@thunderid/javascript 0.2.0 → 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/StorageManager.d.ts +2 -2
- package/dist/StorageManager.d.ts.map +1 -1
- package/dist/ThunderIDJavaScriptClient.d.ts +5 -7
- package/dist/ThunderIDJavaScriptClient.d.ts.map +1 -1
- package/dist/api/{v2/executeEmbeddedRecoveryFlowV2.d.ts → executeEmbeddedRecoveryFlow.d.ts} +7 -7
- package/dist/api/executeEmbeddedRecoveryFlow.d.ts.map +1 -0
- package/dist/api/executeEmbeddedSignInFlow.d.ts +3 -3
- package/dist/api/executeEmbeddedSignInFlow.d.ts.map +1 -1
- package/dist/api/executeEmbeddedSignUpFlow.d.ts +4 -27
- package/dist/api/executeEmbeddedSignUpFlow.d.ts.map +1 -1
- package/dist/api/{v2/executeEmbeddedUserOnboardingFlowV2.d.ts → executeEmbeddedUserOnboardingFlow.d.ts} +6 -6
- package/dist/api/executeEmbeddedUserOnboardingFlow.d.ts.map +1 -0
- package/dist/api/getBrandingPreference.d.ts.map +1 -1
- package/dist/api/{v2/getFlowMetaV2.d.ts → getFlowMeta.d.ts} +7 -7
- package/dist/api/getFlowMeta.d.ts.map +1 -0
- package/dist/api/{v2/getOrganizationUnitChildren.d.ts → getOrganizationUnitChildren.d.ts} +1 -1
- package/dist/api/getOrganizationUnitChildren.d.ts.map +1 -0
- package/dist/cjs/index.cjs +1318 -1445
- package/dist/edge/index.js +1306 -1422
- package/dist/i18n/models/i18n.d.ts +3 -0
- package/dist/i18n/models/i18n.d.ts.map +1 -1
- package/dist/i18n/translations/en-US.d.ts.map +1 -1
- package/dist/i18n/translations/fr-FR.d.ts.map +1 -1
- package/dist/i18n/translations/hi-IN.d.ts.map +1 -1
- package/dist/i18n/translations/ja-JP.d.ts.map +1 -1
- package/dist/i18n/translations/pt-BR.d.ts.map +1 -1
- package/dist/i18n/translations/pt-PT.d.ts.map +1 -1
- package/dist/i18n/translations/si-LK.d.ts.map +1 -1
- package/dist/i18n/translations/ta-IN.d.ts.map +1 -1
- package/dist/i18n/translations/te-IN.d.ts.map +1 -1
- package/dist/index.d.ts +30 -36
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1306 -1422
- package/dist/models/ciba.d.ts +96 -0
- package/dist/models/ciba.d.ts.map +1 -0
- package/dist/models/client.d.ts +18 -28
- package/dist/models/client.d.ts.map +1 -1
- package/dist/models/config.d.ts +1 -1
- package/dist/models/config.d.ts.map +1 -1
- package/dist/models/embedded-flow.d.ts +572 -92
- package/dist/models/embedded-flow.d.ts.map +1 -1
- package/dist/models/{v2/embedded-recovery-flow-v2.d.ts → embedded-recovery-flow.d.ts} +2 -3
- package/dist/models/embedded-recovery-flow.d.ts.map +1 -0
- package/dist/models/embedded-signin-flow.d.ts +310 -66
- package/dist/models/embedded-signin-flow.d.ts.map +1 -1
- package/dist/models/{v2/embedded-signup-flow-v2.d.ts → embedded-signup-flow.d.ts} +4 -5
- package/dist/models/embedded-signup-flow.d.ts.map +1 -0
- package/dist/models/extensions/components.d.ts +55 -0
- package/dist/models/extensions/components.d.ts.map +1 -0
- package/dist/models/{v2/flow-meta-v2.d.ts → flow-meta.d.ts} +1 -1
- package/dist/models/flow-meta.d.ts.map +1 -0
- package/dist/models/oidc-discovery.d.ts +4 -0
- package/dist/models/oidc-discovery.d.ts.map +1 -1
- package/dist/models/organization-unit.d.ts.map +1 -0
- package/dist/models/translation.d.ts.map +1 -0
- package/dist/models/{v2/vars.d.ts → vars.d.ts} +1 -1
- package/dist/models/vars.d.ts.map +1 -0
- package/dist/utils/buildValidatorFromRules.d.ts +31 -0
- package/dist/utils/buildValidatorFromRules.d.ts.map +1 -0
- package/dist/utils/containsMetaFlowTemplateLiteral.d.ts.map +1 -0
- package/dist/utils/countryCodeToFlagEmoji.d.ts.map +1 -0
- package/dist/utils/evaluateValidationRule.d.ts +42 -0
- package/dist/utils/evaluateValidationRule.d.ts.map +1 -0
- package/dist/utils/extractEmojiFromUri.d.ts.map +1 -0
- package/dist/utils/getRedirectBasedSignUpUrl.d.ts +1 -1
- package/dist/utils/getRedirectBasedSignUpUrl.d.ts.map +1 -1
- package/dist/utils/injectRequestedPermissions.d.ts.map +1 -0
- package/dist/utils/isEmojiUri.d.ts.map +1 -0
- package/dist/utils/isMetaFlowTemplateLiteral.d.ts.map +1 -0
- package/dist/utils/isTranslationFlowTemplateLiteral.d.ts.map +1 -0
- package/dist/utils/parseApiErrorMessage.d.ts.map +1 -1
- package/dist/utils/parseFlowTemplateLiteral.d.ts.map +1 -0
- package/dist/utils/{v2/resolveFlowTemplateLiterals.d.ts → resolveFlowTemplateLiterals.d.ts} +2 -2
- package/dist/utils/resolveFlowTemplateLiterals.d.ts.map +1 -0
- package/dist/utils/resolveLocaleDisplayName.d.ts.map +1 -0
- package/dist/utils/resolveLocaleEmoji.d.ts.map +1 -0
- package/dist/utils/{v2/resolveMeta.d.ts → resolveMeta.d.ts} +1 -1
- package/dist/utils/resolveMeta.d.ts.map +1 -0
- package/package.json +7 -7
- package/dist/api/initializeEmbeddedSignInFlow.d.ts +0 -52
- package/dist/api/initializeEmbeddedSignInFlow.d.ts.map +0 -1
- package/dist/api/v2/executeEmbeddedRecoveryFlowV2.d.ts.map +0 -1
- package/dist/api/v2/executeEmbeddedSignInFlowV2.d.ts +0 -22
- package/dist/api/v2/executeEmbeddedSignInFlowV2.d.ts.map +0 -1
- package/dist/api/v2/executeEmbeddedSignUpFlowV2.d.ts +0 -22
- package/dist/api/v2/executeEmbeddedSignUpFlowV2.d.ts.map +0 -1
- package/dist/api/v2/executeEmbeddedUserOnboardingFlowV2.d.ts.map +0 -1
- package/dist/api/v2/getFlowMetaV2.d.ts.map +0 -1
- package/dist/api/v2/getOrganizationUnitChildren.d.ts.map +0 -1
- package/dist/constants/v2/OIDCDiscoveryConstants.d.ts +0 -40
- package/dist/constants/v2/OIDCDiscoveryConstants.d.ts.map +0 -1
- package/dist/models/platforms.d.ts +0 -33
- package/dist/models/platforms.d.ts.map +0 -1
- package/dist/models/v2/embedded-flow-v2.d.ts +0 -550
- package/dist/models/v2/embedded-flow-v2.d.ts.map +0 -1
- package/dist/models/v2/embedded-recovery-flow-v2.d.ts.map +0 -1
- package/dist/models/v2/embedded-signin-flow-v2.d.ts +0 -345
- package/dist/models/v2/embedded-signin-flow-v2.d.ts.map +0 -1
- package/dist/models/v2/embedded-signup-flow-v2.d.ts.map +0 -1
- package/dist/models/v2/extensions/components.d.ts +0 -89
- package/dist/models/v2/extensions/components.d.ts.map +0 -1
- package/dist/models/v2/flow-meta-v2.d.ts.map +0 -1
- package/dist/models/v2/organization-unit.d.ts.map +0 -1
- package/dist/models/v2/translation.d.ts.map +0 -1
- package/dist/models/v2/vars.d.ts.map +0 -1
- package/dist/utils/identifyPlatform.d.ts +0 -31
- package/dist/utils/identifyPlatform.d.ts.map +0 -1
- package/dist/utils/resolveFieldType.d.ts +0 -21
- package/dist/utils/resolveFieldType.d.ts.map +0 -1
- package/dist/utils/v2/containsMetaFlowTemplateLiteral.d.ts.map +0 -1
- package/dist/utils/v2/countryCodeToFlagEmoji.d.ts.map +0 -1
- package/dist/utils/v2/extractEmojiFromUri.d.ts.map +0 -1
- package/dist/utils/v2/injectRequestedPermissions.d.ts.map +0 -1
- package/dist/utils/v2/isEmojiUri.d.ts.map +0 -1
- package/dist/utils/v2/isMetaFlowTemplateLiteral.d.ts.map +0 -1
- package/dist/utils/v2/isTranslationFlowTemplateLiteral.d.ts.map +0 -1
- package/dist/utils/v2/parseFlowTemplateLiteral.d.ts.map +0 -1
- package/dist/utils/v2/resolveFlowTemplateLiterals.d.ts.map +0 -1
- package/dist/utils/v2/resolveLocaleDisplayName.d.ts.map +0 -1
- package/dist/utils/v2/resolveLocaleEmoji.d.ts.map +0 -1
- package/dist/utils/v2/resolveMeta.d.ts.map +0 -1
- /package/dist/models/{v2/organization-unit.d.ts → organization-unit.d.ts} +0 -0
- /package/dist/models/{v2/translation.d.ts → translation.d.ts} +0 -0
- /package/dist/utils/{v2/containsMetaFlowTemplateLiteral.d.ts → containsMetaFlowTemplateLiteral.d.ts} +0 -0
- /package/dist/utils/{v2/countryCodeToFlagEmoji.d.ts → countryCodeToFlagEmoji.d.ts} +0 -0
- /package/dist/utils/{v2/extractEmojiFromUri.d.ts → extractEmojiFromUri.d.ts} +0 -0
- /package/dist/utils/{v2/injectRequestedPermissions.d.ts → injectRequestedPermissions.d.ts} +0 -0
- /package/dist/utils/{v2/isEmojiUri.d.ts → isEmojiUri.d.ts} +0 -0
- /package/dist/utils/{v2/isMetaFlowTemplateLiteral.d.ts → isMetaFlowTemplateLiteral.d.ts} +0 -0
- /package/dist/utils/{v2/isTranslationFlowTemplateLiteral.d.ts → isTranslationFlowTemplateLiteral.d.ts} +0 -0
- /package/dist/utils/{v2/parseFlowTemplateLiteral.d.ts → parseFlowTemplateLiteral.d.ts} +0 -0
- /package/dist/utils/{v2/resolveLocaleDisplayName.d.ts → resolveLocaleDisplayName.d.ts} +0 -0
- /package/dist/utils/{v2/resolveLocaleEmoji.d.ts → resolveLocaleEmoji.d.ts} +0 -0
package/dist/cjs/index.cjs
CHANGED
|
@@ -349,101 +349,91 @@ var ThunderIDAPIError = class extends ThunderIDError {
|
|
|
349
349
|
};
|
|
350
350
|
|
|
351
351
|
//#endregion
|
|
352
|
-
//#region src/
|
|
352
|
+
//#region src/models/embedded-signin-flow.ts
|
|
353
353
|
/**
|
|
354
|
-
*
|
|
354
|
+
* Status enumeration for ThunderID embedded sign-in flow operations.
|
|
355
355
|
*
|
|
356
|
-
*
|
|
357
|
-
*
|
|
358
|
-
*
|
|
356
|
+
* These statuses indicate the current state of the sign-in flow and determine
|
|
357
|
+
* the next action required by the client application. Each status provides
|
|
358
|
+
* specific guidance on how to proceed with the authentication process.
|
|
359
359
|
*
|
|
360
360
|
* @example
|
|
361
361
|
* ```typescript
|
|
362
|
-
*
|
|
363
|
-
*
|
|
364
|
-
*
|
|
365
|
-
*
|
|
366
|
-
*
|
|
367
|
-
*
|
|
368
|
-
*
|
|
369
|
-
*
|
|
370
|
-
*
|
|
371
|
-
*
|
|
372
|
-
* code_challenge_method: "S256"
|
|
373
|
-
* }
|
|
374
|
-
* });
|
|
375
|
-
* console.log(authResponse);
|
|
376
|
-
* } catch (error) {
|
|
377
|
-
* if (error instanceof ThunderIDAPIError) {
|
|
378
|
-
* console.error('Authorization failed:', error.message);
|
|
379
|
-
* }
|
|
362
|
+
* switch (response.flowStatus) {
|
|
363
|
+
* case EmbeddedSignInFlowStatus.Incomplete:
|
|
364
|
+
* // More user input needed - render form components
|
|
365
|
+
* break;
|
|
366
|
+
* case EmbeddedSignInFlowStatus.Complete:
|
|
367
|
+
* // Authentication successful - handle completion
|
|
368
|
+
* break;
|
|
369
|
+
* case EmbeddedSignInFlowStatus.Error:
|
|
370
|
+
* // Authentication failed - show error message
|
|
371
|
+
* break;
|
|
380
372
|
* }
|
|
381
373
|
* ```
|
|
374
|
+
*
|
|
375
|
+
* @experimental Part of the new ThunderID API
|
|
382
376
|
*/
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "executeEmbeddedSignInFlow-NetworkError-001", "javascript", 0, "Network Error");
|
|
439
|
-
}
|
|
440
|
-
};
|
|
441
|
-
var executeEmbeddedSignInFlow_default = executeEmbeddedSignInFlow;
|
|
377
|
+
let EmbeddedSignInFlowStatus = /* @__PURE__ */ function(EmbeddedSignInFlowStatus$1) {
|
|
378
|
+
/**
|
|
379
|
+
* Sign-in flow completed successfully.
|
|
380
|
+
*
|
|
381
|
+
* The user has been authenticated and the flow can proceed to
|
|
382
|
+
* OAuth2 completion or redirection. Check for redirectUrl or
|
|
383
|
+
* assertion data in the response.
|
|
384
|
+
*/
|
|
385
|
+
EmbeddedSignInFlowStatus$1["Complete"] = "COMPLETE";
|
|
386
|
+
/**
|
|
387
|
+
* Sign-in flow encountered an error.
|
|
388
|
+
*
|
|
389
|
+
* Authentication failed due to invalid credentials, system error,
|
|
390
|
+
* or other issues. Check error details in the response and handle
|
|
391
|
+
* appropriately (retry, show error message, etc.).
|
|
392
|
+
*/
|
|
393
|
+
EmbeddedSignInFlowStatus$1["Error"] = "ERROR";
|
|
394
|
+
/**
|
|
395
|
+
* Sign-in flow requires additional user input.
|
|
396
|
+
*
|
|
397
|
+
* More authentication steps are needed. The response will contain
|
|
398
|
+
* components in data.meta.components that should be rendered to
|
|
399
|
+
* collect additional user input (e.g., MFA, password, etc.).
|
|
400
|
+
*/
|
|
401
|
+
EmbeddedSignInFlowStatus$1["Incomplete"] = "INCOMPLETE";
|
|
402
|
+
return EmbeddedSignInFlowStatus$1;
|
|
403
|
+
}({});
|
|
404
|
+
/**
|
|
405
|
+
* Type enumeration for ThunderID embedded sign-in flow responses.
|
|
406
|
+
*
|
|
407
|
+
* Determines the nature of the flow response and how the client should
|
|
408
|
+
* handle the returned data. This affects both UI rendering and flow
|
|
409
|
+
* continuation logic.
|
|
410
|
+
*
|
|
411
|
+
* @experimental Part of the new ThunderID API
|
|
412
|
+
*/
|
|
413
|
+
let EmbeddedSignInFlowType = /* @__PURE__ */ function(EmbeddedSignInFlowType$1) {
|
|
414
|
+
/**
|
|
415
|
+
* Response requires external redirection.
|
|
416
|
+
*
|
|
417
|
+
* Used for social login providers, external identity providers,
|
|
418
|
+
* or other flows that require navigating to an external URL.
|
|
419
|
+
* The response will contain redirection information.
|
|
420
|
+
*/
|
|
421
|
+
EmbeddedSignInFlowType$1["Redirection"] = "REDIRECTION";
|
|
422
|
+
/**
|
|
423
|
+
* Response contains view components for rendering.
|
|
424
|
+
*
|
|
425
|
+
* Standard embedded flow response containing UI components
|
|
426
|
+
* that should be rendered within the current application
|
|
427
|
+
* context. Most common type for embedded authentication.
|
|
428
|
+
*/
|
|
429
|
+
EmbeddedSignInFlowType$1["View"] = "VIEW";
|
|
430
|
+
return EmbeddedSignInFlowType$1;
|
|
431
|
+
}({});
|
|
442
432
|
|
|
443
433
|
//#endregion
|
|
444
|
-
//#region src/
|
|
434
|
+
//#region src/utils/injectRequestedPermissions.ts
|
|
445
435
|
/**
|
|
446
|
-
* Copyright (c)
|
|
436
|
+
* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
|
|
447
437
|
*
|
|
448
438
|
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
449
439
|
* Version 2.0 (the "License"); you may not use this file except
|
|
@@ -459,140 +449,286 @@ var executeEmbeddedSignInFlow_default = executeEmbeddedSignInFlow;
|
|
|
459
449
|
* specific language governing permissions and limitations
|
|
460
450
|
* under the License.
|
|
461
451
|
*/
|
|
462
|
-
let EmbeddedFlowType = /* @__PURE__ */ function(EmbeddedFlowType$1) {
|
|
463
|
-
EmbeddedFlowType$1["Authentication"] = "AUTHENTICATION";
|
|
464
|
-
EmbeddedFlowType$1["Recovery"] = "RECOVERY";
|
|
465
|
-
EmbeddedFlowType$1["Registration"] = "REGISTRATION";
|
|
466
|
-
EmbeddedFlowType$1["UserOnboarding"] = "USER_ONBOARDING";
|
|
467
|
-
return EmbeddedFlowType$1;
|
|
468
|
-
}({});
|
|
469
|
-
let EmbeddedFlowStatus = /* @__PURE__ */ function(EmbeddedFlowStatus$1) {
|
|
470
|
-
EmbeddedFlowStatus$1["Complete"] = "COMPLETE";
|
|
471
|
-
EmbeddedFlowStatus$1["Incomplete"] = "INCOMPLETE";
|
|
472
|
-
return EmbeddedFlowStatus$1;
|
|
473
|
-
}({});
|
|
474
|
-
let EmbeddedFlowResponseType = /* @__PURE__ */ function(EmbeddedFlowResponseType$1) {
|
|
475
|
-
EmbeddedFlowResponseType$1["Redirection"] = "REDIRECTION";
|
|
476
|
-
EmbeddedFlowResponseType$1["View"] = "VIEW";
|
|
477
|
-
return EmbeddedFlowResponseType$1;
|
|
478
|
-
}({});
|
|
479
|
-
let EmbeddedFlowComponentType = /* @__PURE__ */ function(EmbeddedFlowComponentType$2) {
|
|
480
|
-
EmbeddedFlowComponentType$2["Button"] = "BUTTON";
|
|
481
|
-
EmbeddedFlowComponentType$2["Checkbox"] = "CHECKBOX";
|
|
482
|
-
EmbeddedFlowComponentType$2["Divider"] = "DIVIDER";
|
|
483
|
-
EmbeddedFlowComponentType$2["Form"] = "FORM";
|
|
484
|
-
EmbeddedFlowComponentType$2["Image"] = "IMAGE";
|
|
485
|
-
EmbeddedFlowComponentType$2["Input"] = "INPUT";
|
|
486
|
-
EmbeddedFlowComponentType$2["Radio"] = "RADIO";
|
|
487
|
-
EmbeddedFlowComponentType$2["Select"] = "SELECT";
|
|
488
|
-
EmbeddedFlowComponentType$2["Typography"] = "TYPOGRAPHY";
|
|
489
|
-
return EmbeddedFlowComponentType$2;
|
|
490
|
-
}({});
|
|
491
|
-
|
|
492
|
-
//#endregion
|
|
493
|
-
//#region src/api/executeEmbeddedSignUpFlow.ts
|
|
494
452
|
/**
|
|
495
|
-
*
|
|
496
|
-
*
|
|
497
|
-
* @param requestConfig - Request configuration object containing URL and payload.
|
|
498
|
-
* @returns A promise that resolves with the flow execution response.
|
|
499
|
-
* @throws ThunderIDAPIError when the request fails or URL is invalid.
|
|
453
|
+
* Strips the top-level `scopes` field from a payload and injects it as
|
|
454
|
+
* `inputs.requested_permissions` (space-separated string).
|
|
500
455
|
*
|
|
501
|
-
*
|
|
502
|
-
* ```typescript
|
|
503
|
-
* try {
|
|
504
|
-
* const embeddedSignUpResponse = await executeEmbeddedSignUpFlow({
|
|
505
|
-
* url: "https://localhost:8090/api/server/v1/flow/execute",
|
|
506
|
-
* payload: {
|
|
507
|
-
* flowType: "REGISTRATION"
|
|
508
|
-
* }
|
|
509
|
-
* });
|
|
510
|
-
* console.log(embeddedSignUpResponse);
|
|
511
|
-
* } catch (error) {
|
|
512
|
-
* if (error instanceof ThunderIDAPIError) {
|
|
513
|
-
* console.error('Embedded SignUp flow execution failed:', error.message);
|
|
514
|
-
* }
|
|
515
|
-
* }
|
|
516
|
-
* ```
|
|
456
|
+
* The backend reads requested_permissions from UserInputs (the `inputs` map), not a top-level field.
|
|
517
457
|
*/
|
|
518
|
-
const
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
458
|
+
const injectRequestedPermissions = (payload) => {
|
|
459
|
+
const { scopes,...rest } = payload;
|
|
460
|
+
const normalizedScopes = Array.isArray(scopes) ? scopes.map((s) => String(s).trim()).filter(Boolean).join(" ") : typeof scopes === "string" ? scopes.trim() : "";
|
|
461
|
+
if (!normalizedScopes) return rest;
|
|
462
|
+
const existingInputs = rest["inputs"] != null && typeof rest["inputs"] === "object" && !Array.isArray(rest["inputs"]) ? rest["inputs"] : {};
|
|
463
|
+
return {
|
|
464
|
+
...rest,
|
|
465
|
+
inputs: {
|
|
466
|
+
...existingInputs,
|
|
467
|
+
requested_permissions: normalizedScopes
|
|
468
|
+
}
|
|
469
|
+
};
|
|
470
|
+
};
|
|
471
|
+
var injectRequestedPermissions_default = injectRequestedPermissions;
|
|
472
|
+
|
|
473
|
+
//#endregion
|
|
474
|
+
//#region src/api/executeEmbeddedSignInFlow.ts
|
|
475
|
+
const executeEmbeddedSignInFlow = async ({ url, baseUrl, payload, authId,...requestConfig }) => {
|
|
476
|
+
if (!payload) throw new ThunderIDAPIError("Authorization payload is required", "executeEmbeddedSignInFlow-ValidationError-002", "javascript", 400, "If an authorization payload is not provided, the request cannot be constructed correctly.");
|
|
477
|
+
const endpoint = url ?? `${baseUrl}/flow/execute`;
|
|
478
|
+
const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
|
|
479
|
+
const isNewFlowStart = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload;
|
|
480
|
+
const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
481
|
+
const basePayload = isNewFlowStart ? injectRequestedPermissions_default(cleanPayload) : cleanPayload;
|
|
482
|
+
const requestPayload = isNewFlowStart || hasOnlyFlowId ? {
|
|
483
|
+
...basePayload,
|
|
484
|
+
verbose: true
|
|
485
|
+
} : basePayload;
|
|
486
|
+
const response = await fetch(endpoint, {
|
|
487
|
+
...requestConfig,
|
|
488
|
+
body: JSON.stringify(requestPayload),
|
|
489
|
+
headers: {
|
|
490
|
+
Accept: "application/json",
|
|
491
|
+
"Content-Type": "application/json",
|
|
492
|
+
...requestConfig.headers
|
|
493
|
+
},
|
|
494
|
+
method: requestConfig.method || "POST"
|
|
495
|
+
});
|
|
496
|
+
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedSignInFlow-ResponseError-001", "javascript", response.status, response.statusText, "Authorization request failed");
|
|
497
|
+
const flowResponse = await response.json();
|
|
498
|
+
if (flowResponse.flowStatus === EmbeddedSignInFlowStatus.Complete && flowResponse.assertion && authId) try {
|
|
499
|
+
const oauth2Response = await fetch(`${baseUrl}/oauth2/auth/callback`, {
|
|
528
500
|
body: JSON.stringify({
|
|
529
|
-
|
|
530
|
-
|
|
501
|
+
assertion: flowResponse.assertion,
|
|
502
|
+
authId
|
|
531
503
|
}),
|
|
504
|
+
credentials: "include",
|
|
532
505
|
headers: {
|
|
533
506
|
Accept: "application/json",
|
|
534
507
|
"Content-Type": "application/json",
|
|
535
508
|
...requestConfig.headers
|
|
536
509
|
},
|
|
537
|
-
method:
|
|
510
|
+
method: "POST"
|
|
538
511
|
});
|
|
539
|
-
if (!
