npm - @descope/node-sdk - Versions diffs - 1.7.9 → 1.7.12 - Mend

@descope/node-sdk 1.7.9 → 1.7.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -351,6 +351,7 @@ declare type User = {
     hashedPassword?: UserPasswordHashed;
     seed?: string;
     status?: UserStatus;
+    createdTime?: number;
 };
 declare type UserPasswordHashed = {
     bcrypt?: UserPasswordBcrypt;
@@ -876,10 +877,11 @@ interface PatchUserOptions {
 /** Configuration arguments which include the Descope core SDK args and an optional management key */
 declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {
     managementKey?: string;
+    authManagementKey?: string;
     publicKey?: string;
 };
 declare const nodeSdk: {
-    ({ managementKey, publicKey, ...config }: NodeSdkArgs): {
+    ({ authManagementKey, managementKey, publicKey, ...config }: NodeSdkArgs): {
         refresh: (token?: string) => Promise<SdkResponse<JWTResponse & {
             refreshJwt?: string;
             cookies?: string[];
@@ -1139,7 +1141,6 @@ declare const nodeSdk: {
                 loadAllGroupsForMember: (tenantId: string, userIds: string[], loginIds: string[]) => Promise<SdkResponse<Group[]>>;
                 loadAllGroupMembers: (tenantId: string, groupId: string) => Promise<SdkResponse<Group[]>>;
             };
-            /** Fetch the public keys (JWKs) from Descope for the configured project */
             flow: {
                 list: () => Promise<SdkResponse<FlowsResponse>>;
                 delete: (flowIds: string[]) => Promise<SdkResponse<never>>;
@@ -1169,12 +1170,7 @@ declare const nodeSdk: {
                 deleteRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
                 deleteResourceRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
                 deleteRelationsForIds: (ids: string[]) => Promise<SdkResponse<never>>;
-                hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>; /**
-                 * Validate session and refresh it if it expired
-                 * @param sessionToken session JWT
-                 * @param refreshToken refresh JWT
-                 * @returns RefreshAuthenticationInfo promise or throws Error if there is an issue with JWTs
-                 */
+                hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>;
                 whoCanAccess: (resource: string, relationDefinition: string, namespace: string) => Promise<SdkResponse<string[]>>;
                 resourceRelations: (resource: string, ignoreTargetSetRelations?: boolean) => Promise<SdkResponse<AuthzRelation[]>>;
                 targetsRelations: (targets: string[], includeTargetSetRelations?: boolean) => Promise<SdkResponse<AuthzRelation[]>>;
@@ -1325,7 +1321,12 @@ declare const nodeSdk: {
             };
             update: {
                 email: <T extends boolean>(loginId: string, email: string, token?: string, updateOptions?: {
-                    addToLoginIDs?: T;
+                    addToLoginIDs?: T; /**
+                     * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                     * @param authInfo JWT parsed info containing the permissions
+                     * @param permissions List of permissions to match against the JWT claims
+                     * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                     */
                     onMergeUseExisting?: T extends true ? boolean : never;
                     templateOptions?: {
                         [x: string]: string;
@@ -1337,7 +1338,12 @@ declare const nodeSdk: {
                 }>>;
                 phone: {
                     sms: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_1;
+                        addToLoginIDs?: T_1; /**
+                         * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         */
                         onMergeUseExisting?: T_1 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1348,7 +1354,12 @@ declare const nodeSdk: {
                         maskedPhone: string;
                     }>>;
                     voice: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_1;
+                        addToLoginIDs?: T_1; /**
+                         * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         */
                         onMergeUseExisting?: T_1 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1359,7 +1370,12 @@ declare const nodeSdk: {
                         maskedPhone: string;
                     }>>;
                     whatsapp: <T_1 extends boolean>(loginId: string, phone: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_1;
+                        addToLoginIDs?: T_1; /**
+                         * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         */
                         onMergeUseExisting?: T_1 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1497,7 +1513,12 @@ declare const nodeSdk: {
             };
             update: {
                 email: <T_2 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
-                    addToLoginIDs?: T_2;
+                    addToLoginIDs?: T_2; /**
+                     * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                     * @param authInfo JWT parsed info containing the permissions
+                     * @param permissions List of permissions to match against the JWT claims
+                     * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                     */
                     onMergeUseExisting?: T_2 extends true ? boolean : never;
                     templateOptions?: {
                         [x: string]: string;
@@ -1509,7 +1530,12 @@ declare const nodeSdk: {
                 }>>;
                 phone: {
                     sms: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_3;
+                        addToLoginIDs?: T_3; /**
+                         * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         */
                         onMergeUseExisting?: T_3 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1520,7 +1546,12 @@ declare const nodeSdk: {
                         maskedPhone: string;
                     }>>;
                     voice: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_3;
+                        addToLoginIDs?: T_3; /**
+                         * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         */
                         onMergeUseExisting?: T_3 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1531,7 +1562,12 @@ declare const nodeSdk: {
                         maskedPhone: string;
                     }>>;
                     whatsapp: <T_3 extends boolean>(loginId: string, phone: string, URI?: string, token?: string, updateOptions?: {
-                        addToLoginIDs?: T_3;
+                        addToLoginIDs?: T_3; /**
+                         * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                         * @param authInfo JWT parsed info containing the permissions
