UNPKG

@maccuaa/intellitrust-auth-sdk

Version:
1,622 lines 72.8 kB
import { AxiosRequestConfig } from 'axios'; import { BaseAPI } from './base'; /** * Response associated with an authentication request. * @export * @interface AuthenticatedResponse */ export interface AuthenticatedResponse { /** * Flag to indicate if authentication has successfully completed. * @type {boolean} * @memberof AuthenticatedResponse */ 'authenticationCompleted'?: boolean; /** * The authenticator response for MSCHAPv2 * @type {string} * @memberof AuthenticatedResponse */ 'authenticatorResponse'?: string; /** * Flag to indicate if the user has to attempt device certificate authentication. * @type {boolean} * @memberof AuthenticatedResponse */ 'deviceCertAuthDesired'?: boolean; /** * Expiry time of token. * @type {number} * @memberof AuthenticatedResponse */ 'expires'?: number; /** * * @type {FaceChallenge} * @memberof AuthenticatedResponse */ 'faceChallenge'?: FaceChallenge; /** * * @type {FIDOChallenge} * @memberof AuthenticatedResponse */ 'fidoChallenge'?: FIDOChallenge; /** * First Name. * @type {string} * @memberof AuthenticatedResponse */ 'firstName'?: string; /** * * @type {GridChallenge} * @memberof AuthenticatedResponse */ 'gridChallenge'?: GridChallenge; /** * * @type {KbaChallenge} * @memberof AuthenticatedResponse */ 'kbaChallenge'?: KbaChallenge; /** * Last Name. * @type {string} * @memberof AuthenticatedResponse */ 'lastName'?: string; /** * * @type {MachineAuthenticator} * @memberof AuthenticatedResponse */ 'machineAuthenticator'?: MachineAuthenticator; /** * The type of Magic Link being used. * @type {string} * @memberof AuthenticatedResponse */ 'magicLinkType'?: string; /** * * @type {OfflineTokenAuthenticateResponse} * @memberof AuthenticatedResponse */ 'offlineTokenResponses'?: OfflineTokenAuthenticateResponse; /** * A list of the user organizations. * @type {Array<Organization>} * @memberof AuthenticatedResponse */ 'organizations'?: Array<Organization>; /** * The OTP delivery type used. * @type {string} * @memberof AuthenticatedResponse */ 'otpdeliveryType'?: AuthenticatedResponseOtpdeliveryTypeEnum; /** * * @type {PassthroughAuthenticationResponse} * @memberof AuthenticatedResponse */ 'passthroughAuthenticationResponse'?: PassthroughAuthenticationResponse; /** * Push authentication mutual challenge. * @type {string} * @memberof AuthenticatedResponse */ 'pushMutualChallenge'?: string; /** * The redirect URL when using a Magic Link. * @type {string} * @memberof AuthenticatedResponse */ 'redirectUrl'?: string; /** * For a SMART_LOGIN authenticator challenge, provides the challenge. * @type {string} * @memberof AuthenticatedResponse */ 'smartLoginChallenge'?: string; /** * Status of authenticator. This is not a required API field if Mobile Smart Credential or Token Push authentication is being used. * @type {string} * @memberof AuthenticatedResponse */ 'status'?: AuthenticatedResponseStatusEnum; /** * The timeout for step-up authentication * @type {number} * @memberof AuthenticatedResponse */ 'stepUpAuthExpiry'?: number; /** * * @type {TempAccessCodeChallenge} * @memberof AuthenticatedResponse */ 'tempAccessCodeChallenge'?: TempAccessCodeChallenge; /** * * @type {number} * @memberof AuthenticatedResponse */ 'time'?: number; /** * Authenticated/unauthenticated authorization token. * @type {string} * @memberof AuthenticatedResponse */ 'token'?: string; /** * * @type {TokenChallenge} * @memberof AuthenticatedResponse */ 'tokenChallenge'?: TokenChallenge; /** * For a token or token push authenticator challenge, provides a list of serial numbers of the tokens that can be used to authenticate. * @type {Array<string>} * @memberof AuthenticatedResponse */ 'tokenDetails'?: Array<string>; /** * The token push authentication mutual challenge. * @type {string} * @memberof AuthenticatedResponse * @deprecated */ 'tokenPushMutualChallenge'?: string; /** * * @type {TransactionReceipt} * @memberof AuthenticatedResponse */ 'transactionReceipt'?: TransactionReceipt; /** * * @type {UserCertificateChallenge} * @memberof AuthenticatedResponse */ 'userCertificateChallenge'?: UserCertificateChallenge; /** * The User ID of the Identity as a Service user that completed authentication. * @type {string} * @memberof AuthenticatedResponse */ 'userId'?: string; /** * * @type {UserMachineSettings} * @memberof AuthenticatedResponse */ 'userMachineSettings'?: UserMachineSettings; /** * Whether the user still requires registration. * @type {boolean} * @memberof AuthenticatedResponse */ 'userRegistrationRequired'?: boolean; /** * Whether the user still requires verification. * @type {boolean} * @memberof AuthenticatedResponse */ 'userVerificationRequired'?: boolean; } export declare const AuthenticatedResponseOtpdeliveryTypeEnum: { readonly Email: "EMAIL"; readonly Sms: "SMS"; readonly Voice: "VOICE"; readonly Wechat: "WECHAT"; readonly Whatsapp: "WHATSAPP"; }; export type AuthenticatedResponseOtpdeliveryTypeEnum = typeof AuthenticatedResponseOtpdeliveryTypeEnum[keyof typeof AuthenticatedResponseOtpdeliveryTypeEnum]; export declare const AuthenticatedResponseStatusEnum: { readonly Confirm: "CONFIRM"; readonly Concern: "CONCERN"; readonly Cancel: "CANCEL"; readonly NoResponse: "NO_RESPONSE"; }; export type AuthenticatedResponseStatusEnum = typeof AuthenticatedResponseStatusEnum[keyof typeof AuthenticatedResponseStatusEnum]; /** * Object containing information about errors reported by services. * @export * @interface ErrorInfo */ export interface ErrorInfo { /** * Error Codes specific to cause of failure. * @type {string} * @memberof ErrorInfo */ 'errorCode'?: string; /** * Additional Error Message describing the error. * @type {string} * @memberof ErrorInfo */ 'errorMessage'?: string; /** * Optional additional error information. * @type {Array<object>} * @memberof ErrorInfo */ 'parameters'?: Array<object>; } /** * If the authentication challenge is of type FIDO, the FIDOChallenge will contain the FIDO challenge parameters that must be passed to the FIDO token to complete authentication. * @export * @interface FIDOChallenge */ export interface FIDOChallenge { /** * The list of IDs of the FIDO tokens registered for the user. Each value is base-64 encoded. * @type {Array<string>} * @memberof FIDOChallenge */ 'allowCredentials'?: Array<string>; /** * A random challenge. It is a base-64 encoded value. * @type {string} * @memberof FIDOChallenge */ 'challenge': string; /** * The number of seconds that the client will wait for the FIDO token to respond. * @type {number} * @memberof FIDOChallenge */ 'timeout': number; } /** * A FIDORegisterChallenge defines the information returned when a user starts to register a FIDO token. * @export * @interface FIDORegisterChallenge */ export interface FIDORegisterChallenge { /** * The registration challenge generated by Identity as a Service. This is a base-64 encoded value. * @type {string} * @memberof FIDORegisterChallenge */ 'challenge'?: string; /** * The IDs of FIDO tokens already registered to this user. These values are base-64 encoded. * @type {Array<string>} * @memberof FIDORegisterChallenge */ 'registeredCredentials'?: Array<string>; /** * The names of FIDO tokens already registered to this user. * @type {Array<string>} * @memberof FIDORegisterChallenge */ 'registeredCredentialsNames'?: Array<string>; /** * Should the token be embedded on the device or stored externally? * @type {string} * @memberof FIDORegisterChallenge */ 'registrationAuthenticatorAttachment'?: FIDORegisterChallengeRegistrationAuthenticatorAttachmentEnum; /** * Should the User ID be stored on the Passkey/FIDO2 token? * @type {string} * @memberof FIDORegisterChallenge */ 'registrationRequireResidentKey'?: FIDORegisterChallengeRegistrationRequireResidentKeyEnum; /** * Should the token perform user verification? * @type {string} * @memberof FIDORegisterChallenge */ 'registrationUserVerification'?: FIDORegisterChallengeRegistrationUserVerificationEnum; /** * The name of this relying party. This is the name of the Identity as a Service account. * @type {string} * @memberof FIDORegisterChallenge */ 'rpName'?: string; /** * The time in seconds that the client will wait for the FIDO token to respond. * @type {number} * @memberof FIDORegisterChallenge */ 'timeout'?: number; /** * The display name of this user. It will be \'firstname lastname\' of the user * @type {string} * @memberof FIDORegisterChallenge */ 'userDisplayName'?: string; /** * The id of this user. It will be UUID of the user base-64 encoded. * @type {string} * @memberof FIDORegisterChallenge */ 'userId'?: string; /** * The name of this user. It will be the userId of the user. * @type {string} * @memberof FIDORegisterChallenge */ 'userName'?: string; } export declare const FIDORegisterChallengeRegistrationAuthenticatorAttachmentEnum: { readonly Either: "EITHER"; readonly Platform: "PLATFORM"; readonly CrossPlatform: "CROSS_PLATFORM"; }; export type FIDORegisterChallengeRegistrationAuthenticatorAttachmentEnum = typeof FIDORegisterChallengeRegistrationAuthenticatorAttachmentEnum[keyof typeof FIDORegisterChallengeRegistrationAuthenticatorAttachmentEnum]; export declare const FIDORegisterChallengeRegistrationRequireResidentKeyEnum: { readonly Discouraged: "DISCOURAGED"; readonly Preferred: "PREFERRED"; readonly Required: "REQUIRED"; }; export type FIDORegisterChallengeRegistrationRequireResidentKeyEnum = typeof FIDORegisterChallengeRegistrationRequireResidentKeyEnum[keyof typeof FIDORegisterChallengeRegistrationRequireResidentKeyEnum]; export declare const FIDORegisterChallengeRegistrationUserVerificationEnum: { readonly Discouraged: "DISCOURAGED"; readonly Preferred: "PREFERRED"; readonly Required: "REQUIRED"; }; export type FIDORegisterChallengeRegistrationUserVerificationEnum = typeof FIDORegisterChallengeRegistrationUserVerificationEnum[keyof typeof FIDORegisterChallengeRegistrationUserVerificationEnum]; /** * FIDORegisterResponse defines the information returned from a FIDO token to complete registration. * @export * @interface FIDORegisterResponse */ export interface FIDORegisterResponse { /** * The FIDO attestationObject data returned from the FIDO token. This is a base-64 encoded value. * @type {string} * @memberof FIDORegisterResponse */ 'attestationObject'?: string; /** * The FIDO clientData returned from the FIDO token. This is a base-64 encoded value. * @type {string} * @memberof FIDORegisterResponse */ 'clientDataJSON'?: string; /** * The name for the new FIDO token. * @type {string} * @memberof FIDORegisterResponse */ 'name'?: string; /** * Flag indicating if the userId was stored on the registered FIDO2 token. Defaults to false if not set. * @type {boolean} * @memberof FIDORegisterResponse */ 'userIdStored'?: boolean; } /** * The values returned from a FIDO token when performing an authentication. * @export * @interface FIDOResponse */ export interface FIDOResponse { /** * Authenticator Data returned from the token. * @type {string} * @memberof FIDOResponse */ 'authenticatorData': string; /** * Data about the token used to authenticate. * @type {string} * @memberof FIDOResponse */ 'clientDataJSON': string; /** * The ID of the token used to authenticate. * @type {string} * @memberof FIDOResponse */ 'credentialId': string; /** * The authentication signature generated by the token. * @type {string} * @memberof FIDOResponse */ 'signature': string; /** * The UUID of the user logging in. * @type {string} * @memberof FIDOResponse */ 'userHandle'?: string; } /** * A FIDOToken defines the information returned about a FIDO Token. * @export * @interface FIDOToken */ export interface FIDOToken { /** * Administration actions that can be performed on this FIDO token. * @type {Array<string>} * @memberof FIDOToken */ 'allowedActions'?: Array<FIDOTokenAllowedActionsEnum>; /** * The date on which the FIDO token was created. * @type {string} * @memberof FIDOToken */ 'createDate'?: string; /** * The unique UUID assigned to the fido token when it is registered. * @type {string} * @memberof FIDOToken */ 'id'?: string; /** * The date on which this FIDO token was last used for authentication. This value will be null if the FIDO token has never been used. * @type {string} * @memberof FIDOToken */ 'lastUsedDate'?: string; /** * The name of this FIDO token. * @type {string} * @memberof FIDOToken */ 'name'?: string; /** * The origin of where the FIDO token was generated. * @type {string} * @memberof FIDOToken */ 'origin'?: string; /** * The relying party ID of where the FIDO token was generated. * @type {string} * @memberof FIDOToken */ 'relyingPartyId'?: string; /** * The state of this FIDO token. Only FIDO tokens in the ACTIVE state can be used for authentication. * @type {string} * @memberof FIDOToken */ 'state'?: FIDOTokenStateEnum; /** * The user Id of the user who owns this FIDO token. * @type {string} * @memberof FIDOToken */ 'userId'?: string; /** * Indicates if the userId was stored on the FIDO token. * @type {boolean} * @memberof FIDOToken */ 'userIdStored'?: boolean; /** * The UUID of the user who owns this FIDO token. * @type {string} * @memberof FIDOToken */ 'userUUID'?: string; } export declare const FIDOTokenAllowedActionsEnum: { readonly Delete: "DELETE"; readonly Enable: "ENABLE"; readonly Disable: "DISABLE"; readonly Rename: "RENAME"; }; export type FIDOTokenAllowedActionsEnum = typeof FIDOTokenAllowedActionsEnum[keyof typeof FIDOTokenAllowedActionsEnum]; export declare const FIDOTokenStateEnum: { readonly Active: "ACTIVE"; readonly Inactive: "INACTIVE"; }; export type FIDOTokenStateEnum = typeof FIDOTokenStateEnum[keyof typeof FIDOTokenStateEnum]; /** * The parameters specifying what is to be changed. * @export * @interface FIDOTokenParms */ export interface FIDOTokenParms { /** * The name of this FIDO token. * @type {string} * @memberof FIDOTokenParms */ 'name'?: string; /** * The state of this FIDO token. Only FIDO tokens in the ACTIVE state can be used for authentication. * @type {string} * @memberof FIDOTokenParms */ 'state'?: FIDOTokenParmsStateEnum; } export declare const FIDOTokenParmsStateEnum: { readonly Active: "ACTIVE"; readonly Inactive: "INACTIVE"; }; export type FIDOTokenParmsStateEnum = typeof FIDOTokenParmsStateEnum[keyof typeof FIDOTokenParmsStateEnum]; /** * Parameters returned to initialize a Face Biometric authenticator. * @export * @interface FaceChallenge */ export interface FaceChallenge { /** * Which device to use for registration and authentication. * @type {string} * @memberof FaceChallenge */ 'device'?: FaceChallengeDeviceEnum; /** * The ID of the Face Biometric to get. * @type {string} * @memberof FaceChallenge */ 'id'?: string; /** * QR Code to use to launch the mobile flow. * @type {string} * @memberof FaceChallenge */ 'qrCode'?: string; /** * The SDK token generated for the user. * @type {string} * @memberof FaceChallenge */ 'sdkToken'?: string; /** * Workflow run ID to use for the user. * @type {string} * @memberof FaceChallenge */ 'workflowRunId'?: string; } export declare const FaceChallengeDeviceEnum: { readonly Web: "WEB"; readonly Mobile: "MOBILE"; }; export type FaceChallengeDeviceEnum = typeof FaceChallengeDeviceEnum[keyof typeof FaceChallengeDeviceEnum]; /** * Information used to get offline responses for a token assigned to a user. * @export * @interface GetOfflineTokenAuthenticateParms */ export interface GetOfflineTokenAuthenticateParms { /** * * @type {string} * @memberof GetOfflineTokenAuthenticateParms */ 'applicationId': string; /** * * @type {TokenProtectedOfflineParms} * @memberof GetOfflineTokenAuthenticateParms */ 'tokenProtectedOfflineParms': TokenProtectedOfflineParms; /** * * @type {string} * @memberof GetOfflineTokenAuthenticateParms */ 'tokenSerialNumber': string; } /** * If the authentication challenge is of type grid, the GridChallenge object will contain the grid challenge that the end user must answer. * @export * @interface GridChallenge */ export interface GridChallenge { /** * The grid challenge specifies a list of grid cells that the user must answer in their challenge. * @type {Array<GridChallengeCell>} * @memberof GridChallenge */ 'challenge': Array<GridChallengeCell>; /** * The grid details. * @type {Array<GridInfo>} * @memberof GridChallenge */ 'gridInfo': Array<GridInfo>; /** * The numCharsPerCell value specifies the number of characters expected in the response for each cell as defined by current settings. * @type {number} * @memberof GridChallenge */ 'numCharsPerCell': number; /** * The serial numbers of the grids that can be used to answer this challenge. * @type {Array<string>} * @memberof GridChallenge * @deprecated */ 'serialNumbers': Array<string>; } /** * A GridChallengeCell specifies one cell in a grid by its row and column coordinates. Normally a grid challenge cell is displayed using letters for the column and numbers for the row. For example, a cell with the value 0,0 will be displayed as A1. * @export * @interface GridChallengeCell */ export interface GridChallengeCell { /** * The column within the grid starting at 0. * @type {number} * @memberof GridChallengeCell */ 'column': number; /** * The row within the grid starting at 0. * @type {number} * @memberof GridChallengeCell */ 'row': number; } /** * Details about the grid. * @export * @interface GridInfo */ export interface GridInfo { /** * The expiry date of the grid. Null value indicates the grid will never expire. * @type {string} * @memberof GridInfo */ 'expiryDate'?: string; /** * The serial number of the grid that can be used to answer this challenge. * @type {string} * @memberof GridInfo */ 'serialNumber': string; } /** * Knowledge-based authenticator required for authentication to Identity as a Service * @export * @interface KbaChallenge */ export interface KbaChallenge { /** * * @type {string} * @memberof KbaChallenge */ 'id'?: string; /** * * @type {Array<UserQuestion>} * @memberof KbaChallenge */ 'userQuestions': Array<UserQuestion>; } /** * A MSCHAPv1Response specifies the values included in an MSCHAPv1 encoded authentication response. * @export * @interface MSCHAPv1Response */ export interface MSCHAPv1Response { /** * The MSCHAPv1 challenge. * @type {string} * @memberof MSCHAPv1Response */ 'challenge': string; /** * The MSCHAPv1 response. * @type {string} * @memberof MSCHAPv1Response */ 'response': string; } /** * A MSCHAPv2Response specifies the values included in an MSCHAPv2 encoded authentication response. * @export * @interface MSCHAPv2Response */ export interface MSCHAPv2Response { /** * The MSCHAPv2 challenge. * @type {string} * @memberof MSCHAPv2Response */ 'challenge': string; /** * The MSCHAPv2 identifier. * @type {number} * @memberof MSCHAPv2Response */ 'identifier': number; /** * The MSCHAPv2 peer challenge. * @type {string} * @memberof MSCHAPv2Response */ 'peerChallenge': string; /** * The MSCHAPv2 response. * @type {string} * @memberof MSCHAPv2Response */ 'response': string; /** * The MSCHAPv2 userId. This must be the exact same value used to calculate the MSCHAPv2 response. It will normally be the same as the userId value passed to the authentication method but allows for differences between the two values. For example, an alias may have been passed to the authentication method but the actual userid was used to calculate the MSCHAPv2 response. * @type {string} * @memberof MSCHAPv2Response */ 'userId': string; } /** * Machine authenticator required to complete authentication challenge * @export * @interface MachineAuthenticator */ export interface MachineAuthenticator { /** * The device fingerprint if it\'s required during Machine authentication. It will always be null when returned from IDaaS as part of the response body. * @type {string} * @memberof MachineAuthenticator */ 'fingerprint'?: string; /** * machineNonce * @type {string} * @memberof MachineAuthenticator */ 'machineNonce'?: string; /** * sequenceNonce * @type {string} * @memberof MachineAuthenticator */ 'sequenceNonce'?: string; } /** * Register a machine authenticator for authentication to Identity as a Service * @export * @interface MachineAuthenticatorRegistration */ export interface MachineAuthenticatorRegistration { /** * The device fingerprint. It must be a valid fingerprint as produced by Entrust SDK. * @type {string} * @memberof MachineAuthenticatorRegistration */ 'fingerprint'?: string; /** * Identifies the device/machine from the end-user point of view. * @type {string} * @memberof MachineAuthenticatorRegistration */ 'label': string; } /** * * @export * @interface ModelError */ export interface ModelError { /** * The server error code * @type {string} * @memberof ModelError */ 'code': string; /** * A human-readable representation of the error * @type {string} * @memberof ModelError */ 'message': string; /** * The target of the error * @type {string} * @memberof ModelError */ 'target'?: string; } /** * OTPContactValue * @export * @interface OTPContactValue */ export interface OTPContactValue { /** * Name of the attribute. * @type {string} * @memberof OTPContactValue */ 'name'?: string; /** * Type of the OTP delivery attribute. * @type {string} * @memberof OTPContactValue */ 'type'?: OTPContactValueTypeEnum; /** * Masked attribute value. * @type {string} * @memberof OTPContactValue */ 'value'?: string; } export declare const OTPContactValueTypeEnum: { readonly Email: "EMAIL"; readonly Sms: "SMS"; readonly Voice: "VOICE"; readonly Wechat: "WECHAT"; readonly Whatsapp: "WHATSAPP"; }; export type OTPContactValueTypeEnum = typeof OTPContactValueTypeEnum[keyof typeof OTPContactValueTypeEnum]; /** * OTPDetails * @export * @interface OTPDetails */ export interface OTPDetails { /** * The available delivery types. * @type {Array<string>} * @memberof OTPDetails */ 'availableOTPDelivery'?: Array<OTPDetailsAvailableOTPDeliveryEnum>; /** * The available OTP contact values types. * @type {Array<OTPContactValue>} * @memberof OTPDetails */ 'otpContactValues'?: Array<OTPContactValue>; /** * The default delivery type. * @type {string} * @memberof OTPDetails */ 'otpDefaultDelivery'?: OTPDetailsOtpDefaultDeliveryEnum; /** * The name of default OTP delivery attribute. * @type {string} * @memberof OTPDetails */ 'otpDeliveryAttribute'?: string; } export declare const OTPDetailsAvailableOTPDeliveryEnum: { readonly Email: "EMAIL"; readonly Sms: "SMS"; readonly Voice: "VOICE"; readonly Wechat: "WECHAT"; readonly Whatsapp: "WHATSAPP"; }; export type OTPDetailsAvailableOTPDeliveryEnum = typeof OTPDetailsAvailableOTPDeliveryEnum[keyof typeof OTPDetailsAvailableOTPDeliveryEnum]; export declare const OTPDetailsOtpDefaultDeliveryEnum: { readonly Email: "EMAIL"; readonly Sms: "SMS"; readonly Voice: "VOICE"; readonly Wechat: "WECHAT"; readonly Whatsapp: "WHATSAPP"; }; export type OTPDetailsOtpDefaultDeliveryEnum = typeof OTPDetailsOtpDefaultDeliveryEnum[keyof typeof OTPDetailsOtpDefaultDeliveryEnum]; /** * Used to return batches of protected OTPs for a given token * @export * @interface OfflineTokenAuthenticateResponse */ export interface OfflineTokenAuthenticateResponse { /** * This is the moving factor index for the first hashed OTP returned. In the case of time-based tokens, it represents time step, otherwise it represents the value of the counter. * @type {number} * @memberof OfflineTokenAuthenticateResponse */ 'firstMovingFactor'?: number; /** * The number of iterations of the hash function to be performed. * @type {number} * @memberof OfflineTokenAuthenticateResponse */ 'iterations'?: number; /** * This is the policy-configured maximum number (hours or counters) * @type {number} * @memberof OfflineTokenAuthenticateResponse */ 'maxSizeInUnits'?: number; /** * This is the max number of time steps used to validate a token. * @type {number} * @memberof OfflineTokenAuthenticateResponse */ 'maxTimeSteps'?: number; /** * This is the policy-configured recommended number (hours or counters) * @type {number} * @memberof OfflineTokenAuthenticateResponse */ 'minorSizeInUnits'?: number; /** * An array of all of the OTPs returned in the batch, each with its public component of the salt. * @type {string} * @memberof OfflineTokenAuthenticateResponse */ 'otps'?: string; /** * The number of digits in the private part of the salt that the client must guess. * @type {number} * @memberof OfflineTokenAuthenticateResponse */ 'privateSaltLength'?: number; /** * Flag indicating if the set of OTP hashes returned was optimized so that OTPs which have already been downloaded in prior requests, but that have no yet expired, are not sent again. * @type {boolean} * @memberof OfflineTokenAuthenticateResponse */ 'resultOptimized'?: boolean; /** * This is the token time drift in seconds. This applies only to time-based tokens. * @type {number} * @memberof OfflineTokenAuthenticateResponse */ 'timeDrift'?: number; /** * If this contains a positive value then this batch is for time-based tokens, otherwise it is for event based tokens. * @type {number} * @memberof OfflineTokenAuthenticateResponse */ 'timeInterval'?: number; /** * The serial number of the token for which offline tokens are generated. * @type {string} * @memberof OfflineTokenAuthenticateResponse */ 'tokenSerialNumber'?: string; /** * The secret the client should use when requesting the next batch of protected offline OTPs. * @type {string} * @memberof OfflineTokenAuthenticateResponse */ 'useSecret'?: string; } /** * Organization defines the attributes of an organization used in B2B scenarios. * @export * @interface Organization */ export interface Organization { /** * The description of the organization. * @type {string} * @memberof Organization */ 'description'?: string; /** * The display name of the organization. * @type {string} * @memberof Organization */ 'displayName': string; /** * The unique UUID assigned to the organization when it is created. * @type {string} * @memberof Organization */ 'id': string; /** * The URI of the logo to display when showing organizations. * @type {string} * @memberof Organization */ 'logoUri'?: string; /** * The name of the organization. * @type {string} * @memberof Organization */ 'name': string; } /** * Passthrough authenticator response. * @export * @interface PassthroughAuthenticationResponse */ export interface PassthroughAuthenticationResponse { /** * Passthrough authentication result items. * @type {Array<PassthroughAuthenticationResultItems>} * @memberof PassthroughAuthenticationResponse */ 'passthroughAuthenticationResultItems'?: Array<PassthroughAuthenticationResultItems>; } /** * Passthrough authentication result items. * @export * @interface PassthroughAuthenticationResultItems */ export interface PassthroughAuthenticationResultItems { /** * The name of the result item. * @type {string} * @memberof PassthroughAuthenticationResultItems */ 'name'?: string; /** * The value of the result item. * @type {string} * @memberof PassthroughAuthenticationResultItems */ 'value'?: string; } /** * Passthrough authenticator parameters * @export * @interface PassthroughAuthenticatorParms */ export interface PassthroughAuthenticatorParms { /** * The list of placeholders. * @type {Array<PassthroughAuthenticatorPlaceholder>} * @memberof PassthroughAuthenticatorParms */ 'passthroughAuthenticatorPlaceholders'?: Array<PassthroughAuthenticatorPlaceholder>; } /** * Passthrough authenticator placeholder * @export * @interface PassthroughAuthenticatorPlaceholder */ export interface PassthroughAuthenticatorPlaceholder { /** * The placeholder name. * @type {string} * @memberof PassthroughAuthenticatorPlaceholder */ 'name': string; /** * The placeholder value. * @type {string} * @memberof PassthroughAuthenticatorPlaceholder */ 'value': string; } /** * Request detail items. * @export * @interface RequestDetail */ export interface RequestDetail { /** * The browser associated with the request. * @type {string} * @memberof RequestDetail */ 'browser'?: string; /** * The OS associated with the request. * @type {string} * @memberof RequestDetail */ 'os'?: string; } /** * Information about the temporary access code settings. * @export * @interface TempAccessCodeChallenge */ export interface TempAccessCodeChallenge { /** * An optional admin contact value (like an admin email address or phone number) to be displayed in the admin contact message. * @type {string} * @memberof TempAccessCodeChallenge */ 'adminContact'?: string; /** * Indicates if the admin contact message should be displayed for this challenge. * @type {boolean} * @memberof TempAccessCodeChallenge */ 'enableAdminContact'?: boolean; } /** * If the authentication challenge is of offline token, the TokenChallenge object will contain the QR codes can be scanned by the mobile app. * @export * @interface TokenChallenge */ export interface TokenChallenge { /** * For TOKENCR authentication, the challenge that must be entered into the token. Will be null for TOKEN and TOKENPUSH authentication. * @type {string} * @memberof TokenChallenge */ 'challenge'?: string; /** * The token challenge contains a list of TokenInfo objects for each of the tokens that can be used to authenticate. In the case of an offline QR code challenge, a TokenInfo object includes the QR code. * @type {Array<TokenInfo>} * @memberof TokenChallenge */ 'token': Array<TokenInfo>; } /** * A TokenInfo specifies one token that can be used to authenticate with a token serial number, a base-64 QR code string and a url based QR code string. * @export * @interface TokenInfo */ export interface TokenInfo { /** * Optional label to identify an assigned token: a String up to 100 characters. * @type {string} * @memberof TokenInfo */ 'label'?: string; /** * The base-64 encoded QR code. This QR code can be scanned by the Entrust Identity mobile application to perform activation in the case of an offline QR code challenge. * @type {string} * @memberof TokenInfo */ 'qrCode'?: string; /** * The URL based QR code string. In the case of an offline QR code challenge, this string can be used to generated the base-64 encoded QR code. * @type {string} * @memberof TokenInfo */ 'qrCodeUrl'?: string; /** * The serial number of the token. * @type {string} * @memberof TokenInfo */ 'serialNumber'?: string; } /** * The model used to generate the offline token. * @export * @interface TokenProtectedOfflineParms */ export interface TokenProtectedOfflineParms { /** * The name sent by the client. * @type {string} * @memberof TokenProtectedOfflineParms */ 'tokenProtectedOfflineOTPClientName'?: string; /** * One or several secrets sent by the client concatenated to a single array. * @type {string} * @memberof TokenProtectedOfflineParms */ 'tokenProtectedOfflineOTPClientSecret'?: string; /** * Flag indicating whether the number of OTPs being returned need to be optimized. * @type {boolean} * @memberof TokenProtectedOfflineParms */ 'tokenProtectedOfflineOTPDoNotOptimize'?: boolean; /** * The different levels of protection for offline tokens. * @type {string} * @memberof TokenProtectedOfflineParms */ 'tokenProtectedOfflineOTPGet'?: TokenProtectedOfflineParmsTokenProtectedOfflineOTPGetEnum; /** * Request size (Units of hour or count). * @type {number} * @memberof TokenProtectedOfflineParms */ 'tokenProtectedOfflineOTPSize'?: number; } export declare const TokenProtectedOfflineParmsTokenProtectedOfflineOTPGetEnum: { readonly None: "NONE"; readonly Minor: "MINOR"; readonly Major: "MAJOR"; readonly Custom: "CUSTOM"; }; export type TokenProtectedOfflineParmsTokenProtectedOfflineOTPGetEnum = typeof TokenProtectedOfflineParmsTokenProtectedOfflineOTPGetEnum[keyof typeof TokenProtectedOfflineParmsTokenProtectedOfflineOTPGetEnum]; /** * Transaction detail item and its value used with push authenticators and with offline transaction verification. * @export * @interface TransactionDetail */ export interface TransactionDetail { /** * The transaction detail name. * @type {string} * @memberof TransactionDetail */ 'detail'?: string; /** * * @type {Array<string>} * @memberof TransactionDetail */ 'usage'?: Array<TransactionDetailUsageEnum>; /** * The transaction detail value. * @type {string} * @memberof TransactionDetail */ 'value'?: string; } export declare const TransactionDetailUsageEnum: { readonly Rba: "RBA"; readonly Tvs: "TVS"; }; export type TransactionDetailUsageEnum = typeof TransactionDetailUsageEnum[keyof typeof TransactionDetailUsageEnum]; /** * Transaction Receipt item and its value used with push authenticators and with offline transaction verification. * @export * @interface TransactionReceipt */ export interface TransactionReceipt { /** * The transaction authentication type. * @type {string} * @memberof TransactionReceipt */ 'authenticationType'?: TransactionReceiptAuthenticationTypeEnum; /** * The transaction date. * @type {string} * @memberof TransactionReceipt */ 'date'?: string; /** * The transaction details. * @type {Array<TransactionDetail>} * @memberof TransactionReceipt */ 'details'?: Array<TransactionDetail>; /** * The transaction id. * @type {string} * @memberof TransactionReceipt */ 'id'?: string; /** * The transaction authentication security level. * @type {string} * @memberof TransactionReceipt */ 'securityLevel'?: TransactionReceiptSecurityLevelEnum; /** * The transaction user. * @type {string} * @memberof TransactionReceipt */ 'userid'?: string; } export declare const TransactionReceiptAuthenticationTypeEnum: { readonly Otp: "OTP"; readonly Token: "TOKEN"; }; export type TransactionReceiptAuthenticationTypeEnum = typeof TransactionReceiptAuthenticationTypeEnum[keyof typeof TransactionReceiptAuthenticationTypeEnum]; export declare const TransactionReceiptSecurityLevelEnum: { readonly Low: "LOW"; readonly Medium: "MEDIUM"; readonly High: "HIGH"; }; export type TransactionReceiptSecurityLevelEnum = typeof TransactionReceiptSecurityLevelEnum[keyof typeof TransactionReceiptSecurityLevelEnum]; /** * Request parameters for completing authentication process. * @export * @interface UserAuthenticateParameters */ export interface UserAuthenticateParameters { /** * Unique identifier of Identity as a Service Authentication API application. * @type {string} * @memberof UserAuthenticateParameters */ 'applicationId'?: string; /** * Client provided information about the application that will be included in the authentication audits if provided. * @type {string} * @memberof UserAuthenticateParameters */ 'applicationInfo'?: string; /** * Unique identifier of the client authentication request in the OIDC application\'s JWT IDaaS grant type use case. * @type {string} * @memberof UserAuthenticateParameters */ 'authRequestKey'?: string; /** * Cancel Identity as a Service authentication to the application * @type {boolean} * @memberof UserAuthenticateParameters */ 'cancel'?: boolean; /** * The certificate with public key to verify signature. * @type {string} * @memberof UserAuthenticateParameters */ 'certificate'?: string; /** * * @type {object} * @memberof UserAuthenticateParameters */ 'chapResponse'?: object; /** * Provided client IP address. * @type {string} * @memberof UserAuthenticateParameters */ 'clientIp'?: string; /** * If set to true, enhanced session protection is enabled for the auth token. An HTTP cookie named INTELLITRUST_SESSION_ID is returned with the response and must be returned in all subsequent requests using the auth token. * @type {boolean} * @memberof UserAuthenticateParameters */ 'enableWebSession'?: boolean; /** * For Face Biometric authentication, the workflow run id to check. * @type {string} * @memberof UserAuthenticateParameters * @deprecated */ 'faceResponse'?: string; /** * * @type {FIDOResponse} * @memberof UserAuthenticateParameters */ 'fidoResponse'?: FIDOResponse; /** * Setting defines if IP Address is ignored for RBA or not. Default value is false and will not ignore IP Address for RBA. * @type {boolean} * @memberof UserAuthenticateParameters */ 'ignoreIPAddressForRBA'?: boolean; /** * * @type {KbaChallenge} * @memberof UserAuthenticateParameters */ 'kbaChallenge'?: KbaChallenge; /** * The locale of this user. If not set, the default account locale will be used. * @type {string} * @memberof UserAuthenticateParameters */ 'locale'?: string; /** * * @type {MachineAuthenticator} * @memberof UserAuthenticateParameters */ 'machineAuthenticator'?: MachineAuthenticator; /** * * @type {MachineAuthenticatorRegistration} * @memberof UserAuthenticateParameters */ 'machineAuthenticatorRegistration'?: MachineAuthenticatorRegistration; /** * * @type {MSCHAPv1Response} * @memberof UserAuthenticateParameters */ 'mschapV1Response'?: MSCHAPv1Response; /** * * @type {MSCHAPv2Response} * @memberof UserAuthenticateParameters */ 'mschapV2Response'?: MSCHAPv2Response; /** * New password if change requested. * @type {string} * @memberof UserAuthenticateParameters */ 'newPassword'?: string; /** * A flag indicating if the offline QR code token verification is used * @type {boolean} * @memberof UserAuthenticateParameters */ 'offlineTVS'?: boolean; /** * The origin of the client * @type {string} * @memberof UserAuthenticateParameters */ 'origin'?: string; /** * * @type {PassthroughAuthenticatorParms} * @memberof UserAuthenticateParameters */ 'passthroughAuthenticatorParms'?: PassthroughAuthenticatorParms; /** * The request acrs. * @type {string} * @memberof UserAuthenticateParameters */ 'requestAcrs'?: string; /** * API response based on Authenticator type. This is not a required field if Mobile Smart Credential, KBA, Token Push, Smart Login or Face Biometric authentication is being used. * @type {string} * @memberof UserAuthenticateParameters */ 'response'?: string; /** * Authenticator type selected for second factor (if enabled). * @type {string} * @memberof UserAuthenticateParameters */ 'secondFactorAuthenticator'?: UserAuthenticateParametersSecondFactorAuthenticatorEnum; /** * * @type {TokenProtectedOfflineParms} * @memberof UserAuthenticateParameters */ 'tokenProtectedOfflineParms'?: TokenProtectedOfflineParms; /** * Transaction Details. * @type {Array<TransactionDetail>} * @memberof UserAuthenticateParameters */ 'transactionDetails'?: Array<TransactionDetail>; /** * * @type {UserCertificateResponse} * @memberof UserAuthenticateParameters */ 'userCertificateResponse'?: UserCertificateResponse; /** * User ID (containing the user ID or a user alias) of the Identity as a Service user completing the authentication challenge. * @type {string} * @memberof UserAuthenticateParameters */ 'userId'?: string; } export declare const UserAuthenticateParametersSecondFactorAuthenticatorEnum: { readonly Machine: "MACHINE"; readonly Password: "PASSWORD"; readonly External: "EXTERNAL"; readonly Kba: "KBA"; readonly TempAccessCode: "TEMP_ACCESS_CODE"; readonly Otp: "OTP"; readonly Grid: "GRID"; readonly Token: "TOKEN"; readonly Tokencr: "TOKENCR"; readonly Tokenpush: "TOKENPUSH"; readonly Fido: "FIDO"; readonly Smartcredentialpush: "SMARTCREDENTIALPUSH"; readonly PasswordAndSecondfactor: "PASSWORD_AND_SECONDFACTOR"; readonly SmartLogin: "SMART_LOGIN"; readonly Idp: "IDP"; readonly Passkey: "PASSKEY"; readonly IdpAndSecondfactor: "IDP_AND_SECONDFACTOR"; readonly UserCertificate: "USER_CERTIFICATE"; readonly Face: "FACE"; readonly Passthrough: "PASSTHROUGH"; readonly Magiclink: "MAGICLINK"; }; export type UserAuthenticateParametersSecondFactorAuthenticatorEnum = typeof UserAuthenticateParametersSecondFactorAuthenticatorEnum[keyof typeof UserAuthenticateParametersSecondFactorAuthenticatorEnum]; /** * Request parameters for starting user authentication process. * @export * @interface UserAuthenticateQueryParameters */ export interface UserAuthenticateQueryParameters { /** * Unique identifier of the Identity as a Service Authentication API application * @type {string} * @memberof UserAuthenticateQueryParameters */ 'applicationId': string; /** * Unique identifier of the client authentication request in the OIDC application\'s JWT IDaaS grant type use case. * @type {string} * @memberof UserAuthenticateQueryParameters */ 'authRequestKey'?: string; /** * Authentication token. * @type {string} * @memberof UserAuthenticateQueryParameters */ 'authToken'?: string; /** * Provided client IP address. * @type {string} * @memberof UserAuthenticateQueryParameters */ 'clientIp'?: string; /** * Setting defines if IP Address is ignored for RBA or not. Default value is false and will not ignore IP Address for RBA. * @type {boolean} * @memberof UserAuthenticateQueryParameters */ 'ignoreIPAddressForRBA'?: boolean; /** * * @type {MachineAuthenticator} * @memberof UserAuthenticateQueryParameters */ 'machineAuthenticator'?: MachineAuthenticator; /** * Maximum Authentication Age. If an authentication token is supplied, the maximum authentication age used to determine whether authentication is required or not is based on the current system time or a supplied request time. * @type {number} * @memberof UserAuthenticateQueryParameters */ 'maxAge'?: number; /** * A flag indicating if the offline QR code token verification is used. Used only if a challenge is required for authentication when returnDefaultChallenge is true. * @type {boolean} * @memberof UserAuthenticateQueryParameters */ 'offlineTVS'?: boolean; /** * The origin of the client * @type {string} * @memberof UserAuthenticateQueryParameters */ 'origin'?: string; /** * The priority for push transactions where queuing is enabled. Default is 0 and allowed values are 0-9. Used only if a challenge is required for authentication when returnDefaultChallenge is true. * @type {number} * @memberof UserAuthenticateQueryParameters */ 'priority'?: number; /** * Defines an identifier to retrieve customized SDK push message configuration. Used only if a challenge is required for authentication when returnDefaultChallenge is true. * @type {string} * @memberof UserAuthenticateQueryParameters */ 'pushMessageIdentifier'?: string; /** * A flag indicating if push mutual authentication is supported for tokens or Face Biometric. Used only if a challenge is required for authentication when returnDefaultChallenge is true. * @type {boolean} * @memberof UserAuthenticateQueryParameters */ 'pushMutualChallengeEnabled'?: boolean; /** * The request acrs. * @type {string} * @memberof UserAuthenticateQueryParameters */ 'requestAcrs'?: string; /** * * @type {RequestDetail} * @memberof UserAuthenticateQueryParameters */ 'requestDetail'?: RequestDetail; /** * The request start time in milliseconds. If an authentication token and a maximum authentication age are supplied, determining whether authentication is required or not is based on the current system time if this value is not provided. * @type {number} * @memberof UserAuthenticateQueryParameters */ 'requestTime'?: number; /** * Flag indicating whether the service should include in the response the default challenge. * @type {boolean} * @memberof UserAuthenticateQueryParameters */ 'returnDefaultChallenge'?: boolean; /** * The push authentication challenge that appears in the user\'s mobile application. Used only if a challenge is required for authentication when returnDefaultChallenge is true. * @type {string} * @memberof UserAuthenticateQueryParameters */ 'summary'?: string; /** * Deprecated : Clients who support choosing OTP delivery can still work without having to supply this flag.Flag indicating whether client supports choosing OTP delivery contact attribute.If the client doesn\'t support it and default OTP delivery is set to NONE, OTP won\'t be available as an authenticator. * @type {boolean} * @memberof UserAuthenticateQueryParameters * @deprecated */ 'supportChoosingOtpDelivery'?: boolean; /** * A flag indicating if the token push mutual authentication is supported. Used only if a challenge is required for authentication when returnDefaultChallenge is true. * @type {boolean} * @memberof UserAuthenticateQueryParameters * @deprecated */ 'tokenPushMutualChallengeEnabled'?: boolean; /** * Tra