@fusionauth/typescript-client 1.39.0 → 1.42.0

package/build/src/FusionAuthClient.js

@@ -187,6 +187,26 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Make a Client Credentials grant request to obtain an access token.
+     *
+     * @param {string} client_id The client identifier. The client Id is the Id of the FusionAuth Entity in which you are attempting to authenticate.
+     * @param {string} client_secret The client secret used to authenticate this request.
+     * @param {string} scope (Optional) This parameter is used to indicate which target entity you are requesting access. To request access to an entity, use the format target-entity:<target-entity-id>:<roles>. Roles are an optional comma separated list.
+     * @returns {Promise<ClientResponse<AccessToken>>}
+     */
+    clientCredentialsGrant(client_id, client_secret, scope) {
+        let body = new url_1.URLSearchParams();
+        body.append('client_id', client_id);
+        body.append('client_secret', client_secret);
+        body.append('grant_type', 'client_credentials');
+        body.append('scope', scope);
+        return this.startAnonymous()
+            .withUri('/oauth2/token')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Adds a comment to the user's account.
      *
@@ -200,6 +220,45 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge without logging the user in
+     *
+     * @param {WebAuthnLoginRequest} request An object containing data necessary for completing the authentication ceremony
+     * @returns {Promise<ClientResponse<WebAuthnAssertResponse>>}
+     */
+    completeWebAuthnAssertion(request) {
+        return this.startAnonymous()
+            .withUri('/api/webauthn/assert')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge and then login the user in
+     *
+     * @param {WebAuthnLoginRequest} request An object containing data necessary for completing the authentication ceremony
+     * @returns {Promise<ClientResponse<LoginResponse>>}
+     */
+    completeWebAuthnLogin(request) {
+        return this.startAnonymous()
+            .withUri('/api/webauthn/login')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Complete a WebAuthn registration ceremony by validating the client request and saving the new credential
+     *
+     * @param {WebAuthnRegisterCompleteRequest} request An object containing data necessary for completing the registration ceremony
+     * @returns {Promise<ClientResponse<WebAuthnRegisterCompleteResponse>>}
+     */
+    completeWebAuthnRegistration(request) {
+        return this.start()
+            .withUri('/api/webauthn/register/complete')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Creates an API key. You can optionally specify a unique Id for the key, if not provided one will be generated.
      * an API key can only be created with equal or lesser authority. An API key cannot create another API key unless it is granted
@@ -1192,6 +1251,19 @@ class FusionAuthClient {
             .withMethod("DELETE")
             .go();
     }
+    /**
+     * Deletes the WebAuthn credential for the given Id.
+     *
+     * @param {UUID} id The Id of the WebAuthn credential to delete.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteWebAuthnCredential(id) {
+        return this.start()
+            .withUri('/api/webauthn')
+            .withUriSegment(id)
+            .withMethod("DELETE")
+            .go();
+    }
     /**
      * Deletes the webhook for the given Id.
      *
@@ -1206,11 +1278,11 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Disable Two Factor authentication for a user.
+     * Disable two-factor authentication for a user.
      *
-     * @param {UUID} userId The Id of the User for which you're disabling Two Factor authentication.
+     * @param {UUID} userId The Id of the User for which you're disabling two-factor authentication.
      * @param {string} methodId The two-factor method identifier you wish to disable
-     * @param {string} code The Two Factor code used verify the the caller knows the Two Factor secret.
+     * @param {string} code The two-factor code used verify the the caller knows the two-factor secret.
      * @returns {Promise<ClientResponse<void>>}
      */
     disableTwoFactor(userId, methodId, code) {
@@ -1223,9 +1295,9 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Disable Two Factor authentication for a user using a JSON body rather than URL parameters.
+     * Disable two-factor authentication for a user using a JSON body rather than URL parameters.
      *
-     * @param {UUID} userId The Id of the User for which you're disabling Two Factor authentication.
+     * @param {UUID} userId The Id of the User for which you're disabling two-factor authentication.
      * @param {TwoFactorDisableRequest} request The request information that contains the code and methodId along with any event information.
      * @returns {Promise<ClientResponse<void>>}
      */
@@ -1238,10 +1310,10 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Enable Two Factor authentication for a user.
+     * Enable two-factor authentication for a user.
      *
-     * @param {UUID} userId The Id of the user to enable Two Factor authentication.
-     * @param {TwoFactorRequest} request The two factor enable request information.
+     * @param {UUID} userId The Id of the user to enable two-factor authentication.
+     * @param {TwoFactorRequest} request The two-factor enable request information.
      * @returns {Promise<ClientResponse<TwoFactorResponse>>}
      */
     enableTwoFactor(userId, request) {
@@ -1257,7 +1329,7 @@ class FusionAuthClient {
      * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token.
      *
      * @param {string} code The authorization code returned on the /oauth2/authorize response.
-     * @param {string} client_id The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate.
+     * @param {string} client_id The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate.
      * @param {string} client_secret (Optional) The client secret. This value will be required if client authentication is enabled.
      * @param {string} redirect_uri The URI to redirect to upon a successful request.
      * @returns {Promise<ClientResponse<AccessToken>>}
@@ -1280,7 +1352,7 @@ class FusionAuthClient {
      * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token.
      *
      * @param {string} code The authorization code returned on the /oauth2/authorize response.
-     * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
+     * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
      * @param {string} client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header.
      * @param {string} redirect_uri The URI to redirect to upon a successful request.
      * @param {string} code_verifier The random string generated previously. Will be compared with the code_challenge sent previously, which allows the OAuth provider to authenticate your app.
@@ -1305,7 +1377,7 @@ class FusionAuthClient {
      * If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token.
      *
      * @param {string} refresh_token The refresh token that you would like to use to exchange for an access token.
-     * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
+     * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
      * @param {string} client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header.
      * @param {string} scope (Optional) This parameter is optional and if omitted, the same scope requested during the authorization request will be used. If provided the scopes must match those requested during the initial authorization request.
      * @param {string} user_code (Optional) The end-user verification code. This code is required if using this endpoint to approve the Device Authorization.
@@ -1344,7 +1416,7 @@ class FusionAuthClient {
      *
      * @param {string} username The login identifier of the user. The login identifier can be either the email or the username.
      * @param {string} password The user’s password.
-     * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
+     * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
      * @param {string} client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header.
      * @param {string} scope (Optional) This parameter is optional and if omitted, the same scope requested during the authorization request will be used. If provided the scopes must match those requested during the initial authorization request.
      * @param {string} user_code (Optional) The end-user verification code. This code is required if using this endpoint to approve the Device Authorization.
@@ -1537,6 +1609,19 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Import a WebAuthn credential
+     *
+     * @param {WebAuthnCredentialImportRequest} request An object containing data necessary for importing the credential
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    importWebAuthnCredential(request) {
+        return this.start()
+            .withUri('/api/webauthn/import')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Inspect an access token issued by FusionAuth.
      *
@@ -3468,6 +3553,32 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieves the WebAuthn credential for the given Id.
+     *
+     * @param {UUID} id The Id of the WebAuthn credential.
+     * @returns {Promise<ClientResponse<WebAuthnCredentialResponse>>}
+     */
+    retrieveWebAuthnCredential(id) {
+        return this.start()
+            .withUri('/api/webauthn')
+            .withUriSegment(id)
+            .withMethod("GET")
+            .go();
+    }
+    /**
+     * Retrieves all WebAuthn credentials for the given user.
+     *
+     * @param {UUID} userId The user's ID.
+     * @returns {Promise<ClientResponse<WebAuthnCredentialResponse>>}
+     */
+    retrieveWebAuthnCredentialsForUser(userId) {
+        return this.start()
+            .withUri('/api/webauthn')
+            .withParameter('userId', userId)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Retrieves the webhook for the given Id. If you pass in null for the id, this will return all the webhooks.
      *
@@ -3961,6 +4072,32 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Start a WebAuthn authentication ceremony by generating a new challenge for the user
+     *
+     * @param {WebAuthnStartRequest} request An object containing data necessary for starting the authentication ceremony
+     * @returns {Promise<ClientResponse<WebAuthnStartResponse>>}
+     */
+    startWebAuthnLogin(request) {
+        return this.start()
+            .withUri('/api/webauthn/start')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Start a WebAuthn registration ceremony by generating a new challenge for the user
+     *
+     * @param {WebAuthnRegisterStartRequest} request An object containing data necessary for starting the registration ceremony
+     * @returns {Promise<ClientResponse<WebAuthnRegisterStartResponse>>}
+     */
+    startWebAuthnRegistration(request) {
+        return this.start()
+            .withUri('/api/webauthn/register/start')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Complete login using a 2FA challenge
      *
@@ -4617,6 +4754,31 @@ var ApplicationMultiFactorTrustPolicy;
     ApplicationMultiFactorTrustPolicy["This"] = "This";
     ApplicationMultiFactorTrustPolicy["None"] = "None";
 })(ApplicationMultiFactorTrustPolicy = exports.ApplicationMultiFactorTrustPolicy || (exports.ApplicationMultiFactorTrustPolicy = {}));
+/**
+ * Used to communicate whether and how authenticator attestation should be delivered to the Relying Party
+ *
+ * @author Spencer Witt
+ */
+var AttestationConveyancePreference;
+(function (AttestationConveyancePreference) {
+    AttestationConveyancePreference["none"] = "none";
+    AttestationConveyancePreference["indirect"] = "indirect";
+    AttestationConveyancePreference["direct"] = "direct";
+    AttestationConveyancePreference["enterprise"] = "enterprise";
+})(AttestationConveyancePreference = exports.AttestationConveyancePreference || (exports.AttestationConveyancePreference = {}));
+/**
+ * Used to indicate what type of attestation was included in the authenticator response for a given WebAuthn credential at the time it was created
+ *
+ * @author Spencer Witt
+ */
+var AttestationType;
+(function (AttestationType) {
+    AttestationType["basic"] = "basic";
+    AttestationType["self"] = "self";
+    AttestationType["attestationCa"] = "attestationCa";
+    AttestationType["anonymizationCa"] = "anonymizationCa";
+    AttestationType["none"] = "none";
+})(AttestationType = exports.AttestationType || (exports.AttestationType = {}));
 /**
  * @author Brett Pontarelli
  */
@@ -4624,6 +4786,27 @@ var AuthenticationThreats;
 (function (AuthenticationThreats) {
     AuthenticationThreats["ImpossibleTravel"] = "ImpossibleTravel";
 })(AuthenticationThreats = exports.AuthenticationThreats || (exports.AuthenticationThreats = {}));
+/**
+ * Describes the <a href="https://www.w3.org/TR/webauthn-2/#authenticator-attachment-modality">authenticator attachment modality</a>.
+ *
+ * @author Spencer Witt
+ */
+var AuthenticatorAttachment;
+(function (AuthenticatorAttachment) {
+    AuthenticatorAttachment["platform"] = "platform";
+    AuthenticatorAttachment["crossPlatform"] = "crossPlatform";
+})(AuthenticatorAttachment = exports.AuthenticatorAttachment || (exports.AuthenticatorAttachment = {}));
+/**
+ * Describes the authenticator attachment modality preference for a WebAuthn workflow. See {@link AuthenticatorAttachment}
+ *
+ * @author Spencer Witt
+ */
+var AuthenticatorAttachmentPreference;
+(function (AuthenticatorAttachmentPreference) {
+    AuthenticatorAttachmentPreference["any"] = "any";
+    AuthenticatorAttachmentPreference["platform"] = "platform";
+    AuthenticatorAttachmentPreference["crossPlatform"] = "crossPlatform";
+})(AuthenticatorAttachmentPreference = exports.AuthenticatorAttachmentPreference || (exports.AuthenticatorAttachmentPreference = {}));
 var BreachAction;
 (function (BreachAction) {
     BreachAction["Off"] = "Off";
@@ -4727,6 +4910,54 @@ var ContentStatus;
     ContentStatus["PENDING"] = "PENDING";
     ContentStatus["REJECTED"] = "REJECTED";
 })(ContentStatus = exports.ContentStatus || (exports.ContentStatus = {}));
+/**
+ * A number identifying a cryptographic algorithm. Values should be registered with the <a
+ * href="https://www.iana.org/assignments/cose/cose.xhtml#algorithms">IANA COSE Algorithms registry</a>
+ *
+ * @author Spencer Witt
+ */
+var CoseAlgorithmIdentifier;
+(function (CoseAlgorithmIdentifier) {
+    CoseAlgorithmIdentifier["ES256"] = "SHA256withECDSA";
+    CoseAlgorithmIdentifier["ES384"] = "SHA384withECDSA";
+    CoseAlgorithmIdentifier["ES512"] = "SHA512withECDSA";
+    CoseAlgorithmIdentifier["RS256"] = "SHA256withRSA";
+    CoseAlgorithmIdentifier["RS384"] = "SHA384withRSA";
+    CoseAlgorithmIdentifier["RS512"] = "SHA512withRSA";
+    CoseAlgorithmIdentifier["PS256"] = "SHA-256";
+    CoseAlgorithmIdentifier["PS384"] = "SHA-384";
+    CoseAlgorithmIdentifier["PS512"] = "SHA-512";
+})(CoseAlgorithmIdentifier = exports.CoseAlgorithmIdentifier || (exports.CoseAlgorithmIdentifier = {}));
+/**
+ * COSE Elliptic Curve identifier to determine which elliptic curve to use with a given key
+ *
+ * @author Spencer Witt
+ */
+var CoseEllipticCurve;
+(function (CoseEllipticCurve) {
+    CoseEllipticCurve["Reserved"] = "Reserved";
+    CoseEllipticCurve["P256"] = "P256";
+    CoseEllipticCurve["P384"] = "P384";
+    CoseEllipticCurve["P521"] = "P521";
+    CoseEllipticCurve["X25519"] = "X25519";
+    CoseEllipticCurve["X448"] = "X448";
+    CoseEllipticCurve["Ed25519"] = "Ed25519";
+    CoseEllipticCurve["Ed448"] = "Ed448";
+    CoseEllipticCurve["Secp256k1"] = "Secp256k1";
+})(CoseEllipticCurve = exports.CoseEllipticCurve || (exports.CoseEllipticCurve = {}));
+/**
+ * COSE key type
+ *
+ * @author Spencer Witt
+ */
+var CoseKeyType;
+(function (CoseKeyType) {
+    CoseKeyType["Reserved"] = "0";
+    CoseKeyType["OKP"] = "1";
+    CoseKeyType["EC2"] = "2";
+    CoseKeyType["RSA"] = "3";
+    CoseKeyType["Symmetric"] = "4";
+})(CoseKeyType = exports.CoseKeyType || (exports.CoseKeyType = {}));
 var DeviceType;
 (function (DeviceType) {
     DeviceType["BROWSER"] = "BROWSER";
@@ -5074,6 +5305,7 @@ var MultiFactorLoginPolicy;
 (function (MultiFactorLoginPolicy) {
     MultiFactorLoginPolicy["Disabled"] = "Disabled";
     MultiFactorLoginPolicy["Enabled"] = "Enabled";
+    MultiFactorLoginPolicy["Required"] = "Required";
 })(MultiFactorLoginPolicy = exports.MultiFactorLoginPolicy || (exports.MultiFactorLoginPolicy = {}));
 var OAuthErrorReason;
 (function (OAuthErrorReason) {
@@ -5168,6 +5400,15 @@ var ProofKeyForCodeExchangePolicy;
     ProofKeyForCodeExchangePolicy["NotRequired"] = "NotRequired";
     ProofKeyForCodeExchangePolicy["NotRequiredWhenUsingClientAuthentication"] = "NotRequiredWhenUsingClientAuthentication";
 })(ProofKeyForCodeExchangePolicy = exports.ProofKeyForCodeExchangePolicy || (exports.ProofKeyForCodeExchangePolicy = {}));
+/**
+ * Defines valid credential types. This is an extension point in the WebAuthn spec. The only defined value at this time is "public-key"
+ *
+ * @author Spencer Witt
+ */
+var PublicKeyCredentialType;
+(function (PublicKeyCredentialType) {
+    PublicKeyCredentialType["publicKey"] = "public-key";
+})(PublicKeyCredentialType = exports.PublicKeyCredentialType || (exports.PublicKeyCredentialType = {}));
 /**
  * @author Daniel DeGroff
  */
@@ -5212,6 +5453,18 @@ var RegistrationType;
     RegistrationType["basic"] = "basic";
     RegistrationType["advanced"] = "advanced";
 })(RegistrationType = exports.RegistrationType || (exports.RegistrationType = {}));
+/**
+ * Describes the Relying Party's requirements for <a href="https://www.w3.org/TR/webauthn-2/#client-side-discoverable-credential">client-side
+ * discoverable credentials</a> (formerly known as "resident keys")
+ *
+ * @author Spencer Witt
+ */
+var ResidentKeyRequirement;
+(function (ResidentKeyRequirement) {
+    ResidentKeyRequirement["discouraged"] = "discouraged";
+    ResidentKeyRequirement["preferred"] = "preferred";
+    ResidentKeyRequirement["required"] = "required";
+})(ResidentKeyRequirement = exports.ResidentKeyRequirement || (exports.ResidentKeyRequirement = {}));
 var SAMLLogoutBehavior;
 (function (SAMLLogoutBehavior) {
     SAMLLogoutBehavior["AllParticipants"] = "AllParticipants";
@@ -5305,6 +5558,18 @@ var UserState;
     UserState["AuthenticatedNotVerified"] = "AuthenticatedNotVerified";
     UserState["AuthenticatedRegistrationNotVerified"] = "AuthenticatedRegistrationNotVerified";
 })(UserState = exports.UserState || (exports.UserState = {}));
+/**
+ * Used to express whether the Relying Party requires <a href="https://www.w3.org/TR/webauthn-2/#user-verification">user verification</a> for the
+ * current operation.
+ *
+ * @author Spencer Witt
+ */
+var UserVerificationRequirement;
+(function (UserVerificationRequirement) {
+    UserVerificationRequirement["required"] = "required";
+    UserVerificationRequirement["preferred"] = "preferred";
+    UserVerificationRequirement["discouraged"] = "discouraged";
+})(UserVerificationRequirement = exports.UserVerificationRequirement || (exports.UserVerificationRequirement = {}));
 /**
  * @author Daniel DeGroff
  */
@@ -5313,6 +5578,18 @@ var VerificationStrategy;
     VerificationStrategy["ClickableLink"] = "ClickableLink";
     VerificationStrategy["FormField"] = "FormField";
 })(VerificationStrategy = exports.VerificationStrategy || (exports.VerificationStrategy = {}));
+/**
+ * Identifies the WebAuthn workflow. This will affect the parameters used for credential creation
+ * and request based on the Tenant configuration.
+ *
+ * @author Spencer Witt
+ */
+var WebAuthnWorkflow;
+(function (WebAuthnWorkflow) {
+    WebAuthnWorkflow["bootstrap"] = "bootstrap";
+    WebAuthnWorkflow["general"] = "general";
+    WebAuthnWorkflow["reauthentication"] = "reauthentication";
+})(WebAuthnWorkflow = exports.WebAuthnWorkflow || (exports.WebAuthnWorkflow = {}));
 var XMLSignatureLocation;
 (function (XMLSignatureLocation) {
     XMLSignatureLocation["Assertion"] = "Assertion";