@maccuaa/intellitrust-auth-sdk

import * as Oazapfts from "@oazapfts/runtime"; declare const defaults: Oazapfts.Defaults<Oazapfts.CustomHeaders>; declare const servers: { server1: string; }; type ErrorInfo = { /** Error Codes specific to cause of failure. */ errorCode?: string; /** Additional Error Message describing the error. */ errorMessage?: string; /** Optional additional error information. */ parameters?: object[]; }; type ChapResponse = object; type FidoResponse = { /** Authenticator Data returned from the token. */ authenticatorData: string; /** Data about the token used to authenticate. */ clientDataJSON: string; /** The ID of the token used to authenticate. */ credentialId: string; /** The authentication signature generated by the token. */ signature: string; /** The UUID of the user logging in. */ userHandle?: string; }; type UserQuestion = { /** The question's answer. */ answer?: string; /** The UUID of the KBA question/answer. */ id?: string; /** The question. */ question?: string; }; type KbaChallenge = { id?: string; userQuestions: UserQuestion[]; }; type MachineAuthenticator = { /** The device fingerprint if it's required during Machine authentication. It will always be null when returned from IDaaS as part of the response body. */ fingerprint?: string; /** machineNonce */ machineNonce?: string; /** sequenceNonce */ sequenceNonce?: string; }; type MachineAuthenticatorRegistration = { /** The device fingerprint. It must be a valid fingerprint as produced by Entrust SDK. */ fingerprint?: string; /** Identifies the device/machine from the end-user point of view. */ label: string; }; type MschaPv1Response = { /** The MSCHAPv1 challenge. */ challenge: string; /** The MSCHAPv1 response. */ response: string; }; type MschaPv2Response = { /** The MSCHAPv2 challenge. */ challenge: string; /** The MSCHAPv2 identifier. */ identifier: number; /** The MSCHAPv2 peer challenge. */ peerChallenge: string; /** The MSCHAPv2 response. */ response: string; /** The MSCHAPv2 userId. This must be the exact same value used to calculate the MSCHAPv2 response. It will normally be the same as the userId value passed to the authentication method but allows for differences between the two values. For example, an alias may have been passed to the authentication method but the actual userid was used to calculate the MSCHAPv2 response. */ userId: string; }; type PassthroughAuthenticatorPlaceholder = { /** The placeholder name. */ name: string; /** The placeholder value. */ value: string; }; type PassthroughAuthenticatorParms = { /** The list of placeholders. */ passthroughAuthenticatorPlaceholders?: PassthroughAuthenticatorPlaceholder[]; }; type TokenProtectedOfflineParms = { /** The name sent by the client. */ tokenProtectedOfflineOTPClientName?: string; /** One or several secrets sent by the client concatenated to a single array. */ tokenProtectedOfflineOTPClientSecret?: string; /** Flag indicating whether the number of OTPs being returned need to be optimized. */ tokenProtectedOfflineOTPDoNotOptimize?: boolean; /** The different levels of protection for offline tokens. */ tokenProtectedOfflineOTPGet?: "NONE" | "MINOR" | "MAJOR" | "CUSTOM"; /** Request size (Units of hour or count). */ tokenProtectedOfflineOTPSize?: number; }; type TransactionDetail = { /** The transaction detail name. */ detail?: string; usage?: ("RBA" | "TVS")[]; /** The transaction detail value. */ value?: string; }; type UserCertificateResponse = { code?: string; verifier?: string; }; type UserAuthenticateParameters = { /** Unique identifier of Identity as a Service Authentication API application. */ applicationId?: string; /** Client provided information about the application that will be included in the authentication audits if provided. */ applicationInfo?: string; /** Unique identifier of the client authentication request in the OIDC application's JWT IDaaS grant type use case. */ authRequestKey?: string; /** Cancel Identity as a Service authentication to the application */ cancel?: boolean; /** The certificate with public key to verify signature. */ certificate?: string; chapResponse?: ChapResponse; /** Provided client IP address. */ clientIp?: string; /** If set to true, enhanced session protection is enabled for the auth token. An HTTP cookie named INTELLITRUST_SESSION_ID