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
|
|
512
|
+
if (!oauth2Response.ok) throw new ThunderIDAPIError(await oauth2Response.text(), "executeEmbeddedSignInFlow-OAuth2Error-002", "javascript", oauth2Response.status, oauth2Response.statusText, "OAuth2 authorization failed");
|
|
513
|
+
const oauth2Result = await oauth2Response.json();
|
|
514
|
+
return {
|
|
515
|
+
flowStatus: flowResponse.flowStatus,
|
|
516
|
+
redirectUrl: oauth2Result["redirect_uri"]
|
|
517
|
+
};
|
|
518
|
+
} catch (authError) {
|
|
519
|
+
if (authError instanceof ThunderIDAPIError) throw authError;
|
|
520
|
+
throw new ThunderIDAPIError(authError instanceof Error ? authError.message : "Unknown error", "executeEmbeddedSignInFlow-OAuth2Error-001", "javascript", 500, "Failed to complete OAuth2 authorization after successful embedded sign-in flow.", "OAuth2 authorization failed");
|
|
544
521
|
}
|
|
522
|
+
return flowResponse;
|
|
545
523
|
};
|
|
546
|
-
var
|
|
524
|
+
var executeEmbeddedSignInFlow_default = executeEmbeddedSignInFlow;
|
|
547
525
|
|
|
548
526
|
//#endregion
|
|
549
|
-
//#region src/
|
|
527
|
+
//#region src/models/embedded-signup-flow.ts
|
|
550
528
|
/**
|
|
551
|
-
*
|
|
529
|
+
* Status enumeration for ThunderID embedded sign-up flow operations.
|
|
552
530
|
*
|
|
553
|
-
*
|
|
554
|
-
*
|
|
555
|
-
*
|
|
556
|
-
*
|
|
557
|
-
*
|
|
558
|
-
*
|
|
559
|
-
*
|
|
560
|
-
*
|
|
561
|
-
*
|
|
562
|
-
*
|
|
563
|
-
*
|
|
531
|
+
* These statuses indicate the current state of the registration flow and determine
|
|
532
|
+
* the next action required by the client application. Each status provides specific
|
|
533
|
+
* guidance on how to proceed with the user registration process.
|
|
534
|
+
*
|
|
535
|
+
* @example
|
|
536
|
+
* ```typescript
|
|
537
|
+
* switch (response.flowStatus) {
|
|
538
|
+
* case EmbeddedSignUpFlowStatus.Incomplete:
|
|
539
|
+
* // More user input needed - render registration form components
|
|
540
|
+
* break;
|
|
541
|
+
* case EmbeddedSignUpFlowStatus.Complete:
|
|
542
|
+
* // Registration successful - handle completion
|
|
543
|
+
* break;
|
|
544
|
+
* case EmbeddedSignUpFlowStatus.Error:
|
|
545
|
+
* // Registration failed - show error details
|
|
546
|
+
* const errorResponse = response as EmbeddedSignUpFlowErrorResponse;
|
|
547
|
+
* showError(errorResponse.error.description.defaultValue);
|
|
548
|
+
* break;
|
|
564
549
|
* }
|
|
565
550
|
* ```
|
|
551
|
+
*
|
|
552
|
+
* @experimental Part of the new ThunderID API
|
|
566
553
|
*/
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
554
|
+
let EmbeddedSignUpFlowStatus = /* @__PURE__ */ function(EmbeddedSignUpFlowStatus$1) {
|
|
555
|
+
/**
|
|
556
|
+
* Sign-up flow completed successfully.
|
|
557
|
+
*
|
|
558
|
+
* The user has successfully registered and the flow can proceed to
|
|
559
|
+
* OAuth2 completion or redirection. Check for redirectUrl or assertion
|
|
560
|
+
* data in the response for next steps.
|
|
561
|
+
*/
|
|
562
|
+
EmbeddedSignUpFlowStatus$1["Complete"] = "COMPLETE";
|
|
563
|
+
/**
|
|
564
|
+
* Sign-up flow encountered an error and cannot proceed.
|
|
565
|
+
*
|
|
566
|
+
* Registration failed due to validation errors, duplicate user,
|
|
567
|
+
* system errors, or other issues. The response will be of type
|
|
568
|
+
* `EmbeddedSignUpFlowErrorResponse` containing detailed failure
|
|
569
|
+
* information that can be displayed to the user.
|
|
570
|
+
*
|
|
571
|
+
* @see {@link EmbeddedSignUpFlowErrorResponse} for error response structure
|
|
572
|
+
*/
|
|
573
|
+
EmbeddedSignUpFlowStatus$1["Error"] = "ERROR";
|
|
574
|
+
/**
|
|
575
|
+
* Sign-up flow requires additional user input.
|
|
576
|
+
*
|
|
577
|
+
* More registration steps are needed. The response will contain
|
|
578
|
+
* components in data.meta.components that should be rendered to
|
|
579
|
+
* collect additional user information (e.g., profile data, verification).
|
|
580
|
+
*/
|
|
581
|
+
EmbeddedSignUpFlowStatus$1["Incomplete"] = "INCOMPLETE";
|
|
582
|
+
return EmbeddedSignUpFlowStatus$1;
|
|
583
|
+
}({});
|
|
584
|
+
/**
|
|
585
|
+
* Type enumeration for ThunderID embedded sign-up flow responses.
|
|
586
|
+
*
|
|
587
|
+
* Determines the nature of the registration flow response and how the client
|
|
588
|
+
* should handle the returned data. This affects both UI rendering and flow
|
|
589
|
+
* continuation logic during the user registration process.
|
|
590
|
+
*
|
|
591
|
+
* @experimental Part of the new ThunderID API
|
|
592
|
+
*/
|
|
593
|
+
let EmbeddedSignUpFlowType = /* @__PURE__ */ function(EmbeddedSignUpFlowType$1) {
|
|
594
|
+
/**
|
|
595
|
+
* Response requires external redirection.
|
|
596
|
+
*
|
|
597
|
+
* Used for social registration providers, external identity providers,
|
|
598
|
+
* or other flows that require navigating to an external URL during
|
|
599
|
+
* the registration process. The response will contain redirection information.
|
|
600
|
+
*/
|
|
601
|
+
EmbeddedSignUpFlowType$1["Redirection"] = "REDIRECTION";
|
|
602
|
+
/**
|
|
603
|
+
* Response contains view components for rendering.
|
|
604
|
+
*
|
|
605
|
+
* Standard embedded registration flow response containing UI components
|
|
606
|
+
* that should be rendered within the current application context.
|
|
607
|
+
* Most common type for embedded user registration.
|
|
608
|
+
*/
|
|
609
|
+
EmbeddedSignUpFlowType$1["View"] = "VIEW";
|
|
610
|
+
return EmbeddedSignUpFlowType$1;
|
|
611
|
+
}({});
|
|
612
|
+
|
|
613
|
+
//#endregion
|
|
614
|
+
//#region src/api/executeEmbeddedSignUpFlow.ts
|
|
615
|
+
const executeEmbeddedSignUpFlow = async ({ url, baseUrl, payload, authId,...requestConfig }) => {
|
|
616
|
+
if (!payload) throw new ThunderIDAPIError("Registration payload is required", "executeEmbeddedSignUpFlow-ValidationError-002", "javascript", 400, "If a registration payload is not provided, the request cannot be constructed correctly.");
|
|
617
|
+
const endpoint = url ?? `${baseUrl}/flow/execute`;
|
|
618
|
+
const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
|
|
619
|
+
const isNewFlowStart = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload;
|
|
620
|
+
const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
621
|
+
const basePayload = isNewFlowStart ? injectRequestedPermissions_default(cleanPayload) : cleanPayload;
|
|
622
|
+
const requestPayload = isNewFlowStart || hasOnlyFlowId ? {
|
|
623
|
+
...basePayload,
|
|
624
|
+
verbose: true
|
|
625
|
+
} : basePayload;
|
|
626
|
+
const response = await fetch(endpoint, {
|
|
627
|
+
...requestConfig,
|
|
628
|
+
body: JSON.stringify(requestPayload),
|
|
629
|
+
headers: {
|
|
630
|
+
Accept: "application/json",
|
|
631
|
+
"Content-Type": "application/json",
|
|
632
|
+
...requestConfig.headers
|
|
633
|
+
},
|
|
634
|
+
method: requestConfig.method || "POST"
|
|
635
|
+
});
|
|
636
|
+
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedSignUpFlow-ResponseError-001", "javascript", response.status, response.statusText, "Registration request failed");
|
|
637
|
+
const flowResponse = await response.json();
|
|
638
|
+
if (flowResponse.flowStatus === EmbeddedSignUpFlowStatus.Complete && flowResponse.assertion && authId) try {
|
|
639
|
+
const oauth2Response = await fetch(`${baseUrl}/oauth2/auth/callback`, {
|
|
640
|
+
body: JSON.stringify({
|
|
641
|
+
assertion: flowResponse.assertion,
|
|
642
|
+
authId
|
|
643
|
+
}),
|
|
644
|
+
credentials: "include",
|
|
576
645
|
headers: {
|
|
577
646
|
Accept: "application/json",
|
|
578
647
|
"Content-Type": "application/json",
|
|
579
648
|
...requestConfig.headers
|
|
580
649
|
},
|
|
581
|
-
method: "
|
|
650
|
+
method: "POST"
|
|
582
651
|
});
|
|
583
|
-
if (!
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
652
|
+
if (!oauth2Response.ok) throw new ThunderIDAPIError(await oauth2Response.text(), "executeEmbeddedSignUpFlow-OAuth2Error-002", "javascript", oauth2Response.status, oauth2Response.statusText, "OAuth2 authorization failed");
|
|
653
|
+
const oauth2Result = await oauth2Response.json();
|
|
654
|
+
return {
|
|
655
|
+
flowStatus: flowResponse.flowStatus,
|
|
656
|
+
redirectUrl: oauth2Result["redirect_uri"]
|
|
657
|
+
};
|
|
658
|
+
} catch (authError) {
|
|
659
|
+
if (authError instanceof ThunderIDAPIError) throw authError;
|
|
660
|
+
throw new ThunderIDAPIError(authError instanceof Error ? authError.message : "Unknown error", "executeEmbeddedSignUpFlow-OAuth2Error-001", "javascript", 500, "Failed to complete OAuth2 authorization after successful embedded sign-up flow.", "OAuth2 authorization failed");
|
|
588
661
|
}
|
|
662
|
+
return flowResponse;
|
|
589
663
|
};
|
|
590
|
-
var
|
|
664
|
+
var executeEmbeddedSignUpFlow_default = executeEmbeddedSignUpFlow;
|
|
591
665
|
|
|
592
666
|
//#endregion
|
|
593
|
-
//#region src/
|
|
667
|
+
//#region src/api/executeEmbeddedRecoveryFlow.ts
|
|
594
668
|
/**
|
|
595
|
-
*
|
|
669
|
+
* Executes an embedded recovery flow by sending a request to the flow execution endpoint.
|
|
670
|
+
*
|
|
671
|
+
* This function handles password-recovery and account-recovery flows driven by the
|
|
672
|
+
* ThunderID server. The server returns UI components for each step (e.g. username
|
|
673
|
+
* collection, OTP verification, password reset) and this function forwards the
|
|
674
|
+
* user's responses back to the server.
|
|
675
|
+
*
|
|
676
|
+
* @param requestConfig - Request configuration containing URL, payload, and optional headers.
|
|
677
|
+
* @returns A promise that resolves with the flow execution response.
|
|
678
|
+
* @throws ThunderIDAPIError when the request fails or a payload is missing.
|
|
679
|
+
*
|
|
680
|
+
* @example
|
|
681
|
+
* ```typescript
|
|
682
|
+
* // Initiate recovery flow
|
|
683
|
+
* const response = await executeEmbeddedRecoveryFlow({
|
|
684
|
+
* baseUrl: 'https://localhost:8090',
|
|
685
|
+
* payload: {
|
|
686
|
+
* flowType: 'RECOVERY',
|
|
687
|
+
* applicationId: 'my-app-id',
|
|
688
|
+
* },
|
|
689
|
+
* });
|
|
690
|
+
*
|
|
691
|
+
* // Continue recovery flow with user input
|
|
692
|
+
* const nextResponse = await executeEmbeddedRecoveryFlow({
|
|
693
|
+
* baseUrl: 'https://localhost:8090',
|
|
694
|
+
* payload: {
|
|
695
|
+
* executionId: response.executionId,
|
|
696
|
+
* action: 'submit',
|
|
697
|
+
* inputs: { username: 'user@example.com' },
|
|
698
|
+
* challengeToken: response.challengeToken,
|
|
699
|
+
* },
|
|
700
|
+
* });
|
|
701
|
+
* ```
|
|
702
|
+
*/
|
|
703
|
+
const executeEmbeddedRecoveryFlow = async ({ url, baseUrl, payload,...requestConfig }) => {
|
|
704
|
+
if (!payload) throw new ThunderIDAPIError("Recovery payload is required", "executeEmbeddedRecoveryFlow-ValidationError-002", "javascript", 400, "If a recovery payload is not provided, the request cannot be constructed correctly.");
|
|
705
|
+
const endpoint = url ?? `${baseUrl}/flow/execute`;
|
|
706
|
+
const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
|
|
707
|
+
const hasOnlyAppIdAndFlowType = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload && Object.keys(cleanPayload).length === 2;
|
|
708
|
+
const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
709
|
+
const requestPayload = hasOnlyAppIdAndFlowType || hasOnlyFlowId ? {
|
|
710
|
+
...cleanPayload,
|
|
711
|
+
verbose: true
|
|
712
|
+
} : cleanPayload;
|
|
713
|
+
const response = await fetch(endpoint, {
|
|
714
|
+
...requestConfig,
|
|
715
|
+
body: JSON.stringify(requestPayload),
|
|
716
|
+
headers: {
|
|
717
|
+
Accept: "application/json",
|
|
718
|
+
"Content-Type": "application/json",
|
|
719
|
+
...requestConfig.headers
|
|
720
|
+
},
|
|
721
|
+
method: requestConfig.method || "POST"
|
|
722
|
+
});
|
|
723
|
+
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedRecoveryFlow-ResponseError-001", "javascript", response.status, response.statusText, "Recovery request failed");
|
|
724
|
+
return await response.json();
|
|
725
|
+
};
|
|
726
|
+
var executeEmbeddedRecoveryFlow_default = executeEmbeddedRecoveryFlow;
|
|
727
|
+
|
|
728
|
+
//#endregion
|
|
729
|
+
//#region src/models/embedded-flow.ts
|
|
730
|
+
/**
|
|
731
|
+
* Copyright (c) 2025-2026, WSO2 LLC. (https://www.wso2.com).
|
|
596
732
|
*
|
|
597
733
|
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
598
734
|
* Version 2.0 (the "License"); you may not use this file except
|
|
@@ -608,174 +744,476 @@ var getUserInfo_default = getUserInfo;
|
|
|
608
744
|
* specific language governing permissions and limitations
|
|
609
745
|
* under the License.
|
|
610
746
|
*/
|
|
747
|
+
let EmbeddedFlowType = /* @__PURE__ */ function(EmbeddedFlowType$1) {
|
|
748
|
+
EmbeddedFlowType$1["Authentication"] = "AUTHENTICATION";
|
|
749
|
+
EmbeddedFlowType$1["Recovery"] = "RECOVERY";
|
|
750
|
+
EmbeddedFlowType$1["Registration"] = "REGISTRATION";
|
|
751
|
+
EmbeddedFlowType$1["UserOnboarding"] = "USER_ONBOARDING";
|
|
752
|
+
return EmbeddedFlowType$1;
|
|
753
|
+
}({});
|
|
754
|
+
let EmbeddedFlowResponseType = /* @__PURE__ */ function(EmbeddedFlowResponseType$1) {
|
|
755
|
+
EmbeddedFlowResponseType$1["Redirection"] = "REDIRECTION";
|
|
756
|
+
EmbeddedFlowResponseType$1["View"] = "VIEW";
|
|
757
|
+
return EmbeddedFlowResponseType$1;
|
|
758
|
+
}({});
|
|
611
759
|
/**
|
|
612
|
-
*
|
|
613
|
-
* Matches patterns like "DEFAULT/", "ASGARDEO_USER/", "PRIMARY/", etc.
|
|
614
|
-
* The pattern matches any uppercase letters, numbers, and underscores followed by a forward slash.
|
|
615
|
-
*/
|
|
616
|
-
const USERSTORE_PREFIX_REGEX = /^[A-Z_][A-Z0-9_]*\//;
|
|
617
|
-
/**
|
|
618
|
-
* Removes userstore prefixes from a username if they exist.
|
|
619
|
-
* This is commonly used to clean usernames returned from SCIM2 endpoints
|
|
620
|
-
* that include userstore prefixes like "DEFAULT/", "ASGARDEO_USER/", "PRIMARY/", etc.
|
|
760
|
+
* Component types supported by the ThunderID embedded flow API.
|
|
621
761
|
*
|
|
622
|
-
*
|
|
623
|
-
*
|
|
762
|
+
* These types define the different UI components that can be rendered
|
|
763
|
+
* as part of the embedded authentication flows. Each type corresponds
|
|
764
|
+
* to a specific UI element with its own behavior and properties.
|
|
624
765
|
*
|
|
625
766
|
* @example
|
|
626
767
|
* ```typescript
|
|
627
|
-
*
|
|
628
|
-
*
|
|
629
|
-
*
|
|
630
|
-
*
|
|
631
|
-
*
|
|
632
|
-
*
|
|
633
|
-
* const primaryUser = removeUserstorePrefix("PRIMARY/admin");
|
|
634
|
-
* console.log(primaryUser); // "admin"
|
|
635
|
-
*
|
|
636
|
-
* const alreadyClean = removeUserstorePrefix("user.name");
|
|
637
|
-
* console.log(alreadyClean); // "user.name"
|
|
638
|
-
*
|
|
639
|
-
* const emptyInput = removeUserstorePrefix("");
|
|
640
|
-
* console.log(emptyInput); // ""
|
|
768
|
+
* // Check component type to render appropriate UI
|
|
769
|
+
* if (component.type === EmbeddedFlowComponentType.TextInput) {
|
|
770
|
+
* // Render text input field
|
|
771
|
+
* } else if (component.type === EmbeddedFlowComponentType.Action) {
|
|
772
|
+
* // Render button/action
|
|
773
|
+
* }
|
|
641
774
|
* ```
|
|
775
|
+
*
|
|
776
|
+
* @experimental This API may change in future versions
|
|
642
777
|
*/
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
778
|
+
let EmbeddedFlowComponentType = /* @__PURE__ */ function(EmbeddedFlowComponentType$1) {
|
|
779
|
+
/** Interactive action component (buttons, links) for user interactions */
|
|
780
|
+
EmbeddedFlowComponentType$1["Action"] = "ACTION";
|
|
781
|
+
/** Container block component that groups other components */
|
|
782
|
+
EmbeddedFlowComponentType$1["Block"] = "BLOCK";
|
|
783
|
+
/** Consent component for displaying consent purposes and attributes */
|
|
784
|
+
EmbeddedFlowComponentType$1["Consent"] = "CONSENT";
|
|
785
|
+
/** Copyable text display component that shows text with a copy-to-clipboard action */
|
|
786
|
+
EmbeddedFlowComponentType$1["CopyableText"] = "COPYABLE_TEXT";
|
|
787
|
+
/** Date input field for selecting a calendar date */
|
|
788
|
+
EmbeddedFlowComponentType$1["DateInput"] = "DATE_INPUT";
|
|
789
|
+
/** Divider component for visual separation of content */
|
|
790
|
+
EmbeddedFlowComponentType$1["Divider"] = "DIVIDER";
|
|
791
|
+
/** Email input field with validation for email addresses. */
|
|
792
|
+
EmbeddedFlowComponentType$1["EmailInput"] = "EMAIL_INPUT";
|
|
793
|
+
/** Icon display component for rendering named vector icons */
|
|
794
|
+
EmbeddedFlowComponentType$1["Icon"] = "ICON";
|
|
795
|
+
/** Image display component for logos and illustrations */
|
|
796
|
+
EmbeddedFlowComponentType$1["Image"] = "IMAGE";
|
|
797
|
+
/** One-time password input field for multi-factor authentication */
|
|
798
|
+
EmbeddedFlowComponentType$1["OtpInput"] = "OTP_INPUT";
|
|
799
|
+
/** Organization unit tree picker for selecting an OU */
|
|
800
|
+
EmbeddedFlowComponentType$1["OuSelect"] = "OU_SELECT";
|
|
801
|
+
/** Password input field with masking for sensitive data */
|
|
802
|
+
EmbeddedFlowComponentType$1["PasswordInput"] = "PASSWORD_INPUT";
|
|
803
|
+
/** Phone number input field with country code support */
|
|
804
|
+
EmbeddedFlowComponentType$1["PhoneInput"] = "PHONE_INPUT";
|
|
805
|
+
/** Rich text display component that renders formatted HTML content */
|
|
806
|
+
EmbeddedFlowComponentType$1["RichText"] = "RICH_TEXT";
|
|
807
|
+
/** Select/dropdown input component for single choice selection */
|
|
808
|
+
EmbeddedFlowComponentType$1["Select"] = "SELECT";
|
|
809
|
+
/** Stack layout component for arranging children in a row or column */
|
|
810
|
+
EmbeddedFlowComponentType$1["Stack"] = "STACK";
|
|
811
|
+
/** Text display component for labels, headings, and messages */
|
|
812
|
+
EmbeddedFlowComponentType$1["Text"] = "TEXT";
|
|
813
|
+
/** Standard text input field for user data entry */
|
|
814
|
+
EmbeddedFlowComponentType$1["TextInput"] = "TEXT_INPUT";
|
|
815
|
+
/** Timer component for displaying a countdown */
|
|
816
|
+
EmbeddedFlowComponentType$1["Timer"] = "TIMER";
|
|
817
|
+
/** QR code display component for wallet-based flows (e.g. OpenID4VP) */
|
|
818
|
+
EmbeddedFlowComponentType$1["QrCode"] = "QR_CODE";
|
|
819
|
+
return EmbeddedFlowComponentType$1;
|
|
820
|
+
}({});
|
|
647
821
|
/**
|
|
648
|
-
*
|
|
649
|
-
* This is a helper function for processing user objects returned from SCIM2 endpoints.
|
|
650
|
-
* Handles various username field variations: username, userName, and user_name.
|
|
651
|
-
*
|
|
652
|
-
* @param user - The user object to process
|
|
653
|
-
* @returns The user object with processed username fields
|
|
654
|
-
*
|
|
655
|
-
* @example
|
|
656
|
-
* ```typescript
|
|
657
|
-
* const user = { username: "DEFAULT/john.doe", email: "john@example.com" };
|
|
658
|
-
* const processedUser = processUserUsername(user);
|
|
659
|
-
* console.log(processedUser.username); // "john.doe"
|
|
822
|
+
* Action variant types for buttons and interactive elements.
|
|
660
823
|
*
|
|
661
|
-
*
|
|
662
|
-
|
|
663
|
-
|
|
824
|
+
* @experimental This API may change in future versions
|
|
825
|
+
*/
|
|
826
|
+
let EmbeddedFlowActionVariant = /* @__PURE__ */ function(EmbeddedFlowActionVariant$1) {
|
|
827
|
+
/** Danger action button for destructive operations */
|
|
828
|
+
EmbeddedFlowActionVariant$1["Danger"] = "DANGER";
|
|
829
|
+
/** Info action button for informational purposes */
|
|
830
|
+
EmbeddedFlowActionVariant$1["Info"] = "INFO";
|
|
831
|
+
/** Link-styled action button */
|
|
832
|
+
EmbeddedFlowActionVariant$1["Link"] = "LINK";
|
|
833
|
+
/** Outlined action button for secondary emphasis */
|
|
834
|
+
EmbeddedFlowActionVariant$1["Outlined"] = "OUTLINED";
|
|
835
|
+
/** Primary action button with highest visual emphasis */
|
|
836
|
+
EmbeddedFlowActionVariant$1["Primary"] = "PRIMARY";
|
|
837
|
+
/** Secondary action button with moderate visual emphasis */
|
|
838
|
+
EmbeddedFlowActionVariant$1["Secondary"] = "SECONDARY";
|
|
839
|
+
/** Success action button for positive confirmations */
|
|
840
|
+
EmbeddedFlowActionVariant$1["Success"] = "SUCCESS";
|
|
841
|
+
/** Tertiary action button with minimal visual emphasis */
|
|
842
|
+
EmbeddedFlowActionVariant$1["Tertiary"] = "TERTIARY";
|
|
843
|
+
/** Warning action button for cautionary actions */
|
|
844
|
+
EmbeddedFlowActionVariant$1["Warning"] = "WARNING";
|
|
845
|
+
return EmbeddedFlowActionVariant$1;
|
|
846
|
+
}({});
|
|
847
|
+
/**
|
|
848
|
+
* Text variant types for typography components.
|
|
664
849
|
*
|
|
665
|
-
*
|
|
666
|
-
* const processedSnakeCaseUser = processUserUsername(snakeCaseUser);
|
|
667
|
-
* console.log(processedSnakeCaseUser.user_name); // "admin"
|
|
668
|
-
* ```
|
|
850
|
+
* @experimental This API may change in future versions
|
|
669
851
|
*/
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
|
|
674
|
-
|
|
675
|
-
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
852
|
+
let EmbeddedFlowTextVariant = /* @__PURE__ */ function(EmbeddedFlowTextVariant$1) {
|
|
853
|
+
/** Primary body text for main content */
|
|
854
|
+
EmbeddedFlowTextVariant$1["Body1"] = "BODY_1";
|
|
855
|
+
/** Secondary body text for supplementary content */
|
|
856
|
+
EmbeddedFlowTextVariant$1["Body2"] = "BODY_2";
|
|
857
|
+
/** Text styled for button labels */
|
|
858
|
+
EmbeddedFlowTextVariant$1["ButtonText"] = "BUTTON_TEXT";
|
|
859
|
+
/** Small caption text for annotations and descriptions */
|
|
860
|
+
EmbeddedFlowTextVariant$1["Caption"] = "CAPTION";
|
|
861
|
+
/** Largest heading level for main titles */
|
|
862
|
+
EmbeddedFlowTextVariant$1["Heading1"] = "HEADING_1";
|
|
863
|
+
/** Second level heading for major sections */
|
|
864
|
+
EmbeddedFlowTextVariant$1["Heading2"] = "HEADING_2";
|
|
865
|
+
/** Third level heading for subsections */
|
|
866
|
+
EmbeddedFlowTextVariant$1["Heading3"] = "HEADING_3";
|
|
867
|
+
/** Fourth level heading for minor sections */
|
|
868
|
+
EmbeddedFlowTextVariant$1["Heading4"] = "HEADING_4";
|
|
869
|
+
/** Fifth level heading for detailed sections */
|
|
870
|
+
EmbeddedFlowTextVariant$1["Heading5"] = "HEADING_5";
|
|
871
|
+
/** Smallest heading level for fine-grained sections */
|
|
872
|
+
EmbeddedFlowTextVariant$1["Heading6"] = "HEADING_6";
|
|
873
|
+
/** Overline text for labels and categories */
|
|
874
|
+
EmbeddedFlowTextVariant$1["Overline"] = "OVERLINE";
|
|
875
|
+
/** Primary subtitle text with larger emphasis */
|
|
876
|
+
EmbeddedFlowTextVariant$1["Subtitle1"] = "SUBTITLE_1";
|
|
877
|
+
/** Secondary subtitle text with moderate emphasis */
|
|
878
|
+
EmbeddedFlowTextVariant$1["Subtitle2"] = "SUBTITLE_2";
|
|
879
|
+
return EmbeddedFlowTextVariant$1;
|
|
880
|
+
}({});
|
|
881
|
+
/**
|
|
882
|
+
* Event types for action components.
