Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@descope/node-sdk

Package Overview
Dependencies
Maintainers
3
Versions
316
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@descope/node-sdk - npm Package Compare versions

Comparing version 0.0.0-next-f64741f7-20231029 to 0.0.0-next-f6a1995c-20240327

2

dist/cjs/index.cjs.js

@@ -1,2 +0,2 @@

"use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),o=require("node-fetch-commonjs");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=n(t),a=n(o);const i=t=>async(...s)=>{var o,n,r;const a=await t(...s);if(!a.data)return a;let i=a.data,{refreshJwt:l}=i,d=e.__rest(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=a.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=a.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(r=a.response)||void 0===r?void 0:r.headers.get("set-cookie"))),Object.assign(Object.assign({},a),{data:Object.assign(Object.assign({},a.data),{refreshJwt:l,cookies:p})})};function l(e,t,s){var o,n;const r=s?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(r)?r:[]}function d(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var p={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},m={updateName:"/v1/mgmt/project/update/name"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},g={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},h={update:"/v1/mgmt/jwt/update"},v={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},k={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},R={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},y={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},C={search:"/v1/mgmt/audit/search"};const w=(e,s)=>({create:(o,n,r,a,i,l,d,m,u,c)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),createTestUser:(o,n,r,a,i,l,d,m,u,c)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:m,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),invite:(o,n,r,a,i,l,d,m,u,c,g)=>t.transformResponse(e.httpClient.post(p.create,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:u,verifiedPhone:c,inviteUrl:g},{token:s}),(e=>e.user)),update:(o,n,r,a,i,l,d,m,u,c)=>t.transformResponse(e.httpClient.post(p.update,{loginId:o,email:n,phone:r,displayName:a,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:u,verifiedPhone:c},{token:s}),(e=>e.user)),delete:o=>t.transformResponse(e.httpClient.post(p.delete,{loginId:o},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(p.deleteAllTestUsers,{token:s})),load:o=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{loginId:o},token:s}),(e=>e.user)),loadByUserId:o=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{userId:o},token:s}),(e=>e.user)),logoutUser:o=>t.transformResponse(e.httpClient.post(p.logout,{loginId:o},{token:s})),logoutUserByUserId:o=>t.transformResponse(e.httpClient.post(p.logout,{userId:o},{token:s})),searchAll:(o,n,r,a,i,l,d,m,u,c)=>t.transformResponse(e.httpClient.post(p.search,{tenantIds:o,roleNames:n,limit:r,page:a,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:u,phones:c},{token:s}),(e=>e.users)),getProviderToken:(o,n)=>t.transformResponse(e.httpClient.get(p.getProviderToken,{queryParams:{loginId:o,provider:n},token:s}),(e=>e)),activate:o=>t.transformResponse(e.httpClient.post(p.updateStatus,{loginId:o,status:"enabled"},{token:s}),(e=>e.user)),deactivate:o=>t.transformResponse(e.httpClient.post(p.updateStatus,{loginId:o,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(o,n)=>t.transformResponse(e.httpClient.post(p.updateLoginId,{loginId:o,newLoginId:n},{token:s}),(e=>e.user)),updateEmail:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updateEmail,{loginId:o,email:n,verified:r},{token:s}),(e=>e.user)),updatePhone:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updatePhone,{loginId:o,phone:n,verified:r},{token:s}),(e=>e.user)),updateDisplayName:(o,n)=>t.transformResponse(e.httpClient.post(p.updateDisplayName,{loginId:o,displayName:n},{token:s}),(e=>e.user)),updatePicture:(o,n)=>t.transformResponse(e.httpClient.post(p.updatePicture,{loginId:o,picture:n},{token:s}),(e=>e.user)),updateCustomAttribute:(o,n,r)=>t.transformResponse(e.httpClient.post(p.updateCustomAttribute,{loginId:o,attributeKey:n,attributeValue:r},{token:s}),(e=>e.user)),addRoles:(o,n)=>t.transformResponse(e.httpClient.post(p.addRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),removeRoles:(o,n)=>t.transformResponse(e.httpClient.post(p.removeRole,{loginId:o,roleNames:n},{token:s}),(e=>e.user)),addTenant:(o,n)=>t.transformResponse(e.httpClient.post(p.addTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),removeTenant:(o,n)=>t.transformResponse(e.httpClient.post(p.removeTenant,{loginId:o,tenantId:n},{token:s}),(e=>e.user)),addTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(p.addRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),removeTenantRoles:(o,n,r)=>t.transformResponse(e.httpClient.post(p.removeRole,{loginId:o,tenantId:n,roleNames:r},{token:s}),(e=>e.user)),generateOTPForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(p.generateOTPForTest,{deliveryMethod:o,loginId:n},{token:s}),(e=>e)),generateMagicLinkForTestUser:(o,n,r)=>t.transformResponse(e.httpClient.post(p.generateMagicLinkForTest,{deliveryMethod:o,loginId:n,URI:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(o,n)=>t.transformResponse(e.httpClient.post(p.generateEnchantedLinkForTest,{loginId:o,URI:n},{token:s}),(e=>e)),generateEmbeddedLink:(o,n)=>t.transformResponse(e.httpClient.post(p.generateEmbeddedLink,{loginId:o,customClaims:n},{token:s}),(e=>e)),setPassword:(o,n)=>t.transformResponse(e.httpClient.post(p.setPassword,{loginId:o,password:n},{token:s}),(e=>e)),expirePassword:o=>t.transformResponse(e.httpClient.post(p.expirePassword,{loginId:o},{token:s}),(e=>e))}),I=(e,s)=>({updateName:o=>t.transformResponse(e.httpClient.post(m.updateName,{name:o},{token:s}))}),b=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(c.create,{name:o,selfProvisioningDomains:n,customAttributes:r},{token:s})),createWithId:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.create,{id:o,name:n,selfProvisioningDomains:r,customAttributes:a},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.update,{id:o,name:n,selfProvisioningDomains:r,customAttributes:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(c.delete,{id:o},{token:s})),load:o=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:o},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(o,n,r,a)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:o,tenantNames:n,tenantSelfProvisioningDomains:r,customAttributes:a},{token:s}),(e=>e.tenants))}),A=(e,s)=>({update:(o,n)=>t.transformResponse(e.httpClient.post(h.update,{jwt:o,customClaims:n},{token:s}))}),T=(e,s)=>({create:(o,n)=>t.transformResponse(e.httpClient.post(v.create,{name:o,description:n},{token:s})),update:(o,n,r)=>t.transformResponse(e.httpClient.post(v.update,{name:o,newName:n,description:r},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(v.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(v.loadAll,{token:s}),(e=>e.permissions))}),P=(e,s)=>({create:(o,n,r)=>t.transformResponse(e.httpClient.post(f.create,{name:o,description:n,permissionNames:r},{token:s})),update:(o,n,r,a)=>t.transformResponse(e.httpClient.post(f.update,{name:o,newName:n,description:r,permissionNames:a},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(f.delete,{name:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.roles))}),x=(e,s)=>({loadAllGroups:o=>t.transformResponse(e.httpClient.post(y.loadAllGroups,{tenantId:o},{token:s})),loadAllGroupsForMember:(o,n,r)=>t.transformResponse(e.httpClient.post(y.loadAllGroupsForMember,{tenantId:o,loginIds:r,userIds:n},{token:s})),loadAllGroupMembers:(o,n)=>t.transformResponse(e.httpClient.post(y.loadAllGroupMembers,{tenantId:o,groupId:n},{token:s}))}),j=(e,s)=>({getSettings:o=>t.transformResponse(e.httpClient.get(g.settings,{queryParams:{tenantId:o},token:s}),(e=>e)),deleteSettings:o=>t.transformResponse(e.httpClient.delete(g.settings,{queryParams:{tenantId:o},token:s})),configureSettings:(o,n,r,a,i,l)=>t.transformResponse(e.httpClient.post(g.settings,{tenantId:o,idpURL:n,entityId:a,idpCert:r,redirectURL:i,domain:l},{token:s})),configureMetadata:(o,n,r,a)=>t.transformResponse(e.httpClient.post(g.metadata,{tenantId:o,idpMetadataURL:n,redirectURL:r,domain:a},{token:s})),configureMapping:(o,n,r)=>t.transformResponse(e.httpClient.post(g.mapping,{tenantId:o,roleMappings:n,attributeMapping:r},{token:s}))}),E=(e,s)=>({create:(o,n,r,a)=>t.transformResponse(e.httpClient.post(u.create,{name:o,expireTime:n,roleNames:r,keyTenants:a},{token:s})),load:o=>t.transformResponse(e.httpClient.get(u.load,{queryParams:{id:o},token:s}),(e=>e.key)),searchAll:o=>t.transformResponse(e.httpClient.post(u.search,{tenantIds:o},{token:s}),(e=>e.keys)),update:(o,n)=>t.transformResponse(e.httpClient.post(u.update,{id:o,name:n},{token:s}),(e=>e.key)),deactivate:o=>t.transformResponse(e.httpClient.post(u.deactivate,{id:o},{token:s})),activate:o=>t.transformResponse(e.httpClient.post(u.activate,{id:o},{token:s})),delete:o=>t.transformResponse(e.httpClient.post(u.delete,{id:o},{token:s}))}),N=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(k.list,{},{token:s})),export:o=>t.transformResponse(e.httpClient.post(k.export,{flowId:o},{token:s})),import:(o,n,r)=>t.transformResponse(e.httpClient.post(k.import,{flowId:o,flow:n,screens:r},{token:s}))}),O=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(R.export,{},{token:s})),import:o=>t.transformResponse(e.httpClient.post(R.import,{theme:o},{token:s}))}),S=(e,s)=>({search:o=>{const n=Object.assign(Object.assign({},o),{externalIds:o.loginIds});return delete n.loginIds,t.transformResponse(e.httpClient.post(C.search,n,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var U;null!==(U=globalThis.Headers)&&void 0!==U||(globalThis.Headers=o.Headers);const M=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),a.default(...e)),L=o=>{var n,{managementKey:a,publicKey:p}=o,m=e.__rest(o,["managementKey","publicKey"]);const u=r.default(Object.assign(Object.assign({fetch:M},m),{baseHeaders:Object.assign(Object.assign({},m.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(n=null===process||void 0===process?void 0:process.versions)||void 0===n?void 0:n.node)||"","x-descope-sdk-version":"0.0.0-next-f64741f7-20231029"})})),{projectId:c,logger:g}=m,h={},v=((e,t)=>({user:w(e,t),project:I(e,t),accessKey:E(e,t),tenant:b(e,t),sso:j(e,t),jwt:A(e,t),permission:T(e,t),role:P(e,t),group:x(e,t),flow:N(e,t),theme:O(e,t),audit:S(e,t)}))(u,a),f=Object.assign(Object.assign({},u),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{if(p)try{const e=JSON.parse(p),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==g||g.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${c}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const o=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(o&&(o.iss=null===(t=o.iss)||void 0===t?void 0:t.split("/").pop(),o.iss!==c))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:o}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==g||g.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const o=await f.refresh(e);if(o.ok){return await f.validateJwt(null===(t=o.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=o.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==g||g.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==g||g.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await f.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(s)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!d(e,t))return!1;const o=l(e,"permissions",t);return s.every((e=>o.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!d(e,t))return!1;const o=l(e,"roles",t);return s.every((e=>o.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};L.RefreshTokenCookieName="DSR",L.SessionTokenCookieName="DS",module.exports=L;
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),n=require("cross-fetch");function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=o(t);const r=t=>async(...s)=>{var n,o,a;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,p=e.__rest(i,["refreshJwt"]);const d=[];var m;return l?d.push(`${"DSR"}=${l}; Domain=${(null==(m=p)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),d.push(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:d})})};function i(e,t,s){var n,o;const a=s?null===(o=null===(n=e.token.tenants)||void 0===n?void 0:n[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(a)?a:[]}function l(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var p={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},d={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone",export:"/v1/mgmt/project/export",import:"/v1/mgmt/project/import"},m={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},c={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},g={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},u={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},h={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate"},v={settings:"/v1/mgmt/password/settings"},f={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},k={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},R={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},C={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},y={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},I={search:"/v1/mgmt/audit/search"},b={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const w=(e,s)=>({create:function(n,o,a,r,i,l,d,m,c,g,u,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:a,displayName:r,givenName:u,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:c,verifiedPhone:g,additionalLoginIds:f}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return t.transformResponse(e.httpClient.post(p.create,k,{token:s}),(e=>e.user))},createTestUser:function(n,o,a,r,i,l,d,m,c,g,u,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:a,displayName:r,givenName:u,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:c,verifiedPhone:g,additionalLoginIds:f,test:!0}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,test:!0});return t.transformResponse(e.httpClient.post(p.create,k,{token:s}),(e=>e.user))},invite:function(n,o,a,r,i,l,d,m,c,g,u,h,v,f,k,R,C){const y="string"==typeof o?{loginId:n,email:o,phone:a,displayName:r,givenName:f,middleName:k,familyName:R,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:m,verifiedEmail:c,verifiedPhone:g,inviteUrl:u,sendMail:h,sendSMS:v,additionalLoginIds:C}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0,invite:!0});return t.transformResponse(e.httpClient.post(p.create,y,{token:s}),(e=>e.user))},inviteBatch:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(p.createBatch,{users:n,invite:!0,inviteUrl:o,sendMail:a,sendSMS:r,templateOptions:i},{token:s}),(e=>e)),update:function(n,o,a,r,i,l,d,m,c,g,u,h,v,f){const k="string"==typeof o?{loginId:n,email:o,phone:a,displayName:r,givenName:u,middleName:h,familyName:v,roleNames:i,userTenants:l,customAttributes:d,picture:m,verifiedEmail:c,verifiedPhone:g,additionalLoginIds:f}:Object.assign(Object.assign({loginId:n},o),{roleNames:null==o?void 0:o.roles,roles:void 0});return t.transformResponse(e.httpClient.post(p.update,k,{token:s}),(e=>e.user))},delete:n=>t.transformResponse(e.httpClient.post(p.delete,{loginId:n},{token:s})),deleteByUserId:n=>t.transformResponse(e.httpClient.post(p.delete,{userId:n},{token:s})),deleteAllTestUsers:()=>t.transformResponse(e.httpClient.delete(p.deleteAllTestUsers,{token:s})),load:n=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{loginId:n},token:s}),(e=>e.user)),loadByUserId:n=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{userId:n},token:s}),(e=>e.user)),logoutUser:n=>t.transformResponse(e.httpClient.post(p.logout,{loginId:n},{token:s})),logoutUserByUserId:n=>t.transformResponse(e.httpClient.post(p.logout,{userId:n},{token:s})),searchAll:(n,o,a,r,i,l,d,m,c,g)=>t.transformResponse(e.httpClient.post(p.search,{tenantIds:n,roleNames:o,limit:a,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:m,emails:c,phones:g},{token:s}),(e=>e.users)),search:n=>t.transformResponse(e.httpClient.post(p.search,Object.assign(Object.assign({},n),{roleNames:n.roles,roles:void 0}),{token:s}),(e=>e.users)),getProviderToken:(n,o)=>t.transformResponse(e.httpClient.get(p.getProviderToken,{queryParams:{loginId:n,provider:o},token:s}),(e=>e)),activate:n=>t.transformResponse(e.httpClient.post(p.updateStatus,{loginId:n,status:"enabled"},{token:s}),(e=>e.user)),deactivate:n=>t.transformResponse(e.httpClient.post(p.updateStatus,{loginId:n,status:"disabled"},{token:s}),(e=>e.user)),updateLoginId:(n,o)=>t.transformResponse(e.httpClient.post(p.updateLoginId,{loginId:n,newLoginId:o},{token:s}),(e=>e.user)),updateEmail:(n,o,a)=>t.transformResponse(e.httpClient.post(p.updateEmail,{loginId:n,email:o,verified:a},{token:s}),(e=>e.user)),updatePhone:(n,o,a)=>t.transformResponse(e.httpClient.post(p.updatePhone,{loginId:n,phone:o,verified:a},{token:s}),(e=>e.user)),updateDisplayName:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(p.updateDisplayName,{loginId:n,displayName:o,givenName:a,middleName:r,familyName:i},{token:s}),(e=>e.user)),updatePicture:(n,o)=>t.transformResponse(e.httpClient.post(p.updatePicture,{loginId:n,picture:o},{token:s}),(e=>e.user)),updateCustomAttribute:(n,o,a)=>t.transformResponse(e.httpClient.post(p.updateCustomAttribute,{loginId:n,attributeKey:o,attributeValue:a},{token:s}),(e=>e.user)),setRoles:(n,o)=>t.transformResponse(e.httpClient.post(p.setRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addRoles:(n,o)=>t.transformResponse(e.httpClient.post(p.addRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),removeRoles:(n,o)=>t.transformResponse(e.httpClient.post(p.removeRole,{loginId:n,roleNames:o},{token:s}),(e=>e.user)),addTenant:(n,o)=>t.transformResponse(e.httpClient.post(p.addTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),removeTenant:(n,o)=>t.transformResponse(e.httpClient.post(p.removeTenant,{loginId:n,tenantId:o},{token:s}),(e=>e.user)),setTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(p.setRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),addTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(p.addRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),removeTenantRoles:(n,o,a)=>t.transformResponse(e.httpClient.post(p.removeRole,{loginId:n,tenantId:o,roleNames:a},{token:s}),(e=>e.user)),addSSOapps:(n,o)=>t.transformResponse(e.httpClient.post(p.addSSOApps,{loginId:n,ssoAppIds:o},{token:s}),(e=>e.user)),setSSOapps:(n,o)=>t.transformResponse(e.httpClient.post(p.setSSOApps,{loginId:n,ssoAppIds:o},{token:s}),(e=>e.user)),removeSSOapps:(n,o)=>t.transformResponse(e.httpClient.post(p.removeSSOApps,{loginId:n,ssoAppIds:o},{token:s}),(e=>e.user)),generateOTPForTestUser:(n,o,a)=>t.transformResponse(e.httpClient.post(p.generateOTPForTest,{deliveryMethod:n,loginId:o,loginOptions:a},{token:s}),(e=>e)),generateMagicLinkForTestUser:(n,o,a,r)=>t.transformResponse(e.httpClient.post(p.generateMagicLinkForTest,{deliveryMethod:n,loginId:o,URI:a,loginOptions:r},{token:s}),(e=>e)),generateEnchantedLinkForTestUser:(n,o,a)=>t.transformResponse(e.httpClient.post(p.generateEnchantedLinkForTest,{loginId:n,URI:o,loginOptions:a},{token:s}),(e=>e)),generateEmbeddedLink:(n,o)=>t.transformResponse(e.httpClient.post(p.generateEmbeddedLink,{loginId:n,customClaims:o},{token:s}),(e=>e)),setTemporaryPassword:(n,o)=>t.transformResponse(e.httpClient.post(p.setTemporaryPassword,{loginId:n,password:o},{token:s}),(e=>e)),setActivePassword:(n,o)=>t.transformResponse(e.httpClient.post(p.setActivePassword,{loginId:n,password:o},{token:s}),(e=>e)),setPassword:(n,o)=>t.transformResponse(e.httpClient.post(p.setPassword,{loginId:n,password:o},{token:s}),(e=>e)),expirePassword:n=>t.transformResponse(e.httpClient.post(p.expirePassword,{loginId:n},{token:s}),(e=>e)),removeAllPasskeys:n=>t.transformResponse(e.httpClient.post(p.removeAllPasskeys,{loginId:n},{token:s}),(e=>e)),history:n=>t.transformResponse(e.httpClient.post(p.history,n,{token:s}),(e=>e))}),A=(e,s)=>({updateName:n=>t.transformResponse(e.httpClient.post(d.updateName,{name:n},{token:s})),clone:(n,o)=>t.transformResponse(e.httpClient.post(d.clone,{name:n,tag:o},{token:s})),export:()=>t.transformResponse(e.httpClient.post(d.export,{},{token:s}),(e=>e.files)),import:n=>t.transformResponse(e.httpClient.post(d.import,{files:n},{token:s}))}),O=(e,s)=>({create:(n,o,a)=>t.transformResponse(e.httpClient.post(c.create,{name:n,selfProvisioningDomains:o,customAttributes:a},{token:s})),createWithId:(n,o,a,r)=>t.transformResponse(e.httpClient.post(c.create,{id:n,name:o,selfProvisioningDomains:a,customAttributes:r},{token:s})),update:(n,o,a,r)=>t.transformResponse(e.httpClient.post(c.update,{id:n,name:o,selfProvisioningDomains:a,customAttributes:r},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(c.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(c.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(c.loadAll,{token:s}),(e=>e.tenants)),searchAll:(n,o,a,r)=>t.transformResponse(e.httpClient.post(c.searchAll,{tenantIds:n,tenantNames:o,tenantSelfProvisioningDomains:a,customAttributes:r},{token:s}),(e=>e.tenants)),getSettings:n=>t.transformResponse(e.httpClient.get(c.settings,{queryParams:{id:n},token:s}),(e=>e)),configureSettings:(n,o)=>t.transformResponse(e.httpClient.post(c.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:s}))}),S=(e,s)=>({update:(n,o)=>t.transformResponse(e.httpClient.post(h.update,{jwt:n,customClaims:o},{token:s})),impersonate:(n,o,a)=>t.transformResponse(e.httpClient.post(h.impersonate,{impersonatorId:n,loginId:o,validateConsent:a},{token:s}))}),N=(e,s)=>({create:(n,o)=>t.transformResponse(e.httpClient.post(f.create,{name:n,description:o},{token:s})),update:(n,o,a)=>t.transformResponse(e.httpClient.post(f.update,{name:n,newName:o,description:a},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(f.delete,{name:n},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(f.loadAll,{token:s}),(e=>e.permissions))}),j=(e,s)=>({create:(n,o,a,r)=>t.transformResponse(e.httpClient.post(k.create,{name:n,description:o,permissionNames:a,tenantId:r},{token:s})),update:(n,o,a,r,i)=>t.transformResponse(e.httpClient.post(k.update,{name:n,newName:o,description:a,permissionNames:r,tenantId:i},{token:s})),delete:(n,o)=>t.transformResponse(e.httpClient.post(k.delete,{name:n,tenantId:o},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(k.loadAll,{token:s}),(e=>e.roles)),search:n=>t.transformResponse(e.httpClient.post(k.search,n,{token:s}),(e=>e.roles))}),P=(e,s)=>({loadAllGroups:n=>t.transformResponse(e.httpClient.post(y.loadAllGroups,{tenantId:n},{token:s})),loadAllGroupsForMember:(n,o,a)=>t.transformResponse(e.httpClient.post(y.loadAllGroupsForMember,{tenantId:n,loginIds:a,userIds:o},{token:s})),loadAllGroupMembers:(n,o)=>t.transformResponse(e.httpClient.post(y.loadAllGroupMembers,{tenantId:n,groupId:o},{token:s}))}),T=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(u.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),deleteSettings:n=>t.transformResponse(e.httpClient.delete(u.settings,{queryParams:{tenantId:n},token:s})),configureSettings:(n,o,a,r,i,l)=>t.transformResponse(e.httpClient.post(u.settings,{tenantId:n,idpURL:o,entityId:r,idpCert:a,redirectURL:i,domains:l},{token:s})),configureMetadata:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.metadata,{tenantId:n,idpMetadataURL:o,redirectURL:a,domains:r},{token:s})),configureMapping:(n,o,a)=>t.transformResponse(e.httpClient.post(u.mapping,{tenantId:n,roleMappings:o,attributeMapping:a},{token:s})),configureOIDCSettings:(n,o,a)=>{const r=Object.assign(Object.assign({},o),{userAttrMapping:o.attributeMapping});return delete r.attributeMapping,t.transformResponse(e.httpClient.post(u.oidc.configure,{tenantId:n,settings:r,domains:a},{token:s}))},configureSAMLSettings:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.saml.configure,{tenantId:n,settings:o,redirectUrl:a,domains:r},{token:s})),configureSAMLByMetadata:(n,o,a,r)=>t.transformResponse(e.httpClient.post(u.saml.metadata,{tenantId:n,settings:o,redirectUrl:a,domains:r},{token:s})),loadSettings:n=>t.transformResponse(e.httpClient.get(u.settingsv2,{queryParams:{tenantId:n},token:s}),(e=>{var t,s;const n=e;return n.oidc&&(n.oidc=Object.assign(Object.assign({},n.oidc),{attributeMapping:n.oidc.userAttrMapping}),delete n.oidc.userAttrMapping),(null===(t=n.saml)||void 0===t?void 0:t.groupsMapping)&&(n.saml.groupsMapping=null===(s=n.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),n}))}),M=(e,s)=>({create:(n,o,a,r,i,l)=>t.transformResponse(e.httpClient.post(m.create,{name:n,expireTime:o,roleNames:a,keyTenants:r,userId:i,customClaims:l},{token:s})),load:n=>t.transformResponse(e.httpClient.get(m.load,{queryParams:{id:n},token:s}),(e=>e.key)),searchAll:n=>t.transformResponse(e.httpClient.post(m.search,{tenantIds:n},{token:s}),(e=>e.keys)),update:(n,o)=>t.transformResponse(e.httpClient.post(m.update,{id:n,name:o},{token:s}),(e=>e.key)),deactivate:n=>t.transformResponse(e.httpClient.post(m.deactivate,{id:n},{token:s})),activate:n=>t.transformResponse(e.httpClient.post(m.activate,{id:n},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(m.delete,{id:n},{token:s}))}),E=(e,s)=>({list:()=>t.transformResponse(e.httpClient.post(R.list,{},{token:s})),delete:n=>t.transformResponse(e.httpClient.post(R.delete,{ids:n},{token:s})),export:n=>t.transformResponse(e.httpClient.post(R.export,{flowId:n},{token:s})),import:(n,o,a)=>t.transformResponse(e.httpClient.post(R.import,{flowId:n,flow:o,screens:a},{token:s}))}),x=(e,s)=>({export:()=>t.transformResponse(e.httpClient.post(C.export,{},{token:s})),import:n=>t.transformResponse(e.httpClient.post(C.import,{theme:n},{token:s}))}),U=(e,s)=>({search:n=>{const o=Object.assign(Object.assign({},n),{externalIds:n.loginIds});return delete o.loginIds,t.transformResponse(e.httpClient.post(I.search,o,{token:s}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),L=(e,s)=>({saveSchema:(n,o)=>t.transformResponse(e.httpClient.post(b.schemaSave,{schema:n,upgrade:o},{token:s})),deleteSchema:()=>t.transformResponse(e.httpClient.post(b.schemaDelete,{},{token:s})),loadSchema:()=>t.transformResponse(e.httpClient.post(b.schemaLoad,{},{token:s}),(e=>e.schema)),saveNamespace:(n,o,a)=>t.transformResponse(e.httpClient.post(b.nsSave,{namespace:n,oldName:o,schemaName:a},{token:s})),deleteNamespace:(n,o)=>t.transformResponse(e.httpClient.post(b.nsDelete,{name:n,schemaName:o},{token:s})),saveRelationDefinition:(n,o,a,r)=>t.transformResponse(e.httpClient.post(b.rdSave,{relationDefinition:n,namespace:o,oldName:a,schemaName:r},{token:s})),deleteRelationDefinition:(n,o,a)=>t.transformResponse(e.httpClient.post(b.rdDelete,{name:n,namespace:o,schemaName:a},{token:s})),createRelations:n=>t.transformResponse(e.httpClient.post(b.reCreate,{relations:n},{token:s})),deleteRelations:n=>t.transformResponse(e.httpClient.post(b.reDelete,{relations:n},{token:s})),deleteRelationsForResources:n=>t.transformResponse(e.httpClient.post(b.reDeleteResources,{resources:n},{token:s})),hasRelations:n=>t.transformResponse(e.httpClient.post(b.hasRelations,{relationQueries:n},{token:s}),(e=>e.relationQueries)),whoCanAccess:(n,o,a)=>t.transformResponse(e.httpClient.post(b.who,{resource:n,relationDefinition:o,namespace:a},{token:s}),(e=>e.targets)),resourceRelations:n=>t.transformResponse(e.httpClient.post(b.resource,{resource:n},{token:s}),(e=>e.relations)),targetsRelations:n=>t.transformResponse(e.httpClient.post(b.targets,{targets:n},{token:s}),(e=>e.relations)),whatCanTargetAccess:n=>t.transformResponse(e.httpClient.post(b.targetAll,{target:n},{token:s}),(e=>e.relations)),getModified:n=>t.transformResponse(e.httpClient.post(b.getModified,{since:n?n.getTime():0},{token:s}),(e=>e))}),D=(e,s)=>({createOidcApplication:n=>{var o;return t.transformResponse(e.httpClient.post(g.oidcCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:s}))},createSamlApplication:n=>{var o;return t.transformResponse(e.httpClient.post(g.samlCreate,Object.assign(Object.assign({},n),{enabled:null===(o=n.enabled)||void 0===o||o}),{token:s}))},updateOidcApplication:n=>t.transformResponse(e.httpClient.post(g.oidcUpdate,Object.assign({},n),{token:s})),updateSamlApplication:n=>t.transformResponse(e.httpClient.post(g.samlUpdate,Object.assign({},n),{token:s})),delete:n=>t.transformResponse(e.httpClient.post(g.delete,{id:n},{token:s})),load:n=>t.transformResponse(e.httpClient.get(g.load,{queryParams:{id:n},token:s}),(e=>e)),loadAll:()=>t.transformResponse(e.httpClient.get(g.loadAll,{token:s}),(e=>e.apps))}),q=(e,s)=>({getSettings:n=>t.transformResponse(e.httpClient.get(v.settings,{queryParams:{tenantId:n},token:s}),(e=>e)),configureSettings:(n,o)=>t.transformResponse(e.httpClient.post(v.settings,Object.assign(Object.assign({},o),{tenantId:n}),{token:s}))});var F;null!==(F=globalThis.Headers)&&void 0!==F||(globalThis.Headers=n.Headers);const z=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),n.fetch(...e)),J=n=>{var o,{managementKey:p,publicKey:d}=n,m=e.__rest(n,["managementKey","publicKey"]);const c=a.default(Object.assign(Object.assign({fetch:z},m),{baseHeaders:Object.assign(Object.assign({},m.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(o=null===process||void 0===process?void 0:process.versions)||void 0===o?void 0:o.node)||"","x-descope-sdk-version":"0.0.0-next-f6a1995c-20240327"})})),{projectId:g,logger:u}=m,h={},v=((e,t)=>({user:w(e,t),project:A(e,t),accessKey:M(e,t),tenant:O(e,t),ssoApplication:D(e,t),sso:T(e,t),jwt:S(e,t),permission:N(e,t),password:q(e,t),role:j(e,t),group:P(e,t),flow:E(e,t),theme:x(e,t),audit:U(e,t),authz:L(e,t)}))(c,p),f=Object.assign(Object.assign({},c),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{if(d)try{const e=JSON.parse(d),t=await s.importJWK(e);return{[e.kid]:t}}catch(e){throw null==u||u.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await c.httpClient.get(`v2/keys/${g}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const n=(await s.jwtVerify(e,f.getKey,{clockTolerance:5})).payload;if(n&&(n.iss=null===(t=n.iss)||void 0===t?void 0:t.split("/").pop(),n.iss!==g))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:n}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==u||u.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const n=await f.refresh(e);if(n.ok){return await f.validateJwt(null===(t=n.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=n.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==u||u.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==u||u.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e,t){if(!e)throw Error("access key must not be empty");let s;try{s=await f.accessKey.exchange(e,t)}catch(e){throw null==u||u.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:n}=s.data;if(!n)throw null==u||u.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(n)}catch(e){throw null==u||u.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!l(e,t))return!1;const n=i(e,"permissions",t);return s.every((e=>n.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!l(e,t))return[];const n=i(e,"permissions",t);return s.filter((e=>n.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!l(e,t))return!1;const n=i(e,"roles",t);return s.every((e=>n.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!l(e,t))return[];const n=i(e,"roles",t);return s.filter((e=>n.includes(e)))}});return t.wrapWith(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],r)};J.RefreshTokenCookieName="DSR",J.SessionTokenCookieName="DS",exports.default=J,exports.descopeErrors={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"};
//# sourceMappingURL=index.cjs.js.map

