@descope/node-sdk 1.9.1 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +10 -3
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +88 -51
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/package.json +3 -3
package/dist/index.d.ts CHANGED
@@ -81,6 +81,10 @@ declare type SamlApplicationOptions = {
81
81
  defaultRelayState?: string;
82
82
  forceAuthentication?: boolean;
83
83
  logoutRedirectUrl?: string;
84
+ /** The signature algorithm used to sign SAML responses. Only applies to IdP-initiated flows —
85
+ * SP-initiated flows use the algorithm from the SP's SAML request.
86
+ * Use "sha256" for SHA-256; leave empty for the default (SHA-1). */
87
+ defaultSignatureAlgorithm?: string;
84
88
  };
85
89
  /**
86
90
  * Represents a SAML IDP attribute mapping object. Use this class for mapping Descope attribute
@@ -237,6 +241,10 @@ declare type SSOApplicationSAMLSettings = {
237
241
  forceAuthentication: boolean;
238
242
  idpLogoutUrl: string;
239
243
  logoutRedirectUrl: string;
244
+ /** The signature algorithm used to sign SAML responses. Only applies to IdP-initiated flows —
245
+ * SP-initiated flows use the algorithm from the SP's SAML request.
246
+ * "sha256" means SHA-256; empty string means the default (SHA-1). */
247
+ defaultSignatureAlgorithm?: string;
240
248
  };
241
249
  /** Represents an SSO application in a project. */
242
250
  declare type SSOApplication = {
@@ -534,6 +542,10 @@ declare type PatchUserBatchResponse = {
534
542
  failedUsers: UserFailedResponse[];
535
543
  additionalErrors: Record<string, string>;
536
544
  };
545
+ declare type UserSearchResponse = {
546
+ users: UserResponse[];
547
+ total: number;
548
+ };
537
549
  /**
538
550
  * Search options to filter which audit records we should retrieve.
539
551
  * All parameters are optional. `From` is currently limited to 30 days.
@@ -762,6 +774,7 @@ interface FGAResourceDetails {
762
774
  */
763
775
  declare type FGAConfig = {
764
776
  fgaCacheUrl?: string;
777
+ fgaCacheTimeoutMs?: number;
765
778
  managementKey?: string;
766
779
  projectId: string;
767
780
  headers: Record<string, string>;
@@ -1002,6 +1015,16 @@ interface PatchUserOptions {
1002
1015
  scim?: boolean;
1003
1016
  status?: UserStatus;
1004
1017
  }
1018
+ /** User options for batch patch operations, identifying the user by loginIdOrUserId or loginId */
1019
+ declare type PatchUserOptionsUsingIdentifier = PatchUserOptions & ({
1020
+ loginIdOrUserId: string;
1021
+ /** @deprecated Use loginIdOrUserId instead */
1022
+ loginId?: string;
1023
+ } | {
1024
+ /** @deprecated Use loginIdOrUserId instead */
1025
+ loginId: string;
1026
+ loginIdOrUserId?: string;
1027
+ });
1005
1028
 
1006
1029
  /** Configuration arguments which include the Descope core SDK args and an optional management key */
1007
1030
  declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {
@@ -1040,17 +1063,15 @@ declare const nodeSdk: {
1040
1063
  createBatch: (users: User[]) => Promise<SdkResponse<CreateOrInviteBatchResponse>>;
1041
1064
  deleteBatch: (userIds: string[]) => Promise<SdkResponse<never>>;
1042
1065
  update: {
1043
- (loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1044
- (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1066
+ (loginIdOrUserId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1067
+ (loginIdOrUserId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1045
1068
  };
1046
- patch: (loginId: string, options: PatchUserOptions) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1047
- patchBatch: (users: ({
1048
- loginId: string;
1049
- } & PatchUserOptions)[]) => Promise<SdkResponse<PatchUserBatchResponse>>;
1050
- delete: (loginId: string) => Promise<SdkResponse<never>>;
1069
+ patch: (loginIdOrUserId: string, options: PatchUserOptions) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1070
+ patchBatch: (users: PatchUserOptionsUsingIdentifier[]) => Promise<SdkResponse<PatchUserBatchResponse>>;
1071
+ delete: (loginIdOrUserId: string) => Promise<SdkResponse<never>>;
1051
1072
  deleteByUserId: (userId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1052
1073
  deleteAllTestUsers: () => Promise<SdkResponse<never>>;
1053
- load: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1074
+ load: (loginIdOrUserId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1054
1075
  loadByUserId: (userId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1055
1076
  logoutUser: (loginId: string) => Promise<SdkResponse<never>>;
1056
1077
  logoutUserByUserId: (userId: string) => Promise<SdkResponse<never>>;
@@ -1087,7 +1108,7 @@ declare const nodeSdk: {
1087
1108
  values: string[];
1088
1109
  and?: boolean;
1089
1110
  }>;
1090
- }) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
1111
+ }) => Promise<SdkResponse<UserSearchResponse>>;
1091
1112
  search: (searchReq: {
1092
1113
  page?: number;
1093
1114
  limit?: number;
@@ -1119,27 +1140,27 @@ declare const nodeSdk: {
1119
1140
  values: string[];
1120
1141
  and?: boolean;
1121
1142
  }>;
1122
- }) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
1143
+ }) => Promise<SdkResponse<UserSearchResponse>>;
1123
1144
  getProviderToken: (loginId: string, provider: string, providerTokenOptions?: ProviderTokenOptions) => Promise<SdkResponse<ProviderTokenResponse>>;
1124
- activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1125
- deactivate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1145
+ activate: (loginIdOrUserId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1146
+ deactivate: (loginIdOrUserId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1126
1147
  updateLoginId: (loginId: string, newLoginId?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1127
- updateEmail: (loginId: string, email: string, isVerified: boolean, failOnConflict?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1128
- updatePhone: (loginId: string, phone: string, isVerified: boolean, failOnConflict?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1129
- updateDisplayName: (loginId: string, displayName?: string, givenName?: string, middleName?: string, familyName?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1130
- updatePicture: (loginId: string, picture: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1131
- updateCustomAttribute: (loginId: string, attributeKey: string, attributeValue: AttributesTypes) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1132
- setRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1133
- addRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1134
- removeRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1135
- addTenant: (loginId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1136
- removeTenant: (loginId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1137
- setTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1138
- addTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1139
- removeTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1140
- addSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1141
- setSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1142
- removeSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1148
+ updateEmail: (loginIdOrUserId: string, email: string, isVerified: boolean, failOnConflict?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1149
+ updatePhone: (loginIdOrUserId: string, phone: string, isVerified: boolean, failOnConflict?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1150
+ updateDisplayName: (loginIdOrUserId: string, displayName?: string, givenName?: string, middleName?: string, familyName?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1151
+ updatePicture: (loginIdOrUserId: string, picture: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1152
+ updateCustomAttribute: (loginIdOrUserId: string, attributeKey: string, attributeValue: AttributesTypes) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1153
+ setRoles: (loginIdOrUserId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1154
+ addRoles: (loginIdOrUserId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1155
+ removeRoles: (loginIdOrUserId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1156
+ addTenant: (loginIdOrUserId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1157
+ removeTenant: (loginIdOrUserId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1158
+ setTenantRoles: (loginIdOrUserId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1159
+ addTenantRoles: (loginIdOrUserId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1160
+ removeTenantRoles: (loginIdOrUserId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1161
+ addSSOapps: (loginIdOrUserId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1162
+ setSSOapps: (loginIdOrUserId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1163
+ removeSSOapps: (loginIdOrUserId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
1143
1164
  generateOTPForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
1144
1165
  generateMagicLinkForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
1145
1166
  generateEnchantedLinkForTestUser: (loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
@@ -1172,18 +1193,18 @@ declare const nodeSdk: {
1172
1193
  import: (files: Record<string, any>) => Promise<SdkResponse<never>>;
1173
1194
  };
1174
1195
  accessKey: {
1175
- create: (name: string, expireTime: number, roles?: string[], tenants?: AssociatedTenant[], userId?: string, customClaims?: Record<string, any>, description?: string, permittedIps?: string[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
1196
+ create: (name: string, expireTime: number, roles?: string[], tenants?: AssociatedTenant[], userId?: string, customClaims?: Record<string, any>, description?: string, permittedIps?: string[], customAttributes?: Record<string, any>) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
1176
1197
  load: (id: string) => Promise<SdkResponse<AccessKey>>;
1177
- searchAll: (tenantIds?: string[]) => Promise<SdkResponse<AccessKey[]>>;
