export * from './secutiry-poilicy'; export * from './enums'; export { FRONTEGG_SEPARATE_TABS_BY_TENANT } from './constants'; export { setTabTenantInSessionStorage, getTabTenantFromSessionStorage, getCurrentUserTenantsFunction, removeTabTenantFromSessionStorage, } from './utils'; import { ISamlRolesGroup } from '../teams/interfaces'; import { IAcceptInvitation, IAcceptInvitationWithOTC, IActivateAccount, IActivateAccountWithOTC, ISubmitApprovalAction, ISubmitApprovalActionResponse, IGetApprovalExecutionData, IApprovalExecutionDataResponse, IAllowedToRememberMfaDevice, ICreateSamlGroup, IDeleteApiToken, IDisableMfa, IEnrollMfaResponse, IForgotPassword, IGetActivateAccountStrategy, IGetActivateAccountStrategyResponse, IGetUserById, IGetUserPasswordConfig, IValidateResetPasswordToken, ILogin, ILoginResponse, ILoginViaSocialLogin, ILoginViaSocialLoginResponse, ILoginWithMfa, IOidcPostLogin, IOidcConfiguration, IPostLogin, IPreLogin, IRecoverMFAToken, IResendActivationEmail, IResetPassword, ISamlConfiguration, ISamlVendorConfigResponse, ISignUpResponse, ISignUpUser, ISocialLoginProviderConfiguration, ITenantApiTokensData, IUpdateSamlConfiguration, IUpdateSamlGroup, IUpdateSamlRoles, IUpdateSamlVendorMetadata, IUpdateTenantApiTokensData, IUpdateUserApiTokensData, IUserApiTokensData, IUserIdResponse, IVendorConfig, IVerifyMfa, IVerifyMfaResponse, TestConfig, ISSOPublicConfiguration, IPreLoginWithIdpTypeResponse, IPasswordlessPreLogin, IPasswordlessPostLogin, ICreateSSODomain, IVerifyInviteToken, ISSODomain, ISSOConfigurationDefaultRoles, ISSOConfiguration, IUpdateSSOConfiguration, IOidcPostLoginV2, IExchangeOAuthTokens, IOAuthTokenResponse, ISocialLoginProviderConfigurationV2, ILoginResponseV2, IResetPhoneNumber, IVerifyResetPhoneNumber, IChangePhoneNumber, IVerifyResetPhoneNumberResponse, IResetPhoneNumberResponse, IWebAuthnPreLogin, IWebAuthnPostLogin, IVerifyNewWebAuthnDevice, IWebAuthnPreLoginResponse, ICreateNewDeviceSessionResponse, IAuthStrategiesConfig, ISessionResponse, IChangePhoneNumberWithVerification, IChangePhoneNumberWithVerificationResponse, IVerifyChangePhoneNumber, ISessionConfigurations, IResendInvitationEmail, IPreEnrollMFA, IEnrollMFAAuthenticatorApp, IPreEnrollMFASMS, IEnrollMFASMS, IEnrollMFAWebAuthn, IPreEnrollMFAAuthenticatorAppResponse, IPreEnrollMFAWebAuthnResponse, IVerifyMFAAuthenticatorApp, IPreVerifyMFA, IPreVerifyMFASMSResponse, IVerifyMFASMS, IPreVerifyMFAWebAuthnResponse, IVerifyMFAWebAuthn, IPreEnrollMFASMSResponse, IPreDisableMFASMSResponse, IDisableMFASMS, IDisableMFAWebAuthn, IPreDisableMFAWebAuthnResponse, UserMFADevicesResponse, WithoutMFAToken, IMFAStrategiesResponse, IOAuthLogout, IGetUserAccessTokens, IGetTenantAccessTokens, IDeleteAccessToken, ICreateTenantAccessTokenData, ICreateUserAccessTokenData, IWebAuthnDevices, ICustomSocialLoginProviderConfigurationV1, ILoginResponseV3, IPreVerifyMFAEmailCodeResponse, IVerifyMFAEmailCode, ICreateOrUpdateSSOConfigurationByMetadataUrl, GenerateStepUpRequest, GenerateStepUpResponse, TSignupStrategyResponse, IPasswordRecoveryStrategy, IForgotPasswordV2, IResetPasswordViaSmsResponse, IVerifyPasswordViaSmsRequest, IVerifyPasswordViaSmsResponse } from './interfaces'; import { IGetUserAuthorizationResponse, IUserProfile } from '../users/interfaces'; import { BaseApiClient } from '../BaseApiClient'; import { SecurityPolicyApi } from './secutiry-poilicy'; export declare class AuthenticationApi extends BaseApiClient { private tenantsApi; private entitlementsApi; securityPolicy: SecurityPolicyApi; constructor(appName: string); generateLoginResponse: (loginResponse: ILoginResponse) => Promise; generateLoginResponseV2: (loginResponse: ILoginResponse) => Promise; /** * @returns true if entitlements load should be done */ shouldLoadEntitlements(): boolean; /** * @returns true if me authorization load should be done */ shouldLoadMeAuthorization(): boolean; generateLoginResponseV3: (loginResponse: ILoginResponse) => Promise; private resolveSessionTenant; generateLoginResponseFromOAuthResponse: (oauthResponse: IOAuthTokenResponse) => Promise; generateLoginResponseFromOAuthResponseV2: (oauthResponse: IOAuthTokenResponse) => Promise; /** * Check if requested email address has SSO configuration. * If true, this function will return the SSO address to navigate to, else return null. */ preLogin: (body: IPreLogin) => Promise; /** * Check if requested email address has SSO configuration. * If true, this function will return the SSO address and IdpType to navigate to. */ preLoginWithIdpType: (body: IPreLogin) => Promise; /** * After calling preLogin and navigating to the SSO URL, the IDP will redirect you to the ACS URL. * Which is configured in the SSO configuration. */ postLogin: (body: IPostLogin) => Promise; /** * After calling preLogin and navigating to the SSO URL, the IDP will redirect