@fusionauth/typescript-client 1.38.0 → 1.41.0

package/build/src/FusionAuthClient.js

@@ -187,6 +187,26 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Make a Client Credentials grant request to obtain an access token.
+     *
+     * @param {string} client_id The client identifier. The client Id is the Id of the FusionAuth Entity in which you are attempting to authenticate.
+     * @param {string} client_secret The client secret used to authenticate this request.
+     * @param {string} scope (Optional) This parameter is used to indicate which target entity you are requesting access. To request access to an entity, use the format target-entity:<target-entity-id>:<roles>. Roles are an optional comma separated list.
+     * @returns {Promise<ClientResponse<AccessToken>>}
+     */
+    clientCredentialsGrant(client_id, client_secret, scope) {
+        let body = new url_1.URLSearchParams();
+        body.append('client_id', client_id);
+        body.append('client_secret', client_secret);
+        body.append('grant_type', 'client_credentials');
+        body.append('scope', scope);
+        return this.startAnonymous()
+            .withUri('/oauth2/token')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Adds a comment to the user's account.
      *
@@ -200,6 +220,45 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge without logging the user in
+     *
+     * @param {WebAuthnLoginRequest} request An object containing data necessary for completing the authentication ceremony
+     * @returns {Promise<ClientResponse<WebAuthnAssertResponse>>}
+     */
+    completeWebAuthnAssertion(request) {
+        return this.startAnonymous()
+            .withUri('/api/webauthn/assert')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge and then login the user in
+     *
+     * @param {WebAuthnLoginRequest} request An object containing data necessary for completing the authentication ceremony
+     * @returns {Promise<ClientResponse<LoginResponse>>}
+     */
+    completeWebAuthnLogin(request) {
+        return this.startAnonymous()
+            .withUri('/api/webauthn/login')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Complete a WebAuthn registration ceremony by validating the client request and saving the new credential
+     *
+     * @param {WebAuthnRegisterCompleteRequest} request An object containing data necessary for completing the registration ceremony
+     * @returns {Promise<ClientResponse<WebAuthnRegisterCompleteResponse>>}
+     */
+    completeWebAuthnRegistration(request) {
+        return this.start()
+            .withUri('/api/webauthn/register/complete')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Creates an API key. You can optionally specify a unique Id for the key, if not provided one will be generated.
      * an API key can only be created with equal or lesser authority. An API key cannot create another API key unless it is granted
@@ -1192,6 +1251,19 @@ class FusionAuthClient {
             .withMethod("DELETE")
             .go();
     }
+    /**
+     * Deletes the WebAuthn credential for the given Id.
+     *
+     * @param {UUID} id The Id of the WebAuthn credential to delete.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteWebAuthnCredential(id) {
+        return this.start()
+            .withUri('/api/webauthn')
+            .withUriSegment(id)
+            .withMethod("DELETE")
+            .go();
+    }
     /**
      * Deletes the webhook for the given Id.
      *
@@ -1537,6 +1609,19 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Import a WebAuthn credential
+     *
+     * @param {WebAuthnCredentialImportRequest} request An object containing data necessary for importing the credential
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    importWebAuthnCredential(request) {
+        return this.start()
+            .withUri('/api/webauthn/import')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Inspect an access token issued by FusionAuth.
      *
@@ -3468,6 +3553,32 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieves the WebAuthn credential for the given Id.
+     *
+     * @param {UUID} id The Id of the WebAuthn credential.
+     * @returns {Promise<ClientResponse<WebAuthnCredentialResponse>>}
+     */
+    retrieveWebAuthnCredential(id) {
+        return this.start()
+            .withUri('/api/webauthn')
+            .withUriSegment(id)
+            .withMethod("GET")
+            .go();
+    }
+    /**
+     * Retrieves all WebAuthn credentials for the given user.
+     *
+     * @param {UUID} userId The user's ID.
