@fusionauth/typescript-client 1.62.0 → 1.64.0

package/README.md

@@ -1,6 +1,7 @@
 ## FusionAuth TypeScript Client 
 ![semver 2.0.0 compliant](http://img.shields.io/badge/semver-2.0.0-brightgreen.svg?style=flat-square) [![npm](https://img.shields.io/npm/v/@fusionauth/typescript-client?style=flat-square)](https://www.npmjs.com/package/@fusionauth/typescript-client)
 
+
 If you're integrating FusionAuth with a Typescript application, this library will speed up your development time. It also works with node and browser applications as well.
 
 For additional information and documentation on FusionAuth refer to [https://fusionauth.io](https://fusionauth.io).

package/build/src/FusionAuthClient.d.ts

@@ -829,6 +829,13 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<void>>}
      */
     deleteWebAuthnCredential(id: UUID): Promise<ClientResponse<void>>;
+    /**
+     * Deletes all of the WebAuthn credentials for the given User Id.
+     *
+     * @param {UUID} userId The unique Id of the User to delete WebAuthn passkeys for.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteWebAuthnCredentialsForUser(userId: UUID): Promise<ClientResponse<void>>;
     /**
      * Deletes the webhook for the given Id.
      *
@@ -1173,13 +1180,23 @@ export declare class FusionAuthClient {
      */
     logoutWithRequest(request: LogoutRequest): Promise<ClientResponse<void>>;
     /**
-     * Retrieves the identity provider for the given domain. A 200 response code indicates the domain is managed
+     * Retrieves any global identity providers for the given domain. A 200 response code indicates the domain is managed
      * by a registered identity provider. A 404 indicates the domain is not managed.
      *
      * @param {string} domain The domain or email address to lookup.
      * @returns {Promise<ClientResponse<LookupResponse>>}
      */
     lookupIdentityProvider(domain: string): Promise<ClientResponse<LookupResponse>>;
+    /**
+     * Retrieves the identity provider for the given domain and tenantId. A 200 response code indicates the domain is managed
+     * by a registered identity provider. A 404 indicates the domain is not managed.
+     *
+     * @param {string} domain The domain or email address to lookup.
+     * @param {UUID} tenantId If provided, the API searches for an identity provider scoped to the corresponding tenant that manages the requested domain.
+     *    If no result is found, the API then searches for global identity providers.
+     * @returns {Promise<ClientResponse<LookupResponse>>}
+     */
+    lookupIdentityProviderByTenantId(domain: string, tenantId: UUID): Promise<ClientResponse<LookupResponse>>;
     /**
      * Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the
      * action.
@@ -2316,13 +2333,6 @@ export declare class FusionAuthClient {
      * @returns {Promise<ClientResponse<RecentLoginResponse>>}
      */
     retrieveUserRecentLogins(userId: UUID, offset: number, limit: number): Promise<ClientResponse<RecentLoginResponse>>;
-    /**
-     * Retrieves the user for the given Id. This method does not use an API key, instead it uses a JSON Web Token (JWT) for authentication.
-     *
-     * @param {string} encodedJWT The encoded JWT (access token).
-     * @returns {Promise<ClientResponse<UserResponse>>}
-     */
-    retrieveUserUsingJWT(encodedJWT: string): Promise<ClientResponse<UserResponse>>;