you to the redirect URL * with code and state. */ oidcPostLogin: (body: IOidcPostLogin) => Promise; /** * Login with username and password. * If the user has two-factor authentication, the server will return mfaToken with mfaRequired: true, * and then `loginWithMfa` should be called with the mfaToken and generated code. * If the password is expired, the server will return resetPasswordToken. * If password rotation configuration is enabled and password not expired, the server will return passwordExpiresIn and notificationPeriod. * Otherwise, the server will accessToken and refreshToken. * The refresh token should be used to renew your access token by calling `refreshToken`. * @throw exception if login failed */ login: (body: ILogin) => Promise; /** * Login with username and password. * If the user has two-factor authentication, the server will return mfaToken with mfaRequired: true, * and then `loginWithMfa` should be called with the mfaToken and generated code. * Otherwise, the server will accessToken and refreshToken. * The refresh token should be used to renew your access token by calling `refreshToken`. * @throw exception if login failed */ loginv2: (body: ILogin) => Promise; /** * After login succeeds with an mfaRequired token response, this function should be called * with the mfaToken and the generated code from your authenticator app. * @throw exception if generated code or mfaToken are incorrect */ loginWithMfa: (body: ILoginWithMfa) => Promise; /** * After login succeeds with an mfaRequired token response, this function should be called * with the mfaToken and the generated code from your authenticator app. * @throw exception if generated code or mfaToken are incorrect */ loginWithMfaV2: (body: ILoginWithMfa) => Promise; /** * activating account should be called after registering a new user or deactivating account * ``activateAccount`` should contain userId and the token that has been sent to the user after activation requested. * @throws exception if activation failed */ activateAccount: (body: IActivateAccount) => Promise; /** * activating account should be called after registering a new user or deactivating account * ``activateAccount`` should contain userId and the token that has been sent to the user after activation requested. * @throws exception if activation failed */ activateAccountV2: (body: IActivateAccount) => Promise; /** * activating account should be called after registering new user or deactivating account * ``activateAccount`` should contain userId, code and the token that has been sent to the user after activation requested. * @throws exception if activation failed */ activateAccountWithOTC: (body: IActivateAccountWithOTC) => Promise; /** * Submit approval flow action (approve or reject) */ submitApprovalAction: (body: ISubmitApprovalAction) => Promise; /** * Get approval flow execution data */ getApprovalExecutionData: (params: IGetApprovalExecutionData) => Promise; /** * get account activation configuration. */ getActivateAccountStrategy: (params: IGetActivateAccountStrategy) => Promise; /** * resend activation email should be called after failed user activation. * ``resend activation email`` should contain the user email. * @throws exception if resend failed */ resendActivationEmail: (body: IResendActivationEmail) => Promise; /** * resend invitation email should be called after a failed user invitation. * ``resend invitation email`` should contain the user email. * @throws exception if resend failed */ resendInvitationEmail: (body: IResendInvitationEmail) => Promise; /** * accepting invitation should be called after inviting user to a new account * ``acceptInvitation`` should contain userId and the token that has been sent to the user after invitation requested. * @throws exception if accept invitation failed */ acceptInvitation: (body: IAcceptInvitation) => Promise; /** * accepting invitation should be called after inviting user to a new account * ``acceptInvitation`` should contain userId, code and the token that has been sent to the user after invitation requested. * @throws exception if accept invitation failed */ acceptInvitationWithOTC: (body: IAcceptInvitationWithOTC) => Promise; /** * refresh token called as authenticated use, access and refresh tokens resolved by the cookies. * the server will return ILoginResponse with new access Token and refresh token and store it in the browser cookies. */ refreshToken: () => Promise; /** * refresh token called as authenticated use, access and refresh tokens resolved by the cookies. * the server will return ILoginResponseV2 with new access Token and refresh token and store it in the browser cookies, as well as the tenants. */ refreshTokenV2: () => Promise; /** * refresh token called as authenticated use, access and refresh tokens resolved by the cookies. * the server