diff --git a/src/FusionAuthClient.ts b/src/FusionAuthClient.ts index f943881..ae8610e 100644 --- a/src/FusionAuthClient.ts +++ b/src/FusionAuthClient.ts @@ -5489,829 +5489,887 @@ export type UUID = string; /** - * Webhook attempt log response. + * Authorization Grant types as defined by the The OAuth 2.0 Authorization + * Framework - RFC 6749. + *

+ * Specific names as defined by + * OAuth 2.0 Dynamic Client Registration Protocol - RFC 7591 Section 4.1 * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface WebhookAttemptLogResponse { - webhookAttemptLog?: WebhookAttemptLog; +export enum GrantType { + authorization_code = "authorization_code", + implicit = "implicit", + password = "password", + client_credentials = "client_credentials", + refresh_token = "refresh_token", + unknown = "unknown", + device_code = "urn:ietf:params:oauth:grant-type:device_code" } /** - * @author Rob Davis + * Used to indicate what type of attestation was included in the authenticator response for a given WebAuthn credential at the time it was created + * + * @author Spencer Witt */ -export interface TenantLambdaConfiguration { - loginValidationId?: UUID; - scimEnterpriseUserRequestConverterId?: UUID; - scimEnterpriseUserResponseConverterId?: UUID; - scimGroupRequestConverterId?: UUID; - scimGroupResponseConverterId?: UUID; - scimUserRequestConverterId?: UUID; - scimUserResponseConverterId?: UUID; -} - -export interface SAMLv2AssertionEncryptionConfiguration extends Enableable { - digestAlgorithm?: string; - encryptionAlgorithm?: string; - keyLocation?: string; - keyTransportAlgorithm?: string; - keyTransportEncryptionKeyId?: UUID; - maskGenerationFunction?: string; +export enum AttestationType { + basic = "basic", + self = "self", + attestationCa = "attestationCa", + anonymizationCa = "anonymizationCa", + none = "none" } /** - * Models action reasons. + * Identity Provider response. * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface UserActionReason { - code?: string; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - localizedTexts?: LocalizedStrings; - text?: string; +export interface IdentityProviderSearchResponse { + identityProviders?: Array>; + total?: number; } -export interface AuthenticationTokenConfiguration extends Enableable { +/** + * @author Daniel DeGroff + */ +export interface BaseExportRequest { + dateTimeSecondsFormat?: string; + zoneId?: string; } /** - * Event to indicate an audit log was created. + * Models the User Created Registration Event. + *

+ * This is different than the user.registration.create event in that it will be sent after the user has been created. This event cannot be made + * transactional. * * @author Daniel DeGroff */ -export interface AuditLogCreateEvent extends BaseEvent { - auditLog?: AuditLog; +export interface UserRegistrationCreateCompleteEvent extends BaseUserEvent { + applicationId?: UUID; + registration?: UserRegistration; } /** - * Models the FusionAuth connector. + * The user action response object. * - * @author Trevor Smith + * @author Brian Pontarelli */ -export interface FusionAuthConnectorConfiguration extends BaseConnectorConfiguration { +export interface ActionResponse { + action?: UserActionLog; + actions?: Array; } /** - * @author Brian Pontarelli + * @author Michael Sleevi */ -export interface AuditLogRequest extends BaseEventRequest { - auditLog?: AuditLog; +export interface SMSMessage { + phoneNumber?: string; + textMessage?: string; } /** - * @author Brett Guy + * @author Daniel DeGroff */ -export interface IPAccessControlList { +export interface MessengerTransport { +} + +/** + * User registration information for a single application. + * + * @author Brian Pontarelli + */ +export interface UserRegistration { + applicationId?: UUID; + authenticationToken?: string; + cleanSpeakId?: UUID; data?: Record; - entries?: Array; id?: UUID; insertInstant?: number; + lastLoginInstant?: number; lastUpdateInstant?: number; - name?: string; + preferredLanguages?: Array; + roles?: Array; + timezone?: string; + tokens?: Record; + username?: string; + usernameStatus?: ContentStatus; + verified?: boolean; + verifiedInstant?: number; } /** - * @author Lyle Schemmerling + * Base class for requests that can contain event information. This event information is used when sending Webhooks or emails + * during the transaction. The caller is responsible for ensuring that the event information is correct. + * + * @author Brian Pontarelli */ -export interface SAMLv2DestinationAssertionConfiguration { - alternates?: Array; - policy?: SAMLv2DestinationAssertionPolicy; +export interface BaseEventRequest { + eventInfo?: EventInfo; } /** - * Form response. + * A webhook call attempt log. * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface FormRequest { - form?: Form; +export interface WebhookAttemptLog { + attemptResult?: WebhookAttemptResult; + data?: Record; + endInstant?: number; + id?: UUID; + startInstant?: number; + webhookCallResponse?: WebhookCallResponse; + webhookEventLogId?: UUID; + webhookId?: UUID; } /** - * @author Seth Musselman + * @author Daniel DeGroff */ -export interface UserCommentRequest { - userComment?: UserComment; +export interface JWTVendRequest { + claims?: Record; + keyId?: UUID; + timeToLiveInSeconds?: number; } /** - * IdP Initiated login configuration + * Event log used internally by FusionAuth to help developers debug hooks, Webhooks, email templates, etc. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface SAMLv2IdPInitiatedLoginConfiguration extends Enableable { - nameIdFormat?: string; -} - -export interface DeleteConfiguration extends Enableable { - numberOfDaysToRetain?: number; +export interface EventLog { + id?: number; + insertInstant?: number; + message?: string; + type?: EventLogType; } /** * @author Daniel DeGroff */ -export enum FormDataType { - bool = "bool", - consent = "consent", - date = "date", - email = "email", - number = "number", - string = "string" +export interface LookupResponse { + identityProvider?: IdentityProviderDetails; } -/** - * Key search response - * - * @author Spencer Witt - */ -export interface KeySearchResponse { - keys?: Array; - total?: number; +export interface IdentityProviderDetails { + applicationIds?: Array; + id?: UUID; + idpEndpoint?: string; + name?: string; + oauth2?: IdentityProviderOauth2Configuration; + type?: IdentityProviderType; } /** - * A Application-level policy for deleting Users. - * - * @author Trevor Smith + * @author Daniel DeGroff */ -export interface ApplicationRegistrationDeletePolicy { - unverified?: TimeBasedDeletePolicy; +export interface IntrospectResponse extends Record { } /** - * Models the User Delete Registration Event. + * Models the Group Member Update Event. * * @author Daniel DeGroff */ -export interface UserRegistrationDeleteEvent extends BaseUserEvent { - applicationId?: UUID; - registration?: UserRegistration; +export interface GroupMemberUpdateEvent extends BaseGroupEvent { + members?: Array; } /** - * @author Daniel DeGroff + * Search request for webhooks + * + * @author Spencer Witt */ -export interface AccessToken { - access_token?: string; - expires_in?: number; - id_token?: string; - refresh_token?: string; - refresh_token_id?: UUID; - scope?: string; - token_type?: TokenType; - userId?: UUID; +export interface WebhookSearchRequest { + search?: WebhookSearchCriteria; } /** - * Search request for Group Members. + * Change password response object. * * @author Daniel DeGroff */ -export interface GroupMemberSearchRequest { - search?: GroupMemberSearchCriteria; -} - -export interface MultiFactorSMSTemplate { - templateId?: UUID; +export interface ChangePasswordResponse { + oneTimePassword?: string; + state?: Record; } /** - * A log for an event that happened to a User. + * A server where events are sent. This includes user action events and any other events sent by FusionAuth. * * @author Brian Pontarelli */ -export interface UserComment { - comment?: string; - commenterId?: UUID; +export interface Webhook { + connectTimeout?: number; + data?: Record; + description?: string; + eventsEnabled?: Record; + global?: boolean; + headers?: HTTPHeaders; + httpAuthenticationPassword?: string; + httpAuthenticationUsername?: string; id?: UUID; insertInstant?: number; - userId?: UUID; + lastUpdateInstant?: number; + readTimeout?: number; + signatureConfiguration?: WebhookSignatureConfiguration; + sslCertificate?: string; + sslCertificateKeyId?: UUID; + tenantIds?: Array; + url?: string; } /** - * Models the Group Create Complete Event. + * Available Integrations * * @author Daniel DeGroff */ -export interface GroupDeleteCompleteEvent extends BaseGroupEvent { -} - +export interface Integrations { + cleanspeak?: CleanSpeakConfiguration; + kafka?: KafkaConfiguration; +} + /** - * Email template search response + * Search criteria for the event log. * - * @author Mark Manes + * @author Brian Pontarelli */ -export interface EmailTemplateSearchResponse { - emailTemplates?: Array; - total?: number; +export interface EventLogSearchCriteria extends BaseSearchCriteria { + end?: number; + message?: string; + start?: number; + type?: EventLogType; } /** - * A marker interface indicating this event is not scoped to a tenant and will be sent to all webhooks. - * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface InstanceEvent extends NonTransactionalEvent { +export interface EmailConfiguration { + additionalHeaders?: Array; + debug?: boolean; + defaultFromEmail?: string; + defaultFromName?: string; + emailUpdateEmailTemplateId?: UUID; + emailVerifiedEmailTemplateId?: UUID; + forgotPasswordEmailTemplateId?: UUID; + host?: string; + implicitEmailVerificationAllowed?: boolean; + loginIdInUseOnCreateEmailTemplateId?: UUID; + loginIdInUseOnUpdateEmailTemplateId?: UUID; + loginNewDeviceEmailTemplateId?: UUID; + loginSuspiciousEmailTemplateId?: UUID; + password?: string; + passwordlessEmailTemplateId?: UUID; + passwordResetSuccessEmailTemplateId?: UUID; + passwordUpdateEmailTemplateId?: UUID; + port?: number; + properties?: string; + security?: EmailSecurityType; + setPasswordEmailTemplateId?: UUID; + twoFactorMethodAddEmailTemplateId?: UUID; + twoFactorMethodRemoveEmailTemplateId?: UUID; + unverified?: EmailUnverifiedOptions; + username?: string; + verificationEmailTemplateId?: UUID; + verificationStrategy?: VerificationStrategy; + verifyEmail?: boolean; + verifyEmailWhenChanged?: boolean; +} + +export enum EmailSecurityType { + NONE = "NONE", + SSL = "SSL", + TLS = "TLS" } /** - * Models the user action Event. - * - * @author Brian Pontarelli + * @author Brett Pontarelli */ -export interface UserActionEvent extends BaseEvent { - action?: string; - actioneeUserId?: UUID; - actionerUserId?: UUID; - actionId?: UUID; - applicationIds?: Array; - comment?: string; - email?: Email; - emailedUser?: boolean; - expiry?: number; - localizedAction?: string; - localizedDuration?: string; - localizedOption?: string; - localizedReason?: string; - notifyUser?: boolean; - option?: string; - phase?: UserActionPhase; - reason?: string; - reasonCode?: string; +export interface TwitchApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; } /** - * @author Daniel DeGroff + * @author Brett Pontarelli */ -export enum BreachedPasswordStatus { - None = "None", - ExactMatch = "ExactMatch", - SubAddressMatch = "SubAddressMatch", - PasswordOnly = "PasswordOnly", - CommonPassword = "CommonPassword" +export interface XboxApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; } /** - * @author Michael Sleevi + * Models a generic connector. + * + * @author Trevor Smith */ -export interface SMSMessage { - phoneNumber?: string; - textMessage?: string; +export interface GenericConnectorConfiguration extends BaseConnectorConfiguration { + authenticationURL?: string; + connectTimeout?: number; + headers?: HTTPHeaders; + httpAuthenticationPassword?: string; + httpAuthenticationUsername?: string; + readTimeout?: number; + sslCertificateKeyId?: UUID; } /** + * An Event "event" to indicate an event log was created. + * * @author Daniel DeGroff */ -export interface TwitterApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - buttonText?: string; - consumerKey?: string; - consumerSecret?: string; +export interface EventLogCreateEvent extends BaseEvent { + eventLog?: EventLog; } /** - * A User's WebAuthnCredential. Contains all data required to complete WebAuthn authentication ceremonies. - * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface WebAuthnCredential { - algorithm?: CoseAlgorithmIdentifier; - attestationType?: AttestationType; - authenticatorSupportsUserVerification?: boolean; - credentialId?: string; +export interface SystemConfiguration { + auditLogConfiguration?: AuditLogConfiguration; + corsConfiguration?: CORSConfiguration; data?: Record; - discoverable?: boolean; - displayName?: string; - id?: UUID; + eventLogConfiguration?: EventLogConfiguration; insertInstant?: number; - lastUseInstant?: number; - name?: string; - publicKey?: string; - relyingPartyId?: string; - signCount?: number; - tenantId?: UUID; - transports?: Array; - userAgent?: string; - userId?: UUID; + lastUpdateInstant?: number; + loginRecordConfiguration?: LoginRecordConfiguration; + reportTimezone?: string; + trustedProxyConfiguration?: SystemTrustedProxyConfiguration; + uiConfiguration?: UIConfiguration; + webhookEventLogConfiguration?: WebhookEventLogConfiguration; } -export interface LambdaConfiguration { - accessTokenPopulateId?: UUID; - idTokenPopulateId?: UUID; - samlv2PopulateId?: UUID; - selfServiceRegistrationValidationId?: UUID; - userinfoPopulateId?: UUID; +export interface AuditLogConfiguration { + delete?: DeleteConfiguration; } -/** - * @author Daniel DeGroff - */ -export interface RegistrationUnverifiedOptions { - behavior?: UnverifiedBehavior; +export interface DeleteConfiguration extends Enableable { + numberOfDaysToRetain?: number; +} + +export interface EventLogConfiguration { + numberToRetain?: number; +} + +export interface LoginRecordConfiguration { + delete?: DeleteConfiguration; +} + +export interface UIConfiguration { + headerColor?: string; + logoURL?: string; + menuFontColor?: string; } /** - * Models a consent. - * * @author Daniel DeGroff */ -export enum ConsentStatus { - Active = "Active", - Revoked = "Revoked" +export interface TenantUsernameConfiguration { + unique?: UniqueUsernameConfiguration; } -/** - * Contains the output for the {@code credProps} extension - * - * @author Spencer Witt - */ -export interface CredentialPropertiesOutput { - rk?: boolean; +export enum UniqueUsernameStrategy { + Always = "Always", + OnCollision = "OnCollision" +} + +export interface UniqueUsernameConfiguration extends Enableable { + numberOfDigits?: number; + separator?: string; + strategy?: UniqueUsernameStrategy; } /** - * @author Daniel DeGroff + * Consent search response + * + * @author Spencer Witt */ -export interface VerifyRegistrationRequest extends BaseEventRequest { - oneTimeCode?: string; - verificationId?: string; +export interface ConsentSearchResponse { + consents?: Array; + total?: number; } /** + *

+ * * @author Daniel DeGroff */ -export interface UserinfoResponse extends Record { +export enum TokenType { + Bearer = "Bearer", + MAC = "MAC" } /** - * Stores an email template used to send emails to users. + * A grant for an entity to a user or another entity. * * @author Brian Pontarelli */ -export interface EmailTemplate { - defaultFromName?: string; - defaultHtmlTemplate?: string; - defaultSubject?: string; - defaultTextTemplate?: string; - fromEmail?: string; +export interface EntityGrant { + data?: Record; + entity?: Entity; id?: UUID; insertInstant?: number; lastUpdateInstant?: number; - localizedFromNames?: LocalizedStrings; - localizedHtmlTemplates?: LocalizedStrings; - localizedSubjects?: LocalizedStrings; - localizedTextTemplates?: LocalizedStrings; - name?: string; + permissions?: Array; + recipientEntityId?: UUID; + userId?: UUID; } /** - * Models the User Email Verify Event. + * Search criteria for user comments. * - * @author Trevor Smith + * @author Spencer Witt */ -export interface UserEmailVerifiedEvent extends BaseUserEvent { +export interface UserCommentSearchCriteria extends BaseSearchCriteria { + comment?: string; + commenterId?: UUID; + tenantId?: UUID; + userId?: UUID; } /** - * @author Daniel DeGroff + * @author Derek Klatt */ -export interface ApplicationAccessControlConfiguration { - uiIPAccessControlListId?: UUID; +export interface PasswordValidationRules { + breachDetection?: PasswordBreachDetection; + maxLength?: number; + minLength?: number; + rememberPreviousPasswords?: RememberPreviousPasswords; + requireMixedCase?: boolean; + requireNonAlpha?: boolean; + requireNumber?: boolean; + validateOnLogin?: boolean; } /** - * Form response. + * Models the User Email Verify Event. * - * @author Daniel DeGroff + * @author Trevor Smith */ -export interface FormResponse { - form?: Form; - forms?: Array
; +export interface UserEmailVerifiedEvent extends BaseUserEvent { } /** + * API response for User consent. + * * @author Daniel DeGroff */ -export enum ApplicationMultiFactorTrustPolicy { - Any = "Any", - This = "This", - None = "None" +export interface UserConsentResponse { + userConsent?: UserConsent; + userConsents?: Array; } /** - * A JSON Web Key as defined by RFC 7517 JSON Web Key (JWK) - * Section 4 and RFC 7518 JSON Web Algorithms (JWA). - * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface JSONWebKey { - alg?: Algorithm; - crv?: string; - d?: string; - dp?: string; - dq?: string; - e?: string; - kid?: string; - kty?: KeyType; - n?: string; - [other: string]: any; // Any other fields - p?: string; - q?: string; - qi?: string; - use?: string; - x?: string; - x5c?: Array; - x5t?: string; - x5t_S256?: string; - y?: string; +export interface PreviewRequest { + emailTemplate?: EmailTemplate; + locale?: string; } /** - * Search request for Consents - * - * @author Spencer Witt + * @author Mikey Sleevi */ -export interface ConsentSearchRequest { - search?: ConsentSearchCriteria; +export interface TenantMultiFactorConfiguration { + authenticator?: MultiFactorAuthenticatorMethod; + email?: MultiFactorEmailMethod; + loginPolicy?: MultiFactorLoginPolicy; + sms?: MultiFactorSMSMethod; } -/** - * Models the User Reactivate Event. - * - * @author Brian Pontarelli - */ -export interface UserReactivateEvent extends BaseUserEvent { +export interface MultiFactorAuthenticatorMethod extends Enableable { + algorithm?: TOTPAlgorithm; + codeLength?: number; + timeStep?: number; +} + +export interface MultiFactorEmailMethod extends Enableable { + templateId?: UUID; +} + +export interface MultiFactorSMSMethod extends Enableable { + messengerId?: UUID; + templateId?: UUID; } /** - * OpenID Connect Configuration as described by the OpenID - * Provider Metadata. + * Entity grant API response object. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface OpenIdConfiguration { - authorization_endpoint?: string; - backchannel_logout_supported?: boolean; - claims_supported?: Array; - device_authorization_endpoint?: string; - end_session_endpoint?: string; - frontchannel_logout_supported?: boolean; - grant_types_supported?: Array; - id_token_signing_alg_values_supported?: Array; - issuer?: string; - jwks_uri?: string; - response_modes_supported?: Array; - response_types_supported?: Array; - scopes_supported?: Array; - subject_types_supported?: Array; - token_endpoint?: string; - token_endpoint_auth_methods_supported?: Array; - userinfo_endpoint?: string; - userinfo_signing_alg_values_supported?: Array; +export interface EntityGrantResponse { + grant?: EntityGrant; + grants?: Array; } /** - * This class is the user query. It provides a build pattern as well as public fields for use on forms and in actions. + * API request to start a WebAuthn authentication ceremony * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface UserSearchCriteria extends BaseElasticSearchCriteria { +export interface WebAuthnStartRequest { + applicationId?: UUID; + credentialId?: UUID; + loginId?: string; + state?: Record; + userId?: UUID; + workflow?: WebAuthnWorkflow; } /** + * API response for consent. + * * @author Daniel DeGroff */ -export enum UserState { - Authenticated = "Authenticated", - AuthenticatedNotRegistered = "AuthenticatedNotRegistered", - AuthenticatedNotVerified = "AuthenticatedNotVerified", - AuthenticatedRegistrationNotVerified = "AuthenticatedRegistrationNotVerified" +export interface ConsentResponse { + consent?: Consent; + consents?: Array; } /** - * Models a JWT Refresh Token. + * A User's membership into a Group * * @author Daniel DeGroff */ -export interface RefreshToken { - applicationId?: UUID; +export interface GroupMember { data?: Record; + groupId?: UUID; id?: UUID; insertInstant?: number; - metaData?: MetaData; - startInstant?: number; - tenantId?: UUID; - token?: string; + user?: User; userId?: UUID; } /** - * Search criteria for entity grants. + * Models an entity that a user can be granted permissions to. Or an entity that can be granted permissions to another entity. * * @author Brian Pontarelli */ -export interface EntityGrantSearchCriteria extends BaseSearchCriteria { - entityId?: UUID; +export interface Entity { + clientId?: string; + clientSecret?: string; + data?: Record; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; name?: string; - userId?: UUID; + parentId?: UUID; + tenantId?: UUID; + type?: EntityType; } /** - * This class is an abstraction of a simple email message. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface Email { - attachments?: Array; - bcc?: Array; - cc?: Array; - from?: EmailAddress; - html?: string; - replyTo?: EmailAddress; - subject?: string; - text?: string; - to?: Array; +export interface ReactorResponse { + status?: ReactorStatus; } /** - * An audit log. + * Login API request object. * - * @author Brian Pontarelli + * @author Seth Musselman */ -export interface AuditLog { - data?: Record; - id?: number; - insertInstant?: number; - insertUser?: string; - message?: string; - newValue?: any; - oldValue?: any; - reason?: string; +export interface LoginRequest extends BaseLoginRequest { + loginId?: string; + oneTimePassword?: string; + password?: string; + twoFactorTrustId?: string; } /** - * Models the User Identity Provider Link Event. + * Models the User Identity Provider Unlink Event. * * @author Rob Davis */ -export interface UserIdentityProviderLinkEvent extends BaseUserEvent { +export interface UserIdentityProviderUnlinkEvent extends BaseUserEvent { identityProviderLink?: IdentityProviderLink; } /** - * Application search response + * WebAuthn Credential API response * * @author Spencer Witt */ -export interface ApplicationSearchResponse extends ExpandableResponse { - applications?: Array; - total?: number; +export interface WebAuthnCredentialResponse { + credential?: WebAuthnCredential; + credentials?: Array; } /** - * @author Daniel DeGroff + * Contains the output for the {@code credProps} extension + * + * @author Spencer Witt */ -export interface OAuthConfigurationResponse { - httpSessionMaxInactiveInterval?: number; - logoutURL?: string; - oauthConfiguration?: OAuth2Configuration; +export interface CredentialPropertiesOutput { + rk?: boolean; } /** - * Contains attributes for the Relying Party to refer to an existing public key credential as an input parameter. + * IdP Initiated login configuration * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface PublicKeyCredentialDescriptor { - id?: string; - transports?: Array; - type?: PublicKeyCredentialType; +export interface SAMLv2IdPInitiatedLoginConfiguration extends Enableable { + nameIdFormat?: string; } /** + * Entity Type API response object. + * * @author Brian Pontarelli */ -export interface PendingResponse { - users?: Array; +export interface EntityTypeResponse { + entityType?: EntityType; + entityTypes?: Array; + permission?: EntityTypePermission; } /** - * Steam gaming login provider. + * User API response object. * - * @author Brett Pontarelli + * @author Brian Pontarelli */ -export interface SteamIdentityProvider extends BaseIdentityProvider { - apiMode?: SteamAPIMode; - buttonText?: string; - client_id?: string; - scope?: string; - webAPIKey?: string; +export interface UserResponse { + emailVerificationId?: string; + emailVerificationOneTimeCode?: string; + registrationVerificationIds?: Record; + registrationVerificationOneTimeCodes?: Record; + token?: string; + tokenExpirationInstant?: number; + user?: User; } /** - * Allows the Relying Party to specify desired attributes of a new credential. + * Status for content like usernames, profile attributes, etc. + * + * @author Brian Pontarelli + */ +export enum ContentStatus { + ACTIVE = "ACTIVE", + PENDING = "PENDING", + REJECTED = "REJECTED" +} + +/** + * Search request for Keys * * @author Spencer Witt */ -export interface PublicKeyCredentialCreationOptions { - attestation?: AttestationConveyancePreference; - authenticatorSelection?: AuthenticatorSelectionCriteria; - challenge?: string; - excludeCredentials?: Array; - extensions?: WebAuthnRegistrationExtensionOptions; - pubKeyCredParams?: Array; - rp?: PublicKeyCredentialRelyingPartyEntity; - timeout?: number; - user?: PublicKeyCredentialUserEntity; +export interface KeySearchRequest { + search?: KeySearchCriteria; } /** - * Authorization Grant types as defined by the The OAuth 2.0 Authorization - * Framework - RFC 6749. - *

