@thunderid/javascript 0.3.0 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (129) hide show
  1. package/dist/StorageManager.d.ts +2 -2
  2. package/dist/StorageManager.d.ts.map +1 -1
  3. package/dist/ThunderIDJavaScriptClient.d.ts +2 -7
  4. package/dist/ThunderIDJavaScriptClient.d.ts.map +1 -1
  5. package/dist/api/{v2/executeEmbeddedRecoveryFlowV2.d.ts → executeEmbeddedRecoveryFlow.d.ts} +7 -7
  6. package/dist/api/executeEmbeddedRecoveryFlow.d.ts.map +1 -0
  7. package/dist/api/executeEmbeddedSignInFlow.d.ts +3 -3
  8. package/dist/api/executeEmbeddedSignInFlow.d.ts.map +1 -1
  9. package/dist/api/executeEmbeddedSignUpFlow.d.ts +4 -27
  10. package/dist/api/executeEmbeddedSignUpFlow.d.ts.map +1 -1
  11. package/dist/api/{v2/executeEmbeddedUserOnboardingFlowV2.d.ts → executeEmbeddedUserOnboardingFlow.d.ts} +6 -6
  12. package/dist/api/executeEmbeddedUserOnboardingFlow.d.ts.map +1 -0
  13. package/dist/api/getBrandingPreference.d.ts.map +1 -1
  14. package/dist/api/{v2/getFlowMetaV2.d.ts → getFlowMeta.d.ts} +7 -7
  15. package/dist/api/getFlowMeta.d.ts.map +1 -0
  16. package/dist/api/{v2/getOrganizationUnitChildren.d.ts → getOrganizationUnitChildren.d.ts} +1 -1
  17. package/dist/api/getOrganizationUnitChildren.d.ts.map +1 -0
  18. package/dist/cjs/index.cjs +1096 -1342
  19. package/dist/edge/index.js +1084 -1319
  20. package/dist/i18n/models/i18n.d.ts +3 -0
  21. package/dist/i18n/models/i18n.d.ts.map +1 -1
  22. package/dist/i18n/translations/en-US.d.ts.map +1 -1
  23. package/dist/i18n/translations/fr-FR.d.ts.map +1 -1
  24. package/dist/i18n/translations/hi-IN.d.ts.map +1 -1
  25. package/dist/i18n/translations/ja-JP.d.ts.map +1 -1
  26. package/dist/i18n/translations/pt-BR.d.ts.map +1 -1
  27. package/dist/i18n/translations/pt-PT.d.ts.map +1 -1
  28. package/dist/i18n/translations/si-LK.d.ts.map +1 -1
  29. package/dist/i18n/translations/ta-IN.d.ts.map +1 -1
  30. package/dist/i18n/translations/te-IN.d.ts.map +1 -1
  31. package/dist/index.d.ts +29 -36
  32. package/dist/index.d.ts.map +1 -1
  33. package/dist/index.js +1084 -1319
  34. package/dist/models/client.d.ts +3 -28
  35. package/dist/models/client.d.ts.map +1 -1
  36. package/dist/models/config.d.ts +1 -1
  37. package/dist/models/config.d.ts.map +1 -1
  38. package/dist/models/embedded-flow.d.ts +572 -92
  39. package/dist/models/embedded-flow.d.ts.map +1 -1
  40. package/dist/models/{v2/embedded-recovery-flow-v2.d.ts → embedded-recovery-flow.d.ts} +2 -3
  41. package/dist/models/embedded-recovery-flow.d.ts.map +1 -0
  42. package/dist/models/embedded-signin-flow.d.ts +310 -66
  43. package/dist/models/embedded-signin-flow.d.ts.map +1 -1
  44. package/dist/models/{v2/embedded-signup-flow-v2.d.ts → embedded-signup-flow.d.ts} +4 -5
  45. package/dist/models/embedded-signup-flow.d.ts.map +1 -0
  46. package/dist/models/extensions/components.d.ts +55 -0
  47. package/dist/models/extensions/components.d.ts.map +1 -0
  48. package/dist/models/{v2/flow-meta-v2.d.ts → flow-meta.d.ts} +1 -1
  49. package/dist/models/flow-meta.d.ts.map +1 -0
  50. package/dist/models/organization-unit.d.ts.map +1 -0
  51. package/dist/models/translation.d.ts.map +1 -0
  52. package/dist/models/{v2/vars.d.ts → vars.d.ts} +1 -1
  53. package/dist/models/vars.d.ts.map +1 -0
  54. package/dist/utils/buildValidatorFromRules.d.ts +31 -0
  55. package/dist/utils/buildValidatorFromRules.d.ts.map +1 -0
  56. package/dist/utils/containsMetaFlowTemplateLiteral.d.ts.map +1 -0
  57. package/dist/utils/countryCodeToFlagEmoji.d.ts.map +1 -0
  58. package/dist/utils/evaluateValidationRule.d.ts +42 -0
  59. package/dist/utils/evaluateValidationRule.d.ts.map +1 -0
  60. package/dist/utils/extractEmojiFromUri.d.ts.map +1 -0
  61. package/dist/utils/getRedirectBasedSignUpUrl.d.ts +1 -1
  62. package/dist/utils/getRedirectBasedSignUpUrl.d.ts.map +1 -1
  63. package/dist/utils/injectRequestedPermissions.d.ts.map +1 -0
  64. package/dist/utils/isEmojiUri.d.ts.map +1 -0
  65. package/dist/utils/isMetaFlowTemplateLiteral.d.ts.map +1 -0
  66. package/dist/utils/isTranslationFlowTemplateLiteral.d.ts.map +1 -0
  67. package/dist/utils/parseApiErrorMessage.d.ts.map +1 -1
  68. package/dist/utils/parseFlowTemplateLiteral.d.ts.map +1 -0
  69. package/dist/utils/{v2/resolveFlowTemplateLiterals.d.ts → resolveFlowTemplateLiterals.d.ts} +2 -2
  70. package/dist/utils/resolveFlowTemplateLiterals.d.ts.map +1 -0
  71. package/dist/utils/resolveLocaleDisplayName.d.ts.map +1 -0
  72. package/dist/utils/resolveLocaleEmoji.d.ts.map +1 -0
  73. package/dist/utils/{v2/resolveMeta.d.ts → resolveMeta.d.ts} +1 -1
  74. package/dist/utils/resolveMeta.d.ts.map +1 -0
  75. package/package.json +7 -7
  76. package/dist/api/initializeEmbeddedSignInFlow.d.ts +0 -52
  77. package/dist/api/initializeEmbeddedSignInFlow.d.ts.map +0 -1
  78. package/dist/api/v2/executeEmbeddedRecoveryFlowV2.d.ts.map +0 -1
  79. package/dist/api/v2/executeEmbeddedSignInFlowV2.d.ts +0 -22
  80. package/dist/api/v2/executeEmbeddedSignInFlowV2.d.ts.map +0 -1
  81. package/dist/api/v2/executeEmbeddedSignUpFlowV2.d.ts +0 -22
  82. package/dist/api/v2/executeEmbeddedSignUpFlowV2.d.ts.map +0 -1
  83. package/dist/api/v2/executeEmbeddedUserOnboardingFlowV2.d.ts.map +0 -1
  84. package/dist/api/v2/getFlowMetaV2.d.ts.map +0 -1
  85. package/dist/api/v2/getOrganizationUnitChildren.d.ts.map +0 -1
  86. package/dist/constants/v2/OIDCDiscoveryConstants.d.ts +0 -40
  87. package/dist/constants/v2/OIDCDiscoveryConstants.d.ts.map +0 -1
  88. package/dist/models/platforms.d.ts +0 -33
  89. package/dist/models/platforms.d.ts.map +0 -1
  90. package/dist/models/v2/embedded-flow-v2.d.ts +0 -550
  91. package/dist/models/v2/embedded-flow-v2.d.ts.map +0 -1
  92. package/dist/models/v2/embedded-recovery-flow-v2.d.ts.map +0 -1
  93. package/dist/models/v2/embedded-signin-flow-v2.d.ts +0 -345
  94. package/dist/models/v2/embedded-signin-flow-v2.d.ts.map +0 -1
  95. package/dist/models/v2/embedded-signup-flow-v2.d.ts.map +0 -1
  96. package/dist/models/v2/extensions/components.d.ts +0 -89
  97. package/dist/models/v2/extensions/components.d.ts.map +0 -1
  98. package/dist/models/v2/flow-meta-v2.d.ts.map +0 -1
  99. package/dist/models/v2/organization-unit.d.ts.map +0 -1
  100. package/dist/models/v2/translation.d.ts.map +0 -1
  101. package/dist/models/v2/vars.d.ts.map +0 -1
  102. package/dist/utils/identifyPlatform.d.ts +0 -31
  103. package/dist/utils/identifyPlatform.d.ts.map +0 -1
  104. package/dist/utils/resolveFieldType.d.ts +0 -21
  105. package/dist/utils/resolveFieldType.d.ts.map +0 -1
  106. package/dist/utils/v2/containsMetaFlowTemplateLiteral.d.ts.map +0 -1
  107. package/dist/utils/v2/countryCodeToFlagEmoji.d.ts.map +0 -1
  108. package/dist/utils/v2/extractEmojiFromUri.d.ts.map +0 -1
  109. package/dist/utils/v2/injectRequestedPermissions.d.ts.map +0 -1
  110. package/dist/utils/v2/isEmojiUri.d.ts.map +0 -1
  111. package/dist/utils/v2/isMetaFlowTemplateLiteral.d.ts.map +0 -1
  112. package/dist/utils/v2/isTranslationFlowTemplateLiteral.d.ts.map +0 -1
  113. package/dist/utils/v2/parseFlowTemplateLiteral.d.ts.map +0 -1
  114. package/dist/utils/v2/resolveFlowTemplateLiterals.d.ts.map +0 -1
  115. package/dist/utils/v2/resolveLocaleDisplayName.d.ts.map +0 -1
  116. package/dist/utils/v2/resolveLocaleEmoji.d.ts.map +0 -1
  117. package/dist/utils/v2/resolveMeta.d.ts.map +0 -1
  118. /package/dist/models/{v2/organization-unit.d.ts → organization-unit.d.ts} +0 -0
  119. /package/dist/models/{v2/translation.d.ts → translation.d.ts} +0 -0
  120. /package/dist/utils/{v2/containsMetaFlowTemplateLiteral.d.ts → containsMetaFlowTemplateLiteral.d.ts} +0 -0
  121. /package/dist/utils/{v2/countryCodeToFlagEmoji.d.ts → countryCodeToFlagEmoji.d.ts} +0 -0
  122. /package/dist/utils/{v2/extractEmojiFromUri.d.ts → extractEmojiFromUri.d.ts} +0 -0
  123. /package/dist/utils/{v2/injectRequestedPermissions.d.ts → injectRequestedPermissions.d.ts} +0 -0
  124. /package/dist/utils/{v2/isEmojiUri.d.ts → isEmojiUri.d.ts} +0 -0
  125. /package/dist/utils/{v2/isMetaFlowTemplateLiteral.d.ts → isMetaFlowTemplateLiteral.d.ts} +0 -0
  126. /package/dist/utils/{v2/isTranslationFlowTemplateLiteral.d.ts → isTranslationFlowTemplateLiteral.d.ts} +0 -0
  127. /package/dist/utils/{v2/parseFlowTemplateLiteral.d.ts → parseFlowTemplateLiteral.d.ts} +0 -0
  128. /package/dist/utils/{v2/resolveLocaleDisplayName.d.ts → resolveLocaleDisplayName.d.ts} +0 -0
  129. /package/dist/utils/{v2/resolveLocaleEmoji.d.ts → resolveLocaleEmoji.d.ts} +0 -0
@@ -349,101 +349,91 @@ var ThunderIDAPIError = class extends ThunderIDError {
349
349
  };
350
350
 
351
351
  //#endregion
352
- //#region src/api/initializeEmbeddedSignInFlow.ts
352
+ //#region src/models/embedded-signin-flow.ts
353
353
  /**
354
- * Sends an authorization request to the specified OAuth2/OIDC authorization endpoint.
354
+ * Status enumeration for ThunderID embedded sign-in flow operations.
355
355
  *
356
- * @param requestConfig - Request configuration object containing URL and payload.
357
- * @returns A promise that resolves with the authorization response.
358
- * @throws ThunderIDAPIError when the request fails or URL is invalid.
356
+ * These statuses indicate the current state of the sign-in flow and determine
357
+ * the next action required by the client application. Each status provides
358
+ * specific guidance on how to proceed with the authentication process.
359
359
  *
360
360
  * @example
361
361
  * ```typescript
362
- * try {
363
- * const authResponse = await initializeEmbeddedSignInFlow({
364
- * url: "https://localhost:8090/oauth2/authorize",
365
- * payload: {
366
- * response_type: "code",
367
- * client_id: "your-client-id",
368
- * redirect_uri: "https://your-app.com/callback",
369
- * scope: "openid profile email",
370
- * state: "random-state-value",
371
- * code_challenge: "your-pkce-challenge",
372
- * code_challenge_method: "S256"
373
- * }
374
- * });
375
- * console.log(authResponse);
376
- * } catch (error) {
377
- * if (error instanceof ThunderIDAPIError) {
378
- * console.error('Authorization failed:', error.message);
379
- * }
362
+ * switch (response.flowStatus) {
363
+ * case EmbeddedSignInFlowStatus.Incomplete:
364
+ * // More user input needed - render form components
365
+ * break;
366
+ * case EmbeddedSignInFlowStatus.Complete:
367
+ * // Authentication successful - handle completion
368
+ * break;
369
+ * case EmbeddedSignInFlowStatus.Error:
370
+ * // Authentication failed - show error message
371
+ * break;
380
372
  * }
381
373
  * ```
374
+ *
375
+ * @experimental Part of the new ThunderID API
382
376
  */
383
- const initializeEmbeddedSignInFlow = async ({ url, baseUrl, payload,...requestConfig }) => {
384
- try {
385
- new URL(url ?? baseUrl);
386
- } catch (error$1) {
387
- throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "getSchemas-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
388
- }
389
- if (!payload) throw new ThunderIDAPIError("Authorization payload is required", "initializeEmbeddedSignInFlow-ValidationError-002", "javascript", 400, "If an authorization payload is not provided, the request cannot be constructed correctly.");
390
- const searchParams = new URLSearchParams();
391
- Object.entries(payload).forEach(([key, value]) => {
392
- if (value !== void 0 && value !== null) searchParams.append(key, String(value));
393
- });
394
- try {
395
- const response = await fetch(url ?? `${baseUrl}/oauth2/authorize`, {
396
- ...requestConfig,
397
- body: searchParams.toString(),
398
- headers: {
399
- ...requestConfig.headers,
400
- Accept: "application/json",
401
- "Content-Type": "application/x-www-form-urlencoded"
402
- },
403
- method: requestConfig.method || "POST"
404
- });
405
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "initializeEmbeddedSignInFlow-ResponseError-001", "javascript", response.status, response.statusText, "Authorization request failed");
406
- return await response.json();
407
- } catch (error$1) {
408
- if (error$1 instanceof ThunderIDAPIError) throw error$1;
409
- throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "initializeEmbeddedSignInFlow-NetworkError-001", "javascript", 0, "Network Error");
410
- }
411
- };
412
- var initializeEmbeddedSignInFlow_default = initializeEmbeddedSignInFlow;
413
-
414
- //#endregion
415
- //#region src/api/executeEmbeddedSignInFlow.ts
416
- const executeEmbeddedSignInFlow = async ({ url, baseUrl, payload,...requestConfig }) => {
417
- try {
418
- new URL(url ?? baseUrl);
419
- } catch (error$1) {
420
- throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "executeEmbeddedSignInFlow-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
421
- }
422
- if (!payload) throw new ThunderIDAPIError("Authorization payload is required", "executeEmbeddedSignInFlow-ValidationError-002", "javascript", 400, "If an authorization payload is not provided, the request cannot be constructed correctly.");
423
- try {
424
- const response = await fetch(url ?? `${baseUrl}/oauth2/authn`, {
425
- ...requestConfig,
426
- body: JSON.stringify(payload),
427
- headers: {
428
- Accept: "application/json",
429
- "Content-Type": "application/json",
430
- ...requestConfig.headers
431
- },
432
- method: requestConfig.method || "POST"
433
- });
434
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "initializeEmbeddedSignInFlow-ResponseError-001", "javascript", response.status, response.statusText, "Authorization request failed");
435
- return await response.json();
436
- } catch (error$1) {
437
- if (error$1 instanceof ThunderIDAPIError) throw error$1;
438
- throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "executeEmbeddedSignInFlow-NetworkError-001", "javascript", 0, "Network Error");
439
- }
440
- };
441
- var executeEmbeddedSignInFlow_default = executeEmbeddedSignInFlow;
377
+ let EmbeddedSignInFlowStatus = /* @__PURE__ */ function(EmbeddedSignInFlowStatus$1) {
378
+ /**
379
+ * Sign-in flow completed successfully.
380
+ *
381
+ * The user has been authenticated and the flow can proceed to
382
+ * OAuth2 completion or redirection. Check for redirectUrl or
383
+ * assertion data in the response.
384
+ */
385
+ EmbeddedSignInFlowStatus$1["Complete"] = "COMPLETE";
386
+ /**
387
+ * Sign-in flow encountered an error.
388
+ *
389
+ * Authentication failed due to invalid credentials, system error,
390
+ * or other issues. Check error details in the response and handle
391
+ * appropriately (retry, show error message, etc.).
392
+ */
393
+ EmbeddedSignInFlowStatus$1["Error"] = "ERROR";
394
+ /**
395
+ * Sign-in flow requires additional user input.
396
+ *
397
+ * More authentication steps are needed. The response will contain
398
+ * components in data.meta.components that should be rendered to
399
+ * collect additional user input (e.g., MFA, password, etc.).
400
+ */
401
+ EmbeddedSignInFlowStatus$1["Incomplete"] = "INCOMPLETE";
402
+ return EmbeddedSignInFlowStatus$1;
403
+ }({});
404
+ /**
405
+ * Type enumeration for ThunderID embedded sign-in flow responses.
406
+ *
407
+ * Determines the nature of the flow response and how the client should
408
+ * handle the returned data. This affects both UI rendering and flow
409
+ * continuation logic.
410
+ *
411
+ * @experimental Part of the new ThunderID API
412
+ */
413
+ let EmbeddedSignInFlowType = /* @__PURE__ */ function(EmbeddedSignInFlowType$1) {
414
+ /**
415
+ * Response requires external redirection.
416
+ *
417
+ * Used for social login providers, external identity providers,
418
+ * or other flows that require navigating to an external URL.
419
+ * The response will contain redirection information.
420
+ */
421
+ EmbeddedSignInFlowType$1["Redirection"] = "REDIRECTION";
422
+ /**
423
+ * Response contains view components for rendering.
424
+ *
425
+ * Standard embedded flow response containing UI components
426
+ * that should be rendered within the current application
427
+ * context. Most common type for embedded authentication.
428
+ */
429
+ EmbeddedSignInFlowType$1["View"] = "VIEW";
430
+ return EmbeddedSignInFlowType$1;
431
+ }({});
442
432
 
443
433
  //#endregion
444
- //#region src/models/embedded-flow.ts
434
+ //#region src/utils/injectRequestedPermissions.ts
445
435
  /**
446
- * Copyright (c) 2025-2026, WSO2 LLC. (https://www.wso2.com).
436
+ * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
447
437
  *
448
438
  * WSO2 LLC. licenses this file to you under the Apache License,
449
439
  * Version 2.0 (the "License"); you may not use this file except
@@ -459,140 +449,286 @@ var executeEmbeddedSignInFlow_default = executeEmbeddedSignInFlow;
459
449
  * specific language governing permissions and limitations
460
450
  * under the License.