will return ILoginResponseV3 with new access Token and refresh token and store it in the browser cookies, as well as the tenants and the active tenant. */ refreshTokenV3: () => Promise; /** * logout from server, invalidate access and refresh token, remove it from cookies. */ logout: () => Promise; /** * logout from server on Hosted Login, invalidate access and refresh token, remove it from cookies. */ OAuthLogout: (params?: IOAuthLogout) => Promise; /** * calling forgot password request will send an email with a link to reset user's password. * @throws exception if the user not found */ forgotPassword: (body: IForgotPassword) => Promise; /** * reset password should be called after forget password request. * userId, new password and the token has been sent to the user email. * @throws exception if the user not found, password validation failed or invalid token. */ resetPassword: (body: IResetPassword) => Promise; /** * calling reset password via email will send an email with a link to reset user's password. * @throws exception if the user not found */ resetPasswordViaEmail: (body: IForgotPasswordV2) => Promise; /** * calling reset password via sms will send an sms with an otc token. */ resetPasswordViaSms: (body: IForgotPasswordV2) => Promise; /** * calling verify password via sms will verify the otc token and return the user id and token. */ verifyPasswordViaSms: (body: IVerifyPasswordViaSmsRequest) => Promise; /** * Get the available password recovery strategies for the vendor. */ getPasswordRecoveryStrategies: () => Promise; /** * load password configuration for user. */ loadPasswordConfig: (params?: IGetUserPasswordConfig) => Promise | null>; /** * Check whether a password-reset token is still valid (e.g. not expired or consumed). * Expects Identity: POST .../users/v1/passwords/reset/validate { userId, token } → 2xx when valid. * 400 (bad/missing input) and 410 (expired/consumed) are both handled as link-expired in the login box. */ validateResetPasswordToken: (params: IValidateResetPasswordToken) => Promise; /** * load sign up strategies */ getSignUpStrategies: () => Promise; /** * recover Multi-Factor authentication by providing the recoveryCode * that has been received when activated it * @throws exception if recovery code is not valid */ recoverMfaToken: (body: IRecoverMFAToken) => Promise; /** * enroll Multi-Factor Auth Code to use in 3rd party apps like Google Authenticator. * the server returns qrCode as png image in base64 format * @throws exception if the user already have mfa-enabled * ``authorized user`` */ enrollMfa: () => Promise; /** * pre enroll Multi-Factor Auth Code to use in 3rd party apps like Google Authenticator. * the server returns qrCode as png image in base64 format * @throws exception if the user already have mfa-enabled * ``authorized user`` */ preEnrollMFAAuthenticatorApp: () => Promise; /** * enroll Multi-Factor Auth Code to use in 3rd party apps like Google Authenticator. */ enrollMFAAuthenticatorApp: (body: WithoutMFAToken) => Promise; /** * pre enroll Multi-Factor SMS * the server returns otcToken that should be sent to the enroll function with the code that was sent to */ preEnrollMFASMS: (body: WithoutMFAToken) => Promise; /** * After pre-enrolling with SMS, this function should be called * with the otcToken and the code sent to the requested phone number. */ enrollMFASMS: (body: WithoutMFAToken) => Promise; /** * Pre-enroll Multi-Factor to use with WebAuthn. The server returns an attestation object. */ preEnrollMFAWebAuthn: () => Promise; /** * After pre-enrolling with WebAuthn, this function should be called * with the webauthnToken and the attestation object response. */ enrollMFAWebAuthn: (body: WithoutMFAToken) => Promise; /** * After enrolling MFA QR code, verify function should be called * with the generated code in the Authenticator App. * * @return Recovery code to use to disable MFA if your device is lost. This code won't be shown again. * @throws Exception if the generated token is invalid. "authorized user" */ verifyMfa: (body: IVerifyMfa) => Promise; /** * Disable MFA by either passing the recoveryCode or the generated code from the Authenticator App. * * @throws Exception if the generated token or the recoveryCode are incorrect. "authorized user" */ disableMfa: (body: IDisableMfa) => Promise; /** * Disable MFA Authenticator App. * * @throws Exception if the generated token is incorrect. "authorized user" */ disableMFAAuthenticatorApp: (deviceId: string, body: IDisableMfa) => Promise; /** * Pre-disable MFA SMS, should be called if user has just one MFA device. * * @throws Exception if pre-disable is not required for disable. "authorized user" */ preDisableMFASMS: (deviceId: string) => Promise; /** * After pre-disable MFA SMS, this function should be called. Can also be called without pre-disable