+                         * @param permissions List of permissions to match against the JWT claims
+                         * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                         */
                         onMergeUseExisting?: T_3 extends true ? boolean : never;
                         templateOptions?: {
                             [x: string]: string;
@@ -1580,7 +1616,12 @@ declare const nodeSdk: {
             }) => Promise<SdkResponse<JWTResponse>>;
             update: {
                 email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
-                    addToLoginIDs?: T_4;
+                    addToLoginIDs?: T_4; /**
+                     * Retrieves the permissions from JWT top level claims that match the specified permissions list
+                     * @param authInfo JWT parsed info containing the permissions
+                     * @param permissions List of permissions to match against the JWT claims
+                     * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found
+                     */
                     onMergeUseExisting?: T_4 extends true ? boolean : never;
                     templateOptions?: {
                         [x: string]: string;
@@ -1618,7 +1659,7 @@ declare const nodeSdk: {
         };
         outbound: {
             connect: (appId: string, options?: {
-                redirectURL?: string;
+                redirectUrl?: string;
                 scopes?: string[];
             }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
         };

package/dist/index.esm.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as n}from"@descope/core-js-sdk";import{jwtVerify as o,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=r);const d=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null},c=t=>async(...s)=>{var n,o,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,p=e(r,["refreshJwt"]);const d=[];var c;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(c=p)?void 0:c.cookieDomain)||""}; Max-Age=${(null==c?void 0:c.cookieMaxAge)||""}; Path=${(null==c?void 0:c.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=m(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:d})})};function g(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function u(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var h={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},v={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},k={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},C={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},f={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},I={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},y={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},b={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps",fetchToken:"/v1/mgmt/outbound/app/user/token/latest",fetchTokenByScopes:"/v1/mgmt/outbound/app/user/token",fetchTenantToken:"/v1/mgmt/outbound/app/tenant/token/latest",fetchTenantTokenByScopes:"/v1/mgmt/outbound/app/tenant/token"},A={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},S={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},w={settings:"/v1/mgmt/password/settings"},O={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},T={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},j={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import",run:"/v1/mgmt/flow/run"},N={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},R={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},P={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},E={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},M={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};function U(t){return t.map((t=>{var{roles:s}=t,n=e(t,["roles"]);return Object.assign(Object.assign({},n),{roleNames:s})}))}function x(e){if(e&&0!==Object.keys(e).length)return Object.fromEntries(Object.entries(e).map((([e,t])=>[e,{values:t}])))}const D=(e,t)=>({create:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(h.create,C,{token:t}),(e=>e.user))},createTestUser:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(h.createTestUser,C,{token:t}),(e=>e.user))},invite:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k,C,f,I,y){const b="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:u,sendSMS:v,additionalLoginIds:I,templateId:y}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(h.create,b,{token:t}),(e=>e.user))},inviteBatch:(n,o,a,i,r,l)=>s(e.httpClient.post(h.createBatch,{users:U(n),invite:!0,inviteUrl:o,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),createBatch:n=>s(e.httpClient.post(h.createBatch,{users:U(n)},{token:t}),(e=>e)),update:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(h.update,C,{token:t}),(e=>e.user))},patch:function(n,o){const a={loginId:n};return void 0!==o.email&&(a.email=o.email),void 0!==o.phone&&(a.phone=o.phone),void 0!==o.displayName&&(a.displayName=o.displayName),void 0!==o.givenName&&(a.givenName=o.givenName),void 0!==o.middleName&&(a.middleName=o.middleName),void 0!==o.familyName&&(a.familyName=o.familyName),void 0!==o.roles&&(a.roleNames=o.roles),void 0!==o.userTenants&&(a.userTenants=o.userTenants),void 0!==o.customAttributes&&(a.customAttributes=o.customAttributes),void 0!==o.picture&&(a.picture=o.picture),void 0!==o.verifiedEmail&&(a.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(a.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(a.ssoAppIds=o.ssoAppIds),void 0!==o.scim&&(a.scim=o.scim),s(e.httpClient.patch(h.patch,a,{token:t}),(e=>e.user))},delete:n=>s(e.httpClient.post(h.delete,{loginId:n},{token:t})),deleteByUserId:n=>s(e.httpClient.post(h.delete,{userId:n},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(h.deleteAllTestUsers,{token:t})),load:n=>s(e.httpClient.get(h.load,{queryParams:{loginId:n},token:t}),(e=>e.user)),loadByUserId:n=>s(e.httpClient.get(h.load,{queryParams:{userId:n},token:t}),(e=>e.user)),logoutUser:n=>s(e.httpClient.post(h.logout,{loginId:n},{token:t})),logoutUserByUserId:n=>s(e.httpClient.post(h.logout,{userId:n},{token:t})),searchAll:(n,o,a,i,r,l,p,d,m,c)=>s(e.httpClient.post(h.search,{tenantIds:n,roleNames:o,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:p,statuses:d,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:n=>s(e.httpClient.post(h.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0,tenantRoleIds:x(n.tenantRoleIds),tenantRoleNames:x(n.tenantRoleNames)}),{token:t}),(e=>e.users)),search:n=>s(e.httpClient.post(h.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0,tenantRoleIds:x(n.tenantRoleIds),tenantRoleNames:x(n.tenantRoleNames)}),{token:t}),(e=>e.users)),getProviderToken:(n,o,a)=>s(e.httpClient.get(h.getProviderToken,{queryParams:{loginId:n,provider:o,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:n=>s(e.httpClient.post(h.updateStatus,{loginId:n,status:"enabled"},{token:t}),(e=>e.user)),deactivate:n=>s(e.httpClient.post(h.updateStatus,{loginId:n,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(n,o)=>s(e.httpClient.post(h.updateLoginId,{loginId:n,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(n,o,a)=>s(e.httpClient.post(h.updateEmail,{loginId:n,email:o,verified:a},{token:t}),(e=>e.user)),updatePhone:(n,o,a)=>s(e.httpClient.post(h.updatePhone,{loginId:n,phone:o,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(n,o,a,i,r)=>s(e.httpClient.post(h.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(n,o)=>s(e.httpClient.post(h.updatePicture,{loginId:n,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>s(e.httpClient.post(h.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(n,o)=>s(e.httpClient.post(h.setRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addRoles:(n,o)=>s(e.httpClient.post(h.addRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(n,o)=>s(e.httpClient.post(h.removeRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addTenant:(n,o)=>s(e.httpClient.post(h.addTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(n,o)=>s(e.httpClient.post(h.removeTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(n,o,a)=>s(e.httpClient.post(h.setRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(n,o,a)=>s(e.httpClient.post(h.addRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(n,o,a)=>s(e.httpClient.post(h.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(n,o)=>s(e.httpClient.post(h.addSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(n,o)=>s(e.httpClient.post(h.setSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(n,o)=>s(e.httpClient.post(h.removeSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>s(e.httpClient.post(h.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,i)=>s(e.httpClient.post(h.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>s(e.httpClient.post(h.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(n,o,a)=>s(e.httpClient.post(h.generateEmbeddedLink,{loginId:n,customClaims:o,timeout:a},{token:t}),(e=>e)),generateSignUpEmbeddedLink:(n,o,a,i,r,l)=>s(e.httpClient.post(h.generateSignUpEmbeddedLink,{loginId:n,user:o,emailVerified:a,phoneVerified:i,loginOptions:r,timeout:l},{token:t}),(e=>e)),setTemporaryPassword:(n,o)=>s(e.httpClient.post(h.setTemporaryPassword,{loginId:n,password:o},{token:t}),(e=>e)),setActivePassword:(n,o)=>s(e.httpClient.post(h.setActivePassword,{loginId:n,password:o},{token:t}),(e=>e)),setPassword:(n,o)=>s(e.httpClient.post(h.setPassword,{loginId:n,password:o},{token:t}),(e=>e)),expirePassword:n=>s(e.httpClient.post(h.expirePassword,{loginId:n},{token:t}),(e=>e)),removeAllPasskeys:n=>s(e.httpClient.post(h.removeAllPasskeys,{loginId:n},{token:t}),(e=>e)),removeTOTPSeed:n=>s(e.httpClient.post(h.removeTOTPSeed,{loginId:n},{token:t}),(e=>e)),history:n=>s(e.httpClient.post(h.history,n,{token:t}),(e=>e))}),L=(e,t)=>({updateName:n=>s(e.httpClient.post(v.updateName,{name:n},{token:t})),updateTags:n=>s(e.httpClient.post(v.updateTags,{tags:n},{token:t})),clone:(n,o,a)=>s(e.httpClient.post(v.clone,{name:n,environment:o,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(v.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t})),importSnapshot:n=>s(e.httpClient.post(v.importSnapshot,n,{token:t})),validateSnapshot:n=>s(e.httpClient.post(v.validateSnapshot,n,{token:t})),export:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t}),(e=>e.files)),import:n=>s(e.httpClient.post(v.importSnapshot,{files:n},{token:t}))}),F=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(C.create,{name:n,selfProvisioningDomains:o,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(n,o,a,i,r,l)=>s(e.httpClient.post(C.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(C.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(C.delete,{id:n,cascade:o},{token:t})),load:n=>s(e.httpClient.get(C.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.tenants)),searchAll:(n,o,a,i)=>s(e.httpClient.post(C.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:n=>s(e.httpClient.get(C.settings,{queryParams:{id:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(C.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t})),generateSSOConfigurationLink:(n,o,a,i,r)=>s(e.httpClient.post(C.generateSSOConfigurationLink,{tenantId:n,expireTime:o,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),z=(e,t)=>({update:(n,o,a)=>s(e.httpClient.post(S.update,{jwt:n,customClaims:o,refreshDuration:a},{token:t})),impersonate:(n,o,a,i,r,l)=>s(e.httpClient.post(S.impersonate,{impersonatorId:n,loginId:o,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(n,o,a,i)=>s(e.httpClient.post(S.stopImpersonation,{jwt:n,customClaims:o,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(n,o)=>s(e.httpClient.post(S.signIn,Object.assign({loginId:n},o),{token:t})),signUp:(n,o,a)=>s(e.httpClient.post(S.signUp,Object.assign({loginId:n,user:o},a),{token:t})),signUpOrIn:(n,o,a)=>s(e.httpClient.post(S.signUpOrIn,Object.assign({loginId:n,user:o},a),{token:t})),anonymous:(n,o,a)=>s(e.httpClient.post(S.anonymous,{customClaims:n,selectedTenant:o,refreshDuration:a},{token:t}))}),q=(e,t)=>({create:(n,o)=>s(e.httpClient.post(O.create,{name:n,description:o},{token:t})),update:(n,o,a)=>s(e.httpClient.post(O.update,{name:n,newName:o,description:a},{token:t})),delete:n=>s(e.httpClient.post(O.delete,{name:n},{token:t})),loadAll:()=>s(e.httpClient.get(O.loadAll,{token:t}),(e=>e.permissions))}),$=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(T.create,{name:n,description:o,permissionNames:a,tenantId:i,default:r},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(T.update,{name:n,newName:o,description:a,permissionNames:i,tenantId:r,default:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(T.delete,{name:n,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(T.loadAll,{token:t}),(e=>e.roles)),search:n=>s(e.httpClient.post(T.search,n,{token:t}),(e=>e.roles))}),B=(e,t)=>({loadAllGroups:n=>s(e.httpClient.post(R.loadAllGroups,{tenantId:n},{token:t})),loadAllGroupsForMember:(n,o,a)=>s(e.httpClient.post(R.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:t})),loadAllGroupMembers:(n,o)=>s(e.httpClient.post(R.loadAllGroupMembers,{tenantId:n,groupId:o},{token:t}))});function J(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const K=(e,t)=>({getSettings:n=>s(e.httpClient.get(A.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),newSettings:(n,o,a)=>s(e.httpClient.post(A.settingsNew,Object.assign(Object.assign({tenantId:n},o?{ssoId:o}:{}),{displayName:a}),{token:t}),(e=>J(e))),deleteSettings:(n,o)=>s(e.httpClient.delete(A.settings,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t})),configureSettings:(n,o,a,i,r,l)=>s(e.httpClient.post(A.settings,{tenantId:n,idpURL:o,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(n,o,a,i)=>s(e.httpClient.post(A.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:i},{token:t})),configureMapping:(n,o,a)=>s(e.httpClient.post(A.