790

dist/index.d.ts
import * as _descope_core_js_sdk from '@descope/core-js-sdk';
import _descope_core_js_sdk__default, { SdkResponse, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
import _descope_core_js_sdk__default, { DeliveryMethod, UserResponse, SdkResponse, AccessKeyLoginOptions, ExchangeAccessKeyResponse } from '@descope/core-js-sdk';
export { DeliveryMethod, JWTResponse, OAuthProvider, ResponseData, SdkResponse } from '@descope/core-js-sdk';
import { JWTHeaderParameters, KeyLike } from 'jose';
/** Represents a tenant association for a User or Access Key. The tenantId is required to denote
/** Parsed JWT token */
interface Token {
sub?: string;
exp?: number;
iss?: string;
[claim: string]: unknown;
}
/** All information regarding token including the raw JWT, parsed JWT and cookies */
interface AuthenticationInfo {
jwt: string;
token: Token;
cookies?: string[];
}
declare type DeliveryMethodForTestUser = DeliveryMethod | 'Embedded';
declare type ExpirationUnit = 'minutes' | 'hours' | 'days' | 'weeks';
/**
* Represents a tenant association for a User or Access Key. The tenantId is required to denote
* which tenant the user or access key belongs to. The roleNames array is an optional list of

@@ -18,2 +35,67 @@ * roles for the user or access key in this specific tenant.

};
/**
* Options to create or update an OIDC application.
*
* **Note:** When updating, `id` will be required to perform the operation
*/
declare type OidcApplicationOptions = {
name: string;
loginPageUrl: string;
id?: string;
description?: string;
logo?: string;
enabled?: boolean;
};
/**
* Options to create or update a SAML application.
*
* **Note:** When updating, `id` will be required to perform the operation
*/
declare type SamlApplicationOptions = {
name: string;
loginPageUrl: string;
id?: string;
description?: string;
logo?: string;
enabled?: boolean;
useMetadataInfo?: boolean;
metadataUrl?: string;
entityId?: string;
acsUrl?: string;
certificate?: string;
attributeMapping?: SamlIdpAttributeMappingInfo[];
groupsMapping?: SamlIdpGroupsMappingInfo[];
acsAllowedCallbacks?: string[];
subjectNameIdType?: string;
subjectNameIdFormat?: string;
};
/**
* Represents a SAML IDP attribute mapping object. Use this class for mapping Descope attribute
* to the relevant SAML Assertion attributes matching your expected SP attributes names.
*/
declare type SamlIdpAttributeMappingInfo = {
name: string;
type: string;
value: string;
};
/** Represents a SAML IDP Role Group mapping object. */
declare type SAMLIDPRoleGroupMappingInfo = {
id: string;
name: string;
};
/**
* Represents a SAML IDP groups mapping object. Use this class for mapping Descope roles
* to the relevant SAML Assertion groups attributes that matching your expected SP groups attributes names.
*/
declare type SamlIdpGroupsMappingInfo = {
name: string;
type: string;
filterType: string;
value: string;
roles: SAMLIDPRoleGroupMappingInfo[];
};
/** The ID of a newly created SSO application */
declare type CreateSSOApplicationResponse = {
id: string;
};
/** An access key that can be used to access descope */

@@ -30,2 +112,4 @@ declare type AccessKey = {

createdBy: string;
clientId: string;
boundUserId?: string;
};

@@ -61,3 +145,75 @@ /** Access Key extended details including created key cleartext */

selfProvisioningDomains: string[];
customAttributes?: Record<string, string | number | boolean>;
domains?: string[];
authType?: 'none' | 'saml' | 'oidc';
};
/** Represents settings of a tenant in a project. It has an id, a name and an array of
* self provisioning domains used to associate users with that tenant.
*/
declare type TenantSettings = {
selfProvisioningDomains: string[];
domains?: string[];
authType?: 'none' | 'saml' | 'oidc';
sessionSettingsEnabled?: boolean;
refreshTokenExpiration?: number;
refreshTokenExpirationUnit?: ExpirationUnit;
sessionTokenExpiration?: number;
sessionTokenExpirationUnit?: ExpirationUnit;
stepupTokenExpiration?: number;
stepupTokenExpirationUnit?: ExpirationUnit;
enableInactivity?: boolean;
InactivityTime?: number;
InactivityTimeUnit?: ExpirationUnit;
JITDisabled?: boolean;
};
/** Represents password settings of a tenant in a project. It has the password policy details. */
declare type PasswordSettings = {
enabled: boolean;
minLength: number;
lowercase: boolean;
uppercase: boolean;
number: boolean;
nonAlphaNumeric: boolean;
expiration: boolean;
expirationWeeks: number;
reuse: boolean;
reuseAmount: number;
lock: boolean;
lockAttempts: number;
};
/** Represents OIDC settings of an SSO application in a project. */
declare type SSOApplicationOIDCSettings = {
loginPageUrl: string;
issuer: string;
discoveryUrl: string;
};
/** Represents SAML settings of an SSO application in a project. */
declare type SSOApplicationSAMLSettings = {
loginPageUrl: string;
idpCert: string;
useMetadataInfo: boolean;
metadataUrl: string;
entityId: string;
acsUrl: string;
certificate: string;
attributeMapping: SamlIdpAttributeMappingInfo[];
groupsMapping: SamlIdpGroupsMappingInfo[];
idpMetadataUrl: string;
idpEntityId: string;
idpSsoUrl: string;
acsAllowedCallbacks: string[];
subjectNameIdType: string;
subjectNameIdFormat: string;
};
/** Represents an SSO application in a project. */
declare type SSOApplication = {
id: string;
name: string;
description: string;
enabled: boolean;
logo: string;
appType: string;
samlSettings: SSOApplicationSAMLSettings;
oidcSettings: SSOApplicationOIDCSettings;
};
/** Represents a permission in a project. It has a name and optionally a description.

@@ -79,3 +235,11 @@ * It also has a flag indicating whether it is system default or not.

createdTime: number;
tenantId?: string;
};
/** Search roles based on the parameters */
declare type RoleSearchOptions = {
tenantIds?: string[];
roleNames?: string[];
roleNameLike?: string;
permissionNames?: string[];
};
/** Represents a group in a project. It has an id and display name and a list of group members. */

@@ -146,2 +310,45 @@ declare type Group = {

declare type AttributesTypes = string | boolean | number;
declare type TemplateOptions = Record<string, string>;
declare type User = {
loginId: string;
email?: string;
phone?: string;
displayName?: string;
roles?: string[];
userTenants?: AssociatedTenant[];
customAttributes?: Record<string, AttributesTypes>;
picture?: string;
verifiedEmail?: boolean;
verifiedPhone?: boolean;
test?: boolean;
additionalLoginIds?: string[];
password?: string;
hashedPassword?: UserPasswordHashed;
};
declare type UserPasswordHashed = {
bcrypt?: UserPasswordBcrypt;
pbkdf2?: UserPasswordPbkdf2;
firebase?: UserPasswordFirebase;
django?: UserPasswordDjango;
};
declare type UserPasswordBcrypt = {
hash: string;
};
declare type UserPasswordPbkdf2 = {
hash: string;
salt: string;
iterations: number;
type: 'sha1' | 'sha256' | 'sha512';
};
declare type UserPasswordFirebase = {
hash: string;
salt: string;
saltSeparator: string;
signerKey: string;
memory: number;
rounds: number;
};
declare type UserPasswordDjango = {
hash: string;
};
declare type UserMapping = {

@@ -174,4 +381,65 @@ name: string;

redirectUrl: string;
domains: string[];
domain: string;
};
declare type SSOSAMLSettingsResponse = {
idpEntityId: string;
idpSSOUrl: string;
idpCertificate: string;
idpMetadataUrl: string;
spEntityId: string;
spACSUrl: string;
spCertificate: string;
attributeMapping: AttributeMapping;
groupsMapping: RoleMappings;
redirectUrl: string;
};
declare type SSOSettings = {
tenant: Tenant;
saml?: SSOSAMLSettingsResponse;
oidc?: SSOOIDCSettings;
};
declare type OIDCAttributeMapping = {
loginId?: string;
name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
email?: string;
verifiedEmail?: string;
username?: string;
phoneNumber?: string;
verifiedPhone?: string;
picture?: string;
};
declare type Prompt = 'none' | 'login' | 'consent' | 'select_account';
declare type SSOOIDCSettings = {
name: string;
clientId: string;
clientSecret?: string;
redirectUrl?: string;
authUrl?: string;
tokenUrl?: string;
userDataUrl?: string;
scope?: string[];
JWKsUrl?: string;
attributeMapping?: OIDCAttributeMapping;
manageProviderTokens?: boolean;
callbackDomain?: string;
prompt?: Prompt[];
grantType?: 'authorization_code' | 'implicit';
issuer?: string;
};
declare type SSOSAMLSettings = {
idpUrl: string;
idpCert: string;
entityId: string;
roleMappings?: RoleMappings;
attributeMapping?: AttributeMapping;
};
declare type SSOSAMLByMetadataSettings = {
idpMetadataUrl: string;
roleMappings?: RoleMappings;
attributeMapping?: AttributeMapping;
};
declare type ProviderTokenResponse = {

@@ -184,2 +452,10 @@ provider: string;

};
declare type UserFailedResponse = {
failure: string;
user: UserResponse;
};
declare type InviteBatchResponse = {
createdUsers: UserResponse[];
failedUsers: UserFailedResponse[];
};
/**

@@ -218,22 +494,122 @@ * Search options to filter which audit records we should retrieve.

};
declare enum UserStatus {
enabled = "enabled",
disabled = "disabled",
invited = "invited"
}
declare type UserStatus = 'enabled' | 'disabled' | 'invited';
declare type AuthzNodeExpressionType = 'self' | 'targetSet' | 'relationLeft' | 'relationRight';
/**
* AuthzNodeExpression holds the definition of a child node
*/
declare type AuthzNodeExpression = {
neType: AuthzNodeExpressionType;
relationDefinition?: string;
relationDefinitionNamespace?: string;
targetRelationDefinition?: string;
targetRelationDefinitionNamespace?: string;
};
declare type AuthzNodeType = 'child' | 'union' | 'intersect' | 'sub';
/**
* AuthzNode holds the definition of a complex relation definition
*/
declare type AuthzNode = {
nType: AuthzNodeType;
children?: AuthzNode[];
expression?: AuthzNodeExpression;
};
/**
* AuthzRelationDefinition defines a relation within a namespace
*/
declare type AuthzRelationDefinition = {
name: string;
complexDefinition?: AuthzNode;
};
/**
* AuthzNamespace defines an entity in the authorization schema
*/
declare type AuthzNamespace = {
name: string;
relationDefinitions: AuthzRelationDefinition[];
};
/**
* AuthzSchema holds the full schema (all namespaces) for a project
*/
declare type AuthzSchema = {
name?: string;
namespaces: AuthzNamespace[];
};
/**
* AuthzUserQuery represents a target of a relation for ABAC (query on users)
*/
declare type AuthzUserQuery = {
tenants?: string[];
roles?: string[];
text?: string;
statuses?: UserStatus[];
ssoOnly?: boolean;
withTestUser?: boolean;
customAttributes?: Record<string, any>;
};
/**
* AuthzRelation defines a relation between resource and target
*/
declare type AuthzRelation = {
resource: string;
relationDefinition: string;
namespace: string;
target?: string;
targetSetResource?: string;
targetSetRelationDefinition?: string;
targetSetRelationDefinitionNamespace?: string;
query?: AuthzUserQuery;
};
/**
* AuthzRelationQuery queries the service if a given relation exists
*/
declare type AuthzRelationQuery = {
resource: string;
relationDefinition: string;
namespace: string;
target: string;
hasRelation?: boolean;
};
/**
* AuthzModified has the list of resources and targets that were modified since given time returned from GetModified
*/
declare type AuthzModified = {
resources: string[];
targets: string[];
schemaChanged: boolean;
};
declare type CloneProjectResponse = {
projectId: string;
projectName: string;
tag?: string;
};
/** Parsed JWT token */
interface Token {
sub?: string;
exp?: number;
iss?: string;
[claim: string]: unknown;
interface UserOptions {
email?: string;
phone?: string;
displayName?: string;
roles?: string[];
userTenants?: AssociatedTenant[];
customAttributes?: Record<string, AttributesTypes>;
picture?: string;
verifiedEmail?: boolean;
verifiedPhone?: boolean;
givenName?: string;
middleName?: string;
familyName?: string;
additionalLoginIds?: string[];
ssoAppIds?: string[];
}
/** All information regarding token including the raw JWT, parsed JWT and cookies */
interface AuthenticationInfo {
jwt: string;
token: Token;
cookies?: string[];
}
/** Common Error Codes */
declare const descopeErrors: {
badRequest: string;
missingArguments: string;
invalidRequest: string;
invalidArguments: string;
wrongOTPCode: string;
tooManyOTPAttempts: string;
enchantedLinkPending: string;
userNotFound: string;
};
/** Configuration arguments which include the Descope core SDK args and an optional management key */