if * the user has more than one MFA device. * * @throws Exception if pre-disable is not required for disable. "authorized user" */ disableMFASMS: (deviceId: string, body: IDisableMFASMS) => Promise; /** * Pre-disable MFA WebAuthn, should be called if user has just one MFA device. * * @throws Exception if pre-disable is not required for disable. "authorized user" */ preDisableMFAWebAuthn: (deviceId: string) => Promise; /** * After pre-disable MFA WebAuthn, disable MFA WebAuthn should be called. Can also be called without pre-disable if * the user has more than one MFA device. * * @throws Exception if pre-disable is not required for disable. "authorized user" */ disableMFAWebAuthn: (deviceId: string, body: IDisableMFAWebAuthn) => Promise; /** * Returns user MFA devices list split into 3 arrays: webauthn, phones, and authenticators. */ getMFADevices: () => Promise; /** * Pre-enroll Multi-Factor Auth Code to use in 3rd party apps like Google Authenticator. * The server returns a qrCode as a PNG image in base64 format. */ preEnrollMFAAuthenticatorAppForLogin: (body: IPreEnrollMFA) => Promise; /** * After pre-enrolling with the authenticator app, this function should be called * with the generated code in the Authenticator App. */ enrollMFAAuthenticatorAppForLogin: (body: IEnrollMFAAuthenticatorApp) => Promise; /** * After pre-enrolling with the authenticator app, this function should be called * with the generated code in the Authenticator App. */ enrollMFAAuthenticatorAppForLoginV2: (body: IEnrollMFAAuthenticatorApp) => Promise; /** * After login succeeded with mfaRequired token response, this function should be called * with the selected authenticator app ID, mfaToken, and the generated code from your authenticator app. */ verifyMFAAuthenticatorAppForLogin: (deviceId: string, body: IVerifyMFAAuthenticatorApp) => Promise; /** * Pre-verify Multi-Factor Email Code. The server returns an otcToken that should be sent * to the verify function with the code that was sent to the email. */ preVerifyMFAEmailCode: (body: IPreVerifyMFA) => Promise; /** * After pre-verifying with Email Code, this function should be called * with the otcToken and the code that has been sent to the email. */ verifyMFAEmailCode: (body: IVerifyMFAEmailCode) => Promise; /** * After pre-verifying with Email Code, this function should be called * with the otcToken and the code that has been sent to the email. */ verifyMFAEmailCodeV2: (body: IVerifyMFAEmailCode) => Promise; /** * Pre-enroll Multi-Factor to use with SMS. * The server returns an otcToken that should be sent to the enroll function with the code sent to * the requested phone number. */ preEnrollMFASMSForLogin: (body: IPreEnrollMFASMS) => Promise; /** * After pre-enrolling with SMS, this function should be called * with the otcToken and the code sent to the requested phone number. */ enrollMFASMSForLogin: (body: IEnrollMFASMS) => Promise; /** * After pre-enrolling with SMS, this function should be called * with the otcToken and the code sent to the requested phone number. */ enrollMFASMSForLoginV2: (body: IEnrollMFASMS) => Promise; /** * After login succeeded with mfaRequired token response, if the user asked to use SMS as MFA * this function should be called with the selected device ID and mfaToken. */ preVerifyMFASMSForLogin: (deviceId: string, body: IPreVerifyMFA) => Promise; /** * After pre-verifying with SMS, this function should be called with otcToken, mfaToken, and the code * that has been sent to the selected device. */ verifyMFASMSForLogin: (deviceId: string, body: IVerifyMFASMS) => Promise; /** * After pre-verifying with SMS, this function should be called with otcToken, mfaToken, and the code * that has been sent to the selected device. */ verifyMFASMSForLoginV2: (deviceId: string, body: IVerifyMFASMS) => Promise; /** * Pre-enroll Multi-Factor Authentication using WebAuthn for login. * The server returns an attestation object. * @param body - The request phone number */ preEnrollMFAWebAuthnForLogin: (body: IPreEnrollMFA) => Promise; /** * After pre-enrollment with WebAuthn, enrollment should be completed with the WebAuthn token and attestation response. * @param body - The enrollment data */ enrollMFAWebAuthnForLogin: (body: IEnrollMFAWebAuthn) => Promise; /** * After pre-enrollment with WebAuthn, enrollment should be completed with the WebAuthn token and attestation response. * @param body - The enrollment data */ enrollMFAWebAuthnForLoginV2: (body: IEnrollMFAWebAuthn) => Promise; /** * After successful login with mfaRequired token response, use WebAuthn as MFA. * @param deviceId - The device ID * @param body - The verification data */ preVerifyMFAWebAuthnForLogin: (deviceId: string, body: IPreVerifyMFA) => Promise; /** * After pre-verification with WebAuthn, verify with WebAuthn token and assertion