samlify 2.11.0 → 2.13.0

package/types/src/binding-post.d.ts

@@ -1,42 +1,75 @@
 /**
-* @file binding-post.ts
-* @author tngan
-* @desc Binding-level API, declare the functions using POST binding
-*/
-import { BindingContext } from './entity';
+ * @file binding-post.ts
+ * @author tngan
+ * @desc Binding-level API for SAML HTTP-POST. Builds base64 login/logout
+ * request and response payloads that callers embed in an auto-submitting
+ * HTML form.
+ */
+import type { BindingContext, RequestInfo, SAMLUser } from './types';
+import type { IdentityProvider as Idp } from './entity-idp';
+import type { ServiceProvider as Sp } from './entity-sp';
+import type Entity from './entity';
+/** Shape passed to builder functions that need both IdP and SP handles. */
+interface PostIdpSpPair {
+    idp: Idp;
+    sp: Sp;
+}
+/** Shape passed to builder functions for logout (initiator + target). */
+interface PostInitTargetPair {
+    init: Entity;
+    target: Entity;
+}
 /**
-* @desc Generate a base64 encoded login request
-* @param  {string} referenceTagXPath           reference uri
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-declare function base64LoginRequest(referenceTagXPath: string, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+ * Generate a base64-encoded AuthnRequest for the HTTP-POST binding.
+ *
+ * @param referenceTagXPath XPath used when signing the request
+ * @param entity `{ idp, sp }` handles
+ * @param customTagReplacement optional custom template transformer
+ * @param forceAuthn per-request `ForceAuthn` flag (saml-core §3.4.1)
+ * @param assertionConsumerServiceIndex per-request ACS index (saml-core §3.4.1).
+ *   Mutually exclusive with `AssertionConsumerServiceURL` / `ProtocolBinding`;
+ *   when supplied, both of those attributes are dropped from the rendered XML.
+ * @returns id / base64-XML pair
+ */
+declare function base64LoginRequest(referenceTagXPath: string, entity: PostIdpSpPair, customTagReplacement?: (template: string) => BindingContext, forceAuthn?: boolean, assertionConsumerServiceIndex?: number): BindingContext;
 /**
-* @desc Generate a base64 encoded login response
-* @param  {object} requestInfo                 corresponding request, used to obtain the id
-* @param  {object} entity                      object includes both idp and sp
-* @param  {object} user                        current logged user (e.g. req.user)
-* @param  {function} customTagReplacement     used when developers have their own login response template
-* @param  {boolean}  encryptThenSign           whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
-*/
-declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean): Promise<BindingContext>;
+ * Generate a base64-encoded login response for the HTTP-POST binding.
+ * Supports the sign-then-encrypt and encrypt-then-sign pipelines based on
+ * `encryptThenSign`.
+ *
+ * @param requestInfo parsed login request used to link `InResponseTo`
+ * @param entity `{ idp, sp }` handles
+ * @param user authenticated user
+ * @param customTagReplacement optional custom template transformer
+ * @param encryptThenSign when true, encrypt the assertion first then sign
+ * @returns id / base64-XML pair
+ */
+declare function base64LoginResponse(requestInfo: (RequestInfo | {
+    extract?: {
+        request?: {
+            id?: string;
+        };
+    };
+}) | undefined, entity: PostIdpSpPair, user?: SAMLUser, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean): Promise<BindingContext>;
 /**
-* @desc Generate a base64 encoded logout request
-* @param  {object} user                         current logged user (e.g. req.user)
-* @param  {string} referenceTagXPath            reference uri
-* @param  {object} entity                       object includes both idp and sp
-* @param  {function} customTagReplacement      used when developers have their own login response template
-* @return {string} base64 encoded request
-*/
-declare function base64LogoutRequest(user: any, referenceTagXPath: any, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+ * Generate a base64-encoded LogoutRequest for the HTTP-POST binding.
