import type { AxiosPromise, AxiosInstance } from 'axios'; import { ApsServiceRequestConfig, IApsConfiguration, SdkManager, ApiResponse } from "@aps_sdk/autodesk-sdkmanager"; import { RequestArgs, BaseApi } from '../base'; import { GrantType } from '../model'; import { IntrospectToken } from '../model'; import { Jwks } from '../model'; import { OidcSpec } from '../model'; import { ResponseType } from '../model'; import { Scopes } from '../model'; import { TokenTypeHint } from '../model'; /** * TokenApi - axios parameter creator * @export */ export declare const TokenApiAxiosParamCreator: (apsConfiguration?: IApsConfiguration) => { /** * Returns a browser URL to redirect an end user in order to acquire the user’s consent to authorize the application to access resources on their behalf. Invoking this operation is the first step in authenticating users and retrieving an authorization code grant. The authorization code that is generated remains valid for 5 minutes, while the ID token stays valid for 60 minutes. Any access tokens you obtain are valid for 60 minutes, and refresh tokens remain valid for 15 days. This operation has a rate limit of 500 calls per minute. **Note:** This operation is intended for use with client-side applications only. It is not suitable for server-side applications. * @summary Authorize User * @param {string} clientId The Client ID of the calling application, as registered with APS. * @param {ResponseType} responseType The type of response you want to receive. Possible values are: - ``code`` - Authorization code grant. - ``id_token`` - OpenID Connect ID token. * @param {string} redirectUri The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application as registered with APS. Must be specified as a URL-safe string. It can include query parameters or any other valid URL construct. * @param {string} [nonce] A random string that is sent with the request. APS passes back the same string to you so that you can verify whether you received the same string that you sent. This check mitigates token replay attacks * @param {string} [state] A URL-encoded random string. The authorization flow will pass the same string back to the Callback URL using the ``state`` query string parameter. This process helps ensure that the callback you receive is a response to what you originally requested. It prevents malicious actors from forging requests. The string can only contain alphanumeric characters, commas, periods, underscores, and hyphens. * @param {Scopes} [scopes] A URL-encoded space-delimited list of requested scopes. See the `Developer\'s Guide documentation on scopes </en/docs/oauth/v2/developers_guide/scopes/>`_ for a list of valid values you can provide. The string you specify for this parameter must not exceed 2000 characters and it cannot contain more than 50 scopes. * @param {string} [responseMode] Specifies how the authorization response should be returned. Valid values are: - ``fragment`` - Encode the response parameters in the fragment of the redirect URI. A fragment in a URI is the optional part of the URI that appears after a ``#`` symbol, which refers to a specific section within a resource. For example, ``section`` in ``https://www.mysite.org/myresource#section``. - ``form_post`` - Embed the authorization response parameter in an HTML form. - ``query`` - Embed the authorization response as a query string parameter of the redirect URI. If ``id_token`` is stated as ``response_type``, only ``form_post`` is allowed as ``response_mode``.\' * @param {string} [prompt] Specifies how to prompt users for authentication. Possible values are: - ``login`` : Always prompt the user for authentication, regardless of the state of the login session. **Note:** If you do not specify this parameter, the system will not prompt the user for authentication as long as a login session is active. If a login session is not active, the system will prompt the user for authentication. * @param {string} [authoptions] A JSON object containing options that specify how to display the sign-in page. Refer the `Developer\'s Guide documentation on AuthOptions </en/docs/oauth/v2/developers_guide/authoptions/>`_ for supported values. * @param {string} [codeChallenge] A URL-encoded string derived from the code verifier sent in the authorization request with the Proof Key for Code Exchange (PKCE) grant flow. * @param {string} [codeChallengeMethod] The method used to derive the code challenge for the PKCE grant flow. Possible value is: - ``S256``- Hashes the code verifier using the SHA-256 algorithm and then applies Base64 URL encoding. * @param {*} [options] Override http request option. * @throws {RequiredError} */ authorize: (clientId: string, responseType: ResponseType, redirectUri: string, nonce?: string, state?: string, scopes?: Array, responseMode?: string, prompt?: string, authoptions?: string, codeChallenge?: string, codeChallengeMethod?: string) => string; /** * Returns an access token or refresh token. * If `grant_type` is `authorization_code`, returns a 3-legged access token for authorization code grant. * If `grant_type` is `client_credentials`, returns a 2-legged access token for client credentials grant. * If `grant_type` is `refresh_token`, returns new access token using the refresh token provided in the request. Traditional Web Apps and Server-to-Server Apps should use the ``Authorization`` header with Basic Authentication for this operation. Desktop, Mobile, and Single-Page Apps should