is returned with the response and must be returned in all subsequent requests using the auth token. */ enableWebSession?: boolean; /** For Face Biometric authentication, the workflow run id to check. */ faceResponse?: string; fidoResponse?: FidoResponse; /** Setting defines if IP Address is ignored for RBA or not. Default value is false and will not ignore IP Address for RBA. */ ignoreIPAddressForRBA?: boolean; kbaChallenge?: KbaChallenge; /** The locale of this user. If not set, the default account locale will be used. */ locale?: string; machineAuthenticator?: MachineAuthenticator; machineAuthenticatorRegistration?: MachineAuthenticatorRegistration; mschapV1Response?: MschaPv1Response; mschapV2Response?: MschaPv2Response; /** New password if change requested. */ newPassword?: string; /** A flag indicating if the offline QR code token verification is used */ offlineTVS?: boolean; /** The origin of the client. This field is deprecated, use rpId instead. */ origin?: string; passthroughAuthenticatorParms?: PassthroughAuthenticatorParms; /** The request acrs. */ requestAcrs?: string; /** API response based on Authenticator type. This is not a required field if Mobile Smart Credential, KBA, Token Push, Smart Login or Face Biometric authentication is being used. */ response?: string; /** Specifies the domain name (relying party ID) of your application and the passkey is registered with. Provide the domain only (e.g., example.com), without protocol (https://). Required if using a custom domain different from your IDaaS tenant’s hostname. */ rpId?: string; /** Authenticator type selected for second factor (if enabled). */ secondFactorAuthenticator?: "MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK"; tokenProtectedOfflineParms?: TokenProtectedOfflineParms; /** Transaction Details. */ transactionDetails?: TransactionDetail[]; userCertificateResponse?: UserCertificateResponse; /** User ID (containing the user ID or a user alias) of the Identity as a Service user completing the authentication challenge. */ userId?: string; }; type FaceChallenge = { /** Which device to use for registration and authentication. */ device?: "WEB" | "MOBILE"; /** The ID of the Face Biometric to get. */ id?: string; /** QR Code to use to launch the mobile flow. */ qrCode?: string; /** The SDK token generated for the user. */ sdkToken?: string; /** Workflow run ID to use for the user. */ workflowRunId?: string; }; type FidoChallenge = { /** The list of IDs of the FIDO tokens registered for the user. Each value is base-64 encoded. */ allowCredentials?: string[]; /** A random challenge. It is a base-64 encoded value. */ challenge: string; /** The number of seconds that the client will wait for the FIDO token to respond. This field is deprecated, use 'timeoutMillis' instead. */ timeout: number; /** The number of milliseconds that the client will wait for the FIDO token to respond. */ timeoutMillis: number; }; type GridChallengeCell = { /** The column within the grid starting at 0. */ column: number; /** The row within the grid starting at 0. */ row: number; }; type GridInfo = { /** The expiry date of the grid. Null value indicates the grid will never expire. */ expiryDate?: string; /** The serial number of the grid that can be used to answer this challenge. */ serialNumber: string; }; type GridChallenge = { /** The grid challenge specifies a list of grid cells that the user must answer in their challenge. */ challenge: GridChallengeCell[]; /** The grid details. */ gridInfo: GridInfo[]; /** The numCharsPerCell value specifies the number of characters expected in the response for each cell as defined by current settings. */ numCharsPerCell: number; }; type OfflineTokenAuthenticateResponse = { /** This is the moving factor index for the first hashed OTP returned. In the case of time-based tokens, it represents time step, otherwise it represents the value of the counter. */ firstMovingFactor?: number; /** The number of iterations of the hash function to be performed. */ iterations?: number; /** This is the policy-configured maximum number (hours or counters) */ maxSizeInUnits?: number; /** This is the max number of time steps used to validate a token. */ maxTimeSteps?: number; /** This is the policy-configured recommended number (hours or counters) */ minorSizeInUnits?: number; /** An array of all of the OTPs returned in the batch, each with its public component of the salt. */ otps?: string; /** The number of digits in the private part of the salt that the client must guess. */ privateSaltLength?: number; /** Flag indicating if the set of OTP hashes returned was optimized so that OTPs which have already been downloaded in prior requests, but that have no yet expired, are not sent again. */ resultOptimized?: boolean; /** This is the token time drift in seconds. This applies only to time-based tokens. */ timeDrift?: number; /** If this contains a positive value then this batch is for time-based tokens, otherwise it is for event based tokens. */ timeInterval?: number; /** The serial number of the token for which offline tokens are generated. */ tokenSerialNumber?: string; /** The secret the client should use when requesting the next batch of protected offline OTPs. */ useSecret?: string; }; type Organization = { /** The description of the organization. */ description?: string; /** The display name of the organization. */ displayName: string; /** The unique UUID assigned to the organization when it is created. */ id: string; /** The URI of the logo to display when showing organizations. */ logoUri?: string; /** The name of the organization. */ name: string; }; type PassthroughAuthenticationResultItems = { /** The name of the result item. */ name?: string; /** The value of the result item. */ value?: string; }; type PassthroughAuthenticationResponse = { /** Passthrough authentication result items. */ passthroughAuthenticationResultItems?: PassthroughAuthenticationResultItems[]; }; type PasswordChallenge = { name?: string; namedPasswordId?: string; }; type TempAccessCodeChallenge = { /** An optional admin contact value (like an admin email address or phone number) to be displayed in the admin contact message. */ adminContact?: string; /** Indicates if the admin contact message should be displayed for this challenge. */ enableAdminContact?: boolean; }; type TokenInfo = { /** Optional label to identify an assigned token: a String up to 100 characters. */ label?: string; /** The base-64 encoded QR code. This QR code can be scanned by the Entrust Identity mobile application to perform activation in the case of an offline QR code challenge. */ qrCode?: string; /** The URL based QR code string. In the case of an offline QR code challenge, this string can be used to generated the base-64 encoded QR code. */ qrCodeUrl?: string; /** The serial number of the token. */ serialNumber?: string; }; type TokenChallenge = { /** For TOKENCR authentication, the challenge that must be entered into the token. Will be null for TOKEN and TOKENPUSH authentication. */ challenge?: string; /** The token challenge contains a list of TokenInfo objects for each of the tokens that can be used to authenticate. In the case of an offline QR code challenge, a TokenInfo object includes the QR code. */ token: TokenInfo[]; }; type TransactionReceipt = { /** The transaction authentication type. */ authenticationType?: "OTP" | "TOKEN"; /** The transaction date. */ date?: string; /** The transaction details. */ details?: TransactionDetail[]; /** The transaction id. */ id?: string; /** The transaction authentication security level. */ securityLevel?: "LOW" | "MEDIUM" | "HIGH"; /** The transaction user. */ userid?: string; }; type UserCertificateChallenge = { challenge: string; }; type UserMachineAuthenticator = { /** When this machine secret expires in UTC time */ expiryTime?: string; /** Identifies the device/machine */ id: string; /** Identifies the device/machine from the end-user point of view */ label: string; /** When this machine secret was last used */ lastUsedTime?: string; /** When this machine secret was created in UTC time */ registrationTime: string; }; type UserMachineSettings = { /** List of device fingerprinting attributes that should not be collected when a device fingerprint is captured. */ attributeExclusions?: string[]; /** Indicates whether a device fingerprint should be captured during machine registration or authentication */ deviceFingerprintRequired?: boolean; /** machineAuthenticatorEnabled */ machineAuthenticatorEnabled?: boolean; /** List of Machine Authenticators that the user currently has--used to prevent