import Base, { MaybeRaw } from "../../Base"; import { Version } from "../../interfaces/global"; import { PreLoginResponse } from "../../interfaces/idp"; import { SuccessfulAuth } from "../../interfaces/idp/user/SuccessfulAuth"; import { IdpGuest } from "./guest"; import { IdpInternal } from "./internal"; import { IdpOAuth } from "./oauth"; import { IdpOrganization } from "./organization"; import { IdpRegistration } from "./registration"; import { IdpUser } from "./user"; export default class Idp extends Base { /** * Handles everything around organizations */ get organization(): IdpOrganization; private _organization?; /** * Handles everything around registration */ get registration(): IdpRegistration; private _registration?; /** * Handles everything around open authorization and openId requests */ get oAuth(): IdpOAuth; private _oAuth?; /** * Handles everything around a user */ get user(): IdpUser; private _user?; /** * Handles everything around a guest */ get guest(): IdpGuest; private _guest?; /** * Handles everything around idp's internal endpoints */ get internal(): IdpInternal; private _internal?; /** * Requests the endpoint version * @returns Version object */ version(raw?: { raw: R; }): Promise>; /** * Authenticates against the identity provider with a given email and password. * @param email Email of the user * @param password Password of the user * @param token (optional) token if 2FA-TOTP is enabled * @returns SuccessfulAuth object holding the token and the user */ login(email: string, password: string, token?: string, raw?: { raw: R; }): Promise>; /** * Starts the login process via OIDC * @param origin The starting URL of the process. After obtaining the credentials, the user will be redirected back to this url. * @param oidcProvider The provider to use for the process. Only optional if the user is part of an organization that has a preferred * OIDC provider and an associated email that matches the user's. The list of available providers can be found in the public config endpoint. * @param hint Valid email address of the user that wants to login. Hint must be defined when provider is not. * @returns URL that must be accessed via a browser to continue the login process. */ loginWithOIDC(origin: string, oidcProvider?: string, hint?: string, raw?: { raw: R; }): Promise>; /** * Starts the login process via SAML 2.0 * @param origin The starting URL of the process. After obtaining the credentials, the user will be redirected back to this url. * @param email Email of the user. The email domain will be used to determine the appropriate SAML 2.0 provider to use going forward. * @returns URL that must be accessed via a browser to continue the login process. */ loginWithSAML(origin: string, email: string, raw?: { raw: R; }): Promise>; /** * Determine if/how the given email can authenticate. * * @param email Email of the user * @param origin The starting URL of the process. If the authentication process bound to this email is SAML or OIDC, * then the response's location property will include this origin. * @returns object that dictates if: the user needs to REGISTER; the user needs to VERIFY_EMAIL; the user can LOGIN using this email; * or the authentication process should continue via an EXTERNAL provider that can be found via the location property. */ preLogin(email: string, origin: string, raw?: { raw: R; }): Promise>; /** * Initiate the password reset process. An email will be sent to the user to move to the next phase. * * @param email Email of the user * @param captcha Valid google reCAPTCHAV2 * @param targetUrl Optional url the link in the mail will point to */ resetPassword(email: string, captcha: string, targetUrl?: string, raw?: { raw: R; }): Promise>; protected getEndpoint(endpoint: string): string; }