@fusionauth/typescript-client 1.38.0 → 1.41.0

package/build/src/FusionAuthClient.d.ts

@@ -108,6 +108,15 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<void>>}
      */
     checkChangePasswordUsingLoginId(loginId: string): Promise<ClientResponse<void>>;
+    /**
+     * Make a Client Credentials grant request to obtain an access token.
+     *
+     * @param {string} client_id The client identifier. The client Id is the Id of the FusionAuth Entity in which you are attempting to authenticate.
+     * @param {string} client_secret The client secret used to authenticate this request.
+     * @param {string} scope (Optional) This parameter is used to indicate which target entity you are requesting access. To request access to an entity, use the format target-entity:&lt;target-entity-id&gt;:&lt;roles&gt;. Roles are an optional comma separated list.
+     * @returns {Promise<ClientResponse<AccessToken>>}
+     */
+    clientCredentialsGrant(client_id: string, client_secret: string, scope: string): Promise<ClientResponse<AccessToken>>;
     /**
      * Adds a comment to the user's account.
      *
@@ -115,6 +124,27 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<void>>}
      */
     commentOnUser(request: UserCommentRequest): Promise<ClientResponse<void>>;
+    /**
+     * Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge without logging the user in
+     *
+     * @param {WebAuthnLoginRequest} request An object containing data necessary for completing the authentication ceremony
+     * @returns {Promise<ClientResponse<WebAuthnAssertResponse>>}
+     */
+    completeWebAuthnAssertion(request: WebAuthnLoginRequest): Promise<ClientResponse<WebAuthnAssertResponse>>;
+    /**
+     * Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge and then login the user in
+     *
+     * @param {WebAuthnLoginRequest} request An object containing data necessary for completing the authentication ceremony
+     * @returns {Promise<ClientResponse<LoginResponse>>}
+     */
+    completeWebAuthnLogin(request: WebAuthnLoginRequest): Promise<ClientResponse<LoginResponse>>;
+    /**
+     * Complete a WebAuthn registration ceremony by validating the client request and saving the new credential
+     *
+     * @param {WebAuthnRegisterCompleteRequest} request An object containing data necessary for completing the registration ceremony
+     * @returns {Promise<ClientResponse<WebAuthnRegisterCompleteResponse>>}
+     */
+    completeWebAuthnRegistration(request: WebAuthnRegisterCompleteRequest): Promise<ClientResponse<WebAuthnRegisterCompleteResponse>>;
     /**
      * Creates an API key. You can optionally specify a unique Id for the key, if not provided one will be generated.
      * an API key can only be created with equal or lesser authority. An API key cannot create another API key unless it is granted
@@ -655,6 +685,13 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<UserDeleteResponse>>}
      */
     deleteUsersByQuery(request: UserDeleteRequest): Promise<ClientResponse<UserDeleteResponse>>;
+    /**
+     * Deletes the WebAuthn credential for the given Id.
+     *
+     * @param {UUID} id The Id of the WebAuthn credential to delete.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteWebAuthnCredential(id: UUID): Promise<ClientResponse<void>>;
     /**
      * Deletes the webhook for the given Id.
      *
@@ -843,6 +880,13 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<void>>}
      */
     importUsers(request: ImportRequest): Promise<ClientResponse<void>>;
+    /**
+     * Import a WebAuthn credential
+     *
+     * @param {WebAuthnCredentialImportRequest} request An object containing data necessary for importing the credential
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    importWebAuthnCredential(request: WebAuthnCredentialImportRequest): Promise<ClientResponse<void>>;
     /**
      * Inspect an access token issued by FusionAuth.
      *
@@ -1903,6 +1947,20 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<VersionResponse>>}
      */
     retrieveVersion(): Promise<ClientResponse<VersionResponse>>;
+    /**
+     * Retrieves the WebAuthn credential for the given Id.