461
451
  */
462
- let EmbeddedFlowType = /* @__PURE__ */ function(EmbeddedFlowType$1) {
463
- EmbeddedFlowType$1["Authentication"] = "AUTHENTICATION";
464
- EmbeddedFlowType$1["Recovery"] = "RECOVERY";
465
- EmbeddedFlowType$1["Registration"] = "REGISTRATION";
466
- EmbeddedFlowType$1["UserOnboarding"] = "USER_ONBOARDING";
467
- return EmbeddedFlowType$1;
468
- }({});
469
- let EmbeddedFlowStatus = /* @__PURE__ */ function(EmbeddedFlowStatus$1) {
470
- EmbeddedFlowStatus$1["Complete"] = "COMPLETE";
471
- EmbeddedFlowStatus$1["Incomplete"] = "INCOMPLETE";
472
- return EmbeddedFlowStatus$1;
473
- }({});
474
- let EmbeddedFlowResponseType = /* @__PURE__ */ function(EmbeddedFlowResponseType$1) {
475
- EmbeddedFlowResponseType$1["Redirection"] = "REDIRECTION";
476
- EmbeddedFlowResponseType$1["View"] = "VIEW";
477
- return EmbeddedFlowResponseType$1;
478
- }({});
479
- let EmbeddedFlowComponentType = /* @__PURE__ */ function(EmbeddedFlowComponentType$2) {
480
- EmbeddedFlowComponentType$2["Button"] = "BUTTON";
481
- EmbeddedFlowComponentType$2["Checkbox"] = "CHECKBOX";
482
- EmbeddedFlowComponentType$2["Divider"] = "DIVIDER";
483
- EmbeddedFlowComponentType$2["Form"] = "FORM";
484
- EmbeddedFlowComponentType$2["Image"] = "IMAGE";
485
- EmbeddedFlowComponentType$2["Input"] = "INPUT";
486
- EmbeddedFlowComponentType$2["Radio"] = "RADIO";
487
- EmbeddedFlowComponentType$2["Select"] = "SELECT";
488
- EmbeddedFlowComponentType$2["Typography"] = "TYPOGRAPHY";
489
- return EmbeddedFlowComponentType$2;
490
- }({});
491
-
492
- //#endregion
493
- //#region src/api/executeEmbeddedSignUpFlow.ts
494
452
  /**
495
- * Executes an embedded signup flow by sending a request to the specified flow execution endpoint.
496
- *
497
- * @param requestConfig - Request configuration object containing URL and payload.
498
- * @returns A promise that resolves with the flow execution response.
499
- * @throws ThunderIDAPIError when the request fails or URL is invalid.
453
+ * Strips the top-level `scopes` field from a payload and injects it as
454
+ * `inputs.requested_permissions` (space-separated string).
500
455
  *
501
- * @example
502
- * ```typescript
503
- * try {
504
- * const embeddedSignUpResponse = await executeEmbeddedSignUpFlow({
505
- * url: "https://localhost:8090/api/server/v1/flow/execute",
506
- * payload: {
507
- * flowType: "REGISTRATION"
508
- * }
509
- * });
510
- * console.log(embeddedSignUpResponse);
511
- * } catch (error) {
512
- * if (error instanceof ThunderIDAPIError) {
513
- * console.error('Embedded SignUp flow execution failed:', error.message);
514
- * }
515
- * }
516
- * ```
456
+ * The backend reads requested_permissions from UserInputs (the `inputs` map), not a top-level field.
517
457
  */
518
- const executeEmbeddedSignUpFlow = async ({ url, baseUrl, payload,...requestConfig }) => {
519
- if (!baseUrl && !url) throw new ThunderIDAPIError("Embedded SignUp flow execution failed: Base URL or URL is not provided.", "javascript-executeEmbeddedSignUpFlow-ValidationError-001", "javascript", 400, "At least one of the baseUrl or url must be provided to execute the embedded sign up flow.");
520
- try {
521
- new URL(url ?? baseUrl);
522
- } catch (error$1) {
523
- throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "executeEmbeddedSignUpFlow-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
524
- }
525
- try {
526
- const response = await fetch(url ?? `${baseUrl}/api/server/v1/flow/execute`, {
527
- ...requestConfig,
458
+ const injectRequestedPermissions = (payload) => {
459
+ const { scopes,...rest } = payload;
460
+ const normalizedScopes = Array.isArray(scopes) ? scopes.map((s) => String(s).trim()).filter(Boolean).join(" ") : typeof scopes === "string" ? scopes.trim() : "";
461
+ if (!normalizedScopes) return rest;
462
+ const existingInputs = rest["inputs"] != null && typeof rest["inputs"] === "object" && !Array.isArray(rest["inputs"]) ? rest["inputs"] : {};
463
+ return {
464
+ ...rest,
465
+ inputs: {
466
+ ...existingInputs,
467
+ requested_permissions: normalizedScopes
468
+ }
469
+ };
470
+ };
471
+ var injectRequestedPermissions_default = injectRequestedPermissions;
472
+
473
+ //#endregion
474
+ //#region src/api/executeEmbeddedSignInFlow.ts
475
+ const executeEmbeddedSignInFlow = async ({ url, baseUrl, payload, authId,...requestConfig }) => {
476
+ if (!payload) throw new ThunderIDAPIError("Authorization payload is required", "executeEmbeddedSignInFlow-ValidationError-002", "javascript", 400, "If an authorization payload is not provided, the request cannot be constructed correctly.");
477
+ const endpoint = url ?? `${baseUrl}/flow/execute`;
478
+ const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
479
+ const isNewFlowStart = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload;
480
+ const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
481
+ const basePayload = isNewFlowStart ? injectRequestedPermissions_default(cleanPayload) : cleanPayload;
482
+ const requestPayload = isNewFlowStart || hasOnlyFlowId ? {
483
+ ...basePayload,
484
+ verbose: true
485
+ } : basePayload;
486
+ const response = await fetch(endpoint, {
487
+ ...requestConfig,
488
+ body: JSON.stringify(requestPayload),
489
+ headers: {
490
+ Accept: "application/json",
491
+ "Content-Type": "application/json",
492
+ ...requestConfig.headers
493
+ },
494
+ method: requestConfig.method || "POST"
495
+ });
496
+ if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedSignInFlow-ResponseError-001", "javascript", response.status, response.statusText, "Authorization request failed");
497
+ const flowResponse = await response.json();
498
+ if (flowResponse.flowStatus === EmbeddedSignInFlowStatus.Complete && flowResponse.assertion && authId) try {
499
+ const oauth2Response = await fetch(`${baseUrl}/oauth2/auth/callback`, {
528
500
  body: JSON.stringify({
529
- ...payload ?? {},
530
- flowType: EmbeddedFlowType.Registration
501
+ assertion: flowResponse.assertion,
502
+ authId
531
503
  }),
504
+ credentials: "include",
532
505
  headers: {
533
506
  Accept: "application/json",
534
507
  "Content-Type": "application/json",
535
508
  ...requestConfig.headers
536
509
  },
537
- method: requestConfig.method || "POST"
510
+ method: "POST"
538
511
  });
539
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "javascript-executeEmbeddedSignUpFlow-ResponseError-100", "javascript", response.status, response.statusText, "Embedded SignUp flow execution failed");
540
- return await response.json();
541
- } catch (error$1) {
542
- if (error$1 instanceof ThunderIDAPIError) throw error$1;
543
- throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "executeEmbeddedSignUpFlow-NetworkError-001", "javascript", 0, "Network Error");
512
+ if (!oauth2Response.ok) throw new ThunderIDAPIError(await oauth2Response.text(), "executeEmbeddedSignInFlow-OAuth2Error-002", "javascript", oauth2Response.status, oauth2Response.statusText, "OAuth2 authorization failed");
513
+ const oauth2Result = await oauth2Response.json();
514
+ return {
515
+ flowStatus: flowResponse.flowStatus,
516
+ redirectUrl: oauth2Result["redirect_uri"]
517
+ };
518
+ } catch (authError) {
519
+ if (authError instanceof ThunderIDAPIError) throw authError;
520
+ throw new ThunderIDAPIError(authError instanceof Error ? authError.message : "Unknown error", "executeEmbeddedSignInFlow-OAuth2Error-001", "javascript", 500, "Failed to complete OAuth2 authorization after successful embedded sign-in flow.", "OAuth2 authorization failed");
544
521
  }
522
+ return flowResponse;
545
523
  };
546
- var executeEmbeddedSignUpFlow_default = executeEmbeddedSignUpFlow;
524
+ var executeEmbeddedSignInFlow_default = executeEmbeddedSignInFlow;
547
525
 
548
526
  //#endregion
549
- //#region src/api/getUserInfo.ts
527
+ //#region src/models/embedded-signup-flow.ts
550
528
  /**
551
- * Retrieves the user information from the specified OIDC userinfo endpoint.
529
+ * Status enumeration for ThunderID embedded sign-up flow operations.
552
530
  *
553
- * @param requestConfig - Request configuration object.
554
- * @returns A promise that resolves with the user information.
555
- * @throw
556
- * const userInfo = await getUserInfo({
557
- * url: "https://localhost:8090/oauth2/userinfo",
558
- * });
559
- * console.log(userInfo);
560
- * } catch (error) {
561
- * if (error instanceof ThunderIDAPIError) {
562
- * console.error('Failed to get user info:', error.message);
563
- * }
531
+ * These statuses indicate the current state of the registration flow and determine
532
+ * the next action required by the client application. Each status provides specific
533
+ * guidance on how to proceed with the user registration process.
534
+ *
535
+ * @example
536
+ * ```typescript
537
+ * switch (response.flowStatus) {
538
+ * case EmbeddedSignUpFlowStatus.Incomplete:
539
+ * // More user input needed - render registration form components
540
+ * break;
541
+ * case EmbeddedSignUpFlowStatus.Complete:
542
+ * // Registration successful - handle completion
543
+ * break;
544
+ * case EmbeddedSignUpFlowStatus.Error:
545
+ * // Registration failed - show error details
546
+ * const errorResponse = response as EmbeddedSignUpFlowErrorResponse;
547
+ * showError(errorResponse.error.description.defaultValue);
548
+ * break;
564
549
  * }
565
550
  * ```
551
+ *
552
+ * @experimental Part of the new ThunderID API
566
553
  */
567
- const getUserInfo = async ({ url,...requestConfig }) => {
568
- try {
569
- new URL(url);
570
- } catch (error$1) {
571
- throw new ThunderIDAPIError("Invalid endpoint URL provided", "getUserInfo-ValidationError-001", "javascript", 400, "Invalid Request");
572
- }
573
- try {
574
- const response = await fetch(url, {
575
- ...requestConfig,
554
+ let EmbeddedSignUpFlowStatus = /* @__PURE__ */ function(EmbeddedSignUpFlowStatus$1) {
555
+ /**
556
+ * Sign-up flow completed successfully.
557
+ *
558
+ * The user has successfully registered and the flow can proceed to
559
+ * OAuth2 completion or redirection. Check for redirectUrl or assertion
560
+ * data in the response for next steps.
561
+ */
562
+ EmbeddedSignUpFlowStatus$1["Complete"] = "COMPLETE";
563
+ /**
564
+ * Sign-up flow encountered an error and cannot proceed.
565
+ *
566
+ * Registration failed due to validation errors, duplicate user,
567
+ * system errors, or other issues. The response will be of type
568
+ * `EmbeddedSignUpFlowErrorResponse` containing detailed failure
569
+ * information that can be displayed to the user.
570
+ *
571
+ * @see {@link EmbeddedSignUpFlowErrorResponse} for error response structure
572
+ */
573
+ EmbeddedSignUpFlowStatus$1["Error"] = "ERROR";
574
+ /**
575
+ * Sign-up flow requires additional user input.
576
+ *
577
+ * More registration steps are needed. The response will contain
578
+ * components in data.meta.components that should be rendered to
579
+ * collect additional user information (e.g., profile data, verification).
580
+ */
581
+ EmbeddedSignUpFlowStatus$1["Incomplete"] = "INCOMPLETE";
582
+ return EmbeddedSignUpFlowStatus$1;
583
+ }({});
584
+ /**
585
+ * Type enumeration for ThunderID embedded sign-up flow responses.
586
+ *
587
+ * Determines the nature of the registration flow response and how the client
588
+ * should handle the returned data. This affects both UI rendering and flow
589
+ * continuation logic during the user registration process.
590
+ *
591
+ * @experimental Part of the new ThunderID API
592
+ */
593
+ let EmbeddedSignUpFlowType = /* @__PURE__ */ function(EmbeddedSignUpFlowType$1) {
594
+ /**
595
+ * Response requires external redirection.
596
+ *
597
+ * Used for social registration providers, external identity providers,
598
+ * or other flows that require navigating to an external URL during
599
+ * the registration process. The response will contain redirection information.
600
+ */
601
+ EmbeddedSignUpFlowType$1["Redirection"] = "REDIRECTION";
602
+ /**
603
+ * Response contains view components for rendering.
604
+ *
605
+ * Standard embedded registration flow response containing UI components
606
+ * that should be rendered within the current application context.
607
+ * Most common type for embedded user registration.
608
+ */
609
+ EmbeddedSignUpFlowType$1["View"] = "VIEW";
610
+ return EmbeddedSignUpFlowType$1;
611
+ }({});
612
+
613
+ //#endregion
614
+ //#region src/api/executeEmbeddedSignUpFlow.ts
615
+ const executeEmbeddedSignUpFlow = async ({ url, baseUrl, payload, authId,...requestConfig }) => {
616
+ if (!payload) throw new ThunderIDAPIError("Registration payload is required", "executeEmbeddedSignUpFlow-ValidationError-002", "javascript", 400, "If a registration payload is not provided, the request cannot be constructed correctly.");
617
+ const endpoint = url ?? `${baseUrl}/flow/execute`;
618
+ const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
619
+ const isNewFlowStart = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload;
620
+ const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
621
+ const basePayload = isNewFlowStart ? injectRequestedPermissions_default(cleanPayload) : cleanPayload;
622
+ const requestPayload = isNewFlowStart || hasOnlyFlowId ? {
623
+ ...basePayload,
624
+ verbose: true
625
+ } : basePayload;
626
+ const response = await fetch(endpoint, {
627
+ ...requestConfig,
628
+ body: JSON.stringify(requestPayload),
629
+ headers: {
630
+ Accept: "application/json",
631
+ "Content-Type": "application/json",
632
+ ...requestConfig.headers
633
+ },
634
+ method: requestConfig.method || "POST"
635
+ });
636
+ if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedSignUpFlow-ResponseError-001", "javascript", response.status, response.statusText, "Registration request failed");
637
+ const flowResponse = await response.json();
638
+ if (flowResponse.flowStatus === EmbeddedSignUpFlowStatus.Complete && flowResponse.assertion && authId) try {
639
+ const oauth2Response = await fetch(`${baseUrl}/oauth2/auth/callback`, {
640
+ body: JSON.stringify({
641
+ assertion: flowResponse.assertion,
642
+ authId
643
+ }),
644
+ credentials: "include",
576
645
  headers: {
577
646
  Accept: "application/json",
578
647
  "Content-Type": "application/json",
579
648
  ...requestConfig.headers
580
649
  },
581
- method: "GET"
650
+ method: "POST"
582
651
  });
583
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getUserInfo-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch user info");
584
- return await response.json();
585
- } catch (error$1) {
586
- if (error$1 instanceof ThunderIDAPIError) throw error$1;
587
- throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getUserInfo-NetworkError-001", "javascript", 0, "Network Error");
652
+ if (!oauth2Response.ok) throw new ThunderIDAPIError(await oauth2Response.text(), "executeEmbeddedSignUpFlow-OAuth2Error-002", "javascript", oauth2Response.status, oauth2Response.statusText, "OAuth2 authorization failed");
653
+ const oauth2Result = await oauth2Response.json();
654
+ return {
655
+ flowStatus: flowResponse.flowStatus,
656
+ redirectUrl: oauth2Result["redirect_uri"]
657
+ };
658
+ } catch (authError) {
659
+ if (authError instanceof ThunderIDAPIError) throw authError;
660
+ throw new ThunderIDAPIError(authError instanceof Error ? authError.message : "Unknown error", "executeEmbeddedSignUpFlow-OAuth2Error-001", "javascript", 500, "Failed to complete OAuth2 authorization after successful embedded sign-up flow.", "OAuth2 authorization failed");
588
661
  }
662
+ return flowResponse;
589
663
  };
590
- var getUserInfo_default = getUserInfo;
664
+ var executeEmbeddedSignUpFlow_default = executeEmbeddedSignUpFlow;
591
665
 
592
666
  //#endregion
593
- //#region src/utils/processUsername.ts
667
+ //#region src/api/executeEmbeddedRecoveryFlow.ts
594
668
  /**
595
- * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
669
+ * Executes an embedded recovery flow by sending a request to the flow execution endpoint.
670
+ *
671
+ * This function handles password-recovery and account-recovery flows driven by the
672
+ * ThunderID server. The server returns UI components for each step (e.g. username
673
+ * collection, OTP verification, password reset) and this function forwards the
674
+ * user's responses back to the server.
675
+ *
676
+ * @param requestConfig - Request configuration containing URL, payload, and optional headers.
677
+ * @returns A promise that resolves with the flow execution response.
678
+ * @throws ThunderIDAPIError when the request fails or a payload is missing.
679
+ *
680
+ * @example
681
+ * ```typescript
682
+ * // Initiate recovery flow
683
+ * const response = await executeEmbeddedRecoveryFlow({
684
+ * baseUrl: 'https://localhost:8090',
685
+ * payload: {
686
+ * flowType: 'RECOVERY',
687
+ * applicationId: 'my-app-id',
688
+ * },
689
+ * });
690
+ *
691
+ * // Continue recovery flow with user input
692
+ * const nextResponse = await executeEmbeddedRecoveryFlow({
693
+ * baseUrl: 'https://localhost:8090',
694
+ * payload: {
695
+ * executionId: response.executionId,
696
+ * action: 'submit',
697
+ * inputs: { username: 'user@example.com' },
698
+ * challengeToken: response.challengeToken,
699
+ * },
700
+ * });
701
+ * ```
702
+ */
703
+ const executeEmbeddedRecoveryFlow = async ({ url, baseUrl, payload,...requestConfig }) => {
704
+ if (!payload) throw new ThunderIDAPIError("Recovery payload is required", "executeEmbeddedRecoveryFlow-ValidationError-002", "javascript", 400, "If a recovery payload is not provided, the request cannot be constructed correctly.");
705
+ const endpoint = url ?? `${baseUrl}/flow/execute`;
706
+ const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
707
+ const hasOnlyAppIdAndFlowType = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload && Object.keys(cleanPayload).length === 2;
708
+ const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
709
+ const requestPayload = hasOnlyAppIdAndFlowType || hasOnlyFlowId ? {
710
+ ...cleanPayload,
711
+ verbose: true
712
+ } : cleanPayload;
713
+ const response = await fetch(endpoint, {
714
+ ...requestConfig,
715
+ body: JSON.stringify(requestPayload),
716
+ headers: {
717
+ Accept: "application/json",
718
+ "Content-Type": "application/json",
719
+ ...requestConfig.headers
720
+ },
721
+ method: requestConfig.method || "POST"
722
+ });
723
+ if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedRecoveryFlow-ResponseError-001", "javascript", response.status, response.statusText, "Recovery request failed");
724
+ return await response.json();
725
+ };
726
+ var executeEmbeddedRecoveryFlow_default = executeEmbeddedRecoveryFlow;
727
+
728
+ //#endregion
729
+ //#region src/models/embedded-flow.ts
730
+ /**
731
+ * Copyright (c) 2025-2026, WSO2 LLC. (https://www.wso2.com).
596
732
  *
597
733
  * WSO2 LLC. licenses this file to you under the Apache License,
598
734
  * Version 2.0 (the "License"); you may not use this file except
@@ -608,174 +744,476 @@ var getUserInfo_default = getUserInfo;
608
744
  * specific language governing permissions and limitations
609
745
  * under the License.
610
746
  */
747
+ let EmbeddedFlowType = /* @__PURE__ */ function(EmbeddedFlowType$1) {
748
+ EmbeddedFlowType$1["Authentication"] = "AUTHENTICATION";
749
+ EmbeddedFlowType$1["Recovery"] = "RECOVERY";
750
+ EmbeddedFlowType$1["Registration"] = "REGISTRATION";
751
+ EmbeddedFlowType$1["UserOnboarding"] = "USER_ONBOARDING";
752
+ return EmbeddedFlowType$1;
753
+ }({});
754
+ let EmbeddedFlowResponseType = /* @__PURE__ */ function(EmbeddedFlowResponseType$1) {
755
+ EmbeddedFlowResponseType$1["Redirection"] = "REDIRECTION";
756
+ EmbeddedFlowResponseType$1["View"] = "VIEW";
757
+ return EmbeddedFlowResponseType$1;
758
+ }({});
611
759
  /**
612
- * Regular expression to match userstore prefixes in usernames.
613
- * Matches patterns like "DEFAULT/", "ASGARDEO_USER/", "PRIMARY/", etc.
614
- * The pattern matches any uppercase letters, numbers, and underscores followed by a forward slash.
615
- */
616
- const USERSTORE_PREFIX_REGEX = /^[A-Z_][A-Z0-9_]*\//;
617
- /**
618
- * Removes userstore prefixes from a username if they exist.
619
- * This is commonly used to clean usernames returned from SCIM2 endpoints
620
- * that include userstore prefixes like "DEFAULT/", "ASGARDEO_USER/", "PRIMARY/", etc.
760
+ * Component types supported by the ThunderID embedded flow API.
