@stytch/react 20.0.0-next.0 → 20.0.0-next.1

package/dist/types/idpHelpers-hBhPCtAC.d.ts

@@ -1,936 +0,0 @@
-import { S as StytchProjectConfigurationInput, Z as SessionDurationOptions, V as AuthenticateResponse, R as ResponseCommon, U as User, fD as Cacheable, _ as UnsubscribeFunction, X as DeleteResponse, a2 as SDKDeviceHistory, a3 as ConnectedAppPublic, a4 as ScopeResult } from './createAuthUrlHandler-Ck5TyB9J.js';
-
-type OAuthGetURLOptions = {
-    /**
-     * The URL that Stytch redirects to after the OAuth flow is completed for a user that already exists.
-     * This URL should be an endpoint in the backend server that verifies the request by querying Stytch's /oauth/authenticate endpoint and finishes the login.
-     * The URL should be configured as a Login URL in the Stytch Dashboard's Redirect URL page.
-     * If the field is not specified, the default in the Dashboard is used.
-     */
-    login_redirect_url?: string;
-    /**
-     * The URL that Stytch redirects to after the OAuth flow is completed for a user that does not yet exist.
-     * This URL should be an endpoint in the backend server that verifies the request by querying Stytch's /oauth/authenticate endpoint and finishes the login.
-     * The URL should be configured as a Sign Up URL in the Stytch Dashboard's Redirect URL page.
-     * If the field is not specified, the default in the Dashboard is used.
-     */
-    signup_redirect_url?: string;
-    /**
-     * An optional list of custom scopes that you'd like to request from the user in addition to the ones Stytch requests by default.
-     * @example Google Custom Scopes
-     * ['https://www.googleapis.com/auth/gmail.compose', 'https://www.googleapis.com/auth/firebase']
-     *
-     * @example Facebook Custom Scopes
-     * ['public_profile', 'instagram_shopping_tag_products']
-     */
-    custom_scopes?: string[];
-    /**
-     * An optional mapping of provider specific values to pass through to the OAuth provider
-     * @example Google authorization parameters
-     * {"prompt": "select_account", "login_hint": "example@stytch.com"}
-     */
-    provider_params?: Record<string, string>;
-    /**
-     * An optional token to pre-associate an OAuth flow with an existing Stytch User
-     */
-    oauth_attach_token?: string;
-};
-type OAuthAuthenticateOptions = SessionDurationOptions;
-type OAuthAuthenticateResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
-    /**
-     * The `provider_subject` field is the unique identifier used to identify the user within a given OAuth provider.
-     * Also commonly called the "sub" or "Subject field" in OAuth protocols.
-     */
-    provider_subject: string;
-    /**
-     * The `type` field denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Facebook, GitHub etc.
-     */
-    provider_type: string;
-    /**
-     * If available, the `profile_picture_url` is a url of the user's profile picture set in OAuth identity the provider that the user has authenticated with, e.g. Facebook profile picture.
-     */
-    profile_picture_url: string;
-    /**
-     * If available, the `locale` is the user's locale set in the OAuth identity provider that the user has authenticated with.
-     */
-    locale: string;
-    /**
-     * The `provider_values` object lists relevant identifiers, values, and scopes for a given OAuth provider.
-     * For example this object will include a provider's `access_token` that you can use to access the provider's API for a given user.
-     * Note that these values will vary based on the OAuth provider in question, e.g. `id_token` may not be returned by all providers.
-     */
-    provider_values: {
-        /**
-         * The `access_token` that you may use to access the user's data in the provider's API.
-         */
-        access_token: string;
-        /**
-         * The `id_token` returned by the OAuth provider.
-         * ID Tokens are JWTs that contain structured information about a user.
-         * The exact content of each ID Token varies from provider to provider.
-         * ID Tokens are returned from OAuth providers that conform to the {@link https://openid.net/foundation/ OpenID Connect} specification, which is based on OAuth.
-         */
-        id_token: string;
-        /**
-         * The `refresh_token` that you may use to refresh a user's session within the provider's API.
-         */
-        refresh_token: string;
-        /**
-         * The OAuth scopes included for a given provider.
-         * See each provider's section above to see which scopes are included by default and how to add custom scopes.
-         */
-        scopes: string[];
-        /**
-         * The timestamp when the Session expires.
-         * Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.
-         */
-        expires_at: string;
-    };
-};
-type OAuthStartFailureReason = 'User Canceled' | 'Authentication Failed' | 'Invalid Platform';
-type OAuthStartResponse = void | {
-    success: true;
-} | {
-    success: false;
-    reason: OAuthStartFailureReason;
-    error?: Error;
-};
-/**
- * Methods for interacting with an individual OAuth provider.
