapplication.ts","../lib/management/outboundapplication.ts","../lib/index.ts","../lib/management/index.ts","../lib/errors.ts"],"sourcesContent":["import { fetch as crossFetch, Headers } from 'cross-fetch';\n\nglobalThis.Headers ??= Headers;\n\nconst highWaterMarkMb = 1024 * 1024 * 30; // 30MB\n\n// we are increasing the response buffer size due to an issue where node-fetch hangs when response is too big\nconst patchedFetch = (...args: Parameters<typeof crossFetch>) => {\n // we can get Request on the first arg, or RequestInfo on the second arg\n // we want to make sure we are setting the \"highWaterMark\" so we are doing it on both args\n args.forEach((arg) => {\n // Updated to only apply highWaterMark to objects, as it can't be applied to strings (it breaks it)\n if (arg && typeof arg === 'object') {\n // eslint-disable-next-line no-param-reassign, @typescript-eslint/no-unused-expressions\n (arg as any).highWaterMark ??= highWaterMarkMb;\n }\n });\n\n return crossFetch(...args);\n};\n\nexport default patchedFetch as unknown as typeof fetch;\n","import type { SdkFnWrapper } from '@descope/core-js-sdk';\nimport { authorizedTenantsClaimName, refreshTokenCookieName } from './constants';\nimport { AuthenticationInfo } from './types';\n\n/*\n Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n /\nconst generateCookie = (name: string, value: string, options?: Record<string, string \| number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain \|\| ''}; Max-Age=${\n options?.cookieMaxAge \|\| ''\n }; Path=${options?.cookiePath \|\| '/'}; HttpOnly; SameSite=Strict`;\n\n/\n Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n /\nexport const getCookieValue = (cookie: string \| null \| undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^\|;\\\\s)${name}=([^;])`));\n return match ? match[1] : null;\n};\n\n/\n Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n /\nexport const withCookie: SdkFnWrapper<{ refreshJwt?: string; cookies?: string[] }> =\n (fn) =>\n async (...args) => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { refreshJwt, ...rest } = resp.data;\n const cookies: string[] = [];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/\n Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns the claim for the given tenant or top level if tenant is empty\n /\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n\n/\n Check if the user is associated with the given tenant\n * @param authInfo The parsed authentication info from the JWT\n * @param tenant tenant to check if user is associated with\n * @returns true if user is associated with the tenant\n /\nexport function isUserAssociatedWithTenant(authInfo: AuthenticationInfo, tenant: string): boolean {\n return !!authInfo.token[authorizedTenantsClaimName]?.[tenant];\n}\n","/* Refresh JWT cookie name /\nexport const refreshTokenCookieName = 'DSR';\n/* Session JWT cookie name /\nexport const sessionTokenCookieName = 'DS';\n/* The key of the tenants claims in the claims map /\nexport const authorizedTenantsClaimName = 'tenants';\n/* The key of the permissions claims in the claims map either under tenant or top level /\nexport const permissionsClaimName = 'permissions';\n/* The key of the roles claims in the claims map either under tenant or top level /\nexport const rolesClaimName = 'roles';\n","/* API paths for the Descope service Management APIs /\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n createTestUser: '/v1/mgmt/user/create/test',\n createBatch: '/v1/mgmt/user/create/batch',\n update: '/v1/mgmt/user/update',\n patch: '/v1/mgmt/user/patch',\n delete: '/v1/mgmt/user/delete',\n deleteAllTestUsers: '/v1/mgmt/user/test/delete/all',\n load: '/v1/mgmt/user',\n logout: '/v1/mgmt/user/logout',\n search: '/v2/mgmt/user/search',\n searchTestUsers: '/v2/mgmt/user/search/test',\n getProviderToken: '/v1/mgmt/user/provider/token',\n updateStatus: '/v1/mgmt/user/update/status',\n updateLoginId: '/v1/mgmt/user/update/loginid',\n updateEmail: '/v1/mgmt/user/update/email',\n updatePhone: '/v1/mgmt/user/update/phone',\n updateDisplayName: '/v1/mgmt/user/update/name',\n updatePicture: '/v1/mgmt/user/update/picture',\n updateCustomAttribute: '/v1/mgmt/user/update/customAttribute',\n setRole: '/v1/mgmt/user/update/role/set',\n addRole: '/v2/mgmt/user/update/role/add',\n removeRole: '/v1/mgmt/user/update/role/remove',\n setSSOApps: '/v1/mgmt/user/update/ssoapp/set',\n addSSOApps: '/v1/mgmt/user/update/ssoapp/add',\n removeSSOApps: '/v1/mgmt/user/update/ssoapp/remove',\n addTenant: '/v1/mgmt/user/update/tenant/add',\n removeTenant: '/v1/mgmt/user/update/tenant/remove',\n setPassword: '/v1/mgmt/user/password/set', // Deprecated\n setTemporaryPassword: '/v1/mgmt/user/password/set/temporary',\n setActivePassword: '/v1/mgmt/user/password/set/active',\n expirePassword: '/v1/mgmt/user/password/expire',\n removeAllPasskeys: '/v1/mgmt/user/passkeys/delete',\n removeTOTPSeed: '/v1/mgmt/user/totp/delete',\n generateOTPForTest: '/v1/mgmt/tests/generate/otp',\n generateMagicLinkForTest: '/v1/mgmt/tests/generate/magiclink',\n generateEnchantedLinkForTest: '/v1/mgmt/tests/generate/enchantedlink',\n generateEmbeddedLink: '/v1/mgmt/user/signin/embeddedlink',\n generateSignUpEmbeddedLink: '/v1/mgmt/user/signup/embeddedlink',\n history: '/v1/mgmt/user/history',\n },\n project: {\n updateName: '/v1/mgmt/project/update/name',\n updateTags: '/v1/mgmt/project/update/tags',\n clone: '/v1/mgmt/project/clone',\n projectsList: '/v1/mgmt/projects/list',\n exportSnapshot: '/v1/mgmt/project/snapshot/export',\n importSnapshot: '/v1/mgmt/project/snapshot/import',\n validateSnapshot: '/v1/mgmt/project/snapshot/validate',\n },\n accessKey: {\n create: '/v1/mgmt/accesskey/create',\n load: '/v1/mgmt/accesskey',\n search: '/v1/mgmt/accesskey/search',\n update: '/v1/mgmt/accesskey/update',\n deactivate: '/v1/mgmt/accesskey/deactivate',\n activate: '/v1/mgmt/accesskey/activate',\n delete: '/v1/mgmt/accesskey/delete',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n load: '/v1/mgmt/tenant',\n settings: '/v1/mgmt/tenant/settings',\n loadAll: '/v1/mgmt/tenant/all',\n searchAll: '/v1/mgmt/tenant/search',\n generateSSOConfigurationLink: '/v2/mgmt/tenant/adminlinks/sso/generate',\n },\n ssoApplication: {\n oidcCreate: '/v1/mgmt/sso/idp/app/oidc/create',\n samlCreate: '/v1/mgmt/sso/idp/app/saml/create',\n oidcUpdate: '/v1/mgmt/sso/idp/app/oidc/update',\n samlUpdate: '/v1/mgmt/sso/idp/app/saml/update',\n delete: '/v1/mgmt/sso/idp/app/delete',\n load: '/v1/mgmt/sso/idp/app/load',\n loadAll: '/v1/mgmt/sso/idp/apps/load',\n },\n inboundApplication: {\n create: '/v1/mgmt/thirdparty/app/create',\n update: '/v1/mgmt/thirdparty/app/update',\n patch: '/v1/mgmt/thirdparty/app/patch',\n delete: '/v1/mgmt/thirdparty/app/delete',\n load: '/v1/mgmt/thirdparty/app/load',\n loadAll: '/v1/mgmt/thirdparty/apps/load',\n secret: '/v1/mgmt/thirdparty/app/secret',\n rotate: '/v1/mgmt/thirdparty/app/rotate',\n },\n inboundApplicationConsents: {\n delete: '/v1/mgmt/thirdparty/consents/delete',\n search: '/v1/mgmt/thirdparty/consents/search',\n },\n outboundApplication: {\n create: '/v1/mgmt/outbound/app/create',\n update: '/v1/mgmt/outbound/app/update',\n delete: '/v1/mgmt/outbound/app/delete',\n load: '/v1/mgmt/outbound/app',\n loadAll: '/v1/mgmt/outbound/apps',\n fetchToken: '/v1/mgmt/outbound/app/user/token/latest',\n fetchTokenByScopes: '/v1/mgmt/outbound/app/user/token',\n fetchTenantToken: '/v1/mgmt/outbound/app/tenant/token/latest',\n fetchTenantTokenByScopes: '/v1/mgmt/outbound/app/tenant/token',\n },\n sso: {\n settings: '/v1/mgmt/sso/settings',\n settingsNew: '/v1/mgmt/sso/settings/new',\n metadata: '/v1/mgmt/sso/metadata',\n mapping: '/v1/mgmt/sso/mapping',\n settingsv2: '/v2/mgmt/sso/settings',\n settingsAllV2: '/v2/mgmt/sso/settings/all',\n oidc: {\n configure: '/v1/mgmt/sso/oidc',\n },\n saml: {\n configure: '/v1/mgmt/sso/saml',\n metadata: '/v1/mgmt/sso/saml/metadata',\n },\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n impersonate: '/v1/mgmt/impersonate',\n stopImpersonation: '/v1/mgmt/stop/impersonation',\n signIn: '/v1/mgmt/auth/signin',\n signUp: '/v1/mgmt/auth/signup',\n signUpOrIn: '/v1/mgmt/auth/signup-in',\n anonymous: '/v1/mgmt/auth/anonymous',\n },\n password: {\n settings: '/v1/mgmt/password/settings',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n search: '/v1/mgmt/role/search',\n },\n flow: {\n list: '/v1/mgmt/flow/list',\n delete: '/v1/mgmt/flow/delete',\n export: '/v1/mgmt/flow/export',\n import: '/v1/mgmt/flow/import',\n run: '/v1/mgmt/flow/run',\n },\n theme: {\n export: '/v1/mgmt/theme/export',\n import: '/v1/mgmt/theme/import',\n },\n group: {\n loadAllGroups: '/v1/mgmt/group/all',\n loadAllGroupsForMember: '/v1/mgmt/group/member/all',\n loadAllGroupMembers: '/v1/mgmt/group/members',\n },\n audit: {\n search: '/v1/mgmt/audit/search',\n createEvent: '/v1/mgmt/audit/event',\n },\n authz: {\n schemaSave: '/v1/mgmt/authz/schema/save',\n schemaDelete: '/v1/mgmt/authz/schema/delete',\n schemaLoad: '/v1/mgmt/authz/schema/load',\n nsSave: '/v1/mgmt/authz/ns/save',\n nsDelete: '/v1/mgmt/authz/ns/delete',\n rdSave: '/v1/mgmt/authz/rd/save',\n rdDelete: '/v1/mgmt/authz/rd/delete',\n reCreate: '/v1/mgmt/authz/re/create',\n reDelete: '/v1/mgmt/authz/re/delete',\n reDeleteResources: '/v1/mgmt/authz/re/deleteresources',\n reDeleteResourceRelationsForResources: '/v1/mgmt/authz/re/deleteresourcesrelations',\n hasRelations: '/v1/mgmt/authz/re/has',\n who: '/v1/mgmt/authz/re/who',\n resource: '/v1/mgmt/authz/re/resource',\n targets: '/v1/mgmt/authz/re/targets',\n targetAll: '/v1/mgmt/authz/re/targetall',\n targetWithRelation: '/v1/mgmt/authz/re/targetwithrelation',\n getModified: '/v1/mgmt/authz/getmodified',\n },\n fga: {\n schema: '/v1/mgmt/fga/schema',\n relations: '/v1/mgmt/fga/relations',\n deleteRelations: '/v1/mgmt/fga/relations/delete',\n check: '/v1/mgmt/fga/check',\n resourcesLoad: '/v1/mgmt/fga/resources/load',\n resourcesSave: '/v1/mgmt/fga/resources/save',\n },\n};\n","/ eslint-disable import/prefer-default-export /\nimport { User } from './types';\n\n/\n Transforms user objects by converting roles to roleNames\n /\nexport function transformUsersForBatch(users: User[]): any[] {\n return users.map(({ roles, ...user }) => ({\n ...user,\n roleNames: roles,\n }));\n}\n","import {\n SdkResponse,\n transformResponse,\n UserHistoryResponse,\n UserResponse,\n LoginOptions,\n} from '@descope/core-js-sdk';\nimport {\n ProviderTokenResponse,\n AssociatedTenant,\n GenerateEnchantedLinkForTestResponse,\n GenerateMagicLinkForTestResponse,\n GenerateOTPForTestResponse,\n GenerateEmbeddedLinkResponse,\n AttributesTypes,\n UserStatus,\n User,\n CreateOrInviteBatchResponse,\n TemplateOptions,\n ProviderTokenOptions,\n UserOptions,\n} from './types';\nimport { CoreSdk, DeliveryMethodForTestUser } from '../types';\nimport apiPaths from './paths';\nimport { transformUsersForBatch } from './helpers';\n\ntype SearchSort = {\n field: string;\n desc?: boolean;\n};\n\ntype SearchRequest = {\n page?: number;\n limit?: number;\n sort?: SearchSort[];\n text?: string;\n emails?: string[];\n phones?: string[];\n statuses?: UserStatus[];\n roles?: string[];\n tenantIds?: string[];\n customAttributes?: Record<string, AttributesTypes>;\n withTestUser?: boolean;\n testUsersOnly?: boolean;\n ssoAppIds?: string[];\n loginIds?: string[];\n userIds?: string[];\n fromCreatedTime?: number; // Search users created after this time (epoch in milliseconds)\n toCreatedTime?: number; // Search users created before this time (epoch in milliseconds)\n fromModifiedTime?: number; // Search users modified after this time (epoch in milliseconds)\n toModifiedTime?: number; // Search users modified before this time (epoch in milliseconds)\n tenantRoleIds?: Record<string, string[]>; // Search users based on tenants and role IDs\n tenantRoleNames?: Record<string, string[]>; // Search users based on tenants and role names\n};\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nfunction mapToValuesObject(\n input: Record<string, string[]> \| undefined,\n): Record<string, { values: string[] }> \| undefined {\n if (!input \|\| Object.keys(input).length === 0) {\n return undefined;\n }\n return Object.fromEntries(\n Object.entries(input).map(([key, value]) => [key, { values: value }]),\n ) as Record<string, { values: string[] }>;\n}\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => {\n / Create User /\n function create(loginId: string, options?: UserOptions): Promise<SdkResponse<UserResponse>>;\n function create(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function create(\n loginId: string,\n emailOrOptions?: string \| UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of create user\n // 1. The new form - create(loginId, { email, phone, ... }})\n // 2. The old form - create(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n / Create User End /\n\n / Create Test User /\n function createTestUser(\n loginId: string,\n options?: UserOptions,\n ): Promise<SdkResponse<UserResponse>>;\n function createTestUser(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function createTestUser(\n loginId: string,\n emailOrOptions?: string \| UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of create test user\n // 1. The new form - createTestUser(loginId, { email, phone, ... }})\n // 2. The old form - createTestUser(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n test: true,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n test: true,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.createTestUser, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n / Create Test User End /\n\n / Invite User /\n function invite(\n loginId: string,\n options?: UserOptions & {\n inviteUrl?: string;\n sendMail?: boolean; // send invite via mail, default is according to project settings\n sendSMS?: boolean; // send invite via text message, default is according to project settings\n templateOptions?: TemplateOptions;\n templateId?: string;\n },\n ): Promise<SdkResponse<UserResponse>>;\n function invite(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n templateId?: string,\n ): Promise<SdkResponse<UserResponse>>;\n\n function invite(\n loginId: string,\n emailOrOptions?: string \| UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n templateId?: string,\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of invite user\n // 1. The new form - invite(loginId, { email, phone, ... }})\n // 2. The old form - invite(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n invite: true,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n inviteUrl,\n sendMail,\n sendSMS,\n additionalLoginIds,\n templateId,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n invite: true,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n / Invite User End /\n\n / Update User /\n function update(loginId: string, options?: UserOptions): Promise<SdkResponse<UserResponse>>;\n function update(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function update(\n loginId: string,\n emailOrOptions?: string \| UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of update user\n // 1. The new form - update(loginId, { email, phone, ... }})\n // 2. The old form - update(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.update, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n / Update User End /\n\n /\n Patches an existing user.\n * @param loginId The login ID of the user\n * @param options The fields to update. Only the provided ones will be updated.\n /\n function patch(loginId: string, options: PatchUserOptions): Promise<SdkResponse<UserResponse>> {\n const body = {\n loginId,\n } as any;\n\n if (options.email !== undefined) {\n body.email = options.email;\n }\n if (options.phone !== undefined) {\n body.phone = options.phone;\n }\n if (options.displayName !== undefined) {\n body.displayName = options.displayName;\n }\n if (options.givenName !