@icure/cardinal-sdk 0.0.0-unspecified

package/options/AuthenticationMethod.mjs

@@ -0,0 +1,221 @@
+export var ThirdPartyProvider;
+(function (ThirdPartyProvider) {
+    ThirdPartyProvider["GOOGLE"] = "GOOGLE";
+})(ThirdPartyProvider || (ThirdPartyProvider = {}));
+export var AuthenticationMethod;
+(function (AuthenticationMethod) {
+    /**
+     * The sdk will perform requests using jwt obtained from the provided credentials.
+     *
+     * When using this authentication method, the sdk will cache the credentials and will automatically request updated
+     * tokens as needed.
+     * However, if the provided credentials expire, the SDK will become unusable.
+     *
+     * This authentication method can also be used for the execution of requests that require an elevated security context
+     * as long as the credentials provided can be used to create a suitable token.
+     *
+     * Not that when using this authentication method the provided credentials will be cached (in volatile memory)
+     * without expiration.
+     */
+    let UsingCredentials;
+    (function (UsingCredentials) {
+        class UsernamePassword {
+            constructor(
+            /**
+             * A public identifier of the user logging in. This could be:
+             * - {@link User.id}
+             * - {@link Group.id}:{@link User.id}
+             * - {@link User.login}
+             * - {@link User.email}
+             */
+            username, 
+            /**
+             * The password of the user
+             */
+            password) {
+                this.username = username;
+                this.password = password;
+            }
+        }
+        UsingCredentials.UsernamePassword = UsernamePassword;
+        class UsernameLongToken {
+            constructor(
+            /**
+             * A public identifier of the user logging in. This could be:
+             * - {@link User.id}
+             * - {@link Group.id}:{@link User.id}
+             * - {@link User.login}
+             * - {@link User.email}
+             */
+            username, 
+            /**
+             * A long-lived token of the user
+             */
+            token) {
+                this.username = username;
+                this.token = token;
+            }
+        }
+        UsingCredentials.UsernameLongToken = UsernameLongToken;
+        class ThirdPartyAuth {
+            constructor(
+            /**
+             * A token used to perform the third party authentication
+             */
+            token, 
+            /**
+             * The authentication provider
+             */
+            provider) {
+                this.token = token;
+                this.provider = provider;
+            }
+        }
+        UsingCredentials.ThirdPartyAuth = ThirdPartyAuth;
+        class JwtCredentials {
+            constructor(
+            /**
+             * A refresh token of the user
+             */
+            refresh, 
+            /**
+             * An initial bearer token of the user, optional.
+             */
+            bearer) {
+                this.refresh = refresh;
+                this.bearer = bearer;
+            }
+        }
+        UsingCredentials.JwtCredentials = JwtCredentials;
+    })(UsingCredentials = AuthenticationMethod.UsingCredentials || (AuthenticationMethod.UsingCredentials = {}));
+    /**
+     * Allows the SDK to perform authentication using secrets obtained from an [AuthSecretProvider].
+     *
+     * The iCure SDK can authenticate to the backend using different kinds of secrets, such as passwords, long-lived authentication tokens, and
+     * short-lived authentication tokens generated through the message gateway.
+     * iCure associates to each kind of secret a certain security level, and for some sensitive operations, depending on the configurations of
+     * the user and his group, some operations may require a secret of a certain security level.
+     *
+     * For example, with the default configurations, to change his own email the user can't have logged in with a long-lived token, but he
+     * needs to provide his current password or a short-lived token.
+     *
+     * By using this authentication option, the iCure SDK will automatically request and cache the secret from the [AuthSecretProvider] only when
+     * needed, which should help to minimize the interaction with the user.
+     *
+     * Another advantage of using this authentication option over others is that in case all the cached tokens and secrets were to expire while
+     * performing a request, instead of having the request fail the SDK will ask for a new secret from the [SmartAuthProvider] and the request will
+     * automatically be retried with the new secret.
+     */
+    class UsingSecretProvider {
+        constructor(secretProvider, options) {
+            this.secretProvider = secretProvider;
+            this.options = options;
+        }
+    }
+    AuthenticationMethod.UsingSecretProvider = UsingSecretProvider;
+})(AuthenticationMethod || (AuthenticationMethod = {}));
+export var SecretProviderAuthenticationOptions;
+(function (SecretProviderAuthenticationOptions) {
+    let InitialSecret;
+    (function (InitialSecret) {
+        class Password {
+            constructor(password) {
+                this.password = password;
+            }
+        }
+        InitialSecret.Password = Password;
+        class LongLivedToken {
+            constructor(token) {
+                this.token = token;
+            }
+        }
+        InitialSecret.LongLivedToken = LongLivedToken;
+        class OAuth {
+            constructor(secret, oauthType) {
+                this.secret = secret;
+                this.oauthType = oauthType;
+            }
+        }
+        InitialSecret.OAuth = OAuth;
+    })(InitialSecret = SecretProviderAuthenticationOptions.InitialSecret || (SecretProviderAuthenticationOptions.InitialSecret = {}));
+})(SecretProviderAuthenticationOptions || (SecretProviderAuthenticationOptions = {}));
+export var AuthSecretDetails;
+(function (AuthSecretDetails) {
+    class PasswordDetails {
+        /**
+         * @param secret the password of the user
+         */
+        constructor(secret) {
+            this.secret = secret;
+        }
+    }
+    AuthSecretDetails.PasswordDetails = PasswordDetails;
+    class TwoFactorAuthTokenDetails {
+        /**
+         * @param secret the current two-factor authentication token of the user.