duplicated labels. */ userMachineAuthenticators?: UserMachineAuthenticator[]; }; type AuthenticatedResponse = { /** Flag to indicate if authentication has successfully completed. */ authenticationCompleted?: boolean; /** The authenticator response for MSCHAPv2 */ authenticatorResponse?: string; /** Flag to indicate if the user has to attempt device certificate authentication. */ deviceCertAuthDesired?: boolean; /** Expiry time of token. */ expires?: number; faceChallenge?: FaceChallenge; fidoChallenge?: FidoChallenge; /** First Name. */ firstName?: string; gridChallenge?: GridChallenge; kbaChallenge?: KbaChallenge; /** Last Name. */ lastName?: string; machineAuthenticator?: MachineAuthenticator; /** The type of Magic Link being used. */ magicLinkType?: string; offlineTokenResponses?: OfflineTokenAuthenticateResponse; /** A list of the user organizations. */ organizations?: Organization[]; /** The OTP delivery type used. */ otpdeliveryType?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP"; passthroughAuthenticationResponse?: PassthroughAuthenticationResponse; passwordChallenge?: PasswordChallenge; /** Push authentication mutual challenge. */ pushMutualChallenge?: string; /** The redirect URL when using a Magic Link. */ redirectUrl?: string; /** For a SMART_LOGIN authenticator challenge, provides the challenge. */ smartLoginChallenge?: string; /** Status of authenticator. This is not a required API field if Mobile Smart Credential or Token Push authentication is being used. */ status?: "CONFIRM" | "CONCERN" | "CANCEL" | "NO_RESPONSE"; /** The timeout for step-up authentication */ stepUpAuthExpiry?: number; tempAccessCodeChallenge?: TempAccessCodeChallenge; time?: number; /** Authenticated/unauthenticated authorization token. */ token?: string; tokenChallenge?: TokenChallenge; /** For a token or token push authenticator challenge, provides a list of serial numbers of the tokens that can be used to authenticate. */ tokenDetails?: string[]; /** The token push authentication mutual challenge. */ tokenPushMutualChallenge?: string; transactionReceipt?: TransactionReceipt; userCertificateChallenge?: UserCertificateChallenge; /** The User ID of the Identity as a Service user that completed authentication. */ userId?: string; userMachineSettings?: UserMachineSettings; /** Whether the user still requires registration. */ userRegistrationRequired?: boolean; /** Whether the user still requires verification. */ userVerificationRequired?: boolean; }; type FidoRegisterChallenge = { /** The registration challenge generated by Identity as a Service. This is a base-64 encoded value. */ challenge?: string; /** The IDs of FIDO tokens already registered to this user. These values are base-64 encoded. */ registeredCredentials?: string[]; /** The names of FIDO tokens already registered to this user. */ registeredCredentialsNames?: string[]; /** Should the token be embedded on the device or stored externally? */ registrationAuthenticatorAttachment?: "EITHER" | "PLATFORM" | "CROSS_PLATFORM"; /** Should the User ID be stored on the Passkey/FIDO2 token? */ registrationRequireResidentKey?: "DISCOURAGED" | "PREFERRED" | "REQUIRED"; /** Should the token perform user verification? */ registrationUserVerification?: "DISCOURAGED" | "PREFERRED" | "REQUIRED"; /** The name of this relying party. This is the name of the Identity as a Service account. */ rpName?: string; /** The number of seconds that the client will wait for the FIDO token to respond. This field is deprecated, use 'timeoutMillis' instead. */ timeout?: number; /** The time in milliseconds that the client will wait for the FIDO token to respond. */ timeoutMillis?: number; /** The display name of this user. It will be 'firstname lastname' of the user */ userDisplayName?: string; /** The id of this user. It will be UUID of the user base-64 encoded. */ userId?: string; /** The name of this user. It will be the userId of the user. */ userName?: string; }; type FidoRegisterResponse = { /** The FIDO attestationObject data returned from the FIDO token. This is a base-64 encoded value. */ attestationObject?: string; /** The FIDO clientData returned from the FIDO token. This is a base-64 encoded value. */ clientDataJSON?: string; /** The name for the new FIDO token. */ name?: string; /** Flag indicating if