- * Specific names as defined by - * OAuth 2.0 Dynamic Client Registration Protocol - RFC 7591 Section 4.1 + * @author Matthew Altman + */ +export enum LogoutBehavior { + RedirectOnly = "RedirectOnly", + AllApplications = "AllApplications" +} + +/** + * @author Brian Pontarelli + */ +export interface Tenantable { +} + +/** + * Models the User Bulk Create Event. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export enum GrantType { - authorization_code = "authorization_code", - implicit = "implicit", - password = "password", - client_credentials = "client_credentials", - refresh_token = "refresh_token", - unknown = "unknown", - device_code = "urn:ietf:params:oauth:grant-type:device_code" +export interface UserBulkCreateEvent extends BaseEvent { + users?: Array; } /** - * A User's membership into a Group + * Models a single family member. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface GroupMember { +export interface FamilyMember { data?: Record; - groupId?: UUID; - id?: UUID; insertInstant?: number; - user?: User; + lastUpdateInstant?: number; + owner?: boolean; + role?: FamilyRole; userId?: UUID; } +export enum FamilyRole { + Child = "Child", + Teen = "Teen", + Adult = "Adult" +} + /** - * Models the User Update Event. + * An email address. * * @author Brian Pontarelli */ -export interface UserUpdateEvent extends BaseUserEvent { - original?: User; +export interface EmailAddress { + address?: string; + display?: string; } /** - * The application's relationship to the authorization server. First-party applications will be granted implicit permission for requested scopes. - * Third-party applications will use the {@link OAuthScopeConsentMode} policy. - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export enum OAuthApplicationRelationship { - FirstParty = "FirstParty", - ThirdParty = "ThirdParty" +export interface ExternalJWTApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { } /** - * The summary of the action that is preventing login to be returned on the login response. + * Search request for Tenants * + * @author Mark Manes + */ +export interface TenantSearchRequest { + search?: TenantSearchCriteria; +} + +/** * @author Daniel DeGroff */ -export interface LoginPreventedResponse { +export interface FacebookApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + appId?: string; + buttonText?: string; + client_secret?: string; + fields?: string; + loginMethod?: IdentityProviderLoginMethod; + permissions?: string; +} + +/** + * Models the user action Event. + * + * @author Brian Pontarelli + */ +export interface UserActionEvent extends BaseEvent { + action?: string; + actioneeUserId?: UUID; actionerUserId?: UUID; actionId?: UUID; + applicationIds?: Array; + comment?: string; + email?: Email; + emailedUser?: boolean; expiry?: number; - localizedName?: string; + localizedAction?: string; + localizedDuration?: string; localizedOption?: string; localizedReason?: string; - name?: string; + notifyUser?: boolean; option?: string; + phase?: UserActionPhase; reason?: string; reasonCode?: string; } /** - * This class is the entity query. It provides a build pattern as well as public fields for use on forms and in actions. + * Models the User Create Registration Event. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface EntitySearchCriteria extends BaseElasticSearchCriteria { +export interface UserRegistrationCreateEvent extends BaseUserEvent { + applicationId?: UUID; + registration?: UserRegistration; } /** - * Theme API request object. + * A displayable raw login that includes application name and user loginId. * - * @author Trevor Smith + * @author Brian Pontarelli */ -export interface ThemeRequest { - sourceThemeId?: UUID; - theme?: Theme; +export interface DisplayableRawLogin extends RawLogin { + applicationName?: string; + location?: Location; + loginId?: string; } /** * @author Daniel DeGroff */ -export interface PasswordlessSendRequest { - applicationId?: UUID; - code?: string; - loginId?: string; - state?: Record; +export interface UserinfoResponse extends Record { } /** - * Models the User Login event for a new device (un-recognized) + * A number identifying a cryptographic algorithm. Values should be registered with the IANA COSE Algorithms registry * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface UserLoginNewDeviceEvent extends UserLoginSuccessEvent { +export enum CoseAlgorithmIdentifier { + ES256 = "SHA256withECDSA", + ES384 = "SHA384withECDSA", + ES512 = "SHA512withECDSA", + RS256 = "SHA256withRSA", + RS384 = "SHA384withRSA", + RS512 = "SHA512withRSA", + PS256 = "SHA-256", + PS384 = "SHA-384", + PS512 = "SHA-512" } /** - * Key API response object. - * - * @author Daniel DeGroff + * @author Brett Pontarelli */ -export interface KeyResponse { - key?: Key; - keys?: Array; +export interface SteamApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + apiMode?: SteamAPIMode; + buttonText?: string; + client_id?: string; + scope?: string; + webAPIKey?: string; } /** - * @author Brett Guy + * @author Daniel DeGroff */ -export interface TwoFactorStartRequest { +export interface TwoFactorSendRequest { applicationId?: UUID; - code?: string; - loginId?: string; - state?: Record; - trustChallenge?: string; + email?: string; + method?: string; + methodId?: string; + mobilePhone?: string; userId?: UUID; } /** - * Models the Group Create Event. + * Search criteria for Email templates * - * @author Daniel DeGroff - */ -export interface GroupCreateEvent extends BaseGroupEvent { -} - -/** - * @author Trevor Smith - */ -export interface ConnectorPolicy { - connectorId?: UUID; - data?: Record; - domains?: Array; - migrate?: boolean; -} - -/** - * @author Daniel DeGroff + * @author Mark Manes */ -export interface FormField { - confirm?: boolean; - consentId?: UUID; - control?: FormControl; - data?: Record; - description?: string; - id?: UUID; - insertInstant?: number; - key?: string; - lastUpdateInstant?: number; +export interface EmailTemplateSearchCriteria extends BaseSearchCriteria { name?: string; - options?: Array; - required?: boolean; - type?: FormDataType; - validator?: FormFieldValidator; } /** * @author Brian Pontarelli */ -export interface FamilyConfiguration extends Enableable { - allowChildRegistrations?: boolean; - confirmChildEmailTemplateId?: UUID; - deleteOrphanedAccounts?: boolean; - deleteOrphanedAccountsDays?: number; - familyRequestEmailTemplateId?: UUID; - maximumChildAge?: number; - minimumOwnerAge?: number; - parentEmailRequired?: boolean; - parentRegistrationEmailTemplateId?: UUID; +export enum ReactorFeatureStatus { + ACTIVE = "ACTIVE", + DISCONNECTED = "DISCONNECTED", + PENDING = "PENDING", + DISABLED = "DISABLED", + UNKNOWN = "UNKNOWN" } /** * @author Brett Pontarelli */ -export interface TwitchApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { +export interface SonyPSNApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { buttonText?: string; client_id?: string; client_secret?: string; @@ -6319,1010 +6377,900 @@ export interface TwitchApplicationConfiguration extends BaseIdentityProviderAppl } /** - * A displayable raw login that includes application name and user loginId. + * An audit log. * * @author Brian Pontarelli */ -export interface DisplayableRawLogin extends RawLogin { - applicationName?: string; - location?: Location; - loginId?: string; -} - -export interface SAMLv2SingleLogout extends Enableable { - keyId?: UUID; - url?: string; - xmlSignatureC14nMethod?: CanonicalizationMethod; -} - -/** - * @author Daniel DeGroff - */ -export interface OpenIdConnectApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - buttonImageURL?: string; - buttonText?: string; - oauth2?: IdentityProviderOauth2Configuration; +export interface AuditLog { + data?: Record; + id?: number; + insertInstant?: number; + insertUser?: string; + message?: string; + newValue?: any; + oldValue?: any; + reason?: string; } /** - * @author Daniel DeGroff + * A webhook call response. + * + * @author Spencer Witt */ -export interface ApplicationFormConfiguration { - adminRegistrationFormId?: UUID; - selfServiceFormConfiguration?: SelfServiceFormConfiguration; - selfServiceFormId?: UUID; +export interface WebhookCallResponse { + exception?: string; + statusCode?: number; + url?: string; } /** - * A policy for deleting Users based upon some external criteria. + * Provides the authenticator with the data it needs to generate an assertion. * - * @author Trevor Smith + * @author Spencer Witt */ -export interface TimeBasedDeletePolicy extends Enableable { - enabledInstant?: number; - numberOfDaysToRetain?: number; +export interface PublicKeyCredentialRequestOptions { + allowCredentials?: Array; + challenge?: string; + rpId?: string; + timeout?: number; + userVerification?: UserVerificationRequirement; } /** - * Search criteria for Keys + * Search request for user comments * * @author Spencer Witt */ -export interface KeySearchCriteria extends BaseSearchCriteria { - algorithm?: KeyAlgorithm; - name?: string; - type?: KeyType; +export interface UserCommentSearchRequest { + search?: UserCommentSearchCriteria; } /** - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export enum ReactorFeatureStatus { - ACTIVE = "ACTIVE", - DISCONNECTED = "DISCONNECTED", - PENDING = "PENDING", - DISABLED = "DISABLED", - UNKNOWN = "UNKNOWN" +export enum UnverifiedBehavior { + Allow = "Allow", + Gated = "Gated" } /** + * Models the Group Member Remove Event. + * * @author Daniel DeGroff */ -export interface RefreshRequest extends BaseEventRequest { - refreshToken?: string; - token?: string; +export interface GroupMemberRemoveEvent extends BaseGroupEvent { + members?: Array; } /** - * Models an event where a user is being created with an "in-use" login Id (email or username). - * - * @author Daniel DeGroff + * @author Brett Guy */ -export interface UserLoginIdDuplicateOnCreateEvent extends BaseUserEvent { - duplicateEmail?: string; - duplicateUsername?: string; - existing?: User; +export enum MessengerType { + Generic = "Generic", + Kafka = "Kafka", + Twilio = "Twilio" } -export enum ThemeType { - advanced = "advanced", - simple = "simple" +/** + * @author Brian Pontarelli + */ +export interface EventLogSearchRequest { + search?: EventLogSearchCriteria; } /** - * Login API request object. + * Event log response. * - * @author Seth Musselman + * @author Brian Pontarelli */ -export interface LoginRequest extends BaseLoginRequest { - loginId?: string; - oneTimePassword?: string; - password?: string; - twoFactorTrustId?: string; +export interface EventLogSearchResponse { + eventLogs?: Array; + total?: number; } /** - * The reason for the login failure. + * Webhook event log response. * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface UserLoginFailedReason { - code?: string; - lambdaId?: UUID; - lambdaResult?: Errors; +export interface WebhookEventLogResponse { + webhookEventLog?: WebhookEventLog; } /** - * Response for the user login report. - * - * @author Seth Musselman + * @author Daniel DeGroff */ -export interface RecentLoginResponse { - logins?: Array; +export interface TwoFactorRecoveryCodeResponse { + recoveryCodes?: Array; } /** - * Theme object for values used in the css variables for simple themes. + * An expandable API response. * - * @author Lyle Schemmerling + * @author Daniel DeGroff */ -export interface SimpleThemeVariables { - alertBackgroundColor?: string; - alertFontColor?: string; - backgroundImageURL?: string; - backgroundSize?: string; - borderRadius?: string; - deleteButtonColor?: string; - deleteButtonFocusColor?: string; - deleteButtonTextColor?: string; - deleteButtonTextFocusColor?: string; - errorFontColor?: string; - errorIconColor?: string; - fontColor?: string; - fontFamily?: string; - footerDisplay?: boolean; - iconBackgroundColor?: string; - iconColor?: string; - infoIconColor?: string; - inputBackgroundColor?: string; - inputIconColor?: string; - inputTextColor?: string; - linkTextColor?: string; - linkTextFocusColor?: string; - logoImageSize?: string; - logoImageURL?: string; - monoFontColor?: string; - monoFontFamily?: string; - pageBackgroundColor?: string; - panelBackgroundColor?: string; - primaryButtonColor?: string; - primaryButtonFocusColor?: string; - primaryButtonTextColor?: string; - primaryButtonTextFocusColor?: string; +export interface ExpandableResponse { + expandable?: Array; } /** - * API response for User consent. + * Model a user event when a two-factor method has been added. * * @author Daniel DeGroff */ -export interface UserConsentRequest { - userConsent?: UserConsent; +export interface UserTwoFactorMethodRemoveEvent extends BaseUserEvent { + method?: TwoFactorMethod; } /** - * API request for sending out family requests to parent's. + * The response from the total report. This report stores the total numbers for each application. * * @author Brian Pontarelli */ -export interface FamilyEmailRequest { - parentEmail?: string; +export interface TotalsReportResponse { + applicationTotals?: Record; + globalRegistrations?: number; + totalGlobalRegistrations?: number; +} + +export interface Totals { + logins?: number; + registrations?: number; + totalRegistrations?: number; } /** - * Search request for entities - * * @author Brett Guy */ -export interface EntitySearchRequest { - search?: EntitySearchCriteria; +export interface IPAccessControlListResponse { + ipAccessControlList?: IPAccessControlList; + ipAccessControlLists?: Array; } /** - * Interface describing the need for CORS configuration. + * API request to start a WebAuthn registration ceremony * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface RequiresCORSConfiguration { +export interface WebAuthnRegisterStartRequest { + displayName?: string; + name?: string; + userAgent?: string; + userId?: UUID; + workflow?: WebAuthnWorkflow; } /** - * Audit log response. + * Models the User Login event that is suspicious. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface AuditLogResponse { - auditLog?: AuditLog; +export interface UserLoginSuspiciousEvent extends UserLoginSuccessEvent { + threatsDetected?: Array; } /** - * @author Brett Pontarelli + * User API delete request object for a single user. + * + * @author Brian Pontarelli */ -export interface SteamApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - apiMode?: SteamAPIMode; - buttonText?: string; - client_id?: string; - scope?: string; - webAPIKey?: string; +export interface UserDeleteSingleRequest extends BaseEventRequest { + hardDelete?: boolean; } /** - * @author Mikey Sleevi + * API response for refreshing a JWT with a Refresh Token. + *

+ * Using a different response object from RefreshTokenResponse because the retrieve response will return an object for refreshToken, and this is a + * string. + * + * @author Daniel DeGroff */ -export interface TenantMultiFactorConfiguration { - authenticator?: MultiFactorAuthenticatorMethod; - email?: MultiFactorEmailMethod; - loginPolicy?: MultiFactorLoginPolicy; - sms?: MultiFactorSMSMethod; +export interface JWTRefreshResponse { + refreshToken?: string; + refreshTokenId?: UUID; + token?: string; } /** - * Xbox gaming login provider. - * - * @author Brett Pontarelli + * @author Brian Pontarelli */ -export interface XboxIdentityProvider extends BaseIdentityProvider { - buttonText?: string; - client_id?: string; - client_secret?: string; - scope?: string; +export interface AuditLogSearchRequest { + search?: AuditLogSearchCriteria; } /** * @author Brett Guy */ -export enum ProofKeyForCodeExchangePolicy { - Required = "Required", - NotRequired = "NotRequired", - NotRequiredWhenUsingClientAuthentication = "NotRequiredWhenUsingClientAuthentication" +export interface IPAccessControlListSearchResponse { + ipAccessControlLists?: Array; + total?: number; } /** - * Audit log response. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface AuditLogSearchResponse { - auditLogs?: Array; - total?: number; +export interface VersionResponse { + version?: string; } /** - *

- * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export enum TokenType { - Bearer = "Bearer", - MAC = "MAC" +export interface TwoFactorDisableRequest extends BaseEventRequest { + applicationId?: UUID; + code?: string; + methodId?: string; } /** - * Search response for Groups - * - * @author Daniel DeGroff + * @author Brett Pontarelli */ -export interface GroupSearchResponse { - groups?: Array; - total?: number; +export interface NintendoApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + buttonText?: string; + client_id?: string; + client_secret?: string; + emailClaim?: string; + scope?: string; + uniqueIdClaim?: string; + usernameClaim?: string; } /** - * Configuration for signing webhooks. - * - * @author Brent Halsey + * @author Daniel DeGroff */ -export interface WebhookSignatureConfiguration extends Enableable { - signingKeyId?: UUID; +export interface PasswordBreachDetection extends Enableable { + matchMode?: BreachMatchMode; + notifyUserEmailTemplateId?: UUID; + onLogin?: BreachAction; } -export enum XMLSignatureLocation { - Assertion = "Assertion", - Response = "Response" +export enum BreachAction { + Off = "Off", + RecordOnly = "RecordOnly", + NotifyUser = "NotifyUser", + RequireChange = "RequireChange" } -/** - * Search criteria for user comments. - * - * @author Spencer Witt - */ -export interface UserCommentSearchCriteria extends BaseSearchCriteria { - comment?: string; - commenterId?: UUID; - tenantId?: UUID; - userId?: UUID; +export enum BreachMatchMode { + Low = "Low", + Medium = "Medium", + High = "High" } /** * @author Daniel DeGroff */ -export interface LinkedInIdentityProvider extends BaseIdentityProvider { - buttonText?: string; - client_id?: string; - client_secret?: string; - scope?: string; +export enum FormFieldAdminPolicy { + Edit = "Edit", + View = "View" } /** - * A server where events are sent. This includes user action events and any other events sent by FusionAuth. + * Used to communicate whether and how authenticator attestation should be delivered to the Relying Party * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface Webhook { - connectTimeout?: number; - data?: Record; - description?: string; - eventsEnabled?: Record; - global?: boolean; - headers?: HTTPHeaders; - httpAuthenticationPassword?: string; - httpAuthenticationUsername?: string; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - readTimeout?: number; - signatureConfiguration?: WebhookSignatureConfiguration; - sslCertificate?: string; - sslCertificateKeyId?: UUID; - tenantIds?: Array; - url?: string; +export enum AttestationConveyancePreference { + none = "none", + indirect = "indirect", + direct = "direct", + enterprise = "enterprise" } /** + * A policy to configure if and when the user-action is canceled prior to the expiration of the action. + * * @author Daniel DeGroff */ -export interface TwoFactorLoginRequest extends BaseLoginRequest { - code?: string; - trustComputer?: boolean; - twoFactorId?: string; - userId?: UUID; +export interface FailedAuthenticationActionCancelPolicy { + onPasswordReset?: boolean; } /** - * Entity grant API request object. + * The possible result states of a webhook event. This tracks the success of the overall webhook transaction according to the {@link TransactionType} + * and configured webhooks. * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface EntityGrantRequest { - grant?: EntityGrant; +export enum WebhookEventResult { + Failed = "Failed", + Running = "Running", + Succeeded = "Succeeded" } /** - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface IdentityProviderLinkResponse { - identityProviderLink?: IdentityProviderLink; - identityProviderLinks?: Array; +export interface BaseSearchCriteria { + numberOfResults?: number; + orderBy?: string; + startRow?: number; } /** - * The handling policy for scopes provided by FusionAuth + * Forgot password request object. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface ProvidedScopePolicy { - address?: Requirable; - email?: Requirable; - phone?: Requirable; - profile?: Requirable; +export interface ForgotPasswordRequest extends BaseEventRequest { + applicationId?: UUID; + changePasswordId?: string; + email?: string; + loginId?: string; + sendForgotPasswordEmail?: boolean; + state?: Record; + username?: string; } -export interface HistoryItem { - actionerUserId?: UUID; - comment?: string; - createInstant?: number; - expiry?: number; +/** + * The FormField API request object. + * + * @author Brett Guy + */ +export interface FormFieldRequest { + field?: FormField; + fields?: Array; } /** * @author Daniel DeGroff */ -export interface BaseExportRequest { - dateTimeSecondsFormat?: string; - zoneId?: string; +export interface SendRequest { + applicationId?: UUID; + bccAddresses?: Array; + ccAddresses?: Array; + preferredLanguages?: Array; + requestData?: Record; + toAddresses?: Array; + userIds?: Array; } /** - * Google social login provider parameters. + * Identifies the WebAuthn workflow. This will affect the parameters used for credential creation + * and request based on the Tenant configuration. * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface GoogleIdentityProviderProperties { - api?: string; - button?: string; +export enum WebAuthnWorkflow { + bootstrap = "bootstrap", + general = "general", + reauthentication = "reauthentication" } /** - * @author Daniel DeGroff + * @author Michael Sleevi */ -export interface OAuthError { - change_password_id?: string; - error?: OAuthErrorType; - error_description?: string; - error_reason?: OAuthErrorReason; - error_uri?: string; - two_factor_id?: string; - two_factor_methods?: Array; +export interface MessageTemplateResponse { + messageTemplate?: MessageTemplate; + messageTemplates?: Array; } /** + * Models a consent. + * * @author Daniel DeGroff */ -export interface TwoFactorRecoveryCodeResponse { - recoveryCodes?: Array; +export enum ConsentStatus { + Active = "Active", + Revoked = "Revoked" } /** - * Describes the authenticator attachment modality preference for a WebAuthn workflow. See {@link AuthenticatorAttachment} - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export enum AuthenticatorAttachmentPreference { - any = "any", - platform = "platform", - crossPlatform = "crossPlatform" +export enum HTTPMethod { + GET = "GET", + POST = "POST", + PUT = "PUT", + DELETE = "DELETE", + HEAD = "HEAD", + OPTIONS = "OPTIONS", + PATCH = "PATCH" } /** - * Models the Group Update Complete Event. + * Models the User Deleted Registration Event. + *