+         */
+        constructor(secret) {
+            this.secret = secret;
+        }
+    }
+    AuthSecretDetails.TwoFactorAuthTokenDetails = TwoFactorAuthTokenDetails;
+    class ShortLivedTokenDetails {
+        /**
+         * @param secret a short-lived token obtained through an authentication process
+         * @param authenticationProcessInfo the authentication process that was used to create the secret
+         */
+        constructor(secret, authenticationProcessInfo) {
+            this.secret = secret;
+            this.authenticationProcessInfo = authenticationProcessInfo;
+        }
+    }
+    AuthSecretDetails.ShortLivedTokenDetails = ShortLivedTokenDetails;
+    class LongLivedTokenDetails {
+        /**
+         * @param secret a long-lived token of the user.
+         */
+        constructor(secret) {
+            this.secret = secret;
+        }
+    }
+    AuthSecretDetails.LongLivedTokenDetails = LongLivedTokenDetails;
+    class ExternalAuthenticationDetails {
+        /**
+         * @param secret some token or another secret that can be used to authenticate the user to a supported third party service
+         * @param oauthType the third party service that should recognize the provided secret.
+         */
+        constructor(secret, oauthType) {
+            this.secret = secret;
+            this.oauthType = oauthType;
+        }
+    }
+    AuthSecretDetails.ExternalAuthenticationDetails = ExternalAuthenticationDetails;
+    class DigitalIdDetails {
+        /**
+         * Not yet implemented
+         */
+        constructor(secret) {
+            this.secret = secret;
+        }
+    }
+    AuthSecretDetails.DigitalIdDetails = DigitalIdDetails;
+})(AuthSecretDetails || (AuthSecretDetails = {}));
+export var AuthenticationProcessTelecomType;
+(function (AuthenticationProcessTelecomType) {
+    AuthenticationProcessTelecomType["Email"] = "Email";
+    AuthenticationProcessTelecomType["MobilePhone"] = "MobilePhone";
+})(AuthenticationProcessTelecomType || (AuthenticationProcessTelecomType = {}));
+/**
+ * Holds information on an authentication process request done through the {@link AuthenticationProcessApi}.
+ *
+ * You should not instantiate this class directly or use its properties, as they are for internal use and may be changed
+ * without notice.
+ */
+export class AuthenticationProcessRequest {
+    constructor(messageGwUrl, specId, requestId) {
+        this.messageGwUrl = messageGwUrl;
+        this.specId = specId;
+        this.requestId = requestId;
+    }
+}
+//# sourceMappingURL=AuthenticationMethod.mjs.map

package/options/AuthenticationMethod.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthenticationMethod.mjs","sourceRoot":"","sources":["../../tsSourcesProject/options/AuthenticationMethod.mts"],"names":[],"mappings":"AAGA,MAAM,CAAN,IAAY,kBAEX;AAFD,WAAY,kBAAkB;IAC5B,uCAAiB,CAAA;AACnB,CAAC,EAFW,kBAAkB,KAAlB,kBAAkB,QAE7B;AAED,MAAM,KAAW,oBAAoB,CAoGpC;AApGD,WAAiB,oBAAoB;IACnC;;;;;;;;;;;;OAYG;IACH,IAAiB,gBAAgB,CA4DhC;IA5DD,WAAiB,gBAAgB;QAC/B,MAAa,gBAAgB;YAC3B;YACE;;;;;;eAMG;YACM,QAAgB;YACzB;;eAEG;YACM,QAAgB;gBAJhB,aAAQ,GAAR,QAAQ,CAAQ;gBAIhB,aAAQ,GAAR,QAAQ,CAAQ;YACxB,CAAC;SACL;QAfY,iCAAgB,mBAe5B,CAAA;QAED,MAAa,iBAAiB;YAC5B;YACE;;;;;;eAMG;YACM,QAAgB;YACzB;;eAEG;YACM,KAAa;gBAJb,aAAQ,GAAR,QAAQ,CAAQ;gBAIhB,UAAK,GAAL,KAAK,CAAQ;YACrB,CAAC;SACL;QAfY,kCAAiB,oBAe7B,CAAA;QAED,MAAa,cAAc;YACzB;YACE;;eAEG;YACM,KAAa;YACtB;;eAEG;YACM,QAA4B;gBAJ5B,UAAK,GAAL,KAAK,CAAQ;gBAIb,aAAQ,GAAR,QAAQ,CAAoB;YACpC,CAAC;SACL;QAXY,+BAAc,iBAW1B,CAAA;QAED,MAAa,cAAc;YACzB;YACE;;eAEG;YACM,OAAe;YACxB;;eAEG;YACM,MAAe;gBAJf,YAAO,GAAP,OAAO,CAAQ;gBAIf,WAAM,GAAN,MAAM,CAAS;YACvB,CAAC;SACL;QAXY,+BAAc,iBAW1B,CAAA;IACH,CAAC,EA5DgB,gBAAgB,GAAhB,qCAAgB,KAAhB,qCAAgB,QA4DhC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,MAAa,mBAAmB;QAC9B,YACW,cAAkC,EAClC,OAA6C;YAD7C,mBAAc,GAAd,cAAc,CAAoB;YAClC,YAAO,GAAP,OAAO,CAAsC;QACrD,CAAC;KACL;IALY,wCAAmB,sBAK/B,CAAA;AACH,CAAC,EApGgB,oBAAoB,KAApB,oBAAoB,QAoGpC;AA0CD,MAAM,KAAW,mCAAmC,CAQnD;AARD,WAAiB,mCAAmC;IAClD,IAAiB,aAAa,CAI7B;IAJD,WAAiB,aAAa;QAC5B,MAAa,QAAQ;YAAG,YAAqB,QAAgB;gBAAhB,aAAQ,GAAR,QAAQ,CAAQ;YAAG,CAAC;SAAE;QAAtD,sBAAQ,WAA8C,CAAA;QACnE,MAAa,cAAc;YAAG,YAAqB,KAAa;gBAAb,UAAK,GAAL,KAAK,CAAQ;YAAG,CAAC;SAAE;QAAzD,4BAAc,iBAA2C,CAAA;QACtE,MAAa,KAAK;YAAG,YAAqB,MAAc,EAAW,SAA6B;gBAAtD,WAAM,GAAN,MAAM,CAAQ;gBAAW,cAAS,GAAT,SAAS,CAAoB;YAAG,CAAC;SAAE;QAAzF,mBAAK,QAAoF,CAAA;IACxG,CAAC,EAJgB,aAAa,GAAb,iDAAa,KAAb,iDAAa,QAI7B;AAGH,CAAC,EARgB,mCAAmC,KAAnC,mCAAmC,QAQnD;AA+CD,MAAM,KAAW,iBAAiB,CA4CjC;AA5CD,WAAiB,iBAAiB;IAChC,MAAa,eAAe;QAC1B;;WAEG;QACH,YAAsB,MAAc;YAAd,WAAM,GAAN,MAAM,CAAQ;QAAG,CAAC;KACzC;IALY,iCAAe,kBAK3B,CAAA;IAED,MAAa,yBAAyB;QACpC;;WAEG;QACH,YAAsB,MAAc;YAAd,WAAM,GAAN,MAAM,CAAQ;QAAG,CAAC;KACzC;IALY,2CAAyB,4BAKrC,CAAA;IAED,MAAa,sBAAsB;QACjC;;;WAGG;QACH,YAAqB,MAAc,EAAW,yBAAuD;YAAhF,WAAM,GAAN,MAAM,CAAQ;YAAW,8BAAyB,GAAzB,yBAAyB,CAA8B;QAAG,CAAC;KAC1G;IANY,wCAAsB,yBAMlC,CAAA;IAED,MAAa,qBAAqB;QAChC;;WAEG;QACH,YAAsB,MAAc;YAAd,WAAM,GAAN,MAAM,CAAQ;QAAG,CAAC;KACzC;IALY,uCAAqB,wBAKjC,CAAA;IAED,MAAa,6BAA6B;QACxC;;;WAGG;QACH,YAAsB,MAAc,EAAW,SAA6B;YAAtD,WAAM,GAAN,MAAM,CAAQ;YAAW,cAAS,GAAT,SAAS,CAAoB;QAAG,CAAC;KACjF;IANY,+CAA6B,gCAMzC,CAAA;IAED,MAAa,gBAAgB;QAC3B;;WAEG;QACH,YAAsB,MAAc;YAAd,WAAM,GAAN,MAAM,CAAQ;QAAG,CAAC;KACzC;IALY,kCAAgB,mBAK5B,CAAA;AACH,CAAC,EA5CgB,iBAAiB,KAAjB,iBAAiB,QA4CjC;AA+CD,MAAM,CAAN,IAAY,gCAEX;AAFD,WAAY,gCAAgC;IAC1C,mDAAe,CAAA;IAAE,+DAA2B,CAAA;AAC9C,CAAC,EAFW,gCAAgC,KAAhC,gCAAgC,QAE3C;AAED;;;;;GAKG;AACH,MAAM,OAAO,4BAA4B;IACvC,YACW,YAAoB,EACpB,MAAc,EACd,SAAiB;QAFjB,iBAAY,GAAZ,YAAY,CAAQ;QACpB,WAAM,GAAN,MAAM,CAAQ;QACd,cAAS,GAAT,SAAS,CAAQ;IACzB,CAAC;CACL","sourcesContent":["import {AuthenticationClass} from \"../model/embed/AuthenticationClass.mjs\";\nimport {CaptchaOptions} from \"../auth/CaptchaOptions.mjs\";\n\nexport enum ThirdPartyProvider {\n  GOOGLE = \"GOOGLE\"\n}\n\nexport namespace AuthenticationMethod {\n  /**\n   * The sdk will perform requests using jwt obtained from the provided credentials.\n   *\n   * When using this authentication method, the sdk will cache the credentials and will automatically request updated\n   * tokens as needed.\n   * However, if the provided credentials expire, the SDK will become unusable.\n   *\n   * This authentication method can also be used for the execution of requests that require an elevated security context\n   * as long as the credentials provided can be used to create a suitable token.\n   *\n   * Not that when using this authentication method the provided credentials will be cached (in volatile memory)\n   * without expiration.\n   */\n  export namespace UsingCredentials {\n    export class UsernamePassword {\n      constructor(\n        /**\n         * A public identifier of the user logging in. This could be:\n         * - {@link User.id}\n         * - {@link Group.id}:{@link User.id}\n         * - {@link User.login}\n         * - {@link User.email}\n         */\n        readonly username: string,\n        /**\n         * The password of the user\n         */\n        readonly password: string,\n      ) {}\n    }\n\n    export class UsernameLongToken {\n      constructor(\n        /**\n         * A public identifier of the user logging in. This could be:\n         * - {@link User.id}\n         * - {@link Group.id}:{@link User.id}\n         * - {@link User.login}\n         * - {@link User.email}\n         */\n        readonly username: string,\n        /**\n         * A long-lived token of the user\n         */\n        readonly token: string,\n      ) {}\n    }\n\n    export class ThirdPartyAuth {\n      constructor(\n        /**\n         * A token used to perform the third party authentication\n         */\n        readonly token: string,\n        /**\n         * The authentication provider\n         */\n        readonly provider: ThirdPartyProvider,\n      ) {}\n    }\n\n    export class JwtCredentials {\n      constructor(\n        /**\n         * A refresh token of the user\n         */\n        readonly refresh: string,\n        /**\n         * An initial bearer token of the user, optional.\n         */\n        readonly bearer?: string\n      ) {}\n    }\n  }\n\n  /**\n   * Allows the SDK to perform authentication using secrets obtained from an [AuthSecretProvider].\n   *\n   * The iCure SDK can authenticate to the backend using different kinds of secrets, such as passwords, long-lived authentication tokens, and\n   * short-lived authentication tokens generated through the message gateway.\n   * iCure associates to each kind of secret a certain security level, and for some sensitive operations, depending on the configurations of\n   * the user and his group, some operations may require a secret of a certain security level.\n   *\n   * For example, with the default configurations, to change his own email the user can't have logged in with a long-lived token, but he\n   * needs to provide his current password or a short-lived token.\n   *\n   * By using this authentication option, the iCure SDK will automatically request and cache the secret from the [AuthSecretProvider] only when\n   * needed, which should help to minimize the interaction with the user.\n   *\n   * Another advantage of using this authentication option over others is that in case all the cached tokens and secrets were to expire while\n   * performing a request, instead of having the request fail the SDK will ask for a new secret from the [SmartAuthProvider] and the request will\n   * automatically be retried with the new secret.