|
|
883
|
+
*
|
|
884
|
+
* @experimental This API may change in future versions
|
|
885
|
+
*/
|
|
886
|
+
let EmbeddedFlowEventType = /* @__PURE__ */ function(EmbeddedFlowEventType$1) {
|
|
887
|
+
/** Navigate back to the previous step */
|
|
888
|
+
EmbeddedFlowEventType$1["Back"] = "BACK";
|
|
889
|
+
/** Cancel the current operation */
|
|
890
|
+
EmbeddedFlowEventType$1["Cancel"] = "CANCEL";
|
|
891
|
+
/** Navigate to a different flow step or page */
|
|
892
|
+
EmbeddedFlowEventType$1["Navigate"] = "NAVIGATE";
|
|
893
|
+
/** Reset form fields to initial state */
|
|
894
|
+
EmbeddedFlowEventType$1["Reset"] = "RESET";
|
|
895
|
+
/** Submit form data to the server */
|
|
896
|
+
EmbeddedFlowEventType$1["Submit"] = "SUBMIT";
|
|
897
|
+
/** Trigger an action or event */
|
|
898
|
+
EmbeddedFlowEventType$1["Trigger"] = "TRIGGER";
|
|
899
|
+
return EmbeddedFlowEventType$1;
|
|
900
|
+
}({});
|
|
679
901
|
|
|
680
902
|
//#endregion
|
|
681
|
-
//#region src/api/
|
|
903
|
+
//#region src/api/executeEmbeddedUserOnboardingFlow.ts
|
|
682
904
|
/**
|
|
683
|
-
*
|
|
905
|
+
* Executes an embedded user onboarding flow by sending a request to the flow execution endpoint.
|
|
906
|
+
*
|
|
907
|
+
* This function handles both:
|
|
908
|
+
* - Admin flow: Initiates onboarding, collects user details, generates invite link
|
|
909
|
+
* - End-user flow: Validates invite token and allows password setting
|
|
910
|
+
*
|
|
911
|
+
* @param requestConfig - Request configuration object containing URL, payload, and optional auth token.
|
|
912
|
+
* @returns A promise that resolves with the flow execution response.
|
|
913
|
+
* @throws ThunderIDAPIError when the request fails or URL is invalid.
|
|
684
914
|
*
|
|
685
|
-
* @param config - Request configuration object.
|
|
686
|
-
* @returns A promise that resolves with the user profile information.
|
|
687
915
|
* @example
|
|
688
916
|
* ```typescript
|
|
689
|
-
* //
|
|
690
|
-
*
|
|
691
|
-
*
|
|
692
|
-
*
|
|
693
|
-
*
|
|
694
|
-
*
|
|
695
|
-
*
|
|
696
|
-
*
|
|
697
|
-
* console.error('Failed to get user profile:', error.message);
|
|
917
|
+
* // Admin initiating user onboarding (requires auth token)
|
|
918
|
+
* const response = await executeEmbeddedUserOnboardingFlow({
|
|
919
|
+
* baseUrl: "https://api.thunder.io",
|
|
920
|
+
* payload: {
|
|
921
|
+
* flowType: "USER_ONBOARDING"
|
|
922
|
+
* },
|
|
923
|
+
* headers: {
|
|
924
|
+
* Authorization: `Bearer ${accessToken}`
|
|
698
925
|
* }
|
|
699
|
-
* }
|
|
926
|
+
* });
|
|
927
|
+
*
|
|
928
|
+
* // End-user accepting invite (no auth required)
|
|
929
|
+
* const response = await executeEmbeddedUserOnboardingFlow({
|
|
930
|
+
* baseUrl: "https://api.thunder.io",
|
|
931
|
+
* payload: {
|
|
932
|
+
* executionId: "flow-id-from-url",
|
|
933
|
+
* inputs: { inviteToken: "token-from-url" }
|
|
934
|
+
* }
|
|
935
|
+
* });
|
|
700
936
|
* ```
|
|
937
|
+
*/
|
|
938
|
+
const executeEmbeddedUserOnboardingFlow = async ({ url, baseUrl, payload,...requestConfig }) => {
|
|
939
|
+
if (!payload) throw new ThunderIDAPIError("User onboarding payload is required", "executeEmbeddedUserOnboardingFlow-ValidationError-002", "javascript", 400, "If a user onboarding payload is not provided, the request cannot be constructed correctly.");
|
|
940
|
+
const endpoint = url ?? `${baseUrl}/flow/execute`;
|
|
941
|
+
const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
|
|
942
|
+
const hasOnlyFlowType = typeof cleanPayload === "object" && cleanPayload !== null && "flowType" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
943
|
+
const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
944
|
+
const hasFlowIdWithInputs = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && "inputs" in cleanPayload;
|
|
945
|
+
const requestPayload = hasOnlyFlowType || hasOnlyFlowId || hasFlowIdWithInputs ? {
|
|
946
|
+
...cleanPayload,
|
|
947
|
+
verbose: true
|
|
948
|
+
} : cleanPayload;
|
|
949
|
+
if ("flowType" in requestPayload && requestPayload["flowType"] !== EmbeddedFlowType.UserOnboarding) requestPayload["flowType"] = EmbeddedFlowType.UserOnboarding;
|
|
950
|
+
const response = await fetch(endpoint, {
|
|
951
|
+
...requestConfig,
|
|
952
|
+
body: JSON.stringify(requestPayload),
|
|
953
|
+
headers: {
|
|
954
|
+
Accept: "application/json",
|
|
955
|
+
"Content-Type": "application/json",
|
|
956
|
+
...requestConfig.headers
|
|
957
|
+
},
|
|
958
|
+
method: requestConfig.method || "POST"
|
|
959
|
+
});
|
|
960
|
+
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedUserOnboardingFlow-ResponseError-001", "javascript", response.status, response.statusText, "User onboarding request failed");
|
|
961
|
+
return await response.json();
|
|
962
|
+
};
|
|
963
|
+
var executeEmbeddedUserOnboardingFlow_default = executeEmbeddedUserOnboardingFlow;
|
|
964
|
+
|
|
965
|
+
//#endregion
|
|
966
|
+
//#region src/api/getFlowMeta.ts
|
|
967
|
+
/**
|
|
968
|
+
* Fetches aggregated flow metadata from the `GET /flow/meta` endpoint.
|
|
969
|
+
*
|
|
970
|
+
* The response includes:
|
|
971
|
+
* - Application or OU details depending on the `type` parameter
|
|
972
|
+
* - Resolved design configuration (theme and layout)
|
|
973
|
+
* - i18n translations filtered by `language` and `namespace`
|
|
974
|
+
* - Registration flow enablement status
|
|
975
|
+
*
|
|
976
|
+
* @param config - Request configuration including `baseUrl`/`url`, and optional
|
|
977
|
+
* `type`, `id`, `language`, and `namespace` filters. When `type`
|
|
978
|
+
* and `id` are omitted the server returns i18n-only metadata.
|
|
979
|
+
* @returns A promise that resolves to the {@link FlowMetadataResponse}.
|
|
980
|
+
*
|
|
981
|
+
* @throws {ThunderIDAPIError} When the server returns a non-OK response.
|
|
701
982
|
*
|
|
702
983
|
* @example
|
|
703
984
|
* ```typescript
|
|
704
|
-
*
|
|
705
|
-
*
|
|
706
|
-
*
|
|
707
|
-
*
|
|
708
|
-
*
|
|
709
|
-
*
|
|
710
|
-
*
|
|
711
|
-
*
|
|
712
|
-
*
|
|
713
|
-
*
|
|
714
|
-
*
|
|
715
|
-
*
|
|
716
|
-
*
|
|
717
|
-
* ok: response.status >= 200 && response.status < 300,
|
|
718
|
-
* status: response.status,
|
|
719
|
-
* statusText: response.statusText,
|
|
720
|
-
* json: () => Promise.resolve(response.data),
|
|
721
|
-
* text: () => Promise.resolve(typeof response.data === 'string' ? response.data : JSON.stringify(response.data))
|
|
722
|
-
* } as Response;
|
|
723
|
-
* }
|
|
724
|
-
* });
|
|
725
|
-
* console.log(userProfile);
|
|
726
|
-
* } catch (error) {
|
|
727
|
-
* if (error instanceof ThunderIDAPIError) {
|
|
728
|
-
* console.error('Failed to get user profile:', error.message);
|
|
729
|
-
* }
|
|
730
|
-
* }
|
|
985
|
+
* import getFlowMeta from './api/getFlowMeta';
|
|
986
|
+
* import { FlowMetaType } from './models/flow-meta';
|
|
987
|
+
*
|
|
988
|
+
* const meta = await getFlowMeta({
|
|
989
|
+
* baseUrl: 'https://localhost:8090',
|
|
990
|
+
* type: FlowMetaType.App,
|
|
991
|
+
* id: '60a9b38b-6eba-9f9e-55f9-267067de4680',
|
|
992
|
+
* language: 'en',
|
|
993
|
+
* namespace: 'auth',
|
|
994
|
+
* });
|
|
995
|
+
*
|
|
996
|
+
* console.log(meta.application?.name);
|
|
997
|
+
* console.log(meta.i18n.translations);
|
|
731
998
|
* ```
|
|
999
|
+
*
|
|
1000
|
+
* @experimental This function targets the ThunderID V2 platform API
|
|
732
1001
|
*/
|
|
733
|
-
const
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
const
|
|
741
|
-
const
|
|
1002
|
+
const getFlowMeta = async ({ url, baseUrl, type, id, language, namespace,...requestConfig }) => {
|
|
1003
|
+
const queryParams = new URLSearchParams({
|
|
1004
|
+
...id ? { id } : {},
|
|
1005
|
+
...type ? { type } : {},
|
|
1006
|
+
...language ? { language } : {},
|
|
1007
|
+
...namespace ? { namespace } : {}
|
|
1008
|
+
});
|
|
1009
|
+
const endpoint = `${url ?? `${baseUrl}/flow/meta`}?${queryParams.toString()}`;
|
|
1010
|
+
const response = await fetch(endpoint, {
|
|
742
1011
|
...requestConfig,
|
|
743
1012
|
headers: {
|
|
744
1013
|
Accept: "application/json",
|
|
745
|
-
"Content-Type": "application/scim+json",
|
|
746
1014
|
...requestConfig.headers
|
|
747
1015
|
},
|
|
748
1016
|
method: "GET"
|
|
749
|
-
};
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getScim2Me-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch user profile");
|
|
753
|
-
return processUsername_default(await response.json());
|
|
754
|
-
} catch (error$1) {
|
|
755
|
-
if (error$1 instanceof ThunderIDAPIError) throw error$1;
|
|
756
|
-
throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getScim2Me-NetworkError-001", "javascript", 0, "Network Error");
|
|
757
|
-
}
|
|
1017
|
+
});
|
|
1018
|
+
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getFlowMeta-ResponseError-001", "javascript", response.status, response.statusText, "Flow metadata request failed");
|
|
1019
|
+
return await response.json();
|
|
758
1020
|
};
|
|
759
|
-
var
|
|
1021
|
+
var getFlowMeta_default = getFlowMeta;
|
|
760
1022
|
|
|
761
1023
|
//#endregion
|
|
762
|
-
//#region src/api/
|
|
1024
|
+
//#region src/api/getOrganizationUnitChildren.ts
|
|
763
1025
|
/**
|
|
764
|
-
* Retrieves the
|
|
1026
|
+
* Retrieves the child organization units of a given parent OU.
|
|
1027
|
+
*
|
|
1028
|
+
* @param config - Request configuration including `baseUrl`/`url`, `organizationUnitId`,
|
|
1029
|
+
* and optional `limit`/`offset` pagination parameters.
|
|
1030
|
+
* @returns A promise that resolves with the paginated list of child organization units.
|
|
1031
|
+
*
|
|
1032
|
+
* @throws {ThunderIDAPIError} When the server returns a non-OK response.
|
|
765
1033
|
*
|
|
766
|
-
* @param config - Request configuration object.
|
|
767
|
-
* @returns A promise that resolves with the SCIM2 schemas information.
|
|
768
1034
|
* @example
|
|
769
1035
|
* ```typescript
|
|
770
|
-
*
|
|
771
|
-
*
|
|
772
|
-
*
|
|
773
|
-
*
|
|
1036
|
+
* const children = await getOrganizationUnitChildren({
|
|
1037
|
+
* baseUrl: 'https://localhost:8090',
|
|
1038
|
+
* organizationUnitId: '0d5e071b-d3d3-475d-b3c6-1a20ee2fa9b1',
|
|
1039
|
+
* limit: 10,
|
|
1040
|
+
* offset: 0,
|
|
1041
|
+
* });
|
|
1042
|
+
* console.log(children.organizationUnits);
|
|
1043
|
+
* ```
|
|
1044
|
+
*
|
|
1045
|
+
* @experimental This function targets the ThunderID V2 platform API
|
|
1046
|
+
*/
|
|
1047
|
+
const getOrganizationUnitChildren = async ({ url, baseUrl, organizationUnitId, limit = 10, offset = 0,...requestConfig }) => {
|
|
1048
|
+
if (!organizationUnitId) throw new ThunderIDAPIError("Organization Unit ID is required", "getOrganizationUnitChildren-ValidationError-001", "javascript", 400, "If an organization unit ID is not provided, the request cannot be constructed correctly.");
|
|
1049
|
+
const queryParams = new URLSearchParams({
|
|
1050
|
+
limit: String(limit),
|
|
1051
|
+
offset: String(offset)
|
|
1052
|
+
});
|
|
1053
|
+
const endpoint = url ?? `${baseUrl}/organization-units/${organizationUnitId}/ous?${queryParams.toString()}`;
|
|
1054
|
+
const response = await fetch(endpoint, {
|
|
1055
|
+
...requestConfig,
|
|
1056
|
+
headers: {
|
|
1057
|
+
Accept: "application/json",
|
|
1058
|
+
...requestConfig.headers
|
|
1059
|
+
},
|
|
1060
|
+
method: "GET"
|
|
1061
|
+
});
|
|
1062
|
+
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getOrganizationUnitChildren-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch organization unit children");
|
|
1063
|
+
return await response.json();
|
|
1064
|
+
};
|
|
1065
|
+
var getOrganizationUnitChildren_default = getOrganizationUnitChildren;
|
|
1066
|
+
|
|
1067
|
+
//#endregion
|
|
1068
|
+
//#region src/api/getUserInfo.ts
|
|
1069
|
+
/**
|
|
1070
|
+
* Retrieves the user information from the specified OIDC userinfo endpoint.
|
|
1071
|
+
*
|
|
1072
|
+
* @param requestConfig - Request configuration object.
|
|
1073
|
+
* @returns A promise that resolves with the user information.
|
|
1074
|
+
* @throw
|
|
1075
|
+
* const userInfo = await getUserInfo({
|
|
1076
|
+
* url: "https://localhost:8090/oauth2/userinfo",
|
|
774
1077
|
* });
|
|
775
|
-
* console.log(
|
|
1078
|
+
* console.log(userInfo);
|
|
776
1079
|
* } catch (error) {
|
|
777
1080
|
* if (error instanceof ThunderIDAPIError) {
|
|
778
|
-
* console.error('Failed to get
|
|
1081
|
+
* console.error('Failed to get user info:', error.message);
|
|
1082
|
+
* }
|
|
1083
|
+
* }
|
|
1084
|
+
* ```
|
|
1085
|
+
*/
|
|
1086
|
+
const getUserInfo = async ({ url,...requestConfig }) => {
|
|
1087
|
+
try {
|
|
1088
|
+
new URL(url);
|
|
1089
|
+
} catch (error$1) {
|
|
1090
|
+
throw new ThunderIDAPIError("Invalid endpoint URL provided", "getUserInfo-ValidationError-001", "javascript", 400, "Invalid Request");
|
|
1091
|
+
}
|
|
1092
|
+
try {
|
|
1093
|
+
const response = await fetch(url, {
|
|
1094
|
+
...requestConfig,
|
|
1095
|
+
headers: {
|
|
1096
|
+
Accept: "application/json",
|
|
1097
|
+
"Content-Type": "application/json",
|
|
1098
|
+
...requestConfig.headers
|
|
1099
|
+
},
|
|
1100
|
+
method: "GET"
|
|
1101
|
+
});
|
|
1102
|
+
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getUserInfo-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch user info");
|
|
1103
|
+
return await response.json();
|
|
1104
|
+
} catch (error$1) {
|
|
1105
|
+
if (error$1 instanceof ThunderIDAPIError) throw error$1;
|
|
1106
|
+
throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getUserInfo-NetworkError-001", "javascript", 0, "Network Error");
|
|
1107
|
+
}
|
|
1108
|
+
};
|
|
1109
|
+
var getUserInfo_default = getUserInfo;
|
|
1110
|
+
|
|
1111
|
+
//#endregion
|
|
1112
|
+
//#region src/utils/processUsername.ts
|
|
1113
|
+
/**
|
|
1114
|
+
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
|
|
1115
|
+
*
|
|
1116
|
+
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
1117
|
+
* Version 2.0 (the "License"); you may not use this file except
|
|
1118
|
+
* in compliance with the License.
|
|
1119
|
+
* You may obtain a copy of the License at
|
|
1120
|
+
*
|
|
1121
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
1122
|
+
*
|
|
1123
|
+
* Unless required by applicable law or agreed to in writing,
|
|
1124
|
+
* software distributed under the License is distributed on an
|
|
1125
|
+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
1126
|
+
* KIND, either express or implied. See the License for the
|
|
1127
|
+
* specific language governing permissions and limitations
|
|
1128
|
+
* under the License.
|
|
1129
|
+
*/
|
|
1130
|
+
/**
|
|
1131
|
+
* Regular expression to match userstore prefixes in usernames.
|
|
1132
|
+
* Matches patterns like "DEFAULT/", "ASGARDEO_USER/", "PRIMARY/", etc.
|
|
1133
|
+
* The pattern matches any uppercase letters, numbers, and underscores followed by a forward slash.
|
|
1134
|
+
*/
|
|
1135
|
+
const USERSTORE_PREFIX_REGEX = /^[A-Z_][A-Z0-9_]*\//;
|
|
1136
|
+
/**
|
|
1137
|
+
* Removes userstore prefixes from a username if they exist.
|
|
1138
|
+
* This is commonly used to clean usernames returned from SCIM2 endpoints
|
|
1139
|
+
* that include userstore prefixes like "DEFAULT/", "ASGARDEO_USER/", "PRIMARY/", etc.
|
|
1140
|
+
*
|
|
1141
|
+
* @param username - The username string to process
|
|
1142
|
+
* @returns The username without the userstore prefix, or the original username if no prefix exists
|
|
1143
|
+
*
|
|
1144
|
+
* @example
|
|
1145
|
+
* ```typescript
|
|
1146
|
+
* const cleanUsername = removeUserstorePrefix("DEFAULT/john.doe");
|
|
1147
|
+
* console.log(cleanUsername); // "john.doe"
|
|
1148
|
+
*
|
|
1149
|
+
* const thunderidUser = removeUserstorePrefix("ASGARDEO_USER/jane.doe");
|
|
1150
|
+
* console.log(thunderidUser); // "jane.doe"
|
|
1151
|
+
*
|
|
1152
|
+
* const primaryUser = removeUserstorePrefix("PRIMARY/admin");
|
|
1153
|
+
* console.log(primaryUser); // "admin"
|
|
1154
|
+
*
|
|
1155
|
+
* const alreadyClean = removeUserstorePrefix("user.name");
|
|
1156
|
+
* console.log(alreadyClean); // "user.name"
|
|
1157
|
+
*
|
|
1158
|
+
* const emptyInput = removeUserstorePrefix("");
|
|
1159
|
+
* console.log(emptyInput); // ""
|
|
1160
|
+
* ```
|
|
1161
|
+
*/
|
|
1162
|
+
const removeUserstorePrefix = (username) => {
|
|
1163
|
+
if (!username) return "";
|
|
1164
|
+
return username.replace(USERSTORE_PREFIX_REGEX, "");
|
|
1165
|
+
};
|
|
1166
|
+
/**
|
|
1167
|
+
* Processes a user object to remove userstore prefixes from username fields.
|
|
1168
|
+
* This is a helper function for processing user objects returned from SCIM2 endpoints.
|
|
1169
|
+
* Handles various username field variations: username, userName, and user_name.
|
|
1170
|
+
*
|
|
1171
|
+
* @param user - The user object to process
|
|
1172
|
+
* @returns The user object with processed username fields
|
|
1173
|
+
*
|
|
1174
|
+
* @example
|
|
1175
|
+
* ```typescript
|
|
1176
|
+
* const user = { username: "DEFAULT/john.doe", email: "john@example.com" };
|
|
1177
|
+
* const processedUser = processUserUsername(user);
|
|
1178
|
+
* console.log(processedUser.username); // "john.doe"
|
|
1179
|
+
*
|
|
1180
|
+
* const camelCaseUser = { userName: "ASGARDEO_USER/jane.doe", email: "jane@example.com" };
|
|
1181
|
+
* const processedCamelCaseUser = processUserUsername(camelCaseUser);
|
|
1182
|
+
* console.log(processedCamelCaseUser.userName); // "jane.doe"
|
|
1183
|
+
*
|
|
1184
|
+
* const snakeCaseUser = { user_name: "PRIMARY/admin", email: "admin@example.com" };
|
|
1185
|
+
* const processedSnakeCaseUser = processUserUsername(snakeCaseUser);
|
|
1186
|
+
* console.log(processedSnakeCaseUser.user_name); // "admin"
|
|
1187
|
+
* ```
|
|
1188
|
+
*/
|
|
1189
|
+
const processUsername = (user) => {
|
|
1190
|
+
if (!user) return user;
|
|
1191
|
+
const processedUser = { ...user };
|
|
1192
|
+
if (processedUser.username) processedUser.username = removeUserstorePrefix(processedUser.username);
|
|
1193
|
+
if (processedUser.userName) processedUser.userName = removeUserstorePrefix(processedUser.userName);
|
|
1194
|
+
if (processedUser.user_name) processedUser.user_name = removeUserstorePrefix(processedUser.user_name);
|
|
1195
|
+
return processedUser;
|
|
1196
|
+
};
|
|
1197
|
+
var processUsername_default = processUsername;
|
|
1198
|
+
|
|
1199
|
+
//#endregion
|
|
1200
|
+
//#region src/api/getScim2Me.ts
|
|
1201
|
+
/**
|
|
1202
|
+
* Retrieves the user profile information from the specified SCIM2 /Me endpoint.
|
|
1203
|
+
*
|
|
1204
|
+
* @param config - Request configuration object.
|
|
1205
|
+
* @returns A promise that resolves with the user profile information.
|
|
1206
|
+
* @example
|
|
1207
|
+
* ```typescript
|
|
1208
|
+
* // Using default fetch
|
|
1209
|
+
* try {
|
|
1210
|
+
* const userProfile = await getScim2Me({
|
|
1211
|
+
* url: "https://localhost:8090/scim2/Me",
|
|
1212
|
+
* });
|
|
1213
|
+
* console.log(userProfile);
|
|
1214
|
+
* } catch (error) {
|
|
1215
|
+
* if (error instanceof ThunderIDAPIError) {
|
|
1216
|
+
* console.error('Failed to get user profile:', error.message);
|
|
779
1217
|
* }
|
|
780
1218
|
* }
|
|
781
1219
|
* ```
|
|
@@ -784,8 +1222,8 @@ var getScim2Me_default = getScim2Me;
|
|
|
784
1222
|
* ```typescript
|
|
785
1223
|
* // Using custom fetcher (e.g., axios-based httpClient)
|
|
786
1224
|
* try {
|
|
787
|
-
* const
|
|
788
|
-
* url: "https://localhost:8090/scim2/
|
|
1225
|
+
* const userProfile = await getScim2Me({
|
|
1226
|
+
* url: "https://localhost:8090/scim2/Me",
|
|
789
1227
|
* fetcher: async (url, config) => {
|
|
790
1228
|
* const response = await httpClient({
|
|
791
1229
|
* url,
|
|
@@ -803,63 +1241,60 @@ var getScim2Me_default = getScim2Me;
|
|
|
803
1241
|
* } as Response;
|
|
804
1242
|
* }
|
|
805
1243
|
* });
|
|
806
|
-
* console.log(
|
|
1244
|
+
* console.log(userProfile);
|
|
807
1245
|
* } catch (error) {
|
|
808
1246
|
* if (error instanceof ThunderIDAPIError) {
|
|
809
|
-
* console.error('Failed to get
|
|
1247
|
+
* console.error('Failed to get user profile:', error.message);
|
|
810
1248
|
* }
|
|
811
1249
|
* }
|
|
812
1250
|
* ```
|
|
813
1251
|
*/
|
|
814
|
-
const
|
|
1252
|
+
const getScim2Me = async ({ url, baseUrl, fetcher,...requestConfig }) => {
|
|
815
1253
|
try {
|
|
816
1254
|
new URL(url ?? baseUrl);
|
|
817
1255
|
} catch (error$1) {
|
|
818
|
-
throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "
|
|
1256
|
+
throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "getScim2Me-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
|
|
819
1257
|
}
|
|
820
1258
|
const fetchFn = fetcher || fetch;
|
|
821
|
-
const resolvedUrl = url ?? `${baseUrl}/scim2/
|
|
1259
|
+
const resolvedUrl = url ?? `${baseUrl}/scim2/Me`;
|
|
822
1260
|
const requestInit = {
|
|
823
1261
|
...requestConfig,
|
|
824
1262
|
headers: {
|
|
825
1263
|
Accept: "application/json",
|
|
826
|
-
"Content-Type": "application/json",
|
|
1264
|
+
"Content-Type": "application/scim+json",
|
|
827
1265
|
...requestConfig.headers
|
|
828
1266
|
},
|
|
829
1267
|
method: "GET"
|
|
830
1268
|
};
|
|
831
1269
|
try {
|
|
832
1270
|
const response = await fetchFn(resolvedUrl, requestInit);
|
|
833
|
-
if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "
|
|
834
|
-
return await response.json();
|
|
1271
|
+
if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getScim2Me-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch user profile");
|
|
1272
|
+
return processUsername_default(await response.json());
|
|
835
1273
|
} catch (error$1) {
|
|
836
1274
|
if (error$1 instanceof ThunderIDAPIError) throw error$1;
|
|
837
|
-
throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "
|
|
1275
|
+
throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getScim2Me-NetworkError-001", "javascript", 0, "Network Error");
|
|
838
1276
|
}
|
|
839
1277
|
};
|
|
840
|
-
var
|
|
1278
|
+
var getScim2Me_default = getScim2Me;
|
|
841
1279
|
|
|
842
1280
|
//#endregion
|
|
843
|
-
//#region src/api/
|
|
1281
|
+
//#region src/api/getSchemas.ts
|
|
844
1282
|
/**
|
|
845
|
-
* Retrieves
|
|
1283
|
+
* Retrieves the SCIM2 schemas from the specified endpoint.
|
|
846
1284
|
*
|
|
847
|
-
* @param config -
|
|
848
|
-
* @returns A promise that resolves with the
|
|
1285
|
+
* @param config - Request configuration object.
|
|
1286
|
+
* @returns A promise that resolves with the SCIM2 schemas information.