@@ -248,7 +624,26 @@ declare type NodeSdkArgs = Parameters<typeof _descope_core_js_sdk__default>[0] & {

user: {
create: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
createTestUser: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
invite: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
update: (loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
create: {
(loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
(loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
};
createTestUser: {
(loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
(loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
};
invite: {
(loginId: string, options?: UserOptions & {
inviteUrl?: string;
sendMail?: boolean;
sendSMS?: boolean;
templateOptions?: TemplateOptions;
}): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
(loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
};
inviteBatch: (users: User[], inviteUrl?: string, sendMail?: boolean, sendSMS?: boolean, templateOptions?: TemplateOptions) => Promise<SdkResponse<InviteBatchResponse>>;
update: {
(loginId: string, options?: UserOptions): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
(loginId: string, email?: string, phone?: string, displayName?: string, roles?: string[], userTenants?: AssociatedTenant[], customAttributes?: Record<string, AttributesTypes>, picture?: string, verifiedEmail?: boolean, verifiedPhone?: boolean, givenName?: string, middleName?: string, familyName?: string, additionalLoginIds?: string[]): Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
};
delete: (loginId: string) => Promise<SdkResponse<never>>;
deleteByUserId: (userId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
deleteAllTestUsers: () => Promise<SdkResponse<never>>;

@@ -260,2 +655,20 @@ load: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;

searchAll: (tenantIds?: string[], roles?: string[], limit?: number, page?: number, testUsersOnly?: boolean, withTestUser?: boolean, customAttributes?: Record<string, AttributesTypes>, statuses?: UserStatus[], emails?: string[], phones?: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
search: (searchReq: {
page?: number;
limit?: number;
sort?: {
field: string;
desc?: boolean;
}[];
text?: string;
emails?: string[];
phones?: string[];
statuses?: UserStatus[];
roles?: string[];
tenantIds?: string[];
customAttributes?: Record<string, AttributesTypes>;
withTestUser?: boolean;
testUsersOnly?: boolean;
ssoAppIds?: string[];
}) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;
getProviderToken: (loginId: string, provider: string) => Promise<SdkResponse<ProviderTokenResponse>>;

@@ -267,5 +680,6 @@ activate: (loginId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;

updatePhone: (loginId: string, phone: string, isVerified: boolean) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
updateDisplayName: (loginId: string, displayName: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
updateDisplayName: (loginId: string, displayName?: string, givenName?: string, middleName?: string, familyName?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
updatePicture: (loginId: string, picture: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
updateCustomAttribute: (loginId: string, attributeKey: string, attributeValue: AttributesTypes) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
setRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
addRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;

@@ -275,16 +689,27 @@ removeRoles: (loginId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;

removeTenant: (loginId: string, tenantId: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
setTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
addTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
removeTenantRoles: (loginId: string, tenantId: string, roles: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
generateOTPForTestUser: (deliveryMethod: "email" | "sms" | "whatsapp", loginId: string) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
generateMagicLinkForTestUser: (deliveryMethod: "email" | "sms" | "whatsapp", loginId: string, uri: string) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
generateEnchantedLinkForTestUser: (loginId: string, uri: string) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
addSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
setSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
removeSSOapps: (loginId: string, ssoAppIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
generateOTPForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateOTPForTestResponse>>;
generateMagicLinkForTestUser: (deliveryMethod: DeliveryMethodForTestUser, loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateMagicLinkForTestResponse>>;
generateEnchantedLinkForTestUser: (loginId: string, uri: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>>;
generateEmbeddedLink: (loginId: string, customClaims?: Record<string, any>) => Promise<SdkResponse<GenerateEmbeddedLinkResponse>>;
setTemporaryPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
setActivePassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
setPassword: (loginId: string, password: string) => Promise<SdkResponse<never>>;
expirePassword: (loginId: string) => Promise<SdkResponse<never>>;
removeAllPasskeys: (loginId: string) => Promise<SdkResponse<never>>;
history: (userIds: string[]) => Promise<SdkResponse<_descope_core_js_sdk.UserHistoryResponse[]>>;
};
project: {
updateName: (name: string) => Promise<SdkResponse<never>>;
clone: (name: string, tag?: "production") => Promise<SdkResponse<CloneProjectResponse>>;
export: () => Promise<SdkResponse<Record<string, any>>>;
import: (files: Record<string, any>) => Promise<SdkResponse<never>>;
};
accessKey: {
create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[]) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
create: (name: string, expireTime: number, roles?: string[], keyTenants?: AssociatedTenant[], userId?: string, customClaims?: Record<string, any>) => Promise<SdkResponse<CreatedAccessKeyResponse>>;
load: (id: string) => Promise<SdkResponse<AccessKey>>;

@@ -305,12 +730,32 @@ searchAll: (tenantIds?: string[]) => Promise<SdkResponse<AccessKey[]>>;

searchAll: (ids?: string[], names?: string[], selfProvisioningDomains?: string[], customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<Tenant[]>>;
getSettings: (tenantId: string) => Promise<SdkResponse<TenantSettings>>;
configureSettings: (tenantId: string, settings: TenantSettings) => Promise<SdkResponse<never>>;
};
ssoApplication: {
createOidcApplication: (options: OidcApplicationOptions) => Promise<SdkResponse<CreateSSOApplicationResponse>>;
createSamlApplication: (options: SamlApplicationOptions) => Promise<SdkResponse<CreateSSOApplicationResponse>>;
updateOidcApplication: (options: OidcApplicationOptions & {
id: string;
}) => Promise<SdkResponse<never>>;
updateSamlApplication: (options: SamlApplicationOptions & {
id: string;
}) => Promise<SdkResponse<never>>;
delete: (id: string) => Promise<SdkResponse<never>>;
load: (id: string) => Promise<SdkResponse<SSOApplication>>;
loadAll: () => Promise<SdkResponse<SSOApplication[]>>;
};
sso: {
getSettings: (tenantId: string) => Promise<SdkResponse<SSOSettingsResponse>>;
deleteSettings: (tenantId: string) => Promise<SdkResponse<never>>;
configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domain: string) => Promise<SdkResponse<never>>;
configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domain: string) => Promise<SdkResponse<never>>;
configureSettings: (tenantId: string, idpURL: string, idpCert: string, entityId: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
configureMetadata: (tenantId: string, idpMetadataURL: string, redirectURL: string, domains: string[]) => Promise<SdkResponse<never>>;
configureMapping: (tenantId: string, roleMappings?: RoleMappings, attributeMapping?: AttributeMapping) => Promise<SdkResponse<never>>;
configureOIDCSettings: (tenantId: string, settings: SSOOIDCSettings, domains?: string[]) => Promise<SdkResponse<never>>;
configureSAMLSettings: (tenantId: string, settings: SSOSAMLSettings, redirectUrl?: string, domains?: string[]) => Promise<SdkResponse<never>>;
configureSAMLByMetadata: (tenantId: string, settings: SSOSAMLByMetadataSettings, redirectUrl?: string, domains?: string[]) => Promise<SdkResponse<never>>;
loadSettings: (tenantId: string) => Promise<SdkResponse<SSOSettings>>;
};
jwt: {
update: (jwt: string, customClaims?: Record<string, any>) => Promise<SdkResponse<UpdateJWTResponse>>;
impersonate: (impersonatorId: string, loginId: string, validateConsent: boolean) => Promise<SdkResponse<UpdateJWTResponse>>;
};

@@ -323,7 +768,12 @@ permission: {

};
password: {
getSettings: (tenantId: string) => Promise<SdkResponse<PasswordSettings>>;
configureSettings: (tenantId: string, settings: PasswordSettings) => Promise<SdkResponse<never>>;
};
role: {
create: (name: string, description?: string, permissionNames?: string[]) => Promise<SdkResponse<never>>;
update: (name: string, newName: string, description?: string, permissionNames?: string[]) => Promise<SdkResponse<never>>;
delete: (name: string) => Promise<SdkResponse<never>>;
create: (name: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
update: (name: string, newName: string, description?: string, permissionNames?: string[], tenantId?: string) => Promise<SdkResponse<never>>;
delete: (name: string, tenantId?: string) => Promise<SdkResponse<never>>;
loadAll: () => Promise<SdkResponse<Role[]>>;
search: (options: RoleSearchOptions) => Promise<SdkResponse<Role[]>>;
};

@@ -337,2 +787,3 @@ group: {

list: () => Promise<SdkResponse<FlowsResponse>>;
delete: (flowIds: string[]) => Promise<SdkResponse<never>>;
export: (flowId: string) => Promise<SdkResponse<FlowResponse>>;

@@ -348,2 +799,20 @@ import: (flowId: string, flow: Flow, screens?: Screen[]) => Promise<SdkResponse<FlowResponse>>;

};
authz: {
saveSchema: (schema: AuthzSchema, upgrade: boolean) => Promise<SdkResponse<never>>;
deleteSchema: () => Promise<SdkResponse<never>>;
loadSchema: () => Promise<SdkResponse<AuthzSchema>>;
saveNamespace: (namespace: AuthzNamespace, oldName?: string, schemaName?: string) => Promise<SdkResponse<never>>;
deleteNamespace: (name: string, schemaName?: string) => Promise<SdkResponse<never>>;
saveRelationDefinition: (relationDefinition: AuthzRelationDefinition, namespace: string, oldName?: string, schemaName?: string) => Promise<SdkResponse<never>>;
deleteRelationDefinition: (name: string, namespace: string, schemaName?: string) => Promise<SdkResponse<never>>;
createRelations: (relations: AuthzRelation[]) => Promise<SdkResponse<never>>;
deleteRelations: (relations: AuthzRelation[]) => Promise<SdkResponse<never>>;
deleteRelationsForResources: (resources: string[]) => Promise<SdkResponse<never>>;
hasRelations: (relationQueries: AuthzRelationQuery[]) => Promise<SdkResponse<AuthzRelationQuery[]>>;
whoCanAccess: (resource: string, relationDefinition: string, namespace: string) => Promise<SdkResponse<string[]>>;
resourceRelations: (resource: string) => Promise<SdkResponse<AuthzRelation[]>>;
targetsRelations: (targets: string[]) => Promise<SdkResponse<AuthzRelation[]>>;
whatCanTargetAccess: (target: string) => Promise<SdkResponse<AuthzRelation[]>>;
getModified: (since: Date) => Promise<SdkResponse<AuthzModified>>;
};
};

@@ -355,9 +824,13 @@ getKey: (header: JWTHeaderParameters) => Promise<KeyLike | Uint8Array>;

validateAndRefreshSession: (sessionToken?: string, refreshToken?: string) => Promise<AuthenticationInfo>;
exchangeAccessKey: (accessKey: string) => Promise<AuthenticationInfo>;
exchangeAccessKey: (accessKey: string, loginOptions?: AccessKeyLoginOptions) => Promise<AuthenticationInfo>;
validatePermissions: (authInfo: AuthenticationInfo, permissions: string[]) => boolean;
getMatchedPermissions: (authInfo: AuthenticationInfo, permissions: string[]) => string[];
validateTenantPermissions: (authInfo: AuthenticationInfo, tenant: string, permissions: string[]) => boolean;
getMatchedTenantPermissions: (authInfo: AuthenticationInfo, tenant: string, permissions: string[]) => string[];
validateRoles: (authInfo: AuthenticationInfo, roles: string[]) => boolean;
getMatchedRoles: (authInfo: AuthenticationInfo, roles: string[]) => string[];
validateTenantRoles: (authInfo: AuthenticationInfo, tenant: string, roles: string[]) => boolean;
getMatchedTenantRoles: (authInfo: AuthenticationInfo, tenant: string, roles: string[]) => string[];
accessKey: {
exchange: (accessKey: string) => Promise<SdkResponse<ExchangeAccessKeyResponse>>;
exchange: (accessKey: string, loginOptions?: AccessKeyLoginOptions) => Promise<SdkResponse<ExchangeAccessKeyResponse>>;
};

@@ -380,9 +853,9 @@ otp: {

signIn: {
sms: (loginId: string) => Promise<SdkResponse<{
sms: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
whatsapp: (loginId: string) => Promise<SdkResponse<{
whatsapp: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
email: (loginId: string) => Promise<SdkResponse<{
email: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedEmail: string;

@@ -395,3 +868,11 @@ }>>;

name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -403,3 +884,11 @@ maskedPhone: string;

name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -411,3 +900,11 @@ maskedPhone: string;

name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -418,9 +915,9 @@ maskedEmail: string;

signUpOrIn: {
sms: (loginId: string) => Promise<SdkResponse<{
sms: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
whatsapp: (loginId: string) => Promise<SdkResponse<{
whatsapp: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
email: (loginId: string) => Promise<SdkResponse<{
email: (loginId: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedEmail: string;

@@ -433,2 +930,5 @@ }>>;

onMergeUseExisting?: T extends true ? boolean : never;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -441,2 +941,5 @@ maskedEmail: string;

onMergeUseExisting?: T_1 extends true ? boolean : never;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -448,2 +951,5 @@ maskedPhone: string;

onMergeUseExisting?: T_1 extends true ? boolean : never;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -461,9 +967,9 @@ maskedPhone: string;

signIn: {
sms: (loginId: string, uri: string) => Promise<SdkResponse<{
sms: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
whatsapp: (loginId: string, uri: string) => Promise<SdkResponse<{
whatsapp: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
email: (loginId: string, uri: string) => Promise<SdkResponse<{
email: (loginId: string, URI: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
maskedEmail: string;

@@ -473,20 +979,44 @@ }>>;

signUp: {
sms: (loginId: string, uri: string, user?: {
sms: (loginId: string, URI: string, user?: {
email?: string;
name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
whatsapp: (loginId: string, uri: string, user?: {
whatsapp: (loginId: string, URI: string, user?: {
email?: string;
name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
email: (loginId: string, uri: string, user?: {
email: (loginId: string, URI: string, user?: {
email?: string;
name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -497,9 +1027,24 @@ maskedEmail: string;

signUpOrIn: {
sms: (loginId: string, uri: string) => Promise<SdkResponse<{
sms: (loginId: string, URI?: string, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
whatsapp: (loginId: string, uri: string) => Promise<SdkResponse<{
whatsapp: (loginId: string, URI?: string, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{
maskedPhone: string;
}>>;
email: (loginId: string, uri: string) => Promise<SdkResponse<{
email: (loginId: string, URI?: string, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{
maskedEmail: string;

@@ -512,2 +1057,5 @@ }>>;

onMergeUseExisting?: T_2 extends true ? boolean : never;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -520,2 +1068,5 @@ maskedEmail: string;

onMergeUseExisting?: T_3 extends true ? boolean : never;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -527,2 +1078,5 @@ maskedPhone: string;

onMergeUseExisting?: T_3 extends true ? boolean : never;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<{

@@ -536,11 +1090,24 @@ maskedPhone: string;

verify: (token: string) => Promise<SdkResponse<never>>;
signIn: (loginId: string, uri: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse & {
signIn: (loginId: string, URI?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse & {
refreshJwt?: string;
cookies?: string[];
}>>;
signUpOrIn: (loginId: string, uri: string) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
signUp: (loginId: string, uri: string, user?: {
signUpOrIn: (loginId: string, URI?: string, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;
signUp: (loginId: string, URI?: string, user?: {
email?: string;
name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}, signUpOptions?: {
customClaims?: Record<string, any>;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse & {

@@ -558,2 +1125,5 @@ refreshJwt?: string;

onMergeUseExisting?: T_4 extends true ? boolean : never;
templateOptions?: {
[x: string]: string;
};
}) => Promise<SdkResponse<_descope_core_js_sdk.EnchantedLinkResponse>>;

@@ -563,52 +1133,12 @@ };

oauth: {
start: ((provider: string, redirectUrl?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
facebook: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
github: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
google: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
microsoft: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
gitlab: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
apple: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
discord: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
linkedin: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
slack: (redirectURL?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
start: ((provider: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>) & {
facebook: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
github: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
google: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
microsoft: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
gitlab: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
apple: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
discord: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
linkedin: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
slack: (redirectURL?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
};

@@ -619,9 +1149,7 @@ exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {

}>>;
startNative: (provider: string, loginOptions?: _descope_core_js_sdk.LoginOptions) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
finishNative: (provider: string, stateId: string, user?: string, code?: string, idToken?: string) => Promise<SdkResponse<_descope_core_js_sdk.ResponseData>>;
};
saml: {
start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.URLResponse>>;
exchange: (code: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {

@@ -636,9 +1164,8 @@ refreshJwt?: string;

name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}) => Promise<SdkResponse<_descope_core_js_sdk.TOTPResponse>>;
verify: (loginId: string, code: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
verify: (loginId: string, code: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {
refreshJwt?: string;

@@ -662,7 +1189,3 @@ cookies?: string[];

signIn: {
start: (loginId: string, origin: string, loginOptions?: {
stepup?: boolean;
mfa?: boolean;
customClaims?: Record<string, any>;
}, token?: string) => Promise<SdkResponse<{
start: (loginId: string, origin: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string) => Promise<SdkResponse<{
transactionId: string;

@@ -697,6 +1220,11 @@ options: string;

name?: string;
givenName?: string;
middleName?: string;
familyName?: string;
phone?: string;
}) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
signIn: (loginId: string, password: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
sendReset: (loginId: string, redirectUrl?: string) => Promise<SdkResponse<{
sendReset: (loginId: string, redirectUrl?: string, templateOptions?: {
[x: string]: string;
}) => Promise<SdkResponse<{
resetMethod: string;

@@ -712,7 +1240,3 @@ pendingRef?: string;

lowercase: boolean;
uppercase: boolean; /**
* Validate the given JWT with the right key and make sure the issuer is correct
* @param jwt the JWT string to parse and validate
* @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.
*/
uppercase: boolean;
number: boolean;

@@ -731,3 +1255,3 @@ nonAlphanumeric: boolean;

lastAuth?: {
authMethod?: "otp" | "oauth" | "saml" | "totp" | "webauthn" | "magiclink" | "enchantedlink";
authMethod?: "saml" | "otp" | "oauth" | "totp" | "webauthn" | "magiclink" | "enchantedlink";
oauthProvider?: string;

@@ -746,8 +1270,12 @@ name?: string;

ssoAppId?: string;
}, conditionInteractionId?: string, interactionId?: string, input?: {
oidcLoginHint?: string;
abTestingKey?: number;
startOptionsVersion?: number;
client?: Record<string, any>;
}, conditionInteractionId?: string, interactionId?: string, version?: number, componentsVersion?: string, input?: {
[x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
}, version?: number) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
next: (executionId: string, stepId: string, interactionId: string, input?: {
}) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
next: (executionId: string, stepId: string, interactionId: string, version?: number, componentsVersion?: string, input?: {
[x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[];
}, version?: number) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
}) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>;
};

@@ -758,5 +1286,7 @@ refresh: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & {

}>>;
selectTenant: (tenantId: string, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse>>;
logout: (token?: string) => Promise<SdkResponse<never>>;
logoutAll: (token?: string) => Promise<SdkResponse<never>>;
me: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse>>;
history: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.UserHistoryResponse>>;
isJwtExpired: (token: string) => boolean;

@@ -821,2 +1351,2 @@ getTenants: (token: string) => string[];

export { AuthenticationInfo, nodeSdk as default };
export { AuthenticationInfo, nodeSdk as default, descopeErrors };