use ``client_id`` in the form body instead. This operation has a rate limit of 500 calls per minute. * @summary Acquire Token * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {GrantType} [grantType] * @param {string} [code] The authorization code that was passed to your application when the user granted access permission to your application. It was passed as the ``code`` query parameter to the redirect URI when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. Required if `grant_type` is ``authorization_code``. * @param {string} [redirectUri] The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application registered with APS. Required if `grant_type` is ``authorization_code``. * @param {string} [codeVerifier] A random URL-encoded string between 43 characters and 128 characters. In a PKCE grant flow, the authentication server uses this string to verify the code challenge that was passed when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. Required if ``grant_type`` is `authorization_code` and ``code_challenge`` was specified when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. * @param {string} [refreshToken] The refresh token used to acquire a new access token and a refresh token. Required if ``grant_type`` is ``refresh_token``. * @param {Scopes} [scopes] * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} */ fetchToken: (authorization?: string, grantType?: GrantType, code?: string, redirectUri?: string, codeVerifier?: string, refreshToken?: string, scopes?: Array, clientId?: string, options?: ApsServiceRequestConfig) => Promise; /** * Returns a set of public keys in the JSON Web Key Set (JWKS) format. Public keys returned by this operation can be used to validate the asymmetric JWT signature of an access token without making network calls. It can be used to validate both two-legged access tokens and three-legged access tokens. See the Developer\'s Guide topic on `Asymmetric Signing `_ for more information. * @summary Get JWKS * @param {*} [options] Override http request option. * @throws {RequiredError} */ getKeys: (options?: ApsServiceRequestConfig) => Promise; /** * Returns an OpenID Connect Discovery Specification compliant JSON document. It contains a list of the OpenID/OAuth endpoints, supported scopes, claims, public keys used to sign the tokens, and other details. * @summary Get OIDC Specification * @param {*} [options] Override http request option. * @throws {RequiredError} */ getOidcSpec: (options?: ApsServiceRequestConfig) => Promise; /** * Returns metadata about the specified access token or reference token. An application can only introspect its own tokens. This operation has a rate limit of 500 calls per minute. * @summary Introspect Token * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {string} [token] The token to be introspected. * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param accessToken bearer access token * @param {*} [options] Override http request option. * @throws {RequiredError} */ introspectToken: (authorization?: string, token?: string, clientId?: string, options?: ApsServiceRequestConfig) => Promise; /** * Signs out the currently authenticated user from the APS authorization server. Thereafter, this operation redirects the user to the ``post_logout_redirect_uri``, or to the Autodesk Sign-in page when no ``post_logout_redirect_uri`` is provided. This operation has a rate limit of 500 calls per minute. * @summary Logout * @param {string} [postLogoutRedirectUri] The URI to redirect your users to once logout is performed. If you do not specify this parameter your users are redirected to the Autodesk Sign-in page. **Note:** You must provide a redirect URI that is pre-registered with APS. This precaution is taken to prevent unauthorized applications from hijacking the logout process. * @throws {RequiredError} */ logout: (postLogoutRedirectUri?: string) => string; /** * Revokes an active access token or refresh token. An application can only revoke its own tokens. This operation has a rate limit of 100 calls per minute. * @summary Revoke Token * @param {string} token The token to be revoked. * @param {TokenTypeHint} tokenTypeHint * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} */ revoke: (token: string, tokenTypeHint: TokenTypeHint, authorization?: string, clientId?: string, options?: ApsServiceRequestConfig) => Promise; }; /** * TokenApi - functional programming interface * @export */ export declare const TokenApiFp: (sdkManager?: SdkManager) => { /** * Returns a browser URL to redirect an end user in order to acquire the user’s consent to authorize the application to access resources on their behalf. Invoking this operation is the first step in authenticating users and retrieving an authorization code grant. The authorization code that is generated remains valid for 5 minutes, while the ID token stays valid for 60 minutes. Any access tokens you obtain are valid for 60 minutes, and refresh tokens remain valid for 15 days. This operation has a rate limit of 500 calls per minute. **Note:** This operation is intended for use with client-side applications only. It is not suitable for server-side applications. * @summary Authorize User * @param {string} clientId The Client ID of the calling application, as registered with APS. * @param {ResponseType} responseType The type of response you want to receive. Possible values are: - ``code`` - Authorization code grant. - ``id_token`` - OpenID Connect ID token. * @param {string} redirectUri The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application as registered with APS. Must be specified as a URL-safe string. It can include query parameters or any other valid URL construct. * @param {string} [nonce] A random string that is sent with the request. APS passes back the same string to you so that you can verify whether you received the same string that you sent. This check mitigates token replay attacks * @param {string} [state] A URL-encoded random string. The authorization flow will pass the same string back to the Callback URL using the ``state`` query string parameter. This process helps ensure that the callback you receive is a response to what you originally requested. It prevents malicious actors from forging requests. The string can only contain alphanumeric characters, commas, periods, underscores, and hyphens. * @param {Scopes} [scope] A URL-encoded space-delimited list of requested scopes. See the `Developer\'s Guide documentation on scopes </en/docs/oauth/v2/developers_guide/scopes/>`_ for a list of valid values you can provide. The string you specify for this parameter must not exceed 2000 characters and it cannot contain more than 50 scopes. * @param {string} [responseMode] Specifies how the authorization response should be returned. Valid values are: - ``fragment`` - Encode the response parameters in the fragment of the redirect URI. A fragment in a URI is the optional part of the URI that appears after a ``#`` symbol, which refers to a specific section within a resource. For example, ``section`` in ``https://www.mysite.org/myresource#section``. - ``form_post`` - Embed the authorization response parameter in an HTML form. - ``query`` - Embed the authorization response as a query string parameter of the redirect URI. If ``id_token`` is stated as ``response_type``, only ``form_post`` is allowed as ``response_mode``.\' * @param {string} [prompt] Specifies how to prompt users for authentication. Possible values are: - ``login`` : Always prompt the user for authentication, regardless of the state of the login session. **Note:** If you do not specify this parameter, the system will not prompt the user for authentication as long as a login session is active. If a login session is not active, the system will prompt the user for authentication. * @param {string} [authoptions] A JSON object containing options that specify how to display the sign-in page. Refer the `Developer\'s Guide documentation on AuthOptions </en/docs/oauth/v2/developers_guide/authoptions/>`_ for supported values. * @param {string} [codeChallenge] A URL-encoded string derived from the code verifier sent in the authorization request with the Proof Key for Code Exchange (PKCE) grant flow. * @param {string} [codeChallengeMethod] The method used to derive the code challenge for the PKCE grant flow. Possible value is: - ``S256``- Hashes the code verifier using the SHA-256 algorithm and then applies Base64 URL encoding. * @param {*} [options] Override http request option. * @throws {RequiredError} */ authorize(clientId: string, responseType: ResponseType, redirectUri: string, nonce?: string, state?: string, scopes?: Array, responseMode?: string, prompt?: string, authoptions?: string, codeChallenge?: string, codeChallengeMethod?: string): string; /** * Returns an access token or refresh token. * If `grant_type` is `authorization_code`, returns a 3-legged access token for authorization code grant. * If `grant_type` is `client_credentials`, returns a 2-legged access token for client credentials grant. * If `grant_type` is `refresh_token`, returns new access token using the refresh token provided in the request. Traditional Web Apps and Server-to-Server Apps should use the ``Authorization`` header with Basic Authentication for this operation. Desktop, Mobile, and Single-Page Apps should use ``client_id`` in the form body instead. This operation has a rate limit of 500 calls per minute. * @summary Acquire Token * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {GrantType} [grantType] * @param {string} [code] The authorization code that was passed to your application when the user granted access permission to your application. It was passed as the ``code`` query parameter to the redirect URI when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. Required if `grant_type` is ``authorization_code``. * @param {string} [redirectUri] The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application registered with APS. Required if `grant_type` is ``authorization_code``. * @param {string} [codeVerifier] A random URL-encoded string between 43 characters and 128 characters. In a PKCE grant flow, the authentication server uses this string to verify the code challenge that was passed when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. Required if ``grant_type`` is `authorization_code` and ``code_challenge`` was specified when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. * @param {string} [refreshToken] The refresh token used to acquire a new access token and a refresh token. Required if ``grant_type`` is ``refresh_token``. * @param {Scopes} [scope] * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} */ fetchToken(authorization?: string, grantType?: GrantType, code?: string, redirectUri?: string, codeVerifier?: string, refreshToken?: string, scopes?: Array, clientId?: string, options?: ApsServiceRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>; /** * Returns