\n   */\n  export class UsingSecretProvider {\n    constructor(\n      readonly secretProvider: AuthSecretProvider,\n      readonly options?: SecretProviderAuthenticationOptions\n    ) {}\n  }\n}\nexport type AuthenticationMethod =\n  AuthenticationMethod.UsingCredentials.UsernamePassword |\n  AuthenticationMethod.UsingCredentials.UsernameLongToken |\n  AuthenticationMethod.UsingCredentials.ThirdPartyAuth |\n  AuthenticationMethod.UsingCredentials.JwtCredentials |\n  AuthenticationMethod.UsingSecretProvider\n\nexport interface SecretProviderAuthenticationOptions {\n  /**\n   * A public identifier of the user logging in. This could be:\n   * - {@link User.id}\n   * - {@link Group.id}:{@link User.id}\n   * - {@link User.login}\n   * - {@link User.email}\n   * This value is optional because authentication using external methods (e.g. Google or digital ids) does not\n   * require explicitly providing the username. However, if not provided, the authentication will be locked to\n   * only use these external authentication methods.\n   */\n  readonly loginUsername?: string\n  /**\n   * An initial secret for the login.\n   * If not null, the authentication provider will attempt to use it when needed before asking the secret\n   * provider.\n   */\n  readonly initialSecret?: SecretProviderAuthenticationOptions.InitialSecret\n  /**\n   * If not null the authentication provider will use the jwt while valid.\n   */\n  readonly existingJwt?: string\n  /**\n   * If not null the authentication provider will use the refresh jwt while valid.\n   */\n  readonly existingRefreshJwt?: string\n  /**\n   * If set to true the secrets used by the authentication provider will be cached without expiration\n   * (in volatile memory).\n   * This minimizes the interaction with the end user, but may not be suitable for your security policy.\n   */\n  readonly cacheSecrets?: boolean\n}\n\nexport namespace SecretProviderAuthenticationOptions {\n  export namespace InitialSecret {\n    export class Password { constructor(readonly password: string) {} }\n    export class LongLivedToken { constructor(readonly token: string) {} }\n    export class OAuth { constructor(readonly secret: string, readonly oauthType: ThirdPartyProvider) {} }\n  }\n\n  export type InitialSecret = InitialSecret.Password | InitialSecret.LongLivedToken | InitialSecret.OAuth\n}\n\nexport interface AuthSecretProvider {\n  /**\n   * Provides a secret for authentication to the iCure SDK.\n   *\n   * ## Accepted secrets\n   *\n   * The method will be provided with an array of the secrets types that are acceptable {@link acceptedSecrets}. Usually this array will contain multiple\n   * elements, but this depends on the group configuration, the user (if he has 2fa setup or not), or the operation being performed. For groups using\n   * default configurations and for patients without 2fa enabled for example the array will always contain the {@link AuthenticationClass.Password} element.\n   * Usually the array contain also the {@link AuthenticationClass.LongLivedToken} element, but if the user is attempting to perform a sensitive operations\n   * such as changing his password the default group configuration does not allow for the user to authenticate using a JWT obtained from a long-lived\n   * token for this operation, meaning the array will not contain the {@link AuthenticationClass.LongLivedToken} element.\n   *\n   * Regardless of the number of elements in the array only one secret of the accepted types is sufficient for the operation to succeed.\n   *\n   * ## {@link AuthenticationClass.TwoFactorAuthentication} secret type\n   *\n   * The {@link AuthenticationClass.TwoFactorAuthentication} secret type is only used when the user has 2fa enabled. In this case the SDK will call\n   * this method twice, once containing the {@link AuthenticationClass.Password} element in the {@link acceptedSecrets} array, and if the provided secret is a\n   * valid password the SDK will immediately call this method again, this time containing the {@link AuthenticationClass.TwoFactorAuthentication}\n   * instead of the {@link AuthenticationClass.Password} element.\n   *\n   * Any future call to this method from the same provider instance will not contain the {@link AuthenticationClass.Password} element anymore, as it is\n   * cached, but it may contain the {@link AuthenticationClass.TwoFactorAuthentication} element instead.\n   *\n   * Note that the 2fa token is not needed for logging in through a long-lived or short-lived token, it is only used in combination with a password.\n   * If the user is using 2fa, and you get in input as {@link acceptedSecrets} an array `[PASSWORD, LONG_LIVED_TOKEN, SHORT_LIVED_TOKEN]`, and you pass to\n   * authenticate a long-lived token, the SDK will not call this method again to ask for the 2fa token.\n   *\n   * @param acceptedSecrets the types of secrets that are acceptable for the operation being performed.\n   * @param previousAttempts the secrets that were previously attempted by the SDK for this operation. This array will be empty the first time this\n   * method is called for a given operation, but it may contain multiple elements if the SDK has already called this method multiple times because the\n   * previously returned secrets were not valid. The first element is the first secret that was attempted, and the last element is the most recently\n   * attempted.