+     *
+     * @param {UUID} id The Id of the WebAuthn credential.
+     * @returns {Promise<ClientResponse<WebAuthnCredentialResponse>>}
+     */
+    retrieveWebAuthnCredential(id: UUID): Promise<ClientResponse<WebAuthnCredentialResponse>>;
+    /**
+     * Retrieves all WebAuthn credentials for the given user.
+     *
+     * @param {UUID} userId The user's ID.
+     * @returns {Promise<ClientResponse<WebAuthnCredentialResponse>>}
+     */
+    retrieveWebAuthnCredentialsForUser(userId: UUID): Promise<ClientResponse<WebAuthnCredentialResponse>>;
     /**
      * Retrieves the webhook for the given Id. If you pass in null for the id, this will return all the webhooks.
      *
@@ -2048,6 +2106,13 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<GroupMemberSearchResponse>>}
      */
     searchGroupMembers(request: GroupMemberSearchRequest): Promise<ClientResponse<GroupMemberSearchResponse>>;
+    /**
+     * Searches groups with the specified criteria and pagination.
+     *
+     * @param {GroupSearchRequest} request The search criteria and pagination information.
+     * @returns {Promise<ClientResponse<GroupSearchResponse>>}
+     */
+    searchGroups(request: GroupSearchRequest): Promise<ClientResponse<GroupSearchResponse>>;
     /**
      * Searches the IP Access Control Lists with the specified criteria and pagination.
      *
@@ -2180,6 +2245,20 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<TwoFactorStartResponse>>}
      */
     startTwoFactorLogin(request: TwoFactorStartRequest): Promise<ClientResponse<TwoFactorStartResponse>>;
+    /**
+     * Start a WebAuthn authentication ceremony by generating a new challenge for the user
+     *
+     * @param {WebAuthnStartRequest} request An object containing data necessary for starting the authentication ceremony
+     * @returns {Promise<ClientResponse<WebAuthnStartResponse>>}
+     */
+    startWebAuthnLogin(request: WebAuthnStartRequest): Promise<ClientResponse<WebAuthnStartResponse>>;
+    /**
+     * Start a WebAuthn registration ceremony by generating a new challenge for the user
+     *
+     * @param {WebAuthnRegisterStartRequest} request An object containing data necessary for starting the registration ceremony
+     * @returns {Promise<ClientResponse<WebAuthnRegisterStartResponse>>}
+     */
+    startWebAuthnRegistration(request: WebAuthnRegisterStartRequest): Promise<ClientResponse<WebAuthnRegisterStartResponse>>;
     /**
      * Complete login using a 2FA challenge
      *
@@ -2680,6 +2759,7 @@ export interface Application {
     verificationEmailTemplateId?: UUID;
     verificationStrategy?: VerificationStrategy;
     verifyRegistration?: boolean;
+    webAuthnConfiguration?: ApplicationWebAuthnConfiguration;
 }
 /**
  * @author Daniel DeGroff
@@ -2703,6 +2783,13 @@ export interface ApplicationEmailConfiguration {
     twoFactorMethodAddEmailTemplateId?: UUID;
     twoFactorMethodRemoveEmailTemplateId?: UUID;
 }
+/**
+ * Events that are bound to applications.
+ *
+ * @author Brian Pontarelli
+ */
+export interface ApplicationEvent {
+}
 /**
  * @author Daniel DeGroff
  */
@@ -2782,6 +2869,20 @@ export interface ApplicationUnverifiedConfiguration {
     verificationStrategy?: VerificationStrategy;
     whenGated?: RegistrationUnverifiedOptions;
 }
+/**
+ * Application-level configuration for WebAuthn
+ *
+ * @author Daniel DeGroff
+ */
+export interface ApplicationWebAuthnConfiguration extends Enableable {
+    bootstrapWorkflow?: ApplicationWebAuthnWorkflowConfiguration;
+    reauthenticationWorkflow?: ApplicationWebAuthnWorkflowConfiguration;
+}
+/**
+ * @author Daniel DeGroff
+ */
+export interface ApplicationWebAuthnWorkflowConfiguration extends Enableable {
+}
 /**
  * This class is a simple attachment with a byte array, name and MIME type.