+     * @returns {Promise<ClientResponse<WebAuthnCredentialResponse>>}
+     */
+    retrieveWebAuthnCredentialsForUser(userId) {
+        return this.start()
+            .withUri('/api/webauthn')
+            .withParameter('userId', userId)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Retrieves the webhook for the given Id. If you pass in null for the id, this will return all the webhooks.
      *
@@ -3717,6 +3828,19 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Searches groups with the specified criteria and pagination.
+     *
+     * @param {GroupSearchRequest} request The search criteria and pagination information.
+     * @returns {Promise<ClientResponse<GroupSearchResponse>>}
+     */
+    searchGroups(request) {
+        return this.start()
+            .withUri('/api/group/search')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Searches the IP Access Control Lists with the specified criteria and pagination.
      *
@@ -3948,6 +4072,32 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Start a WebAuthn authentication ceremony by generating a new challenge for the user
+     *
+     * @param {WebAuthnStartRequest} request An object containing data necessary for starting the authentication ceremony
+     * @returns {Promise<ClientResponse<WebAuthnStartResponse>>}
+     */
+    startWebAuthnLogin(request) {
+        return this.start()
+            .withUri('/api/webauthn/start')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Start a WebAuthn registration ceremony by generating a new challenge for the user
+     *
+     * @param {WebAuthnRegisterStartRequest} request An object containing data necessary for starting the registration ceremony
+     * @returns {Promise<ClientResponse<WebAuthnRegisterStartResponse>>}
+     */
+    startWebAuthnRegistration(request) {
+        return this.start()
+            .withUri('/api/webauthn/register/start')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Complete login using a 2FA challenge
      *
@@ -4604,6 +4754,31 @@ var ApplicationMultiFactorTrustPolicy;
     ApplicationMultiFactorTrustPolicy["This"] = "This";
     ApplicationMultiFactorTrustPolicy["None"] = "None";
 })(ApplicationMultiFactorTrustPolicy = exports.ApplicationMultiFactorTrustPolicy || (exports.ApplicationMultiFactorTrustPolicy = {}));
+/**
+ * Used to communicate whether and how authenticator attestation should be delivered to the Relying Party
+ *
+ * @author Spencer Witt
+ */
+var AttestationConveyancePreference;
+(function (AttestationConveyancePreference) {
+    AttestationConveyancePreference["none"] = "none";
+    AttestationConveyancePreference["indirect"] = "indirect";
+    AttestationConveyancePreference["direct"] = "direct";
+    AttestationConveyancePreference["enterprise"] = "enterprise";
+})(AttestationConveyancePreference = exports.AttestationConveyancePreference || (exports.AttestationConveyancePreference = {}));
+/**
+ * Used to indicate what type of attestation was included in the authenticator response for a given WebAuthn credential at the time it was created
+ *
+ * @author Spencer Witt
+ */
+var AttestationType;
+(function (AttestationType) {
+    AttestationType["basic"] = "basic";
+    AttestationType["self"] = "self";
+    AttestationType["attestationCa"] = "attestationCa";
+    AttestationType["anonymizationCa"] = "anonymizationCa";
+    AttestationType["none"] = "none";
+})(AttestationType = exports.AttestationType || (exports.AttestationType = {}));
 /**
  * @author Brett Pontarelli
  */
@@ -4611,6 +4786,27 @@ var AuthenticationThreats;
 (function (AuthenticationThreats) {
     AuthenticationThreats["ImpossibleTravel"] = "ImpossibleTravel";
 })(AuthenticationThreats = exports.AuthenticationThreats || (exports.AuthenticationThreats = {}));
+/**
+ * Describes the <a href="https://www.w3.org/TR/webauthn-2/#authenticator-attachment-modality">authenticator attachment modality</a>.
