New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@descope/node-sdk
Advanced tools
@descope/node-sdk - npm Package Compare versions
Comparing version 1.0.4-alpha.13 to 1.0.4-alpha.14
@@ -1,2 +0,2 @@ | ||
| "use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),a=require("node-fetch");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var o=n(t),r=n(a);const i=t=>async(...s)=>{var a,n,o;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e.__rest(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function l(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}var d={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",updateStatus:"/v1/mgmt/user/update/status",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove"},p={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},m={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},c={configure:"mgmt/sso/settings",metadata:"mgmt/sso/metadata",mapping:"mgmt/sso/mapping"},u={update:"/v1/mgmt/jwt/update"},g={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},h={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},v={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"};const k=(e,s)=>({create:(a,n,o,r,i,l)=>t.transformResponse(e.httpClient.post(d.create,{loginId:a,email:n,phone:o,displayName:r,roleNames:i,userTenants:l},{token:s}),(e=>e.user)),update:(a,n,o,r,i,l)=>t.transformResponse(e.httpClient.post(d.update,{loginId:a,email:n,phone:o,displayName:r,roleNames:i,userTenants:l},{token:s}),(e=>e.user)),delete:a=>t.transformResponse(e.httpClient.post(d.delete,{loginId:a},{token:s})),load:a=>t.transformResponse(e.httpClient.get(d.load,{queryParams:{loginId:a},token:s}),(e=>e.user)),loadByUserId:a=>t.transformResponse(e.httpClient.get(d.load,{queryParams:{userId:a},token:s}),(e=>e.user)),searchAll:(a,n,o)=>t.transformResponse(e.httpClient.post(d.search,{tenantIds:a,roleNames:n,limit:o},{token:s}),(e=>e.users)),activate:a=>t.transformResponse(e.httpClient.post(d.updateStatus,{loginId:a,status:"enabled"},{token:s}),(e=>e.user)),deactivate:a=>t.transformResponse(e.httpClient.post(d.updateStatus,{loginId:a,status:"disabled"},{token:s}),(e=>e.user)),updateEmail:(a,n,o)=>t.transformResponse(e.httpClient.post(d.updateEmail,{loginId:a,email:n,verified:o},{token:s}),(e=>e.user)),updatePhone:(a,n,o)=>t.transformResponse(e.httpClient.post(d.updatePhone,{loginId:a,phone:n,verified:o},{token:s}),(e=>e.user)),updateDisplayName:(a,n)=>t.transformResponse(e.httpClient.post(d.updateDisplayName,{loginId:a,displayName:n},{token:s}),(e=>e.user)),addRoles:(a,n)=>t.transformResponse(e.httpClient.post(d.addRole,{loginId:a,roleNames:n},{token:s}),(e=>e.user)),removeRoles:(a,n)=>t.transformResponse(e.httpClient.post(d.removeRole,{loginId:a,roleNames:n},{token:s}),(e=>e.user)),addTenant:(a,n)=>t.transformResponse(e.httpClient.post(d.addTenant,{loginId:a,tenantId:n},{token:s}),(e=>e.user)),removeTenant:(a,n)=>t.transformResponse(e.httpClient.post(d.removeTenant,{loginId:a,tenantId:n},{token:s}),(e=>e.user)),addTenantRoles:(a,n,o)=>t.transformResponse(e.httpClient.post(d.addRole,{loginId:a,tenantId:n,roleNames:o},{token:s}),(e=>e.user)),removeTenantRoles:(a,n,o)=>t.transformResponse(e.httpClient.post(d.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:s}),(e=>e.user))}),f=(e,s)=>({create:(a,n)=>t.transformResponse(e.httpClient.post(m.create,{name:a,selfProvisioningDomains:n},{token:s})),createWithId:(a,n,o)=>t.transformResponse(e.httpClient.post(m.create,{tenantId:a,name:n,selfProvisioningDomains:o},{token:s})),update:(a,n,o)=>t.transformResponse(e.httpClient.post(m.update,{tenantId:a,name:n,selfProvisioningDomains:o},{token:s})),delete:a=>t.transformResponse(e.httpClient.post(m.delete,{tenantId:a},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(m.loadAll,{token:s}),(e=>e.tenants))}),R=(e,s)=>({update:(a,n)=>t.transformResponse(e.httpClient.post(u.update,{jwt:a,customClaims:n},{token:s}))}),y=(e,s)=>({create:(a,n)=>t.transformResponse(e.httpClient.post(g.create,{name:a,description:n},{token:s})),update:(a,n,o)=>t.transformResponse(e.httpClient.post(g.update,{name:a,newName:n,description:o},{token:s})),delete:a=>t.transformResponse(e.httpClient.post(g.delete,{name:a},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(g.loadAll,{token:s}),(e=>e.permissions))}),C=(e,s)=>({create:(a,n,o)=>t.transformResponse(e.httpClient.post(h.create,{name:a,description:n,permissionNames:o},{token:s})),update:(a,n,o,r)=>t.transformResponse(e.httpClient.post(h.update,{name:a,newName:n,description:o,permissionNames:r},{token:s})),delete:a=>t.transformResponse(e.httpClient.post(h.delete,{name:a},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(h.loadAll,{token:s}),(e=>e.roles))}),w=(e,s)=>({loadAllGroups:a=>t.transformResponse(e.httpClient.post(v.loadAllGroups,{tenantId:a},{token:s})),loadAllGroupsForMember:(a,n,o)=>t.transformResponse(e.httpClient.post(v.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:s})),loadAllGroupMembers:(a,n)=>t.transformResponse(e.httpClient.post(v.loadAllGroupMembers,{tenantId:a,groupId:n},{token:s}))}),I=(e,s)=>({configureSettings:(a,n,o,r,i)=>t.transformResponse(e.httpClient.post(c.configure,{tenantId:a,idpURL:n,entityId:r,idpCert:o,redirectURL:i},{token:s})),configureMetadata:(a,n)=>t.transformResponse(e.httpClient.post(c.metadata,{tenantId:a,idpMetadataURL:n},{token:s})),configureMapping:(a,n,o)=>t.transformResponse(e.httpClient.post(c.mapping,{tenantId:a,roleMapping:n,attributeMapping:o},{token:s}))}),b=(e,s)=>({create:(a,n,o,r)=>t.transformResponse(e.httpClient.post(p.create,{name:a,expireTime:n,roleNames:o,keyTenants:r},{token:s})),load:a=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{id:a},token:s}),(e=>e.key)),searchAll:a=>t.transformResponse(e.httpClient.post(p.search,{tenantIds:a},{token:s}),(e=>e.keys)),update:(a,n)=>t.transformResponse(e.httpClient.post(p.update,{id:a,name:n},{token:s}),(e=>e.key)),deactivate:a=>t.transformResponse(e.httpClient.post(p.deactivate,{id:a},{token:s})),activate:a=>t.transformResponse(e.httpClient.post(p.activate,{id:a},{token:s})),delete:a=>t.transformResponse(e.httpClient.post(p.delete,{id:a},{token:s}))});globalThis.fetch||(globalThis.fetch=r.default,globalThis.Headers=a.Headers,globalThis.Request=a.Request,globalThis.Response=a.Response);const A=a=>{var n,{managementKey:r}=a,d=e.__rest(a,["managementKey"]);const p=o.default(Object.assign(Object.assign({},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(n=null===process||void 0===process?void 0:process.versions)||void 0===n?void 0:n.node)||"","x-descope-sdk-version":"1.0.4-alpha.13"})})),{projectId:m,logger:c}=d,u={},g=((e,t)=>({user:k(e,t),accessKey:b(e,t),tenant:f(e,t),sso:I(e,t),jwt:R(e,t),permission:y(e,t),role:C(e,t),group:w(e,t)}))(p,r),h=Object.assign(Object.assign({},p),{management:g,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(u[e.kid])return u[e.kid];if(Object.assign(u,await(async()=>{const e=(await p.httpClient.get(`v2/keys/${m}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!u[e.kid])throw Error("failed to fetch matching key");return u[e.kid]},async validateJwt(e){var t;const a=(await s.jwtVerify(e,h.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==m))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e,t){var s,a;if(!e&&!t)throw Error("both refresh token and session token are empty");if(e)try{return await h.validateJwt(e)}catch(e){if(!t)throw null==c||c.error("failed to validate session token and no refresh token provided",e),Error("could not validate tokens")}if(t)try{await h.validateJwt(t);const e=await h.refresh(t);if(e.ok){return await h.validateJwt(null===(s=e.data)||void 0===s?void 0:s.sessionJwt)}throw Error(null===(a=e.error)||void 0===a?void 0:a.message)}catch(e){throw null==c||c.error("failed to validate refresh token",e),Error("could not validate tokens")}throw Error("could not validate token")},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await h.accessKey.exchange(e)}catch(e){throw null==c||c.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:s}=t.data;if(!s)throw null==c||c.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await h.validateJwt(s)}catch(e){throw null==c||c.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>h.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){const a=l(e,"permissions",t);return s.every((e=>a.includes(e)))},validateRoles:(e,t)=>h.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){const a=l(e,"roles",t);return s.every((e=>a.includes(e)))}});return t.wrapWith(h,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};A.RefreshTokenCookieName="DSR",A.SessionTokenCookieName="DS",module.exports=A; | ||
| "use strict";var e=require("tslib"),t=require("@descope/core-js-sdk"),s=require("jose"),a=require("node-fetch");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var o=n(t),r=n(a);const i=t=>async(...s)=>{var a,n,o;const r=await t(...s);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e.__rest(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(a=r.response)||void 0===a?void 0:a.headers.get("set-cookie"))&&(l=((e,t)=>{const s=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return s?s[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function l(e,t,s){var a,n;const o=s?null===(n=null===(a=e.token.tenants)||void 0===a?void 0:a[s])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(o)?o:[]}var d={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",updateStatus:"/v1/mgmt/user/update/status",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove"},p={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},m={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},c={configure:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},u={update:"/v1/mgmt/jwt/update"},h={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},g={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},v={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"};const f=(e,s)=>({create:(a,n,o,r,i,l)=>t.transformResponse(e.httpClient.post(d.create,{loginId:a,email:n,phone:o,displayName:r,roleNames:i,userTenants:l},{token:s}),(e=>e.user)),update:(a,n,o,r,i,l)=>t.transformResponse(e.httpClient.post(d.update,{loginId:a,email:n,phone:o,displayName:r,roleNames:i,userTenants:l},{token:s}),(e=>e.user)),delete:a=>t.transformResponse(e.httpClient.post(d.delete,{loginId:a},{token:s})),load:a=>t.transformResponse(e.httpClient.get(d.load,{queryParams:{loginId:a},token:s}),(e=>e.user)),loadByUserId:a=>t.transformResponse(e.httpClient.get(d.load,{queryParams:{userId:a},token:s}),(e=>e.user)),searchAll:(a,n,o)=>t.transformResponse(e.httpClient.post(d.search,{tenantIds:a,roleNames:n,limit:o},{token:s}),(e=>e.users)),activate:a=>t.transformResponse(e.httpClient.post(d.updateStatus,{loginId:a,status:"enabled"},{token:s}),(e=>e.user)),deactivate:a=>t.transformResponse(e.httpClient.post(d.updateStatus,{loginId:a,status:"disabled"},{token:s}),(e=>e.user)),updateEmail:(a,n,o)=>t.transformResponse(e.httpClient.post(d.updateEmail,{loginId:a,email:n,verified:o},{token:s}),(e=>e.user)),updatePhone:(a,n,o)=>t.transformResponse(e.httpClient.post(d.updatePhone,{loginId:a,phone:n,verified:o},{token:s}),(e=>e.user)),updateDisplayName:(a,n)=>t.transformResponse(e.httpClient.post(d.updateDisplayName,{loginId:a,displayName:n},{token:s}),(e=>e.user)),addRoles:(a,n)=>t.transformResponse(e.httpClient.post(d.addRole,{loginId:a,roleNames:n},{token:s}),(e=>e.user)),removeRoles:(a,n)=>t.transformResponse(e.httpClient.post(d.removeRole,{loginId:a,roleNames:n},{token:s}),(e=>e.user)),addTenant:(a,n)=>t.transformResponse(e.httpClient.post(d.addTenant,{loginId:a,tenantId:n},{token:s}),(e=>e.user)),removeTenant:(a,n)=>t.transformResponse(e.httpClient.post(d.removeTenant,{loginId:a,tenantId:n},{token:s}),(e=>e.user)),addTenantRoles:(a,n,o)=>t.transformResponse(e.httpClient.post(d.addRole,{loginId:a,tenantId:n,roleNames:o},{token:s}),(e=>e.user)),removeTenantRoles:(a,n,o)=>t.transformResponse(e.httpClient.post(d.removeRole,{loginId:a,tenantId:n,roleNames:o},{token:s}),(e=>e.user))}),k=(e,s)=>({create:(a,n)=>t.transformResponse(e.httpClient.post(m.create,{name:a,selfProvisioningDomains:n},{token:s})),createWithId:(a,n,o)=>t.transformResponse(e.httpClient.post(m.create,{id:a,name:n,selfProvisioningDomains:o},{token:s})),update:(a,n,o)=>t.transformResponse(e.httpClient.post(m.update,{id:a,name:n,selfProvisioningDomains:o},{token:s})),delete:a=>t.transformResponse(e.httpClient.post(m.delete,{id:a},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(m.loadAll,{token:s}),(e=>e.tenants))}),y=(e,s)=>({update:(a,n)=>t.transformResponse(e.httpClient.post(u.update,{jwt:a,customClaims:n},{token:s}))}),R=(e,s)=>({create:(a,n)=>t.transformResponse(e.httpClient.post(h.create,{name:a,description:n},{token:s})),update:(a,n,o)=>t.transformResponse(e.httpClient.post(h.update,{name:a,newName:n,description:o},{token:s})),delete:a=>t.transformResponse(e.httpClient.post(h.delete,{name:a},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(h.loadAll,{token:s}),(e=>e.permissions))}),C=(e,s)=>({create:(a,n,o)=>t.transformResponse(e.httpClient.post(g.create,{name:a,description:n,permissionNames:o},{token:s})),update:(a,n,o,r)=>t.transformResponse(e.httpClient.post(g.update,{name:a,newName:n,description:o,permissionNames:r},{token:s})),delete:a=>t.transformResponse(e.httpClient.post(g.delete,{name:a},{token:s})),loadAll:()=>t.transformResponse(e.httpClient.get(g.loadAll,{token:s}),(e=>e.roles))}),w=(e,s)=>({loadAllGroups:a=>t.transformResponse(e.httpClient.post(v.loadAllGroups,{tenantId:a},{token:s})),loadAllGroupsForMember:(a,n,o)=>t.transformResponse(e.httpClient.post(v.loadAllGroupsForMember,{tenantId:a,loginIds:o,userIds:n},{token:s})),loadAllGroupMembers:(a,n)=>t.transformResponse(e.httpClient.post(v.loadAllGroupMembers,{tenantId:a,groupId:n},{token:s}))}),b=(e,s)=>({configureSettings:(a,n,o,r,i)=>t.transformResponse(e.httpClient.post(c.configure,{tenantId:a,idpURL:n,entityId:r,idpCert:o,redirectURL:i},{token:s})),configureMetadata:(a,n)=>t.transformResponse(e.httpClient.post(c.metadata,{tenantId:a,idpMetadataURL:n},{token:s})),configureMapping:(a,n,o)=>t.transformResponse(e.httpClient.post(c.mapping,{tenantId:a,roleMapping:n,attributeMapping:o},{token:s}))}),I=(e,s)=>({create:(a,n,o,r)=>t.transformResponse(e.httpClient.post(p.create,{name:a,expireTime:n,roleNames:o,keyTenants:r},{token:s})),load:a=>t.transformResponse(e.httpClient.get(p.load,{queryParams:{id:a},token:s}),(e=>e.key)),searchAll:a=>t.transformResponse(e.httpClient.post(p.search,{tenantIds:a},{token:s}),(e=>e.keys)),update:(a,n)=>t.transformResponse(e.httpClient.post(p.update,{id:a,name:n},{token:s}),(e=>e.key)),deactivate:a=>t.transformResponse(e.httpClient.post(p.deactivate,{id:a},{token:s})),activate:a=>t.transformResponse(e.httpClient.post(p.activate,{id:a},{token:s})),delete:a=>t.transformResponse(e.httpClient.post(p.delete,{id:a},{token:s}))});globalThis.fetch=r.default,globalThis.Headers=a.Headers,globalThis.Request=a.Request,globalThis.Response=a.Response;const A=a=>{var n,{managementKey:r}=a,d=e.__rest(a,["managementKey"]);const p=o.default(Object.assign(Object.assign({},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(n=null===process||void 0===process?void 0:process.versions)||void 0===n?void 0:n.node)||"","x-descope-sdk-version":"1.0.4-alpha.14"})})),{projectId:m,logger:c}=d,u={},h=((e,t)=>({user:f(e,t),accessKey:I(e,t),tenant:k(e,t),sso:b(e,t),jwt:y(e,t),permission:R(e,t),role:C(e,t),group:w(e,t)}))(p,r),g=Object.assign(Object.assign({},p),{management:h,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(u[e.kid])return u[e.kid];if(Object.assign(u,await(async()=>{const e=(await p.httpClient.get(`v2/keys/${m}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await s.importJWK(e)])))).reduce(((e,[t,s])=>t?Object.assign(Object.assign({},e),{[t.toString()]:s}):e),{}):{}})()),!u[e.kid])throw Error("failed to fetch matching key");return u[e.kid]},async validateJwt(e){var t;const a=(await s.jwtVerify(e,g.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==m))throw new s.errors.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await g.validateJwt(e)}catch(e){throw null==c||c.error("session validation failed",e),Error("session validation failed")}},async refreshSession(e){var t,s;if(!e)throw Error("refresh token is required to refresh a session");try{await g.validateJwt(e);const a=await g.refresh(e);if(a.ok){return await g.validateJwt(null===(t=a.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(s=a.error)||void 0===s?void 0:s.message)}catch(e){throw null==c||c.error("refresh token validation failed",e),Error("refresh token validation failed")}},async validateAndRefreshSession(e,t){if(!e||!t)throw Error("both refresh token and session token are required for validation and refresh");try{return await g.validateSession(e)}catch(e){null==c||c.log("session validation failed - trying to refresh it")}return g.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await g.accessKey.exchange(e)}catch(e){throw null==c||c.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:s}=t.data;if(!s)throw null==c||c.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await g.validateJwt(s)}catch(e){throw null==c||c.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>g.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,s){const a=l(e,"permissions",t);return s.every((e=>a.includes(e)))},validateRoles:(e,t)=>g.validateTenantRoles(e,null,t),validateTenantRoles(e,t,s){const a=l(e,"roles",t);return s.every((e=>a.includes(e)))}});return t.wrapWith(g,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],i)};A.RefreshTokenCookieName="DSR",A.SessionTokenCookieName="DS",module.exports=A; | ||
| //# sourceMappingURL=index.cjs.js.map |
@@ -139,6 +139,5 @@ import * as _descope_core_js_sdk from '@descope/core-js-sdk'; | ||
| create: (name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<CreateTenantResponse>>; | ||
| createWithId: (tenantId: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>; | ||
| update: (tenantId: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>; | ||
| delete: (tenantId: string) => Promise<SdkResponse<never>>; | ||
| /** Fetch the public keys (JWKs) from Descope for the configured project */ | ||
| createWithId: (id: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>; | ||
| update: (id: string, name: string, selfProvisioningDomains?: string[]) => Promise<SdkResponse<never>>; | ||
| delete: (id: string) => Promise<SdkResponse<never>>; | ||
| loadAll: () => Promise<SdkResponse<Tenant[]>>; | ||
@@ -174,3 +173,5 @@ }; | ||
| validateJwt: (jwt: string) => Promise<AuthenticationInfo>; | ||
| validateSession: (sessionToken?: string, refreshToken?: string) => Promise<AuthenticationInfo>; | ||
| validateSession: (sessionToken: string) => Promise<AuthenticationInfo>; | ||
| refreshSession: (refreshToken: string) => Promise<AuthenticationInfo>; | ||
| validateAndRefreshSession: (sessionToken: string, refreshToken: string) => Promise<AuthenticationInfo>; | ||
| exchangeAccessKey: (accessKey: string) => Promise<AuthenticationInfo>; | ||
@@ -367,3 +368,2 @@ validatePermissions: (authInfo: AuthenticationInfo, permissions: string[]) => boolean; | ||
| mfa?: boolean; | ||
| /** Configuration arguments which include the Descope core SDK args and an optional management key */ | ||
| customClaims?: Record<string, any>; | ||
@@ -392,3 +392,2 @@ }, token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & { | ||
| mfa?: boolean; | ||
| /** Configuration arguments which include the Descope core SDK args and an optional management key */ | ||
| customClaims?: Record<string, any>; | ||
@@ -433,4 +432,8 @@ }, token?: string) => Promise<SdkResponse<{ | ||
| }; | ||
| }, interactionId?: string, input?: Record<string, FormDataEntryValue>) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>; | ||
| next: (executionId: string, stepId: string, interactionId: string, input?: Record<string, FormDataEntryValue>) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>; | ||
| }, interactionId?: string, input?: { | ||
| [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[]; | ||
| }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>; | ||
| next: (executionId: string, stepId: string, interactionId: string, input?: { | ||
| [x: string]: string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | (string | number | boolean | any)[])[])[])[])[])[])[])[])[])[])[]; | ||
| }) => Promise<SdkResponse<_descope_core_js_sdk.FlowResponse>>; | ||
| }; | ||
@@ -454,3 +457,3 @@ refresh: (token?: string) => Promise<SdkResponse<_descope_core_js_sdk.JWTResponse & { | ||
| token?: string; | ||
| }) => Promise<globalThis.Response>; | ||
| }) => Promise<Response>; | ||
| post: (path: string, body?: any, config?: { | ||
@@ -462,3 +465,3 @@ headers?: HeadersInit; | ||
| token?: string; | ||
| }) => Promise<globalThis.Response>; | ||
| }) => Promise<Response>; | ||
| put: (path: string, body?: any, config?: { | ||
@@ -470,3 +473,3 @@ headers?: HeadersInit; | ||
| token?: string; | ||
| }) => Promise<globalThis.Response>; | ||
| }) => Promise<Response>; | ||
| delete: (path: string, body?: any, config?: { | ||
@@ -478,6 +481,6 @@ headers?: HeadersInit; | ||
| token?: string; | ||
| }) => Promise<globalThis.Response>; | ||
| }) => Promise<Response>; | ||
| hooks?: { | ||
| beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig; | ||
| afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: globalThis.Response) => void; | ||
| afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void; | ||
| }; | ||
@@ -484,0 +487,0 @@ }; |
@@ -1,2 +0,2 @@ | ||
| import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as o}from"@descope/core-js-sdk";import{jwtVerify as n,errors as s,importJWK as r}from"jose";import i,{Headers as l,Request as d,Response as p}from"node-fetch";const m=t=>async(...a)=>{var o,n,s;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"),"DSR"),p.push(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function c(e,t,a){var o,n;const s=a?null===(n=null===(o=e.token.tenants)||void 0===o?void 0:o[a])||void 0===n?void 0:n[t]:e.token[t];return Array.isArray(s)?s:[]}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",updateStatus:"/v1/mgmt/user/update/status",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove"},g={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},h={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},v={configure:"mgmt/sso/settings",metadata:"mgmt/sso/metadata",mapping:"mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},y={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"};const w=(e,t)=>({create:(o,n,s,r,i,l)=>a(e.httpClient.post(u.create,{loginId:o,email:n,phone:s,displayName:r,roleNames:i,userTenants:l},{token:t}),(e=>e.user)),update:(o,n,s,r,i,l)=>a(e.httpClient.post(u.update,{loginId:o,email:n,phone:s,displayName:r,roleNames:i,userTenants:l},{token:t}),(e=>e.user)),delete:o=>a(e.httpClient.post(u.delete,{loginId:o},{token:t})),load:o=>a(e.httpClient.get(u.load,{queryParams:{loginId:o},token:t}),(e=>e.user)),loadByUserId:o=>a(e.httpClient.get(u.load,{queryParams:{userId:o},token:t}),(e=>e.user)),searchAll:(o,n,s)=>a(e.httpClient.post(u.search,{tenantIds:o,roleNames:n,limit:s},{token:t}),(e=>e.users)),activate:o=>a(e.httpClient.post(u.updateStatus,{loginId:o,status:"enabled"},{token:t}),(e=>e.user)),deactivate:o=>a(e.httpClient.post(u.updateStatus,{loginId:o,status:"disabled"},{token:t}),(e=>e.user)),updateEmail:(o,n,s)=>a(e.httpClient.post(u.updateEmail,{loginId:o,email:n,verified:s},{token:t}),(e=>e.user)),updatePhone:(o,n,s)=>a(e.httpClient.post(u.updatePhone,{loginId:o,phone:n,verified:s},{token:t}),(e=>e.user)),updateDisplayName:(o,n)=>a(e.httpClient.post(u.updateDisplayName,{loginId:o,displayName:n},{token:t}),(e=>e.user)),addRoles:(o,n)=>a(e.httpClient.post(u.addRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),removeRoles:(o,n)=>a(e.httpClient.post(u.removeRole,{loginId:o,roleNames:n},{token:t}),(e=>e.user)),addTenant:(o,n)=>a(e.httpClient.post(u.addTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),removeTenant:(o,n)=>a(e.httpClient.post(u.removeTenant,{loginId:o,tenantId:n},{token:t}),(e=>e.user)),addTenantRoles:(o,n,s)=>a(e.httpClient.post(u.addRole,{loginId:o,tenantId:n,roleNames:s},{token:t}),(e=>e.user)),removeTenantRoles:(o,n,s)=>a(e.httpClient.post(u.removeRole,{loginId:o,tenantId:n,roleNames:s},{token:t}),(e=>e.user))}),I=(e,t)=>({create:(o,n)=>a(e.httpClient.post(h.create,{name:o,selfProvisioningDomains:n},{token:t})),createWithId:(o,n,s)=>a(e.httpClient.post(h.create,{tenantId:o,name:n,selfProvisioningDomains:s},{token:t})),update:(o,n,s)=>a(e.httpClient.post(h.update,{tenantId:o,name:n,selfProvisioningDomains:s},{token:t})),delete:o=>a(e.httpClient.post(h.delete,{tenantId:o},{token:t})),loadAll:()=>a(e.httpClient.get(h.loadAll,{token:t}),(e=>e.tenants))}),b=(e,t)=>({update:(o,n)=>a(e.httpClient.post(k.update,{jwt:o,customClaims:n},{token:t}))}),A=(e,t)=>({create:(o,n)=>a(e.httpClient.post(y.create,{name:o,description:n},{token:t})),update:(o,n,s)=>a(e.httpClient.post(y.update,{name:o,newName:n,description:s},{token:t})),delete:o=>a(e.httpClient.post(y.delete,{name:o},{token:t})),loadAll:()=>a(e.httpClient.get(y.loadAll,{token:t}),(e=>e.permissions))}),T=(e,t)=>({create:(o,n,s)=>a(e.httpClient.post(f.create,{name:o,description:n,permissionNames:s},{token:t})),update:(o,n,s,r)=>a(e.httpClient.post(f.update,{name:o,newName:n,description:s,permissionNames:r},{token:t})),delete:o=>a(e.httpClient.post(f.delete,{name:o},{token:t})),loadAll:()=>a(e.httpClient.get(f.loadAll,{token:t}),(e=>e.roles))}),j=(e,t)=>({loadAllGroups:o=>a(e.httpClient.post(C.loadAllGroups,{tenantId:o},{token:t})),loadAllGroupsForMember:(o,n,s)=>a(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:o,loginIds:s,userIds:n},{token:t})),loadAllGroupMembers:(o,n)=>a(e.httpClient.post(C.loadAllGroupMembers,{tenantId:o,groupId:n},{token:t}))}),R=(e,t)=>({configureSettings:(o,n,s,r,i)=>a(e.httpClient.post(v.configure,{tenantId:o,idpURL:n,entityId:r,idpCert:s,redirectURL:i},{token:t})),configureMetadata:(o,n)=>a(e.httpClient.post(v.metadata,{tenantId:o,idpMetadataURL:n},{token:t})),configureMapping:(o,n,s)=>a(e.httpClient.post(v.mapping,{tenantId:o,roleMapping:n,attributeMapping:s},{token:t}))}),N=(e,t)=>({create:(o,n,s,r)=>a(e.httpClient.post(g.create,{name:o,expireTime:n,roleNames:s,keyTenants:r},{token:t})),load:o=>a(e.httpClient.get(g.load,{queryParams:{id:o},token:t}),(e=>e.key)),searchAll:o=>a(e.httpClient.post(g.search,{tenantIds:o},{token:t}),(e=>e.keys)),update:(o,n)=>a(e.httpClient.post(g.update,{id:o,name:n},{token:t}),(e=>e.key)),deactivate:o=>a(e.httpClient.post(g.deactivate,{id:o},{token:t})),activate:o=>a(e.httpClient.post(g.activate,{id:o},{token:t})),delete:o=>a(e.httpClient.post(g.delete,{id:o},{token:t}))});globalThis.fetch||(globalThis.fetch=i,globalThis.Headers=l,globalThis.Request=d,globalThis.Response=p);const