a set of public keys in the JSON Web Key Set (JWKS) format. Public keys returned by this operation can be used to validate the asymmetric JWT signature of an access token without making network calls. It can be used to validate both two-legged access tokens and three-legged access tokens. See the Developer\'s Guide topic on `Asymmetric Signing `_ for more information. * @summary Get JWKS * @param {*} [options] Override http request option. * @throws {RequiredError} */ getKeys(options?: ApsServiceRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>; /** * Returns an OpenID Connect Discovery Specification compliant JSON document. It contains a list of the OpenID/OAuth endpoints, supported scopes, claims, public keys used to sign the tokens, and other details. * @summary Get OIDC Specification * @param {*} [options] Override http request option. * @throws {RequiredError} */ getOidcSpec(options?: ApsServiceRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>; /** * Returns metadata about the specified access token or reference token. An application can only introspect its own tokens. This operation has a rate limit of 500 calls per minute. * @summary Introspect Token * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {string} [token] The token to be introspected. * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} */ introspectToken(authorization?: string, token?: string, clientId?: string, options?: ApsServiceRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>; /** * Signs out the currently authenticated user from the APS authorization server. Thereafter, this operation redirects the user to the ``post_logout_redirect_uri``, or to the Autodesk Sign-in page when no ``post_logout_redirect_uri`` is provided. This operation has a rate limit of 500 calls per minute. * @summary Logout * @param {string} [postLogoutRedirectUri] The URI to redirect your users to once logout is performed. If you do not specify this parameter your users are redirected to the Autodesk Sign-in page. **Note:** You must provide a redirect URI that is pre-registered with APS. This precaution is taken to prevent unauthorized applications from hijacking the logout process. * @throws {RequiredError} */ logout(postLogoutRedirectUri?: string): string; /** * Revokes an active access token or refresh token. An application can only revoke its own tokens. This operation has a rate limit of 100 calls per minute. * @summary Revoke Token * @param {string} token The token to be revoked. * @param {TokenTypeHint} tokenTypeHint * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} */ revoke(token: string, tokenTypeHint: TokenTypeHint, authorization?: string, clientId?: string, options?: ApsServiceRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise>; }; /** * TokenApi - interface * @export * @interface TokenApi */ export interface TokenApiInterface { /** * Returns a browser URL to redirect an end user in order to acquire the user’s consent to authorize the application to access resources on their behalf. Invoking this operation is the first step in authenticating users and retrieving an authorization code grant. The authorization code that is generated remains valid for 5 minutes, while the ID token stays valid for 60 minutes. Any access tokens you obtain are valid for 60 minutes, and refresh tokens remain valid for 15 days. This operation has a rate limit of 500 calls per minute. **Note:** This operation is intended for use with client-side applications only. It is not suitable for server-side applications. * @summary Authorize User * @param {string} clientId The Client ID of the calling application, as registered with APS. * @param {ResponseType} responseType The type of response you want to receive. Possible values are: - ``code`` - Authorization code grant. - ``id_token`` - OpenID Connect ID token. * @param {string} redirectUri The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application as registered with APS. Must be specified as a URL-safe string. It can include query parameters or any other valid URL construct. * @param {string} [nonce] A random string that is sent with the request. APS passes back the same string to you so that you can verify whether you received the same string that you sent. This check mitigates token replay attacks * @param {string} [state] A URL-encoded random string. The authorization flow will pass the same string back to the Callback URL using the ``state`` query string parameter. This process helps ensure that the callback you receive is a response to what you originally requested. It prevents malicious actors from forging requests. The string can only contain alphanumeric characters, commas, periods, underscores, and hyphens. * @param {Scopes} [scope] A URL-encoded space-delimited list of requested scopes. See the `Developer\'s Guide documentation on scopes </en/docs/oauth/v2/developers_guide/scopes/>`_ for a list of valid values you can provide. The string you specify for this parameter must not exceed 2000 characters and it cannot contain more than 50 scopes. * @param {string} [responseMode] Specifies how the authorization response should be returned. Valid values are: - ``fragment`` - Encode the response parameters in the fragment of the redirect URI. A fragment in a URI is the optional part of the URI that appears after a ``#`` symbol, which refers to a specific section within a resource. For example, ``section`` in ``https://www.mysite.org/myresource#section``. - ``form_post`` - Embed the authorization response parameter in an HTML form. - ``query`` - Embed the authorization response as a query string parameter of the redirect URI. If ``id_token`` is stated as ``response_type``, only ``form_post`` is allowed as ``response_mode``.