     /**
      * Retrieves the FusionAuth version string.
      *
@@ -3331,6 +3341,8 @@ export interface LoginConfiguration {
     requireAuthentication?: boolean;
 }
 export interface PasswordlessConfiguration extends Enableable {
+    emailLoginStrategy?: PasswordlessStrategy;
+    phoneLoginStrategy?: PasswordlessStrategy;
 }
 export interface RegistrationConfiguration extends Enableable {
     birthDate?: Requirable;
@@ -4123,6 +4135,7 @@ export interface Context {
     action?: MultiFactorAction;
     application?: Application;
     authenticationThreats?: Array<AuthenticationThreats>;
+    authenticationType?: string;
     eventInfo?: EventInfo;
     mfaTrust?: Trust;
     policies?: Policies;
@@ -6014,13 +6027,15 @@ export declare enum KeyAlgorithm {
     RS256 = "RS256",
     RS384 = "RS384",
     RS512 = "RS512",
-    Ed25519 = "Ed25519"
+    Ed25519 = "Ed25519",
+    None = "None"
 }
 export declare enum KeyType {
     EC = "EC",
     RSA = "RSA",
     HMAC = "HMAC",
-    OKP = "OKP"
+    OKP = "OKP",
+    Secret = "Secret"
 }
 /**
  * Key API request object.
@@ -6758,7 +6773,8 @@ export declare enum OAuthErrorType {
     two_factor_required = "two_factor_required",
     authorization_pending = "authorization_pending",
     expired_token = "expired_token",
-    unsupported_token_type = "unsupported_token_type"
+    unsupported_token_type = "unsupported_token_type",
+    invalid_dpop_proof = "invalid_dpop_proof"
 }
 /**
  * @author Daniel DeGroff
@@ -6818,7 +6834,9 @@ export interface OpenIdConfiguration {
     authorization_endpoint?: string;
     backchannel_logout_supported?: boolean;
     claims_supported?: Array<string>;
+    code_challenge_methods_supported?: Array<string>;
     device_authorization_endpoint?: string;
+    dpop_signing_alg_values_supported?: Array<string>;
     end_session_endpoint?: string;
     frontchannel_logout_supported?: boolean;
     grant_types_supported?: Array<string>;
@@ -6886,6 +6904,7 @@ export interface PasswordEncryptionConfiguration {
  */
 export interface PasswordValidationRules {
     breachDetection?: PasswordBreachDetection;
+    disallowUserLoginId?: boolean;
     maxLength?: number;
     minLength?: number;
     rememberPreviousPasswords?: RememberPreviousPasswords;
@@ -7188,8 +7207,10 @@ export interface ReactorStatus {
     applicationThemes?: ReactorFeatureStatus;
     breachedPasswordDetection?: ReactorFeatureStatus;
     connectors?: ReactorFeatureStatus;
+    dPoP?: ReactorFeatureStatus;
     entityManagement?: ReactorFeatureStatus;
     expiration?: string;
+    ipGeoLocation?: ReactorFeatureStatus;
     licenseAttributes?: Record<string, string>;
     licensed?: boolean;
     multiFactorLambdas?: ReactorFeatureStatus;
@@ -8262,13 +8283,15 @@ export interface TimeBasedDeletePolicy extends Enableable {
  * <a href="https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-05">
  * Draft RFC on OAuth 2.0 Message Authentication Code (MAC) Tokens</a>
  * </li>
+ * <li>DPoP Token type as defined by <a href="https://datatracker.ietf.org/doc/html/rfc9449">RFC 9449</a></li>
  * </ul>
  *
  * @author Daniel DeGroff
  */
 export declare enum TokenType {
     Bearer = "Bearer",
-    MAC = "MAC"
+    MAC = "MAC",
+    DPoP = "DPoP"
 }
 /**
  * The response from the total report. This report stores the total numbers for each application.