+ * This is different than user.registration.delete in that it is sent after the TX has been committed. This event cannot be transactional. * * @author Daniel DeGroff */ -export interface GroupUpdateCompleteEvent extends BaseGroupEvent { - original?: Group; -} - -export interface LambdaConfiguration { - reconcileId?: UUID; +export interface UserRegistrationDeleteCompleteEvent extends BaseUserEvent { + applicationId?: UUID; + registration?: UserRegistration; } /** - * Search criteria for Lambdas + * Steam gaming login provider. * - * @author Mark Manes + * @author Brett Pontarelli */ -export interface LambdaSearchCriteria extends BaseSearchCriteria { - body?: string; - name?: string; - type?: LambdaType; +export interface SteamIdentityProvider extends BaseIdentityProvider { + apiMode?: SteamAPIMode; + buttonText?: string; + client_id?: string; + scope?: string; + webAPIKey?: string; } /** - * @author Brian Pontarelli + * Nintendo gaming login provider. + * + * @author Brett Pontarelli */ -export interface SystemConfiguration { - auditLogConfiguration?: AuditLogConfiguration; - corsConfiguration?: CORSConfiguration; - data?: Record; - eventLogConfiguration?: EventLogConfiguration; - insertInstant?: number; - lastUpdateInstant?: number; - loginRecordConfiguration?: LoginRecordConfiguration; - reportTimezone?: string; - trustedProxyConfiguration?: SystemTrustedProxyConfiguration; - uiConfiguration?: UIConfiguration; - webhookEventLogConfiguration?: WebhookEventLogConfiguration; +export interface NintendoIdentityProvider extends BaseIdentityProvider { + buttonText?: string; + client_id?: string; + client_secret?: string; + emailClaim?: string; + scope?: string; + uniqueIdClaim?: string; + usernameClaim?: string; } /** - * @author Brett Guy + * @author Daniel DeGroff */ -export enum IPAccessControlEntryAction { - Allow = "Allow", - Block = "Block" +export interface TwoFactorLoginRequest extends BaseLoginRequest { + code?: string; + trustComputer?: boolean; + twoFactorId?: string; + userId?: UUID; } /** - * Webhook API request object. + * Search API request. * * @author Brian Pontarelli */ -export interface WebhookRequest { - webhook?: Webhook; +export interface SearchRequest extends ExpandableRequest { + search?: UserSearchCriteria; } /** - * Form field response. + * @author Daniel DeGroff + */ +export interface BaseIdentityProviderApplicationConfiguration extends Enableable { + createRegistration?: boolean; + data?: Record; +} + +/** + * This class is an abstraction of a simple email message. * - * @author Brett Guy + * @author Brian Pontarelli */ -export interface FormFieldResponse { - field?: FormField; - fields?: Array; +export interface Email { + attachments?: Array; + bcc?: Array; + cc?: Array; + from?: EmailAddress; + html?: string; + replyTo?: EmailAddress; + subject?: string; + text?: string; + to?: Array; } /** - * @author Mikey Sleevi + * Search request for Lambdas + * + * @author Mark Manes */ -export enum MessageType { - SMS = "SMS" +export interface LambdaSearchRequest { + search?: LambdaSearchCriteria; } -// Do not require a setter for 'type', it is defined by the concrete class and is not mutable -export interface BaseConnectorConfiguration { - data?: Record; - debug?: boolean; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - name?: string; - type?: ConnectorType; +/** + * User login failed reason codes. + */ +export interface UserLoginFailedReasonCode { } /** - * Configuration for the behavior of failed login attempts. This helps us protect against brute force password attacks. + * @author Brian Pontarelli + */ +export interface BaseElasticSearchCriteria extends BaseSearchCriteria { + accurateTotal?: boolean; + ids?: Array; + nextResults?: string; + query?: string; + queryString?: string; + sortFields?: Array; +} + +/** + * Application search response * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface FailedAuthenticationConfiguration { - actionCancelPolicy?: FailedAuthenticationActionCancelPolicy; - actionDuration?: number; - actionDurationUnit?: ExpiryUnit; - emailUser?: boolean; - resetCountInSeconds?: number; - tooManyAttempts?: number; - userActionId?: UUID; +export interface ApplicationSearchResponse extends ExpandableResponse { + applications?: Array; + total?: number; } /** - * Search criteria for Tenants + * Lambda search response * * @author Mark Manes */ -export interface TenantSearchCriteria extends BaseSearchCriteria { - name?: string; +export interface LambdaSearchResponse { + lambdas?: Array; + total?: number; } /** - * @author Rob Davis + * Webhook attempt log response. + * + * @author Spencer Witt */ -export interface TenantSCIMServerConfiguration extends Enableable { - clientEntityTypeId?: UUID; - schemas?: Record; - serverEntityTypeId?: UUID; +export interface WebhookAttemptLogResponse { + webhookAttemptLog?: WebhookAttemptLog; } /** - * An email address. + * Password Encryption Scheme Configuration + * + * @author Daniel DeGroff + */ +export interface PasswordEncryptionConfiguration { + encryptionScheme?: string; + encryptionSchemeFactor?: number; + modifyEncryptionSchemeOnLogin?: boolean; +} + +/** + * The Application API response. * * @author Brian Pontarelli */ -export interface EmailAddress { - address?: string; - display?: string; +export interface ApplicationResponse { + application?: Application; + applications?: Array; + role?: ApplicationRole; } /** - * Status for content like usernames, profile attributes, etc. + * Response for the daily active user report. * * @author Brian Pontarelli */ -export enum ContentStatus { - ACTIVE = "ACTIVE", - PENDING = "PENDING", - REJECTED = "REJECTED" +export interface MonthlyActiveUserReportResponse { + monthlyActiveUsers?: Array; + total?: number; } /** - * @author Brett Guy + * @author Tyler Scott */ -export interface GenericMessengerConfiguration extends BaseMessengerConfiguration { - connectTimeout?: number; - headers?: HTTPHeaders; - httpAuthenticationPassword?: string; - httpAuthenticationUsername?: string; - readTimeout?: number; - sslCertificate?: string; - url?: string; +export interface Group { + data?: Record; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + name?: string; + roles?: Record>; + tenantId?: UUID; } /** - * @author Daniel DeGroff + * Base class for all {@link User}-related events. + * + * @author Spencer Witt */ -export enum FormControl { - checkbox = "checkbox", - number = "number", - password = "password", - radio = "radio", - select = "select", - textarea = "textarea", - text = "text" +export interface BaseUserEvent extends BaseEvent { + user?: User; } -export enum BreachMatchMode { - Low = "Low", - Medium = "Medium", - High = "High" +/** + * @author Daniel DeGroff + */ +export interface Form { + data?: Record; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + name?: string; + steps?: Array; + type?: FormType; } /** - * Search criteria for Group Members - * * @author Daniel DeGroff */ -export interface GroupMemberSearchCriteria extends BaseSearchCriteria { - groupId?: UUID; - tenantId?: UUID; - userId?: UUID; +export enum UserState { + Authenticated = "Authenticated", + AuthenticatedNotRegistered = "AuthenticatedNotRegistered", + AuthenticatedNotVerified = "AuthenticatedNotVerified", + AuthenticatedRegistrationNotVerified = "AuthenticatedRegistrationNotVerified" } /** - * COSE key type + * The system configuration for Webhook Event Log data. * * @author Spencer Witt */ -export enum CoseKeyType { - Reserved = "0", - OKP = "1", - EC2 = "2", - RSA = "3", - Symmetric = "4" +export interface WebhookEventLogConfiguration { + delete?: DeleteConfiguration; } /** - * User API request object. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface UserRequest extends BaseEventRequest { - applicationId?: UUID; - currentPassword?: string; - disableDomainBlock?: boolean; - sendSetPasswordEmail?: boolean; - skipVerification?: boolean; - user?: User; +export interface LinkedInApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; } /** - * User API bulk response object. + * Model a user event when a two-factor method has been removed. * - * @author Trevor Smith + * @author Daniel DeGroff */ -export interface UserDeleteResponse { - dryRun?: boolean; - hardDelete?: boolean; - total?: number; - userIds?: Array; +export interface UserTwoFactorMethodAddEvent extends BaseUserEvent { + method?: TwoFactorMethod; } /** - * Change password request object. - * - * @author Brian Pontarelli + * @author Lyle Schemmerling */ -export interface ChangePasswordRequest extends BaseEventRequest { - applicationId?: UUID; - changePasswordId?: string; - currentPassword?: string; - loginId?: string; - password?: string; - refreshToken?: string; - trustChallenge?: string; - trustToken?: string; -} - -export interface SAMLv2Configuration extends Enableable { - assertionEncryptionConfiguration?: SAMLv2AssertionEncryptionConfiguration; - audience?: string; - authorizedRedirectURLs?: Array; - callbackURL?: string; - debug?: boolean; - defaultVerificationKeyId?: UUID; - initiatedLogin?: SAMLv2IdPInitiatedLoginConfiguration; - issuer?: string; - keyId?: UUID; - loginHintConfiguration?: LoginHintConfiguration; - logout?: SAMLv2Logout; - logoutURL?: string; - requireSignedRequests?: boolean; - xmlSignatureC14nMethod?: CanonicalizationMethod; - xmlSignatureLocation?: XMLSignatureLocation; +export interface SAMLv2AssertionConfiguration { + destination?: SAMLv2DestinationAssertionConfiguration; } /** - * CleanSpeak configuration at the system and application level. + * Theme API response object. * - * @author Brian Pontarelli + * @author Trevor Smith */ -export interface CleanSpeakConfiguration extends Enableable { - apiKey?: string; - applicationIds?: Array; - url?: string; - usernameModeration?: UsernameModeration; +export interface ThemeResponse { + theme?: Theme; + themes?: Array; } /** - * User Action API response object. + * The authenticator's response for the authentication ceremony in its encoded format * - * @author Brian Pontarelli - */ -export interface UserActionResponse { - userAction?: UserAction; - userActions?: Array; -} - -/** - * @author Lyle Schemmerling + * @author Spencer Witt */ -export enum SAMLv2DestinationAssertionPolicy { - Enabled = "Enabled", - Disabled = "Disabled", - AllowAlternates = "AllowAlternates" +export interface WebAuthnAuthenticatorAuthenticationResponse { + authenticatorData?: string; + clientDataJSON?: string; + signature?: string; + userHandle?: string; } /** - * API response for starting a WebAuthn authentication ceremony - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface WebAuthnStartResponse { - options?: PublicKeyCredentialRequestOptions; +export interface SecureGeneratorConfiguration { + length?: number; + type?: SecureGeneratorType; } /** - * Theme API response object. + * Webhook API request object. * - * @author Trevor Smith + * @author Brian Pontarelli */ -export interface ThemeResponse { - theme?: Theme; - themes?: Array; +export interface WebhookRequest { + webhook?: Webhook; } /** - * Defines valid credential types. This is an extension point in the WebAuthn spec. The only defined value at this time is "public-key" + * The Application Scope API request object. * * @author Spencer Witt */ -export enum PublicKeyCredentialType { - publicKey = "public-key" +export interface ApplicationOAuthScopeRequest { + scope?: ApplicationOAuthScope; } /** + * Models the User Created Event. + *

+ * This is different than the user.create event in that it will be sent after the user has been created. This event cannot be made transactional. + * * @author Daniel DeGroff */ -export interface OAuthResponse { +export interface UserCreateCompleteEvent extends BaseUserEvent { } /** + * Models the User Password Reset Start Event. + * * @author Daniel DeGroff */ -export enum FormFieldAdminPolicy { - Edit = "Edit", - View = "View" -} - -export interface EmailPlus extends Enableable { - emailTemplateId?: UUID; - maximumTimeToSendEmailInHours?: number; - minimumTimeToSendEmailInHours?: number; +export interface UserPasswordResetStartEvent extends BaseUserEvent { } /** - * API response for managing families and members. + * Webhook event log search response. * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface FamilyResponse { - families?: Array; - family?: Family; +export interface WebhookEventLogSearchResponse { + total?: number; + webhookEventLogs?: Array; } /** - * Models a specific entity type permission. This permission can be granted to users or other entities. + * A JavaScript lambda function that is executed during certain events inside FusionAuth. * * @author Brian Pontarelli */ -export interface EntityTypePermission { - data?: Record; - description?: string; +export interface Lambda { + body?: string; + debug?: boolean; + engineType?: LambdaEngineType; id?: UUID; insertInstant?: number; - isDefault?: boolean; lastUpdateInstant?: number; name?: string; + type?: LambdaType; } /** * @author Daniel DeGroff */ -export interface RateLimitedRequestConfiguration extends Enableable { - limit?: number; - timePeriodInSeconds?: number; +export interface HYPRApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + relyingPartyApplicationId?: string; + relyingPartyURL?: string; } /** * @author Daniel DeGroff */ -export interface ReactorStatus { - advancedIdentityProviders?: ReactorFeatureStatus; - advancedLambdas?: ReactorFeatureStatus; - advancedMultiFactorAuthentication?: ReactorFeatureStatus; - advancedOAuthScopes?: ReactorFeatureStatus; - advancedOAuthScopesCustomScopes?: ReactorFeatureStatus; - advancedOAuthScopesThirdPartyApplications?: ReactorFeatureStatus; - advancedRegistration?: ReactorFeatureStatus; - applicationMultiFactorAuthentication?: ReactorFeatureStatus; - applicationThemes?: ReactorFeatureStatus; - breachedPasswordDetection?: ReactorFeatureStatus; - connectors?: ReactorFeatureStatus; - entityManagement?: ReactorFeatureStatus; - expiration?: string; - licenseAttributes?: Record; - licensed?: boolean; - scimServer?: ReactorFeatureStatus; - threatDetection?: ReactorFeatureStatus; - webAuthn?: ReactorFeatureStatus; - webAuthnPlatformAuthenticators?: ReactorFeatureStatus; - webAuthnRoamingAuthenticators?: ReactorFeatureStatus; +export interface FormFieldValidator extends Enableable { + expression?: string; +} + +/** + * @author Daniel DeGroff + */ +export interface PasswordValidationRulesResponse { + passwordValidationRules?: PasswordValidationRules; } /** - * Models a single family member. - * * @author Brian Pontarelli */ -export interface FamilyMember { - data?: Record; - insertInstant?: number; - lastUpdateInstant?: number; - owner?: boolean; - role?: FamilyRole; - userId?: UUID; +export interface EventConfiguration { + events?: Record; } -export interface CertificateInformation { - issuer?: string; - md5Fingerprint?: string; - serialNumber?: string; - sha1Fingerprint?: string; - sha1Thumbprint?: string; - sha256Fingerprint?: string; - sha256Thumbprint?: string; - subject?: string; - validFrom?: number; - validTo?: number; +export interface EventConfigurationData extends Enableable { + transactionType?: TransactionType; } /** - * @author Daniel DeGroff + * Models the User Deactivate Event. + * + * @author Brian Pontarelli */ -export interface PasswordlessStartResponse { - code?: string; +export interface UserDeactivateEvent extends BaseUserEvent { } /** - * Response for the daily active user report. + * Models the User Update Registration Event. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface DailyActiveUserReportResponse { - dailyActiveUsers?: Array; - total?: number; +export interface UserRegistrationUpdateEvent extends BaseUserEvent { + applicationId?: UUID; + original?: UserRegistration; + registration?: UserRegistration; } /** - * @author Daniel DeGroff + * Search request for entities + * + * @author Brett Guy */ -export interface VersionResponse { - version?: string; +export interface EntitySearchRequest { + search?: EntitySearchCriteria; } /** - * @author Michael Sleevi + * The user action request object. + * + * @author Brian Pontarelli */ -export interface PreviewMessageTemplateRequest { - locale?: string; - messageTemplate?: MessageTemplate; +export interface ActionRequest extends BaseEventRequest { + action?: ActionData; + broadcast?: boolean; +} + +export interface ActionData { + actioneeUserId?: UUID; + actionerUserId?: UUID; + applicationIds?: Array; + comment?: string; + emailUser?: boolean; + expiry?: number; + notifyUser?: boolean; + option?: string; + reasonId?: UUID; + userActionId?: UUID; } /** + * The Integration Response + * * @author Daniel DeGroff */ -export interface IssueResponse { - refreshToken?: string; - token?: string; +export interface IntegrationResponse { + integrations?: Integrations; } /** - * Response for the login report. + * Models the User Password Update Event. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface LoginReportResponse { - hourlyCounts?: Array; - total?: number; +export interface UserPasswordUpdateEvent extends BaseUserEvent { } /** + * Models the Group Create Event. + * * @author Daniel DeGroff */ -export enum HTTPMethod { - GET = "GET", - POST = "POST", - PUT = "PUT", - DELETE = "DELETE", - HEAD = "HEAD", - OPTIONS = "OPTIONS", - PATCH = "PATCH" +export interface GroupCreateEvent extends BaseGroupEvent { } /** - * @author Mikey Sleevi - */ -export interface Message { -} - -// Do not require a setter for 'type', it is defined by the concrete class and is not mutable -export interface BaseIdentityProvider extends Enableable { - applicationConfiguration?: Record; - data?: Record; - debug?: boolean; - id?: UUID; - insertInstant?: number; - lambdaConfiguration?: LambdaConfiguration; - lastUpdateInstant?: number; - linkingStrategy?: IdentityProviderLinkingStrategy; - name?: string; - tenantConfiguration?: Record; - type?: IdentityProviderType; -} - -export interface MultiFactorEmailMethod extends Enableable { - templateId?: UUID; -} - -/** - * @author Trevor Smith + * @author Daniel DeGroff */ -export interface ConnectorRequest { - connector?: BaseConnectorConfiguration; +export interface IdentityProviderResponse { + identityProvider?: BaseIdentityProvider; + identityProviders?: Array>; } /** - * Models the User Created Event. - *

- * This is different than the user.create event in that it will be sent after the user has been created. This event cannot be made transactional. + * Something that can be enabled and thus also disabled. * * @author Daniel DeGroff */ -export interface UserCreateCompleteEvent extends BaseUserEvent { +export interface Enableable { + enabled?: boolean; } /** - * A number identifying a cryptographic algorithm. Values should be registered with the IANA COSE Algorithms registry + * Models the Group Member Add Event. * - * @author Spencer Witt + * @author Daniel DeGroff */ -export enum CoseAlgorithmIdentifier { - ES256 = "SHA256withECDSA", - ES384 = "SHA384withECDSA", - ES512 = "SHA512withECDSA", - RS256 = "SHA256withRSA", - RS384 = "SHA384withRSA", - RS512 = "SHA512withRSA", - PS256 = "SHA-256", - PS384 = "SHA-384", - PS512 = "SHA-512" +export interface GroupMemberAddEvent extends BaseGroupEvent { + members?: Array; } /** - * @author andrewpai + * The public Status API response + * + * @author Daniel DeGroff */ -export interface SelfServiceFormConfiguration { - requireCurrentPasswordOnPasswordChange?: boolean; +export interface StatusResponse extends Record { } /** + * Models the User Password Reset Success Event. + * * @author Daniel DeGroff */ -export interface RememberPreviousPasswords extends Enableable { - count?: number; +export interface UserPasswordResetSuccessEvent extends BaseUserEvent { } /** * @author Daniel DeGroff */ -export interface HYPRApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - relyingPartyApplicationId?: string; - relyingPartyURL?: string; +export enum RefreshTokenExpirationPolicy { + Fixed = "Fixed", + SlidingWindow = "SlidingWindow", + SlidingWindowWithMaximumLifetime = "SlidingWindowWithMaximumLifetime" } /** @@ -7334,1404 +7282,1384 @@ export interface KafkaMessengerConfiguration extends BaseMessengerConfiguration } /** - * Models the User Created Registration Event. - *