1178
- update: (id: string, name: string, description?: string, roles?: string[], tenants?: AssociatedTenant[], customClaims?: Record<string, any>, permittedIps?: string[]) => Promise<SdkResponse<AccessKey>>;
1198
+ searchAll: (tenantIds?: string[], boundUserId?: string, creatingUser?: string, customAttributes?: Record<string, any>) => Promise<SdkResponse<AccessKey[]>>;
1199
+ update: (id: string, name: string, description?: string, roles?: string[], tenants?: AssociatedTenant[], customClaims?: Record<string, any>, permittedIps?: string[], customAttributes?: Record<string, any>) => Promise<SdkResponse<AccessKey>>;
1179
1200
  deactivate: (id: string) => Promise<SdkResponse<never>>;
1180
1201
  activate: (id: string) => Promise<SdkResponse<never>>;
1181
1202
  delete: (id: string) => Promise<SdkResponse<never>>;
1182
1203
  };
1183
1204
  tenant: {
1184
- create: (name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean, parent?: string) => Promise<SdkResponse<CreateTenantResponse>>;
1185
- createWithId: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean, parent?: string) => Promise<SdkResponse<never>>;
1186
- update: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean) => Promise<SdkResponse<never>>;
1205
+ create: (name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean, parent?: string, roleInheritance?: "" | "none" | "userOnly") => Promise<SdkResponse<CreateTenantResponse>>;
1206
+ createWithId: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean, parent?: string, roleInheritance?: "" | "none" | "userOnly") => Promise<SdkResponse<never>>;
1207
+ update: (id: string, name: string, selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>, enforceSSO?: boolean, disabled?: boolean, roleInheritance?: "" | "none" | "userOnly") => Promise<SdkResponse<never>>;
1187
1208
  delete: (id: string, cascade?: boolean) => Promise<SdkResponse<never>>;
1188
1209
  load: (id: string) => Promise<SdkResponse<Tenant>>;
1189
1210
  loadAll: () => Promise<SdkResponse<Tenant[]>>;
@@ -1244,7 +1265,7 @@ declare const nodeSdk: {
1244
1265
  deleteSettings: (tenantId: string, ssoId?: string) => Promise<SdkResponse<never>>;
1245
1266
  configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
1246
1267
  configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
1247
- configureMapping: (tenantId: string, roleMappings?: RoleMappings, attributeMapping?: AttributeMapping) => Promise<SdkResponse<never>>;
1268
+ configureMapping: (tenantId: string, roleMappings?: RoleMappings, attributeMapping?: AttributeMapping, defaultSSORoles?: string[]) => Promise<SdkResponse<never>>;
1248
1269
  configureOIDCSettings: (tenantId: string, settings: SSOOIDCSettings, domains?: string[], ssoId?: string) => Promise<SdkResponse<never>>;
1249
1270
  configureSAMLSettings: (tenantId: string, settings: SSOSAMLSettings, redirectUrl?: string, domains?: string[], ssoId?: string) => Promise<SdkResponse<never>>;
1250
1271
  configureSAMLByMetadata: (tenantId: string, settings: SSOSAMLByMetadataSettings, redirectUrl?: string, domains?: string[], ssoId?: string) => Promise<SdkResponse<never>>;
@@ -1337,7 +1358,7 @@ declare const nodeSdk: {
1337
1358
  deleteRelations: (relations: FGARelation[]) => Promise<SdkResponse<never>>;
1338
1359
  check: (relations: FGARelation[]) => Promise<SdkResponse<CheckResponseRelation[]>>;
1339
1360
  loadResourcesDetails: (resourceIdentifiers: FGAResourceIdentifier[]) => Promise<SdkResponse<FGAResourceDetails[]>>;
1340
- saveResourcesDetails: (resourcesDetails: FGAResourceDetails[]) => Promise<SdkResponse<never>>;
1361
+ saveResourcesDetails: (resourcesDetails: FGAResourceDetails[]) => Promise<SdkResponse<never>>; /** Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. */
1341
1362
  deleteAllRelations: () => Promise<SdkResponse<never>>;
1342
1363
  };
1343
1364
  descoper: {
@@ -1827,7 +1848,10 @@ declare const nodeSdk: {
1827
1848
  waitForSession: (pendingRef: string, config?: {
1828
1849
  pollingIntervalMs: number;
1829
1850
  timeoutMs: number;
1830
- }) => Promise<SdkResponse<JWTResponse>>;
1851
+ }) => Promise<SdkResponse<JWTResponse & {
1852
+ refreshJwt?: string;
1853
+ cookies?: string[];
1854
+ }>>;
1831
1855
  update: {
1832
1856
  email: <T_4 extends boolean>(loginId: string, email: string, URI?: string, token?: string, updateOptions?: {
1833
1857
  addToLoginIDs?: T_4;
@@ -1864,7 +1888,10 @@ declare const nodeSdk: {
1864
1888
  verifyOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<{
1865
1889
  code: string;
1866
1890
  }>>;
1867
- exchangeOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<JWTResponse>>;
1891
+ exchangeOneTapIDToken: (provider: string, idToken: string, nonce: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<JWTResponse & {
1892
+ refreshJwt?: string;
1893
+ cookies?: string[];
1894
+ }>>;
1868
1895
  };
1869
1896
  outbound: {
1870
1897
  connect: (appId: string, options?: {
@@ -1872,6 +1899,7 @@ declare const nodeSdk: {
1872
1899
  scopes?: string[];
1873
1900
  tenantId?: string;
1874
1901
  tenantLevel?: boolean;
1902
+ externalIdentifier?: string;
1875
1903
  }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
1876
1904
  };
1877
1905
  saml: {
@@ -1940,7 +1968,10 @@ declare const nodeSdk: {
1940
1968
  waitForSession: (pendingRef: string, config?: {
1941
1969
  pollingIntervalMs: number;
1942
1970
  timeoutMs: number;
1943
- }) => Promise<SdkResponse<JWTResponse>>;
1971
+ }) => Promise<SdkResponse<JWTResponse & {
1972
+ refreshJwt?: string;
1973
+ cookies?: string[];
1974
+ }>>;
1944
1975
  };
1945
1976
  webauthn: {
1946
1977
  signUp: {
@@ -1997,10 +2028,16 @@ declare const nodeSdk: {
1997
2028
  };
1998
2029
  } & {
1999
2030
  providerId?: string;
2000
- }) => Promise<SdkResponse<JWTResponse>>;
2031
+ }) => Promise<SdkResponse<JWTResponse & {
2032
+ refreshJwt?: string;
2033
+ cookies?: string[];
2034
+ }>>;
2001
2035
  signIn: (loginId: string, password: string, args_2?: _descope_core_js_sdk.LoginOptions & {
2002
2036
  providerId?: string;
2003
- }) => Promise<SdkResponse<JWTResponse>>;
2037
+ }) => Promise<SdkResponse<JWTResponse & {
2038
+ refreshJwt?: string;
2039
+ cookies?: string[];
2040
+ }>>;
2004
2041
  sendReset: (loginId: string, redirectUrl?: string, templateOptions?: {
2005
2042
  [x: string]: string;
2006
2043
  }) => Promise<SdkResponse<{
@@ -2010,7 +2047,10 @@ declare const nodeSdk: {
2010
2047
  maskedEmail: string;
2011
2048
  }>>;
2012
2049
  update: (loginId: string, newPassword: string, token?: string) => Promise<SdkResponse<never>>;
2013
- replace: (loginId: string, oldPassword: string, newPassword: string) => Promise<SdkResponse<JWTResponse>>;
2050
+ replace: (loginId: string, oldPassword: string, newPassword: string) => Promise<SdkResponse<JWTResponse & {
2051
+ refreshJwt?: string;
2052
+ cookies?: string[];
2053
+ }>>;
2014
2054
  policy: () => Promise<SdkResponse<{
2015
2055
  minLength: number;
2016
2056
  lowercase: boolean;
@@ -2044,13 +2084,7 @@ declare const nodeSdk: {
2044
2084
  ssoAppId?: string;
2045
2085
  thirdPartyAppId?: string;
2046
2086
  oidcLoginHint?: string;
2047
- abTestingKey?: number; /**
2048
- * Validate session and refresh it if it expired
2049
- * @param sessionToken session JWT
2050
- * @param refreshToken refresh JWT
2051
- * @param options optional verification options (e.g., { audience }) used on validation and post-refresh
2052
- * @returns RefreshAuthenticationInfo promise or throws Error if there is an issue with JWTs
2053
- */
2087
+ abTestingKey?: number;
2054
2088
  startOptionsVersion?: number;
2055
2089
  client?: Record<string, any>;
2056
2090
  locale?: string;
@@ -2073,7 +2107,10 @@ declare const nodeSdk: {
2073
2107
  [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
2074
2108
  }, isCustomScreen?: any) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
2075
2109
  };
2076
- selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<JWTResponse>>;
2110
+ selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<JWTResponse & {
2111
+ refreshJwt?: string;
2112
+ cookies?: string[];
2113
+ }>>;
2077
2114
  logout: (token?: string) => Promise<SdkResponse<never>>;
2078
2115
  logoutAll: (token?: string) => Promise<SdkResponse<never>>;
2079
2116
  me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
@@ -2122,4 +2159,4 @@ declare const nodeSdk: {
2122
2159
  };
2123
2160
  };
2124
2161
 
2125
- export { AccessKey, AccessType, AssociatedTenant, AttributeMapping, AttributesTypes, AuditCreateOptions, AuditRecord, AuditSearchOptions, AuditType, AuthenticationInfo, AuthzModified, AuthzNamespace, AuthzNode, AuthzNodeExpression, AuthzNodeExpressionType, AuthzNodeType, AuthzRelation, AuthzRelationDefinition, AuthzRelationQuery, AuthzResource, AuthzSchema, AuthzUserQuery, CheckResponseRelation, ClientAssertionResponse, CloneProjectResponse, CreateInboundApplicationResponse, CreateOrInviteBatchResponse, CreateSSOApplicationResponse, CreateTenantResponse, CreatedAccessKeyResponse, Descoper, DescoperAttributes, DescoperCreate, DescoperProjectRole, DescoperRBAC, DescoperRole, DescoperTagRole, ExpirationUnit, ExportSnapshotResponse, FGAConfig, FGARelation, FGAResourceDetails, FGAResourceIdentifier, FGASchema, FetchLatestOutboundAppTenantTokenRequest, FetchLatestOutboundAppUserTokenRequest, FetchOutboundAppTenantTokenRequest, FetchOutboundAppTokenOptions, FetchOutboundAppUserTokenRequest, Flow, FlowMetadata, FlowResponse, FlowsResponse, GenerateEmbeddedLinkResponse, GenerateEnchantedLinkForTestResponse, GenerateMagicLinkForTestResponse, GenerateOTPForTestResponse, GenerateSSOConfigurationLinkResponse, Group, GroupMember, GroupsMapping, ImportSnapshotRequest, InboundApplication, InboundApplicationConsent, InboundApplicationConsentDeleteOptions, InboundApplicationConsentSearchOptions, InboundApplicationOptions, InboundApplicationScope, InboundApplicationSecretResponse, ManagementFlowOptions, MgmtKey, MgmtKeyCreateResponse, MgmtKeyProjectRole, MgmtKeyReBac, MgmtKeyStatus, MgmtKeyTagRole, MgmtLoginOptions, MgmtSignUpOptions, MgmtUserOptions, OIDCAttributeMapping, OIDCRoleMapping, OidcApplicationOptions, OutboundAppToken, OutboundAppTokenResponse, OutboundApplication, PasswordSettings, PatchUserBatchResponse, PatchUserOptions, Permission, Project, ProjectEnvironment, Prompt, PromptType, ProviderTokenOptions, ProviderTokenResponse, RefreshAuthenticationInfo, Role, RoleItem, RoleMapping, RoleMappings, RoleSearchOptions, RunManagementFlowResponse, SAMLIDPRoleGroupMappingInfo, SSOApplication, SSOApplicationOIDCSettings, SSOApplicationSAMLSettings, SSOOIDCSettings, SSOSAMLByMetadataSettings, SSOSAMLSettings, SSOSAMLSettingsResponse, SSOSettings, SSOSettingsResponse, SamlApplicationOptions, SamlIdpAttributeMappingInfo, SamlIdpGroupsMappingInfo, Screen, SnapshotSecret, SnapshotSecrets, TemplateOptions, Tenant, TenantSettings, Theme, ThemeResponse, URLParam, UpdateJWTResponse, User, UserFailedResponse, UserMapping, UserOptions, UserPasswordBcrypt, UserPasswordDjango, UserPasswordFirebase, UserPasswordHashed, UserPasswordMd5, UserPasswordPbkdf2, UserPasswordPhpass, UserStatus, ValidateSnapshotRequest, ValidateSnapshotResponse, VerifyOptions, nodeSdk as default };