621
761
  *
622
- * @param username - The username string to process
623
- * @returns The username without the userstore prefix, or the original username if no prefix exists
762
+ * These types define the different UI components that can be rendered
763
+ * as part of the embedded authentication flows. Each type corresponds
764
+ * to a specific UI element with its own behavior and properties.
624
765
  *
625
766
  * @example
626
767
  * ```typescript
627
- * const cleanUsername = removeUserstorePrefix("DEFAULT/john.doe");
628
- * console.log(cleanUsername); // "john.doe"
629
- *
630
- * const thunderidUser = removeUserstorePrefix("ASGARDEO_USER/jane.doe");
631
- * console.log(thunderidUser); // "jane.doe"
632
- *
633
- * const primaryUser = removeUserstorePrefix("PRIMARY/admin");
634
- * console.log(primaryUser); // "admin"
635
- *
636
- * const alreadyClean = removeUserstorePrefix("user.name");
637
- * console.log(alreadyClean); // "user.name"
638
- *
639
- * const emptyInput = removeUserstorePrefix("");
640
- * console.log(emptyInput); // ""
768
+ * // Check component type to render appropriate UI
769
+ * if (component.type === EmbeddedFlowComponentType.TextInput) {
770
+ * // Render text input field
771
+ * } else if (component.type === EmbeddedFlowComponentType.Action) {
772
+ * // Render button/action
773
+ * }
641
774
  * ```
775
+ *
776
+ * @experimental This API may change in future versions
642
777
  */
643
- const removeUserstorePrefix = (username) => {
644
- if (!username) return "";
645
- return username.replace(USERSTORE_PREFIX_REGEX, "");
646
- };
778
+ let EmbeddedFlowComponentType = /* @__PURE__ */ function(EmbeddedFlowComponentType$1) {
779
+ /** Interactive action component (buttons, links) for user interactions */
780
+ EmbeddedFlowComponentType$1["Action"] = "ACTION";
781
+ /** Container block component that groups other components */
782
+ EmbeddedFlowComponentType$1["Block"] = "BLOCK";
783
+ /** Consent component for displaying consent purposes and attributes */
784
+ EmbeddedFlowComponentType$1["Consent"] = "CONSENT";
785
+ /** Copyable text display component that shows text with a copy-to-clipboard action */
786
+ EmbeddedFlowComponentType$1["CopyableText"] = "COPYABLE_TEXT";
787
+ /** Date input field for selecting a calendar date */
788
+ EmbeddedFlowComponentType$1["DateInput"] = "DATE_INPUT";
789
+ /** Divider component for visual separation of content */
790
+ EmbeddedFlowComponentType$1["Divider"] = "DIVIDER";
791
+ /** Email input field with validation for email addresses. */
792
+ EmbeddedFlowComponentType$1["EmailInput"] = "EMAIL_INPUT";
793
+ /** Icon display component for rendering named vector icons */
794
+ EmbeddedFlowComponentType$1["Icon"] = "ICON";
795
+ /** Image display component for logos and illustrations */
796
+ EmbeddedFlowComponentType$1["Image"] = "IMAGE";
797
+ /** One-time password input field for multi-factor authentication */
798
+ EmbeddedFlowComponentType$1["OtpInput"] = "OTP_INPUT";
799
+ /** Organization unit tree picker for selecting an OU */
800
+ EmbeddedFlowComponentType$1["OuSelect"] = "OU_SELECT";
801
+ /** Password input field with masking for sensitive data */
802
+ EmbeddedFlowComponentType$1["PasswordInput"] = "PASSWORD_INPUT";
803
+ /** Phone number input field with country code support */
804
+ EmbeddedFlowComponentType$1["PhoneInput"] = "PHONE_INPUT";
805
+ /** Rich text display component that renders formatted HTML content */
806
+ EmbeddedFlowComponentType$1["RichText"] = "RICH_TEXT";
807
+ /** Select/dropdown input component for single choice selection */
808
+ EmbeddedFlowComponentType$1["Select"] = "SELECT";
809
+ /** Stack layout component for arranging children in a row or column */
810
+ EmbeddedFlowComponentType$1["Stack"] = "STACK";
811
+ /** Text display component for labels, headings, and messages */
812
+ EmbeddedFlowComponentType$1["Text"] = "TEXT";
813
+ /** Standard text input field for user data entry */
814
+ EmbeddedFlowComponentType$1["TextInput"] = "TEXT_INPUT";
815
+ /** Timer component for displaying a countdown */
816
+ EmbeddedFlowComponentType$1["Timer"] = "TIMER";
817
+ /** QR code display component for wallet-based flows (e.g. OpenID4VP) */
818
+ EmbeddedFlowComponentType$1["QrCode"] = "QR_CODE";
819
+ return EmbeddedFlowComponentType$1;
820
+ }({});
647
821
  /**
648
- * Processes a user object to remove userstore prefixes from username fields.
649
- * This is a helper function for processing user objects returned from SCIM2 endpoints.
650
- * Handles various username field variations: username, userName, and user_name.
651
- *
652
- * @param user - The user object to process
653
- * @returns The user object with processed username fields
654
- *
655
- * @example
656
- * ```typescript
657
- * const user = { username: "DEFAULT/john.doe", email: "john@example.com" };
658
- * const processedUser = processUserUsername(user);
659
- * console.log(processedUser.username); // "john.doe"
822
+ * Action variant types for buttons and interactive elements.
660
823
  *
661
- * const camelCaseUser = { userName: "ASGARDEO_USER/jane.doe", email: "jane@example.com" };
662
- * const processedCamelCaseUser = processUserUsername(camelCaseUser);
663
- * console.log(processedCamelCaseUser.userName); // "jane.doe"
824
+ * @experimental This API may change in future versions
825
+ */
826
+ let EmbeddedFlowActionVariant = /* @__PURE__ */ function(EmbeddedFlowActionVariant$1) {
827
+ /** Danger action button for destructive operations */
828
+ EmbeddedFlowActionVariant$1["Danger"] = "DANGER";
829
+ /** Info action button for informational purposes */
830
+ EmbeddedFlowActionVariant$1["Info"] = "INFO";
831
+ /** Link-styled action button */
832
+ EmbeddedFlowActionVariant$1["Link"] = "LINK";
833
+ /** Outlined action button for secondary emphasis */
834
+ EmbeddedFlowActionVariant$1["Outlined"] = "OUTLINED";
835
+ /** Primary action button with highest visual emphasis */
836
+ EmbeddedFlowActionVariant$1["Primary"] = "PRIMARY";
837
+ /** Secondary action button with moderate visual emphasis */
838
+ EmbeddedFlowActionVariant$1["Secondary"] = "SECONDARY";
839
+ /** Success action button for positive confirmations */
840
+ EmbeddedFlowActionVariant$1["Success"] = "SUCCESS";
841
+ /** Tertiary action button with minimal visual emphasis */
842
+ EmbeddedFlowActionVariant$1["Tertiary"] = "TERTIARY";
843
+ /** Warning action button for cautionary actions */
844
+ EmbeddedFlowActionVariant$1["Warning"] = "WARNING";
845
+ return EmbeddedFlowActionVariant$1;
846
+ }({});
847
+ /**
848
+ * Text variant types for typography components.
664
849
  *
665
- * const snakeCaseUser = { user_name: "PRIMARY/admin", email: "admin@example.com" };
666
- * const processedSnakeCaseUser = processUserUsername(snakeCaseUser);
667
- * console.log(processedSnakeCaseUser.user_name); // "admin"
668
- * ```
850
+ * @experimental This API may change in future versions
669
851
  */
670
- const processUsername = (user) => {
671
- if (!user) return user;
672
- const processedUser = { ...user };
673
- if (processedUser.username) processedUser.username = removeUserstorePrefix(processedUser.username);
674
- if (processedUser.userName) processedUser.userName = removeUserstorePrefix(processedUser.userName);
675
- if (processedUser.user_name) processedUser.user_name = removeUserstorePrefix(processedUser.user_name);
676
- return processedUser;
677
- };
678
- var processUsername_default = processUsername;
852
+ let EmbeddedFlowTextVariant = /* @__PURE__ */ function(EmbeddedFlowTextVariant$1) {
853
+ /** Primary body text for main content */
854
+ EmbeddedFlowTextVariant$1["Body1"] = "BODY_1";
855
+ /** Secondary body text for supplementary content */
856
+ EmbeddedFlowTextVariant$1["Body2"] = "BODY_2";
857
+ /** Text styled for button labels */
858
+ EmbeddedFlowTextVariant$1["ButtonText"] = "BUTTON_TEXT";
859
+ /** Small caption text for annotations and descriptions */
860
+ EmbeddedFlowTextVariant$1["Caption"] = "CAPTION";
861
+ /** Largest heading level for main titles */
862
+ EmbeddedFlowTextVariant$1["Heading1"] = "HEADING_1";
863
+ /** Second level heading for major sections */
864
+ EmbeddedFlowTextVariant$1["Heading2"] = "HEADING_2";
865
+ /** Third level heading for subsections */
866
+ EmbeddedFlowTextVariant$1["Heading3"] = "HEADING_3";
867
+ /** Fourth level heading for minor sections */
868
+ EmbeddedFlowTextVariant$1["Heading4"] = "HEADING_4";
869
+ /** Fifth level heading for detailed sections */
870
+ EmbeddedFlowTextVariant$1["Heading5"] = "HEADING_5";
871
+ /** Smallest heading level for fine-grained sections */
872
+ EmbeddedFlowTextVariant$1["Heading6"] = "HEADING_6";
873
+ /** Overline text for labels and categories */
874
+ EmbeddedFlowTextVariant$1["Overline"] = "OVERLINE";
875
+ /** Primary subtitle text with larger emphasis */
876
+ EmbeddedFlowTextVariant$1["Subtitle1"] = "SUBTITLE_1";
877
+ /** Secondary subtitle text with moderate emphasis */
878
+ EmbeddedFlowTextVariant$1["Subtitle2"] = "SUBTITLE_2";
879
+ return EmbeddedFlowTextVariant$1;
880
+ }({});
881
+ /**
882
+ * Event types for action components.
883
+ *
884
+ * @experimental This API may change in future versions
885
+ */
886
+ let EmbeddedFlowEventType = /* @__PURE__ */ function(EmbeddedFlowEventType$1) {
887
+ /** Navigate back to the previous step */
888
+ EmbeddedFlowEventType$1["Back"] = "BACK";
889
+ /** Cancel the current operation */
890
+ EmbeddedFlowEventType$1["Cancel"] = "CANCEL";
891
+ /** Navigate to a different flow step or page */
892
+ EmbeddedFlowEventType$1["Navigate"] = "NAVIGATE";
893
+ /** Reset form fields to initial state */
894
+ EmbeddedFlowEventType$1["Reset"] = "RESET";
895
+ /** Submit form data to the server */
896
+ EmbeddedFlowEventType$1["Submit"] = "SUBMIT";
897
+ /** Trigger an action or event */
898
+ EmbeddedFlowEventType$1["Trigger"] = "TRIGGER";
899
+ return EmbeddedFlowEventType$1;
900
+ }({});
679
901
 
680
902
  //#endregion
681
- //#region src/api/getScim2Me.ts
903
+ //#region src/api/executeEmbeddedUserOnboardingFlow.ts
682
904
  /**
683
- * Retrieves the user profile information from the specified SCIM2 /Me endpoint.
905
+ * Executes an embedded user onboarding flow by sending a request to the flow execution endpoint.
906
+ *
907
+ * This function handles both:
908
+ * - Admin flow: Initiates onboarding, collects user details, generates invite link
909
+ * - End-user flow: Validates invite token and allows password setting
910
+ *
911
+ * @param requestConfig - Request configuration object containing URL, payload, and optional auth token.
912
+ * @returns A promise that resolves with the flow execution response.
913
+ * @throws ThunderIDAPIError when the request fails or URL is invalid.
684
914
  *
685
- * @param config - Request configuration object.
686
- * @returns A promise that resolves with the user profile information.
687
915
  * @example
688
916
  * ```typescript
689
- * // Using default fetch
690
- * try {
691
- * const userProfile = await getScim2Me({
692
- * url: "https://localhost:8090/scim2/Me",
693
- * });
694
- * console.log(userProfile);
695
- * } catch (error) {
696
- * if (error instanceof ThunderIDAPIError) {
697
- * console.error('Failed to get user profile:', error.message);
917
+ * // Admin initiating user onboarding (requires auth token)
918
+ * const response = await executeEmbeddedUserOnboardingFlow({
919
+ * baseUrl: "https://api.thunder.io",
920
+ * payload: {
921
+ * flowType: "USER_ONBOARDING"
922
+ * },
923
+ * headers: {
924
+ * Authorization: `Bearer ${accessToken}`
698
925
  * }
699
- * }
926
+ * });
927
+ *
928
+ * // End-user accepting invite (no auth required)
929
+ * const response = await executeEmbeddedUserOnboardingFlow({
930
+ * baseUrl: "https://api.thunder.io",
931
+ * payload: {
932
+ * executionId: "flow-id-from-url",
933
+ * inputs: { inviteToken: "token-from-url" }
934
+ * }
935
+ * });
700
936
  * ```
937
+ */
938
+ const executeEmbeddedUserOnboardingFlow = async ({ url, baseUrl, payload,...requestConfig }) => {
939
+ if (!payload) throw new ThunderIDAPIError("User onboarding payload is required", "executeEmbeddedUserOnboardingFlow-ValidationError-002", "javascript", 400, "If a user onboarding payload is not provided, the request cannot be constructed correctly.");
940
+ const endpoint = url ?? `${baseUrl}/flow/execute`;
941
+ const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
942
+ const hasOnlyFlowType = typeof cleanPayload === "object" && cleanPayload !== null && "flowType" in cleanPayload && Object.keys(cleanPayload).length === 1;
943
+ const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
944
+ const hasFlowIdWithInputs = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && "inputs" in cleanPayload;
945
+ const requestPayload = hasOnlyFlowType || hasOnlyFlowId || hasFlowIdWithInputs ? {
946
+ ...cleanPayload,
947
+ verbose: true
948
+ } : cleanPayload;
949
+ if ("flowType" in requestPayload && requestPayload["flowType"] !== EmbeddedFlowType.UserOnboarding) requestPayload["flowType"] = EmbeddedFlowType.UserOnboarding;
950
+ const response = await fetch(endpoint, {
951
+ ...requestConfig,
952
+ body: JSON.stringify(requestPayload),
953
+ headers: {
954
+ Accept: "application/json",
955
+ "Content-Type": "application/json",
956
+ ...requestConfig.headers
957
+ },
958
+ method: requestConfig.method || "POST"
959
+ });
960
+ if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedUserOnboardingFlow-ResponseError-001", "javascript", response.status, response.statusText, "User onboarding request failed");
961
+ return await response.json();
962
+ };
963
+ var executeEmbeddedUserOnboardingFlow_default = executeEmbeddedUserOnboardingFlow;
964
+
965
+ //#endregion
966
+ //#region src/api/getFlowMeta.ts
967
+ /**
968
+ * Fetches aggregated flow metadata from the `GET /flow/meta` endpoint.
969
+ *
970
+ * The response includes:
971
+ * - Application or OU details depending on the `type` parameter
972
+ * - Resolved design configuration (theme and layout)
973
+ * - i18n translations filtered by `language` and `namespace`
974
+ * - Registration flow enablement status
975
+ *
976
+ * @param config - Request configuration including `baseUrl`/`url`, and optional
977
+ * `type`, `id`, `language`, and `namespace` filters. When `type`
978
+ * and `id` are omitted the server returns i18n-only metadata.
979
+ * @returns A promise that resolves to the {@link FlowMetadataResponse}.
980
+ *
981
+ * @throws {ThunderIDAPIError} When the server returns a non-OK response.
701
982
  *
702
983
  * @example
703
984
  * ```typescript
704
- * // Using custom fetcher (e.g., axios-based httpClient)
705
- * try {
706
- * const userProfile = await getScim2Me({
707
- * url: "https://localhost:8090/scim2/Me",
708
- * fetcher: async (url, config) => {
709
- * const response = await httpClient({
710
- * url,
711
- * method: config.method,
712
- * headers: config.headers,
713
- * ...config
714
- * });
715
- * // Convert axios-like response to fetch-like Response
716
- * return {
717
- * ok: response.status >= 200 && response.status < 300,
718
- * status: response.status,
719
- * statusText: response.statusText,
720
- * json: () => Promise.resolve(response.data),
721
- * text: () => Promise.resolve(typeof response.data === 'string' ? response.data : JSON.stringify(response.data))
722
- * } as Response;
723
- * }
724
- * });
725
- * console.log(userProfile);
726
- * } catch (error) {
727
- * if (error instanceof ThunderIDAPIError) {
728
- * console.error('Failed to get user profile:', error.message);
729
- * }
730
- * }
985
+ * import getFlowMeta from './api/getFlowMeta';
986
+ * import { FlowMetaType } from './models/flow-meta';
987
+ *
988
+ * const meta = await getFlowMeta({
989
+ * baseUrl: 'https://localhost:8090',
990
+ * type: FlowMetaType.App,
991
+ * id: '60a9b38b-6eba-9f9e-55f9-267067de4680',
992
+ * language: 'en',
993
+ * namespace: 'auth',
994
+ * });
995
+ *
996
+ * console.log(meta.application?.name);
997
+ * console.log(meta.i18n.translations);
731
998
  * ```
999
+ *
1000
+ * @experimental This function targets the ThunderID V2 platform API
732
1001
  */
733
- const getScim2Me = async ({ url, baseUrl, fetcher,...requestConfig }) => {
734
- try {
735
- new URL(url ?? baseUrl);
736
- } catch (error$1) {
737
- throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "getScim2Me-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
738
- }
739
- const fetchFn = fetcher || fetch;
740
- const resolvedUrl = url ?? `${baseUrl}/scim2/Me`;
741
- const requestInit = {
1002
+ const getFlowMeta = async ({ url, baseUrl, type, id, language, namespace,...requestConfig }) => {
1003
+ const queryParams = new URLSearchParams({
1004
+ ...id ? { id } : {},
1005
+ ...type ? { type } : {},
1006
+ ...language ? { language } : {},
1007
+ ...namespace ? { namespace } : {}
1008
+ });
1009
+ const endpoint = `${url ?? `${baseUrl}/flow/meta`}?${queryParams.toString()}`;
1010
+ const response = await fetch(endpoint, {
742
1011
  ...requestConfig,
743
1012
  headers: {
744
1013
  Accept: "application/json",
745
- "Content-Type": "application/scim+json",
746
1014
  ...requestConfig.headers
747
1015
  },
748
1016
  method: "GET"
749
- };
750
- try {
751
- const response = await fetchFn(resolvedUrl, requestInit);
752
- if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getScim2Me-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch user profile");
753
- return processUsername_default(await response.json());
754
- } catch (error$1) {
755
- if (error$1 instanceof ThunderIDAPIError) throw error$1;
756
- throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getScim2Me-NetworkError-001", "javascript", 0, "Network Error");
757
- }
1017
+ });
1018
+ if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getFlowMeta-ResponseError-001", "javascript", response.status, response.statusText, "Flow metadata request failed");
1019
+ return await response.json();
758
1020
  };
759
- var getScim2Me_default = getScim2Me;
1021
+ var getFlowMeta_default = getFlowMeta;
760
1022
 
761
1023
  //#endregion
762
- //#region src/api/getSchemas.ts
1024
+ //#region src/api/getOrganizationUnitChildren.ts
763
1025
  /**
764
- * Retrieves the SCIM2 schemas from the specified endpoint.
1026
+ * Retrieves the child organization units of a given parent OU.
1027
+ *
1028
+ * @param config - Request configuration including `baseUrl`/`url`, `organizationUnitId`,
1029
+ * and optional `limit`/`offset` pagination parameters.
1030
+ * @returns A promise that resolves with the paginated list of child organization units.
1031
+ *
1032
+ * @throws {ThunderIDAPIError} When the server returns a non-OK response.
765
1033
  *
766
- * @param config - Request configuration object.
767
- * @returns A promise that resolves with the SCIM2 schemas information.