- * This is different than the user.registration.create event in that it will be sent after the user has been created. This event cannot be made - * transactional. + * Models the User Password Breach Event. * - * @author Daniel DeGroff + * @author Matthew Altman */ -export interface UserRegistrationCreateCompleteEvent extends BaseUserEvent { - applicationId?: UUID; - registration?: UserRegistration; +export interface UserPasswordBreachEvent extends BaseUserEvent { } /** + * The use type of a key. + * * @author Daniel DeGroff */ -export interface LoginRecordSearchRequest { - retrieveTotal?: boolean; - search?: LoginRecordSearchCriteria; +export enum KeyUse { + SignOnly = "SignOnly", + SignAndVerify = "SignAndVerify", + VerifyOnly = "VerifyOnly" } /** * @author Daniel DeGroff */ -export interface KafkaConfiguration extends Enableable { - defaultTopic?: string; - producer?: Record; +export interface ApplicationWebAuthnWorkflowConfiguration extends Enableable { } /** - * This class contains the managed fields that are also put into the database during FusionAuth setup. - *

- * Internal Note: These fields are also declared in SQL in order to bootstrap the system. These need to stay in sync. - * Any changes to these fields needs to also be reflected in mysql.sql and postgresql.sql + * Models an entity type that has a specific set of permissions. These are global objects and can be used across tenants. * * @author Brian Pontarelli */ -export interface ManagedFields { +export interface EntityType { + data?: Record; + id?: UUID; + insertInstant?: number; + jwtConfiguration?: EntityJWTConfiguration; + lastUpdateInstant?: number; + name?: string; + permissions?: Array; } /** - * Response for the daily active user report. - * - * @author Brian Pontarelli + * JWT Configuration for entities. */ -export interface MonthlyActiveUserReportResponse { - monthlyActiveUsers?: Array; - total?: number; +export interface EntityJWTConfiguration extends Enableable { + accessTokenKeyId?: UUID; + timeToLiveInSeconds?: number; } /** + * Models the Group Member Update Complete Event. + * * @author Daniel DeGroff */ -export interface IdentityProviderLinkRequest extends BaseEventRequest { - identityProviderLink?: IdentityProviderLink; - pendingIdPLinkId?: string; +export interface GroupMemberUpdateCompleteEvent extends BaseGroupEvent { + members?: Array; } /** - * The types of lambdas that indicate how they are invoked by FusionAuth. + * Search criteria for Consents * - * @author Brian Pontarelli + * @author Spencer Witt */ -export enum LambdaType { - JWTPopulate = "JWTPopulate", - OpenIDReconcile = "OpenIDReconcile", - SAMLv2Reconcile = "SAMLv2Reconcile", - SAMLv2Populate = "SAMLv2Populate", - AppleReconcile = "AppleReconcile", - ExternalJWTReconcile = "ExternalJWTReconcile", - FacebookReconcile = "FacebookReconcile", - GoogleReconcile = "GoogleReconcile", - HYPRReconcile = "HYPRReconcile", - TwitterReconcile = "TwitterReconcile", - LDAPConnectorReconcile = "LDAPConnectorReconcile", - LinkedInReconcile = "LinkedInReconcile", - EpicGamesReconcile = "EpicGamesReconcile", - NintendoReconcile = "NintendoReconcile", - SonyPSNReconcile = "SonyPSNReconcile", - SteamReconcile = "SteamReconcile", - TwitchReconcile = "TwitchReconcile", - XboxReconcile = "XboxReconcile", - ClientCredentialsJWTPopulate = "ClientCredentialsJWTPopulate", - SCIMServerGroupRequestConverter = "SCIMServerGroupRequestConverter", - SCIMServerGroupResponseConverter = "SCIMServerGroupResponseConverter", - SCIMServerUserRequestConverter = "SCIMServerUserRequestConverter", - SCIMServerUserResponseConverter = "SCIMServerUserResponseConverter", - SelfServiceRegistrationValidation = "SelfServiceRegistrationValidation", - UserInfoPopulate = "UserInfoPopulate", - LoginValidation = "LoginValidation" +export interface ConsentSearchCriteria extends BaseSearchCriteria { + name?: string; } /** - * @author Daniel DeGroff + * A policy for deleting Users based upon some external criteria. + * + * @author Trevor Smith */ -export interface SecureGeneratorConfiguration { - length?: number; - type?: SecureGeneratorType; +export interface TimeBasedDeletePolicy extends Enableable { + enabledInstant?: number; + numberOfDaysToRetain?: number; } /** - * Models an LDAP connector. + * Raw login information for each time a user logs into an application. * - * @author Trevor Smith + * @author Brian Pontarelli */ -export interface LDAPConnectorConfiguration extends BaseConnectorConfiguration { - authenticationURL?: string; - baseStructure?: string; - connectTimeout?: number; - identifyingAttribute?: string; - lambdaConfiguration?: LambdaConfiguration; - loginIdAttribute?: string; - readTimeout?: number; - requestedAttributes?: Array; - securityMethod?: LDAPSecurityMethod; - systemAccountDN?: string; - systemAccountPassword?: string; +export interface RawLogin { + applicationId?: UUID; + instant?: number; + ipAddress?: string; + userId?: UUID; } /** - * External JWT-only identity provider. - * - * @author Daniel DeGroff and Brian Pontarelli + * @author Daniel DeGroff */ -export interface ExternalJWTIdentityProvider extends BaseIdentityProvider { - claimMap?: Record; - defaultKeyId?: UUID; - domains?: Array; - headerKeyParameter?: string; - oauth2?: IdentityProviderOauth2Configuration; - uniqueIdentityClaim?: string; +export enum BreachedPasswordStatus { + None = "None", + ExactMatch = "ExactMatch", + SubAddressMatch = "SubAddressMatch", + PasswordOnly = "PasswordOnly", + CommonPassword = "CommonPassword" } /** - * Lambda API request object. + * Base class for all FusionAuth events. * * @author Brian Pontarelli */ -export interface LambdaRequest { - lambda?: Lambda; +export interface BaseEvent { + createInstant?: number; + id?: UUID; + info?: EventInfo; + tenantId?: UUID; + type?: EventType; } /** - * Models an event where a user's email is updated outside of a forgot / change password workflow. - * * @author Daniel DeGroff */ -export interface UserEmailUpdateEvent extends BaseUserEvent { - previousEmail?: string; +export interface SystemTrustedProxyConfiguration { + trusted?: Array; + trustPolicy?: SystemTrustedProxyConfigurationPolicy; } /** - * Raw login information for each time a user logs into an application. + * Authentication key response object. * - * @author Brian Pontarelli + * @author Sanjay */ -export interface RawLogin { - applicationId?: UUID; - instant?: number; - ipAddress?: string; - userId?: UUID; +export interface APIKeyResponse { + apiKey?: APIKey; } /** - * Search response for Group Members - * * @author Daniel DeGroff */ -export interface GroupMemberSearchResponse { - members?: Array; - total?: number; +export interface LoginRecordExportRequest extends BaseExportRequest { + criteria?: LoginRecordSearchCriteria; } /** - * API response for retrieving Refresh Tokens + * Search criteria for the webhook event log. * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface RefreshTokenResponse { - refreshToken?: RefreshToken; - refreshTokens?: Array; -} - -/** - * @author Daniel DeGroff - */ -export interface DeviceApprovalResponse { - deviceGrantStatus?: string; - deviceInfo?: DeviceInfo; - identityProviderLink?: IdentityProviderLink; - tenantId?: UUID; - userId?: UUID; +export interface WebhookEventLogSearchCriteria extends BaseSearchCriteria { + end?: number; + event?: string; + eventResult?: WebhookEventResult; + eventType?: EventType; + start?: number; } /** - * JSON Web Token (JWT) as defined by RFC 7519. - * 

- * From RFC 7519 Section 1. Introduction:
- *    The suggested pronunciation of JWT is the same as the English word "jot".
- *
- * The JWT is not Thread-Safe and should not be re-used. + * Application-level configuration for WebAuthn * * @author Daniel DeGroff */ -export interface JWT { - aud?: any; - exp?: number; - iat?: number; - iss?: string; - jti?: string; - nbf?: number; - [otherClaims: string]: any; // Any other fields - sub?: string; +export interface ApplicationWebAuthnConfiguration extends Enableable { + bootstrapWorkflow?: ApplicationWebAuthnWorkflowConfiguration; + reauthenticationWorkflow?: ApplicationWebAuthnWorkflowConfiguration; } /** - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface Tenantable { +export interface VerifyEmailRequest extends BaseEventRequest { + oneTimeCode?: string; + userId?: UUID; + verificationId?: string; } /** - * Used by the Relying Party to specify their requirements for authenticator attributes. Fields use the deprecated "resident key" terminology to refer - * to client-side discoverable credentials to maintain backwards compatibility with WebAuthn Level 1. - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface AuthenticatorSelectionCriteria { - authenticatorAttachment?: AuthenticatorAttachment; - requireResidentKey?: boolean; - residentKey?: ResidentKeyRequirement; - userVerification?: UserVerificationRequirement; +export interface SecureIdentity { + breachedPasswordLastCheckedInstant?: number; + breachedPasswordStatus?: BreachedPasswordStatus; + connectorId?: UUID; + encryptionScheme?: string; + factor?: number; + id?: UUID; + lastLoginInstant?: number; + password?: string; + passwordChangeReason?: ChangePasswordReason; + passwordChangeRequired?: boolean; + passwordLastUpdateInstant?: number; + salt?: string; + uniqueUsername?: string; + username?: string; + usernameStatus?: ContentStatus; + verified?: boolean; + verifiedInstant?: number; } /** * @author Daniel DeGroff */ -export interface ApplicationWebAuthnWorkflowConfiguration extends Enableable { +export enum FormControl { + checkbox = "checkbox", + number = "number", + password = "password", + radio = "radio", + select = "select", + textarea = "textarea", + text = "text" } /** - * Used to communicate whether and how authenticator attestation should be delivered to the Relying Party + * A raw login record response * - * @author Spencer Witt + * @author Daniel DeGroff */ -export enum AttestationConveyancePreference { - none = "none", - indirect = "indirect", - direct = "direct", - enterprise = "enterprise" +export interface LoginRecordSearchResponse { + logins?: Array; + total?: number; } /** - * SAML v2 identity provider configuration. + * Response for the registration report. * * @author Brian Pontarelli */ -export interface SAMLv2IdentityProvider extends BaseSAMLv2IdentityProvider { - assertionConfiguration?: SAMLv2AssertionConfiguration; - buttonImageURL?: string; - buttonText?: string; - domains?: Array; - idpEndpoint?: string; - idpInitiatedConfiguration?: SAMLv2IdpInitiatedConfiguration; - issuer?: string; - loginHintConfiguration?: LoginHintConfiguration; - nameIdFormat?: string; - postRequest?: boolean; - requestSigningKeyId?: UUID; - signRequest?: boolean; - xmlSignatureC14nMethod?: CanonicalizationMethod; +export interface RegistrationReportResponse { + hourlyCounts?: Array; + total?: number; } /** - * Facebook social login provider. + * Forgot password response object. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface FacebookIdentityProvider extends BaseIdentityProvider { - appId?: string; - buttonText?: string; - client_secret?: string; - fields?: string; - loginMethod?: IdentityProviderLoginMethod; - permissions?: string; +export interface ForgotPasswordResponse { + changePasswordId?: string; } /** - * An expandable API request. + * Models a User consent. * * @author Daniel DeGroff */ -export interface ExpandableRequest { - expand?: Array; +export interface UserConsent { + consent?: Consent; + consentId?: UUID; + data?: Record; + giverUserId?: UUID; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + status?: ConsentStatus; + userId?: UUID; + values?: Array; } /** - * Models a set of localized Integers that can be stored as JSON. + * Twitch gaming login provider. * - * @author Daniel DeGroff + * @author Brett Pontarelli */ -export interface LocalizedIntegers extends Record { +export interface TwitchIdentityProvider extends BaseIdentityProvider { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; } /** - * Interface for all identity providers that can be domain based. + * @author Daniel DeGroff */ -export interface DomainBasedIdentityProvider { +export interface IdentityProviderStartLoginResponse { + code?: string; } /** + * Form response. + * * @author Daniel DeGroff */ -export enum ObjectState { - Active = "Active", - Inactive = "Inactive", - PendingDelete = "PendingDelete" +export interface FormRequest { + form?: Form; } /** - * Email template request. + * Tenant search response * - * @author Brian Pontarelli + * @author Mark Manes */ -export interface EmailTemplateRequest { - emailTemplate?: EmailTemplate; +export interface TenantSearchResponse { + tenants?: Array; + total?: number; } /** - * API response for completing WebAuthn credential registration or assertion + * Key API request object. * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface WebAuthnRegisterCompleteResponse { - credential?: WebAuthnCredential; +export interface KeyRequest { + key?: Key; } -export interface IdentityProviderDetails { - applicationIds?: Array; - id?: UUID; - idpEndpoint?: string; - name?: string; - oauth2?: IdentityProviderOauth2Configuration; - type?: IdentityProviderType; +/** + * Models an event where a user is being updated and tries to use an "in-use" login Id (email or username). + * + * @author Daniel DeGroff + */ +export interface UserLoginIdDuplicateOnUpdateEvent extends UserLoginIdDuplicateOnCreateEvent { } /** - * Events that are bound to applications. + * Location information. Useful for IP addresses and other displayable data objects. * * @author Brian Pontarelli */ -export interface ApplicationEvent { +export interface Location { + city?: string; + country?: string; + displayString?: string; + latitude?: number; + longitude?: number; + region?: string; + zipcode?: string; } /** - * @author Brett Pontarelli + * @author Brett Guy */ -export enum AuthenticationThreats { - ImpossibleTravel = "ImpossibleTravel" +export interface IPAccessControlListRequest { + ipAccessControlList?: IPAccessControlList; } /** - * @author Daniel DeGroff + * Controls the policy for whether OAuth workflows will more strictly adhere to the OAuth and OIDC specification + * or run in backwards compatibility mode. + * + * @author David Charles */ -export interface TenantRequest extends BaseEventRequest { - sourceTenantId?: UUID; - tenant?: Tenant; - webhookIds?: Array; +export enum OAuthScopeHandlingPolicy { + Compatibility = "Compatibility", + Strict = "Strict" } /** - * @author Brett Guy + * Import request. + * + * @author Brian Pontarelli */ -export interface IPAccessControlListSearchCriteria extends BaseSearchCriteria { - name?: string; +export interface ImportRequest extends BaseEventRequest { + encryptionScheme?: string; + factor?: number; + users?: Array; + validateDbConstraints?: boolean; } /** + * Models an event where a user's email is updated outside of a forgot / change password workflow. + * * @author Daniel DeGroff */ -export interface AppleApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - bundleId?: string; - buttonText?: string; - keyId?: UUID; - scope?: string; - servicesId?: string; - teamId?: string; +export interface UserEmailUpdateEvent extends BaseUserEvent { + previousEmail?: string; } /** - * @author Spencer Witt + * @author Lyle Schemmerling */ -export interface TenantWebAuthnWorkflowConfiguration extends Enableable { - authenticatorAttachmentPreference?: AuthenticatorAttachmentPreference; - userVerificationRequirement?: UserVerificationRequirement; +export interface SAMLv2DestinationAssertionConfiguration { + alternates?: Array; + policy?: SAMLv2DestinationAssertionPolicy; } /** - * Model a user event when a two-factor method has been added. + * The possible states of an individual webhook attempt to a single endpoint. * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface UserTwoFactorMethodRemoveEvent extends BaseUserEvent { - method?: TwoFactorMethod; -} - -export interface UsernameModeration extends Enableable { - applicationId?: UUID; +export enum WebhookAttemptResult { + Success = "Success", + Failure = "Failure", + Unknown = "Unknown" } /** - * Authentication key request object. + * Models the User Login Success Event. * - * @author Sanjay + * @author Daniel DeGroff */ -export interface APIKeyRequest { - apiKey?: APIKey; - sourceKeyId?: UUID; -} - -export interface EventConfigurationData extends Enableable { - transactionType?: TransactionType; +export interface UserLoginSuccessEvent extends BaseUserEvent { + applicationId?: UUID; + authenticationType?: string; + connectorId?: UUID; + identityProviderId?: UUID; + identityProviderName?: string; + ipAddress?: string; } /** - * The authenticator's response for the registration ceremony in its encoded format + * Models the User Update Registration Event. + *

+ * This is different than user.registration.update in that it is sent after this event completes, this cannot be transactional. * - * @author Spencer Witt - */ -export interface WebAuthnAuthenticatorRegistrationResponse { - attestationObject?: string; - clientDataJSON?: string; -} - -/** * @author Daniel DeGroff */ -export interface PasswordlessLoginRequest extends BaseLoginRequest { - code?: string; - twoFactorTrustId?: string; +export interface UserRegistrationUpdateCompleteEvent extends BaseUserEvent { + applicationId?: UUID; + original?: UserRegistration; + registration?: UserRegistration; } /** - * Search criteria for Consents + * Group API response object. * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface ConsentSearchCriteria extends BaseSearchCriteria { - name?: string; +export interface GroupResponse { + group?: Group; + groups?: Array; } /** - * JWT Configuration. A JWT Configuration for an Application may not be active if it is using the global configuration, the configuration - * may be enabled = false. - * * @author Daniel DeGroff */ -export interface JWTConfiguration extends Enableable { - accessTokenKeyId?: UUID; - idTokenKeyId?: UUID; - refreshTokenExpirationPolicy?: RefreshTokenExpirationPolicy; - refreshTokenRevocationPolicy?: RefreshTokenRevocationPolicy; - refreshTokenSlidingWindowConfiguration?: RefreshTokenSlidingWindowConfiguration; - refreshTokenTimeToLiveInMinutes?: number; - refreshTokenUsagePolicy?: RefreshTokenUsagePolicy; - timeToLiveInSeconds?: number; -} - -export interface EmailTemplateErrors { - parseErrors?: Record; - renderErrors?: Record; +export interface GoogleApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + buttonText?: string; + client_id?: string; + client_secret?: string; + loginMethod?: IdentityProviderLoginMethod; + properties?: GoogleIdentityProviderProperties; + scope?: string; } /** - * Models the User Login event that is suspicious. + * Event Log Type * * @author Daniel DeGroff */ -export interface UserLoginSuspiciousEvent extends UserLoginSuccessEvent { - threatsDetected?: Array; +export enum EventLogType { + Information = "Information", + Debug = "Debug", + Error = "Error" } /** - * Describes the Relying Party's requirements for client-side - * discoverable credentials (formerly known as "resident keys") + * The transaction types for Webhooks and other event systems within FusionAuth. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export enum ResidentKeyRequirement { - discouraged = "discouraged", - preferred = "preferred", - required = "required" +export enum TransactionType { + None = "None", + Any = "Any", + SimpleMajority = "SimpleMajority", + SuperMajority = "SuperMajority", + AbsoluteMajority = "AbsoluteMajority" } /** * @author Daniel DeGroff */ -export interface TestEvent extends BaseEvent { - message?: string; +export interface TenantFormConfiguration { + adminUserFormId?: UUID; } /** - * Webhook API response object. + * Facebook social login provider. * * @author Brian Pontarelli */ -export interface WebhookResponse { - webhook?: Webhook; - webhooks?: Array; +export interface FacebookIdentityProvider extends BaseIdentityProvider { + appId?: string; + buttonText?: string; + client_secret?: string; + fields?: string; + loginMethod?: IdentityProviderLoginMethod; + permissions?: string; } /** - * Information about a user event (login, register, etc) that helps identify the source of the event (location, device type, OS, etc). + * Request for the system configuration API. * * @author Brian Pontarelli */ -export interface EventInfo { - data?: Record; - deviceDescription?: string; - deviceName?: string; - deviceType?: string; - ipAddress?: string; - location?: Location; - os?: string; - userAgent?: string; +export interface SystemConfigurationRequest { + systemConfiguration?: SystemConfiguration; } /** - * Lambda API response object. + * Email template search response * - * @author Brian Pontarelli + * @author Mark Manes */ -export interface LambdaResponse { - lambda?: Lambda; - lambdas?: Array; +export interface EmailTemplateSearchResponse { + emailTemplates?: Array; + total?: number; } /** - * @author Brett Guy + * @author Daniel DeGroff */ -export enum ClientAuthenticationPolicy { - Required = "Required", - NotRequired = "NotRequired", - NotRequiredWhenUsingPKCE = "NotRequiredWhenUsingPKCE" +export interface EmailUnverifiedOptions { + allowEmailChangeWhenGated?: boolean; + behavior?: UnverifiedBehavior; } /** - * @author Daniel DeGroff + * COSE key type + * + * @author Spencer Witt */ -export enum RefreshTokenUsagePolicy { - Reusable = "Reusable", - OneTimeUse = "OneTimeUse" +export enum CoseKeyType { + Reserved = "0", + OKP = "1", + EC2 = "2", + RSA = "3", + Symmetric = "4" } /** - * Container for the event information. This is the JSON that is sent from FusionAuth to webhooks. - * * @author Brian Pontarelli */ -export interface EventRequest { - event?: BaseEvent; +export interface FamilyConfiguration extends Enableable { + allowChildRegistrations?: boolean; + confirmChildEmailTemplateId?: UUID; + deleteOrphanedAccounts?: boolean; + deleteOrphanedAccountsDays?: number; + familyRequestEmailTemplateId?: UUID; + maximumChildAge?: number; + minimumOwnerAge?: number; + parentEmailRequired?: boolean; + parentRegistrationEmailTemplateId?: UUID; } /** - * Available Integrations + * API response for completing WebAuthn credential registration or assertion * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface Integrations { - cleanspeak?: CleanSpeakConfiguration; - kafka?: KafkaConfiguration; +export interface WebAuthnRegisterCompleteResponse { + credential?: WebAuthnCredential; } /** - * Models the User Password Update Event. - * * @author Daniel DeGroff */ -export interface UserPasswordUpdateEvent extends BaseUserEvent { +export interface TwoFactorStatusResponse { + trusts?: Array; + twoFactorTrustId?: string; +} + +export interface TwoFactorTrust { + applicationId?: UUID; + expiration?: number; + startInstant?: number; } /** - * Standard error domain object that can also be used as the response from an API call. - * * @author Brian Pontarelli */ -export interface Errors { - fieldErrors?: Record>; - generalErrors?: Array; +export interface PendingResponse { + users?: Array; } /** - * @author Michael Sleevi + * Search criteria for Groups + * + * @author Daniel DeGroff */ -export interface PreviewMessageTemplateResponse { - errors?: Errors; - message?: SMSMessage; +export interface GroupSearchCriteria extends BaseSearchCriteria { + name?: string; + tenantId?: UUID; } /** - * The possible states of an individual webhook attempt to a single endpoint. + * Models the User Event (and can be converted to JSON) that is used for all user modifications (create, update, + * delete). + *

