@stytch/react 20.0.0-next.0 → 20.0.0-next.1

package/dist/types/{createAuthUrlHandler-Ck5TyB9J.d.ts → createAuthUrlHandler-BJRA2PHG.d.ts}

@@ -344,7 +344,7 @@ type CommonLoginConfig = {
 /**
  * Internal common config options, excluding platform specific configs like styling and the
  * products array on web. This is just internal to avoid this being exported out and getting
- * confused with the public StytchB2BLoginConfig type
+ * confused with the public StytchB2BUIConfig type
  */
 type CommonB2BLoginConfig = {
     authFlowType: AuthFlowType;
@@ -1315,6 +1315,442 @@ type ScopeResult = {
     description: string;
 };
 
+type OAuthGetURLOptions = {
+    /**
+     * The URL that Stytch redirects to after the OAuth flow is completed for a user that already exists.
+     * This URL should be an endpoint in the backend server that verifies the request by querying Stytch's /oauth/authenticate endpoint and finishes the login.
+     * The URL should be configured as a Login URL in the Stytch Dashboard's Redirect URL page.
+     * If the field is not specified, the default in the Dashboard is used.
+     */
+    login_redirect_url?: string;
+    /**
+     * The URL that Stytch redirects to after the OAuth flow is completed for a user that does not yet exist.
+     * This URL should be an endpoint in the backend server that verifies the request by querying Stytch's /oauth/authenticate endpoint and finishes the login.
+     * The URL should be configured as a Sign Up URL in the Stytch Dashboard's Redirect URL page.
+     * If the field is not specified, the default in the Dashboard is used.
+     */
+    signup_redirect_url?: string;
+    /**
+     * An optional list of custom scopes that you'd like to request from the user in addition to the ones Stytch requests by default.
+     * @example Google Custom Scopes
+     * ['https://www.googleapis.com/auth/gmail.compose', 'https://www.googleapis.com/auth/firebase']
+     *
+     * @example Facebook Custom Scopes
+     * ['public_profile', 'instagram_shopping_tag_products']
+     */
+    custom_scopes?: string[];
+    /**
+     * An optional mapping of provider specific values to pass through to the OAuth provider
+     * @example Google authorization parameters
+     * {"prompt": "select_account", "login_hint": "example@stytch.com"}
+     */
+    provider_params?: Record<string, string>;
+    /**
+     * An optional token to pre-associate an OAuth flow with an existing Stytch User
+     */
+    oauth_attach_token?: string;
+};
+type OAuthAuthenticateOptions = SessionDurationOptions;
+type OAuthAuthenticateResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
+    /**
+     * The `provider_subject` field is the unique identifier used to identify the user within a given OAuth provider.
+     * Also commonly called the "sub" or "Subject field" in OAuth protocols.
+     */
+    provider_subject: string;
+    /**
+     * The `type` field denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Facebook, GitHub etc.
+     */
+    provider_type: string;
+    /**
+     * If available, the `profile_picture_url` is a url of the user's profile picture set in OAuth identity the provider that the user has authenticated with, e.g. Facebook profile picture.
+     */
+    profile_picture_url: string;
+    /**
+     * If available, the `locale` is the user's locale set in the OAuth identity provider that the user has authenticated with.
+     */
+    locale: string;
+    /**
+     * The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider.
+     * For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user.
+     * Note that these values will vary based on the OAuth provider in question, e.g. `id_token` may not be returned by all providers.
+     */
+    provider_values: {
+        /**
+         * The `access_token` that you may use to access the user's data in the provider's API.
+         */
+        access_token: string;
+        /**
+         * The `id_token` returned by the OAuth provider.
+         * ID Tokens are JWTs that contain structured information about a user.
+         * The exact content of each ID Token varies from provider to provider.
+         * ID Tokens are returned from OAuth providers that conform to the {@link https://openid.net/foundation/ OpenID Connect} specification, which is based on OAuth.
+         */
+        id_token: string;
+        /**
+         * The `refresh_token` that you may use to refresh a user's session within the provider's API.
+         */
+        refresh_token: string;
+        /**
+         * The OAuth scopes included for a given provider.
+         * See each provider's section above to see which scopes are included by default and how to add custom scopes.
+         */
+        scopes: string[];
+        /**
+         * The timestamp when the Session expires.
+         * Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.
+         */
+        expires_at: string;
+    };
+};
+type OAuthStartFailureReason = 'User Canceled' | 'Authentication Failed' | 'Invalid Platform';
+type OAuthStartResponse = void | {
+    success: true;
+} | {
+    success: false;
+    reason: OAuthStartFailureReason;
+    error?: Error;
+};
+/**
+ * Methods for interacting with an individual OAuth provider.
+ */
+interface IOAuthProvider$1 {
+    /**
+     * Start an OAuth flow by redirecting the browser to one of Stytch's {@link https://stytch.com/docs/api/oauth-google-start oauth start} endpoints.
+     * If enabled, this method will also generate a PKCE code_verifier and store it in localstorage on the device (See the {@link https://stytch.com/docs/oauth#guides_pkce PKCE OAuth guide} for details).
+     * If your application is configured to use a custom subdomain with Stytch, it will be used automatically.
+     * @example
+     * const loginWithGoogle = useCallback(()=> {
+     *   stytch.oauth.google.start({
+     *     login_redirect_url: 'https://example.com/oauth/callback',
+     *     signup_redirect_url: 'https://example.com/oauth/callback',
+     *     custom_scopes: ['https://www.googleapis.com/auth/gmail.compose']
+     *   })
+     * }, [stytch]);
+     * return (
+     *   <Button onClick={loginWithGoogle}> Log in! </Button>
+     * );
+     *
+     * @param options - An {@link OAuthGetURLOptions} object
+     *
+     * @returns OAuthStartResponse - In browsers, the browser is redirected during this function call and will return void. You should not attempt to run any code after calling this function. In React Native applications, an external browser is opened, and this method will return the result of the browser/native authentication attempt.
+     *
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    start(options?: OAuthGetURLOptions): Promise<OAuthStartResponse>;
+}
+type OAuthAttachResponse = ResponseCommon & {
+    oauth_attach_token: string;
+};
+interface IHeadlessOAuthClient<TProjectConfiguration extends StytchProjectConfigurationInput> {
+    google: IOAuthProvider$1;
+    microsoft: IOAuthProvider$1;
+    apple: IOAuthProvider$1;
+    github: IOAuthProvider$1;
+    gitlab: IOAuthProvider$1;
+    facebook: IOAuthProvider$1;
+    discord: IOAuthProvider$1;
+    salesforce: IOAuthProvider$1;
+    slack: IOAuthProvider$1;
+    amazon: IOAuthProvider$1;
+    bitbucket: IOAuthProvider$1;
+    linkedin: IOAuthProvider$1;
+    coinbase: IOAuthProvider$1;
+    twitch: IOAuthProvider$1;
+    twitter: IOAuthProvider$1;
+    tiktok: IOAuthProvider$1;
+    snapchat: IOAuthProvider$1;
+    figma: IOAuthProvider$1;
+    yahoo: IOAuthProvider$1;
+    /**
+     * The authenticate method wraps the {@link https://stytch.com/docs/api/oauth-authenticate authenticate} OAuth API endpoint which validates the OAuth token passed in.
+     *
+     * @example
+     * const token = new URLSearchParams(window.location.search).get('token');
+     * stytch.oauth.authenticate(token, {
+     *   session_duration_minutes: 60
+     * }).then(...)
+     *
+     * @param token - The token to authenticate
+     * @param options - {@link OAuthAuthenticateOptions}
+     *
+     * @returns A {@link OAuthAuthenticateResponse} indicating the token has been authenticated.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    authenticate(token: string, options: OAuthAuthenticateOptions): Promise<OAuthAuthenticateResponse<TProjectConfiguration>>;
+    /**
+     * The attach method wraps the {@link https://stytch.com/docs/api/oauth-attach attach} OAuth API endpoint and generates an OAuth Attach Token to pre-associate an OAuth flow with an existing Stytch User.
+     *
+     * You must have an active Stytch session to use this endpoint.
+     * Pass the returned oauth_attach_token to the same provider's OAuth Start endpoint to treat this OAuth flow as a
+     * login for that user instead of a signup
+     *
+     * @param provider - The OAuth provider's name.
+     *
+     * @returns A {@link OAuthAttachResponse} containing a single-use token for connecting the Stytch User selection from this request to the corresponding OAuth Start request.
+     */
+    attach(provider: string): Promise<OAuthAttachResponse>;
+}
+
+type UserOnChangeCallback = (user: User | null) => void;
+type UserUpdateOptions = {
+    /**
+     * The name of the user. If at least one name field is passed, all name fields will be updated.
+     */
+    name?: {
+        /**
+         * The first name of the user. Replaces an existing first name, if it exists.
+         */
+        first_name?: string;
+        /**
+         * The middle name(s) of the user. Replaces an existing middle name, if it exists.
+         */
+        middle_name?: string;
+        /**
+         * The last name of the user. Replaces an existing last name, if it exists.
+         */
+        last_name?: string;
+    };
+    /**
+     * A JSON object containing application-specific metadata.
+     * Use it to store fields that a user can be allowed to edit directly without backend validation - such as `display_theme` or `preferred_locale`.
+     * See our {@link https://stytch.com/docs/api/metadata metadata reference} for complete details.
+     */
+    untrusted_metadata?: Record<string, unknown>;
+};
+type UserUpdateResponse = ResponseCommon & {
+    /**
+     * Globally unique UUID that identifies a specific user in the Stytch API.
+     */
+    user_id: string;
+    /**
+     * The updated emails for the user.
+     */
+    emails: User['emails'];
+    /**
+     * The updated phone numbers for the user.
+     */
+    phone_numbers: User['phone_numbers'];
+    /**
+     * The updated crypto wallets for the user.
+     */
+    crypto_wallets: User['crypto_wallets'];
+};
+type UserInfo = Cacheable<{
+    /**
+     * The user object, or null if no user exists.