2

dist/index.esm.js

@@ -1,2 +0,2 @@

import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l}from"node-fetch-commonjs";const d=t=>async(...s)=>{var a,o,n;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function p(e,t,s){var a,o;const n=s?null===(o=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}function m(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",expirePassword:"/v1/mgmt/user/password/expire",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink"},c={updateName:"/v1/mgmt/project/update/name"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},f={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},y={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},C={list:"/v1/mgmt/flow/list",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},I={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},b={search:"/v1/mgmt/audit/search"};const A=(e,t)=>({create:(a,o,n,r,i,l,d,p,m,c)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),createTestUser:(a,o,n,r,i,l,d,p,m,c)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,test:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),invite:(a,o,n,r,i,l,d,p,m,c,g)=>s(e.httpClient.post(u.create,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:g},{token:t}),(e=>e.user)),update:(a,o,n,r,i,l,d,p,m,c)=>s(e.httpClient.post(u.update,{loginId:a,email:o,phone:n,displayName:r,roleNames:i,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c},{token:t}),(e=>e.user)),delete:a=>s(e.httpClient.post(u.delete,{loginId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(u.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(u.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(u.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(u.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(u.logout,{userId:a},{token:t})),searchAll:(a,o,n,r,i,l,d,p,m,c)=>s(e.httpClient.post(u.search,{tenantIds:a,roleNames:o,limit:n,page:r,testUsersOnly:i,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),getProviderToken:(a,o)=>s(e.httpClient.get(u.getProviderToken,{queryParams:{loginId:a,provider:o},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(u.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,o)=>s(e.httpClient.post(u.updateLoginId,{loginId:a,newLoginId:o},{token:t}),(e=>e.user)),updateEmail:(a,o,n)=>s(e.httpClient.post(u.updateEmail,{loginId:a,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(a,o,n)=>s(e.httpClient.post(u.updatePhone,{loginId:a,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(a,o)=>s(e.httpClient.post(u.updateDisplayName,{loginId:a,displayName:o},{token:t}),(e=>e.user)),updatePicture:(a,o)=>s(e.httpClient.post(u.updatePicture,{loginId:a,picture:o},{token:t}),(e=>e.user)),updateCustomAttribute:(a,o,n)=>s(e.httpClient.post(u.updateCustomAttribute,{loginId:a,attributeKey:o,attributeValue:n},{token:t}),(e=>e.user)),addRoles:(a,o)=>s(e.httpClient.post(u.addRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(a,o)=>s(e.httpClient.post(u.removeRole,{loginId:a,roleNames:o},{token:t}),(e=>e.user)),addTenant:(a,o)=>s(e.httpClient.post(u.addTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(a,o)=>s(e.httpClient.post(u.removeTenant,{loginId:a,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(a,o,n)=>s(e.httpClient.post(u.addRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(a,o,n)=>s(e.httpClient.post(u.removeRole,{loginId:a,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,o)=>s(e.httpClient.post(u.generateOTPForTest,{deliveryMethod:a,loginId:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,o,n)=>s(e.httpClient.post(u.generateMagicLinkForTest,{deliveryMethod:a,loginId:o,URI:n},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,o)=>s(e.httpClient.post(u.generateEnchantedLinkForTest,{loginId:a,URI:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,o)=>s(e.httpClient.post(u.generateEmbeddedLink,{loginId:a,customClaims:o},{token:t}),(e=>e)),setPassword:(a,o)=>s(e.httpClient.post(u.setPassword,{loginId:a,password:o},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(u.expirePassword,{loginId:a},{token:t}),(e=>e))}),T=(e,t)=>({updateName:a=>s(e.httpClient.post(c.updateName,{name:a},{token:t}))}),P=(e,t)=>({create:(a,o,n)=>s(e.httpClient.post(h.create,{name:a,selfProvisioningDomains:o,customAttributes:n},{token:t})),createWithId:(a,o,n,r)=>s(e.httpClient.post(h.create,{id:a,name:o,selfProvisioningDomains:n,customAttributes:r},{token:t})),update:(a,o,n,r)=>s(e.httpClient.post(h.update,{id:a,name:o,selfProvisioningDomains:n,customAttributes:r},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,o,n,r)=>s(e.httpClient.post(h.searchAll,{tenantIds:a,tenantNames:o,tenantSelfProvisioningDomains:n,customAttributes:r},{token:t}),(e=>e.tenants))}),x=(e,t)=>({update:(a,o)=>s(e.httpClient.post(k.update,{jwt:a,customClaims:o},{token:t}))}),E=(e,t)=>({create:(a,o)=>s(e.httpClient.post(f.create,{name:a,description:o},{token:t})),update:(a,o,n)=>s(e.httpClient.post(f.update,{name:a,newName:o,description:n},{token:t})),delete:a=>s(e.httpClient.post(f.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(f.loadAll,{token:t}),(e=>e.permissions))}),j=(e,t)=>({create:(a,o,n)=>s(e.httpClient.post(y.create,{name:a,description:o,permissionNames:n},{token:t})),update:(a,o,n,r)=>s(e.httpClient.post(y.update,{name:a,newName:o,description:n,permissionNames:r},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.roles))}),N=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(I.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,o,n)=>s(e.httpClient.post(I.loadAllGroupsForMember,{tenantId:a,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(a,o)=>s(e.httpClient.post(I.loadAllGroupMembers,{tenantId:a,groupId:o},{token:t}))}),R=(e,t)=>({getSettings:a=>s(e.httpClient.get(v.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(v.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,o,n,r,i,l)=>s(e.httpClient.post(v.settings,{tenantId:a,idpURL:o,entityId:r,idpCert:n,redirectURL:i,domain:l},{token:t})),configureMetadata:(a,o,n,r)=>s(e.httpClient.post(v.metadata,{tenantId:a,idpMetadataURL:o,redirectURL:n,domain:r},{token:t})),configureMapping:(a,o,n)=>s(e.httpClient.post(v.mapping,{tenantId:a,roleMappings:o,attributeMapping:n},{token:t}))}),O=(e,t)=>({create:(a,o,n,r)=>s(e.httpClient.post(g.create,{name:a,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:a=>s(e.httpClient.get(g.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(g.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,o)=>s(e.httpClient.post(g.update,{id:a,name:o},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(g.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(g.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(g.delete,{id:a},{token:t}))}),S=(e,t)=>({list:()=>s(e.httpClient.post(C.list,{},{token:t})),export:a=>s(e.httpClient.post(C.export,{flowId:a},{token:t})),import:(a,o,n)=>s(e.httpClient.post(C.import,{flowId:a,flow:o,screens:n},{token:t}))}),U=(e,t)=>({export:()=>s(e.httpClient.post(w.export,{},{token:t})),import:a=>s(e.httpClient.post(w.import,{theme:a},{token:t}))}),M=(e,t)=>({search:a=>{const o=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete o.loginIds,s(e.httpClient.post(b.search,o,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}});var L;null!==(L=globalThis.Headers)&&void 0!==L||(globalThis.Headers=l);const F=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),i(...e)),D=s=>{var i,{managementKey:l,publicKey:u}=s,c=e(s,["managementKey","publicKey"]);const g=t(Object.assign(Object.assign({fetch:F},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"0.0.0-next-f64741f7-20231029"})})),{projectId:h,logger:v}=c,k={},f=((e,t)=>({user:A(e,t),project:T(e,t),accessKey:O(e,t),tenant:P(e,t),sso:R(e,t),jwt:x(e,t),permission:E(e,t),role:j(e,t),group:N(e,t),flow:S(e,t),theme:U(e,t),audit:M(e,t)}))(g,l),y=Object.assign(Object.assign({},g),{management:f,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(u)try{const e=JSON.parse(u),t=await r(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await g.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await o(e,y.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await y.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await y.validateJwt(e);const a=await y.refresh(e);if(a.ok){return await y.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await y.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return y.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await y.accessKey.exchange(e)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:s}=t.data;if(!s)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await y.validateJwt(s)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>y.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},validateRoles:(e,t)=>y.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))}});return a(y,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};D.RefreshTokenCookieName="DSR",D.SessionTokenCookieName="DS";export{D as default};
import{__rest as e}from"tslib";import t,{transformResponse as s,wrapWith as a}from"@descope/core-js-sdk";import{jwtVerify as n,errors as o,importJWK as i}from"jose";import{Headers as r,fetch as l}from"cross-fetch";const d=t=>async(...s)=>{var a,n,o;const i=await t(...s);if(!i.data)return i;let r=i.data,{refreshJwt:l}=r,d=e(r,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=i.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=i.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(o=i.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},i),{data:Object.assign(Object.assign({},i.data),{refreshJwt:l,cookies:p})})};function p(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}function m(e,t){var s;return!!(null===(s=e.token.tenants)||void 0===s?void 0:s[t])}var g={create:"/v1/mgmt/user/create",createBatch:"/v1/mgmt/user/create/batch",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",deleteAllTestUsers:"/v1/mgmt/user/test/delete/all",load:"/v1/mgmt/user",logout:"/v1/mgmt/user/logout",search:"/v1/mgmt/user/search",getProviderToken:"/v1/mgmt/user/provider/token",updateStatus:"/v1/mgmt/user/update/status",updateLoginId:"/v1/mgmt/user/update/loginid",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",updatePicture:"/v1/mgmt/user/update/picture",updateCustomAttribute:"/v1/mgmt/user/update/customAttribute",setRole:"/v1/mgmt/user/update/role/set",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",setSSOApps:"/v1/mgmt/user/update/ssoapp/set",addSSOApps:"/v1/mgmt/user/update/ssoapp/add",removeSSOApps:"/v1/mgmt/user/update/ssoapp/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove",setPassword:"/v1/mgmt/user/password/set",setTemporaryPassword:"/v1/mgmt/user/password/set/temporary",setActivePassword:"/v1/mgmt/user/password/set/active",expirePassword:"/v1/mgmt/user/password/expire",removeAllPasskeys:"/v1/mgmt/user/passkeys/delete",generateOTPForTest:"/v1/mgmt/tests/generate/otp",generateMagicLinkForTest:"/v1/mgmt/tests/generate/magiclink",generateEnchantedLinkForTest:"/v1/mgmt/tests/generate/enchantedlink",generateEmbeddedLink:"/v1/mgmt/user/signin/embeddedlink",history:"/v1/mgmt/user/history"},c={updateName:"/v1/mgmt/project/update/name",clone:"/v1/mgmt/project/clone",export:"/v1/mgmt/project/export",import:"/v1/mgmt/project/import"},u={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",load:"/v1/mgmt/tenant",settings:"/v1/mgmt/tenant/settings",loadAll:"/v1/mgmt/tenant/all",searchAll:"/v1/mgmt/tenant/search"},v={oidcCreate:"/v1/mgmt/sso/idp/app/oidc/create",samlCreate:"/v1/mgmt/sso/idp/app/saml/create",oidcUpdate:"/v1/mgmt/sso/idp/app/oidc/update",samlUpdate:"/v1/mgmt/sso/idp/app/saml/update",delete:"/v1/mgmt/sso/idp/app/delete",load:"/v1/mgmt/sso/idp/app/load",loadAll:"/v1/mgmt/sso/idp/apps/load"},k={settings:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping",settingsv2:"/v2/mgmt/sso/settings",oidc:{configure:"/v1/mgmt/sso/oidc"},saml:{configure:"/v1/mgmt/sso/saml",metadata:"/v1/mgmt/sso/saml/metadata"}},C={update:"/v1/mgmt/jwt/update",impersonate:"/v1/mgmt/impersonate"},f={settings:"/v1/mgmt/password/settings"},y={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},I={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all",search:"/v1/mgmt/role/search"},b={list:"/v1/mgmt/flow/list",delete:"/v1/mgmt/flow/delete",export:"/v1/mgmt/flow/export",import:"/v1/mgmt/flow/import"},w={export:"/v1/mgmt/theme/export",import:"/v1/mgmt/theme/import"},A={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"},O={search:"/v1/mgmt/audit/search"},S={schemaSave:"/v1/mgmt/authz/schema/save",schemaDelete:"/v1/mgmt/authz/schema/delete",schemaLoad:"/v1/mgmt/authz/schema/load",nsSave:"/v1/mgmt/authz/ns/save",nsDelete:"/v1/mgmt/authz/ns/delete",rdSave:"/v1/mgmt/authz/rd/save",rdDelete:"/v1/mgmt/authz/rd/delete",reCreate:"/v1/mgmt/authz/re/create",reDelete:"/v1/mgmt/authz/re/delete",reDeleteResources:"/v1/mgmt/authz/re/deleteresources",hasRelations:"/v1/mgmt/authz/re/has",who:"/v1/mgmt/authz/re/who",resource:"/v1/mgmt/authz/re/resource",targets:"/v1/mgmt/authz/re/targets",targetAll:"/v1/mgmt/authz/re/targetall",getModified:"/v1/mgmt/authz/getmodified"};const N=(e,t)=>({create:function(a,n,o,i,r,l,d,p,m,c,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(g.create,C,{token:t}),(e=>e.user))},createTestUser:function(a,n,o,i,r,l,d,p,m,c,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k,test:!0}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0,test:!0});return s(e.httpClient.post(g.create,C,{token:t}),(e=>e.user))},invite:function(a,n,o,i,r,l,d,p,m,c,u,h,v,k,C,f,y){const I="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:k,middleName:C,familyName:f,roleNames:r,userTenants:l,invite:!0,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,inviteUrl:u,sendMail:h,sendSMS:v,additionalLoginIds:y}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0,invite:!0});return s(e.httpClient.post(g.create,I,{token:t}),(e=>e.user))},inviteBatch:(a,n,o,i,r)=>s(e.httpClient.post(g.createBatch,{users:a,invite:!0,inviteUrl:n,sendMail:o,sendSMS:i,templateOptions:r},{token:t}),(e=>e)),update:function(a,n,o,i,r,l,d,p,m,c,u,h,v,k){const C="string"==typeof n?