import { UserEntitlementsContext as UserEntitlementsResponseV2 } from '@frontegg/entitlements-javascript-commons'; import { ITenantsResponse, IUserProfile } from '..'; import { AuthStrategyEnum, EIdentifierType, MachineToMachineAuthStrategy, PasswordRecoveryStrategyEnum, SignUpStrategyEnum, SocialLoginProviders } from './enums'; import { ISamlRolesGroup } from '../teams/interfaces'; export * from './secutiry-poilicy/interfaces'; export type IPreLogin = { email?: string; username?: string; tenantId?: string; }; export type IPostLogin = { RelayState: string; SAMLResponse: string; }; export type IPreLoginWithIdpTypeResponse = { address: string; idpType: 'saml' | 'oidc'; }; export type IOidcPostLogin = { code: string; state: string; redirectUri?: string; }; export type IOidcPostLoginV2 = { code: string; RelayState: string; redirectUri?: string; }; export type ILogin = { email?: string; username?: string; password: string; recaptchaToken?: string; invitationToken?: string; }; export type ILoginResponse = IUserProfile & { otcToken?: string; mfaRequired: boolean; accessToken: string; refreshToken: string; /** * @deprecated use exp instead */ expires: string; exp: number; expiresIn: number; mfaToken?: string; qrCode?: string; recoveryCode?: string; emailVerified?: boolean; redirectLocation?: string; userEmail?: string; mfaStrategies?: MFAStrategyEnum[]; mfaDevices?: UserMFADevicesResponse; isBreachedPassword?: boolean; entitlements?: UserEntitlementsResponseV2; amr?: string[]; acr?: string; auth_time?: number; resetPasswordToken?: string; passwordExpiresIn?: number; notificationPeriod?: number; userId?: string; }; export type ILoginResponseV2 = { user: ILoginResponse; tenants?: ITenantsResponse[]; }; export type ILoginResponseV3 = { user: ILoginResponse; tenants?: ITenantsResponse[]; activeTenant?: ITenantsResponse; }; export type ILoginWithMfa = { mfaToken: string; value: string; rememberDevice?: boolean; invitationToken?: string; }; export type IActivateAccount = { userId: string; token: string; password?: string; recaptchaToken?: string; lastTermsCheck?: string; }; export type IActivateAccountWithOTC = { code: string; } & IActivateAccount; export type ISubmitApprovalAction = { approvalFlowExecutionId: string; approverId: string; approvalFlowStepId: string; approved: boolean; }; export type ISubmitApprovalActionResponse = { success: boolean; }; export type IGetApprovalExecutionData = { approvalFlowExecutionId: string; approverId: string; approvalFlowStepId: string; }; export type IApprovalExecutionDataResponse = { approvalFlowName: string; approvalFlowDescription?: string; requester: string; approvalFlowRequestDate: Date; }; export type IAcceptInvitation = { userId: string; token: string; }; export type IAcceptInvitationWithOTC = IAcceptInvitation & { code: string; }; export type IResendActivationEmail = { email: string; }; export type IResendInvitationEmail = { email: string; }; export type IForgotPassword = { email: string; }; export type IForgotPasswordV2 = { identifier: string; identifierType: EIdentifierType; }; export type IResetPasswordViaSmsResponse = { sessionId: string; }; export type IVerifyPasswordViaSmsRequest = { otcToken: string; sessionId: string; }; export type IVerifyPasswordViaSmsResponse = { userId: string; token: string; }; export type IResetPassword = { token: string; userId: string; password: string; }; export type IRecoverMFAToken = { email: string; recoveryCode: string; }; export type IEnrollMfaResponse = { qrCode: string; }; export type IVerifyMfa = { token: string; }; export type IVerifyMfaResponse = { recoveryCode: string; }; export type IDisableMfa = { token?: string; }; export type ISamlConfiguration = { enabled: boolean; domain?: string; validated?: boolean; generatedVerification?: string; ssoEndpoint?: string; publicCertificate?: string; signRequest?: boolean; createdAt?: Date; updatedAt?: Date; acsUrl?: string; spEntityId?: string; isSamlActive?: boolean; oidcClientId?: string; oidcSecret?: string; type?: string; }; export type IOidcConfiguration = { active: boolean; redirectUri?: string; }; export type ISSOPublicConfiguration = { isActive: boolean; }; export type IUpdateSamlConfiguration = Omit; export type ISamlVendorConfigResponse = { acsUrl: string; spEntityId: string; }; export type ISamlVendorMetadata = { id: string; vendorId: string; entityName: 'saml'; configuration: ISamlVendorConfigResponse; }; export type IUpdateSamlVendorMetadata = { metadata: string; }; export interface ICreateOrUpdateSSOConfigurationByMetadataUrl { url: string; configMetadata?: Record; } export