+ * This is different than user.delete because it is sent after the tx is committed, this cannot be transactional. * - * @author Spencer Witt + * @author Daniel DeGroff */ -export enum WebhookAttemptResult { - Success = "Success", - Failure = "Failure", - Unknown = "Unknown" +export interface UserDeleteCompleteEvent extends BaseUserEvent { } /** * @author Daniel DeGroff */ -export interface TenantFormConfiguration { - adminUserFormId?: UUID; -} - -export enum DeviceType { - BROWSER = "BROWSER", - DESKTOP = "DESKTOP", - LAPTOP = "LAPTOP", - MOBILE = "MOBILE", - OTHER = "OTHER", - SERVER = "SERVER", - TABLET = "TABLET", - TV = "TV", - UNKNOWN = "UNKNOWN" +export interface SortField { + missing?: string; + name?: string; + order?: Sort; } /** - * Event log used internally by FusionAuth to help developers debug hooks, Webhooks, email templates, etc. + * Request to complete the WebAuthn registration ceremony for a new credential,. * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface EventLog { - id?: number; - insertInstant?: number; - message?: string; - type?: EventLogType; +export interface WebAuthnRegisterCompleteRequest { + credential?: WebAuthnPublicKeyRegistrationRequest; + origin?: string; + rpId?: string; + userId?: UUID; } /** - * This class is a simple attachment with a byte array, name and MIME type. + * Search criteria for Lambdas * - * @author Brian Pontarelli + * @author Mark Manes */ -export interface Attachment { - attachment?: Array; - mime?: string; +export interface LambdaSearchCriteria extends BaseSearchCriteria { + body?: string; name?: string; + type?: LambdaType; } /** - * A grant for an entity to a user or another entity. + * User API request object. * * @author Brian Pontarelli */ -export interface EntityGrant { - data?: Record; - entity?: Entity; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - permissions?: Array; - recipientEntityId?: UUID; - userId?: UUID; +export interface UserRequest extends BaseEventRequest { + applicationId?: UUID; + currentPassword?: string; + disableDomainBlock?: boolean; + sendSetPasswordEmail?: boolean; + skipVerification?: boolean; + user?: User; } /** - * User comment search response + * @author Daniel DeGroff + */ +export interface TenantLoginConfiguration { + requireAuthentication?: boolean; +} + +/** + * @author Trevor Smith + */ +export interface DeviceResponse { + device_code?: string; + expires_in?: number; + interval?: number; + user_code?: string; + verification_uri?: string; + verification_uri_complete?: string; +} + +/** + * Request for the Logout API that can be used as an alternative to URL parameters. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface UserCommentSearchResponse { - total?: number; - userComments?: Array; +export interface LogoutRequest extends BaseEventRequest { + global?: boolean; + refreshToken?: string; } /** - * @author Brett Pontarelli + * @author Daniel DeGroff */ -export enum CaptchaMethod { - GoogleRecaptchaV2 = "GoogleRecaptchaV2", - GoogleRecaptchaV3 = "GoogleRecaptchaV3", - HCaptcha = "HCaptcha", - HCaptchaEnterprise = "HCaptchaEnterprise" +export interface VerifyRegistrationRequest extends BaseEventRequest { + oneTimeCode?: string; + verificationId?: string; +} + +export enum ThemeType { + advanced = "advanced", + simple = "simple" } /** - * @author Seth Musselman + * @author Daniel DeGroff */ -export interface Application { - accessControlConfiguration?: ApplicationAccessControlConfiguration; - active?: boolean; - authenticationTokenConfiguration?: AuthenticationTokenConfiguration; - cleanSpeakConfiguration?: CleanSpeakConfiguration; +export interface TenantRateLimitConfiguration { + failedLogin?: RateLimitedRequestConfiguration; + forgotPassword?: RateLimitedRequestConfiguration; + sendEmailVerification?: RateLimitedRequestConfiguration; + sendPasswordless?: RateLimitedRequestConfiguration; + sendRegistrationVerification?: RateLimitedRequestConfiguration; + sendTwoFactor?: RateLimitedRequestConfiguration; +} + +/** + * @author Daniel DeGroff + */ +export interface Tenant { + accessControlConfiguration?: TenantAccessControlConfiguration; + captchaConfiguration?: TenantCaptchaConfiguration; + configured?: boolean; + connectorPolicies?: Array; data?: Record; - emailConfiguration?: ApplicationEmailConfiguration; - externalIdentifierConfiguration?: ApplicationExternalIdentifierConfiguration; - formConfiguration?: ApplicationFormConfiguration; + emailConfiguration?: EmailConfiguration; + eventConfiguration?: EventConfiguration; + externalIdentifierConfiguration?: ExternalIdentifierConfiguration; + failedAuthenticationConfiguration?: FailedAuthenticationConfiguration; + familyConfiguration?: FamilyConfiguration; + formConfiguration?: TenantFormConfiguration; + httpSessionMaxInactiveInterval?: number; id?: UUID; insertInstant?: number; + issuer?: string; jwtConfiguration?: JWTConfiguration; - lambdaConfiguration?: LambdaConfiguration; + lambdaConfiguration?: TenantLambdaConfiguration; lastUpdateInstant?: number; - loginConfiguration?: LoginConfiguration; - multiFactorConfiguration?: ApplicationMultiFactorConfiguration; + loginConfiguration?: TenantLoginConfiguration; + logoutURL?: string; + maximumPasswordAge?: MaximumPasswordAge; + minimumPasswordAge?: MinimumPasswordAge; + multiFactorConfiguration?: TenantMultiFactorConfiguration; name?: string; - oauthConfiguration?: OAuth2Configuration; - passwordlessConfiguration?: PasswordlessConfiguration; - registrationConfiguration?: RegistrationConfiguration; - registrationDeletePolicy?: ApplicationRegistrationDeletePolicy; - roles?: Array; - samlv2Configuration?: SAMLv2Configuration; - scopes?: Array; + oauthConfiguration?: TenantOAuth2Configuration; + passwordEncryptionConfiguration?: PasswordEncryptionConfiguration; + passwordValidationRules?: PasswordValidationRules; + rateLimitConfiguration?: TenantRateLimitConfiguration; + registrationConfiguration?: TenantRegistrationConfiguration; + scimServerConfiguration?: TenantSCIMServerConfiguration; + ssoConfiguration?: TenantSSOConfiguration; state?: ObjectState; - tenantId?: UUID; themeId?: UUID; - unverified?: RegistrationUnverifiedOptions; - verificationEmailTemplateId?: UUID; - verificationStrategy?: VerificationStrategy; - verifyRegistration?: boolean; - webAuthnConfiguration?: ApplicationWebAuthnConfiguration; + userDeletePolicy?: TenantUserDeletePolicy; + usernameConfiguration?: TenantUsernameConfiguration; + webAuthnConfiguration?: TenantWebAuthnConfiguration; } -/** - * @author Daniel DeGroff - */ -export interface SortField { - missing?: string; - name?: string; - order?: Sort; +export interface TenantOAuth2Configuration { + clientCredentialsAccessTokenPopulateLambdaId?: UUID; } /** - * SAML v2 IdP Initiated identity provider configuration. + * Models the Group Member Add Complete Event. * * @author Daniel DeGroff */ -export interface SAMLv2IdPInitiatedIdentityProvider extends BaseSAMLv2IdentityProvider { - issuer?: string; +export interface GroupMemberAddCompleteEvent extends BaseGroupEvent { + members?: Array; } /** - * Search criteria for the event log. + * Request for the Tenant API to delete a tenant rather than using the URL parameters. * * @author Brian Pontarelli */ -export interface EventLogSearchCriteria extends BaseSearchCriteria { - end?: number; - message?: string; - start?: number; - type?: EventLogType; -} - -export enum KeyAlgorithm { - ES256 = "ES256", - ES384 = "ES384", - ES512 = "ES512", - HS256 = "HS256", - HS384 = "HS384", - HS512 = "HS512", - RS256 = "RS256", - RS384 = "RS384", - RS512 = "RS512" +export interface TenantDeleteRequest extends BaseEventRequest { + async?: boolean; } /** - * @author Daniel DeGroff + * The types of connectors. This enum is stored as an ordinal on the identities table, order must be maintained. + * + * @author Trevor Smith */ -export interface JWTVendResponse { - token?: string; +export enum ConnectorType { + FusionAuth = "FusionAuth", + Generic = "Generic", + LDAP = "LDAP" } /** - * Reindex API request + * Models the User Login event for a new device (un-recognized) * * @author Daniel DeGroff */ -export interface ReindexRequest { - index?: string; +export interface UserLoginNewDeviceEvent extends UserLoginSuccessEvent { } /** - * Entity grant API response object. - * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface EntityGrantResponse { - grant?: EntityGrant; - grants?: Array; -} - -export interface RegistrationConfiguration extends Enableable { - birthDate?: Requirable; - confirmPassword?: boolean; - firstName?: Requirable; - formId?: UUID; - fullName?: Requirable; - lastName?: Requirable; - loginIdType?: LoginIdType; - middleName?: Requirable; - mobilePhone?: Requirable; - preferredLanguages?: Requirable; - type?: RegistrationType; +export interface TenantWebAuthnWorkflowConfiguration extends Enableable { + authenticatorAttachmentPreference?: AuthenticatorAttachmentPreference; + userVerificationRequirement?: UserVerificationRequirement; } /** - * Helper interface that indicates an identity provider can be federated to using the HTTP POST method. + * Xbox gaming login provider. * - * @author Brian Pontarelli + * @author Brett Pontarelli */ -export interface SupportsPostBindings { +export interface XboxIdentityProvider extends BaseIdentityProvider { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; } /** * @author Daniel DeGroff */ -export interface OAuth2Configuration { - authorizedOriginURLs?: Array; - authorizedRedirectURLs?: Array; - authorizedURLValidationPolicy?: Oauth2AuthorizedURLValidationPolicy; - clientAuthenticationPolicy?: ClientAuthenticationPolicy; - clientId?: string; - clientSecret?: string; - consentMode?: OAuthScopeConsentMode; - debug?: boolean; - deviceVerificationURL?: string; - enabledGrants?: Array; - generateRefreshTokens?: boolean; - logoutBehavior?: LogoutBehavior; - logoutURL?: string; - proofKeyForCodeExchangePolicy?: ProofKeyForCodeExchangePolicy; - providedScopePolicy?: ProvidedScopePolicy; - relationship?: OAuthApplicationRelationship; - requireClientAuthentication?: boolean; - requireRegistration?: boolean; - scopeHandlingPolicy?: OAuthScopeHandlingPolicy; - unknownScopePolicy?: UnknownScopePolicy; +export interface TwitterApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + buttonText?: string; + consumerKey?: string; + consumerSecret?: string; } /** - * @author Daniel DeGroff + * @author Trevor Smith */ -export interface TwoFactorSendRequest { - applicationId?: UUID; - email?: string; - method?: string; - methodId?: string; - mobilePhone?: string; - userId?: UUID; +export interface ConnectorRequest { + connector?: BaseConnectorConfiguration; } /** - * Search criteria for Applications + * External JWT-only identity provider. * - * @author Spencer Witt + * @author Daniel DeGroff and Brian Pontarelli */ -export interface ApplicationSearchCriteria extends BaseSearchCriteria { - name?: string; - state?: ObjectState; - tenantId?: UUID; +export interface ExternalJWTIdentityProvider extends BaseIdentityProvider { + claimMap?: Record; + defaultKeyId?: UUID; + domains?: Array; + headerKeyParameter?: string; + oauth2?: IdentityProviderOauth2Configuration; + uniqueIdentityClaim?: string; } /** - * Models the User Registration Verified Event. + * Request to register a new public key with WebAuthn * - * @author Trevor Smith + * @author Spencer Witt */ -export interface UserRegistrationVerifiedEvent extends BaseUserEvent { - applicationId?: UUID; - registration?: UserRegistration; +export interface WebAuthnPublicKeyRegistrationRequest { + clientExtensionResults?: WebAuthnExtensionsClientOutputs; + id?: string; + response?: WebAuthnAuthenticatorRegistrationResponse; + rpId?: string; + transports?: Array; + type?: string; } /** - * A Message Template Request to the API + * Webhook search response * - * @author Michael Sleevi + * @author Spencer Witt */ -export interface MessageTemplateRequest { - messageTemplate?: MessageTemplate; +export interface WebhookSearchResponse { + total?: number; + webhooks?: Array; } /** - * Entity Type API request object. + * @author Daniel DeGroff + */ +export interface RefreshResponse { +} + +/** + * Response for the login report. * * @author Brian Pontarelli */ -export interface EntityTypeRequest { - entityType?: EntityType; - permission?: EntityTypePermission; +export interface LoginReportResponse { + hourlyCounts?: Array; + total?: number; } /** - * A marker interface indicating this event cannot be made transactional. + * Group Member Delete Request * * @author Daniel DeGroff */ -export interface NonTransactionalEvent { +export interface MemberDeleteRequest { + memberIds?: Array; + members?: Record>; } /** - * Models the User Create Event. + * A historical state of a user log event. Since events can be modified, this stores the historical state. * * @author Brian Pontarelli */ -export interface UserCreateEvent extends BaseUserEvent { +export interface LogHistory { + historyItems?: Array; +} + +export interface HistoryItem { + actionerUserId?: UUID; + comment?: string; + createInstant?: number; + expiry?: number; +} + +/** + * @author Brian Pontarelli + */ +export interface AuditLogRequest extends BaseEventRequest { + auditLog?: AuditLog; } /** * @author Daniel DeGroff */ -export interface ApplicationMultiFactorConfiguration { - email?: MultiFactorEmailTemplate; - loginPolicy?: MultiFactorLoginPolicy; - sms?: MultiFactorSMSTemplate; - trustPolicy?: ApplicationMultiFactorTrustPolicy; +export interface RateLimitedRequestConfiguration extends Enableable { + limit?: number; + timePeriodInSeconds?: number; } /** + * A marker interface indicating this event cannot be made transactional. + * * @author Daniel DeGroff */ -export enum FormType { - registration = "registration", - adminRegistration = "adminRegistration", - adminUser = "adminUser", - selfServiceUser = "selfServiceUser" +export interface NonTransactionalEvent { } /** - * @author Brian Pontarelli + * @author Brett Guy */ -export interface TwoFactorRequest extends BaseEventRequest { - applicationId?: UUID; - authenticatorId?: string; - code?: string; - email?: string; - method?: string; - mobilePhone?: string; - secret?: string; - secretBase32Encoded?: string; - twoFactorId?: string; +export enum ProofKeyForCodeExchangePolicy { + Required = "Required", + NotRequired = "NotRequired", + NotRequiredWhenUsingClientAuthentication = "NotRequiredWhenUsingClientAuthentication" } /** - * User Action Reason API request object. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface UserActionReasonRequest { - userActionReason?: UserActionReason; +export interface TwoFactorResponse { + code?: string; + recoveryCodes?: Array; } /** - * Domain for a public key, key pair or an HMAC secret. This is used by KeyMaster to manage keys for JWTs, SAML, etc. + * Epic gaming login provider. * - * @author Brian Pontarelli + * @author Brett Pontarelli */ -export interface Key { - algorithm?: KeyAlgorithm; - certificate?: string; - certificateInformation?: CertificateInformation; - expirationInstant?: number; - hasPrivateKey?: boolean; +export interface EpicGamesIdentityProvider extends BaseIdentityProvider { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; +} + +// Do not require a setter for 'type', it is defined by the concrete class and is not mutable +export interface BaseMessengerConfiguration { + data?: Record; + debug?: boolean; id?: UUID; insertInstant?: number; - issuer?: string; - kid?: string; lastUpdateInstant?: number; - length?: number; name?: string; - privateKey?: string; - publicKey?: string; - secret?: string; - type?: KeyType; + transport?: string; + type?: MessengerType; } /** - * Models the User Bulk Create Event. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface UserBulkCreateEvent extends BaseEvent { - users?: Array; +export interface SecretResponse { + secret?: string; + secretBase32Encoded?: string; } /** - * @author Daniel DeGroff + * Search request for entities + * + * @author Brett Guy */ -export interface IdentityProviderOauth2Configuration { - authorization_endpoint?: string; - client_id?: string; - client_secret?: string; - clientAuthenticationMethod?: ClientAuthenticationMethod; - emailClaim?: string; - emailVerifiedClaim?: string; - issuer?: string; - scope?: string; - token_endpoint?: string; - uniqueIdClaim?: string; - userinfo_endpoint?: string; - usernameClaim?: string; +export interface EntitySearchResponse { + entities?: Array; + nextResults?: string; + total?: number; } /** - * @author Daniel DeGroff + * @author Rob Davis */ -export interface IntrospectResponse extends Record { +export interface TenantLambdaConfiguration { + loginValidationId?: UUID; + scimEnterpriseUserRequestConverterId?: UUID; + scimEnterpriseUserResponseConverterId?: UUID; + scimGroupRequestConverterId?: UUID; + scimGroupResponseConverterId?: UUID; + scimUserRequestConverterId?: UUID; + scimUserResponseConverterId?: UUID; } /** - * @author Daniel DeGroff + * @author Mikey Sleevi */ -export interface RefreshTokenRevocationPolicy { - onLoginPrevented?: boolean; - onMultiFactorEnable?: boolean; - onPasswordChanged?: boolean; +export enum MessageType { + SMS = "SMS" } /** - * Base class for all {@link User}-related events. + * Describes the Relying Party's requirements for client-side + * discoverable credentials (formerly known as "resident keys") * * @author Spencer Witt */ -export interface BaseUserEvent extends BaseEvent { - user?: User; +export enum ResidentKeyRequirement { + discouraged = "discouraged", + preferred = "preferred", + required = "required" } /** - * @author Daniel DeGroff + * @author Trevor Smith */ -export interface MinimumPasswordAge extends Enableable { - seconds?: number; +export enum ChangePasswordReason { + Administrative = "Administrative", + Breached = "Breached", + Expired = "Expired", + Validation = "Validation" } /** - * Authentication key response object. - * - * @author Sanjay + * @author Brett Guy */ -export interface APIKeyResponse { - apiKey?: APIKey; +export interface GenericMessengerConfiguration extends BaseMessengerConfiguration { + connectTimeout?: number; + headers?: HTTPHeaders; + httpAuthenticationPassword?: string; + httpAuthenticationUsername?: string; + readTimeout?: number; + sslCertificate?: string; + url?: string; } /** - * Used to indicate what type of attestation was included in the authenticator response for a given WebAuthn credential at the time it was created + * SonyPSN gaming login provider. * - * @author Spencer Witt + * @author Brett Pontarelli */ -export enum AttestationType { - basic = "basic", - self = "self", - attestationCa = "attestationCa", - anonymizationCa = "anonymizationCa", - none = "none" +export interface SonyPSNIdentityProvider extends BaseIdentityProvider { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; } /** - * Models the Group Update Event. - * - * @author Daniel DeGroff + * @author Brett Guy */ -export interface GroupUpdateEvent extends BaseGroupEvent { - original?: Group; -} - -/** - * Models an entity that a user can be granted permissions to. Or an entity that can be granted permissions to another entity. - * - * @author Brian Pontarelli - */ -export interface Entity { - clientId?: string; - clientSecret?: string; - data?: Record; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - name?: string; - parentId?: UUID; - tenantId?: UUID; - type?: EntityType; -} - -export enum KeyType { - EC = "EC", - RSA = "RSA", - HMAC = "HMAC" +export interface IPAccessControlEntry { + action?: IPAccessControlEntryAction; + endIPAddress?: string; + startIPAddress?: string; } /** * @author Brian Pontarelli */ -export interface EventLogSearchRequest { - search?: EventLogSearchCriteria; +export interface Count { + count?: number; + interval?: number; } /** - * The types of connectors. This enum is stored as an ordinal on the identities table, order must be maintained. + * Models an LDAP connector. * * @author Trevor Smith */ -export enum ConnectorType { - FusionAuth = "FusionAuth", - Generic = "Generic", - LDAP = "LDAP" +export interface LDAPConnectorConfiguration extends BaseConnectorConfiguration { + authenticationURL?: string; + baseStructure?: string; + connectTimeout?: number; + identifyingAttribute?: string; + lambdaConfiguration?: LambdaConfiguration; + loginIdAttribute?: string; + readTimeout?: number; + requestedAttributes?: Array; + securityMethod?: LDAPSecurityMethod; + systemAccountDN?: string; + systemAccountPassword?: string; } -/** - * Import request. - * - * @author Brian Pontarelli - */ -export interface ImportRequest extends BaseEventRequest { - encryptionScheme?: string; - factor?: number; - users?: Array; - validateDbConstraints?: boolean; +export enum LDAPSecurityMethod { + None = "None", + LDAPS = "LDAPS", + StartTLS = "StartTLS" +} + +export interface LambdaConfiguration { + reconcileId?: UUID; } /** - * @author Daniel DeGroff + * @author Johnathon Wood */ -export interface FormFieldValidator extends Enableable { - expression?: string; +export enum Oauth2AuthorizedURLValidationPolicy { + AllowWildcards = "AllowWildcards", + ExactMatch = "ExactMatch" } /** - * Search request for entity grants. - * - * @author Brian Pontarelli + * @author Trevor Smith */ -export interface EntityGrantSearchRequest { - search?: EntityGrantSearchCriteria; +export interface CORSConfiguration extends Enableable { + allowCredentials?: boolean; + allowedHeaders?: Array; + allowedMethods?: Array; + allowedOrigins?: Array; + debug?: boolean; + exposedHeaders?: Array; + preflightMaxAgeInSeconds?: number; } /** - * Webhook search response + * Describes the authenticator attachment modality. * * @author Spencer Witt */ -export interface WebhookSearchResponse { - total?: number; - webhooks?: Array; +export enum AuthenticatorAttachment { + platform = "platform", + crossPlatform = "crossPlatform" } /** * @author Daniel DeGroff */ -export interface AppleIdentityProvider extends BaseIdentityProvider { - bundleId?: string; - buttonText?: string; - keyId?: UUID; - scope?: string; - servicesId?: string; - teamId?: string; +export interface AuditLogExportRequest extends BaseExportRequest { + criteria?: AuditLogSearchCriteria; } /** - * User registration information for a single application. + * Supply additional information about the user account when creating a new credential * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface UserRegistration { - applicationId?: UUID; - authenticationToken?: string; - cleanSpeakId?: UUID; - data?: Record; - id?: UUID; - insertInstant?: number; - lastLoginInstant?: number; - lastUpdateInstant?: number; - preferredLanguages?: Array; - roles?: Array; - timezone?: string; - tokens?: Record; - username?: string; - usernameStatus?: ContentStatus; - verified?: boolean; - verifiedInstant?: number; +export interface PublicKeyCredentialUserEntity extends PublicKeyCredentialEntity { + displayName?: string; + id?: string; } /** * @author Daniel DeGroff */ -export interface SecureIdentity { - breachedPasswordLastCheckedInstant?: number; - breachedPasswordStatus?: BreachedPasswordStatus; - connectorId?: UUID; - encryptionScheme?: string; - factor?: number; - id?: UUID; - lastLoginInstant?: number; - password?: string; - passwordChangeReason?: ChangePasswordReason; - passwordChangeRequired?: boolean; - passwordLastUpdateInstant?: number; - salt?: string; - uniqueUsername?: string; - username?: string; - usernameStatus?: ContentStatus; - verified?: boolean; - verifiedInstant?: number; +export interface FormStep { + fields?: Array; } /** - * @author Daniel DeGroff + * Search criteria for entity types. + * + * @author Brian Pontarelli */ -export interface ApplicationExternalIdentifierConfiguration { - twoFactorTrustIdTimeToLiveInSeconds?: number; +export interface EntityTypeSearchCriteria extends BaseSearchCriteria { + name?: string; } /** - * Entity Type API response object. + * Search criteria for Group Members * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface EntityTypeResponse { - entityType?: EntityType; - entityTypes?: Array; - permission?: EntityTypePermission; +export interface GroupMemberSearchCriteria extends BaseSearchCriteria { + groupId?: UUID; + tenantId?: UUID; + userId?: UUID; } -export interface LoginRecordConfiguration { - delete?: DeleteConfiguration; +/** + * @author Brett Pontarelli + */ +export enum IdentityProviderLoginMethod { + UsePopup = "UsePopup", + UseRedirect = "UseRedirect", + UseVendorJavaScript = "UseVendorJavaScript" } /** - * @author Daniel DeGroff + * Search criteria for themes + * + * @author Mark Manes */ -export interface VerifyEmailResponse { - oneTimeCode?: string; - verificationId?: string; +export interface ThemeSearchCriteria extends BaseSearchCriteria { + name?: string; + type?: ThemeType; } /** - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface EventConfiguration { - events?: Record; +export interface MinimumPasswordAge extends Enableable { + seconds?: number; } /** - * Models an event where a user is being updated and tries to use an "in-use" login Id (email or username). + * Login Ping API request object. * * @author Daniel DeGroff */ -export interface UserLoginIdDuplicateOnUpdateEvent extends UserLoginIdDuplicateOnCreateEvent { +export interface LoginPingRequest extends BaseLoginRequest { + userId?: UUID; } /** - * Models the Group Member Remove Complete Event. - * * @author Daniel DeGroff */ -export interface GroupMemberRemoveCompleteEvent extends BaseGroupEvent { - members?: Array; +export interface OpenIdConnectApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + buttonImageURL?: string; + buttonText?: string; + oauth2?: IdentityProviderOauth2Configuration; } -export interface EventLogConfiguration { - numberToRetain?: number; +/** + * @author Daniel DeGroff + */ +export interface IdentityProviderTenantConfiguration { + data?: Record; + limitUserLinkCount?: IdentityProviderLimitUserLinkingPolicy; } /** + * API request for User consent types. + * * @author Daniel DeGroff */ -export interface IdentityProviderResponse { - identityProvider?: BaseIdentityProvider; - identityProviders?: Array>; +export interface ConsentRequest { + consent?: Consent; } /** - * Search request for webhooks + * Supply information on credential type and algorithm to the authenticator. * * @author Spencer Witt */ -export interface WebhookSearchRequest { - search?: WebhookSearchCriteria; +export interface PublicKeyCredentialParameters { + alg?: CoseAlgorithmIdentifier; + type?: PublicKeyCredentialType; } /** - * Models the Group Member Add Complete Event. + * Models a set of localized Strings that can be stored as JSON. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface GroupMemberAddCompleteEvent extends BaseGroupEvent { - members?: Array; +export interface LocalizedStrings extends Record { } /** * @author Daniel DeGroff */ -export enum MultiFactorLoginPolicy { - Disabled = "Disabled", - Enabled = "Enabled", - Required = "Required" +export enum RefreshTokenUsagePolicy { + Reusable = "Reusable", + OneTimeUse = "OneTimeUse" } /** - * @author Daniel DeGroff + * @author Lyle Schemmerling */ -export interface PasswordlessStartRequest { - applicationId?: UUID; - loginId?: string; - state?: Record; +export enum SAMLv2DestinationAssertionPolicy { + Enabled = "Enabled", + Disabled = "Disabled", + AllowAlternates = "AllowAlternates" } /** + * Interface describing the need for CORS configuration. + * * @author Daniel DeGroff */ -export interface ExternalIdentifierConfiguration { - authorizationGrantIdTimeToLiveInSeconds?: number; - changePasswordIdGenerator?: SecureGeneratorConfiguration; - changePasswordIdTimeToLiveInSeconds?: number; - deviceCodeTimeToLiveInSeconds?: number; - deviceUserCodeIdGenerator?: SecureGeneratorConfiguration; - emailVerificationIdGenerator?: SecureGeneratorConfiguration; - emailVerificationIdTimeToLiveInSeconds?: number; - emailVerificationOneTimeCodeGenerator?: SecureGeneratorConfiguration; - externalAuthenticationIdTimeToLiveInSeconds?: number; - loginIntentTimeToLiveInSeconds?: number; - oneTimePasswordTimeToLiveInSeconds?: number; - passwordlessLoginGenerator?: SecureGeneratorConfiguration; - passwordlessLoginTimeToLiveInSeconds?: number; - pendingAccountLinkTimeToLiveInSeconds?: number; - registrationVerificationIdGenerator?: SecureGeneratorConfiguration; - registrationVerificationIdTimeToLiveInSeconds?: number; - registrationVerificationOneTimeCodeGenerator?: SecureGeneratorConfiguration; - rememberOAuthScopeConsentChoiceTimeToLiveInSeconds?: number; - samlv2AuthNRequestIdTimeToLiveInSeconds?: number; - setupPasswordIdGenerator?: SecureGeneratorConfiguration; - setupPasswordIdTimeToLiveInSeconds?: number; - trustTokenTimeToLiveInSeconds?: number; - twoFactorIdTimeToLiveInSeconds?: number; - twoFactorOneTimeCodeIdGenerator?: SecureGeneratorConfiguration; - twoFactorOneTimeCodeIdTimeToLiveInSeconds?: number; - twoFactorTrustIdTimeToLiveInSeconds?: number; - webAuthnAuthenticationChallengeTimeToLiveInSeconds?: number; - webAuthnRegistrationChallengeTimeToLiveInSeconds?: number; +export interface RequiresCORSConfiguration { } /** - * @author Daniel DeGroff + * Change password request object. + * + * @author Brian Pontarelli */ -export interface LoginRecordExportRequest extends BaseExportRequest { - criteria?: LoginRecordSearchCriteria; +export interface ChangePasswordRequest extends BaseEventRequest { + applicationId?: UUID; + changePasswordId?: string; + currentPassword?: string; + loginId?: string; + password?: string; + refreshToken?: string; + trustChallenge?: string; + trustToken?: string; } /** - * Describes the authenticator attachment modality. - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export enum AuthenticatorAttachment { - platform = "platform", - crossPlatform = "crossPlatform" +export interface IdentityProviderStartLoginRequest extends BaseLoginRequest { + data?: Record; + identityProviderId?: UUID; + loginId?: string; + state?: Record; } /** - * Email template response. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface EmailTemplateResponse { - emailTemplate?: EmailTemplate; - emailTemplates?: Array; +export interface OAuthError { + change_password_id?: string; + error?: OAuthErrorType; + error_description?: string; + error_reason?: OAuthErrorReason; + error_uri?: string; + two_factor_id?: string; + two_factor_methods?: Array; } -export interface TenantOAuth2Configuration { - clientCredentialsAccessTokenPopulateLambdaId?: UUID; +export enum OAuthErrorReason { + auth_code_not_found = "auth_code_not_found", + access_token_malformed = "access_token_malformed", + access_token_expired = "access_token_expired", + access_token_unavailable_for_processing = "access_token_unavailable_for_processing", + access_token_failed_processing = "access_token_failed_processing", + access_token_invalid = "access_token_invalid", + access_token_required = "access_token_required", + refresh_token_not_found = "refresh_token_not_found", + refresh_token_type_not_supported = "refresh_token_type_not_supported", + invalid_client_id = "invalid_client_id", + invalid_user_credentials = "invalid_user_credentials", + invalid_grant_type = "invalid_grant_type", + invalid_origin = "invalid_origin", + invalid_origin_opaque = "invalid_origin_opaque", + invalid_pkce_code_verifier = "invalid_pkce_code_verifier", + invalid_pkce_code_challenge = "invalid_pkce_code_challenge", + invalid_pkce_code_challenge_method = "invalid_pkce_code_challenge_method", + invalid_redirect_uri = "invalid_redirect_uri", + invalid_response_mode = "invalid_response_mode", + invalid_response_type = "invalid_response_type", + invalid_id_token_hint = "invalid_id_token_hint", + invalid_post_logout_redirect_uri = "invalid_post_logout_redirect_uri", + invalid_device_code = "invalid_device_code", + invalid_user_code = "invalid_user_code", + invalid_additional_client_id = "invalid_additional_client_id", + invalid_target_entity_scope = "invalid_target_entity_scope", + invalid_entity_permission_scope = "invalid_entity_permission_scope", + invalid_user_id = "invalid_user_id", + grant_type_disabled = "grant_type_disabled", + missing_client_id = "missing_client_id", + missing_client_secret = "missing_client_secret", + missing_code = "missing_code", + missing_code_challenge = "missing_code_challenge", + missing_code_verifier = "missing_code_verifier", + missing_device_code = "missing_device_code", + missing_grant_type = "missing_grant_type", + missing_redirect_uri = "missing_redirect_uri", + missing_refresh_token = "missing_refresh_token", + missing_response_type = "missing_response_type", + missing_token = "missing_token", + missing_user_code = "missing_user_code", + missing_user_id = "missing_user_id", + missing_verification_uri = "missing_verification_uri", + login_prevented = "login_prevented", + not_licensed = "not_licensed", + user_code_expired = "user_code_expired", + user_expired = "user_expired", + user_locked = "user_locked", + user_not_found = "user_not_found", + client_authentication_missing = "client_authentication_missing", + invalid_client_authentication_scheme = "invalid_client_authentication_scheme", + invalid_client_authentication = "invalid_client_authentication", + client_id_mismatch = "client_id_mismatch", + change_password_administrative = "change_password_administrative", + change_password_breached = "change_password_breached", + change_password_expired = "change_password_expired", + change_password_validation = "change_password_validation", + unknown = "unknown", + missing_required_scope = "missing_required_scope", + unknown_scope = "unknown_scope", + consent_canceled = "consent_canceled" } -/** - * Request to register a new public key with WebAuthn - * - * @author Spencer Witt - */ -export interface WebAuthnPublicKeyRegistrationRequest { - clientExtensionResults?: WebAuthnExtensionsClientOutputs; - id?: string; - response?: WebAuthnAuthenticatorRegistrationResponse; - rpId?: string; - transports?: Array; - type?: string; +export enum OAuthErrorType { + invalid_request = "invalid_request", + invalid_client = "invalid_client", + invalid_grant = "invalid_grant", + invalid_token = "invalid_token", + unauthorized_client = "unauthorized_client", + invalid_scope = "invalid_scope", + server_error = "server_error", + unsupported_grant_type = "unsupported_grant_type", + unsupported_response_type = "unsupported_response_type", + access_denied = "access_denied", + change_password_required = "change_password_required", + not_licensed = "not_licensed", + two_factor_required = "two_factor_required", + authorization_pending = "authorization_pending", + expired_token = "expired_token", + unsupported_token_type = "unsupported_token_type" } /** - * User API response object. - * - * @author Brian Pontarelli + * Interface for all identity providers that can be domain based. */ -export interface UserResponse { - emailVerificationId?: string; - emailVerificationOneTimeCode?: string; - registrationVerificationIds?: Record; - registrationVerificationOneTimeCodes?: Record; - token?: string; - tokenExpirationInstant?: number; - user?: User; +export interface DomainBasedIdentityProvider { } /** @@ -8745,374 +8673,351 @@ export interface DeviceInfo { type?: string; } -/** - * @author Michael Sleevi - */ -export interface SMSMessageTemplate extends MessageTemplate { - defaultTemplate?: string; - localizedTemplates?: LocalizedStrings; +export enum DeviceType { + BROWSER = "BROWSER", + DESKTOP = "DESKTOP", + LAPTOP = "LAPTOP", + MOBILE = "MOBILE", + OTHER = "OTHER", + SERVER = "SERVER", + TABLET = "TABLET", + TV = "TV", + UNKNOWN = "UNKNOWN" } /** - * User Action Reason API response object. + * Response for the system configuration API. * * @author Brian Pontarelli */ -export interface UserActionReasonResponse { - userActionReason?: UserActionReason; - userActionReasons?: Array; +export interface SystemConfigurationResponse { + systemConfiguration?: SystemConfiguration; } /** * @author Daniel DeGroff */ -export interface UserTwoFactorConfiguration { - methods?: Array; - recoveryCodes?: Array; +export interface ReactorStatus { + advancedIdentityProviders?: ReactorFeatureStatus; + advancedLambdas?: ReactorFeatureStatus; + advancedMultiFactorAuthentication?: ReactorFeatureStatus; + advancedOAuthScopes?: ReactorFeatureStatus; + advancedOAuthScopesCustomScopes?: ReactorFeatureStatus; + advancedOAuthScopesThirdPartyApplications?: ReactorFeatureStatus; + advancedRegistration?: ReactorFeatureStatus; + applicationMultiFactorAuthentication?: ReactorFeatureStatus; + applicationThemes?: ReactorFeatureStatus; + breachedPasswordDetection?: ReactorFeatureStatus; + connectors?: ReactorFeatureStatus; + entityManagement?: ReactorFeatureStatus; + expiration?: string; + licenseAttributes?: Record; + licensed?: boolean; + scimServer?: ReactorFeatureStatus; + threatDetection?: ReactorFeatureStatus; + webAuthn?: ReactorFeatureStatus; + webAuthnPlatformAuthenticators?: ReactorFeatureStatus; + webAuthnRoamingAuthenticators?: ReactorFeatureStatus; } /** - * @author Daniel DeGroff + * API response for completing WebAuthn assertion + * + * @author Spencer Witt */ -export interface PendingIdPLink { - displayName?: string; - email?: string; - identityProviderId?: UUID; - identityProviderLinks?: Array; - identityProviderName?: string; - identityProviderTenantConfiguration?: IdentityProviderTenantConfiguration; - identityProviderType?: IdentityProviderType; - identityProviderUserId?: string; - user?: User; - username?: string; +export interface WebAuthnAssertResponse { + credential?: WebAuthnCredential; } /** * @author Daniel DeGroff */ -export interface JWKSResponse { - keys?: Array; +export enum ApplicationMultiFactorTrustPolicy { + Any = "Any", + This = "This", + None = "None" } /** - * The Integration Response - * * @author Daniel DeGroff */ -export interface IntegrationResponse { - integrations?: Integrations; +export interface MaximumPasswordAge extends Enableable { + days?: number; } /** - * API response for starting a WebAuthn registration ceremony + * Information about a user event (login, register, etc) that helps identify the source of the event (location, device type, OS, etc). * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface WebAuthnRegisterStartResponse { - options?: PublicKeyCredentialCreationOptions; +export interface EventInfo { + data?: Record; + deviceDescription?: string; + deviceName?: string; + deviceType?: string; + ipAddress?: string; + location?: Location; + os?: string; + userAgent?: string; } /** - * @author Brett Pontarelli + * @author Daniel DeGroff */ -export interface TenantCaptchaConfiguration extends Enableable { - captchaMethod?: CaptchaMethod; - secretKey?: string; - siteKey?: string; - threshold?: number; +export enum RateLimitedRequestType { + FailedLogin = "FailedLogin", + ForgotPassword = "ForgotPassword", + SendEmailVerification = "SendEmailVerification", + SendPasswordless = "SendPasswordless", + SendRegistrationVerification = "SendRegistrationVerification", + SendTwoFactor = "SendTwoFactor" } /** - * The Application API response. + * Audit log response. * * @author Brian Pontarelli */ -export interface ApplicationResponse { - application?: Application; - applications?: Array; - role?: ApplicationRole; +export interface AuditLogSearchResponse { + auditLogs?: Array; + total?: number; } /** - * COSE Elliptic Curve identifier to determine which elliptic curve to use with a given key - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export enum CoseEllipticCurve { - Reserved = "Reserved", - P256 = "P256", - P384 = "P384", - P521 = "P521", - X25519 = "X25519", - X448 = "X448", - Ed25519 = "Ed25519", - Ed448 = "Ed448", - Secp256k1 = "Secp256k1" -} - -export enum LoginIdType { - email = "email", - username = "username" +export enum LambdaEngineType { + GraalJS = "GraalJS", + Nashorn = "Nashorn" } /** - * @author Daniel DeGroff + * SAML v2 identity provider configuration. + * + * @author Brian Pontarelli */ -export interface OpenIdConnectIdentityProvider extends BaseIdentityProvider { +export interface SAMLv2IdentityProvider extends BaseSAMLv2IdentityProvider { + assertionConfiguration?: SAMLv2AssertionConfiguration; buttonImageURL?: string; buttonText?: string; domains?: Array; - oauth2?: IdentityProviderOauth2Configuration; + idpEndpoint?: string; + idpInitiatedConfiguration?: SAMLv2IdpInitiatedConfiguration; + issuer?: string; + loginHintConfiguration?: LoginHintConfiguration; + nameIdFormat?: string; postRequest?: boolean; -} - -export interface UIConfiguration { - headerColor?: string; - logoURL?: string; - menuFontColor?: string; + requestSigningKeyId?: UUID; + signRequest?: boolean; + xmlSignatureC14nMethod?: CanonicalizationMethod; } /** - * Webhook event log response. + * API response for starting a WebAuthn authentication ceremony * * @author Spencer Witt */ -export interface WebhookEventLogResponse { - webhookEventLog?: WebhookEventLog; +export interface WebAuthnStartResponse { + options?: PublicKeyCredentialRequestOptions; } /** - * The public Status API response + * Search request for entity types. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface StatusResponse extends Record { +export interface EntityTypeSearchRequest { + search?: EntityTypeSearchCriteria; } -export enum RegistrationType { - basic = "basic", - advanced = "advanced" +// Do not require a setter for 'type', it is defined by the concrete class and is not mutable +export interface BaseConnectorConfiguration { + data?: Record; + debug?: boolean; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + name?: string; + type?: ConnectorType; } /** - * @author Brett Pontarelli + * API request for managing families and members. + * + * @author Brian Pontarelli */ -export interface XboxApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - buttonText?: string; - client_id?: string; - client_secret?: string; - scope?: string; +export interface FamilyRequest { + familyMember?: FamilyMember; } /** - * Search criteria for Groups - * * @author Daniel DeGroff */ -export interface GroupSearchCriteria extends BaseSearchCriteria { - name?: string; - tenantId?: UUID; -} - -export interface MultiFactorSMSMethod extends Enableable { - messengerId?: UUID; - templateId?: UUID; +export interface ReloadRequest { + names?: Array; } /** * @author Brett Guy */ -export interface MessengerResponse { - messenger?: BaseMessengerConfiguration; - messengers?: Array; +export interface TwoFactorStartRequest { + applicationId?: UUID; + code?: string; + loginId?: string; + state?: Record; + trustChallenge?: string; + userId?: UUID; } /** - * Models the User Login Failed Event. - * * @author Daniel DeGroff */ -export interface UserLoginFailedEvent extends BaseUserEvent { - applicationId?: UUID; - authenticationType?: string; - ipAddress?: string; - reason?: UserLoginFailedReason; +export interface ApplicationMultiFactorConfiguration { + email?: MultiFactorEmailTemplate; + loginPolicy?: MultiFactorLoginPolicy; + sms?: MultiFactorSMSTemplate; + trustPolicy?: ApplicationMultiFactorTrustPolicy; +} + +export interface MultiFactorEmailTemplate { + templateId?: UUID; +} + +export interface MultiFactorSMSTemplate { + templateId?: UUID; } /** * @author Daniel DeGroff */ -export interface Tenant { - accessControlConfiguration?: TenantAccessControlConfiguration; - captchaConfiguration?: TenantCaptchaConfiguration; - configured?: boolean; - connectorPolicies?: Array; - data?: Record; - emailConfiguration?: EmailConfiguration; - eventConfiguration?: EventConfiguration; - externalIdentifierConfiguration?: ExternalIdentifierConfiguration; - failedAuthenticationConfiguration?: FailedAuthenticationConfiguration; - familyConfiguration?: FamilyConfiguration; - formConfiguration?: TenantFormConfiguration; - httpSessionMaxInactiveInterval?: number; - id?: UUID; - insertInstant?: number; - issuer?: string; - jwtConfiguration?: JWTConfiguration; - lambdaConfiguration?: TenantLambdaConfiguration; - lastUpdateInstant?: number; - loginConfiguration?: TenantLoginConfiguration; - logoutURL?: string; - maximumPasswordAge?: MaximumPasswordAge; - minimumPasswordAge?: MinimumPasswordAge; - multiFactorConfiguration?: TenantMultiFactorConfiguration; - name?: string; - oauthConfiguration?: TenantOAuth2Configuration; - passwordEncryptionConfiguration?: PasswordEncryptionConfiguration; - passwordValidationRules?: PasswordValidationRules; - rateLimitConfiguration?: TenantRateLimitConfiguration; - registrationConfiguration?: TenantRegistrationConfiguration; - scimServerConfiguration?: TenantSCIMServerConfiguration; - ssoConfiguration?: TenantSSOConfiguration; - state?: ObjectState; - themeId?: UUID; - userDeletePolicy?: TenantUserDeletePolicy; - usernameConfiguration?: TenantUsernameConfiguration; - webAuthnConfiguration?: TenantWebAuthnConfiguration; +export interface IssueResponse { + refreshToken?: string; + token?: string; } /** - * Models the Group Member Update Complete Event. - * * @author Daniel DeGroff */ -export interface GroupMemberUpdateCompleteEvent extends BaseGroupEvent { - members?: Array; +export interface IdentityProviderLinkResponse { + identityProviderLink?: IdentityProviderLink; + identityProviderLinks?: Array; } -// Do not require a setter for 'type', it is defined by the concrete class and is not mutable -export interface BaseMessengerConfiguration { - data?: Record; - debug?: boolean; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - name?: string; - transport?: string; - type?: MessengerType; +/** + * Request to authenticate with WebAuthn + * + * @author Spencer Witt + */ +export interface WebAuthnPublicKeyAuthenticationRequest { + clientExtensionResults?: WebAuthnExtensionsClientOutputs; + id?: string; + response?: WebAuthnAuthenticatorAuthenticationResponse; + rpId?: string; + type?: string; } /** - * @author Daniel DeGroff + * Entity API request object. + * + * @author Brian Pontarelli */ -export interface TwoFactorStartResponse { - code?: string; - methods?: Array; - twoFactorId?: string; +export interface EntityRequest { + entity?: Entity; } -export interface PasswordlessConfiguration extends Enableable { +/** + * Models the Group Update Event. + * + * @author Daniel DeGroff + */ +export interface GroupUpdateEvent extends BaseGroupEvent { + original?: Group; } /** - * Search request for entity grants. + * CleanSpeak configuration at the system and application level. * * @author Brian Pontarelli */ -export interface EntityGrantSearchResponse { - grants?: Array; - total?: number; +export interface CleanSpeakConfiguration extends Enableable { + apiKey?: string; + applicationIds?: Array; + url?: string; + usernameModeration?: UsernameModeration; +} + +export interface UsernameModeration extends Enableable { + applicationId?: UUID; } /** - * @author Trevor Smith + * Stores an email template used to send emails to users. + * + * @author Brian Pontarelli */ -export interface Theme { - data?: Record; - defaultMessages?: string; +export interface EmailTemplate { + defaultFromName?: string; + defaultHtmlTemplate?: string; + defaultSubject?: string; + defaultTextTemplate?: string; + fromEmail?: string; id?: UUID; insertInstant?: number; lastUpdateInstant?: number; - localizedMessages?: LocalizedStrings; + localizedFromNames?: LocalizedStrings; + localizedHtmlTemplates?: LocalizedStrings; + localizedSubjects?: LocalizedStrings; + localizedTextTemplates?: LocalizedStrings; name?: string; - stylesheet?: string; - templates?: Templates; - type?: ThemeType; - variables?: SimpleThemeVariables; -} - -/** - * @author Daniel DeGroff - */ -export enum RefreshTokenExpirationPolicy { - Fixed = "Fixed", - SlidingWindow = "SlidingWindow", - SlidingWindowWithMaximumLifetime = "SlidingWindowWithMaximumLifetime" } /** - * Login API request object used for login to third-party systems (i.e. Login with Facebook). + * API response for managing families and members. * * @author Brian Pontarelli */ -export interface IdentityProviderLoginRequest extends BaseLoginRequest { - data?: Record; - encodedJWT?: string; - identityProviderId?: UUID; - noLink?: boolean; -} - -/** - * Group API response object. - * - * @author Daniel DeGroff - */ -export interface GroupResponse { - group?: Group; - groups?: Array; +export interface FamilyResponse { + families?: Array; + family?: Family; } /** - * A policy to configure if and when the user-action is canceled prior to the expiration of the action. + * Search response for Group Members * * @author Daniel DeGroff */ -export interface FailedAuthenticationActionCancelPolicy { - onPasswordReset?: boolean; +export interface GroupMemberSearchResponse { + members?: Array; + total?: number; } /** * @author Daniel DeGroff */ -export enum UnverifiedBehavior { - Allow = "Allow", - Gated = "Gated" +export interface BreachedPasswordTenantMetric { + actionRequired?: number; + matchedCommonPasswordCount?: number; + matchedExactCount?: number; + matchedPasswordCount?: number; + matchedSubAddressCount?: number; + passwordsCheckedCount?: number; } /** - * Models a consent. + * JWT Configuration. A JWT Configuration for an Application may not be active if it is using the global configuration, the configuration + * may be enabled = false. * * @author Daniel DeGroff */ -export interface Consent { - consentEmailTemplateId?: UUID; - countryMinimumAgeForSelfConsent?: LocalizedIntegers; - data?: Record; - defaultMinimumAgeForSelfConsent?: number; - emailPlus?: EmailPlus; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - multipleValuesAllowed?: boolean; - name?: string; - values?: Array; -} - -/** - * @author Brett Guy - */ -export interface IPAccessControlListRequest { - ipAccessControlList?: IPAccessControlList; +export interface JWTConfiguration extends Enableable { + accessTokenKeyId?: UUID; + idTokenKeyId?: UUID; + refreshTokenExpirationPolicy?: RefreshTokenExpirationPolicy; + refreshTokenRevocationPolicy?: RefreshTokenRevocationPolicy; + refreshTokenSlidingWindowConfiguration?: RefreshTokenSlidingWindowConfiguration; + refreshTokenTimeToLiveInMinutes?: number; + refreshTokenUsagePolicy?: RefreshTokenUsagePolicy; + timeToLiveInSeconds?: number; } /** @@ -9124,602 +9029,472 @@ export interface SAMLv2ApplicationConfiguration extends BaseIdentityProviderAppl } /** - * @author Brian Pontarelli + * @author Brett Guy */ -export interface AuditLogSearchRequest { - search?: AuditLogSearchCriteria; +export interface MessengerRequest { + messenger?: BaseMessengerConfiguration; } /** - * Models the User Password Breach Event. + * A log for an action that was taken on a User. * - * @author Matthew Altman - */ -export interface UserPasswordBreachEvent extends BaseUserEvent { -} - -/** - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface ReactorMetrics { - breachedPasswordMetrics?: Record; +export interface UserActionLog { + actioneeUserId?: UUID; + actionerUserId?: UUID; + applicationIds?: Array; + comment?: string; + emailUserOnEnd?: boolean; + endEventSent?: boolean; + expiry?: number; + history?: LogHistory; + id?: UUID; + insertInstant?: number; + localizedName?: string; + localizedOption?: string; + localizedReason?: string; + name?: string; + notifyUserOnEnd?: boolean; + option?: string; + reason?: string; + reasonCode?: string; + userActionId?: UUID; } /** - * @author Daniel DeGroff + * Contains extension output for requested extensions during a WebAuthn ceremony + * + * @author Spencer Witt */ -export interface SendRequest { - applicationId?: UUID; - bccAddresses?: Array; - ccAddresses?: Array; - preferredLanguages?: Array; - requestData?: Record; - toAddresses?: Array; - userIds?: Array; -} - -export interface AuditLogConfiguration { - delete?: DeleteConfiguration; +export interface WebAuthnExtensionsClientOutputs { + credProps?: CredentialPropertiesOutput; } /** - * User login failed reason codes. + * Describes a user account or WebAuthn Relying Party associated with a public key credential */ -export interface UserLoginFailedReasonCode { +export interface PublicKeyCredentialEntity { + name?: string; } /** - * Models the User Event (and can be converted to JSON) that is used for all user modifications (create, update, - * delete). + * Registration delete API request object. * * @author Brian Pontarelli */ -export interface UserDeleteEvent extends BaseUserEvent { +export interface RegistrationDeleteRequest extends BaseEventRequest { } /** - * A custom OAuth scope for a specific application. + * Used to express whether the Relying Party requires user verification for the + * current operation. * * @author Spencer Witt */ -export interface ApplicationOAuthScope { - applicationId?: UUID; - data?: Record; - defaultConsentDetail?: string; - defaultConsentMessage?: string; - description?: string; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - name?: string; - required?: boolean; +export enum UserVerificationRequirement { + required = "required", + preferred = "preferred", + discouraged = "discouraged" } /** - * Registration delete API request object. + * Helper interface that indicates an identity provider can be federated to using the HTTP POST method. * * @author Brian Pontarelli */ -export interface RegistrationDeleteRequest extends BaseEventRequest { +export interface SupportsPostBindings { } /** - * The phases of a time-based user action. - * * @author Brian Pontarelli */ -export enum UserActionPhase { - start = "start", - modify = "modify", - cancel = "cancel", - end = "end" +export enum ExpiryUnit { + MINUTES = "MINUTES", + HOURS = "HOURS", + DAYS = "DAYS", + WEEKS = "WEEKS", + MONTHS = "MONTHS", + YEARS = "YEARS" } /** - * @author Daniel DeGroff + * Search response for Themes + * + * @author Mark Manes */ -export interface VerifyEmailRequest extends BaseEventRequest { - oneTimeCode?: string; - userId?: UUID; - verificationId?: string; +export interface ThemeSearchResponse { + themes?: Array; + total?: number; } /** * @author Brian Pontarelli */ -export interface TwoFactorDisableRequest extends BaseEventRequest { - applicationId?: UUID; - code?: string; - methodId?: string; -} - -/** - * Google social login provider. - * - * @author Daniel DeGroff - */ -export interface GoogleIdentityProvider extends BaseIdentityProvider { - buttonText?: string; - client_id?: string; - client_secret?: string; - loginMethod?: IdentityProviderLoginMethod; - properties?: GoogleIdentityProviderProperties; - scope?: string; +export interface AuditLogSearchCriteria extends BaseSearchCriteria { + end?: number; + message?: string; + newValue?: string; + oldValue?: string; + reason?: string; + start?: number; + user?: string; } /** * @author Daniel DeGroff */ -export interface FormStep { - fields?: Array; +export interface HYPRIdentityProvider extends BaseIdentityProvider { + relyingPartyApplicationId?: string; + relyingPartyURL?: string; } /** - * A Tenant-level policy for deleting Users. - * - * @author Trevor Smith + * @author Brett Guy */ -export interface TenantUserDeletePolicy { - unverified?: TimeBasedDeletePolicy; +export enum ClientAuthenticationPolicy { + Required = "Required", + NotRequired = "NotRequired", + NotRequiredWhenUsingPKCE = "NotRequiredWhenUsingPKCE" } /** - * @author Brett Pontarelli + * @author Daniel DeGroff */ -export interface SonyPSNApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - buttonText?: string; - client_id?: string; - client_secret?: string; - scope?: string; +export interface PendingIdPLink { + displayName?: string; + email?: string; + identityProviderId?: UUID; + identityProviderLinks?: Array; + identityProviderName?: string; + identityProviderTenantConfiguration?: IdentityProviderTenantConfiguration; + identityProviderType?: IdentityProviderType; + identityProviderUserId?: string; + user?: User; + username?: string; } /** - * Search request for Keys + * API response for starting a WebAuthn registration ceremony * * @author Spencer Witt */ -export interface KeySearchRequest { - search?: KeySearchCriteria; +export interface WebAuthnRegisterStartResponse { + options?: PublicKeyCredentialCreationOptions; } /** - * @author Daniel DeGroff + * A Application-level policy for deleting Users. + * + * @author Trevor Smith */ -export enum LambdaEngineType { - GraalJS = "GraalJS", - Nashorn = "Nashorn" +export interface ApplicationRegistrationDeletePolicy { + unverified?: TimeBasedDeletePolicy; } /** * @author Daniel DeGroff */ -export interface SystemTrustedProxyConfiguration { - trusted?: Array; - trustPolicy?: SystemTrustedProxyConfigurationPolicy; +export interface IdentityProviderLimitUserLinkingPolicy extends Enableable { + maximumLinks?: number; } /** - * A log for an action that was taken on a User. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface UserActionLog { - actioneeUserId?: UUID; - actionerUserId?: UUID; - applicationIds?: Array; - comment?: string; - emailUserOnEnd?: boolean; - endEventSent?: boolean; - expiry?: number; - history?: LogHistory; - id?: UUID; - insertInstant?: number; - localizedName?: string; - localizedOption?: string; - localizedReason?: string; - name?: string; - notifyUserOnEnd?: boolean; - option?: string; - reason?: string; - reasonCode?: string; - userActionId?: UUID; +export interface ReactorMetricsResponse { + metrics?: ReactorMetrics; } /** - * Login Ping API request object. + * Search request for IP ACLs . * - * @author Daniel DeGroff + * @author Brett Guy */ -export interface LoginPingRequest extends BaseLoginRequest { - userId?: UUID; +export interface IPAccessControlListSearchRequest { + search?: IPAccessControlListSearchCriteria; } /** * @author Daniel DeGroff */ -export interface IdentityProviderLimitUserLinkingPolicy extends Enableable { - maximumLinks?: number; +export enum FormType { + registration = "registration", + adminRegistration = "adminRegistration", + adminUser = "adminUser", + selfServiceUser = "selfServiceUser" } /** * @author Daniel DeGroff */ -export interface EmailUnverifiedOptions { - allowEmailChangeWhenGated?: boolean; - behavior?: UnverifiedBehavior; +export interface TenantRequest extends BaseEventRequest { + sourceTenantId?: UUID; + tenant?: Tenant; + webhookIds?: Array; } /** - * Base class for requests that can contain event information. This event information is used when sending Webhooks or emails - * during the transaction. The caller is responsible for ensuring that the event information is correct. + * User Comment Response * - * @author Brian Pontarelli + * @author Seth Musselman */ -export interface BaseEventRequest { - eventInfo?: EventInfo; +export interface UserCommentResponse { + userComment?: UserComment; + userComments?: Array; } -export enum OAuthErrorType { - invalid_request = "invalid_request", - invalid_client = "invalid_client", - invalid_grant = "invalid_grant", - invalid_token = "invalid_token", - unauthorized_client = "unauthorized_client", - invalid_scope = "invalid_scope", - server_error = "server_error", - unsupported_grant_type = "unsupported_grant_type", - unsupported_response_type = "unsupported_response_type", - access_denied = "access_denied", - change_password_required = "change_password_required", - not_licensed = "not_licensed", - two_factor_required = "two_factor_required", - authorization_pending = "authorization_pending", - expired_token = "expired_token", - unsupported_token_type = "unsupported_token_type" +/** + * The reason for the login failure. + * + * @author Daniel DeGroff + */ +export interface UserLoginFailedReason { + code?: string; + lambdaId?: UUID; + lambdaResult?: Errors; } /** - * Search request for Tenants + * Config for regular SAML IDP configurations that support IdP initiated requests * - * @author Mark Manes + * @author Lyle Schemmerling */ -export interface TenantSearchRequest { - search?: TenantSearchCriteria; +export interface SAMLv2IdpInitiatedConfiguration extends Enableable { + issuer?: string; } /** - * JWT Public Key Response Object + * A Tenant-level policy for deleting Users. * - * @author Daniel DeGroff + * @author Trevor Smith */ -export interface PublicKeyResponse { - publicKey?: string; - publicKeys?: Record; +export interface TenantUserDeletePolicy { + unverified?: TimeBasedDeletePolicy; } /** + * Search request for Group Members. + * * @author Daniel DeGroff */ -export enum Sort { - asc = "asc", - desc = "desc" +export interface GroupMemberSearchRequest { + search?: GroupMemberSearchCriteria; } /** - * Forgot password request object. + * Group Member Response * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface ForgotPasswordRequest extends BaseEventRequest { - applicationId?: UUID; - changePasswordId?: string; - email?: string; - loginId?: string; - sendForgotPasswordEmail?: boolean; - state?: Record; - username?: string; +export interface MemberResponse { + members?: Record>; } /** - * Identity Provider response. + * User Action API request object. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface IdentityProviderSearchResponse { - identityProviders?: Array>; - total?: number; -} - -export interface MetaData { - data?: Record; - device?: DeviceInfo; - scopes?: Array; -} - -export interface WebhookEventLog { - attempts?: Array; - data?: Record; - event?: EventRequest; - eventResult?: WebhookEventResult; - eventType?: EventType; - failedAttempts?: number; - id?: UUID; - insertInstant?: number; - lastAttemptInstant?: number; - lastUpdateInstant?: number; - linkedObjectId?: UUID; - sequence?: number; - successfulAttempts?: number; -} - -export enum SAMLLogoutBehavior { - AllParticipants = "AllParticipants", - OnlyOriginator = "OnlyOriginator" +export interface UserActionRequest { + userAction?: UserAction; } /** - * @author Brian Pontarelli + * Configuration for the behavior of failed login attempts. This helps us protect against brute force password attacks. + * + * @author Daniel DeGroff */ -export interface EmailConfiguration { - additionalHeaders?: Array; - debug?: boolean; - defaultFromEmail?: string; - defaultFromName?: string; - emailUpdateEmailTemplateId?: UUID; - emailVerifiedEmailTemplateId?: UUID; - forgotPasswordEmailTemplateId?: UUID; - host?: string; - implicitEmailVerificationAllowed?: boolean; - loginIdInUseOnCreateEmailTemplateId?: UUID; - loginIdInUseOnUpdateEmailTemplateId?: UUID; - loginNewDeviceEmailTemplateId?: UUID; - loginSuspiciousEmailTemplateId?: UUID; - password?: string; - passwordlessEmailTemplateId?: UUID; - passwordResetSuccessEmailTemplateId?: UUID; - passwordUpdateEmailTemplateId?: UUID; - port?: number; - properties?: string; - security?: EmailSecurityType; - setPasswordEmailTemplateId?: UUID; - twoFactorMethodAddEmailTemplateId?: UUID; - twoFactorMethodRemoveEmailTemplateId?: UUID; - unverified?: EmailUnverifiedOptions; - username?: string; - verificationEmailTemplateId?: UUID; - verificationStrategy?: VerificationStrategy; - verifyEmail?: boolean; - verifyEmailWhenChanged?: boolean; +export interface FailedAuthenticationConfiguration { + actionCancelPolicy?: FailedAuthenticationActionCancelPolicy; + actionDuration?: number; + actionDurationUnit?: ExpiryUnit; + emailUser?: boolean; + resetCountInSeconds?: number; + tooManyAttempts?: number; + userActionId?: UUID; } /** * @author Daniel DeGroff */ -export interface TenantLoginConfiguration { - requireAuthentication?: boolean; +export interface ApplicationAccessControlConfiguration { + uiIPAccessControlListId?: UUID; } /** - * The user action request object. + * XML canonicalization method enumeration. This is used for the IdP and SP side of FusionAuth SAML. * * @author Brian Pontarelli */ -export interface ActionRequest extends BaseEventRequest { - action?: ActionData; - broadcast?: boolean; +export enum CanonicalizationMethod { + exclusive = "exclusive", + exclusive_with_comments = "exclusive_with_comments", + inclusive = "inclusive", + inclusive_with_comments = "inclusive_with_comments" } /** - * The IdP behavior when no user link has been made yet. + * Request to complete the WebAuthn registration ceremony * - * @author Daniel DeGroff + * @author Spencer Witt */ -export enum IdentityProviderLinkingStrategy { - CreatePendingLink = "CreatePendingLink", - Disabled = "Disabled", - LinkAnonymously = "LinkAnonymously", - LinkByEmail = "LinkByEmail", - LinkByEmailForExistingUser = "LinkByEmailForExistingUser", - LinkByUsername = "LinkByUsername", - LinkByUsernameForExistingUser = "LinkByUsernameForExistingUser", - Unsupported = "Unsupported" -} - -/** - * @author Daniel DeGroff - */ -export interface IdentityProviderRequest { - identityProvider?: BaseIdentityProvider; -} - -/** - * @author Tyler Scott - */ -export interface Group { - data?: Record; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - name?: string; - roles?: Record>; - tenantId?: UUID; -} - -/** - * @author Lyle Schemmerling - */ -export interface SAMLv2AssertionConfiguration { - destination?: SAMLv2DestinationAssertionConfiguration; -} - -/** - * Request to complete the WebAuthn registration ceremony for a new credential,. - * - * @author Spencer Witt - */ -export interface WebAuthnRegisterCompleteRequest { - credential?: WebAuthnPublicKeyRegistrationRequest; +export interface WebAuthnLoginRequest extends BaseLoginRequest { + credential?: WebAuthnPublicKeyAuthenticationRequest; origin?: string; rpId?: string; - userId?: UUID; + twoFactorTrustId?: string; } /** - * @author Daniel DeGroff + * The Application API request object. + * + * @author Brian Pontarelli */ -export interface ReactorResponse { - status?: ReactorStatus; +export interface ApplicationRequest extends BaseEventRequest { + application?: Application; + role?: ApplicationRole; + sourceApplicationId?: UUID; } /** - * A role given to a user for a specific application. + * Webhook API response object. * - * @author Seth Musselman + * @author Brian Pontarelli */ -export interface ApplicationRole { - description?: string; - id?: UUID; - insertInstant?: number; - isDefault?: boolean; - isSuperRole?: boolean; - lastUpdateInstant?: number; - name?: string; +export interface WebhookResponse { + webhook?: Webhook; + webhooks?: Array; } /** - * @author Daniel DeGroff + * @author Seth Musselman */ -export interface VerifyRegistrationResponse { - oneTimeCode?: string; - verificationId?: string; +export interface UserCommentRequest { + userComment?: UserComment; } /** - * @author Trevor Smith + * @author Daniel DeGroff */ -export interface CORSConfiguration extends Enableable { - allowCredentials?: boolean; - allowedHeaders?: Array; - allowedMethods?: Array; - allowedOrigins?: Array; - debug?: boolean; - exposedHeaders?: Array; - preflightMaxAgeInSeconds?: number; +export interface SystemLogsExportRequest extends BaseExportRequest { + includeArchived?: boolean; + lastNBytes?: number; } /** - * Group Member Request - * - * @author Daniel DeGroff + * @author Brett Guy */ -export interface MemberRequest { - members?: Record>; +export interface MessengerResponse { + messenger?: BaseMessengerConfiguration; + messengers?: Array; } /** - * @author Brian Pontarelli + * @author Michael Sleevi */ -export interface BaseSearchCriteria { - numberOfResults?: number; - orderBy?: string; - startRow?: number; +export interface PreviewMessageTemplateResponse { + errors?: Errors; + message?: SMSMessage; } /** - * Interface for any object that can provide JSON Web key Information. + * Search criteria for Applications + * + * @author Spencer Witt */ -export interface JSONWebKeyInfoProvider { -} - -export enum BreachAction { - Off = "Off", - RecordOnly = "RecordOnly", - NotifyUser = "NotifyUser", - RequireChange = "RequireChange" +export interface ApplicationSearchCriteria extends BaseSearchCriteria { + name?: string; + state?: ObjectState; + tenantId?: UUID; } /** - * Event Log Type - * * @author Daniel DeGroff */ -export enum EventLogType { - Information = "Information", - Debug = "Debug", - Error = "Error" +export interface OpenIdConnectIdentityProvider extends BaseIdentityProvider { + buttonImageURL?: string; + buttonText?: string; + domains?: Array; + oauth2?: IdentityProviderOauth2Configuration; + postRequest?: boolean; } /** - * Models the User Update Registration Event. + * Models the User Registration Verified Event. * - * @author Daniel DeGroff + * @author Trevor Smith */ -export interface UserRegistrationUpdateEvent extends BaseUserEvent { +export interface UserRegistrationVerifiedEvent extends BaseUserEvent { applicationId?: UUID; - original?: UserRegistration; registration?: UserRegistration; } /** - * Entity API response object. + * A Message Template Request to the API * - * @author Brian Pontarelli + * @author Michael Sleevi */ -export interface EntityResponse { - entity?: Entity; +export interface MessageTemplateRequest { + messageTemplate?: MessageTemplate; } /** - * Describes a user account or WebAuthn Relying Party associated with a public key credential + * @author Daniel DeGroff */ -export interface PublicKeyCredentialEntity { - name?: string; -} - -export interface ApplicationEmailConfiguration { - emailUpdateEmailTemplateId?: UUID; - emailVerificationEmailTemplateId?: UUID; - emailVerifiedEmailTemplateId?: UUID; - forgotPasswordEmailTemplateId?: UUID; - loginIdInUseOnCreateEmailTemplateId?: UUID; - loginIdInUseOnUpdateEmailTemplateId?: UUID; - loginNewDeviceEmailTemplateId?: UUID; - loginSuspiciousEmailTemplateId?: UUID; - passwordlessEmailTemplateId?: UUID; - passwordResetSuccessEmailTemplateId?: UUID; - passwordUpdateEmailTemplateId?: UUID; - setPasswordEmailTemplateId?: UUID; - twoFactorMethodAddEmailTemplateId?: UUID; - twoFactorMethodRemoveEmailTemplateId?: UUID; +export interface DeviceUserCodeResponse { + client_id?: string; + deviceInfo?: DeviceInfo; + expires_in?: number; + pendingIdPLink?: PendingIdPLink; + scope?: string; + tenantId?: UUID; + user_code?: string; } /** * @author Daniel DeGroff */ -export interface IdentityProviderStartLoginResponse { - code?: string; +export interface AppleIdentityProvider extends BaseIdentityProvider { + bundleId?: string; + buttonText?: string; + keyId?: UUID; + scope?: string; + servicesId?: string; + teamId?: string; } /** - * @author Brett Pontarelli + * @author Daniel DeGroff */ -export interface EpicGamesApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - buttonText?: string; - client_id?: string; - client_secret?: string; - scope?: string; +export interface EmailHeader { + name?: string; + value?: string; } /** - * Models the User Deleted Registration Event. - *