{loginId:a,email:n,phone:o,displayName:i,givenName:u,middleName:h,familyName:v,roleNames:r,userTenants:l,customAttributes:d,picture:p,verifiedEmail:m,verifiedPhone:c,additionalLoginIds:k}:Object.assign(Object.assign({loginId:a},n),{roleNames:null==n?void 0:n.roles,roles:void 0});return s(e.httpClient.post(g.update,C,{token:t}),(e=>e.user))},delete:a=>s(e.httpClient.post(g.delete,{loginId:a},{token:t})),deleteByUserId:a=>s(e.httpClient.post(g.delete,{userId:a},{token:t})),deleteAllTestUsers:()=>s(e.httpClient.delete(g.deleteAllTestUsers,{token:t})),load:a=>s(e.httpClient.get(g.load,{queryParams:{loginId:a},token:t}),(e=>e.user)),loadByUserId:a=>s(e.httpClient.get(g.load,{queryParams:{userId:a},token:t}),(e=>e.user)),logoutUser:a=>s(e.httpClient.post(g.logout,{loginId:a},{token:t})),logoutUserByUserId:a=>s(e.httpClient.post(g.logout,{userId:a},{token:t})),searchAll:(a,n,o,i,r,l,d,p,m,c)=>s(e.httpClient.post(g.search,{tenantIds:a,roleNames:n,limit:o,page:i,testUsersOnly:r,withTestUser:l,customAttributes:d,statuses:p,emails:m,phones:c},{token:t}),(e=>e.users)),search:a=>s(e.httpClient.post(g.search,Object.assign(Object.assign({},a),{roleNames:a.roles,roles:void 0}),{token:t}),(e=>e.users)),getProviderToken:(a,n)=>s(e.httpClient.get(g.getProviderToken,{queryParams:{loginId:a,provider:n},token:t}),(e=>e)),activate:a=>s(e.httpClient.post(g.updateStatus,{loginId:a,status:"enabled"},{token:t}),(e=>e.user)),deactivate:a=>s(e.httpClient.post(g.updateStatus,{loginId:a,status:"disabled"},{token:t}),(e=>e.user)),updateLoginId:(a,n)=>s(e.httpClient.post(g.updateLoginId,{loginId:a,newLoginId:n},{token:t}),(e=>e.user)),updateEmail:(a,n,o)=>s(e.httpClient.post(g.updateEmail,{loginId:a,email:n,verified:o},{token:t}),(e=>e.user)),updatePhone:(a,n,o)=>s(e.httpClient.post(g.updatePhone,{loginId:a,phone:n,verified:o},{token:t}),(e=>e.user)),updateDisplayName:(a,n,o,i,r)=>s(e.httpClient.post(g.updateDisplayName,{loginId:a,displayName:n,givenName:o,middleName:i,familyName:r},{token:t}),(e=>e.user)),updatePicture:(a,n)=>s(e.httpClient.post(g.updatePicture,{loginId:a,picture:n},{token:t}),(e=>e.user)),updateCustomAttribute:(a,n,o)=>s(e.httpClient.post(g.updateCustomAttribute,{loginId:a,attributeKey:n,attributeValue:o},{token:t}),(e=>e.user)),setRoles:(a,n)=>s(e.httpClient.post(g.setRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addRoles:(a,n)=>s(e.httpClient.post(g.addRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(a,n)=>s(e.httpClient.post(g.removeRole,{loginId:a,roleNames:n},{token:t}),(e=>e.user)),addTenant:(a,n)=>s(e.httpClient.post(g.addTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(a,n)=>s(e.httpClient.post(g.removeTenant,{loginId:a,tenantId:n},{token:t}),(e=>e.user)),setTenantRoles:(a,n,o)=>s(e.httpClient.post(g.setRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addTenantRoles:(a,n,o)=>s(e.httpClient.post(g.addRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),removeTenantRoles:(a,n,o)=>s(e.httpClient.post(g.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:t}),(e=>e.user)),addSSOapps:(a,n)=>s(e.httpClient.post(g.addSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),setSSOapps:(a,n)=>s(e.httpClient.post(g.setSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),removeSSOapps:(a,n)=>s(e.httpClient.post(g.removeSSOApps,{loginId:a,ssoAppIds:n},{token:t}),(e=>e.user)),generateOTPForTestUser:(a,n,o)=>s(e.httpClient.post(g.generateOTPForTest,{deliveryMethod:a,loginId:n,loginOptions:o},{token:t}),(e=>e)),generateMagicLinkForTestUser:(a,n,o,i)=>s(e.httpClient.post(g.generateMagicLinkForTest,{deliveryMethod:a,loginId:n,URI:o,loginOptions:i},{token:t}),(e=>e)),generateEnchantedLinkForTestUser:(a,n,o)=>s(e.httpClient.post(g.generateEnchantedLinkForTest,{loginId:a,URI:n,loginOptions:o},{token:t}),(e=>e)),generateEmbeddedLink:(a,n)=>s(e.httpClient.post(g.generateEmbeddedLink,{loginId:a,customClaims:n},{token:t}),(e=>e)),setTemporaryPassword:(a,n)=>s(e.httpClient.post(g.setTemporaryPassword,{loginId:a,password:n},{token:t}),(e=>e)),setActivePassword:(a,n)=>s(e.httpClient.post(g.setActivePassword,{loginId:a,password:n},{token:t}),(e=>e)),setPassword:(a,n)=>s(e.httpClient.post(g.setPassword,{loginId:a,password:n},{token:t}),(e=>e)),expirePassword:a=>s(e.httpClient.post(g.expirePassword,{loginId:a},{token:t}),(e=>e)),removeAllPasskeys:a=>s(e.httpClient.post(g.removeAllPasskeys,{loginId:a},{token:t}),(e=>e)),history:a=>s(e.httpClient.post(g.history,a,{token:t}),(e=>e))}),P=(e,t)=>({updateName:a=>s(e.httpClient.post(c.updateName,{name:a},{token:t})),clone:(a,n)=>s(e.httpClient.post(c.clone,{name:a,tag:n},{token:t})),export:()=>s(e.httpClient.post(c.export,{},{token:t}),(e=>e.files)),import:a=>s(e.httpClient.post(c.import,{files:a},{token:t}))}),j=(e,t)=>({create:(a,n,o)=>s(e.httpClient.post(h.create,{name:a,selfProvisioningDomains:n,customAttributes:o},{token:t})),createWithId:(a,n,o,i)=>s(e.httpClient.post(h.create,{id:a,name:n,selfProvisioningDomains:o,customAttributes:i},{token:t})),update:(a,n,o,i)=>s(e.httpClient.post(h.update,{id:a,name:n,selfProvisioningDomains:o,customAttributes:i},{token:t})),delete:a=>s(e.httpClient.post(h.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(h.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants)),searchAll:(a,n,o,i)=>s(e.httpClient.post(h.searchAll,{tenantIds:a,tenantNames:n,tenantSelfProvisioningDomains:o,customAttributes:i},{token:t}),(e=>e.tenants)),getSettings:a=>s(e.httpClient.get(h.settings,{queryParams:{id:a},token:t}),(e=>e)),configureSettings:(a,n)=>s(e.httpClient.post(h.settings,Object.assign(Object.assign({},n),{tenantId:a}),{token:t}))}),T=(e,t)=>({update:(a,n)=>s(e.httpClient.post(C.update,{jwt:a,customClaims:n},{token:t})),impersonate:(a,n,o)=>s(e.httpClient.post(C.impersonate,{impersonatorId:a,loginId:n,validateConsent:o},{token:t}))}),R=(e,t)=>({create:(a,n)=>s(e.httpClient.post(y.create,{name:a,description:n},{token:t})),update:(a,n,o)=>s(e.httpClient.post(y.update,{name:a,newName:n,description:o},{token:t})),delete:a=>s(e.httpClient.post(y.delete,{name:a},{token:t})),loadAll:()=>s(e.httpClient.get(y.loadAll,{token:t}),(e=>e.permissions))}),M=(e,t)=>({create:(a,n,o,i)=>s(e.httpClient.post(I.create,{name:a,description:n,permissionNames:o,tenantId:i},{token:t})),update:(a,n,o,i,r)=>s(e.httpClient.post(I.update,{name:a,newName:n,description:o,permissionNames:i,tenantId:r},{token:t})),delete:(a,n)=>s(e.httpClient.post(I.delete,{name:a,tenantId:n},{token:t})),loadAll:()=>s(e.httpClient.get(I.loadAll,{token:t}),(e=>e.roles)),search:a=>s(e.httpClient.post(I.search,a,{token:t}),(e=>e.roles))}),E=(e,t)=>({loadAllGroups:a=>s(e.httpClient.post(A.loadAllGroups,{tenantId:a},{token:t})),loadAllGroupsForMember:(a,n,o)=>s(e.httpClient.post(A.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:t})),loadAllGroupMembers:(a,n)=>s(e.httpClient.post(A.loadAllGroupMembers,{tenantId:a,groupId:n},{token:t}))}),x=(e,t)=>({getSettings:a=>s(e.httpClient.get(k.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),deleteSettings:a=>s(e.httpClient.delete(k.settings,{queryParams:{tenantId:a},token:t})),configureSettings:(a,n,o,i,r,l)=>s(e.httpClient.post(k.settings,{tenantId:a,idpURL:n,entityId:i,idpCert:o,redirectURL:r,domains:l},{token:t})),configureMetadata:(a,n,o,i)=>s(e.httpClient.post(k.metadata,{tenantId:a,idpMetadataURL:n,redirectURL:o,domains:i},{token:t})),configureMapping:(a,n,o)=>s(e.httpClient.post(k.mapping,{tenantId:a,roleMappings:n,attributeMapping:o},{token:t})),configureOIDCSettings:(a,n,o)=>{const i=Object.assign(Object.assign({},n),{userAttrMapping:n.attributeMapping});return delete i.attributeMapping,s(e.httpClient.post(k.oidc.configure,{tenantId:a,settings:i,domains:o},{token:t}))},configureSAMLSettings:(a,n,o,i)=>s(e.httpClient.post(k.saml.configure,{tenantId:a,settings:n,redirectUrl:o,domains:i},{token:t})),configureSAMLByMetadata:(a,n,o,i)=>s(e.httpClient.post(k.saml.metadata,{tenantId:a,settings:n,redirectUrl:o,domains:i},{token:t})),loadSettings:a=>s(e.httpClient.get(k.settingsv2,{queryParams:{tenantId:a},token:t}),(e=>{var t,s;const a=e;return a.oidc&&(a.oidc=Object.assign(Object.assign({},a.oidc),{attributeMapping:a.oidc.userAttrMapping}),delete a.oidc.userAttrMapping),(null===(t=a.saml)||void 0===t?void 0:t.groupsMapping)&&(a.saml.groupsMapping=null===(s=a.saml)||void 0===s?void 0:s.groupsMapping.map((e=>{const t=e;return t.roleName=t.role.name,delete t.role,t}))),a}))}),U=(e,t)=>({create:(a,n,o,i,r,l)=>s(e.httpClient.post(u.create,{name:a,expireTime:n,roleNames:o,keyTenants:i,userId:r,customClaims:l},{token:t})),load:a=>s(e.httpClient.get(u.load,{queryParams:{id:a},token:t}),(e=>e.key)),searchAll:a=>s(e.httpClient.post(u.search,{tenantIds:a},{token:t}),(e=>e.keys)),update:(a,n)=>s(e.httpClient.post(u.update,{id:a,name:n},{token:t}),(e=>e.key)),deactivate:a=>s(e.httpClient.post(u.deactivate,{id:a},{token:t})),activate:a=>s(e.httpClient.post(u.activate,{id:a},{token:t})),delete:a=>s(e.httpClient.post(u.delete,{id:a},{token:t}))}),L=(e,t)=>({list:()=>s(e.httpClient.post(b.list,{},{token:t})),delete:a=>s(e.httpClient.post(b.delete,{ids:a},{token:t})),export:a=>s(e.httpClient.post(b.export,{flowId:a},{token:t})),import:(a,n,o)=>s(e.httpClient.post(b.import,{flowId:a,flow:n,screens:o},{token:t}))}),D=(e,t)=>({export:()=>s(e.httpClient.post(w.export,{},{token:t})),import:a=>s(e.httpClient.post(w.import,{theme:a},{token:t}))}),F=(e,t)=>({search:a=>{const n=Object.assign(Object.assign({},a),{externalIds:a.loginIds});return delete n.loginIds,s(e.httpClient.post(O.search,n,{token:t}),(e=>null==e?void 0:e.audits.map((e=>{const t=Object.assign(Object.assign({},e),{occurred:parseFloat(e.occurred),loginIds:e.externalIds});return delete t.externalIds,t}))))}}),z=(e,t)=>({saveSchema:(a,n)=>s(e.httpClient.post(S.schemaSave,{schema:a,upgrade:n},{token:t})),deleteSchema:()=>s(e.httpClient.post(S.schemaDelete,{},{token:t})),loadSchema:()=>s(e.httpClient.post(S.schemaLoad,{},{token:t}),(e=>e.schema)),saveNamespace:(a,n,o)=>s(e.httpClient.post(S.nsSave,{namespace:a,oldName:n,schemaName:o},{token:t})),deleteNamespace:(a,n)=>s(e.httpClient.post(S.nsDelete,{name:a,schemaName:n},{token:t})),saveRelationDefinition:(a,n,o,i)=>s(e.httpClient.post(S.rdSave,{relationDefinition:a,namespace:n,oldName:o,schemaName:i},{token:t})),deleteRelationDefinition:(a,n,o)=>s(e.httpClient.post(S.rdDelete,{name:a,namespace:n,schemaName:o},{token:t})),createRelations:a=>s(e.httpClient.post(S.reCreate,{relations:a},{token:t})),deleteRelations:a=>s(e.httpClient.post(S.reDelete,{relations:a},{token:t})),deleteRelationsForResources:a=>s(e.httpClient.post(S.reDeleteResources,{resources:a},{token:t})),hasRelations:a=>s(e.httpClient.post(S.hasRelations,{relationQueries:a},{token:t}),(e=>e.relationQueries)),whoCanAccess:(a,n,o)=>s(e.httpClient.post(S.who,{resource:a,relationDefinition:n,namespace:o},{token:t}),(e=>e.targets)),resourceRelations:a=>s(e.httpClient.post(S.resource,{resource:a},{token:t}),(e=>e.relations)),targetsRelations:a=>s(e.httpClient.post(S.targets,{targets:a},{token:t}),(e=>e.relations)),whatCanTargetAccess:a=>s(e.httpClient.post(S.targetAll,{target:a},{token:t}),(e=>e.relations)),getModified:a=>s(e.httpClient.post(S.getModified,{since:a?a.getTime():0},{token:t}),(e=>e))}),q=(e,t)=>({createOidcApplication:a=>{var n;return s(e.httpClient.post(v.oidcCreate,Object.assign(Object.assign({},a),{enabled:null===(n=a.enabled)||void 0===n||n}),{token:t}))},createSamlApplication:a=>{var n;return s(e.httpClient.post(v.samlCreate,Object.assign(Object.assign({},a),{enabled:null===(n=a.enabled)||void 0===n||n}),{token:t}))},updateOidcApplication:a=>s(e.httpClient.post(v.oidcUpdate,Object.assign({},a),{token:t})),updateSamlApplication:a=>s(e.httpClient.post(v.samlUpdate,Object.assign({},a),{token:t})),delete:a=>s(e.httpClient.post(v.delete,{id:a},{token:t})),load:a=>s(e.httpClient.get(v.load,{queryParams:{id:a},token:t}),(e=>e)),loadAll:()=>s(e.httpClient.get(v.loadAll,{token:t}),(e=>e.apps))}),$=(e,t)=>({getSettings:a=>s(e.httpClient.get(f.settings,{queryParams:{tenantId:a},token:t}),(e=>e)),configureSettings:(a,n)=>s(e.httpClient.post(f.settings,Object.assign(Object.assign({},n),{tenantId:a}),{token:t}))});var J;null!==(J=globalThis.Headers)&&void 0!==J||(globalThis.Headers=r);const K=(...e)=>(e.forEach((e=>{var t,s;e&&(null!==(t=(s=e).highWaterMark)&&void 0!==t||(s.highWaterMark=31457280))})),l(...e)),G={badRequest:"E011001",missingArguments:"E011002",invalidRequest:"E011003",invalidArguments:"E011004",wrongOTPCode:"E061102",tooManyOTPAttempts:"E061103",enchantedLinkPending:"E062503",userNotFound:"E062108"},B=s=>{var r,{managementKey:l,publicKey:g}=s,c=e(s,["managementKey","publicKey"]);const u=t(Object.assign(Object.assign({fetch:K},c),{baseHeaders:Object.assign(Object.assign({},c.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(r=null===process||void 0===process?void 0:process.versions)||void 0===r?void 0:r.node)||"","x-descope-sdk-version":"0.0.0-next-f6a1995c-20240327"})})),{projectId:h,logger:v}=c,k={},C=((e,t)=>({user:N(e,t),project:P(e,t),accessKey:U(e,t),tenant:j(e,t),ssoApplication:q(e,t),sso:x(e,t),jwt:T(e,t),permission:R(e,t),password:$(e,t),role:M(e,t),group:E(e,t),flow:L(e,t),theme:D(e,t),audit:F(e,t),authz:z(e,t)}))(u,l),f=Object.assign(Object.assign({},u),{management:C,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(k[e.kid])return k[e.kid];if(Object.assign(k,await(async()=>{if(g)try{const e=JSON.parse(g),t=await i(e);return{[e.kid]:t}}catch(e){throw null==v||v.error("Failed to parse the provided public key",e),new Error(`Failed to parse public key. Error: ${e}`)}const e=(await u.httpClient.get(`v2/keys/${h}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await i(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!k[e.kid])throw Error("failed to fetch matching key");return k[e.kid]},async validateJwt(e){var t;const s=(await n(e,f.getKey,{clockTolerance:5})).payload;if(s&&(s.iss=null===(t=s.iss)||void 0===t?void 0:t.split("/").pop(),s.iss!==h))throw new o.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:s}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await f.validateJwt(e)}catch(e){throw null==v||v.error("session validation failed",e),Error(`session validation failed. Error: ${e}`)}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await f.validateJwt(e);const a=await f.refresh(e);if(a.ok){return await f.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.errorMessage)}catch(e){throw null==v||v.error("refresh token validation failed",e),Error(`refresh token validation failed, Error: ${e}`)}},async validateAndRefreshSession(e,t){if(!e&&!t)throw Error("both session and refresh tokens are empty");try{return await f.validateSession(e)}catch(e){null==v||v.log(`session validation failed with error ${e} - trying to refresh it`)}return f.refreshSession(t)},async exchangeAccessKey(e,t){if(!e)throw Error("access key must not be empty");let s;try{s=await f.accessKey.exchange(e,t)}catch(e){throw null==v||v.error("failed to exchange access key",e),Error(`could not exchange access key - Failed to exchange. Error: ${e}`)}const{sessionJwt:a}=s.data;if(!a)throw null==v||v.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await f.validateJwt(a)}catch(e){throw null==v||v.error("failed to parse jwt from access key",e),Error(`could not exchange access key - failed to validate jwt. Error: ${e}`)}},validatePermissions:(e,t)=>f.validateTenantPermissions(e,"",t),getMatchedPermissions:(e,t)=>f.getMatchedTenantPermissions(e,"",t),validateTenantPermissions(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"permissions",t);return s.every((e=>a.includes(e)))},getMatchedTenantPermissions(e,t,s){if(t&&!m(e,t))return[];const a=p(e,"permissions",t);return s.filter((e=>a.includes(e)))},validateRoles:(e,t)=>f.validateTenantRoles(e,"",t),getMatchedRoles:(e,t)=>f.getMatchedTenantRoles(e,"",t),validateTenantRoles(e,t,s){if(t&&!m(e,t))return!1;const a=p(e,"roles",t);return s.every((e=>a.includes(e)))},getMatchedTenantRoles(e,t,s){if(t&&!m(e,t))return[];const a=p(e,"roles",t);return s.filter((e=>a.includes(e)))}});return a(f,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],d)};B.RefreshTokenCookieName="DSR",B.SessionTokenCookieName="DS";export{B as default,G as descopeErrors};
//# sourceMappingURL=index.esm.js.map