  *
@@ -2792,6 +2893,29 @@ export interface Attachment {
     mime?: string;
     name?: string;
 }
+/**
+ * Used to communicate whether and how authenticator attestation should be delivered to the Relying Party
+ *
+ * @author Spencer Witt
+ */
+export declare enum AttestationConveyancePreference {
+    none = "none",
+    indirect = "indirect",
+    direct = "direct",
+    enterprise = "enterprise"
+}
+/**
+ * Used to indicate what type of attestation was included in the authenticator response for a given WebAuthn credential at the time it was created
+ *
+ * @author Spencer Witt
+ */
+export declare enum AttestationType {
+    basic = "basic",
+    self = "self",
+    attestationCa = "attestationCa",
+    anonymizationCa = "anonymizationCa",
+    none = "none"
+}
 /**
  * An audit log.
  *
@@ -2873,6 +2997,25 @@ export declare enum AuthenticationThreats {
 }
 export interface AuthenticationTokenConfiguration extends Enableable {
 }
+/**
+ * Describes the <a href="https://www.w3.org/TR/webauthn-2/#authenticator-attachment-modality">authenticator attachment modality</a>.
+ *
+ * @author Spencer Witt
+ */
+export declare enum AuthenticatorAttachment {
+    platform = "platform",
+    crossPlatform = "crossPlatform"
+}
+/**
+ * Describes the authenticator attachment modality preference for a WebAuthn workflow. See {@link AuthenticatorAttachment}
+ *
+ * @author Spencer Witt
+ */
+export declare enum AuthenticatorAttachmentPreference {
+    any = "any",
+    platform = "platform",
+    crossPlatform = "crossPlatform"
+}
 /**
  * @author Daniel DeGroff
  */
@@ -2881,6 +3024,18 @@ export interface AuthenticatorConfiguration {
     codeLength?: number;
     timeStep?: number;
 }
+/**
+ * Used by the Relying Party to specify their requirements for authenticator attributes. Fields use the deprecated "resident key" terminology to refer
+ * to client-side discoverable credentials to maintain backwards compatibility with WebAuthn Level 1.
+ *
+ * @author Spencer Witt
+ */
+export interface AuthenticatorSelectionCriteria {
+    authenticatorAttachment?: AuthenticatorAttachment;
+    requireResidentKey?: boolean;
+    residentKey?: ResidentKeyRequirement;
+    userVerification?: UserVerificationRequirement;
+}
 export interface BaseConnectorConfiguration {
     data?: Record<string, any>;
     debug?: boolean;
@@ -3195,6 +3350,51 @@ export interface CORSConfiguration extends Enableable {
     exposedHeaders?: Array<string>;
     preflightMaxAgeInSeconds?: number;
 }
+/**
+ * A number identifying a cryptographic algorithm. Values should be registered with the <a
+ * href="https://www.iana.org/assignments/cose/cose.xhtml#algorithms">IANA COSE Algorithms registry</a>
+ *
+ * @author Spencer Witt
+ */
+export declare enum CoseAlgorithmIdentifier {
+    ES256 = "SHA256withECDSA",
+    ES384 = "SHA384withECDSA",
+    ES512 = "SHA512withECDSA",
+    RS256 = "SHA256withRSA",
+    RS384 = "SHA384withRSA",
+    RS512 = "SHA512withRSA",
+    PS256 = "SHA-256",
+    PS384 = "SHA-384",
+    PS512 = "SHA-512"
+}
+/**
+ * COSE Elliptic Curve identifier to determine which elliptic curve to use with a given key
+ *
+ * @author Spencer Witt
+ */
+export declare enum CoseEllipticCurve {
+    Reserved = "Reserved",
+    P256 = "P256",
+    P384 = "P384",
+    P521 = "P521",
+    X25519 = "X25519",
+    X448 = "X448",
+    Ed25519 = "Ed25519",
+    Ed448 = "Ed448",
+    Secp256k1 = "Secp256k1"
+}
+/**
+ * COSE key type
+ *
+ * @author Spencer Witt
+ */
+export declare enum CoseKeyType {
+    Reserved = "0",
+    OKP = "1",
+    EC2 = "2",
+    RSA = "3",
+    Symmetric = "4"
+}
 /**
  * @author Brian Pontarelli
  */
@@ -3202,6 +3402,14 @@ export interface Count {
     count?: number;
     interval?: number;
 }
+/**
+ * Contains the output for the {@code credProps} extension
+ *
+ * @author Spencer Witt
+ */
+export interface CredentialPropertiesOutput {
+    rk?: boolean;
+}
 /**
  * Response for the daily active user report.