the userId was stored on the registered FIDO2 token. Defaults to false if not set. */ userIdStored?: boolean; }; type FidoToken = { /** Administration actions that can be performed on this FIDO token. */ allowedActions?: ("DELETE" | "ENABLE" | "DISABLE" | "RENAME")[]; /** The date on which the FIDO token was created. */ createDate?: string; /** The unique UUID assigned to the fido token when it is registered. */ id?: string; /** The date on which this FIDO token was last used for authentication. This value will be null if the FIDO token has never been used. */ lastUsedDate?: string; /** The name of this FIDO token. */ name?: string; /** The origin of where the FIDO token was generated. */ origin?: string; /** The relying party ID of where the FIDO token was generated. */ relyingPartyId?: string; /** The state of this FIDO token. Only FIDO tokens in the ACTIVE state can be used for authentication. */ state?: "ACTIVE" | "INACTIVE"; /** The user Id of the user who owns this FIDO token. */ userId?: string; /** Indicates if the userId was stored on the FIDO token. */ userIdStored?: boolean; /** The UUID of the user who owns this FIDO token. */ userUUID?: string; }; type FidoTokenParms = { /** The name of this FIDO token. */ name?: string; /** The state of this FIDO token. Only FIDO tokens in the ACTIVE state can be used for authentication. */ state?: "ACTIVE" | "INACTIVE"; }; type GetOfflineTokenAuthenticateParms = { applicationId: string; tokenProtectedOfflineParms: TokenProtectedOfflineParms; tokenSerialNumber: string; }; type UserClientValue = { /** The name of the user value which will be added or updated, when corresponding self admin action completes, it will also be the response body which is the name of the user values the user currently has or the remaining after deletion. */ name?: string; /** The value of the user value which will be added or updated, when corresponding self admin action completes, it will also be response body which is the value of the user values the user currently has or the remaining after deletion. */ value?: string; }; type Error = { /** The server error code */ code: string; /** A human-readable representation of the error */ message: string; /** The target of the error */ target?: string; }; type RequestDetail = { /** The browser associated with the request. */ browser?: string; /** The OS associated with the request. */ os?: string; }; type UserAuthenticateQueryParameters = { /** Unique identifier of the Identity as a Service Authentication API application */ applicationId: string; /** Unique identifier of the client authentication request in the OIDC application's JWT IDaaS grant type use case. */ authRequestKey?: string; /** Authentication token. */ authToken?: string; /** Provided client IP address. */ clientIp?: string; /** Setting defines if IP Address is ignored for RBA or not. Default value is false and will not ignore IP Address for RBA. */ ignoreIPAddressForRBA?: boolean; machineAuthenticator?: MachineAuthenticator; /** Maximum Authentication Age. If an authentication token is supplied, the maximum authentication age used to determine whether authentication is required or not is based on the current system time or a supplied request time. */ maxAge?: number; /** A flag indicating if the offline QR code token verification is used. Used only if a challenge is required for authentication when returnDefaultChallenge is true. */ offlineTVS?: boolean; /** The origin of the client. This field is deprecated, use rpId instead. */ origin?: string; /** The priority for push transactions where queuing is enabled. Default is 0 and allowed values are 0-9. Used only if a challenge is required for authentication when returnDefaultChallenge is true. */ priority?: number; /** Defines an identifier to retrieve customized SDK push message configuration. Used only if a challenge is required for authentication when returnDefaultChallenge is true. */ pushMessageIdentifier?: string; /** A flag indicating if push mutual authentication is supported for tokens or Face Biometric. Used only if a challenge is required for authentication when returnDefaultChallenge is true. */ pushMutualChallengeEnabled?: boolean; /** The request acrs. */ requestAcrs?: string; requestDetail?: RequestDetail; /** The request start time in