+ *
+ * @param user currently authenticated user
+ * @param referenceTagXPath XPath used when signing the request
+ * @param entity `{ init, target }` handles
+ * @param customTagReplacement optional custom template transformer
+ * @returns id / base64-XML pair
+ */
+declare function base64LogoutRequest(user: SAMLUser, referenceTagXPath: string, entity: PostInitTargetPair, customTagReplacement?: (template: string) => BindingContext): BindingContext;
 /**
-* @desc Generate a base64 encoded logout response
-* @param  {object} requestInfo                 corresponding request, used to obtain the id
-* @param  {string} referenceTagXPath           reference uri
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-declare function base64LogoutResponse(requestInfo: any, entity: any, customTagReplacement: (template: string) => BindingContext): BindingContext;
+ * Generate a base64-encoded LogoutResponse for the HTTP-POST binding.
+ *
+ * @param requestInfo parsed request used to link `InResponseTo`
+ * @param entity `{ init, target }` handles
+ * @param customTagReplacement optional custom template transformer
+ * @returns id / base64-XML pair
+ */
+declare function base64LogoutResponse(requestInfo: RequestInfo, entity: PostInitTargetPair, customTagReplacement?: (template: string) => BindingContext): BindingContext;
 declare const postBinding: {
     base64LoginRequest: typeof base64LoginRequest;
     base64LoginResponse: typeof base64LoginResponse;

package/types/src/binding-redirect.d.ts

@@ -1,48 +1,75 @@
-import { BindingContext } from './entity';
-import { IdentityProvider as Idp } from './entity-idp';
-import { ServiceProvider as Sp } from './entity-sp';
+import type { BindingContext, RequestInfo, SAMLUser } from './types';
+import type { IdentityProvider as Idp } from './entity-idp';
+import type { ServiceProvider as Sp } from './entity-sp';
+import type Entity from './entity';
+/** Options consumed by {@link buildRedirectURL}. */
 export interface BuildRedirectConfig {
     baseUrl: string;
     type: string;
     isSigned: boolean;
     context: string;
-    entitySetting: any;
+    entitySetting: {
+        requestSignatureAlgorithm?: string;
+        privateKey?: string | Buffer;
+        privateKeyPass?: string;
+    };
     relayState?: string;
 }
+/** Initiator/target entity pair used for logout redirects. */
+interface RedirectInitTargetPair {
+    init: Entity;
+    target: Entity;
+}
 /**
-* @desc Redirect URL for login request
-* @param  {object} entity                       object includes both idp and sp
-* @param  {function} customTagReplacement      used when developers have their own login response template
-* @return {string} redirect URL
-*/
+ * Build a redirect URL carrying a SAML AuthnRequest.
+ *
+ * @param entity `{ idp, sp }` handles
+ * @param customTagReplacement optional custom template transformer
+ * @param relayState per-request RelayState; falls back to `entitySetting.relayState`
+ * @param forceAuthn per-request `ForceAuthn` flag (saml-core §3.4.1)
+ * @param assertionConsumerServiceIndex per-request ACS index (saml-core §3.4.1).
+ *   Mutually exclusive with `AssertionConsumerServiceURL` / `ProtocolBinding`;
+ *   when supplied, both of those attributes are dropped from the rendered XML.
+ * @returns id + redirect URL wrapped in a {@link BindingContext}
+ */
 declare function loginRequestRedirectURL(entity: {
     idp: Idp;
     sp: Sp;
-}, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+}, customTagReplacement?: (template: string) => BindingContext, relayState?: string, forceAuthn?: boolean, assertionConsumerServiceIndex?: number): BindingContext;
 /**
-* @desc Redirect URL for login response
-* @param  {object} requestInfo             corresponding request, used to obtain the id
-* @param  {object} entity                      object includes both idp and sp
-* @param  {object} user                         current logged user (e.g. req.user)
-* @param  {String} relayState                the relaystate sent by sp corresponding request
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-declare function loginResponseRedirectURL(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+ * Build a redirect URL carrying a SAML login Response.