|
|
849
1287
|
* @example
|
|
850
1288
|
* ```typescript
|
|
851
1289
|
* // Using default fetch
|
|
852
1290
|
* try {
|
|
853
|
-
* const
|
|
854
|
-
*
|
|
855
|
-
* filter: "",
|
|
856
|
-
* limit: 10,
|
|
857
|
-
* recursive: false
|
|
1291
|
+
* const schemas = await getSchemas({
|
|
1292
|
+
* url: "https://localhost:8090/scim2/Schemas",
|
|
858
1293
|
* });
|
|
859
|
-
* console.log(
|
|
1294
|
+
* console.log(schemas);
|
|
860
1295
|
* } catch (error) {
|
|
861
1296
|
* if (error instanceof ThunderIDAPIError) {
|
|
862
|
-
* console.error('Failed to get
|
|
1297
|
+
* console.error('Failed to get schemas:', error.message);
|
|
863
1298
|
* }
|
|
864
1299
|
* }
|
|
865
1300
|
* ```
|
|
@@ -868,11 +1303,8 @@ var getSchemas_default = getSchemas;
|
|
|
868
1303
|
* ```typescript
|
|
869
1304
|
* // Using custom fetcher (e.g., axios-based httpClient)
|
|
870
1305
|
* try {
|
|
871
|
-
* const
|
|
872
|
-
*
|
|
873
|
-
* filter: "",
|
|
874
|
-
* limit: 10,
|
|
875
|
-
* recursive: false,
|
|
1306
|
+
* const schemas = await getSchemas({
|
|
1307
|
+
* url: "https://localhost:8090/scim2/Schemas",
|
|
876
1308
|
* fetcher: async (url, config) => {
|
|
877
1309
|
* const response = await httpClient({
|
|
878
1310
|
* url,
|
|
@@ -890,43 +1322,130 @@ var getSchemas_default = getSchemas;
|
|
|
890
1322
|
* } as Response;
|
|
891
1323
|
* }
|
|
892
1324
|
* });
|
|
893
|
-
* console.log(
|
|
1325
|
+
* console.log(schemas);
|
|
894
1326
|
* } catch (error) {
|
|
895
1327
|
* if (error instanceof ThunderIDAPIError) {
|
|
896
|
-
* console.error('Failed to get
|
|
1328
|
+
* console.error('Failed to get schemas:', error.message);
|
|
897
1329
|
* }
|
|
898
1330
|
* }
|
|
899
1331
|
* ```
|
|
900
1332
|
*/
|
|
901
|
-
const
|
|
1333
|
+
const getSchemas = async ({ url, baseUrl, fetcher,...requestConfig }) => {
|
|
902
1334
|
try {
|
|
903
|
-
new URL(baseUrl);
|
|
1335
|
+
new URL(url ?? baseUrl);
|
|
904
1336
|
} catch (error$1) {
|
|
905
|
-
throw new ThunderIDAPIError(`Invalid
|
|
1337
|
+
throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "getSchemas-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
|
|
906
1338
|
}
|
|
907
|
-
const queryParams = new URLSearchParams(Object.fromEntries(Object.entries({
|
|
908
|
-
filter,
|
|
909
|
-
limit: limit.toString(),
|
|
910
|
-
recursive: recursive.toString()
|
|
911
|
-
}).filter(([, value]) => Boolean(value))));
|
|
912
1339
|
const fetchFn = fetcher || fetch;
|
|
913
|
-
const resolvedUrl = `${baseUrl}/
|
|
1340
|
+
const resolvedUrl = url ?? `${baseUrl}/scim2/Schemas`;
|
|
914
1341
|
const requestInit = {
|
|
915
1342
|
...requestConfig,
|
|
916
1343
|
headers: {
|
|
917
|
-
...requestConfig.headers,
|
|
918
1344
|
Accept: "application/json",
|
|
919
|
-
"Content-Type": "application/json"
|
|
1345
|
+
"Content-Type": "application/json",
|
|
1346
|
+
...requestConfig.headers
|
|
920
1347
|
},
|
|
921
1348
|
method: "GET"
|
|
922
1349
|
};
|
|
923
1350
|
try {
|
|
924
1351
|
const response = await fetchFn(resolvedUrl, requestInit);
|
|
925
|
-
if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "
|
|
926
|
-
|
|
927
|
-
|
|
928
|
-
|
|
929
|
-
|
|
1352
|
+
if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getSchemas-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch SCIM2 schemas");
|
|
1353
|
+
return await response.json();
|
|
1354
|
+
} catch (error$1) {
|
|
1355
|
+
if (error$1 instanceof ThunderIDAPIError) throw error$1;
|
|
1356
|
+
throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getSchemas-NetworkError-001", "javascript", 0, "Network Error");
|
|
1357
|
+
}
|
|
1358
|
+
};
|
|
1359
|
+
var getSchemas_default = getSchemas;
|
|
1360
|
+
|
|
1361
|
+
//#endregion
|
|
1362
|
+
//#region src/api/getAllOrganizations.ts
|
|
1363
|
+
/**
|
|
1364
|
+
* Retrieves all organizations with pagination support.
|
|
1365
|
+
*
|
|
1366
|
+
* @param config - Configuration object containing baseUrl, optional query parameters, and request config.
|
|
1367
|
+
* @returns A promise that resolves with the paginated organizations information.
|
|
1368
|
+
* @example
|
|
1369
|
+
* ```typescript
|
|
1370
|
+
* // Using default fetch
|
|
1371
|
+
* try {
|
|
1372
|
+
* const response = await getAllOrganizations({
|
|
1373
|
+
* baseUrl: "https://localhost:8090",
|
|
1374
|
+
* filter: "",
|
|
1375
|
+
* limit: 10,
|
|
1376
|
+
* recursive: false
|
|
1377
|
+
* });
|
|
1378
|
+
* console.log(response.organizations);
|
|
1379
|
+
* } catch (error) {
|
|
1380
|
+
* if (error instanceof ThunderIDAPIError) {
|
|
1381
|
+
* console.error('Failed to get organizations:', error.message);
|
|
1382
|
+
* }
|
|
1383
|
+
* }
|
|
1384
|
+
* ```
|
|
1385
|
+
*
|
|
1386
|
+
* @example
|
|
1387
|
+
* ```typescript
|
|
1388
|
+
* // Using custom fetcher (e.g., axios-based httpClient)
|
|
1389
|
+
* try {
|
|
1390
|
+
* const response = await getAllOrganizations({
|
|
1391
|
+
* baseUrl: "https://localhost:8090",
|
|
1392
|
+
* filter: "",
|
|
1393
|
+
* limit: 10,
|
|
1394
|
+
* recursive: false,
|
|
1395
|
+
* fetcher: async (url, config) => {
|
|
1396
|
+
* const response = await httpClient({
|
|
1397
|
+
* url,
|
|
1398
|
+
* method: config.method,
|
|
1399
|
+
* headers: config.headers,
|
|
1400
|
+
* ...config
|
|
1401
|
+
* });
|
|
1402
|
+
* // Convert axios-like response to fetch-like Response
|
|
1403
|
+
* return {
|
|
1404
|
+
* ok: response.status >= 200 && response.status < 300,
|
|
1405
|
+
* status: response.status,
|
|
1406
|
+
* statusText: response.statusText,
|
|
1407
|
+
* json: () => Promise.resolve(response.data),
|
|
1408
|
+
* text: () => Promise.resolve(typeof response.data === 'string' ? response.data : JSON.stringify(response.data))
|
|
1409
|
+
* } as Response;
|
|
1410
|
+
* }
|
|
1411
|
+
* });
|
|
1412
|
+
* console.log(response.organizations);
|
|
1413
|
+
* } catch (error) {
|
|
1414
|
+
* if (error instanceof ThunderIDAPIError) {
|
|
1415
|
+
* console.error('Failed to get organizations:', error.message);
|
|
1416
|
+
* }
|
|
1417
|
+
* }
|
|
1418
|
+
* ```
|
|
1419
|
+
*/
|
|
1420
|
+
const getAllOrganizations = async ({ baseUrl, filter = "", limit = 10, recursive = false, fetcher,...requestConfig }) => {
|
|
1421
|
+
try {
|
|
1422
|
+
new URL(baseUrl);
|
|
1423
|
+
} catch (error$1) {
|
|
1424
|
+
throw new ThunderIDAPIError(`Invalid base URL provided. ${error$1?.toString()}`, "getAllOrganizations-ValidationError-001", "javascript", 400, "The provided `baseUrl` does not adhere to the URL schema.");
|
|
1425
|
+
}
|
|
1426
|
+
const queryParams = new URLSearchParams(Object.fromEntries(Object.entries({
|
|
1427
|
+
filter,
|
|
1428
|
+
limit: limit.toString(),
|
|
1429
|
+
recursive: recursive.toString()
|
|
1430
|
+
}).filter(([, value]) => Boolean(value))));
|
|
1431
|
+
const fetchFn = fetcher || fetch;
|
|
1432
|
+
const resolvedUrl = `${baseUrl}/api/server/v1/organizations?${queryParams.toString()}`;
|
|
1433
|
+
const requestInit = {
|
|
1434
|
+
...requestConfig,
|
|
1435
|
+
headers: {
|
|
1436
|
+
...requestConfig.headers,
|
|
1437
|
+
Accept: "application/json",
|
|
1438
|
+
"Content-Type": "application/json"
|
|
1439
|
+
},
|
|
1440
|
+
method: "GET"
|
|
1441
|
+
};
|
|
1442
|
+
try {
|
|
1443
|
+
const response = await fetchFn(resolvedUrl, requestInit);
|
|
1444
|
+
if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getAllOrganizations-ResponseError-001", "javascript", response.status, response.statusText, "Failed to get organizations");
|
|
1445
|
+
const data = await response.json();
|
|
1446
|
+
return {
|
|
1447
|
+
hasMore: data.hasMore,
|
|
1448
|
+
nextCursor: data.nextCursor,
|
|
930
1449
|
organizations: data.organizations || [],
|
|
931
1450
|
totalCount: data.totalCount
|
|
932
1451
|
};
|
|
@@ -1468,42 +1987,6 @@ const updateMeProfile = async ({ url, baseUrl, payload, fetcher,...requestConfig
|
|
|
1468
1987
|
};
|
|
1469
1988
|
var updateMeProfile_default = updateMeProfile;
|
|
1470
1989
|
|
|
1471
|
-
//#endregion
|
|
1472
|
-
//#region src/models/platforms.ts
|
|
1473
|
-
/**
|
|
1474
|
-
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
|
|
1475
|
-
*
|
|
1476
|
-
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
1477
|
-
* Version 2.0 (the "License"); you may not use this file except
|
|
1478
|
-
* in compliance with the License.
|
|
1479
|
-
* You may obtain a copy of the License at
|
|
1480
|
-
*
|
|
1481
|
-
* http://www.apache.org/licenses/LICENSE-2.0
|
|
1482
|
-
*
|
|
1483
|
-
* Unless required by applicable law or agreed to in writing,
|
|
1484
|
-
* software distributed under the License is distributed on an
|
|
1485
|
-
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
1486
|
-
* KIND, either express or implied. See the License for the
|
|
1487
|
-
* specific language governing permissions and limitations
|
|
1488
|
-
* under the License.
|
|
1489
|
-
*/
|
|
1490
|
-
/**
|
|
1491
|
-
* Enumeration of supported identity platforms.
|
|
1492
|
-
*
|
|
1493
|
-
* - `ThunderID`: Represents the ThunderID identity platform.
|
|
1494
|
-
* - `IdentityServer`: Represents WSO2 Identity Server (on-prem or custom domains).
|
|
1495
|
-
* - `Unknown`: Used when the platform cannot be determined from the configuration.
|
|
1496
|
-
*/
|
|
1497
|
-
let Platform = /* @__PURE__ */ function(Platform$1) {
|
|
1498
|
-
/** ThunderID identity platform */
|
|
1499
|
-
Platform$1["ThunderID"] = "THUNDERID";
|
|
1500
|
-
/** WSO2 Identity Server (on-prem or custom domains) */
|
|
1501
|
-
Platform$1["IdentityServer"] = "IDENTITY_SERVER";
|
|
1502
|
-
/** Unknown or unsupported platform */
|
|
1503
|
-
Platform$1["Unknown"] = "UNKNOWN";
|
|
1504
|
-
return Platform$1;
|
|
1505
|
-
}({});
|
|
1506
|
-
|
|
1507
1990
|
//#endregion
|
|
1508
1991
|
//#region src/utils/logger.ts
|
|
1509
1992
|
const PREFIX = "⚡ ThunderID";
|
|
@@ -1807,766 +2290,111 @@ const createPackageLogger = (packageName) => createLogger({
|
|
|
1807
2290
|
* Create package component logger (package + component)
|
|
1808
2291
|
*/
|
|
1809
2292
|
const createPackageComponentLogger = (packageName, component) => {
|
|
1810
|
-
return createPackageLogger(packageName).child(component);
|
|
1811
|
-
};
|
|
1812
|
-
|
|
1813
|
-
//#endregion
|
|
1814
|
-
//#region src/errors/ThunderIDRuntimeError.ts
|
|
1815
|
-
/**
|
|
1816
|
-
* Base class for all runtime errors in ThunderID. This class extends ThunderIDError
|
|
1817
|
-
* and adds support for additional error details. Use this class for errors that occur
|
|
1818
|
-
* during runtime execution that are not related to API calls.
|
|
1819
|
-
*
|
|
1820
|
-
* @example
|
|
1821
|
-
* ```typescript
|
|
1822
|
-
* throw new ThunderIDRuntimeError(
|
|
1823
|
-
* "Failed to parse configuration",
|
|
1824
|
-
* "CONFIG_PARSE_ERROR",
|
|
1825
|
-
* { invalidField: "redirectUri" }
|
|
1826
|
-
* );
|
|
1827
|
-
* ```
|
|
1828
|
-
*/
|
|
1829
|
-
var ThunderIDRuntimeError = class extends ThunderIDError {
|
|
1830
|
-
/**
|
|
1831
|
-
* Creates an instance of ThunderIDRuntimeError.
|
|
1832
|
-
*
|
|
1833
|
-
* @param message - Human-readable description of the error
|
|
1834
|
-
* @param code - A unique error code that identifies the error type
|
|
1835
|
-
* @param details - Additional details about the error that might be helpful for debugging
|
|
1836
|
-
* @param origin - Optional. The SDK origin (e.g. 'react', 'vue'). Defaults to generic 'ThunderID'
|
|
1837
|
-
* @constructor
|
|
1838
|
-
*/
|
|
1839
|
-
constructor(message, code, origin, details) {
|
|
1840
|
-
super(message, code, origin);
|
|
1841
|
-
this.details = details;
|
|
1842
|
-
Object.defineProperty(this, "name", {
|
|
1843
|
-
configurable: true,
|
|
1844
|
-
value: "ThunderIDRuntimeError",
|
|
1845
|
-
writable: true
|
|
1846
|
-
});
|
|
1847
|
-
}
|
|
1848
|
-
/**
|
|
1849
|
-
* Returns a string representation of the runtime error
|
|
1850
|
-
* @returns Formatted error string with name, code, details, and message
|
|
1851
|
-
*/
|
|
1852
|
-
toString() {
|
|
1853
|
-
const details = this.details ? `\nDetails: ${JSON.stringify(this.details, null, 2)}` : "";
|
|
1854
|
-
return `[${this.name}] (code="${this.code}")${details}\nMessage: ${this.message}`;
|
|
1855
|
-
}
|
|
1856
|
-
};
|
|
1857
|
-
|
|
1858
|
-
//#endregion
|
|
1859
|
-
//#region src/utils/isRecognizedBaseUrlPattern.ts
|
|
1860
|
-
/**
|
|
1861
|
-
* Utility to determine if sensible ThunderID fallbacks can be used based on the given base URL.
|
|
1862
|
-
*
|
|
1863
|
-
* This checks if the URL follows the standard ThunderID pattern: /t/{orgHandle}
|
|
1864
|
-
* Returns true if sensible fallbacks (like deriving organization handle, tenant, etc.) can be used, false otherwise.
|
|
1865
|
-
*
|
|
1866
|
-
* @param baseUrl - The base URL of the ThunderID identity server (string or undefined)
|
|
1867
|
-
* @returns boolean - true if sensible fallbacks can be used, false otherwise
|
|
1868
|
-
*
|
|
1869
|
-
* @example
|
|
1870
|
-
* isRecognizedBaseUrlPattern('https://localhost:8090/t/dxlab'); // true
|
|
1871
|
-
* isRecognizedBaseUrlPattern('https://custom.example.com/auth'); // false
|
|
1872
|
-
*/
|
|
1873
|
-
const isRecognizedBaseUrlPattern = (baseUrl) => {
|
|
1874
|
-
if (!baseUrl) throw new ThunderIDRuntimeError("Base URL is required to derive if the `baseUrl` is recognized.", "isRecognizedBaseUrlPattern-ValidationError-001", "javascript", "A valid base URL must be provided to derive if the `baseUrl` is recognized to use the sensible fallbacks.");
|
|
1875
|
-
let parsedUrl;
|
|
1876
|
-
try {
|
|
1877
|
-
parsedUrl = new URL(baseUrl);
|
|
1878
|
-
} catch (error$1) {
|
|
1879
|
-
throw new ThunderIDRuntimeError(`Invalid base URL format: ${baseUrl}`, "isRecognizedBaseUrlPattern-ValidationError-002", "javascript", "The provided base URL does not conform to valid URL syntax.");
|
|
1880
|
-
}
|
|
1881
|
-
const pathSegments = parsedUrl.pathname?.split("/")?.filter((segment) => segment?.length > 0);
|
|
1882
|
-
if (pathSegments.length < 2 || pathSegments[0] !== "t") {
|
|
1883
|
-
logger_default.warn("[isRecognizedBaseUrlPattern] The provided base URL does not follow the expected URL pattern (/t/{orgHandle}).");
|
|
1884
|
-
return false;
|
|
1885
|
-
}
|
|
1886
|
-
return true;
|
|
1887
|
-
};
|
|
1888
|
-
var isRecognizedBaseUrlPattern_default = isRecognizedBaseUrlPattern;
|
|
1889
|
-
|
|
1890
|
-
//#endregion
|
|
1891
|
-
//#region src/utils/identifyPlatform.ts
|
|
1892
|
-
/**
|
|
1893
|
-
* Identifies the platform based on the given base URL.
|
|
1894
|
-
*
|
|
1895
|
-
* If the URL is recognized and matches the ThunderID domain, returns Platform.ThunderID.
|
|
1896
|
-
* Otherwise, returns Platform.IdentityServer.
|
|
1897
|
-
*
|
|
1898
|
-
* @param baseUrl - The base URL to check
|
|
1899
|
-
* @returns Platform enum value
|
|
1900
|
-
*/
|
|
1901
|
-
const identifyPlatform = (config) => {
|
|
1902
|
-
const { baseUrl } = config;
|
|
1903
|
-
try {
|
|
1904
|
-
if (isRecognizedBaseUrlPattern_default(baseUrl)) {
|
|
1905
|
-
try {
|
|
1906
|
-
const url = new URL(baseUrl);
|
|
1907
|
-
if (/\.thunderid\.io$/i.test(url.hostname) || /thunderid\.io$/i.test(url.hostname)) return Platform.ThunderID;
|
|
1908
|
-
} catch {
|
|
1909
|
-
logger_default.debug(`[identifyPlatform] Could not identify platform from the base URL: ${baseUrl}. Defaulting to WSO2 Identity Server as the platform.`);
|
|
1910
|
-
}
|
|
1911
|
-
return Platform.IdentityServer;
|
|
1912
|
-
}
|
|
1913
|
-
return Platform.Unknown;
|
|
1914
|
-
} catch (error$1) {
|
|
1915
|
-
logger_default.debug(`[identifyPlatform] Error identifying platform from base URL: ${baseUrl}. Error: ${error$1.message}`);
|
|
1916
|
-
return Platform.Unknown;
|
|
1917
|
-
}
|
|
1918
|
-
};
|
|
1919
|
-
var identifyPlatform_default = identifyPlatform;
|
|
1920
|
-
|
|
1921
|
-
//#endregion
|
|
1922
|
-
//#region src/api/getBrandingPreference.ts
|
|
1923
|
-
/**
|
|
1924
|
-
* Retrieves branding preference configuration.
|
|
1925
|
-
*
|
|
1926
|
-
* @param config - Configuration object containing baseUrl, optional query parameters, and request config.
|
|
1927
|
-
* @returns A promise that resolves with the branding preference information.
|
|
1928
|
-
* @example
|
|
1929
|
-
* ```typescript
|
|
1930
|
-
* // Using default fetch
|
|
1931
|
-
* try {
|
|
1932
|
-
* const response = await getBrandingPreference({
|
|
1933
|
-
* baseUrl: "https://localhost:8090",
|
|
1934
|
-
* locale: "en-US",
|
|
1935
|
-
* name: "my-branding",
|
|
1936
|
-
* type: "org"
|
|
1937
|
-
* });
|
|
1938
|
-
* console.log(response.theme);
|
|
1939
|
-
* } catch (error) {
|
|
1940
|
-
* if (error instanceof ThunderIDAPIError) {
|
|
1941
|
-
* console.error('Failed to get branding preference:', error.message);
|
|
1942
|
-
* }
|
|
1943
|
-
* }
|
|
1944
|
-
* ```
|
|
1945
|
-
*
|
|
1946
|
-
* @example
|
|
1947
|
-
* ```typescript
|
|
1948
|
-
* // Using custom fetcher (e.g., axios-based httpClient)
|
|
1949
|
-
* try {
|
|
1950
|
-
* const response = await getBrandingPreference({
|
|
1951
|
-
* baseUrl: "https://localhost:8090",
|
|
1952
|
-
* locale: "en-US",
|
|
1953
|
-
* name: "my-branding",
|
|
1954
|
-
* type: "org",
|
|
1955
|
-
* fetcher: async (url, config) => {
|
|
1956
|
-
* const response = await httpClient({
|
|
1957
|
-
* url,
|
|
1958
|
-
* method: config.method,
|
|
1959
|
-
* headers: config.headers,
|
|
1960
|
-
* ...config
|
|
1961
|
-
* });
|
|
1962
|
-
* // Convert axios-like response to fetch-like Response
|
|
1963
|
-
* return {
|
|
1964
|
-
* ok: response.status >= 200 && response.status < 300,
|
|
1965
|
-
* status: response.status,
|
|
1966
|
-
* statusText: response.statusText,
|
|
1967
|
-
* json: () => Promise.resolve(response.data),
|
|
1968
|
-
* text: () => Promise.resolve(typeof response.data === 'string' ? response.data : JSON.stringify(response.data))
|
|
1969
|
-
* } as Response;
|
|
1970
|
-
* }
|
|
1971
|
-
* });
|
|
1972
|
-
* console.log(response.theme);
|
|
1973
|
-
* } catch (error) {
|
|
1974
|
-
* if (error instanceof ThunderIDAPIError) {
|
|
1975
|
-
* console.error('Failed to get branding preference:', error.message);
|
|
1976
|
-
* }
|
|
1977
|
-
* }
|
|
1978
|
-
* ```
|
|
1979
|
-
*/
|
|
1980
|
-
const getBrandingPreference = async ({ baseUrl, locale, name, type, fetcher,...requestConfig }) => {
|
|
1981
|
-
try {
|
|
1982
|
-
new URL(baseUrl);
|
|
1983
|
-
} catch (error$1) {
|
|
1984
|
-
throw new ThunderIDAPIError(`Invalid base URL provided. ${error$1?.toString()}`, "getBrandingPreference-ValidationError-001", "javascript", 400, "The provided `baseUrl` does not adhere to the URL schema.");
|
|
1985
|
-
}
|
|
1986
|
-
const queryParams = new URLSearchParams(Object.fromEntries(Object.entries({
|
|
1987
|
-
locale: locale || "",
|
|
1988
|
-
name: name || "",
|
|
1989
|
-
type: type || ""
|
|
1990
|
-
}).filter(([, value]) => Boolean(value))));
|
|
1991
|
-
const fetchFn = fetcher || fetch;
|
|
1992
|
-
const resolvedUrl = `${baseUrl}/api/server/v1/branding-preference/resolve${queryParams.toString() ? `?${queryParams.toString()}` : ""}`;
|
|
1993
|
-
const requestInit = {
|
|
1994
|
-
...requestConfig,
|
|
1995
|
-
headers: {
|
|
1996
|
-
Accept: "application/json",
|
|
1997
|
-
"Content-Type": "application/json",
|
|
1998
|
-
...requestConfig.headers
|
|
1999
|
-
},
|
|
2000
|
-
method: "GET"
|
|
2001
|
-
};
|
|
2002
|
-
try {
|
|
2003
|
-
const response = await fetchFn(resolvedUrl, requestInit);
|
|
2004
|
-
if (!response?.ok) {
|
|
2005
|
-
const errorText = await response.text();
|
|
2006
|
-
const platform = identifyPlatform_default({ baseUrl });
|
|
2007
|
-
let errorDescription;
|
|
2008
|
-
try {
|
|
2009
|
-
const errorBody = JSON.parse(errorText);
|
|
2010
|
-
errorDescription = errorBody?.description || errorBody?.message || errorText;
|
|
2011
|
-
} catch {
|
|
2012
|
-
errorDescription = errorText;
|
|
2013
|
-
}
|
|
2014
|
-
let platformConsoleGuidance;
|
|
2015
|
-
if (platform === Platform.ThunderID) platformConsoleGuidance = "configure branding preferences in the ThunderID console";
|
|
2016
|
-
else if (platform === Platform.IdentityServer) platformConsoleGuidance = "configure branding preferences in the WSO2 Identity Server console";
|
|
2017
|
-
else platformConsoleGuidance = "configure branding preferences in the platform console";
|
|
2018
|
-
logger_default.warn(`[BrandingError] ${errorDescription} To resolve this issue, please ${platformConsoleGuidance}. If you want to suppress this warning and stop fetching branding preferences, set \`<ThunderIDProvider>\` -> \`preferences\` -> \`theme\` -> \`inheritFromBranding\` to false.`);
|
|
2019
|
-
throw new ThunderIDAPIError(errorText, "getBrandingPreference-ResponseError-001", "javascript", response.status, response.statusText, "Failed to get branding preference");
|
|
2020
|
-
}
|
|
2021
|
-
return await response.json();
|
|
2022
|
-
} catch (error$1) {
|
|
2023
|
-
if (error$1 instanceof ThunderIDAPIError) throw error$1;
|
|
2024
|
-
throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getBrandingPreference-NetworkError-001", "javascript", 0, "Network Error");
|
|
2025
|
-
}
|
|
2026
|
-
};
|
|
2027
|
-
var getBrandingPreference_default = getBrandingPreference;
|
|
2028
|
-
|
|
2029
|
-
//#endregion
|
|
2030
|
-
//#region src/models/v2/embedded-signin-flow-v2.ts
|
|
2031
|
-
/**
|
|
2032
|
-
* Status enumeration for ThunderID embedded sign-in flow operations.