\' * @param {string} [prompt] Specifies how to prompt users for authentication. Possible values are: - ``login`` : Always prompt the user for authentication, regardless of the state of the login session. **Note:** If you do not specify this parameter, the system will not prompt the user for authentication as long as a login session is active. If a login session is not active, the system will prompt the user for authentication. * @param {string} [authoptions] A JSON object containing options that specify how to display the sign-in page. Refer the `Developer\'s Guide documentation on AuthOptions </en/docs/oauth/v2/developers_guide/authoptions/>`_ for supported values. * @param {string} [codeChallenge] A URL-encoded string derived from the code verifier sent in the authorization request with the Proof Key for Code Exchange (PKCE) grant flow. * @param {string} [codeChallengeMethod] The method used to derive the code challenge for the PKCE grant flow. Possible value is: - ``S256``- Hashes the code verifier using the SHA-256 algorithm and then applies Base64 URL encoding. * @param accessToken bearer access token * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApiInterface */ authorize(clientId: string, responseType: ResponseType, redirectUri: string, nonce?: string, state?: string, scopes?: Array, responseMode?: string, prompt?: string, authoptions?: string, codeChallenge?: string, codeChallengeMethod?: string): string; /** * Returns an access token or refresh token. * If `grant_type` is `authorization_code`, returns a 3-legged access token for authorization code grant. * If `grant_type` is `client_credentials`, returns a 2-legged access token for client credentials grant. * If `grant_type` is `refresh_token`, returns new access token using the refresh token provided in the request. Traditional Web Apps and Server-to-Server Apps should use the ``Authorization`` header with Basic Authentication for this operation. Desktop, Mobile, and Single-Page Apps should use ``client_id`` in the form body instead. This operation has a rate limit of 500 calls per minute. * @summary Acquire Token * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {GrantType} [grantType] * @param {string} [code] The authorization code that was passed to your application when the user granted access permission to your application. It was passed as the ``code`` query parameter to the redirect URI when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. Required if `grant_type` is ``authorization_code``. * @param {string} [redirectUri] The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application registered with APS. Required if `grant_type` is ``authorization_code``. * @param {string} [codeVerifier] A random URL-encoded string between 43 characters and 128 characters. In a PKCE grant flow, the authentication server uses this string to verify the code challenge that was passed when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. Required if ``grant_type`` is `authorization_code` and ``code_challenge`` was specified when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. * @param {string} [refreshToken] The refresh token used to acquire a new access token and a refresh token. Required if ``grant_type`` is ``refresh_token``. * @param {Scopes} [scope] * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param accessToken bearer access token * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApiInterface */ fetchToken(authorization?: string, grantType?: GrantType, code?: string, redirectUri?: string, codeVerifier?: string, refreshToken?: string, scopes?: Array, clientId?: string, options?: ApsServiceRequestConfig): Promise; /** * Returns a set of public keys in the JSON Web Key Set (JWKS) format. Public keys returned by this operation can be used to validate the asymmetric JWT signature of an access token without making network calls. It can be used to validate both two-legged access tokens and three-legged access tokens. See the Developer\'s Guide topic on `Asymmetric Signing `_ for more information. * @summary Get JWKS * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApiInterface */ getKeys(options?: ApsServiceRequestConfig): Promise; /** * Returns an OpenID Connect Discovery Specification compliant JSON document. It contains a list of the OpenID/OAuth endpoints, supported scopes, claims, public keys used to sign the tokens, and other details. * @summary Get OIDC Specification * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApiInterface */ getOidcSpec(options?: ApsServiceRequestConfig): Promise; /** * Returns metadata about the specified access token or reference token. An application can only introspect its own tokens. This operation has a rate limit of 500 calls per minute. * @summary Introspect Token * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {string} [token] The token to be introspected. * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApiInterface */ introspectToken(authorization?: string, token?: string, clientId?: string, options?: ApsServiceRequestConfig): Promise; /** * Signs out the currently authenticated user from the APS authorization server. Thereafter, this operation redirects the user to the ``post_logout_redirect_uri``, or to the Autodesk Sign-in page when no ``post_logout_redirect_uri`` is provided. This operation has a rate limit of 500 calls per minute. * @summary Logout * @param {string} [postLogoutRedirectUri] The URI to redirect your users to once logout is performed. If you do not specify this parameter your users are redirected to the Autodesk Sign-in page. **Note:** You must provide a redirect URI that is pre-registered with APS. This precaution is taken to prevent unauthorized applications from hijacking the logout process. * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApiInterface */ logout(postLogoutRedirectUri?: string): string; /** * Revokes an active access token or refresh token. An application can only revoke its own tokens. This operation has a rate limit of 100 calls per minute. * @summary Revoke Token * @param {string} token The token to be revoked. * @param {TokenTypeHint} tokenTypeHint * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApiInterface */ revoke(token: string, tokenTypeHint: TokenTypeHint, authorization?: string, clientId?: string, options?: ApsServiceRequestConfig): Promise; } /** * TokenApi - object-oriented interface * @export * @class TokenApi * @extends {BaseApi} */ export declare class TokenApi extends BaseApi implements TokenApiInterface { private logger; /** * Returns a browser URL to redirect an end user in order to acquire the user’s consent to authorize the application to access resources on their behalf. Invoking this operation is the first step in authenticating users and retrieving an authorization code grant. The authorization code that is generated remains valid for 5 minutes, while the ID token stays valid for 60 minutes. Any access tokens you obtain are valid for 60 minutes, and refresh tokens remain valid for 15 days. This operation has a rate limit of 500 calls per minute. **Note:** This operation is intended for use with client-side applications only. It is not suitable for server-side applications. * @summary Authorize User * @param {string} clientId The Client ID of the calling application, as registered with APS. * @param {ResponseType} responseType The type of response you want to receive. Possible values are: - ``code`` - Authorization code grant. - ``id_token`` - OpenID Connect ID token. * @param {string} redirectUri The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application as registered with APS. Must be specified as a URL-safe string. It can include query parameters or any other valid URL construct. * @param {string} [nonce] A random string that is sent with the request. APS passes back the same string to you so that you can verify whether you received the same string that you sent. This check mitigates token replay attacks * @param {string} [state] A URL-encoded random string. The authorization flow will pass the same string back to the Callback URL using the ``state`` query string parameter. This process helps ensure that the callback you receive is a response to what you originally requested. It prevents malicious actors from forging requests. The string can only contain alphanumeric characters, commas, periods, underscores, and hyphens. * @param {Scopes} [scope] A URL-encoded space-delimited list of requested scopes. See the `Developer\'s Guide documentation on scopes </en/docs/oauth/v2/developers_guide/scopes/>`_ for a list of valid values you can provide. The string you specify for this parameter must not exceed 2000 characters and it cannot contain more than 50 scopes. * @param {string} [responseMode] Specifies how the authorization response should be returned. Valid values are: - ``fragment`` - Encode the response parameters in the fragment of the redirect URI. A fragment in a URI is the optional part of the URI that appears after a ``#`` symbol, which refers to a specific section within a resource. For example, ``section`` in ``https://www.mysite.org/myresource#section``. - ``form_post`` - Embed the authorization response parameter in an HTML form. - ``query`` - Embed the authorization response as a query string parameter of the redirect URI. If ``id_token`` is stated as ``response_type``, only ``form_post`` is allowed as ``response_mode``.\' * @param {string} [prompt] Specifies how to prompt users for authentication. Possible values are: - ``login`` : Always prompt the user for authentication, regardless of the state of the login session. **Note:** If you do not specify this parameter, the system will not prompt the user for authentication as long as a login session is active. If a login session is not active, the system will prompt the user for authentication. * @param {string} [authoptions] A JSON object containing options that specify how to display the sign-in page. Refer the `Developer\'s Guide documentation on AuthOptions </en/docs/oauth/v2/developers_guide/authoptions/>`_ for supported values. * @param {string} [codeChallenge] A URL-encoded string derived from the code verifier sent in the authorization request with the Proof Key for Code Exchange (PKCE) grant flow. * @param {string} [codeChallengeMethod] The method used to derive the code challenge for the PKCE grant flow. Possible value is: - ``S256``- Hashes the code verifier using the SHA-256 algorithm and then applies Base64 URL encoding. * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApi */ authorize(clientId: string, responseType: ResponseType, redirectUri: string, nonce?: string, state?: string, scopes?: Array, responseMode?: string, prompt?: string, authoptions?: string, codeChallenge?: string, codeChallengeMethod?: string): string; /** * Returns an access token or refresh token. * If `grant_type` is `authorization_code`, returns a 3-legged access token for authorization code grant. * If `grant_type` is `client_credentials`, returns a 2-legged access token for client credentials grant. * If `grant_type` is `refresh_token`, returns new access token using the refresh token provided in the request. Traditional Web Apps and Server-to-Server Apps should use the ``Authorization`` header with Basic Authentication for this operation. Desktop, Mobile, and Single-Page Apps should use ``client_id`` in the form body instead. This operation has a rate limit of 500 calls per minute. * @summary Acquire Token * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {GrantType} [grantType] * @param {string} [code] The authorization code that was passed to your application when the user granted access permission to your application. It was passed as the ``code`` query parameter to the redirect URI when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. Required if `grant_type` is ``authorization_code``. * @param {string} [redirectUri] The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application registered with APS. Required if `grant_type` is ``authorization_code``. * @param {string} [codeVerifier] A random URL-encoded string between 43 characters and 128 characters. In a PKCE grant flow, the authentication server uses this string to verify the code challenge that was passed when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. Required if ``grant_type`` is `authorization_code` and ``code_challenge`` was specified when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. * @param {string} [refreshToken] The refresh token used to acquire a new access token and a refresh token. Required if ``grant_type`` is ``refresh_token``. * @param {Scopes} [scopes] * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApi */ fetchToken(authorization?: string, grantType?: GrantType, code?: string, redirectUri?: string, codeVerifier?: string, refreshToken?: string, scopes?: Array, clientId?: string, options?: ApsServiceRequestConfig): Promise; /** * Returns a set of public keys in the JSON Web Key Set (JWKS) format. Public keys returned by this operation can be used to validate the asymmetric JWT signature of an access token without making network calls. It can be used to validate both two-legged access tokens and three-legged access tokens. See the Developer\'s Guide topic on `Asymmetric Signing `_ for more information. * @summary Get JWKS * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApi */ getKeys(options?: ApsServiceRequestConfig): Promise; /** * Returns an OpenID Connect Discovery Specification compliant JSON document. It contains a list of the OpenID/OAuth endpoints, supported scopes, claims, public keys used to sign the tokens, and other details. * @summary Get OIDC Specification * @param accessToken bearer access token * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApi */ getOidcSpec(options?: ApsServiceRequestConfig): Promise; /** * Returns metadata about the specified access token or reference token. An application can only introspect its own tokens. This operation has a rate limit of 500 calls per minute. * @summary Introspect Token * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {string} [token] The token to be introspected. * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApi */ introspectToken(authorization?: string, token?: string, clientId?: string, options?: ApsServiceRequestConfig): Promise; /** * Signs out the currently authenticated user from the APS authorization server. Thereafter, this operation redirects the user to the ``post_logout_redirect_uri``, or to the Autodesk Sign-in page when no ``post_logout_redirect_uri`` is provided. This operation has a rate limit of 500 calls per minute. * @summary Logout * @param {string} [postLogoutRedirectUri] The URI to redirect your users to once logout is performed. If you do not specify this parameter your users are redirected to the Autodesk Sign-in page. **Note:** You must provide a redirect URI that is pre-registered with APS. This precaution is taken to prevent unauthorized applications from hijacking the logout process. * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApi */ logout(postLogoutRedirectUri?: string): string; /** * Revokes an active access token or refresh token. An application can only revoke its own tokens. This operation has a rate limit of 100 calls per minute. * @summary Revoke Token * @param {string} token The token to be revoked. * @param {TokenTypeHint} tokenTypeHint * @param {string} [authorization] Must be ``Bearer <BASE64_ENCODED_STRING>`` where ``<BASE64_ENCODED_STRING>`` is the Base64 encoding of the concatenated string ``<CLIENT_ID>:<CLIENT_SECRET>``.\' **Note** This header is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {string} [clientId] The Client ID of the application making the request. **Note** This is required only for Traditional Web Apps and Server-to-Server Apps. It is not required for Desktop, Mobile, and Single-Page Apps. * @param {*} [options] Override http request option. * @throws {RequiredError} * @memberof TokenApi */ revoke(token: string, tokenTypeHint: TokenTypeHint, authorization?: string, clientId?: string, options?: ApsServiceRequestConfig): Promise; }