  *
@@ -3824,6 +4032,8 @@ export interface ExternalIdentifierConfiguration {
     twoFactorOneTimeCodeIdGenerator?: SecureGeneratorConfiguration;
     twoFactorOneTimeCodeIdTimeToLiveInSeconds?: number;
     twoFactorTrustIdTimeToLiveInSeconds?: number;
+    webAuthnAuthenticationChallengeTimeToLiveInSeconds?: number;
+    webAuthnRegistrationChallengeTimeToLiveInSeconds?: number;
 }
 /**
  * @author Daniel DeGroff
@@ -4315,6 +4525,32 @@ export interface GroupResponse {
     group?: Group;
     groups?: Array<Group>;
 }
+/**
+ * Search criteria for Groups
+ *
+ * @author Daniel DeGroff
+ */
+export interface GroupSearchCriteria extends BaseSearchCriteria {
+    name?: string;
+    tenantId?: UUID;
+}
+/**
+ * Search request for Groups.
+ *
+ * @author Daniel DeGroff
+ */
+export interface GroupSearchRequest {
+    search?: GroupSearchCriteria;
+}
+/**
+ * Search response for Groups
+ *
+ * @author Daniel DeGroff
+ */
+export interface GroupSearchResponse {
+    groups?: Array<Group>;
+    total?: number;
+}
 /**
  * Models the Group Update Complete Event.
  *
@@ -5255,6 +5491,7 @@ export declare enum MessengerType {
     Twilio = "Twilio"
 }
 export interface MetaData {
+    data?: Record<string, any>;
     device?: DeviceInfo;
     scopes?: Array<string>;
 }
@@ -5631,6 +5868,84 @@ export declare enum ProofKeyForCodeExchangePolicy {
     NotRequired = "NotRequired",
     NotRequiredWhenUsingClientAuthentication = "NotRequiredWhenUsingClientAuthentication"
 }
+/**
+ * Allows the Relying Party to specify desired attributes of a new credential.
+ *
+ * @author Spencer Witt
+ */
+export interface PublicKeyCredentialCreationOptions {
+    attestation?: AttestationConveyancePreference;
+    authenticatorSelection?: AuthenticatorSelectionCriteria;
+    challenge?: string;
+    excludeCredentials?: Array<PublicKeyCredentialDescriptor>;
+    extensions?: WebAuthnRegistrationExtensionOptions;
+    pubKeyCredParams?: Array<PublicKeyCredentialParameters>;
+    rp?: PublicKeyCredentialRelyingPartyEntity;
+    timeout?: number;
+    user?: PublicKeyCredentialUserEntity;
+}
+/**
+ * Contains attributes for the Relying Party to refer to an existing public key credential as an input parameter.
