UNPKG

auth0

Version:

Auth0 Node.js SDK for the Management API v2.

github.com/auth0/node-auth0

auth0/node-auth0

261 lines (260 loc) 15.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
import type { BaseClientOptions, BaseRequestOptions } from "../../../../BaseClient.mjs"; import { type NormalizedClientOptionsWithAuth } from "../../../../BaseClient.mjs"; import * as core from "../../../../core/index.mjs"; import * as Management from "../../../index.mjs"; import { ConnectionsClient } from "../resources/connections/client/Client.mjs"; import { CredentialsClient } from "../resources/credentials/client/Client.mjs"; export declare namespace ClientsClient { type Options = BaseClientOptions; interface RequestOptions extends BaseRequestOptions { } } export declare class ClientsClient { protected readonly _options: NormalizedClientOptionsWithAuth<ClientsClient.Options>; protected _credentials: CredentialsClient | undefined; protected _connections: ConnectionsClient | undefined; constructor(options: ClientsClient.Options); get credentials(): CredentialsClient; get connections(): ConnectionsClient; /** * Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified. * For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on). * * - The following can be retrieved with any scope: * `client_id`, `app_type`, `name`, and `description`. * - The following properties can only be retrieved with the `read:clients` or * `read:client_keys` scope: * `callbacks`, `oidc_logout`, `allowed_origins`, * `web_origins`, `tenant`, `global`, `config_route`, * `callback_url_template`, `jwt_configuration`, * `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`, * `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`, * `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`, * `custom_login_page_off`, `sso`, `addons`, `form_template`, * `custom_login_page_codeview`, `resource_servers`, `client_metadata`, * `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`, * `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`, * `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`, * `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`, * `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`, * `organization_require_behavior`. * - The following properties can only be retrieved with the * `read:client_keys` or `read:client_credentials` scope: * `encryption_key`, `encryption_key.pub`, `encryption_key.cert`, * `client_secret`, `client_authentication_methods` and `signing_key`. * * @param {Management.ListClientsRequestParameters} request * @param {ClientsClient.RequestOptions} requestOptions - Request-specific configuration. * * @throws {@link Management.BadRequestError} * @throws {@link Management.UnauthorizedError} * @throws {@link Management.ForbiddenError} * @throws {@link Management.TooManyRequestsError} * * @example * await client.clients.list({ * fields: "fields", * include_fields: true, * page: 1, * per_page: 1, * include_totals: true, * is_global: true, * is_first_party: true, * app_type: "app_type", * external_client_id: "external_client_id", * q: "q" * }) */ list(request?: Management.ListClientsRequestParameters, requestOptions?: ClientsClient.RequestOptions): Promise<core.Page<Management.Client, Management.ListClientsOffsetPaginatedResponseContent>>; /** * Create a new client (application or SSO integration). For more information, read [Create Applications](https://www.auth0.com/docs/get-started/auth0-overview/create-applications) * [API Endpoints for Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on/api-endpoints-for-single-sign-on). * * Notes: * - We recommend leaving the `client_secret` parameter unspecified to allow the generation of a safe secret. * - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use * `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` * to configure the client with client secret (basic or post) or with no authentication method (none). * - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, specify fully defined credentials. * These credentials will be automatically enabled for Private Key JWT authentication on the client. * - To configure `client_authentication_methods`, the `create:client_credentials` scope is required. * - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256. * * SSO Integrations created via this endpoint will accept login requests and share user profile information. * * @param {Management.CreateClientRequestContent} request * @param {ClientsClient.RequestOptions} requestOptions - Request-specific configuration. * * @throws {@link Management.BadRequestError} * @throws {@link Management.UnauthorizedError} * @throws {@link Management.ForbiddenError} * @throws {@link Management.ConflictError} * @throws {@link Management.TooManyRequestsError} * * @example * await client.clients.create({ * name: "name" * }) */ create(request: Management.CreateClientRequestContent, requestOptions?: ClientsClient.RequestOptions): core.HttpResponsePromise<Management.CreateClientResponseContent>; private __create; /** * * Fetches and validates a Client ID Metadata Document without creating a client. * Returns the raw metadata and how it would be mapped to Auth0 client fields. * This endpoint is useful for testing metadata URIs before creating CIMD clients. * * * @param {Management.PreviewCimdMetadataRequestContent} request * @param {ClientsClient.RequestOptions} requestOptions - Request-specific configuration. * * @throws {@link Management.BadRequestError} * @throws {@link Management.UnauthorizedError} * @throws {@link Management.ForbiddenError} * @throws {@link Management.TooManyRequestsError} * @throws {@link Management.InternalServerError} * * @example * await client.clients.previewCimdMetadata({ * external_client_id: "external_client_id" * }) */ previewCimdMetadata(request: Management.PreviewCimdMetadataRequestContent, requestOptions?: ClientsClient.RequestOptions): core.HttpResponsePromise<Management.PreviewCimdMetadataResponseContent>; private __previewCimdMetadata; /** * Idempotent registration for Client ID Metadata Document (CIMD) clients. * Uses external_client_id as the unique identifier for upsert operations. * * **Create:** Returns 201 when a new client is created (requires `create:clients` scope). * **Update:** Returns 200 when an existing client is updated (requires `update:clients` scope). * * This endpoint automatically: * - Fetches and validates the metadata document * - Maps