+     */
+    user: User | null;
+}>;
+type UserGetConnectedAppsResponse = ResponseCommon & {
+    connected_apps: {
+        connected_app_id: string;
+        name: string;
+        description: string;
+        client_type: string;
+        logo_url?: string;
+        scopes_granted: string;
+    }[];
+};
+interface IHeadlessUserClient {
+    /**
+     * The asynchronous method, `user.get`, wraps the {@link https://stytch.com/docs/api/get-user get user} endpoint.
+     * It fetches the user's data and refreshes the cached object if changes are detected.
+     * The Stytch SDK will invoke this method automatically in the background, so you probably won't need to call this method directly.
+     *
+     * @returns A {@link User} object, or null if no user exists.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     */
+    get(): Promise<User>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/update-user update user} endpoint. Use this method to change the user's name, untrusted metadata, and attributes.
+     *
+     * You can listen for successful user updates anywhere in the codebase with the `stytch.user.onChange()` method or `useStytchUser()` hook if you are using React.
+     *
+     * **Note:** If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
+     *
+     * @example
+     * ```
+     * const updateName = useCallback(() => {
+     *  stytchClient.user.update({
+     *    name: {
+     *      first_name: 'Jane',
+     *      last_name: 'Doe',
+     *    },
+     *  });
+     * }, [stytchClient]);
+     * ```
+     *
+     * @param options - {@link UserUpdateOptions}
+     *
+     * @returns A {@link UserUpdateResponse} indicating the user has been updated.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    update(options: UserUpdateOptions): Promise<UserUpdateResponse>;
+    /**
+     * The `user.getSync` is a synchronous method for getting a user. This is the recommended approach. You can listen to changes with the `onChange` method.
+     * If logged in, this returns the cached user object, otherwise it returns null. This method does not refresh the user's data.
+     *
+     * @returns A {@link User} object, or null if no user exists.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     */
+    getSync(): User | null;
+    /**
+     * The `user.getInfo` method is similar to `user.getSync`, but it returns an object containing the `user` object and a `fromCache` boolean.
+     * If `fromCache` is true, the user object is from the cache and a state refresh is in progress.
+     */
+    getInfo(): UserInfo;
+    /**
+     * The `user.onChange` method takes in a callback that gets called whenever the user object changes. It returns an unsubscribe method for you to call when you no longer want to listen for such changes.
+     *
+     * In React, the `@stytch/react` library provides the `useStytchUser` hook that implements these methods for you to easily access the user and listen for changes.
+     *
+     * @param callback - Gets called whenever the user object changes. See {@link UserOnChangeCallback}.
+     *
+     * @returns An {@link UnsubscribeFunction} for you to call when you no longer want to listen for changes in the user object.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    onChange(callback: UserOnChangeCallback): UnsubscribeFunction;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-email delete user email} endpoint.
+     * This methods cannot be used to remove all factors from a user. A user must have at least one email, phone number, or OAuth provider associated with their account at all times, otherwise they will not be able to log in again.
+     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
+     *
+     * @param emailId - ID of the email to be deleted.
+     *
+     * @returns A {@link DeleteResponse} that indicates the user email has been deleted.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    deleteEmail(emailId: string): Promise<DeleteResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-phone-number delete phone number} endpoint.
+     * This methods cannot be used to remove all factors from a user. A user must have at least one email, phone number, or OAuth provider associated with their account at all times, otherwise they will not be able to log in again.
+     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
+     *
+     * @param phoneId - ID of the phone number to be deleted.
+     *
+     * @returns A {@link DeleteResponse} that indicates the user phone number has been deleted.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    deletePhoneNumber(phoneId: string): Promise<DeleteResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-totp delete TOTP} endpoint.
+     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
+     *
+     * @param totpId - ID of the TOTP registration to be deleted.
+     *
+     * @returns A {@link DeleteResponse} that indicates the user TOTP registration has been deleted.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    deleteTOTP(totpId: string): Promise<DeleteResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-oauth-registration delete OAuth} endpoint.
+     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
+     *
+     * @param oauthUserRegistrationId - ID of the OAuth registration to be deleted.
+     *
+     * @returns A {@link DeleteResponse} that indicates the user OAuth registration has been deleted.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    deleteOAuthRegistration(oauthUserRegistrationId: string): Promise<DeleteResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-crypto-wallet delete crypto wallet} endpoint.
+     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
+     *
+     * @param cryptoWalletId - ID of the crypto wallet to be deleted.
+     *
+     * @returns A {@link DeleteResponse} that indicates the user crypto wallet has been deleted.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    deleteCryptoWallet(cryptoWalletId: string): Promise<DeleteResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-webauthn-registration delete WebAuthn} endpoint.
+     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
+     *
+     * @param webAuthnId - ID of the WebAuthn registration to be deleted.
+     *
+     * @returns A {@link DeleteResponse} that indicates the user WebAuthn registration has been deleted.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    deleteWebauthnRegistration(webAuthnId: string): Promise<DeleteResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-biometric-registration delete biometric} endpoint.
+     *
+     * @param biometricRegistrationId - ID of the biometric registration to be deleted.
+     *
+     * @returns A {@link DeleteResponse} that indicates the user Biometric registration has been deleted.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    deleteBiometricRegistration(biometricRegistrationId: string): Promise<DeleteResponse>;
+    /**
+     * The User Get Connected Apps method wraps the {@link https://stytch.com/docs/api/connected-app-user-get-all User Get Connected Apps} API endpoint.
+     * The `user_id` will be automatically inferred from the logged-in user's session.
+     *
+     * This method retrieves a list of Connected Apps that the user has completed an authorization flow with successfully.
+     * If the user revokes a Connected App's access (e.g. via the `revokeConnectedApp` method) then the Connected App will
+     * no longer be returned in this endpoint's response.
+     *
+     * @returns A {@link UserGetConnectedAppsResponse} containing a list of the user's connected apps
+     *
+     * @throws A `StytchSDKAPIError` when the Stytch API returns an error.
+     * @throws A `SDKAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    getConnectedApps(): Promise<UserGetConnectedAppsResponse>;
+    /**
+     * The User Revoke Connected App method wraps the {@link https://stytch.com/docs/api/connected-app-user-revoke User Revoke Connected App} API endpoint.
+     * The `user_id` will be automatically inferred from the logged-in user's session.
+     *
+     * This method revokes a Connected App's access to the user and revokes all active tokens that have been
+     * created on the user's behalf. New tokens cannot be created until the user completes a new authorization
+     * flow with the Connected App.
+     *
+     * Note that after calling this method, the user will be forced to grant consent in subsequent authorization
+     * flows with the Connected App.
+     *
+     * @param connectedAppId - ID of the Connected App to revoke.
+     * @returns A {@link ResponseCommon} indicating that the Connected App's access has been revoked.
+     *
+     * @throws A `StytchSDKAPIError` when the Stytch API returns an error.
+     * @throws A `SDKAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    revokedConnectedApp(connectedAppId: string): Promise<ResponseCommon>;
+}
+
 type MagicLinksBaseOptions = {
     /**
      * The url the user clicks from the sign-up email magic link.
@@ -1769,66 +2205,222 @@ interface IHeadlessCryptoWalletClient<TProjectConfiguration extends StytchProjec
      *
      * For Ethereum crypto wallets, the challenge will follow the Sign In With Ethereum (SIWE) protocol if you have toggled **SIWE Enabled** in the {@link https://stytch.com/dashboard/sdk-configuration SDK Configuration page}. The domain and URI will be inferred automatically, but you may optionally override the URI.
      *
-     * Load the challenge data by calling `cryptoWallets.authenticateStart()`.
+     * Load the challenge data by calling `cryptoWallets.authenticateStart()`.
+     *
+     * You'll then pass this challenge to the user's wallet for signing. You can do so by using the crypto provider's built-in API and by including the `crypto_wallet_address` and `challenge` that is provided from `cryptoWallets.authenticateStart()`. See [Ethereum's EIP-1193](https://eips.ethereum.org/EIPS/eip-1193) for an example of Ethereum's provider API.
+     *
+     *
+     * @example
+     * ```
+     * // Request user's address
+     * const [crypto_wallet_address] = await ethereum.request({
+     *   method: 'eth_requestAccounts',
+     * });
+     *
+     * // Ask Stytch to generate a challenge for the user
+     * const { challenge } = await stytch.cryptoWallets.authenticateStart({
+     *   crypto_wallet_address: crypto_wallet_address,
+     *   crypto_wallet_type: 'ethereum',
+     * });
+     * ```
+     * @param options - {@link CryptoWalletAuthenticateStartOptions}
+     *
+     * @returns A {@link CryptoWalletAuthenticateStartResponse} containing a challenge to be passed to the user's wallet for signing.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    authenticateStart(options: CryptoWalletAuthenticateStartOptions): Promise<CryptoWalletAuthenticateStartResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/crypto-wallet-authenticate authenticate} crypto wallet endpoint. Call this method after the user signs the challenge to validate the signature.
+     * If this method succeeds and the user is not already logged in, the user will be logged in, granted an active session, and the {@link https://stytch.com/docs/sdks/javascript-sdk/resources/cookies-and-session-management session cookies} will be minted and stored in the browser.
+     * If the user is already logged in, the crypto wallet will be added to the `user.crypto_wallets[]` array and associated with user's existing session as an `authentication_factor`.
+     *
+     * See [Ethereum's EIP-1193](https://eips.ethereum.org/EIPS/eip-1193) for an example of Ethereum's provider API.
+     *
+     * @example
+     * ```
+     * // Ask the user to sign the challenge
+     * const signature = await ethereum.request({
+     *   method: 'personal_sign',
+     *   params: [challenge, crypto_wallet_address],
+     * });
+     *
+     * // Authenticate the signature
+     * stytch.cryptoWallets.authenticate({
+     *  crypto_wallet_address: crypto_wallet_address,
+     *  crypto_wallet_type: 'ethereum',
+     *  signature: signature,
+     *  session_duration_minutes: 60,
+     * });
+     * ```
+     *
+     * @param options - {@link CryptoWalletAuthenticateOptions}
+     *
+     * @returns A {@link CryptoWalletAuthenticateResponse} indicating the user has been authenticated.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    authenticate(options: CryptoWalletAuthenticateOptions): Promise<CryptoWalletAuthenticateResponse<TProjectConfiguration>>;
+}
+
+type TOTPCreateOptions = {
+    /**
+     * The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.
+     */
+    expiration_minutes: number;
+};
+type TOTPCreateResponse = ResponseCommon & {
+    /**
+     * Globally unique UUID that identifies a specific TOTP registration in the Stytch API.
+     */
+    totp_id: string;
+    /**
+     * The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.
+     */
+    secret: string;
+    /**
+     * The QR code image encoded in base64.
+     */
+    qr_code: string;
+    /**
+     * The recovery codes used to authenticate the user without an authenticator app.
+     */
+    recovery_codes: string[];
+};
+type TOTPAuthenticateOptions = SessionDurationOptions & {
+    /**
+     * The TOTP code to authenticate. The TOTP code should consist of 6 digits.
+     */
+    totp_code: string;
+};
+type TOTPAuthenticateResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
+    /**
+     * Globally unique UUID that identifies a specific TOTP registration in the Stytch API.
+     */
+    totp_id: string;
+    /**
+     * The device history of the user.
+     */
+    user_device?: SDKDeviceHistory;
+};
+type TOTPRecovery = {
+    /**
+     * Globally unique UUID that identifies a specific TOTP registration in the Stytch API.
+     */
+    totp_id: string;
+    /**
+     * Indicates whether or not the TOTP registration has been verified by the user.
+     */
+    verified: boolean;
+    /**
+     * The recovery codes for the TOTP registration.
+     */
+    recovery_codes: string[];
+};
+type TOTPRecoveryCodesResponse = ResponseCommon & {
+    /**
+     * Globally unique UUID that identifies a specific user in the Stytch API.
+     */
+    user_id: string;
+    /**
+     * See {@link TOTPRecovery}.
+     */
+    totps: TOTPRecovery;
+};
+type TOTPRecoverOptions = SessionDurationOptions & {
+    /**
+     * The recovery code to authenticate.
+     */
+    recovery_code: string;
+};
+type TOTPRecoverResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
+    /**
+     * Globally unique UUID that identifies a specific TOTP registration in the Stytch API.
+     */
+    totp_id: string;
+    /**
+     * The device history of the user.
+     */
+    user_device?: SDKDeviceHistory;
+};
+interface IHeadlessTOTPClient<TProjectConfiguration extends StytchProjectConfigurationInput> {
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/totp-create Create} endpoint. Call this method to create a new TOTP instance for a user. The user can use the authenticator application of their choice to scan the QR code or enter the secret.
+     *
+     * You can listen for successful user updates anywhere in the codebase with the `stytch.user.onChange()` method or `useStytchUser()` hook if you are using React.
+     *
+     * **Note:** If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk/resources/mfa Multi-factor Authentication} section for more details.
+     *
+     * @example
+     * ```
+     * stytchClient.totps.create({ expiration_minutes: 60 });
+     * ```
+     *
+     * @param options - {@link TOTPCreateOptions}
      *
-     * You'll then pass this challenge to the user's wallet for signing. You can do so by using the crypto provider's built-in API and by including the `crypto_wallet_address` and `challenge` that is provided from `cryptoWallets.authenticateStart()`. See [Ethereum's EIP-1193](https://eips.ethereum.org/EIPS/eip-1193) for an example of Ethereum's provider API.
+     * @returns A {@link TOTPCreateResponse} indicating a new TOTP instance has been created.
      *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input.
+     */
+    create(options: TOTPCreateOptions): Promise<TOTPCreateResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/totp-authenticate Authenticate} endpoint. Call this method to authenticate a TOTP code entered by a user.
      *
      * @example
      * ```
-     * // Request user's address
-     * const [crypto_wallet_address] = await ethereum.request({
-     *   method: 'eth_requestAccounts',
-     * });
-     *
-     * // Ask Stytch to generate a challenge for the user
-     * const { challenge } = await stytch.cryptoWallets.authenticateStart({
-     *   crypto_wallet_address: crypto_wallet_address,
-     *   crypto_wallet_type: 'ethereum',
-     * });
+     * stytch.totps.authenticate({ totp_code: '123456', session_duration_minutes: 60 });
      * ```
-     * @param options - {@link CryptoWalletAuthenticateStartOptions}
      *
-     * @returns A {@link CryptoWalletAuthenticateStartResponse} containing a challenge to be passed to the user's wallet for signing.
+     * @param options - {@link TOTPAuthenticateOptions}
+     *
+     * @returns A {@link TOTPAuthenticateResponse} indicating the TOTP code has been authenticated.
      *
      * @throws A `StytchAPIError` when the Stytch API returns an error.
      * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
      * @throws A `StytchSDKUsageError` when called with invalid input.
      */
-    authenticateStart(options: CryptoWalletAuthenticateStartOptions): Promise<CryptoWalletAuthenticateStartResponse>;
+    authenticate(options: TOTPAuthenticateOptions): Promise<TOTPAuthenticateResponse<TProjectConfiguration>>;
     /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/crypto-wallet-authenticate authenticate} crypto wallet endpoint. Call this method after the user signs the challenge to validate the signature.
-     * If this method succeeds and the user is not already logged in, the user will be logged in, granted an active session, and the {@link https://stytch.com/docs/sdks/javascript-sdk/resources/cookies-and-session-management session cookies} will be minted and stored in the browser.
-     * If the user is already logged in, the crypto wallet will be added to the `user.crypto_wallets[]` array and associated with user's existing session as an `authentication_factor`.
+     * Wraps Stytch's {@link https://stytch.com/docs/api/totp-get-recovery-codes Recovery Codes} endpoint. Call this method to retrieve the recovery codes for a TOTP instance tied to a user.
      *
-     * See [Ethereum's EIP-1193](https://eips.ethereum.org/EIPS/eip-1193) for an example of Ethereum's provider API.
+     * You can listen for successful user updates anywhere in the codebase with the `stytch.user.onChange()` method or `useStytchUser()` hook if you are using React.
+     *
+     * **Note:** If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk/resources/mfa Multi-factor authentication} section for more details.
      *
      * @example
      * ```
-     * // Ask the user to sign the challenge
-     * const signature = await ethereum.request({
-     *   method: 'personal_sign',
-     *   params: [challenge, crypto_wallet_address],
-     * });
+     * stytchClient.totps.recoveryCodes();
+     * ```
      *
-     * // Authenticate the signature
-     * stytch.cryptoWallets.authenticate({
-     *  crypto_wallet_address: crypto_wallet_address,
-     *  crypto_wallet_type: 'ethereum',
-     *  signature: signature,
-     *  session_duration_minutes: 60,
-     * });
+     * @returns A {@link TOTPRecoveryCodesResponse} containing the TOTP recovery codes tied to the user.
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     */
+    recoveryCodes(): Promise<TOTPRecoveryCodesResponse>;
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/totp-recover Recover} endpoint. Call this method to authenticate a recovery code for a TOTP instance.
+     *
+     * @example
+     * ```
+     * stytch.totps.recover({ recovery_code: 'xxxx-xxxx-xxxx', session_duration_minutes: 60 });
      * ```
      *
-     * @param options - {@link CryptoWalletAuthenticateOptions}
+     * @param options - {@link TOTPRecoverOptions}
      *
-     * @returns A {@link CryptoWalletAuthenticateResponse} indicating the user has been authenticated.
+     * @returns A {@link TOTPRecoverResponse} indicating the TOTP recovery code has been authenticated.
      *
      * @throws A `StytchAPIError` when the Stytch API returns an error.
      * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
      * @throws A `StytchSDKUsageError` when called with invalid input.
      */
-    authenticate(options: CryptoWalletAuthenticateOptions): Promise<CryptoWalletAuthenticateResponse<TProjectConfiguration>>;
+    recover(options: TOTPRecoverOptions): Promise<TOTPRecoverResponse<TProjectConfiguration>>;
 }
 
 type WebAuthnRegisterStartOptions = SessionDurationOptions & {
@@ -6944,9 +7536,9 @@ interface IHeadlessB2BRecoveryCodesClient<TProjectConfiguration extends StytchPr
     get(): Promise<RecoveryCodeGetResponse>;
 }
 
-type Actions<Actions extends string> = Record<Actions, boolean>;
+type Actions$1<Actions extends string> = Record<Actions, boolean>;
 type PermissionsMap<Permissions extends Record<string, string>> = {
-    [ResourceID in keyof Permissions]: Actions<Permissions[ResourceID]>;
+    [ResourceID in keyof Permissions]: Actions$1<Permissions[ResourceID]>;
 };
 interface IHeadlessB2BRBACClient {
     /**
@@ -8388,6 +8980,314 @@ type RNUIProductConfig = {
     passwordOptions: RNUIPasswordOptions;
 };
 
+type BiometricsRegisterOptions = {
+    /**
+     * The text rendered when raising the biometric prompt.
+     */
+    prompt: string;
+    /**
+     * The text rendered on the cancel button when raising the biometric prompt. Defaults to "Cancel".
+     */
+    cancelButtonText?: string;
+    /**
+     * On Android devices, allow the private key data to be stored as cleartext in the application sandbox.
+     */
+    allowFallbackToCleartext?: boolean;
+    /**
+     * Allows user to enter their device credentials as a fallback for failed biometric authentication.
+     */
+    allowDeviceCredentials?: boolean;
+    /**
+     * Specify the desired session duration, in minutes
+     */
+    sessionDurationMinutes?: number;
+};
+type BiometricsRegisterStartResponse = ResponseCommon & {
+    /**
+     * A unique ID that identifies a specific biometric registration.
+     */
+    biometric_registration_id: string;
+    /**
+     * The challenge to be signed by the device.
+     */
+    challenge: string;
+};
+type BiometricsRegisterCompleteResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
+    /**
+     * A unique ID that identifies a specific biometric registration.
+     */
+    biometric_registration_id: string;
+};
+type BiometricsAuthenticateOptions = {
+    /**
+     * The text rendered when raising the biometric prompt.
+     */
+    prompt: string;
+    /**
+     * Set the session lifetime to be this many minutes from now.
+     * This value must be a minimum of 5 and may not exceed the `maximum session duration minutes` value set in the {@link https://stytch.com/dashboard/sdk-configuration SDK Configuration} page of the Stytch dashboard.
+     * A successful authentication will continue to extend the session this many minutes.
+     */
+    sessionDurationMinutes: number;
+    /**
+     * The text rendered on the cancel button when raising the biometric prompt. Defaults to "Cancel".
+     */
+    cancelButtonText?: string;
+    /**
+     * Allows user to enter their device credentials as a fallback for failed biometric authentication.
+     */
+    allowDeviceCredentials?: boolean;
+    /**
+     * The text rendered on the fallback prompt after biometrics has failed and allowDeviceCredentials is true. Defaults to "Enter Passcode". This only appears on iOS devices.
+     */
+    fallbackTitle?: string;
+};
+type BiometricsAuthenticateStartResponse = ResponseCommon & {
+    /**
+     * The challenge to be signed by the device.
+     */
+    challenge: string;
+    /**
+     * A unique ID that identifies a specific biometric registration.
+     */
+    biometric_registration_id: string;
+};
+type BiometricsAuthenticateCompleteResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
+    /**
+     * A unique ID that identifies a specific biometric registration.
+     */
+    biometric_registration_id: string;
+    /**
+     * The device history of the user.
+     */
+    user_device?: SDKDeviceHistory;
+};
+type BiometricsDeleteResponse = ResponseCommon & {
+    /**
+     * A unique ID that identifies a specific biometric registration.
+     */
+    biometric_registration_id: string;
+    /**
+     * Globally unique UUID that identifies a specific user in the Stytch API.
+     */
+    user_id: string;
+};
+/**
+ * Type of biometric authentication available on the device. iOS supports 'TouchID' or 'FaceID', and Android supports 'Biometrics'.
+ */
+type BiometryType = 'TouchID' | 'FaceID' | 'Biometrics';
+type BiometricsGetSensorResponse = {
+    /**
+     * Type of biometric authentication available on the device.
+     */
+    biometryType: BiometryType;
+};
+interface IHeadlessBiometricsClient<TProjectConfiguration extends StytchProjectConfigurationInput> {
+    /**
+     * Indicates if there is an existing biometric registration on the device.
+     *
+     * @returns true if there is a biometric registration on the device, otherwise false.
+     */
+    isRegistrationAvailable: () => Promise<boolean>;
+    /**
+     * Indicates whether or not the Keystore is available on the device.
+     *
+     * @returns true if the keystore is available, otherwise false.
+     */
+    isKeystoreAvailable: () => Promise<boolean>;
+    /**
+     * Adds a biometric registration for the current user.
+     *
+     * @param options - {@link BiometricsRegisterOptions}
+     *
+     * @returns A {@link BiometricsRegisterCompleteResponse} indicating the biometric registration has been successful.
+     *
+     * @throws A `StytchSDKError` when the Stytch React Native module returns an error.
+     */
+    register: (options: BiometricsRegisterOptions) => Promise<BiometricsRegisterCompleteResponse<TProjectConfiguration>>;
+    /**
+     * Updates the session by using a biometric registration.
+     *
+     * @param options - {@link BiometricsAuthenticateOptions}
+     *
+     * @returns A {@link BiometricsRegisterCompleteResponse} indicating the authentication has been successful.
+     *
+     * @throws A `StytchSDKError` when the Stytch React Native module returns an error.
+     */
+    authenticate: (options: BiometricsAuthenticateOptions) => Promise<BiometricsAuthenticateCompleteResponse<TProjectConfiguration>>;
+    /**
+     * Attempts to remove the biometric registration from the user and device.
+     *
+     * @returns A {@link BiometricsDeleteResponse} indicating whether the deletion has been successful.
+     */
+    removeRegistration: () => Promise<BiometricsDeleteResponse>;
+    /**
+     * Checks the type of biometrics that is available on the device.
+     *
+     * @param allowDeviceCredentials Allows user to enter their device credentials as a fallback for failed biometric authentication.
+     *
+     * @returns A {@link BiometricsGetSensorResponse} containing a {@link BiometryType}.
+     *
+     * @throws A `StytchSDKError` when the Stytch React Native module returns an error.
+     */
+    getSensor: (allowDeviceCredentials?: boolean) => Promise<BiometricsGetSensorResponse>;
+    /**
+     * Gets the current biometric_registration_id saved on device, if it exists
+     */
+    getBiometricRegistrationId: () => Promise<string | undefined>;
+    /**
+     * Deletes the local biometric keys from the device, if any
+     *
+     * @returns true if keys were found and deleted from the device, false if no keys were present
+     */
+    deleteDeviceRegistration: () => Promise<boolean>;
+}
+
+type ImpersonationAuthenticateOptions = {
+    /**
+     * The impersonation token used to authenticate a user
+     */
+    impersonation_token: string;
+};
+type ImpersonationAuthenticateResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration>;
+interface IHeadlessImpersonationClient<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> {
+    /**
+     * Wraps Stytch's {@link https://stytch.com/docs/api/authenticate-impersonation-token Authenticate Impersonation Token} endpoint.
+     * The authenticate method wraps the consumer impersonation authenticate endpoint.
+     *
+     * @param data - {@link ImpersonationAuthenticateOptions}
+     * @returns A {@link ImpersonationAuthenticateResponse} indicating that the token has been authenticated
+     *
+     * @throws A `StytchAPIError` when the Stytch API returns an error.
+     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
+     * @throws A `StytchSDKUsageError` when called with invalid input (invalid token, invalid options, etc.)
+     */
+    authenticate(data: ImpersonationAuthenticateOptions): Promise<ImpersonationAuthenticateResponse<TProjectConfiguration>>;
+}
+
+type Actions<Actions extends string> = Record<Actions, boolean>;
+type ConsumerPermissionsMap<Permissions extends Record<string, string>> = {
+    [ResourceID in keyof Permissions]: Actions<Permissions[ResourceID]>;
+};
+interface IHeadlessRBACClient {
+    /**
+     * The `isAuthorizedSync` method determines whether the logged-in user is allowed to perform the specified action on the specified resource.
+     * Returns `true` if the user can perform the action, `false` otherwise.
+     *
+     * If the user is not logged in, or the RBAC policy has not been loaded, this method will always return false.
+     * If the resource or action provided are not valid for the configured RBAC policy, this method will return false.
+     * @example
+     * const isAuthorized = stytch.rbac.isAuthorizedSync<Permissions>('document', 'image');
+     */
+    isAuthorizedSync(resourceId: string, action: string): boolean;
+    /**
+     * The `isAuthorized` method determines whether the logged-in user is allowed to perform the specified action on the specified resource.
+     * It will return a Promise that resolves after the RBAC policy has been loaded. Returns `true` if the user can perform the action, `false` otherwise.
+     *
+     * If the user is not logged in, this method will always return false.
+     * If the resource or action provided are not valid for the configured RBAC policy, this method will return false.
+     *
+     * @example
+     * const isAuthorized = await stytch.rbac.isAuthorizedSync<Permissions>('document', 'image');
+     */
+    isAuthorized(resourceId: string, action: string): Promise<boolean>;
+    /**
+     * The `allPermissions` method returns the complete list of permissions assigned to the currently logged-in user. If the user is not logged in, all values will be `false`.
+     *
+     * As a best practice, authorization checks for sensitive actions should also occur on the backend.
+     *
+     * @example
+     * type Permissions = {
+     *   document: 'create' | 'read' | 'write
+     *   image: 'create' | 'read'
+     * }
+     * const permissions = await stytch.rbac.allPermissions<Permissions>();
+     * console.log(permissions.document.create) // true
+     * console.log(permissions.image.create) // false
+     * @returns A {@link ConsumerPermissionsMap} for the active member
+     */
+    allPermissions<Permissions extends Record<string, string>>(): Promise<ConsumerPermissionsMap<Permissions>>;
+}
+
+type OAuthAuthorizeStartOptions = {
+    client_id: string;
+    redirect_uri: string;
+    response_type: string;
+    scopes: string[];
+    prompt?: string;
+};
+type OAuthAuthorizeStartResponse = ResponseCommon & {
+    user_id: string;
+    user: User;
+    client: ConnectedAppPublic;
+    consent_required: boolean;
+    scope_results: ScopeResult[];
+};
+type OAuthAuthorizeSubmitOptions = {
+    client_id: string;
+    redirect_uri: string;
+    response_type: string;
+    scopes: string[];
+    state?: string;
+    nonce?: string;
+    code_challenge?: string;
+    consent_granted: boolean;
+    prompt?: string;
+    resource?: string[];
+};
+type OAuthAuthorizeSubmitResponse = ResponseCommon & {
+    redirect_uri: string;
+    authorization_code?: string;
+};
+type OAuthLogoutStartOptions = {
+    client_id: string;
+    post_logout_redirect_uri: string;
+    state?: string;
+    id_token_hint?: string;
+};
+type OAuthLogoutStartResponse = ResponseCommon & {
+    redirect_uri: string;
+    consent_required: boolean;
+};
+interface IHeadlessIDPClient {
+    /**
+     * Initiates a request for authorization of a Connected App to access a User's account.
+     *
+     * Call this endpoint using the query parameters from an OAuth Authorization request. This endpoint validates various fields (scope, client_id, redirect_uri, prompt, etc...) are correct and returns relevant information for rendering an OAuth Consent Screen.
+     *
+     * @param data - The options for the OAuth authorization flow.
+     * @returns The response from the OAuth authorization flow.
+     * @example
+     * const response = await stytch.idp.oauthAuthorizeStart({
+     *   client_id: 'client_123',
+     */
+    oauthAuthorizeStart(data: OAuthAuthorizeStartOptions): Promise<OAuthAuthorizeStartResponse>;
+    /**
+     * Completes a request for authorization of a Connected App to access a Member's account.
+     *
+     * Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the Preflight Check API. Note that this endpoint takes in a few additional parameters the preflight check does not- state, nonce, and code_challenge.
+     *
+     * If the authorization was successful, the redirect_uri will contain a valid authorization_code embedded as a query parameter. If the authorization was unsuccessful, the redirect_uri will contain an OAuth2.1 error_code. In both cases, redirect the Member to the location for the response to be consumed by the Connected App.
+     *
+     * Exactly one of the following must be provided to identify the Member granting authorization:
+     * organization_id + member_id
+     * session_token
+     * session_jwt
+     *
+     * If a session_token or session_jwt is passed, the OAuth Authorization will be linked to the Member's session for tracking purposes. One of these fields must be used if the Connected App intends to complete the Exchange Access Token flow.
+     *
+     * @param data - The options for the OAuth authorization flow.
+     * @returns The response from the OAuth authorization flow.
+     * @example
+     * const response = await stytch.idp.oauthAuthorizeSubmit({
+     *   client_id: 'client_123',
+     *   redirect_uri: 'https://example.com/callback',
+     *   scope: 'openid email profile',
+     * });
+     */
+    oauthAuthorizeSubmit(data: OAuthAuthorizeSubmitOptions): Promise<OAuthAuthorizeSubmitResponse>;
+}
+
 type TokenType = 'magic_links' | 'oauth' | 'reset_password';
 
 type DeepReadonly<T> = {
@@ -8455,5 +9355,5 @@ href?: string) => Promise<{
     token: string;
 } | null>;
 
-export { BiometricsUnavailableError as b$, StytchEventType as bD, RNUIProducts as bG, SDKAPIUnreachableError as bM, StytchSDKUsageError as bN, StytchSDKSchemaError as bO, StytchSDKAPIError as bP, UNRECOVERABLE_ERROR_TYPES as bQ, StytchError as bR, StytchAPIUnreachableError as bS, StytchAPISchemaError as bT, StytchAPIError as bU, StytchSDKError as bW, NoCurrentSessionError as bY, InternalError as bZ, NoBiometricsRegistrationError as b_, OAuthProviders as bo, Wallets as bp, OneTapPositions as bq, OTPMethods as bu, KeyInvalidatedError as c0, KeystoreUnavailableError as c1, NoBiometricsEnrolledError as c2, BiometricsAlreadyEnrolledError as c3, UserCancellationError as c4, UserLockedOutError as c5, DeviceCredentialsNotAllowedError as c6, MissingGoogleClientIDError as c7, MissingPKCEError as c8, MissingAuthorizationCredentialIDTokenError as c9, InvalidAuthorizationCredentialError as ca, NoCredentialsPresentError as cb, MissingPublicKeyError as cc, ChallengeSigningFailedError as cd, SDKNotConfiguredError as ce, FailedCodeChallengeError as cf, PasskeysUnsupportedError as cg, FailedToDecryptDataError as ch, BiometricsFailedError as ci, InvalidStartUrlError as cj, InvalidRedirectSchemeError as ck, MissingUrlError as cl, InvalidCredentialTypeError as cm, MissingAttestationObjectError as cn, JSONDataNotConvertibleToStringError as co, RandomNumberGenerationFailed as cp, PasskeysInvalidEncoding as cq, PasskeysMisconfigured as cr, SignInWithAppleMisconfigured as cs, MissingCipherIv as ct, InvalidPrivateKeyLength as cu, BiometricRegistrationIdIsNullOrBlank as cv, DFPNotConfigured as cw, IDPOAuthFlowMissingParamError as cx, errorToStytchError as cy, AuthFlowType as eA, RedirectURLType as eB, B2BOAuthProviders as eC, B2BMFAProducts as eL };
-export type { locale as $, AuthenticateByUrl as A, B2BOAuthAuthorizeStartOptions as B, ConsumerState as C, IHeadlessB2BRBACClient as D, IHeadlessB2BSCIMClient as E, IHeadlessB2BImpersonationClient as F, B2BState as G, Member as H, INetworkClient as I, Organization as J, PermissionsMap as K, StytchProjectConfiguration as L, MemberSession as M, StringsOptions as N, OneTapRenderResult as O, ParseAuthenticateUrl as P, Callbacks as Q, ResponseCommon as R, StytchProjectConfigurationInput as S, TokenType as T, User as U, AuthenticateResponse as V, WebAuthnRegistration as W, DeleteResponse as X, UpdateResponse as Y, SessionDurationOptions as Z, UnsubscribeFunction as _, IHeadlessMagicLinksClient as a, CryptoWalletAuthenticateOptions as a$, MemberEmailUpdateDeliveryMethod as a0, DeviceAttributeDetails as a1, SDKDeviceHistory as a2, ConnectedAppPublic as a3, ScopeResult as a4, EmailFactor as a5, PhoneNumberFactor as a6, GoogleOAuthFactor as a7, MicrosoftOAuthFactor as a8, AppleOAuthFactor as a9, SessionAuthenticateResponse as aA, SessionAccessTokenExchangeOptions as aB, SessionAccessTokenExchangeResponse as aC, SessionRevokeOptions as aD, SessionRevokeResponse as aE, SessionAttestOptions as aF, SessionAttestResponse as aG, SessionOnChangeCallback as aH, SessionTokens$1 as aI, SessionTokensUpdate as aJ, SessionInfo as aK, MagicLinksLoginOrCreateOptions as aL, MagicLinksSendOptions as aM, MagicLinksLoginOrCreateResponse as aN, MagicLinksSendResponse as aO, MagicLinksAuthenticateOptions as aP, MagicLinksAuthenticateResponse as aQ, OTPCodeOptions as aR, OTPCodeSMSOptions as aS, OTPCodeEmailOptions as aT, OTPAuthenticateOptions as aU, OTPsLoginOrCreateResponse as aV, OTPsSendResponse as aW, OTPsAuthenticateResponse as aX, SIWEParams as aY, CryptoWalletAuthenticateStartOptions as aZ, CryptoWalletAuthenticateStartResponse as a_, GithubOAuthFactor as aa, GitLabOAuthFactor as ab, FacebookOAuthFactor as ac, DiscordOAuthFactor as ad, SalesforceOAuthFactor as ae, SlackOAuthFactor as af, AmazonOAuthFactor as ag, BitbucketOAuthFactor as ah, LinkedInOAuthFactor as ai, CoinbaseOAuthFactor as aj, TwitchOAuthFactor as ak, TwitterOAuthFactor as al, TikTokOAuthFactor as am, FigmaOAuthFactor as an, SnapchatOAuthFactor as ao, YahooOAuthFactor as ap, WebAuthnFactor as aq, AuthenticatorAppFactor as ar, RecoveryCodeFactor as as, CryptoWalletFactor as at, PasswordFactor as au, BiometricFactor as av, AccessTokenExchangeFactor as aw, AuthenticationFactor as ax, Session as ay, SessionAuthenticateOptions as az, IHeadlessSessionClient as b, CryptoWalletAuthenticateResponse as b0, WebAuthnRegisterStartOptions as b1, WebAuthnRegisterStartResponse as b2, WebAuthnRegisterResponse as b3, WebAuthnAuthenticateStartOptions as b4, WebAuthnAuthenticateStartResponse as b5, WebAuthnAuthenticateResponse as b6, WebAuthnUpdateOptions as b7, WebAuthnUpdateResponse as b8, PasswordCreateOptions as b9, IDPConsentItem as bA, IDPConsentSection as bB, IDPConsentScreenManifest as bC, StytchEvent as bE, OneTapStyleConfig as bF, RNUIEmailMagicLinksOptions as bH, RNUIOAuthOptions as bI, RNUIOTPOptions as bJ, RNUIPasswordOptions as bK, RNUIProductConfig as bL, StytchSDKErrorOptions as bV, StytchSDKUIError as bX, PasswordCreateResponse as ba, PasswordAuthenticateOptions as bb, PasswordAuthenticateResponse as bc, PasswordResetByEmailStartOptions as bd, PasswordResetByEmailStartResponse as be, PasswordResetByEmailOptions as bf, PasswordResetByEmailResponse as bg, PasswordResetByExistingPasswordOptions as bh, PasswordResetByExistingPasswordResponse as bi, PasswordResetBySessionOptions as bj, PasswordResetBySessionResponse as bk, PasswordStrengthCheckOptions as bl, PasswordStrengthCheckResponse as bm, EmailMagicLinksOptions as bn, ProviderOptions as br, ProvidersOptions as bs, OAuthOptions as bt, OtpOptions as bv, PasswordOptions as bw, SessionOptions as bx, PasskeyOptions as by, StyleConfig as bz, IHeadlessOTPsClient as c, B2BSessionRevokeForMemberOptions as c$, B2BPhoneNumberFactor as cA, B2BGoogleOAuthFactor as cB, B2BMicrosoftOAuthFactor as cC, B2BHubSpotOAuthFactor as cD, B2BSlackOAuthFactor as cE, B2BGitHubOAuthFactor as cF, B2BAuthenticationFactor as cG, MemberResponseCommon as cH, OAuthRegistration as cI, MemberRole as cJ, RetiredEmailAddress as cK, B2BAuthenticateResponse as cL, B2BAuthenticateResponseWithMFA as cM, B2BAllowedAuthMethods as cN, B2BAllowedMFAMethods as cO, SSOActiveConnection as cP, DiscoveredOrganization as cQ, MfaRequired as cR, PrimaryRequired as cS, MemberOptions as cT, X509Certificate as cU, EncryptionPrivateKey as cV, SAMLConnection as cW, OIDCConnection as cX, ExternalConnection as cY, B2BSessionAuthenticateResponse as cZ, B2BSessionRevokeOptions as c_, B2BEmailFactor as cz, IHeadlessCryptoWalletClient as d, OrganizationInfo as d$, B2BSessionRevokeForMemberResponse as d0, B2BSessionOnChangeCallback as d1, B2BSessionExchangeOptions as d2, B2BSessionExchangeResponse as d3, B2BSessionAccessTokenExchangeOptions as d4, B2BSessionAccessTokenExchangeResponse as d5, MemberSessionInfo as d6, B2BSessionAttestOptions as d7, B2BSessionAttestResponse as d8, B2BMagicLinksInviteOptions as d9, B2BOrganizationsDeleteResponse as dA, B2BOrganizationsGetBySlugOptions as dB, OrganizationBySlugMatch as dC, B2BOrganizationsGetBySlugResponse as dD, B2BOrganizationsGetConnectedAppsResponse as dE, B2BOrganizationsGetConnectedAppOptions as dF, B2BOrganizationsGetConnectedAppResponse as dG, B2BOrganizationsMembersCreateOptions as dH, B2BOrganizationsMembersCreateResponse as dI, B2BOrganizationsMembersUpdateOptions as dJ, B2BOrganizationsMembersUpdateResponse as dK, SearchQueryOperand as dL, B2BOrganizationsMembersSearchOptions as dM, B2BOrganizationsMembersSearchResponse as dN, B2BOrganizationsMembersDeleteResponse as dO, B2BOrganizationsMembersReactivateResponse as dP, B2BOrganizationsMemberDeletePasswordResponse as dQ, B2BOrganizationsMemberDeleteMFAPhoneNumberResponse as dR, B2BOrganizationsMemberDeleteMFATOTPResponse as dS, B2BOrganizationsMemberUnlinkRetiredEmailOptions as dT, B2BOrganizationsMemberUnlinkRetiredEmailResponse as dU, B2BOrganizationsMemberStartEmailUpdateOptions as dV, B2BOrganizationsMemberStartEmailUpdateResponse as dW, B2BOrganizationsMemberGetConnectedAppsOptions as dX, B2BOrganizationsMemberGetConnectedAppsResponse as dY, B2BOrganizationsMemberRevokeConnectedAppOptions as dZ, B2BOrganizationsMemberRevokeConnectedAppResponse as d_, B2BMagicLinksInviteResponse as da, B2BMagicLinkLoginOrSignupOptions as db, B2BMagicLinkLoginOrSignupResponse as dc, B2BMagicLinksAuthenticateOptions as dd, B2BMagicLinksAuthenticateResponse as de, B2BMagicLinksEmailDiscoverySendOptions as df, B2BMagicLinksEmailDiscoverySendResponse as dg, B2BMagicLinksDiscoveryAuthenticateResponse as dh, B2BMagicLinksDiscoveryAuthenticateOptions as di, B2BMemberOnChangeCallback as dj, B2BMemberUpdateOptions as dk, B2BMemberUnlinkRetiredEmailRequest as dl, B2BMemberStartEmailUpdateRequest as dm, B2BMemberStartEmailUpdateResponse as dn, B2BMemberGetConnectedAppsResponse as dp, B2BMemberRevokeConnectedAppOptions as dq, B2BMemberRevokeConnectedAppResponse as dr, B2BMemberUpdateResponse as ds, B2BMemberDeleteMFAPhoneNumberResponse as dt, B2BMemberDeletePasswordResponse as du, B2BMemberDeleteMFATOTPResponse as dv, B2BMemberUnlinkRetiredEmailResponse as dw, MemberInfo as dx, B2BOrganizationsUpdateOptions as dy, B2BOrganizationsUpdateResponse as dz, IHeadlessWebAuthnClient as e, B2BPasswordResetBySessionResponse as e$, OAuthStartOptions as e0, B2BOAuthDiscoveryStartOptions as e1, B2BOAuthAuthenticateOptions as e2, OAuthDiscoveryAuthenticateOptions as e3, B2BOAuthDiscoveryAuthenticateResponse as e4, B2BOAuthAuthenticateResponse as e5, SSOStartOptions as e6, SSOAuthenticateOptions as e7, SSOAuthenticateResponse as e8, B2BSSOSAMLCreateConnectionOptions as e9, B2BEmailMagicLinksOptions as eD, B2BSSOOptions as eE, B2BOAuthOptions as eF, B2BOAuthProviderConfig as eG, B2BPasswordOptions as eH, B2BEmailOTPOptions as eI, B2BSMSOTPOptions as eJ, DirectLoginForSingleMembershipConfig as eK, B2BPasswordAuthenticateOptions as eM, B2BPasswordDiscoveryAuthenticateResponse as eN, B2BPasswordDiscoveryAuthenticateOptions as eO, B2BPasswordAuthenticateResponse as eP, B2BPasswordResetByEmailStartOptions as eQ, B2BPasswordResetByEmailStartResponse as eR, B2BPasswordDiscoveryResetByEmailStartOptions as eS, B2BPasswordDiscoveryResetByEmailStartResponse as eT, B2BPasswordDiscoveryResetByEmailOptions as eU, B2BPasswordDiscoveryResetByEmailResponse as eV, B2BPasswordResetByEmailOptions as eW, B2BPasswordResetByEmailResponse as eX, B2BPasswordResetByExistingPasswordOptions as eY, B2BPasswordResetByExistingPasswordResponse as eZ, B2BPasswordResetBySessionOptions as e_, B2BSSOSAMLCreateConnectionResponse as ea, B2BSSOSAMLUpdateConnectionOptions as eb, B2BSSOSAMLUpdateConnectionResponse as ec, B2BSSOSAMLUpdateConnectionByURLOptions as ed, B2BSSOSAMLUpdateConnectionByURLResponse as ee, B2BSSOSAMLDeleteVerificationCertificateOptions as ef, B2BSSOSAMLDeleteVerificationCertificateResponse as eg, B2BSSOSAMLDeleteEncryptionPrivateKeyOptions as eh, B2BSSOSAMLDeleteEncryptionPrivateKeyResponse as ei, B2BSSOCreateExternalConnectionOptions as ej, B2BSSOCreateExternalConnectionResponse as ek, B2BSSOUpdateExternalConnectionOptions as el, B2BSSOUpdateExternalConnectionResponse as em, B2BSSOOIDCCreateConnectionOptions as en, B2BSSOOIDCCreateConnectionResponse as eo, B2BSSOOIDCUpdateConnectionOptions as ep, B2BSSOOIDCUpdateConnectionResponse as eq, B2BSSOGetConnectionsResponse as er, B2BSSODeleteConnectionResponse as es, B2BSSODiscoverConnectionsResponse as et, B2BDiscoveryOrganizationsResponse as eu, B2BDiscoveryOrganizationsCreateOptions as ev, B2BDiscoveryOrganizationsCreateResponse as ew, B2BDiscoveryIntermediateSessionsExchangeOptions as ex, B2BDiscoveryIntermediateSessionsExchangeResponse as ey, B2BDiscoveryAuthenticateResponse as ez, IHeadlessPasswordClient as f, B2BPasswordStrengthCheckOptions as f0, B2BPasswordStrengthCheckResponse as f1, B2BSMSSendOptions as f2, B2BSMSSendResponse as f3, B2BSMSAuthenticateOptions as f4, B2BSMSAuthenticateResponse as f5, B2BOTPsEmailLoginOrSignupOptions as f6, B2BOTPsEmailLoginOrSignupResponse as f7, B2BOTPsEmailAuthenticateOptions as f8, B2BOTPsEmailAuthenticateResponse as f9, B2BSCIMRotateCancelResponse as fA, B2BImpersonationAuthenticateOptions as fB, B2BImpersonationAuthenticateResponse as fC, Cacheable as fD, PartialDeep as fE, RBACPolicyRole as fF, CommonLoginConfig as fG, CommonB2BLoginConfig as fH, B2BDiscoveryOTPEmailSendOptions as fa, B2BDiscoveryOTPEmailSendResponse as fb, B2BDiscoveryOTPEmailAuthenticateOptions as fc, B2BDiscoveryOTPEmailAuthenticateResponse as fd, B2BTOTPCreateOptions as fe, B2BTOTPCreateResponse as ff, B2BTOTPAuthenticateOptions as fg, B2BTOTPAuthenticateResponse as fh, RecoveryCodeRecoverOptions as fi, RecoveryCodeRecoverResponse as fj, RecoveryCodeRotateResponse as fk, RecoveryCodeGetResponse as fl, SCIMConnection as fm, SCIMConnectionWithBearerToken as fn, SCIMConnectionWithNextBearerToken as fo, SCIMGroup as fp, B2BSCIMCreateConnectionOptions as fq, B2BSCIMCreateConnectionResponse as fr, B2BSCIMUpdateConnectionOptions as fs, B2BSCIMUpdateConnectionResponse as ft, B2BSCIMDeleteConnectionResponse as fu, B2BSCIMGetConnectionResponse as fv, B2BSCIMGetConnectionGroupsOptions as fw, B2BSCIMGetConnectionGroupsResponse as fx, B2BSCIMRotateStartResponse as fy, B2BSCIMRotateCompleteResponse as fz, StateChangeRegisterFunction as g, StytchClientOptions as h, IHeadlessB2BIDPClient as i, B2BOAuthAuthorizeStartResponse as j, B2BOAuthAuthorizeSubmitOptions as k, B2BOAuthAuthorizeSubmitResponse as l, B2BOAuthLogoutStartOptions as m, B2BOAuthLogoutStartResponse as n, IHeadlessB2BOAuthClient as o, IHeadlessB2BMagicLinksClient as p, IHeadlessB2BSessionClient as q, IHeadlessB2BMemberClient as r, IHeadlessB2BSelfClient as s, IHeadlessB2BOrganizationClient as t, IHeadlessB2BSSOClient as u, IHeadlessB2BDiscoveryClient as v, IHeadlessB2BPasswordClient as w, IHeadlessB2BOTPsClient as x, IHeadlessB2BTOTPsClient as y, IHeadlessB2BRecoveryCodesClient as z };
+export { OAuthProviders as bT, Wallets as bU, OneTapPositions as bV, OTPMethods as bZ, DFPNotConfigured as c$, StytchEventType as c6, RNUIProducts as c9, UserLockedOutError as cA, DeviceCredentialsNotAllowedError as cB, MissingGoogleClientIDError as cC, MissingPKCEError as cD, MissingAuthorizationCredentialIDTokenError as cE, InvalidAuthorizationCredentialError as cF, NoCredentialsPresentError as cG, MissingPublicKeyError as cH, ChallengeSigningFailedError as cI, SDKNotConfiguredError as cJ, FailedCodeChallengeError as cK, PasskeysUnsupportedError as cL, FailedToDecryptDataError as cM, BiometricsFailedError as cN, InvalidStartUrlError as cO, InvalidRedirectSchemeError as cP, MissingUrlError as cQ, InvalidCredentialTypeError as cR, MissingAttestationObjectError as cS, JSONDataNotConvertibleToStringError as cT, RandomNumberGenerationFailed as cU, PasskeysInvalidEncoding as cV, PasskeysMisconfigured as cW, SignInWithAppleMisconfigured as cX, MissingCipherIv as cY, InvalidPrivateKeyLength as cZ, BiometricRegistrationIdIsNullOrBlank as c_, SDKAPIUnreachableError as cf, StytchSDKUsageError as cg, StytchSDKSchemaError as ch, StytchSDKAPIError as ci, UNRECOVERABLE_ERROR_TYPES as cj, StytchError as ck, StytchAPIUnreachableError as cl, StytchAPISchemaError as cm, StytchAPIError as cn, StytchSDKError as cp, NoCurrentSessionError as cr, InternalError as cs, NoBiometricsRegistrationError as ct, BiometricsUnavailableError as cu, KeyInvalidatedError as cv, KeystoreUnavailableError as cw, NoBiometricsEnrolledError as cx, BiometricsAlreadyEnrolledError as cy, UserCancellationError as cz, IDPOAuthFlowMissingParamError as d0, errorToStytchError as d1, AuthFlowType as fd, RedirectURLType as fe, B2BOAuthProviders as ff, B2BMFAProducts as fo };
+export type { StytchProjectConfiguration as $, AuthenticateByUrl as A, B2BOAuthAuthorizeStartOptions as B, ConsumerState as C, IHeadlessB2BOAuthClient as D, IHeadlessB2BMagicLinksClient as E, IHeadlessB2BSessionClient as F, IHeadlessB2BMemberClient as G, IHeadlessB2BSelfClient as H, IHeadlessIDPClient as I, IHeadlessB2BOrganizationClient as J, IHeadlessB2BSSOClient as K, IHeadlessB2BDiscoveryClient as L, IHeadlessB2BPasswordClient as M, IHeadlessB2BOTPsClient as N, OAuthAuthorizeStartOptions as O, ParseAuthenticateUrl as P, IHeadlessB2BTOTPsClient as Q, IHeadlessB2BRecoveryCodesClient as R, StytchProjectConfigurationInput as S, IHeadlessB2BRBACClient as T, IHeadlessB2BSCIMClient as U, IHeadlessB2BImpersonationClient as V, B2BState as W, MemberSession as X, Member as Y, Organization as Z, PermissionsMap as _, INetworkClient as a, OAuthStartResponse as a$, StringsOptions as a0, Callbacks as a1, TokenType as a2, ResponseCommon as a3, User as a4, WebAuthnRegistration as a5, AuthenticateResponse as a6, DeleteResponse as a7, UpdateResponse as a8, SessionDurationOptions as a9, SnapchatOAuthFactor as aA, YahooOAuthFactor as aB, WebAuthnFactor as aC, AuthenticatorAppFactor as aD, RecoveryCodeFactor as aE, CryptoWalletFactor as aF, PasswordFactor as aG, BiometricFactor as aH, AccessTokenExchangeFactor as aI, AuthenticationFactor as aJ, Session as aK, SessionAuthenticateOptions as aL, SessionAuthenticateResponse as aM, SessionAccessTokenExchangeOptions as aN, SessionAccessTokenExchangeResponse as aO, SessionRevokeOptions as aP, SessionRevokeResponse as aQ, SessionAttestOptions as aR, SessionAttestResponse as aS, SessionOnChangeCallback as aT, SessionTokens$1 as aU, SessionTokensUpdate as aV, SessionInfo as aW, OAuthGetURLOptions as aX, OAuthAuthenticateOptions as aY, OAuthAuthenticateResponse as aZ, OAuthStartFailureReason as a_, UnsubscribeFunction as aa, locale as ab, MemberEmailUpdateDeliveryMethod as ac, DeviceAttributeDetails as ad, SDKDeviceHistory as ae, ConnectedAppPublic as af, ScopeResult as ag, EmailFactor as ah, PhoneNumberFactor as ai, GoogleOAuthFactor as aj, MicrosoftOAuthFactor as ak, AppleOAuthFactor as al, GithubOAuthFactor as am, GitLabOAuthFactor as an, FacebookOAuthFactor as ao, DiscordOAuthFactor as ap, SalesforceOAuthFactor as aq, SlackOAuthFactor as ar, AmazonOAuthFactor as as, BitbucketOAuthFactor as at, LinkedInOAuthFactor as au, CoinbaseOAuthFactor as av, TwitchOAuthFactor as aw, TwitterOAuthFactor as ax, TikTokOAuthFactor as ay, FigmaOAuthFactor as az, OAuthAuthorizeStartResponse as b, PasswordOptions as b$, IOAuthProvider$1 as b0, OAuthAttachResponse as b1, UserOnChangeCallback as b2, UserUpdateOptions as b3, UserUpdateResponse as b4, UserInfo as b5, UserGetConnectedAppsResponse as b6, MagicLinksLoginOrCreateOptions as b7, MagicLinksSendOptions as b8, MagicLinksLoginOrCreateResponse as b9, WebAuthnAuthenticateStartResponse as bA, WebAuthnAuthenticateResponse as bB, WebAuthnUpdateOptions as bC, WebAuthnUpdateResponse as bD, PasswordCreateOptions as bE, PasswordCreateResponse as bF, PasswordAuthenticateOptions as bG, PasswordAuthenticateResponse as bH, PasswordResetByEmailStartOptions as bI, PasswordResetByEmailStartResponse as bJ, PasswordResetByEmailOptions as bK, PasswordResetByEmailResponse as bL, PasswordResetByExistingPasswordOptions as bM, PasswordResetByExistingPasswordResponse as bN, PasswordResetBySessionOptions as bO, PasswordResetBySessionResponse as bP, PasswordStrengthCheckOptions as bQ, PasswordStrengthCheckResponse as bR, EmailMagicLinksOptions as bS, ProviderOptions as bW, ProvidersOptions as bX, OAuthOptions as bY, OtpOptions as b_, MagicLinksSendResponse as ba, MagicLinksAuthenticateOptions as bb, MagicLinksAuthenticateResponse as bc, OTPCodeOptions as bd, OTPCodeSMSOptions as be, OTPCodeEmailOptions as bf, OTPAuthenticateOptions as bg, OTPsLoginOrCreateResponse as bh, OTPsSendResponse as bi, OTPsAuthenticateResponse as bj, SIWEParams as bk, CryptoWalletAuthenticateStartOptions as bl, CryptoWalletAuthenticateStartResponse as bm, CryptoWalletAuthenticateOptions as bn, CryptoWalletAuthenticateResponse as bo, TOTPCreateOptions as bp, TOTPCreateResponse as bq, TOTPAuthenticateOptions as br, TOTPAuthenticateResponse as bs, TOTPRecoveryCodesResponse as bt, TOTPRecoverOptions as bu, TOTPRecoverResponse as bv, WebAuthnRegisterStartOptions as bw, WebAuthnRegisterStartResponse as bx, WebAuthnRegisterResponse as by, WebAuthnAuthenticateStartOptions as bz, OAuthAuthorizeSubmitOptions as c, SessionOptions as c0, PasskeyOptions as c1, StyleConfig as c2, IDPConsentItem as c3, IDPConsentSection as c4, IDPConsentScreenManifest as c5, StytchEvent as c7, OneTapStyleConfig as c8, RNUIEmailMagicLinksOptions as ca, RNUIOAuthOptions as cb, RNUIOTPOptions as cc, RNUIPasswordOptions as cd, RNUIProductConfig as ce, StytchSDKErrorOptions as co, StytchSDKUIError as cq, OAuthAuthorizeSubmitResponse as d, B2BMemberUnlinkRetiredEmailRequest as d$, BiometricsRegisterOptions as d2, BiometricsRegisterStartResponse as d3, BiometricsRegisterCompleteResponse as d4, BiometricsAuthenticateOptions as d5, BiometricsAuthenticateStartResponse as d6, BiometricsAuthenticateCompleteResponse as d7, BiometricsDeleteResponse as d8, BiometryType as d9, SAMLConnection as dA, OIDCConnection as dB, ExternalConnection as dC, B2BSessionAuthenticateResponse as dD, B2BSessionRevokeOptions as dE, B2BSessionRevokeForMemberOptions as dF, B2BSessionRevokeForMemberResponse as dG, B2BSessionOnChangeCallback as dH, B2BSessionExchangeOptions as dI, B2BSessionExchangeResponse as dJ, B2BSessionAccessTokenExchangeOptions as dK, B2BSessionAccessTokenExchangeResponse as dL, MemberSessionInfo as dM, B2BSessionAttestOptions as