+ *
+ * @author Spencer Witt
+ */
+var AuthenticatorAttachment;
+(function (AuthenticatorAttachment) {
+    AuthenticatorAttachment["platform"] = "platform";
+    AuthenticatorAttachment["crossPlatform"] = "crossPlatform";
+})(AuthenticatorAttachment = exports.AuthenticatorAttachment || (exports.AuthenticatorAttachment = {}));
+/**
+ * Describes the authenticator attachment modality preference for a WebAuthn workflow. See {@link AuthenticatorAttachment}
+ *
+ * @author Spencer Witt
+ */
+var AuthenticatorAttachmentPreference;
+(function (AuthenticatorAttachmentPreference) {
+    AuthenticatorAttachmentPreference["any"] = "any";
+    AuthenticatorAttachmentPreference["platform"] = "platform";
+    AuthenticatorAttachmentPreference["crossPlatform"] = "crossPlatform";
+})(AuthenticatorAttachmentPreference = exports.AuthenticatorAttachmentPreference || (exports.AuthenticatorAttachmentPreference = {}));
 var BreachAction;
 (function (BreachAction) {
     BreachAction["Off"] = "Off";
@@ -4714,6 +4910,54 @@ var ContentStatus;
     ContentStatus["PENDING"] = "PENDING";
     ContentStatus["REJECTED"] = "REJECTED";
 })(ContentStatus = exports.ContentStatus || (exports.ContentStatus = {}));
+/**
+ * A number identifying a cryptographic algorithm. Values should be registered with the <a
+ * href="https://www.iana.org/assignments/cose/cose.xhtml#algorithms">IANA COSE Algorithms registry</a>
+ *
+ * @author Spencer Witt
+ */
+var CoseAlgorithmIdentifier;
+(function (CoseAlgorithmIdentifier) {
+    CoseAlgorithmIdentifier["ES256"] = "SHA256withECDSA";
+    CoseAlgorithmIdentifier["ES384"] = "SHA384withECDSA";
+    CoseAlgorithmIdentifier["ES512"] = "SHA512withECDSA";
+    CoseAlgorithmIdentifier["RS256"] = "SHA256withRSA";
+    CoseAlgorithmIdentifier["RS384"] = "SHA384withRSA";
+    CoseAlgorithmIdentifier["RS512"] = "SHA512withRSA";
+    CoseAlgorithmIdentifier["PS256"] = "SHA-256";
+    CoseAlgorithmIdentifier["PS384"] = "SHA-384";
+    CoseAlgorithmIdentifier["PS512"] = "SHA-512";
+})(CoseAlgorithmIdentifier = exports.CoseAlgorithmIdentifier || (exports.CoseAlgorithmIdentifier = {}));
+/**
+ * COSE Elliptic Curve identifier to determine which elliptic curve to use with a given key
+ *
+ * @author Spencer Witt
+ */
+var CoseEllipticCurve;
+(function (CoseEllipticCurve) {
+    CoseEllipticCurve["Reserved"] = "Reserved";
+    CoseEllipticCurve["P256"] = "P256";
+    CoseEllipticCurve["P384"] = "P384";
+    CoseEllipticCurve["P521"] = "P521";
+    CoseEllipticCurve["X25519"] = "X25519";
+    CoseEllipticCurve["X448"] = "X448";
+    CoseEllipticCurve["Ed25519"] = "Ed25519";
+    CoseEllipticCurve["Ed448"] = "Ed448";
+    CoseEllipticCurve["Secp256k1"] = "Secp256k1";
+})(CoseEllipticCurve = exports.CoseEllipticCurve || (exports.CoseEllipticCurve = {}));
+/**
+ * COSE key type
+ *
+ * @author Spencer Witt
+ */
+var CoseKeyType;
+(function (CoseKeyType) {
+    CoseKeyType["Reserved"] = "0";
+    CoseKeyType["OKP"] = "1";
+    CoseKeyType["EC2"] = "2";
+    CoseKeyType["RSA"] = "3";
+    CoseKeyType["Symmetric"] = "4";
+})(CoseKeyType = exports.CoseKeyType || (exports.CoseKeyType = {}));
 var DeviceType;
 (function (DeviceType) {
     DeviceType["BROWSER"] = "BROWSER";
@@ -5155,6 +5399,15 @@ var ProofKeyForCodeExchangePolicy;
     ProofKeyForCodeExchangePolicy["NotRequired"] = "NotRequired";