|
|
2033
|
-
*
|
|
2034
|
-
* These statuses indicate the current state of the sign-in flow and determine
|
|
2035
|
-
* the next action required by the client application. Each status provides
|
|
2036
|
-
* specific guidance on how to proceed with the authentication process.
|
|
2037
|
-
*
|
|
2038
|
-
* @example
|
|
2039
|
-
* ```typescript
|
|
2040
|
-
* switch (response.flowStatus) {
|
|
2041
|
-
* case EmbeddedSignInFlowStatus.Incomplete:
|
|
2042
|
-
* // More user input needed - render form components
|
|
2043
|
-
* break;
|
|
2044
|
-
* case EmbeddedSignInFlowStatus.Complete:
|
|
2045
|
-
* // Authentication successful - handle completion
|
|
2046
|
-
* break;
|
|
2047
|
-
* case EmbeddedSignInFlowStatus.Error:
|
|
2048
|
-
* // Authentication failed - show error message
|
|
2049
|
-
* break;
|
|
2050
|
-
* }
|
|
2051
|
-
* ```
|
|
2052
|
-
*
|
|
2053
|
-
* @experimental Part of the new ThunderID API
|
|
2054
|
-
*/
|
|
2055
|
-
let EmbeddedSignInFlowStatus$1 = /* @__PURE__ */ function(EmbeddedSignInFlowStatus$2) {
|
|
2056
|
-
/**
|
|
2057
|
-
* Sign-in flow completed successfully.
|
|
2058
|
-
*
|
|
2059
|
-
* The user has been authenticated and the flow can proceed to
|
|
2060
|
-
* OAuth2 completion or redirection. Check for redirectUrl or
|
|
2061
|
-
* assertion data in the response.
|
|
2062
|
-
*/
|
|
2063
|
-
EmbeddedSignInFlowStatus$2["Complete"] = "COMPLETE";
|
|
2064
|
-
/**
|
|
2065
|
-
* Sign-in flow encountered an error.
|
|
2066
|
-
*
|
|
2067
|
-
* Authentication failed due to invalid credentials, system error,
|
|
2068
|
-
* or other issues. Check error details in the response and handle
|
|
2069
|
-
* appropriately (retry, show error message, etc.).
|
|
2070
|
-
*/
|
|
2071
|
-
EmbeddedSignInFlowStatus$2["Error"] = "ERROR";
|
|
2072
|
-
/**
|
|
2073
|
-
* Sign-in flow requires additional user input.
|
|
2074
|
-
*
|
|
2075
|
-
* More authentication steps are needed. The response will contain
|
|
2076
|
-
* components in data.meta.components that should be rendered to
|
|
2077
|
-
* collect additional user input (e.g., MFA, password, etc.).
|
|
2078
|
-
*/
|
|
2079
|
-
EmbeddedSignInFlowStatus$2["Incomplete"] = "INCOMPLETE";
|
|
2080
|
-
return EmbeddedSignInFlowStatus$2;
|
|
2081
|
-
}({});
|
|
2082
|
-
/**
|
|
2083
|
-
* Type enumeration for ThunderID embedded sign-in flow responses.
|
|
2084
|
-
*
|
|
2085
|
-
* Determines the nature of the flow response and how the client should
|
|
2086
|
-
* handle the returned data. This affects both UI rendering and flow
|
|
2087
|
-
* continuation logic.
|
|
2088
|
-
*
|
|
2089
|
-
* @experimental Part of the new ThunderID API
|
|
2090
|
-
*/
|
|
2091
|
-
let EmbeddedSignInFlowType$1 = /* @__PURE__ */ function(EmbeddedSignInFlowType$2) {
|
|
2092
|
-
/**
|
|
2093
|
-
* Response requires external redirection.
|
|
2094
|
-
*
|
|
2095
|
-
* Used for social login providers, external identity providers,
|
|
2096
|
-
* or other flows that require navigating to an external URL.
|
|
2097
|
-
* The response will contain redirection information.
|
|
2098
|
-
*/
|
|
2099
|
-
EmbeddedSignInFlowType$2["Redirection"] = "REDIRECTION";
|
|
2100
|
-
/**
|
|
2101
|
-
* Response contains view components for rendering.
|
|
2102
|
-
*
|
|
2103
|
-
* Standard embedded flow response containing UI components
|
|
2104
|
-
* that should be rendered within the current application
|
|
2105
|
-
* context. Most common type for embedded authentication.
|
|
2106
|
-
*/
|
|
2107
|
-
EmbeddedSignInFlowType$2["View"] = "VIEW";
|
|
2108
|
-
return EmbeddedSignInFlowType$2;
|
|
2109
|
-
}({});
|
|
2110
|
-
|
|
2111
|
-
//#endregion
|
|
2112
|
-
//#region src/utils/v2/injectRequestedPermissions.ts
|
|
2113
|
-
/**
|
|
2114
|
-
* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
|
|
2115
|
-
*
|
|
2116
|
-
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
2117
|
-
* Version 2.0 (the "License"); you may not use this file except
|
|
2118
|
-
* in compliance with the License.
|
|
2119
|
-
* You may obtain a copy of the License at
|
|
2120
|
-
*
|
|
2121
|
-
* http://www.apache.org/licenses/LICENSE-2.0
|
|
2122
|
-
*
|
|
2123
|
-
* Unless required by applicable law or agreed to in writing,
|
|
2124
|
-
* software distributed under the License is distributed on an
|
|
2125
|
-
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
2126
|
-
* KIND, either express or implied. See the License for the
|
|
2127
|
-
* specific language governing permissions and limitations
|
|
2128
|
-
* under the License.
|
|
2129
|
-
*/
|
|
2130
|
-
/**
|
|
2131
|
-
* Strips the top-level `scopes` field from a payload and injects it as
|
|
2132
|
-
* `inputs.requested_permissions` (space-separated string).
|
|
2133
|
-
*
|
|
2134
|
-
* The backend reads requested_permissions from UserInputs (the `inputs` map), not a top-level field.
|
|
2135
|
-
*/
|
|
2136
|
-
const injectRequestedPermissions = (payload) => {
|
|
2137
|
-
const { scopes,...rest } = payload;
|
|
2138
|
-
const normalizedScopes = Array.isArray(scopes) ? scopes.map((s) => String(s).trim()).filter(Boolean).join(" ") : typeof scopes === "string" ? scopes.trim() : "";
|
|
2139
|
-
if (!normalizedScopes) return rest;
|
|
2140
|
-
const existingInputs = rest["inputs"] != null && typeof rest["inputs"] === "object" && !Array.isArray(rest["inputs"]) ? rest["inputs"] : {};
|
|
2141
|
-
return {
|
|
2142
|
-
...rest,
|
|
2143
|
-
inputs: {
|
|
2144
|
-
...existingInputs,
|
|
2145
|
-
requested_permissions: normalizedScopes
|
|
2146
|
-
}
|
|
2147
|
-
};
|
|
2148
|
-
};
|
|
2149
|
-
var injectRequestedPermissions_default = injectRequestedPermissions;
|
|
2150
|
-
|
|
2151
|
-
//#endregion
|
|
2152
|
-
//#region src/api/v2/executeEmbeddedSignInFlowV2.ts
|
|
2153
|
-
const executeEmbeddedSignInFlowV2 = async ({ url, baseUrl, payload, authId,...requestConfig }) => {
|
|
2154
|
-
if (!payload) throw new ThunderIDAPIError("Authorization payload is required", "executeEmbeddedSignInFlow-ValidationError-002", "javascript", 400, "If an authorization payload is not provided, the request cannot be constructed correctly.");
|
|
2155
|
-
const endpoint = url ?? `${baseUrl}/flow/execute`;
|
|
2156
|
-
const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
|
|
2157
|
-
const isNewFlowStart = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload;
|
|
2158
|
-
const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
2159
|
-
const basePayload = isNewFlowStart ? injectRequestedPermissions_default(cleanPayload) : cleanPayload;
|
|
2160
|
-
const requestPayload = isNewFlowStart || hasOnlyFlowId ? {
|
|
2161
|
-
...basePayload,
|
|
2162
|
-
verbose: true
|
|
2163
|
-
} : basePayload;
|
|
2164
|
-
const response = await fetch(endpoint, {
|
|
2165
|
-
...requestConfig,
|
|
2166
|
-
body: JSON.stringify(requestPayload),
|
|
2167
|
-
headers: {
|
|
2168
|
-
Accept: "application/json",
|
|
2169
|
-
"Content-Type": "application/json",
|
|
2170
|
-
...requestConfig.headers
|
|
2171
|
-
},
|
|
2172
|
-
method: requestConfig.method || "POST"
|
|
2173
|
-
});
|
|
2174
|
-
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedSignInFlow-ResponseError-001", "javascript", response.status, response.statusText, "Authorization request failed");
|
|
2175
|
-
const flowResponse = await response.json();
|
|
2176
|
-
if (flowResponse.flowStatus === EmbeddedSignInFlowStatus$1.Complete && flowResponse.assertion && authId) try {
|
|
2177
|
-
const oauth2Response = await fetch(`${baseUrl}/oauth2/auth/callback`, {
|
|
2178
|
-
body: JSON.stringify({
|
|
2179
|
-
assertion: flowResponse.assertion,
|
|
2180
|
-
authId
|
|
2181
|
-
}),
|
|
2182
|
-
credentials: "include",
|
|
2183
|
-
headers: {
|
|
2184
|
-
Accept: "application/json",
|
|
2185
|
-
"Content-Type": "application/json",
|
|
2186
|
-
...requestConfig.headers
|
|
2187
|
-
},
|
|
2188
|
-
method: "POST"
|
|
2189
|
-
});
|
|
2190
|
-
if (!oauth2Response.ok) throw new ThunderIDAPIError(await oauth2Response.text(), "executeEmbeddedSignInFlow-OAuth2Error-002", "javascript", oauth2Response.status, oauth2Response.statusText, "OAuth2 authorization failed");
|
|
2191
|
-
const oauth2Result = await oauth2Response.json();
|
|
2192
|
-
return {
|
|
2193
|
-
flowStatus: flowResponse.flowStatus,
|
|
2194
|
-
redirectUrl: oauth2Result["redirect_uri"]
|
|
2195
|
-
};
|
|
2196
|
-
} catch (authError) {
|
|
2197
|
-
if (authError instanceof ThunderIDAPIError) throw authError;
|
|
2198
|
-
throw new ThunderIDAPIError(authError instanceof Error ? authError.message : "Unknown error", "executeEmbeddedSignInFlow-OAuth2Error-001", "javascript", 500, "Failed to complete OAuth2 authorization after successful embedded sign-in flow.", "OAuth2 authorization failed");
|
|
2199
|
-
}
|
|
2200
|
-
return flowResponse;
|
|
2201
|
-
};
|
|
2202
|
-
var executeEmbeddedSignInFlowV2_default = executeEmbeddedSignInFlowV2;
|
|
2203
|
-
|
|
2204
|
-
//#endregion
|
|
2205
|
-
//#region src/models/v2/embedded-signup-flow-v2.ts
|
|
2206
|
-
/**
|
|
2207
|
-
* Status enumeration for ThunderID embedded sign-up flow operations.
|
|
2208
|
-
*
|
|
2209
|
-
* These statuses indicate the current state of the registration flow and determine
|
|
2210
|
-
* the next action required by the client application. Each status provides specific
|
|
2211
|
-
* guidance on how to proceed with the user registration process.
|
|
2212
|
-
*
|
|
2213
|
-
* @example
|
|
2214
|
-
* ```typescript
|
|
2215
|
-
* switch (response.flowStatus) {
|
|
2216
|
-
* case EmbeddedSignUpFlowStatus.Incomplete:
|
|
2217
|
-
* // More user input needed - render registration form components
|
|
2218
|
-
* break;
|
|
2219
|
-
* case EmbeddedSignUpFlowStatus.Complete:
|
|
2220
|
-
* // Registration successful - handle completion
|
|
2221
|
-
* break;
|
|
2222
|
-
* case EmbeddedSignUpFlowStatus.Error:
|
|
2223
|
-
* // Registration failed - show error details
|
|
2224
|
-
* const errorResponse = response as EmbeddedSignUpFlowErrorResponse;
|
|
2225
|
-
* showError(errorResponse.error.description.defaultValue);
|
|
2226
|
-
* break;
|
|
2227
|
-
* }
|
|
2228
|
-
* ```
|
|
2229
|
-
*
|
|
2230
|
-
* @experimental Part of the new ThunderID API
|
|
2231
|
-
*/
|
|
2232
|
-
let EmbeddedSignUpFlowStatus = /* @__PURE__ */ function(EmbeddedSignUpFlowStatus$1) {
|
|
2233
|
-
/**
|
|
2234
|
-
* Sign-up flow completed successfully.
|
|
2235
|
-
*
|
|
2236
|
-
* The user has successfully registered and the flow can proceed to
|
|
2237
|
-
* OAuth2 completion or redirection. Check for redirectUrl or assertion
|
|
2238
|
-
* data in the response for next steps.
|
|
2239
|
-
*/
|
|
2240
|
-
EmbeddedSignUpFlowStatus$1["Complete"] = "COMPLETE";
|
|
2241
|
-
/**
|
|
2242
|
-
* Sign-up flow encountered an error and cannot proceed.
|
|
2243
|
-
*
|
|
2244
|
-
* Registration failed due to validation errors, duplicate user,
|
|
2245
|
-
* system errors, or other issues. The response will be of type
|
|
2246
|
-
* `EmbeddedSignUpFlowErrorResponse` containing detailed failure
|
|
2247
|
-
* information that can be displayed to the user.
|
|
2248
|
-
*
|
|
2249
|
-
* @see {@link EmbeddedSignUpFlowErrorResponse} for error response structure
|
|
2250
|
-
*/
|
|
2251
|
-
EmbeddedSignUpFlowStatus$1["Error"] = "ERROR";
|
|
2252
|
-
/**
|
|
2253
|
-
* Sign-up flow requires additional user input.
|
|
2254
|
-
*
|
|
2255
|
-
* More registration steps are needed. The response will contain
|
|
2256
|
-
* components in data.meta.components that should be rendered to
|
|
2257
|
-
* collect additional user information (e.g., profile data, verification).
|
|
2258
|
-
*/
|
|
2259
|
-
EmbeddedSignUpFlowStatus$1["Incomplete"] = "INCOMPLETE";
|
|
2260
|
-
return EmbeddedSignUpFlowStatus$1;
|
|
2261
|
-
}({});
|
|
2262
|
-
/**
|
|
2263
|
-
* Type enumeration for ThunderID embedded sign-up flow responses.
|
|
2264
|
-
*
|
|
2265
|
-
* Determines the nature of the registration flow response and how the client
|
|
2266
|
-
* should handle the returned data. This affects both UI rendering and flow
|
|
2267
|
-
* continuation logic during the user registration process.
|
|
2268
|
-
*
|
|
2269
|
-
* @experimental Part of the new ThunderID API
|
|
2270
|
-
*/
|
|
2271
|
-
let EmbeddedSignUpFlowType = /* @__PURE__ */ function(EmbeddedSignUpFlowType$1) {
|
|
2272
|
-
/**
|
|
2273
|
-
* Response requires external redirection.
|
|
2274
|
-
*
|
|
2275
|
-
* Used for social registration providers, external identity providers,
|
|
2276
|
-
* or other flows that require navigating to an external URL during
|
|
2277
|
-
* the registration process. The response will contain redirection information.
|
|
2278
|
-
*/
|
|
2279
|
-
EmbeddedSignUpFlowType$1["Redirection"] = "REDIRECTION";
|
|
2280
|
-
/**
|
|
2281
|
-
* Response contains view components for rendering.
|
|
2282
|
-
*
|
|
2283
|
-
* Standard embedded registration flow response containing UI components
|
|
2284
|
-
* that should be rendered within the current application context.
|
|
2285
|
-
* Most common type for embedded user registration.
|
|
2286
|
-
*/
|
|
2287
|
-
EmbeddedSignUpFlowType$1["View"] = "VIEW";
|
|
2288
|
-
return EmbeddedSignUpFlowType$1;
|
|
2289
|
-
}({});
|
|
2290
|
-
|
|
2291
|
-
//#endregion
|
|
2292
|
-
//#region src/api/v2/executeEmbeddedSignUpFlowV2.ts
|
|
2293
|
-
const executeEmbeddedSignUpFlowV2 = async ({ url, baseUrl, payload, authId,...requestConfig }) => {
|
|
2294
|
-
if (!payload) throw new ThunderIDAPIError("Registration payload is required", "executeEmbeddedSignUpFlow-ValidationError-002", "javascript", 400, "If a registration payload is not provided, the request cannot be constructed correctly.");
|
|
2295
|
-
const endpoint = url ?? `${baseUrl}/flow/execute`;
|
|
2296
|
-
const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
|
|
2297
|
-
const isNewFlowStart = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload;
|
|
2298
|
-
const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
2299
|
-
const basePayload = isNewFlowStart ? injectRequestedPermissions_default(cleanPayload) : cleanPayload;
|
|
2300
|
-
const requestPayload = isNewFlowStart || hasOnlyFlowId ? {
|
|
2301
|
-
...basePayload,
|
|
2302
|
-
verbose: true
|
|
2303
|
-
} : basePayload;
|
|
2304
|
-
const response = await fetch(endpoint, {
|
|
2305
|
-
...requestConfig,
|
|
2306
|
-
body: JSON.stringify(requestPayload),
|
|
2307
|
-
headers: {
|
|
2308
|
-
Accept: "application/json",
|
|
2309
|
-
"Content-Type": "application/json",
|
|
2310
|
-
...requestConfig.headers
|
|
2311
|
-
},
|
|
2312
|
-
method: requestConfig.method || "POST"
|
|
2313
|
-
});
|
|
2314
|
-
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedSignUpFlow-ResponseError-001", "javascript", response.status, response.statusText, "Registration request failed");
|
|
2315
|
-
const flowResponse = await response.json();
|
|
2316
|
-
if (flowResponse.flowStatus === EmbeddedSignUpFlowStatus.Complete && flowResponse.assertion && authId) try {
|
|
2317
|
-
const oauth2Response = await fetch(`${baseUrl}/oauth2/auth/callback`, {
|
|
2318
|
-
body: JSON.stringify({
|
|
2319
|
-
assertion: flowResponse.assertion,
|
|
2320
|
-
authId
|
|
2321
|
-
}),
|
|
2322
|
-
credentials: "include",
|
|
2323
|
-
headers: {
|
|
2324
|
-
Accept: "application/json",
|
|
2325
|
-
"Content-Type": "application/json",
|
|
2326
|
-
...requestConfig.headers
|
|
2327
|
-
},
|
|
2328
|
-
method: "POST"
|
|
2329
|
-
});
|
|
2330
|
-
if (!oauth2Response.ok) throw new ThunderIDAPIError(await oauth2Response.text(), "executeEmbeddedSignUpFlow-OAuth2Error-002", "javascript", oauth2Response.status, oauth2Response.statusText, "OAuth2 authorization failed");
|
|
2331
|
-
const oauth2Result = await oauth2Response.json();
|
|
2332
|
-
return {
|
|
2333
|
-
flowStatus: flowResponse.flowStatus,
|
|
2334
|
-
redirectUrl: oauth2Result["redirect_uri"]
|
|
2335
|
-
};
|
|
2336
|
-
} catch (authError) {
|
|
2337
|
-
if (authError instanceof ThunderIDAPIError) throw authError;
|
|
2338
|
-
throw new ThunderIDAPIError(authError instanceof Error ? authError.message : "Unknown error", "executeEmbeddedSignUpFlow-OAuth2Error-001", "javascript", 500, "Failed to complete OAuth2 authorization after successful embedded sign-up flow.", "OAuth2 authorization failed");
|
|
2339
|
-
}
|
|
2340
|
-
return flowResponse;
|
|
2341
|
-
};
|
|
2342
|
-
var executeEmbeddedSignUpFlowV2_default = executeEmbeddedSignUpFlowV2;
|
|
2343
|
-
|
|
2344
|
-
//#endregion
|
|
2345
|
-
//#region src/api/v2/executeEmbeddedRecoveryFlowV2.ts
|
|
2346
|
-
/**
|
|
2347
|
-
* Executes an embedded recovery flow by sending a request to the flow execution endpoint.
|
|
2348
|
-
*
|
|
2349
|
-
* This function handles password-recovery and account-recovery flows driven by the
|
|
2350
|
-
* ThunderID server. The server returns UI components for each step (e.g. username
|
|
2351
|
-
* collection, OTP verification, password reset) and this function forwards the
|
|
2352
|
-
* user's responses back to the server.
|
|
2353
|
-
*
|
|
2354
|
-
* @param requestConfig - Request configuration containing URL, payload, and optional headers.
|
|
2355
|
-
* @returns A promise that resolves with the flow execution response.
|
|
2356
|
-
* @throws ThunderIDAPIError when the request fails or a payload is missing.
|
|
2357
|
-
*
|
|
2358
|
-
* @example
|
|
2359
|
-
* ```typescript
|
|
2360
|
-
* // Initiate recovery flow
|
|
2361
|
-
* const response = await executeEmbeddedRecoveryFlowV2({
|
|
2362
|
-
* baseUrl: 'https://localhost:8090',
|
|
2363
|
-
* payload: {
|
|
2364
|
-
* flowType: 'RECOVERY',
|
|
2365
|
-
* applicationId: 'my-app-id',
|
|
2366
|
-
* },
|
|
2367
|
-
* });
|
|
2368
|
-
*
|
|
2369
|
-
* // Continue recovery flow with user input
|
|
2370
|
-
* const nextResponse = await executeEmbeddedRecoveryFlowV2({
|
|
2371
|
-
* baseUrl: 'https://localhost:8090',
|
|
2372
|
-
* payload: {
|
|
2373
|
-
* executionId: response.executionId,
|
|
2374
|
-
* action: 'submit',
|
|
2375
|
-
* inputs: { username: 'user@example.com' },
|
|
2376
|
-
* challengeToken: response.challengeToken,
|
|
2377
|
-
* },
|
|
2378
|
-
* });
|
|
2379
|
-
* ```
|
|
2380
|
-
*/
|
|
2381
|
-
const executeEmbeddedRecoveryFlowV2 = async ({ url, baseUrl, payload,...requestConfig }) => {
|
|
2382
|
-
if (!payload) throw new ThunderIDAPIError("Recovery payload is required", "executeEmbeddedRecoveryFlow-ValidationError-002", "javascript", 400, "If a recovery payload is not provided, the request cannot be constructed correctly.");
|
|
2383
|
-
const endpoint = url ?? `${baseUrl}/flow/execute`;
|
|
2384
|
-
const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
|
|
2385
|
-
const hasOnlyAppIdAndFlowType = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload && Object.keys(cleanPayload).length === 2;
|
|
2386
|
-
const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
2387
|
-
const requestPayload = hasOnlyAppIdAndFlowType || hasOnlyFlowId ? {
|
|
2388
|
-
...cleanPayload,
|
|
2389
|
-
verbose: true
|
|
2390
|
-
} : cleanPayload;
|
|
2391
|
-
const response = await fetch(endpoint, {
|
|
2392
|
-
...requestConfig,
|
|
2393
|
-
body: JSON.stringify(requestPayload),
|
|
2394
|
-
headers: {
|
|
2395
|
-
Accept: "application/json",
|
|
2396
|
-
"Content-Type": "application/json",
|
|
2397
|
-
...requestConfig.headers
|
|
2398
|
-
},
|
|
2399
|
-
method: requestConfig.method || "POST"
|
|
2400
|
-
});
|
|
2401
|
-
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedRecoveryFlow-ResponseError-001", "javascript", response.status, response.statusText, "Recovery request failed");
|
|
2402
|
-
return await response.json();
|
|
2403
|
-
};
|
|
2404
|
-
var executeEmbeddedRecoveryFlowV2_default = executeEmbeddedRecoveryFlowV2;
|
|
2405
|
-
|
|
2406
|
-
//#endregion
|
|
2407
|
-
//#region src/api/v2/executeEmbeddedUserOnboardingFlowV2.ts
|
|
2408
|
-
/**
|
|
2409
|
-
* Executes an embedded user onboarding flow by sending a request to the flow execution endpoint.
|
|
2410
|
-
*
|
|
2411
|
-
* This function handles both:
|
|
2412
|
-
* - Admin flow: Initiates onboarding, collects user details, generates invite link
|
|
2413
|
-
* - End-user flow: Validates invite token and allows password setting
|
|
2414
|
-
*
|
|
2415
|
-
* @param requestConfig - Request configuration object containing URL, payload, and optional auth token.
|
|
2416
|
-
* @returns A promise that resolves with the flow execution response.
|
|
2417
|
-
* @throws ThunderIDAPIError when the request fails or URL is invalid.
|
|
2418
|
-
*
|
|
2419
|
-
* @example
|
|
2420
|
-
* ```typescript
|
|
2421
|
-
* // Admin initiating user onboarding (requires auth token)
|
|
2422
|
-
* const response = await executeEmbeddedUserOnboardingFlowV2({
|
|
2423
|
-
* baseUrl: "https://api.thunder.io",
|
|
2424
|
-
* payload: {
|
|
2425
|
-
* flowType: "USER_ONBOARDING"
|
|
2426
|
-
* },
|
|
2427
|
-
* headers: {
|
|
2428
|
-
* Authorization: `Bearer ${accessToken}`
|
|
2429
|
-
* }
|
|
2430
|
-
* });
|
|
2431
|
-
*
|
|
2432
|
-
* // End-user accepting invite (no auth required)
|
|
2433
|
-
* const response = await executeEmbeddedUserOnboardingFlowV2({
|
|
2434
|
-
* baseUrl: "https://api.thunder.io",
|
|
2435
|
-
* payload: {
|
|
2436
|
-
* executionId: "flow-id-from-url",
|
|
2437
|
-
* inputs: { inviteToken: "token-from-url" }
|
|
2438
|
-
* }
|
|
2439
|
-
* });
|
|
2440
|
-
* ```
|
|
2441
|
-
*/
|
|
2442
|
-
const executeEmbeddedUserOnboardingFlowV2 = async ({ url, baseUrl, payload,...requestConfig }) => {
|
|
2443
|
-
if (!payload) throw new ThunderIDAPIError("User onboarding payload is required", "executeEmbeddedUserOnboardingFlow-ValidationError-002", "javascript", 400, "If a user onboarding payload is not provided, the request cannot be constructed correctly.");
|
|
2444
|
-
const endpoint = url ?? `${baseUrl}/flow/execute`;
|
|
2445
|
-
const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
|
|
2446
|
-
const hasOnlyFlowType = typeof cleanPayload === "object" && cleanPayload !== null && "flowType" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
2447
|
-
const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
|
|
2448
|
-
const hasFlowIdWithInputs = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && "inputs" in cleanPayload;
|
|
2449
|
-
const requestPayload = hasOnlyFlowType || hasOnlyFlowId || hasFlowIdWithInputs ? {
|
|
2450
|
-
...cleanPayload,
|
|
2451
|
-
verbose: true
|
|
2452
|
-
} : cleanPayload;
|
|
2453
|
-
if ("flowType" in requestPayload && requestPayload["flowType"] !== EmbeddedFlowType.UserOnboarding) requestPayload["flowType"] = EmbeddedFlowType.UserOnboarding;
|
|
2454
|
-
const response = await fetch(endpoint, {
|
|
2455
|
-
...requestConfig,
|
|
2456
|
-
body: JSON.stringify(requestPayload),
|
|
2457
|
-
headers: {
|
|
2458
|
-
Accept: "application/json",
|
|
2459
|
-
"Content-Type": "application/json",
|
|
2460
|
-
...requestConfig.headers
|
|
2461
|
-
},
|
|
2462
|
-
method: requestConfig.method || "POST"
|
|
2463
|
-
});
|
|
2464
|
-
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedUserOnboardingFlow-ResponseError-001", "javascript", response.status, response.statusText, "User onboarding request failed");
|
|
2465
|
-
return await response.json();
|
|
2293
|
+
return createPackageLogger(packageName).child(component);
|
|
2466
2294
|
};
|
|
2467
|
-
var executeEmbeddedUserOnboardingFlowV2_default = executeEmbeddedUserOnboardingFlowV2;
|
|
2468
2295
|
|
|
2469
2296
|
//#endregion
|
|
2470
|
-
//#region src/api/
|
|
2297
|
+
//#region src/api/getBrandingPreference.ts
|
|
2471
2298
|
/**
|
|
2472
|
-
*
|
|
2473
|
-
*
|
|
2474
|
-
* The response includes:
|
|
2475
|
-
* - Application or OU details depending on the `type` parameter
|
|
2476
|
-
* - Resolved design configuration (theme and layout)
|
|
2477
|
-
* - i18n translations filtered by `language` and `namespace`
|
|
2478
|
-
* - Registration flow enablement status
|
|
2479
|
-
*
|
|
2480
|
-
* @param config - Request configuration including `baseUrl`/`url`, and optional
|
|
2481
|
-
* `type`, `id`, `language`, and `namespace` filters. When `type`
|
|
2482
|
-
* and `id` are omitted the server returns i18n-only metadata.
|
|
2483
|
-
* @returns A promise that resolves to the {@link FlowMetadataResponse}.
|
|
2484
|
-
*
|
|
2485
|
-
* @throws {ThunderIDAPIError} When the server returns a non-OK response.
|
|
2299
|
+
* Retrieves branding preference configuration.
|
|
2486
2300
|
*
|
|
2301
|
+
* @param config - Configuration object containing baseUrl, optional query parameters, and request config.
|
|
2302
|
+
* @returns A promise that resolves with the branding preference information.
|
|
2487
2303
|
* @example
|
|
2488
2304
|
* ```typescript
|
|
2489
|
-
*
|
|
2490
|
-
*
|
|
2491
|
-
*
|
|
2492
|
-
*
|
|
2493
|
-
*
|
|
2494
|
-
*
|
|
2495
|
-
*
|
|
2496
|
-
*
|
|
2497
|
-
*
|
|
2498
|
-
* })
|
|
2499
|
-
*
|
|
2500
|
-
*
|
|
2501
|
-
*
|
|
2305
|
+
* // Using default fetch
|
|
2306
|
+
* try {
|
|
2307
|
+
* const response = await getBrandingPreference({
|
|
2308
|
+
* baseUrl: "https://localhost:8090",
|
|
2309
|
+
* locale: "en-US",
|
|
2310
|
+
* name: "my-branding",
|
|
2311
|
+
* type: "org"
|
|
2312
|
+
* });
|
|
2313
|
+
* console.log(response.theme);
|
|
2314
|
+
* } catch (error) {
|
|
2315
|
+
* if (error instanceof ThunderIDAPIError) {
|
|
2316
|
+
* console.error('Failed to get branding preference:', error.message);
|
|
2317
|
+
* }
|
|
2318
|
+
* }
|
|
2502
2319
|
* ```
|
|
2503
2320
|
*
|
|
2504
|
-
* @experimental This function targets the ThunderID V2 platform API
|
|
2505
|
-
*/
|
|
2506
|
-
const getFlowMetaV2 = async ({ url, baseUrl, type, id, language, namespace,...requestConfig }) => {
|
|
2507
|
-
const queryParams = new URLSearchParams({
|
|
2508
|
-
...id ? { id } : {},
|
|
2509
|
-
...type ? { type } : {},
|
|
2510
|
-
...language ? { language } : {},
|
|
2511
|
-
...namespace ? { namespace } : {}
|
|
2512
|
-
});
|
|
2513
|
-
const endpoint = `${url ?? `${baseUrl}/flow/meta`}?${queryParams.toString()}`;
|
|
2514
|
-
const response = await fetch(endpoint, {
|
|
2515
|
-
...requestConfig,
|
|
2516
|
-
headers: {
|
|
2517
|
-
Accept: "application/json",
|
|
2518
|
-
...requestConfig.headers
|
|
2519
|
-
},
|
|
2520
|
-
method: "GET"
|
|
2521
|
-
});
|
|
2522
|
-
if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getFlowMetaV2-ResponseError-001", "javascript", response.status, response.statusText, "Flow metadata request failed");
|
|
2523
|
-
return await response.json();
|
|
2524
|
-
};
|
|
2525
|
-
var getFlowMetaV2_default = getFlowMetaV2;
|
|
2526
|
-
|
|
2527
|
-
//#endregion
|
|
2528
|
-
//#region src/api/v2/getOrganizationUnitChildren.ts
|
|
2529
|
-
/**
|
|
2530
|
-
* Retrieves the child organization units of a given parent OU.
|
|
2531
|
-
*
|
|
2532
|
-
* @param config - Request configuration including `baseUrl`/`url`, `organizationUnitId`,
|
|
2533
|
-
* and optional `limit`/`offset` pagination parameters.
|
|
2534
|
-
* @returns A promise that resolves with the paginated list of child organization units.
|
|
2535
|
-
*
|
|
2536
|
-
* @throws {ThunderIDAPIError} When the server returns a non-OK response.
|
|
2537
|
-
*
|
|
2538
2321
|
* @example
|
|
2539
2322
|
* ```typescript
|
|
2540
|
-
*
|
|
2541
|
-
*
|
|
2542
|
-
*
|
|
2543
|
-
*
|
|
2544
|
-
*
|
|
2545
|
-
*
|
|
2546
|
-
*
|
|
2323
|
+
* // Using custom fetcher (e.g., axios-based httpClient)
|
|
2324
|
+
* try {
|
|
2325
|
+
* const response = await getBrandingPreference({
|
|
2326
|
+
* baseUrl: "https://localhost:8090",
|
|
2327
|
+
* locale: "en-US",
|
|
2328
|
+
* name: "my-branding",
|
|
2329
|
+
* type: "org",
|
|
2330
|
+
* fetcher: async (url, config) => {
|
|
2331
|
+
* const response = await httpClient({
|
|
2332
|
+
* url,
|
|
2333
|
+
* method: config.method,
|
|
2334
|
+
* headers: config.headers,
|
|
2335
|
+
* ...config
|
|
2336
|
+
* });
|
|
2337
|
+
* // Convert axios-like response to fetch-like Response
|
|
2338
|
+
* return {
|
|
2339
|
+
* ok: response.status >= 200 && response.status < 300,
|
|
2340
|
+
* status: response.status,
|
|
2341
|
+
* statusText: response.statusText,
|
|
2342
|
+
* json: () => Promise.resolve(response.data),
|
|
2343
|
+
* text: () => Promise.resolve(typeof response.data === 'string' ? response.data : JSON.stringify(response.data))
|
|
2344
|
+
* } as Response;
|
|
2345
|
+
* }
|
|
2346
|
+
* });
|
|
2347
|
+
* console.log(response.theme);
|
|
2348
|
+
* } catch (error) {
|
|
2349
|
+
* if (error instanceof ThunderIDAPIError) {
|
|
2350
|
+
* console.error('Failed to get branding preference:', error.message);
|
|
2351
|
+
* }
|
|
2352
|
+
* }
|
|
2547
2353
|
* ```
|
|
2548
|
-
*
|
|
2549
|
-
* @experimental This function targets the ThunderID V2 platform API
|
|
2550
2354
|
*/
|
|
2551
|
-
const
|
|
2552
|
-
|
|
2553
|
-
|
|
2554
|
-
|
|
2555
|
-
|
|
2556
|
-
}
|
|
2557
|
-
const
|
|
2558
|
-
|
|
2355
|
+
const getBrandingPreference = async ({ baseUrl, locale, name, type, fetcher,...requestConfig }) => {
|
|
2356
|
+
try {
|
|
2357
|
+
new URL(baseUrl);
|
|
2358
|
+
} catch (error$1) {
|
|
2359
|
+
throw new ThunderIDAPIError(`Invalid base URL provided. ${error$1?.toString()}`, "getBrandingPreference-ValidationError-001", "javascript", 400, "The provided `baseUrl` does not adhere to the URL schema.");
|
|
2360
|
+
}
|
|
2361
|
+
const queryParams = new URLSearchParams(Object.fromEntries(Object.entries({
|
|
2362
|
+
locale: locale || "",
|
|
2363
|
+
name: name || "",
|
|
2364
|
+
type: type || ""
|
|
2365
|
+
}).filter(([, value]) => Boolean(value))));
|
|
2366
|
+
const fetchFn = fetcher || fetch;
|
|
2367
|
+
const resolvedUrl = `${baseUrl}/api/server/v1/branding-preference/resolve${queryParams.toString() ? `?${queryParams.toString()}` : ""}`;
|
|
2368
|
+
const requestInit = {
|
|
2559
2369
|
...requestConfig,
|
|
2560
2370
|
headers: {
|
|
2561
2371
|
Accept: "application/json",
|
|
2372
|
+
"Content-Type": "application/json",
|
|
2562
2373
|
...requestConfig.headers
|
|
2563
2374
|
},
|
|
2564
2375
|
method: "GET"
|
|
2565
|
-
}
|
|
2566
|
-
|
|
2567
|
-
|
|
2376
|
+
};
|
|
2377
|
+
try {
|
|
2378
|
+
const response = await fetchFn(resolvedUrl, requestInit);
|
|
2379
|
+
if (!response?.ok) {
|
|
2380
|
+
const errorText = await response.text();
|
|
2381
|
+
let errorDescription;
|
|
2382
|
+
try {
|
|
2383
|
+
const errorBody = JSON.parse(errorText);
|
|
2384
|
+
errorDescription = errorBody?.description || errorBody?.message || errorText;
|
|
2385
|
+
} catch {
|
|
2386
|
+
errorDescription = errorText;
|
|
2387
|
+
}
|
|
2388
|
+
logger_default.warn(`[BrandingError] ${errorDescription} To resolve this issue, please configure branding preferences in the ThunderID console. If you want to suppress this warning and stop fetching branding preferences, set \`<ThunderIDProvider>\` -> \`preferences\` -> \`theme\` -> \`inheritFromBranding\` to false.`);
|
|
2389
|
+
throw new ThunderIDAPIError(errorText, "getBrandingPreference-ResponseError-001", "javascript", response.status, response.statusText, "Failed to get branding preference");
|
|
2390
|
+
}
|
|
2391
|
+
return await response.json();
|
|
2392
|
+
} catch (error$1) {
|
|
2393
|
+
if (error$1 instanceof ThunderIDAPIError) throw error$1;
|
|
2394
|
+
throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getBrandingPreference-NetworkError-001", "javascript", 0, "Network Error");
|
|
2395
|
+
}
|
|
2568
2396
|
};
|
|
2569
|
-
var
|
|
2397
|
+
var getBrandingPreference_default = getBrandingPreference;
|
|
2570
2398
|
|
|
2571
2399
|
//#endregion
|
|
2572
2400
|
//#region src/constants/ApplicationNativeAuthenticationConstants.ts
|
|
@@ -2666,240 +2494,94 @@ const OIDCRequestConstants = {
|
|
|
2666
2494
|
SIGN_OUT_SUCCESS: "sign_out_success",
|
|
2667
2495
|
STATE: "state"
|
|
2668
2496
|
},
|
|
2669
|
-
SignIn: { Payload: { DEFAULT_SCOPES: [
|
|
2670
|
-
ScopeConstants_default.OPENID,
|
|
2671
|
-
ScopeConstants_default.PROFILE,
|
|
2672
|
-
ScopeConstants_default.INTERNAL_LOGIN
|
|
2673
|
-
] } },
|
|
2674
|
-
SignOut: { Storage: { StorageKeys: { SIGN_OUT_URL: "sign_out_url" } } }
|
|
2675
|
-
};
|
|
2676
|
-
var OIDCRequestConstants_default = OIDCRequestConstants;
|
|
2677
|
-
|
|
2678
|
-
//#endregion
|
|
2679
|
-
//#region src/constants/VendorConstants.ts
|
|
2680
|
-
/**
|
|
2681
|
-
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
|
|
2682
|
-
*
|
|
2683
|
-
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
2684
|
-
* Version 2.0 (the "License"); you may not use this file except
|
|
2685
|
-
* in compliance with the License.
|
|
2686
|
-
* You may obtain a copy of the License at
|
|
2687
|
-
*
|
|
2688
|
-
* http://www.apache.org/licenses/LICENSE-2.0
|
|
2689
|
-
*
|
|
2690
|
-
* Unless required by applicable law or agreed to in writing,
|
|
2691
|
-
* software distributed under the License is distributed on an
|
|
2692
|
-
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
2693
|
-
* KIND, either express or implied. See the License for the
|
|
2694
|
-
* specific language governing permissions and limitations
|
|
2695
|
-
* under the License.
|
|
2696
|
-
*/
|
|
2697
|
-
/**
|
|
2698
|
-
* Constants for vendor-specific configurations.
|
|
2699
|
-
* By default, the vendor is inferred as ThunderID.
|
|
2700
|
-
*
|
|
2701
|
-
* @example
|
|
2702
|
-
* ```typescript
|
|
2703
|
-
* // Using the vendor prefix in a URL
|
|
2704
|
-
* const apiUrl = `${VendorConstants.VENDOR_PREFIX}/api/v1/resource`;
|
|
2705
|
-
* ```
|
|
2706
|
-
*/
|
|
2707
|
-
const VendorConstants = { VENDOR_PREFIX: "thunderid" };
|
|
2708
|
-
var VendorConstants_default = VendorConstants;
|
|
2709
|
-
|
|
2710
|
-
//#endregion
|
|
2711
|
-
//#region src/models/embedded-signin-flow.ts
|
|
2712
|
-
let EmbeddedSignInFlowStatus = /* @__PURE__ */ function(EmbeddedSignInFlowStatus$2) {
|
|
2713
|
-
EmbeddedSignInFlowStatus$2["FailCompleted"] = "FAIL_COMPLETED";
|
|
2714
|
-
EmbeddedSignInFlowStatus$2["FailIncomplete"] = "FAIL_INCOMPLETE";
|
|
2715
|
-
EmbeddedSignInFlowStatus$2["Incomplete"] = "INCOMPLETE";
|
|
2716
|
-
EmbeddedSignInFlowStatus$2["SuccessCompleted"] = "SUCCESS_COMPLETED";
|
|
2717
|
-
return EmbeddedSignInFlowStatus$2;
|
|
2718
|
-
}({});
|
|
2719
|
-
let EmbeddedSignInFlowType = /* @__PURE__ */ function(EmbeddedSignInFlowType$2) {
|
|
2720
|
-
EmbeddedSignInFlowType$2["Authentication"] = "AUTHENTICATION";
|
|
2721
|
-
return EmbeddedSignInFlowType$2;
|
|
2722
|
-
}({});
|
|
2723
|
-
let EmbeddedSignInFlowStepType = /* @__PURE__ */ function(EmbeddedSignInFlowStepType$1) {
|
|
2724
|
-
EmbeddedSignInFlowStepType$1["AuthenticatorPrompt"] = "AUTHENTICATOR_PROMPT";
|
|
2725
|
-
EmbeddedSignInFlowStepType$1["MultiOptionsPrompt"] = "MULTI_OPTIONS_PROMPT";
|
|
2726
|
-
return EmbeddedSignInFlowStepType$1;
|
|
2727
|
-
}({});
|
|
2728
|
-
let EmbeddedSignInFlowAuthenticatorParamType = /* @__PURE__ */ function(EmbeddedSignInFlowAuthenticatorParamType$1) {
|
|
2729
|
-
EmbeddedSignInFlowAuthenticatorParamType$1["Integer"] = "INTEGER";
|
|
2730
|
-
EmbeddedSignInFlowAuthenticatorParamType$1["MultiValued"] = "MULTI_VALUED";
|
|
2731
|
-
EmbeddedSignInFlowAuthenticatorParamType$1["String"] = "STRING";
|
|
2732
|
-
return EmbeddedSignInFlowAuthenticatorParamType$1;
|
|
2733
|
-
}({});
|
|
2734
|
-
let EmbeddedSignInFlowAuthenticatorExtendedParamType = /* @__PURE__ */ function(EmbeddedSignInFlowAuthenticatorExtendedParamType$1) {
|
|
2735
|
-
EmbeddedSignInFlowAuthenticatorExtendedParamType$1["Otp"] = "OTPCode";
|
|
2736
|
-
return EmbeddedSignInFlowAuthenticatorExtendedParamType$1;
|
|
2737
|
-
}({});
|
|
2738
|
-
let EmbeddedSignInFlowAuthenticatorKnownIdPType = /* @__PURE__ */ function(EmbeddedSignInFlowAuthenticatorKnownIdPType$1) {
|
|
2739
|
-
EmbeddedSignInFlowAuthenticatorKnownIdPType$1["Local"] = "LOCAL";
|
|
2740
|
-
return EmbeddedSignInFlowAuthenticatorKnownIdPType$1;
|
|
2741
|
-
}({});
|
|
2742
|
-
let EmbeddedSignInFlowAuthenticatorPromptType = /* @__PURE__ */ function(EmbeddedSignInFlowAuthenticatorPromptType$1) {
|
|
2743
|
-
/**
|
|
2744
|
-
* Prompt for internal system use, such as API keys or tokens.
|
|
2745
|
-
*/
|
|
2746
|
-
EmbeddedSignInFlowAuthenticatorPromptType$1["InternalPrompt"] = "INTERNAL_PROMPT";
|
|
2747
|
-
/**
|
|
2748
|
-
* Prompt for redirection to another page or service.
|
|
2749
|
-
*/
|
|
2750
|
-
EmbeddedSignInFlowAuthenticatorPromptType$1["RedirectionPrompt"] = "REDIRECTION_PROMPT";
|
|
2751
|
-
/**
|
|
2752
|
-
* Prompt for user input, typically for username/password or similar credentials.
|
|
2753
|
-
*/
|
|
2754
|
-
EmbeddedSignInFlowAuthenticatorPromptType$1["UserPrompt"] = "USER_PROMPT";
|
|
2755
|
-
return EmbeddedSignInFlowAuthenticatorPromptType$1;
|
|
2756
|
-
}({});
|
|
2757
|
-
|
|
2758
|
-
//#endregion
|
|
2759
|
-
//#region src/models/v2/embedded-flow-v2.ts
|
|
2760
|
-
/**
|
|
2761
|
-
* Component types supported by the ThunderID embedded flow API.
|
|
2762
|
-
*
|
|
2763
|
-
* These types define the different UI components that can be rendered
|
|
2764
|
-
* as part of the embedded authentication flows. Each type corresponds
|
|
2765
|
-
* to a specific UI element with its own behavior and properties.
|
|
2766
|
-
*
|
|
2767
|
-
* @example
|
|
2768
|
-
* ```typescript
|
|
2769
|
-
* // Check component type to render appropriate UI
|
|
2770
|
-
* if (component.type === EmbeddedFlowComponentType.TextInput) {
|
|
2771
|
-
* // Render text input field
|
|
2772
|
-
* } else if (component.type === EmbeddedFlowComponentType.Action) {
|
|
2773
|
-
* // Render button/action
|
|
2774
|
-
* }
|
|
2775
|
-
* ```
|
|
2776
|
-
*
|
|
2777
|
-
* @experimental This API may change in future versions
|
|
2778
|
-
*/
|
|
2779
|
-
let EmbeddedFlowComponentType$1 = /* @__PURE__ */ function(EmbeddedFlowComponentType$2) {
|
|
2780
|
-
/** Interactive action component (buttons, links) for user interactions */
|
|
2781
|
-
EmbeddedFlowComponentType$2["Action"] = "ACTION";
|
|
2782
|
-
/** Container block component that groups other components */
|
|
2783
|
-
EmbeddedFlowComponentType$2["Block"] = "BLOCK";
|
|
2784
|
-
/** Consent component for displaying consent purposes and attributes */
|
|
2785
|
-
EmbeddedFlowComponentType$2["Consent"] = "CONSENT";
|
|
2786
|
-
/** Copyable text display component that shows text with a copy-to-clipboard action */
|
|
2787
|
-
EmbeddedFlowComponentType$2["CopyableText"] = "COPYABLE_TEXT";
|
|
2788
|
-
/** Divider component for visual separation of content */
|
|
2789
|
-
EmbeddedFlowComponentType$2["Divider"] = "DIVIDER";
|
|
2790
|
-
/** Email input field with validation for email addresses. */
|
|
2791
|
-
EmbeddedFlowComponentType$2["EmailInput"] = "EMAIL_INPUT";
|
|
2792
|
-
/** Icon display component for rendering named vector icons */
|
|
2793
|
-
EmbeddedFlowComponentType$2["Icon"] = "ICON";
|
|
2794
|
-
/** Image display component for logos and illustrations */
|
|
2795
|
-
EmbeddedFlowComponentType$2["Image"] = "IMAGE";
|
|
2796
|
-
/** One-time password input field for multi-factor authentication */
|
|
2797
|
-
EmbeddedFlowComponentType$2["OtpInput"] = "OTP_INPUT";
|
|
2798
|
-
/** Organization unit tree picker for selecting an OU */
|
|
2799
|
-
EmbeddedFlowComponentType$2["OuSelect"] = "OU_SELECT";
|
|
2800
|
-
/** Password input field with masking for sensitive data */
|
|
2801
|
-
EmbeddedFlowComponentType$2["PasswordInput"] = "PASSWORD_INPUT";
|
|
2802
|
-
/** Phone number input field with country code support */
|
|
2803
|
-
EmbeddedFlowComponentType$2["PhoneInput"] = "PHONE_INPUT";
|
|
2804
|
-
/** Rich text display component that renders formatted HTML content */
|
|
2805
|
-
EmbeddedFlowComponentType$2["RichText"] = "RICH_TEXT";
|
|
2806
|
-
/** Select/dropdown input component for single choice selection */
|
|
2807
|
-
EmbeddedFlowComponentType$2["Select"] = "SELECT";
|
|
2808
|
-
/** Stack layout component for arranging children in a row or column */
|
|
2809
|
-
EmbeddedFlowComponentType$2["Stack"] = "STACK";
|
|
2810
|
-
/** Text display component for labels, headings, and messages */
|
|
2811
|
-
EmbeddedFlowComponentType$2["Text"] = "TEXT";
|
|
2812
|
-
/** Standard text input field for user data entry */
|
|
2813
|
-
EmbeddedFlowComponentType$2["TextInput"] = "TEXT_INPUT";
|
|
2814
|
-
/** Timer component for displaying a countdown */
|
|
2815
|
-
EmbeddedFlowComponentType$2["Timer"] = "TIMER";
|
|
2816
|
-
/** QR code display component for wallet-based flows (e.g. OpenID4VP) */
|
|
2817
|
-
EmbeddedFlowComponentType$2["QrCode"] = "QR_CODE";
|
|
2818
|
-
return EmbeddedFlowComponentType$2;
|
|
2819
|
-
}({});
|
|
2497
|
+
SignIn: { Payload: { DEFAULT_SCOPES: [
|
|
2498
|
+
ScopeConstants_default.OPENID,
|
|
2499
|
+
ScopeConstants_default.PROFILE,
|
|
2500
|
+
ScopeConstants_default.INTERNAL_LOGIN
|
|
2501
|
+
] } },
|
|
2502
|
+
SignOut: { Storage: { StorageKeys: { SIGN_OUT_URL: "sign_out_url" } } }
|
|
2503
|
+
};
|
|
2504
|
+
var OIDCRequestConstants_default = OIDCRequestConstants;
|
|
2505
|
+
|
|
2506
|
+
//#endregion
|
|
2507
|
+
//#region src/constants/VendorConstants.ts
|
|
2820
2508
|
/**
|
|
2821
|
-
*
|
|
2509
|
+
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
|
|
2822
2510
|
*
|
|
2823
|
-
*
|
|
2511
|
+
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
2512
|
+
* Version 2.0 (the "License"); you may not use this file except
|
|
2513
|
+
* in compliance with the License.
|
|
2514
|
+
* You may obtain a copy of the License at
|
|
2515
|
+
*
|
|
2516
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
2517
|
+
*
|
|
2518
|
+
* Unless required by applicable law or agreed to in writing,
|
|
2519
|
+
* software distributed under the License is distributed on an
|
|
2520
|
+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
2521
|
+
* KIND, either express or implied. See the License for the
|
|
2522
|
+
* specific language governing permissions and limitations
|
|
2523
|
+
* under the License.
|
|
2824
2524
|
*/
|
|
2825
|
-
let EmbeddedFlowActionVariant = /* @__PURE__ */ function(EmbeddedFlowActionVariant$1) {
|
|
2826
|
-
/** Danger action button for destructive operations */
|
|
2827
|
-
EmbeddedFlowActionVariant$1["Danger"] = "DANGER";
|
|
2828
|
-
/** Info action button for informational purposes */
|
|
2829
|
-
EmbeddedFlowActionVariant$1["Info"] = "INFO";
|
|
2830
|
-
/** Link-styled action button */
|
|
2831
|
-
EmbeddedFlowActionVariant$1["Link"] = "LINK";
|
|
2832
|
-
/** Outlined action button for secondary emphasis */
|
|
2833
|
-
EmbeddedFlowActionVariant$1["Outlined"] = "OUTLINED";
|
|
2834
|
-
/** Primary action button with highest visual emphasis */
|
|
2835
|
-
EmbeddedFlowActionVariant$1["Primary"] = "PRIMARY";
|
|
2836
|
-
/** Secondary action button with moderate visual emphasis */
|
|
2837
|
-
EmbeddedFlowActionVariant$1["Secondary"] = "SECONDARY";
|
|
2838
|
-
/** Success action button for positive confirmations */
|
|
2839
|
-
EmbeddedFlowActionVariant$1["Success"] = "SUCCESS";
|
|
2840
|
-
/** Tertiary action button with minimal visual emphasis */
|
|
2841
|
-
EmbeddedFlowActionVariant$1["Tertiary"] = "TERTIARY";
|
|
2842
|
-
/** Warning action button for cautionary actions */
|
|
2843
|
-
EmbeddedFlowActionVariant$1["Warning"] = "WARNING";
|
|
2844
|
-
return EmbeddedFlowActionVariant$1;
|
|
2845
|
-
}({});
|
|
2846
2525
|
/**
|
|
2847
|
-
*
|
|
2526
|
+
* Constants for vendor-specific configurations.
|
|
2527
|
+
* By default, the vendor is inferred as ThunderID.
|
|
2848
2528
|
*
|
|
2849
|
-
* @
|
|
2529
|
+
* @example
|
|
2530
|
+
* ```typescript
|
|
2531
|
+
* // Using the vendor prefix in a URL
|
|
2532
|
+
* const apiUrl = `${VendorConstants.VENDOR_PREFIX}/api/v1/resource`;
|
|
2533
|
+
* ```
|
|
2850
2534
|
*/
|
|
2851
|
-
|
|
2852
|
-
|
|
2853
|
-
|
|
2854
|
-
|
|
2855
|
-
|
|
2856
|
-
/** Text styled for button labels */
|
|
2857
|
-
EmbeddedFlowTextVariant$1["ButtonText"] = "BUTTON_TEXT";
|
|
2858
|
-
/** Small caption text for annotations and descriptions */
|
|
2859
|
-
EmbeddedFlowTextVariant$1["Caption"] = "CAPTION";
|
|
2860
|
-
/** Largest heading level for main titles */
|
|
2861
|
-
EmbeddedFlowTextVariant$1["Heading1"] = "HEADING_1";
|
|
2862
|
-
/** Second level heading for major sections */
|
|
2863
|
-
EmbeddedFlowTextVariant$1["Heading2"] = "HEADING_2";
|
|
2864
|
-
/** Third level heading for subsections */
|
|
2865
|
-
EmbeddedFlowTextVariant$1["Heading3"] = "HEADING_3";
|
|
2866
|
-
/** Fourth level heading for minor sections */
|
|
2867
|
-
EmbeddedFlowTextVariant$1["Heading4"] = "HEADING_4";
|
|
2868
|
-
/** Fifth level heading for detailed sections */
|
|
2869
|
-
EmbeddedFlowTextVariant$1["Heading5"] = "HEADING_5";
|
|
2870
|
-
/** Smallest heading level for fine-grained sections */
|
|
2871
|
-
EmbeddedFlowTextVariant$1["Heading6"] = "HEADING_6";
|
|
2872
|
-
/** Overline text for labels and categories */
|
|
2873
|
-
EmbeddedFlowTextVariant$1["Overline"] = "OVERLINE";
|
|
2874
|
-
/** Primary subtitle text with larger emphasis */
|
|
2875
|
-
EmbeddedFlowTextVariant$1["Subtitle1"] = "SUBTITLE_1";
|
|
2876
|
-
/** Secondary subtitle text with moderate emphasis */
|
|
2877
|
-
EmbeddedFlowTextVariant$1["Subtitle2"] = "SUBTITLE_2";
|
|
2878
|
-
return EmbeddedFlowTextVariant$1;
|
|
2879
|
-
}({});
|
|
2535
|
+
const VendorConstants = { VENDOR_PREFIX: "thunderid" };
|
|
2536
|
+
var VendorConstants_default = VendorConstants;
|
|
2537
|
+
|
|
2538
|
+
//#endregion
|
|
2539
|
+
//#region src/errors/ThunderIDRuntimeError.ts
|
|
2880
2540
|
/**
|
|
2881
|
-
*
|
|
2541
|
+
* Base class for all runtime errors in ThunderID. This class extends ThunderIDError
|
|
2542
|
+
* and adds support for additional error details. Use this class for errors that occur
|
|
2543
|
+
* during runtime execution that are not related to API calls.
|
|
2882
2544
|
*
|
|
2883
|
-
* @
|
|
2545
|
+
* @example
|
|
2546
|
+
* ```typescript
|
|
2547
|
+
* throw new ThunderIDRuntimeError(
|
|
2548
|
+
* "Failed to parse configuration",
|
|
2549
|
+
* "CONFIG_PARSE_ERROR",
|
|
2550
|
+
* { invalidField: "redirectUri" }
|
|
2551
|
+
* );
|
|
2552
|
+
* ```
|
|
2884
2553
|
*/
|
|
2885
|
-
|
|
2886
|
-
/**
|
|
2887
|
-
|
|
2888
|
-
|
|
2889
|
-
|
|
2890
|
-
|
|
2891
|
-
|
|
2892
|
-
|
|
2893
|
-
|
|
2894
|
-
|
|
2895
|
-
|
|
2896
|
-
|
|
2897
|
-
|
|
2898
|
-
|
|
2899
|
-
|
|
2554
|
+
var ThunderIDRuntimeError = class extends ThunderIDError {
|
|
2555
|
+
/**
|
|
2556
|
+
* Creates an instance of ThunderIDRuntimeError.
|
|
2557
|
+
*
|
|
2558
|
+
* @param message - Human-readable description of the error
|
|
2559
|
+
* @param code - A unique error code that identifies the error type
|
|
2560
|
+
* @param details - Additional details about the error that might be helpful for debugging
|
|
2561
|
+
* @param origin - Optional. The SDK origin (e.g. 'react', 'vue'). Defaults to generic 'ThunderID'
|
|
2562
|
+
* @constructor
|
|
2563
|
+
*/
|
|
2564
|
+
constructor(message, code, origin, details) {
|
|
2565
|
+
super(message, code, origin);
|
|
2566
|
+
this.details = details;
|
|
2567
|
+
Object.defineProperty(this, "name", {
|
|
2568
|
+
configurable: true,
|
|
2569
|
+
value: "ThunderIDRuntimeError",
|
|
2570
|
+
writable: true
|
|
2571
|
+
});
|
|
2572
|
+
}
|
|
2573
|
+
/**
|
|
2574
|
+
* Returns a string representation of the runtime error
|
|
2575
|
+
* @returns Formatted error string with name, code, details, and message
|
|
2576
|
+
*/
|
|
2577
|
+
toString() {
|
|
2578
|
+
const details = this.details ? `\nDetails: ${JSON.stringify(this.details, null, 2)}` : "";
|
|
2579
|
+
return `[${this.name}] (code="${this.code}")${details}\nMessage: ${this.message}`;
|
|
2580
|
+
}
|
|
2581
|
+
};
|
|
2900
2582
|
|
|
2901
2583
|
//#endregion
|
|
2902
|
-
//#region src/models/
|
|
2584
|
+
//#region src/models/embedded-recovery-flow.ts
|
|
2903
2585
|
/**
|
|
2904
2586
|
* Status enumeration for the embedded recovery flow operations.
|
|
2905
2587
|
*
|
|
@@ -2940,7 +2622,7 @@ let EmbeddedRecoveryFlowType = /* @__PURE__ */ function(EmbeddedRecoveryFlowType
|
|
|
2940
2622
|
}({});
|
|
2941
2623
|
|
|
2942
2624
|
//#endregion
|
|
2943
|
-
//#region src/models/
|
|
2625
|
+
//#region src/models/flow-meta.ts
|
|
2944
2626
|
/**
|
|
2945
2627
|
* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
|
|
2946
2628
|
*
|
|
@@ -3266,13 +2948,6 @@ var DefaultCrypto = class {
|
|
|
3266
2948
|
}
|
|
3267
2949
|
};
|
|
3268
2950
|
|
|
3269
|
-
//#endregion
|
|
3270
|
-
//#region src/models/agent.ts
|
|
3271
|
-
let AgentConfig;
|
|
3272
|
-
(function(_AgentConfig) {
|
|
3273
|
-
_AgentConfig.DEFAULT_AUTHENTICATOR_NAME = "Username & Password";
|
|
3274
|
-
})(AgentConfig || (AgentConfig = {}));
|
|
3275
|
-
|
|
3276
2951
|
//#endregion
|
|
3277
2952
|
//#region src/models/store.ts
|
|
3278
2953
|
/**
|
|
@@ -4244,10 +3919,10 @@ var ThunderIDJavaScriptClient = class {
|
|
|
4244
3919
|
signInSilently(_options) {
|
|
4245
3920
|
throw new Error("Method not implemented.");
|
|
4246
3921
|
}
|
|
4247
|
-
signUp(
|
|
3922
|
+
signUp(_options) {
|
|
4248
3923
|
throw new Error("Method not implemented.");
|
|
4249
3924
|
}
|
|
4250
|
-
recover(
|
|
3925
|
+
recover() {
|
|
4251
3926
|
throw new Error("Method not implemented.");
|
|
4252
3927
|
}
|
|
4253
3928
|
switchOrganization(_organization, _sessionId) {
|
|
@@ -4471,6 +4146,125 @@ var ThunderIDJavaScriptClient = class {
|
|
|
4471
4146
|
this.authHelper.clearSession(userId);
|
|
4472
4147
|
return response;
|
|
4473
4148
|
}
|
|
4149
|
+
async initiateCIBA(options) {
|
|
4150
|
+
if (!await this.storageManager.getTemporaryDataParameter(OIDCDiscoveryConstants_default.Storage.StorageKeys.OPENID_PROVIDER_CONFIG_INITIATED)) await this.loadOpenIDProviderConfiguration(false);
|
|
4151
|
+
const backchannelEndpoint = (await this.oidcProviderMetaDataProvider()).backchannel_authentication_endpoint;
|
|
4152
|
+
if (!backchannelEndpoint || backchannelEndpoint.trim().length === 0) throw new ThunderIDAPIError("No backchannel_authentication_endpoint was found in the OIDC provider metadata.", "JS-AUTH_CORE-CIBA1-NF01", "javascript");
|
|
4153
|
+
const hintCount = [
|
|
4154
|
+
options.loginHint,
|
|
4155
|
+
options.loginHintToken,
|
|
4156
|
+
options.idTokenHint
|
|
4157
|
+
].filter(Boolean).length;
|
|
4158
|
+
if (hintCount === 0) throw new ThunderIDAPIError("Provide one of loginHint, loginHintToken, or idTokenHint.", "JS-AUTH_CORE-CIBA1-IV01", "javascript", void 0, void 0, "CIBA initiation requires exactly one hint");
|
|
4159
|
+
if (hintCount > 1) throw new ThunderIDAPIError("Only one of loginHint, loginHintToken, or idTokenHint may be set.", "JS-AUTH_CORE-CIBA1-IV02", "javascript", void 0, void 0, "CIBA initiation received multiple hints");
|
|
4160
|
+
const configData = await this.configProvider();
|
|
4161
|
+
const hasSecret = Boolean(configData.clientSecret && configData.clientSecret.trim().length > 0);
|
|
4162
|
+
const tokenEndpointAuthMethod = configData.tokenRequest?.authMethod ?? "client_secret_basic";
|
|
4163
|
+
const body = new URLSearchParams();
|
|
4164
|
+
body.set("client_id", configData.clientId ?? "");
|
|
4165
|
+
if (hasSecret && tokenEndpointAuthMethod === "client_secret_post") body.set("client_secret", configData.clientSecret);
|
|
4166
|
+
const scopeStr = processOpenIDScopes_default(configData.scopes);
|
|
4167
|
+
if (scopeStr) body.set("scope", scopeStr);
|
|
4168
|
+
if (options.loginHint) body.set("login_hint", options.loginHint);
|
|
4169
|
+
if (options.loginHintToken) body.set("login_hint_token", options.loginHintToken);
|
|
4170
|
+
if (options.idTokenHint) body.set("id_token_hint", options.idTokenHint);
|
|
4171
|
+
if (options.bindingMessage) body.set("binding_message", options.bindingMessage);
|
|
4172
|
+
if (options.acrValues) body.set("acr_values", options.acrValues);
|
|
4173
|
+
if (options.requestedExpiry !== void 0) body.set("requested_expiry", String(options.requestedExpiry));
|
|
4174
|
+
const headers = {
|
|
4175
|
+
Accept: "application/json",
|
|
4176
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
4177
|
+
};
|
|
4178
|
+
if (hasSecret && tokenEndpointAuthMethod === "client_secret_basic") headers["Authorization"] = `Basic ${base64Encode_default(`${encodeURIComponent(configData.clientId)}:${encodeURIComponent(configData.clientSecret)}`)}`;
|
|
4179
|
+
let response;
|
|
4180
|
+
try {
|
|
4181
|
+
response = await fetch(backchannelEndpoint, {
|
|
4182
|
+
body,
|
|
4183
|
+
credentials: configData.sendCookiesInRequests ? "include" : "same-origin",
|
|
4184
|
+
headers,
|
|
4185
|
+
method: "POST"
|
|
4186
|
+
});
|
|
4187
|
+
} catch (error$1) {
|
|
4188
|
+
throw new ThunderIDAPIError(error$1 ?? "The request to the backchannel authentication endpoint failed.", "JS-AUTH_CORE-CIBA1-NE02", "javascript", void 0, void 0, "CIBA backchannel authentication request failed");
|
|
4189
|
+
}
|
|
4190
|
+
const rawBody = await response.text().catch(() => "");
|
|
4191
|
+
let parsedBody;
|
|
4192
|
+
try {
|
|
4193
|
+
parsedBody = JSON.parse(rawBody);
|
|
4194
|
+
} catch {
|
|
4195
|
+
parsedBody = rawBody;
|
|
4196
|
+
}
|
|
4197
|
+
if (!response.ok) throw new ThunderIDAPIError(parsedBody, "JS-AUTH_CORE-CIBA1-HE03", "javascript", response.status, response.statusText, "CIBA backchannel authentication request failed");
|
|
4198
|
+
const payload = parsedBody;
|
|
4199
|
+
if (!payload.auth_req_id) throw new ThunderIDAPIError("The server response did not include an auth_req_id.", "JS-AUTH_CORE-CIBA1-PR04", "javascript");
|
|
4200
|
+
return {
|
|
4201
|
+
authReqId: payload.auth_req_id,
|
|
4202
|
+
expiresIn: payload.expires_in ?? 120,
|
|
4203
|
+
interval: payload.interval ?? 5
|
|
4204
|
+
};
|
|
4205
|
+
}
|
|
4206
|
+
async pollCIBA(authReqId, interval, options) {
|
|
4207
|
+
const tokenEndpoint = (await this.oidcProviderMetaDataProvider()).token_endpoint;
|
|
4208
|
+
const configData = await this.configProvider();
|
|
4209
|
+
if (!tokenEndpoint || tokenEndpoint.trim().length === 0) throw new ThunderIDAPIError("No token endpoint was found in the OIDC provider metadata.", "JS-AUTH_CORE-CIBA2-NF01", "javascript");
|
|
4210
|
+
const hasSecret = Boolean(configData.clientSecret && configData.clientSecret.trim().length > 0);
|
|
4211
|
+
const tokenEndpointAuthMethod = configData.tokenRequest?.authMethod ?? "client_secret_basic";
|
|
4212
|
+
const buildBody = () => {
|
|
4213
|
+
const body = new URLSearchParams();
|
|
4214
|
+
body.set("grant_type", "urn:openid:params:grant-type:ciba");
|
|
4215
|
+
body.set("auth_req_id", authReqId);
|
|
4216
|
+
body.set("client_id", configData.clientId ?? "");
|
|
4217
|
+
if (hasSecret && tokenEndpointAuthMethod === "client_secret_post") body.set("client_secret", configData.clientSecret);
|
|
4218
|
+
return body;
|
|
4219
|
+
};
|
|
4220
|
+
const buildHeaders = () => {
|
|
4221
|
+
const headers = {
|
|
4222
|
+
Accept: "application/json",
|
|
4223
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
4224
|
+
};
|
|
4225
|
+
if (hasSecret && tokenEndpointAuthMethod === "client_secret_basic") headers["Authorization"] = `Basic ${base64Encode_default(`${encodeURIComponent(configData.clientId)}:${encodeURIComponent(configData.clientSecret)}`)}`;
|
|
4226
|
+
return headers;
|
|
4227
|
+
};
|
|
4228
|
+
let currentInterval = interval;
|
|
4229
|
+
while (true) {
|
|
4230
|
+
if (options?.signal?.aborted) throw new ThunderIDAPIError("CIBA polling was cancelled.", "JS-AUTH_CORE-CIBA2-AB05", "javascript");
|
|
4231
|
+
await new Promise((resolve, reject) => {
|
|
4232
|
+
const timer = setTimeout(resolve, currentInterval * 1e3);
|
|
4233
|
+
options?.signal?.addEventListener("abort", () => {
|
|
4234
|
+
clearTimeout(timer);
|
|
4235
|
+
reject(new ThunderIDAPIError("CIBA polling was cancelled.", "JS-AUTH_CORE-CIBA2-AB05", "javascript"));
|
|
4236
|
+
}, { once: true });
|
|
4237
|
+
});
|
|
4238
|
+
let pollResponse;
|
|
4239
|
+
try {
|
|
4240
|
+
pollResponse = await fetch(tokenEndpoint, {
|
|
4241
|
+
body: buildBody(),
|
|
4242
|
+
credentials: configData.sendCookiesInRequests ? "include" : "same-origin",
|
|
4243
|
+
headers: buildHeaders(),
|
|
4244
|
+
method: "POST",
|
|
4245
|
+
signal: options?.signal
|
|
4246
|
+
});
|
|
4247
|
+
} catch (error$1) {
|
|
4248
|
+
if (error$1?.name === "AbortError") throw new ThunderIDAPIError("CIBA polling was cancelled.", "JS-AUTH_CORE-CIBA2-AB05", "javascript");
|
|
4249
|
+
throw new ThunderIDAPIError(error$1 ?? "The polling request to the token endpoint failed.", "JS-AUTH_CORE-CIBA2-NE02", "javascript", void 0, void 0, "CIBA token polling request failed");
|
|
4250
|
+
}
|
|
4251
|
+
if (pollResponse.ok) return this.authHelper.handleTokenResponse(pollResponse);
|
|
4252
|
+
const rawPollBody = await pollResponse.text().catch(() => "");
|
|
4253
|
+
let errorPayload;
|
|
4254
|
+
try {
|
|
4255
|
+
errorPayload = JSON.parse(rawPollBody);
|
|
4256
|
+
} catch {
|
|
4257
|
+
errorPayload = {};
|
|
4258
|
+
}
|
|
4259
|
+
const errorCode = errorPayload.error;
|
|
4260
|
+
if (errorCode === "authorization_pending") continue;
|
|
4261
|
+
if (errorCode === "slow_down") {
|
|
4262
|
+
currentInterval += 5;
|
|
4263
|
+
continue;
|
|
4264
|
+
}
|
|
4265
|
+
throw new ThunderIDAPIError(JSON.stringify(errorPayload), "JS-AUTH_CORE-CIBA2-HE03", "javascript", pollResponse.status, pollResponse.statusText, `CIBA polling terminated: ${errorCode}`);
|
|
4266
|
+
}
|
|
4267
|
+
}
|
|
4474
4268
|
async getPKCECode(state, userId) {
|
|
4475
4269
|
return await this.storageManager.getHybridDataParameter(extractPkceStorageKeyFromState_default(state), userId);
|
|
4476
4270
|
}
|
|
@@ -4498,40 +4292,11 @@ var ThunderIDJavaScriptClient = class {
|
|
|
4498
4292
|
const error$1 = Boolean(url.searchParams.get("error"));
|
|
4499
4293
|
return stateParam ? stateParam === OIDCRequestConstants_default.Params.SIGN_OUT_SUCCESS && error$1 : false;
|
|
4500
4294
|
}
|
|
4501
|
-
async getAgentToken(agentConfig) {
|
|
4502
|
-
const authorizeURL = new URL(await this.getSignInUrl({ response_mode: "direct" }));
|
|
4503
|
-
const authorizeResponse = await initializeEmbeddedSignInFlow_default({
|
|
4504
|
-
payload: Object.fromEntries(authorizeURL.searchParams.entries()),
|
|
4505
|
-
url: `${authorizeURL.origin}${authorizeURL.pathname}`
|
|
4506
|
-
});
|
|
4507
|
-
const authenticatorName = agentConfig.authenticatorName ?? AgentConfig.DEFAULT_AUTHENTICATOR_NAME;
|
|
4508
|
-
const targetAuthenticator = authorizeResponse.nextStep.authenticators.find((auth) => auth.authenticator === authenticatorName);
|
|
4509
|
-
if (!targetAuthenticator) throw new Error(`Authenticator '${authenticatorName}' not found among authentication steps.`);
|
|
4510
|
-
const authnResponse = await executeEmbeddedSignInFlow_default({
|
|
4511
|
-
baseUrl: this.baseURL,
|
|
4512
|
-
payload: {
|
|
4513
|
-
flowId: authorizeResponse.flowId,
|
|
4514
|
-
selectedAuthenticator: {
|
|
4515
|
-
authenticatorId: targetAuthenticator.authenticatorId,
|
|
4516
|
-
params: {
|
|
4517
|
-
password: agentConfig.agentSecret,
|
|
4518
|
-
username: agentConfig.agentID
|
|
4519
|
-
}
|
|
4520
|
-
}
|
|
4521
|
-
}
|
|
4522
|
-
});
|
|
4523
|
-
if (authnResponse.flowStatus !== EmbeddedSignInFlowStatus.SuccessCompleted) throw new Error("Agent authentication failed.");
|
|
4524
|
-
return this.requestAccessToken(authnResponse.authData["code"], authnResponse.authData["session_state"], authnResponse.authData["state"]);
|
|
4525
|
-
}
|
|
4526
4295
|
async getOBOSignInURL(agentConfig) {
|
|
4527
4296
|
const authURL = await this.getSignInUrl({ requested_actor: agentConfig.agentID });
|
|
4528
4297
|
if (authURL) return authURL.toString();
|
|
4529
4298
|
throw new Error("Could not build Authorize URL");
|
|
4530
4299
|
}
|
|
4531
|
-
async getOBOToken(agentConfig, authCodeResponse) {
|
|
4532
|
-
const agentToken = await this.getAgentToken(agentConfig);
|
|
4533
|
-
return this.requestAccessToken(authCodeResponse.code, authCodeResponse.session_state, authCodeResponse.state, void 0, { params: { actor_token: agentToken.accessToken } });
|
|
4534
|
-
}
|
|
4535
4300
|
};
|
|
4536
4301
|
var ThunderIDJavaScriptClient_default = ThunderIDJavaScriptClient;
|
|
4537
4302
|
|
|
@@ -5250,6 +5015,38 @@ const deriveOrganizationHandleFromBaseUrl = (baseUrl) => {
|
|
|
5250
5015
|
};
|
|
5251
5016
|
var deriveOrganizationHandleFromBaseUrl_default = deriveOrganizationHandleFromBaseUrl;
|
|
5252
5017
|
|
|
5018
|
+
//#endregion
|
|
5019
|
+
//#region src/utils/isRecognizedBaseUrlPattern.ts
|
|
5020
|
+
/**
|
|
5021
|
+
* Utility to determine if sensible ThunderID fallbacks can be used based on the given base URL.
|
|
5022
|
+
*
|
|
5023
|
+
* This checks if the URL follows the standard ThunderID pattern: /t/{orgHandle}
|
|
5024
|
+
* Returns true if sensible fallbacks (like deriving organization handle, tenant, etc.) can be used, false otherwise.
|
|
5025
|
+
*
|
|
5026
|
+
* @param baseUrl - The base URL of the ThunderID identity server (string or undefined)
|
|
5027
|
+
* @returns boolean - true if sensible fallbacks can be used, false otherwise
|
|
5028
|
+
*
|
|
5029
|
+
* @example
|
|
5030
|
+
* isRecognizedBaseUrlPattern('https://localhost:8090/t/dxlab'); // true
|
|
5031
|
+
* isRecognizedBaseUrlPattern('https://custom.example.com/auth'); // false
|
|
5032
|
+
*/
|
|
5033
|
+
const isRecognizedBaseUrlPattern = (baseUrl) => {
|
|
5034
|
+
if (!baseUrl) throw new ThunderIDRuntimeError("Base URL is required to derive if the `baseUrl` is recognized.", "isRecognizedBaseUrlPattern-ValidationError-001", "javascript", "A valid base URL must be provided to derive if the `baseUrl` is recognized to use the sensible fallbacks.");
|
|
5035
|
+
let parsedUrl;
|
|
5036
|
+
try {
|
|
5037
|
+
parsedUrl = new URL(baseUrl);
|
|
5038
|
+
} catch (error$1) {
|
|
5039
|
+
throw new ThunderIDRuntimeError(`Invalid base URL format: ${baseUrl}`, "isRecognizedBaseUrlPattern-ValidationError-002", "javascript", "The provided base URL does not conform to valid URL syntax.");
|
|
5040
|
+
}
|
|
5041
|
+
const pathSegments = parsedUrl.pathname?.split("/")?.filter((segment) => segment?.length > 0);
|
|
5042
|
+
if (pathSegments.length < 2 || pathSegments[0] !== "t") {
|
|
5043
|
+
logger_default.warn("[isRecognizedBaseUrlPattern] The provided base URL does not follow the expected URL pattern (/t/{orgHandle}).");
|
|
5044
|
+
return false;
|
|
5045
|
+
}
|
|
5046
|
+
return true;
|
|
5047
|
+
};
|
|
5048
|
+
var isRecognizedBaseUrlPattern_default = isRecognizedBaseUrlPattern;
|
|
5049
|
+
|
|
5253
5050
|
//#endregion
|
|
5254
5051
|
//#region src/utils/flattenUserSchema.ts
|
|
5255
5052
|
/**
|
|
@@ -5598,14 +5395,14 @@ var generateFlattenedUserProfile_default = generateFlattenedUserProfile;
|
|
|
5598
5395
|
* If the baseUrl is recognized (standard ThunderID pattern), constructs the sign-up URL.
|
|
5599
5396
|
* Otherwise, returns an empty string.
|
|
5600
5397
|
*
|
|
5601
|
-
* @param
|
|
5398
|
+
* @param config - The ThunderID client configuration
|
|
5602
5399
|
* @returns The sign-up URL if baseUrl is recognized, otherwise an empty string
|
|
5603
5400
|
*/
|
|
5604
5401
|
const getRedirectBasedSignUpUrl = (config) => {
|
|
5605
5402
|
const { baseUrl } = config;
|
|
5606
5403
|
if (!isRecognizedBaseUrlPattern_default(baseUrl)) return "";
|
|
5607
5404
|
let signUpBaseUrl = baseUrl;
|
|
5608
|
-
|
|
5405
|
+
try {
|
|
5609
5406
|
const url$1 = new URL(baseUrl);
|
|
5610
5407
|
if (/([a-z0-9-]+\.)*api\.thunderid\.io$/i.test(url$1.hostname)) {
|
|
5611
5408
|
url$1.hostname = url$1.hostname.replace("api.", "accounts.");
|
|
@@ -5623,7 +5420,7 @@ const getRedirectBasedSignUpUrl = (config) => {
|
|
|
5623
5420
|
var getRedirectBasedSignUpUrl_default = getRedirectBasedSignUpUrl;
|
|
5624
5421
|
|
|
5625
5422
|
//#endregion
|
|
5626
|
-
//#region src/utils/
|
|
5423
|
+
//#region src/utils/isEmojiUri.ts
|
|
5627
5424
|
/**
|
|
5628
5425
|
* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
|
|
5629
5426
|
*
|
|
@@ -5659,7 +5456,7 @@ const isEmojiUri = (uri) => typeof uri === "string" && uri.startsWith(EMOJI_URI_
|
|
|
5659
5456
|
var isEmojiUri_default = isEmojiUri;
|
|
5660
5457
|
|
|
5661
5458
|
//#endregion
|
|
5662
|
-
//#region src/utils/
|
|
5459
|
+
//#region src/utils/extractEmojiFromUri.ts
|
|
5663
5460
|
/**
|
|
5664
5461
|
* Extracts the emoji character from an `emoji:` URI.