package/build/src/FusionAuthClient.js

@@ -1,6 +1,6 @@
 "use strict";
 /*
-* Copyright (c) 2019-2025, FusionAuth, All Rights Reserved
+* Copyright (c) 2019-2026, FusionAuth, All Rights Reserved
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -1530,6 +1530,19 @@ class FusionAuthClient {
             .withMethod("DELETE")
             .go();
     }
+    /**
+     * Deletes all of the WebAuthn credentials for the given User Id.
+     *
+     * @param {UUID} userId The unique Id of the User to delete WebAuthn passkeys for.
+     * @returns {Promise<ClientResponse<void>>}
+     */
+    deleteWebAuthnCredentialsForUser(userId) {
+        return this.start()
+            .withUri('/api/webauthn')
+            .withParameter('userId', userId)
+            .withMethod("DELETE")
+            .go();
+    }
     /**
      * Deletes the webhook for the given Id.
      *
@@ -2266,7 +2279,7 @@ class FusionAuthClient {
             .go();
     }
     /**
-     * Retrieves the identity provider for the given domain. A 200 response code indicates the domain is managed
+     * Retrieves any global identity providers for the given domain. A 200 response code indicates the domain is managed
      * by a registered identity provider. A 404 indicates the domain is not managed.
      *
      * @param {string} domain The domain or email address to lookup.
@@ -2279,6 +2292,23 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
+    /**
+     * Retrieves the identity provider for the given domain and tenantId. A 200 response code indicates the domain is managed
+     * by a registered identity provider. A 404 indicates the domain is not managed.
+     *
+     * @param {string} domain The domain or email address to lookup.
+     * @param {UUID} tenantId If provided, the API searches for an identity provider scoped to the corresponding tenant that manages the requested domain.
+     *    If no result is found, the API then searches for global identity providers.
+     * @returns {Promise<ClientResponse<LookupResponse>>}
+     */
+    lookupIdentityProviderByTenantId(domain, tenantId) {
+        return this.start()
+            .withUri('/api/identity-provider/lookup')
+            .withParameter('domain', domain)
+            .withParameter('tenantId', tenantId)
+            .withMethod("GET")
+            .go();
+    }
     /**
      * Modifies a temporal user action by changing the expiration of the action and optionally adding a comment to the
      * action.
@@ -4380,19 +4410,6 @@ class FusionAuthClient {
             .withMethod("GET")
             .go();
     }
-    /**
-     * Retrieves the user for the given Id. This method does not use an API key, instead it uses a JSON Web Token (JWT) for authentication.
-     *
-     * @param {string} encodedJWT The encoded JWT (access token).
-     * @returns {Promise<ClientResponse<UserResponse>>}
-     */
-    retrieveUserUsingJWT(encodedJWT) {
-        return this.startAnonymous()
-            .withUri('/api/user')
-            .withAuthorization('Bearer ' + encodedJWT)
-            .withMethod("GET")
-            .go();
-    }
     /**
      * Retrieves the FusionAuth version string.
      *
@@ -6369,6 +6386,7 @@ var KeyAlgorithm;
     KeyAlgorithm["RS384"] = "RS384";
     KeyAlgorithm["RS512"] = "RS512";
     KeyAlgorithm["Ed25519"] = "Ed25519";
+    KeyAlgorithm["None"] = "None";
 })(KeyAlgorithm = exports.KeyAlgorithm || (exports.KeyAlgorithm = {}));
 var KeyType;
 (function (KeyType) {
@@ -6376,6 +6394,7 @@ var KeyType;
     KeyType["RSA"] = "RSA";
     KeyType["HMAC"] = "HMAC";
     KeyType["OKP"] = "OKP";
+    KeyType["Secret"] = "Secret";
 })(KeyType = exports.KeyType || (exports.KeyType = {}));
 /**
  * The use type of a key.
@@ -6590,6 +6609,7 @@ var OAuthErrorType;
     OAuthErrorType["authorization_pending"] = "authorization_pending";
     OAuthErrorType["expired_token"] = "expired_token";
     OAuthErrorType["unsupported_token_type"] = "unsupported_token_type";
+    OAuthErrorType["invalid_dpop_proof"] = "invalid_dpop_proof";
 })(OAuthErrorType = exports.OAuthErrorType || (exports.OAuthErrorType = {}));
 /**
  * Controls the policy for requesting user permission to grant access to requested scopes during an OAuth workflow
@@ -6782,6 +6802,7 @@ var ThemeType;
  * <a href="https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-05">
  * Draft RFC on OAuth 2.0 Message Authentication Code (MAC) Tokens</a>
  * </li>
+ * <li>DPoP Token type as defined by <a href="https://datatracker.ietf.org/doc/html/rfc9449">RFC 9449</a></li>
  * </ul>
  *
  * @author Daniel DeGroff
@@ -6790,6 +6811,7 @@ var TokenType;
 (function (TokenType) {
     TokenType["Bearer"] = "Bearer";
     TokenType["MAC"] = "MAC";
+    TokenType["DPoP"] = "DPoP";
 })(TokenType = exports.TokenType || (exports.TokenType = {}));
 /**
  * The transaction types for Webhooks and other event systems within FusionAuth.