25

package.json
{
"name": "@descope/node-sdk",
"version": "0.0.0-next-f64741f7-20231029",
"version": "0.0.0-next-f6a1995c-20240327",
"description": "Node.js library used to integrate with Descope",

@@ -63,7 +63,6 @@ "typings": "./dist/index.d.ts",

"@rollup/plugin-typescript": "^8.3.0",
"@size-limit/preset-small-lib": "^8.0.0",
"@size-limit/preset-small-lib": "^11.0.0",
"@types/jest": "^29.0.0",
"@types/jsonwebtoken": "^9.0.0",
"@types/node": "^15.14.9",
"@types/node-fetch": "^2.6.1",
"@types/node": "^20.0.0",
"@typescript-eslint/eslint-plugin": "^5.25.0",

@@ -74,7 +73,7 @@ "@typescript-eslint/parser": "^5.27.0",

"eslint-config-airbnb-typescript": "^17.0.0",
"eslint-config-prettier": "^8.5.0",
"eslint-config-prettier": "^9.0.0",
"eslint-import-resolver-typescript": "^3.0.0",
"eslint-plugin-import": "^2.26.0",
"eslint-plugin-jest": "^27.0.0",
"eslint-plugin-jest-dom": "^4.0.2",
"eslint-plugin-jest-dom": "^5.0.0",
"eslint-plugin-jest-formatting": "^3.1.0",

@@ -87,5 +86,5 @@ "eslint-plugin-no-only-tests": "^3.0.0",

"jsdoc": "^4.0.0",
"lint-staged": "^13.0.3",
"lint-staged": "^15.0.0",
"nock": "^13.2.4",
"prettier": "^2.7.1",
"prettier": "^2.8.8",
"pretty-quick": "^3.1.3",

@@ -98,3 +97,3 @@ "rollup": "^2.62.0",

"rollup-plugin-dts": "^4.2.2",
"rollup-plugin-esbuild": "^5.0.0",
"rollup-plugin-esbuild": "^6.0.0",
"rollup-plugin-inject-process-env": "^1.3.1",

@@ -108,7 +107,7 @@ "rollup-plugin-livereload": "^2.0.5",

"dependencies": {
"@descope/core-js-sdk": "1.10.0",
"jose": "4.15.2",
"node-fetch-commonjs": "3.3.2",
"tslib": "^1.14.1"
"@descope/core-js-sdk": "2.11.5",
"cross-fetch": "^4.0.0",
"jose": "5.2.2",
"tslib": "^2.0.0"
}
}

536

README.md

@@ -73,4 +73,8 @@ # Descope SDK for Node.js

9. [Manage JWTs](#manage-jwts)
10. [Embedded Links](#embedded-links)
11. [Search Audit](#search-audit)
10. [Impersonate](#impersonate)
11. [Embedded Links](#embedded-links)
12. [Search Audit](#search-audit)
13. [Manage Authz](#manage-authz)
14. [Manage Project](#manage-project)
15. [Manage SSO applications](#manage-sso-applications)

@@ -83,2 +87,32 @@ If you wish to run any of our code samples and play with them, check out our [Code Examples](#code-examples) section.

## Error Handling
Every `async` operation may fail. In case it does, there will be information regarding what happened on the response object.
A typical case of error handling might look something like:
```ts
import { SdkResponse, descopeErrors } from '@descope/node-sdk';
// ...
try {
const resp = await sdk.otp.signIn.email(loginId);
if (resp.error) {
switch (resp.error.errorCode) {
case descopeErrors.userNotFound:
// Handle specifically
break;
default:
// Handle generally
// `resp.error` will contain `errorCode`, `errorDescription` and sometimes `errorMessage` to
// help understand what went wrong. See SdkResponse for more information.
}
}
} catch (e) {
// Handle technical error
}
```
---
### OTP Authentication

@@ -387,3 +421,3 @@

res.status(401).json({
error: new Error('Unauthorized!'),
error: 'Unauthorized!',
});

@@ -404,7 +438,5 @@ }

// You can validate specific permissions
const validTenantPermissions = await descopeClient.validateTenantPermissions(
authInfo,
'my-tenant-ID',
['Permission to validate'],
);
const validTenantPermissions = descopeClient.validateTenantPermissions(authInfo, 'my-tenant-ID', [
'Permission to validate',
]);
if (!validTenantPermissions) {

@@ -415,3 +447,3 @@ // Deny access

// Or validate roles directly
const validTenantRoles = await descopeClient.validateTenantRoles(authInfo, 'my-tenant-ID', [
const validTenantRoles = descopeClient.validateTenantRoles(authInfo, 'my-tenant-ID', [
'Role to validate',

@@ -422,2 +454,14 @@ ]);

}
// Or get the matched roles/permissions
const matchedTenantRoles = descopeClient.getMatchedTenantRoles(authInfo, 'my-tenant-ID', [
'Role to validate',
'Another role to validate',
]);
const matchedTenantPermissions = descopeClient.getMatchedTenantPermissions(
authInfo,
'my-tenant-ID',
['Permission to validate', 'Another permission to validate'],
);
```

@@ -429,5 +473,3 @@

// You can validate specific permissions
const validPermissions = await descopeClient.validatePermissions(authInfo, [
'Permission to validate',
]);
const validPermissions = descopeClient.validatePermissions(authInfo, ['Permission to validate']);
if (!validPermissions) {

@@ -438,6 +480,17 @@ // Deny access

// Or validate roles directly
const validRoles = await descopeClient.validateRoles(authInfo, ['Role to validate']);
const validRoles = descopeClient.validateRoles(authInfo, ['Role to validate']);
if (!validRoles) {
// Deny access
}
// Or get the matched roles/permissions
const matchedRoles = descopeClient.getMatchedRoles(authInfo, [
'Role to validate',
'Another role to validate',
]);
const matchedPermissions = descopeClient.getMatchedPermissions(authInfo, [
'Permission to validate',
'Another permission to validate',
]);
```

@@ -483,3 +536,3 @@

You can create, update, delete or load tenants:
You can create, update, delete or load tenants, as well as read and update tenant settings:

