import type { JWK } from 'jose'; import type { CallbackParamsType, IssuerMetadata } from 'openid-client'; export * from './ee/identity-federation/types'; export * from './sso-traces/types'; export * from './directory-sync/types'; export * from './event/types'; import db from './db/db'; import { EventCallback } from './typings'; export type DB = Awaited>; export interface OryRes { projectId?: string; domains?: string[]; organizationId?: string; error: any | undefined; } export interface OryConfig extends OryRes { sdkToken?: string; } export interface SSOConnection { defaultRedirectUrl: string; redirectUrl: string[] | string; tenant: string; product: string; name?: string; label?: string; description?: string; ory?: OryConfig; sortOrder?: number | null; } export interface SAMLSSOConnection extends SSOConnection { forceAuthn?: boolean | string; identifierFormat?: string; } export interface SAMLSSOConnectionWithRawMetadata extends SAMLSSOConnection { rawMetadata: string; encodedRawMetadata?: never; metadataUrl?: string; } export interface SAMLSSOConnectionWithEncodedMetadata extends SAMLSSOConnection { rawMetadata?: never; encodedRawMetadata: string; metadataUrl?: string; } interface OIDCSSOConnection extends SSOConnection { oidcClientId: string; oidcClientSecret: string; } export interface OIDCSSOConnectionWithMetadata extends OIDCSSOConnection { oidcDiscoveryUrl?: never; oidcMetadata: IssuerMetadata; } export interface OIDCSSOConnectionWithDiscoveryUrl extends OIDCSSOConnection { oidcDiscoveryUrl: string; oidcMetadata?: never; } export interface SAMLSSORecord extends SAMLSSOConnection { clientID: string; clientSecret: string; metadataUrl?: string; idpMetadata: { entityID: string; loginType?: string; provider: string | 'Unknown'; friendlyProviderName: string | null; slo: { postUrl?: string; redirectUrl?: string; }; sso: { postUrl?: string; redirectUrl?: string; }; thumbprint?: string; publicKey?: string; validTo?: string; }; deactivated?: boolean; } export interface OIDCSSORecord extends SSOConnection { clientID: string; clientSecret: string; oidcProvider: { provider: string | 'Unknown'; friendlyProviderName: string | null; discoveryUrl?: string; metadata?: IssuerMetadata; clientId: string; clientSecret: string; }; deactivated?: boolean; } export type ConnectionType = 'saml' | 'oidc'; type ClientIDQuery = { clientID: string; }; type TenantQuery = { tenant: string; product: string; strategy?: ConnectionType; }; type TenantProduct = { tenant: string; product: string; }; export type GetConnectionsQuery = ClientIDQuery | TenantQuery | { entityId: string; } | { tenant: string[]; product: string; sort?: boolean; }; export type GetIDPEntityIDBody = TenantProduct; export type DelConnectionsQuery = (ClientIDQuery & { clientSecret: string; }) | TenantQuery; export type GetConfigQuery = ClientIDQuery | Omit; export type DelConfigQuery = (ClientIDQuery & { clientSecret: string; }) | Omit; export type UpdateConnectionParams = TenantProduct & { clientID: string; clientSecret: string; name?: string; label?: string; description?: string; defaultRedirectUrl?: string; redirectUrl?: string[] | string; deactivated?: boolean; ory?: OryConfig; sortOrder?: number | null; }; export type UpdateSAMLConnectionParams = UpdateConnectionParams & { encodedRawMetadata?: string; metadataUrl?: string; rawMetadata?: string; forceAuthn?: boolean; identifierFormat?: string; }; export type UpdateOIDCConnectionParams = UpdateConnectionParams & { oidcDiscoveryUrl?: string; oidcMetadata?: IssuerMetadata; oidcClientId?: string; oidcClientSecret?: string; }; export interface IConnectionAPIController { /** * @deprecated Use `createSAMLConnection` instead. */ config(body: SAMLSSOConnection): Promise; createSAMLConnection(body: SAMLSSOConnectionWithRawMetadata | SAMLSSOConnectionWithEncodedMetadata): Promise; createOIDCConnection(body: OIDCSSOConnectionWithDiscoveryUrl | OIDCSSOConnectionWithMetadata): Promise; /** * @deprecated Use `updateSAMLConnection` instead. */ updateConfig(body: UpdateSAMLConnectionParams): Promise; updateSAMLConnection(body: UpdateSAMLConnectionParams): Promise; updateOIDCConnection(body: UpdateOIDCConnectionParams): Promise; getConnections(body: GetConnectionsQuery): Promise>; getIDPEntityID(body: GetIDPEntityIDBody): string; /** * @deprecated Use `getConnections` instead. */ getConfig(body: GetConfigQuery): Promise>; deleteConnections(body: DelConnectionsQuery): Promise; /** * @deprecated Use `deleteConnections` instead. */ deleteConfig(body: DelConfigQuery): Promise; getConnectionsByProduct(body: GetByProductParams): Promise<{ data: (SAMLSSORecord | OIDCSSORecord)[]; pageToken?: string; }>; getCount(idx?: Index): Promise; } export interface IOAuthController { authorize(body: OAuthReq): Promise<{ redirect_url?: string; authorize_form?: string; }>; samlResponse(body: SAMLResponsePayload): Promise<{ redirect_url?: string; app_select_form?: string; response_form?: string; }>; oidcAuthzResponse(body: OIDCAuthzResponsePayload): Promise<{ redirect_url?: string; response_form?: string; }>; token(body: OAuthTokenReq): Promise; userInfo(token: string): Promise; } export interface IAdminController { getAllConnection(pageOffset?: number, pageLimit?: number, pageToken?: string): any; getAllSSOTraces(pageOffset: number, pageLimit: number, pageToken?: string): any; getSSOTraceById(traceId: string): any; getTracesByProduct(product: string, pageOffset: number, pageLimit: number, pageToken?: string): any; deleteTracesByProduct(product: string): any; } export interface IHealthCheckController { status(): Promise<{ status: number; }>; init(): Promise; } export interface ILogoutController { createRequest(body: SLORequestParams): Promise<{ logoutUrl: string | null; logoutForm: string | null; }>; handleResponse(body: SAMLResponsePayload): Promise; } export interface IOidcDiscoveryController { openidConfig(): { issuer: string; authorization_endpoint: string; token_endpoint: string; userinfo_endpoint: string; jwks_uri: string; response_types_supported: Array; subject_types_supported: Array; id_token_signing_alg_values_supported: Array; grant_types_supported: Array; code_challenge_methods_supported: Array; }; jwks(): Promise<{ keys: JWK[]; }>; } export interface OAuthReqBody { state: string; response_type: 'code'; redirect_uri: string; code_challenge: string; code_challenge_method: 'plain' | 'S256' | ''; scope?: string; nonce?: string; idp_hint?: string; forceAuthn?: string; login_hint?: string; [key: string]: unknown; } export interface OAuthReqBodyWithClientId extends OAuthReqBody { client_id: string; tenant?: undefined; product?: undefined; access_type?: undefined; resource?: undefined; } export interface OAuthReqBodyWithTenantProduct extends OAuthReqBody { client_id: 'dummy'; tenant: string; product: string; access_type?: undefined; resource?: undefined; } export interface OAuthReqBodyWithAccessType extends OAuthReqBody { client_id: 'dummy'; access_type: string; tenant?: undefined; product?: undefined; resource?: undefined; } export interface OAuthReqBodyWithResource extends OAuthReqBody { client_id: 'dummy'; resource: string; tenant?: undefined; product?: undefined; access_type?: undefined; } export type OAuthReq = OAuthReqBodyWithClientId | OAuthReqBodyWithTenantProduct | OAuthReqBodyWithAccessType | OAuthReqBodyWithResource; export type OIDCIdPInitiatedReq = { iss: string; login_hint?: string; target_link_uri?: string; }; export interface SAMLResponsePayload { SAMLResponse: string; RelayState: string; idp_hint?: string; } export type OIDCAuthzResponsePayload = CallbackParamsType; interface OAuthTokenReqBody { code: string; grant_type: 'authorization_code'; redirect_uri: string; } export interface OAuthTokenReqWithCodeVerifier extends OAuthTokenReqBody { code_verifier: string; client_id?: never; client_secret?: never; } export interface OAuthTokenReqWithCredentials extends OAuthTokenReqBody { code_verifier?: never; client_id: string; client_secret: string; } export type OAuthTokenReq = OAuthTokenReqWithCodeVerifier | OAuthTokenReqWithCredentials; export interface OAuthTokenRes { access_token: string; id_token?: string; token_type: 'bearer'; expires_in: number; } export interface Profile { id: string; idHash: string; sub?: string; email: string; firstName: string; lastName: string; roles?: string[]; groups?: string[]; requested: Record; raw: any; } export interface Index { name: string; value: string; } export interface Records { data: T[]; pageToken?: string; } export interface DatabaseDriver { getAll(namespace: string, pageOffset?: number, pageLimit?: number, pageToken?: string, sortOrder?: SortOrder): Promise; get(namespace: string, key: string): Promise; put(namespace: string, key: string, val: any, ttl: number, ...indexes: Index[]): Promise; delete(namespace: string, key: string): Promise; getByIndex(namespace: string, idx: Index, pageOffset?: number, pageLimit?: number, pageToken?: string, sortOrder?: SortOrder): Promise; getCount?