- * This is different than user.registration.delete in that it is sent after the TX has been committed. This event cannot be transactional. + * Models the Group Member Remove Complete Event. * * @author Daniel DeGroff */ -export interface UserRegistrationDeleteCompleteEvent extends BaseUserEvent { - applicationId?: UUID; - registration?: UserRegistration; +export interface GroupMemberRemoveCompleteEvent extends BaseGroupEvent { + members?: Array; +} + +export interface WebhookEventLog { + attempts?: Array; + data?: Record; + event?: EventRequest; + eventResult?: WebhookEventResult; + eventType?: EventType; + failedAttempts?: number; + id?: UUID; + insertInstant?: number; + lastAttemptInstant?: number; + lastUpdateInstant?: number; + linkedObjectId?: UUID; + sequence?: number; + successfulAttempts?: number; } /** @@ -9733,258 +9508,153 @@ export interface GroupRequest { } /** - * User Comment Response + * Search request for entity grants. * - * @author Seth Musselman + * @author Brian Pontarelli */ -export interface UserCommentResponse { - userComment?: UserComment; - userComments?: Array; +export interface EntityGrantSearchRequest { + search?: EntityGrantSearchCriteria; } /** + * Models the User Delete Registration Event. + * * @author Daniel DeGroff */ -export interface ValidateResponse { - jwt?: JWT; +export interface UserRegistrationDeleteEvent extends BaseUserEvent { + applicationId?: UUID; + registration?: UserRegistration; } /** - * @author Daniel DeGroff + * Contains attributes for the Relying Party to refer to an existing public key credential as an input parameter. + * + * @author Spencer Witt */ -export interface GoogleApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - buttonText?: string; - client_id?: string; - client_secret?: string; - loginMethod?: IdentityProviderLoginMethod; - properties?: GoogleIdentityProviderProperties; - scope?: string; +export interface PublicKeyCredentialDescriptor { + id?: string; + transports?: Array; + type?: PublicKeyCredentialType; } /** - * Models the User Event (and can be converted to JSON) that is used for all user modifications (create, update, - * delete). - *