768
1034
  * @example
769
1035
  * ```typescript
770
- * // Using default fetch
771
- * try {
772
- * const schemas = await getSchemas({
773
- * url: "https://localhost:8090/scim2/Schemas",
1036
+ * const children = await getOrganizationUnitChildren({
1037
+ * baseUrl: 'https://localhost:8090',
1038
+ * organizationUnitId: '0d5e071b-d3d3-475d-b3c6-1a20ee2fa9b1',
1039
+ * limit: 10,
1040
+ * offset: 0,
1041
+ * });
1042
+ * console.log(children.organizationUnits);
1043
+ * ```
1044
+ *
1045
+ * @experimental This function targets the ThunderID V2 platform API
1046
+ */
1047
+ const getOrganizationUnitChildren = async ({ url, baseUrl, organizationUnitId, limit = 10, offset = 0,...requestConfig }) => {
1048
+ if (!organizationUnitId) throw new ThunderIDAPIError("Organization Unit ID is required", "getOrganizationUnitChildren-ValidationError-001", "javascript", 400, "If an organization unit ID is not provided, the request cannot be constructed correctly.");
1049
+ const queryParams = new URLSearchParams({
1050
+ limit: String(limit),
1051
+ offset: String(offset)
1052
+ });
1053
+ const endpoint = url ?? `${baseUrl}/organization-units/${organizationUnitId}/ous?${queryParams.toString()}`;
1054
+ const response = await fetch(endpoint, {
1055
+ ...requestConfig,
1056
+ headers: {
1057
+ Accept: "application/json",
1058
+ ...requestConfig.headers
1059
+ },
1060
+ method: "GET"
1061
+ });
1062
+ if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getOrganizationUnitChildren-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch organization unit children");
1063
+ return await response.json();
1064
+ };
1065
+ var getOrganizationUnitChildren_default = getOrganizationUnitChildren;
1066
+
1067
+ //#endregion
1068
+ //#region src/api/getUserInfo.ts
1069
+ /**
1070
+ * Retrieves the user information from the specified OIDC userinfo endpoint.
1071
+ *
1072
+ * @param requestConfig - Request configuration object.
1073
+ * @returns A promise that resolves with the user information.
1074
+ * @throw
1075
+ * const userInfo = await getUserInfo({
1076
+ * url: "https://localhost:8090/oauth2/userinfo",
774
1077
  * });
775
- * console.log(schemas);
1078
+ * console.log(userInfo);
776
1079
  * } catch (error) {
777
1080
  * if (error instanceof ThunderIDAPIError) {
778
- * console.error('Failed to get schemas:', error.message);
1081
+ * console.error('Failed to get user info:', error.message);
1082
+ * }
1083
+ * }
1084
+ * ```
1085
+ */
1086
+ const getUserInfo = async ({ url,...requestConfig }) => {
1087
+ try {
1088
+ new URL(url);
1089
+ } catch (error$1) {
1090
+ throw new ThunderIDAPIError("Invalid endpoint URL provided", "getUserInfo-ValidationError-001", "javascript", 400, "Invalid Request");
1091
+ }
1092
+ try {
1093
+ const response = await fetch(url, {
1094
+ ...requestConfig,
1095
+ headers: {
1096
+ Accept: "application/json",
1097
+ "Content-Type": "application/json",
1098
+ ...requestConfig.headers
1099
+ },
1100
+ method: "GET"
1101
+ });
1102
+ if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getUserInfo-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch user info");
1103
+ return await response.json();
1104
+ } catch (error$1) {
1105
+ if (error$1 instanceof ThunderIDAPIError) throw error$1;
1106
+ throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getUserInfo-NetworkError-001", "javascript", 0, "Network Error");
1107
+ }
1108
+ };
1109
+ var getUserInfo_default = getUserInfo;
1110
+
1111
+ //#endregion
1112
+ //#region src/utils/processUsername.ts
1113
+ /**
1114
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
1115
+ *
1116
+ * WSO2 LLC. licenses this file to you under the Apache License,
1117
+ * Version 2.0 (the "License"); you may not use this file except
1118
+ * in compliance with the License.
1119
+ * You may obtain a copy of the License at
1120
+ *
1121
+ * http://www.apache.org/licenses/LICENSE-2.0
1122
+ *
1123
+ * Unless required by applicable law or agreed to in writing,
1124
+ * software distributed under the License is distributed on an
1125
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
1126
+ * KIND, either express or implied. See the License for the
1127
+ * specific language governing permissions and limitations
1128
+ * under the License.
1129
+ */
1130
+ /**
1131
+ * Regular expression to match userstore prefixes in usernames.
1132
+ * Matches patterns like "DEFAULT/", "ASGARDEO_USER/", "PRIMARY/", etc.
1133
+ * The pattern matches any uppercase letters, numbers, and underscores followed by a forward slash.
1134
+ */
1135
+ const USERSTORE_PREFIX_REGEX = /^[A-Z_][A-Z0-9_]*\//;
1136
+ /**
1137
+ * Removes userstore prefixes from a username if they exist.
1138
+ * This is commonly used to clean usernames returned from SCIM2 endpoints
1139
+ * that include userstore prefixes like "DEFAULT/", "ASGARDEO_USER/", "PRIMARY/", etc.
1140
+ *
1141
+ * @param username - The username string to process
1142
+ * @returns The username without the userstore prefix, or the original username if no prefix exists
1143
+ *
1144
+ * @example
1145
+ * ```typescript
1146
+ * const cleanUsername = removeUserstorePrefix("DEFAULT/john.doe");
1147
+ * console.log(cleanUsername); // "john.doe"
1148
+ *
1149
+ * const thunderidUser = removeUserstorePrefix("ASGARDEO_USER/jane.doe");
1150
+ * console.log(thunderidUser); // "jane.doe"
1151
+ *
1152
+ * const primaryUser = removeUserstorePrefix("PRIMARY/admin");
1153
+ * console.log(primaryUser); // "admin"
1154
+ *
1155
+ * const alreadyClean = removeUserstorePrefix("user.name");
1156
+ * console.log(alreadyClean); // "user.name"
1157
+ *
1158
+ * const emptyInput = removeUserstorePrefix("");
1159
+ * console.log(emptyInput); // ""
1160
+ * ```
1161
+ */
1162
+ const removeUserstorePrefix = (username) => {
1163
+ if (!username) return "";
1164
+ return username.replace(USERSTORE_PREFIX_REGEX, "");
1165
+ };
1166
+ /**
1167
+ * Processes a user object to remove userstore prefixes from username fields.
1168
+ * This is a helper function for processing user objects returned from SCIM2 endpoints.
1169
+ * Handles various username field variations: username, userName, and user_name.
1170
+ *
1171
+ * @param user - The user object to process
1172
+ * @returns The user object with processed username fields
1173
+ *
1174
+ * @example
1175
+ * ```typescript
1176
+ * const user = { username: "DEFAULT/john.doe", email: "john@example.com" };
1177
+ * const processedUser = processUserUsername(user);
1178
+ * console.log(processedUser.username); // "john.doe"
1179
+ *
1180
+ * const camelCaseUser = { userName: "ASGARDEO_USER/jane.doe", email: "jane@example.com" };
1181
+ * const processedCamelCaseUser = processUserUsername(camelCaseUser);
1182
+ * console.log(processedCamelCaseUser.userName); // "jane.doe"
1183
+ *
1184
+ * const snakeCaseUser = { user_name: "PRIMARY/admin", email: "admin@example.com" };
1185
+ * const processedSnakeCaseUser = processUserUsername(snakeCaseUser);
1186
+ * console.log(processedSnakeCaseUser.user_name); // "admin"
1187
+ * ```
1188
+ */
1189
+ const processUsername = (user) => {
1190
+ if (!user) return user;
1191
+ const processedUser = { ...user };
1192
+ if (processedUser.username) processedUser.username = removeUserstorePrefix(processedUser.username);
1193
+ if (processedUser.userName) processedUser.userName = removeUserstorePrefix(processedUser.userName);
1194
+ if (processedUser.user_name) processedUser.user_name = removeUserstorePrefix(processedUser.user_name);
1195
+ return processedUser;
1196
+ };
1197
+ var processUsername_default = processUsername;
1198
+
1199
+ //#endregion
1200
+ //#region src/api/getScim2Me.ts
1201
+ /**
1202
+ * Retrieves the user profile information from the specified SCIM2 /Me endpoint.
1203
+ *
1204
+ * @param config - Request configuration object.
1205
+ * @returns A promise that resolves with the user profile information.
1206
+ * @example
1207
+ * ```typescript
1208
+ * // Using default fetch
1209
+ * try {
1210
+ * const userProfile = await getScim2Me({
1211
+ * url: "https://localhost:8090/scim2/Me",
1212
+ * });
1213
+ * console.log(userProfile);
1214
+ * } catch (error) {
1215
+ * if (error instanceof ThunderIDAPIError) {
1216
+ * console.error('Failed to get user profile:', error.message);
779
1217
  * }
780
1218
  * }
781
1219
  * ```
@@ -784,8 +1222,8 @@ var getScim2Me_default = getScim2Me;
784
1222
  * ```typescript
785
1223
  * // Using custom fetcher (e.g., axios-based httpClient)
786
1224
  * try {
787
- * const schemas = await getSchemas({
788
- * url: "https://localhost:8090/scim2/Schemas",
1225
+ * const userProfile = await getScim2Me({
1226
+ * url: "https://localhost:8090/scim2/Me",
789
1227
  * fetcher: async (url, config) => {
790
1228
  * const response = await httpClient({
791
1229
  * url,
@@ -803,63 +1241,60 @@ var getScim2Me_default = getScim2Me;
803
1241
  * } as Response;
804
1242
  * }
805
1243
  * });
806
- * console.log(schemas);
1244
+ * console.log(userProfile);
807
1245
  * } catch (error) {
808
1246
  * if (error instanceof ThunderIDAPIError) {
809
- * console.error('Failed to get schemas:', error.message);
1247
+ * console.error('Failed to get user profile:', error.message);
810
1248
  * }
811
1249
  * }
812
1250
  * ```
813
1251
  */
814
- const getSchemas = async ({ url, baseUrl, fetcher,...requestConfig }) => {
1252
+ const getScim2Me = async ({ url, baseUrl, fetcher,...requestConfig }) => {
815
1253
  try {
816
1254
  new URL(url ?? baseUrl);
817
1255
  } catch (error$1) {
818
- throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "getSchemas-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
1256
+ throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "getScim2Me-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
819
1257
  }
820
1258
  const fetchFn = fetcher || fetch;
821
- const resolvedUrl = url ?? `${baseUrl}/scim2/Schemas`;
1259
+ const resolvedUrl = url ?? `${baseUrl}/scim2/Me`;
822
1260
  const requestInit = {
823
1261
  ...requestConfig,
824
1262
  headers: {
825
1263
  Accept: "application/json",
826
- "Content-Type": "application/json",
1264
+ "Content-Type": "application/scim+json",
827
1265
  ...requestConfig.headers
828
1266
  },
829
1267
  method: "GET"
830
1268
  };
831
1269
  try {
832
1270
  const response = await fetchFn(resolvedUrl, requestInit);
833
- if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getSchemas-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch SCIM2 schemas");
834
- return await response.json();
1271
+ if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getScim2Me-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch user profile");
1272
+ return processUsername_default(await response.json());
835
1273
  } catch (error$1) {
836
1274
  if (error$1 instanceof ThunderIDAPIError) throw error$1;
837
- throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getSchemas-NetworkError-001", "javascript", 0, "Network Error");
1275
+ throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getScim2Me-NetworkError-001", "javascript", 0, "Network Error");
838
1276
  }
839
1277
  };
840
- var getSchemas_default = getSchemas;
1278
+ var getScim2Me_default = getScim2Me;
841
1279
 
842
1280
  //#endregion
843
- //#region src/api/getAllOrganizations.ts
1281
+ //#region src/api/getSchemas.ts
844
1282
  /**
845
- * Retrieves all organizations with pagination support.
1283
+ * Retrieves the SCIM2 schemas from the specified endpoint.
846
1284
  *
847
- * @param config - Configuration object containing baseUrl, optional query parameters, and request config.
848
- * @returns A promise that resolves with the paginated organizations information.
1285
+ * @param config - Request configuration object.
1286
+ * @returns A promise that resolves with the SCIM2 schemas information.
849
1287
  * @example
850
1288
  * ```typescript
851
1289
  * // Using default fetch
852
1290
  * try {
853
- * const response = await getAllOrganizations({
854
- * baseUrl: "https://localhost:8090",
855
- * filter: "",
856
- * limit: 10,
857
- * recursive: false
1291
+ * const schemas = await getSchemas({
1292
+ * url: "https://localhost:8090/scim2/Schemas",
858
1293
  * });
859
- * console.log(response.organizations);
1294
+ * console.log(schemas);
860
1295
  * } catch (error) {
861
1296
  * if (error instanceof ThunderIDAPIError) {
862
- * console.error('Failed to get organizations:', error.message);
1297
+ * console.error('Failed to get schemas:', error.message);
863
1298
  * }
864
1299
  * }
865
1300
  * ```
@@ -868,11 +1303,8 @@ var getSchemas_default = getSchemas;
868
1303
  * ```typescript
869
1304
  * // Using custom fetcher (e.g., axios-based httpClient)
870
1305
  * try {
871
- * const response = await getAllOrganizations({
872
- * baseUrl: "https://localhost:8090",
873
- * filter: "",
874
- * limit: 10,
875
- * recursive: false,
1306
+ * const schemas = await getSchemas({
1307
+ * url: "https://localhost:8090/scim2/Schemas",
876
1308
  * fetcher: async (url, config) => {
877
1309
  * const response = await httpClient({
878
1310
  * url,
@@ -890,43 +1322,130 @@ var getSchemas_default = getSchemas;
890
1322
  * } as Response;
891
1323
  * }
892
1324
  * });
893
- * console.log(response.organizations);
1325
+ * console.log(schemas);
894
1326
  * } catch (error) {
895
1327
  * if (error instanceof ThunderIDAPIError) {
896
- * console.error('Failed to get organizations:', error.message);
1328
+ * console.error('Failed to get schemas:', error.message);
897
1329
  * }
898
1330
  * }
899
1331
  * ```
900
1332
  */
901
- const getAllOrganizations = async ({ baseUrl, filter = "", limit = 10, recursive = false, fetcher,...requestConfig }) => {
1333
+ const getSchemas = async ({ url, baseUrl, fetcher,...requestConfig }) => {
902
1334
  try {
903
- new URL(baseUrl);
1335
+ new URL(url ?? baseUrl);
904
1336
  } catch (error$1) {
905
- throw new ThunderIDAPIError(`Invalid base URL provided. ${error$1?.toString()}`, "getAllOrganizations-ValidationError-001", "javascript", 400, "The provided `baseUrl` does not adhere to the URL schema.");
1337
+ throw new ThunderIDAPIError(`Invalid URL provided. ${error$1?.toString()}`, "getSchemas-ValidationError-001", "javascript", 400, "The provided `url` or `baseUrl` path does not adhere to the URL schema.");
906
1338
  }
907
- const queryParams = new URLSearchParams(Object.fromEntries(Object.entries({
908
- filter,
909
- limit: limit.toString(),
910
- recursive: recursive.toString()
911
- }).filter(([, value]) => Boolean(value))));
912
1339
  const fetchFn = fetcher || fetch;
913
- const resolvedUrl = `${baseUrl}/api/server/v1/organizations?${queryParams.toString()}`;
1340
+ const resolvedUrl = url ?? `${baseUrl}/scim2/Schemas`;
914
1341
  const requestInit = {
915
1342
  ...requestConfig,
916
1343
  headers: {
917
- ...requestConfig.headers,
918
1344
  Accept: "application/json",
919
- "Content-Type": "application/json"
1345
+ "Content-Type": "application/json",
1346
+ ...requestConfig.headers
920
1347
  },
921
1348
  method: "GET"
922
1349
  };
923
1350
  try {
924
1351
  const response = await fetchFn(resolvedUrl, requestInit);
925
- if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getAllOrganizations-ResponseError-001", "javascript", response.status, response.statusText, "Failed to get organizations");
926
- const data = await response.json();
927
- return {
928
- hasMore: data.hasMore,
929
- nextCursor: data.nextCursor,
1352
+ if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getSchemas-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch SCIM2 schemas");
1353
+ return await response.json();
1354
+ } catch (error$1) {
1355
+ if (error$1 instanceof ThunderIDAPIError) throw error$1;
1356
+ throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getSchemas-NetworkError-001", "javascript", 0, "Network Error");
1357
+ }
1358
+ };
1359
+ var getSchemas_default = getSchemas;
1360
+
1361
+ //#endregion
1362
+ //#region src/api/getAllOrganizations.ts
1363
+ /**
1364
+ * Retrieves all organizations with pagination support.
1365
+ *
1366
+ * @param config - Configuration object containing baseUrl, optional query parameters, and request config.
1367
+ * @returns A promise that resolves with the paginated organizations information.
1368
+ * @example
1369
+ * ```typescript
1370
+ * // Using default fetch
1371
+ * try {
1372
+ * const response = await getAllOrganizations({
1373
+ * baseUrl: "https://localhost:8090",
1374
+ * filter: "",
1375
+ * limit: 10,
1376
+ * recursive: false
1377
+ * });
1378
+ * console.log(response.organizations);
1379
+ * } catch (error) {
1380
+ * if (error instanceof ThunderIDAPIError) {
1381
+ * console.error('Failed to get organizations:', error.message);
1382
+ * }
1383
+ * }
1384
+ * ```
1385
+ *
1386
+ * @example
1387
+ * ```typescript
1388
+ * // Using custom fetcher (e.g., axios-based httpClient)
1389
+ * try {
1390
+ * const response = await getAllOrganizations({
1391
+ * baseUrl: "https://localhost:8090",
1392
+ * filter: "",
1393
+ * limit: 10,
1394
+ * recursive: false,
1395
+ * fetcher: async (url, config) => {
1396
+ * const response = await httpClient({
1397
+ * url,
1398
+ * method: config.method,
1399
+ * headers: config.headers,
1400
+ * ...config
1401
+ * });
1402
+ * // Convert axios-like response to fetch-like Response
1403
+ * return {
1404
+ * ok: response.status >= 200 && response.status < 300,
1405
+ * status: response.status,
1406
+ * statusText: response.statusText,
1407
+ * json: () => Promise.resolve(response.data),
1408
+ * text: () => Promise.resolve(typeof response.data === 'string' ? response.data : JSON.stringify(response.data))
1409
+ * } as Response;
1410
+ * }
1411
+ * });
1412
+ * console.log(response.organizations);
1413
+ * } catch (error) {
1414
+ * if (error instanceof ThunderIDAPIError) {
1415
+ * console.error('Failed to get organizations:', error.message);
1416
+ * }
1417
+ * }
1418
+ * ```
1419
+ */
1420
+ const getAllOrganizations = async ({ baseUrl, filter = "", limit = 10, recursive = false, fetcher,...requestConfig }) => {
1421
+ try {
1422
+ new URL(baseUrl);
1423
+ } catch (error$1) {
1424
+ throw new ThunderIDAPIError(`Invalid base URL provided. ${error$1?.toString()}`, "getAllOrganizations-ValidationError-001", "javascript", 400, "The provided `baseUrl` does not adhere to the URL schema.");
1425
+ }
1426
+ const queryParams = new URLSearchParams(Object.fromEntries(Object.entries({
1427
+ filter,
1428
+ limit: limit.toString(),
1429
+ recursive: recursive.toString()
1430
+ }).filter(([, value]) => Boolean(value))));
1431
+ const fetchFn = fetcher || fetch;
1432
+ const resolvedUrl = `${baseUrl}/api/server/v1/organizations?${queryParams.toString()}`;
1433
+ const requestInit = {
1434
+ ...requestConfig,
1435
+ headers: {
1436
+ ...requestConfig.headers,
1437
+ Accept: "application/json",
1438
+ "Content-Type": "application/json"
1439
+ },
1440
+ method: "GET"
1441
+ };
1442
+ try {
1443
+ const response = await fetchFn(resolvedUrl, requestInit);
1444
+ if (!response?.ok) throw new ThunderIDAPIError(await response.text(), "getAllOrganizations-ResponseError-001", "javascript", response.status, response.statusText, "Failed to get organizations");
1445
+ const data = await response.json();
1446
+ return {
1447
+ hasMore: data.hasMore,
1448
+ nextCursor: data.nextCursor,
930
1449
  organizations: data.organizations || [],
931
1450
  totalCount: data.totalCount
932
1451
  };
@@ -1468,42 +1987,6 @@ const updateMeProfile = async ({ url, baseUrl, payload, fetcher,...requestConfig
1468
1987
  };
1469
1988
  var updateMeProfile_default = updateMeProfile;
1470
1989
 
1471
- //#endregion
1472
- //#region src/models/platforms.ts
1473
- /**
1474
- * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
1475
- *
1476
- * WSO2 LLC. licenses this file to you under the Apache License,
1477
- * Version 2.0 (the "License"); you may not use this file except
1478
- * in compliance with the License.
1479
- * You may obtain a copy of the License at
1480
- *
1481
- * http://www.apache.org/licenses/LICENSE-2.0
1482
- *
1483
- * Unless required by applicable law or agreed to in writing,
1484
- * software distributed under the License is distributed on an
1485
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
1486
- * KIND, either express or implied. See the License for the
1487
- * specific language governing permissions and limitations
1488
- * under the License.