+ *
+ * @param requestInfo parsed request used to link `InResponseTo`
+ * @param entity `{ idp, sp }` handles
+ * @param user authenticated user
+ * @param relayState caller-supplied redirect URL
+ * @param customTagReplacement optional custom template transformer
+ * @returns id + redirect URL wrapped in a {@link BindingContext}
+ */
+declare function loginResponseRedirectURL(requestInfo: RequestInfo, entity: {
+    idp: Idp;
+    sp: Sp;
+}, user?: SAMLUser, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext;
 /**
-* @desc Redirect URL for logout request
-* @param  {object} user                        current logged user (e.g. req.user)
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-* @return {string} redirect URL
-*/
-declare function logoutRequestRedirectURL(user: any, entity: any, relayState?: string, customTagReplacement?: (template: string, tags: object) => BindingContext): BindingContext;
+ * Build a redirect URL carrying a SAML LogoutRequest.
+ *
+ * @param user currently authenticated user
+ * @param entity `{ init, target }` handles
+ * @param relayState caller-supplied redirect URL
+ * @param customTagReplacement optional custom template transformer
+ * @returns id + redirect URL wrapped in a {@link BindingContext}
+ */
+declare function logoutRequestRedirectURL(user: SAMLUser, entity: RedirectInitTargetPair, relayState?: string, customTagReplacement?: (template: string, tags: object) => BindingContext): BindingContext;
 /**
-* @desc Redirect URL for logout response
-* @param  {object} requescorresponding request, used to obtain the id
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-declare function logoutResponseRedirectURL(requestInfo: any, entity: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+ * Build a redirect URL carrying a SAML LogoutResponse.
+ *
+ * @param requestInfo parsed request used to link `InResponseTo`
+ * @param entity `{ init, target }` handles
+ * @param relayState caller-supplied redirect URL
+ * @param customTagReplacement optional custom template transformer
+ * @returns id + redirect URL wrapped in a {@link BindingContext}
+ */
+declare function logoutResponseRedirectURL(requestInfo: RequestInfo, entity: RedirectInitTargetPair, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext;
 declare const redirectBinding: {
     loginRequestRedirectURL: typeof loginRequestRedirectURL;
     loginResponseRedirectURL: typeof loginResponseRedirectURL;

package/types/src/binding-simplesign.d.ts

@@ -1,39 +1,95 @@
 /**
-* @file binding-simplesign.ts
-* @author Orange
-* @desc Binding-level API, declare the functions using POST SimpleSign binding
-*/
-import { BindingContext, SimpleSignComputedContext } from './entity';
+ * @file binding-simplesign.ts
+ * @author Orange
+ * @desc Binding-level API for SAML HTTP-POST-SimpleSign. Produces base64
+ * payloads alongside a detached signature over the canonical octet string.
+ */
+import type { BindingContext, SimpleSignComputedContext, RequestInfo, SAMLUser } from './types';
+import type { IdentityProvider as Idp } from './entity-idp';
+import type { ServiceProvider as Sp } from './entity-sp';
+import type Entity from './entity';
+/** Options consumed by {@link buildSimpleSignature}. */
 export interface BuildSimpleSignConfig {
     type: string;
     context: string;
-    entitySetting: any;
+    entitySetting: {
+        requestSignatureAlgorithm?: string;
+        privateKey?: string | Buffer;
+        privateKeyPass?: string;
+    };
     relayState?: string;
 }
+/** Return value for login-response building with simple signatures. */
 export interface BindingSimpleSignContext {
     id: string;
     context: string;
-    signature: any;
+    signature: string | Buffer;
     sigAlg: string;
 }
+/** `{ idp, sp }` handle used by simple-sign builders. */
+interface SimpleSignIdpSpPair {
+    idp: Idp;
+    sp: Sp;
+}
+/** `{ init, target }` handle used by simple-sign logout builders. */
+interface SimpleSignInitTargetPair {
+    init: Entity;
+    target: Entity;
+}
+/**
+ * Generate a base64-encoded AuthnRequest together with a detached simple
+ * signature when the IdP advertises `WantAuthnRequestsSigned`.
+ *
+ * @param entity `{ idp, sp }` handles
+ * @param customTagReplacement optional custom template transformer
+ * @param relayState per-request RelayState; falls back to `entitySetting.relayState`
+ * @param forceAuthn per-request `ForceAuthn` flag (saml-core §3.4.1)
+ * @param assertionConsumerServiceIndex per-request ACS index (saml-core §3.4.1).
+ *   Mutually exclusive with `AssertionConsumerServiceURL` / `ProtocolBinding`;
+ *   when supplied, both of those attributes are dropped from the rendered XML.
+ */
+declare function base64LoginRequest(entity: SimpleSignIdpSpPair, customTagReplacement?: (template: string) => BindingContext, relayState?: string, forceAuthn?: boolean, assertionConsumerServiceIndex?: number): SimpleSignComputedContext;
+/**
+ * Generate a base64-encoded login response together with a detached simple
+ * signature. Login responses are always signed under this binding.
+ *
+ * @param requestInfo parsed request used to link `InResponseTo`
+ * @param entity `{ idp, sp }` handles
+ * @param user authenticated user
+ * @param relayState caller-supplied redirect URL
+ * @param customTagReplacement optional custom template transformer
+ */
+declare function base64LoginResponse(requestInfo: (RequestInfo | {
+    extract?: {
+        request?: {
+            id?: string;
+        };
+    };
+}) | undefined, entity: SimpleSignIdpSpPair, user?: SAMLUser, relayState?: string, customTagReplacement?: (template: string) => BindingContext): Promise<BindingSimpleSignContext>;
 /**
-* @desc Generate a base64 encoded login request
-* @param  {string} referenceTagXPath           reference uri
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-declare function base64LoginRequest(entity: any, customTagReplacement?: (template: string) => BindingContext): SimpleSignComputedContext;
+ * Generate a base64-encoded LogoutRequest together with a detached simple
+ * signature when the receiving entity requires signed logout requests.
+ *
+ * @param user currently authenticated user
+ * @param entity `{ init, target }` handles
+ * @param relayState caller-supplied redirect URL
+ * @param customTagReplacement optional custom template transformer
+ */
+declare function base64LogoutRequest(user: SAMLUser, entity: SimpleSignInitTargetPair, relayState?: string, customTagReplacement?: (template: string) => BindingContext): SimpleSignComputedContext;
 /**
-* @desc Generate a base64 encoded login response
-* @param  {object} requestInfo                 corresponding request, used to obtain the id
-* @param  {object} entity                      object includes both idp and sp
-* @param  {object} user                        current logged user (e.g. req.user)
-* @param  {string}  relayState               the relay state
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): Promise<BindingSimpleSignContext>;
+ * Generate a base64-encoded LogoutResponse together with a detached simple
+ * signature when the receiving entity requires signed logout responses.
+ *
+ * @param requestInfo parsed request used to link `InResponseTo`
+ * @param entity `{ init, target }` handles
+ * @param relayState caller-supplied redirect URL
+ * @param customTagReplacement optional custom template transformer
+ */
+declare function base64LogoutResponse(requestInfo: RequestInfo, entity: SimpleSignInitTargetPair, relayState?: string, customTagReplacement?: (template: string) => BindingContext): SimpleSignComputedContext;
 declare const simpleSignBinding: {
     base64LoginRequest: typeof base64LoginRequest;
     base64LoginResponse: typeof base64LoginResponse;
+    base64LogoutRequest: typeof base64LogoutRequest;
+    base64LogoutResponse: typeof base64LogoutResponse;
 };
 export default simpleSignBinding;

package/types/src/entity-idp.d.ts

@@ -1,42 +1,51 @@
 /**
-* @file entity-idp.ts
-* @author tngan
-* @desc  Declares the actions taken by identity provider
-*/
-import Entity, { ESamlHttpRequest } from './entity';
-import { ServiceProviderConstructor as ServiceProvider, IdentityProviderMetadata, IdentityProviderSettings } from './types';
-import { FlowResult } from './flow';
-import { BindingContext } from './entity';
-/**
- * Identity provider can be configured using either metadata importing or idpSetting
+ * @file entity-idp.ts
+ * @author tngan
+ * @desc Identity provider: builds login responses and parses inbound
+ * login requests coming from a service provider.
  */
-export default function (props: IdentityProviderSettings): IdentityProvider;
+import Entity from './entity';
+import type { BindingContext, ESamlHttpRequest, PostBindingContext, SimpleSignBindingContext, RequestInfo, SAMLUser, IdentityProviderSettings, IdentityProviderMetadata, ServiceProviderConstructor as ServiceProvider, CreateLoginResponseOptions, CustomTagReplacement } from './types';
 /**
- * Identity provider can be configured using either metadata importing or idpSetting
+ * Factory returning a new {@link IdentityProvider}. An IdP can be built
+ * from an XML metadata document or from a programmatic settings object.
+ *
+ * @param props IdP settings
  */
+export default function (props: IdentityProviderSettings): IdentityProvider;
+/** Identity-provider entity. */
 export declare class IdentityProvider extends Entity {
     entityMeta: IdentityProviderMetadata;
+    /**
+     * Build an IdP, expanding `loginResponseTemplate.attributes` into a
+     * pre-baked AttributeStatement template when supplied.
+     */
     constructor(idpSetting: IdentityProviderSettings);
     /**
-    * @desc  Generates the login response for developers to design their own method
-    * @param  sp                        object of service provider
-    * @param  requestInfo               corresponding request, used to obtain the id
-    * @param  binding                   protocol binding
-    * @param  user                      current logged user (e.g. req.user)
-    * @param  customTagReplacement      used when developers have their own login response template
-    * @param  encryptThenSign           whether or not to encrypt then sign first (if signing)
-    * @param  relayState             the relayState from corresponding request
-    */
-    createLoginResponse(sp: ServiceProvider, requestInfo: {
-        [key: string]: any;
-    }, binding: string, user: {
-        [key: string]: any;
-    }, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean, relayState?: string): Promise<any>;
+     * Build a login response for delivery to the supplied service provider.
+     *
+     * The fifth parameter accepts either a callback (legacy positional shape)
+     * or an options bag `{ relayState?, customTagReplacement?, encryptThenSign? }`.
+     * When the legacy shape is used, the trailing `legacyEncryptThenSign` and
+     * `legacyRelayState` positional arguments are honoured. Per
+     * `saml-bindings §3.4.3 / §3.5.3`, RelayState is request-scoped — pass it
+     * via the options bag instead of `entitySetting.relayState`.
+     *
+     * @param sp target service provider
+     * @param requestInfo parsed request used to set `InResponseTo`
+     * @param binding `post`, `simpleSign`, or `redirect`
+     * @param user authenticated user
+     * @param optionsOrCallback per-request options or legacy custom-template callback
+     * @param legacyEncryptThenSign legacy positional `encryptThenSign`; ignored when options bag is used
+     * @param legacyRelayState legacy positional `relayState`; ignored when options bag is used
+     */
+    createLoginResponse(sp: ServiceProvider, requestInfo: RequestInfo, binding: string, user: SAMLUser, optionsOrCallback?: CreateLoginResponseOptions | CustomTagReplacement, legacyEncryptThenSign?: boolean, legacyRelayState?: string): Promise<BindingContext | PostBindingContext | SimpleSignBindingContext>;
     /**
-     * Validation of the parsed URL parameters
-     * @param sp ServiceProvider instance
-     * @param binding Protocol binding
-     * @param req RequesmessageSigningOrderst
+     * Parse, validate and verify an inbound login request.
+     *
+     * @param sp service provider that produced the request
+     * @param binding `redirect`, `post`, or `simpleSign`
+     * @param req HTTP request envelope
      */
-    parseLoginRequest(sp: ServiceProvider, binding: string, req: ESamlHttpRequest): Promise<FlowResult>;
+    parseLoginRequest(sp: ServiceProvider, binding: string, req: ESamlHttpRequest): Promise<import("./flow").FlowResult>;
 }

package/types/src/entity-sp.d.ts

@@ -1,36 +1,46 @@
 /**
-* @file entity-sp.ts
-* @author tngan
-* @desc  Declares the actions taken by service provider
-*/
-import Entity, { BindingContext, PostBindingContext, ESamlHttpRequest, SimpleSignBindingContext } from './entity';
-import { IdentityProviderConstructor as IdentityProvider, ServiceProviderMetadata, ServiceProviderSettings } from './types';
-import { FlowResult } from './flow';
-export default function (props: ServiceProviderSettings): ServiceProvider;
+ * @file entity-sp.ts
+ * @author tngan
+ * @desc Service provider: builds login requests and parses inbound login
+ * responses coming from an identity provider.
+ */
+import Entity from './entity';
+import type { BindingContext, PostBindingContext, ESamlHttpRequest, SimpleSignBindingContext, IdentityProviderConstructor as IdentityProvider, ServiceProviderMetadata, ServiceProviderSettings, CreateLoginRequestOptions, CustomTagReplacement } from './types';
 /**
-* @desc Service provider can be configured using either metadata importing or spSetting
-* @param  {object} spSettingimport { FlowResult } from '../types/src/flow.d';
-
-*/
+ * Factory returning a new {@link ServiceProvider}. An SP can be built from
+ * an XML metadata document or from a programmatic settings object.
+ *
+ * @param props SP settings
+ */
+export default function (props: ServiceProviderSettings): ServiceProvider;
+/** Service-provider entity. */
 export declare class ServiceProvider extends Entity {
     entityMeta: ServiceProviderMetadata;
     /**
-    * @desc  Inherited from Entity
-    * @param {object} spSetting    setting of service provider
-    */
+     * Build an SP with sensible defaults for signing flags.
+     *
+     * @param spSetting SP settings object
+     */
     constructor(spSetting: ServiceProviderSettings);
     /**
-    * @desc  Generates the login request for developers to design their own method
-    * @param  {IdentityProvider} idp               object of identity provider
-    * @param  {string}   binding                   protocol binding
-    * @param  {function} customTagReplacement     used when developers have their own login response template
-    */
-    createLoginRequest(idp: IdentityProvider, binding?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext | PostBindingContext | SimpleSignBindingContext;
+     * Build a login request targeting the supplied identity provider.
+     *
+     * The third parameter accepts either a callback (legacy shape) or an
+     * options bag `{ relayState?, customTagReplacement? }`. Per
+     * `saml-bindings §3.4.3 / §3.5.3`, RelayState is request-scoped — pass
+     * it via the options bag instead of `entitySetting.relayState`.
+     *
+     * @param idp target identity provider
+     * @param binding `redirect` (default), `post`, or `simpleSign`
+     * @param optionsOrCallback per-request options or a custom-template callback
+     */
+    createLoginRequest(idp: IdentityProvider, binding?: string, optionsOrCallback?: CreateLoginRequestOptions | CustomTagReplacement): BindingContext | PostBindingContext | SimpleSignBindingContext;
     /**
-    * @desc   Validation of the parsed the URL parameters
-    * @param  {IdentityProvider}   idp             object of identity provider
-    * @param  {string}   binding                   protocol binding
-    * @param  {request}   req                      request
-    */
-    parseLoginResponse(idp: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
+     * Parse, validate and verify an inbound login response.
+     *
+     * @param idp identity provider that produced the response
+     * @param binding `redirect`, `post`, or `simpleSign`
+     * @param request HTTP request envelope
+     */
+    parseLoginResponse(idp: IdentityProvider, binding: string, request: ESamlHttpRequest): Promise<import("./flow").FlowResult>;
 }