+ *
+ * @author Spencer Witt
+ */
+export interface PublicKeyCredentialDescriptor {
+    id?: string;
+    transports?: Array<string>;
+    type?: PublicKeyCredentialType;
+}
+/**
+ * Describes a user account or WebAuthn Relying Party associated with a public key credential
+ */
+export interface PublicKeyCredentialEntity {
+    name?: string;
+}
+/**
+ * Supply information on credential type and algorithm to the <i>authenticator</i>.
+ *
+ * @author Spencer Witt
+ */
+export interface PublicKeyCredentialParameters {
+    alg?: CoseAlgorithmIdentifier;
+    type?: PublicKeyCredentialType;
+}
+/**
+ * Supply additional information about the Relying Party when creating a new credential
+ *
+ * @author Spencer Witt
+ */
+export interface PublicKeyCredentialRelyingPartyEntity extends PublicKeyCredentialEntity {
+    id?: string;
+}
+/**
+ * Provides the <i>authenticator</i> with the data it needs to generate an assertion.
+ *
+ * @author Spencer Witt
+ */
+export interface PublicKeyCredentialRequestOptions {
+    allowCredentials?: Array<PublicKeyCredentialDescriptor>;
+    challenge?: string;
+    rpId?: string;
+    timeout?: number;
+    userVerification?: UserVerificationRequirement;
+}
+/**
+ * Defines valid credential types. This is an extension point in the WebAuthn spec. The only defined value at this time is "public-key"
+ *
+ * @author Spencer Witt
+ */
+export declare enum PublicKeyCredentialType {
+    publicKey = "public-key"
+}
+/**
+ * Supply additional information about the user account when creating a new credential
+ *
+ * @author Spencer Witt
+ */
+export interface PublicKeyCredentialUserEntity extends PublicKeyCredentialEntity {
+    displayName?: string;
+    id?: string;
+}
 /**
  * JWT Public Key Response Object
  *
@@ -5724,6 +6039,9 @@ export interface ReactorStatus {
     licensed?: boolean;
     scimServer?: ReactorFeatureStatus;
     threatDetection?: ReactorFeatureStatus;
+    webAuthn?: ReactorFeatureStatus;
+    webAuthnPlatformAuthenticators?: ReactorFeatureStatus;
+    webAuthnRoamingAuthenticators?: ReactorFeatureStatus;
 }
 /**
  * Response for the user login report.
@@ -5911,6 +6229,17 @@ export interface Requirable extends Enableable {
  */
 export interface RequiresCORSConfiguration {
 }
+/**
+ * Describes the Relying Party's requirements for <a href="https://www.w3.org/TR/webauthn-2/#client-side-discoverable-credential">client-side
+ * discoverable credentials</a> (formerly known as "resident keys")
+ *
+ * @author Spencer Witt
+ */
+export declare enum ResidentKeyRequirement {
+    discouraged = "discouraged",
+    preferred = "preferred",
+    required = "required"
+}
 export declare enum SAMLLogoutBehavior {
     AllParticipants = "AllParticipants",
     OnlyOriginator = "OnlyOriginator"
@@ -5928,6 +6257,7 @@ export interface SAMLv2Configuration extends Enableable {
     callbackURL?: string;
     debug?: boolean;
     defaultVerificationKeyId?: UUID;
+    initiatedLogin?: SAMLv2IdPInitiatedLoginConfiguration;
     issuer?: string;
     keyId?: UUID;
     logout?: SAMLv2Logout;
@@ -5976,6 +6306,14 @@ export interface SAMLv2IdPInitiatedIdentityProvider extends BaseIdentityProvider
     useNameIdForEmail?: boolean;
     usernameClaim?: string;
 }
+/**
+ * IdP Initiated login configuration
+ *
+ * @author Daniel DeGroff
+ */
+export interface SAMLv2IdPInitiatedLoginConfiguration extends Enableable {