@@ -523,4 +576,100 @@ ```typescript

});
// Load tenant settings by id
const tenantSettings = await descopeClient.management.tenant.getSettings('my-tenant-id');
// Update will override all fields as is. Use carefully.
await descopeClient.management.tenant.configureSettings('my-tenant-id', {
domains: ['domain1.com'],
selfProvisioningDomains: ['domain1.com'],
sessionSettingsEnabled: true,
refreshTokenExpiration: 12,
refreshTokenExpirationUnit: 'days',
sessionTokenExpiration: 10,
sessionTokenExpirationUnit: 'minutes',
enableInactivity: true,
JITDisabled: false,
InactivityTime: 10,
InactivityTimeUnit: 'minutes',
});
```
### Manage Password
You can read and update any tenant password settings and policy:
```typescript
// Load tenant password settings by id
const passwordSettings = await descopeClient.management.password.getSettings('my-tenant-id');
// Update will override all fields as is. Use carefully.
await descopeClient.management.password.configureSettings('my-tenant-id', {
enabled: true,
minLength: 8,
expiration: true,
expirationWeeks: 4,
lock: true,
lockAttempts: 5,
reuse: true,
reuseAmount: 6,
lowercase: true,
uppercase: false,
number: true,
nonAlphaNumeric: false,
});
```
### Manage SSO applications
You can create, update, delete or load SSO applications:
```typescript
// Create OIDC sso application
await descopeClient.management.ssoApplication.createOidcApplication({
name: 'My OIDC app name',
loginPageUrl: 'http://dummy.com/login',
});
// Create SAML sso application
await descopeClient.management.ssoApplication.createSamlApplication({
name: 'My SAML app name',
loginPageUrl: 'http://dummy.com/login',
useMetadataInfo: true,
metadataUrl: 'http://dummy.com/metadata',
});
// Update OIDC sso application.
// Update will override all fields as is. Use carefully.
await descopeClient.management.ssoApplication.updateOidcApplication({
id: 'my-app-id',
name: 'My OIDC app name',
loginPageUrl: 'http://dummy.com/login',
});
// Update SAML sso application.
// Update will override all fields as is. Use carefully.
await descopeClient.management.ssoApplication.updateSamlApplication({
id: 'my-app-id',
name: 'My SAML app name',
loginPageUrl: 'http://dummy.com/login',
enabled: true,
useMetadataInfo: false,
entityId: 'entity1234',
aceUrl: 'http://dummy.com/acs',
certificate: 'certificate',
});
// Tenant deletion cannot be undone. Use carefully.
await descopeClient.management.ssoApplication.delete('my-app-id');
// Load sso application by id
const app = await descopeClient.management.ssoApplication.load('my-app-id');
// Load all sso applications
const appsRes = await descopeClient.management.ssoApplication.loadAll();
appsRes.data.forEach((app) => {
// do something
});
```
### Manage Users

@@ -534,32 +683,51 @@

// on a per-tenant basis.
await descopeClient.management.user.create(
'desmond@descope.com',
'desmond@descope.com',
null,
'Desmond Copeland',
null,
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
);
await descopeClient.management.user.create('desmond@descope.com', {
email: 'desmond@descope.com',
displayName: 'Desmond Copeland',
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
});
// Alternatively, a user can be created and invited via an email message.
// Alternatively, a user can be created and invited via an email / text message.
// Make sure to configure the invite URL in the Descope console prior to using this function,
// and that an email address is provided in the information.
await descopeClient.management.user.invite(
'desmond@descope.com',
'desmond@descope.com',
null,
'Desmond Copeland',
null,
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
// and that an email address / phone number is provided in the information.
await descopeClient.management.user.invite('desmond@descope.com', {
email: 'desmond@descope.com',
displayName: 'Desmond Copeland',
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
// You can inject custom data into the template.
// Note that you first need to configure custom template in Descope Console
// For example: configure {{options_k1}} in the custom template, and pass { k1: 'v1' } as templateOptions
templateOptions: { k1: 'v1', k2: 'v2' },
});
// You can invite batch of users via an email / text message.
// Make sure to configure the invite URL in the Descope console prior to using this function,
// and that an email address / phone number is provided in the information. You can also set
// a cleartext password or import a prehashed one from another service.
await descopeClient.management.user.inviteBatch(
[
{
loginId: 'desmond@descope.com',
email: 'desmond@descope.com',
phone: '+123456789123',
displayName: 'Desmond Copeland',
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
hashedPassword: {
bcrypt: {
hash: '$2a$...',
},
},
},
],
'<invite_url>',
true,
false,
);
// Update will override all fields as is. Use carefully.
await descopeClient.management.user.update(
'desmond@descope.com',
'desmond@descope.com',
null,
'Desmond Copeland',
null,
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1', 'role-name2'] }],
);
await descopeClient.management.user.update('desmond@descope.com', {
email: 'desmond@descope.com',
displayName: 'Desmond Copeland',
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
});

@@ -586,3 +754,3 @@ // Update explicit data for a user rather than overriding all fields

// Results can be paginated using the limit and page parameters
const usersRes = await descopeClient.management.user.searchAll(['tenant-ID']);
const usersRes = await descopeClient.management.user.search({ tenantIds: ['tenant-ID'] });
usersRes.data.forEach((user) => {

@@ -594,3 +762,10 @@ // do something

await descopeClient.management.tenant.logoutUserByUserId('<user-ID>');
await descopeClient.management.user.logoutUserByUserId('<user-ID>');
// Get users' authentication history
const userIds = ['user-id-1', 'user-id-2'];
const usersHistoryRes = await descopeClient.management.user.history(userIds);
usersHistoryRes.forEach((userHistory) => {
// do something
});
```

@@ -600,9 +775,12 @@

You can set or expire a user's password.
Note: When setting a password, it will automatically be set as expired.
The user will not be able log-in using an expired password, and will be required replace it on next login.
You can set a new active password for a user that they can sign in with.
You can also set a temporary password that they user will be forced to change on the next login.
For a user that already has an active password, you can expire their current password, effectively requiring them to change it on the next login.
```typescript
// Set a user's temporary password
await descopeClient.management.user.setTemporaryPassword('<login-ID>', '<some-password>');
// Set a user's password
await descopeClient.management.user.setPassword('<login-ID>', '<some-password>');
await descopeClient.management.user.setActivePassword('<login-ID>', '<some-password>');

@@ -613,5 +791,5 @@ // Or alternatively, expire a user password

### Manage Projects
### Manage Project
You can update project name using the following function:
You can update project name, as well as to clone the current project to a new one:

@@ -621,4 +799,20 @@ ```typescript

await descopeClient.management.project.updateName('new-project-name');
// Clone the current project to a new one
// Note that this action is supported only with a pro license or above.
const cloneRes = await descopeClient.management.project.clone('new-project-name');
```
You can manage your project's settings and configurations by exporting your
project's environment. You can also import previously exported data into
the same project or a different one.
```typescript
// Exports the current state of the project
const files = await descopeClient.management.project.export();
// Import the previously exported data into the current project
await descopeClient.management.project.import(files);
```
### Manage Access Keys

@@ -632,2 +826,4 @@

// on a per-tenant basis.
// If userId is supplied, then authorization will be ignored, and the access key will be bound to the user's authorization.
// If customClaims is supplied, then those claims will be present in the JWT returned by calls to ExchangeAccessKey.
await descopeClient.management.accessKey.create(

@@ -668,3 +864,3 @@ 'key-name',

// You can get SSO settings for a specific tenant ID
const ssoSettings = await descopeClient.management.sso.getSettings("tenant-id")
const ssoSettings = await descopeClient.management.sso.loadSettings("tenant-id")

@@ -676,9 +872,15 @@ // You can configure SSO settings manually by setting the required fields directly

const idpCert = '<your-cert-here>'
const redirectURL = 'https://my-app.com/handle-saml' // Global redirect URL for SSO/SAML
const domain = 'tenant-users.com' // Users authentication with this domain will be logged in to this tenant
await descopeClient.management.sso.configureSettings(tenantID, idpURL, entityID, idpCert, redirectURL, domain)
const redirectURL = 'https://my-app.com/handle-sso' // Global redirect URL for SSO/SAML
const domains = ['tenant-users.com'] // Users authentication with this domain will be logged in to this tenant
await descopeClient.management.sso.configureSAMLSettings(tenantID, {idpURL, entityID, idpCert}, redirectURL, domains)
// Alternatively, configure using an SSO metadata URL
await descopeClient.management.sso.configureMetadata(tenantID, 'https://idp.com/my-idp-metadata', redirectURL, domain)
await descopeClient.management.sso.configureSAMLByMetadata(tenantID, {idpMetadataUrl: 'https://idp.com/my-idp-metadata'}, redirectURL, domains)
// In case SSO is configured to work with OIDC use the following
const name = 'some-name';
const clientId = 'client id of OIDC';
const clientSecret = 'client secret';
await descopeClient.management.sso.configureOIDCSettings(tenantID, {name, clientId, clientSecret, redirectUrl}, domains)
// Map IDP groups to Descope roles, or map user attributes.

@@ -735,6 +937,8 @@ // This function overrides any previous mapping (even when empty). Use carefully.

// You can optionally set a description and associated permission for a roles.
// The optional `tenantId` will scope this role for a specific tenant. If left empty, the role will be available to all tenants.
const name = 'My Role';
const tenantId = '<tenant id>';
let description = 'Optional description to briefly explain what this role allows.';
const permissionNames = ['My Updated Permission'];
descopeClient.management.role.create(name, description, permissionNames);
descopeClient.management.role.create(name, description, permissionNames, tenantId);

@@ -745,6 +949,6 @@ // Update will override all fields as is. Use carefully.

permissionNames.push('Another Permission');
descopeClient.management.role.update(name, newName, description, permissionNames);
descopeClient.management.role.update(name, newName, description, permissionNames, tenantId);
// Role deletion cannot be undone. Use carefully.
descopeClient.management.role.delete(newName);
descopeClient.management.role.delete(newName, tenantId);

@@ -756,2 +960,11 @@ // Load all roles

});
// Search roles
const rolesRes = await descopeClient.management.role.search({
tenantIds: ['t1', 't2'],
roleNames: ['role1'],
});
rolesRes.data.forEach((role) => {
// do something
});
```

@@ -799,2 +1012,6 @@

});
// Delete flows by ids
await descopeClient.management.flow.delete(['flow-1', 'flow-2']);
// Export the flow and it's matching screens based on the given id

@@ -835,2 +1052,16 @@ const res = await descopeClient.management.flow.export('sign-up');

### Impersonate
You can impersonate to another user
The impersonator user must have the `impersonation` permission in order for this request to work.
The response would be a refresh JWT of the impersonated user
```typescript
const updatedJWTRes = await descopeClient.management.jwt.impersonate(
'impersonator-id',
'login-id',
true,
);
```
Note 1: The generate code/link functions, work only for test users, will not work for regular users.

@@ -867,2 +1098,181 @@ Note 2: In case of testing sign-in / sign-up operations with test users, need to make sure to generate the code prior calling the sign-in / sign-up operations.

### Manage Authz
Descope support full relation based access control (ReBAC) using a zanzibar like schema and operations.
A schema is comprized of namespaces (entities like documents, folders, orgs, etc.) and each namespace has relation definitions to define relations.
Each relation definition can be simple (either you have it or not) or complex (union of nodes).
A simple example for a file system like schema would be:
```yaml
# Example schema for the authz tests
name: Files
namespaces:
- name: org
relationDefinitions:
- name: parent
- name: member
complexDefinition:
nType: union
children:
- nType: child
expression:
neType: self
- nType: child
expression:
neType: relationLeft
relationDefinition: parent
relationDefinitionNamespace: org
targetRelationDefinition: member
targetRelationDefinitionNamespace: org
- name: folder
relationDefinitions:
- name: parent
- name: owner
complexDefinition:
nType: union
children:
- nType: child
expression:
neType: self
- nType: child
expression:
neType: relationRight
relationDefinition: parent
relationDefinitionNamespace: folder
targetRelationDefinition: owner
targetRelationDefinitionNamespace: folder
- name: editor
complexDefinition:
nType: union
children:
- nType: child
expression:
neType: self
- nType: child
expression:
neType: relationRight
relationDefinition: parent
relationDefinitionNamespace: folder
targetRelationDefinition: editor
targetRelationDefinitionNamespace: folder
- nType: child
expression:
neType: targetSet
targetRelationDefinition: owner
targetRelationDefinitionNamespace: folder
- name: viewer
complexDefinition:
nType: union
children:
- nType: child
expression:
neType: self
- nType: child
expression:
neType: relationRight
relationDefinition: parent
relationDefinitionNamespace: folder
targetRelationDefinition: viewer
targetRelationDefinitionNamespace: folder
- nType: child
expression:
neType: targetSet
targetRelationDefinition: editor
targetRelationDefinitionNamespace: folder
- name: doc
relationDefinitions:
- name: parent
- name: owner
complexDefinition:
nType: union
children:
- nType: child
expression:
neType: self
- nType: child
expression:
neType: relationRight
relationDefinition: parent
relationDefinitionNamespace: doc
targetRelationDefinition: owner
targetRelationDefinitionNamespace: folder
- name: editor
complexDefinition:
nType: union
children:
- nType: child
expression:
neType: self
- nType: child
expression:
neType: relationRight
relationDefinition: parent
relationDefinitionNamespace: doc
targetRelationDefinition: editor
targetRelationDefinitionNamespace: folder
- nType: child
expression:
neType: targetSet
targetRelationDefinition: owner
targetRelationDefinitionNamespace: doc
- name: viewer
complexDefinition:
nType: union
children:
- nType: child
expression:
neType: self
- nType: child
expression:
neType: relationRight
relationDefinition: parent
relationDefinitionNamespace: doc
targetRelationDefinition: viewer
targetRelationDefinitionNamespace: folder
- nType: child
expression:
neType: targetSet
targetRelationDefinition: editor
targetRelationDefinitionNamespace: doc
```
Descope SDK allows you to fully manage the schema and relations as well as perform simple (and not so simple) checks regarding the existence of relations.
```typescript
// Load the existing schema
const s = await descopeClient.management.authz.loadSchema();
console.log(s);
// Save schema and make sure to remove all namespaces not listed
await descopeClient.management.authz.saveSchema(s, true);
// Create a relation between a resource and user
await descopeClient.management.authz.createRelations([
{
resource: 'some-doc',
relationDefinition: 'owner',
namespace: 'doc',
target: 'u1',
},
{
resource: 'some-doc',
relationDefinition: 'editor',
namespace: 'doc',
target: 'u2',
},
]);
// Check if target has the relevant relation
// The answer should be true because an owner is also a viewer
const q = await descopeClient.management.authz.hasRelations([
{
resource: 'some-doc',
relationDefinition: 'viewer',
namespace: 'doc',
target: 'u1',
},
]);
```
### Utils for your end to end (e2e) tests and integration tests

@@ -879,10 +1289,7 @@

// on a per-tenant basis.
await descopeClient.management.user.createTestUser(
'desmond@descope.com',
'desmond@descope.com',
null,
'Desmond Copeland',
null,
[{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
);
await descopeClient.management.user.createTestUser('desmond@descope.com', {
email: 'desmond@descope.com',
displayName: 'Desmond Copeland',
userTenants: [{ tenantId: 'tenant-ID1', roleNames: ['role-name1'] }],
});

@@ -900,2 +1307,3 @@ // Now test user got created, and this user will be available until you delete it,

// Now you can verify the code is valid (using descopeClient.auth.*.verify for example)
// LoginOptions can be provided to set custom claims to the generated jwt.

@@ -918,3 +1326,3 @@ // Same as OTP, magic link can be generated for test user, for example:

You can find various usage examples in the [examples folder](https://github.com/descope/node-sdk/blob/main/examples).
You can find various usage examples in the [examples folder](/examples).

@@ -921,0 +1329,0 @@ ### Setup

dist/cjs/index.cjs.js.map

Sorry, the diff of this file is not supported yet

dist/index.esm.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc