@fusionauth/typescript-client 1.36.0 → 1.37.0

package/build/src/FusionAuthClient.d.ts

@@ -78,9 +78,9 @@ export declare class FusionAuthClient {
     /**
      * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
      * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
-     * your password, you must obtain a Truest Token by completing a Two-Factor Step-Up authentication.
+     * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
      *
-     * An HTTP status code of 412 indicates that a Trust Token is required to make a POST request to this API.
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
      *
      * @param {string} changePasswordId The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated.
      * @returns {Promise<ClientResponse<void>>}
@@ -89,9 +89,9 @@ export declare class FusionAuthClient {
     /**
      * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
      * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
-     * your password, you must obtain a Truest Token by completing a Two-Factor Step-Up authentication.
+     * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
      *
-     * An HTTP status code of 412 indicates that a Trust Token is required to make a POST request to this API.
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
      *
      * @param {string} encodedJWT The encoded JWT (access token).
      * @returns {Promise<ClientResponse<void>>}
@@ -100,9 +100,9 @@ export declare class FusionAuthClient {
     /**
      * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
      * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
-     * your password, you must obtain a Truest Request Id by completing a Two-Factor Step-Up authentication.
+     * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
      *
-     * An HTTP status code of 412 indicates that a Trust Token is required to make a POST request to this API.
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
      *
      * @param {string} loginId The loginId of the User that you intend to change the password for.
      * @returns {Promise<ClientResponse<void>>}
@@ -888,6 +888,16 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<LoginResponse>>}
      */
     loginPing(userId: UUID, applicationId: UUID, callerIPAddress: string): Promise<ClientResponse<LoginResponse>>;
+    /**
+     * Sends a ping to FusionAuth indicating that the user was automatically logged into an application. When using
+     * FusionAuth's SSO or your own, you should call this if the user is already logged in centrally, but accesses an
+     * application where they no longer have a session. This helps correctly track login counts, times and helps with
+     * reporting.
+     *
+     * @param {LoginPingRequest} request The login request that contains the user credentials used to log them in.
+     * @returns {Promise<ClientResponse<LoginResponse>>}
+     */
+    loginPingWithRequest(request: LoginPingRequest): Promise<ClientResponse<LoginResponse>>;
     /**
      * The Logout API is intended to be used to remove the refresh token and access token cookies if they exist on the
      * client and revoke the refresh token stored. This API does nothing if the request does not contain an access
@@ -1636,12 +1646,12 @@ export declare class FusionAuthClient {
      */
     retrieveRecentLogins(offset: number, limit: number): Promise<ClientResponse<RecentLoginResponse>>;
     /**
-     * Retrieves a single refresh token by unique Id. This is not the same thing as the string value of the refresh token, if you have that, you already have what you need..
+     * Retrieves a single refresh token by unique Id. This is not the same thing as the string value of the refresh token. If you have that, you already have what you need.
      *
-     * @param {UUID} userId The Id of the user.
+     * @param {UUID} tokenId The Id of the token.
      * @returns {Promise<ClientResponse<RefreshTokenResponse>>}
      */
-    retrieveRefreshTokenById(userId: UUID): Promise<ClientResponse<RefreshTokenResponse>>;
+    retrieveRefreshTokenById(tokenId: UUID): Promise<ClientResponse<RefreshTokenResponse>>;
     /**
      * Retrieves the refresh tokens that belong to the user with the given Id.
      *
@@ -1720,6 +1730,18 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<TwoFactorRecoveryCodeResponse>>}
      */
     retrieveTwoFactorRecoveryCodes(userId: UUID): Promise<ClientResponse<TwoFactorRecoveryCodeResponse>>;
+    /**
+     * Retrieve a user's two-factor status.
+     *
+     * This can be used to see if a user will need to complete a two-factor challenge to complete a login,
+     * and optionally identify the state of the two-factor trust across various applications.
+     *
+     * @param {UUID} userId The user Id to retrieve the Two-Factor status.
+     * @param {UUID} applicationId The optional applicationId to verify.
+     * @param {string} twoFactorTrustId The optional two-factor trust Id to verify.
+     * @returns {Promise<ClientResponse<TwoFactorStatusResponse>>}
+     */
+    retrieveTwoFactorStatus(userId: UUID, applicationId: UUID, twoFactorTrustId: string): Promise<ClientResponse<TwoFactorStatusResponse>>;
     /**
      * Retrieves the user for the given Id.
      *
@@ -2459,6 +2481,15 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<void>>}
      */
     verifyEmailAddress(request: VerifyEmailRequest): Promise<ClientResponse<void>>;
+    /**
+     * Administratively verify a user's email address. Use this method to bypass email verification for the user.
+     *
+     * The request body will contain the userId to be verified. An API key is required when sending the userId in the request body.
+     *
+     * @param {VerifyEmailRequest} request The request that contains the userId to verify.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    verifyEmailAddressByUserId(request: VerifyEmailRequest): Promise<ClientResponse<void>>;
     /**
      * Confirms an application registration. The Id given is usually from an email sent to the user.
      *
@@ -2502,6 +2533,7 @@ export interface AccessToken {
     expires_in?: number;
     id_token?: string;
     refresh_token?: string;
+    refresh_token_id?: UUID;
     scope?: string;
     token_type?: TokenType;
     userId?: UUID;
@@ -2548,6 +2580,9 @@ export declare enum Algorithm {
     HS256 = "HS256",
     HS384 = "HS384",
     HS512 = "HS512",
+    PS256 = "PS256",
+    PS384 = "PS384",
+    PS512 = "PS512",
     RS256 = "RS256",
     RS384 = "RS384",
     RS512 = "RS512",
@@ -2622,6 +2657,7 @@ export interface Application {
     cleanSpeakConfiguration?: CleanSpeakConfiguration;
     data?: Record<string, any>;
     emailConfiguration?: ApplicationEmailConfiguration;
+    externalIdentifierConfiguration?: ApplicationExternalIdentifierConfiguration;
     formConfiguration?: ApplicationFormConfiguration;
     id?: UUID;
     insertInstant?: number;
@@ -2668,11 +2704,10 @@ export interface ApplicationEmailConfiguration {
     twoFactorMethodRemoveEmailTemplateId?: UUID;
 }
 /**
- * Events that are bound to applications.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
  */
-export interface ApplicationEvent {
+export interface ApplicationExternalIdentifierConfiguration {
+    twoFactorTrustIdTimeToLiveInSeconds?: number;
 }
 /**
  * @author Daniel DeGroff
@@ -2686,7 +2721,17 @@ export interface ApplicationFormConfiguration {
  */
 export interface ApplicationMultiFactorConfiguration {
     email?: MultiFactorEmailTemplate;
+    loginPolicy?: MultiFactorLoginPolicy;
     sms?: MultiFactorSMSTemplate;
+    trustPolicy?: ApplicationMultiFactorTrustPolicy;
+}
+/**
+ * @author Daniel DeGroff
+ */
+export declare enum ApplicationMultiFactorTrustPolicy {
+    Any = "Any",
+    This = "This",
+    None = "None"
 }
 /**
  * A Application-level policy for deleting Users.
@@ -2704,7 +2749,6 @@ export interface ApplicationRegistrationDeletePolicy {
 export interface ApplicationRequest extends BaseEventRequest {
     application?: Application;
     role?: ApplicationRole;
-    webhookIds?: Array<UUID>;
 }
 /**
  * The Application API response.
@@ -2862,6 +2906,7 @@ export interface BaseElasticSearchCriteria extends BaseSearchCriteria {
  * @author Brian Pontarelli
  */
 export interface BaseEvent {
+    applicationIds?: Array<UUID>;
     createInstant?: number;
     id?: UUID;
     info?: EventInfo;
@@ -3247,6 +3292,7 @@ export interface EmailAddress {
  */
 export interface EmailConfiguration {
     additionalHeaders?: Array<EmailHeader>;
+    debug?: boolean;
     defaultFromEmail?: string;
     defaultFromName?: string;
     emailUpdateEmailTemplateId?: UUID;
@@ -4245,6 +4291,7 @@ export interface IdentityProviderLink {
  */
 export declare enum IdentityProviderLinkingStrategy {
     CreatePendingLink = "CreatePendingLink",
+    Disabled = "Disabled",
     LinkAnonymously = "LinkAnonymously",
     LinkByEmail = "LinkByEmail",
     LinkByEmailForExistingUser = "LinkByEmailForExistingUser",
@@ -4554,7 +4601,6 @@ export interface JWTConfiguration extends Enableable {
  * @author Brian Pontarelli
  */
 export interface JWTPublicKeyUpdateEvent extends BaseEvent {
-    applicationIds?: Array<UUID>;
 }
 /**
  * Models the JWT Refresh Event. This event will be fired when a JWT is "refreshed" (generated) using a Refresh Token.
@@ -4571,12 +4617,14 @@ export interface JWTRefreshEvent extends BaseEvent {
 /**
  * API response for refreshing a JWT with a Refresh Token.
  * <p>
- * Using a different response object from RefreshTokenResponse because the retrieve response will return an object for refreshToken, and this is a string.
+ * Using a different response object from RefreshTokenResponse because the retrieve response will return an object for refreshToken, and this is a
+ * string.
  *
  * @author Daniel DeGroff
  */
 export interface JWTRefreshResponse {
     refreshToken?: string;
+    refreshTokenId?: UUID;
     token?: string;
 }
 /**
@@ -4588,6 +4636,7 @@ export interface JWTRefreshResponse {
 export interface JWTRefreshTokenRevokeEvent extends BaseEvent {
     applicationId?: UUID;
     applicationTimeToLiveInSeconds?: Record<UUID, number>;
+    refreshToken?: RefreshToken;
     user?: User;
     userId?: UUID;
 }
@@ -4859,6 +4908,14 @@ export declare enum LoginIdType {
     email = "email",
     username = "username"
 }
+/**
+ * Login Ping API request object.
+ *
+ * @author Daniel DeGroff
+ */
+export interface LoginPingRequest extends BaseLoginRequest {
+    userId?: UUID;
+}
 /**
  * The summary of the action that is preventing login to be returned on the login response.
  *
@@ -4941,6 +4998,7 @@ export interface LoginResponse {
     methods?: Array<TwoFactorMethod>;
     pendingIdPLinkId?: string;
     refreshToken?: string;
+    refreshTokenId?: UUID;
     registrationVerificationId?: string;
     state?: Record<string, any>;
     threatsDetected?: Array<AuthenticationThreats>;
@@ -5109,6 +5167,13 @@ export interface MultiFactorEmailMethod extends Enableable {
 export interface MultiFactorEmailTemplate {
     templateId?: UUID;
 }
+/**
+ * @author Daniel DeGroff
+ */
+export declare enum MultiFactorLoginPolicy {
+    Disabled = "Disabled",
+    Enabled = "Enabled"
+}
 export interface MultiFactorSMSMethod extends Enableable {
     messengerId?: UUID;
     templateId?: UUID;
@@ -5532,11 +5597,13 @@ export interface ReactorStatus {
     advancedLambdas?: ReactorFeatureStatus;
     advancedMultiFactorAuthentication?: ReactorFeatureStatus;
     advancedRegistration?: ReactorFeatureStatus;
+    applicationMultiFactorAuthentication?: ReactorFeatureStatus;
     applicationThemes?: ReactorFeatureStatus;
     breachedPasswordDetection?: ReactorFeatureStatus;
     connectors?: ReactorFeatureStatus;
     entityManagement?: ReactorFeatureStatus;
     expiration?: string;
+    licenseAttributes?: Record<string, string>;
     licensed?: boolean;
     scimServer?: ReactorFeatureStatus;
     threatDetection?: ReactorFeatureStatus;
@@ -6144,6 +6211,7 @@ export interface TenantLoginConfiguration {
 export interface TenantMultiFactorConfiguration {
     authenticator?: MultiFactorAuthenticatorMethod;
     email?: MultiFactorEmailMethod;
+    loginPolicy?: MultiFactorLoginPolicy;
     sms?: MultiFactorSMSMethod;
 }
 export interface TenantOAuth2Configuration {
@@ -6172,6 +6240,7 @@ export interface TenantRegistrationConfiguration {
 export interface TenantRequest extends BaseEventRequest {
     sourceTenantId?: UUID;
     tenant?: Tenant;
+    webhookIds?: Array<UUID>;
 }
 /**
  * @author Daniel DeGroff
@@ -6448,6 +6517,18 @@ export interface TwoFactorStartResponse {
     methods?: Array<TwoFactorMethod>;
     twoFactorId?: string;
 }
+/**
+ * @author Daniel DeGroff
+ */
+export interface TwoFactorStatusResponse {
+    trusts?: Array<TwoFactorTrust>;
+    twoFactorTrustId?: string;
+}
+export interface TwoFactorTrust {
+    applicationId?: UUID;
+    expiration?: number;
+    startInstant?: number;
+}
 export interface UIConfiguration {
     headerColor?: string;
     logoURL?: string;
@@ -6533,7 +6614,6 @@ export interface UserActionEvent extends BaseEvent {
     actioneeUserId?: UUID;
     actionerUserId?: UUID;
     actionId?: UUID;
-    applicationIds?: Array<UUID>;
     comment?: string;
     email?: Email;
     emailedUser?: boolean;
@@ -7137,6 +7217,7 @@ export declare enum VerificationStrategy {
  */
 export interface VerifyEmailRequest extends BaseEventRequest {
     oneTimeCode?: string;
+    userId?: UUID;
     verificationId?: string;
 }
 /**
@@ -7172,7 +7253,6 @@ export interface VersionResponse {
  * @author Brian Pontarelli
  */
 export interface Webhook {
-    applicationIds?: Array<UUID>;
     connectTimeout?: number;
     data?: Record<string, any>;
     description?: string;
@@ -7186,6 +7266,7 @@ export interface Webhook {
     lastUpdateInstant?: number;
     readTimeout?: number;
     sslCertificate?: string;
+    tenantIds?: Array<UUID>;
     url?: string;
 }
 /**

package/build/src/FusionAuthClient.js

@@ -1,6 +1,6 @@
 "use strict";
 /*
-* Copyright (c) 2019, FusionAuth, All Rights Reserved
+* Copyright (c) 2019-2022, FusionAuth, All Rights Reserved
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -139,9 +139,9 @@ class FusionAuthClient {
     /**
      * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
      * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
-     * your password, you must obtain a Truest Token by completing a Two-Factor Step-Up authentication.
+     * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
      *
-     * An HTTP status code of 412 indicates that a Trust Token is required to make a POST request to this API.
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
      *
      * @param {string} changePasswordId The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated.
      * @returns {Promise<ClientResponse<void>>}
@@ -156,9 +156,9 @@ class FusionAuthClient {
     /**
      * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
      * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
-     * your password, you must obtain a Truest Token by completing a Two-Factor Step-Up authentication.
+     * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
      *
-     * An HTTP status code of 412 indicates that a Trust Token is required to make a POST request to this API.
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
      *
      * @param {string} encodedJWT The encoded JWT (access token).
      * @returns {Promise<ClientResponse<void>>}
@@ -173,9 +173,9 @@ class FusionAuthClient {
     /**
      * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
      * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
-     * your password, you must obtain a Truest Request Id by completing a Two-Factor Step-Up authentication.
+     * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
      *
-     * An HTTP status code of 412 indicates that a Trust Token is required to make a POST request to this API.
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
      *
      * @param {string} loginId The loginId of the User that you intend to change the password for.
      * @returns {Promise<ClientResponse<void>>}
@@ -1613,6 +1613,22 @@ class FusionAuthClient {
             .withMethod("PUT")
             .go();
     }
+    /**
+     * Sends a ping to FusionAuth indicating that the user was automatically logged into an application. When using
+     * FusionAuth's SSO or your own, you should call this if the user is already logged in centrally, but accesses an
+     * application where they no longer have a session. This helps correctly track login counts, times and helps with
+     * reporting.
+     *
+     * @param {LoginPingRequest} request The login request that contains the user credentials used to log them in.
+     * @returns {Promise<ClientResponse<LoginResponse>>}
+     */
+    loginPingWithRequest(request) {
+        return this.start()
+            .withUri('/api/login')
+            .withJSONBody(request)
+            .withMethod("PUT")
+            .go();
+    }
     /**
      * The Logout API is intended to be used to remove the refresh token and access token cookies if they exist on the
      * client and revoke the refresh token stored. This API does nothing if the request does not contain an access
@@ -2983,15 +2999,15 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves a single refresh token by unique Id. This is not the same thing as the string value of the refresh token, if you have that, you already have what you need..
+     * Retrieves a single refresh token by unique Id. This is not the same thing as the string value of the refresh token. If you have that, you already have what you need.
      *
-     * @param {UUID} userId The Id of the user.
+     * @param {UUID} tokenId The Id of the token.
      * @returns {Promise<ClientResponse<RefreshTokenResponse>>}
      */
-    retrieveRefreshTokenById(userId) {
+    retrieveRefreshTokenById(tokenId) {
         return this.start()
             .withUri('/api/jwt/refresh')
-            .withUriSegment(userId)
+            .withUriSegment(tokenId)
             .withMethod("GET")
             .go();
     }
@@ -3137,6 +3153,26 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieve a user's two-factor status.
+     *
+     * This can be used to see if a user will need to complete a two-factor challenge to complete a login,
+     * and optionally identify the state of the two-factor trust across various applications.
+     *
+     * @param {UUID} userId The user Id to retrieve the Two-Factor status.
+     * @param {UUID} applicationId The optional applicationId to verify.
+     * @param {string} twoFactorTrustId The optional two-factor trust Id to verify.
+     * @returns {Promise<ClientResponse<TwoFactorStatusResponse>>}
+     */
+    retrieveTwoFactorStatus(userId, applicationId, twoFactorTrustId) {
+        return this.start()
+            .withUri('/api/two-factor/status')
+            .withParameter('userId', userId)
+            .withParameter('applicationId', applicationId)
+            .withUriSegment(twoFactorTrustId)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Retrieves the user for the given Id.
      *
@@ -4463,6 +4499,21 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Administratively verify a user's email address. Use this method to bypass email verification for the user.
+     *
+     * The request body will contain the userId to be verified. An API key is required when sending the userId in the request body.
+     *
+     * @param {VerifyEmailRequest} request The request that contains the userId to verify.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    verifyEmailAddressByUserId(request) {
+        return this.start()
+            .withUri('/api/user/verify-email')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Confirms an application registration. The Id given is usually from an email sent to the user.
      *
@@ -4536,11 +4587,23 @@ var Algorithm;
     Algorithm["HS256"] = "HS256";
     Algorithm["HS384"] = "HS384";
     Algorithm["HS512"] = "HS512";
+    Algorithm["PS256"] = "PS256";
+    Algorithm["PS384"] = "PS384";
+    Algorithm["PS512"] = "PS512";
     Algorithm["RS256"] = "RS256";
     Algorithm["RS384"] = "RS384";
     Algorithm["RS512"] = "RS512";
     Algorithm["none"] = "none";
 })(Algorithm = exports.Algorithm || (exports.Algorithm = {}));
+/**
+ * @author Daniel DeGroff
+ */
+var ApplicationMultiFactorTrustPolicy;
+(function (ApplicationMultiFactorTrustPolicy) {
+    ApplicationMultiFactorTrustPolicy["Any"] = "Any";
+    ApplicationMultiFactorTrustPolicy["This"] = "This";
+    ApplicationMultiFactorTrustPolicy["None"] = "None";
+})(ApplicationMultiFactorTrustPolicy = exports.ApplicationMultiFactorTrustPolicy || (exports.ApplicationMultiFactorTrustPolicy = {}));
 /**
  * @author Brett Pontarelli
  */
@@ -4830,6 +4893,7 @@ var HTTPMethod;
 var IdentityProviderLinkingStrategy;
 (function (IdentityProviderLinkingStrategy) {
     IdentityProviderLinkingStrategy["CreatePendingLink"] = "CreatePendingLink";
+    IdentityProviderLinkingStrategy["Disabled"] = "Disabled";
     IdentityProviderLinkingStrategy["LinkAnonymously"] = "LinkAnonymously";
     IdentityProviderLinkingStrategy["LinkByEmail"] = "LinkByEmail";
     IdentityProviderLinkingStrategy["LinkByEmailForExistingUser"] = "LinkByEmailForExistingUser";
@@ -4978,6 +5042,14 @@ var MessengerType;
     MessengerType["Kafka"] = "Kafka";
     MessengerType["Twilio"] = "Twilio";
 })(MessengerType = exports.MessengerType || (exports.MessengerType = {}));
+/**
+ * @author Daniel DeGroff
+ */
+var MultiFactorLoginPolicy;
+(function (MultiFactorLoginPolicy) {
+    MultiFactorLoginPolicy["Disabled"] = "Disabled";
+    MultiFactorLoginPolicy["Enabled"] = "Enabled";
+})(MultiFactorLoginPolicy = exports.MultiFactorLoginPolicy || (exports.MultiFactorLoginPolicy = {}));
 var OAuthErrorReason;
 (function (OAuthErrorReason) {
     OAuthErrorReason["auth_code_not_found"] = "auth_code_not_found";