\n   * @param authProcessApi an api which can be used to request sms or email short-lived tokens for the user.\n   * @return a promise that resolves with the secret and the secret type to use for authentication. If the promise rejects then the ongoing SDK\n   * operation will fail without being re-attempted.\n   */\n  getSecret(\n    acceptedSecrets: Array<AuthenticationClass>,\n    previousAttempts: Array<AuthSecretDetails>,\n    authProcessApi: AuthenticationProcessApi\n  ): Promise<AuthSecretDetails>\n}\n\nexport namespace AuthSecretDetails {\n  export class PasswordDetails {\n    /**\n     * @param secret the password of the user\n     */\n    constructor (readonly secret: String) {}\n  }\n  \n  export class TwoFactorAuthTokenDetails {\n    /**\n     * @param secret the current two-factor authentication token of the user.\n     */\n    constructor (readonly secret: String) {}\n  }\n\n  export class ShortLivedTokenDetails {\n    /**\n     * @param secret a short-lived token obtained through an authentication process\n     * @param authenticationProcessInfo the authentication process that was used to create the secret\n     */\n    constructor(readonly secret: String, readonly authenticationProcessInfo: AuthenticationProcessRequest) {}\n  }\n  \n  export class LongLivedTokenDetails {\n    /**\n     * @param secret a long-lived token of the user.\n     */\n    constructor (readonly secret: String) {}\n  }\n  \n  export class ExternalAuthenticationDetails {\n    /**\n     * @param secret some token or another secret that can be used to authenticate the user to a supported third party service\n     * @param oauthType the third party service that should recognize the provided secret.\n     */\n    constructor (readonly secret: String, readonly oauthType: ThirdPartyProvider) {}\n  }\n  \n  export class DigitalIdDetails {\n    /**\n     * Not yet implemented\n     */\n    constructor (readonly secret: String) {}\n  }\n}\nexport type AuthSecretDetails =\n  AuthSecretDetails.PasswordDetails |\n  AuthSecretDetails.TwoFactorAuthTokenDetails |\n  AuthSecretDetails.ShortLivedTokenDetails |\n  AuthSecretDetails.LongLivedTokenDetails |\n  AuthSecretDetails.ExternalAuthenticationDetails |\n  AuthSecretDetails.DigitalIdDetails\n\n/**\n * Allows initializing processes for the registration and authentication of users.\n */\nexport interface AuthenticationProcessApi {\n  /**\n   * Executes an authentication process.\n   * @param messageGatewayUrl the url of the iCure message gateway you want to use. Usually this should be\n   * @param externalServicesSpecId an identifier that allows the message gateway to connect the request to your\n   * services for email / sms communication of the process tokens.\n   * @param processId the id of the process you want to execute.\n   * @param userTelecomType the type of telecom number used for the user.\n   * @param userTelecom the telecom number of the user for which you want to execute the process. This should be an\n   * email address or phone number depending on the type of process you are executing.\n   * @param captchaOptions the captcha solution\n   * @param processTemplateParameters additional parameters needed by some process templates.\n   */\n  executeProcess(\n    messageGatewayUrl: string,\n    externalServicesSpecId: string,\n    processId: string,\n    userTelecomType: AuthenticationProcessTelecomType,\n    userTelecom: string,\n    captchaOptions: CaptchaOptions,\n    processTemplateParameters?: AuthenticationProcessTemplateParameters\n  ): Promise<AuthenticationProcessRequest>\n}\n\nexport interface AuthenticationProcessTemplateParameters {\n  /**\n   * First name of the user executing the authentication process.\n   */\n  readonly firstName?: string\n  /**\n   * Last name of the user executing the authentication process.\n   */\n  readonly lastName?: string\n}\n\nexport enum AuthenticationProcessTelecomType {\n  Email = \"Email\", MobilePhone = \"MobilePhone\"\n}\n\n/**\n * Holds information on an authentication process request done through the {@link AuthenticationProcessApi}.\n *\n * You should not instantiate this class directly or use its properties, as they are for internal use and may be changed\n * without notice.\n */\nexport class AuthenticationProcessRequest {\n  constructor(\n    readonly messageGwUrl: String,\n    readonly specId: String,\n    readonly requestId: String\n  ) {}\n}"]}

package/options/SdkOptions.d.mts

@@ -0,0 +1,214 @@
+import { XCryptoService } from "../crypto/CryptoService.mjs";
+import { UserGroup } from "../model/UserGroup.mjs";
+import { KeyStorageFacade } from "../storage/StorageFacade.mjs";
+import { CryptoStrategies } from "../crypto/CryptoStrategies.mjs";
+import { CardinalKeyStorageOptions } from "../cardinal-sdk-ts.mjs";
+export interface SdkOptions {
+    /**
+     * Configure which fields of entities should be encrypted
+     */
+    readonly encryptedFields?: EncryptedFieldsConfiguration;
+    /**
+     * Has only effect when logging in as an hcp user.