2162
+ export { AccessKey, AccessType, AssociatedTenant, AttributeMapping, AttributesTypes, AuditCreateOptions, AuditRecord, AuditSearchOptions, AuditType, AuthenticationInfo, AuthzModified, AuthzNamespace, AuthzNode, AuthzNodeExpression, AuthzNodeExpressionType, AuthzNodeType, AuthzRelation, AuthzRelationDefinition, AuthzRelationQuery, AuthzResource, AuthzSchema, AuthzUserQuery, CheckResponseRelation, ClientAssertionResponse, CloneProjectResponse, CreateInboundApplicationResponse, CreateOrInviteBatchResponse, CreateSSOApplicationResponse, CreateTenantResponse, CreatedAccessKeyResponse, Descoper, DescoperAttributes, DescoperCreate, DescoperProjectRole, DescoperRBAC, DescoperRole, DescoperTagRole, ExpirationUnit, ExportSnapshotResponse, FGAConfig, FGARelation, FGAResourceDetails, FGAResourceIdentifier, FGASchema, FetchLatestOutboundAppTenantTokenRequest, FetchLatestOutboundAppUserTokenRequest, FetchOutboundAppTenantTokenRequest, FetchOutboundAppTokenOptions, FetchOutboundAppUserTokenRequest, Flow, FlowMetadata, FlowResponse, FlowsResponse, GenerateEmbeddedLinkResponse, GenerateEnchantedLinkForTestResponse, GenerateMagicLinkForTestResponse, GenerateOTPForTestResponse, GenerateSSOConfigurationLinkResponse, Group, GroupMember, GroupsMapping, ImportSnapshotRequest, InboundApplication, InboundApplicationConsent, InboundApplicationConsentDeleteOptions, InboundApplicationConsentSearchOptions, InboundApplicationOptions, InboundApplicationScope, InboundApplicationSecretResponse, ManagementFlowOptions, MgmtKey, MgmtKeyCreateResponse, MgmtKeyProjectRole, MgmtKeyReBac, MgmtKeyStatus, MgmtKeyTagRole, MgmtLoginOptions, MgmtSignUpOptions, MgmtUserOptions, OIDCAttributeMapping, OIDCRoleMapping, OidcApplicationOptions, OutboundAppToken, OutboundAppTokenResponse, OutboundApplication, PasswordSettings, PatchUserBatchResponse, PatchUserOptions, Permission, Project, ProjectEnvironment, Prompt, PromptType, ProviderTokenOptions, ProviderTokenResponse, RefreshAuthenticationInfo, Role, RoleItem, RoleMapping, RoleMappings, RoleSearchOptions, RunManagementFlowResponse, SAMLIDPRoleGroupMappingInfo, SSOApplication, SSOApplicationOIDCSettings, SSOApplicationSAMLSettings, SSOOIDCSettings, SSOSAMLByMetadataSettings, SSOSAMLSettings, SSOSAMLSettingsResponse, SSOSettings, SSOSettingsResponse, SamlApplicationOptions, SamlIdpAttributeMappingInfo, SamlIdpGroupsMappingInfo, Screen, SnapshotSecret, SnapshotSecrets, TemplateOptions, Tenant, TenantSettings, Theme, ThemeResponse, URLParam, UpdateJWTResponse, User, UserFailedResponse, UserMapping, UserOptions, UserPasswordBcrypt, UserPasswordDjango, UserPasswordFirebase, UserPasswordHashed, UserPasswordMd5, UserPasswordPbkdf2, UserPasswordPhpass, UserSearchResponse, UserStatus, ValidateSnapshotRequest, ValidateSnapshotResponse, VerifyOptions, nodeSdk as default };
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import t,{transformResponse as s,createHttpClient as a,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as r,errors as n,importJWK as i}from"jose";import{Headers as d,fetch as l}from"cross-fetch";var m;null!==(m=globalThis.Headers)&&void 0!==m||(globalThis.Headers=d);const p=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),c=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|[;,]\\s*)${t}=([^;]*)`));return s?s[1]:null},g=t=>async(...s)=>{var a,o,r;const n=await t(...s);if(!n.data)return n;let i=n.data,{refreshJwt:d}=i,l=e(i,["refreshJwt"]);const m=[];var p;return d?m.push(`${"DSR"}=${d}; Domain=${(null==(p=l)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=n.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(d=c(null===(o=n.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),m.push(null===(r=n.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},n),{data:Object.assign(Object.assign({},n.data),{refreshJwt:d,cookies:m})})};function u(e,t,s){var a,o;const r=s?null===(o=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(r)?r:[]}function v(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var h={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",patchBatch:"/v1/mgmt/user/patch/batch",delete:"/v1/mgmt/user/delete",deleteBatch:"/v1/mgmt/user/delete/batch",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",loadUsers:"/v1/mgmt/users/load",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},f={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},y={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},I={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},b={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},k={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},A={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},O={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps",fetchToken:"/v1/mgmt/outbound/app/user/token/latest",fetchTokenByScopes:"/v1/mgmt/outbound/app/user/token",fetchTenantToken:"/v1/mgmt/outbound/app/tenant/token/latest",fetchTenantTokenByScopes:"/v1/mgmt/outbound/app/tenant/token",deleteUserTokens:"/v1/mgmt/outbound/user/tokens",deleteTokenById:"/v1/mgmt/outbound/token"},S={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},T={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous",clientAssertion:"/v1/mgmt/token/clientassertion"},w={settings:"/v1/mgmt/password/settings"},j={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},N={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},R={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import",run:"/v1/mgmt/flow/run"},P={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},U={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},E={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},M={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},x={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"},C={create:"/v1/mgmt/descoper",update:"/v1/mgmt/descoper",get:"/v1/mgmt/descoper",delete:"/v1/mgmt/descoper",list:"/v1/mgmt/descoper/list"},D={create:"/v1/mgmt/managementkey",update:"/v1/mgmt/managementkey",load:"/v1/mgmt/managementkey",delete:"/v1/mgmt/managementkey/delete",search:"/v1/mgmt/managementkey/search"};function L(t){return t.map((t=>{var{roles:s}=t,a=e(t,["roles"]);return Object.assign(Object.assign({},a),{roleNames:s})}))}const q=e=>{function t(e,t){const s={loginId:e};return void 0!==t.email&&(s.email=t.email),void 0!==t.phone&&(s.phone=t.phone),void 0!==t.displayName&&(s.displayName=t.displayName),void 0!==t.givenName&&(s.givenName=t.givenName),void 0!==t.middleName&&(s.middleName=t.middleName),void 0!==t.familyName&&(s.familyName=t.familyName),void 0!==t.roles&&(s.roleNames=t.roles),void 0!==t.userTenants&&(s.userTenants=t.userTenants),void 0!==t.customAttributes&&(s.customAttributes=t.customAttributes),void 0!==t.picture&&(s.picture=t.picture),void 0!==t.verifiedEmail&&(s.verifiedEmail=t.verifiedEmail),void 0!==t.verifiedPhone&&(s.verifiedPhone=t.verifiedPhone),void 0!==t.ssoAppIds&&(s.ssoAppIds=t.ssoAppIds),void 0!==t.scim&&(s.scim=t.scim),void 0!==t.status&&(s.status=t.status),s}return{create:function(t,a,o,r,n,i,d,l,m,p,c,g,u,v){const f="string"==typeof a?{loginId:t,email:a,phone:o,displayName:r,givenName:c,middleName:g,familyName:u,roleNames:n,userTenants:i,customAttributes:d,picture:l,verifiedEmail:m,verifiedPhone:p,additionalLoginIds:v}:Object.assign(Object.assign({loginId:t},a),{roleNames:null==a?void 0:a.roles,roles:void 0});return s(e.post(h.create,f),(e=>e.user))},createTestUser:function(t,a,o,r,n,i,d,l,m,p,c,g,u,v){const f="string"==typeof a?{loginId:t,email:a,phone:o,displayName:r,givenName:c,middleName:g,familyName:u,roleNames:n,userTenants:i,customAttributes:d,picture:l,verifiedEmail:m,verifiedPhone:p,additionalLoginIds:v,test:!0}:Object.assign(Object.assign({loginId:t},a),{roleNames:null==a?void 0:a.roles,roles:void 0,test:!0});return s(e.post(h.createTestUser,f),(e=>e.user))},invite:function(t,a,o,r,n,i,d,l,m,p,c,g,u,v,f,y,I,b){const k="string"==typeof a?{loginId:t,email:a,phone:o,displayName:r,givenName:v,middleName:f,familyName:y,roleNames:n,userTenants:i,invite:!0,customAttributes:d,picture:l,verifiedEmail:m,verifiedPhone:p,inviteUrl:c,sendMail:g,sendSMS:u,additionalLoginIds:I,templateId:b}:Object.assign(Object.assign({loginId:t},a),{roleNames:null==a?void 0:a.roles,roles:void 0,invite:!0});return s(e.post(h.create,k),(e=>e.user))},inviteBatch:(t,a,o,r,n,i)=>s(e.post(h.createBatch,{users:L(t),invite:!0,inviteUrl:a,sendMail:o,sendSMS:r,templateOptions:n,templateId:i}),(e=>e)),createBatch:t=>s(e.post(h.createBatch,{users:L(t)}),(e=>e)),deleteBatch:t=>s(e.post(h.deleteBatch,{userIds:t})),update:function(t,a,o,r,n,i,d,l,m,p,c,g,u,v){const f="string"==typeof a?