@fusionauth/typescript-client 1.62.0 → 1.63.0

package/build/src/FusionAuthClient.d.ts

@@ -829,6 +829,13 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<void>>}
      */
     deleteWebAuthnCredential(id: UUID): Promise<ClientResponse<void>>;
+    /**
+     * Deletes all of the WebAuthn credentials for the given User Id.
+     *
+     * @param {UUID} userId The unique Id of the User to delete WebAuthn passkeys for.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteWebAuthnCredentialsForUser(userId: UUID): Promise<ClientResponse<void>>;
     /**
      * Deletes the webhook for the given Id.
      *
@@ -1173,13 +1180,23 @@ export declare class FusionAuthClient {
      */
     logoutWithRequest(request: LogoutRequest): Promise<ClientResponse<void>>;
     /**
-     * Retrieves the identity provider for the given domain. A 200 response code indicates the domain is managed
+     * Retrieves any global identity providers for the given domain. A 200 response code indicates the domain is managed
      * by a registered identity provider. A 404 indicates the domain is not managed.
      *
      * @param {string} domain The domain or email address to lookup.
      * @returns {Promise<ClientResponse<LookupResponse>>}
      */
     lookupIdentityProvider(domain: string): Promise<ClientResponse<LookupResponse>>;
+    /**
+     * Retrieves the identity provider for the given domain and tenantId. A 200 response code indicates the domain is managed
+     * by a registered identity provider. A 404 indicates the domain is not managed.
+     *
+     * @param {string} domain The domain or email address to lookup.
+     * @param {UUID} tenantId If provided, the API searches for an identity provider scoped to the corresponding tenant that manages the requested domain.
+     *    If no result is found, the API then searches for global identity providers.
+     * @returns {Promise<ClientResponse<LookupResponse>>}
+     */
+    lookupIdentityProviderByTenantId(domain: string, tenantId: UUID): Promise<ClientResponse<LookupResponse>>;
     /**
      * Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the
      * action.
@@ -2316,13 +2333,6 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<RecentLoginResponse>>}
      */
     retrieveUserRecentLogins(userId: UUID, offset: number, limit: number): Promise<ClientResponse<RecentLoginResponse>>;
-    /**
-     * Retrieves the user for the given Id. This method does not use an API key, instead it uses a JSON Web Token (JWT) for authentication.
-     *
-     * @param {string} encodedJWT The encoded JWT (access token).
-     * @returns {Promise<ClientResponse<UserResponse>>}
-     */
-    retrieveUserUsingJWT(encodedJWT: string): Promise<ClientResponse<UserResponse>>;
     /**
      * Retrieves the FusionAuth version string.
      *
@@ -4123,6 +4133,7 @@ export interface Context {
     action?: MultiFactorAction;
     application?: Application;
     authenticationThreats?: Array<AuthenticationThreats>;
+    authenticationType?: string;
     eventInfo?: EventInfo;
     mfaTrust?: Trust;
     policies?: Policies;
@@ -6758,7 +6769,8 @@ export declare enum OAuthErrorType {
     two_factor_required = "two_factor_required",
     authorization_pending = "authorization_pending",
     expired_token = "expired_token",
-    unsupported_token_type = "unsupported_token_type"
+    unsupported_token_type = "unsupported_token_type",
+    invalid_dpop_proof = "invalid_dpop_proof"
 }
 /**
  * @author Daniel DeGroff
@@ -6819,6 +6831,7 @@ export interface OpenIdConfiguration {
     backchannel_logout_supported?: boolean;
     claims_supported?: Array<string>;
     device_authorization_endpoint?: string;
+    dpop_signing_alg_values_supported?: Array<string>;
     end_session_endpoint?: string;
     frontchannel_logout_supported?: boolean;
     grant_types_supported?: Array<string>;
@@ -6886,6 +6899,7 @@ export interface PasswordEncryptionConfiguration {
  */
 export interface PasswordValidationRules {
     breachDetection?: PasswordBreachDetection;
+    disallowUserLoginId?: boolean;
     maxLength?: number;
     minLength?: number;
     rememberPreviousPasswords?: RememberPreviousPasswords;
@@ -7188,6 +7202,7 @@ export interface ReactorStatus {
     applicationThemes?: ReactorFeatureStatus;
     breachedPasswordDetection?: ReactorFeatureStatus;
     connectors?: ReactorFeatureStatus;
+    dPoP?: ReactorFeatureStatus;
     entityManagement?: ReactorFeatureStatus;
     expiration?: string;
     licenseAttributes?: Record<string, string>;
@@ -8262,13 +8277,15 @@ export interface TimeBasedDeletePolicy extends Enableable {
  * <a href="https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-05">
  * Draft RFC on OAuth 2.0 Message Authentication Code (MAC) Tokens</a>
  * </li>
+ * <li>DPoP Token type as defined by <a href="https://datatracker.ietf.org/doc/html/rfc9449">RFC 9449</a></li>
  * </ul>
  *
  * @author Daniel DeGroff
  */
 export declare enum TokenType {
     Bearer = "Bearer",
-    MAC = "MAC"
+    MAC = "MAC",
+    DPoP = "DPoP"
 }
 /**
  * The response from the total report. This report stores the total numbers for each application.