+     *
+     * If true the api will be initialized in a hierarchical mode, where each data owner is considered to have access
+     * to all data of his parents (requires corresponding permission on the server side).
+     * In this case the sdk will also expect to have access to at least a key for each parent data owner of the current
+     * user.
+     *
+     * If false or undefined the api will ignore the data owner hierarchies.
+     * Each data owner is considered to have access only to data shared explicitly with him, and has access only to his
+     * own keys.
+     */
+    readonly useHierarchicalDataOwners?: boolean;
+    /**
+     * If true (default) the sdk will automatically create the transfer keys for the current user if a new keypair is
+     * created.
+     */
+    readonly createTransferKeys?: boolean;
+    /**
+     * Service for encryption primitives.
+     */
+    readonly cryptoService?: XCryptoService;
+    /**
+     * If true (default) the password of the user will be salted together with the application id before sending it to
+     * the iCure backend for login or when changing the user password.
+     * This is done in addition to the server-side salting of the password before storing them.
+     *
+     * By enabling this option iCure never gets access to the plain text password of users.
+     * Note that changing this value in a second moment requires also modifying the password of the user on the iCure
+     * databases to reflect the change.
+     */
+    readonly saltPasswordWithApplicationId?: boolean;
+    /**
+     * An instance of iCure SDK is initialized for working as a specific user in a single group.
+     * However, the user credentials may match multiple users in different groups (but at most one per group).
+     * If that is the case, this function will be used to pick the actual user for which the sdk will be initialized.
+     *
+     * This is mandatory in multi-group applications, where a single user could exist in multiple groups.
+     * If this parameter is null and the user credentials match multiple users the api initialisation will fail.
+     * In single-group applications this parameter won't be used, so it can be left as null.
+     */
+    readonly groupSelector?: (availableGroups: Array<UserGroup>) => Promise<string>;
+    /**
+     * Options to support the migration of data created using iCure versions from before 2018.
+     * Leave it as false (default) unless explicitly instructed to set it to true by the iCure team.
+     */
+    readonly autoCreateEncryptionKeyForExistingLegacyData?: boolean;
+    /**
+     * Implementation of key storage to use.
+     * If not provided the sdk will store the keys in the StorageFacade provided to the api initialization method.
+     */
+    readonly keyStorage?: KeyStorageFacade | CardinalKeyStorageOptions;
+    /**
+     * Custom crypto strategies. If not provided the sdk will use crypto strategies that:
+     * - Allow for the creation of a new key of the data owner
+     * - Do not use any custom key recovery solutions
+     * - Considers any keys recovered using iCure's recovery methods as unverified
+     * - Considers all public keys of other data owners as verified
+     * - Considers patients as anonymous data owners
+     */
+    readonly cryptoStrategies?: CryptoStrategies;
+    /**
+     * Patcher for the decrypted entities json.
+     * This allows adapting to changes in the data model of entities even if the changes are done to the encrypted part
+     * of the entity.
+     */
+    readonly jsonPatcher?: JsonPatcher;
+    /**
+     * If true the SDK will use lenient deserialization of the entities coming from the backend.
+     *
+     * This could be helpful when developing using the nightly deployments of the backend, as the SDK will ignore minor changes to the data model.
+     *
+     * This option however could cause loss of data when connecting with incompatible versions of the backend, and should be disabled in production.
+     */
+    readonly lenientJson?: boolean;
+}
+export interface BasicSdkOptions {
+    /**
+     * Configure which fields of entities should be encrypted
+     */
+    readonly encryptedFields?: EncryptedFieldsConfiguration;
+    /**
+     * Service for encryption primitives.
+     */
+    readonly cryptoService?: XCryptoService;
+    /**
+     * If true (default) the password of the user will be salted together with the application id before sending it to
+     * the iCure backend for login or when changing the user password.
+     * This is done in addition to the server-side salting of the password before storing them.
+     *
+     * By enabling this option iCure never gets access to the plain text password of users.
+     * Note that changing this value in a second moment requires also modifying the password of the user on the iCure
+     * databases to reflect the change.
+     */
+    readonly saltPasswordWithApplicationId?: boolean;
+    /**
+     * An instance of iCure SDK is initialized for working as a specific user in a single group.
+     * However, the user credentials may match multiple users in different groups (but at most one per group).
+     * If that is the case, this function will be used to pick the actual user for which the sdk will be initialized.
+     *
+     * This is mandatory in multi-group applications, where a single user could exist in multiple groups.
+     * If this parameter is null and the user credentials match multiple users the api initialisation will fail.
+     * In single-group applications this parameter won't be used, so it can be left as null.
+     */
+    readonly groupSelector?: (availableGroups: Array<UserGroup>) => Promise<string>;
+    /**
+     * If true the SDK will use lenient deserialization of the entities coming from the backend.
+     *
+     * This could be helpful when developing using the nightly deployments of the backend, as the SDK will ignore minor changes to the data model.
+     *
+     * This option however could cause loss of data when connecting with incompatible versions of the backend, and should be disabled in production.
+     */
+    readonly lenientJson?: boolean;
+}
+export interface EncryptedFieldsConfiguration {
+    readonly accessLog?: Array<string>;
+    readonly calendarItem?: Array<string>;
+    readonly contact?: Array<string>;
+    readonly service?: Array<string>;
+    readonly healthElement?: Array<string>;
+    readonly maintenanceTask?: Array<string>;
+    readonly patient?: Array<string>;
+    readonly message?: Array<string>;
+    readonly topic?: Array<string>;
+    readonly document?: Array<string>;
+    readonly form?: Array<string>;
+    readonly receipt?: Array<string>;
+    readonly classification?: Array<string>;
+    readonly timeTable?: Array<string>;
+    readonly invoice?: Array<string>;
+}
+/**
+ * Provides methods to patch the json representing a certain type of entity after decryption and before validation and
+ * proper deserialization.
+ * Each of these methods takes in input the parsed json of the decrypted entity and must return the patched json.
+ * All the patchers are optional, if you don't define a patcher the json of the entity will be used by the sdk as is
+ * without any patching.
+ *
+ *
+ */
+export interface JsonPatcher {
+    /**
+     * Patches the decrypted json of an AccessLog
+     */
+    readonly patchAccessLog?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a CalendarItem
+     */
+    readonly patchCalendarItem?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Contact
+     */
+    readonly patchContact?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Service.
+     * This method is used only when a service is retrieved by itself, without the rest of the contact.
+     * Services retrieved as part of a contact should be patched as part of {@link patchContact}
+     */
+    readonly patchIndividualService?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a HealthElement
+     */
+    readonly patchHealthElement?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a MaintenanceTask
+     */
+    readonly patchMaintenanceTask?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Patient
+     */
+    readonly patchPatient?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Message
+     */
+    readonly patchMessage?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Topic
+     */
+    readonly patchTopic?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Document
+     */
+    readonly patchDocument?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Form
+     */
+    readonly patchForm?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Receipt
+     */
+    readonly patchReceipt?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Classification
+     */
+    readonly patchClassification?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a TimeTable
+     */
+    readonly patchTimeTable?: ((json: any) => any);
+    /**
+     * Patches the decrypted json of a Invoice
+     */
+    readonly patchInvoice?: ((json: any) => any);
+}

package/options/SdkOptions.mjs

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=SdkOptions.mjs.map

package/options/SdkOptions.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"SdkOptions.mjs","sourceRoot":"","sources":["../../tsSourcesProject/options/SdkOptions.mts"],"names":[],"mappings":"","sourcesContent":["import {XCryptoService} from \"../crypto/CryptoService.mjs\";\nimport {UserGroup} from \"../model/UserGroup.mjs\";\nimport {KeyStorageFacade} from \"../storage/StorageFacade.mjs\";\nimport {CryptoStrategies} from \"../crypto/CryptoStrategies.mjs\";\nimport {CardinalKeyStorageOptions} from \"../cardinal-sdk-ts.mjs\";\n\nexport interface SdkOptions {\n  /**\n   * Configure which fields of entities should be encrypted\n   */\n  readonly encryptedFields?: EncryptedFieldsConfiguration\n  /**\n   * Has only effect when logging in as an hcp user.\n   *\n   * If true the api will be initialized in a hierarchical mode, where each data owner is considered to have access\n   * to all data of his parents (requires corresponding permission on the server side).\n   * In this case the sdk will also expect to have access to at least a key for each parent data owner of the current\n   * user.\n   *\n   * If false or undefined the api will ignore the data owner hierarchies.\n   * Each data owner is considered to have access only to data shared explicitly with him, and has access only to his\n   * own keys.\n   */\n  readonly useHierarchicalDataOwners?: boolean\n  /**\n   * If true (default) the sdk will automatically create the transfer keys for the current user if a new keypair is\n   * created.\n   */\n  readonly createTransferKeys?: boolean\n  /**\n   * Service for encryption primitives.\n   */\n  readonly cryptoService?: XCryptoService\n  /**\n   * If true (default) the password of the user will be salted together with the application id before sending it to\n   * the iCure backend for login or when changing the user password.\n   * This is done in addition to the server-side salting of the password before storing them.\n   *\n   * By enabling this option iCure never gets access to the plain text password of users.\n   * Note that changing this value in a second moment requires also modifying the password of the user on the iCure\n   * databases to reflect the change.\n   */\n  readonly saltPasswordWithApplicationId?: boolean\n  /**\n   * An instance of iCure SDK is initialized for working as a specific user in a single group.\n   * However, the user credentials may match multiple users in different groups (but at most one per group).\n   * If that is the case, this function will be used to pick the actual user for which the sdk will be initialized.\n   *\n   * This is mandatory in multi-group applications, where a single user could exist in multiple groups.\n   * If this parameter is null and the user credentials match multiple users the api initialisation will fail.\n   * In single-group applications this parameter won't be used, so it can be left as null.\n   */\n  readonly groupSelector?: (availableGroups: Array<UserGroup>) => Promise<string>\n  /**\n   * Options to support the migration of data created using iCure versions from before 2018.\n   * Leave it as false (default) unless explicitly instructed to set it to true by the iCure team.\n   */\n  readonly autoCreateEncryptionKeyForExistingLegacyData?: boolean\n  /**\n   * Implementation of key storage to use.\n   * If not provided the sdk will store the keys in the StorageFacade provided to the api initialization method.\n   */\n  readonly keyStorage?: KeyStorageFacade | CardinalKeyStorageOptions\n  /**\n   * Custom crypto strategies. If not provided the sdk will use crypto strategies that:\n   * - Allow for the creation of a new key of the data owner\n   * - Do not use any custom key recovery solutions\n   * - Considers any keys recovered using iCure's recovery methods as unverified\n   * - Considers all public keys of other data owners as verified\n   * - Considers patients as anonymous data owners\n   */\n  readonly cryptoStrategies?: CryptoStrategies\n  /**\n   * Patcher for the decrypted entities json.\n   * This allows adapting to changes in the data model of entities even if the changes are done to the encrypted part\n   * of the entity.\n   */\n  readonly jsonPatcher?: JsonPatcher\n  /**\n   * If true the SDK will use lenient deserialization of the entities coming from the backend.\n   *\n   * This could be helpful when developing using the nightly deployments of the backend, as the SDK will ignore minor changes to the data model.\n   *\n   * This option however could cause loss of data when connecting with incompatible versions of the backend, and should be disabled in production.\n   */\n  readonly lenientJson?: boolean\n}\n\nexport interface BasicSdkOptions {\n  /**\n   * Configure which fields of entities should be encrypted\n   */\n  readonly encryptedFields?: EncryptedFieldsConfiguration\n  /**\n   * Service for encryption primitives.\n   */\n  readonly cryptoService?: XCryptoService\n  /**\n   * If true (default) the password of the user will be salted together with the application id before sending it to\n   * the iCure backend for login or when changing the user password.\n   * This is done in addition to the server-side salting of the password before storing them.\n   *\n   * By enabling this option iCure never gets access to the plain text password of users.\n   * Note that changing this value in a second moment requires also modifying the password of the user on the iCure\n   * databases to reflect the change.\n   */\n  readonly saltPasswordWithApplicationId?: boolean\n  /**\n   * An instance of iCure SDK is initialized for working as a specific user in a single group.\n   * However, the user credentials may match multiple users in different groups (but at most one per group).\n   * If that is the case, this function will be used to pick the actual user for which the sdk will be initialized.\n   *\n   * This is mandatory in multi-group applications, where a single user could exist in multiple groups.\n   * If this parameter is null and the user credentials match multiple users the api initialisation will fail.\n   * In single-group applications this parameter won't be used, so it can be left as null.\n   */\n  readonly groupSelector?: (availableGroups: Array<UserGroup>) => Promise<string>\n  /**\n   * If true the SDK will use lenient deserialization of the entities coming from the backend.\n   *\n   * This could be helpful when developing using the nightly deployments of the backend, as the SDK will ignore minor changes to the data model.\n   *\n   * This option however could cause loss of data when connecting with incompatible versions of the backend, and should be disabled in production.\n   */\n  readonly lenientJson?: boolean\n}\n\nexport interface EncryptedFieldsConfiguration {\n  readonly accessLog?: Array<string>\n  readonly calendarItem?: Array<string>\n  readonly contact?: Array<string>\n  readonly service?: Array<string>\n  readonly healthElement?: Array<string>\n  readonly maintenanceTask?: Array<string>\n  readonly patient?: Array<string>\n  readonly message?: Array<string>\n  readonly topic?: Array<string>\n  readonly document?: Array<string>\n  readonly form?: Array<string>\n  readonly receipt?: Array<string>\n  readonly classification?: Array<string>\n  readonly timeTable?: Array<string>\n  readonly invoice?: Array<string>\n}\n\n/**\n * Provides methods to patch the json representing a certain type of entity after decryption and before validation and\n * proper deserialization.\n * Each of these methods takes in input the parsed json of the decrypted entity and must return the patched json.\n * All the patchers are optional, if you don't define a patcher the json of the entity will be used by the sdk as is\n * without any patching.\n *\n *\n */\nexport interface JsonPatcher {\n  /**\n   * Patches the decrypted json of an AccessLog\n   */\n  readonly patchAccessLog?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a CalendarItem\n   */\n  readonly patchCalendarItem?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Contact\n   */\n  readonly patchContact?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Service.\n   * This method is used only when a service is retrieved by itself, without the rest of the contact.\n   * Services retrieved as part of a contact should be patched as part of {@link patchContact}\n   */\n  readonly patchIndividualService?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a HealthElement\n   */\n  readonly patchHealthElement?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a MaintenanceTask\n   */\n  readonly patchMaintenanceTask?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Patient\n   */\n  readonly patchPatient?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Message\n   */\n  readonly patchMessage?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Topic\n   */\n  readonly patchTopic?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Document\n   */\n  readonly patchDocument?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Form\n   */\n  readonly patchForm?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Receipt\n   */\n  readonly patchReceipt?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Classification\n   */\n  readonly patchClassification?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a TimeTable\n   */\n  readonly patchTimeTable?: ((json: any) => any)\n  /**\n   * Patches the decrypted json of a Invoice\n   */\n  readonly patchInvoice?: ((json: any) => any)\n}\n"]}

package/options.d.mts

@@ -0,0 +1,2 @@
+export * from './options/SdkOptions.mjs';
+export * from './options/AuthenticationMethod.mjs';

package/options.mjs

@@ -0,0 +1,3 @@
+export * from './options/SdkOptions.mjs';
+export * from './options/AuthenticationMethod.mjs';
+//# sourceMappingURL=options.mjs.map

package/options.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"options.mjs","sourceRoot":"","sources":["../tsSourcesProject/options.mts"],"names":[],"mappings":"AAAA,cAAc,0BAA0B,CAAA;AACxC,cAAc,oCAAoC,CAAA","sourcesContent":["export * from './options/SdkOptions.mjs'\nexport * from './options/AuthenticationMethod.mjs'\n"]}

package/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@icure/cardinal-sdk",
+  "version": "0.0.0-unspecified",
+  "main": "cardinal-sdk-ts.mjs",
+  "types": "cardinal-sdk-ts.d.mts",
+  "devDependencies": {
+    "typescript": "5.5.4"
+  },
+  "dependencies": {
+    "ws": "8.18.0",
+    "@js-joda/core": "3.2.0",
+    "format-util": "^1.0.5"
+  },
+  "peerDependencies": {},
+  "optionalDependencies": {},
+  "bundledDependencies": []
+}