milliseconds. If an authentication token and a maximum authentication age are supplied, determining whether authentication is required or not is based on the current system time if this value is not provided. */ requestTime?: number; /** Flag indicating whether the service should include in the response the default challenge. */ returnDefaultChallenge?: boolean; /** The Relying Party ID associated with the passkey. This identifies the domain or origin for which the passkey is registered. This field is mandatory if domain is outside of the IDaaS hostname. */ rpId?: string; /** The push authentication challenge that appears in the user's mobile application. Used only if a challenge is required for authentication when returnDefaultChallenge is true. */ summary?: string; /** Deprecated : Clients who support choosing OTP delivery can still work without having to supply this flag.Flag indicating whether client supports choosing OTP delivery contact attribute.If the client doesn't support it and default OTP delivery is set to NONE, OTP won't be available as an authenticator. */ supportChoosingOtpDelivery?: boolean; /** A flag indicating if the token push mutual authentication is supported. Used only if a challenge is required for authentication when returnDefaultChallenge is true. */ tokenPushMutualChallengeEnabled?: boolean; /** Transaction Details. */ transactionDetails?: TransactionDetail[]; /** User ID (containing the user ID or a user alias) of the Identity as a Service user completing the authentication challenge. */ userId: string; }; type UserAuthenticatorLockoutStatus = { /** The date the user was locked. Null means the user is not locked. */ lockoutDate?: string; /** if remainingAuthenticationAttempts is 0 then a lockoutExpiryDate of null means the lockout never expires. Otherwise a value of null means the user isn't locked out. */ lockoutExpiryDate?: string; /** The users named password authentication that is locked out. */ name?: string; /** The number of authentication attempts remaining before the user is locked out. */ remainingAuthenticationAttempts?: number; /** The type of the authenticator. */ "type"?: "MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK"; }; type OtpContactValue = { /** Name of the attribute. */ name?: string; /** Type of the OTP delivery attribute. */ "type"?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP"; /** Masked attribute value. */ value?: string; }; type OtpDetails = { /** The available delivery types. */ availableOTPDelivery?: ("EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP")[]; /** The available OTP contact values types. */ otpContactValues?: OtpContactValue[]; /** The default delivery type. */ otpDefaultDelivery?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP"; /** The name of default OTP delivery attribute. */ otpDeliveryAttribute?: string; }; type UserAuthenticateQueryResponse = { /** Flag to indicate if access to the application is allowed with the current JWT. */ authenticationCompleted?: boolean; /** List of authenticator types available for the user. */ authenticationTypes?: ("MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[]; /** A list of all authenticators that the user has with their lockout status. */ authenticatorLockoutStatus?: UserAuthenticatorLockoutStatus[]; /** Lists authenticator types available to complete second factor challenge (if enabled). */ availableSecondFactor?: ("MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[]; /** Flag to indicate if the user has to attempt device certificate authentication. */ deviceCertAuthDesired?: boolean; expires?: number; fidoChallenge?: FidoChallenge; gridChallenge?: GridChallenge; kbaChallenge?: KbaChallenge; machineAuthenticator?: MachineAuthenticator; /** A list of the user organizations. */ organizations?: Organization[]; otpDeliveryInfo?: OtpDetails; /** The OTP delivery type used. */ otpDeliveryType?