+    nameIdFormat?: string;
+}
 export interface SAMLv2Logout {
     behavior?: SAMLLogoutBehavior;
     defaultVerificationKeyId?: UUID;
@@ -6197,6 +6535,9 @@ export interface Templates {
     accountTwoFactorDisable?: string;
     accountTwoFactorEnable?: string;
     accountTwoFactorIndex?: string;
+    accountWebAuthnAdd?: string;
+    accountWebAuthnDelete?: string;
+    accountWebAuthnIndex?: string;
     emailComplete?: string;
     emailSend?: string;
     emailSent?: string;
@@ -6219,6 +6560,9 @@ export interface Templates {
     oauth2TwoFactor?: string;
     oauth2TwoFactorMethods?: string;
     oauth2Wait?: string;
+    oauth2WebAuthn?: string;
+    oauth2WebAuthnReauth?: string;
+    oauth2WebAuthnReauthEnable?: string;
     passwordChange?: string;
     passwordComplete?: string;
     passwordForgot?: string;
@@ -6270,6 +6614,7 @@ export interface Tenant {
     themeId?: UUID;
     userDeletePolicy?: TenantUserDeletePolicy;
     usernameConfiguration?: TenantUsernameConfiguration;
+    webAuthnConfiguration?: TenantWebAuthnConfiguration;
 }
 /**
  * @author Brian Pontarelli
@@ -6401,6 +6746,25 @@ export interface TenantUserDeletePolicy {
 export interface TenantUsernameConfiguration {
     unique?: UniqueUsernameConfiguration;
 }
+/**
+ * Tenant-level configuration for WebAuthn
+ *
+ * @author Spencer Witt
+ */
+export interface TenantWebAuthnConfiguration extends Enableable {
+    bootstrapWorkflow?: TenantWebAuthnWorkflowConfiguration;
+    debug?: boolean;
+    reauthenticationWorkflow?: TenantWebAuthnWorkflowConfiguration;
+    relyingPartyId?: string;
+    relyingPartyName?: string;
+}
+/**
+ * @author Spencer Witt
+ */
+export interface TenantWebAuthnWorkflowConfiguration extends Enableable {
+    authenticatorAttachmentPreference?: AuthenticatorAttachmentPreference;
+    userVerificationRequirement?: UserVerificationRequirement;
+}
 /**
  * @author Daniel DeGroff
  */
@@ -7318,6 +7682,17 @@ export interface UserUpdateEvent extends BaseEvent {
     original?: User;
     user?: User;
 }
+/**
+ * Used to express whether the Relying Party requires <a href="https://www.w3.org/TR/webauthn-2/#user-verification">user verification</a> for the
+ * current operation.
+ *
+ * @author Spencer Witt
+ */
+export declare enum UserVerificationRequirement {
+    required = "required",
+    preferred = "preferred",
+    discouraged = "discouraged"
+}
 /**
  * @author Daniel DeGroff
  */
@@ -7366,6 +7741,200 @@ export interface VerifyRegistrationResponse {
 export interface VersionResponse {
     version?: string;
 }
+/**
+ * API response for completing WebAuthn assertion
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnAssertResponse {
+    credential?: WebAuthnCredential;
+}
+/**
+ * The <i>authenticator's</i> response for the authentication ceremony in its encoded format
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnAuthenticatorAuthenticationResponse {
+    authenticatorData?: string;
+    clientDataJSON?: string;
+    signature?: string;
+    userHandle?: string;
+}
+/**
+ * The <i>authenticator's</i> response for the registration ceremony in its encoded format
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnAuthenticatorRegistrationResponse {
+    attestationObject?: string;
+    clientDataJSON?: string;
+}
+/**
+ * A User's WebAuthnCredential. Contains all data required to complete WebAuthn authentication ceremonies.