1489
- */
1490
- /**
1491
- * Enumeration of supported identity platforms.
1492
- *
1493
- * - `ThunderID`: Represents the ThunderID identity platform.
1494
- * - `IdentityServer`: Represents WSO2 Identity Server (on-prem or custom domains).
1495
- * - `Unknown`: Used when the platform cannot be determined from the configuration.
1496
- */
1497
- let Platform = /* @__PURE__ */ function(Platform$1) {
1498
- /** ThunderID identity platform */
1499
- Platform$1["ThunderID"] = "THUNDERID";
1500
- /** WSO2 Identity Server (on-prem or custom domains) */
1501
- Platform$1["IdentityServer"] = "IDENTITY_SERVER";
1502
- /** Unknown or unsupported platform */
1503
- Platform$1["Unknown"] = "UNKNOWN";
1504
- return Platform$1;
1505
- }({});
1506
-
1507
1990
  //#endregion
1508
1991
  //#region src/utils/logger.ts
1509
1992
  const PREFIX = "⚡ ThunderID";
@@ -1810,114 +2293,6 @@ const createPackageComponentLogger = (packageName, component) => {
1810
2293
  return createPackageLogger(packageName).child(component);
1811
2294
  };
1812
2295
 
1813
- //#endregion
1814
- //#region src/errors/ThunderIDRuntimeError.ts
1815
- /**
1816
- * Base class for all runtime errors in ThunderID. This class extends ThunderIDError
1817
- * and adds support for additional error details. Use this class for errors that occur
1818
- * during runtime execution that are not related to API calls.
1819
- *
1820
- * @example
1821
- * ```typescript
1822
- * throw new ThunderIDRuntimeError(
1823
- * "Failed to parse configuration",
1824
- * "CONFIG_PARSE_ERROR",
1825
- * { invalidField: "redirectUri" }
1826
- * );
1827
- * ```
1828
- */
1829
- var ThunderIDRuntimeError = class extends ThunderIDError {
1830
- /**
1831
- * Creates an instance of ThunderIDRuntimeError.
1832
- *
1833
- * @param message - Human-readable description of the error
1834
- * @param code - A unique error code that identifies the error type
1835
- * @param details - Additional details about the error that might be helpful for debugging
1836
- * @param origin - Optional. The SDK origin (e.g. 'react', 'vue'). Defaults to generic 'ThunderID'
1837
- * @constructor
1838
- */
1839
- constructor(message, code, origin, details) {
1840
- super(message, code, origin);
1841
- this.details = details;
1842
- Object.defineProperty(this, "name", {
1843
- configurable: true,
1844
- value: "ThunderIDRuntimeError",
1845
- writable: true
1846
- });
1847
- }
1848
- /**
1849
- * Returns a string representation of the runtime error
1850
- * @returns Formatted error string with name, code, details, and message
1851
- */
1852
- toString() {
1853
- const details = this.details ? `\nDetails: ${JSON.stringify(this.details, null, 2)}` : "";
1854
- return `[${this.name}] (code="${this.code}")${details}\nMessage: ${this.message}`;
1855
- }
1856
- };
1857
-
1858
- //#endregion
1859
- //#region src/utils/isRecognizedBaseUrlPattern.ts
1860
- /**
1861
- * Utility to determine if sensible ThunderID fallbacks can be used based on the given base URL.
1862
- *
1863
- * This checks if the URL follows the standard ThunderID pattern: /t/{orgHandle}
1864
- * Returns true if sensible fallbacks (like deriving organization handle, tenant, etc.) can be used, false otherwise.
1865
- *
1866
- * @param baseUrl - The base URL of the ThunderID identity server (string or undefined)
1867
- * @returns boolean - true if sensible fallbacks can be used, false otherwise
1868
- *
1869
- * @example
1870
- * isRecognizedBaseUrlPattern('https://localhost:8090/t/dxlab'); // true
1871
- * isRecognizedBaseUrlPattern('https://custom.example.com/auth'); // false
1872
- */
1873
- const isRecognizedBaseUrlPattern = (baseUrl) => {
1874
- if (!baseUrl) throw new ThunderIDRuntimeError("Base URL is required to derive if the `baseUrl` is recognized.", "isRecognizedBaseUrlPattern-ValidationError-001", "javascript", "A valid base URL must be provided to derive if the `baseUrl` is recognized to use the sensible fallbacks.");
1875
- let parsedUrl;
1876
- try {
1877
- parsedUrl = new URL(baseUrl);
1878
- } catch (error$1) {
1879
- throw new ThunderIDRuntimeError(`Invalid base URL format: ${baseUrl}`, "isRecognizedBaseUrlPattern-ValidationError-002", "javascript", "The provided base URL does not conform to valid URL syntax.");
1880
- }
1881
- const pathSegments = parsedUrl.pathname?.split("/")?.filter((segment) => segment?.length > 0);
1882
- if (pathSegments.length < 2 || pathSegments[0] !== "t") {
1883
- logger_default.warn("[isRecognizedBaseUrlPattern] The provided base URL does not follow the expected URL pattern (/t/{orgHandle}).");
1884
- return false;
1885
- }
1886
- return true;
1887
- };
1888
- var isRecognizedBaseUrlPattern_default = isRecognizedBaseUrlPattern;
1889
-
1890
- //#endregion
1891
- //#region src/utils/identifyPlatform.ts
1892
- /**
1893
- * Identifies the platform based on the given base URL.
1894
- *
1895
- * If the URL is recognized and matches the ThunderID domain, returns Platform.ThunderID.
1896
- * Otherwise, returns Platform.IdentityServer.
1897
- *
1898
- * @param baseUrl - The base URL to check
1899
- * @returns Platform enum value
1900
- */
1901
- const identifyPlatform = (config) => {
1902
- const { baseUrl } = config;
1903
- try {
1904
- if (isRecognizedBaseUrlPattern_default(baseUrl)) {
1905
- try {
1906
- const url = new URL(baseUrl);
1907
- if (/\.thunderid\.io$/i.test(url.hostname) || /thunderid\.io$/i.test(url.hostname)) return Platform.ThunderID;
1908
- } catch {
1909
- logger_default.debug(`[identifyPlatform] Could not identify platform from the base URL: ${baseUrl}. Defaulting to WSO2 Identity Server as the platform.`);
1910
- }
1911
- return Platform.IdentityServer;
1912
- }
1913
- return Platform.Unknown;
1914
- } catch (error$1) {
1915
- logger_default.debug(`[identifyPlatform] Error identifying platform from base URL: ${baseUrl}. Error: ${error$1.message}`);
1916
- return Platform.Unknown;
1917
- }
1918
- };
1919
- var identifyPlatform_default = identifyPlatform;
1920
-
1921
2296
  //#endregion
1922
2297
  //#region src/api/getBrandingPreference.ts
1923
2298
  /**
@@ -1998,575 +2373,28 @@ const getBrandingPreference = async ({ baseUrl, locale, name, type, fetcher,...r
1998
2373
  ...requestConfig.headers
1999
2374
  },
2000
2375
  method: "GET"
2001
- };
2002
- try {
2003
- const response = await fetchFn(resolvedUrl, requestInit);
2004
- if (!response?.ok) {
2005
- const errorText = await response.text();
2006
- const platform = identifyPlatform_default({ baseUrl });
2007
- let errorDescription;
2008
- try {
2009
- const errorBody = JSON.parse(errorText);
2010
- errorDescription = errorBody?.description || errorBody?.message || errorText;
2011
- } catch {
2012
- errorDescription = errorText;
2013
- }
2014
- let platformConsoleGuidance;
2015
- if (platform === Platform.ThunderID) platformConsoleGuidance = "configure branding preferences in the ThunderID console";
2016
- else if (platform === Platform.IdentityServer) platformConsoleGuidance = "configure branding preferences in the WSO2 Identity Server console";
2017
- else platformConsoleGuidance = "configure branding preferences in the platform console";
2018
- logger_default.warn(`[BrandingError] ${errorDescription} To resolve this issue, please ${platformConsoleGuidance}. If you want to suppress this warning and stop fetching branding preferences, set \`<ThunderIDProvider>\` -> \`preferences\` -> \`theme\` -> \`inheritFromBranding\` to false.`);
2019
- throw new ThunderIDAPIError(errorText, "getBrandingPreference-ResponseError-001", "javascript", response.status, response.statusText, "Failed to get branding preference");
2020
- }
2021
- return await response.json();
2022
- } catch (error$1) {
2023
- if (error$1 instanceof ThunderIDAPIError) throw error$1;
2024
- throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getBrandingPreference-NetworkError-001", "javascript", 0, "Network Error");
2025
- }
2026
- };
2027
- var getBrandingPreference_default = getBrandingPreference;
2028
-
2029
- //#endregion
2030
- //#region src/models/v2/embedded-signin-flow-v2.ts
2031
- /**
2032
- * Status enumeration for ThunderID embedded sign-in flow operations.
2033
- *
2034
- * These statuses indicate the current state of the sign-in flow and determine
2035
- * the next action required by the client application. Each status provides
2036
- * specific guidance on how to proceed with the authentication process.
2037
- *
2038
- * @example
2039
- * ```typescript
2040
- * switch (response.flowStatus) {
2041
- * case EmbeddedSignInFlowStatus.Incomplete:
2042
- * // More user input needed - render form components
2043
- * break;
2044
- * case EmbeddedSignInFlowStatus.Complete:
2045
- * // Authentication successful - handle completion
2046
- * break;
2047
- * case EmbeddedSignInFlowStatus.Error:
2048
- * // Authentication failed - show error message
2049
- * break;
2050
- * }
2051
- * ```
2052
- *
2053
- * @experimental Part of the new ThunderID API
2054
- */
2055
- let EmbeddedSignInFlowStatus$1 = /* @__PURE__ */ function(EmbeddedSignInFlowStatus$2) {
2056
- /**
2057
- * Sign-in flow completed successfully.
2058
- *
2059
- * The user has been authenticated and the flow can proceed to
2060
- * OAuth2 completion or redirection. Check for redirectUrl or
2061
- * assertion data in the response.
2062
- */
2063
- EmbeddedSignInFlowStatus$2["Complete"] = "COMPLETE";
2064
- /**
2065
- * Sign-in flow encountered an error.
2066
- *
2067
- * Authentication failed due to invalid credentials, system error,
2068
- * or other issues. Check error details in the response and handle
2069
- * appropriately (retry, show error message, etc.).
2070
- */
2071
- EmbeddedSignInFlowStatus$2["Error"] = "ERROR";
2072
- /**
2073
- * Sign-in flow requires additional user input.
2074
- *
2075
- * More authentication steps are needed. The response will contain
2076
- * components in data.meta.components that should be rendered to
2077
- * collect additional user input (e.g., MFA, password, etc.).
2078
- */
2079
- EmbeddedSignInFlowStatus$2["Incomplete"] = "INCOMPLETE";
2080
- return EmbeddedSignInFlowStatus$2;
2081
- }({});
2082
- /**
2083
- * Type enumeration for ThunderID embedded sign-in flow responses.
2084
- *
2085
- * Determines the nature of the flow response and how the client should
2086
- * handle the returned data. This affects both UI rendering and flow
2087
- * continuation logic.
2088
- *
2089
- * @experimental Part of the new ThunderID API
2090
- */
2091
- let EmbeddedSignInFlowType$1 = /* @__PURE__ */ function(EmbeddedSignInFlowType$2) {
2092
- /**
2093
- * Response requires external redirection.
2094
- *
2095
- * Used for social login providers, external identity providers,
2096
- * or other flows that require navigating to an external URL.
2097
- * The response will contain redirection information.
2098
- */
2099
- EmbeddedSignInFlowType$2["Redirection"] = "REDIRECTION";
2100
- /**
2101
- * Response contains view components for rendering.
2102
- *
2103
- * Standard embedded flow response containing UI components
2104
- * that should be rendered within the current application
2105
- * context. Most common type for embedded authentication.
2106
- */
2107
- EmbeddedSignInFlowType$2["View"] = "VIEW";
2108
- return EmbeddedSignInFlowType$2;
2109
- }({});
2110
-
2111
- //#endregion
2112
- //#region src/utils/v2/injectRequestedPermissions.ts
2113
- /**
2114
- * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
2115
- *
2116
- * WSO2 LLC. licenses this file to you under the Apache License,
2117
- * Version 2.0 (the "License"); you may not use this file except
2118
- * in compliance with the License.
2119
- * You may obtain a copy of the License at
2120
- *
2121
- * http://www.apache.org/licenses/LICENSE-2.0
2122
- *
2123
- * Unless required by applicable law or agreed to in writing,
2124
- * software distributed under the License is distributed on an
2125
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
2126
- * KIND, either express or implied. See the License for the
2127
- * specific language governing permissions and limitations
2128
- * under the License.
2129
- */
2130
- /**
2131
- * Strips the top-level `scopes` field from a payload and injects it as
2132
- * `inputs.requested_permissions` (space-separated string).
2133
- *
2134
- * The backend reads requested_permissions from UserInputs (the `inputs` map), not a top-level field.
2135
- */
2136
- const injectRequestedPermissions = (payload) => {
2137
- const { scopes,...rest } = payload;
2138
- const normalizedScopes = Array.isArray(scopes) ? scopes.map((s) => String(s).trim()).filter(Boolean).join(" ") : typeof scopes === "string" ? scopes.trim() : "";
2139
- if (!normalizedScopes) return rest;
2140
- const existingInputs = rest["inputs"] != null && typeof rest["inputs"] === "object" && !Array.isArray(rest["inputs"]) ? rest["inputs"] : {};
2141
- return {
2142
- ...rest,
2143
- inputs: {
2144
- ...existingInputs,
2145
- requested_permissions: normalizedScopes
2146
- }
2147
- };
2148
- };
2149
- var injectRequestedPermissions_default = injectRequestedPermissions;
2150
-
2151
- //#endregion
2152
- //#region src/api/v2/executeEmbeddedSignInFlowV2.ts
2153
- const executeEmbeddedSignInFlowV2 = async ({ url, baseUrl, payload, authId,...requestConfig }) => {
2154
- if (!payload) throw new ThunderIDAPIError("Authorization payload is required", "executeEmbeddedSignInFlow-ValidationError-002", "javascript", 400, "If an authorization payload is not provided, the request cannot be constructed correctly.");
2155
- const endpoint = url ?? `${baseUrl}/flow/execute`;
2156
- const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
2157
- const isNewFlowStart = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload;
2158
- const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
2159
- const basePayload = isNewFlowStart ? injectRequestedPermissions_default(cleanPayload) : cleanPayload;
2160
- const requestPayload = isNewFlowStart || hasOnlyFlowId ? {
2161
- ...basePayload,
2162
- verbose: true
2163
- } : basePayload;
2164
- const response = await fetch(endpoint, {
2165
- ...requestConfig,
2166
- body: JSON.stringify(requestPayload),
2167
- headers: {
2168
- Accept: "application/json",
2169
- "Content-Type": "application/json",
2170
- ...requestConfig.headers
2171
- },
2172
- method: requestConfig.method || "POST"
2173
- });
2174
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedSignInFlow-ResponseError-001", "javascript", response.status, response.statusText, "Authorization request failed");
2175
- const flowResponse = await response.json();
2176
- if (flowResponse.flowStatus === EmbeddedSignInFlowStatus$1.Complete && flowResponse.assertion && authId) try {
2177
- const oauth2Response = await fetch(`${baseUrl}/oauth2/auth/callback`, {
2178
- body: JSON.stringify({
2179
- assertion: flowResponse.assertion,
2180
- authId
2181
- }),
2182
- credentials: "include",
2183
- headers: {
2184
- Accept: "application/json",
2185
- "Content-Type": "application/json",
2186
- ...requestConfig.headers
2187
- },
2188
- method: "POST"
2189
- });
2190
- if (!oauth2Response.ok) throw new ThunderIDAPIError(await oauth2Response.text(), "executeEmbeddedSignInFlow-OAuth2Error-002", "javascript", oauth2Response.status, oauth2Response.statusText, "OAuth2 authorization failed");
2191
- const oauth2Result = await oauth2Response.json();
2192
- return {
2193
- flowStatus: flowResponse.flowStatus,
2194
- redirectUrl: oauth2Result["redirect_uri"]
2195
- };
2196
- } catch (authError) {
2197
- if (authError instanceof ThunderIDAPIError) throw authError;
2198
- throw new ThunderIDAPIError(authError instanceof Error ? authError.message : "Unknown error", "executeEmbeddedSignInFlow-OAuth2Error-001", "javascript", 500, "Failed to complete OAuth2 authorization after successful embedded sign-in flow.", "OAuth2 authorization failed");
2199
- }
2200
- return flowResponse;
2201
- };
2202
- var executeEmbeddedSignInFlowV2_default = executeEmbeddedSignInFlowV2;
2203
-
2204
- //#endregion
2205
- //#region src/models/v2/embedded-signup-flow-v2.ts
2206
- /**
2207
- * Status enumeration for ThunderID embedded sign-up flow operations.
2208
- *
2209
- * These statuses indicate the current state of the registration flow and determine
2210
- * the next action required by the client application. Each status provides specific
2211
- * guidance on how to proceed with the user registration process.
2212
- *
2213
- * @example
2214
- * ```typescript
2215
- * switch (response.flowStatus) {
2216
- * case EmbeddedSignUpFlowStatus.Incomplete:
2217
- * // More user input needed - render registration form components
2218
- * break;
2219
- * case EmbeddedSignUpFlowStatus.Complete:
2220
- * // Registration successful - handle completion
2221
- * break;
2222
- * case EmbeddedSignUpFlowStatus.Error:
2223
- * // Registration failed - show error details
2224
- * const errorResponse = response as EmbeddedSignUpFlowErrorResponse;
2225
- * showError(errorResponse.error.description.defaultValue);
2226
- * break;
2227
- * }
2228
- * ```
2229
- *
2230
- * @experimental Part of the new ThunderID API
2231
- */
2232
- let EmbeddedSignUpFlowStatus = /* @__PURE__ */ function(EmbeddedSignUpFlowStatus$1) {
2233
- /**
2234
- * Sign-up flow completed successfully.
2235
- *
2236
- * The user has successfully registered and the flow can proceed to
2237
- * OAuth2 completion or redirection. Check for redirectUrl or assertion
2238
- * data in the response for next steps.
2239
- */
2240
- EmbeddedSignUpFlowStatus$1["Complete"] = "COMPLETE";
2241
- /**
2242
- * Sign-up flow encountered an error and cannot proceed.
2243
- *
2244
- * Registration failed due to validation errors, duplicate user,
2245
- * system errors, or other issues. The response will be of type
2246
- * `EmbeddedSignUpFlowErrorResponse` containing detailed failure
2247
- * information that can be displayed to the user.
2248
- *
2249
- * @see {@link EmbeddedSignUpFlowErrorResponse} for error response structure
2250
- */
2251
- EmbeddedSignUpFlowStatus$1["Error"] = "ERROR";
2252
- /**
2253
- * Sign-up flow requires additional user input.
2254
- *
2255
- * More registration steps are needed. The response will contain
2256
- * components in data.meta.components that should be rendered to
2257
- * collect additional user information (e.g., profile data, verification).
2258
- */
2259
- EmbeddedSignUpFlowStatus$1["Incomplete"] = "INCOMPLETE";
2260
- return EmbeddedSignUpFlowStatus$1;
2261
- }({});
2262
- /**
2263
- * Type enumeration for ThunderID embedded sign-up flow responses.
2264
- *
2265
- * Determines the nature of the registration flow response and how the client
2266
- * should handle the returned data. This affects both UI rendering and flow
2267
- * continuation logic during the user registration process.
2268
- *
2269
- * @experimental Part of the new ThunderID API
2270
- */
2271
- let EmbeddedSignUpFlowType = /* @__PURE__ */ function(EmbeddedSignUpFlowType$1) {
2272
- /**
2273
- * Response requires external redirection.
2274
- *
2275
- * Used for social registration providers, external identity providers,
2276
- * or other flows that require navigating to an external URL during
2277
- * the registration process. The response will contain redirection information.
2278
- */
2279
- EmbeddedSignUpFlowType$1["Redirection"] = "REDIRECTION";
2280
- /**
2281
- * Response contains view components for rendering.
2282
- *
2283
- * Standard embedded registration flow response containing UI components
2284
- * that should be rendered within the current application context.
2285
- * Most common type for embedded user registration.