- */
-interface IOAuthProvider {
-    /**
-     * Start an OAuth flow by redirecting the browser to one of Stytch's {@link https://stytch.com/docs/api/oauth-google-start oauth start} endpoints.
-     * If enabled, this method will also generate a PKCE code_verifier and store it in localstorage on the device (See the {@link https://stytch.com/docs/oauth#guides_pkce PKCE OAuth guide} for details).
-     * If your application is configured to use a custom subdomain with Stytch, it will be used automatically.
-     * @example
-     * const loginWithGoogle = useCallback(()=> {
-     *   stytch.oauth.google.start({
-     *     login_redirect_url: 'https://example.com/oauth/callback',
-     *     signup_redirect_url: 'https://example.com/oauth/callback',
-     *     custom_scopes: ['https://www.googleapis.com/auth/gmail.compose']
-     *   })
-     * }, [stytch]);
-     * return (
-     *   <Button onClick={loginWithGoogle}> Log in! </Button>
-     * );
-     *
-     * @param options - An {@link OAuthGetURLOptions} object
-     *
-     * @returns OAuthStartResponse - In browsers, the browser is redirected during this function call and will return void. You should not attempt to run any code after calling this function. In React Native applications, an external browser is opened, and this method will return the result of the browser/native authentication attempt.
-     *
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    start(options?: OAuthGetURLOptions): Promise<OAuthStartResponse>;
-}
-type OAuthAttachResponse = ResponseCommon & {
-    oauth_attach_token: string;
-};
-interface IHeadlessOAuthClient<TProjectConfiguration extends StytchProjectConfigurationInput> {
-    google: IOAuthProvider;
-    microsoft: IOAuthProvider;
-    apple: IOAuthProvider;
-    github: IOAuthProvider;
-    gitlab: IOAuthProvider;
-    facebook: IOAuthProvider;
-    discord: IOAuthProvider;
-    salesforce: IOAuthProvider;
-    slack: IOAuthProvider;
-    amazon: IOAuthProvider;
-    bitbucket: IOAuthProvider;
-    linkedin: IOAuthProvider;
-    coinbase: IOAuthProvider;
-    twitch: IOAuthProvider;
-    twitter: IOAuthProvider;
-    tiktok: IOAuthProvider;
-    snapchat: IOAuthProvider;
-    figma: IOAuthProvider;
-    yahoo: IOAuthProvider;
-    /**
-     * The authenticate method wraps the {@link https://stytch.com/docs/api/oauth-authenticate authenticate} OAuth API endpoint which validates the OAuth token passed in.
-     *
-     * @example
-     * const token = new URLSearchParams(window.location.search).get('token');
-     * stytch.oauth.authenticate(token, {
-     *   session_duration_minutes: 60
-     * }).then(...)
-     *
-     * @param token - The token to authenticate
-     * @param options - {@link OAuthAuthenticateOptions}
-     *
-     * @returns A {@link OAuthAuthenticateResponse} indicating the token has been authenticated.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    authenticate(token: string, options: OAuthAuthenticateOptions): Promise<OAuthAuthenticateResponse<TProjectConfiguration>>;
-    /**
-     * The attach method wraps the {@link https://stytch.com/docs/api/oauth-attach attach} OAuth API endpoint and generates an OAuth Attach Token to pre-associate an OAuth flow with an existing Stytch User.
-     *
-     * You must have an active Stytch session to use this endpoint.
-     * Pass the returned oauth_attach_token to the same provider's OAuth Start endpoint to treat this OAuth flow as a
-     * login for that user instead of a signup
-     *
-     * @param provider - The OAuth provider's name.
-     *
-     * @returns A {@link OAuthAttachResponse} containing a single-use token for connecting the Stytch User selection from this request to the corresponding OAuth Start request.
-     */
-    attach(provider: string): Promise<OAuthAttachResponse>;
-}
-
-type UserOnChangeCallback = (user: User | null) => void;
-type UserUpdateOptions = {
-    /**
-     * The name of the user. If at least one name field is passed, all name fields will be updated.
-     */
-    name?: {
-        /**
-         * The first name of the user. Replaces an existing first name, if it exists.
-         */
-        first_name?: string;
-        /**
-         * The middle name(s) of the user. Replaces an existing middle name, if it exists.
-         */
-        middle_name?: string;
-        /**
-         * The last name of the user. Replaces an existing last name, if it exists.
-         */
-        last_name?: string;
-    };
-    /**
-     * A JSON object containing application-specific metadata.
-     * Use it to store fields that a user can be allowed to edit directly without backend validation - such as `display_theme` or `preferred_locale`.
-     * See our {@link https://stytch.com/docs/api/metadata metadata reference} for complete details.
-     */
-    untrusted_metadata?: Record<string, unknown>;
-};
-type UserUpdateResponse = ResponseCommon & {
-    /**
-     * Globally unique UUID that identifies a specific user in the Stytch API.