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP"; passwordChallenge?: PasswordChallenge; /** Flag to indicate if the user can initiate a password reset flow. */ passwordResetAllowed?: boolean; /** Push authentication mutual challenge for token or Face Biometric. */ pushMutualChallenge?: string; /** Flag to indicate if the user has to register authenticators. */ registrationRequired?: boolean; /** Flag to indicate if the user has a token that supports signature. */ supportsSignature?: boolean; tempAccessCodeChallenge?: TempAccessCodeChallenge; time?: number; token?: string; tokenChallenge?: TokenChallenge; /** For a token or token push authenticator challenge, provides a list of serial numbers of the tokens that can be used to authenticate. */ tokenDetails?: string[]; /** The token push authentication mutual challenge. */ tokenPushMutualChallenge?: string; userMachineSettings?: UserMachineSettings; /** Flag to indicate if the user has to verify. */ verificationRequired?: boolean; }; type UserChallengeParameters = { /** Unique identifier of the Identity as a Service Authentication API application */ applicationId: string; /** Unique identifier of the client authentication request in the OIDC application's JWT IDaaS grant type use case. */ authRequestKey?: string; /** Authentication token (Required if the call to userQuery returned an authenticated token). */ authToken?: string; /** Provided client IP address. */ clientIp?: string; /** Setting defines if IP Address is ignored for RBA or not. Default value is false and will not ignore IP Address for RBA. */ ignoreIPAddressForRBA?: boolean; /** The locale of this user. If not set, the default account locale will be used. */ locale?: string; machineAuthenticator?: MachineAuthenticator; /** A flag indicating if the offline QR code token verification is used */ offlineTVS?: boolean; /** The origin of the client. This field is deprecated, use rpId instead. */ origin?: string; /** OTP delivery attribute name. */ otpDeliveryAttribute?: string; /** Defines how a user receives their one-time passcode (Email, Text message (SMS), or Voice message (VOICE)) */ otpDeliveryType?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP"; passthroughAuthenticatorParms?: PassthroughAuthenticatorParms; /** The priority for push transactions where queuing is enabled. Default is 0 and allowed values are 0-9 */ priority?: number; /** Defines an identifier to retrieve customized SDK push message configuration */ pushMessageIdentifier?: string; /** A flag indicating if push mutual authentication is supported for tokens or Face Biometric */ pushMutualChallengeEnabled?: boolean; /** The request acrs. */ requestAcrs?: string; requestDetail?: RequestDetail; /** Specifies the domain name (relying party ID) of your application and the passkey is registered with. Provide the domain only (e.g., example.com), without protocol (https://). Required if using a custom domain different from your IDaaS tenant’s hostname. */ rpId?: string; /** Authenticator type selected for second factor (if enabled). */ secondFactorAuthenticator?: "MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK"; /** The push authentication challenge that appears in the user's mobile application. */ summary?: string; /** A flag indicating if the token push mutual authentication is supported */ tokenPushMutualChallengeEnabled?: boolean; /** Defines transaction details to be included in the challenge */ transactionDetails?: TransactionDetail[]; /** User ID (containing the user ID or a user alias) of the Identity as a Service user completing the authentication challenge. The userid is required for non-passwordless authenticators. */ userId?: string; }; /** * Remove User Session */ declare function logoutUsingPost({ authorization }: { authorization?: string; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; } | { status: 409; data: ErrorInfo; }>>; /** * Authenticate User Challenge */ declare function userAuthenticateUsingPost({ authenticator, authorization, userAuthenticateParameters }: { authenticator: "MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK"; authorization?: string; userAuthenticateParameters: UserAuthenticateParameters; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: AuthenticatedResponse; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; }>>; /** * Start FIDO token registration for the current user. */ declare function startFidoRegisterUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: FidoRegisterChallenge; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; } | { status: 409; data: ErrorInfo; }>>; /** * Complete FIDO token registration for the current user. */ declare function completeFidoRegisterUsingPost({ fidoRegisterResponse }: { fidoRegisterResponse: FidoRegisterResponse; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: FidoToken; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; } | { status: 409; data: ErrorInfo; }>>; /** * Get a FIDO token for the current user. */ declare function getSelfFidoTokenUsingGet({ fidoid }: { fidoid: string; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: FidoToken; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; } | { status: 409; data: ErrorInfo; }>>; /** * Update a FIDO token from the current user. */ declare function updateSelfFidoTokenUsingPut({ fidoid, fidoTokenParms }: { fidoid: string; fidoTokenParms: FidoTokenParms; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; } | { status: 409; data: ErrorInfo; }>>; /** * Delete a FIDO token from the current user. */ declare function deleteSelfFidoTokenUsingDelete({ fidoid }: { fidoid: string; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; } | { status: 409; data: ErrorInfo; }>>; /** * Get Offline Token Responses */ declare function getOfflineTokenResponsesUsingPost({ getOfflineTokenAuthenticateParms }: { getOfflineTokenAuthenticateParms: GetOfflineTokenAuthenticateParms; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: OfflineTokenAuthenticateResponse; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; } | { status: 409; data: ErrorInfo; }>>; /** * Get User Values */ declare function selfGetUserValuesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: UserClientValue[]; } | { status: 400; data: Error; } | { status: 401; data: Error; }>>; /** * Update to delete User Values */ declare function selfDeleteUserValuesUsingPut({ body }: { body: string[]; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: UserClientValue[]; } | { status: 400; data: Error; } | { status: 401; data: Error; }>>; /** * Set or update User Values */ declare function selfSetUserValuesUsingPost({ body }: { body: UserClientValue[]; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; } | { status: 400; data: Error; } | { status: 401; data: Error; }>>; /** * Query User Authenticators */ declare function userAuthenticatorQueryUsingPost({ userAuthenticateQueryParameters }: { userAuthenticateQueryParameters: UserAuthenticateQueryParameters; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: UserAuthenticateQueryResponse; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; }>>; /** * Request User Challenge */ declare function userChallengeUsingPost({ authenticator, userChallengeParameters }: { authenticator: "MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK"; userChallengeParameters: UserChallengeParameters; }, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{ status: 200; data: AuthenticatedResponse; } | { status: 400; data: ErrorInfo; } | { status: 401; data: ErrorInfo; } | { status: 403; data: ErrorInfo; } | { status: 404; data: ErrorInfo; }>>; export { userChallengeUsingPost, userAuthenticatorQueryUsingPost, userAuthenticateUsingPost, updateSelfFidoTokenUsingPut, startFidoRegisterUsingGet, servers, selfSetUserValuesUsingPost, selfGetUserValuesUsingGet, selfDeleteUserValuesUsingPut, logoutUsingPost, getSelfFidoTokenUsingGet, getOfflineTokenResponsesUsingPost, deleteSelfFidoTokenUsingDelete, defaults, completeFidoRegisterUsingPost, UserQuestion, UserMachineSettings, UserMachineAuthenticator, UserClientValue, UserChallengeParameters, UserCertificateResponse, UserCertificateChallenge, UserAuthenticatorLockoutStatus, UserAuthenticateQueryResponse, UserAuthenticateQueryParameters, UserAuthenticateParameters, TransactionReceipt, TransactionDetail, TokenProtectedOfflineParms, TokenInfo, TokenChallenge, TempAccessCodeChallenge, RequestDetail, PasswordChallenge, PassthroughAuthenticatorPlaceholder, PassthroughAuthenticatorParms, PassthroughAuthenticationResultItems, PassthroughAuthenticationResponse, OtpDetails, OtpContactValue, Organization, OfflineTokenAuthenticateResponse, MschaPv2Response, MschaPv1Response, MachineAuthenticatorRegistration, MachineAuthenticator, KbaChallenge, GridInfo, GridChallengeCell, GridChallenge, GetOfflineTokenAuthenticateParms, FidoTokenParms, FidoToken, FidoResponse, FidoRegisterResponse, FidoRegisterChallenge, FidoChallenge, FaceChallenge, ErrorInfo, Error, ChapResponse, AuthenticatedResponse };