2286
- */
2287
- EmbeddedSignUpFlowType$1["View"] = "VIEW";
2288
- return EmbeddedSignUpFlowType$1;
2289
- }({});
2290
-
2291
- //#endregion
2292
- //#region src/api/v2/executeEmbeddedSignUpFlowV2.ts
2293
- const executeEmbeddedSignUpFlowV2 = async ({ url, baseUrl, payload, authId,...requestConfig }) => {
2294
- if (!payload) throw new ThunderIDAPIError("Registration payload is required", "executeEmbeddedSignUpFlow-ValidationError-002", "javascript", 400, "If a registration payload is not provided, the request cannot be constructed correctly.");
2295
- const endpoint = url ?? `${baseUrl}/flow/execute`;
2296
- const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
2297
- const isNewFlowStart = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload;
2298
- const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
2299
- const basePayload = isNewFlowStart ? injectRequestedPermissions_default(cleanPayload) : cleanPayload;
2300
- const requestPayload = isNewFlowStart || hasOnlyFlowId ? {
2301
- ...basePayload,
2302
- verbose: true
2303
- } : basePayload;
2304
- const response = await fetch(endpoint, {
2305
- ...requestConfig,
2306
- body: JSON.stringify(requestPayload),
2307
- headers: {
2308
- Accept: "application/json",
2309
- "Content-Type": "application/json",
2310
- ...requestConfig.headers
2311
- },
2312
- method: requestConfig.method || "POST"
2313
- });
2314
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedSignUpFlow-ResponseError-001", "javascript", response.status, response.statusText, "Registration request failed");
2315
- const flowResponse = await response.json();
2316
- if (flowResponse.flowStatus === EmbeddedSignUpFlowStatus.Complete && flowResponse.assertion && authId) try {
2317
- const oauth2Response = await fetch(`${baseUrl}/oauth2/auth/callback`, {
2318
- body: JSON.stringify({
2319
- assertion: flowResponse.assertion,
2320
- authId
2321
- }),
2322
- credentials: "include",
2323
- headers: {
2324
- Accept: "application/json",
2325
- "Content-Type": "application/json",
2326
- ...requestConfig.headers
2327
- },
2328
- method: "POST"
2329
- });
2330
- if (!oauth2Response.ok) throw new ThunderIDAPIError(await oauth2Response.text(), "executeEmbeddedSignUpFlow-OAuth2Error-002", "javascript", oauth2Response.status, oauth2Response.statusText, "OAuth2 authorization failed");
2331
- const oauth2Result = await oauth2Response.json();
2332
- return {
2333
- flowStatus: flowResponse.flowStatus,
2334
- redirectUrl: oauth2Result["redirect_uri"]
2335
- };
2336
- } catch (authError) {
2337
- if (authError instanceof ThunderIDAPIError) throw authError;
2338
- throw new ThunderIDAPIError(authError instanceof Error ? authError.message : "Unknown error", "executeEmbeddedSignUpFlow-OAuth2Error-001", "javascript", 500, "Failed to complete OAuth2 authorization after successful embedded sign-up flow.", "OAuth2 authorization failed");
2339
- }
2340
- return flowResponse;
2341
- };
2342
- var executeEmbeddedSignUpFlowV2_default = executeEmbeddedSignUpFlowV2;
2343
-
2344
- //#endregion
2345
- //#region src/api/v2/executeEmbeddedRecoveryFlowV2.ts
2346
- /**
2347
- * Executes an embedded recovery flow by sending a request to the flow execution endpoint.
2348
- *
2349
- * This function handles password-recovery and account-recovery flows driven by the
2350
- * ThunderID server. The server returns UI components for each step (e.g. username
2351
- * collection, OTP verification, password reset) and this function forwards the
2352
- * user's responses back to the server.
2353
- *
2354
- * @param requestConfig - Request configuration containing URL, payload, and optional headers.
2355
- * @returns A promise that resolves with the flow execution response.
2356
- * @throws ThunderIDAPIError when the request fails or a payload is missing.
2357
- *
2358
- * @example
2359
- * ```typescript
2360
- * // Initiate recovery flow
2361
- * const response = await executeEmbeddedRecoveryFlowV2({
2362
- * baseUrl: 'https://localhost:8090',
2363
- * payload: {
2364
- * flowType: 'RECOVERY',
2365
- * applicationId: 'my-app-id',
2366
- * },
2367
- * });
2368
- *
2369
- * // Continue recovery flow with user input
2370
- * const nextResponse = await executeEmbeddedRecoveryFlowV2({
2371
- * baseUrl: 'https://localhost:8090',
2372
- * payload: {
2373
- * executionId: response.executionId,
2374
- * action: 'submit',
2375
- * inputs: { username: 'user@example.com' },
2376
- * challengeToken: response.challengeToken,
2377
- * },
2378
- * });
2379
- * ```
2380
- */
2381
- const executeEmbeddedRecoveryFlowV2 = async ({ url, baseUrl, payload,...requestConfig }) => {
2382
- if (!payload) throw new ThunderIDAPIError("Recovery payload is required", "executeEmbeddedRecoveryFlow-ValidationError-002", "javascript", 400, "If a recovery payload is not provided, the request cannot be constructed correctly.");
2383
- const endpoint = url ?? `${baseUrl}/flow/execute`;
2384
- const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
2385
- const hasOnlyAppIdAndFlowType = typeof cleanPayload === "object" && cleanPayload !== null && "applicationId" in cleanPayload && "flowType" in cleanPayload && Object.keys(cleanPayload).length === 2;
2386
- const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
2387
- const requestPayload = hasOnlyAppIdAndFlowType || hasOnlyFlowId ? {
2388
- ...cleanPayload,
2389
- verbose: true
2390
- } : cleanPayload;
2391
- const response = await fetch(endpoint, {
2392
- ...requestConfig,
2393
- body: JSON.stringify(requestPayload),
2394
- headers: {
2395
- Accept: "application/json",
2396
- "Content-Type": "application/json",
2397
- ...requestConfig.headers
2398
- },
2399
- method: requestConfig.method || "POST"
2400
- });
2401
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedRecoveryFlow-ResponseError-001", "javascript", response.status, response.statusText, "Recovery request failed");
2402
- return await response.json();
2403
- };
2404
- var executeEmbeddedRecoveryFlowV2_default = executeEmbeddedRecoveryFlowV2;
2405
-
2406
- //#endregion
2407
- //#region src/api/v2/executeEmbeddedUserOnboardingFlowV2.ts
2408
- /**
2409
- * Executes an embedded user onboarding flow by sending a request to the flow execution endpoint.
2410
- *
2411
- * This function handles both:
2412
- * - Admin flow: Initiates onboarding, collects user details, generates invite link
2413
- * - End-user flow: Validates invite token and allows password setting
2414
- *
2415
- * @param requestConfig - Request configuration object containing URL, payload, and optional auth token.
2416
- * @returns A promise that resolves with the flow execution response.
2417
- * @throws ThunderIDAPIError when the request fails or URL is invalid.
2418
- *
2419
- * @example
2420
- * ```typescript
2421
- * // Admin initiating user onboarding (requires auth token)
2422
- * const response = await executeEmbeddedUserOnboardingFlowV2({
2423
- * baseUrl: "https://api.thunder.io",
2424
- * payload: {
2425
- * flowType: "USER_ONBOARDING"
2426
- * },
2427
- * headers: {
2428
- * Authorization: `Bearer ${accessToken}`
2429
- * }
2430
- * });
2431
- *
2432
- * // End-user accepting invite (no auth required)
2433
- * const response = await executeEmbeddedUserOnboardingFlowV2({
2434
- * baseUrl: "https://api.thunder.io",
2435
- * payload: {
2436
- * executionId: "flow-id-from-url",
2437
- * inputs: { inviteToken: "token-from-url" }
2438
- * }
2439
- * });
2440
- * ```
2441
- */
2442
- const executeEmbeddedUserOnboardingFlowV2 = async ({ url, baseUrl, payload,...requestConfig }) => {
2443
- if (!payload) throw new ThunderIDAPIError("User onboarding payload is required", "executeEmbeddedUserOnboardingFlow-ValidationError-002", "javascript", 400, "If a user onboarding payload is not provided, the request cannot be constructed correctly.");
2444
- const endpoint = url ?? `${baseUrl}/flow/execute`;
2445
- const cleanPayload = typeof payload === "object" && payload !== null ? Object.fromEntries(Object.entries(payload).filter(([key]) => key !== "verbose")) : payload;
2446
- const hasOnlyFlowType = typeof cleanPayload === "object" && cleanPayload !== null && "flowType" in cleanPayload && Object.keys(cleanPayload).length === 1;
2447
- const hasOnlyFlowId = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && Object.keys(cleanPayload).length === 1;
2448
- const hasFlowIdWithInputs = typeof cleanPayload === "object" && cleanPayload !== null && "executionId" in cleanPayload && "inputs" in cleanPayload;
2449
- const requestPayload = hasOnlyFlowType || hasOnlyFlowId || hasFlowIdWithInputs ? {
2450
- ...cleanPayload,
2451
- verbose: true
2452
- } : cleanPayload;
2453
- if ("flowType" in requestPayload && requestPayload["flowType"] !== EmbeddedFlowType.UserOnboarding) requestPayload["flowType"] = EmbeddedFlowType.UserOnboarding;
2454
- const response = await fetch(endpoint, {
2455
- ...requestConfig,
2456
- body: JSON.stringify(requestPayload),
2457
- headers: {
2458
- Accept: "application/json",
2459
- "Content-Type": "application/json",
2460
- ...requestConfig.headers
2461
- },
2462
- method: requestConfig.method || "POST"
2463
- });
2464
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "executeEmbeddedUserOnboardingFlow-ResponseError-001", "javascript", response.status, response.statusText, "User onboarding request failed");
2465
- return await response.json();
2466
- };
2467
- var executeEmbeddedUserOnboardingFlowV2_default = executeEmbeddedUserOnboardingFlowV2;
2468
-
2469
- //#endregion
2470
- //#region src/api/v2/getFlowMetaV2.ts
2471
- /**
2472
- * Fetches aggregated flow metadata from the `GET /flow/meta` endpoint.
2473
- *
2474
- * The response includes:
2475
- * - Application or OU details depending on the `type` parameter
2476
- * - Resolved design configuration (theme and layout)
2477
- * - i18n translations filtered by `language` and `namespace`
2478
- * - Registration flow enablement status
2479
- *
2480
- * @param config - Request configuration including `baseUrl`/`url`, and optional
2481
- * `type`, `id`, `language`, and `namespace` filters. When `type`
2482
- * and `id` are omitted the server returns i18n-only metadata.
2483
- * @returns A promise that resolves to the {@link FlowMetadataResponse}.
2484
- *
2485
- * @throws {ThunderIDAPIError} When the server returns a non-OK response.
2486
- *
2487
- * @example
2488
- * ```typescript
2489
- * import getFlowMetaV2 from './api/v2/getFlowMetaV2';
2490
- * import { FlowMetaType } from './models/v2/flow-meta-v2';
2491
- *
2492
- * const meta = await getFlowMetaV2({
2493
- * baseUrl: 'https://localhost:8090',
2494
- * type: FlowMetaType.App,
2495
- * id: '60a9b38b-6eba-9f9e-55f9-267067de4680',
2496
- * language: 'en',
2497
- * namespace: 'auth',
2498
- * });
2499
- *
2500
- * console.log(meta.application?.name);
2501
- * console.log(meta.i18n.translations);
2502
- * ```
2503
- *
2504
- * @experimental This function targets the ThunderID V2 platform API
2505
- */
2506
- const getFlowMetaV2 = async ({ url, baseUrl, type, id, language, namespace,...requestConfig }) => {
2507
- const queryParams = new URLSearchParams({
2508
- ...id ? { id } : {},
2509
- ...type ? { type } : {},
2510
- ...language ? { language } : {},
2511
- ...namespace ? { namespace } : {}
2512
- });
2513
- const endpoint = `${url ?? `${baseUrl}/flow/meta`}?${queryParams.toString()}`;
2514
- const response = await fetch(endpoint, {
2515
- ...requestConfig,
2516
- headers: {
2517
- Accept: "application/json",
2518
- ...requestConfig.headers
2519
- },
2520
- method: "GET"
2521
- });
2522
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getFlowMetaV2-ResponseError-001", "javascript", response.status, response.statusText, "Flow metadata request failed");
2523
- return await response.json();
2524
- };
2525
- var getFlowMetaV2_default = getFlowMetaV2;
2526
-
2527
- //#endregion
2528
- //#region src/api/v2/getOrganizationUnitChildren.ts
2529
- /**
2530
- * Retrieves the child organization units of a given parent OU.
2531
- *
2532
- * @param config - Request configuration including `baseUrl`/`url`, `organizationUnitId`,
2533
- * and optional `limit`/`offset` pagination parameters.
2534
- * @returns A promise that resolves with the paginated list of child organization units.
2535
- *
2536
- * @throws {ThunderIDAPIError} When the server returns a non-OK response.
2537
- *
2538
- * @example
2539
- * ```typescript
2540
- * const children = await getOrganizationUnitChildren({
2541
- * baseUrl: 'https://localhost:8090',
2542
- * organizationUnitId: '0d5e071b-d3d3-475d-b3c6-1a20ee2fa9b1',
2543
- * limit: 10,
2544
- * offset: 0,
2545
- * });
2546
- * console.log(children.organizationUnits);
2547
- * ```
2548
- *
2549
- * @experimental This function targets the ThunderID V2 platform API
2550
- */
2551
- const getOrganizationUnitChildren = async ({ url, baseUrl, organizationUnitId, limit = 10, offset = 0,...requestConfig }) => {
2552
- if (!organizationUnitId) throw new ThunderIDAPIError("Organization Unit ID is required", "getOrganizationUnitChildren-ValidationError-001", "javascript", 400, "If an organization unit ID is not provided, the request cannot be constructed correctly.");
2553
- const queryParams = new URLSearchParams({
2554
- limit: String(limit),
2555
- offset: String(offset)
2556
- });
2557
- const endpoint = url ?? `${baseUrl}/organization-units/${organizationUnitId}/ous?${queryParams.toString()}`;
2558
- const response = await fetch(endpoint, {
2559
- ...requestConfig,
2560
- headers: {
2561
- Accept: "application/json",
2562
- ...requestConfig.headers
2563
- },
2564
- method: "GET"
2565
- });
2566
- if (!response.ok) throw new ThunderIDAPIError(await response.text(), "getOrganizationUnitChildren-ResponseError-001", "javascript", response.status, response.statusText, "Failed to fetch organization unit children");
2567
- return await response.json();
2376
+ };
2377
+ try {
2378
+ const response = await fetchFn(resolvedUrl, requestInit);
2379
+ if (!response?.ok) {
2380
+ const errorText = await response.text();
2381
+ let errorDescription;
2382
+ try {
2383
+ const errorBody = JSON.parse(errorText);
2384
+ errorDescription = errorBody?.description || errorBody?.message || errorText;
2385
+ } catch {
2386
+ errorDescription = errorText;
2387
+ }
2388
+ logger_default.warn(`[BrandingError] ${errorDescription} To resolve this issue, please configure branding preferences in the ThunderID console. If you want to suppress this warning and stop fetching branding preferences, set \`<ThunderIDProvider>\` -> \`preferences\` -> \`theme\` -> \`inheritFromBranding\` to false.`);
2389
+ throw new ThunderIDAPIError(errorText, "getBrandingPreference-ResponseError-001", "javascript", response.status, response.statusText, "Failed to get branding preference");
2390
+ }
2391
+ return await response.json();
2392
+ } catch (error$1) {
2393
+ if (error$1 instanceof ThunderIDAPIError) throw error$1;
2394
+ throw new ThunderIDAPIError(`Network or parsing error: ${error$1 instanceof Error ? error$1.message : "Unknown error"}`, "getBrandingPreference-NetworkError-001", "javascript", 0, "Network Error");
2395
+ }
2568
2396
  };
2569
- var getOrganizationUnitChildren_default = getOrganizationUnitChildren;
2397
+ var getBrandingPreference_default = getBrandingPreference;
2570
2398
 
2571
2399
  //#endregion
2572
2400
  //#region src/constants/ApplicationNativeAuthenticationConstants.ts
@@ -2708,198 +2536,52 @@ const VendorConstants = { VENDOR_PREFIX: "thunderid" };
2708
2536
  var VendorConstants_default = VendorConstants;
2709
2537
 
2710
2538
  //#endregion
2711
- //#region src/models/embedded-signin-flow.ts
2712
- let EmbeddedSignInFlowStatus = /* @__PURE__ */ function(EmbeddedSignInFlowStatus$2) {
2713
- EmbeddedSignInFlowStatus$2["FailCompleted"] = "FAIL_COMPLETED";
2714
- EmbeddedSignInFlowStatus$2["FailIncomplete"] = "FAIL_INCOMPLETE";
2715
- EmbeddedSignInFlowStatus$2["Incomplete"] = "INCOMPLETE";
2716
- EmbeddedSignInFlowStatus$2["SuccessCompleted"] = "SUCCESS_COMPLETED";
2717
- return EmbeddedSignInFlowStatus$2;
2718
- }({});
2719
- let EmbeddedSignInFlowType = /* @__PURE__ */ function(EmbeddedSignInFlowType$2) {
2720
- EmbeddedSignInFlowType$2["Authentication"] = "AUTHENTICATION";
2721
- return EmbeddedSignInFlowType$2;
2722
- }({});
2723
- let EmbeddedSignInFlowStepType = /* @__PURE__ */ function(EmbeddedSignInFlowStepType$1) {
2724
- EmbeddedSignInFlowStepType$1["AuthenticatorPrompt"] = "AUTHENTICATOR_PROMPT";
2725
- EmbeddedSignInFlowStepType$1["MultiOptionsPrompt"] = "MULTI_OPTIONS_PROMPT";
2726
- return EmbeddedSignInFlowStepType$1;
2727
- }({});
2728
- let EmbeddedSignInFlowAuthenticatorParamType = /* @__PURE__ */ function(EmbeddedSignInFlowAuthenticatorParamType$1) {
2729
- EmbeddedSignInFlowAuthenticatorParamType$1["Integer"] = "INTEGER";
2730
- EmbeddedSignInFlowAuthenticatorParamType$1["MultiValued"] = "MULTI_VALUED";
2731
- EmbeddedSignInFlowAuthenticatorParamType$1["String"] = "STRING";
2732
- return EmbeddedSignInFlowAuthenticatorParamType$1;
2733
- }({});
2734
- let EmbeddedSignInFlowAuthenticatorExtendedParamType = /* @__PURE__ */ function(EmbeddedSignInFlowAuthenticatorExtendedParamType$1) {
2735
- EmbeddedSignInFlowAuthenticatorExtendedParamType$1["Otp"] = "OTPCode";
2736
- return EmbeddedSignInFlowAuthenticatorExtendedParamType$1;
2737
- }({});
2738
- let EmbeddedSignInFlowAuthenticatorKnownIdPType = /* @__PURE__ */ function(EmbeddedSignInFlowAuthenticatorKnownIdPType$1) {
2739
- EmbeddedSignInFlowAuthenticatorKnownIdPType$1["Local"] = "LOCAL";
2740
- return EmbeddedSignInFlowAuthenticatorKnownIdPType$1;
2741
- }({});
2742
- let EmbeddedSignInFlowAuthenticatorPromptType = /* @__PURE__ */ function(EmbeddedSignInFlowAuthenticatorPromptType$1) {
2743
- /**
2744
- * Prompt for internal system use, such as API keys or tokens.
2745
- */
2746
- EmbeddedSignInFlowAuthenticatorPromptType$1["InternalPrompt"] = "INTERNAL_PROMPT";
2747
- /**
2748
- * Prompt for redirection to another page or service.
2749
- */
2750
- EmbeddedSignInFlowAuthenticatorPromptType$1["RedirectionPrompt"] = "REDIRECTION_PROMPT";
2751
- /**
2752
- * Prompt for user input, typically for username/password or similar credentials.
2753
- */
2754
- EmbeddedSignInFlowAuthenticatorPromptType$1["UserPrompt"] = "USER_PROMPT";
2755
- return EmbeddedSignInFlowAuthenticatorPromptType$1;
2756
- }({});
2757
-
2758
- //#endregion
2759
- //#region src/models/v2/embedded-flow-v2.ts
2539
+ //#region src/errors/ThunderIDRuntimeError.ts
2760
2540
  /**
2761
- * Component types supported by the ThunderID embedded flow API.
2762
- *
2763
- * These types define the different UI components that can be rendered
2764
- * as part of the embedded authentication flows. Each type corresponds
2765
- * to a specific UI element with its own behavior and properties.
2541
+ * Base class for all runtime errors in ThunderID. This class extends ThunderIDError
2542
+ * and adds support for additional error details. Use this class for errors that occur
2543
+ * during runtime execution that are not related to API calls.
2766
2544
  *
2767
2545
  * @example
2768
2546
  * ```typescript
2769
- * // Check component type to render appropriate UI
2770
- * if (component.type === EmbeddedFlowComponentType.TextInput) {
2771
- * // Render text input field
2772
- * } else if (component.type === EmbeddedFlowComponentType.Action) {
2773
- * // Render button/action
2774
- * }
2547
+ * throw new ThunderIDRuntimeError(
2548
+ * "Failed to parse configuration",
2549
+ * "CONFIG_PARSE_ERROR",
2550
+ * { invalidField: "redirectUri" }
2551
+ * );
2775
2552
  * ```
2776
- *
2777
- * @experimental This API may change in future versions
2778
- */
2779
- let EmbeddedFlowComponentType$1 = /* @__PURE__ */ function(EmbeddedFlowComponentType$2) {
2780
- /** Interactive action component (buttons, links) for user interactions */
2781
- EmbeddedFlowComponentType$2["Action"] = "ACTION";
2782
- /** Container block component that groups other components */
2783
- EmbeddedFlowComponentType$2["Block"] = "BLOCK";
2784
- /** Consent component for displaying consent purposes and attributes */
2785
- EmbeddedFlowComponentType$2["Consent"] = "CONSENT";
2786
- /** Copyable text display component that shows text with a copy-to-clipboard action */
2787
- EmbeddedFlowComponentType$2["CopyableText"] = "COPYABLE_TEXT";
2788
- /** Divider component for visual separation of content */
2789
- EmbeddedFlowComponentType$2["Divider"] = "DIVIDER";
2790
- /** Email input field with validation for email addresses. */
2791
- EmbeddedFlowComponentType$2["EmailInput"] = "EMAIL_INPUT";
2792
- /** Icon display component for rendering named vector icons */
2793
- EmbeddedFlowComponentType$2["Icon"] = "ICON";
2794
- /** Image display component for logos and illustrations */
2795
- EmbeddedFlowComponentType$2["Image"] = "IMAGE";
2796
- /** One-time password input field for multi-factor authentication */
2797
- EmbeddedFlowComponentType$2["OtpInput"] = "OTP_INPUT";
2798
- /** Organization unit tree picker for selecting an OU */
2799
- EmbeddedFlowComponentType$2["OuSelect"] = "OU_SELECT";
2800
- /** Password input field with masking for sensitive data */
2801
- EmbeddedFlowComponentType$2["PasswordInput"] = "PASSWORD_INPUT";
2802
- /** Phone number input field with country code support */
2803
- EmbeddedFlowComponentType$2["PhoneInput"] = "PHONE_INPUT";
2804
- /** Rich text display component that renders formatted HTML content */
2805
- EmbeddedFlowComponentType$2["RichText"] = "RICH_TEXT";
2806
- /** Select/dropdown input component for single choice selection */
2807
- EmbeddedFlowComponentType$2["Select"] = "SELECT";
2808
- /** Stack layout component for arranging children in a row or column */
2809
- EmbeddedFlowComponentType$2["Stack"] = "STACK";
2810
- /** Text display component for labels, headings, and messages */
2811
- EmbeddedFlowComponentType$2["Text"] = "TEXT";
2812
- /** Standard text input field for user data entry */
2813
- EmbeddedFlowComponentType$2["TextInput"] = "TEXT_INPUT";
2814
- /** Timer component for displaying a countdown */
2815
- EmbeddedFlowComponentType$2["Timer"] = "TIMER";
2816
- /** QR code display component for wallet-based flows (e.g. OpenID4VP) */
2817
- EmbeddedFlowComponentType$2["QrCode"] = "QR_CODE";
2818
- return EmbeddedFlowComponentType$2;
2819
- }({});
2820
- /**
2821
- * Action variant types for buttons and interactive elements.
2822
- *
2823
- * @experimental This API may change in future versions
2824
- */
2825
- let EmbeddedFlowActionVariant = /* @__PURE__ */ function(EmbeddedFlowActionVariant$1) {
2826
- /** Danger action button for destructive operations */
2827
- EmbeddedFlowActionVariant$1["Danger"] = "DANGER";
2828
- /** Info action button for informational purposes */
2829
- EmbeddedFlowActionVariant$1["Info"] = "INFO";
2830
- /** Link-styled action button */
2831
- EmbeddedFlowActionVariant$1["Link"] = "LINK";
2832
- /** Outlined action button for secondary emphasis */
2833
- EmbeddedFlowActionVariant$1["Outlined"] = "OUTLINED";
2834
- /** Primary action button with highest visual emphasis */
2835
- EmbeddedFlowActionVariant$1["Primary"] = "PRIMARY";
2836
- /** Secondary action button with moderate visual emphasis */
2837
- EmbeddedFlowActionVariant$1["Secondary"] = "SECONDARY";
2838
- /** Success action button for positive confirmations */
2839
- EmbeddedFlowActionVariant$1["Success"] = "SUCCESS";
2840
- /** Tertiary action button with minimal visual emphasis */
2841
- EmbeddedFlowActionVariant$1["Tertiary"] = "TERTIARY";
2842
- /** Warning action button for cautionary actions */
2843
- EmbeddedFlowActionVariant$1["Warning"] = "WARNING";
2844
- return EmbeddedFlowActionVariant$1;
2845
- }({});
2846
- /**
2847
- * Text variant types for typography components.
2848
- *
2849
- * @experimental This API may change in future versions
2850
- */
2851
- let EmbeddedFlowTextVariant = /* @__PURE__ */ function(EmbeddedFlowTextVariant$1) {
2852
- /** Primary body text for main content */
2853
- EmbeddedFlowTextVariant$1["Body1"] = "BODY_1";
2854
- /** Secondary body text for supplementary content */
2855
- EmbeddedFlowTextVariant$1["Body2"] = "BODY_2";
2856
- /** Text styled for button labels */
2857
- EmbeddedFlowTextVariant$1["ButtonText"] = "BUTTON_TEXT";
2858
- /** Small caption text for annotations and descriptions */
2859
- EmbeddedFlowTextVariant$1["Caption"] = "CAPTION";
2860
- /** Largest heading level for main titles */
2861
- EmbeddedFlowTextVariant$1["Heading1"] = "HEADING_1";
2862
- /** Second level heading for major sections */
2863
- EmbeddedFlowTextVariant$1["Heading2"] = "HEADING_2";
2864
- /** Third level heading for subsections */
2865
- EmbeddedFlowTextVariant$1["Heading3"] = "HEADING_3";
2866
- /** Fourth level heading for minor sections */
2867
- EmbeddedFlowTextVariant$1["Heading4"] = "HEADING_4";
2868
- /** Fifth level heading for detailed sections */
2869
- EmbeddedFlowTextVariant$1["Heading5"] = "HEADING_5";
2870
- /** Smallest heading level for fine-grained sections */
2871
- EmbeddedFlowTextVariant$1["Heading6"] = "HEADING_6";
2872
- /** Overline text for labels and categories */
2873
- EmbeddedFlowTextVariant$1["Overline"] = "OVERLINE";
2874
- /** Primary subtitle text with larger emphasis */
2875
- EmbeddedFlowTextVariant$1["Subtitle1"] = "SUBTITLE_1";
2876
- /** Secondary subtitle text with moderate emphasis */
2877
- EmbeddedFlowTextVariant$1["Subtitle2"] = "SUBTITLE_2";
2878
- return EmbeddedFlowTextVariant$1;
2879
- }({});
2880
- /**
2881
- * Event types for action components.
2882
- *
2883
- * @experimental This API may change in future versions
2884
2553
  */
2885
- let EmbeddedFlowEventType = /* @__PURE__ */ function(EmbeddedFlowEventType$1) {
2886
- /** Navigate back to the previous step */
2887
- EmbeddedFlowEventType$1["Back"] = "BACK";
2888
- /** Cancel the current operation */
2889
- EmbeddedFlowEventType$1["Cancel"] = "CANCEL";
2890
- /** Navigate to a different flow step or page */
2891
- EmbeddedFlowEventType$1["Navigate"] = "NAVIGATE";
2892
- /** Reset form fields to initial state */
2893
- EmbeddedFlowEventType$1["Reset"] = "RESET";
2894
- /** Submit form data to the server */
2895
- EmbeddedFlowEventType$1["Submit"] = "SUBMIT";
2896
- /** Trigger an action or event */
2897
- EmbeddedFlowEventType$1["Trigger"] = "TRIGGER";
2898
- return EmbeddedFlowEventType$1;
2899
- }({});
2554
+ var ThunderIDRuntimeError = class extends ThunderIDError {
2555
+ /**
2556
+ * Creates an instance of ThunderIDRuntimeError.
2557
+ *
2558
+ * @param message - Human-readable description of the error
2559
+ * @param code - A unique error code that identifies the error type
2560
+ * @param details - Additional details about the error that might be helpful for debugging
2561
+ * @param origin - Optional. The SDK origin (e.g. 'react', 'vue'). Defaults to generic 'ThunderID'
2562
+ * @constructor
2563
+ */
2564
+ constructor(message, code, origin, details) {
2565
+ super(message, code, origin);
2566
+ this.details = details;
2567
+ Object.defineProperty(this, "name", {
2568
+ configurable: true,
2569
+ value: "ThunderIDRuntimeError",
2570
+ writable: true
2571
+ });
2572
+ }
2573
+ /**
2574
+ * Returns a string representation of the runtime error
2575
+ * @returns Formatted error string with name, code, details, and message
2576
+ */
2577
+ toString() {
2578
+ const details = this.details ? `\nDetails: ${JSON.stringify(this.details, null, 2)}` : "";
2579
+ return `[${this.name}] (code="${this.code}")${details}\nMessage: ${this.message}`;
2580
+ }
2581
+ };
2900
2582
 
2901
2583
  //#endregion
2902
- //#region src/models/v2/embedded-recovery-flow-v2.ts
2584
+ //#region src/models/embedded-recovery-flow.ts
2903
2585
  /**
2904
2586
  * Status enumeration for the embedded recovery flow operations.
2905
2587
  *
@@ -2940,7 +2622,7 @@ let EmbeddedRecoveryFlowType = /* @__PURE__ */ function(EmbeddedRecoveryFlowType
2940
2622
  }({});
2941
2623
 
2942
2624
  //#endregion
2943
- //#region src/models/v2/flow-meta-v2.ts
2625
+ //#region src/models/flow-meta.ts
2944
2626
  /**
2945
2627
  * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
2946
2628
  *
@@ -3266,13 +2948,6 @@ var DefaultCrypto = class {
3266
2948
  }
3267
2949
  };
3268
2950
 
3269
- //#endregion
3270
- //#region src/models/agent.ts
3271
- let AgentConfig;
3272
- (function(_AgentConfig) {
3273
- _AgentConfig.DEFAULT_AUTHENTICATOR_NAME = "Username & Password";
3274
- })(AgentConfig || (AgentConfig = {}));
3275
-
3276
2951
  //#endregion
3277
2952
  //#region src/models/store.ts
3278
2953
  /**
@@ -4244,10 +3919,10 @@ var ThunderIDJavaScriptClient = class {
4244
3919
  signInSilently(_options) {
4245
3920
  throw new Error("Method not implemented.");
4246
3921
  }
4247
- signUp(_optionsOrPayload) {
3922
+ signUp(_options) {
4248
3923
  throw new Error("Method not implemented.");
4249
3924
  }
4250
- recover(_payload) {
3925
+ recover() {
4251
3926
  throw new Error("Method not implemented.");
4252
3927
  }
4253
3928
  switchOrganization(_organization, _sessionId) {
@@ -4617,40 +4292,11 @@ var ThunderIDJavaScriptClient = class {
4617
4292
  const error$1 = Boolean(url.searchParams.get("error"));
4618
4293
  return stateParam ? stateParam === OIDCRequestConstants_default.Params.SIGN_OUT_SUCCESS && error$1 : false;
4619
4294
  }
4620
- async getAgentToken(agentConfig) {
4621
- const authorizeURL = new URL(await this.getSignInUrl({ response_mode: "direct" }));
4622
- const authorizeResponse = await initializeEmbeddedSignInFlow_default({
4623
- payload: Object.fromEntries(authorizeURL.searchParams.entries()),
4624
- url: `${authorizeURL.origin}${authorizeURL.pathname}`
4625
- });
4626
- const authenticatorName = agentConfig.authenticatorName ?? AgentConfig.DEFAULT_AUTHENTICATOR_NAME;
4627
- const targetAuthenticator = authorizeResponse.nextStep.authenticators.find((auth) => auth.authenticator === authenticatorName);
4628
- if (!targetAuthenticator) throw new Error(`Authenticator '${authenticatorName}' not found among authentication steps.`);
4629
- const authnResponse = await executeEmbeddedSignInFlow_default({
4630
- baseUrl: this.baseURL,
4631
- payload: {
4632
- flowId: authorizeResponse.flowId,
4633
- selectedAuthenticator: {
4634
- authenticatorId: targetAuthenticator.authenticatorId,
4635
- params: {
4636
- password: agentConfig.agentSecret,
4637
- username: agentConfig.agentID
4638
- }
4639
- }
4640
- }
4641
- });
4642
- if (authnResponse.flowStatus !== EmbeddedSignInFlowStatus.SuccessCompleted) throw new Error("Agent authentication failed.");
4643
- return this.requestAccessToken(authnResponse.authData["code"], authnResponse.authData["session_state"], authnResponse.authData["state"]);
4644
- }
4645
4295
  async getOBOSignInURL(agentConfig) {
4646
4296
  const authURL = await this.getSignInUrl({ requested_actor: agentConfig.agentID });
4647
4297
  if (authURL) return authURL.toString();
4648
4298
  throw new Error("Could not build Authorize URL");
4649
4299
  }
4650
- async getOBOToken(agentConfig, authCodeResponse) {
4651
- const agentToken = await this.getAgentToken(agentConfig);
4652
- return this.requestAccessToken(authCodeResponse.code, authCodeResponse.session_state, authCodeResponse.state, void 0, { params: { actor_token: agentToken.accessToken } });
4653
- }
4654
4300
  };
4655
4301
  var ThunderIDJavaScriptClient_default = ThunderIDJavaScriptClient;
4656
4302
 
@@ -5369,6 +5015,38 @@ const deriveOrganizationHandleFromBaseUrl = (baseUrl) => {
5369
5015
  };
5370
5016
  var deriveOrganizationHandleFromBaseUrl_default = deriveOrganizationHandleFromBaseUrl;
5371
5017
 
5018
+ //#endregion
5019
+ //#region src/utils/isRecognizedBaseUrlPattern.ts
5020
+ /**
5021
+ * Utility to determine if sensible ThunderID fallbacks can be used based on the given base URL.
5022
+ *
5023
+ * This checks if the URL follows the standard ThunderID pattern: /t/{orgHandle}
5024
+ * Returns true if sensible fallbacks (like deriving organization handle, tenant, etc.) can be used, false otherwise.
5025
+ *
5026
+ * @param baseUrl - The base URL of the ThunderID identity server (string or undefined)
5027
+ * @returns boolean - true if sensible fallbacks can be used, false otherwise
5028
+ *
5029
+ * @example
5030
+ * isRecognizedBaseUrlPattern('https://localhost:8090/t/dxlab'); // true
5031
+ * isRecognizedBaseUrlPattern('https://custom.example.com/auth'); // false
5032
+ */
5033
+ const isRecognizedBaseUrlPattern = (baseUrl) => {
5034
+ if (!baseUrl) throw new ThunderIDRuntimeError("Base URL is required to derive if the `baseUrl` is recognized.", "isRecognizedBaseUrlPattern-ValidationError-001", "javascript", "A valid base URL must be provided to derive if the `baseUrl` is recognized to use the sensible fallbacks.");
5035
+ let parsedUrl;
5036
+ try {
5037
+ parsedUrl = new URL(baseUrl);
5038
+ } catch (error$1) {
5039
+ throw new ThunderIDRuntimeError(`Invalid base URL format: ${baseUrl}`, "isRecognizedBaseUrlPattern-ValidationError-002", "javascript", "The provided base URL does not conform to valid URL syntax.");
5040
+ }
5041
+ const pathSegments = parsedUrl.pathname?.split("/")?.filter((segment) => segment?.length > 0);
5042
+ if (pathSegments.length < 2 || pathSegments[0] !== "t") {
5043
+ logger_default.warn("[isRecognizedBaseUrlPattern] The provided base URL does not follow the expected URL pattern (/t/{orgHandle}).");
5044
+ return false;
5045
+ }
5046
+ return true;
5047
+ };
5048
+ var isRecognizedBaseUrlPattern_default = isRecognizedBaseUrlPattern;
5049
+
5372
5050
  //#endregion
5373
5051
  //#region src/utils/flattenUserSchema.ts
5374
5052
  /**
@@ -5717,14 +5395,14 @@ var generateFlattenedUserProfile_default = generateFlattenedUserProfile;
5717
5395
  * If the baseUrl is recognized (standard ThunderID pattern), constructs the sign-up URL.
5718
5396
  * Otherwise, returns an empty string.
5719
5397
  *
5720
- * @param baseUrl - The base URL of the ThunderID identity server (string or undefined)
5398
+ * @param config - The ThunderID client configuration
5721
5399
  * @returns The sign-up URL if baseUrl is recognized, otherwise an empty string
5722
5400
  */
5723
5401
  const getRedirectBasedSignUpUrl = (config) => {
5724
5402
  const { baseUrl } = config;
5725
5403
  if (!isRecognizedBaseUrlPattern_default(baseUrl)) return "";
5726
5404
  let signUpBaseUrl = baseUrl;
5727
- if (identifyPlatform_default(config) === Platform.ThunderID) try {
5405
+ try {
5728
5406
  const url$1 = new URL(baseUrl);
5729
5407
  if (/([a-z0-9-]+\.)*api\.thunderid\.io$/i.test(url$1.hostname)) {
5730
5408
  url$1.hostname = url$1.hostname.replace("api.", "accounts.");
@@ -5742,7 +5420,7 @@ const getRedirectBasedSignUpUrl = (config) => {
5742
5420
  var getRedirectBasedSignUpUrl_default = getRedirectBasedSignUpUrl;
5743
5421
 
5744
5422
  //#endregion
5745
- //#region src/utils/v2/isEmojiUri.ts
5423
+ //#region src/utils/isEmojiUri.ts
5746
5424
  /**
5747
5425
  * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
5748
5426
  *
@@ -5778,7 +5456,7 @@ const isEmojiUri = (uri) => typeof uri === "string" && uri.startsWith(EMOJI_URI_
5778
5456
  var isEmojiUri_default = isEmojiUri;
5779
5457
 
5780
5458
  //#endregion
5781
- //#region src/utils/v2/extractEmojiFromUri.ts
5459
+ //#region src/utils/extractEmojiFromUri.ts
5782
5460
  /**
5783
5461
  * Extracts the emoji character from an `emoji:` URI.
5784
5462
  *
@@ -5831,18 +5509,6 @@ var extractEmojiFromUri_default = extractEmojiFromUri;
5831
5509
  const removeTrailingSlash = (path) => path.endsWith("/") ? path.slice(0, -1) : path;
5832
5510
  var removeTrailingSlash_default = removeTrailingSlash;
5833
5511
 
5834
- //#endregion
5835
- //#region src/utils/resolveFieldType.ts
5836
- const resolveFieldType = (field) => {
5837
- if (field.type === EmbeddedSignInFlowAuthenticatorParamType.String) {
5838
- if (field.param === EmbeddedSignInFlowAuthenticatorExtendedParamType.Otp) return FieldType.Otp;
5839
- if (field?.confidential) return FieldType.Password;
5840
- return FieldType.Text;
5841
- }
5842
- throw new ThunderIDRuntimeError(`Field type is not supported: ${field.type}`, "resolveFieldType-Invalid-001", "javascript", "The provided field type is not supported. Please check the field configuration.");
5843
- };
5844
- var resolveFieldType_default = resolveFieldType;
5845
-
5846
5512
  //#endregion
5847
5513
  //#region src/utils/resolveFieldName.ts
5848
5514
  const resolveFieldName = (field) => {
@@ -5852,7 +5518,7 @@ const resolveFieldName = (field) => {
5852
5518
  var resolveFieldName_default = resolveFieldName;
5853
5519
 
5854
5520
  //#endregion
5855
- //#region src/utils/v2/resolveMeta.ts
5521
+ //#region src/utils/resolveMeta.ts
5856
5522
  /**
5857
5523
  * Resolves a dot-path expression against a FlowMetadataResponse object.
5858
5524
  *
@@ -5879,7 +5545,7 @@ function resolveMeta(path, meta) {
5879
5545
  }
5880
5546
 
5881
5547
  //#endregion
5882
- //#region src/utils/v2/parseFlowTemplateLiteral.ts
5548
+ //#region src/utils/parseFlowTemplateLiteral.ts
5883
5549
  /**
5884
5550
  * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
5885
5551
  *
@@ -5975,7 +5641,7 @@ function parseFlowTemplateLiteral(content) {
5975
5641
  }
5976
5642
 
5977
5643
  //#endregion
5978
- //#region src/utils/v2/resolveFlowTemplateLiterals.ts
5644
+ //#region src/utils/resolveFlowTemplateLiterals.ts
5979
5645
  /**
5980
5646
  * Global version of {@link FLOW_TEMPLATE_LITERAL_REGEX} for use with `String.prototype.replace`.
5981
5647
  */
@@ -6012,7 +5678,7 @@ function resolveFlowTemplateLiterals(text, { t, meta }) {
6012
5678
  }
6013
5679
 
6014
5680
  //#endregion
6015
- //#region src/utils/v2/countryCodeToFlagEmoji.ts
5681
+ //#region src/utils/countryCodeToFlagEmoji.ts
6016
5682
  /**
6017
5683
  * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
6018
5684
  *
@@ -6042,7 +5708,7 @@ function countryCodeToFlagEmoji(countryCode) {
6042
5708
  }
6043
5709
 
6044
5710
  //#endregion
6045
- //#region src/utils/v2/resolveLocaleDisplayName.ts
5711
+ //#region src/utils/resolveLocaleDisplayName.ts
6046
5712
  /**
6047
5713
  * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
6048
5714
  *
@@ -6080,7 +5746,7 @@ function resolveLocaleDisplayName(locale, displayLocale) {
6080
5746
  }
6081
5747
 
6082
5748
  //#endregion
6083
- //#region src/utils/v2/resolveLocaleEmoji.ts
5749
+ //#region src/utils/resolveLocaleEmoji.ts
6084
5750
  /**
6085
5751
  * Maps BCP 47 language subtags to ISO 3166-1 alpha-2 country codes used for
6086
5752
  * flag emoji resolution when no country subtag is present in the locale.
@@ -6145,6 +5811,81 @@ function resolveLocaleEmoji(locale) {
6145
5811
  }
6146
5812
  var resolveLocaleEmoji_default = resolveLocaleEmoji;
6147
5813
 
5814
+ //#endregion
5815
+ //#region src/utils/evaluateValidationRule.ts
5816
+ /**
5817
+ * Default i18n fallback keys returned when a `ValidationRule.message` is not provided.
5818
+ * Match the server-side defaults so a flow author who omits `message` sees the same
5819
+ * string regardless of whether the rule was evaluated client-side or server-side.
5820
+ */
5821
+ const DEFAULT_VALIDATION_MESSAGE_KEYS = {
5822
+ regex: "validation.pattern.invalid",
5823
+ minLength: "validation.minLength.invalid",
5824
+ maxLength: "validation.maxLength.invalid"
5825
+ };
5826
+ /**
5827
+ * Evaluates a single validation rule against the given input value.
5828
+ *
5829
+ * Returns `null` when the rule passes, or the rule's `message` (or the default
5830
+ * fallback key if `message` is absent) when it fails.
5831
+ *
5832
+ * Behavior notes:
5833
+ * - **regex**: an invalid regex pattern (one that cannot be compiled) is treated as
5834
+ * **passing** on the client. This is lenient — the server is authoritative and
5835
+ * will still enforce the rule if it can compile the pattern. Failing closed in the
5836
+ * SDK risks denial-of-service for misconfigured flows.
5837
+ * - **minLength / maxLength**: compared against `value.length`. A non-numeric `value`
5838
+ * on the rule is treated as the rule passing.
5839
+ * - Unknown rule types are treated as passing (forward compatibility with future types).
5840
+ */
5841
+ const evaluateValidationRule = (rule, value) => {
5842
+ const fail = () => rule.message ?? DEFAULT_VALIDATION_MESSAGE_KEYS[rule.type];
5843
+ switch (rule.type) {
5844
+ case "regex": {
5845
+ if (typeof rule.value !== "string" || rule.value === "") return null;
5846
+ let re;
5847
+ try {
5848
+ re = new RegExp(rule.value);
5849
+ } catch {
5850
+ return null;
5851
+ }
5852
+ return re.test(value) ? null : fail();
5853
+ }
5854
+ case "minLength":
5855
+ if (typeof rule.value !== "number" || Number.isNaN(rule.value)) return null;
5856
+ return value.length >= rule.value ? null : fail();
5857
+ case "maxLength":
5858
+ if (typeof rule.value !== "number" || Number.isNaN(rule.value)) return null;
5859
+ return value.length <= rule.value ? null : fail();
5860
+ default: return null;
5861
+ }
5862
+ };
5863
+ var evaluateValidationRule_default = evaluateValidationRule;
5864
+
5865
+ //#endregion
5866
+ //#region src/utils/buildValidatorFromRules.ts
5867
+ /**
5868
+ * Composes an array of `ValidationRule`s into a single validator function suitable for
5869
+ * `useForm`'s `FormField.validator` slot.
5870
+ *
5871
+ * The composed validator evaluates rules in declaration order and returns the **first**
5872
+ * failing rule's message — matching the SDK's render-prop shape of a single string per
5873
+ * field. When all rules pass it returns `null`.
5874
+ *
5875
+ * Returns `null` when no rules are supplied so callers can compose conditionally.
5876
+ */
5877
+ const buildValidatorFromRules = (rules) => {
5878
+ if (!rules || rules.length === 0) return null;
5879
+ return (value) => {
5880
+ for (const rule of rules) {
5881
+ const message = evaluateValidationRule_default(rule, value);
5882
+ if (message !== null) return message;
5883
+ }
5884
+ return null;
5885
+ };
5886
+ };
5887
+ var buildValidatorFromRules_default = buildValidatorFromRules;
5888
+
6148
5889
  //#endregion
6149
5890
  //#region src/utils/withVendorCSSClassPrefix.ts
6150
5891
  /**
@@ -6446,6 +6187,9 @@ const en_US = {
6446
6187
  "elements.fields.organization.select.label": "Select Organization",
6447
6188
  "elements.fields.organization.select.placeholder": "Choose an organization",
6448
6189
  "validations.required.field.error": "This field is required",
6190
+ "validation.pattern.invalid": "This value does not match the required format.",
6191
+ "validation.minLength.invalid": "This value is too short.",
6192
+ "validation.maxLength.invalid": "This value is too long.",
6449
6193
  "signin.heading": "Sign In",
6450
6194
  "signin.subheading": "Welcome back! Please sign in to continue.",
6451
6195
  "signup.heading": "Sign Up",
@@ -6556,6 +6300,9 @@ const fr_FR = {
6556
6300
  "elements.fields.organization.select.label": "Sélectionner l'organisation",
6557
6301
  "elements.fields.organization.select.placeholder": "Choisissez une organisation",
6558
6302
  "validations.required.field.error": "Ce champ est obligatoire",
6303
+ "validation.pattern.invalid": "Cette valeur ne correspond pas au format requis.",
6304
+ "validation.minLength.invalid": "Cette valeur est trop courte.",
6305
+ "validation.maxLength.invalid": "Cette valeur est trop longue.",
6559
6306
  "signin.heading": "Se connecter",
6560
6307
  "signin.subheading": "Entrez vos identifiants pour continuer.",
6561
6308
  "signup.heading": "S'inscrire",
@@ -6666,6 +6413,9 @@ const te_IN = {
6666
6413
  "elements.fields.organization.select.label": "ఆర్గనైజేషన్‌ను ఎంచుకోండి",
6667
6414
  "elements.fields.organization.select.placeholder": "సంస్థను ఎంచుకోండి",
6668
6415
  "validations.required.field.error": "ఈ ఫీల్డ్ అవసరం",
6416
+ "validation.pattern.invalid": "ఈ విలువ అవసరమైన ఆకృతికి సరిపోలడం లేదు.",
6417
+ "validation.minLength.invalid": "ఈ విలువ చాలా చిన్నది.",
6418
+ "validation.maxLength.invalid": "ఈ విలువ చాలా పెద్దది.",
6669
6419
  "signin.heading": "సైన్ ఇన్ చేయండి",
6670
6420
  "signin.subheading": "కొనసాగించడానికి మీ వివరాలు ఇవ్వండి.",
6671
6421
  "signup.heading": "సైన్ అప్ చేయండి",
@@ -6776,6 +6526,9 @@ const hi_IN = {
6776
6526
  "elements.fields.organization.select.label": "संगठन चुनें",
6777
6527
  "elements.fields.organization.select.placeholder": "एक संगठन चुनें",
6778
6528
  "validations.required.field.error": "यह फील्ड आवश्यक है",
6529
+ "validation.pattern.invalid": "यह मान आवश्यक प्रारूप से मेल नहीं खाता।",
6530
+ "validation.minLength.invalid": "यह मान बहुत छोटा है।",
6531
+ "validation.maxLength.invalid": "यह मान बहुत लंबा है।",
6779
6532
  "signin.heading": "साइन इन",
6780
6533
  "signin.subheading": "जारी रखने के लिए अपनी प्रमाणिक जानकारी दर्ज करें।",
6781
6534
  "signup.heading": "साइन अप",
@@ -6886,6 +6639,9 @@ const pt_BR = {
6886
6639
  "elements.fields.organization.select.label": "Selecionar Organização",
6887
6640
  "elements.fields.organization.select.placeholder": "Selecione uma organização",
6888
6641
  "validations.required.field.error": "Este campo é obrigatório",
6642
+ "validation.pattern.invalid": "Este valor não corresponde ao formato necessário.",
6643
+ "validation.minLength.invalid": "Este valor é muito curto.",
6644
+ "validation.maxLength.invalid": "Este valor é muito longo.",
6889
6645
  "signin.heading": "Entrar",
6890
6646
  "signin.subheading": "Digite suas credencias para continuar.",
6891
6647
  "signup.heading": "Cadastra-se",
@@ -6996,6 +6752,9 @@ const pt_PT = {
6996
6752
  "elements.fields.organization.select.label": "Selecionar Organização",
6997
6753
  "elements.fields.organization.select.placeholder": "Selecione uma organização",
6998
6754
  "validations.required.field.error": "Este campo é obrigatório",
6755
+ "validation.pattern.invalid": "Este valor não corresponde ao formato necessário.",
6756
+ "validation.minLength.invalid": "Este valor é demasiado curto.",
6757
+ "validation.maxLength.invalid": "Este valor é demasiado longo.",
6999
6758
  "signin.heading": "Iniciar Sessão",
7000
6759
  "signin.subheading": "Introduza as suas credenciais para continuar.",
7001
6760
  "signup.heading": "Registar-se",
@@ -7106,6 +6865,9 @@ const ta_IN = {
7106
6865
  "elements.fields.organization.select.label": "அமைப்பை தேர்ந்தெடு",
7107
6866
  "elements.fields.organization.select.placeholder": "அமைப்பை தெரிந்தெடுக்கவும்",
7108
6867
  "validations.required.field.error": "இந்த புலம் தேவை",
6868
+ "validation.pattern.invalid": "இந்த மதிப்பு தேவையான வடிவத்துடன் பொருந்தவில்லை.",
6869
+ "validation.minLength.invalid": "இந்த மதிப்பு மிகவும் குறுகியது.",
6870
+ "validation.maxLength.invalid": "இந்த மதிப்பு மிகவும் நீளமானது.",
7109
6871
  "signin.heading": "உள்நுழை",
7110
6872
  "signin.subheading": "தொடர உங்கள் சான்றுகளை உள்ளிடவும்.",
7111
6873
  "signup.heading": "பதிவு செய்",
@@ -7216,6 +6978,9 @@ const si_LK = {
7216
6978
  "elements.fields.organization.select.label": "සංවිධානය තෝරන්න",
7217
6979
  "elements.fields.organization.select.placeholder": "සංවිධානයක් සැළුම් කරන්න",
7218
6980
  "validations.required.field.error": "මෙම ක්ෂේත්‍රය අවශ්‍යයි",
6981
+ "validation.pattern.invalid": "මෙම අගය අවශ්‍ය ආකෘතියට නොගැලපේ.",
6982
+ "validation.minLength.invalid": "මෙම අගය ඉතා කෙටියි.",
6983
+ "validation.maxLength.invalid": "මෙම අගය ඉතා දිගයි.",
7219
6984
  "signin.heading": "ලොග් වෙන්න",
7220
6985
  "signin.subheading": "ඉදිරියට යාමට ඔබේ සත්‍යාපන තොරතුරු ඇතුළත් කරන්න.",
7221
6986
  "signup.heading": "ලියාපදිංචි වන්න",
@@ -7374,34 +7139,26 @@ var normalizeTranslations_default = normalizeTranslations;
7374
7139
  exports.ApplicationNativeAuthenticationConstants = ApplicationNativeAuthenticationConstants_default;
7375
7140
  exports.AuthenticationHelper = AuthenticationHelper_default;
7376
7141
  exports.DEFAULT_THEME = DEFAULT_THEME;
7142
+ exports.DEFAULT_VALIDATION_MESSAGE_KEYS = DEFAULT_VALIDATION_MESSAGE_KEYS;
7377
7143
  exports.EMOJI_URI_SCHEME = EMOJI_URI_SCHEME;
7378
- exports.EmbeddedFlowActionVariantV2 = EmbeddedFlowActionVariant;
7144
+ exports.EmbeddedFlowActionVariant = EmbeddedFlowActionVariant;
7379
7145
  exports.EmbeddedFlowComponentType = EmbeddedFlowComponentType;
7380
- exports.EmbeddedFlowComponentTypeV2 = EmbeddedFlowComponentType$1;
7381
- exports.EmbeddedFlowEventTypeV2 = EmbeddedFlowEventType;
7146
+ exports.EmbeddedFlowEventType = EmbeddedFlowEventType;
7382
7147
  exports.EmbeddedFlowResponseType = EmbeddedFlowResponseType;
7383
- exports.EmbeddedFlowStatus = EmbeddedFlowStatus;
7384
- exports.EmbeddedFlowTextVariantV2 = EmbeddedFlowTextVariant;
7148
+ exports.EmbeddedFlowTextVariant = EmbeddedFlowTextVariant;
7385
7149
  exports.EmbeddedFlowType = EmbeddedFlowType;
7386
- exports.EmbeddedRecoveryFlowStatusV2 = EmbeddedRecoveryFlowStatus;
7387
- exports.EmbeddedRecoveryFlowTypeV2 = EmbeddedRecoveryFlowType;
7388
- exports.EmbeddedSignInFlowAuthenticatorKnownIdPType = EmbeddedSignInFlowAuthenticatorKnownIdPType;
7389
- exports.EmbeddedSignInFlowAuthenticatorParamType = EmbeddedSignInFlowAuthenticatorParamType;
7390
- exports.EmbeddedSignInFlowAuthenticatorPromptType = EmbeddedSignInFlowAuthenticatorPromptType;
7150
+ exports.EmbeddedRecoveryFlowStatus = EmbeddedRecoveryFlowStatus;
7151
+ exports.EmbeddedRecoveryFlowType = EmbeddedRecoveryFlowType;
7391
7152
  exports.EmbeddedSignInFlowStatus = EmbeddedSignInFlowStatus;
7392
- exports.EmbeddedSignInFlowStatusV2 = EmbeddedSignInFlowStatus$1;
7393
- exports.EmbeddedSignInFlowStepType = EmbeddedSignInFlowStepType;
7394
7153
  exports.EmbeddedSignInFlowType = EmbeddedSignInFlowType;
7395
- exports.EmbeddedSignInFlowTypeV2 = EmbeddedSignInFlowType$1;
7396
- exports.EmbeddedSignUpFlowStatusV2 = EmbeddedSignUpFlowStatus;
7397
- exports.EmbeddedSignUpFlowTypeV2 = EmbeddedSignUpFlowType;
7154
+ exports.EmbeddedSignUpFlowStatus = EmbeddedSignUpFlowStatus;
7155
+ exports.EmbeddedSignUpFlowType = EmbeddedSignUpFlowType;
7398
7156
  exports.FieldType = FieldType;
7399
7157
  exports.FlowMetaType = FlowMetaType;
7400
7158
  exports.FlowMode = FlowMode;
7401
7159
  exports.HttpClient = HttpClient;
7402
7160
  exports.IsomorphicCrypto = IsomorphicCrypto;
7403
7161
  exports.OIDCRequestConstants = OIDCRequestConstants_default;
7404
- exports.Platform = Platform;
7405
7162
  exports.StorageManager = StorageManager_default;
7406
7163
  exports.ThunderIDAPIError = ThunderIDAPIError;
7407
7164
  exports.ThunderIDAuthException = ThunderIDAuthException;
@@ -7415,6 +7172,7 @@ exports.WellKnownSchemaIds = WellKnownSchemaIds;
7415
7172
  exports.arrayBufferToBase64url = arrayBufferToBase64url_default;
7416
7173
  exports.base64urlToArrayBuffer = base64urlToArrayBuffer_default;
7417
7174
  exports.bem = bem_default;
7175
+ exports.buildValidatorFromRules = buildValidatorFromRules_default;
7418
7176
  exports.configureLogger = configure;
7419
7177
  exports.countryCodeToFlagEmoji = countryCodeToFlagEmoji;
7420
7178
  exports.createComponentLogger = createComponentLogger;
@@ -7428,12 +7186,11 @@ exports.debug = debug;
7428
7186
  exports.deepMerge = deepMerge_default;
7429
7187
  exports.deriveOrganizationHandleFromBaseUrl = deriveOrganizationHandleFromBaseUrl_default;
7430
7188
  exports.error = error;
7431
- exports.executeEmbeddedRecoveryFlowV2 = executeEmbeddedRecoveryFlowV2_default;
7189
+ exports.evaluateValidationRule = evaluateValidationRule_default;
7190
+ exports.executeEmbeddedRecoveryFlow = executeEmbeddedRecoveryFlow_default;
7432
7191
  exports.executeEmbeddedSignInFlow = executeEmbeddedSignInFlow_default;
7433
- exports.executeEmbeddedSignInFlowV2 = executeEmbeddedSignInFlowV2_default;
7434
7192
  exports.executeEmbeddedSignUpFlow = executeEmbeddedSignUpFlow_default;
7435
- exports.executeEmbeddedSignUpFlowV2 = executeEmbeddedSignUpFlowV2_default;
7436
- exports.executeEmbeddedUserOnboardingFlowV2 = executeEmbeddedUserOnboardingFlowV2_default;
7193
+ exports.executeEmbeddedUserOnboardingFlow = executeEmbeddedUserOnboardingFlow_default;
7437
7194
  exports.extractEmojiFromUri = extractEmojiFromUri_default;
7438
7195
  exports.extractPkceStorageKeyFromState = extractPkceStorageKeyFromState_default;
7439
7196
  exports.extractUserClaimsFromIdToken = extractUserClaimsFromIdToken_default;
@@ -7445,7 +7202,7 @@ exports.get = get_default;
7445
7202
  exports.getAllOrganizations = getAllOrganizations_default;
7446
7203
  exports.getBrandingPreference = getBrandingPreference_default;
7447
7204
  exports.getDefaultI18nBundles = getDefaultI18nBundles_default;
7448
- exports.getFlowMetaV2 = getFlowMetaV2_default;
7205
+ exports.getFlowMeta = getFlowMeta_default;
7449
7206
  exports.getLatestStateParam = getLatestStateParam_default;
7450
7207
  exports.getMeOrganizations = getMeOrganizations_default;
7451
7208
  exports.getOrganization = getOrganization_default;
@@ -7454,9 +7211,7 @@ exports.getRedirectBasedSignUpUrl = getRedirectBasedSignUpUrl_default;
7454
7211
  exports.getSchemas = getSchemas_default;
7455
7212
  exports.getScim2Me = getScim2Me_default;
7456
7213
  exports.getUserInfo = getUserInfo_default;
7457
- exports.identifyPlatform = identifyPlatform_default;
7458
7214
  exports.info = info;
7459
- exports.initializeEmbeddedSignInFlow = initializeEmbeddedSignInFlow_default;
7460
7215
  exports.isEmojiUri = isEmojiUri_default;
7461
7216
  exports.isEmpty = isEmpty_default;
7462
7217
  exports.isRecognizedBaseUrlPattern = isRecognizedBaseUrlPattern_default;
@@ -7466,7 +7221,6 @@ exports.processOpenIDScopes = processOpenIDScopes_default;
7466
7221
  exports.processUsername = processUsername_default;
7467
7222
  exports.removeTrailingSlash = removeTrailingSlash_default;
7468
7223
  exports.resolveFieldName = resolveFieldName_default;
7469
- exports.resolveFieldType = resolveFieldType_default;
7470
7224
  exports.resolveFlowTemplateLiterals = resolveFlowTemplateLiterals;
7471
7225
  exports.resolveLocaleDisplayName = resolveLocaleDisplayName;
7472
7226
  exports.resolveLocaleEmoji = resolveLocaleEmoji_default;