-     */
-    user_id: string;
-    /**
-     * The updated emails for the user.
-     */
-    emails: User['emails'];
-    /**
-     * The updated phone numbers for the user.
-     */
-    phone_numbers: User['phone_numbers'];
-    /**
-     * The updated crypto wallets for the user.
-     */
-    crypto_wallets: User['crypto_wallets'];
-};
-type UserInfo = Cacheable<{
-    /**
-     * The user object, or null if no user exists.
-     */
-    user: User | null;
-}>;
-type UserGetConnectedAppsResponse = ResponseCommon & {
-    connected_apps: {
-        connected_app_id: string;
-        name: string;
-        description: string;
-        client_type: string;
-        logo_url?: string;
-        scopes_granted: string;
-    }[];
-};
-interface IHeadlessUserClient {
-    /**
-     * The asynchronous method, `user.get`, wraps the {@link https://stytch.com/docs/api/get-user get user} endpoint.
-     * It fetches the user's data and refreshes the cached object if changes are detected.
-     * The Stytch SDK will invoke this method automatically in the background, so you probably won't need to call this method directly.
-     *
-     * @returns A {@link User} object, or null if no user exists.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     */
-    get(): Promise<User>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/update-user update user} endpoint. Use this method to change the user's name, untrusted metadata, and attributes.
-     *
-     * You can listen for successful user updates anywhere in the codebase with the `stytch.user.onChange()` method or `useStytchUser()` hook if you are using React.
-     *
-     * **Note:** If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
-     *
-     * @example
-     * ```
-     * const updateName = useCallback(() => {
-     *  stytchClient.user.update({
-     *    name: {
-     *      first_name: 'Jane',
-     *      last_name: 'Doe',
-     *    },
-     *  });
-     * }, [stytchClient]);
-     * ```
-     *
-     * @param options - {@link UserUpdateOptions}
-     *
-     * @returns A {@link UserUpdateResponse} indicating the user has been updated.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    update(options: UserUpdateOptions): Promise<UserUpdateResponse>;
-    /**
-     * The `user.getSync` is a synchronous method for getting a user. This is the recommended approach. You can listen to changes with the `onChange` method.
-     * If logged in, this returns the cached user object, otherwise it returns null. This method does not refresh the user's data.
-     *
-     * @returns A {@link User} object, or null if no user exists.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     */
-    getSync(): User | null;
-    /**
-     * The `user.getInfo` method is similar to `user.getSync`, but it returns an object containing the `user` object and a `fromCache` boolean.
-     * If `fromCache` is true, the user object is from the cache and a state refresh is in progress.
-     */
-    getInfo(): UserInfo;
-    /**
-     * The `user.onChange` method takes in a callback that gets called whenever the user object changes. It returns an unsubscribe method for you to call when you no longer want to listen for such changes.
-     *
-     * In React, the `@stytch/react` library provides the `useStytchUser` hook that implements these methods for you to easily access the user and listen for changes.
-     *
-     * @param callback - Gets called whenever the user object changes. See {@link UserOnChangeCallback}.
-     *
-     * @returns An {@link UnsubscribeFunction} for you to call when you no longer want to listen for changes in the user object.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    onChange(callback: UserOnChangeCallback): UnsubscribeFunction;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-email delete user email} endpoint.
-     * This methods cannot be used to remove all factors from a user. A user must have at least one email, phone number, or OAuth provider associated with their account at all times, otherwise they will not be able to log in again.
-     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
-     *
-     * @param emailId - ID of the email to be deleted.
-     *
-     * @returns A {@link DeleteResponse} that indicates the user email has been deleted.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    deleteEmail(emailId: string): Promise<DeleteResponse>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-phone-number delete phone number} endpoint.
-     * This methods cannot be used to remove all factors from a user. A user must have at least one email, phone number, or OAuth provider associated with their account at all times, otherwise they will not be able to log in again.
-     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
-     *
-     * @param phoneId - ID of the phone number to be deleted.
-     *
-     * @returns A {@link DeleteResponse} that indicates the user phone number has been deleted.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    deletePhoneNumber(phoneId: string): Promise<DeleteResponse>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-totp delete TOTP} endpoint.
-     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
-     *
-     * @param totpId - ID of the TOTP registration to be deleted.
-     *
-     * @returns A {@link DeleteResponse} that indicates the user TOTP registration has been deleted.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    deleteTOTP(totpId: string): Promise<DeleteResponse>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-oauth-registration delete OAuth} endpoint.
-     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
-     *
-     * @param oauthUserRegistrationId - ID of the OAuth registration to be deleted.
-     *
-     * @returns A {@link DeleteResponse} that indicates the user OAuth registration has been deleted.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    deleteOAuthRegistration(oauthUserRegistrationId: string): Promise<DeleteResponse>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-crypto-wallet delete crypto wallet} endpoint.