|
|
5665
5462
|
*
|
|
@@ -5712,18 +5509,6 @@ var extractEmojiFromUri_default = extractEmojiFromUri;
|
|
|
5712
5509
|
const removeTrailingSlash = (path) => path.endsWith("/") ? path.slice(0, -1) : path;
|
|
5713
5510
|
var removeTrailingSlash_default = removeTrailingSlash;
|
|
5714
5511
|
|
|
5715
|
-
//#endregion
|
|
5716
|
-
//#region src/utils/resolveFieldType.ts
|
|
5717
|
-
const resolveFieldType = (field) => {
|
|
5718
|
-
if (field.type === EmbeddedSignInFlowAuthenticatorParamType.String) {
|
|
5719
|
-
if (field.param === EmbeddedSignInFlowAuthenticatorExtendedParamType.Otp) return FieldType.Otp;
|
|
5720
|
-
if (field?.confidential) return FieldType.Password;
|
|
5721
|
-
return FieldType.Text;
|
|
5722
|
-
}
|
|
5723
|
-
throw new ThunderIDRuntimeError(`Field type is not supported: ${field.type}`, "resolveFieldType-Invalid-001", "javascript", "The provided field type is not supported. Please check the field configuration.");
|
|
5724
|
-
};
|
|
5725
|
-
var resolveFieldType_default = resolveFieldType;
|
|
5726
|
-
|
|
5727
5512
|
//#endregion
|
|
5728
5513
|
//#region src/utils/resolveFieldName.ts
|
|
5729
5514
|
const resolveFieldName = (field) => {
|
|
@@ -5733,7 +5518,7 @@ const resolveFieldName = (field) => {
|
|
|
5733
5518
|
var resolveFieldName_default = resolveFieldName;
|
|
5734
5519
|
|
|
5735
5520
|
//#endregion
|
|
5736
|
-
//#region src/utils/
|
|
5521
|
+
//#region src/utils/resolveMeta.ts
|
|
5737
5522
|
/**
|
|
5738
5523
|
* Resolves a dot-path expression against a FlowMetadataResponse object.
|
|
5739
5524
|
*
|
|
@@ -5760,7 +5545,7 @@ function resolveMeta(path, meta) {
|
|
|
5760
5545
|
}
|
|
5761
5546
|
|
|
5762
5547
|
//#endregion
|
|
5763
|
-
//#region src/utils/
|
|
5548
|
+
//#region src/utils/parseFlowTemplateLiteral.ts
|
|
5764
5549
|
/**
|
|
5765
5550
|
* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
|
|
5766
5551
|
*
|
|
@@ -5856,7 +5641,7 @@ function parseFlowTemplateLiteral(content) {
|
|
|
5856
5641
|
}
|
|
5857
5642
|
|
|
5858
5643
|
//#endregion
|
|
5859
|
-
//#region src/utils/
|
|
5644
|
+
//#region src/utils/resolveFlowTemplateLiterals.ts
|
|
5860
5645
|
/**
|
|
5861
5646
|
* Global version of {@link FLOW_TEMPLATE_LITERAL_REGEX} for use with `String.prototype.replace`.
|
|
5862
5647
|
*/
|
|
@@ -5893,7 +5678,7 @@ function resolveFlowTemplateLiterals(text, { t, meta }) {
|
|
|
5893
5678
|
}
|
|
5894
5679
|
|
|
5895
5680
|
//#endregion
|
|
5896
|
-
//#region src/utils/
|
|
5681
|
+
//#region src/utils/countryCodeToFlagEmoji.ts
|
|
5897
5682
|
/**
|
|
5898
5683
|
* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
|
|
5899
5684
|
*
|
|
@@ -5923,7 +5708,7 @@ function countryCodeToFlagEmoji(countryCode) {
|
|
|
5923
5708
|
}
|
|
5924
5709
|
|
|
5925
5710
|
//#endregion
|
|
5926
|
-
//#region src/utils/
|
|
5711
|
+
//#region src/utils/resolveLocaleDisplayName.ts
|
|
5927
5712
|
/**
|
|
5928
5713
|
* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
|
|
5929
5714
|
*
|
|
@@ -5961,7 +5746,7 @@ function resolveLocaleDisplayName(locale, displayLocale) {
|
|
|
5961
5746
|
}
|
|
5962
5747
|
|
|
5963
5748
|
//#endregion
|
|
5964
|
-
//#region src/utils/
|
|
5749
|
+
//#region src/utils/resolveLocaleEmoji.ts
|
|
5965
5750
|
/**
|
|
5966
5751
|
* Maps BCP 47 language subtags to ISO 3166-1 alpha-2 country codes used for
|
|
5967
5752
|
* flag emoji resolution when no country subtag is present in the locale.
|
|
@@ -6026,6 +5811,81 @@ function resolveLocaleEmoji(locale) {
|
|
|
6026
5811
|
}
|
|
6027
5812
|
var resolveLocaleEmoji_default = resolveLocaleEmoji;
|
|
6028
5813
|
|
|
5814
|
+
//#endregion
|
|
5815
|
+
//#region src/utils/evaluateValidationRule.ts
|
|
5816
|
+
/**
|
|
5817
|
+
* Default i18n fallback keys returned when a `ValidationRule.message` is not provided.
|
|
5818
|
+
* Match the server-side defaults so a flow author who omits `message` sees the same
|
|
5819
|
+
* string regardless of whether the rule was evaluated client-side or server-side.
|
|
5820
|
+
*/
|
|
5821
|
+
const DEFAULT_VALIDATION_MESSAGE_KEYS = {
|
|
5822
|
+
regex: "validation.pattern.invalid",
|
|
5823
|
+
minLength: "validation.minLength.invalid",
|
|
5824
|
+
maxLength: "validation.maxLength.invalid"
|
|
5825
|
+
};
|
|
5826
|
+
/**
|
|
5827
|
+
* Evaluates a single validation rule against the given input value.
|
|
5828
|
+
*
|
|
5829
|
+
* Returns `null` when the rule passes, or the rule's `message` (or the default
|
|
5830
|
+
* fallback key if `message` is absent) when it fails.
|
|
5831
|
+
*
|
|
5832
|
+
* Behavior notes:
|
|
5833
|
+
* - **regex**: an invalid regex pattern (one that cannot be compiled) is treated as
|
|
5834
|
+
* **passing** on the client. This is lenient — the server is authoritative and
|
|
5835
|
+
* will still enforce the rule if it can compile the pattern. Failing closed in the
|
|
5836
|
+
* SDK risks denial-of-service for misconfigured flows.
|
|
5837
|
+
* - **minLength / maxLength**: compared against `value.length`. A non-numeric `value`
|
|
5838
|
+
* on the rule is treated as the rule passing.
|
|
5839
|
+
* - Unknown rule types are treated as passing (forward compatibility with future types).
|
|
5840
|
+
*/
|
|
5841
|
+
const evaluateValidationRule = (rule, value) => {
|
|
5842
|
+
const fail = () => rule.message ?? DEFAULT_VALIDATION_MESSAGE_KEYS[rule.type];
|
|
5843
|
+
switch (rule.type) {
|
|
5844
|
+
case "regex": {
|
|
5845
|
+
if (typeof rule.value !== "string" || rule.value === "") return null;
|
|
5846
|
+
let re;
|
|
5847
|
+
try {
|
|
5848
|
+
re = new RegExp(rule.value);
|
|
5849
|
+
} catch {
|
|
5850
|
+
return null;
|
|
5851
|
+
}
|
|
5852
|
+
return re.test(value) ? null : fail();
|
|
5853
|
+
}
|
|
5854
|
+
case "minLength":
|
|
5855
|
+
if (typeof rule.value !== "number" || Number.isNaN(rule.value)) return null;
|
|
5856
|
+
return value.length >= rule.value ? null : fail();
|
|
5857
|
+
case "maxLength":
|
|
5858
|
+
if (typeof rule.value !== "number" || Number.isNaN(rule.value)) return null;
|
|
5859
|
+
return value.length <= rule.value ? null : fail();
|
|
5860
|
+
default: return null;
|
|
5861
|
+
}
|
|
5862
|
+
};
|
|
5863
|
+
var evaluateValidationRule_default = evaluateValidationRule;
|
|
5864
|
+
|
|
5865
|
+
//#endregion
|
|
5866
|
+
//#region src/utils/buildValidatorFromRules.ts
|
|
5867
|
+
/**
|
|
5868
|
+
* Composes an array of `ValidationRule`s into a single validator function suitable for
|
|
5869
|
+
* `useForm`'s `FormField.validator` slot.
|
|
5870
|
+
*
|
|
5871
|
+
* The composed validator evaluates rules in declaration order and returns the **first**
|
|
5872
|
+
* failing rule's message — matching the SDK's render-prop shape of a single string per
|
|
5873
|
+
* field. When all rules pass it returns `null`.
|
|
5874
|
+
*
|
|
5875
|
+
* Returns `null` when no rules are supplied so callers can compose conditionally.
|
|
5876
|
+
*/
|
|
5877
|
+
const buildValidatorFromRules = (rules) => {
|
|
5878
|
+
if (!rules || rules.length === 0) return null;
|
|
5879
|
+
return (value) => {
|
|
5880
|
+
for (const rule of rules) {
|
|
5881
|
+
const message = evaluateValidationRule_default(rule, value);
|
|
5882
|
+
if (message !== null) return message;
|
|
5883
|
+
}
|
|
5884
|
+
return null;
|
|
5885
|
+
};
|
|
5886
|
+
};
|
|
5887
|
+
var buildValidatorFromRules_default = buildValidatorFromRules;
|
|
5888
|
+
|
|
6029
5889
|
//#endregion
|
|
6030
5890
|
//#region src/utils/withVendorCSSClassPrefix.ts
|
|
6031
5891
|
/**
|
|
@@ -6327,6 +6187,9 @@ const en_US = {
|
|
|
6327
6187
|
"elements.fields.organization.select.label": "Select Organization",
|
|
6328
6188
|
"elements.fields.organization.select.placeholder": "Choose an organization",
|
|
6329
6189
|
"validations.required.field.error": "This field is required",
|
|
6190
|
+
"validation.pattern.invalid": "This value does not match the required format.",
|
|
6191
|
+
"validation.minLength.invalid": "This value is too short.",
|
|
6192
|
+
"validation.maxLength.invalid": "This value is too long.",
|
|
6330
6193
|
"signin.heading": "Sign In",
|
|
6331
6194
|
"signin.subheading": "Welcome back! Please sign in to continue.",
|
|
6332
6195
|
"signup.heading": "Sign Up",
|
|
@@ -6437,6 +6300,9 @@ const fr_FR = {
|
|
|
6437
6300
|
"elements.fields.organization.select.label": "Sélectionner l'organisation",
|
|
6438
6301
|
"elements.fields.organization.select.placeholder": "Choisissez une organisation",
|
|
6439
6302
|
"validations.required.field.error": "Ce champ est obligatoire",
|
|
6303
|
+
"validation.pattern.invalid": "Cette valeur ne correspond pas au format requis.",
|
|
6304
|
+
"validation.minLength.invalid": "Cette valeur est trop courte.",
|
|
6305
|
+
"validation.maxLength.invalid": "Cette valeur est trop longue.",
|
|
6440
6306
|
"signin.heading": "Se connecter",
|
|
6441
6307
|
"signin.subheading": "Entrez vos identifiants pour continuer.",
|
|
6442
6308
|
"signup.heading": "S'inscrire",
|
|
@@ -6547,6 +6413,9 @@ const te_IN = {
|
|
|
6547
6413
|
"elements.fields.organization.select.label": "ఆర్గనైజేషన్ను ఎంచుకోండి",
|
|
6548
6414
|
"elements.fields.organization.select.placeholder": "సంస్థను ఎంచుకోండి",
|
|
6549
6415
|
"validations.required.field.error": "ఈ ఫీల్డ్ అవసరం",
|
|
6416
|
+
"validation.pattern.invalid": "ఈ విలువ అవసరమైన ఆకృతికి సరిపోలడం లేదు.",
|
|
6417
|
+
"validation.minLength.invalid": "ఈ విలువ చాలా చిన్నది.",
|
|
6418
|
+
"validation.maxLength.invalid": "ఈ విలువ చాలా పెద్దది.",
|
|
6550
6419
|
"signin.heading": "సైన్ ఇన్ చేయండి",
|
|
6551
6420
|
"signin.subheading": "కొనసాగించడానికి మీ వివరాలు ఇవ్వండి.",
|
|
6552
6421
|
"signup.heading": "సైన్ అప్ చేయండి",
|
|
@@ -6657,6 +6526,9 @@ const hi_IN = {
|
|
|
6657
6526
|
"elements.fields.organization.select.label": "संगठन चुनें",
|
|
6658
6527
|
"elements.fields.organization.select.placeholder": "एक संगठन चुनें",
|
|
6659
6528
|
"validations.required.field.error": "यह फील्ड आवश्यक है",
|
|
6529
|
+
"validation.pattern.invalid": "यह मान आवश्यक प्रारूप से मेल नहीं खाता।",
|
|
6530
|
+
"validation.minLength.invalid": "यह मान बहुत छोटा है।",
|
|
6531
|
+
"validation.maxLength.invalid": "यह मान बहुत लंबा है।",
|
|
6660
6532
|
"signin.heading": "साइन इन",
|
|
6661
6533
|
"signin.subheading": "जारी रखने के लिए अपनी प्रमाणिक जानकारी दर्ज करें।",
|
|
6662
6534
|
"signup.heading": "साइन अप",
|
|
@@ -6767,6 +6639,9 @@ const pt_BR = {
|
|
|
6767
6639
|
"elements.fields.organization.select.label": "Selecionar Organização",
|
|
6768
6640
|
"elements.fields.organization.select.placeholder": "Selecione uma organização",
|
|
6769
6641
|
"validations.required.field.error": "Este campo é obrigatório",
|
|
6642
|
+
"validation.pattern.invalid": "Este valor não corresponde ao formato necessário.",
|
|
6643
|
+
"validation.minLength.invalid": "Este valor é muito curto.",
|
|
6644
|
+
"validation.maxLength.invalid": "Este valor é muito longo.",
|
|
6770
6645
|
"signin.heading": "Entrar",
|
|
6771
6646
|
"signin.subheading": "Digite suas credencias para continuar.",
|
|
6772
6647
|
"signup.heading": "Cadastra-se",
|
|
@@ -6877,6 +6752,9 @@ const pt_PT = {
|
|
|
6877
6752
|
"elements.fields.organization.select.label": "Selecionar Organização",
|
|
6878
6753
|
"elements.fields.organization.select.placeholder": "Selecione uma organização",
|
|
6879
6754
|
"validations.required.field.error": "Este campo é obrigatório",
|
|
6755
|
+
"validation.pattern.invalid": "Este valor não corresponde ao formato necessário.",
|
|
6756
|
+
"validation.minLength.invalid": "Este valor é demasiado curto.",
|
|
6757
|
+
"validation.maxLength.invalid": "Este valor é demasiado longo.",
|
|
6880
6758
|
"signin.heading": "Iniciar Sessão",
|
|
6881
6759
|
"signin.subheading": "Introduza as suas credenciais para continuar.",
|
|
6882
6760
|
"signup.heading": "Registar-se",
|
|
@@ -6987,6 +6865,9 @@ const ta_IN = {
|
|
|
6987
6865
|
"elements.fields.organization.select.label": "அமைப்பை தேர்ந்தெடு",
|
|
6988
6866
|
"elements.fields.organization.select.placeholder": "அமைப்பை தெரிந்தெடுக்கவும்",
|
|
6989
6867
|
"validations.required.field.error": "இந்த புலம் தேவை",
|
|
6868
|
+
"validation.pattern.invalid": "இந்த மதிப்பு தேவையான வடிவத்துடன் பொருந்தவில்லை.",
|
|
6869
|
+
"validation.minLength.invalid": "இந்த மதிப்பு மிகவும் குறுகியது.",
|
|
6870
|
+
"validation.maxLength.invalid": "இந்த மதிப்பு மிகவும் நீளமானது.",
|
|
6990
6871
|
"signin.heading": "உள்நுழை",
|
|
6991
6872
|
"signin.subheading": "தொடர உங்கள் சான்றுகளை உள்ளிடவும்.",
|
|
6992
6873
|
"signup.heading": "பதிவு செய்",
|
|
@@ -7097,6 +6978,9 @@ const si_LK = {
|
|
|
7097
6978
|
"elements.fields.organization.select.label": "සංවිධානය තෝරන්න",
|
|
7098
6979
|
"elements.fields.organization.select.placeholder": "සංවිධානයක් සැළුම් කරන්න",
|
|
7099
6980
|
"validations.required.field.error": "මෙම ක්ෂේත්රය අවශ්යයි",
|
|
6981
|
+
"validation.pattern.invalid": "මෙම අගය අවශ්ය ආකෘතියට නොගැලපේ.",
|
|
6982
|
+
"validation.minLength.invalid": "මෙම අගය ඉතා කෙටියි.",
|
|
6983
|
+
"validation.maxLength.invalid": "මෙම අගය ඉතා දිගයි.",
|
|
7100
6984
|
"signin.heading": "ලොග් වෙන්න",
|
|
7101
6985
|
"signin.subheading": "ඉදිරියට යාමට ඔබේ සත්යාපන තොරතුරු ඇතුළත් කරන්න.",
|
|
7102
6986
|
"signup.heading": "ලියාපදිංචි වන්න",
|
|
@@ -7255,34 +7139,26 @@ var normalizeTranslations_default = normalizeTranslations;
|
|
|
7255
7139
|
exports.ApplicationNativeAuthenticationConstants = ApplicationNativeAuthenticationConstants_default;
|
|
7256
7140
|
exports.AuthenticationHelper = AuthenticationHelper_default;
|
|
7257
7141
|
exports.DEFAULT_THEME = DEFAULT_THEME;
|
|
7142
|
+
exports.DEFAULT_VALIDATION_MESSAGE_KEYS = DEFAULT_VALIDATION_MESSAGE_KEYS;
|
|
7258
7143
|
exports.EMOJI_URI_SCHEME = EMOJI_URI_SCHEME;
|
|
7259
|
-
exports.
|
|
7144
|
+
exports.EmbeddedFlowActionVariant = EmbeddedFlowActionVariant;
|
|
7260
7145
|
exports.EmbeddedFlowComponentType = EmbeddedFlowComponentType;
|
|
7261
|
-
exports.
|
|
7262
|
-
exports.EmbeddedFlowEventTypeV2 = EmbeddedFlowEventType;
|
|
7146
|
+
exports.EmbeddedFlowEventType = EmbeddedFlowEventType;
|
|
7263
7147
|
exports.EmbeddedFlowResponseType = EmbeddedFlowResponseType;
|
|
7264
|
-
exports.
|
|
7265
|
-
exports.EmbeddedFlowTextVariantV2 = EmbeddedFlowTextVariant;
|
|
7148
|
+
exports.EmbeddedFlowTextVariant = EmbeddedFlowTextVariant;
|
|
7266
7149
|
exports.EmbeddedFlowType = EmbeddedFlowType;
|
|
7267
|
-
exports.
|
|
7268
|
-
exports.
|
|
7269
|
-
exports.EmbeddedSignInFlowAuthenticatorKnownIdPType = EmbeddedSignInFlowAuthenticatorKnownIdPType;
|
|
7270
|
-
exports.EmbeddedSignInFlowAuthenticatorParamType = EmbeddedSignInFlowAuthenticatorParamType;
|
|
7271
|
-
exports.EmbeddedSignInFlowAuthenticatorPromptType = EmbeddedSignInFlowAuthenticatorPromptType;
|
|
7150
|
+
exports.EmbeddedRecoveryFlowStatus = EmbeddedRecoveryFlowStatus;
|
|
7151
|
+
exports.EmbeddedRecoveryFlowType = EmbeddedRecoveryFlowType;
|
|
7272
7152
|
exports.EmbeddedSignInFlowStatus = EmbeddedSignInFlowStatus;
|
|
7273
|
-
exports.EmbeddedSignInFlowStatusV2 = EmbeddedSignInFlowStatus$1;
|
|
7274
|
-
exports.EmbeddedSignInFlowStepType = EmbeddedSignInFlowStepType;
|
|
7275
7153
|
exports.EmbeddedSignInFlowType = EmbeddedSignInFlowType;
|
|
7276
|
-
exports.
|
|
7277
|
-
exports.
|
|
7278
|
-
exports.EmbeddedSignUpFlowTypeV2 = EmbeddedSignUpFlowType;
|
|
7154
|
+
exports.EmbeddedSignUpFlowStatus = EmbeddedSignUpFlowStatus;
|
|
7155
|
+
exports.EmbeddedSignUpFlowType = EmbeddedSignUpFlowType;
|
|
7279
7156
|
exports.FieldType = FieldType;
|
|
7280
7157
|
exports.FlowMetaType = FlowMetaType;
|
|
7281
7158
|
exports.FlowMode = FlowMode;
|
|
7282
7159
|
exports.HttpClient = HttpClient;
|
|
7283
7160
|
exports.IsomorphicCrypto = IsomorphicCrypto;
|
|
7284
7161
|
exports.OIDCRequestConstants = OIDCRequestConstants_default;
|
|
7285
|
-
exports.Platform = Platform;
|
|
7286
7162
|
exports.StorageManager = StorageManager_default;
|
|
7287
7163
|
exports.ThunderIDAPIError = ThunderIDAPIError;
|
|
7288
7164
|
exports.ThunderIDAuthException = ThunderIDAuthException;
|
|
@@ -7296,6 +7172,7 @@ exports.WellKnownSchemaIds = WellKnownSchemaIds;
|
|
|
7296
7172
|
exports.arrayBufferToBase64url = arrayBufferToBase64url_default;
|
|
7297
7173
|
exports.base64urlToArrayBuffer = base64urlToArrayBuffer_default;
|
|
7298
7174
|
exports.bem = bem_default;
|
|
7175
|
+
exports.buildValidatorFromRules = buildValidatorFromRules_default;
|
|
7299
7176
|
exports.configureLogger = configure;
|
|
7300
7177
|
exports.countryCodeToFlagEmoji = countryCodeToFlagEmoji;
|
|
7301
7178
|
exports.createComponentLogger = createComponentLogger;
|
|
@@ -7309,12 +7186,11 @@ exports.debug = debug;
|
|
|
7309
7186
|
exports.deepMerge = deepMerge_default;
|
|
7310
7187
|
exports.deriveOrganizationHandleFromBaseUrl = deriveOrganizationHandleFromBaseUrl_default;
|
|
7311
7188
|
exports.error = error;
|
|
7312
|
-
exports.
|
|
7189
|
+
exports.evaluateValidationRule = evaluateValidationRule_default;
|
|
7190
|
+
exports.executeEmbeddedRecoveryFlow = executeEmbeddedRecoveryFlow_default;
|
|
7313
7191
|
exports.executeEmbeddedSignInFlow = executeEmbeddedSignInFlow_default;
|
|
7314
|
-
exports.executeEmbeddedSignInFlowV2 = executeEmbeddedSignInFlowV2_default;
|
|
7315
7192
|
exports.executeEmbeddedSignUpFlow = executeEmbeddedSignUpFlow_default;
|
|
7316
|
-
exports.
|
|
7317
|
-
exports.executeEmbeddedUserOnboardingFlowV2 = executeEmbeddedUserOnboardingFlowV2_default;
|
|
7193
|
+
exports.executeEmbeddedUserOnboardingFlow = executeEmbeddedUserOnboardingFlow_default;
|
|
7318
7194
|
exports.extractEmojiFromUri = extractEmojiFromUri_default;
|
|
7319
7195
|
exports.extractPkceStorageKeyFromState = extractPkceStorageKeyFromState_default;
|
|
7320
7196
|
exports.extractUserClaimsFromIdToken = extractUserClaimsFromIdToken_default;
|
|
@@ -7326,7 +7202,7 @@ exports.get = get_default;
|
|
|
7326
7202
|
exports.getAllOrganizations = getAllOrganizations_default;
|
|
7327
7203
|
exports.getBrandingPreference = getBrandingPreference_default;
|
|
7328
7204
|
exports.getDefaultI18nBundles = getDefaultI18nBundles_default;
|
|
7329
|
-
exports.
|
|
7205
|
+
exports.getFlowMeta = getFlowMeta_default;
|
|
7330
7206
|
exports.getLatestStateParam = getLatestStateParam_default;
|
|
7331
7207
|
exports.getMeOrganizations = getMeOrganizations_default;
|
|
7332
7208
|
exports.getOrganization = getOrganization_default;
|
|
@@ -7335,9 +7211,7 @@ exports.getRedirectBasedSignUpUrl = getRedirectBasedSignUpUrl_default;
|
|
|
7335
7211
|
exports.getSchemas = getSchemas_default;
|
|
7336
7212
|
exports.getScim2Me = getScim2Me_default;
|
|
7337
7213
|
exports.getUserInfo = getUserInfo_default;
|
|
7338
|
-
exports.identifyPlatform = identifyPlatform_default;
|
|
7339
7214
|
exports.info = info;
|
|
7340
|
-
exports.initializeEmbeddedSignInFlow = initializeEmbeddedSignInFlow_default;
|
|
7341
7215
|
exports.isEmojiUri = isEmojiUri_default;
|
|
7342
7216
|
exports.isEmpty = isEmpty_default;
|
|
7343
7217
|
exports.isRecognizedBaseUrlPattern = isRecognizedBaseUrlPattern_default;
|
|
@@ -7347,7 +7221,6 @@ exports.processOpenIDScopes = processOpenIDScopes_default;
|
|
|
7347
7221
|
exports.processUsername = processUsername_default;
|
|
7348
7222
|
exports.removeTrailingSlash = removeTrailingSlash_default;
|
|
7349
7223
|
exports.resolveFieldName = resolveFieldName_default;
|
|
7350
|
-
exports.resolveFieldType = resolveFieldType_default;
|
|
7351
7224
|
exports.resolveFlowTemplateLiterals = resolveFlowTemplateLiterals;
|
|
7352
7225
|
exports.resolveLocaleDisplayName = resolveLocaleDisplayName;
|
|
7353
7226
|
exports.resolveLocaleEmoji = resolveLocaleEmoji_default;
|