@fusionauth/typescript-client 1.60.0 → 1.62.0

package/build/src/FusionAuthClient.js

@@ -15,7 +15,7 @@
 * language governing permissions and limitations under the License.
 */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.WebhookEventResult = exports.WebhookAttemptResult = exports.WebAuthnWorkflow = exports.VerificationStrategy = exports.UserVerificationRequirement = exports.UserState = exports.UserActionPhase = exports.UnverifiedBehavior = exports.UnknownScopePolicy = exports.TransactionType = exports.TokenType = exports.ThemeType = exports.UniqueUsernameStrategy = exports.SystemTrustedProxyConfigurationPolicy = exports.SteamAPIMode = exports.Sort = exports.SendSetPasswordIdentityType = exports.SecureGeneratorType = exports.SAMLv2DestinationAssertionPolicy = exports.ResidentKeyRequirement = exports.RefreshTokenUsagePolicy = exports.RefreshTokenExpirationPolicy = exports.ReactorFeatureStatus = exports.PublicKeyCredentialType = exports.ProofKeyForCodeExchangePolicy = exports.PasswordlessStrategy = exports.BreachMatchMode = exports.BreachAction = exports.ObjectState = exports.Oauth2AuthorizedURLValidationPolicy = exports.OAuthScopeHandlingPolicy = exports.OAuthScopeConsentMode = exports.OAuthErrorType = exports.OAuthErrorReason = exports.OAuthApplicationRelationship = exports.MultiFactorLoginPolicy = exports.MessengerType = exports.MessageType = exports.LogoutBehavior = exports.LambdaType = exports.LambdaEngineType = exports.LDAPSecurityMethod = exports.KeyUse = exports.KeyType = exports.KeyAlgorithm = exports.IdentityVerifiedReason = exports.IdentityProviderType = exports.ClientAuthenticationMethod = exports.IdentityProviderLoginMethod = exports.IdentityProviderLinkingStrategy = exports.IPAccessControlEntryAction = exports.HTTPMethod = exports.GrantType = exports.FormType = exports.FormFieldAdminPolicy = exports.FormDataType = exports.FormControl = exports.FamilyRole = exports.ExpiryUnit = exports.EventType = exports.EventLogType = exports.EmailSecurityType = exports.DeviceType = exports.CoseKeyType = exports.CoseEllipticCurve = exports.CoseAlgorithmIdentifier = exports.ContentStatus = exports.ConsentStatus = exports.ConnectorType = exports.ClientAuthenticationPolicy = exports.ChangePasswordReason = exports.CaptchaMethod = exports.CanonicalizationMethod = exports.BreachedPasswordStatus = exports.TOTPAlgorithm = exports.AuthenticatorAttachmentPreference = exports.AuthenticatorAttachment = exports.AuthenticationThreats = exports.AttestationType = exports.AttestationConveyancePreference = exports.ApplicationMultiFactorTrustPolicy = exports.XMLSignatureLocation = exports.SAMLLogoutBehavior = exports.RegistrationType = exports.LoginIdType = exports.Algorithm = exports.FusionAuthClient = void 0;
+exports.WebhookEventResult = exports.WebhookAttemptResult = exports.WebAuthnWorkflow = exports.VerificationStrategy = exports.UserVerificationRequirement = exports.UserState = exports.UserActionPhase = exports.UnverifiedBehavior = exports.UnknownScopePolicy = exports.TransactionType = exports.TokenType = exports.ThemeType = exports.UniqueUsernameStrategy = exports.SystemTrustedProxyConfigurationPolicy = exports.SteamAPIMode = exports.Sort = exports.SendSetPasswordIdentityType = exports.SecureGeneratorType = exports.SAMLv2DestinationAssertionPolicy = exports.ResidentKeyRequirement = exports.RefreshTokenUsagePolicy = exports.RefreshTokenExpirationPolicy = exports.ReactorFeatureStatus = exports.PublicKeyCredentialType = exports.ProofKeyForCodeExchangePolicy = exports.PasswordlessStrategy = exports.BreachMatchMode = exports.BreachAction = exports.ObjectState = exports.Oauth2AuthorizedURLValidationPolicy = exports.OAuthScopeHandlingPolicy = exports.OAuthScopeConsentMode = exports.OAuthErrorType = exports.OAuthErrorReason = exports.OAuthApplicationRelationship = exports.MultiFactorLoginPolicy = exports.MultiFactorAction = exports.MessengerType = exports.MessageType = exports.LogoutBehavior = exports.LambdaType = exports.LambdaEngineType = exports.LDAPSecurityMethod = exports.KeyUse = exports.KeyType = exports.KeyAlgorithm = exports.IdentityVerifiedReason = exports.IdentityProviderType = exports.ClientAuthenticationMethod = exports.IdentityProviderLoginMethod = exports.IdentityProviderLinkingStrategy = exports.IPAccessControlEntryAction = exports.HTTPMethod = exports.GrantType = exports.FormType = exports.FormStepType = exports.FormFieldAdminPolicy = exports.FormDataType = exports.FormControl = exports.FamilyRole = exports.ExpiryUnit = exports.ExistingUserStrategy = exports.EventType = exports.EventLogType = exports.EmailSecurityType = exports.DeviceType = exports.CoseKeyType = exports.CoseEllipticCurve = exports.CoseAlgorithmIdentifier = exports.ContentStatus = exports.ConsentStatus = exports.ConnectorType = exports.ClientAuthenticationPolicy = exports.ChangePasswordReason = exports.CaptchaMethod = exports.CanonicalizationMethod = exports.BreachedPasswordStatus = exports.TOTPAlgorithm = exports.AuthenticatorAttachmentPreference = exports.AuthenticatorAttachment = exports.AuthenticationThreats = exports.AttestationType = exports.AttestationConveyancePreference = exports.ApplicationMultiFactorTrustPolicy = exports.XMLSignatureLocation = exports.SAMLLogoutBehavior = exports.RegistrationType = exports.LoginIdType = exports.Algorithm = exports.FusionAuthClient = void 0;
 const DefaultRESTClientBuilder_1 = require("./DefaultRESTClientBuilder");
 const url_1 = require("url");
 class FusionAuthClient {
@@ -109,6 +109,35 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Approve a device grant.
+     *
+     * @param {DeviceApprovalRequest} request The request object containing the device approval information and optional tenantId.
+     * @returns {Promise<ClientResponse<DeviceApprovalResponse>>}
+     */
+    approveDeviceWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.client_secret !== null && request.client_secret !== undefined) {
+            body.append('client_secret', request.client_secret);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId.toString());
+        }
+        if (request.token !== null && request.token !== undefined) {
+            body.append('token', request.token);
+        }
+        if (request.user_code !== null && request.user_code !== undefined) {
+            body.append('user_code', request.user_code);
+        }
+        return this.start()
+            .withUri('/oauth2/device/approve')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Cancels the user action.
      *
@@ -213,6 +242,25 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
+     * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+     * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
+     *
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+     *
+     * @param {string} changePasswordId The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated.
+     * @param {string} ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    checkChangePasswordUsingIdAndIPAddress(changePasswordId, ipAddress) {
+        return this.startAnonymous()
+            .withUri('/api/user/change-password')
+            .withUriSegment(changePasswordId)
+            .withParameter('ipAddress', ipAddress)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
      * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
@@ -230,6 +278,25 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
+     * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+     * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
+     *
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+     *
+     * @param {string} encodedJWT The encoded JWT (access token).
+     * @param {string} ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    checkChangePasswordUsingJWTAndIPAddress(encodedJWT, ipAddress) {
+        return this.startAnonymous()
+            .withUri('/api/user/change-password')
+            .withAuthorization('Bearer ' + encodedJWT)
+            .withParameter('ipAddress', ipAddress)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
      * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
@@ -237,13 +304,72 @@ class FusionAuthClient {
      *
      * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
      *
-     * @param {string} loginId The loginId of the User that you intend to change the password for.
+     * @param {string} loginId The loginId (email or username) of the User that you intend to change the password for.
      * @returns {Promise<ClientResponse<void>>}
      */
     checkChangePasswordUsingLoginId(loginId) {
         return this.start()
             .withUri('/api/user/change-password')
-            .withParameter('username', loginId)
+            .withParameter('loginId', loginId)
+            .withMethod("GET")
+            .go();
+    }
+    /**
+     * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+     * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+     * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+     *
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+     *
+     * @param {string} loginId The loginId (email or username) of the User that you intend to change the password for.