-     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
-     *
-     * @param cryptoWalletId - ID of the crypto wallet to be deleted.
-     *
-     * @returns A {@link DeleteResponse} that indicates the user crypto wallet has been deleted.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    deleteCryptoWallet(cryptoWalletId: string): Promise<DeleteResponse>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-webauthn-registration delete WebAuthn} endpoint.
-     * Note: If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk#resources_multi-factor-authentication Multi-factor authentication} section for more details.
-     *
-     * @param webAuthnId - ID of the WebAuthn registration to be deleted.
-     *
-     * @returns A {@link DeleteResponse} that indicates the user WebAuthn registration has been deleted.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    deleteWebauthnRegistration(webAuthnId: string): Promise<DeleteResponse>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/delete-user-biometric-registration delete biometric} endpoint.
-     *
-     * @param biometricRegistrationId - ID of the biometric registration to be deleted.
-     *
-     * @returns A {@link DeleteResponse} that indicates the user Biometric registration has been deleted.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    deleteBiometricRegistration(biometricRegistrationId: string): Promise<DeleteResponse>;
-    /**
-     * The User Get Connected Apps method wraps the {@link https://stytch.com/docs/api/connected-app-user-get-all User Get Connected Apps} API endpoint.
-     * The `user_id` will be automatically inferred from the logged-in user's session.
-     *
-     * This method retrieves a list of Connected Apps that the user has completed an authorization flow with successfully.
-     * If the user revokes a Connected App's access (e.g. via the `revokeConnectedApp` method) then the Connected App will
-     * no longer be returned in this endpoint's response.
-     *
-     * @returns A {@link UserGetConnectedAppsResponse} containing a list of the user's connected apps
-     *
-     * @throws A `StytchSDKAPIError` when the Stytch API returns an error.
-     * @throws A `SDKAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    getConnectedApps(): Promise<UserGetConnectedAppsResponse>;
-    /**
-     * The User Revoke Connected App method wraps the {@link https://stytch.com/docs/api/connected-app-user-revoke User Revoke Connected App} API endpoint.
-     * The `user_id` will be automatically inferred from the logged-in user's session.
-     *
-     * This method revokes a Connected App's access to the user and revokes all active tokens that have been
-     * created on the user's behalf. New tokens cannot be created until the user completes a new authorization
-     * flow with the Connected App.
-     *
-     * Note that after calling this method, the user will be forced to grant consent in subsequent authorization
-     * flows with the Connected App.
-     *
-     * @param connectedAppId - ID of the Connected App to revoke.
-     * @returns A {@link ResponseCommon} indicating that the Connected App's access has been revoked.
-     *
-     * @throws A `StytchSDKAPIError` when the Stytch API returns an error.
-     * @throws A `SDKAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    revokedConnectedApp(connectedAppId: string): Promise<ResponseCommon>;
-}
-
-type TOTPCreateOptions = {
-    /**
-     * The expiration for the TOTP instance. If the newly created TOTP is not authenticated within this time frame the TOTP will be unusable. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.
-     */
-    expiration_minutes: number;
-};
-type TOTPCreateResponse = ResponseCommon & {
-    /**
-     * Globally unique UUID that identifies a specific TOTP registration in the Stytch API.
-     */
-    totp_id: string;
-    /**
-     * The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.
-     */
-    secret: string;
-    /**
-     * The QR code image encoded in base64.
-     */
-    qr_code: string;
-    /**
-     * The recovery codes used to authenticate the user without an authenticator app.
-     */
-    recovery_codes: string[];
-};
-type TOTPAuthenticateOptions = SessionDurationOptions & {
-    /**
-     * The TOTP code to authenticate. The TOTP code should consist of 6 digits.
-     */
-    totp_code: string;
-};
-type TOTPAuthenticateResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
-    /**
-     * Globally unique UUID that identifies a specific TOTP registration in the Stytch API.
-     */
-    totp_id: string;
-    /**
-     * The device history of the user.
-     */
-    user_device?: SDKDeviceHistory;
-};
-type TOTPRecovery = {
-    /**
-     * Globally unique UUID that identifies a specific TOTP registration in the Stytch API.
-     */
-    totp_id: string;
-    /**
-     * Indicates whether or not the TOTP registration has been verified by the user.
-     */
-    verified: boolean;
-    /**
-     * The recovery codes for the TOTP registration.
-     */
-    recovery_codes: string[];
-};
-type TOTPRecoveryCodesResponse = ResponseCommon & {
-    /**
-     * Globally unique UUID that identifies a specific user in the Stytch API.
-     */
-    user_id: string;
-    /**
-     * See {@link TOTPRecovery}.