== undefined) {\n body.givenName = options.givenName;\n }\n if (options.middleName !== undefined) {\n body.middleName = options.middleName;\n }\n if (options.familyName !== undefined) {\n body.familyName = options.familyName;\n }\n if (options.roles !== undefined) {\n body.roleNames = options.roles;\n }\n if (options.userTenants !== undefined) {\n body.userTenants = options.userTenants;\n }\n if (options.customAttributes !== undefined) {\n body.customAttributes = options.customAttributes;\n }\n if (options.picture !== undefined) {\n body.picture = options.picture;\n }\n if (options.verifiedEmail !== undefined) {\n body.verifiedEmail = options.verifiedEmail;\n }\n if (options.verifiedPhone !== undefined) {\n body.verifiedPhone = options.verifiedPhone;\n }\n if (options.ssoAppIds !== undefined) {\n body.ssoAppIds = options.ssoAppIds;\n }\n if (options.scim !== undefined) {\n body.scim = options.scim;\n }\n\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.patch(apiPaths.user.patch, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n\n return {\n create,\n /\n Create a new test user.\n * The loginID is required and will determine what the user will use to sign in.\n * Make sure the login id is unique for test. All other fields are optional.\n \n You can later generate OTP, Magic link and enchanted link to use in the test without the need\n * of 3rd party messaging services.\n * Those users are not counted as part of the monthly active users\n * @returns The UserResponse if found, throws otherwise.\n /\n createTestUser,\n invite,\n inviteBatch: (\n users: User[],\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n templateOptions?: TemplateOptions,\n templateId?: string,\n ): Promise<SdkResponse<CreateOrInviteBatchResponse>> =>\n transformResponse<CreateOrInviteBatchResponse, CreateOrInviteBatchResponse>(\n sdk.httpClient.post(\n apiPaths.user.createBatch,\n {\n users: transformUsersForBatch(users),\n invite: true,\n inviteUrl,\n sendMail,\n sendSMS,\n templateOptions,\n templateId,\n },\n { token: managementKey },\n ),\n (data) => data,\n ),\n createBatch: (users: User[]): Promise<SdkResponse<CreateOrInviteBatchResponse>> =>\n transformResponse<CreateOrInviteBatchResponse, CreateOrInviteBatchResponse>(\n sdk.httpClient.post(\n apiPaths.user.createBatch,\n {\n users: transformUsersForBatch(users),\n },\n { token: managementKey },\n ),\n (data) => data,\n ),\n update,\n patch,\n /\n Delete an existing user.\n * @param loginId The login ID of the user\n /\n delete: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { loginId }, { token: managementKey }),\n ),\n /\n Delete an existing user by User ID.\n * @param userId The user ID can be found in the Subject (`sub`) claim\n * in the user's JWT.\n /\n deleteByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { userId }, { token: managementKey }),\n ),\n /\n Delete all test users in the project.\n /\n deleteAllTestUsers: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.user.deleteAllTestUsers, { token: managementKey }),\n ),\n load: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { loginId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Load an existing user by user ID. The ID can be found\n * on the user's JWT.\n * @param userId load a user by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n /\n loadByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { userId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /\n Logout a user from all devices by the login ID\n * @param loginId logout user by login ID\n * @returns The UserResponse if found, throws otherwise.\n /\n logoutUser: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.logout, { loginId }, { token: managementKey }),\n ),\n /\n Logout a user from all devices by user ID. The ID can be found\n * on the user's JWT.\n * @param userId Logout a user from all devices by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n /\n logoutUserByUserId: (userId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.logout, { userId }, { token: managementKey }),\n ),\n /\n Search all users. Results can be filtered according to tenants and/or\n * roles, and also paginated used the limit and page parameters.\n * @deprecated Use search instead\n * @param tenantIds optional list of tenant IDs to filter by\n * @param roles optional list of roles to filter by\n * @param limit optionally limit the response, leave out for default limit\n * @param page optionally paginate over the response\n * @param testUsersOnly optionally filter only test users\n * @param withTestUser optionally include test users in search\n * @returns An array of UserResponse found by the query\n /\n searchAll: (\n tenantIds?: string[],\n roles?: string[],\n limit?: number,\n page?: number,\n testUsersOnly?: boolean,\n withTestUser?: boolean,\n customAttributes?: Record<string, AttributesTypes>,\n statuses?: UserStatus[],\n emails?: string[],\n phones?: string[],\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n {\n tenantIds,\n roleNames: roles,\n limit,\n page,\n testUsersOnly,\n withTestUser,\n customAttributes,\n statuses,\n emails,\n phones,\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n searchTestUsers: (searchReq: SearchRequest): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.searchTestUsers,\n {\n ...searchReq,\n withTestUser: true,\n testUsersOnly: true,\n roleNames: searchReq.roles,\n roles: undefined,\n tenantRoleIds: mapToValuesObject(searchReq.tenantRoleIds),\n tenantRoleNames: mapToValuesObject(searchReq.tenantRoleNames),\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n search: (searchReq: SearchRequest): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n {\n ...searchReq,\n roleNames: searchReq.roles,\n roles: undefined,\n tenantRoleIds: mapToValuesObject(searchReq.tenantRoleIds),\n tenantRoleNames: mapToValuesObject(searchReq.tenantRoleNames),\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /\n Get the provider token for the given login ID.\n * Only users that logged-in using social providers will have token.\n * Note: The 'Manage tokens from provider' setting must be enabled.\n * @param loginId the login ID of the user\n * @param provider the provider name (google, facebook, etc.).\n * @param providerTokenOptions optional, includes options for getting the provider token:\n * withRefreshToken - include the refresh token in the response\n * forceRefresh - force to refresh the token\n * @returns The ProviderTokenResponse of the given user and provider\n /\n getProviderToken: (\n loginId: string,\n provider: string,\n providerTokenOptions?: ProviderTokenOptions,\n ): Promise<SdkResponse<ProviderTokenResponse>> =>\n transformResponse<ProviderTokenResponse>(\n sdk.httpClient.get(apiPaths.user.getProviderToken, {\n queryParams: {\n loginId,\n provider,\n withRefreshToken: providerTokenOptions?.withRefreshToken ? 'true' : 'false',\n forceRefresh: providerTokenOptions?.forceRefresh ? 'true' : 'false',\n },\n token: managementKey,\n }),\n (data) => data,\n ),\n activate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'enabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n deactivate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'disabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateLoginId: (loginId: string, newLoginId?: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateLoginId,\n { loginId, newLoginId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateEmail: (\n loginId: string,\n email: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateEmail,\n { loginId, email, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePhone: (\n loginId: string,\n phone: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePhone,\n { loginId, phone, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateDisplayName: (\n loginId: string,\n displayName?: string,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateDisplayName,\n { loginId, displayName, givenName, middleName, familyName },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePicture: (loginId: string, picture: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePicture,\n { loginId, picture },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateCustomAttribute: (\n loginId: string,\n attributeKey: string,\n attributeValue: AttributesTypes,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateCustomAttribute,\n { loginId, attributeKey, attributeValue },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n\n /\n Generate OTP for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * Returns the code for the login (exactly as it sent via Email, SMS, Voice call or WhatsApp)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateOTPForTestResponse which includes the loginId and the OTP code\n /\n generateOTPForTestUser: (\n deliveryMethod: DeliveryMethodForTestUser,\n loginId: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateOTPForTestResponse>> =>\n transformResponse<GenerateOTPForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateOTPForTest,\n { deliveryMethod, loginId, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Magic Link for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * It returns the link for the login (exactly as it sent via Email)\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateMagicLinkForTestResponse which includes the loginId and the magic link\n /\n generateMagicLinkForTestUser: (\n deliveryMethod: DeliveryMethodForTestUser,\n loginId: string,\n uri: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateMagicLinkForTestResponse>> =>\n transformResponse<GenerateMagicLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateMagicLinkForTest,\n { deliveryMethod, loginId, URI: uri, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Generate Enchanted Link for the given login ID of a test user.\n * It returns the link for the login (exactly as it sent via Email)\n * and pendingRef which is used to poll for a valid session\n * This is useful when running tests and don't want to use 3rd party messaging services\n \n @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateEnchantedLinkForTestResponse which includes the loginId, the enchanted link and the pendingRef\n /\n generateEnchantedLinkForTestUser: (\n loginId: string,\n uri: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>> =>\n transformResponse<GenerateEnchantedLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEnchantedLinkForTest,\n { loginId, URI: uri, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n generateEmbeddedLink: (\n loginId: string,\n customClaims?: Record<string, any>,\n timeout?: number,\n ): Promise<SdkResponse<GenerateEmbeddedLinkResponse>> =>\n transformResponse<GenerateEmbeddedLinkResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEmbeddedLink,\n { loginId, customClaims, timeout },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n generateSignUpEmbeddedLink: (\n loginId: string,\n user?: {\n name?: string;\n givenName?: string;\n middleName?: string;\n familyName?: string;\n phone?: string;\n email?: string;\n },\n emailVerified?: boolean,\n phoneVerified?: boolean,\n loginOptions?: LoginOptions,\n timeout?: number,\n ): Promise<SdkResponse<GenerateEmbeddedLinkResponse>> =>\n transformResponse<GenerateEmbeddedLinkResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateSignUpEmbeddedLink,\n { loginId, user, emailVerified, phoneVerified, loginOptions, timeout },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Set temporary password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n /\n setTemporaryPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setTemporaryPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Set password for the given login ID of user.\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n /\n setActivePassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setActivePassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /* Deprecated (user setTemporaryPassword instead)\n * Set password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n /\n setPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /\n Expire password for the given login ID.\n * Note: user sign-in with an expired password, the user will get an error with code.\n * Use the `ResetPassword` or `ReplacePassword` methods to reset/replace the password.\n * @param loginId The login ID of the user\n /\n expirePassword: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.expirePassword, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /\n Removes all registered passkeys (WebAuthn devices) for the user with the given login ID.\n * Note: The user might not be able to login anymore if they have no other authentication\n * methods or a verified email/phone.\n * @param loginId The login ID of the user\n /\n removeAllPasskeys: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.removeAllPasskeys, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /\n Removes TOTP seed for the user with the given login ID.\n * Note: The user might not be able to login anymore if they have no other authentication\n * methods or a verified email/phone.\n * @param loginId The login ID of the user\n /\n removeTOTPSeed: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.removeTOTPSeed, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /\n Retrieve users' authentication history, by the given user's ids.\n * @param userIds The user IDs\n /\n history: (userIds: string[]): Promise<SdkResponse<UserHistoryResponse[]>> =>\n transformResponse<UserHistoryResponse[]>(\n sdk.httpClient.post(apiPaths.user.history, userIds, { token: managementKey }),\n (data) => data,\n ),\n };\n};\n\nexport interface PatchUserOptions {\n email?: string;\n phone?: string;\n displayName?: string;\n roles?: string[];\n userTenants?: AssociatedTenant[];\n customAttributes?: Record<string, AttributesTypes>;\n picture?: string;\n verifiedEmail?: boolean;\n verifiedPhone?: boolean;\n givenName?: string;\n middleName?: string;\n familyName?: string;\n ssoAppIds?: string[];\n scim?: boolean;\n}\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CloneProjectResponse,\n ExportSnapshotResponse,\n ImportSnapshotRequest,\n Project,\n ProjectEnvironment,\n ValidateSnapshotRequest,\n ValidateSnapshotResponse,\n} from './types';\n\ntype ListProjectsResponse = {\n projects: Project[];\n};\n\nconst withProject = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Update the current project name.\n * @param name The new name of the project\n /\n updateName: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.updateName,\n {\n name,\n },\n { token: managementKey },\n ),\n ),\n\n /\n Update the current project tags.\n * @param tags The wanted tags\n /\n updateTags: (tags: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.updateTags,\n {\n tags,\n },\n { token: managementKey },\n ),\n ),\n /\n Clone the current project, including its settings and configurations.\n * - This action is supported only with a pro license or above.\n * - Users, tenants and access keys are not cloned.\n * @param name The name of the new project\n * @param environment Determine if the project is in production or not.\n * @param tags array of free text tags\n * @returns The new project details (name, id, environment and tags)\n /\n clone: (\n name: string,\n environment?: ProjectEnvironment,\n tags?: string[],\n ): Promise<SdkResponse<CloneProjectResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.clone,\n {\n name,\n environment,\n tags,\n },\n { token: managementKey },\n ),\n ),\n\n /\n list of all the projects in the company\n * @returns List of projects details (name, id, environment and tags)\n /\n listProjects: async (): Promise<SdkResponse<Project[]>> =>\n transformResponse<ListProjectsResponse, Project[]>(\n sdk.httpClient.post(\n apiPaths.project.projectsList,\n {},\n {\n token: managementKey,\n },\n ),\n (data) =>\n data.projects.map(({ id, name, environment, tags }) => ({\n id,\n name,\n environment,\n tags,\n })),\n ),\n\n /\n \n * Exports a snapshot of all the settings and configurations for a project and returns\n * the raw JSON files as a mape. Note that users, tenants and access keys are not exported.