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnCredential {
+    algorithm?: CoseAlgorithmIdentifier;
+    attestationType?: AttestationType;
+    authenticatorSupportsUserVerification?: boolean;
+    credentialId?: string;
+    data?: Record<string, any>;
+    discoverable?: boolean;
+    displayName?: string;
+    id?: UUID;
+    insertInstant?: number;
+    lastUseInstant?: number;
+    name?: string;
+    publicKey?: string;
+    relyingPartyId?: string;
+    signCount?: number;
+    tenantId?: UUID;
+    transports?: Array<string>;
+    userAgent?: string;
+    userId?: UUID;
+}
+/**
+ * API request to import an existing WebAuthn credential(s)
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnCredentialImportRequest {
+    credentials?: Array<WebAuthnCredential>;
+    validateDbConstraints?: boolean;
+}
+/**
+ * WebAuthn Credential API response
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnCredentialResponse {
+    credential?: WebAuthnCredential;
+    credentials?: Array<WebAuthnCredential>;
+}
+/**
+ * Contains extension output for requested extensions during a WebAuthn ceremony
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnExtensionsClientOutputs {
+    credProps?: CredentialPropertiesOutput;
+}
+/**
+ * Request to complete the WebAuthn registration ceremony
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnLoginRequest extends BaseLoginRequest {
+    credential?: WebAuthnPublicKeyAuthenticationRequest;
+    origin?: string;
+    rpId?: string;
+    twoFactorTrustId?: string;
+}
+/**
+ * Request to authenticate with WebAuthn
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnPublicKeyAuthenticationRequest {
+    clientExtensionResults?: WebAuthnExtensionsClientOutputs;
+    id?: string;
+    response?: WebAuthnAuthenticatorAuthenticationResponse;
+    rpId?: string;
+    type?: string;
+}
+/**
+ * Request to register a new public key with WebAuthn
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnPublicKeyRegistrationRequest {
+    clientExtensionResults?: WebAuthnExtensionsClientOutputs;
+    id?: string;
+    response?: WebAuthnAuthenticatorRegistrationResponse;
+    rpId?: string;
+    transports?: Array<string>;
+    type?: string;
+}
+/**
+ * Request to complete the WebAuthn registration ceremony for a new credential,.
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnRegisterCompleteRequest {
+    credential?: WebAuthnPublicKeyRegistrationRequest;
+    origin?: string;
+    rpId?: string;
+    userId?: UUID;
+}
+/**
+ * API response for completing WebAuthn credential registration or assertion
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnRegisterCompleteResponse {
+    credential?: WebAuthnCredential;
+}
+/**
+ * API request to start a WebAuthn registration ceremony
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnRegisterStartRequest {
+    displayName?: string;
+    name?: string;
+    userAgent?: string;
+    userId?: UUID;
+    workflow?: WebAuthnWorkflow;
+}
+/**
+ * API response for starting a WebAuthn registration ceremony
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnRegisterStartResponse {
+    options?: PublicKeyCredentialCreationOptions;
+}
+/**
+ * Options to request extensions during credential registration
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnRegistrationExtensionOptions {
+    credProps?: boolean;
+}
+/**
+ * API request to start a WebAuthn authentication ceremony
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnStartRequest {
+    applicationId?: UUID;
+    credentialId?: UUID;
+    loginId?: string;
+    state?: Record<string, any>;
+    userId?: UUID;
+    workflow?: WebAuthnWorkflow;
+}
+/**
+ * API response for starting a WebAuthn authentication ceremony
+ *
+ * @author Spencer Witt
+ */
+export interface WebAuthnStartResponse {
+    options?: PublicKeyCredentialRequestOptions;
+}
+/**
+ * Identifies the WebAuthn workflow. This will affect the parameters used for credential creation
+ * and request based on the Tenant configuration.
+ *
+ * @author Spencer Witt
+ */
+export declare enum WebAuthnWorkflow {
+    bootstrap = "bootstrap",
+    general = "general",
+    reauthentication = "reauthentication"
+}
 /**
  * A server where events are sent. This includes user action events and any other events sent by FusionAuth.
  *