+     * @param {string} ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    checkChangePasswordUsingLoginIdAndIPAddress(loginId, ipAddress) {
+        return this.start()
+            .withUri('/api/user/change-password')
+            .withParameter('loginId', loginId)
+            .withParameter('ipAddress', ipAddress)
+            .withMethod("GET")
+            .go();
+    }
+    /**
+     * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+     * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+     * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+     *
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+     *
+     * @param {string} loginId The loginId of the User that you intend to change the password for.
+     * @param {Array<String>} loginIdTypes The identity types that FusionAuth will compare the loginId to.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    checkChangePasswordUsingLoginIdAndLoginIdTypes(loginId, loginIdTypes) {
+        return this.start()
+            .withUri('/api/user/change-password')
+            .withParameter('loginId', loginId)
+            .withParameter('loginIdTypes', loginIdTypes)
+            .withMethod("GET")
+            .go();
+    }
+    /**
+     * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+     * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+     * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+     *
+     * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+     *
+     * @param {string} loginId The loginId of the User that you intend to change the password for.
+     * @param {Array<String>} loginIdTypes The identity types that FusionAuth will compare the loginId to.
+     * @param {string} ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    checkChangePasswordUsingLoginIdAndLoginIdTypesAndIPAddress(loginId, loginIdTypes, ipAddress) {
+        return this.start()
+            .withUri('/api/user/change-password')
+            .withParameter('loginId', loginId)
+            .withParameter('loginIdTypes', loginIdTypes)
+            .withParameter('ipAddress', ipAddress)
             .withMethod("GET")
             .go();
     }
@@ -269,6 +395,35 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Make a Client Credentials grant request to obtain an access token.
+     *
+     * @param {ClientCredentialsGrantRequest} request The client credentials grant request containing client authentication, scope and optional tenantId.
+     * @returns {Promise<ClientResponse<AccessToken>>}
+     */
+    clientCredentialsGrantWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.client_secret !== null && request.client_secret !== undefined) {
+            body.append('client_secret', request.client_secret);
+        }
+        if (request.grant_type !== null && request.grant_type !== undefined) {
+            body.append('grant_type', request.grant_type);
+        }
+        if (request.scope !== null && request.scope !== undefined) {
+            body.append('scope', request.scope);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId);
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/token')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Adds a comment to the user's account.
      *
@@ -1388,6 +1543,51 @@ class FusionAuthClient {
             .withMethod("DELETE")
             .go();
     }
+    /**
+     * Start the Device Authorization flow using form-encoded parameters
+     *
+     * @param {string} client_id The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate.
+     * @param {string} client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header.
+     * @param {string} scope (Optional) A space-delimited string of the requested scopes. Defaults to all scopes configured in the Application's OAuth configuration.
+     * @returns {Promise<ClientResponse<DeviceResponse>>}
+     */
+    deviceAuthorize(client_id, client_secret, scope) {
+        let body = new url_1.URLSearchParams();
+        body.append('client_id', client_id);
+        body.append('client_secret', client_secret);
+        body.append('scope', scope);
+        return this.startAnonymous()
+            .withUri('/oauth2/device_authorize')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Start the Device Authorization flow using a request body
+     *
+     * @param {DeviceAuthorizationRequest} request The device authorization request containing client authentication, scope, and optional device metadata.
+     * @returns {Promise<ClientResponse<DeviceResponse>>}
+     */
+    deviceAuthorizeWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.client_secret !== null && request.client_secret !== undefined) {
+            body.append('client_secret', request.client_secret);
+        }
+        if (request.scope !== null && request.scope !== undefined) {
+            body.append('scope', request.scope);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId.toString());
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/device_authorize')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Disable two-factor authentication for a user.
      *
@@ -1485,6 +1685,75 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Exchanges an OAuth authorization code and code_verifier for an access token.
+     * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token.
+     *
+     * @param {OAuthCodePKCEAccessTokenRequest} request The PKCE OAuth code access token exchange request.
+     * @returns {Promise<ClientResponse<AccessToken>>}
+     */
+    exchangeOAuthCodeForAccessTokenUsingPKCEWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.client_secret !== null && request.client_secret !== undefined) {
+            body.append('client_secret', request.client_secret);
+        }
+        if (request.code !== null && request.code !== undefined) {
+            body.append('code', request.code);
+        }
+        if (request.code_verifier !== null && request.code_verifier !== undefined) {
+            body.append('code_verifier', request.code_verifier);
+        }
+        if (request.grant_type !== null && request.grant_type !== undefined) {
+            body.append('grant_type', request.grant_type);
+        }
+        if (request.redirect_uri !== null && request.redirect_uri !== undefined) {
+            body.append('redirect_uri', request.redirect_uri);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId.toString());
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/token')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Exchanges an OAuth authorization code for an access token.
+     * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token.
+     *
+     * @param {OAuthCodeAccessTokenRequest} request The OAuth code access token exchange request.
+     * @returns {Promise<ClientResponse<AccessToken>>}
+     */
+    exchangeOAuthCodeForAccessTokenWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.client_secret !== null && request.client_secret !== undefined) {
+            body.append('client_secret', request.client_secret);
+        }
+        if (request.code !== null && request.code !== undefined) {
+            body.append('code', request.code);
+        }
+        if (request.grant_type !== null && request.grant_type !== undefined) {
+            body.append('grant_type', request.grant_type);
+        }
+        if (request.redirect_uri !== null && request.redirect_uri !== undefined) {
+            body.append('redirect_uri', request.redirect_uri);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId);
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/token')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Exchange a Refresh Token for an Access Token.
      * If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token.
@@ -1511,6 +1780,42 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Exchange a Refresh Token for an Access Token.
+     * If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token.
+     *
+     * @param {RefreshTokenAccessTokenRequest} request The refresh token access token exchange request.
+     * @returns {Promise<ClientResponse<AccessToken>>}
+     */
+    exchangeRefreshTokenForAccessTokenWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.client_secret !== null && request.client_secret !== undefined) {
+            body.append('client_secret', request.client_secret);
+        }
+        if (request.grant_type !== null && request.grant_type !== undefined) {
+            body.append('grant_type', request.grant_type);
+        }
+        if (request.refresh_token !== null && request.refresh_token !== undefined) {
+            body.append('refresh_token', request.refresh_token);
+        }
+        if (request.scope !== null && request.scope !== undefined) {
+            body.append('scope', request.scope);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId.toString());
+        }
+        if (request.user_code !== null && request.user_code !== undefined) {
+            body.append('user_code', request.user_code);
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/token')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Exchange a refresh token for a new JWT.
      *
@@ -1552,6 +1857,45 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Exchange User Credentials for a Token.
+     * If you will be using the Resource Owner Password Credential Grant, you will make a request to the Token endpoint to exchange the user’s email and password for an access token.
+     *
+     * @param {UserCredentialsAccessTokenRequest} request The user credentials access token exchange request.
+     * @returns {Promise<ClientResponse<AccessToken>>}
+     */
+    exchangeUserCredentialsForAccessTokenWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.client_secret !== null && request.client_secret !== undefined) {
+            body.append('client_secret', request.client_secret);
+        }
+        if (request.grant_type !== null && request.grant_type !== undefined) {
+            body.append('grant_type', request.grant_type);
+        }
+        if (request.password !== null && request.password !== undefined) {
+            body.append('password', request.password);
+        }
+        if (request.scope !== null && request.scope !== undefined) {
+            body.append('scope', request.scope);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId);
+        }
+        if (request.user_code !== null && request.user_code !== undefined) {
+            body.append('user_code', request.user_code);
+        }
+        if (request.username !== null && request.username !== undefined) {
+            body.append('username', request.username);
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/token')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password.
      *
@@ -1754,6 +2098,29 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Inspect an access token issued as the result of the User based grant such as the Authorization Code Grant, Implicit Grant, the User Credentials Grant or the Refresh Grant.
+     *
+     * @param {AccessTokenIntrospectRequest} request The access token introspection request.
+     * @returns {Promise<ClientResponse<IntrospectResponse>>}
+     */
+    introspectAccessTokenWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId);
+        }
+        if (request.token !== null && request.token !== undefined) {
+            body.append('token', request.token);
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/introspect')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Inspect an access token issued as the result of the Client Credentials Grant.
      *
@@ -1769,6 +2136,26 @@ class FusionAuthClient {
             .withMethod("POST")
             .go();
     }
+    /**
+     * Inspect an access token issued as the result of the Client Credentials Grant.
+     *
+     * @param {ClientCredentialsAccessTokenIntrospectRequest} request The client credentials access token.
+     * @returns {Promise<ClientResponse<IntrospectResponse>>}
+     */
+    introspectClientCredentialsAccessTokenWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId);
+        }
+        if (request.token !== null && request.token !== undefined) {
+            body.append('token', request.token);
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/introspect')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Issue a new access token (JWT) for the requested Application after ensuring the provided JWT is valid. A valid
      * access token is properly signed and not expired.
@@ -3530,6 +3917,19 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieves the totals report. This allows excluding applicationTotals from the report. An empty list will include the applicationTotals.
+     *
+     * @param {Array<String>} excludes List of fields to exclude in the response. Currently only allows applicationTotals.
+     * @returns {Promise<ClientResponse<TotalsReportResponse>>}
+     */
+    retrieveTotalReportWithExcludes(excludes) {
+        return this.start()
+            .withUri('/api/report/totals')
+            .withParameter('excludes', excludes)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Retrieve two-factor recovery codes for a user.
      *
@@ -3563,6 +3963,23 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieve a user's two-factor status.
+     *
+     * This can be used to see if a user will need to complete a two-factor challenge to complete a login,
+     * and optionally identify the state of the two-factor trust across various applications. This operation
+     * provides more payload options than retrieveTwoFactorStatus.
+     *
+     * @param {TwoFactorStatusRequest} request The request object that contains all the information used to check the status.
+     * @returns {Promise<ClientResponse<TwoFactorStatusResponse>>}
+     */
+    retrieveTwoFactorStatusWithRequest(request) {
+        return this.start()
+            .withUri('/api/two-factor/status')
+            .withJSONBody(request)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Retrieves the user for the given Id.
      *
@@ -3670,7 +4087,7 @@ class FusionAuthClient {
      * Retrieves the user for the loginId, using specific loginIdTypes.
      *
      * @param {string} loginId The email or username of the user.
-     * @param {Array<String>} loginIdTypes the identity types that FusionAuth will compare the loginId to.
+     * @param {Array<String>} loginIdTypes The identity types that FusionAuth will compare the loginId to.
      * @returns {Promise<ClientResponse<UserResponse>>}
      */
     retrieveUserByLoginIdWithLoginIdTypes(loginId, loginIdTypes) {
@@ -3748,6 +4165,58 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieve a user_code that is part of an in-progress Device Authorization Grant.
+     *
+     * This API is useful if you want to build your own login workflow to complete a device grant.
+     *
+     * This request will require an API key.
+     *
+     * @param {RetrieveUserCodeUsingAPIKeyRequest} request The user code retrieval request including optional tenantId.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    retrieveUserCodeUsingAPIKeyWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId.toString());
+        }
+        if (request.user_code !== null && request.user_code !== undefined) {
+            body.append('user_code', request.user_code);
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/device/user-code')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
+    /**
+     * Retrieve a user_code that is part of an in-progress Device Authorization Grant.
+     *
+     * This API is useful if you want to build your own login workflow to complete a device grant.
+     *
+     * @param {RetrieveUserCodeRequest} request The user code retrieval request.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    retrieveUserCodeWithRequest(request) {
+        let body = new url_1.URLSearchParams();
+        if (request.client_id !== null && request.client_id !== undefined) {
+            body.append('client_id', request.client_id);
+        }
+        if (request.client_secret !== null && request.client_secret !== undefined) {
+            body.append('client_secret', request.client_secret);
+        }
+        if (request.tenantId !== null && request.tenantId !== undefined) {
+            body.append('tenantId', request.tenantId.toString());
+        }
+        if (request.user_code !== null && request.user_code !== undefined) {
+            body.append('user_code', request.user_code);
+        }
+        return this.startAnonymous()
+            .withUri('/oauth2/device/user-code')
+            .withFormData(body)
+            .withMethod("POST")
+            .go();
+    }
     /**
      * Retrieves all the comments for the user with the given Id.
      *
@@ -3880,7 +4349,7 @@ class FusionAuthClient {
      * @param {string} loginId The userId id.
      * @param {number} start The start instant as UTC milliseconds since Epoch.
      * @param {number} end The end instant as UTC milliseconds since Epoch.
-     * @param {Array<String>} loginIdTypes the identity types that FusionAuth will compare the loginId to.
+     * @param {Array<String>} loginIdTypes The identity types that FusionAuth will compare the loginId to.
      * @returns {Promise<ClientResponse<LoginReportResponse>>}
      */
     retrieveUserLoginReportByLoginIdAndLoginIdTypes(applicationId, loginId, start, end, loginIdTypes) {
@@ -5189,6 +5658,22 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Validates the end-user provided user_code from the user-interaction of the Device Authorization Grant.
+     * If you build your own activation form you should validate the user provided code prior to beginning the Authorization grant.
+     *
+     * @param {ValidateDeviceRequest} request The device validation request.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    validateDeviceWithRequest(request) {
+        return this.startAnonymous()
+            .withUri('/oauth2/device/validate')
+            .withParameter('client_id', request.client_id)
+            .withParameter('tenantId', request.tenantId != null ? request.tenantId.toString() : null)
+            .withParameter('user_code', request.user_code)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Validates the provided JWT (encoded JWT string) to ensure the token is valid. A valid access token is properly
      * signed and not expired.
@@ -5683,6 +6168,14 @@ var EventType;
     EventType["UserIdentityVerified"] = "user.identity.verified";
     EventType["UserIdentityUpdate"] = "user.identity.update";
 })(EventType = exports.EventType || (exports.EventType = {}));
+/**
+ * Represent the various states/expectations of a user in the context of starting verification
+ */
+var ExistingUserStrategy;
+(function (ExistingUserStrategy) {
+    ExistingUserStrategy["mustExist"] = "mustExist";
+    ExistingUserStrategy["mustNotExist"] = "mustNotExist";
+})(ExistingUserStrategy = exports.ExistingUserStrategy || (exports.ExistingUserStrategy = {}));
 /**
  * @author Brian Pontarelli
  */
@@ -5735,6 +6228,15 @@ var FormFieldAdminPolicy;
     FormFieldAdminPolicy["Edit"] = "Edit";
     FormFieldAdminPolicy["View"] = "View";
 })(FormFieldAdminPolicy = exports.FormFieldAdminPolicy || (exports.FormFieldAdminPolicy = {}));
+/**
+ * Denotes the type of form step. This is used to configure different behavior on form steps in the registration flow.
+ */
+var FormStepType;
+(function (FormStepType) {
+    FormStepType["collectData"] = "collectData";
+    FormStepType["verifyEmail"] = "verifyEmail";
+    FormStepType["verifyPhoneNumber"] = "verifyPhoneNumber";
+})(FormStepType = exports.FormStepType || (exports.FormStepType = {}));
 /**
  * @author Daniel DeGroff
  */
@@ -5866,12 +6368,14 @@ var KeyAlgorithm;
     KeyAlgorithm["RS256"] = "RS256";
     KeyAlgorithm["RS384"] = "RS384";
     KeyAlgorithm["RS512"] = "RS512";
+    KeyAlgorithm["Ed25519"] = "Ed25519";
 })(KeyAlgorithm = exports.KeyAlgorithm || (exports.KeyAlgorithm = {}));
 var KeyType;
 (function (KeyType) {
     KeyType["EC"] = "EC";
     KeyType["RSA"] = "RSA";
     KeyType["HMAC"] = "HMAC";
+    KeyType["OKP"] = "OKP";
 })(KeyType = exports.KeyType || (exports.KeyType = {}));
 /**
  * The use type of a key.
@@ -5931,6 +6435,7 @@ var LambdaType;
     LambdaType["SelfServiceRegistrationValidation"] = "SelfServiceRegistrationValidation";
     LambdaType["UserInfoPopulate"] = "UserInfoPopulate";
     LambdaType["LoginValidation"] = "LoginValidation";
+    LambdaType["MFARequirement"] = "MFARequirement";
 })(LambdaType = exports.LambdaType || (exports.LambdaType = {}));
 /**
  * @author Matthew Altman
@@ -5956,6 +6461,15 @@ var MessengerType;
     MessengerType["Kafka"] = "Kafka";
     MessengerType["Twilio"] = "Twilio";
 })(MessengerType = exports.MessengerType || (exports.MessengerType = {}));
+/**
+ * Communicate various actions/contexts in which multi-factor authentication can be used.
+ */
+var MultiFactorAction;
+(function (MultiFactorAction) {
+    MultiFactorAction["changePassword"] = "changePassword";
+    MultiFactorAction["login"] = "login";
+    MultiFactorAction["stepUp"] = "stepUp";
+})(MultiFactorAction = exports.MultiFactorAction || (exports.MultiFactorAction = {}));
 /**
  * @author Daniel DeGroff
  */