@fusionauth/typescript-client 1.48.0 → 1.50.0

package/build/src/FusionAuthClient.js

@@ -15,7 +15,7 @@
 * language governing permissions and limitations under the License.
 */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.IdentityProviderLoginMethod = exports.ClientAuthenticationMethod = exports.OAuthErrorReason = exports.WebAuthnWorkflow = exports.Oauth2AuthorizedURLValidationPolicy = exports.LogoutBehavior = exports.RateLimitedRequestType = exports.CanonicalizationMethod = exports.SecureGeneratorType = exports.VerificationStrategy = exports.UniqueUsernameStrategy = exports.LDAPSecurityMethod = exports.TOTPAlgorithm = exports.EventType = exports.IdentityProviderType = exports.MessengerType = exports.ExpiryUnit = exports.EmailSecurityType = exports.ChangePasswordReason = exports.SteamAPIMode = exports.UserVerificationRequirement = exports.TransactionType = exports.FamilyRole = exports.KeyUse = exports.Algorithm = exports.EventLogType = exports.BreachAction = exports.IdentityProviderLinkingStrategy = exports.SAMLLogoutBehavior = exports.Sort = exports.OAuthErrorType = exports.LambdaEngineType = exports.UserActionPhase = exports.UnverifiedBehavior = exports.RefreshTokenExpirationPolicy = exports.RegistrationType = exports.LoginIdType = exports.CoseEllipticCurve = exports.AuthenticatorAttachment = exports.MultiFactorLoginPolicy = exports.ConnectorType = exports.KeyType = exports.AttestationType = exports.FormType = exports.KeyAlgorithm = exports.CaptchaMethod = exports.DeviceType = exports.RefreshTokenUsagePolicy = exports.ClientAuthenticationPolicy = exports.ResidentKeyRequirement = exports.AuthenticationThreats = exports.ObjectState = exports.AttestationConveyancePreference = exports.LambdaType = exports.CoseAlgorithmIdentifier = exports.HTTPMethod = exports.FormFieldAdminPolicy = exports.PublicKeyCredentialType = exports.SAMLv2DestinationAssertionPolicy = exports.CoseKeyType = exports.BreachMatchMode = exports.FormControl = exports.ContentStatus = exports.MessageType = exports.IPAccessControlEntryAction = exports.AuthenticatorAttachmentPreference = exports.XMLSignatureLocation = exports.TokenType = exports.ProofKeyForCodeExchangePolicy = exports.ReactorFeatureStatus = exports.GrantType = exports.UserState = exports.ApplicationMultiFactorTrustPolicy = exports.ConsentStatus = exports.BreachedPasswordStatus = exports.FormDataType = exports.FusionAuthClient = void 0;
+exports.IdentityProviderLoginMethod = exports.OAuthScopeConsentMode = exports.ClientAuthenticationMethod = exports.OAuthErrorReason = exports.UnknownScopePolicy = exports.WebAuthnWorkflow = exports.Oauth2AuthorizedURLValidationPolicy = exports.LogoutBehavior = exports.OAuthScopeHandlingPolicy = exports.RateLimitedRequestType = exports.CanonicalizationMethod = exports.SecureGeneratorType = exports.VerificationStrategy = exports.UniqueUsernameStrategy = exports.LDAPSecurityMethod = exports.TOTPAlgorithm = exports.EventType = exports.SystemTrustedProxyConfigurationPolicy = exports.IdentityProviderType = exports.MessengerType = exports.ExpiryUnit = exports.EmailSecurityType = exports.ChangePasswordReason = exports.SteamAPIMode = exports.UserVerificationRequirement = exports.TransactionType = exports.FamilyRole = exports.KeyUse = exports.Algorithm = exports.EventLogType = exports.BreachAction = exports.IdentityProviderLinkingStrategy = exports.SAMLLogoutBehavior = exports.Sort = exports.OAuthErrorType = exports.LambdaEngineType = exports.UserActionPhase = exports.UnverifiedBehavior = exports.RefreshTokenExpirationPolicy = exports.RegistrationType = exports.LoginIdType = exports.CoseEllipticCurve = exports.AuthenticatorAttachment = exports.MultiFactorLoginPolicy = exports.ConnectorType = exports.KeyType = exports.AttestationType = exports.FormType = exports.KeyAlgorithm = exports.CaptchaMethod = exports.DeviceType = exports.RefreshTokenUsagePolicy = exports.ClientAuthenticationPolicy = exports.ResidentKeyRequirement = exports.AuthenticationThreats = exports.ObjectState = exports.AttestationConveyancePreference = exports.LambdaType = exports.CoseAlgorithmIdentifier = exports.HTTPMethod = exports.FormFieldAdminPolicy = exports.PublicKeyCredentialType = exports.SAMLv2DestinationAssertionPolicy = exports.CoseKeyType = exports.BreachMatchMode = exports.FormControl = exports.ContentStatus = exports.MessageType = exports.IPAccessControlEntryAction = exports.AuthenticatorAttachmentPreference = exports.XMLSignatureLocation = exports.TokenType = exports.ProofKeyForCodeExchangePolicy = exports.ReactorFeatureStatus = exports.OAuthApplicationRelationship = exports.GrantType = exports.UserState = exports.ApplicationMultiFactorTrustPolicy = exports.ConsentStatus = exports.BreachedPasswordStatus = exports.FormDataType = exports.FusionAuthClient = void 0;
 const DefaultRESTClientBuilder_1 = require("./DefaultRESTClientBuilder");
 const url_1 = require("url");
 class FusionAuthClient {
@@ -50,7 +50,7 @@ class FusionAuthClient {
      * "actioner". Both user ids are required in the request object.
      *
      * @param {ActionRequest} request The action request that includes all the information about the action being taken including
-     *    the id of the action, any options and the duration (if applicable).
+     *    the Id of the action, any options and the duration (if applicable).
      * @returns {Promise<ClientResponse<ActionResponse>>}
      */
     actionUser(request) {
@@ -61,7 +61,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Activates the FusionAuth Reactor using a license id and optionally a license text (for air-gapped deployments)
+     * Activates the FusionAuth Reactor using a license Id and optionally a license text (for air-gapped deployments)
      *
      * @param {ReactorRequest} request An optional request that contains the license text to activate Reactor (useful for air-gap deployments of FusionAuth).
      * @returns {Promise<ClientResponse<void>>}
@@ -74,9 +74,9 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Adds a user to an existing family. The family id must be specified.
+     * Adds a user to an existing family. The family Id must be specified.
      *
-     * @param {UUID} familyId The id of the family.
+     * @param {UUID} familyId The Id of the family.
      * @param {FamilyRequest} request The request object that contains all the information used to determine which user to add to the family.
      * @returns {Promise<ClientResponse<FamilyResponse>>}
      */
@@ -112,7 +112,7 @@ class FusionAuthClient {
     /**
      * Cancels the user action.
      *
-     * @param {UUID} actionId The action id of the action to cancel.
+     * @param {UUID} actionId The action Id of the action to cancel.
      * @param {ActionRequest} request The action request that contains the information about the cancellation.
      * @returns {Promise<ClientResponse<ActionResponse>>}
      */
@@ -144,7 +144,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Changes a user's password using their identity (login id and password). Using a loginId instead of the changePasswordId
+     * Changes a user's password using their identity (loginId and password). Using a loginId instead of the changePasswordId
      * bypasses the email verification and allows a password to be changed directly without first calling the #forgotPassword
      * method.
      *
@@ -235,7 +235,7 @@ class FusionAuthClient {
      * Adds a comment to the user's account.
      *
      * @param {UserCommentRequest} request The request object that contains all the information used to create the user comment.