\n \n This call is supported only with a pro license or above.\n \n Note: The values for secrets such as tokens and keys are left blank in the snapshot.\n * When a snapshot is imported into a project, the secrets for entities that already\n * exist such as connectors or OAuth providers are preserved if the matching values\n * in the snapshot are left blank. See below for more details.\n \n This API is meant to be used via the 'descope' CLI tool that can be\n * found at https://github.com/descope/descopecli\n \n @returns An `ExportSnapshotResponse` object containing the exported JSON files.\n /\n exportSnapshot: (): Promise<SdkResponse<ExportSnapshotResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.exportSnapshot, {}, { token: managementKey }),\n ),\n\n /\n Imports a snapshot of all settings and configurations into a project, overriding any\n * current configuration.\n \n This call is supported only with a pro license or above.\n \n The request is expected to be an `ImportSnapshotRequest` object with a raw JSON map of\n * files in the same format as the one returned in the `files` field of an `exportSnapshot`\n * response.\n \n Note: The values for secrets such as tokens and keys are left blank in exported\n * snapshots. When a snapshot is imported into a project, the secrets for entities that\n * already exist such as connectors or OAuth providers are preserved if the matching values\n * in the snapshot are left blank. However, new entities that need to be created during\n * the import operation must any required secrets provided in the request, otherwise the\n * import operation will fail. The ValidateImport method can be used to get a human and\n * machine readable JSON of missing secrets that be passed to the ImportSnapshot call.\n \n This API is meant to be used via the 'descope' CLI tool that can be\n * found at https://github.com/descope/descopecli\n /\n importSnapshot: (request: ImportSnapshotRequest): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.importSnapshot, request, { token: managementKey }),\n ),\n\n /\n Validates a snapshot by performing an import dry run and reporting any validation\n * failures or missing data. This should be called right before `importSnapshot` to\n * minimize the risk of the import failing.\n \n This call is supported only with a pro license or above.\n \n The response will have `ok: true` if the validation passes. Otherwise, a list of\n * failures will be provided in the `failures` field, and any missing secrets will\n * be listed along with details about which entity requires them.\n \n Validation can be retried by setting the required cleartext secret values in the\n * `value` field of each missing secret and setting this object as the `inputSecrets`\n * field of the validate request. The same `inputSecrets` object should then be\n * provided to the `importSnapshot` call afterwards so it doesn't fail as well.\n \n This API is meant to be used via the 'descope' CLI tool that can be\n * found at https://github.com/descope/descopecli\n /\n validateSnapshot: (\n request: ValidateSnapshotRequest,\n ): Promise<SdkResponse<ValidateSnapshotResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.validateSnapshot, request, { token: managementKey }),\n ),\n\n /\n @deprecated Use exportSnapshot instead\n /\n export: (): Promise<SdkResponse<Record<string, any>>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.exportSnapshot, {}, { token: managementKey }),\n (data) => data.files,\n ),\n\n /\n @deprecated Use importSnapshot instead\n /\n import: (files: Record<string, any>): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.importSnapshot,\n {\n files,\n },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withProject;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CreateTenantResponse,\n Tenant,\n AttributesTypes,\n TenantSettings,\n GenerateSSOConfigurationLinkResponse,\n} from './types';\n\ntype MultipleTenantResponse = {\n tenants: Tenant[];\n};\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n enforceSSO?: boolean,\n disabled?: boolean,\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains, customAttributes, enforceSSO, disabled },\n { token: managementKey },\n ),\n ),\n createWithId: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n enforceSSO?: boolean,\n disabled?: boolean,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { id, name, selfProvisioningDomains, customAttributes, enforceSSO, disabled },\n { token: managementKey },\n ),\n ),\n update: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n enforceSSO?: boolean,\n disabled?: boolean,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { id, name, selfProvisioningDomains, customAttributes, enforceSSO, disabled },\n { token: managementKey },\n ),\n ),\n delete: (id: string, cascade?: boolean): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { id, cascade }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<Tenant>> =>\n transformResponse<Tenant, Tenant>(\n sdk.httpClient.get(apiPaths.tenant.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.get(apiPaths.tenant.loadAll, {\n token: managementKey,\n }),\n (data) => data.tenants,\n ),\n searchAll: (\n ids?: string[],\n names?: string[],\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.post(\n apiPaths.tenant.searchAll,\n {\n tenantIds: ids,\n tenantNames: names,\n tenantSelfProvisioningDomains: selfProvisioningDomains,\n customAttributes,\n },\n { token: managementKey },\n ),\n (data) => data.tenants,\n ),\n getSettings: (tenantId: string): Promise<SdkResponse<TenantSettings>> =>\n transformResponse<TenantSettings, TenantSettings>(\n sdk.httpClient.get(apiPaths.tenant.settings, {\n queryParams: { id: tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n configureSettings: (tenantId: string, settings: TenantSettings): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.settings,\n { ...settings, tenantId },\n {\n token: managementKey,\n },\n ),\n ),\n generateSSOConfigurationLink: (\n tenantId: string,\n expireDuration: number,\n ssoId?: string,\n email?: string,\n templateId?: string,\n ): Promise<SdkResponse<GenerateSSOConfigurationLinkResponse>> =>\n transformResponse<GenerateSSOConfigurationLinkResponse, GenerateSSOConfigurationLinkResponse>(\n sdk.httpClient.post(\n apiPaths.tenant.generateSSOConfigurationLink,\n { tenantId, expireTime: expireDuration, ssoId, email, templateId },\n {\n token: managementKey,\n },\n ),\n (data) => data,\n ),\n});\n\nexport default withTenant;\n","import { JWTResponse, SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { MgmtLoginOptions, MgmtSignUpOptions, MgmtUserOptions, UpdateJWTResponse } from './types';\n\ntype AnonymousJWTResponse = Omit<JWTResponse, 'user' \| 'firstSeen'>;\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n refreshDuration?: number,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.update,\n { jwt, customClaims, refreshDuration },\n { token: managementKey },\n ),\n ),\n impersonate: (\n impersonatorId: string,\n loginId: string,\n validateConsent: boolean,\n customClaims?: Record<string, any>,\n selectedTenant?: string,\n refreshDuration?: number,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.impersonate,\n { impersonatorId, loginId, validateConsent, customClaims, selectedTenant, refreshDuration },\n { token: managementKey },\n ),\n ),\n stopImpersonation: (\n jwt: string,\n customClaims?: Record<string, any>,\n selectedTenant?: string,\n refreshDuration?: number,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.stopImpersonation,\n { jwt, customClaims, selectedTenant, refreshDuration },\n { token: managementKey },\n ),\n ),\n signIn: (loginId: string, loginOptions?: MgmtLoginOptions): Promise<SdkResponse<JWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.signIn,\n { loginId, ...loginOptions },\n { token: managementKey },\n ),\n ),\n signUp: (\n loginId: string,\n user?: MgmtUserOptions,\n signUpOptions?: MgmtSignUpOptions,\n ): Promise<SdkResponse<JWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.signUp,\n { loginId, user, ...signUpOptions },\n { token: managementKey },\n ),\n ),\n signUpOrIn: (\n loginId: string,\n user?: MgmtUserOptions,\n signUpOptions?: MgmtSignUpOptions,\n ): Promise<SdkResponse<JWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.signUpOrIn,\n { loginId, user, ...signUpOptions },\n { token: managementKey },\n ),\n ),\n anonymous: (\n customClaims?: Record<string, any>,\n selectedTenant?: string,\n refreshDuration?: number,\n ): Promise<SdkResponse<AnonymousJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.anonymous,\n { customClaims, selectedTenant, refreshDuration },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role, RoleSearchOptions } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n tenantId?: string,\n defaultRole?: boolean,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames, tenantId, default: defaultRole },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n tenantId?: string,\n defaultRole?: boolean,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames, tenantId, default: defaultRole },\n { token: managementKey },\n ),\n ),\n delete: (name: string, tenantId?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name, tenantId }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n search: (options: RoleSearchOptions): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.post(apiPaths.role.search, options, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Group } from './types';\n\nconst withGroup = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Load all groups for a specific tenant id.\n * @param tenantId Tenant ID to load groups from.\n * @returns Group[] list of groups\n /\n loadAllGroups: (tenantId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(apiPaths.group.loadAllGroups, { tenantId }, { token: managementKey }),\n ),\n\n /\n Load all groups for the provided user IDs or login IDs.\n * @param tenantId Tenant ID to load groups from.\n * @param userIds Optional List of user IDs, with the format of \"U2J5ES9S8TkvCgOvcrkpzUgVTEBM\" (example), which can be found on the user's JWT.\n * @param loginIds Optional List of login IDs, how the user identifies when logging in.\n * @returns Group[] list of groups\n /\n loadAllGroupsForMember: (\n tenantId: string,\n userIds: string[],\n loginIds: string[],\n ): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupsForMember,\n { tenantId, loginIds, userIds },\n { token: managementKey },\n ),\n ),\n\n /\n Load all members of the provided group id.\n * @param tenantId Tenant ID to load groups from.\n * @param groupId Group ID to load members for.\n * @returns Group[] list of groups\n /\n loadAllGroupMembers: (tenantId: string, groupId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupMembers,\n { tenantId, groupId },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withGroup;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n RoleMappings,\n AttributeMapping,\n SSOSettingsResponse,\n SSOOIDCSettings,\n SSOSAMLSettings,\n SSOSAMLByMetadataSettings,\n SSOSettings,\n} from './types';\n\nfunction transformSettingsResponse(data) {\n const readySettings = data as any;\n if (readySettings.oidc) {\n readySettings.oidc = {\n ...readySettings.oidc,\n attributeMapping: readySettings.oidc.userAttrMapping,\n };\n delete readySettings.oidc.userAttrMapping;\n }\n if (readySettings.saml?.groupsMapping) {\n readySettings.saml.groupsMapping = readySettings.saml?.groupsMapping.map((gm: any) => {\n const rm = gm;\n rm.roleName = rm.role.name;\n delete rm.role;\n return rm;\n });\n }\n return readySettings;\n}\n\nfunction transformAllSettingsResponse(data) {\n const readySettings = data.SSOSettings as any[];\n const res = [];\n readySettings.forEach((setting) => res.push(transformSettingsResponse(setting)));\n return res;\n}\n\nconst withSSOSettings = (sdk: CoreSdk, managementKey?: string) => ({\n /\n @deprecated Use loadSettings instead\n /\n getSettings: (tenantId: string): Promise<SdkResponse<SSOSettingsResponse>> =>\n transformResponse<SSOSettingsResponse>(\n sdk.httpClient.get(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n newSettings: (\n tenantId: string,\n ssoId: string,\n displayName: string,\n ): Promise<SdkResponse<SSOSettings>> =>\n transformResponse<SSOSettings>(\n sdk.httpClient.post(\n apiPaths.sso.settingsNew,\n { tenantId, ...(ssoId ? { ssoId } : {}), displayName },\n { token: managementKey },\n ),\n (data) => transformSettingsResponse(data),\n ),\n deleteSettings: (tenantId: string, ssoId?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.sso.settings, {\n queryParams: { tenantId, ...(ssoId ? { ssoId } : {}) },\n token: managementKey,\n }),\n ),\n /\n @deprecated Use configureSAMLSettings or configureOIDCSettings instead\n /\n configureSettings: (\n tenantId: string,\n idpURL: string,\n idpCert: string,\n entityId: string,\n redirectURL: string,\n domains: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.settings,\n { tenantId, idpURL, entityId, idpCert, redirectURL, domains },\n { token: managementKey },\n ),\n ),\n /\n @deprecated Use configureSAMLByMetadata instead\n /\n configureMetadata: (\n tenantId: string,\n idpMetadataURL: string,\n redirectURL: string,\n domains: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.metadata,\n { tenantId, idpMetadataURL, redirectURL, domains },\n { token: managementKey },\n ),\n ),\n /\n @deprecated Use configureSAMLSettings, configureSAMLByMetadata or configureOIDCSettings instead\n /\n configureMapping: (\n tenantId: string,\n roleMappings?: RoleMappings,\n attributeMapping?: AttributeMapping,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.mapping,\n { tenantId, roleMappings, attributeMapping },\n { token: managementKey },\n ),\n ),\n configureOIDCSettings: (\n tenantId: string,\n settings: SSOOIDCSettings,\n domains?: string[],\n ssoId?: string,\n ): Promise<SdkResponse<never>> => {\n const readySettings = { ...settings, userAttrMapping: settings.attributeMapping };\n delete readySettings.attributeMapping;\n return transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.oidc.configure,\n {\n tenantId,\n settings: readySettings,\n domains,\n ...(ssoId ? { ssoId } : {}),\n },\n { token: managementKey },\n ),\n );\n },\n configureSAMLSettings: (\n tenantId: string,\n settings: SSOSAMLSettings,\n redirectUrl?: string,\n domains?: string[],\n ssoId?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.saml.configure,\n { tenantId, settings, redirectUrl, domains, ...(ssoId ? { ssoId } : {}) },\n { token: managementKey },\n ),\n ),\n configureSAMLByMetadata: (\n tenantId: string,\n settings: SSOSAMLByMetadataSettings,\n redirectUrl?: string,\n domains?: string[],\n ssoId?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.saml.metadata,\n { tenantId, settings, redirectUrl, domains, ...(ssoId ? { ssoId } : {}) },\n { token: managementKey },\n ),\n ),\n loadSettings: (tenantId: string, ssoId?: string): Promise<SdkResponse<SSOSettings>> =>\n transformResponse<SSOSettings>(\n sdk.httpClient.get(apiPaths.sso.settingsv2, {\n queryParams: { tenantId, ...(ssoId ? { ssoId } : {}) },\n token: managementKey,\n }),\n (data) => transformSettingsResponse(data),\n ),\n loadAllSettings: (tenantId: string): Promise<SdkResponse<SSOSettings[]>> =>\n transformResponse<SSOSettings[]>(\n sdk.httpClient.get(apiPaths.sso.settingsAllV2, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => transformAllSettingsResponse(data),\n ),\n});\n\nexport default withSSOSettings;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AccessKey, AssociatedTenant, CreatedAccessKeyResponse } from './types';\n\ntype SingleKeyResponse = {\n key: AccessKey;\n};\n\ntype MultipleKeysResponse = {\n keys: AccessKey[];\n};\n\nconst withAccessKey = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Create a new access key for a project.\n * @param name Access key name\n * @param expireTime When the access key expires. Keep at 0 to make it indefinite.\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param tenants Optional associated tenants for this key and its roles for each.\n * @param userId Optional bind this access key to a specific user.\n * @param customClaims Optional map of claims and their values that will be present in the JWT.\n * @param description Optional free text description\n * @param permittedIps Optional list of IP addresses or CIDR ranges that are allowed to use this access key.\n * @returns A newly created key and its cleartext. Make sure to save the cleartext securely.\n /\n create: (\n name: string,\n expireTime: number,\n roles?: string[],\n tenants?: AssociatedTenant[],\n userId?: string,\n customClaims?: Record<string, any>,\n description?: string,\n permittedIps?: string[],\n ): Promise<SdkResponse<CreatedAccessKeyResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.accessKey.create,\n {\n name,\n expireTime,\n roleNames: roles,\n keyTenants: tenants,\n userId,\n customClaims,\n description,\n permittedIps,\n },\n { token: managementKey },\n ),\n ),\n /\n Load an access key.\n * @param id Access key ID to load\n * @returns The loaded access key.\n /\n load: (id: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.get(apiPaths.accessKey.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data.key,\n ),\n /\n Search all access keys\n * @param tenantIds Optional tenant ID filter to apply on the search results\n * @returns An array of found access keys\n /\n searchAll: (tenantIds?: string[]): Promise<SdkResponse<AccessKey[]>> =>\n transformResponse<MultipleKeysResponse, AccessKey[]>(\n sdk.httpClient.post(apiPaths.accessKey.search, { tenantIds }, { token: managementKey }),\n (data) => data.keys,\n ),\n /\n Update an access key.\n * @param id Access key ID to load\n * @param name The updated access key name\n * @param description Optional updated access key description\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param tenants Optional associated tenants for this key and its roles for each.\n * @param customClaims Optional map of claims and their values that will be present in the JWT.\n * @param permittedIps Optional list of IP addresses or CIDR ranges that are allowed to use this access key.\n * @returns The updated access key\n /\n update: (\n id: string,\n name: string,\n description?: string,\n roles?: string[],\n tenants?: AssociatedTenant[],\n customClaims?: Record<string, any>,\n permittedIps?: string[],\n ): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.post(\n apiPaths.accessKey.update,\n {\n id,\n name,\n description,\n roleNames: roles,\n keyTenants: tenants,\n customClaims,\n permittedIps,\n },\n { token: managementKey },\n ),\n (data) => data.key,\n ),\n /\n Deactivate an access key. Deactivated access keys cannot be used until they are\n * activated again.\n * @param id Access key ID to deactivate\n /\n deactivate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.deactivate, { id }, { token: managementKey }),\n ),\n /\n Activate an access key. Only deactivated access keys can be activated again.\n * @param id Access key ID to activate\n /\n activate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.activate, { id }, { token: managementKey }),\n ),\n /\n Delete an access key. IMPORTANT: This cannot be undone. Use carefully.\n * @param id Access key ID to delete\n /\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.delete, { id }, { token: managementKey }),\n ),\n});\n\nexport default withAccessKey;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n FlowResponse,\n FlowsResponse,\n Screen,\n Flow,\n ManagementFlowOptions,\n RunManagementFlowResponse,\n} from './types';\n\nconst WithFlow = (sdk: CoreSdk, managementKey?: string) => ({\n list: (): Promise<SdkResponse<FlowsResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.flow.list, {}, { token: managementKey })),\n delete: (flowIds: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.delete, { ids: flowIds }, { token: managementKey }),\n ),\n export: (flowId: string): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.export, { flowId }, { token: managementKey }),\n ),\n import: (flowId: string, flow: Flow, screens?: Screen[]): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.flow.import,\n { flowId, flow, screens },\n { token: managementKey },\n ),\n ),\n run: (\n flowId: string,\n options?: ManagementFlowOptions,\n ): Promise<SdkResponse<RunManagementFlowResponse['output']>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.run, { flowId, options }, { token: managementKey }),\n (data) => (data as RunManagementFlowResponse)?.output,\n ),\n});\n\nexport default WithFlow;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Theme, ThemeResponse } from './types';\n\nconst WithTheme = (sdk: CoreSdk, managementKey?: string) => ({\n export: (): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.theme.export, {}, { token: managementKey })),\n import: (theme: Theme): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.theme.import, { theme }, { token: managementKey }),\n ),\n});\n\nexport default WithTheme;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AuditSearchOptions, AuditRecord, AuditCreateOptions } from './types';\n\nconst WithAudit = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Search the audit trail for up to last 30 days based on given optional parameters\n * @param searchOptions to filter which audit records to return\n * @returns the audit records array\n /\n search: (searchOptions: AuditSearchOptions): Promise<SdkResponse<AuditRecord[]>> => {\n const body = { ...searchOptions, externalIds: searchOptions.loginIds };\n delete body.loginIds;\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.search, body, { token: managementKey }),\n (data) =>\n data?.audits.map((a) => {\n const res = {\n ...a,\n occurred: parseFloat(a.occurred),\n loginIds: a.externalIds,\n };\n delete res.externalIds;\n return res;\n }),\n );\n },\n /\n Create audit event\n * @param createOptions to define which audit event to create\n * @returns the audit records array\n /\n createEvent: (createOptions: AuditCreateOptions): Promise<SdkResponse<never>> => {\n const body = { ...createOptions };\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.createEvent, body, { token: managementKey }),\n );\n },\n});\n\nexport default WithAudit;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n AuthzSchema,\n AuthzNamespace,\n AuthzRelationDefinition,\n AuthzRelation,\n AuthzRelationQuery,\n AuthzModified,\n AuthzResource,\n} from './types';\n\nconst WithAuthz = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Save (create or update) the given schema.\n * In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.\n * Schema name can be used for projects to track versioning.\n \n @param schema the schema to save\n * @param upgrade should we upgrade existing schema or ignore any namespace not provided\n * @returns standard success or failure response\n /\n saveSchema: (schema: AuthzSchema, upgrade: boolean): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaSave, { schema, upgrade }, { token: managementKey }),\n ),\n /\n Delete the schema for the project which will also delete all relations.\n \n @returns standard success or failure response\n /\n deleteSchema: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaDelete, {}, { token: managementKey }),\n ),\n /\n Load the schema for the project.\n \n @returns the schema associated with the project\n /\n loadSchema: (): Promise<SdkResponse<AuthzSchema>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaLoad, {}, { token: managementKey }),\n (data) => data.schema,\n ),\n /\n Save (create or update) the given namespace.\n * Will not delete relation definitions not mentioned in the namespace.\n \n @param namespace the namespace to save\n * @param oldName if we are changing the namespace name, what was the old name we are updating.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n /\n saveNamespace: (\n namespace: AuthzNamespace,\n oldName?: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.nsSave,\n { namespace, oldName, schemaName },\n { token: managementKey },\n ),\n ),\n /\n Delete the given namespace.\n * Will also delete the relevant relations.\n \n @param name to delete.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n /\n deleteNamespace: (name: string, schemaName?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.nsDelete, { name, schemaName }, { token: managementKey }),\n ),\n /\n Save (create or update) the given relation definition.\n \n @param relationDefinition rd to save.\n * @param namespace that it belongs to.\n * @param oldName if we are changing the relation definition name, what was the old name we are updating.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n /\n saveRelationDefinition: (\n relationDefinition: AuthzRelationDefinition,\n namespace: string,\n oldName?: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.rdSave,\n { relationDefinition, namespace, oldName, schemaName },\n { token: managementKey },\n ),\n ),\n /\n Delete the given relation definition.\n * Will also delete the relevant relations.\n \n @param name to delete.\n * @param namespace it belongs to.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n /\n deleteRelationDefinition: (\n name: string,\n namespace: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.rdDelete,\n { name, namespace, schemaName },\n { token: managementKey },\n ),\n ),\n /\n Create the given relations.\n \n @param relations to create.\n * @returns standard success or failure response\n /\n createRelations: (relations: AuthzRelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.reCreate, { relations }, { token: managementKey }),\n ),\n /\n Delete the given relations.\n \n @param relations to delete.\n * @returns standard success or failure response\n /\n deleteRelations: (relations: AuthzRelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.reDelete, { relations }, { token: managementKey }),\n ),\n /\n @deprecated use `deleteRelationsForIds` instead for better clarity\n \n Delete any relations with matching resourceIds OR targetIds\n \n @param resources ids to delete relations for.\n * @returns standard success or failure response\n /\n deleteRelationsForResources: (resources: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.reDeleteResources,\n { resources },\n { token: managementKey },\n ),\n ),\n /\n \n * Delete any relations with matching resourceIds\n \n @param resources resource ids to delete relations for.\n * @returns\n /\n deleteResourceRelationsForResources: (resources: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.reDeleteResourceRelationsForResources,\n { resources },\n { token: managementKey },\n ),\n ),\n /\n Delete any relations with matching resourceIds OR targetIds\n \n @param ids ids to delete relations for.\n * @returns standard success or failure response\n /\n deleteRelationsForIds: (ids: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.reDeleteResources,\n { resources: ids },\n { token: managementKey },\n ),\n ),\n /\n Query relations to see what relations exists.\n \n @param relationQueries array of relation queries to check.\n * @returns array of relation query responses with the boolean flag indicating if relation exists\n /\n hasRelations: (\n relationQueries: AuthzRelationQuery[],\n ): Promise<SdkResponse<AuthzRelationQuery[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.hasRelations,\n { relationQueries },\n { token: managementKey },\n ),\n (data) => data.relationQueries,\n ),\n /\n List all the users that have the given relation definition to the given resource.\n \n @param resource The resource we are checking\n * @param relationDefinition The relation definition we are querying\n * @param namespace The namespace for the relation definition\n * @returns array of users who have the given relation definition\n /\n whoCanAccess: (\n resource: string,\n relationDefinition: string,\n namespace: string,\n ): Promise<SdkResponse<string[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.who,\n { resource, relationDefinition, namespace },\n { token: managementKey },\n ),\n (data) => data.targets,\n ),\n /\n Return the list of all defined relations (not recursive) on the given resource.\n \n @param resource The resource we are checking\n * @param ignoreTargetSetRelations if true, will not return target set relations even if they exist\n * @returns array of relations that exist for the given resource\n /\n resourceRelations: (\n resource: string,\n ignoreTargetSetRelations = false,\n ): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.resource,\n { resource, ignoreTargetSetRelations },\n { token: managementKey },\n ),\n (data) => data.relations,\n ),\n /\n Return the list of all defined relations (not recursive) for the given targets.\n \n @param targets array of targets we want to check\n * @param includeTargetSetRelations if true, will include target set relations as well as target relations\n * @returns array of relations that exist for the given targets\n /\n targetsRelations: (\n targets: string[],\n includeTargetSetRelations = false,\n ): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.targets,\n { targets, includeTargetSetRelations },\n { token: managementKey },\n ),\n (data) => data.relations,\n ),\n /\n Return the list of all relations for the given target including derived relations from the schema tree.\n \n @param target The target to check relations for\n * @returns array of relations that exist for the given targets\n /\n whatCanTargetAccess: (target: string): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.targetAll, { target }, { token: managementKey }),\n (data) => data.relations,\n ),\n\n /\n Return all resources which the target can access via relation paths that end with the given relation definition\n \n @param target The target to check resource access for, e.g. user:123\n * @param relationDefinition A relation on a resource, e.g. owner\n * @param namespace The namespace (type) of the resource in which the relation is defined, e.g. folder\n * @returns array of resources that the target can access on relation paths which include the given relation definition\n /\n whatCanTargetAccessWithRelation: (\n target: string,\n relationDefinition: string,\n namespace: string,\n ): Promise<SdkResponse<AuthzResource[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.targetWithRelation,\n { target, relationDefinition, namespace },\n { token: managementKey },\n ),\n (data) => data.resources.map((resource: string) => ({ resource })),\n ),\n\n /\n Return the list of all relations for the given target including derived relations from the schema tree.\n \n @param target The target to check relations for\n * @returns array of relations that exist for the given targets\n /\n getModified: (since: Date): Promise<SdkResponse<AuthzModified>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.getModified,\n { since: since ? since.getTime() : 0 },\n { token: managementKey },\n ),\n (data) => data as AuthzModified,\n ),\n});\n\nexport default WithAuthz;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CreateSSOApplicationResponse,\n SSOApplication,\n OidcApplicationOptions,\n SamlApplicationOptions,\n} from './types';\n\ntype MultipleSSOApplicationResponse = {\n apps: SSOApplication[];\n};\n\nconst withSSOApplication = (sdk: CoreSdk, managementKey?: string) => ({\n createOidcApplication: (\n options: OidcApplicationOptions,\n ): Promise<SdkResponse<CreateSSOApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.oidcCreate,\n {\n ...options,\n enabled: options.enabled ?? true,\n },\n { token: managementKey },\n ),\n ),\n createSamlApplication: (\n options: SamlApplicationOptions,\n ): Promise<SdkResponse<CreateSSOApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.samlCreate,\n {\n ...options,\n enabled: options.enabled ?? true,\n },\n { token: managementKey },\n ),\n ),\n updateOidcApplication: (\n options: OidcApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.oidcUpdate,\n { ...options },\n { token: managementKey },\n ),\n ),\n updateSamlApplication: (\n options: SamlApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.samlUpdate,\n { ...options },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.ssoApplication.delete, { id }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<SSOApplication>> =>\n transformResponse<SSOApplication, SSOApplication>(\n sdk.httpClient.get(apiPaths.ssoApplication.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<SSOApplication[]>> =>\n transformResponse<MultipleSSOApplicationResponse, SSOApplication[]>(\n sdk.httpClient.get(apiPaths.ssoApplication.loadAll, {\n token: managementKey,\n }),\n (data) => data.apps,\n ),\n});\n\nexport default withSSOApplication;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { PasswordSettings } from './types';\n\nconst withPassword = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: (tenantId: string): Promise<SdkResponse<PasswordSettings>> =>\n transformResponse<PasswordSettings, PasswordSettings>(\n sdk.httpClient.get(apiPaths.password.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n configureSettings: (tenantId: string, settings: PasswordSettings): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.password.settings,\n { ...settings, tenantId },\n {\n token: managementKey,\n },\n ),\n ),\n});\n\nexport default withPassword;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CheckResponseRelation,\n FGARelation,\n FGASchema,\n FGAResourceDetails,\n FGAResourceIdentifier,\n} from './types';\n\nconst WithFGA = (sdk: CoreSdk, managementKey?: string) => ({\n /\n Save (create or update) the given schema.\n * In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.\n \n @param schema the schema to save\n * @returns standard success or failure response\n /\n saveSchema: (schema: FGASchema): Promise<SdkResponse<never>> =>\n transformResponse(sdk.httpClient.post(apiPaths.fga.schema, schema, { token: managementKey })),\n /\n Delete the schema for the project which will also delete all relations.\n \n @returns standard success or failure response\n /\n deleteSchema: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaDelete, {}, { token: managementKey }),\n ),\n /\n Create the given relations.\n \n @param relations to create.\n * @returns standard success or failure response\n /\n createRelations: (relations: FGARelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.fga.relations, { tuples: relations }, { token: managementKey }),\n ),\n\n /\n Delete the given relations.\n * This is a bulk operation and will delete all the given relations.\n \n @param relations to delete.\n * @returns standard success or failure response\n /\n\n deleteRelations: (relations: FGARelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.fga.deleteRelations,\n { tuples: relations },\n { token: managementKey },\n ),\n ),\n\n /\n Check if the given relations exist.\n * This is a read-only operation and will not create any relations.\n * It will return the relations with the boolean flag indicating if relation exists.\n * This is useful to check if a relation exists before creating it.\n \n @param relations to check.\n * @returns array of relations with the boolean flag indicating if relation exists\n /\n check: (relations: FGARelation[]): Promise<SdkResponse<CheckResponseRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.fga.check, { tuples: relations }, { token: managementKey }),\n (data) => data.tuples,\n ),\n\n /\n Load details for the given resource identifiers.\n * @param resourceIdentifiers the resource identifiers (resourceId and resourceType tuples) to load details for\n /\n loadResourcesDetails: (\n resourceIdentifiers: FGAResourceIdentifier[],\n ): Promise<SdkResponse<FGAResourceDetails[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.fga.resourcesLoad,\n { resourceIdentifiers },\n { token: managementKey },\n ),\n (data) => data.resourcesDetails,\n ),\n\n /\n Save details for the given resources.\n * @param resourcesDetails the resources details to save\n /\n saveResourcesDetails: (resourcesDetails: FGAResourceDetails[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.fga.resourcesSave,\n { resourcesDetails },\n { token: managementKey },\n ),\n ),\n\n /\n Delete all relations.\n \n @returns standard success or failure response\n /\n deleteAllRelations: (): Promise<SdkResponse<never>> =>\n transformResponse(sdk.httpClient.delete(apiPaths.fga.relations, { token: managementKey })),\n});\n\nexport default WithFGA;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n InboundApplication,\n InboundApplicationConsent,\n InboundApplicationConsentDeleteOptions,\n InboundApplicationConsentSearchOptions,\n CreateInboundApplicationResponse,\n InboundApplicationOptions,\n InboundApplicationSecretResponse,\n} from './types';\n\ntype MultipleInboundApplicationResponse = {\n apps: InboundApplication[];\n};\n\ntype MultipleInboundApplicationConsentsResponse = {\n consents: InboundApplicationConsent[];\n};\n\nconst withInboundApplication = (sdk: CoreSdk, managementKey?: string) => ({\n createApplication: (\n options: InboundApplicationOptions,\n ): Promise<SdkResponse<CreateInboundApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.inboundApplication.create,\n {\n ...options,\n },\n { token: managementKey },\n ),\n ),\n updateApplication: (\n options: InboundApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.inboundApplication.update,\n { ...options },\n { token: managementKey },\n ),\n ),\n patchApplication: (\n options: Partial<InboundApplicationOptions> & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.inboundApplication.patch,\n { ...options },\n { token: managementKey },\n ),\n ),\n deleteApplication: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.inboundApplication.delete, { id }, { token: managementKey }),\n ),\n loadApplication: (id: string): Promise<SdkResponse<InboundApplication>> =>\n transformResponse<InboundApplication, InboundApplication>(\n sdk.httpClient.get(apiPaths.inboundApplication.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAllApplications: (): Promise<SdkResponse<InboundApplication[]>> =>\n transformResponse<MultipleInboundApplicationResponse, InboundApplication[]>(\n sdk.httpClient.get(apiPaths.inboundApplication.loadAll, {\n token: managementKey,\n }),\n (data) => data.apps,\n ),\n getApplicationSecret: (id: string): Promise<SdkResponse<InboundApplicationSecretResponse>> =>\n transformResponse<InboundApplicationSecretResponse, InboundApplicationSecretResponse>(\n sdk.httpClient.get(apiPaths.inboundApplication.secret, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n rotateApplicationSecret: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.inboundApplication.rotate, { id }, { token: managementKey }),\n ),\n searchConsents: (\n options?: InboundApplicationConsentSearchOptions,\n ): Promise<SdkResponse<InboundApplicationConsent[]>> =>\n transformResponse<MultipleInboundApplicationConsentsResponse, InboundApplicationConsent[]>(\n sdk.httpClient.post(\n apiPaths.inboundApplicationConsents.search,\n { ...options },\n { token: managementKey },\n ),\n (data) => data.consents,\n ),\n deleteConsents: (options: InboundApplicationConsentDeleteOptions): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.inboundApplicationConsents.delete,\n { ...options },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withInboundApplication;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n OutboundApplication,\n OutboundAppToken,\n FetchOutboundAppTokenOptions,\n OutboundAppTokenResponse,\n} from './types';\n\ntype OutboundApplicationResponse = {\n app: OutboundApplication;\n};\n\ntype MultipleOutboundApplicationResponse = {\n apps: OutboundApplication[];\n};\n\ntype WithOptional<T, K extends keyof T> = Omit<T, K> & Partial<Pick<T, K>>;\n\nconst withOutboundApplication = (sdk: CoreSdk, managementKey?: string) => ({\n createApplication: (\n app: WithOptional<OutboundApplication, 'id'> & { clientSecret?: string },\n ): Promise<SdkResponse<OutboundApplication>> =>\n transformResponse<OutboundApplicationResponse, OutboundApplication>(\n sdk.httpClient.post(\n apiPaths.outboundApplication.create,\n {\n ...app,\n },\n { token: managementKey },\n ),\n (data) => data.app,\n ),\n updateApplication: (\n app: OutboundApplication & { clientSecret?: string },\n ): Promise<SdkResponse<OutboundApplication>> =>\n transformResponse<OutboundApplicationResponse, OutboundApplication>(\n sdk.httpClient.post(\n apiPaths.outboundApplication.update,\n {\n app,\n },\n { token: managementKey },\n ),\n (data) => data.app,\n ),\n deleteApplication: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.outboundApplication.delete, { id }, { token: managementKey }),\n ),\n loadApplication: (id: string): Promise<SdkResponse<OutboundApplication>> =>\n transformResponse<OutboundApplicationResponse, OutboundApplication>(\n sdk.httpClient.get(`${apiPaths.outboundApplication.load}/${id}`, {\n token: managementKey,\n }),\n (data) => data.app,\n ),\n loadAllApplications: (): Promise<SdkResponse<OutboundApplication[]>> =>\n transformResponse<MultipleOutboundApplicationResponse, OutboundApplication[]>(\n sdk.httpClient.get(apiPaths.outboundApplication.loadAll, {\n token: managementKey,\n }),\n (data) => data.apps,\n ),\n fetchTokenByScopes: (\n appId: string,\n userId: string,\n scopes: string[],\n options?: FetchOutboundAppTokenOptions,\n tenantId?: string,\n ): Promise<SdkResponse<OutboundAppToken>> =>\n transformResponse<OutboundAppTokenResponse, OutboundAppToken>(\n sdk.httpClient.post(\n apiPaths.outboundApplication.fetchTokenByScopes,\n {\n appId,\n userId,\n scopes,\n options,\n tenantId,\n },\n { token: managementKey },\n ),\n (data) => data.token,\n ),\n fetchToken: (\n appId: string,\n userId: string,\n tenantId?: string,\n options?: FetchOutboundAppTokenOptions,\n ): Promise<SdkResponse<OutboundAppToken>> =>\n transformResponse<OutboundAppTokenResponse, OutboundAppToken>(\n sdk.httpClient.post(\n apiPaths.outboundApplication.fetchToken,\n {\n appId,\n userId,\n tenantId,\n options,\n },\n { token: managementKey },\n ),\n (data) => data.token,\n ),\n fetchTenantTokenByScopes: (\n appId: string,\n tenantId: string,\n scopes: string[],\n options?: FetchOutboundAppTokenOptions,\n ): Promise<SdkResponse<OutboundAppToken>> =>\n transformResponse<OutboundAppTokenResponse, OutboundAppToken>(\n sdk.httpClient.post(\n apiPaths.outboundApplication.fetchTenantTokenByScopes,\n {\n appId,\n tenantId,\n scopes,\n options,\n },\n { token: managementKey },\n ),\n (data) => data.token,\n ),\n fetchTenantToken: (\n appId: string,\n tenantId: string,\n options?: FetchOutboundAppTokenOptions,\n ): Promise<SdkResponse<OutboundAppToken>> =>\n transformResponse<OutboundAppTokenResponse, OutboundAppToken>(\n sdk.httpClient.post(\n apiPaths.outboundApplication.fetchTenantToken,\n {\n appId,\n tenantId,\n options,\n },\n { token: managementKey },\n ),\n (data) => data.token,\n ),\n});\n\nexport default withOutboundApplication;\n","import createSdk, {\n AccessKeyLoginOptions,\n ExchangeAccessKeyResponse,\n SdkResponse,\n JWTResponse as CoreJWTResponse,\n wrapWith,\n} from '@descope/core-js-sdk';\nimport { JWK, JWTHeaderParameters, KeyLike, errors, importJWK, jwtVerify } from 'jose';\nimport {\n permissionsClaimName,\n refreshTokenCookieName,\n rolesClaimName,\n sessionTokenCookieName,\n} from './constants';\nimport fetch from './fetch-polyfill';\nimport {\n getAuthorizationClaimItems,\n getCookieValue,\n isUserAssociatedWithTenant,\n withCookie,\n} from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo, RefreshAuthenticationInfo } from './types';\nimport descopeErrors from './errors';\n\ndeclare const BUILD_VERSION: string;\n\n// Extend the type wrapped by withCookie\ntype JWTResponseWithCookies = CoreJWTResponse & {\n cookies: string[];\n};\n\n/* Configuration arguments which include the Descope core SDK args and an optional management key /\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n publicKey?: string;\n};\n\nconst nodeSdk = ({ managementKey, publicKey, ...config }: NodeSdkArgs) => {\n const coreSdk = createSdk({\n fetch,\n ...config,\n baseHeaders: {\n ...config.baseHeaders,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node \|\| '',\n 'x-descope-sdk-version': BUILD_VERSION,\n },\n });\n\n const { projectId, logger } = config;\n\n const keys: Record<string, KeyLike \| Uint8Array> = {};\n\n /* Fetch the public keys (JWKs) from Descope for the configured project /\n const fetchKeys = async () => {\n if (publicKey) {\n try {\n const parsedKey = JSON.parse(publicKey);\n const key = await importJWK(parsedKey);\n return {\n [parsedKey.kid]: key,\n };\n } catch (e) {\n logger?.error('Failed to parse the provided public key', e);\n throw new Error(`Failed to parse public key. Error: ${e}`);\n }\n }\n\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, managementKey);\n\n const sdk = {\n ...coreSdk,\n\n // Overrides core-sdk refresh, because the core-sdk exposes queryParams, which is for internal use only\n refresh: async (token?: string) => coreSdk.refresh(token),\n\n /\n Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n /\n management,\n\n /* Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. /\n async getKey(header: JWTHeaderParameters): Promise<KeyLike \| Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /\n Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n /\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /\n Validate an active session\n * @param sessionToken session JWT to validate\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateSession(sessionToken: string): Promise<AuthenticationInfo> {\n if (!sessionToken) throw Error('session token is required for validation');\n\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.error('session validation failed', error);\n throw Error(`session validation failed. Error: ${error}`);\n }\n },\n\n /\n Refresh the session using a refresh token\n * @param refreshToken refresh JWT to refresh the session with\n * @returns RefreshAuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async refreshSession(refreshToken: string): Promise<RefreshAuthenticationInfo> {\n if (!refreshToken) throw Error('refresh token is required to refresh a session');\n\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n // if refresh was successful, validate the new session JWT\n const seesionJwt =\n getCookieValue(\n (jwtResp.data as JWTResponseWithCookies)?.cookies?.join(';'),\n sessionTokenCookieName,\n ) \|\| jwtResp.data?.sessionJwt;\n const token = await sdk.validateJwt(seesionJwt);\n // add cookies to the token response if they exist\n token.cookies = (jwtResp.data as JWTResponseWithCookies)?.cookies \|\| [];\n if (jwtResp.data?.refreshJwt) {\n // if refresh returned a refresh JWT, add it to the response\n (token as RefreshAuthenticationInfo).refreshJwt = jwtResp.data.refreshJwt;\n }\n return token;\n }\n / istanbul ignore next /\n throw Error(jwtResp.error?.errorMessage);\n } catch (refreshTokenErr) {\n / istanbul ignore next /\n logger?.error('refresh token validation failed', refreshTokenErr);\n throw Error(`refresh token validation failed, Error: ${refreshTokenErr}`);\n }\n },\n\n /\n Validate session and refresh it if it expired\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns RefreshAuthenticationInfo promise or throws Error if there is an issue with JWTs\n /\n async validateAndRefreshSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<RefreshAuthenticationInfo> {\n if (!sessionToken && !refreshToken) throw Error('both session and refresh tokens are empty');\n\n try {\n const token = await sdk.validateSession(sessionToken);\n return token;\n } catch (error) {\n / istanbul ignore next /\n logger?.log(`session validation failed with error ${error} - trying to refresh it`);\n }\n\n return sdk.refreshSession(refreshToken);\n },\n\n /\n Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @param loginOptions Optional advanced controls over login parameters\n * @returns AuthenticationInfo with session JWT data\n /\n async exchangeAccessKey(\n accessKey: string,\n loginOptions?: AccessKeyLoginOptions,\n ): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey, loginOptions);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error(`could not exchange access key - Failed to exchange. Error: ${error}`);\n }\n\n if (!resp.ok) {\n logger?.error('failed to exchange access key', resp.error);\n throw Error(`could not exchange access key - ${resp.error?.errorMessage}`);\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error(`could not exchange access key - failed to validate jwt. Error: ${error}`);\n }\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, '', permissions);\n },\n\n /\n Retrieves the permissions from JWT top level claims that match the specified permissions list\n * @param authInfo JWT parsed info containing the permissions\n * @param permissions List of permissions to match against the JWT claims\n * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n /\n getMatchedPermissions(authInfo: AuthenticationInfo, permissions: string[]): string[] {\n return sdk.getMatchedTenantPermissions(authInfo, '', permissions);\n },\n\n /\n Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param tenant tenant to validate the permissions for\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n /\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /\n Retrieves the permissions from JWT tenant claims that match the specified permissions list\n * @param authInfo JWT parsed info containing the permissions\n * @param tenant tenant to match the permissions for\n * @param permissions List of permissions to match against the JWT claims\n * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n * /\n getMatchedTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): string[] {\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return [];\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.filter((perm) => granted.includes(perm));\n },\n\n /\n Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, '', roles);\n },\n\n /\n Retrieves the roles from JWT top level claims that match the specified roles list\n * @param authInfo JWT parsed info containing the roles\n * @param roles List of roles to match against the JWT claims\n * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n /\n getMatchedRoles(authInfo: AuthenticationInfo, roles: string[]): string[] {\n return sdk.getMatchedTenantRoles(authInfo, '', roles);\n },\n\n /\n Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param tenant tenant to validate the roles for\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n /\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n\n /\n Retrieves the roles from JWT tenant claims that match the specified roles list\n * @param authInfo JWT parsed info containing the roles\n * @param tenant tenant to match the roles for\n * @param roles List of roles to match against the JWT claims\n * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n /\n getMatchedTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): string[] {\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return [];\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.filter((role) => membership.includes(role));\n },\n };\n\n return wrapWith(\n sdk,\n [\n 'otp.verify.email',\n 'otp.verify.sms',\n 'otp.verify.voice',\n 'otp.verify.whatsapp',\n 'magicLink.verify',\n 'enchantedLink.signUp',\n 'enchantedLink.signIn',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ] as const,\n withCookie,\n );\n};\n\n/* Descope SDK client with delivery methods enum.\n \n Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n \n ```js\n * import descopeSdk from '@descope/node-sdk';\n \n const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n \n const userLoginId = 'loginId';\n * sdk.otp.signIn.email(userLoginId);\n * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);\n * ```\n /\n\nnodeSdk.RefreshTokenCookieName = refreshTokenCookieName;\nnodeSdk.SessionTokenCookieName = sessionTokenCookieName;\nnodeSdk.DescopeErrors = descopeErrors;\n\nexport default nodeSdk;\nexport type {\n DeliveryMethod,\n JWTResponse,\n OAuthProvider,\n ResponseData,\n SdkResponse,\n} from '@descope/core-js-sdk';\nexport type { AuthenticationInfo };\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withProject from './project';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\nimport withGroup from './group';\nimport withSSOSettings from './sso';\nimport withAccessKey from './accesskey';\nimport WithFlow from './flow';\nimport WithTheme from './theme';\nimport WithAudit from './audit';\nimport WithAuthz from './authz';\nimport withSSOApplication from './ssoapplication';\nimport withPassword from './password';\nimport WithFGA from './fga';\nimport withInboundApplication from './inboundapplication';\nimport withOutboundApplication from './outboundapplication';\n\n/* Constructs a higher level Management API that wraps the functions from code-js-sdk /\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n project: withProject(sdk, managementKey),\n accessKey: withAccessKey(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n ssoApplication: withSSOApplication(sdk, managementKey),\n inboundApplication: withInboundApplication(sdk, managementKey),\n outboundApplication: withOutboundApplication(sdk, managementKey),\n sso: withSSOSettings(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n password: withPassword(sdk, managementKey),\n role: withRole(sdk, managementKey),\n group: withGroup(sdk, managementKey),\n flow: WithFlow(sdk, managementKey),\n theme: WithTheme(sdk, managementKey),\n audit: WithAudit(sdk, managementKey),\n authz: WithAuthz(sdk, managementKey),\n fga: WithFGA(sdk, managementKey),\n});\n\nexport default withManagement;\n","/* Common Error Codes */\nexport default {\n badRequest: 'E011001',\n missingArguments: 'E011002',\n invalidRequest: 'E011003',\n invalidArguments: 'E011004',\n wrongOTPCode: 'E061102',\n tooManyOTPAttempts: 'E061103',\n enchantedLinkPending: 'E062503',\n userNotFound: 'E062108',\n};\n"],"names":["_a","globalThis","Headers","patchedFetch","args","forEach","arg","_b","highWaterMark","crossFetch","getCookieValue","cookie","name","match","RegExp","withCookie","fn","async","resp","data","_d","refreshJwt","rest","__rest","cookies","options","push","cookieDomain","cookieMaxAge","cookiePath","response","headers","get","_c","Object","assign","getAuthorizationClaimItems","authInfo","claim","tenant","value","token","Array","isArray","isUserAssociatedWithTenant","apiPaths","create","createTestUser","createBatch","update","patch","delete","deleteAllTestUsers","load","logout","search","searchTestUsers","getProviderToken","updateStatus","updateLoginId","updateEmail","updatePhone","updateDisplayName","updatePicture","updateCustomAttribute","setRole","addRole","removeRole","setSSOApps","addSSOApps","removeSSOApps","addTenant","removeTenant","setPassword","setTemporaryPassword","setActivePassword","expirePassword","removeAllPasskeys","removeTOTPSeed","generateOTPForTest","generateMagicLinkForTest","generateEnchantedLinkForTest","generateEmbeddedLink","generateSignUpEmbeddedLink","history","updateName","updateTags","clone","projectsList","exportSnapshot","importSnapshot","validateSnapshot","deactivate","activate","settings","loadAll","searchAll","generateSSOConfigurationLink","oidcCreate","samlCreate","oidcUpdate","samlUpdate","secret","rotate","fetchToken","fetchTokenByScopes","fetchTenantToken","fetchTenantTokenByScopes","settingsNew","metadata","mapping","settingsv2","settingsAllV2","oidc","configure","saml","impersonate","stopImpersonation","signIn","signUp","signUpOrIn","anonymous","list","export","import","run","loadAllGroups","loadAllGroupsForMember","loadAllGroupMembers","createEvent","schemaSave","schemaDelete","schemaLoad","nsSave","nsDelete","rdSave","rdDelete","reCreate","reDelete","reDeleteResources","reDeleteResourceRelationsForResources","hasRelations","who","resource","targets","targetAll","targetWithRelation","getModified","schema","relations","deleteRelations","check","resourcesLoad","resourcesSave","transformUsersForBatch","users","map","roles","user","roleNames","mapToValuesObject","input","keys","length","fromEntries","entries","key","values","withUser","sdk","managementKey","loginId","emailOrOptions","phone","displayName","userTenants","customAttributes","picture","verifiedEmail","verifiedPhone","givenName","middleName","familyName","additionalLoginIds","body","email","undefined","transformResponse","httpClient","post","test","invite","inviteUrl","sendMail","sendSMS","templateId","inviteBatch","templateOptions","ssoAppIds","scim","deleteByUserId","userId","queryParams","loadByUserId","logoutUser","logoutUserByUserId","tenantIds","limit","page","testUsersOnly","withTestUser","statuses","emails","phones","searchReq","tenantRoleIds","tenantRoleNames","provider","providerTokenOptions","withRefreshToken","forceRefresh","status","newLoginId","isVerified","verified","attributeKey","attributeValue","setRoles","addRoles","removeRoles","tenantId","setTenantRoles","addTenantRoles","removeTenantRoles","addSSOapps","setSSOapps","removeSSOapps","generateOTPForTestUser","deliveryMethod","loginOptions","generateMagicLinkForTestUser","uri","URI","generateEnchantedLinkForTestUser","customClaims","timeout","emailVerified","phoneVerified","password","userIds","withProject","tags","environment","listProjects","projects","id","request","files","withTenant","selfProvisioningDomains","enforceSSO","disabled","createWithId","cascade","tenants","ids","names","tenantNames","tenantSelfProvisioningDomains","getSettings","configureSettings","expireDuration","ssoId","expireTime","withJWT","jwt","refreshDuration","impersonatorId","validateConsent","selectedTenant","signUpOptions","withPermission","description","newName","permissions","withRole","permissionNames","defaultRole","default","withGroup","loginIds","groupId","transformSettingsResponse","readySettings","attributeMapping","userAttrMapping","groupsMapping","gm","rm","roleName","role","withSSOSettings","newSettings","deleteSettings","idpURL","idpCert","entityId","redirectURL","domains","configureMetadata","idpMetadataURL","configureMapping","roleMappings","configureOIDCSettings","configureSAMLSettings","redirectUrl","configureSAMLByMetadata","loadSettings","loadAllSettings","SSOSettings","res","setting","transformAllSettingsResponse","withAccessKey","permittedIps","keyTenants","WithFlow","flowIds","flowId","flow","screens","output","WithTheme","theme","WithAudit","searchOptions","externalIds","audits","a","occurred","parseFloat","createOptions","WithAuthz","saveSchema","upgrade","deleteSchema","loadSchema","saveNamespace","namespace","oldName","schemaName","deleteNamespace","saveRelationDefinition","relationDefinition","deleteRelationDefinition","createRelations","deleteRelationsForResources","resources","deleteResourceRelationsForResources","deleteRelationsForIds","relationQueries","whoCanAccess","resourceRelations","ignoreTargetSetRelations","targetsRelations","includeTargetSetRelations","whatCanTargetAccess","target","whatCanTargetAccessWithRelation","since","getTime","withSSOApplication","createOidcApplication","enabled","createSamlApplication","updateOidcApplication","updateSamlApplication","apps","withPassword","WithFGA","tuples","loadResourcesDetails","resourceIdentifiers","resourcesDetails","saveResourcesDetails","deleteAllRelations","withInboundApplication","createApplication","updateApplication","patchApplication","deleteApplication","loadApplication","loadAllApplications","getApplicationSecret","rotateApplicationSecret","searchConsents","consents","deleteConsents","withOutboundApplication","app","appId","scopes","nodeSdk","publicKey","config","coreSdk","createSdk","fetch","baseHeaders","process","versions","node","projectId","logger","management","project","accessKey","ssoApplication","inboundApplication","outboundApplication","sso","permission","group","audit","authz","fga","withManagement","refresh","header","kid","Error","parsedKey","JSON","parse","importJWK","e","error","publicKeys","then","json","Promise","all","reduce","acc","jwk","toString","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","split","pop","errors","JWTClaimValidationFailed","sessionToken","validateJwt","refreshToken","jwtResp","ok","seesionJwt","join","sessionJwt","_e","_f","errorMessage","refreshTokenErr","validateSession","log","refreshSession","exchange","validatePermissions","validateTenantPermissions","getMatchedPermissions","getMatchedTenantPermissions","granted","every","perm","includes","filter","validateRoles","validateTenantRoles","getMatchedRoles","getMatchedTenantRoles","membership","wrapWith","RefreshTokenCookieName","SessionTokenCookieName","DescopeErrors","badRequest","missingArguments","invalidRequest","invalidArguments","wrongOTPCode","tooManyOTPAttempts","enchantedLinkPending","userNotFound"],"mappings":"4NAEkB,QAAlBA,EAAAC,WAAWC,eAAO,IAAAF,IAAlBC,WAAWC,QAAYA,GAEvB,MAGMC,EAAe,IAAIC,KAGvBA,EAAKC,SAASC,YAERA,GAAsB,iBAARA,YAEhBN,GAAAO,EAACD,GAAYE,+BAAAA,cAVK,UAWnB,IAGIC,KAAcL,ICIVM,EAAiB,CAACC,EAAmCC,KAChE,MAAMC,EAAQF,eAAAA,EAAQE,MAAMC,OAAO,cAAcF,cACjD,OAAOC,EAAQA,EAAM,GAAK,IAAI,EAQnBE,EACVC,GACDC,SAAUb,eACR,MAAMc,QAAaF,KAAMZ,GAGzB,IAAKc,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAA0BF,EAAKC,MAA/BE,WAAEA,GAAUD,EAAKE,EAAjBC,EAAAH,EAAA,CAAA,eACJ,MAAMI,EAAoB,GAjCP,IAA8BC,EA+CjD,OAZKJ,EASHG,EAAQE,KA3CZ,GCXoC,SDsDoBL,cA3C5BI,OADuBA,EA4CiBH,QA3CxC,EAAAG,EAASE,eAAgB,gBACnDF,aAAA,EAAAA,EAASG,eAAgB,aACjBH,aAAA,EAAAA,EAASI,aAAc,mCAiCZ,QAAb7B,EAAAkB,EAAKY,gBAAQ,IAAA9B,OAAA,EAAAA,EAAE+B,QAAQC,IAAI,iBAC7BX,EAAaX,EACE,QAAbH,EAAAW,EAAKY,gBAAQ,IAAAvB,OAAA,EAAAA,EAAEwB,QAAQC,IAAI,cChDC,ODmD9BR,EAAQE,KAAoB,QAAfO,EAAAf,EAAKY,gBAAU,IAAAG,OAAA,EAAAA,EAAAF,QAAQC,IAAI,gBAMhCE,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAjB,GAAM,CAAAC,KAAWe,OAAAC,OAAAD,OAAAC,OAAA,GAAAjB,EAAKC,MAAM,CAAAE,aAAYG,aAAY,WAUpDY,EACdC,EACAC,EACAC,WAEA,MAAMC,EAAQD,EAC0C,QAApDhC,EAA6C,QAA7CP,EAAAqC,EAASI,MAAgC,eAAI,IAAAzC,OAAA,EAAAA,EAAAuC,UAAO,IAAAhC,OAAA,EAAAA,EAAG+B,GACvDD,EAASI,MAAMH,GACnB,OAAOI,MAAMC,QAAQH,GAASA,EAAQ,EACxC,CAQgB,SAAAI,EAA2BP,EAA8BE,SACvE,SAAmD,QAA1CvC,EAAAqC,EAASI,MAAgC,eAAC,IAAAzC,OAAA,EAAAA,EAAGuC,GACxD,CEtFA,IAAeM,EACP,CACJC,OAAQ,uBACRC,eAAgB,4BAChBC,YAAa,6BACbC,OAAQ,uBACRC,MAAO,sBACPC,OAAQ,uBACRC,mBAAoB,gCACpBC,KAAM,gBACNC,OAAQ,uBACRC,OAAQ,uBACRC,gBAAiB,4BACjBC,iBAAkB,+BAClBC,aAAc,8BACdC,cAAe,+BACfC,YAAa,6BACbC,YAAa,6BACbC,kBAAmB,4BACnBC,cAAe,+BACfC,sBAAuB,uCACvBC,QAAS,gCACTC,QAAS,gCACTC,WAAY,mCACZC,WAAY,kCACZC,WAAY,kCACZC,cAAe,qCACfC,UAAW,kCACXC,aAAc,qCACdC,YAAa,6BACbC,qBAAsB,uCACtBC,kBAAmB,oCACnBC,eAAgB,gCAChBC,kBAAmB,gCACnBC,eAAgB,4BAChBC,mBAAoB,8BACpBC,yBAA0B,oCAC1BC,6BAA8B,wCAC9BC,qBAAsB,oCACtBC,2BAA4B,oCAC5BC,QAAS,yBAxCEvC,EA0CJ,CACPwC,WAAY,+BACZC,WAAY,+BACZC,MAAO,yBACPC,aAAc,yBACdC,eAAgB,mCAChBC,eAAgB,mCAChBC,iBAAkB,sCAjDP9C,EAmDF,CACTC,OAAQ,4BACRO,KAAM,qBACNE,OAAQ,4BACRN,OAAQ,4BACR2C,WAAY,gCACZC,SAAU,8BACV1C,OAAQ,6BA1DGN,EA4DL,CACNC,OAAQ,yBACRG,OAAQ,yBACRE,OAAQ,yBACRE,KAAM,kBACNyC,SAAU,2BACVC,QAAS,sBACTC,UAAW,yBACXC,6BAA8B,2CApEnBpD,EAsEG,CACdqD,WAAY,mCACZC,WAAY,mCACZC,WAAY,mCACZC,WAAY,mCACZlD,OAAQ,8BACRE,KAAM,4BACN0C,QAAS,8BA7EElD,EA+EO,CAClBC,OAAQ,iCACRG,OAAQ,iCACRC,MAAO,gCACPC,OAAQ,iCACRE,KAAM,+BACN0C,QAAS,gCACTO,OAAQ,iCACRC,OAAQ,kCAvFG1D,EAyFe,CAC1BM,OAAQ,sCACRI,OAAQ,uCA3FGV,EA6FQ,CACnBC,OAAQ,+BACRG,OAAQ,+BACRE,OAAQ,+BACRE,KAAM,wBACN0C,QAAS,yBACTS,WAAY,0CACZC,mBAAoB,mCACpBC,iBAAkB,4CAClBC,yBAA0B,sCAtGf9D,EAwGR,CACHiD,SAAU,wBACVc,YAAa,4BACbC,SAAU,wBACVC,QAAS,uBACTC,WAAY,wBACZC,cAAe,4BACfC,KAAM,CACJC,UAAW,qBAEbC,KAAM,CACJD,UAAW,oBACXL,SAAU,+BApHDhE,EAuHR,CACHI,OAAQ,sBACRmE,YAAa,uBACbC,kBAAmB,8BACnBC,OAAQ,uBACRC,OAAQ,uBACRC,WAAY,0BACZC,UAAW,2BA9HA5E,EAgIH,CACRiD,SAAU,8BAjICjD,EAmID,CACVC,OAAQ,6BACRG,OAAQ,6BACRE,OAAQ,6BACR4C,QAAS,2BAvIElD,EAyIP,CACJC,OAAQ,uBACRG,OAAQ,uBACRE,OAAQ,uBACR4C,QAAS,oBACTxC,OAAQ,wBA9IGV,EAgJP,CACJ6E,KAAM,qBACNvE,OAAQ,uBACRwE,OAAQ,uBACRC,OAAQ,uBACRC,IAAK,qBArJMhF,EAuJN,CACL8E,OAAQ,wBACRC,OAAQ,yBAzJG/E,EA2JN,CACLiF,cAAe,qBACfC,uBAAwB,4BACxBC,oBAAqB,0BA9JVnF,EAgKN,CACLU,OAAQ,wBACR0E,YAAa,wBAlKFpF,EAoKN,CACLqF,WAAY,6BACZC,aAAc,+BACdC,WAAY,6BACZC,OAAQ,yBACRC,SAAU,2BACVC,OAAQ,yBACRC,SAAU,2BACVC,SAAU,2BACVC,SAAU,2BACVC,kBAAmB,oCACnBC,sCAAuC,6CACvCC,aAAc,wBACdC,IAAK,wBACLC,SAAU,6BACVC,QAAS,4BACTC,UAAW,8BACXC,mBAAoB,uCACpBC,YAAa,8BAtLFtG,EAwLR,CACHuG,OAAQ,sBACRC,UAAW,yBACXC,gBAAiB,gCACjBC,MAAO,qBACPC,cAAe,8BACfC,cAAe,+BCzLb,SAAUC,EAAuBC,GACrC,OAAOA,EAAMC,KAAK5J,IAAA,IAAA6J,MAAEA,GAAgB7J,EAAN8J,EAAIvI,EAAAvB,EAAhB,WAAuB,sCACpC8J,GAAI,CACPC,UAAWF,GACX,GACJ,CCoDA,SAASG,EACPC,GAEA,GAAKA,GAAuC,IAA9B/H,OAAOgI,KAAKD,GAAOE,OAGjC,OAAOjI,OAAOkI,YACZlI,OAAOmI,QAAQJ,GAAOL,KAAI,EAAEU,EAAK9H,KAAW,CAAC8H,EAAK,CAAEC,OAAQ/H,MAEhE,CAEA,MAAMgI,EAAW,CAACC,EAAcC,KA4WvB,CACL5H,OAzVF,SACE6H,EACAC,EACAC,EACAC,EACAjB,EACAkB,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBZ,EACH,CACED,UACAc,MAAOb,EACPC,QACAC,cACAM,YACAC,aACAC,aACAvB,UAAWF,EACXkB,cACAC,mBACAC,UACAC,gBACAC,gBACAI,mDAGAZ,WACGC,GACH,CAAAb,UAAWa,aAAA,EAAAA,EAAgBf,MAC3BA,WAAO6B,IAEf,OAAOC,EACLlB,EAAImB,WAAWC,KAAKhJ,EAAcC,OAAQ0I,EAAM,CAAE/I,MAAOiI,KACxDvJ,GAASA,EAAK2I,MAElB,EAqTC/G,eA5RF,SACE4H,EACAC,EACAC,EACAC,EACAjB,EACAkB,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBZ,EACH,CACED,UACAc,MAAOb,EACPC,QACAC,cACAM,YACAC,aACAC,aACAvB,UAAWF,EACXkB,cACAC,mBACAC,UACAC,gBACAC,gBACAI,qBACAO,MAAM,GAET5J,OAAAC,OAAAD,OAAAC,OAAA,CACGwI,WACGC,IACHb,UAAWa,aAAc,EAAdA,EAAgBf,MAC3BA,WAAO6B,EACPI,MAAM,IAEd,OAAOH,EACLlB,EAAImB,WAAWC,KAAKhJ,EAAcE,eAAgByI,EAAM,CAAE/I,MAAOiI,KAChEvJ,GAASA,EAAK2I,MAElB,EA4OCiC,OAzMF,SACEpB,EACAC,EACAC,EACAC,EACAjB,EACAkB,EACAC,EACAC,EACAC,EACAC,EACAa,EACAC,EACAC,EACAd,EACAC,EACAC,EACAC,EACAY,GAKA,MAAMX,EACsB,iBAAnBZ,EACH,CACED,UACAc,MAAOb,EACPC,QACAC,cACAM,YACAC,aACAC,aACAvB,UAAWF,EACXkB,cACAgB,QAAQ,EACRf,mBACAC,UACAC,gBACAC,gBACAa,YACAC,WACAC,UACAX,qBACAY,cAEHjK,OAAAC,OAAAD,OAAAC,OAAA,CACGwI,WACGC,IACHb,UAAWa,aAAc,EAAdA,EAAgBf,MAC3BA,WAAO6B,EACPK,QAAQ,IAEhB,OAAOJ,EACLlB,EAAImB,WAAWC,KAAKhJ,EAAcC,OAAQ0I,EAAM,CAAE/I,MAAOiI,KACxDvJ,GAASA,EAAK2I,MAElB,EAiJCsC,YAAa,CACXzC,EACAqC,EACAC,EACAC,EACAG,EACAF,IAEAR,EACElB,EAAImB,WAAWC,KACbhJ,EAAcG,YACd,CACE2G,MAAOD,EAAuBC,GAC9BoC,QAAQ,EACRC,YACAC,WACAC,UACAG,kBACAF,cAEF,CAAE1J,MAAOiI,KAEVvJ,GAASA,IAEd6B,YAAc2G,GACZgC,EACElB,EAAImB,WAAWC,KACbhJ,EAAcG,YACd,CACE2G,MAAOD,EAAuBC,IAEhC,CAAElH,MAAOiI,KAEVvJ,GAASA,IAEd8B,OA9JF,SACE0H,EACAC,EACAC,EACAC,EACAjB,EACAkB,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBZ,EACH,CACED,UACAc,MAAOb,EACPC,QACAC,cACAM,YACAC,aACAC,aACAvB,UAAWF,EACXkB,cACAC,mBACAC,UACAC,gBACAC,gBACAI,mDAGAZ,WACGC,GACH,CAAAb,UAAWa,aAAA,EAAAA,EAAgBf,MAC3BA,WAAO6B,IAEf,OAAOC,EACLlB,EAAImB,WAAWC,KAAKhJ,EAAcI,OAAQuI,EAAM,CAAE/I,MAAOiI,KACxDvJ,GAASA,EAAK2I,MAElB,EAgHC5G,MAxGF,SAAeyH,EAAiBlJ,GAC9B,MAAM+J,EAAO,CACXb,WA8CF,YA3CsBe,IAAlBjK,EAAQgK,QACVD,EAAKC,MAAQhK,EAAQgK,YAEDC,IAAlBjK,EAAQoJ,QACVW,EAAKX,MAAQpJ,EAAQoJ,YAEKa,IAAxBjK,EAAQqJ,cACVU,EAAKV,YAAcrJ,EAAQqJ,kBAEHY,IAAtBjK,EAAQ2J,YACVI,EAAKJ,UAAY3J,EAAQ2J,gBAEAM,IAAvBjK,EAAQ4J,aACVG,EAAKH,WAAa5J,EAAQ4J,iBAEDK,IAAvBjK,EAAQ6J,aACVE,EAAKF,WAAa7J,EAAQ6J,iBAENI,IAAlBjK,EAAQoI,QACV2B,EAAKzB,UAAYtI,EAAQoI,YAEC6B,IAAxBjK,EAAQsJ,cACVS,EAAKT,YAActJ,EAAQsJ,kBAEIW,IAA7BjK,EAAQuJ,mBACVQ,EAAKR,iBAAmBvJ,EAAQuJ,uBAEVU,IAApBjK,EAAQwJ,UACVO,EAAKP,QAAUxJ,EAAQwJ,cAEKS,IAA1BjK,EAAQyJ,gBACVM,EAAKN,cAAgBzJ,EAAQyJ,oBAEDQ,IAA1BjK,EAAQ0J,gBACVK,EAAKL,cAAgB1J,EAAQ0J,oBAELO,IAAtBjK,EAAQ6K,YACVd,EAAKc,UAAY7K,EAAQ6K,gBAENZ,IAAjBjK,EAAQ8K,OACVf,EAAKe,KAAO9K,EAAQ8K,MAGfZ,EACLlB,EAAImB,WAAW1I,MAAML,EAAcK,MAAOsI,EAAM,CAAE/I,MAAOiI,KACxDvJ,GAASA,EAAK2I,MAElB,EAyDC3G,OAASwH,GACPgB,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcM,OAAQ,CAAEwH,WAAW,CAAElI,MAAOiI,KAOpE8B,eAAiBC,GACfd,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcM,OAAQ,CAAEsJ,UAAU,CAAEhK,MAAOiI,KAKnEtH,mBAAoB,IAClBuI,EACElB,EAAImB,WAAWzI,OAAON,EAAcO,mBAAoB,CAAEX,MAAOiI,KAErErH,KAAOsH,GACLgB,EACElB,EAAImB,WAAW5J,IAAIa,EAAcQ,KAAM,CACrCqJ,YAAa,CAAE/B,WACflI,MAAOiI,KAERvJ,GAASA,EAAK2I,OAQnB6C,aAAeF,GACbd,EACElB,EAAImB,WAAW5J,IAAIa,EAAcQ,KAAM,CACrCqJ,YAAa,CAAED,UACfhK,MAAOiI,KAERvJ,GAASA,EAAK2I,OAOnB8C,WAAajC,GACXgB,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcS,OAAQ,CAAEqH,WAAW,CAAElI,MAAOiI,KAQpEmC,mBAAqBJ,GACnBd,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcS,OAAQ,CAAEmJ,UAAU,CAAEhK,MAAOiI,KAcnE1E,UAAW,CACT8G,EACAjD,EACAkD,EACAC,EACAC,EACAC,EACAlC,EACAmC,EACAC,EACAC,IAEA1B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcU,OACd,CACEuJ,YACA/C,UAAWF,EACXkD,QACAC,OACAC,gBACAC,eACAlC,mBACAmC,WACAC,SACAC,UAEF,CAAE5K,MAAOiI,KAEVvJ,GAASA,EAAKwI,QAEnBnG,gBAAkB8J,GAChB3B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcW,gBAETtB,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmL,GACH,CAAAJ,cAAc,EACdD,eAAe,EACflD,UAAWuD,EAAUzD,MACrBA,WAAO6B,EACP6B,cAAevD,EAAkBsD,EAAUC,eAC3CC,gBAAiBxD,EAAkBsD,EAAUE,mBAE/C,CAAE/K,MAAOiI,KAEVvJ,GAASA,EAAKwI,QAEnBpG,OAAS+J,GACP3B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcU,OAETrB,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmL,GACH,CAAAvD,UAAWuD,EAAUzD,MACrBA,WAAO6B,EACP6B,cAAevD,EAAkBsD,EAAUC,eAC3CC,gBAAiBxD,EAAkBsD,EAAUE,mBAE/C,CAAE/K,MAAOiI,KAEVvJ,GAASA,EAAKwI,QAanBlG,iBAAkB,CAChBkH,EACA8C,EACAC,IAEA/B,EACElB,EAAImB,WAAW5J,IAAIa,EAAcY,iBAAkB,CACjDiJ,YAAa,CACX/B,UACA8C,WACAE,kBAAkBD,eAAAA,EAAsBC,kBAAmB,OAAS,QACpEC,cAAcF,eAAAA,EAAsBE,cAAe,OAAS,SAE9DnL,MAAOiI,KAERvJ,GAASA,IAEd0E,SAAW8E,GACTgB,EACElB,EAAImB,WAAWC,KACbhJ,EAAca,aACd,CAAEiH,UAASkD,OAAQ,WACnB,CAAEpL,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBlE,WAAa+E,GACXgB,EACElB,EAAImB,WAAWC,KACbhJ,EAAca,aACd,CAAEiH,UAASkD,OAAQ,YACnB,CAAEpL,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBnG,cAAe,CAACgH,EAAiBmD,IAC/BnC,EACElB,EAAImB,WAAWC,KACbhJ,EAAcc,cACd,CAAEgH,UAASmD,cACX,CAAErL,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBlG,YAAa,CACX+G,EACAc,EACAsC,IAEApC,EACElB,EAAImB,WAAWC,KACbhJ,EAAce,YACd,CAAE+G,UAASc,QAAOuC,SAAUD,GAC5B,CAAEtL,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBjG,YAAa,CACX8G,EACAE,EACAkD,IAEApC,EACElB,EAAImB,WAAWC,KACbhJ,EAAcgB,YACd,CAAE8G,UAASE,QAAOmD,SAAUD,GAC5B,CAAEtL,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBhG,kBAAmB,CACjB6G,EACAG,EACAM,EACAC,EACAC,IAEAK,EACElB,EAAImB,WAAWC,KACbhJ,EAAciB,kBACd,CAAE6G,UAASG,cAAaM,YAAWC,aAAYC,cAC/C,CAAE7I,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnB/F,cAAe,CAAC4G,EAAiBM,IAC/BU,EACElB,EAAImB,WAAWC,KACbhJ,EAAckB,cACd,CAAE4G,UAASM,WACX,CAAExI,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnB9F,sBAAuB,CACrB2G,EACAsD,EACAC,IAEAvC,EACElB,EAAImB,WAAWC,KACbhJ,EAAcmB,sBACd,CAAE2G,UAASsD,eAAcC,kBACzB,CAAEzL,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBqE,SAAU,CAACxD,EAAiBd,IAC1B8B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcoB,QACd,CAAE0G,UAASZ,UAAWF,GACtB,CAAEpH,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBsE,SAAU,CAACzD,EAAiBd,IAC1B8B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcqB,QACd,CAAEyG,UAASZ,UAAWF,GACtB,CAAEpH,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBuE,YAAa,CAAC1D,EAAiBd,IAC7B8B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcsB,WACd,CAAEwG,UAASZ,UAAWF,GACtB,CAAEpH,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBvF,UAAW,CAACoG,EAAiB2D,IAC3B3C,EACElB,EAAImB,WAAWC,KACbhJ,EAAc0B,UACd,CAAEoG,UAAS2D,YACX,CAAE7L,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnBtF,aAAc,CAACmG,EAAiB2D,IAC9B3C,EACElB,EAAImB,WAAWC,KACbhJ,EAAc2B,aACd,CAAEmG,UAAS2D,YACX,CAAE7L,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnByE,eAAgB,CACd5D,EACA2D,EACAzE,IAEA8B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcoB,QACd,CAAE0G,UAAS2D,WAAUvE,UAAWF,GAChC,CAAEpH,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnB0E,eAAgB,CACd7D,EACA2D,EACAzE,IAEA8B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcqB,QACd,CAAEyG,UAAS2D,WAAUvE,UAAWF,GAChC,CAAEpH,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnB2E,kBAAmB,CACjB9D,EACA2D,EACAzE,IAEA8B,EACElB,EAAImB,WAAWC,KACbhJ,EAAcsB,WACd,CAAEwG,UAAS2D,WAAUvE,UAAWF,GAChC,CAAEpH,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnB4E,WAAY,CAAC/D,EAAiB2B,IAC5BX,EACElB,EAAImB,WAAWC,KACbhJ,EAAcwB,WACd,CAAEsG,UAAS2B,aACX,CAAE7J,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnB6E,WAAY,CAAChE,EAAiB2B,IAC5BX,EACElB,EAAImB,WAAWC,KACbhJ,EAAcuB,WACd,CAAEuG,UAAS2B,aACX,CAAE7J,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAEnB8E,cAAe,CAACjE,EAAiB2B,IAC/BX,EACElB,EAAImB,WAAWC,KACbhJ,EAAcyB,cACd,CAAEqG,UAAS2B,aACX,CAAE7J,MAAOiI,KAEVvJ,GAASA,EAAK2I,OAcnB+E,uBAAwB,CACtBC,EACAnE,EACAoE,IAEApD,EACElB,EAAImB,WAAWC,KACbhJ,EAAckC,mBACd,CAAE+J,iBAAgBnE,UAASoE,gBAC3B,CAAEtM,MAAOiI,KAEVvJ,GAASA,IAed6N,6BAA8B,CAC5BF,EACAnE,EACAsE,EACAF,IAEApD,EACElB,EAAImB,WAAWC,KACbhJ,EAAcmC,yBACd,CAAE8J,iBAAgBnE,UAASuE,IAAKD,EAAKF,gBACrC,CAAEtM,MAAOiI,KAEVvJ,GAASA,IAcdgO,iCAAkC,CAChCxE,EACAsE,EACAF,IAEApD,EACElB,EAAImB,WAAWC,KACbhJ,EAAcoC,6BACd,CAAE0F,UAASuE,IAAKD,EAAKF,gBACrB,CAAEtM,MAAOiI,KAEVvJ,GAASA,IAGd+D,qBAAsB,CACpByF,EACAyE,EACAC,IAEA1D,EACElB,EAAImB,WAAWC,KACbhJ,EAAcqC,qBACd,CAAEyF,UAASyE,eAAcC,WACzB,CAAE5M,MAAOiI,KAEVvJ,GAASA,IAGdgE,2BAA4B,CAC1BwF,EACAb,EAQAwF,EACAC,EACAR,EACAM,IAEA1D,EACElB,EAAImB,WAAWC,KACbhJ,EAAcsC,2BACd,CAAEwF,UAASb,OAAMwF,gBAAeC,gBAAeR,eAAcM,WAC7D,CAAE5M,MAAOiI,KAEVvJ,GAASA,IAWduD,qBAAsB,CAACiG,EAAiB6E,IACtC7D,EACElB,EAAImB,WAAWC,KACbhJ,EAAc6B,qBACd,CAAEiG,UAAS6E,YACX,CAAE/M,MAAOiI,KAEVvJ,GAASA,IAQdwD,kBAAmB,CAACgG,EAAiB6E,IACnC7D,EACElB,EAAImB,WAAWC,KACbhJ,EAAc8B,kBACd,CAAEgG,UAAS6E,YACX,CAAE/M,MAAOiI,KAEVvJ,GAASA,IAWdsD,YAAa,CAACkG,EAAiB6E,IAC7B7D,EACElB,EAAImB,WAAWC,KACbhJ,EAAc4B,YACd,CAAEkG,UAAS6E,YACX,CAAE/M,MAAOiI,KAEVvJ,GAASA,IASdyD,eAAiB+F,GACfgB,EACElB,EAAImB,WAAWC,KAAKhJ,EAAc+B,eAAgB,CAAE+F,WAAW,CAAElI,MAAOiI,KACvEvJ,GAASA,IASd0D,kBAAoB8F,GAClBgB,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcgC,kBAAmB,CAAE8F,WAAW,CAAElI,MAAOiI,KAC1EvJ,GAASA,IASd2D,eAAiB6F,GACfgB,EACElB,EAAImB,WAAWC,KAAKhJ,EAAciC,eAAgB,CAAE6F,WAAW,CAAElI,MAAOiI,KACvEvJ,GAASA,IAOdiE,QAAUqK,GACR9D,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcuC,QAASqK,EAAS,CAAEhN,MAAOiI,KAC5DvJ,GAASA,MC3hCZuO,EAAc,CAACjF,EAAcC,KAA4B,CAK7DrF,WAAazE,GACX+K,EACElB,EAAImB,WAAWC,KACbhJ,EAAiBwC,WACjB,CACEzE,QAEF,CAAE6B,MAAOiI,KAQfpF,WAAaqK,GACXhE,EACElB,EAAImB,WAAWC,KACbhJ,EAAiByC,WACjB,CACEqK,QAEF,CAAElN,MAAOiI,KAYfnF,MAAO,CACL3E,EACAgP,EACAD,IAEAhE,EACElB,EAAImB,WAAWC,KACbhJ,EAAiB0C,MACjB,CACE3E,OACAgP,cACAD,QAEF,CAAElN,MAAOiI,KAQfmF,aAAc5O,SACZ0K,EACElB,EAAImB,WAAWC,KACbhJ,EAAiB2C,aACjB,GACA,CACE/C,MAAOiI,KAGVvJ,GACCA,EAAK2O,SAASlG,KAAI,EAAGmG,KAAInP,OAAMgP,cAAaD,WAAY,CACtDI,KACAnP,OACAgP,cACAD,aAqBRlK,eAAgB,IACdkG,EACElB,EAAImB,WAAWC,KAAKhJ,EAAiB4C,eAAgB,CAAE,EAAE,CAAEhD,MAAOiI,KAwBtEhF,eAAiBsK,GACfrE,EACElB,EAAImB,WAAWC,KAAKhJ,EAAiB6C,eAAgBsK,EAAS,CAAEvN,MAAOiI,KAsB3E/E,iBACEqK,GAEArE,EACElB,EAAImB,WAAWC,KAAKhJ,EAAiB8C,iBAAkBqK,EAAS,CAAEvN,MAAOiI,KAM7E/C,OAAQ,IACNgE,EACElB,EAAImB,WAAWC,KAAKhJ,EAAiB4C,eAAgB,CAAA,EAAI,CAAEhD,MAAOiI,KACjEvJ,GAASA,EAAK8O,QAMnBrI,OAASqI,GACPtE,EACElB,EAAImB,WAAWC,KACbhJ,EAAiB6C,eACjB,CACEuK,SAEF,CAAExN,MAAOiI,OC7KXwF,EAAa,CAACzF,EAAcC,KAA4B,CAC5D5H,OAAQ,CACNlC,EACAuP,EACAnF,EACAoF,EACAC,IAEA1E,EACElB,EAAImB,WAAWC,KACbhJ,EAAgBC,OAChB,CAAElC,OAAMuP,0BAAyBnF,mBAAkBoF,aAAYC,YAC/D,CAAE5N,MAAOiI,KAGf4F,aAAc,CACZP,EACAnP,EACAuP,EACAnF,EACAoF,EACAC,IAEA1E,EACElB,EAAImB,WAAWC,KACbhJ,EAAgBC,OAChB,CAAEiN,KAAInP,OAAMuP,0BAAyBnF,mBAAkBoF,aAAYC,YACnE,CAAE5N,MAAOiI,KAGfzH,OAAQ,CACN8M,EACAnP,EACAuP,EACAnF,EACAoF,EACAC,IAEA1E,EACElB,EAAImB,WAAWC,KACbhJ,EAAgBI,OAChB,CAAE8M,KAAInP,OAAMuP,0BAAyBnF,mBAAkBoF,aAAYC,YACnE,CAAE5N,MAAOiI,KAGfvH,OAAQ,CAAC4M,EAAYQ,IACnB5E,EACElB,EAAImB,WAAWC,KAAKhJ,EAAgBM,OAAQ,CAAE4M,KAAIQ,WAAW,CAAE9N,MAAOiI,KAE1ErH,KAAO0M,GACLpE,EACElB,EAAImB,WAAW5J,IAAIa,EAAgBQ,KAAM,CACvCqJ,YAAa,CAAEqD,MACftN,MAAOiI,KAERvJ,GAASA,IAEd4E,QAAS,IACP4F,EACElB,EAAImB,WAAW5J,IAAIa,EAAgBkD,QAAS,CAC1CtD,MAAOiI,KAERvJ,GAASA,EAAKqP,UAEnBxK,UAAW,CACTyK,EACAC,EACAP,EACAnF,IAEAW,EACElB,EAAImB,WAAWC,KACbhJ,EAAgBmD,UAChB,CACE8G,UAAW2D,EACXE,YAAaD,EACbE,8BAA+BT,EAC/BnF,oBAEF,CAAEvI,MAAOiI,KAEVvJ,GAASA,EAAKqP,UAEnBK,YAAcvC,GACZ3C,EACElB,EAAImB,WAAW5J,IAAIa,EAAgBiD,SAAU,CAC3C4G,YAAa,CAAEqD,GAAIzB,GACnB7L,MAAOiI,KAERvJ,GAASA,IAEd2P,kBAAmB,CAACxC,EAAkBxI,IACpC6F,EACElB,EAAImB,WAAWC,KACbhJ,EAAgBiD,SACX5D,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA2D,GAAU,CAAAwI,aACf,CACE7L,MAAOiI,KAIfzE,6BAA8B,CAC5BqI,EACAyC,EACAC,EACAvF,EACAU,IAEAR,EACElB,EAAImB,WAAWC,KACbhJ,EAAgBoD,6BAChB,CAAEqI,WAAU2C,WAAYF,EAAgBC,QAAOvF,QAAOU,cACtD,CACE1J,MAAOiI,KAGVvJ,GAASA,MC5HV+P,EAAU,CAACzG,EAAcC,KAA4B,CACzDzH,OAAQ,CACNkO,EACA/B,EACAgC,IAEAzF,EACElB,EAAImB,WAAWC,KACbhJ,EAAaI,OACb,CAAEkO,MAAK/B,eAAcgC,mBACrB,CAAE3O,MAAOiI,KAGftD,YAAa,CACXiK,EACA1G,EACA2G,EACAlC,EACAmC,EACAH,IAEAzF,EACElB,EAAImB,WAAWC,KACbhJ,EAAauE,YACb,CAAEiK,iBAAgB1G,UAAS2G,kBAAiBlC,eAAcmC,iBAAgBH,mBAC1E,CAAE3O,MAAOiI,KAGfrD,kBAAmB,CACjB8J,EACA/B,EACAmC,EACAH,IAEAzF,EACElB,EAAImB,WAAWC,KACbhJ,EAAawE,kBACb,CAAE8J,MAAK/B,eAAcmC,iBAAgBH,mBACrC,CAAE3O,MAAOiI,KAGfpD,OAAQ,CAACqD,EAAiBoE,IACxBpD,EACElB,EAAImB,WAAWC,KACbhJ,EAAayE,OAAMpF,OAAAC,OAAA,CACjBwI,WAAYoE,GACd,CAAEtM,MAAOiI,KAGfnD,OAAQ,CACNoD,EACAb,EACA0H,IAEA7F,EACElB,EAAImB,WAAWC,KACbhJ,EAAa0E,OACXrF,OAAAC,OAAA,CAAAwI,UAASb,QAAS0H,GACpB,CAAE/O,MAAOiI,KAGflD,WAAY,CACVmD,EACAb,EACA0H,IAEA7F,EACElB,EAAImB,WAAWC,KACbhJ,EAAa2E,WACXtF,OAAAC,OAAA,CAAAwI,UAASb,QAAS0H,GACpB,CAAE/O,MAAOiI,KAGfjD,UAAW,CACT2H,EACAmC,EACAH,IAEAzF,EACElB,EAAImB,WAAWC,KACbhJ,EAAa4E,UACb,CAAE2H,eAAcmC,iBAAgBH,mBAChC,CAAE3O,MAAOiI,OChFX+G,EAAiB,CAAChH,EAAcC,KAA4B,CAChE5H,OAAQ,CAAClC,EAAc8Q,IACrB/F,EACElB,EAAImB,WAAWC,KACbhJ,EAAoBC,OACpB,CAAElC,OAAM8Q,eACR,CAAEjP,MAAOiI,KAGfzH,OAAQ,CAACrC,EAAc+Q,EAAiBD,IACtC/F,EACElB,EAAImB,WAAWC,KACbhJ,EAAoBI,OACpB,CAAErC,OAAM+Q,UAASD,eACjB,CAAEjP,MAAOiI,KAGfvH,OAASvC,GACP+K,EACElB,EAAImB,WAAWC,KAAKhJ,EAAoBM,OAAQ,CAAEvC,QAAQ,CAAE6B,MAAOiI,KAEvE3E,QAAS,IACP4F,EACElB,EAAImB,WAAW5J,IAAIa,EAAoBkD,QAAS,CAC9CtD,MAAOiI,KAERvJ,GAASA,EAAKyQ,gBC1BfC,EAAW,CAACpH,EAAcC,KAA4B,CAC1D5H,OAAQ,CACNlC,EACA8Q,EACAI,EACAxD,EACAyD,IAEApG,EACElB,EAAImB,WAAWC,KACbhJ,EAAcC,OACd,CAAElC,OAAM8Q,cAAaI,kBAAiBxD,WAAU0D,QAASD,GACzD,CAAEtP,MAAOiI,KAGfzH,OAAQ,CACNrC,EACA+Q,EACAD,EACAI,EACAxD,EACAyD,IAEApG,EACElB,EAAImB,WAAWC,KACbhJ,EAAcI,OACd,CAAErC,OAAM+Q,UAASD,cAAaI,kBAAiBxD,WAAU0D,QAASD,GAClE,CAAEtP,MAAOiI,KAGfvH,OAAQ,CAACvC,EAAc0N,IACrB3C,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcM,OAAQ,CAAEvC,OAAM0N,YAAY,CAAE7L,MAAOiI,KAE3E3E,QAAS,IACP4F,EACElB,EAAImB,WAAW5J,IAAIa,EAAckD,QAAS,CACxCtD,MAAOiI,KAERvJ,GAASA,EAAK0I,QAEnBtG,OAAS9B,GACPkK,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcU,OAAQ9B,EAAS,CACjDgB,MAAOiI,KAERvJ,GAASA,EAAK0I,UClDfoI,EAAY,CAACxH,EAAcC,KAA4B,CAM3D5C,cAAgBwG,GACd3C,EACElB,EAAImB,WAAWC,KAAKhJ,EAAeiF,cAAe,CAAEwG,YAAY,CAAE7L,MAAOiI,KAU7E3C,uBAAwB,CACtBuG,EACAmB,EACAyC,IAEAvG,EACElB,EAAImB,WAAWC,KACbhJ,EAAekF,uBACf,CAAEuG,WAAU4D,WAAUzC,WACtB,CAAEhN,MAAOiI,KAUf1C,oBAAqB,CAACsG,EAAkB6D,IACtCxG,EACElB,EAAImB,WAAWC,KACbhJ,EAAemF,oBACf,CAAEsG,WAAU6D,WACZ,CAAE1P,MAAOiI,OClCjB,SAAS0H,EAA0BjR,WACjC,MAAMkR,EAAgBlR,EAgBtB,OAfIkR,EAAcpL,OAChBoL,EAAcpL,KACT/E,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAkQ,EAAcpL,MAAI,CACrBqL,iBAAkBD,EAAcpL,KAAKsL,yBAEhCF,EAAcpL,KAAKsL,kBAEN,UAAlBF,EAAclL,YAAI,IAAAnH,OAAA,EAAAA,EAAEwS,iBACtBH,EAAclL,KAAKqL,cAAkC,UAAlBH,EAAclL,YAAI,IAAA5G,OAAA,EAAAA,EAAEiS,cAAc5I,KAAK6I,IACxE,MAAMC,EAAKD,EAGX,OAFAC,EAAGC,SAAWD,EAAGE,KAAKhS,YACf8R,EAAGE,KACHF,CAAE,KAGNL,CACT,CASA,MAAMQ,EAAkB,CAACpI,EAAcC,KAA4B,CAIjEmG,YAAcvC,GACZ3C,EACElB,EAAImB,WAAW5J,IAAIa,EAAaiD,SAAU,CACxC4G,YAAa,CAAE4B,YACf7L,MAAOiI,KAERvJ,GAASA,IAEd2R,YAAa,CACXxE,EACA0C,EACAlG,IAEAa,EACElB,EAAImB,WAAWC,KACbhJ,EAAa+D,YACX1E,OAAAC,OAAAD,OAAAC,OAAA,CAAAmM,YAAc0C,EAAQ,CAAEA,SAAU,CAAE,GAAC,CAAElG,gBACzC,CAAErI,MAAOiI,KAEVvJ,GAASiR,EAA0BjR,KAExC4R,eAAgB,CAACzE,EAAkB0C,IACjCrF,EACElB,EAAImB,WAAWzI,OAAON,EAAaiD,SAAU,CAC3C4G,2BAAe4B,YAAc0C,EAAQ,CAAEA,SAAU,IACjDvO,MAAOiI,KAMboG,kBAAmB,CACjBxC,EACA0E,EACAC,EACAC,EACAC,EACAC,IAEAzH,EACElB,EAAImB,WAAWC,KACbhJ,EAAaiD,SACb,CAAEwI,WAAU0E,SAAQE,WAAUD,UAASE,cAAaC,WACpD,CAAE3Q,MAAOiI,KAMf2I,kBAAmB,CACjB/E,EACAgF,EACAH,EACAC,IAEAzH,EACElB,EAAImB,WAAWC,KACbhJ,EAAagE,SACb,CAAEyH,WAAUgF,iBAAgBH,cAAaC,WACzC,CAAE3Q,MAAOiI,KAMf6I,iBAAkB,CAChBjF,EACAkF,EACAlB,IAEA3G,EACElB,EAAImB,WAAWC,KACbhJ,EAAaiE,QACb,CAAEwH,WAAUkF,eAAclB,oBAC1B,CAAE7P,MAAOiI,KAGf+I,sBAAuB,CACrBnF,EACAxI,EACAsN,EACApC,KAEA,MAAMqB,EAAqBnQ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA2D,GAAU,CAAAyM,gBAAiBzM,EAASwM,mBAE/D,cADOD,EAAcC,iBACd3G,EACLlB,EAAImB,WAAWC,KACbhJ,EAAaoE,KAAKC,UAAShF,OAAAC,OAAA,CAEzBmM,WACAxI,SAAUuM,EACVe,WACIpC,EAAQ,CAAEA,SAAU,CAAE,GAE5B,CAAEvO,MAAOiI,IAEZ,EAEHgJ,sBAAuB,CACrBpF,EACAxI,EACA6N,EACAP,EACApC,IAEArF,EACElB,EAAImB,WAAWC,KACbhJ,EAAasE,KAAKD,yBAChBoH,WAAUxI,WAAU6N,cAAaP,WAAapC,EAAQ,CAAEA,SAAU,CAAA,GACpE,CAAEvO,MAAOiI,KAGfkJ,wBAAyB,CACvBtF,EACAxI,EACA6N,EACAP,EACApC,IAEArF,EACElB,EAAImB,WAAWC,KACbhJ,EAAasE,KAAKN,wBAChByH,WAAUxI,WAAU6N,cAAaP,WAAapC,EAAQ,CAAEA,SAAU,CAAA,GACpE,CAAEvO,MAAOiI,KAGfmJ,aAAc,CAACvF,EAAkB0C,IAC/BrF,EACElB,EAAImB,WAAW5J,IAAIa,EAAakE,WAAY,CAC1C2F,2BAAe4B,YAAc0C,EAAQ,CAAEA,SAAU,IACjDvO,MAAOiI,KAERvJ,GAASiR,EAA0BjR,KAExC2S,gBAAkBxF,GAChB3C,EACElB,EAAImB,WAAW5J,IAAIa,EAAamE,cAAe,CAC7C0F,YAAa,CAAE4B,YACf7L,MAAOiI,KAERvJ,GAvJP,SAAsCA,GACpC,MAAMkR,EAAgBlR,EAAK4S,YACrBC,EAAM,GAEZ,OADA3B,EAAchS,SAAS4T,GAAYD,EAAItS,KAAK0Q,EAA0B6B,MAC/DD,CACT,CAkJgBE,CAA6B/S,OC3KvCgT,EAAgB,CAAC1J,EAAcC,KAA4B,CAa/D5H,OAAQ,CACNlC,EACAqQ,EACApH,EACA2G,EACA/D,EACA2C,EACAsC,EACA0C,IAEAzI,EACElB,EAAImB,WAAWC,KACbhJ,EAAmBC,OACnB,CACElC,OACAqQ,aACAlH,UAAWF,EACXwK,WAAY7D,EACZ/D,SACA2C,eACAsC,cACA0C,gBAEF,CAAE3R,MAAOiI,KAQfrH,KAAO0M,GACLpE,EACElB,EAAImB,WAAW5J,IAAIa,EAAmBQ,KAAM,CAC1CqJ,YAAa,CAAEqD,MACftN,MAAOiI,KAERvJ,GAASA,EAAKmJ,MAOnBtE,UAAY8G,GACVnB,EACElB,EAAImB,WAAWC,KAAKhJ,EAAmBU,OAAQ,CAAEuJ,aAAa,CAAErK,MAAOiI,KACtEvJ,GAASA,EAAK+I,OAanBjH,OAAQ,CACN8M,EACAnP,EACA8Q,EACA7H,EACA2G,EACApB,EACAgF,IAEAzI,EACElB,EAAImB,WAAWC,KACbhJ,EAAmBI,OACnB,CACE8M,KACAnP,OACA8Q,cACA3H,UAAWF,EACXwK,WAAY7D,EACZpB,eACAgF,gBAEF,CAAE3R,MAAOiI,KAEVvJ,GAASA,EAAKmJ,MAOnB1E,WAAamK,GACXpE,EACElB,EAAImB,WAAWC,KAAKhJ,EAAmB+C,WAAY,CAAEmK,MAAM,CAAEtN,MAAOiI,KAMxE7E,SAAWkK,GACTpE,EACElB,EAAImB,WAAWC,KAAKhJ,EAAmBgD,SAAU,CAAEkK,MAAM,CAAEtN,MAAOiI,KAMtEvH,OAAS4M,GACPpE,EACElB,EAAImB,WAAWC,KAAKhJ,EAAmBM,OAAQ,CAAE4M,MAAM,CAAEtN,MAAOiI,OC1HhE4J,EAAW,CAAC7J,EAAcC,KAA4B,CAC1DhD,KAAM,IACJiE,EAAkBlB,EAAImB,WAAWC,KAAKhJ,EAAc6E,KAAM,CAAE,EAAE,CAAEjF,MAAOiI,KACzEvH,OAASoR,GACP5I,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcM,OAAQ,CAAEsN,IAAK8D,GAAW,CAAE9R,MAAOiI,KAEzE/C,OAAS6M,GACP7I,EACElB,EAAImB,WAAWC,KAAKhJ,EAAc8E,OAAQ,CAAE6M,UAAU,CAAE/R,MAAOiI,KAEnE9C,OAAQ,CAAC4M,EAAgBC,EAAYC,IACnC/I,EACElB,EAAImB,WAAWC,KACbhJ,EAAc+E,OACd,CAAE4M,SAAQC,OAAMC,WAChB,CAAEjS,MAAOiI,KAGf7C,IAAK,CACH2M,EACA/S,IAEAkK,EACElB,EAAImB,WAAWC,KAAKhJ,EAAcgF,IAAK,CAAE2M,SAAQ/S,WAAW,CAAEgB,MAAOiI,KACpEvJ,GAAUA,aAAA,EAAAA,EAAoCwT,WChC/CC,EAAY,CAACnK,EAAcC,KAA4B,CAC3D/C,OAAQ,IACNgE,EAAkBlB,EAAImB,WAAWC,KAAKhJ,EAAe8E,OAAQ,CAAE,EAAE,CAAElF,MAAOiI,KAC5E9C,OAASiN,GACPlJ,EACElB,EAAImB,WAAWC,KAAKhJ,EAAe+E,OAAQ,CAAEiN,SAAS,CAAEpS,MAAOiI,OCL/DoK,EAAY,CAACrK,EAAcC,KAA4B,CAM3DnH,OAASwR,IACP,MAAMvJ,EAAYtJ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA4S,GAAe,CAAAC,YAAaD,EAAc7C,WAE5D,cADO1G,EAAK0G,SACLvG,EACLlB,EAAImB,WAAWC,KAAKhJ,EAAeU,OAAQiI,EAAM,CAAE/I,MAAOiI,KACzDvJ,GACCA,eAAAA,EAAM8T,OAAOrL,KAAKsL,IAChB,MAAMlB,EACD9R,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA+S,IACHC,SAAUC,WAAWF,EAAEC,UACvBjD,SAAUgD,EAAEF,cAGd,cADOhB,EAAIgB,YACJhB,CAAG,KAEf,EAOH/L,YAAcoN,IACZ,MAAM7J,EAAItJ,OAAAC,OAAA,CAAA,EAAQkT,GAClB,OAAO1J,EACLlB,EAAImB,WAAWC,KAAKhJ,EAAeoF,YAAauD,EAAM,CAAE/I,MAAOiI,IAChE,ICxBC4K,EAAY,CAAC7K,EAAcC,KAA4B,CAU3D6K,WAAY,CAACnM,EAAqBoM,IAChC7J,EACElB,EAAImB,WAAWC,KAAKhJ,EAAeqF,WAAY,CAAEkB,SAAQoM,WAAW,CAAE/S,MAAOiI,KAOjF+K,aAAc,IACZ9J,EACElB,EAAImB,WAAWC,KAAKhJ,EAAesF,aAAc,CAAE,EAAE,CAAE1F,MAAOiI,KAOlEgL,WAAY,IACV/J,EACElB,EAAImB,WAAWC,KAAKhJ,EAAeuF,WAAY,CAAA,EAAI,CAAE3F,MAAOiI,KAC3DvJ,GAASA,EAAKiI,SAWnBuM,cAAe,CACbC,EACAC,EACAC,IAEAnK,EACElB,EAAImB,WAAWC,KACbhJ,EAAewF,OACf,CAAEuN,YAAWC,UAASC,cACtB,CAAErT,MAAOiI,KAWfqL,gBAAiB,CAACnV,EAAckV,IAC9BnK,EACElB,EAAImB,WAAWC,KAAKhJ,EAAeyF,SAAU,CAAE1H,OAAMkV,cAAc,CAAErT,MAAOiI,KAWhFsL,uBAAwB,CACtBC,EACAL,EACAC,EACAC,IAEAnK,EACElB,EAAImB,WAAWC,KACbhJ,EAAe0F,OACf,CAAE0N,qBAAoBL,YAAWC,UAASC,cAC1C,CAAErT,MAAOiI,KAYfwL,yBAA0B,CACxBtV,EACAgV,EACAE,IAEAnK,EACElB,EAAImB,WAAWC,KACbhJ,EAAe2F,SACf,CAAE5H,OAAMgV,YAAWE,cACnB,CAAErT,MAAOiI,KASfyL,gBAAkB9M,GAChBsC,EACElB,EAAImB,WAAWC,KAAKhJ,EAAe4F,SAAU,CAAEY,aAAa,CAAE5G,MAAOiI,KAQzEpB,gBAAkBD,GAChBsC,EACElB,EAAImB,WAAWC,KAAKhJ,EAAe6F,SAAU,CAAEW,aAAa,CAAE5G,MAAOiI,KAUzE0L,4BAA8BC,GAC5B1K,EACElB,EAAImB,WAAWC,KACbhJ,EAAe8F,kBACf,CAAE0N,aACF,CAAE5T,MAAOiI,KAUf4L,oCAAsCD,GACpC1K,EACElB,EAAImB,WAAWC,KACbhJ,EAAe+F,sCACf,CAAEyN,aACF,CAAE5T,MAAOiI,KASf6L,sBAAwB9F,GACtB9E,EACElB,EAAImB,WAAWC,KACbhJ,EAAe8F,kBACf,CAAE0N,UAAW5F,GACb,CAAEhO,MAAOiI,KASf7B,aACE2N,GAEA7K,EACElB,EAAImB,WAAWC,KACbhJ,EAAegG,aACf,CAAE2N,mBACF,CAAE/T,MAAOiI,KAEVvJ,GAASA,EAAKqV,kBAUnBC,aAAc,CACZ1N,EACAkN,EACAL,IAEAjK,EACElB,EAAImB,WAAWC,KACbhJ,EAAeiG,IACf,CAAEC,WAAUkN,qBAAoBL,aAChC,CAAEnT,MAAOiI,KAEVvJ,GAASA,EAAK6H,UASnB0N,kBAAmB,CACjB3N,EACA4N,GAA2B,IAE3BhL,EACElB,EAAImB,WAAWC,KACbhJ,EAAekG,SACf,CAAEA,WAAU4N,4BACZ,CAAElU,MAAOiI,KAEVvJ,GAASA,EAAKkI,YASnBuN,iBAAkB,CAChB5N,EACA6N,GAA4B,IAE5BlL,EACElB,EAAImB,WAAWC,KACbhJ,EAAemG,QACf,CAAEA,UAAS6N,6BACX,CAAEpU,MAAOiI,KAEVvJ,GAASA,EAAKkI,YAQnByN,oBAAsBC,GACpBpL,EACElB,EAAImB,WAAWC,KAAKhJ,EAAeoG,UAAW,CAAE8N,UAAU,CAAEtU,MAAOiI,KAClEvJ,GAASA,EAAKkI,YAWnB2N,gCAAiC,CAC/BD,EACAd,EACAL,IAEAjK,EACElB,EAAImB,WAAWC,KACbhJ,EAAeqG,mBACf,CAAE6N,SAAQd,qBAAoBL,aAC9B,CAAEnT,MAAOiI,KAEVvJ,GAASA,EAAKkV,UAAUzM,KAAKb,IAAsB,CAAEA,iBAS1DI,YAAc8N,GACZtL,EACElB,EAAImB,WAAWC,KACbhJ,EAAesG,YACf,CAAE8N,MAAOA,EAAQA,EAAMC,UAAY,GACnC,CAAEzU,MAAOiI,KAEVvJ,GAASA,MCxSVgW,EAAqB,CAAC1M,EAAcC,KAA4B,CACpE0M,sBACE3V,UAEA,OAAAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAAwBqD,0CAEnBzE,GAAO,CACV4V,gBAASrX,EAAAyB,EAAQ4V,0BAEnB,CAAE5U,MAAOiI,IAEZ,EACH4M,sBACE7V,UAEA,OAAAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAAwBsD,0CAEnB1E,GAAO,CACV4V,gBAASrX,EAAAyB,EAAQ4V,0BAEnB,CAAE5U,MAAOiI,IAEZ,EACH6M,sBACE9V,GAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAAwBuD,WAAUlE,OAAAC,OAAA,GAC7BV,GACL,CAAEgB,MAAOiI,KAGf8M,sBACE/V,GAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAAwBwD,WAAUnE,OAAAC,OAAA,GAC7BV,GACL,CAAEgB,MAAOiI,KAGfvH,OAAS4M,GACPpE,EACElB,EAAImB,WAAWC,KAAKhJ,EAAwBM,OAAQ,CAAE4M,MAAM,CAAEtN,MAAOiI,KAEzErH,KAAO0M,GACLpE,EACElB,EAAImB,WAAW5J,IAAIa,EAAwBQ,KAAM,CAC/CqJ,YAAa,CAAEqD,MACftN,MAAOiI,KAERvJ,GAASA,IAEd4E,QAAS,IACP4F,EACElB,EAAImB,WAAW5J,IAAIa,EAAwBkD,QAAS,CAClDtD,MAAOiI,KAERvJ,GAASA,EAAKsW,SCzEfC,EAAe,CAACjN,EAAcC,KAA4B,CAC9DmG,YAAcvC,GACZ3C,EACElB,EAAImB,WAAW5J,IAAIa,EAAkBiD,SAAU,CAC7C4G,YAAa,CAAE4B,YACf7L,MAAOiI,KAERvJ,GAASA,IAEd2P,kBAAmB,CAACxC,EAAkBxI,IACpC6F,EACElB,EAAImB,WAAWC,KACbhJ,EAAkBiD,SACb5D,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA2D,GAAU,CAAAwI,aACf,CACE7L,MAAOiI,OCTXiN,EAAU,CAAClN,EAAcC,KAA4B,CAQzD6K,WAAanM,GACXuC,EAAkBlB,EAAImB,WAAWC,KAAKhJ,EAAauG,OAAQA,EAAQ,CAAE3G,MAAOiI,KAM9E+K,aAAc,IACZ9J,EACElB,EAAImB,WAAWC,KAAKhJ,EAAesF,aAAc,CAAE,EAAE,CAAE1F,MAAOiI,KAQlEyL,gBAAkB9M,GAChBsC,EACElB,EAAImB,WAAWC,KAAKhJ,EAAawG,UAAW,CAAEuO,OAAQvO,GAAa,CAAE5G,MAAOiI,KAWhFpB,gBAAkBD,GAChBsC,EACElB,EAAImB,WAAWC,KACbhJ,EAAayG,gBACb,CAAEsO,OAAQvO,GACV,CAAE5G,MAAOiI,KAafnB,MAAQF,GACNsC,EACElB,EAAImB,WAAWC,KAAKhJ,EAAa0G,MAAO,CAAEqO,OAAQvO,GAAa,CAAE5G,MAAOiI,KACvEvJ,GAASA,EAAKyW,SAOnBC,qBACEC,GAEAnM,EACElB,EAAImB,WAAWC,KACbhJ,EAAa2G,cACb,CAAEsO,uBACF,CAAErV,MAAOiI,KAEVvJ,GAASA,EAAK4W,mBAOnBC,qBAAuBD,GACrBpM,EACElB,EAAImB,WAAWC,KACbhJ,EAAa4G,cACb,CAAEsO,oBACF,CAAEtV,MAAOiI,KASfuN,mBAAoB,IAClBtM,EAAkBlB,EAAImB,WAAWzI,OAAON,EAAawG,UAAW,CAAE5G,MAAOiI,OCvFvEwN,EAAyB,CAACzN,EAAcC,KAA4B,CACxEyN,kBACE1W,GAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAA4BC,OAAMZ,OAAAC,OAAA,GAE7BV,GAEL,CAAEgB,MAAOiI,KAGf0N,kBACE3W,GAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAA4BI,OAAMf,OAAAC,OAAA,GAC7BV,GACL,CAAEgB,MAAOiI,KAGf2N,iBACE5W,GAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAA4BK,MAAKhB,OAAAC,OAAA,GAC5BV,GACL,CAAEgB,MAAOiI,KAGf4N,kBAAoBvI,GAClBpE,EACElB,EAAImB,WAAWC,KAAKhJ,EAA4BM,OAAQ,CAAE4M,MAAM,CAAEtN,MAAOiI,KAE7E6N,gBAAkBxI,GAChBpE,EACElB,EAAImB,WAAW5J,IAAIa,EAA4BQ,KAAM,CACnDqJ,YAAa,CAAEqD,MACftN,MAAOiI,KAERvJ,GAASA,IAEdqX,oBAAqB,IACnB7M,EACElB,EAAImB,WAAW5J,IAAIa,EAA4BkD,QAAS,CACtDtD,MAAOiI,KAERvJ,GAASA,EAAKsW,OAEnBgB,qBAAuB1I,GACrBpE,EACElB,EAAImB,WAAW5J,IAAIa,EAA4ByD,OAAQ,CACrDoG,YAAa,CAAEqD,MACftN,MAAOiI,KAERvJ,GAASA,IAEduX,wBAA0B3I,GACxBpE,EACElB,EAAImB,WAAWC,KAAKhJ,EAA4B0D,OAAQ,CAAEwJ,MAAM,CAAEtN,MAAOiI,KAE7EiO,eACElX,GAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAAoCU,OAAMrB,OAAAC,OAAA,CAAA,EACrCV,GACL,CAAEgB,MAAOiI,KAEVvJ,GAASA,EAAKyX,WAEnBC,eAAiBpX,GACfkK,EACElB,EAAImB,WAAWC,KACbhJ,EAAoCM,OAAMjB,OAAAC,OAAA,GACrCV,GACL,CAAEgB,MAAOiI,OCjFXoO,GAA0B,CAACrO,EAAcC,KAA4B,CACzEyN,kBACEY,GAEApN,EACElB,EAAImB,WAAWC,KACbhJ,EAA6BC,OAAMZ,OAAAC,OAAA,CAAA,EAE9B4W,GAEL,CAAEtW,MAAOiI,KAEVvJ,GAASA,EAAK4X,MAEnBX,kBACEW,GAEApN,EACElB,EAAImB,WAAWC,KACbhJ,EAA6BI,OAC7B,CACE8V,OAEF,CAAEtW,MAAOiI,KAEVvJ,GAASA,EAAK4X,MAEnBT,kBAAoBvI,GAClBpE,EACElB,EAAImB,WAAWC,KAAKhJ,EAA6BM,OAAQ,CAAE4M,MAAM,CAAEtN,MAAOiI,KAE9E6N,gBAAkBxI,GAChBpE,EACElB,EAAImB,WAAW5J,IAAI,GAAGa,EAA6BQ,QAAQ0M,IAAM,CAC/DtN,MAAOiI,KAERvJ,GAASA,EAAK4X,MAEnBP,oBAAqB,IACnB7M,EACElB,EAAImB,WAAW5J,IAAIa,EAA6BkD,QAAS,CACvDtD,MAAOiI,KAERvJ,GAASA,EAAKsW,OAEnBhR,mBAAoB,CAClBuS,EACAvM,EACAwM,EACAxX,EACA6M,IAEA3C,EACElB,EAAImB,WAAWC,KACbhJ,EAA6B4D,mBAC7B,CACEuS,QACAvM,SACAwM,SACAxX,UACA6M,YAEF,CAAE7L,MAAOiI,KAEVvJ,GAASA,EAAKsB,QAEnB+D,WAAY,CACVwS,EACAvM,EACA6B,EACA7M,IAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAA6B2D,WAC7B,CACEwS,QACAvM,SACA6B,WACA7M,WAEF,CAAEgB,MAAOiI,KAEVvJ,GAASA,EAAKsB,QAEnBkE,yBAA0B,CACxBqS,EACA1K,EACA2K,EACAxX,IAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAA6B8D,yBAC7B,CACEqS,QACA1K,WACA2K,SACAxX,WAEF,CAAEgB,MAAOiI,KAEVvJ,GAASA,EAAKsB,QAEnBiE,iBAAkB,CAChBsS,EACA1K,EACA7M,IAEAkK,EACElB,EAAImB,WAAWC,KACbhJ,EAA6B6D,iBAC7B,CACEsS,QACA1K,WACA7M,WAEF,CAAEgB,MAAOiI,KAEVvJ,GAASA,EAAKsB,UCrGrB,MAAMyW,GAAWlZ,WAAA0K,cAAEA,EAAayO,UAAEA,GAASnZ,EAAKoZ,EAAM7X,EAAAvB,EAArC,+BACf,MAAMqZ,EAAUC,EACdpX,OAAAC,OAAAD,OAAAC,OAAA,CAAAoX,MAAAA,GACGH,GAAM,CACTI,YAAWtX,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EACNiX,EAAOI,cACV,qBAAsB,SACtB,8BAAiD,UAAZ,OAAPC,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAAnZ,OAAA,EAAAA,EAAAoZ,OAAQ,GACzD,wBAAyB,cAIvBC,UAAEA,EAASC,OAAEA,GAAWT,EAExBlP,EAA6C,CAAA,EAgC7C4P,EC/De,EAACrP,EAAcC,KAA4B,CAChEZ,KAAMU,EAASC,EAAKC,GACpBqP,QAASrK,EAAYjF,EAAKC,GAC1BsP,UAAW7F,EAAc1J,EAAKC,GAC9BnI,OAAQ2N,EAAWzF,EAAKC,GACxBuP,eAAgB9C,EAAmB1M,EAAKC,GACxCwP,mBAAoBhC,EAAuBzN,EAAKC,GAChDyP,oBAAqBrB,GAAwBrO,EAAKC,GAClD0P,IAAKvH,EAAgBpI,EAAKC,GAC1ByG,IAAKD,EAAQzG,EAAKC,GAClB2P,WAAY5I,EAAehH,EAAKC,GAChC8E,SAAUkI,EAAajN,EAAKC,GAC5BkI,KAAMf,EAASpH,EAAKC,GACpB4P,MAAOrI,EAAUxH,EAAKC,GACtB+J,KAAMH,EAAS7J,EAAKC,GACpBmK,MAAOD,EAAUnK,EAAKC,GACtB6P,MAAOzF,EAAUrK,EAAKC,GACtB8P,MAAOlF,EAAU7K,EAAKC,GACtB+P,IAAK9C,EAAQlN,EAAKC,KD6CCgQ,CAAerB,EAAS3O,GAErCD,iCACD4O,GAAO,CAGVsB,QAAS1Z,MAAOwB,GAAmB4W,EAAQsB,QAAQlY,GAOnDqX,aAGA7Y,aAAa2Z,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMC,MAAM,gCAE9B,GAAI5Q,EAAK0Q,EAAOC,KAAM,OAAO3Q,EAAK0Q,EAAOC,KAKzC,GAFA3Y,OAAOC,OAAO+H,OAnDAjJ,WAChB,GAAIkY,EACF,IACE,MAAM4B,EAAYC,KAAKC,MAAM9B,GACvB7O,QAAY4Q,EAAUH,GAC5B,MAAO,CACL,CAACA,EAAUF,KAAMvQ,EAKpB,CAHC,MAAO6Q,GAEP,MADAtB,SAAAA,EAAQuB,MAAM,0CAA2CD,GACnD,IAAIL,MAAM,sCAAsCK,IACvD,CAGH,MAGME,SAHoBhC,EAAQzN,WAC/B5J,IAAI,WAAW4X,KACf0B,MAAMpa,GAASA,EAAKqa,UACerR,KACtC,OAAKxH,MAAMC,QAAQ0Y,UACQG,QAAQC,IACjCJ,EAAWzR,KAAI3I,MAAOqJ,GAAQ,CAACA,EAAIuQ,UAAWK,EAAU5Q,QAGtCoR,QAClB,CAACC,GAAMd,EAAKe,KAAUf,EAAW3Y,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAwZ,IAAK,CAACd,EAAIgB,YAAaD,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAyB2BG,KAErB5R,EAAK0Q,EAAOC,KAAM,MAAMC,MAAM,gCAEnC,OAAO5Q,EAAK0Q,EAAOC,IACpB,EAOD5Z,kBAAkBkQ,SAEhB,MACM1O,SADYsZ,EAAU5K,EAAK1G,EAAIuR,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAIzZ,IACFA,EAAM0Z,IAAe,QAATnc,EAAAyC,EAAM0Z,WAAG,IAAAnc,OAAA,EAAAA,EAAEoc,MAAM,KAAKC,MAC9B5Z,EAAM0Z,MAAQvC,GAEhB,MAAM,IAAI0C,EAAOC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAEpL,MAAK1O,QACf,EAODxB,sBAAsBub,GACpB,IAAKA,EAAc,MAAM1B,MAAM,4CAE/B,IAEE,aADoBrQ,EAAIgS,YAAYD,EAMrC,CAJC,MAAOpB,GAGP,MADAvB,SAAAA,EAAQuB,MAAM,4BAA6BA,GACrCN,MAAM,qCAAqCM,IAClD,CACF,EAODna,qBAAqByb,mBACnB,IAAKA,EAAc,MAAM5B,MAAM,kDAE/B,UACQrQ,EAAIgS,YAAYC,GACtB,MAAMC,QAAgBlS,EAAIkQ,QAAQ+B,GAClC,GAAIC,EAAQC,GAAI,CAEd,MAAMC,EACJnc,EACqD,QAAnDH,EAA0C,QAAzCP,EAAA2c,EAAQxb,YAAiC,IAAAnB,OAAA,EAAAA,EAAAwB,eAAS,IAAAjB,OAAA,EAAAA,EAAAuc,KAAK,KrBxKhC,QqB0KT,QAAZ7a,EAAA0a,EAAQxb,YAAI,IAAAc,OAAA,EAAAA,EAAE8a,YACfta,QAAcgI,EAAIgS,YAAYI,GAOpC,OALApa,EAAMjB,SAAoD,QAAzCJ,EAAAub,EAAQxb,YAAiC,IAAAC,OAAA,EAAAA,EAAAI,UAAW,IACrD,UAAZmb,EAAQxb,YAAI,IAAA6b,OAAA,EAAAA,EAAE3b,cAEfoB,EAAoCpB,WAAasb,EAAQxb,KAAKE,YAE1DoB,CACR,CAED,MAAMqY,MAAmB,QAAbmC,EAAAN,EAAQvB,aAAK,IAAA6B,OAAA,EAAAA,EAAEC,aAK5B,CAJC,MAAOC,GAGP,MADAtD,SAAAA,EAAQuB,MAAM,kCAAmC+B,GAC3CrC,MAAM,2CAA2CqC,IACxD,CACF,EAQDlc,gCACEub,EACAE,GAEA,IAAKF,IAAiBE,EAAc,MAAM5B,MAAM,6CAEhD,IAEE,aADoBrQ,EAAI2S,gBAAgBZ,EAKzC,CAHC,MAAOpB,GAEPvB,SAAAA,EAAQwD,IAAI,wCAAwCjC,2BACrD,CAED,OAAO3Q,EAAI6S,eAAeZ,EAC3B,EAQDzb,wBACE+Y,EACAjL,SAEA,IAAKiL,EAAW,MAAMc,MAAM,gCAE5B,IAAI5Z,EACJ,IACEA,QAAauJ,EAAIuP,UAAUuD,SAASvD,EAAWjL,EAIhD,CAHC,MAAOqM,GAEP,MADAvB,SAAAA,EAAQuB,MAAM,gCAAiCA,GACzCN,MAAM,8DAA8DM,IAC3E,CAED,IAAKla,EAAK0b,GAER,MADA/C,SAAAA,EAAQuB,MAAM,gCAAiCla,EAAKka,OAC9CN,MAAM,mCAA+C,QAAZ9a,EAAAkB,EAAKka,aAAO,IAAApb,OAAA,EAAAA,EAAAkd,gBAG7D,MAAMH,WAAEA,GAAe7b,EAAKC,KAC5B,IAAK4b,EAEH,MADAlD,SAAAA,EAAQuB,MAAM,gDACRN,MAAM,iCAGd,IAEE,aADoBrQ,EAAIgS,YAAYM,EAKrC,CAHC,MAAO3B,GAEP,MADAvB,SAAAA,EAAQuB,MAAM,sCAAuCA,GAC/CN,MAAM,kEAAkEM,IAC/E,CACF,EAQDoC,oBAAmB,CAACnb,EAA8BuP,IACzCnH,EAAIgT,0BAA0Bpb,EAAU,GAAIuP,GASrD8L,sBAAqB,CAACrb,EAA8BuP,IAC3CnH,EAAIkT,4BAA4Btb,EAAU,GAAIuP,GAUvD6L,0BACEpb,EACAE,EACAqP,GAGA,GAAIrP,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAMqb,EAAUxb,EAA2BC,ErB3Rb,cqB2R6CE,GAC3E,OAAOqP,EAAYiM,OAAOC,GAASF,EAAQG,SAASD,IACrD,EASDH,4BACEtb,EACAE,EACAqP,GAEA,GAAIrP,IAAWK,EAA2BP,EAAUE,GAAS,MAAO,GAEpE,MAAMqb,EAAUxb,EAA2BC,ErB7Sb,cqB6S6CE,GAC3E,OAAOqP,EAAYoM,QAAQF,GAASF,EAAQG,SAASD,IACtD,EAQDG,cAAa,CAAC5b,EAA8BwH,IACnCY,EAAIyT,oBAAoB7b,EAAU,GAAIwH,GAS/CsU,gBAAe,CAAC9b,EAA8BwH,IACrCY,EAAI2T,sBAAsB/b,EAAU,GAAIwH,GAUjDqU,oBAAoB7b,EAA8BE,EAAgBsH,GAEhE,GAAItH,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAM8b,EAAajc,EAA2BC,ErB9UtB,QqB8UgDE,GACxE,OAAOsH,EAAMgU,OAAOjL,GAASyL,EAAWN,SAASnL,IAClD,EASDwL,sBAAsB/b,EAA8BE,EAAgBsH,GAClE,GAAItH,IAAWK,EAA2BP,EAAUE,GAAS,MAAO,GAEpE,MAAM8b,EAAajc,EAA2BC,ErB5VtB,QqB4VgDE,GACxE,OAAOsH,EAAMmU,QAAQpL,GAASyL,EAAWN,SAASnL,IACnD,IAGH,OAAO0L,EACL7T,EACA,CACE,mBACA,iBACA,mBACA,sBACA,mBACA,uBACA,uBACA,iBACA,gBACA,cACA,yBACA,yBACA,WAEF1J,EACD,EAoBHmY,GAAQqF,uBrB/Y8B,MqBgZtCrF,GAAQsF,uBrB9Y8B,KqB+YtCtF,GAAQuF,cEjZO,CACbC,WAAY,UACZC,iBAAkB,UAClBC,eAAgB,UAChBC,iBAAkB,UAClBC,aAAc,UACdC,mBAAoB,UACpBC,qBAAsB,UACtBC,aAAc"}