(namespace: string, idx?: Index): Promise; deleteMany(namespace: string, keys: string[]): Promise; close(): Promise; } export interface Storable { getAll(pageOffset?: number, pageLimit?: number, pageToken?: string, sortOrder?: SortOrder): Promise; get(key: string): Promise; put(key: string, val: any, ...indexes: Index[]): Promise; delete(key: string): Promise; getByIndex(idx: Index, pageOffset?: number, pageLimit?: number, pageToken?: string, sortOrder?: SortOrder): Promise; getCount(idx?: Index): Promise; deleteMany(keys: string[]): Promise; } export interface DatabaseStore { store(namespace: string): Storable; } export interface Encrypted { iv?: string; tag?: string; value: string; } export type EncryptionKey = any; export type DatabaseEngine = 'redis' | 'sql' | 'mongo' | 'mem' | 'planetscale' | 'dynamodb'; export type DatabaseType = 'postgres' | 'mysql' | 'mariadb' | 'mssql' | 'sqlite'; export interface DatabaseOption { engine?: DatabaseEngine; url?: string; type?: DatabaseType; ttl?: number; cleanupLimit?: number; encryptionKey?: string; pageLimit?: number; ssl?: any; dynamodb?: { region?: string; readCapacityUnits?: number; writeCapacityUnits?: number; }; manualMigration?: boolean; } export interface DatabaseDriverOption { driver: DatabaseDriver; encryptionKey?: string; ttl?: number; cleanupLimit?: number; pageLimit?: number; manualMigration?: boolean; } export interface JacksonOption { externalUrl: string; samlPath: string; oidcPath?: string; samlAudience?: string; preLoadedConnection?: string; idpEnabled?: boolean; db: DatabaseOption | DatabaseDriverOption; clientSecretVerifier?: string; idpDiscoveryPath?: string; scimPath?: string; openid?: { jwsAlg?: string; jwtSigningKeys?: { private: string; public: string; }; requestProfileScope?: boolean; forwardOIDCParams?: boolean; }; certs?: { publicKey: string; privateKey: string; }; boxyhqLicenseKey?: string; retraced?: { host?: string; adminToken?: string; }; noAnalytics?: boolean; terminus?: { host?: string; adminToken?: string; }; webhook?: Webhook; dsync?: { webhookBatchSize?: number; webhookBatchCronInterval?: number; debugWebhooks?: boolean; providers?: { google: { clientId: string; clientSecret: string; authorizePath: string; callbackPath: string; cronInterval?: number; }; }; callback?: EventCallback; }; /** The number of days a setup link is valid for. Defaults to 3 days. */ setupLinkExpiryDays?: number; boxyhqHosted?: boolean; ory?: { projectId: string | undefined; sdkToken: string | undefined; }; } export interface SLORequestParams { nameId: string; tenant: string; product: string; redirectUrl?: string; } interface Metadata { sso: { postUrl?: string; redirectUrl: string; }; slo: { redirectUrl?: string; postUrl?: string; }; entityID: string; thumbprint: string; loginType: 'idp' | 'sp'; provider: string; } export interface SAMLConnection { idpMetadata: Metadata; defaultRedirectUrl: string; } export interface OAuthErrorHandlerParams { error: 'invalid_request' | 'access_denied' | 'unauthorized_client' | 'unsupported_response_type' | 'invalid_scope' | 'server_error' | 'temporarily_unavailable' | OIDCErrorCodes; error_description?: string; redirect_uri: string; state?: string; } export type OIDCErrorCodes = 'interaction_required' | 'login_required' | 'account_selection_required' | 'consent_required' | 'invalid_request_uri' | 'invalid_request_object' | 'request_not_supported' | 'request_uri_not_supported' | 'registration_not_supported'; export interface ISPSSOConfig { oidcRedirectURI: string; get(): Promise<{ acsUrl: string; entityId: string; response: string; assertionSignature: string; signatureAlgorithm: string; publicKey: string; publicKeyString: string; }>; toMarkdown(): string; toXMLMetadata(boolean?: any): Promise; } export interface ApiError { message: string; code: number; } export type SetupLink = { setupID: string; tenant: string; name?: string; description?: string; defaultRedirectUrl?: string; redirectUrl?: string; product: string; url: string; service: SetupLinkService; validTill: number; webhook_url?: string; webhook_secret?: string; }; export type SetupLinkCreatePayload = (Pick & { service: 'dsync'; regenerate?: boolean; expiryDays?: number; }) | (Pick & { service: 'sso'; regenerate?: boolean; expiryDays?: number; }); export type SetupLinkService = 'sso' | 'dsync'; export type AdminPortalSettings = { branding: AdminPortalBranding; }; export type AdminPortalBranding = { logoUrl: string | null; faviconUrl: string | null; primaryColor: string | null; companyName: string | null; }; export type Webhook = { endpoint: string; secret: string; }; export type GetByProductParams = { product: string; pageOffset?: number; pageLimit?: number; pageToken?: string; }; export type SortOrder = 'ASC' | 'DESC'; export interface ProductConfig { id: string; name: string | null; teamId: string | null; teamName: string | null; logoUrl: string | null; primaryColor: string | null; faviconUrl: string | null; companyName: string | null; ory: OryConfig | null; development?: boolean; }