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:t})),configureOIDCSettings:(n,o,a,i)=>{const r=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(A.oidc.configure,Object.assign({tenantId:n,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(n,o,a,i,r)=>s(e.httpClient.post(A.saml.configure,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(n,o,a,i,r)=>s(e.httpClient.post(A.saml.metadata,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(n,o)=>s(e.httpClient.get(A.settingsv2,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t}),(e=>J(e))),loadAllSettings:n=>s(e.httpClient.get(A.settingsAllV2,{queryParams:{tenantId:n},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(J(e)))),s}(e)))}),G=(e,t)=>({create:(n,o,a,i,r,l,p,d)=>s(e.httpClient.post(k.create,{name:n,expireTime:o,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:p,permittedIps:d},{token:t})),load:n=>s(e.httpClient.get(k.load,{queryParams:{id:n},token:t}),(e=>e.key)),searchAll:n=>s(e.httpClient.post(k.search,{tenantIds:n},{token:t}),(e=>e.keys)),update:(n,o,a,i,r,l,p)=>s(e.httpClient.post(k.update,{id:n,name:o,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:p},{token:t}),(e=>e.key)),deactivate:n=>s(e.httpClient.post(k.deactivate,{id:n},{token:t})),activate:n=>s(e.httpClient.post(k.activate,{id:n},{token:t})),delete:n=>s(e.httpClient.post(k.delete,{id:n},{token:t}))}),W=(e,t)=>({list:()=>s(e.httpClient.post(j.list,{},{token:t})),delete:n=>s(e.httpClient.post(j.delete,{ids:n},{token:t})),export:n=>s(e.httpClient.post(j.export,{flowId:n},{token:t})),import:(n,o,a)=>s(e.httpClient.post(j.import,{flowId:n,flow:o,screens:a},{token:t})),run:(n,o)=>s(e.httpClient.post(j.run,{flowId:n,options:o},{token:t}),(e=>null==e?void 0:e.output))}),V=(e,t)=>({export:()=>s(e.httpClient.post(N.export,{},{token:t})),import:n=>s(e.httpClient.post(N.import,{theme:n},{token:t}))}),H=(e,t)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,s(e.httpClient.post(P.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const o=Object.assign({},n);return s(e.httpClient.post(P.createEvent,o,{token:t}))}}),Q=(e,t)=>({saveSchema:(n,o)=>s(e.httpClient.post(E.schemaSave,{schema:n,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(E.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(n,o,a)=>s(e.httpClient.post(E.nsSave,{namespace:n,oldName:o,schemaName:a},{token:t})),deleteNamespace:(n,o)=>s(e.httpClient.post(E.nsDelete,{name:n,schemaName:o},{token:t})),saveRelationDefinition:(n,o,a,i)=>s(e.httpClient.post(E.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(n,o,a)=>s(e.httpClient.post(E.rdDelete,{name:n,namespace:o,schemaName:a},{token:t})),createRelations:n=>s(e.httpClient.post(E.reCreate,{relations:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(E.reDelete,{relations:n},{token:t})),deleteRelationsForResources:n=>s(e.httpClient.post(E.reDeleteResources,{resources:n},{token:t})),deleteResourceRelationsForResources:n=>s(e.httpClient.post(E.reDeleteResourceRelationsForResources,{resources:n},{token:t})),deleteRelationsForIds:n=>s(e.httpClient.post(E.reDeleteResources,{resources:n},{token:t})),hasRelations:n=>s(e.httpClient.post(E.hasRelations,{relationQueries:n},{token:t}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>s(e.httpClient.post(E.who,{resource:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(n,o=!1)=>s(e.httpClient.post(E.resource,{resource:n,ignoreTargetSetRelations:o},{token:t}),(e=>e.relations)),targetsRelations:(n,o=!1)=>s(e.httpClient.post(E.targets,{targets:n,includeTargetSetRelations:o},{token:t}),(e=>e.relations)),whatCanTargetAccess:n=>s(e.httpClient.post(E.targetAll,{target:n},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,o,a)=>s(e.httpClient.post(E.targetWithRelation,{target:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>s(e.httpClient.post(E.getModified,{since:n?n.getTime():0},{token:t}),(e=>e))}),_=(e,t)=>({createOidcApplication:n=>{var o;return s(e.httpClient.post(f.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:n=>{var o;return s(e.httpClient.post(f.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:n=>s(e.httpClient.post(f.oidcUpdate,Object.assign({},n),{token:t})),updateSamlApplication:n=>s(e.httpClient.post(f.samlUpdate,Object.assign({},n),{token:t})),delete:n=>s(e.httpClient.post(f.delete,{id:n},{token:t})),load:n=>s(e.httpClient.get(f.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.apps))}),X=(e,t)=>({getSettings:n=>s(e.httpClient.get(w.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(w.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t}))}),Y=(e,t)=>({saveSchema:n=>s(e.httpClient.post(M.schema,n,{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),createRelations:n=>s(e.httpClient.post(M.relations,{tuples:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(M.deleteRelations,{tuples:n},{token:t})),check:n=>s(e.httpClient.post(M.check,{tuples:n},{token:t}),(e=>e.tuples)),loadResourcesDetails:n=>s(e.httpClient.post(M.resourcesLoad,{resourceIdentifiers:n},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:n=>s(e.httpClient.post(M.resourcesSave,{resourcesDetails:n},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(M.relations,{token:t}))}),Z=(e,t)=>({createApplication:n=>s(e.httpClient.post(I.create,Object.assign({},n),{token:t})),updateApplication:n=>s(e.httpClient.post(I.update,Object.assign({},n),{token:t})),patchApplication:n=>s(e.httpClient.post(I.patch,Object.assign({},n),{token:t})),deleteApplication:n=>s(e.httpClient.post(I.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(I.load,{queryParams:{id:n},token:t}),(e=>e)),loadAllApplications:()=>s(e.httpClient.get(I.loadAll,{token:t}),(e=>e.apps)),getApplicationSecret:n=>s(e.httpClient.get(I.secret,{queryParams:{id:n},token:t}),(e=>e)),rotateApplicationSecret:n=>s(e.httpClient.post(I.rotate,{id:n},{token:t})),searchConsents:n=>s(e.httpClient.post(y.search,Object.assign({},n),{token:t}),(e=>e.consents)),deleteConsents:n=>s(e.httpClient.post(y.delete,Object.assign({},n),{token:t}))}),ee=(e,t)=>({createApplication:n=>s(e.httpClient.post(b.create,Object.assign({},n),{token:t}),(e=>e.app)),updateApplication:n=>s(e.httpClient.post(b.update,{app:n},{token:t}),(e=>e.app)),deleteApplication:n=>s(e.httpClient.post(b.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(`${b.load}/${n}`,{token:t}),(e=>e.app)),loadAllApplications:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.apps)),fetchTokenByScopes:(n,o,a,i,r)=>s(e.httpClient.post(b.fetchTokenByScopes,{appId:n,userId:o,scopes:a,options:i,tenantId:r},{token:t}),(e=>e.token)),fetchToken:(n,o,a,i)=>s(e.httpClient.post(b.fetchToken,{appId:n,userId:o,tenantId:a,options:i},{token:t}),(e=>e.token)),fetchTenantTokenByScopes:(n,o,a,i)=>s(e.httpClient.post(b.fetchTenantTokenByScopes,{appId:n,tenantId:o,scopes:a,options:i},{token:t}),(e=>e.token)),fetchTenantToken:(n,o,a)=>s(e.httpClient.post(b.fetchTenantToken,{appId:n,tenantId:o,options:a},{token:t}),(e=>e.token))});const te=s=>{var r,{managementKey:l,publicKey:p}=s,h=e(s,["managementKey","publicKey"]);const v=t(Object.assign(Object.assign({fetch:d},h),{baseHeaders:Object.assign(Object.assign({},h.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.9"})})),{projectId:k,logger:C}=h,f={},I=((e,t)=>({user:D(e,t),project:L(e,t),accessKey:G(e,t),tenant:F(e,t),ssoApplication:_(e,t),inboundApplication:Z(e,t),outboundApplication:ee(e,t),sso:K(e,t),jwt:z(e,t),permission:q(e,t),password:X(e,t),role:$(e,t),group:B(e,t),flow:W(e,t),theme:V(e,t),audit:H(e,t),authz:Q(e,t),fga:Y(e,t)}))(v,l),y=Object.assign(Object.assign({},v),{refresh:async e=>v.refresh(e),management:I,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(f[e.kid])return f[e.kid];if(Object.assign(f,await(async()=>{if(p)try{const e=JSON.parse(p),t=await i(e);return{[e.kid]:t}}catch(e){throw null==C||C.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await v.httpClient.get(`v2/keys/${k}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!f[e.kid])throw Error("failed to fetch matching key");return f[e.kid]},async validateJwt(e){var t;const s=(await o(e,y.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==k))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await y.validateJwt(e)}catch(e){throw null==C||C.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s,n,o,a,i;if(!e)throw Error("refresh token is required to refresh a session");try{await y.validateJwt(e);const r=await y.refresh(e);if(r.ok){const e=m(null===(s=null===(t=r.data)||void 0===t?void 0:t.cookies)||void 0===s?void 0:s.join(";"),"DS")||(null===(n=r.data)||void 0===n?void 0:n.sessionJwt),i=await y.validateJwt(e);return i.cookies=(null===(o=r.data)||void 0===o?void 0:o.cookies)||[],(null===(a=r.data)||void 0===a?void 0:a.refreshJwt)&&(i.refreshJwt=r.data.refreshJwt),i}throw Error(null===(i=r.error)||void 0===i?void 0:i.errorMessage)}catch(e){throw null==C||C.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await y.validateSession(e)}catch(e){null==C||C.log(`session validation failed with error ${e} - trying to refresh it`)}return y.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await y.accessKey.exchange(e,t)}catch(e){throw null==C||C.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==C||C.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=n.data;if(!o)throw null==C||C.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await y.validateJwt(o)}catch(e){throw null==C||C.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>y.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>y.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!u(e,t))return!1;const n=g(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!u(e,t))return[];const n=g(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>y.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>y.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!u(e,t))return!1;const n=g(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!u(e,t))return[];const n=g(e,"roles",t);return s.filter((e=>n.includes(e)))}});return n(y,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],c)};te.RefreshTokenCookieName="DSR",te.SessionTokenCookieName="DS",te.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{te as default};
+import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as n}from"@descope/core-js-sdk";import{jwtVerify as o,errors as a,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";var p;null!==(p=globalThis.Headers)&&void 0!==p||(globalThis.Headers=r);const d=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),m=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null},c=t=>async(...s)=>{var n,o,a;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,p=e(r,["refreshJwt"]);const d=[];var c;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(c=p)?void 0:c.cookieDomain)||""}; Max-Age=${(null==c?void 0:c.cookieMaxAge)||""}; Path=${(null==c?void 0:c.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=m(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:d})})};function g(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function u(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var h={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},v={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},k={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},C={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},f={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},y={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},I={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},b={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps",fetchToken:"/v1/mgmt/outbound/app/user/token/latest",fetchTokenByScopes:"/v1/mgmt/outbound/app/user/token",fetchTenantToken:"/v1/mgmt/outbound/app/tenant/token/latest",fetchTenantTokenByScopes:"/v1/mgmt/outbound/app/tenant/token"},A={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},S={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous"},O={settings:"/v1/mgmt/password/settings"},w={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},T={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},j={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import",run:"/v1/mgmt/flow/run"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},N={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},P={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},E={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},M={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"};function U(t){return t.map((t=>{var{roles:s}=t,n=e(t,["roles"]);return Object.assign(Object.assign({},n),{roleNames:s})}))}function x(e){if(e&&0!==Object.keys(e).length)return Object.fromEntries(Object.entries(e).map((([e,t])=>[e,{values:t}])))}const D=(e,t)=>({create:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(h.create,C,{token:t}),(e=>e.user))},createTestUser:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return s(e.httpClient.post(h.createTestUser,C,{token:t}),(e=>e.user))},invite:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k,C,f,y,I){const b="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,inviteUrl:g,sendMail:u,sendSMS:v,additionalLoginIds:y,templateId:I}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return s(e.httpClient.post(h.create,b,{token:t}),(e=>e.user))},inviteBatch:(n,o,a,i,r,l)=>s(e.httpClient.post(h.createBatch,{users:U(n),invite:!0,inviteUrl:o,sendMail:a,sendSMS:i,templateOptions:r,templateId:l},{token:t}),(e=>e)),createBatch:n=>s(e.httpClient.post(h.createBatch,{users:U(n)},{token:t}),(e=>e)),update:function(n,o,a,i,r,l,p,d,m,c,g,u,v,k){const C="string"==typeof o?{loginId:n,email:o,phone:a,displayName:i,givenName:g,middleName:u,familyName:v,roleNames:r,userTenants:l,customAttributes:p,picture:d,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return s(e.httpClient.post(h.update,C,{token:t}),(e=>e.user))},patch:function(n,o){const a={loginId:n};return void 0!==o.email&&(a.email=o.email),void 0!==o.phone&&(a.phone=o.phone),void 0!==o.displayName&&(a.displayName=o.displayName),void 0!==o.givenName&&(a.givenName=o.givenName),void 0!==o.middleName&&(a.middleName=o.middleName),void 0!==o.familyName&&(a.familyName=o.familyName),void 0!==o.roles&&(a.roleNames=o.roles),void 0!==o.userTenants&&(a.userTenants=o.userTenants),void 0!==o.customAttributes&&(a.customAttributes=o.customAttributes),void 0!==o.picture&&(a.picture=o.picture),void 0!==o.verifiedEmail&&(a.verifiedEmail=o.verifiedEmail),void 0!==o.verifiedPhone&&(a.verifiedPhone=o.verifiedPhone),void 0!==o.ssoAppIds&&(a.ssoAppIds=o.ssoAppIds),void 0!==o.scim&&(a.scim=o.scim),s(e.httpClient.patch(h.patch,a,{token:t}),(e=>e.user))},delete:n=>s(e.httpClient.post(h.delete,{loginId:n},{token:t})),deleteByUserId:n=>s(e.httpClient.post(h.delete,{userId:n},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(h.deleteAllTestUsers,{token:t})),load:n=>s(e.httpClient.get(h.load,{queryParams:{loginId:n},token:t}),(e=>e.user)),loadByUserId:n=>s(e.httpClient.get(h.load,{queryParams:{userId:n},token:t}),(e=>e.user)),logoutUser:n=>s(e.httpClient.post(h.logout,{loginId:n},{token:t})),logoutUserByUserId:n=>s(e.httpClient.post(h.logout,{userId:n},{token:t})),searchAll:(n,o,a,i,r,l,p,d,m,c)=>s(e.httpClient.post(h.search,{tenantIds:n,roleNames:o,limit:a,page:i,testUsersOnly:r,withTestUser:l,customAttributes:p,statuses:d,emails:m,phones:c},{token:t}),(e=>e.users)),searchTestUsers:n=>s(e.httpClient.post(h.searchTestUsers,Object.assign(Object.assign({},n),{withTestUser:!0,testUsersOnly:!0,roleNames:n.roles,roles:void 0,tenantRoleIds:x(n.tenantRoleIds),tenantRoleNames:x(n.tenantRoleNames)}),{token:t}),(e=>e.users)),search:n=>s(e.httpClient.post(h.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0,tenantRoleIds:x(n.tenantRoleIds),tenantRoleNames:x(n.tenantRoleNames)}),{token:t}),(e=>e.users)),getProviderToken:(n,o,a)=>s(e.httpClient.get(h.getProviderToken,{queryParams:{loginId:n,provider:o,withRefreshToken:(null==a?void 0:a.withRefreshToken)?"true":"false",forceRefresh:(null==a?void 0:a.forceRefresh)?"true":"false"},token:t}),(e=>e)),activate:n=>s(e.httpClient.post(h.updateStatus,{loginId:n,status:"enabled"},{token:t}),(e=>e.user)),deactivate:n=>s(e.httpClient.post(h.updateStatus,{loginId:n,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(n,o)=>s(e.httpClient.post(h.updateLoginId,{loginId:n,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(n,o,a)=>s(e.httpClient.post(h.updateEmail,{loginId:n,email:o,verified:a},{token:t}),(e=>e.user)),updatePhone:(n,o,a)=>s(e.httpClient.post(h.updatePhone,{loginId:n,phone:o,verified:a},{token:t}),(e=>e.user)),updateDisplayName:(n,o,a,i,r)=>s(e.httpClient.post(h.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(n,o)=>s(e.httpClient.post(h.updatePicture,{loginId:n,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>s(e.httpClient.post(h.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:t}),(e=>e.user)),setRoles:(n,o)=>s(e.httpClient.post(h.setRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addRoles:(n,o)=>s(e.httpClient.post(h.addRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(n,o)=>s(e.httpClient.post(h.removeRole,{loginId:n,roleNames:o},{token:t}),(e=>e.user)),addTenant:(n,o)=>s(e.httpClient.post(h.addTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(n,o)=>s(e.httpClient.post(h.removeTenant,{loginId:n,tenantId:o},{token:t}),(e=>e.user)),setTenantRoles:(n,o,a)=>s(e.httpClient.post(h.setRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addTenantRoles:(n,o,a)=>s(e.httpClient.post(h.addRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),removeTenantRoles:(n,o,a)=>s(e.httpClient.post(h.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:t}),(e=>e.user)),addSSOapps:(n,o)=>s(e.httpClient.post(h.addSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),setSSOapps:(n,o)=>s(e.httpClient.post(h.setSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),removeSSOapps:(n,o)=>s(e.httpClient.post(h.removeSSOApps,{loginId:n,ssoAppIds:o},{token:t}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>s(e.httpClient.post(h.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:t}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,i)=>s(e.httpClient.post(h.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>s(e.httpClient.post(h.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:t}),(e=>e)),generateEmbeddedLink:(n,o,a)=>s(e.httpClient.post(h.generateEmbeddedLink,{loginId:n,customClaims:o,timeout:a},{token:t}),(e=>e)),generateSignUpEmbeddedLink:(n,o,a,i,r,l)=>s(e.httpClient.post(h.generateSignUpEmbeddedLink,{loginId:n,user:o,emailVerified:a,phoneVerified:i,loginOptions:r,timeout:l},{token:t}),(e=>e)),setTemporaryPassword:(n,o)=>s(e.httpClient.post(h.setTemporaryPassword,{loginId:n,password:o},{token:t}),(e=>e)),setActivePassword:(n,o)=>s(e.httpClient.post(h.setActivePassword,{loginId:n,password:o},{token:t}),(e=>e)),setPassword:(n,o)=>s(e.httpClient.post(h.setPassword,{loginId:n,password:o},{token:t}),(e=>e)),expirePassword:n=>s(e.httpClient.post(h.expirePassword,{loginId:n},{token:t}),(e=>e)),removeAllPasskeys:n=>s(e.httpClient.post(h.removeAllPasskeys,{loginId:n},{token:t}),(e=>e)),removeTOTPSeed:n=>s(e.httpClient.post(h.removeTOTPSeed,{loginId:n},{token:t}),(e=>e)),history:n=>s(e.httpClient.post(h.history,n,{token:t}),(e=>e))}),L=(e,t)=>({updateName:n=>s(e.httpClient.post(v.updateName,{name:n},{token:t})),updateTags:n=>s(e.httpClient.post(v.updateTags,{tags:n},{token:t})),clone:(n,o,a)=>s(e.httpClient.post(v.clone,{name:n,environment:o,tags:a},{token:t})),listProjects:async()=>s(e.httpClient.post(v.projectsList,{},{token:t}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:n})=>({id:e,name:t,environment:s,tags:n}))))),exportSnapshot:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t})),importSnapshot:n=>s(e.httpClient.post(v.importSnapshot,n,{token:t})),validateSnapshot:n=>s(e.httpClient.post(v.validateSnapshot,n,{token:t})),export:()=>s(e.httpClient.post(v.exportSnapshot,{},{token:t}),(e=>e.files)),import:n=>s(e.httpClient.post(v.importSnapshot,{files:n},{token:t}))}),F=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(C.create,{name:n,selfProvisioningDomains:o,customAttributes:a,enforceSSO:i,disabled:r},{token:t})),createWithId:(n,o,a,i,r,l)=>s(e.httpClient.post(C.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(C.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:i,enforceSSO:r,disabled:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(C.delete,{id:n,cascade:o},{token:t})),load:n=>s(e.httpClient.get(C.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(C.loadAll,{token:t}),(e=>e.tenants)),searchAll:(n,o,a,i)=>s(e.httpClient.post(C.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:n=>s(e.httpClient.get(C.settings,{queryParams:{id:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(C.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t})),generateSSOConfigurationLink:(n,o,a,i,r)=>s(e.httpClient.post(C.generateSSOConfigurationLink,{tenantId:n,expireTime:o,ssoId:a,email:i,templateId:r},{token:t}),(e=>e))}),q=(e,t)=>({update:(n,o,a)=>s(e.httpClient.post(S.update,{jwt:n,customClaims:o,refreshDuration:a},{token:t})),impersonate:(n,o,a,i,r,l)=>s(e.httpClient.post(S.impersonate,{impersonatorId:n,loginId:o,validateConsent:a,customClaims:i,selectedTenant:r,refreshDuration:l},{token:t})),stopImpersonation:(n,o,a,i)=>s(e.httpClient.post(S.stopImpersonation,{jwt:n,customClaims:o,selectedTenant:a,refreshDuration:i},{token:t})),signIn:(n,o)=>s(e.httpClient.post(S.signIn,Object.assign({loginId:n},o),{token:t})),signUp:(n,o,a)=>s(e.httpClient.post(S.signUp,Object.assign({loginId:n,user:o},a),{token:t})),signUpOrIn:(n,o,a)=>s(e.httpClient.post(S.signUpOrIn,Object.assign({loginId:n,user:o},a),{token:t})),anonymous:(n,o,a)=>s(e.httpClient.post(S.anonymous,{customClaims:n,selectedTenant:o,refreshDuration:a},{token:t}))}),z=(e,t)=>({create:(n,o)=>s(e.httpClient.post(w.create,{name:n,description:o},{token:t})),update:(n,o,a)=>s(e.httpClient.post(w.update,{name:n,newName:o,description:a},{token:t})),delete:n=>s(e.httpClient.post(w.delete,{name:n},{token:t})),loadAll:()=>s(e.httpClient.get(w.loadAll,{token:t}),(e=>e.permissions))}),$=(e,t)=>({create:(n,o,a,i,r)=>s(e.httpClient.post(T.create,{name:n,description:o,permissionNames:a,tenantId:i,default:r},{token:t})),update:(n,o,a,i,r,l)=>s(e.httpClient.post(T.update,{name:n,newName:o,description:a,permissionNames:i,tenantId:r,default:l},{token:t})),delete:(n,o)=>s(e.httpClient.post(T.delete,{name:n,tenantId:o},{token:t})),loadAll:()=>s(e.httpClient.get(T.loadAll,{token:t}),(e=>e.roles)),search:n=>s(e.httpClient.post(T.search,n,{token:t}),(e=>e.roles))}),B=(e,t)=>({loadAllGroups:n=>s(e.httpClient.post(N.loadAllGroups,{tenantId:n},{token:t})),loadAllGroupsForMember:(n,o,a)=>s(e.httpClient.post(N.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:t})),loadAllGroupMembers:(n,o)=>s(e.httpClient.post(N.loadAllGroupMembers,{tenantId:n,groupId:o},{token:t}))});function J(e){var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}const K=(e,t)=>({getSettings:n=>s(e.httpClient.get(A.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),newSettings:(n,o,a)=>s(e.httpClient.post(A.settingsNew,Object.assign(Object.assign({tenantId:n},o?{ssoId:o}:{}),{displayName:a}),{token:t}),(e=>J(e))),deleteSettings:(n,o)=>s(e.httpClient.delete(A.settings,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t})),configureSettings:(n,o,a,i,r,l)=>s(e.httpClient.post(A.settings,{tenantId:n,idpURL:o,entityId:i,idpCert:a,redirectURL:r,domains:l},{token:t})),configureMetadata:(n,o,a,i)=>s(e.httpClient.post(A.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:i},{token:t})),configureMapping:(n,o,a)=>s(e.httpClient.post(A.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:t})),configureOIDCSettings:(n,o,a,i)=>{const r=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete r.attributeMapping,s(e.httpClient.post(A.oidc.configure,Object.assign({tenantId:n,settings:r,domains:a},i?{ssoId:i}:{}),{token:t}))},configureSAMLSettings:(n,o,a,i,r)=>s(e.httpClient.post(A.saml.configure,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),configureSAMLByMetadata:(n,o,a,i,r)=>s(e.httpClient.post(A.saml.metadata,Object.assign({tenantId:n,settings:o,redirectUrl:a,domains:i},r?{ssoId:r}:{}),{token:t})),loadSettings:(n,o)=>s(e.httpClient.get(A.settingsv2,{queryParams:Object.assign({tenantId:n},o?{ssoId:o}:{}),token:t}),(e=>J(e))),loadAllSettings:n=>s(e.httpClient.get(A.settingsAllV2,{queryParams:{tenantId:n},token:t}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(J(e)))),s}(e)))}),G=(e,t)=>({create:(n,o,a,i,r,l,p,d)=>s(e.httpClient.post(k.create,{name:n,expireTime:o,roleNames:a,keyTenants:i,userId:r,customClaims:l,description:p,permittedIps:d},{token:t})),load:n=>s(e.httpClient.get(k.load,{queryParams:{id:n},token:t}),(e=>e.key)),searchAll:n=>s(e.httpClient.post(k.search,{tenantIds:n},{token:t}),(e=>e.keys)),update:(n,o,a,i,r,l,p)=>s(e.httpClient.post(k.update,{id:n,name:o,description:a,roleNames:i,keyTenants:r,customClaims:l,permittedIps:p},{token:t}),(e=>e.key)),deactivate:n=>s(e.httpClient.post(k.deactivate,{id:n},{token:t})),activate:n=>s(e.httpClient.post(k.activate,{id:n},{token:t})),delete:n=>s(e.httpClient.post(k.delete,{id:n},{token:t}))}),W=(e,t)=>({list:()=>s(e.httpClient.post(j.list,{},{token:t})),delete:n=>s(e.httpClient.post(j.delete,{ids:n},{token:t})),export:n=>s(e.httpClient.post(j.export,{flowId:n},{token:t})),import:(n,o,a)=>s(e.httpClient.post(j.import,{flowId:n,flow:o,screens:a},{token:t})),run:(n,o)=>s(e.httpClient.post(j.run,{flowId:n,options:o},{token:t}),(e=>null==e?void 0:e.output))}),V=(e,t)=>({export:()=>s(e.httpClient.post(R.export,{},{token:t})),import:n=>s(e.httpClient.post(R.import,{theme:n},{token:t}))}),H=(e,t)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,s(e.httpClient.post(P.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:n=>{const o=Object.assign({},n);return s(e.httpClient.post(P.createEvent,o,{token:t}))}}),Q=(e,t)=>({saveSchema:(n,o)=>s(e.httpClient.post(E.schemaSave,{schema:n,upgrade:o},{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(E.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(n,o,a)=>s(e.httpClient.post(E.nsSave,{namespace:n,oldName:o,schemaName:a},{token:t})),deleteNamespace:(n,o)=>s(e.httpClient.post(E.nsDelete,{name:n,schemaName:o},{token:t})),saveRelationDefinition:(n,o,a,i)=>s(e.httpClient.post(E.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:i},{token:t})),deleteRelationDefinition:(n,o,a)=>s(e.httpClient.post(E.rdDelete,{name:n,namespace:o,schemaName:a},{token:t})),createRelations:n=>s(e.httpClient.post(E.reCreate,{relations:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(E.reDelete,{relations:n},{token:t})),deleteRelationsForResources:n=>s(e.httpClient.post(E.reDeleteResources,{resources:n},{token:t})),deleteResourceRelationsForResources:n=>s(e.httpClient.post(E.reDeleteResourceRelationsForResources,{resources:n},{token:t})),deleteRelationsForIds:n=>s(e.httpClient.post(E.reDeleteResources,{resources:n},{token:t})),hasRelations:n=>s(e.httpClient.post(E.hasRelations,{relationQueries:n},{token:t}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>s(e.httpClient.post(E.who,{resource:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.targets)),resourceRelations:(n,o=!1)=>s(e.httpClient.post(E.resource,{resource:n,ignoreTargetSetRelations:o},{token:t}),(e=>e.relations)),targetsRelations:(n,o=!1)=>s(e.httpClient.post(E.targets,{targets:n,includeTargetSetRelations:o},{token:t}),(e=>e.relations)),whatCanTargetAccess:n=>s(e.httpClient.post(E.targetAll,{target:n},{token:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(n,o,a)=>s(e.httpClient.post(E.targetWithRelation,{target:n,relationDefinition:o,namespace:a},{token:t}),(e=>e.resources.map((e=>({resource:e}))))),getModified:n=>s(e.httpClient.post(E.getModified,{since:n?n.getTime():0},{token:t}),(e=>e))}),_=(e,t)=>({createOidcApplication:n=>{var o;return s(e.httpClient.post(f.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},createSamlApplication:n=>{var o;return s(e.httpClient.post(f.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:t}))},updateOidcApplication:n=>s(e.httpClient.post(f.oidcUpdate,Object.assign({},n),{token:t})),updateSamlApplication:n=>s(e.httpClient.post(f.samlUpdate,Object.assign({},n),{token:t})),delete:n=>s(e.httpClient.post(f.delete,{id:n},{token:t})),load:n=>s(e.httpClient.get(f.load,{queryParams:{id:n},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.apps))}),X=(e,t)=>({getSettings:n=>s(e.httpClient.get(O.settings,{queryParams:{tenantId:n},token:t}),(e=>e)),configureSettings:(n,o)=>s(e.httpClient.post(O.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:t}))}),Y=(e,t)=>({saveSchema:n=>s(e.httpClient.post(M.schema,n,{token:t})),deleteSchema:()=>s(e.httpClient.post(E.schemaDelete,{},{token:t})),createRelations:n=>s(e.httpClient.post(M.relations,{tuples:n},{token:t})),deleteRelations:n=>s(e.httpClient.post(M.deleteRelations,{tuples:n},{token:t})),check:n=>s(e.httpClient.post(M.check,{tuples:n},{token:t}),(e=>e.tuples)),loadResourcesDetails:n=>s(e.httpClient.post(M.resourcesLoad,{resourceIdentifiers:n},{token:t}),(e=>e.resourcesDetails)),saveResourcesDetails:n=>s(e.httpClient.post(M.resourcesSave,{resourcesDetails:n},{token:t})),deleteAllRelations:()=>s(e.httpClient.delete(M.relations,{token:t}))}),Z=(e,t)=>({createApplication:n=>s(e.httpClient.post(y.create,Object.assign({},n),{token:t})),updateApplication:n=>s(e.httpClient.post(y.update,Object.assign({},n),{token:t})),patchApplication:n=>s(e.httpClient.post(y.patch,Object.assign({},n),{token:t})),deleteApplication:n=>s(e.httpClient.post(y.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(y.load,{queryParams:{id:n},token:t}),(e=>e)),loadAllApplications:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.apps)),getApplicationSecret:n=>s(e.httpClient.get(y.secret,{queryParams:{id:n},token:t}),(e=>e)),rotateApplicationSecret:n=>s(e.httpClient.post(y.rotate,{id:n},{token:t})),searchConsents:n=>s(e.httpClient.post(I.search,Object.assign({},n),{token:t}),(e=>e.consents)),deleteConsents:n=>s(e.httpClient.post(I.delete,Object.assign({},n),{token:t}))}),ee=(e,t)=>({createApplication:n=>s(e.httpClient.post(b.create,Object.assign({},n),{token:t}),(e=>e.app)),updateApplication:n=>s(e.httpClient.post(b.update,{app:n},{token:t}),(e=>e.app)),deleteApplication:n=>s(e.httpClient.post(b.delete,{id:n},{token:t})),loadApplication:n=>s(e.httpClient.get(`${b.load}/${n}`,{token:t}),(e=>e.app)),loadAllApplications:()=>s(e.httpClient.get(b.loadAll,{token:t}),(e=>e.apps)),fetchTokenByScopes:(n,o,a,i,r)=>s(e.httpClient.post(b.fetchTokenByScopes,{appId:n,userId:o,scopes:a,options:i,tenantId:r},{token:t}),(e=>e.token)),fetchToken:(n,o,a,i)=>s(e.httpClient.post(b.fetchToken,{appId:n,userId:o,tenantId:a,options:i},{token:t}),(e=>e.token)),fetchTenantTokenByScopes:(n,o,a,i)=>s(e.httpClient.post(b.fetchTenantTokenByScopes,{appId:n,tenantId:o,scopes:a,options:i},{token:t}),(e=>e.token)),fetchTenantToken:(n,o,a)=>s(e.httpClient.post(b.fetchTenantToken,{appId:n,tenantId:o,options:a},{token:t}),(e=>e.token))});const te=s=>{var r,l,{authManagementKey:p,managementKey:h,publicKey:v}=s,k=e(s,["authManagementKey","managementKey","publicKey"]);const C=t(Object.assign(Object.assign({fetch:d},k),{baseHeaders:Object.assign(Object.assign({},k.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"1.7.12"}),hooks:Object.assign(Object.assign({},k.hooks),{beforeRequest:[e=>(p&&(e.token=e.token?`${e.token}:${p}`:p),e)].concat((null===(l=k.hooks)||void 0===l?void 0:l.beforeRequest)||[])})})),{projectId:f,logger:y}=k,I={},b=((e,t)=>({user:D(e,t),project:L(e,t),accessKey:G(e,t),tenant:F(e,t),ssoApplication:_(e,t),inboundApplication:Z(e,t),outboundApplication:ee(e,t),sso:K(e,t),jwt:q(e,t),permission:z(e,t),password:X(e,t),role:$(e,t),group:B(e,t),flow:W(e,t),theme:V(e,t),audit:H(e,t),authz:Q(e,t),fga:Y(e,t)}))(C,h),A=Object.assign(Object.assign({},C),{refresh:async e=>C.refresh(e),management:b,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(I[e.kid])return I[e.kid];if(Object.assign(I,await(async()=>{if(v)try{const e=JSON.parse(v),t=await i(e);return{[e.kid]:t}}catch(e){throw null==y||y.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await C.httpClient.get(`v2/keys/${f}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!I[e.kid])throw Error("failed to fetch matching key");return I[e.kid]},async validateJwt(e){var t;const s=(await o(e,A.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==f))throw new a.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await A.validateJwt(e)}catch(e){throw null==y||y.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s,n,o,a,i;if(!e)throw Error("refresh token is required to refresh a session");try{await A.validateJwt(e);const r=await A.refresh(e);if(r.ok){const e=m(null===(s=null===(t=r.data)||void 0===t?void 0:t.cookies)||void 0===s?void 0:s.join(";"),"DS")||(null===(n=r.data)||void 0===n?void 0:n.sessionJwt),i=await A.validateJwt(e);return i.cookies=(null===(o=r.data)||void 0===o?void 0:o.cookies)||[],(null===(a=r.data)||void 0===a?void 0:a.refreshJwt)&&(i.refreshJwt=r.data.refreshJwt),i}throw Error(null===(i=r.error)||void 0===i?void 0:i.errorMessage)}catch(e){throw null==y||y.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await A.validateSession(e)}catch(e){null==y||y.log(`session validation failed with error ${e} - trying to refresh it`)}return A.refreshSession(t)},async exchangeAccessKey(e,t){var s;if(!e)throw Error("access key must not be empty");let n;try{n=await A.accessKey.exchange(e,t)}catch(e){throw null==y||y.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!n.ok)throw null==y||y.error("failed to exchange access key",n.error),Error(`could not exchange access key - ${null===(s=n.error)||void 0===s?void 0:s.errorMessage}`);const{sessionJwt:o}=n.data;if(!o)throw null==y||y.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await A.validateJwt(o)}catch(e){throw null==y||y.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>A.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>A.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!u(e,t))return!1;const n=g(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!u(e,t))return[];const n=g(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>A.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>A.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!u(e,t))return!1;const n=g(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!u(e,t))return[];const n=g(e,"roles",t);return s.filter((e=>n.includes(e)))}});return n(A,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],c)};te.RefreshTokenCookieName="DSR",te.SessionTokenCookieName="DS",te.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{te as default};
 //# sourceMappingURL=index.esm.js.map