response. * @param deviceId - The device ID * @param body - The verification data */ verifyMFAWebAuthnForLogin: (deviceId: string, body: IVerifyMFAWebAuthn) => Promise; /** * After pre-verification with WebAuthn, verify with WebAuthn token and assertion response. * @param deviceId - The device ID * @param body - The verification data */ verifyMFAWebAuthnForLoginV2: (deviceId: string, body: IVerifyMFAWebAuthn) => Promise; /** * Retrieve SAML configurations from the server by the logged-in user (tenantId, vendorId). * * @returns {enabled: false} if no SAML configuration is found. Otherwise, returns ISamlConfiguration. */ getSamlConfiguration: () => Promise; /** * Update SAML configuration by the logged-in user (tenantId, vendorId). * @param body - The SAML configuration data */ updateSamlConfiguration: (body: IUpdateSamlConfiguration) => Promise; /** * Retrieve vendor SAML config from the server by the logged-in user (tenantId, vendorId). * * @throws - Exception 'ACS url information not found' if no SAML vendor configuration is found. */ getSamlVendorConfiguration: () => Promise; /** * Update Vendor SAML metadata by the logged-in user (tenantId, vendorId). * * @returns {enabled: false} if no SAML configuration is found. Otherwise, returns ISamlConfiguration. */ updateSamlVendorMetadata: (body: IUpdateSamlVendorMetadata) => Promise; /** * Validate SAML configuration's domain by the logged-in user (tenantId, vendorId). * * @returns {enabled: false} if no SAML configuration is found. Otherwise, returns ISamlConfiguration. */ validateSamlDomain: () => Promise; /** * Get SAML roles for authorization. * * @returns An array of role IDs. */ getSamlRoles: () => Promise; /** * Get SAML roles groups. * * @returns An array of groups and assigned role IDs. */ getSamlRolesGroups: () => Promise; /** * Update SAML roles for authorization. * @param params - Role IDs data */ updateSamlRoles: ({ roleIds }: IUpdateSamlRoles) => Promise; /** * Create SAML group roles for authorization. * @param params - Group roles data */ createSamlGroup: ({ roleIds, group }: ICreateSamlGroup) => Promise; /** * Update SAML group roles for authorization. * @param params - Group roles data */ updateSamlGroup: ({ roleIds, group, id }: IUpdateSamlGroup) => Promise; /** * Delete SAML group. * @param params - The group ID */ deleteSamlGroup: ({ id }: { id: string; }) => Promise; /** * Retrieve OIDC configurations from the server by the logged-in user (vendorId). * * @returns {active: true} if no OIDC configuration is found. Otherwise, returns IOidcConfiguration. */ getOidcConfiguration: () => Promise; /** * Check if one or more SAML/OIDC configurations are active. * * @returns {isActive: true/false} */ getSSOPublicConfiguration: () => Promise; /** * Get social login providers configurations for the vendor. * * @returns An array of providers configurations. */ getSocialLoginProviders: () => Promise; /** * Public route: Get social login providers configurations V2 supports dev credentials as well. * * @returns An array of providers configurations. */ getSocialLoginProvidersV2: () => Promise; /** * Authenticated route: Get social login providers configurations V2 supports dev credentials as well. * * @returns An array of providers configurations. */ getSocialLoginProvidersV2ForAuthenticatedUser: () => Promise; /** * Get custom social login providers configurations. * * @returns An array of custom providers configurations. */ getCustomSocialLoginProvidersV1: () => Promise; /** * Login using social login. * * @param params - Social login parameters * @returns A cookie with the refresh token. */ loginViaSocialLogin: (params: ILoginViaSocialLogin) => Promise; /** * Get vendor secure access configuration. */ getVendorConfig: () => Promise; private signUp; /** * Sign up a new user and create a new tenant. * * @param body - The sign-up data */ signUpUser: (body: ISignUpUser) => Promise; /** * Sign up a new user and create a new tenant. * * @param body - The sign-up data */ signUpUserWithPhoneNumber: (body: ISignUpUser) => Promise; /** * Sign up a new user and create a new tenant. * * @param body - The sign-up data */ signUpUserWithUsername: (body: ISignUpUser) => Promise; /** * Get all current user active sessions. */ getCurrentUserSessions: () => Promise; /** * Get current user session. */ getCurrentUserSession: () => Promise; /** * Revoke sessions for a user. * * @param userId - The user ID */ revokeSessionsForUser: (userId: string) => Promise; /** * Get session configurations. */ getSessionConfigurations: () => Promise; /** * Create or update session configurations. * * @param body - The session configuration data */ createOrUpdateSessionConfigrations: (body: ISessionConfigurations) => Promise; /** * Delete user session */ deleteSessionForUser: (id: string) => Promise; /** * Delete all user sessions */ deleteAllSessionsForUser: () => Promise; /** * Access tokens Configurations */ /** * Get user access tokens data */ getUserAccessTokensData: () => Promise; /** * Get tenant access tokens data */ getTenantAccessTokensData: () => Promise; /** * Delete Tenant access Token */ deleteTenantAccessToken: ({ id }: IDeleteAccessToken) => Promise; /** * Delete User access Token */ deleteUserAccessToken: ({ id }: IDeleteAccessToken) => Promise; /** * Create User Access Token. */ createUserAccessToken: (body: ICreateUserAccessTokenData) => Promise; /** * Create Tenant Access Token */ createTenantAccessToken: (body: ICreateTenantAccessTokenData) => Promise; /** * Api tokens Configurations */ /** * Get user api tokens data */ getUserApiTokensData: () => Promise; /** * Get tenant api tokens data */ getTenantApiTokensData: () => Promise; /** * Update User Api Tokens */ updateUserApiTokensData: (body: IUpdateUserApiTokensData) => Promise; /** * Update Tenant Api Tokens */ updateTenantApiTokensData: (body: IUpdateTenantApiTokensData) => Promise; /** * Delete Tenant Api Token */ deleteTenantApiToken: ({ tokenId }: IDeleteApiToken) => Promise; /** * Delete User Api Token */ deleteUserApiToken: ({ tokenId }: IDeleteApiToken) => Promise; /** * Get Tenant Api Token Creator User */ getUserById: ({ userId }: IGetUserById) => Promise; /** * Checks if remember MFA device is enabled for user. */ checkIfAllowToRememberMfaDevice: (mfaToken: string) => Promise; /** * Passwordless pre-login authentication */ passwordlessPreLogin: ({ type, ...body }: IPasswordlessPreLogin) => Promise; passwordlessPostLoginV2: ({ type, ...body }: IPasswordlessPostLogin) => Promise; passwordlessPostLogin: ({ type, ...body }: IPasswordlessPostLogin) => Promise; /** * Check if tenant invitation token is valid * @param token - invitation token * @returns tenant name */ verifyInviteToken: ({ token }: IVerifyInviteToken) => Promise; /** * SSO Configurations V1 */ /** * Retrieve SSO configurations from server by logged in user (tenantId, vendorId) * @return ISSOConfiguration[] * ``authorized user`` */ getSSOConfigurations: () => Promise; /** * Create SSO configuration by logged in user (tenantId, vendorId) * @returns ISSOConfiguration * ``authorized user`` */ createSSOConfiguration: (body: IUpdateSSOConfiguration) => Promise; /** * Update SSO configuration by logged in user (tenantId, vendorId) * @returns ISSOConfiguration * ``authorized user`` */ updateSSOConfiguration: (ssoConfigId: string, body: IUpdateSSOConfiguration) => Promise; /** * Delete SSO configuration by logged in user (tenantId, vendorId) * ``authorized user`` */ deleteSSOConfiguration: (ssoConfigId: string) => Promise; /** * Create SSO configuration by metadata by logged in user (tenantId, vendorId) * @returns ISSOConfiguration * ``authorized user`` */ createSSOConfigurationByMetadata: (body: IUpdateSamlVendorMetadata) => Promise; /** * Update SSO configuration by metadata by logged in user (tenantId, vendorId) * @returns ISSOConfiguration * ``authorized user`` */ updateSSOConfigurationByMetadata: (ssoConfigId: string, body: IUpdateSamlVendorMetadata) => Promise; /** * Create SSO configuration by metadata url by logged in user (tenantId, vendorId) * @returns ISSOConfiguration * ``authorized user`` */ createSSOConfigurationByMetadataUrl: (body: ICreateOrUpdateSSOConfigurationByMetadataUrl) => Promise; /** * Update SSO configuration by metadata url by logged in user (tenantId, vendorId) * @returns ISSOConfiguration * ``authorized user`` */ updateSSOConfigurationByMetadataUrl: (ssoConfigId: string, body: ICreateOrUpdateSSOConfigurationByMetadataUrl) => Promise; /** * Create SSO configuration domain by logged in user (tenantId, vendorId) * @returns ISSODomain * ``authorized user`` */ createSSODomain: (ssoConfigId: string, body: ICreateSSODomain) => Promise; /** * Create SSO configuration domain by logged in user (tenantId, vendorId) * * `authorized user` */ deleteSSODomain: (ssoConfigId: string, domainId: string) => Promise; /** * Validate SSO configuration domain by logged in user (tenantId, vendorId) * * `authorized user` * @deprecated(Use validateSSODomainV2 instead) */ validateSSODomain: (ssoConfigId: string, domainId: string) => Promise; /** * Validate SSO configuration domain by logged in user (tenantId, vendorId) * * `authorized user` */ validateSSODomainV2: (ssoConfigId: string, domainId: string) => Promise; /** * Get SSO configuration default roles by logged in user (tenantId, vendorId) * * `authorized user` */ getSSODefaultRoles: (ssoConfigId: string) => Promise; /** * Create SSO configuration default roles by logged in user (tenantId, vendorId) * * `authorized user` */ setSSODefaultRoles: (ssoConfigId: string, body: IUpdateSamlRoles) => Promise; /** * Create SSO configuration group roles for authorization */ createSSOGroup: (ssoConfigId: string, body: ICreateSamlGroup) => Promise; /** * Update SSO configuration group roles for authorization */ updateSSOGroup: (ssoConfigId: string, { roleIds, group, id }: IUpdateSamlGroup) => Promise; /** * Delete SSO configuration group */ deleteSSOGroup: (ssoConfigId: string, groupId: string) => Promise; /** * Get SSO configuration groups */ getSSOGroups: (ssoConfigId: string) => Promise; /** * Check if requested email address has sso configuration * If true, this function will return the sso address to navigate to * else, return null */ preLoginV2: (body: IPreLogin) => Promise; /** * After calling preLogin and navigated to SSO url, the IDP will redirect you to the redirect url * with code and state */ oidcPostLoginV2: (body: IOidcPostLoginV2) => Promise; exchangeOAuthTokensV2: (body: IExchangeOAuthTokens) => Promise; silentOAuthRefreshTokenV2: () => Promise; exchangeOAuthTokens: (body: IExchangeOAuthTokens) => Promise; silentOAuthRefreshToken: () => Promise; /** * Reset phone should be called in case user want to reset his phone number * when using sms authentication strategy. A 6-digits code will be sent to the user email. */ resetPhoneNumber: (body: IResetPhoneNumber) => Promise; /** * Verify reset phone should be called after reset phone number request * with the token received from the reset phone number request and a code that was sent to the user email */ verifyResetPhoneNumber: (body: IVerifyResetPhoneNumber) => Promise; /** * Change phone number with verification. */ changePhoneNumberWithVerification: (body: IChangePhoneNumberWithVerification) => Promise; /** * Verify new phone number. */ verifyChangePhoneNumber: (body: IVerifyChangePhoneNumber) => Promise; /** * Change phone number should be called after verify reset phone number with the new phone number */ changePhoneNumber: (body: IChangePhoneNumber) => Promise; /** * WebAuthn prelogin should be called when the user wants to be authenticated using his device/android/usb key */ webAuthnPreLogin: (body: IWebAuthnPreLogin) => Promise; /** * WebAuthn postlogin should be called after the user used his authenticator (device/android/usb key) in order to login */ webAuthnPostLogin: (body: IWebAuthnPostLogin) => Promise; /** * WebAuthn postlogin should be called after the user used his authenticator (device/android/usb key) in order to login */ webAuthnPostLoginV2: (body: IWebAuthnPostLogin) => Promise; /** * WebAuthn create new device should be called once the user wants to add new device as authenticator */ webAuthnCreateNewDeviceSession: () => Promise; /** * Get WebAuthn devices should be called in order to get user's WebAuthn devices */ getWebAuthnDevices: () => Promise; /** * Delete WebAuthn device should be called in order to delete user's WebAuthn device */ deleteWebAuthnDevice: (deviceId: string) => Promise; /** * WebAuthn verify new device should be called after the user used his authenticator in order to register the new device */ verifyNewDeviceSession: (body: IVerifyNewWebAuthnDevice) => Promise; /** * ##### Public route * Get public vendor auth strategies public configuration */ getVendorPublicAuthStrategiesConfig: () => Promise; /** * ##### Authenticated route * Get public vendor auth strategies public configuration */ getPublicAuthStrategiesConfigForAuthenticatedUser: () => Promise; /** * Get vendor MFA strategies configuration */ getMFAStrategiesConfig: () => Promise; /** * Get user permissions and roles */ getUserAuthorization: () => Promise; /** * Get user profile */ getMeV2: () => Promise; /** * A load entitlements function that catches errors and return undefined if failed to load * @returns the loaded entitlements object or undefined if failed to load */ private noThrowLoadEntitlements; /** * @returns me and authorization response with entitlements inside user.entitlements * Me request will be executed, and me authorization and entitlements will be executed according to FF and configuration. */ getMeAndEntitlements: () => Promise; /** * Generate step-up session * This request returns the step up details to continue step up, or the generated login response when stepped up JWT received from the BE */ generateStepupSession: (body: GenerateStepUpRequest) => Promise; /** @deprecated use api.auth.securityPolicy.getGlobalSecurityPolicy() or api.securityPolicy.getGlobalSecurityPolicy() instead */ getGlobalSecurityPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.getMfaPolicy() or api.securityPolicy.getMfaPolicy() instead */ getMfaPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.getVendorMfaPolicy() or api.securityPolicy.getVendorMfaPolicy() instead */ getVendorMfaPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.saveMfaPolicy() or api.securityPolicy.saveMfaPolicy() instead */ saveMfaPolicy: (body: import("./interfaces").ISaveSecurityPolicyMfa) => Promise; /** @deprecated