interface ISocialLoginProviderConfiguration { type: SocialLoginProviders; clientId: string; redirectUrl: string; active: boolean; } export interface ISocialLoginProviderConfigurationV2 { type: SocialLoginProviders; clientId?: string | null; redirectUrl: string; backendRedirectUrl?: string; active: boolean; authorizationUrl?: string | null; options?: Record; customised: boolean; additionalScopes?: string[]; } export interface ICustomSocialLoginProviderConfigurationV1 { providers: { id: string; type: string; clientId: string; redirectUrl: string; redirectUrlPattern: string; authorizationUrl: string; userInfoUrl: string; scopes: string; ssoLogoUrl: string | null; displayName: string; active: boolean; }[]; } export interface ILoginViaSocialLogin { code?: string; idToken?: string; redirectUri?: string; provider: SocialLoginProviders; afterAuthRedirectUrl?: string; codeVerifier?: string; codeVerifierPkce?: string; metadata?: string; invitationToken?: string; state?: string; } export interface ILoginViaSocialLoginResponse { email: string; isNewUser: boolean; userId?: string; tenantId?: string; name: string; accessToken: string; mfaRequired: boolean; userEmail?: string; } export interface ISetSocialLoginError { error: string; } export interface IVendorConfig { allowSignups: boolean; allowNotVerifiedUsersLogin: boolean; apiTokensEnabled: boolean; forcePermissions: boolean; authStrategy: AuthStrategyEnum; machineToMachineAuthStrategy: MachineToMachineAuthStrategy; } export interface ISignUpUser { email?: string; companyName: string; recaptchaToken?: string; name?: string; password?: string; phoneNumber?: string; metadata?: string /** JSON */; roleIds?: string[]; invitationToken?: string; username?: string; } export interface ISignUpResponse { shouldActivate: boolean; user?: ILoginResponse; userId?: string; tenantId?: string; tenants?: ITenantsResponse[]; activeTenant?: ITenantsResponse; activationToken?: string; } export interface ISignUpApiResponse { shouldActivate: boolean; userId?: string; tenantId?: string; authResponse: ILoginResponse; activationToken?: string; } export interface ISessionResponse { id: string; expires?: Date; ipAddress?: string; userAgent?: string; createdAt?: Date; current?: boolean; impersonated?: boolean; } export interface ISessionIdleTimeoutConfiguration { isActive: boolean; timeout: number; } export interface ISessionTimeoutConfiguration { isActive: boolean; timeout: number; } export interface ISessionConcurrentConfiguration { isActive: boolean; maxSessions: number; } export interface ISessionConfigurations { sessionTimeoutConfiguration?: ISessionTimeoutConfiguration; sessionIdleTimeoutConfiguration?: ISessionIdleTimeoutConfiguration; sessionConcurrentConfiguration?: ISessionConcurrentConfiguration; } export interface IUserApiTokensData { clientId?: string; description: string; metadata?: any; secret?: string; expires?: Date; } export interface ITenantApiTokensData { clientId?: string; description: string; tenantId?: string; createdByUserId?: string; metadata?: any; secret?: string; roleIds?: string[]; expires?: Date; } export interface IUpdateUserApiTokensData { description: string; expiresInMinutes: number | null; } export interface IUpdateTenantApiTokensData { description: string; roleIds: string[]; expiresInMinutes: number | null; } export interface IDeleteApiToken { tokenId: string; } export interface IAccessTokensData { id: string; description?: string; createdAt: Date; secret?: string; expires?: Date; } export interface IUserAccessTokenData extends IAccessTokensData { } export interface ITenantAccessTokenData extends IAccessTokensData { roleIds: string[]; } export interface IGetUserAccessTokens { accessTokens: IUserAccessTokenData[]; } export interface IGetTenantAccessTokens { accessTokens: ITenantAccessTokenData[]; } export interface IGetUserAccessTokensData { accessTokens: IUserAccessTokenData[]; } export interface ICreateAccessTokensData { description: string; expiresInMinutes: number | null; } export interface ICreateUserAccessTokenData extends ICreateAccessTokensData { } export interface ICreateTenantAccessTokenData extends ICreateAccessTokensData { roleIds: string[]; } export interface IDeleteAccessToken { id: string; } export interface IUpdateSamlRoles { roleIds: string[]; } export interface IUpdateSamlGroup { id: string; group: string; roleIds: string[]; } export interface ICreateSamlGroup { group: string; roleIds?: string[]; } export type IGetUserById = { userId: string; }; export interface IUserIdResponse { id: string; name: string; deletedAt: null; metadata: any; tenantId: string; vendorId: string; createdAt: Date; updatedAt: Date; } export interface IGetUserPasswordConfig { userId: string; } /** * Validates a password-reset token before the user submits a new password. * Identity: POST .../users/v1/passwords/reset/validate with body { userId, token }. * 400 = bad request / missing or invalid input; 410 = expired or consumed token. * The login box shows the same link-expired UI for both responses. */ export interface IValidateResetPasswordToken { userId: string; token: string; } export interface IGetActivateAccountStrategy { userId: string; token: string; } export interface IGetActivateAccountStrategyResponse { shouldSetPassword: boolean; } export interface IAllowedToRememberMfaDevice { isAllowedToRemember: boolean; mfaDeviceExpiration: number; } export interface IBasePasswordlessPreLogin { recaptchaToken?: string; type: AuthStrategyEnum; invitationToken?: string; } export interface IEmailPasswordlessPreLogin extends IBasePasswordlessPreLogin { email: string; } export interface IUsernamePasswordlessPreLogin extends IBasePasswordlessPreLogin { username: string; } export interface IUserIDPasswordlessPreLogin extends IBasePasswordlessPreLogin { userId: string; } export interface IPhoneNumberPasswordlessPreLogin extends IBasePasswordlessPreLogin { phoneNumber: string; } export type IPasswordlessPreLogin = IEmailPasswordlessPreLogin | IUserIDPasswordlessPreLogin | IUsernamePasswordlessPreLogin | IPhoneNumberPasswordlessPreLogin; export interface IPasswordlessPostLogin { token: string; recaptchaToken?: string; type: AuthStrategyEnum; invitationToken?: string; } export interface IVerifyInviteToken { token: string; } export interface ICreateSSODomain { domain: string; } export interface ISSODomain { id: string; domain: string; validated: boolean; txtRecord: string; } export interface ISSOConfigurationDefaultRoles { roleIds: string[]; } export interface ISSOConfiguration { id: string; enabled: boolean; generatedVerification: string; ssoEndpoint: string; publicCertificate: string; signRequest: boolean; createdAt?: string; updatedAt?: string; acsUrl: string; type: string; spEntityId: string; oidcClientId: string; oidcSecret: string; domains: ISSODomain[]; roleIds: string[]; groups: ISamlRolesGroup[]; skipEmailDomainValidation: boolean; } export interface IExchangeOAuthTokens { code?: string; code_verifier?: string; redirect_uri?: string; refresh_token?: string; } export interface IOAuthTokenResponse { access_token: string; expires_in?: number; id_token: string; refresh_token: string; } export interface IOAuthLogout { id_token_hint?: string; post_logout_redirect_uri?: string; state?: string; } export type IUpdateSSOConfiguration = Partial>; export interface IResetPhoneNumber { email: string; } export interface IResetPhoneNumberResponse { resetPhoneNumberToken: string; } export interface IChangePhoneNumberWithVerification { phoneNumber: string; } export interface IChangePhoneNumberWithVerificationResponse { changePhoneId: string; } export interface IVerifyChangePhoneNumber { changePhoneId: string; code: string; } export interface IVerifyResetPhoneNumber { resetPhoneNumberToken: string; code: string; } export interface IVerifyResetPhoneNumberResponse { changePhoneNumberToken: string; } export interface IChangePhoneNumber { changePhoneNumberToken: string; phoneNumber: string; } interface WebAuthnLoginResponse { clientDataJSON: string; authenticatorData: string; signature: string; userHandle?: string; } export interface IBaseWebAuthnPreLogin { recaptchaToken?: string; } export interface IEmailWebAuthnPreLogin extends IBaseWebAuthnPreLogin { email: string; } export interface IUserIDWebAuthnPreLogin extends IBaseWebAuthnPreLogin { userId?: string; } export type IWebAuthnPreLogin = IEmailWebAuthnPreLogin | IUserIDWebAuthnPreLogin; interface AllowCredentials { type: string; id: string; transports?: string[]; } export interface IWebAuthnPreLoginResponse { challenge: string; allowCredentials?: AllowCredentials[]; timeout?: number; rpId?: string; userVerification?: UserVerificationRequirement; } export interface IWebAuthnPostLogin { id: string; recaptchaToken?: string; invitationToken?: string; response: WebAuthnLoginResponse; } export interface GenerateStepUpRequest { maxAge?: number; } export interface GenerateStepUpResponse { mfaToken: string; mfaEnrolled: boolean; mfaDevices: UserMFADevicesResponse; } export interface ICreateNewDeviceSessionResponse { rp: { name: string; id: string; icon?: string; }; user: { id: string; name: string; displayName: string; }; challenge: string; pubKeyCredParams: Array<{ type: 'public-key'; alg: number; }>; excludeCredentials?: AllowCredentials[]; timeout?: number; authenticatorSelection?: AuthenticatorSelectionCriteria; } interface IWebAuthnRegisterResponse { clientDataJSON: string; attestationObject: string; } export interface IVerifyNewWebAuthnDevice { id: string; response: IWebAuthnRegisterResponse; deviceType?: WebAuthnDeviceType; } export declare enum SecondaryAuthStrategy { WebAuthnPlatform = "WebAuthnPlatform", WebAuthnCrossPlatform = "WebAuthnCrossPlatform", SmsCode = "SmsCode", SmsCodeV2 = "SmsCodeV2", Passkeys = "Passkeys", UsernameAndPassword = "UsernameAndPassword", UsernameAndMagicLink = "UsernameAndMagicLink", UsernameAndCode = "UsernameAndCode", UsernameAndSms = "UsernameAndSms" } export interface IAuthStrategyConfig { strategy: SecondaryAuthStrategy; isActive: boolean; } export interface MainAuthStrategy { strategy: AuthStrategyEnum; } export interface IAuthStrategiesConfig { secondaryAuthStrategies: IAuthStrategyConfig[]; mainAuthStrategies: MainAuthStrategy[]; } export interface IPreEnrollMFA { mfaToken: string; } export interface IEnrollMFA { mfaToken: string; rememberDevice?: boolean; } export interface IPreEnrollMFAAuthenticatorAppResponse { qrCode: string; } export interface IEnrollMFAAuthenticatorApp extends IEnrollMFA { token: string; } export interface IPreEnrollMFASMS extends IPreEnrollMFA { phoneNumber: string; } export interface IPreEnrollMFASMSResponse { otcToken: string; phoneNumber: string; } export interface IEnrollMFASMS extends IEnrollMFA { otcToken: string; code: string; } export declare enum WebAuthnDeviceType { Platform = "Platform", CrossPlatform = "CrossPlatform" } export interface IWebAuthnDevice { id: string; deviceType: WebAuthnDeviceType; createdAt: Date; } export interface IWebAuthnDevices { devices: IWebAuthnDevice[]; } export interface IEnrollMFAWebAuthn extends IEnrollMFA { deviceType: WebAuthnDeviceType; webauthnToken: string; options: IVerifyNewWebAuthnDevice; } export interface IPreEnrollMFAWebAuthnResponse { webauthnToken: string; options: ICreateNewDeviceSessionResponse; } export interface IPreVerifyMFA { mfaToken: string; } export interface IVerifyMFA { mfaToken: string; rememberDevice?: boolean; } export interface IPreVerifyCode { otcToken: string; } export interface IVerifyCode extends IVerifyMFA { otcToken: string; code: string; } export interface IVerifyMFAAuthenticatorApp extends IVerifyMFA { value: string; } export interface IPreVerifyMFASMSResponse extends IPreVerifyCode { phoneNumber: string; } export interface IVerifyMFASMS extends IVerifyCode { } export interface IPreVerifyMFAEmailCodeResponse { otcToken: string; } export interface IVerifyMFAEmailCode extends IVerifyCode { } export interface IPreVerifyMFAWebAuthnResponse { webauthnToken: string; options: IWebAuthnPreLoginResponse; } export interface IVerifyMFAWebAuthn extends IVerifyMFA { webauthnToken: string; options: Omit; } export declare enum MFAStrategyEnum { AuthenticatorApp = "AuthenticatorApp", WebAuthnPlatform = "WebAuthnPlatform", WebAuthnCrossPlatform = "WebAuthnCrossPlatform", SMS = "SMS", EmailCode = "EmailCode" } export interface UserMFAWebAuthnDevice { id: string; deviceType: WebAuthnDeviceType; name: string; } export interface UserMFAEmail { email: string; } export interface UserMFAPhoneDevice { id: string; phoneNumber: string; } export interface UserMFAAuthenticatorApp { id: string; } export interface UserMFADevicesResponse { webauthn: UserMFAWebAuthnDevice[]; phones: UserMFAPhoneDevice[]; authenticators: UserMFAAuthenticatorApp[]; emails: UserMFAEmail[]; } export interface IPreDisableMFASMSResponse { otcToken: string; phoneNumber: string; } export interface IDisableMFASMS { otcToken?: string; code?: string; } export interface IPreDisableMFAWebAuthnResponse { webauthnToken: string; options: IWebAuthnPreLoginResponse; } export interface IDisableMFAWebAuthn { webauthnToken?: string; options?: Omit; } export interface IPreEnrollMFAAuthenticatorApp { qrCode: string; } export type WithoutMFAToken = Omit; export interface IMFAStrategyResponse { strategy: MFAStrategyEnum; isActive: boolean; } export interface IMFAStrategiesResponse { strategies: IMFAStrategyResponse[]; } export declare const LOAD_AUTHORIZATION_FF = "admin_portal_should_load_authorization"; export type TSignupStrategy = { strategy: SignUpStrategyEnum; isActive: boolean; isRequired: boolean; }; export type TSignupStrategyResponse = Array; export interface IPasswordRecoveryStrategy { strategy: PasswordRecoveryStrategyEnum; isActive: boolean; }