{loginId:t,email:a,phone:o,displayName:r,givenName:c,middleName:g,familyName:u,roleNames:n,userTenants:i,customAttributes:d,picture:l,verifiedEmail:m,verifiedPhone:p,additionalLoginIds:v}:Object.assign(Object.assign({loginId:t},a),{roleNames:null==a?void 0:a.roles,roles:void 0});return s(e.post(h.update,f),(e=>e.user))},patch:function(a,o){const r=t(a,o);return s(e.patch(h.patch,r),(e=>e.user))},patchBatch:function(a){const o={users:a.map((e=>t(e.loginId,e)))};return s(e.patch(h.patchBatch,o),(e=>e))},delete:t=>s(e.post(h.delete,{loginId:t})),deleteByUserId:t=>s(e.post(h.delete,{userId:t})),deleteAllTestUsers:()=>s(e.delete(h.deleteAllTestUsers)),load:t=>s(e.get(h.load,{queryParams:{loginId:t}}),(e=>e.user)),loadByUserId:t=>s(e.get(h.load,{queryParams:{userId:t}}),(e=>e.user)),logoutUser:t=>s(e.post(h.logout,{loginId:t})),logoutUserByUserId:t=>s(e.post(h.logout,{userId:t})),loadUsers:(t,a)=>s(e.post(h.loadUsers,{userIds:t,includeInvalidUsers:a}),(e=>e.users)),searchAll:(t,a,o,r,n,i,d,l,m,p)=>s(e.post(h.search,{tenantIds:t,roleNames:a,limit:o,page:r,testUsersOnly:n,withTestUser:i,customAttributes:d,statuses:l,emails:m,phones:p}),(e=>e.users)),searchTestUsers:t=>s(e.post(h.searchTestUsers,Object.assign(Object.assign({},t),{withTestUser:!0,testUsersOnly:!0,roleNames:t.roles,roles:void 0})),(e=>e.users)),search:t=>s(e.post(h.search,Object.assign(Object.assign({},t),{roleNames:t.roles,roles:void 0})),(e=>e.users)),getProviderToken:(t,a,o)=>s(e.get(h.getProviderToken,{queryParams:{loginId:t,provider:a,withRefreshToken:(null==o?void 0:o.withRefreshToken)?"true":"false",forceRefresh:(null==o?void 0:o.forceRefresh)?"true":"false"}}),(e=>e)),activate:t=>s(e.post(h.updateStatus,{loginId:t,status:"enabled"}),(e=>e.user)),deactivate:t=>s(e.post(h.updateStatus,{loginId:t,status:"disabled"}),(e=>e.user)),updateLoginId:(t,a)=>s(e.post(h.updateLoginId,{loginId:t,newLoginId:a}),(e=>e.user)),updateEmail:(t,a,o,r)=>s(e.post(h.updateEmail,{loginId:t,email:a,verified:o,failOnConflict:r}),(e=>e.user)),updatePhone:(t,a,o,r)=>s(e.post(h.updatePhone,{loginId:t,phone:a,verified:o,failOnConflict:r}),(e=>e.user)),updateDisplayName:(t,a,o,r,n)=>s(e.post(h.updateDisplayName,{loginId:t,displayName:a,givenName:o,middleName:r,familyName:n}),(e=>e.user)),updatePicture:(t,a)=>s(e.post(h.updatePicture,{loginId:t,picture:a}),(e=>e.user)),updateCustomAttribute:(t,a,o)=>s(e.post(h.updateCustomAttribute,{loginId:t,attributeKey:a,attributeValue:o}),(e=>e.user)),setRoles:(t,a)=>s(e.post(h.setRole,{loginId:t,roleNames:a}),(e=>e.user)),addRoles:(t,a)=>s(e.post(h.addRole,{loginId:t,roleNames:a}),(e=>e.user)),removeRoles:(t,a)=>s(e.post(h.removeRole,{loginId:t,roleNames:a}),(e=>e.user)),addTenant:(t,a)=>s(e.post(h.addTenant,{loginId:t,tenantId:a}),(e=>e.user)),removeTenant:(t,a)=>s(e.post(h.removeTenant,{loginId:t,tenantId:a}),(e=>e.user)),setTenantRoles:(t,a,o)=>s(e.post(h.setRole,{loginId:t,tenantId:a,roleNames:o}),(e=>e.user)),addTenantRoles:(t,a,o)=>s(e.post(h.addRole,{loginId:t,tenantId:a,roleNames:o}),(e=>e.user)),removeTenantRoles:(t,a,o)=>s(e.post(h.removeRole,{loginId:t,tenantId:a,roleNames:o}),(e=>e.user)),addSSOapps:(t,a)=>s(e.post(h.addSSOApps,{loginId:t,ssoAppIds:a}),(e=>e.user)),setSSOapps:(t,a)=>s(e.post(h.setSSOApps,{loginId:t,ssoAppIds:a}),(e=>e.user)),removeSSOapps:(t,a)=>s(e.post(h.removeSSOApps,{loginId:t,ssoAppIds:a}),(e=>e.user)),generateOTPForTestUser:(t,a,o)=>s(e.post(h.generateOTPForTest,{deliveryMethod:t,loginId:a,loginOptions:o}),(e=>e)),generateMagicLinkForTestUser:(t,a,o,r)=>s(e.post(h.generateMagicLinkForTest,{deliveryMethod:t,loginId:a,URI:o,loginOptions:r}),(e=>e)),generateEnchantedLinkForTestUser:(t,a,o)=>s(e.post(h.generateEnchantedLinkForTest,{loginId:t,URI:a,loginOptions:o}),(e=>e)),generateEmbeddedLink:(t,a,o)=>s(e.post(h.generateEmbeddedLink,{loginId:t,customClaims:a,timeout:o}),(e=>e)),generateSignUpEmbeddedLink:(t,a,o,r,n,i)=>s(e.post(h.generateSignUpEmbeddedLink,{loginId:t,user:a,emailVerified:o,phoneVerified:r,loginOptions:n,timeout:i}),(e=>e)),setTemporaryPassword:(t,a)=>s(e.post(h.setTemporaryPassword,{loginId:t,password:a}),(e=>e)),setActivePassword:(t,a)=>s(e.post(h.setActivePassword,{loginId:t,password:a}),(e=>e)),setPassword:(t,a)=>s(e.post(h.setPassword,{loginId:t,password:a}),(e=>e)),expirePassword:t=>s(e.post(h.expirePassword,{loginId:t}),(e=>e)),removeAllPasskeys:t=>s(e.post(h.removeAllPasskeys,{loginId:t}),(e=>e)),removeTOTPSeed:t=>s(e.post(h.removeTOTPSeed,{loginId:t}),(e=>e)),history:t=>s(e.post(h.history,t),(e=>e))}},B=e=>({create:(t,a,o,r,n,i)=>s(e.post(I.create,{name:t,selfProvisioningDomains:a,customAttributes:o,enforceSSO:r,disabled:n,parent:i})),createWithId:(t,a,o,r,n,i,d)=>s(e.post(I.create,{id:t,name:a,selfProvisioningDomains:o,customAttributes:r,enforceSSO:n,disabled:i,parent:d})),update:(t,a,o,r,n,i)=>s(e.post(I.update,{id:t,name:a,selfProvisioningDomains:o,customAttributes:r,enforceSSO:n,disabled:i})),delete:(t,a)=>s(e.post(I.delete,{id:t,cascade:a})),load:t=>s(e.get(I.load,{queryParams:{id:t}}),(e=>e)),loadAll:()=>s(e.get(I.loadAll,{}),(e=>e.tenants)),searchAll:(t,a,o,r,n)=>s(e.post(I.searchAll,{tenantIds:t,tenantNames:a,tenantSelfProvisioningDomains:o,customAttributes:r,parentTenantId:n}),(e=>e.tenants)),getSettings:t=>s(e.get(I.settings,{queryParams:{id:t}}),(e=>e)),configureSettings:(t,a)=>s(e.post(I.settings,Object.assign(Object.assign({},a),{tenantId:t}),{})),generateSSOConfigurationLink:(t,a,o,r,n)=>s(e.post(I.generateSSOConfigurationLink,{tenantId:t,expireTime:a,ssoId:o,email:r,templateId:n},{}),(e=>e))}),F=e=>({update:(t,a,o)=>s(e.post(T.update,{jwt:t,customClaims:a,refreshDuration:o})),impersonate:(t,a,o,r,n,i)=>s(e.post(T.impersonate,{impersonatorId:t,loginId:a,validateConsent:o,customClaims:r,selectedTenant:n,refreshDuration:i})),stopImpersonation:(t,a,o,r)=>s(e.post(T.stopImpersonation,{jwt:t,customClaims:a,selectedTenant:o,refreshDuration:r})),signIn:(t,a)=>s(e.post(T.signIn,Object.assign({loginId:t},a))),signUp:(t,a,o)=>s(e.post(T.signUp,Object.assign({loginId:t,user:a},o))),signUpOrIn:(t,a,o)=>s(e.post(T.signUpOrIn,Object.assign({loginId:t,user:a},o))),anonymous:(t,a,o)=>s(e.post(T.anonymous,{customClaims:t,selectedTenant:a,refreshDuration:o})),generateClientAssertionJwt:(t,a,o,r,n,i)=>s(e.post(T.clientAssertion,{issuer:t,subject:a,audience:o,expiresIn:r,flattenAudience:n,algorithm:i}))}),$=e=>({create:(t,a)=>s(e.post(j.create,{name:t,description:a})),update:(t,a,o)=>s(e.post(j.update,{name:t,newName:a,description:o})),delete:t=>s(e.post(j.delete,{name:t})),loadAll:()=>s(e.get(j.loadAll,{}),(e=>e.permissions))}),z=e=>({create:(t,a,o,r,n)=>s(e.post(N.create,{name:t,description:a,permissionNames:o,tenantId:r,default:n})),update:(t,a,o,r,n,i)=>s(e.post(N.update,{name:t,newName:a,description:o,permissionNames:r,tenantId:n,default:i})),delete:(t,a)=>s(e.post(N.delete,{name:t,tenantId:a})),loadAll:()=>s(e.get(N.loadAll,{}),(e=>e.roles)),search:t=>s(e.post(N.search,t,{}),(e=>e.roles))}),J=e=>({loadAllGroups:t=>s(e.post(U.loadAllGroups,{tenantId:t})),loadAllGroupsForMember:(t,a,o)=>s(e.post(U.loadAllGroupsForMember,{tenantId:t,loginIds:o,userIds:a})),loadAllGroupMembers:(t,a)=>s(e.post(U.loadAllGroupMembers,{tenantId:t,groupId:a}))});function K(e){var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}const G=e=>({getSettings:t=>s(e.get(S.settings,{queryParams:{tenantId:t}}),(e=>e)),newSettings:(t,a,o)=>s(e.post(S.settingsNew,Object.assign(Object.assign({tenantId:t},a?{ssoId:a}:{}),{displayName:o})),(e=>K(e))),deleteSettings:(t,a)=>s(e.delete(S.settings,{queryParams:Object.assign({tenantId:t},a?{ssoId:a}:{})})),configureSettings:(t,a,o,r,n,i)=>s(e.post(S.settings,{tenantId:t,idpURL:a,entityId:r,idpCert:o,redirectURL:n,domains:i})),configureMetadata:(t,a,o,r)=>s(e.post(S.metadata,{tenantId:t,idpMetadataURL:a,redirectURL:o,domains:r})),configureMapping:(t,a,o)=>s(e.post(S.mapping,{tenantId:t,roleMappings:a,attributeMapping:o})),configureOIDCSettings:(t,a,o,r)=>{const n=Object.assign(Object.assign({},a),{userAttrMapping:a.attributeMapping});return delete n.attributeMapping,s(e.post(S.oidc.configure,Object.assign({tenantId:t,settings:n,domains:o},r?{ssoId:r}:{})))},configureSAMLSettings:(t,a,o,r,n)=>s(e.post(S.saml.configure,Object.assign({tenantId:t,settings:a,redirectUrl:o,domains:r},n?{ssoId:n}:{}))),configureSAMLByMetadata:(t,a,o,r,n)=>s(e.post(S.saml.metadata,Object.assign({tenantId:t,settings:a,redirectUrl:o,domains:r},n?{ssoId:n}:{}))),loadSettings:(t,a)=>s(e.get(S.settingsv2,{queryParams:Object.assign({tenantId:t},a?{ssoId:a}:{})}),(e=>K(e))),loadAllSettings:t=>s(e.get(S.settingsAllV2,{queryParams:{tenantId:t}}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(K(e)))),s}(e)))}),H=e=>({create:(t,a,o,r,n,i,d,l)=>s(e.post(y.create,{name:t,expireTime:a,roleNames:o,keyTenants:r,userId:n,customClaims:i,description:d,permittedIps:l})),load:t=>s(e.get(y.load,{queryParams:{id:t}}),(e=>e.key)),searchAll:t=>s(e.post(y.search,{tenantIds:t}),(e=>e.keys)),update:(t,a,o,r,n,i,d)=>s(e.post(y.update,{id:t,name:a,description:o,roleNames:r,keyTenants:n,customClaims:i,permittedIps:d}),(e=>e.key)),deactivate:t=>s(e.post(y.deactivate,{id:t})),activate:t=>s(e.post(y.activate,{id:t})),delete:t=>s(e.post(y.delete,{id:t}))}),W=e=>({list:()=>s(e.post(R.list,{})),delete:t=>s(e.post(R.delete,{ids:t})),export:t=>s(e.post(R.export,{flowId:t})),import:(t,a,o)=>s(e.post(R.import,{flowId:t,flow:a,screens:o})),run:(t,a)=>s(e.post(R.run,{flowId:t,options:a}),(e=>null==e?void 0:e.output))}),V=e=>({export:()=>s(e.post(P.export,{})),import:t=>s(e.post(P.import,{theme:t}))}),Q=e=>({search:t=>{const a=Object.assign(Object.assign({},t),{externalIds:t.loginIds});return delete a.loginIds,s(e.post(E.search,a),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:t=>{const a=Object.assign({},t);return s(e.post(E.createEvent,a))}}),_=e=>({saveSchema:(t,a)=>s(e.post(M.schemaSave,{schema:t,upgrade:a})),deleteSchema:()=>s(e.post(M.schemaDelete,{})),loadSchema:()=>s(e.post(M.schemaLoad,{}),(e=>e.schema)),saveNamespace:(t,a,o)=>s(e.post(M.nsSave,{namespace:t,oldName:a,schemaName:o})),deleteNamespace:(t,a)=>s(e.post(M.nsDelete,{name:t,schemaName:a})),saveRelationDefinition:(t,a,o,r)=>s(e.post(M.rdSave,{relationDefinition:t,namespace:a,oldName:o,schemaName:r})),deleteRelationDefinition:(t,a,o)=>s(e.post(M.rdDelete,{name:t,namespace:a,schemaName:o})),createRelations:t=>s(e.post(M.reCreate,{relations:t})),deleteRelations:t=>s(e.post(M.reDelete,{relations:t})),deleteRelationsForResources:t=>s(e.post(M.reDeleteResources,{resources:t})),deleteResourceRelationsForResources:t=>s(e.post(M.reDeleteResourceRelationsForResources,{resources:t})),deleteRelationsForIds:t=>s(e.post(M.reDeleteResources,{resources:t})),hasRelations:t=>s(e.post(M.hasRelations,{relationQueries:t}),(e=>e.relationQueries)),whoCanAccess:(t,a,o)=>s(e.post(M.who,{resource:t,relationDefinition:a,namespace:o}),(e=>e.targets)),resourceRelations:(t,a=!1)=>s(e.post(M.resource,{resource:t,ignoreTargetSetRelations:a}),(e=>e.relations)),targetsRelations:(t,a=!1)=>s(e.post(M.targets,{targets:t,includeTargetSetRelations:a}),(e=>e.relations)),whatCanTargetAccess:t=>s(e.post(M.targetAll,{target:t}),(e=>e.relations)),whatCanTargetAccessWithRelation:(t,a,o)=>s(e.post(M.targetWithRelation,{target:t,relationDefinition:a,namespace:o}),(e=>e.resources.map((e=>({resource:e}))))),getModified:t=>s(e.post(M.getModified,{since:t?t.getTime():0}),(e=>e))}),X=e=>({createOidcApplication:t=>{var a;return s(e.post(b.oidcCreate,Object.assign(Object.assign({},t),{enabled:null===(a=t.enabled)||void 0===a||a})))},createSamlApplication:t=>{var a;return s(e.post(b.samlCreate,Object.assign(Object.assign({},t),{enabled:null===(a=t.enabled)||void 0===a||a})))},updateOidcApplication:t=>s(e.post(b.oidcUpdate,Object.assign({},t))),updateSamlApplication:t=>s(e.post(b.samlUpdate,Object.assign({},t))),delete:t=>s(e.post(b.delete,{id:t})),load:t=>s(e.get(b.load,{queryParams:{id:t}}),(e=>e)),loadAll:()=>s(e.get(b.loadAll,{}),(e=>e.apps))}),Y=e=>({getSettings:t=>s(e.get(w.settings,{queryParams:{tenantId:t}}),(e=>e)),configureSettings:(t,a)=>s(e.post(w.settings,Object.assign(Object.assign({},a),{tenantId:t})))}),Z=(e,t)=>{const a=async(s,a)=>{if((null==t?void 0:t.fgaCacheUrl)&&t.managementKey){const o=`${t.fgaCacheUrl}${s}`;try{const e=new AbortController,s=setTimeout((()=>e.abort()),5e3),r=await p(o,{method:"POST",headers:Object.assign(Object.assign({},t.headers),{"Content-Type":"application/json",Authorization:`Bearer ${t.projectId}:${t.managementKey}`,"x-descope-project-id":t.projectId}),body:JSON.stringify(a),signal:e.signal});return clearTimeout(s),r}catch(t){return e.post(s,a)}}return e.post(s,a)};return{saveSchema:e=>s(a(x.schema,e)),deleteSchema:()=>s(e.post(M.schemaDelete,{})),createRelations:e=>s(a(x.relations,{tuples:e})),deleteRelations:e=>s(a(x.deleteRelations,{tuples:e})),check:e=>s(a(x.check,{tuples:e}),(e=>e.tuples)),loadResourcesDetails:t=>s(e.post(x.resourcesLoad,{resourceIdentifiers:t}),(e=>e.resourcesDetails)),saveResourcesDetails:t=>s(e.post(x.resourcesSave,{resourcesDetails:t})),deleteAllRelations:()=>s(e.delete(x.relations))}},ee=e=>({createApplication:t=>s(e.post(k.create,Object.assign({},t))),updateApplication:t=>s(e.post(k.update,Object.assign({},t))),patchApplication:t=>s(e.post(k.patch,Object.assign({},t))),deleteApplication:t=>s(e.post(k.delete,{id:t})),loadApplication:t=>s(e.get(k.load,{queryParams:{id:t}}),(e=>e)),loadAllApplications:()=>s(e.get(k.loadAll,{}),(e=>e.apps)),getApplicationSecret:t=>s(e.get(k.secret,{queryParams:{id:t}}),(e=>e)),rotateApplicationSecret:t=>s(e.post(k.rotate,{id:t})),searchConsents:t=>s(e.post(A.search,Object.assign({},t)),(e=>e.consents)),deleteConsents:t=>s(e.post(A.delete,Object.assign({},t)))}),te=e=>({createApplication:t=>s(e.post(O.create,Object.assign({},t)),(e=>e.app)),updateApplication:t=>s(e.post(O.update,{app:t}),(e=>e.app)),deleteApplication:t=>s(e.post(O.delete,{id:t})),loadApplication:t=>s(e.get(`${O.load}/${t}`),(e=>e.app)),loadAllApplications:()=>s(e.get(O.loadAll,{}),(e=>e.apps)),fetchTokenByScopes:(t,a,o,r,n)=>s(e.post(O.fetchTokenByScopes,{appId:t,userId:a,scopes:o,options:r,tenantId:n}),(e=>e.token)),fetchToken:(t,a,o,r)=>s(e.post(O.fetchToken,{appId:t,userId:a,tenantId:o,options:r}),(e=>e.token)),fetchTenantTokenByScopes:(t,a,o,r)=>s(e.post(O.fetchTenantTokenByScopes,{appId:t,tenantId:a,scopes:o,options:r}),(e=>e.token)),fetchTenantToken:(t,a,o)=>s(e.post(O.fetchTenantToken,{appId:t,tenantId:a,options:o}),(e=>e.token)),deleteUserTokens:(t,a)=>s(e.delete(O.deleteUserTokens,{queryParams:{appId:t,userId:a}})),deleteTokenById:t=>s(e.delete(O.deleteTokenById,{queryParams:{id:t}}))}),se=e=>({create:t=>s(e.put(C.create,{descopers:t}),(e=>({descopers:e.descopers,total:e.total}))),update:(t,a,o)=>s(e.patch(C.update,{id:t,attributes:a,rbac:o}),(e=>e.descoper)),load:t=>s(e.get(C.get,{queryParams:{id:t}}),(e=>e.descoper)),delete:t=>s(e.delete(C.delete,{queryParams:{id:t}})),list:()=>s(e.post(C.list),(e=>({descopers:e.descopers,total:e.total})))}),ae=e=>({create:(t,a,o,r,n)=>s(e.put(D.create,{name:t,description:o,expiresIn:r,permittedIps:n,reBac:a})),update:(t,a,o,r,n)=>s(e.patch(D.update,{id:t,name:a,description:o,permittedIps:n,status:r}),(e=>e.key)),delete:t=>s(e.post(D.delete,{ids:t})),load:t=>s(e.get(D.load,{queryParams:{id:t}}),(e=>e.key)),search:()=>s(e.get(D.search),(e=>e.keys))});const oe=d=>{var l,m,h,{authManagementKey:y,managementKey:I,publicKey:b,fgaCacheUrl:k}=d,A=e(d,["authManagementKey","managementKey","publicKey","fgaCacheUrl"]);const O={"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(l=null===process||void 0===process?void 0:process.versions)||void 0===l?void 0:l.node)||"","x-descope-sdk-version":"1.9.1"},S=Object.assign(Object.assign({fetch:p},A),{baseHeaders:Object.assign(Object.assign({},A.baseHeaders),O),hooks:Object.assign(Object.assign({},A.hooks),{beforeRequest:[e=>(y&&(e.token=e.token?`${e.token}:${y}`:y),e)].concat((null===(m=A.hooks)||void 0===m?void 0:m.beforeRequest)||[])})}),T=t(S),{projectId:w,logger:j}=A,N={},R=Object.assign(Object.assign({fetch:p},A),{baseConfig:{baseHeaders:Object.assign(Object.assign({},A.baseHeaders),O)},hooks:Object.assign(Object.assign({},A.hooks),{beforeRequest:[e=>(e.token=I,e)].concat((null===(h=A.hooks)||void 0===h?void 0:h.beforeRequest)||[])})}),P=a(R),U=(M={fgaCacheUrl:k,managementKey:I,projectId:w,headers:O},{user:q(E=P),project:(x=E,{updateName:e=>s(x.post(f.updateName,{name:e})),updateTags:e=>s(x.post(f.updateTags,{tags:e})),clone:(e,t,a)=>s(x.post(f.clone,{name:e,environment:t,tags:a})),listProjects:async()=>s(x.post(f.projectsList,{}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:a})=>({id:e,name:t,environment:s,tags:a}))))),exportSnapshot:()=>s(x.post(f.exportSnapshot,{})),importSnapshot:e=>s(x.post(f.importSnapshot,e)),validateSnapshot:e=>s(x.post(f.validateSnapshot,e)),export:()=>s(x.post(f.exportSnapshot,{}),(e=>e.files)),import:e=>s(x.post(f.importSnapshot,{files:e}))}),accessKey:H(E),tenant:B(E),ssoApplication:X(E),inboundApplication:ee(E),outboundApplication:te(E),sso:G(E),jwt:F(E),permission:$(E),password:Y(E),role:z(E),group:J(E),flow:W(E),theme:V(E),audit:Q(E),authz:_(E),fga:Z(E,M),descoper:se(E),managementKey:ae(E)});var E,M,x;const C=Object.assign(Object.assign({},T),{refresh:async(e,t)=>T.refresh(e,void 0,t),management:U,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(N[e.kid])return N[e.kid];if(Object.assign(N,await(async()=>{if(b)try{const e=JSON.parse(b),t=await i(e);return{[e.kid]:t}}catch(e){throw null==j||j.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await T.httpClient.get(`v2/keys/${w}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!N[e.kid])throw Error("failed to fetch matching key");return N[e.kid]},async validateJwt(e,t){var s;const a={clockTolerance:5};(null==t?void 0:t.audience)&&(a.audience=t.audience);const o=(await r(e,C.getKey,a)).payload;if(o&&(o.iss=null===(s=o.iss)||void 0===s?void 0:s.split("/").pop(),o.iss!==w))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e,t){if(!e)throw Error("session token is required for validation");try{return await C.validateJwt(e,t)}catch(e){throw null==j||j.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e,t){var s,a,o,r,n,i;if(!e)throw Error("refresh token is required to refresh a session");try{await C.validateJwt(e);const d=await C.refresh(e);if(d.ok){const e=c(null===(a=null===(s=d.data)||void 0===s?void 0:s.cookies)||void 0===a?void 0:a.join(";"),"DS")||(null===(o=d.data)||void 0===o?void 0:o.sessionJwt),i=await C.validateJwt(e,t);return i.cookies=(null===(r=d.data)||void 0===r?void 0:r.cookies)||[],(null===(n=d.data)||void 0===n?void 0:n.refreshJwt)&&(i.refreshJwt=d.data.refreshJwt),i}throw Error(null===(i=d.error)||void 0===i?void 0:i.errorMessage)}catch(e){throw null==j||j.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t,s){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await C.validateSession(e,s)}catch(e){null==j||j.log(`session validation failed with error ${e} - trying to refresh it`)}return C.refreshSession(t,s)},async exchangeAccessKey(e,t,s){var a;if(!e)throw Error("access key must not be empty");let o;try{o=await C.accessKey.exchange(e,t)}catch(e){throw null==j||j.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!o.ok)throw null==j||j.error("failed to exchange access key",o.error),Error(`could not exchange access key - ${null===(a=o.error)||void 0===a?void 0:a.errorMessage}`);const{sessionJwt:r}=o.data;if(!r)throw null==j||j.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await C.validateJwt(r,s)}catch(e){throw null==j||j.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>C.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>C.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!v(e,t))return!1;const a=u(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!v(e,t))return[];const a=u(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>C.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>C.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!v(e,t))return!1;const a=u(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!v(e,t))return[];const a=u(e,"roles",t);return s.filter((e=>a.includes(e)))}});return o(C,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","otp.verify.im","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],g)};oe.RefreshTokenCookieName="DSR",oe.SessionTokenCookieName="DS",oe.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{oe as default};
1
+ import{__rest as e}from"tslib";import t,{transformResponse as s,createHttpClient as a,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as r,errors as n,importJWK as i}from"jose";import{Headers as d,fetch as l}from"cross-fetch";var m;null!==(m=globalThis.Headers)&&void 0!==m||(globalThis.Headers=d);const p=(...e)=>(e.forEach((e=>{var t,s;e&&"object"==typeof e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),c=(e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|[;,]\\s*)${t}=([^;]*)`));return s?s[1]:null},u=t=>async(...s)=>{var a,o,r;const n=await t(...s);if(!n.data)return n;let i=n.data,{refreshJwt:d}=i,l=e(i,["refreshJwt"]);const m=[];var p;return d?m.push(`${"DSR"}=${d}; Domain=${(null==(p=l)?void 0:p.cookieDomain)||""}; Max-Age=${(null==p?void 0:p.cookieMaxAge)||""}; Path=${(null==p?void 0:p.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=n.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(d=c(null===(o=n.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),m.push(null===(r=n.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},n),{data:Object.assign(Object.assign({},n.data),{refreshJwt:d,cookies:m})})};function g(e,t,s){var a,o;const r=s?null===(o=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(r)?r:[]}function v(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var h={create:"/v1/mgmt/user/create",createTestUser:"/v1/mgmt/user/create/test",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",patch:"/v1/mgmt/user/patch",patchBatch:"/v1/mgmt/user/patch/batch",delete:"/v1/mgmt/user/delete",deleteBatch:"/v1/mgmt/user/delete/batch",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",loadUsers:"/v1/mgmt/users/load",search:"/v2/mgmt/user/search",searchTestUsers:"/v2/mgmt/user/search/test",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v2/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",removeTOTPSeed:"/v1/mgmt/user/totp/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",generateSignUpEmbeddedLink:"/v1/mgmt/user/signup/embeddedlink",history:"/v1/mgmt/user/history"},f={updateName:"/v1/mgmt/project/update/name",updateTags:"/v1/mgmt/project/update/tags",clone:"/v1/mgmt/project/clone",projectsList:"/v1/mgmt/projects/list",exportSnapshot:"/v1/mgmt/project/snapshot/export",importSnapshot:"/v1/mgmt/project/snapshot/import",validateSnapshot:"/v1/mgmt/project/snapshot/validate"},y={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},I={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search",generateSSOConfigurationLink:"/v2/mgmt/tenant/adminlinks/sso/generate"},b={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},k={create:"/v1/mgmt/thirdparty/app/create",update:"/v1/mgmt/thirdparty/app/update",patch:"/v1/mgmt/thirdparty/app/patch",delete:"/v1/mgmt/thirdparty/app/delete",load:"/v1/mgmt/thirdparty/app/load",loadAll:"/v1/mgmt/thirdparty/apps/load",secret:"/v1/mgmt/thirdparty/app/secret",rotate:"/v1/mgmt/thirdparty/app/rotate"},A={delete:"/v1/mgmt/thirdparty/consents/delete",search:"/v1/mgmt/thirdparty/consents/search"},O={create:"/v1/mgmt/outbound/app/create",update:"/v1/mgmt/outbound/app/update",delete:"/v1/mgmt/outbound/app/delete",load:"/v1/mgmt/outbound/app",loadAll:"/v1/mgmt/outbound/apps",fetchToken:"/v1/mgmt/outbound/app/user/token/latest",fetchTokenByScopes:"/v1/mgmt/outbound/app/user/token",fetchTenantToken:"/v1/mgmt/outbound/app/tenant/token/latest",fetchTenantTokenByScopes:"/v1/mgmt/outbound/app/tenant/token",deleteUserTokens:"/v1/mgmt/outbound/user/tokens",deleteTokenById:"/v1/mgmt/outbound/token"},T={settings:"/v1/mgmt/sso/settings",settingsNew:"/v1/mgmt/sso/settings/new",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",settingsAllV2:"/v2/mgmt/sso/settings/all",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},S={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate",stopImpersonation:"/v1/mgmt/stop/impersonation",signIn:"/v1/mgmt/auth/signin",signUp:"/v1/mgmt/auth/signup",signUpOrIn:"/v1/mgmt/auth/signup-in",anonymous:"/v1/mgmt/auth/anonymous",clientAssertion:"/v1/mgmt/token/clientassertion"},w={settings:"/v1/mgmt/password/settings"},j={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},N={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},R={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import",run:"/v1/mgmt/flow/run"},P={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},U={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},E={search:"/v1/mgmt/audit/search",createEvent:"/v1/mgmt/audit/event"},M={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",reDeleteResourceRelationsForResources:"/v1/mgmt/authz/re/deleteresourcesrelations",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",targetWithRelation:"/v1/mgmt/authz/re/targetwithrelation",getModified:"/v1/mgmt/authz/getmodified"},C={schema:"/v1/mgmt/fga/schema",relations:"/v1/mgmt/fga/relations",deleteRelations:"/v1/mgmt/fga/relations/delete",check:"/v1/mgmt/fga/check",resourcesLoad:"/v1/mgmt/fga/resources/load",resourcesSave:"/v1/mgmt/fga/resources/save"},x={create:"/v1/mgmt/descoper",update:"/v1/mgmt/descoper",get:"/v1/mgmt/descoper",delete:"/v1/mgmt/descoper",list:"/v1/mgmt/descoper/list"},D={create:"/v1/mgmt/managementkey",update:"/v1/mgmt/managementkey",load:"/v1/mgmt/managementkey",delete:"/v1/mgmt/managementkey/delete",search:"/v1/mgmt/managementkey/search"};function L(t){return t.map((t=>{var{roles:s}=t,a=e(t,["roles"]);return Object.assign(Object.assign({},a),{roleNames:s})}))}const B=e=>{function t(e,t){const s={loginId:e};return void 0!==t.email&&(s.email=t.email),void 0!==t.phone&&(s.phone=t.phone),void 0!==t.displayName&&(s.displayName=t.displayName),void 0!==t.givenName&&(s.givenName=t.givenName),void 0!==t.middleName&&(s.middleName=t.middleName),void 0!==t.familyName&&(s.familyName=t.familyName),void 0!==t.roles&&(s.roleNames=t.roles),void 0!==t.userTenants&&(s.userTenants=t.userTenants),void 0!==t.customAttributes&&(s.customAttributes=t.customAttributes),void 0!==t.picture&&(s.picture=t.picture),void 0!==t.verifiedEmail&&(s.verifiedEmail=t.verifiedEmail),void 0!==t.verifiedPhone&&(s.verifiedPhone=t.verifiedPhone),void 0!==t.ssoAppIds&&(s.ssoAppIds=t.ssoAppIds),void 0!==t.scim&&(s.scim=t.scim),void 0!==t.status&&(s.status=t.status),s}return{create:function(t,a,o,r,n,i,d,l,m,p,c,u,g,v){const f="string"==typeof a?{loginId:t,email:a,phone:o,displayName:r,givenName:c,middleName:u,familyName:g,roleNames:n,userTenants:i,customAttributes:d,picture:l,verifiedEmail:m,verifiedPhone:p,additionalLoginIds:v}:Object.assign(Object.assign({loginId:t},a),{roleNames:null==a?void 0:a.roles,roles:void 0});return s(e.post(h.create,f),(e=>e.user))},createTestUser:function(t,a,o,r,n,i,d,l,m,p,c,u,g,v){const f="string"==typeof a?{loginId:t,email:a,phone:o,displayName:r,givenName:c,middleName:u,familyName:g,roleNames:n,userTenants:i,customAttributes:d,picture:l,verifiedEmail:m,verifiedPhone:p,additionalLoginIds:v,test:!0}:Object.assign(Object.assign({loginId:t},a),{roleNames:null==a?void 0:a.roles,roles:void 0,test:!0});return s(e.post(h.createTestUser,f),(e=>e.user))},invite:function(t,a,o,r,n,i,d,l,m,p,c,u,g,v,f,y,I,b){const k="string"==typeof a?{loginId:t,email:a,phone:o,displayName:r,givenName:v,middleName:f,familyName:y,roleNames:n,userTenants:i,invite:!0,customAttributes:d,picture:l,verifiedEmail:m,verifiedPhone:p,inviteUrl:c,sendMail:u,sendSMS:g,additionalLoginIds:I,templateId:b}:Object.assign(Object.assign({loginId:t},a),{roleNames:null==a?void 0:a.roles,roles:void 0,invite:!0});return s(e.post(h.create,k),(e=>e.user))},inviteBatch:(t,a,o,r,n,i)=>s(e.post(h.createBatch,{users:L(t),invite:!0,inviteUrl:a,sendMail:o,sendSMS:r,templateOptions:n,templateId:i}),(e=>e)),createBatch:t=>s(e.post(h.createBatch,{users:L(t)}),(e=>e)),deleteBatch:t=>s(e.post(h.deleteBatch,{userIds:t})),update:function(t,a,o,r,n,i,d,l,m,p,c,u,g,v){const f="string"==typeof a?{loginId:t,email:a,phone:o,displayName:r,givenName:c,middleName:u,familyName:g,roleNames:n,userTenants:i,customAttributes:d,picture:l,verifiedEmail:m,verifiedPhone:p,additionalLoginIds:v}:Object.assign(Object.assign({loginId:t},a),{roleNames:null==a?void 0:a.roles,roles:void 0});return s(e.post(h.update,f),(e=>e.user))},patch:function(a,o){const r=t(a,o);return s(e.patch(h.patch,r),(e=>e.user))},patchBatch:function(a){if(a.find((e=>!e.loginIdOrUserId&&!e.loginId)))return Promise.reject(new Error("patchBatch: each user must have loginIdOrUserId or loginId"));const o={users:a.map((e=>{var s;return t(null!==(s=e.loginIdOrUserId)&&void 0!==s?s:e.loginId,e)}))};return s(e.patch(h.patchBatch,o),(e=>e))},delete:t=>s(e.post(h.delete,{loginId:t})),deleteByUserId:t=>s(e.post(h.delete,{userId:t})),deleteAllTestUsers:()=>s(e.delete(h.deleteAllTestUsers)),load:t=>s(e.get(h.load,{queryParams:{loginId:t}}),(e=>e.user)),loadByUserId:t=>s(e.get(h.load,{queryParams:{userId:t}}),(e=>e.user)),logoutUser:t=>s(e.post(h.logout,{loginId:t})),logoutUserByUserId:t=>s(e.post(h.logout,{userId:t})),loadUsers:(t,a)=>s(e.post(h.loadUsers,{userIds:t,includeInvalidUsers:a}),(e=>e.users)),searchAll:(t,a,o,r,n,i,d,l,m,p)=>s(e.post(h.search,{tenantIds:t,roleNames:a,limit:o,page:r,testUsersOnly:n,withTestUser:i,customAttributes:d,statuses:l,emails:m,phones:p}),(e=>e.users)),searchTestUsers:t=>s(e.post(h.searchTestUsers,Object.assign(Object.assign({},t),{withTestUser:!0,testUsersOnly:!0,roleNames:t.roles,roles:void 0})),(e=>({users:e.users,total:e.total}))),search:t=>s(e.post(h.search,Object.assign(Object.assign({},t),{roleNames:t.roles,roles:void 0})),(e=>({users:e.users,total:e.total}))),getProviderToken:(t,a,o)=>s(e.get(h.getProviderToken,{queryParams:{loginId:t,provider:a,withRefreshToken:(null==o?void 0:o.withRefreshToken)?"true":"false",forceRefresh:(null==o?void 0:o.forceRefresh)?"true":"false"}}),(e=>e)),activate:t=>s(e.post(h.updateStatus,{loginId:t,status:"enabled"}),(e=>e.user)),deactivate:t=>s(e.post(h.updateStatus,{loginId:t,status:"disabled"}),(e=>e.user)),updateLoginId:(t,a)=>s(e.post(h.updateLoginId,{loginId:t,newLoginId:a}),(e=>e.user)),updateEmail:(t,a,o,r)=>s(e.post(h.updateEmail,{loginId:t,email:a,verified:o,failOnConflict:r}),(e=>e.user)),updatePhone:(t,a,o,r)=>s(e.post(h.updatePhone,{loginId:t,phone:a,verified:o,failOnConflict:r}),(e=>e.user)),updateDisplayName:(t,a,o,r,n)=>s(e.post(h.updateDisplayName,{loginId:t,displayName:a,givenName:o,middleName:r,familyName:n}),(e=>e.user)),updatePicture:(t,a)=>s(e.post(h.updatePicture,{loginId:t,picture:a}),(e=>e.user)),updateCustomAttribute:(t,a,o)=>s(e.post(h.updateCustomAttribute,{loginId:t,attributeKey:a,attributeValue:o}),(e=>e.user)),setRoles:(t,a)=>s(e.post(h.setRole,{loginId:t,roleNames:a}),(e=>e.user)),addRoles:(t,a)=>s(e.post(h.addRole,{loginId:t,roleNames:a}),(e=>e.user)),removeRoles:(t,a)=>s(e.post(h.removeRole,{loginId:t,roleNames:a}),(e=>e.user)),addTenant:(t,a)=>s(e.post(h.addTenant,{loginId:t,tenantId:a}),(e=>e.user)),removeTenant:(t,a)=>s(e.post(h.removeTenant,{loginId:t,tenantId:a}),(e=>e.user)),setTenantRoles:(t,a,o)=>s(e.post(h.setRole,{loginId:t,tenantId:a,roleNames:o}),(e=>e.user)),addTenantRoles:(t,a,o)=>s(e.post(h.addRole,{loginId:t,tenantId:a,roleNames:o}),(e=>e.user)),removeTenantRoles:(t,a,o)=>s(e.post(h.removeRole,{loginId:t,tenantId:a,roleNames:o}),(e=>e.user)),addSSOapps:(t,a)=>s(e.post(h.addSSOApps,{loginId:t,ssoAppIds:a}),(e=>e.user)),setSSOapps:(t,a)=>s(e.post(h.setSSOApps,{loginId:t,ssoAppIds:a}),(e=>e.user)),removeSSOapps:(t,a)=>s(e.post(h.removeSSOApps,{loginId:t,ssoAppIds:a}),(e=>e.user)),generateOTPForTestUser:(t,a,o)=>s(e.post(h.generateOTPForTest,{deliveryMethod:t,loginId:a,loginOptions:o}),(e=>e)),generateMagicLinkForTestUser:(t,a,o,r)=>s(e.post(h.generateMagicLinkForTest,{deliveryMethod:t,loginId:a,URI:o,loginOptions:r}),(e=>e)),generateEnchantedLinkForTestUser:(t,a,o)=>s(e.post(h.generateEnchantedLinkForTest,{loginId:t,URI:a,loginOptions:o}),(e=>e)),generateEmbeddedLink:(t,a,o)=>s(e.post(h.generateEmbeddedLink,{loginId:t,customClaims:a,timeout:o}),(e=>e)),generateSignUpEmbeddedLink:(t,a,o,r,n,i)=>s(e.post(h.generateSignUpEmbeddedLink,{loginId:t,user:a,emailVerified:o,phoneVerified:r,loginOptions:n,timeout:i}),(e=>e)),setTemporaryPassword:(t,a)=>s(e.post(h.setTemporaryPassword,{loginId:t,password:a}),(e=>e)),setActivePassword:(t,a)=>s(e.post(h.setActivePassword,{loginId:t,password:a}),(e=>e)),setPassword:(t,a)=>s(e.post(h.setPassword,{loginId:t,password:a}),(e=>e)),expirePassword:t=>s(e.post(h.expirePassword,{loginId:t}),(e=>e)),removeAllPasskeys:t=>s(e.post(h.removeAllPasskeys,{loginId:t}),(e=>e)),removeTOTPSeed:t=>s(e.post(h.removeTOTPSeed,{loginId:t}),(e=>e)),history:t=>s(e.post(h.history,t),(e=>e))}},q=e=>({create:(t,a,o,r,n,i,d)=>s(e.post(I.create,{name:t,selfProvisioningDomains:a,customAttributes:o,enforceSSO:r,disabled:n,parent:i,roleInheritance:d})),createWithId:(t,a,o,r,n,i,d,l)=>s(e.post(I.create,{id:t,name:a,selfProvisioningDomains:o,customAttributes:r,enforceSSO:n,disabled:i,parent:d,roleInheritance:l})),update:(t,a,o,r,n,i,d)=>s(e.post(I.update,{id:t,name:a,selfProvisioningDomains:o,customAttributes:r,enforceSSO:n,disabled:i,roleInheritance:d})),delete:(t,a)=>s(e.post(I.delete,{id:t,cascade:a})),load:t=>s(e.get(I.load,{queryParams:{id:t}}),(e=>e)),loadAll:()=>s(e.get(I.loadAll,{}),(e=>e.tenants)),searchAll:(t,a,o,r,n)=>s(e.post(I.searchAll,{tenantIds:t,tenantNames:a,tenantSelfProvisioningDomains:o,customAttributes:r,parentTenantId:n}),(e=>e.tenants)),getSettings:t=>s(e.get(I.settings,{queryParams:{id:t}}),(e=>e)),configureSettings:(t,a)=>s(e.post(I.settings,Object.assign(Object.assign({},a),{tenantId:t}),{})),generateSSOConfigurationLink:(t,a,o,r,n)=>s(e.post(I.generateSSOConfigurationLink,{tenantId:t,expireTime:a,ssoId:o,email:r,templateId:n},{}),(e=>e))}),F=e=>({update:(t,a,o)=>s(e.post(S.update,{jwt:t,customClaims:a,refreshDuration:o})),impersonate:(t,a,o,r,n,i)=>s(e.post(S.impersonate,{impersonatorId:t,loginId:a,validateConsent:o,customClaims:r,selectedTenant:n,refreshDuration:i})),stopImpersonation:(t,a,o,r)=>s(e.post(S.stopImpersonation,{jwt:t,customClaims:a,selectedTenant:o,refreshDuration:r})),signIn:(t,a)=>s(e.post(S.signIn,Object.assign({loginId:t},a))),signUp:(t,a,o)=>s(e.post(S.signUp,Object.assign({loginId:t,user:a},o))),signUpOrIn:(t,a,o)=>s(e.post(S.signUpOrIn,Object.assign({loginId:t,user:a},o))),anonymous:(t,a,o)=>s(e.post(S.anonymous,{customClaims:t,selectedTenant:a,refreshDuration:o})),generateClientAssertionJwt:(t,a,o,r,n,i)=>s(e.post(S.clientAssertion,{issuer:t,subject:a,audience:o,expiresIn:r,flattenAudience:n,algorithm:i}))}),$=e=>({create:(t,a)=>s(e.post(j.create,{name:t,description:a})),update:(t,a,o)=>s(e.post(j.update,{name:t,newName:a,description:o})),delete:t=>s(e.post(j.delete,{name:t})),loadAll:()=>s(e.get(j.loadAll,{}),(e=>e.permissions))}),z=e=>({create:(t,a,o,r,n)=>s(e.post(N.create,{name:t,description:a,permissionNames:o,tenantId:r,default:n})),update:(t,a,o,r,n,i)=>s(e.post(N.update,{name:t,newName:a,description:o,permissionNames:r,tenantId:n,default:i})),delete:(t,a)=>s(e.post(N.delete,{name:t,tenantId:a})),loadAll:()=>s(e.get(N.loadAll,{}),(e=>e.roles)),search:t=>s(e.post(N.search,t,{}),(e=>e.roles))}),J=e=>({loadAllGroups:t=>s(e.post(U.loadAllGroups,{tenantId:t})),loadAllGroupsForMember:(t,a,o)=>s(e.post(U.loadAllGroupsForMember,{tenantId:t,loginIds:o,userIds:a})),loadAllGroupMembers:(t,a)=>s(e.post(U.loadAllGroupMembers,{tenantId:t,groupId:a}))});function K(e){var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}const G=e=>({getSettings:t=>s(e.get(T.settings,{queryParams:{tenantId:t}}),(e=>e)),newSettings:(t,a,o)=>s(e.post(T.settingsNew,Object.assign(Object.assign({tenantId:t},a?{ssoId:a}:{}),{displayName:o})),(e=>K(e))),deleteSettings:(t,a)=>s(e.delete(T.settings,{queryParams:Object.assign({tenantId:t},a?{ssoId:a}:{})})),configureSettings:(t,a,o,r,n,i)=>s(e.post(T.settings,{tenantId:t,idpURL:a,entityId:r,idpCert:o,redirectURL:n,domains:i})),configureMetadata:(t,a,o,r)=>s(e.post(T.metadata,{tenantId:t,idpMetadataURL:a,redirectURL:o,domains:r})),configureMapping:(t,a,o,r)=>s(e.post(T.mapping,{tenantId:t,roleMappings:a,attributeMapping:o,defaultSSORoles:r})),configureOIDCSettings:(t,a,o,r)=>{const n=Object.assign(Object.assign({},a),{userAttrMapping:a.attributeMapping});return delete n.attributeMapping,s(e.post(T.oidc.configure,Object.assign({tenantId:t,settings:n,domains:o},r?{ssoId:r}:{})))},configureSAMLSettings:(t,a,o,r,n)=>s(e.post(T.saml.configure,Object.assign({tenantId:t,settings:a,redirectUrl:o,domains:r},n?{ssoId:n}:{}))),configureSAMLByMetadata:(t,a,o,r,n)=>s(e.post(T.saml.metadata,Object.assign({tenantId:t,settings:a,redirectUrl:o,domains:r},n?{ssoId:n}:{}))),loadSettings:(t,a)=>s(e.get(T.settingsv2,{queryParams:Object.assign({tenantId:t},a?{ssoId:a}:{})}),(e=>K(e))),loadAllSettings:t=>s(e.get(T.settingsAllV2,{queryParams:{tenantId:t}}),(e=>function(e){const t=e.SSOSettings,s=[];return t.forEach((e=>s.push(K(e)))),s}(e)))}),H=e=>({create:(t,a,o,r,n,i,d,l,m)=>s(e.post(y.create,{name:t,expireTime:a,roleNames:o,keyTenants:r,userId:n,customClaims:i,description:d,permittedIps:l,customAttributes:m})),load:t=>s(e.get(y.load,{queryParams:{id:t}}),(e=>e.key)),searchAll:(t,a,o,r)=>s(e.post(y.search,{tenantIds:t,boundUserId:a,creatingUser:o,customAttributes:r}),(e=>e.keys)),update:(t,a,o,r,n,i,d,l)=>s(e.post(y.update,{id:t,name:a,description:o,roleNames:r,keyTenants:n,customClaims:i,permittedIps:d,customAttributes:l}),(e=>e.key)),deactivate:t=>s(e.post(y.deactivate,{id:t})),activate:t=>s(e.post(y.activate,{id:t})),delete:t=>s(e.post(y.delete,{id:t}))}),W=e=>({list:()=>s(e.post(R.list,{})),delete:t=>s(e.post(R.delete,{ids:t})),export:t=>s(e.post(R.export,{flowId:t})),import:(t,a,o)=>s(e.post(R.import,{flowId:t,flow:a,screens:o})),run:(t,a)=>s(e.post(R.run,{flowId:t,options:a}),(e=>null==e?void 0:e.output))}),V=e=>({export:()=>s(e.post(P.export,{})),import:t=>s(e.post(P.import,{theme:t}))}),Q=e=>({search:t=>{const a=Object.assign(Object.assign({},t),{externalIds:t.loginIds});return delete a.loginIds,s(e.post(E.search,a),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))},createEvent:t=>{const a=Object.assign({},t);return s(e.post(E.createEvent,a))}}),_=(e,t)=>{var a;const o=null!==(a=null==t?void 0:t.fgaCacheTimeoutMs)&&void 0!==a?a:3e4,r=Number.isFinite(o)&&o>0?o:3e4,n=async(s,a)=>{if((null==t?void 0:t.fgaCacheUrl)&&t.managementKey){const e=`${t.fgaCacheUrl}${s}`,o=new AbortController,n=setTimeout((()=>o.abort()),r);try{const s=await p(e,{method:"POST",headers:Object.assign(Object.assign({},t.headers),{"Content-Type":"application/json",Authorization:`Bearer ${t.projectId}:${t.managementKey}`,"x-descope-project-id":t.projectId}),body:JSON.stringify(a),signal:o.signal});if(s.ok)return s}catch(e){}finally{clearTimeout(n)}}return e.post(s,a)};return{saveSchema:(t,a)=>s(e.post(M.schemaSave,{schema:t,upgrade:a})),deleteSchema:()=>s(e.post(M.schemaDelete,{})),loadSchema:()=>s(e.post(M.schemaLoad,{}),(e=>e.schema)),saveNamespace:(t,a,o)=>s(e.post(M.nsSave,{namespace:t,oldName:a,schemaName:o})),deleteNamespace:(t,a)=>s(e.post(M.nsDelete,{name:t,schemaName:a})),saveRelationDefinition:(t,a,o,r)=>s(e.post(M.rdSave,{relationDefinition:t,namespace:a,oldName:o,schemaName:r})),deleteRelationDefinition:(t,a,o)=>s(e.post(M.rdDelete,{name:t,namespace:a,schemaName:o})),createRelations:t=>s(e.post(M.reCreate,{relations:t})),deleteRelations:t=>s(e.post(M.reDelete,{relations:t})),deleteRelationsForResources:t=>s(e.post(M.reDeleteResources,{resources:t})),deleteResourceRelationsForResources:t=>s(e.post(M.reDeleteResourceRelationsForResources,{resources:t})),deleteRelationsForIds:t=>s(e.post(M.reDeleteResources,{resources:t})),hasRelations:t=>s(e.post(M.hasRelations,{relationQueries:t}),(e=>e.relationQueries)),whoCanAccess:(e,t,a)=>s(n(M.who,{resource:e,relationDefinition:t,namespace:a}),(e=>e.targets)),resourceRelations:(t,a=!1)=>s(e.post(M.resource,{resource:t,ignoreTargetSetRelations:a}),(e=>e.relations)),targetsRelations:(t,a=!1)=>s(e.post(M.targets,{targets:t,includeTargetSetRelations:a}),(e=>e.relations)),whatCanTargetAccess:e=>s(n(M.targetAll,{target:e}),(e=>e.relations)),whatCanTargetAccessWithRelation:(t,a,o)=>s(e.post(M.targetWithRelation,{target:t,relationDefinition:a,namespace:o}),(e=>e.resources.map((e=>({resource:e}))))),getModified:t=>s(e.post(M.getModified,{since:t?t.getTime():0}),(e=>e))}},X=e=>({createOidcApplication:t=>{var a;return s(e.post(b.oidcCreate,Object.assign(Object.assign({},t),{enabled:null===(a=t.enabled)||void 0===a||a})))},createSamlApplication:t=>{var a;return s(e.post(b.samlCreate,Object.assign(Object.assign({},t),{enabled:null===(a=t.enabled)||void 0===a||a})))},updateOidcApplication:t=>s(e.post(b.oidcUpdate,Object.assign({},t))),updateSamlApplication:t=>s(e.post(b.samlUpdate,Object.assign({},t))),delete:t=>s(e.post(b.delete,{id:t})),load:t=>s(e.get(b.load,{queryParams:{id:t}}),(e=>e)),loadAll:()=>s(e.get(b.loadAll,{}),(e=>e.apps))}),Y=e=>({getSettings:t=>s(e.get(w.settings,{queryParams:{tenantId:t}}),(e=>e)),configureSettings:(t,a)=>s(e.post(w.settings,Object.assign(Object.assign({},a),{tenantId:t})))}),Z=(e,t)=>{var a;const o=null!==(a=null==t?void 0:t.fgaCacheTimeoutMs)&&void 0!==a?a:3e4,r=Number.isFinite(o)&&o>0?o:3e4,n=async(s,a)=>{if((null==t?void 0:t.fgaCacheUrl)&&t.managementKey){const e=`${t.fgaCacheUrl}${s}`,o=new AbortController,n=setTimeout((()=>o.abort()),r);try{const s=await p(e,{method:"POST",headers:Object.assign(Object.assign({},t.headers),{"Content-Type":"application/json",Authorization:`Bearer ${t.projectId}:${t.managementKey}`,"x-descope-project-id":t.projectId}),body:JSON.stringify(a),signal:o.signal});if(s.ok)return s}catch(e){}finally{clearTimeout(n)}}return e.post(s,a)};return{saveSchema:e=>s(n(C.schema,e)),deleteSchema:()=>s(e.post(M.schemaDelete,{})),createRelations:e=>s(n(C.relations,{tuples:e})),deleteRelations:e=>s(n(C.deleteRelations,{tuples:e})),check:e=>s(n(C.check,{tuples:e}),(e=>e.tuples)),loadResourcesDetails:t=>s(e.post(C.resourcesLoad,{resourceIdentifiers:t}),(e=>e.resourcesDetails)),saveResourcesDetails:t=>s(e.post(C.resourcesSave,{resourcesDetails:t})),deleteAllRelations:()=>s(e.delete(C.relations))}},ee=e=>({createApplication:t=>s(e.post(k.create,Object.assign({},t))),updateApplication:t=>s(e.post(k.update,Object.assign({},t))),patchApplication:t=>s(e.post(k.patch,Object.assign({},t))),deleteApplication:t=>s(e.post(k.delete,{id:t})),loadApplication:t=>s(e.get(k.load,{queryParams:{id:t}}),(e=>e)),loadAllApplications:()=>s(e.get(k.loadAll,{}),(e=>e.apps)),getApplicationSecret:t=>s(e.get(k.secret,{queryParams:{id:t}}),(e=>e)),rotateApplicationSecret:t=>s(e.post(k.rotate,{id:t})),searchConsents:t=>s(e.post(A.search,Object.assign({},t)),(e=>e.consents)),deleteConsents:t=>s(e.post(A.delete,Object.assign({},t)))}),te=e=>({createApplication:t=>s(e.post(O.create,Object.assign({},t)),(e=>e.app)),updateApplication:t=>s(e.post(O.update,{app:t}),(e=>e.app)),deleteApplication:t=>s(e.post(O.delete,{id:t})),loadApplication:t=>s(e.get(`${O.load}/${t}`),(e=>e.app)),loadAllApplications:()=>s(e.get(O.loadAll,{}),(e=>e.apps)),fetchTokenByScopes:(t,a,o,r,n)=>s(e.post(O.fetchTokenByScopes,{appId:t,userId:a,scopes:o,options:r,tenantId:n}),(e=>e.token)),fetchToken:(t,a,o,r)=>s(e.post(O.fetchToken,{appId:t,userId:a,tenantId:o,options:r}),(e=>e.token)),fetchTenantTokenByScopes:(t,a,o,r)=>s(e.post(O.fetchTenantTokenByScopes,{appId:t,tenantId:a,scopes:o,options:r}),(e=>e.token)),fetchTenantToken:(t,a,o)=>s(e.post(O.fetchTenantToken,{appId:t,tenantId:a,options:o}),(e=>e.token)),deleteUserTokens:(t,a)=>s(e.delete(O.deleteUserTokens,{queryParams:{appId:t,userId:a}})),deleteTokenById:t=>s(e.delete(O.deleteTokenById,{queryParams:{id:t}}))}),se=e=>({create:t=>s(e.put(x.create,{descopers:t}),(e=>({descopers:e.descopers,total:e.total}))),update:(t,a,o)=>s(e.patch(x.update,{id:t,attributes:a,rbac:o}),(e=>e.descoper)),load:t=>s(e.get(x.get,{queryParams:{id:t}}),(e=>e.descoper)),delete:t=>s(e.delete(x.delete,{queryParams:{id:t}})),list:()=>s(e.post(x.list),(e=>({descopers:e.descopers,total:e.total})))}),ae=e=>({create:(t,a,o,r,n)=>s(e.put(D.create,{name:t,description:o,expiresIn:r,permittedIps:n,reBac:a})),update:(t,a,o,r,n)=>s(e.patch(D.update,{id:t,name:a,description:o,permittedIps:n,status:r}),(e=>e.key)),delete:t=>s(e.post(D.delete,{ids:t})),load:t=>s(e.get(D.load,{queryParams:{id:t}}),(e=>e.key)),search:()=>s(e.get(D.search),(e=>e.keys))});const oe=d=>{var l,m,h,{authManagementKey:y,managementKey:I,publicKey:b,fgaCacheUrl:k}=d,A=e(d,["authManagementKey","managementKey","publicKey","fgaCacheUrl"]);const O={"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(l=null===process||void 0===process?void 0:process.versions)||void 0===l?void 0:l.node)||"","x-descope-sdk-version":"2.2.0"},T=Object.assign(Object.assign({fetch:p},A),{baseHeaders:Object.assign(Object.assign({},A.baseHeaders),O),hooks:Object.assign(Object.assign({},A.hooks),{beforeRequest:[e=>(y&&(e.token=e.token?`${e.token}:${y}`:y),e)].concat((null===(m=A.hooks)||void 0===m?void 0:m.beforeRequest)||[])})}),S=t(T),{projectId:w,logger:j}=A,N={},R=Object.assign(Object.assign({fetch:p},A),{baseConfig:{baseHeaders:Object.assign(Object.assign({},A.baseHeaders),O)},hooks:Object.assign(Object.assign({},A.hooks),{beforeRequest:[e=>(e.token=I,e)].concat((null===(h=A.hooks)||void 0===h?void 0:h.beforeRequest)||[])})}),P=a(R),U=(M={fgaCacheUrl:k,managementKey:I,projectId:w,headers:O},{user:B(E=P),project:(C=E,{updateName:e=>s(C.post(f.updateName,{name:e})),updateTags:e=>s(C.post(f.updateTags,{tags:e})),clone:(e,t,a)=>s(C.post(f.clone,{name:e,environment:t,tags:a})),listProjects:async()=>s(C.post(f.projectsList,{}),(e=>e.projects.map((({id:e,name:t,environment:s,tags:a})=>({id:e,name:t,environment:s,tags:a}))))),exportSnapshot:()=>s(C.post(f.exportSnapshot,{})),importSnapshot:e=>s(C.post(f.importSnapshot,e)),validateSnapshot:e=>s(C.post(f.validateSnapshot,e)),export:()=>s(C.post(f.exportSnapshot,{}),(e=>e.files)),import:e=>s(C.post(f.importSnapshot,{files:e}))}),accessKey:H(E),tenant:q(E),ssoApplication:X(E),inboundApplication:ee(E),outboundApplication:te(E),sso:G(E),jwt:F(E),permission:$(E),password:Y(E),role:z(E),group:J(E),flow:W(E),theme:V(E),audit:Q(E),authz:_(E,M),fga:Z(E,M),descoper:se(E),managementKey:ae(E)});var E,M,C;const x=Object.assign(Object.assign({},S),{refresh:async(e,t)=>S.refresh(e,void 0,t),management:U,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(N[e.kid])return N[e.kid];if(Object.assign(N,await(async()=>{if(b)try{const e=JSON.parse(b),t=await i(e);return{[e.kid]:t}}catch(e){throw null==j||j.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await S.httpClient.get(`v2/keys/${w}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!N[e.kid])throw Error("failed to fetch matching key");return N[e.kid]},async validateJwt(e,t){var s;const a={clockTolerance:5};(null==t?void 0:t.audience)&&(a.audience=t.audience);const o=(await r(e,x.getKey,a)).payload;if(o&&(o.iss=null===(s=o.iss)||void 0===s?void 0:s.split("/").pop(),o.iss!==w))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e,t){if(!e)throw Error("session token is required for validation");try{return await x.validateJwt(e,t)}catch(e){throw null==j||j.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e,t){var s,a,o,r,n,i;if(!e)throw Error("refresh token is required to refresh a session");try{await x.validateJwt(e);const d=await x.refresh(e);if(d.ok){const e=c(null===(a=null===(s=d.data)||void 0===s?void 0:s.cookies)||void 0===a?void 0:a.join(";"),"DS")||(null===(o=d.data)||void 0===o?void 0:o.sessionJwt),i=await x.validateJwt(e,t);return i.cookies=(null===(r=d.data)||void 0===r?void 0:r.cookies)||[],(null===(n=d.data)||void 0===n?void 0:n.refreshJwt)&&(i.refreshJwt=d.data.refreshJwt),i}throw Error(null===(i=d.error)||void 0===i?void 0:i.errorMessage)}catch(e){throw null==j||j.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t,s){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await x.validateSession(e,s)}catch(e){null==j||j.log(`session validation failed with error ${e} - trying to refresh it`)}return x.refreshSession(t,s)},async exchangeAccessKey(e,t,s){var a;if(!e)throw Error("access key must not be empty");let o;try{o=await x.accessKey.exchange(e,t)}catch(e){throw null==j||j.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}if(!o.ok)throw null==j||j.error("failed to exchange access key",o.error),Error(`could not exchange access key - ${null===(a=o.error)||void 0===a?void 0:a.errorMessage}`);const{sessionJwt:r}=o.data;if(!r)throw null==j||j.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await x.validateJwt(r,s)}catch(e){throw null==j||j.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>x.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>x.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!v(e,t))return!1;const a=g(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!v(e,t))return[];const a=g(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>x.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>x.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!v(e,t))return!1;const a=g(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!v(e,t))return[];const a=g(e,"roles",t);return s.filter((e=>a.includes(e)))}});return o(x,["otp.verify.email","otp.verify.sms","otp.verify.voice","otp.verify.whatsapp","otp.verify.im","notp.waitForSession","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","enchantedLink.waitForSession","oauth.exchangeOneTapIDToken","password.signIn","password.signUp","password.replace","oauth.exchange","saml.exchange","totp.verify","selectTenant","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],u)};oe.RefreshTokenCookieName="DSR",oe.SessionTokenCookieName="DS",oe.DescopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};export{oe as default};
2
2
  //# sourceMappingURL=index.esm.js.map