x=a=>{var i,{managementKey:l}=a,d=e(a,["managementKey"]);const p=t(Object.assign(Object.assign({},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.0.4-alpha.13"})})),{projectId:u,logger:g}=d,h={},v=((e,t)=>({user:w(e,t),accessKey:N(e,t),tenant:I(e,t),sso:R(e,t),jwt:b(e,t),permission:A(e,t),role:T(e,t),group:j(e,t)}))(p,l),k=Object.assign(Object.assign({},p),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(h[e.kid])return h[e.kid];if(Object.assign(h,await(async()=>{const e=(await p.httpClient.get(`v2/keys/${u}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!h[e.kid])throw Error("failed to fetch matching key");return h[e.kid]},async validateJwt(e){var t;const a=(await n(e,k.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==u))throw new s.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e,t){var a,o;if(!e&&!t)throw Error("both refresh token and session token are empty");if(e)try{return await k.validateJwt(e)}catch(e){if(!t)throw null==g||g.error("failed to validate session token and no refresh token provided",e),Error("could not validate tokens")}if(t)try{await k.validateJwt(t);const e=await k.refresh(t);if(e.ok){return await k.validateJwt(null===(a=e.data)||void 0===a?void 0:a.sessionJwt)}throw Error(null===(o=e.error)||void 0===o?void 0:o.message)}catch(e){throw null==g||g.error("failed to validate refresh token",e),Error("could not validate tokens")}throw Error("could not validate token")},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await k.accessKey.exchange(e)}catch(e){throw null==g||g.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:a}=t.data;if(!a)throw null==g||g.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await k.validateJwt(a)}catch(e){throw null==g||g.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>k.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){const o=c(e,"permissions",t);return a.every((e=>o.includes(e)))},validateRoles:(e,t)=>k.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){const o=c(e,"roles",t);return a.every((e=>o.includes(e)))}});return o(k,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};x.RefreshTokenCookieName="DSR",x.SessionTokenCookieName="DS";export{x as default}; | ||
| import{__rest as e}from"tslib";import t,{transformResponse as a,wrapWith as s}from"@descope/core-js-sdk";import{jwtVerify as o,errors as n,importJWK as r}from"jose";import i,{Headers as l,Request as d,Response as p}from"node-fetch";const m=t=>async(...a)=>{var s,o,n;const r=await t(...a);if(!r.data)return r;let i=r.data,{refreshJwt:l}=i,d=e(i,["refreshJwt"]);const p=[];var m;return l?p.push(`${"DSR"}=${l}; Domain=${(null==(m=d)?void 0:m.cookieDomain)||""}; Max-Age=${(null==m?void 0:m.cookieMaxAge)||""}; Path=${(null==m?void 0:m.cookiePath)||"/"}; HttpOnly; SameSite=Strict`):(null===(s=r.response)||void 0===s?void 0:s.headers.get("set-cookie"))&&(l=((e,t)=>{const a=null==e?void 0:e.match(RegExp(`(?:^|;\\s*)${t}=([^;]*)`));return a?a[1]:null})(null===(o=r.response)||void 0===o?void 0:o.headers.get("set-cookie"),"DSR"),p.push(null===(n=r.response)||void 0===n?void 0:n.headers.get("set-cookie"))),Object.assign(Object.assign({},r),{data:Object.assign(Object.assign({},r.data),{refreshJwt:l,cookies:p})})};function c(e,t,a){var s,o;const n=a?null===(o=null===(s=e.token.tenants)||void 0===s?void 0:s[a])||void 0===o?void 0:o[t]:e.token[t];return Array.isArray(n)?n:[]}var u={create:"/v1/mgmt/user/create",update:"/v1/mgmt/user/update",delete:"/v1/mgmt/user/delete",load:"/v1/mgmt/user",search:"/v1/mgmt/user/search",updateStatus:"/v1/mgmt/user/update/status",updateEmail:"/v1/mgmt/user/update/email",updatePhone:"/v1/mgmt/user/update/phone",updateDisplayName:"/v1/mgmt/user/update/name",addRole:"/v1/mgmt/user/update/role/add",removeRole:"/v1/mgmt/user/update/role/remove",addTenant:"/v1/mgmt/user/update/tenant/add",removeTenant:"/v1/mgmt/user/update/tenant/remove"},h={create:"/v1/mgmt/accesskey/create",load:"/v1/mgmt/accesskey",search:"/v1/mgmt/accesskey/search",update:"/v1/mgmt/accesskey/update",deactivate:"/v1/mgmt/accesskey/deactivate",activate:"/v1/mgmt/accesskey/activate",delete:"/v1/mgmt/accesskey/delete"},g={create:"/v1/mgmt/tenant/create",update:"/v1/mgmt/tenant/update",delete:"/v1/mgmt/tenant/delete",loadAll:"/v1/mgmt/tenant/all"},v={configure:"/v1/mgmt/sso/settings",metadata:"/v1/mgmt/sso/metadata",mapping:"/v1/mgmt/sso/mapping"},k={update:"/v1/mgmt/jwt/update"},y={create:"/v1/mgmt/permission/create",update:"/v1/mgmt/permission/update",delete:"/v1/mgmt/permission/delete",loadAll:"/v1/mgmt/permission/all"},f={create:"/v1/mgmt/role/create",update:"/v1/mgmt/role/update",delete:"/v1/mgmt/role/delete",loadAll:"/v1/mgmt/role/all"},C={loadAllGroups:"/v1/mgmt/group/all",loadAllGroupsForMember:"/v1/mgmt/group/member/all",loadAllGroupMembers:"/v1/mgmt/group/members"};const w=(e,t)=>({create:(s,o,n,r,i,l)=>a(e.httpClient.post(u.create,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l},{token:t}),(e=>e.user)),update:(s,o,n,r,i,l)=>a(e.httpClient.post(u.update,{loginId:s,email:o,phone:n,displayName:r,roleNames:i,userTenants:l},{token:t}),(e=>e.user)),delete:s=>a(e.httpClient.post(u.delete,{loginId:s},{token:t})),load:s=>a(e.httpClient.get(u.load,{queryParams:{loginId:s},token:t}),(e=>e.user)),loadByUserId:s=>a(e.httpClient.get(u.load,{queryParams:{userId:s},token:t}),(e=>e.user)),searchAll:(s,o,n)=>a(e.httpClient.post(u.search,{tenantIds:s,roleNames:o,limit:n},{token:t}),(e=>e.users)),activate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"enabled"},{token:t}),(e=>e.user)),deactivate:s=>a(e.httpClient.post(u.updateStatus,{loginId:s,status:"disabled"},{token:t}),(e=>e.user)),updateEmail:(s,o,n)=>a(e.httpClient.post(u.updateEmail,{loginId:s,email:o,verified:n},{token:t}),(e=>e.user)),updatePhone:(s,o,n)=>a(e.httpClient.post(u.updatePhone,{loginId:s,phone:o,verified:n},{token:t}),(e=>e.user)),updateDisplayName:(s,o)=>a(e.httpClient.post(u.updateDisplayName,{loginId:s,displayName:o},{token:t}),(e=>e.user)),addRoles:(s,o)=>a(e.httpClient.post(u.addRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),removeRoles:(s,o)=>a(e.httpClient.post(u.removeRole,{loginId:s,roleNames:o},{token:t}),(e=>e.user)),addTenant:(s,o)=>a(e.httpClient.post(u.addTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),removeTenant:(s,o)=>a(e.httpClient.post(u.removeTenant,{loginId:s,tenantId:o},{token:t}),(e=>e.user)),addTenantRoles:(s,o,n)=>a(e.httpClient.post(u.addRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user)),removeTenantRoles:(s,o,n)=>a(e.httpClient.post(u.removeRole,{loginId:s,tenantId:o,roleNames:n},{token:t}),(e=>e.user))}),I=(e,t)=>({create:(s,o)=>a(e.httpClient.post(g.create,{name:s,selfProvisioningDomains:o},{token:t})),createWithId:(s,o,n)=>a(e.httpClient.post(g.create,{id:s,name:o,selfProvisioningDomains:n},{token:t})),update:(s,o,n)=>a(e.httpClient.post(g.update,{id:s,name:o,selfProvisioningDomains:n},{token:t})),delete:s=>a(e.httpClient.post(g.delete,{id:s},{token:t})),loadAll:()=>a(e.httpClient.get(g.loadAll,{token:t}),(e=>e.tenants))}),b=(e,t)=>({update:(s,o)=>a(e.httpClient.post(k.update,{jwt:s,customClaims:o},{token:t}))}),A=(e,t)=>({create:(s,o)=>a(e.httpClient.post(y.create,{name:s,description:o},{token:t})),update:(s,o,n)=>a(e.httpClient.post(y.update,{name:s,newName:o,description:n},{token:t})),delete:s=>a(e.httpClient.post(y.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(y.loadAll,{token:t}),(e=>e.permissions))}),R=(e,t)=>({create:(s,o,n)=>a(e.httpClient.post(f.create,{name:s,description:o,permissionNames:n},{token:t})),update:(s,o,n,r)=>a(e.httpClient.post(f.update,{name:s,newName:o,description:n,permissionNames:r},{token:t})),delete:s=>a(e.httpClient.post(f.delete,{name:s},{token:t})),loadAll:()=>a(e.httpClient.get(f.loadAll,{token:t}),(e=>e.roles))}),T=(e,t)=>({loadAllGroups:s=>a(e.httpClient.post(C.loadAllGroups,{tenantId:s},{token:t})),loadAllGroupsForMember:(s,o,n)=>a(e.httpClient.post(C.loadAllGroupsForMember,{tenantId:s,loginIds:n,userIds:o},{token:t})),loadAllGroupMembers:(s,o)=>a(e.httpClient.post(C.loadAllGroupMembers,{tenantId:s,groupId:o},{token:t}))}),j=(e,t)=>({configureSettings:(s,o,n,r,i)=>a(e.httpClient.post(v.configure,{tenantId:s,idpURL:o,entityId:r,idpCert:n,redirectURL:i},{token:t})),configureMetadata:(s,o)=>a(e.httpClient.post(v.metadata,{tenantId:s,idpMetadataURL:o},{token:t})),configureMapping:(s,o,n)=>a(e.httpClient.post(v.mapping,{tenantId:s,roleMapping:o,attributeMapping:n},{token:t}))}),N=(e,t)=>({create:(s,o,n,r)=>a(e.httpClient.post(h.create,{name:s,expireTime:o,roleNames:n,keyTenants:r},{token:t})),load:s=>a(e.httpClient.get(h.load,{queryParams:{id:s},token:t}),(e=>e.key)),searchAll:s=>a(e.httpClient.post(h.search,{tenantIds:s},{token:t}),(e=>e.keys)),update:(s,o)=>a(e.httpClient.post(h.update,{id:s,name:o},{token:t}),(e=>e.key)),deactivate:s=>a(e.httpClient.post(h.deactivate,{id:s},{token:t})),activate:s=>a(e.httpClient.post(h.activate,{id:s},{token:t})),delete:s=>a(e.httpClient.post(h.delete,{id:s},{token:t}))});globalThis.fetch=i,globalThis.Headers=l,globalThis.Request=d,globalThis.Response=p;const x=a=>{var i,{managementKey:l}=a,d=e(a,["managementKey"]);const p=t(Object.assign(Object.assign({},d),{baseHeaders:Object.assign(Object.assign({},d.baseHeaders),{"x-descope-sdk-name":"nodejs","x-descope-sdk-node-version":(null===(i=null===process||void 0===process?void 0:process.versions)||void 0===i?void 0:i.node)||"","x-descope-sdk-version":"1.0.4-alpha.14"})})),{projectId:u,logger:h}=d,g={},v=((e,t)=>({user:w(e,t),accessKey:N(e,t),tenant:I(e,t),sso:j(e,t),jwt:b(e,t),permission:A(e,t),role:R(e,t),group:T(e,t)}))(p,l),k=Object.assign(Object.assign({},p),{management:v,async getKey(e){if(!(null==e?void 0:e.kid))throw Error("header.kid must not be empty");if(g[e.kid])return g[e.kid];if(Object.assign(g,await(async()=>{const e=(await p.httpClient.get(`v2/keys/${u}`).then((e=>e.json()))).keys;return Array.isArray(e)?(await Promise.all(e.map((async e=>[e.kid,await r(e)])))).reduce(((e,[t,a])=>t?Object.assign(Object.assign({},e),{[t.toString()]:a}):e),{}):{}})()),!g[e.kid])throw Error("failed to fetch matching key");return g[e.kid]},async validateJwt(e){var t;const a=(await o(e,k.getKey,{clockTolerance:5})).payload;if(a&&(a.iss=null===(t=a.iss)||void 0===t?void 0:t.split("/").pop(),a.iss!==u))throw new n.JWTClaimValidationFailed('unexpected "iss" claim value',"iss","check_failed");return{jwt:e,token:a}},async validateSession(e){if(!e)throw Error("session token is required for validation");try{return await k.validateJwt(e)}catch(e){throw null==h||h.error("session validation failed",e),Error("session validation failed")}},async refreshSession(e){var t,a;if(!e)throw Error("refresh token is required to refresh a session");try{await k.validateJwt(e);const s=await k.refresh(e);if(s.ok){return await k.validateJwt(null===(t=s.data)||void 0===t?void 0:t.sessionJwt)}throw Error(null===(a=s.error)||void 0===a?void 0:a.message)}catch(e){throw null==h||h.error("refresh token validation failed",e),Error("refresh token validation failed")}},async validateAndRefreshSession(e,t){if(!e||!t)throw Error("both refresh token and session token are required for validation and refresh");try{return await k.validateSession(e)}catch(e){null==h||h.log("session validation failed - trying to refresh it")}return k.refreshSession(t)},async exchangeAccessKey(e){if(!e)throw Error("access key must not be empty");let t;try{t=await k.accessKey.exchange(e)}catch(e){throw null==h||h.error("failed to exchange access key",e),Error("could not exchange access key")}const{sessionJwt:a}=t.data;if(!a)throw null==h||h.error("failed to parse exchange access key response"),Error("could not exchange access key");try{return await k.validateJwt(a)}catch(e){throw null==h||h.error("failed to parse jwt from access key",e),Error("could not exchange access key")}},validatePermissions:(e,t)=>k.validateTenantPermissions(e,null,t),validateTenantPermissions(e,t,a){const s=c(e,"permissions",t);return a.every((e=>s.includes(e)))},validateRoles:(e,t)=>k.validateTenantRoles(e,null,t),validateTenantRoles(e,t,a){const s=c(e,"roles",t);return a.every((e=>s.includes(e)))}});return s(k,["otp.verify.email","otp.verify.sms","otp.verify.whatsapp","magicLink.verify","enchantedLink.signUp","enchantedLink.signIn","oauth.exchange","saml.exchange","totp.verify","webauthn.signIn.finish","webauthn.signUp.finish","refresh"],m)};x.RefreshTokenCookieName="DSR",x.SessionTokenCookieName="DS";export{x as default}; | ||
| //# sourceMappingURL=index.esm.js.map |
| { | ||
| "name": "@descope/node-sdk", | ||
| "version": "1.0.4-alpha.13", | ||
| "version": "1.0.4-alpha.14", | ||
| "description": "Node.js library used to integrate with Descope", | ||
@@ -98,3 +98,3 @@ "typings": "./dist/index.d.ts", | ||
| "dependencies": { | ||
| "@descope/core-js-sdk": "0.0.41-alpha.46", | ||
| "@descope/core-js-sdk": "0.0.41-alpha.47", | ||
| "jose": "4.11.2", | ||
@@ -101,0 +101,0 @@ "node-fetch": "2.6.7" |
@@ -225,15 +225,21 @@ # Descope SDK for Node.js | ||
| Every secure request performed between your client and server needs to be validated. The client sends | ||
| the session and refresh tokens with every request, and they are validated using: | ||
| the session and refresh tokens with every request, and they are validated using one of the following: | ||
| ```typescript | ||
| // The response will contain all token information including the raw JWT, parsed JWT and cookies | ||
| const authInfo = await descopeClient.validateSession('sessionToken', 'refreshToken'); | ||
| // Validate the session. Will throw if expired | ||
| const authInfo = await descopeClient.validateSession('sessionToken'); | ||
| // If validateSession throws an exception, you will need to refresh the session using | ||
| const authInfo = await descopeClient.refreshSession('refreshToken'); | ||
| // Alternatively, you could combine the two and | ||
| // have the session validated and automatically refreshed when expired | ||
| const authInfo = await descopeClient.validateAndRefreshSession('sessionToken', 'refreshToken'); | ||
| ``` | ||
| These function will validate the session and also refresh it in the event it has expired. | ||
| It returns the given session token if it's still valid, or a new one if it was refreshed. | ||
| Choose the right session validation and refresh combination that suits your needs. | ||
| Refreshed sessions return the same response as is returned when users first sign up / log in, | ||
| containing the session and refresh tokens, as well as all of the JWT claims. | ||
| Make sure to return the session token from the response to the client if tokens are validated directly. | ||
| The `refreshToken` is optional here to validate a session, but is required to refresh the session in the event it has expired. | ||
| Usually, the tokens can be passed in and out via HTTP headers or via a cookie. | ||
@@ -240,0 +246,0 @@ The implementation can defer according to your implementation. See our [examples](#code-examples) for a few examples. |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by2.27%
170026
- Lines of code
- increased by1.22%
583
- Number of lines in readme file
- increased by0.93%
651
Dependency changes
+ Added@descope/core-js-sdk@0.0.41-alpha.47(transitive)
- Removed@descope/core-js-sdk@0.0.41-alpha.46(transitive)