-     */
-    totps: TOTPRecovery;
-};
-type TOTPRecoverOptions = SessionDurationOptions & {
-    /**
-     * The recovery code to authenticate.
-     */
-    recovery_code: string;
-};
-type TOTPRecoverResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
-    /**
-     * Globally unique UUID that identifies a specific TOTP registration in the Stytch API.
-     */
-    totp_id: string;
-    /**
-     * The device history of the user.
-     */
-    user_device?: SDKDeviceHistory;
-};
-interface IHeadlessTOTPClient<TProjectConfiguration extends StytchProjectConfigurationInput> {
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/totp-create Create} endpoint. Call this method to create a new TOTP instance for a user. The user can use the authenticator application of their choice to scan the QR code or enter the secret.
-     *
-     * You can listen for successful user updates anywhere in the codebase with the `stytch.user.onChange()` method or `useStytchUser()` hook if you are using React.
-     *
-     * **Note:** If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk/resources/mfa Multi-factor Authentication} section for more details.
-     *
-     * @example
-     * ```
-     * stytchClient.totps.create({ expiration_minutes: 60 });
-     * ```
-     *
-     * @param options - {@link TOTPCreateOptions}
-     *
-     * @returns A {@link TOTPCreateResponse} indicating a new TOTP instance has been created.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    create(options: TOTPCreateOptions): Promise<TOTPCreateResponse>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/totp-authenticate Authenticate} endpoint. Call this method to authenticate a TOTP code entered by a user.
-     *
-     * @example
-     * ```
-     * stytch.totps.authenticate({ totp_code: '123456', session_duration_minutes: 60 });
-     * ```
-     *
-     * @param options - {@link TOTPAuthenticateOptions}
-     *
-     * @returns A {@link TOTPAuthenticateResponse} indicating the TOTP code has been authenticated.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    authenticate(options: TOTPAuthenticateOptions): Promise<TOTPAuthenticateResponse<TProjectConfiguration>>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/totp-get-recovery-codes Recovery Codes} endpoint. Call this method to retrieve the recovery codes for a TOTP instance tied to a user.
-     *
-     * You can listen for successful user updates anywhere in the codebase with the `stytch.user.onChange()` method or `useStytchUser()` hook if you are using React.
-     *
-     * **Note:** If a user has enrolled another MFA method, this method will require MFA. See the {@link https://stytch.com/docs/sdks/javascript-sdk/resources/mfa Multi-factor authentication} section for more details.
-     *
-     * @example
-     * ```
-     * stytchClient.totps.recoveryCodes();
-     * ```
-     *
-     * @returns A {@link TOTPRecoveryCodesResponse} containing the TOTP recovery codes tied to the user.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     */
-    recoveryCodes(): Promise<TOTPRecoveryCodesResponse>;
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/totp-recover Recover} endpoint. Call this method to authenticate a recovery code for a TOTP instance.
-     *
-     * @example
-     * ```
-     * stytch.totps.recover({ recovery_code: 'xxxx-xxxx-xxxx', session_duration_minutes: 60 });
-     * ```
-     *
-     * @param options - {@link TOTPRecoverOptions}
-     *
-     * @returns A {@link TOTPRecoverResponse} indicating the TOTP recovery code has been authenticated.
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input.
-     */
-    recover(options: TOTPRecoverOptions): Promise<TOTPRecoverResponse<TProjectConfiguration>>;
-}
-
-type BiometricsRegisterOptions = {
-    /**
-     * The text rendered when raising the biometric prompt.
-     */
-    prompt: string;
-    /**
-     * The text rendered on the cancel button when raising the biometric prompt. Defaults to "Cancel".
-     */
-    cancelButtonText?: string;
-    /**
-     * On Android devices, allow the private key data to be stored as cleartext in the application sandbox.
-     */
-    allowFallbackToCleartext?: boolean;
-    /**
-     * Allows user to enter their device credentials as a fallback for failed biometric authentication.
-     */
-    allowDeviceCredentials?: boolean;
-    /**
-     * Specify the desired session duration, in minutes
-     */
-    sessionDurationMinutes?: number;
-};
-type BiometricsRegisterStartResponse = ResponseCommon & {
-    /**
-     * A unique ID that identifies a specific biometric registration.
-     */
-    biometric_registration_id: string;
-    /**
-     * The challenge to be signed by the device.
-     */
-    challenge: string;
-};
-type BiometricsRegisterCompleteResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
-    /**
-     * A unique ID that identifies a specific biometric registration.
-     */
-    biometric_registration_id: string;
-};
-type BiometricsAuthenticateOptions = {
-    /**
-     * The text rendered when raising the biometric prompt.
-     */
-    prompt: string;
-    /**
-     * Set the session lifetime to be this many minutes from now.
-     * This value must be a minimum of 5 and may not exceed the `maximum session duration minutes` value set in the {@link https://stytch.com/dashboard/sdk-configuration SDK Configuration} page of the Stytch dashboard.
-     * A successful authentication will continue to extend the session this many minutes.
-     */
-    sessionDurationMinutes: number;
-    /**
-     * The text rendered on the cancel button when raising the biometric prompt. Defaults to "Cancel".
-     */
-    cancelButtonText?: string;
-    /**
-     * Allows user to enter their device credentials as a fallback for failed biometric authentication.
-     */
-    allowDeviceCredentials?: boolean;
-    /**
-     * The text rendered on the fallback prompt after biometrics has failed and allowDeviceCredentials is true. Defaults to "Enter Passcode". This only appears on iOS devices.
-     */
-    fallbackTitle?: string;
-};
-type BiometricsAuthenticateStartResponse = ResponseCommon & {
-    /**
-     * The challenge to be signed by the device.
-     */
-    challenge: string;
-    /**
-     * A unique ID that identifies a specific biometric registration.
-     */
-    biometric_registration_id: string;
-};
-type BiometricsAuthenticateCompleteResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration> & {
-    /**
-     * A unique ID that identifies a specific biometric registration.
-     */
-    biometric_registration_id: string;
-    /**
-     * The device history of the user.
-     */
-    user_device?: SDKDeviceHistory;
-};
-type BiometricsDeleteResponse = ResponseCommon & {
-    /**
-     * A unique ID that identifies a specific biometric registration.
-     */
-    biometric_registration_id: string;
-    /**
-     * Globally unique UUID that identifies a specific user in the Stytch API.
-     */
-    user_id: string;
-};
-/**
- * Type of biometric authentication available on the device. iOS supports 'TouchID' or 'FaceID', and Android supports 'Biometrics'.
- */
-type BiometryType = 'TouchID' | 'FaceID' | 'Biometrics';
-type BiometricsGetSensorResponse = {
-    /**
-     * Type of biometric authentication available on the device.
-     */
-    biometryType: BiometryType;
-};
-interface IHeadlessBiometricsClient<TProjectConfiguration extends StytchProjectConfigurationInput> {
-    /**
-     * Indicates if there is an existing biometric registration on the device.
-     *
-     * @returns true if there is a biometric registration on the device, otherwise false.
-     */
-    isRegistrationAvailable: () => Promise<boolean>;
-    /**
-     * Indicates whether or not the Keystore is available on the device.
-     *
-     * @returns true if the keystore is available, otherwise false.
-     */
-    isKeystoreAvailable: () => Promise<boolean>;
-    /**
-     * Adds a biometric registration for the current user.
-     *
-     * @param options - {@link BiometricsRegisterOptions}
-     *
-     * @returns A {@link BiometricsRegisterCompleteResponse} indicating the biometric registration has been successful.
-     *
-     * @throws A `StytchSDKError` when the Stytch React Native module returns an error.
-     */
-    register: (options: BiometricsRegisterOptions) => Promise<BiometricsRegisterCompleteResponse<TProjectConfiguration>>;
-    /**
-     * Updates the session by using a biometric registration.
-     *
-     * @param options - {@link BiometricsAuthenticateOptions}
-     *
-     * @returns A {@link BiometricsRegisterCompleteResponse} indicating the authentication has been successful.
-     *
-     * @throws A `StytchSDKError` when the Stytch React Native module returns an error.
-     */
-    authenticate: (options: BiometricsAuthenticateOptions) => Promise<BiometricsAuthenticateCompleteResponse<TProjectConfiguration>>;
-    /**
-     * Attempts to remove the biometric registration from the user and device.
-     *
-     * @returns A {@link BiometricsDeleteResponse} indicating whether the deletion has been successful.
-     */
-    removeRegistration: () => Promise<BiometricsDeleteResponse>;
-    /**
-     * Checks the type of biometrics that is available on the device.
-     *
-     * @param allowDeviceCredentials Allows user to enter their device credentials as a fallback for failed biometric authentication.
-     *
-     * @returns A {@link BiometricsGetSensorResponse} containing a {@link BiometryType}.
-     *
-     * @throws A `StytchSDKError` when the Stytch React Native module returns an error.
-     */
-    getSensor: (allowDeviceCredentials?: boolean) => Promise<BiometricsGetSensorResponse>;
-    /**
-     * Gets the current biometric_registration_id saved on device, if it exists
-     */
-    getBiometricRegistrationId: () => Promise<string | undefined>;
-    /**
-     * Deletes the local biometric keys from the device, if any
-     *
-     * @returns true if keys were found and deleted from the device, false if no keys were present
-     */
-    deleteDeviceRegistration: () => Promise<boolean>;
-}
-
-type ImpersonationAuthenticateOptions = {
-    /**
-     * The impersonation token used to authenticate a user
-     */
-    impersonation_token: string;
-};
-type ImpersonationAuthenticateResponse<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> = AuthenticateResponse<TProjectConfiguration>;
-interface IHeadlessImpersonationClient<TProjectConfiguration extends StytchProjectConfigurationInput = Stytch.DefaultProjectConfiguration> {
-    /**
-     * Wraps Stytch's {@link https://stytch.com/docs/api/authenticate-impersonation-token Authenticate Impersonation Token} endpoint.
-     * The authenticate method wraps the consumer impersonation authenticate endpoint.
-     *
-     * @param data - {@link ImpersonationAuthenticateOptions}
-     * @returns A {@link ImpersonationAuthenticateResponse} indicating that the token has been authenticated
-     *
-     * @throws A `StytchAPIError` when the Stytch API returns an error.
-     * @throws A `StytchAPIUnreachableError` when the SDK cannot contact the Stytch API.
-     * @throws A `StytchSDKUsageError` when called with invalid input (invalid token, invalid options, etc.)
-     */
-    authenticate(data: ImpersonationAuthenticateOptions): Promise<ImpersonationAuthenticateResponse<TProjectConfiguration>>;
-}
-
-type Actions<Actions extends string> = Record<Actions, boolean>;
-type ConsumerPermissionsMap<Permissions extends Record<string, string>> = {
-    [ResourceID in keyof Permissions]: Actions<Permissions[ResourceID]>;
-};
-interface IHeadlessRBACClient {
-    /**
-     * The `isAuthorizedSync` method determines whether the logged-in user is allowed to perform the specified action on the specified resource.
-     * Returns `true` if the user can perform the action, `false` otherwise.
-     *
-     * If the user is not logged in, or the RBAC policy has not been loaded, this method will always return false.
-     * If the resource or action provided are not valid for the configured RBAC policy, this method will return false.
-     * @example
-     * const isAuthorized = stytch.rbac.isAuthorizedSync<Permissions>('document', 'image');
-     */
-    isAuthorizedSync(resourceId: string, action: string): boolean;
-    /**
-     * The `isAuthorized` method determines whether the logged-in user is allowed to perform the specified action on the specified resource.
-     * It will return a Promise that resolves after the RBAC policy has been loaded. Returns `true` if the user can perform the action, `false` otherwise.
-     *
-     * If the user is not logged in, this method will always return false.
-     * If the resource or action provided are not valid for the configured RBAC policy, this method will return false.
-     *
-     * @example
-     * const isAuthorized = await stytch.rbac.isAuthorizedSync<Permissions>('document', 'image');
-     */
-    isAuthorized(resourceId: string, action: string): Promise<boolean>;
-    /**
-     * The `allPermissions` method returns the complete list of permissions assigned to the currently logged-in user. If the user is not logged in, all values will be `false`.
-     *
-     * As a best practice, authorization checks for sensitive actions should also occur on the backend.
-     *
-     * @example
-     * type Permissions = {
-     *   document: 'create' | 'read' | 'write
-     *   image: 'create' | 'read'
-     * }
-     * const permissions = await stytch.rbac.allPermissions<Permissions>();
-     * console.log(permissions.document.create) // true
-     * console.log(permissions.image.create) // false
-     * @returns A {@link ConsumerPermissionsMap} for the active member
-     */
-    allPermissions<Permissions extends Record<string, string>>(): Promise<ConsumerPermissionsMap<Permissions>>;
-}
-
-type OAuthAuthorizeStartOptions = {
-    client_id: string;
-    redirect_uri: string;
-    response_type: string;
-    scopes: string[];
-    prompt?: string;
-};
-type OAuthAuthorizeStartResponse = ResponseCommon & {
-    user_id: string;
-    user: User;
-    client: ConnectedAppPublic;
-    consent_required: boolean;
-    scope_results: ScopeResult[];
-};
-type OAuthAuthorizeSubmitOptions = {
-    client_id: string;
-    redirect_uri: string;
-    response_type: string;
-    scopes: string[];
-    state?: string;
-    nonce?: string;
-    code_challenge?: string;
-    consent_granted: boolean;
-    prompt?: string;
-    resource?: string[];
-};
-type OAuthAuthorizeSubmitResponse = ResponseCommon & {
-    redirect_uri: string;
-    authorization_code?: string;
-};
-type OAuthLogoutStartOptions = {
-    client_id: string;
-    post_logout_redirect_uri: string;
-    state?: string;
-    id_token_hint?: string;
-};
-type OAuthLogoutStartResponse = ResponseCommon & {
-    redirect_uri: string;
-    consent_required: boolean;
-};
-interface IHeadlessIDPClient {
-    /**
-     * Initiates a request for authorization of a Connected App to access a User's account.
-     *
-     * Call this endpoint using the query parameters from an OAuth Authorization request. This endpoint validates various fields (scope, client_id, redirect_uri, prompt, etc...) are correct and returns relevant information for rendering an OAuth Consent Screen.
-     *
-     * @param data - The options for the OAuth authorization flow.
-     * @returns The response from the OAuth authorization flow.
-     * @example
-     * const response = await stytch.idp.oauthAuthorizeStart({
-     *   client_id: 'client_123',
-     */
-    oauthAuthorizeStart(data: OAuthAuthorizeStartOptions): Promise<OAuthAuthorizeStartResponse>;
-    /**
-     * Completes a request for authorization of a Connected App to access a Member's account.
-     *
-     * Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the Preflight Check API. Note that this endpoint takes in a few additional parameters the preflight check does not- state, nonce, and code_challenge.
-     *
-     * If the authorization was successful, the redirect_uri will contain a valid authorization_code embedded as a query parameter. If the authorization was unsuccessful, the redirect_uri will contain an OAuth2.1 error_code. In both cases, redirect the Member to the location for the response to be consumed by the Connected App.
-     *
-     * Exactly one of the following must be provided to identify the Member granting authorization:
-     * organization_id + member_id
-     * session_token
-     * session_jwt
-     *
-     * If a session_token or session_jwt is passed, the OAuth Authorization will be linked to the Member's session for tracking purposes. One of these fields must be used if the Connected App intends to complete the Exchange Access Token flow.
-     *
-     * @param data - The options for the OAuth authorization flow.
-     * @returns The response from the OAuth authorization flow.
-     * @example
-     * const response = await stytch.idp.oauthAuthorizeSubmit({
-     *   client_id: 'client_123',
-     *   redirect_uri: 'https://example.com/callback',
-     *   scope: 'openid email profile',
-     * });
-     */
-    oauthAuthorizeSubmit(data: OAuthAuthorizeSubmitOptions): Promise<OAuthAuthorizeSubmitResponse>;
-}
-
-type OAuthAuthorizeParams = {
-    client_id: string;
-    redirect_uri: string;
-    response_type: string;
-    scopes: string[];
-    code_challenge?: string;
-    state?: string;
-    nonce?: string;
-    prompt?: string;
-    resources?: string[];
-};
-type OAuthLogoutParams = {
-    client_id: string;
-    post_logout_redirect_uri: string;
-    id_token_hint?: string;
-    state?: string;
-};
-/**
- * Parse the OAuth Authorize params from the URL search parameters to pass in to subsequent OAuthAuthorize calls.
- *
- * @param params - The URL search parameters to parse.
- * @returns The parsed OAuth Authorize parameters.
- */
-declare const parseOAuthAuthorizeParams: (params: URLSearchParams) => {
-    error: string | null;
-    result: OAuthAuthorizeParams;
-};
-declare const parseOAuthLogoutParams: (params: URLSearchParams) => {
-    error: string | null;
-    result: OAuthLogoutParams;
-};
-
-export { parseOAuthLogoutParams as k, parseOAuthAuthorizeParams as p };
-export type { TOTPAuthenticateOptions as A, TOTPAuthenticateResponse as B, TOTPRecoveryCodesResponse as C, TOTPRecoverOptions as D, TOTPRecoverResponse as E, BiometricsRegisterOptions as F, BiometricsRegisterStartResponse as G, BiometricsRegisterCompleteResponse as H, IHeadlessIDPClient as I, BiometricsAuthenticateOptions as J, BiometricsAuthenticateStartResponse as K, BiometricsAuthenticateCompleteResponse as L, BiometricsDeleteResponse as M, BiometryType as N, OAuthAuthorizeStartOptions as O, BiometricsGetSensorResponse as P, IHeadlessBiometricsClient as Q, ImpersonationAuthenticateOptions as R, ImpersonationAuthenticateResponse as S, TOTPCreateOptions as T, UserOnChangeCallback as U, ConsumerPermissionsMap as V, OAuthAuthorizeStartResponse as a, OAuthAuthorizeSubmitOptions as b, OAuthAuthorizeSubmitResponse as c, OAuthLogoutStartOptions as d, OAuthLogoutStartResponse as e, IHeadlessOAuthClient as f, IHeadlessUserClient as g, IHeadlessTOTPClient as h, IHeadlessImpersonationClient as i, IHeadlessRBACClient as j, OAuthAuthorizeParams as l, OAuthLogoutParams as m, OAuthGetURLOptions as n, OAuthAuthenticateOptions as o, OAuthAuthenticateResponse as q, OAuthStartFailureReason as r, OAuthStartResponse as s, IOAuthProvider as t, OAuthAttachResponse as u, UserUpdateOptions as v, UserUpdateResponse as w, UserInfo as x, UserGetConnectedAppsResponse as y, TOTPCreateResponse as z };