use api.auth.securityPolicy.getLockoutPolicy() or api.securityPolicy.getLockoutPolicy() instead */ getLockoutPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.getVendorLockoutPolicy() or api.securityPolicy.getVendorLockoutPolicy() instead */ getVendorLockoutPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.saveLockoutPolicy() or api.securityPolicy.saveLockoutPolicy() instead */ saveLockoutPolicy: (body: import("./interfaces").ISaveSecurityPolicyLockout) => Promise; /** @deprecated use api.auth.securityPolicy.getCaptchaPolicy() or api.securityPolicy.getCaptchaPolicy() instead */ getCaptchaPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.getPasswordHistoryPolicy() or api.securityPolicy.getPasswordHistoryPolicy() instead */ getPasswordHistoryPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.getVendorPasswordHistoryPolicy() or api.securityPolicy.getVendorPasswordHistoryPolicy() instead */ getVendorPasswordHistoryPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.savePasswordHistoryPolicy() or api.securityPolicy.savePasswordHistoryPolicy() instead */ savePasswordHistoryPolicy: (body: import("./interfaces").ISaveSecurityPolicyPasswordHistory) => Promise; /** @deprecated use api.auth.securityPolicy.getPasswordConfigPolicy() or api.securityPolicy.getPasswordConfigPolicy() instead */ getPasswordConfigPolicy: () => Promise; /** @deprecated use api.auth.securityPolicy.getDomainRestrictions() or api.securityPolicy.getDomainRestrictions() instead */ getDomainRestrictions: () => Promise<{ items: import("./interfaces").DomainRestriction[]; }>; /** @deprecated use api.auth.securityPolicy.getDomainRestrictionsConfig() or api.securityPolicy.getDomainRestrictionsConfig() instead */ getDomainRestrictionsConfig: () => Promise; /** @deprecated use api.auth.securityPolicy.createDomainRestriction() or api.securityPolicy.createDomainRestriction() instead */ createDomainRestriction: (body: import("./interfaces").CreateDomainRestriction) => Promise; /** @deprecated use api.auth.securityPolicy.updateDomainRestrictionConfig() or api.securityPolicy.updateDomainRestrictionConfig() instead */ updateDomainRestrictionConfig: (body: import("./interfaces").UpdateDomainRestrictionsConfig) => Promise; /** @deprecated use api.auth.securityPolicy.deleteDomainRestriction() or api.securityPolicy.deleteDomainRestriction() instead */ deleteDomainRestriction: (id: string) => Promise; /** @deprecated use api.auth.securityPolicy.getIPRestrictions() or api.securityPolicy.getIPRestrictions() instead */ getIPRestrictions: (params: import("./interfaces").GetIPRestrictionsParams) => Promise>; /** @deprecated use api.auth.securityPolicy.getIPRestrictionsConfig() or api.securityPolicy.getIPRestrictionsConfig() instead */ getIPRestrictionsConfig: () => Promise; /** @deprecated use api.auth.securityPolicy.createIPRestriction() or api.securityPolicy.createIPRestriction() instead */ createIPRestriction: (body: import("./interfaces").CreateIpRestriction) => Promise; /** @deprecated use api.auth.securityPolicy.bulkCreateIPRestriction() or api.securityPolicy.bulkCreateIPRestriction() instead */ bulkCreateIPRestriction: (body: import("./interfaces").BulkCreateIpRestriction) => Promise; /** @deprecated use api.auth.securityPolicy.updateIPRestrictionConfig() or api.securityPolicy.updateIPRestrictionConfig() instead */ updateIPRestrictionConfig: (body: import("./interfaces").IPRestrictionsConfig) => Promise; /** @deprecated use api.auth.securityPolicy.deleteIPRestriction() or api.securityPolicy.deleteIPRestriction() instead */ deleteIPRestriction: (id: string) => Promise; /** @deprecated use api.auth.securityPolicy.testCurrentIp() or api.securityPolicy.testCurrentIp() instead */ testCurrentIp: () => Promise; /** @deprecated use api.auth.securityPolicy.testCurrentIpInAllowList() or api.securityPolicy.testCurrentIpInAllowList() instead */ testCurrentIpInAllowList: () => Promise; /** @deprecated use api.auth.securityPolicy.getCountryRestrictionsConfig() or api.securityPolicy.getCountryRestrictionsConfig() instead */ getCountryRestrictionsConfig: () => Promise; /** @deprecated use api.auth.securityPolicy.updateCountryRestrictionsConfig() or api.securityPolicy.updateCountryRestrictionsConfig() instead */ updateCountryRestrictionsConfig: (body: import("./interfaces").UpdateCountryRestrictionConfig) => Promise; /** @deprecated use api.auth.securityPolicy.getCountryRestrictions() or api.securityPolicy.getCountryRestrictions() instead */ getCountryRestrictions: () => Promise; /** @deprecated use api.auth.securityPolicy.updateCountryRestrictions() or api.securityPolicy.updateCountryRestrictions() instead */ updateCountryRestrictions: (body: import("./interfaces").UpdateCountryRestrictionRules) => Promise; } declare const _default: AuthenticationApi; export default _default;