package/build/src/FusionAuthClient.js

@@ -1,6 +1,6 @@
 "use strict";
 /*
-* Copyright (c) 2019-2025, FusionAuth, All Rights Reserved
+* Copyright (c) 2019-2026, FusionAuth, All Rights Reserved
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -1530,6 +1530,19 @@ class FusionAuthClient {
             .withMethod("DELETE")
             .go();
     }
+    /**
+     * Deletes all of the WebAuthn credentials for the given User Id.
+     *
+     * @param {UUID} userId The unique Id of the User to delete WebAuthn passkeys for.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteWebAuthnCredentialsForUser(userId) {
+        return this.start()
+            .withUri('/api/webauthn')
+            .withParameter('userId', userId)
+            .withMethod("DELETE")
+            .go();
+    }
     /**
      * Deletes the webhook for the given Id.
      *
@@ -2266,7 +2279,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves the identity provider for the given domain. A 200 response code indicates the domain is managed
+     * Retrieves any global identity providers for the given domain. A 200 response code indicates the domain is managed
      * by a registered identity provider. A 404 indicates the domain is not managed.
      *
      * @param {string} domain The domain or email address to lookup.
@@ -2279,6 +2292,23 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieves the identity provider for the given domain and tenantId. A 200 response code indicates the domain is managed
+     * by a registered identity provider. A 404 indicates the domain is not managed.
+     *
+     * @param {string} domain The domain or email address to lookup.
+     * @param {UUID} tenantId If provided, the API searches for an identity provider scoped to the corresponding tenant that manages the requested domain.
+     *    If no result is found, the API then searches for global identity providers.
+     * @returns {Promise<ClientResponse<LookupResponse>>}
+     */
+    lookupIdentityProviderByTenantId(domain, tenantId) {
+        return this.start()
+            .withUri('/api/identity-provider/lookup')
+            .withParameter('domain', domain)
+            .withParameter('tenantId', tenantId)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the
      * action.
@@ -4380,19 +4410,6 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
-    /**
-     * Retrieves the user for the given Id. This method does not use an API key, instead it uses a JSON Web Token (JWT) for authentication.
-     *
-     * @param {string} encodedJWT The encoded JWT (access token).
-     * @returns {Promise<ClientResponse<UserResponse>>}
-     */
-    retrieveUserUsingJWT(encodedJWT) {
-        return this.startAnonymous()
-            .withUri('/api/user')
-            .withAuthorization('Bearer ' + encodedJWT)
-            .withMethod("GET")
-            .go();
-    }
     /**
      * Retrieves the FusionAuth version string.
      *
@@ -6590,6 +6607,7 @@ var OAuthErrorType;
     OAuthErrorType["authorization_pending"] = "authorization_pending";
     OAuthErrorType["expired_token"] = "expired_token";
     OAuthErrorType["unsupported_token_type"] = "unsupported_token_type";
+    OAuthErrorType["invalid_dpop_proof"] = "invalid_dpop_proof";
 })(OAuthErrorType = exports.OAuthErrorType || (exports.OAuthErrorType = {}));
 /**
  * Controls the policy for requesting user permission to grant access to requested scopes during an OAuth workflow
@@ -6782,6 +6800,7 @@ var ThemeType;
  * <a href="https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-05">
  * Draft RFC on OAuth 2.0 Message Authentication Code (MAC) Tokens</a>
  * </li>
+ * <li>DPoP Token type as defined by <a href="https://datatracker.ietf.org/doc/html/rfc9449">RFC 9449</a></li>
  * </ul>
  *
  * @author Daniel DeGroff
@@ -6790,6 +6809,7 @@ var TokenType;
 (function (TokenType) {
     TokenType["Bearer"] = "Bearer";
     TokenType["MAC"] = "MAC";
+    TokenType["DPoP"] = "DPoP";
 })(TokenType = exports.TokenType || (exports.TokenType = {}));
 /**
  * The transaction types for Webhooks and other event systems within FusionAuth.