CIMD fields to Auth0 client configuration * - Creates/rotates credentials from the JWKS * - Enforces CIMD security policies (HTTPS-only, no shared secrets) * * @param {Management.RegisterCimdClientRequestContent} request * @param {ClientsClient.RequestOptions} requestOptions - Request-specific configuration. * * @throws {@link Management.BadRequestError} * @throws {@link Management.UnauthorizedError} * @throws {@link Management.ForbiddenError} * @throws {@link Management.TooManyRequestsError} * @throws {@link Management.InternalServerError} * * @example * await client.clients.registerCimdClient({ * external_client_id: "external_client_id" * }) */ registerCimdClient(request: Management.RegisterCimdClientRequestContent, requestOptions?: ClientsClient.RequestOptions): core.HttpResponsePromise<Management.RegisterCimdClientResponseContent>; private __registerCimdClient; /** * Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. * For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on). * * - The following properties can be retrieved with any of the scopes: * `client_id`, `app_type`, `name`, and `description`. * - The following properties can only be retrieved with the `read:clients` or * `read:client_keys` scopes: * `callbacks`, `oidc_logout`, `allowed_origins`, * `web_origins`, `tenant`, `global`, `config_route`, * `callback_url_template`, `jwt_configuration`, * `jwt_configuration.lifetime_in_seconds`, `jwt_configuration.secret_encoded`, * `jwt_configuration.scopes`, `jwt_configuration.alg`, `api_type`, * `logo_uri`, `allowed_clients`, `owners`, `custom_login_page`, * `custom_login_page_off`, `sso`, `addons`, `form_template`, * `custom_login_page_codeview`, `resource_servers`, `client_metadata`, * `mobile`, `mobile.android`, `mobile.ios`, `allowed_logout_urls`, * `token_endpoint_auth_method`, `is_first_party`, `oidc_conformant`, * `is_token_endpoint_ip_header_trusted`, `initiate_login_uri`, `grant_types`, * `refresh_token`, `refresh_token.rotation_type`, `refresh_token.expiration_type`, * `refresh_token.leeway`, `refresh_token.token_lifetime`, `refresh_token.policies`, `organization_usage`, * `organization_require_behavior`. * - The following properties can only be retrieved with the `read:client_keys` or `read:client_credentials` scopes: * `encryption_key`, `encryption_key.pub`, `encryption_key.cert`, * `client_secret`, `client_authentication_methods` and `signing_key`. * * @param {string} id - ID of the client to retrieve. * @param {Management.GetClientRequestParameters} request * @param {ClientsClient.RequestOptions} requestOptions - Request-specific configuration. * * @throws {@link Management.BadRequestError} * @throws {@link Management.UnauthorizedError} * @throws {@link Management.ForbiddenError} * @throws {@link Management.NotFoundError} * @throws {@link Management.TooManyRequestsError} * * @example * await client.clients.get("id", { * fields: "fields", * include_fields: true * }) */ get(id: string, request?: Management.GetClientRequestParameters, requestOptions?: ClientsClient.RequestOptions): core.HttpResponsePromise<Management.GetClientResponseContent>; private __get; /** * Delete a client and related configuration (rules, connections, etc). * * @param {string} id - ID of the client to delete. * @param {ClientsClient.RequestOptions} requestOptions - Request-specific configuration. * * @throws {@link Management.BadRequestError} * @throws {@link Management.UnauthorizedError} * @throws {@link Management.ForbiddenError} * @throws {@link Management.TooManyRequestsError} * * @example * await client.clients.delete("id") */ delete(id: string, requestOptions?: ClientsClient.RequestOptions): core.HttpResponsePromise<void>; private __delete; /** * Updates a client's settings. For more information, read [Applications in Auth0](https://www.auth0.com/docs/get-started/applications) and [Single Sign-On](https://www.auth0.com/docs/authenticate/single-sign-on). * * Notes: * - The `client_secret` and `signing_key` attributes can only be updated with the `update:client_keys` scope. * - The `client_authentication_methods` and `token_endpoint_auth_method` properties are mutually exclusive. Use `client_authentication_methods` to configure the client with Private Key JWT authentication method. Otherwise, use `token_endpoint_auth_method` to configure the client with client secret (basic or post) or with no authentication method (none). * - When using `client_authentication_methods` to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client. * - To configure `client_authentication_methods`, the `update:client_credentials` scope is required. * - To configure `client_authentication_methods`, the property `jwt_configuration.alg` must be set to RS256. * - To change a client's `is_first_party` property to `false`, the `organization_usage` and `organization_require_behavior` properties must be unset. * * @param {string} id - ID of the client to update. * @param {Management.UpdateClientRequestContent} request * @param {ClientsClient.RequestOptions} requestOptions - Request-specific configuration. * * @throws {@link Management.BadRequestError} * @throws {@link Management.UnauthorizedError} * @throws {@link Management.ForbiddenError} * @throws {@link Management.NotFoundError} * @throws {@link Management.TooManyRequestsError} * * @example * await client.clients.update("id") */ update(id: string, request?: Management.UpdateClientRequestContent, requestOptions?: ClientsClient.RequestOptions): core.HttpResponsePromise<Management.UpdateClientResponseContent>; private __update; /** * Rotate a client secret. * * This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt). The generated secret is NOT base64 encoded. * * For more information, read [Rotate Client Secrets](https://www.auth0.com/docs/get-started/applications/rotate-client-secret). * * @param {string} id - ID of the client that will rotate secrets. * @param {ClientsClient.RequestOptions} requestOptions - Request-specific configuration. * * @throws {@link Management.BadRequestError} * @throws {@link Management.UnauthorizedError} * @throws {@link Management.ForbiddenError} * @throws {@link Management.NotFoundError} * @throws {@link Management.TooManyRequestsError} * * @example * await client.clients.rotateSecret("id") */ rotateSecret(id: string, requestOptions?: ClientsClient.RequestOptions): core.HttpResponsePromise<Management.RotateClientSecretResponseContent>; private __rotateSecret; }