     ProofKeyForCodeExchangePolicy["NotRequiredWhenUsingClientAuthentication"] = "NotRequiredWhenUsingClientAuthentication";
 })(ProofKeyForCodeExchangePolicy = exports.ProofKeyForCodeExchangePolicy || (exports.ProofKeyForCodeExchangePolicy = {}));
+/**
+ * Defines valid credential types. This is an extension point in the WebAuthn spec. The only defined value at this time is "public-key"
+ *
+ * @author Spencer Witt
+ */
+var PublicKeyCredentialType;
+(function (PublicKeyCredentialType) {
+    PublicKeyCredentialType["publicKey"] = "public-key";
+})(PublicKeyCredentialType = exports.PublicKeyCredentialType || (exports.PublicKeyCredentialType = {}));
 /**
  * @author Daniel DeGroff
  */
@@ -5199,6 +5452,18 @@ var RegistrationType;
     RegistrationType["basic"] = "basic";
     RegistrationType["advanced"] = "advanced";
 })(RegistrationType = exports.RegistrationType || (exports.RegistrationType = {}));
+/**
+ * Describes the Relying Party's requirements for <a href="https://www.w3.org/TR/webauthn-2/#client-side-discoverable-credential">client-side
+ * discoverable credentials</a> (formerly known as "resident keys")
+ *
+ * @author Spencer Witt
+ */
+var ResidentKeyRequirement;
+(function (ResidentKeyRequirement) {
+    ResidentKeyRequirement["discouraged"] = "discouraged";
+    ResidentKeyRequirement["preferred"] = "preferred";
+    ResidentKeyRequirement["required"] = "required";
+})(ResidentKeyRequirement = exports.ResidentKeyRequirement || (exports.ResidentKeyRequirement = {}));
 var SAMLLogoutBehavior;
 (function (SAMLLogoutBehavior) {
     SAMLLogoutBehavior["AllParticipants"] = "AllParticipants";
@@ -5292,6 +5557,18 @@ var UserState;
     UserState["AuthenticatedNotVerified"] = "AuthenticatedNotVerified";
     UserState["AuthenticatedRegistrationNotVerified"] = "AuthenticatedRegistrationNotVerified";
 })(UserState = exports.UserState || (exports.UserState = {}));
+/**
+ * Used to express whether the Relying Party requires <a href="https://www.w3.org/TR/webauthn-2/#user-verification">user verification</a> for the
+ * current operation.
+ *
+ * @author Spencer Witt
+ */
+var UserVerificationRequirement;
+(function (UserVerificationRequirement) {
+    UserVerificationRequirement["required"] = "required";
+    UserVerificationRequirement["preferred"] = "preferred";
+    UserVerificationRequirement["discouraged"] = "discouraged";
+})(UserVerificationRequirement = exports.UserVerificationRequirement || (exports.UserVerificationRequirement = {}));
 /**
  * @author Daniel DeGroff
  */
@@ -5300,6 +5577,18 @@ var VerificationStrategy;
     VerificationStrategy["ClickableLink"] = "ClickableLink";
     VerificationStrategy["FormField"] = "FormField";
 })(VerificationStrategy = exports.VerificationStrategy || (exports.VerificationStrategy = {}));
+/**
+ * Identifies the WebAuthn workflow. This will affect the parameters used for credential creation
+ * and request based on the Tenant configuration.
+ *
+ * @author Spencer Witt
+ */
+var WebAuthnWorkflow;
+(function (WebAuthnWorkflow) {
+    WebAuthnWorkflow["bootstrap"] = "bootstrap";
+    WebAuthnWorkflow["general"] = "general";
+    WebAuthnWorkflow["reauthentication"] = "reauthentication";
+})(WebAuthnWorkflow = exports.WebAuthnWorkflow || (exports.WebAuthnWorkflow = {}));
 var XMLSignatureLocation;
 (function (XMLSignatureLocation) {
     XMLSignatureLocation["Assertion"] = "Assertion";