dN, B2BSessionAttestResponse as dO, B2BMagicLinksInviteOptions as dP, B2BMagicLinksInviteResponse as dQ, B2BMagicLinkLoginOrSignupOptions as dR, B2BMagicLinkLoginOrSignupResponse as dS, B2BMagicLinksAuthenticateOptions as dT, B2BMagicLinksAuthenticateResponse as dU, B2BMagicLinksEmailDiscoverySendOptions as dV, B2BMagicLinksEmailDiscoverySendResponse as dW, B2BMagicLinksDiscoveryAuthenticateResponse as dX, B2BMagicLinksDiscoveryAuthenticateOptions as dY, B2BMemberOnChangeCallback as dZ, B2BMemberUpdateOptions as d_, BiometricsGetSensorResponse as da, IHeadlessBiometricsClient as db, B2BEmailFactor as dc, B2BPhoneNumberFactor as dd, B2BGoogleOAuthFactor as de, B2BMicrosoftOAuthFactor as df, B2BHubSpotOAuthFactor as dg, B2BSlackOAuthFactor as dh, B2BGitHubOAuthFactor as di, B2BAuthenticationFactor as dj, MemberResponseCommon as dk, OAuthRegistration as dl, MemberRole as dm, RetiredEmailAddress as dn, B2BAuthenticateResponse as dp, B2BAuthenticateResponseWithMFA as dq, B2BAllowedAuthMethods as dr, B2BAllowedMFAMethods as ds, SSOActiveConnection as dt, DiscoveredOrganization as du, MfaRequired as dv, PrimaryRequired as dw, MemberOptions as dx, X509Certificate as dy, EncryptionPrivateKey as dz, OAuthLogoutStartOptions as e, B2BSSOUpdateExternalConnectionResponse as e$, B2BMemberStartEmailUpdateRequest as e0, B2BMemberStartEmailUpdateResponse as e1, B2BMemberGetConnectedAppsResponse as e2, B2BMemberRevokeConnectedAppOptions as e3, B2BMemberRevokeConnectedAppResponse as e4, B2BMemberUpdateResponse as e5, B2BMemberDeleteMFAPhoneNumberResponse as e6, B2BMemberDeletePasswordResponse as e7, B2BMemberDeleteMFATOTPResponse as e8, B2BMemberUnlinkRetiredEmailResponse as e9, B2BOrganizationsMemberGetConnectedAppsOptions as eA, B2BOrganizationsMemberGetConnectedAppsResponse as eB, B2BOrganizationsMemberRevokeConnectedAppOptions as eC, B2BOrganizationsMemberRevokeConnectedAppResponse as eD, OrganizationInfo as eE, OAuthStartOptions as eF, B2BOAuthDiscoveryStartOptions as eG, B2BOAuthAuthenticateOptions as eH, OAuthDiscoveryAuthenticateOptions as eI, B2BOAuthDiscoveryAuthenticateResponse as eJ, B2BOAuthAuthenticateResponse as eK, SSOStartOptions as eL, SSOAuthenticateOptions as eM, SSOAuthenticateResponse as eN, B2BSSOSAMLCreateConnectionOptions as eO, B2BSSOSAMLCreateConnectionResponse as eP, B2BSSOSAMLUpdateConnectionOptions as eQ, B2BSSOSAMLUpdateConnectionResponse as eR, B2BSSOSAMLUpdateConnectionByURLOptions as eS, B2BSSOSAMLUpdateConnectionByURLResponse as eT, B2BSSOSAMLDeleteVerificationCertificateOptions as eU, B2BSSOSAMLDeleteVerificationCertificateResponse as eV, B2BSSOSAMLDeleteEncryptionPrivateKeyOptions as eW, B2BSSOSAMLDeleteEncryptionPrivateKeyResponse as eX, B2BSSOCreateExternalConnectionOptions as eY, B2BSSOCreateExternalConnectionResponse as eZ, B2BSSOUpdateExternalConnectionOptions as e_, MemberInfo as ea, B2BOrganizationsUpdateOptions as eb, B2BOrganizationsUpdateResponse as ec, B2BOrganizationsDeleteResponse as ed, B2BOrganizationsGetBySlugOptions as ee, OrganizationBySlugMatch as ef, B2BOrganizationsGetBySlugResponse as eg, B2BOrganizationsGetConnectedAppsResponse as eh, B2BOrganizationsGetConnectedAppOptions as ei, B2BOrganizationsGetConnectedAppResponse as ej, B2BOrganizationsMembersCreateOptions as ek, B2BOrganizationsMembersCreateResponse as el, B2BOrganizationsMembersUpdateOptions as em, B2BOrganizationsMembersUpdateResponse as en, SearchQueryOperand as eo, B2BOrganizationsMembersSearchOptions as ep, B2BOrganizationsMembersSearchResponse as eq, B2BOrganizationsMembersDeleteResponse as er, B2BOrganizationsMembersReactivateResponse as es, B2BOrganizationsMemberDeletePasswordResponse as et, B2BOrganizationsMemberDeleteMFAPhoneNumberResponse as eu, B2BOrganizationsMemberDeleteMFATOTPResponse as ev, B2BOrganizationsMemberUnlinkRetiredEmailOptions as ew, B2BOrganizationsMemberUnlinkRetiredEmailResponse as ex, B2BOrganizationsMemberStartEmailUpdateOptions as ey, B2BOrganizationsMemberStartEmailUpdateResponse as ez, OAuthLogoutStartResponse as f, SCIMConnection as f$, B2BSSOOIDCCreateConnectionOptions as f0, B2BSSOOIDCCreateConnectionResponse as f1, B2BSSOOIDCUpdateConnectionOptions as f2, B2BSSOOIDCUpdateConnectionResponse as f3, B2BSSOGetConnectionsResponse as f4, B2BSSODeleteConnectionResponse as f5, B2BSSODiscoverConnectionsResponse as f6, B2BDiscoveryOrganizationsResponse as f7, B2BDiscoveryOrganizationsCreateOptions as f8, B2BDiscoveryOrganizationsCreateResponse as f9, B2BPasswordResetByEmailResponse as fA, B2BPasswordResetByExistingPasswordOptions as fB, B2BPasswordResetByExistingPasswordResponse as fC, B2BPasswordResetBySessionOptions as fD, B2BPasswordResetBySessionResponse as fE, B2BPasswordStrengthCheckOptions as fF, B2BPasswordStrengthCheckResponse as fG, B2BSMSSendOptions as fH, B2BSMSSendResponse as fI, B2BSMSAuthenticateOptions as fJ, B2BSMSAuthenticateResponse as fK, B2BOTPsEmailLoginOrSignupOptions as fL, B2BOTPsEmailLoginOrSignupResponse as fM, B2BOTPsEmailAuthenticateOptions as fN, B2BOTPsEmailAuthenticateResponse as fO, B2BDiscoveryOTPEmailSendOptions as fP, B2BDiscoveryOTPEmailSendResponse as fQ, B2BDiscoveryOTPEmailAuthenticateOptions as fR, B2BDiscoveryOTPEmailAuthenticateResponse as fS, B2BTOTPCreateOptions as fT, B2BTOTPCreateResponse as fU, B2BTOTPAuthenticateOptions as fV, B2BTOTPAuthenticateResponse as fW, RecoveryCodeRecoverOptions as fX, RecoveryCodeRecoverResponse as fY, RecoveryCodeRotateResponse as fZ, RecoveryCodeGetResponse as f_, B2BDiscoveryIntermediateSessionsExchangeOptions as fa, B2BDiscoveryIntermediateSessionsExchangeResponse as fb, B2BDiscoveryAuthenticateResponse as fc, B2BEmailMagicLinksOptions as fg, B2BSSOOptions as fh, B2BOAuthOptions as fi, B2BOAuthProviderConfig as fj, B2BPasswordOptions as fk, B2BEmailOTPOptions as fl, B2BSMSOTPOptions as fm, DirectLoginForSingleMembershipConfig as fn, B2BPasswordAuthenticateOptions as fp, B2BPasswordDiscoveryAuthenticateResponse as fq, B2BPasswordDiscoveryAuthenticateOptions as fr, B2BPasswordAuthenticateResponse as fs, B2BPasswordResetByEmailStartOptions as ft, B2BPasswordResetByEmailStartResponse as fu, B2BPasswordDiscoveryResetByEmailStartOptions as fv, B2BPasswordDiscoveryResetByEmailStartResponse as fw, B2BPasswordDiscoveryResetByEmailOptions as fx, B2BPasswordDiscoveryResetByEmailResponse as fy, B2BPasswordResetByEmailOptions as fz, IHeadlessOAuthClient as g, SCIMConnectionWithBearerToken as g0, SCIMConnectionWithNextBearerToken as g1, SCIMGroup as g2, B2BSCIMCreateConnectionOptions as g3, B2BSCIMCreateConnectionResponse as g4, B2BSCIMUpdateConnectionOptions as g5, B2BSCIMUpdateConnectionResponse as g6, B2BSCIMDeleteConnectionResponse as g7, B2BSCIMGetConnectionResponse as g8, B2BSCIMGetConnectionGroupsOptions as g9, B2BSCIMGetConnectionGroupsResponse as ga, B2BSCIMRotateStartResponse as gb, B2BSCIMRotateCompleteResponse as gc, B2BSCIMRotateCancelResponse as gd, B2BImpersonationAuthenticateOptions as ge, B2BImpersonationAuthenticateResponse as gf, ImpersonationAuthenticateOptions as gg, ImpersonationAuthenticateResponse as gh, ConsumerPermissionsMap as gi, PartialDeep as gj, RBACPolicyRole as gk, CommonLoginConfig as gl, CommonB2BLoginConfig as gm, OneTapRenderResult as h, IHeadlessUserClient as i, IHeadlessMagicLinksClient as j, IHeadlessSessionClient as k, IHeadlessOTPsClient as l, IHeadlessCryptoWalletClient as m, IHeadlessTOTPClient as n, IHeadlessWebAuthnClient as o, IHeadlessPasswordClient as p, IHeadlessImpersonationClient as q, IHeadlessRBACClient as r, StateChangeRegisterFunction as s, StytchClientOptions as t, IHeadlessB2BIDPClient as u, B2BOAuthAuthorizeStartResponse as v, B2BOAuthAuthorizeSubmitOptions as w, B2BOAuthAuthorizeSubmitResponse as x, B2BOAuthLogoutStartOptions as y, B2BOAuthLogoutStartResponse as z };