-     * @returns {Promise<ClientResponse<void>>}
+     * @returns {Promise<ClientResponse<UserCommentResponse>>}
      */
     commentOnUser(request) {
         return this.start()
@@ -318,7 +318,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Creates a new role for an application. You must specify the id of the application you are creating the role for.
+     * Creates a new role for an application. You must specify the Id of the application you are creating the role for.
      * You can optionally specify an Id for the role inside the ApplicationRole object itself, if not provided one will be generated.
      *
      * @param {UUID} applicationId The Id of the application to create the role on.
@@ -427,7 +427,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Creates a new permission for an entity type. You must specify the id of the entity type you are creating the permission for.
+     * Creates a new permission for an entity type. You must specify the Id of the entity type you are creating the permission for.
      * You can optionally specify an Id for the permission inside the EntityTypePermission object itself, if not provided one will be generated.
      *
      * @param {UUID} entityTypeId The Id of the entity type to create the permission on.
@@ -446,10 +446,10 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Creates a family with the user id in the request as the owner and sole member of the family. You can optionally specify an id for the
+     * Creates a family with the user Id in the request as the owner and sole member of the family. You can optionally specify an Id for the
      * family, if not provided one will be generated.
      *
-     * @param {UUID} familyId (Optional) The id for the family. If not provided a secure random UUID will be generated.
+     * @param {UUID} familyId (Optional) The Id for the family. If not provided a secure random UUID will be generated.
      * @param {FamilyRequest} request The request object that contains all the information used to create the family.
      * @returns {Promise<ClientResponse<FamilyResponse>>}
      */
@@ -594,6 +594,25 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Creates a new custom OAuth scope for an application. You must specify the Id of the application you are creating the scope for.
+     * You can optionally specify an Id for the OAuth scope on the URL, if not provided one will be generated.
+     *
+     * @param {UUID} applicationId The Id of the application to create the OAuth scope on.
+     * @param {UUID} scopeId (Optional) The Id of the OAuth scope. If not provided a secure random UUID will be generated.
+     * @param {ApplicationOAuthScopeRequest} request The request object that contains all the information used to create the OAuth OAuth scope.
+     * @returns {Promise<ClientResponse<ApplicationOAuthScopeResponse>>}
+     */
+    createOAuthScope(applicationId, scopeId, request) {
+        return this.start()
+            .withUri('/api/application')
+            .withUriSegment(applicationId)
+            .withUriSegment("scope")
+            .withUriSegment(scopeId)
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Creates a tenant. You can optionally specify an Id for the tenant, if not provided one will be generated.
      *
@@ -830,7 +849,7 @@ class FusionAuthClient {
      * Hard deletes an application role. This is a dangerous operation and should not be used in most circumstances. This
      * permanently removes the given role from all users that had it.
      *
-     * @param {UUID} applicationId The Id of the application to deactivate.
+     * @param {UUID} applicationId The Id of the application that the role belongs to.
      * @param {UUID} roleId The Id of the role to delete.
      * @returns {Promise<ClientResponse<void>>}
      */
@@ -1073,6 +1092,23 @@ class FusionAuthClient {
             .withMethod("DELETE")
             .go();
     }
+    /**
+     * Hard deletes a custom OAuth scope.
+     * OAuth workflows that are still requesting the deleted OAuth scope may fail depending on the application's unknown scope policy.
+     *
+     * @param {UUID} applicationId The Id of the application that the OAuth scope belongs to.
+     * @param {UUID} scopeId The Id of the OAuth scope to delete.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteOAuthScope(applicationId, scopeId) {
+        return this.start()
+            .withUri('/api/application')
+            .withUriSegment(applicationId)
+            .withUriSegment("scope")
+            .withUriSegment(scopeId)
+            .withMethod("DELETE")
+            .go();
+    }
     /**
      * Deletes the user registration for the given user and application.
      *
@@ -1865,7 +1901,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Updates, via PATCH, the application role with the given id for the application.
+     * Updates, via PATCH, the application role with the given Id for the application.
      *
      * @param {UUID} applicationId The Id of the application that the role belongs to.
      * @param {UUID} roleId The Id of the role to update.
@@ -2031,7 +2067,25 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Updates, via PATCH, the registration for the user with the given id and the application defined in the request.
+     * Updates, via PATCH, the custom OAuth scope with the given Id for the application.
+     *
+     * @param {UUID} applicationId The Id of the application that the OAuth scope belongs to.
+     * @param {UUID} scopeId The Id of the OAuth scope to update.
+     * @param {ApplicationOAuthScopeRequest} request The request that contains just the new OAuth scope information.
+     * @returns {Promise<ClientResponse<ApplicationOAuthScopeResponse>>}
+     */
+    patchOAuthScope(applicationId, scopeId, request) {
+        return this.start()
+            .withUri('/api/application')
+            .withUriSegment(applicationId)
+            .withUriSegment("scope")
+            .withUriSegment(scopeId)
+            .withJSONBody(request)
+            .withMethod("PATCH")
+            .go();
+    }
+    /**
+     * Updates, via PATCH, the registration for the user with the given Id and the application defined in the request.
      *
      * @param {UUID} userId The Id of the user whose registration is going to be updated.
      * @param {RegistrationRequest} request The request that contains just the new registration information.
@@ -2246,7 +2300,7 @@ class FusionAuthClient {
      * Registers a user for an application. If you provide the User and the UserRegistration object on this request, it
      * will create the user as well as register them for the application. This is called a Full Registration. However, if
      * you only provide the UserRegistration object, then the user must already exist and they will be registered for the
-     * application. The user id can also be provided and it will either be used to look up an existing user or it will be
+     * application. The user Id can also be provided and it will either be used to look up an existing user or it will be
      * used for the newly created User.
      *
      * @param {UUID} userId (Optional) The Id of the user being registered for the application and optionally created.
@@ -2281,8 +2335,8 @@ class FusionAuthClient {
     /**
      * Removes a user from the family with the given id.
      *
-     * @param {UUID} familyId The id of the family to remove the user from.
-     * @param {UUID} userId The id of the user to remove from the family.
+     * @param {UUID} familyId The Id of the family to remove the user from.
+     * @param {UUID} userId The Id of the user to remove from the family.
      * @returns {Promise<ClientResponse<void>>}
      */
     removeUserFromFamily(familyId, userId) {
@@ -2407,7 +2461,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves the application for the given id or all the applications if the id is null.
+     * Retrieves the application for the given Id or all the applications if the Id is null.
      *
      * @param {UUID} applicationId (Optional) The application id.
      * @returns {Promise<ClientResponse<ApplicationResponse>>}
@@ -2728,7 +2782,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves the identity provider for the given id or all the identity providers if the id is null.
+     * Retrieves the identity provider for the given Id or all the identity providers if the Id is null.
      *
      * @param {UUID} identityProviderId The identity provider Id.
      * @returns {Promise<ClientResponse<IdentityProviderResponse>>}
@@ -3022,6 +3076,22 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieves a custom OAuth scope.
+     *
+     * @param {UUID} applicationId The Id of the application that the OAuth scope belongs to.
+     * @param {UUID} scopeId The Id of the OAuth scope to retrieve.
+     * @returns {Promise<ClientResponse<ApplicationOAuthScopeResponse>>}
+     */
+    retrieveOAuthScope(applicationId, scopeId) {
+        return this.start()
+            .withUri('/api/application')
+            .withUriSegment(applicationId)
+            .withUriSegment("scope")
+            .withUriSegment(scopeId)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Retrieves the Oauth2 configuration for the application for the given Application Id.
      *
@@ -3168,7 +3238,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves the user registration for the user with the given id and the given application id.
+     * Retrieves the user registration for the user with the given Id and the given application id.
      *
      * @param {UUID} userId The Id of the user.
      * @param {UUID} applicationId The Id of the application.
@@ -3728,8 +3798,8 @@ class FusionAuthClient {
      *  - revokeRefreshTokensByUserIdForApplication
      *
      * @param {string} token (Optional) The refresh token to delete.
-     * @param {UUID} userId (Optional) The user id whose tokens to delete.
-     * @param {UUID} applicationId (Optional) The application id of the tokens to delete.
+     * @param {UUID} userId (Optional) The user Id whose tokens to delete.
+     * @param {UUID} applicationId (Optional) The application Id of the tokens to delete.
      * @returns {Promise<ClientResponse<void>>}
      */
     revokeRefreshToken(token, userId, applicationId) {
@@ -3901,7 +3971,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves the entities for the given ids. If any id is invalid, it is ignored.
+     * Retrieves the entities for the given ids. If any Id is invalid, it is ignored.
      *
      * @param {Array<string>} ids The entity ids to search for.
      * @returns {Promise<ClientResponse<EntitySearchResponse>>}
@@ -4083,7 +4153,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves the users for the given ids. If any id is invalid, it is ignored.
+     * Retrieves the users for the given ids. If any Id is invalid, it is ignored.
      *
      * @param {Array<string>} ids The user ids to search for.
      * @returns {Promise<ClientResponse<SearchResponse>>}
@@ -4098,7 +4168,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves the users for the given ids. If any id is invalid, it is ignored.
+     * Retrieves the users for the given ids. If any Id is invalid, it is ignored.
      *
      * @param {Array<string>} ids The user ids to search for.
      * @returns {Promise<ClientResponse<SearchResponse>>}
@@ -4157,7 +4227,7 @@ class FusionAuthClient {
      * Send an email using an email template id. You can optionally provide <code>requestData</code> to access key value
      * pairs in the email template.
      *
-     * @param {UUID} emailTemplateId The id for the template.
+     * @param {UUID} emailTemplateId The Id for the template.
      * @param {SendRequest} request The send email request that contains all the information used to send the email.
      * @returns {Promise<ClientResponse<SendResponse>>}
      */
@@ -4370,7 +4440,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Updates the application role with the given id for the application.
+     * Updates the application role with the given Id for the application.
      *
      * @param {UUID} applicationId The Id of the application that the role belongs to.
      * @param {UUID} roleId The Id of the role to update.
@@ -4463,7 +4533,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Updates the permission with the given id for the entity type.
+     * Updates the permission with the given Id for the entity type.
      *
      * @param {UUID} entityTypeId The Id of the entityType that the permission belongs to.
      * @param {UUID} permissionId The Id of the permission to update.
@@ -4642,7 +4712,25 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Updates the registration for the user with the given id and the application defined in the request.
+     * Updates the OAuth scope with the given Id for the application.
+     *
+     * @param {UUID} applicationId The Id of the application that the OAuth scope belongs to.
+     * @param {UUID} scopeId The Id of the OAuth scope to update.
+     * @param {ApplicationOAuthScopeRequest} request The request that contains all the new OAuth scope information.
+     * @returns {Promise<ClientResponse<ApplicationOAuthScopeResponse>>}
+     */
+    updateOAuthScope(applicationId, scopeId, request) {
+        return this.start()
+            .withUri('/api/application')
+            .withUriSegment(applicationId)
+            .withUriSegment("scope")
+            .withUriSegment(scopeId)
+            .withJSONBody(request)
+            .withMethod("PUT")
+            .go();
+    }
+    /**
+     * Updates the registration for the user with the given Id and the application defined in the request.
      *
      * @param {UUID} userId The Id of the user whose registration is going to be updated.
      * @param {RegistrationRequest} request The request that contains all the new registration information.
@@ -4846,7 +4934,7 @@ class FusionAuthClient {
     /**
      * Confirms a email verification. The Id given is usually from an email sent to the user.
      *
-     * @param {string} verificationId The email verification id sent to the user.
+     * @param {string} verificationId The email verification Id sent to the user.
      * @returns {Promise<ClientResponse<void>>}
      *
      * @deprecated This method has been renamed to verifyEmailAddress and changed to take a JSON request body, use that method instead.
@@ -5023,6 +5111,17 @@ var GrantType;
     GrantType["unknown"] = "unknown";
     GrantType["device_code"] = "urn:ietf:params:oauth:grant-type:device_code";
 })(GrantType = exports.GrantType || (exports.GrantType = {}));
+/**
+ * The application's relationship to the authorization server. First-party applications will be granted implicit permission for requested scopes.
+ * Third-party applications will use the {@link OAuthScopeConsentMode} policy.
+ *
+ * @author Spencer Witt
+ */
+var OAuthApplicationRelationship;
+(function (OAuthApplicationRelationship) {
+    OAuthApplicationRelationship["FirstParty"] = "FirstParty";
+    OAuthApplicationRelationship["ThirdParty"] = "ThirdParty";
+})(OAuthApplicationRelationship = exports.OAuthApplicationRelationship || (exports.OAuthApplicationRelationship = {}));
 /**
  * @author Brian Pontarelli
  */
@@ -5221,6 +5320,7 @@ var LambdaType;
     LambdaType["SCIMServerUserRequestConverter"] = "SCIMServerUserRequestConverter";
     LambdaType["SCIMServerUserResponseConverter"] = "SCIMServerUserResponseConverter";
     LambdaType["SelfServiceRegistrationValidation"] = "SelfServiceRegistrationValidation";
+    LambdaType["UserInfoPopulate"] = "UserInfoPopulate";
 })(LambdaType = exports.LambdaType || (exports.LambdaType = {}));
 /**
  * Used to communicate whether and how authenticator attestation should be delivered to the Relying Party
@@ -5447,6 +5547,7 @@ var OAuthErrorType;
     OAuthErrorType["server_error"] = "server_error";
     OAuthErrorType["unsupported_grant_type"] = "unsupported_grant_type";
     OAuthErrorType["unsupported_response_type"] = "unsupported_response_type";
+    OAuthErrorType["access_denied"] = "access_denied";
     OAuthErrorType["change_password_required"] = "change_password_required";
     OAuthErrorType["not_licensed"] = "not_licensed";
     OAuthErrorType["two_factor_required"] = "two_factor_required";
@@ -5633,6 +5734,14 @@ var IdentityProviderType;
     IdentityProviderType["Twitter"] = "Twitter";
     IdentityProviderType["Xbox"] = "Xbox";
 })(IdentityProviderType = exports.IdentityProviderType || (exports.IdentityProviderType = {}));
+/**
+ * @author Daniel DeGroff
+ */
+var SystemTrustedProxyConfigurationPolicy;
+(function (SystemTrustedProxyConfigurationPolicy) {
+    SystemTrustedProxyConfigurationPolicy["All"] = "All";
+    SystemTrustedProxyConfigurationPolicy["OnlyConfigured"] = "OnlyConfigured";
+})(SystemTrustedProxyConfigurationPolicy = exports.SystemTrustedProxyConfigurationPolicy || (exports.SystemTrustedProxyConfigurationPolicy = {}));
 /**
  * Models the event types that FusionAuth produces.
  *
@@ -5753,6 +5862,17 @@ var RateLimitedRequestType;
     RateLimitedRequestType["SendRegistrationVerification"] = "SendRegistrationVerification";
     RateLimitedRequestType["SendTwoFactor"] = "SendTwoFactor";
 })(RateLimitedRequestType = exports.RateLimitedRequestType || (exports.RateLimitedRequestType = {}));
+/**
+ * Controls the policy for whether OAuth workflows will more strictly adhere to the OAuth and OIDC specification
+ * or run in backwards compatibility mode.
+ *
+ * @author David Charles
+ */
+var OAuthScopeHandlingPolicy;
+(function (OAuthScopeHandlingPolicy) {
+    OAuthScopeHandlingPolicy["Compatibility"] = "Compatibility";
+    OAuthScopeHandlingPolicy["Strict"] = "Strict";
+})(OAuthScopeHandlingPolicy = exports.OAuthScopeHandlingPolicy || (exports.OAuthScopeHandlingPolicy = {}));
 /**
  * @author Matthew Altman
  */
@@ -5781,6 +5901,17 @@ var WebAuthnWorkflow;
     WebAuthnWorkflow["general"] = "general";
     WebAuthnWorkflow["reauthentication"] = "reauthentication";
 })(WebAuthnWorkflow = exports.WebAuthnWorkflow || (exports.WebAuthnWorkflow = {}));
+/**
+ * Policy for handling unknown OAuth scopes in the request
+ *
+ * @author Spencer Witt
+ */
+var UnknownScopePolicy;
+(function (UnknownScopePolicy) {
+    UnknownScopePolicy["Allow"] = "Allow";
+    UnknownScopePolicy["Remove"] = "Remove";
+    UnknownScopePolicy["Reject"] = "Reject";
+})(UnknownScopePolicy = exports.UnknownScopePolicy || (exports.UnknownScopePolicy = {}));
 var OAuthErrorReason;
 (function (OAuthErrorReason) {
     OAuthErrorReason["auth_code_not_found"] = "auth_code_not_found";
@@ -5789,6 +5920,7 @@ var OAuthErrorReason;
     OAuthErrorReason["access_token_unavailable_for_processing"] = "access_token_unavailable_for_processing";
     OAuthErrorReason["access_token_failed_processing"] = "access_token_failed_processing";
     OAuthErrorReason["access_token_invalid"] = "access_token_invalid";
+    OAuthErrorReason["access_token_required"] = "access_token_required";
     OAuthErrorReason["refresh_token_not_found"] = "refresh_token_not_found";
     OAuthErrorReason["refresh_token_type_not_supported"] = "refresh_token_type_not_supported";
     OAuthErrorReason["invalid_client_id"] = "invalid_client_id";
@@ -5840,6 +5972,9 @@ var OAuthErrorReason;
     OAuthErrorReason["change_password_expired"] = "change_password_expired";
     OAuthErrorReason["change_password_validation"] = "change_password_validation";
     OAuthErrorReason["unknown"] = "unknown";
+    OAuthErrorReason["missing_required_scope"] = "missing_required_scope";
+    OAuthErrorReason["unknown_scope"] = "unknown_scope";
+    OAuthErrorReason["consent_canceled"] = "consent_canceled";
 })(OAuthErrorReason = exports.OAuthErrorReason || (exports.OAuthErrorReason = {}));
 var ClientAuthenticationMethod;
 (function (ClientAuthenticationMethod) {
@@ -5847,6 +5982,18 @@ var ClientAuthenticationMethod;
     ClientAuthenticationMethod["client_secret_basic"] = "client_secret_basic";
     ClientAuthenticationMethod["client_secret_post"] = "client_secret_post";
 })(ClientAuthenticationMethod = exports.ClientAuthenticationMethod || (exports.ClientAuthenticationMethod = {}));
+/**
+ * Controls the policy for requesting user permission to grant access to requested scopes during an OAuth workflow
+ * for a third-party application.
+ *
+ * @author Spencer Witt
+ */
+var OAuthScopeConsentMode;
+(function (OAuthScopeConsentMode) {
+    OAuthScopeConsentMode["AlwaysPrompt"] = "AlwaysPrompt";
+    OAuthScopeConsentMode["RememberDecision"] = "RememberDecision";
+    OAuthScopeConsentMode["NeverPrompt"] = "NeverPrompt";
+})(OAuthScopeConsentMode = exports.OAuthScopeConsentMode || (exports.OAuthScopeConsentMode = {}));
 /**
  * @author Brett Pontarelli
  */