- * This is different than user.delete because it is sent after the tx is committed, this cannot be transactional. - * - * @author Daniel DeGroff - */ -export interface UserDeleteCompleteEvent extends BaseUserEvent { -} - -/** - * Supply additional information about the user account when creating a new credential - * - * @author Spencer Witt - */ -export interface PublicKeyCredentialUserEntity extends PublicKeyCredentialEntity { - displayName?: string; - id?: string; -} - -/** - * A JavaScript lambda function that is executed during certain events inside FusionAuth. - * - * @author Brian Pontarelli + * @author Brett Guy */ -export interface Lambda { - body?: string; - debug?: boolean; - engineType?: LambdaEngineType; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - name?: string; - type?: LambdaType; +export interface TwilioMessengerConfiguration extends BaseMessengerConfiguration { + accountSID?: string; + authToken?: string; + fromPhoneNumber?: string; + messagingServiceSid?: string; + url?: string; } /** - * SonyPSN gaming login provider. - * - * @author Brett Pontarelli + * @author Daniel DeGroff */ -export interface SonyPSNIdentityProvider extends BaseIdentityProvider { - buttonText?: string; - client_id?: string; - client_secret?: string; - scope?: string; +export interface ReactorMetrics { + breachedPasswordMetrics?: Record; } /** * @author Daniel DeGroff */ -export interface BreachedPasswordTenantMetric { - actionRequired?: number; - matchedCommonPasswordCount?: number; - matchedExactCount?: number; - matchedPasswordCount?: number; - matchedSubAddressCount?: number; - passwordsCheckedCount?: number; +export interface ApplicationFormConfiguration { + adminRegistrationFormId?: UUID; + selfServiceFormConfiguration?: SelfServiceFormConfiguration; + selfServiceFormId?: UUID; } /** - * @author Brett Pontarelli + * @author Brett Guy */ -export interface NintendoApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - buttonText?: string; - client_id?: string; - client_secret?: string; - emailClaim?: string; - scope?: string; - uniqueIdClaim?: string; - usernameClaim?: string; +export interface IPAccessControlListSearchCriteria extends BaseSearchCriteria { + name?: string; } /** * @author Daniel DeGroff */ -export interface TenantUnverifiedConfiguration { - email?: UnverifiedBehavior; - whenGated?: RegistrationUnverifiedOptions; +export interface RegistrationUnverifiedOptions { + behavior?: UnverifiedBehavior; } /** * @author Daniel DeGroff */ -export interface LoginRecordSearchCriteria extends BaseSearchCriteria { - applicationId?: UUID; - end?: number; - start?: number; - userId?: UUID; -} - -/** - * Search request for entity types. - * - * @author Brian Pontarelli - */ -export interface EntityTypeSearchRequest { - search?: EntityTypeSearchCriteria; +export interface TenantResponse { + tenant?: Tenant; + tenants?: Array; } /** - * Models the Refresh Token Revoke Event. This event might be for a single token, a user - * or an entire application. + * Request for the Refresh Token API to revoke a refresh token rather than using the URL parameters. * * @author Brian Pontarelli */ -export interface JWTRefreshTokenRevokeEvent extends BaseEvent { +export interface RefreshTokenRevokeRequest extends BaseEventRequest { applicationId?: UUID; - applicationTimeToLiveInSeconds?: Record; - refreshToken?: RefreshToken; - user?: User; + token?: string; userId?: UUID; } /** + * Models a JWT Refresh Token. + * * @author Daniel DeGroff */ -export interface IdentityProviderLink { +export interface RefreshToken { + applicationId?: UUID; data?: Record; - displayName?: string; - identityProviderId?: UUID; - identityProviderName?: string; - identityProviderType?: IdentityProviderType; - identityProviderUserId?: string; + id?: UUID; insertInstant?: number; - lastLoginInstant?: number; + metaData?: MetaData; + startInstant?: number; tenantId?: UUID; token?: string; userId?: UUID; } -/** - * Twitch gaming login provider. - * - * @author Brett Pontarelli - */ -export interface TwitchIdentityProvider extends BaseIdentityProvider { - buttonText?: string; - client_id?: string; - client_secret?: string; - scope?: string; -} - -/** - * The global view of a User. This object contains all global information about the user including birthdate, registration information - * preferred languages, global attributes, etc. - * - * @author Seth Musselman - */ -export interface User extends SecureIdentity { - active?: boolean; - birthDate?: string; - cleanSpeakId?: UUID; +export interface MetaData { data?: Record; - email?: string; - expiry?: number; - firstName?: string; - fullName?: string; - imageUrl?: string; - insertInstant?: number; - lastName?: string; - lastUpdateInstant?: number; - memberships?: Array; - middleName?: string; - mobilePhone?: string; - parentEmail?: string; - preferredLanguages?: Array; - registrations?: Array; - tenantId?: UUID; - timezone?: string; - twoFactor?: UserTwoFactorConfiguration; + device?: DeviceInfo; + scopes?: Array; } /** - * A webhook call attempt log. + * A marker interface indicating this event is an event that can supply a linked object Id. * * @author Spencer Witt */ -export interface WebhookAttemptLog { - attemptResult?: WebhookAttemptResult; - data?: Record; - endInstant?: number; - id?: UUID; - startInstant?: number; - webhookCallResponse?: WebhookCallResponse; - webhookEventLogId?: UUID; - webhookId?: UUID; +export interface ObjectIdentifiable { } /** - * Search criteria for entity types. + * Form field response. * - * @author Brian Pontarelli + * @author Brett Guy */ -export interface EntityTypeSearchCriteria extends BaseSearchCriteria { - name?: string; +export interface FormFieldResponse { + field?: FormField; + fields?: Array; } /** - * Models the User Identity Provider Unlink Event. + * JWT Public Key Response Object * - * @author Rob Davis + * @author Daniel DeGroff */ -export interface UserIdentityProviderUnlinkEvent extends BaseUserEvent { - identityProviderLink?: IdentityProviderLink; +export interface PublicKeyResponse { + publicKey?: string; + publicKeys?: Record; } /** - * Contains extension output for requested extensions during a WebAuthn ceremony + * Response for the user login report. * - * @author Spencer Witt - */ -export interface WebAuthnExtensionsClientOutputs { - credProps?: CredentialPropertiesOutput; -} - -/** - * @author Daniel DeGroff + * @author Seth Musselman */ -export interface AuthenticatorConfiguration { - algorithm?: TOTPAlgorithm; - codeLength?: number; - timeStep?: number; +export interface RecentLoginResponse { + logins?: Array; } /** @@ -9998,694 +9668,626 @@ export interface TwoFactorEnableDisableSendRequest { } /** - * Tenant-level configuration for WebAuthn - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface TenantWebAuthnConfiguration extends Enableable { - bootstrapWorkflow?: TenantWebAuthnWorkflowConfiguration; - debug?: boolean; - reauthenticationWorkflow?: TenantWebAuthnWorkflowConfiguration; - relyingPartyId?: string; - relyingPartyName?: string; +export enum SecureGeneratorType { + randomDigits = "randomDigits", + randomBytes = "randomBytes", + randomAlpha = "randomAlpha", + randomAlphaNumeric = "randomAlphaNumeric" } /** - * Models the Group Created Event. + * Entity grant API request object. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface GroupCreateCompleteEvent extends BaseGroupEvent { +export interface EntityGrantRequest { + grant?: EntityGrant; } /** - * Options to request extensions during credential registration + * Something that can be required and thus also optional. This currently extends Enableable because anything that is + * required/optional is almost always enableable as well. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface WebAuthnRegistrationExtensionOptions { - credProps?: boolean; +export interface Requirable extends Enableable { + required?: boolean; } /** - * The system configuration for Webhook Event Log data. + * Models the User Login Failed Event. * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface WebhookEventLogConfiguration { - delete?: DeleteConfiguration; +export interface UserLoginFailedEvent extends BaseUserEvent { + applicationId?: UUID; + authenticationType?: string; + ipAddress?: string; + reason?: UserLoginFailedReason; } /** - * Password Encryption Scheme Configuration + * Search response for Groups * * @author Daniel DeGroff */ -export interface PasswordEncryptionConfiguration { - encryptionScheme?: string; - encryptionSchemeFactor?: number; - modifyEncryptionSchemeOnLogin?: boolean; +export interface GroupSearchResponse { + groups?: Array; + total?: number; } /** - * Registration API request object. + * Entity Type API request object. * * @author Brian Pontarelli */ -export interface RegistrationRequest extends BaseEventRequest { - disableDomainBlock?: boolean; - generateAuthenticationToken?: boolean; - registration?: UserRegistration; - sendSetPasswordEmail?: boolean; - skipRegistrationVerification?: boolean; - skipVerification?: boolean; - user?: User; +export interface EntityTypeRequest { + entityType?: EntityType; + permission?: EntityTypePermission; } /** - * The Application API request object. + * Key search response * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface ApplicationRequest extends BaseEventRequest { - application?: Application; - role?: ApplicationRole; - sourceApplicationId?: UUID; +export interface KeySearchResponse { + keys?: Array; + total?: number; } /** - * @author Daniel DeGroff + * The handling policy for scopes provided by FusionAuth + * + * @author Spencer Witt */ -export interface TwoFactorResponse { - code?: string; - recoveryCodes?: Array; -} - -export interface MultiFactorAuthenticatorMethod extends Enableable { - algorithm?: TOTPAlgorithm; - codeLength?: number; - timeStep?: number; -} - -export interface SAMLv2Logout { - behavior?: SAMLLogoutBehavior; - defaultVerificationKeyId?: UUID; - keyId?: UUID; - requireSignedRequests?: boolean; - singleLogout?: SAMLv2SingleLogout; - xmlSignatureC14nMethod?: CanonicalizationMethod; +export interface ProvidedScopePolicy { + address?: Requirable; + email?: Requirable; + phone?: Requirable; + profile?: Requirable; } /** + * Models the Group Delete Event. + * * @author Daniel DeGroff */ -export interface RefreshTokenSlidingWindowConfiguration { - maximumTimeToLiveInMinutes?: number; +export interface GroupDeleteEvent extends BaseGroupEvent { } /** - * Search criteria for Identity Providers. + * Supply additional information about the Relying Party when creating a new credential * * @author Spencer Witt */ -export interface IdentityProviderSearchCriteria extends BaseSearchCriteria { - applicationId?: UUID; - name?: string; - type?: IdentityProviderType; +export interface PublicKeyCredentialRelyingPartyEntity extends PublicKeyCredentialEntity { + id?: string; } /** * @author Daniel DeGroff */ -export interface JWTVendRequest { - claims?: Record; - keyId?: UUID; - timeToLiveInSeconds?: number; +export interface LoginHintConfiguration extends Enableable { + parameterName?: string; } /** - * User API delete request object for a single user. + * Search response for entity types. * * @author Brian Pontarelli */ -export interface UserDeleteSingleRequest extends BaseEventRequest { - hardDelete?: boolean; +export interface EntityTypeSearchResponse { + entityTypes?: Array; + total?: number; } /** - * Search request for Groups. + * Container for the event information. This is the JSON that is sent from FusionAuth to webhooks. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface GroupSearchRequest { - search?: GroupSearchCriteria; +export interface EventRequest { + event?: BaseEvent; } /** - * The authenticator's response for the authentication ceremony in its encoded format + * Search criteria for webhooks. * * @author Spencer Witt */ -export interface WebAuthnAuthenticatorAuthenticationResponse { - authenticatorData?: string; - clientDataJSON?: string; - signature?: string; - userHandle?: string; +export interface WebhookSearchCriteria extends BaseSearchCriteria { + description?: string; + tenantId?: UUID; + url?: string; } /** - * Type for webhook headers. + * Models a set of localized Integers that can be stored as JSON. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface HTTPHeaders extends Record { +export interface LocalizedIntegers extends Record { } /** - * Epic gaming login provider. + * @author Daniel DeGroff + */ +export interface TenantUnverifiedConfiguration { + email?: UnverifiedBehavior; + whenGated?: RegistrationUnverifiedOptions; +} + +/** + * Search request for entity grants. * - * @author Brett Pontarelli + * @author Brian Pontarelli */ -export interface EpicGamesIdentityProvider extends BaseIdentityProvider { - buttonText?: string; - client_id?: string; - client_secret?: string; - scope?: string; +export interface EntityGrantSearchResponse { + grants?: Array; + total?: number; } /** * @author Daniel DeGroff */ -export interface Form { - data?: Record; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - name?: string; - steps?: Array; - type?: FormType; +export enum FormDataType { + bool = "bool", + consent = "consent", + date = "date", + email = "email", + number = "number", + string = "string" } /** - * Request to authenticate with WebAuthn + * User Action API response object. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface WebAuthnPublicKeyAuthenticationRequest { - clientExtensionResults?: WebAuthnExtensionsClientOutputs; - id?: string; - response?: WebAuthnAuthenticatorAuthenticationResponse; - rpId?: string; - type?: string; +export interface UserActionResponse { + userAction?: UserAction; + userActions?: Array; } /** - * Available JSON Web Algorithms (JWA) as described in RFC 7518 available for this JWT implementation. + * Search request for Groups. * * @author Daniel DeGroff */ -export enum Algorithm { - ES256 = "ES256", - ES384 = "ES384", - ES512 = "ES512", - HS256 = "HS256", - HS384 = "HS384", - HS512 = "HS512", - PS256 = "PS256", - PS384 = "PS384", - PS512 = "PS512", - RS256 = "RS256", - RS384 = "RS384", - RS512 = "RS512", - none = "none" +export interface GroupSearchRequest { + search?: GroupSearchCriteria; } /** - * Search request for Identity Providers + * Authentication key request object. * - * @author Spencer Witt + * @author Sanjay */ -export interface IdentityProviderSearchRequest { - search?: IdentityProviderSearchCriteria; +export interface APIKeyRequest { + apiKey?: APIKey; + sourceKeyId?: UUID; } /** - * The use type of a key. + * Twitter social login provider. * * @author Daniel DeGroff */ -export enum KeyUse { - SignOnly = "SignOnly", - SignAndVerify = "SignAndVerify", - VerifyOnly = "VerifyOnly" +export interface TwitterIdentityProvider extends BaseIdentityProvider { + buttonText?: string; + consumerKey?: string; + consumerSecret?: string; } -export enum FamilyRole { - Child = "Child", - Teen = "Teen", - Adult = "Adult" +/** + * @author Michael Sleevi + */ +export interface SMSMessageTemplate extends MessageTemplate { + defaultTemplate?: string; + localizedTemplates?: LocalizedStrings; } /** - * Entity API request object. + * Lambda API request object. * * @author Brian Pontarelli */ -export interface EntityRequest { - entity?: Entity; +export interface LambdaRequest { + lambda?: Lambda; } /** - * Response for the system configuration API. + * Models an event where a user is being created with an "in-use" login Id (email or username). * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface SystemConfigurationResponse { - systemConfiguration?: SystemConfiguration; -} - -export interface ActionData { - actioneeUserId?: UUID; - actionerUserId?: UUID; - applicationIds?: Array; - comment?: string; - emailUser?: boolean; - expiry?: number; - notifyUser?: boolean; - option?: string; - reasonId?: UUID; - userActionId?: UUID; -} - -export interface APIKeyMetaData { - attributes?: Record; +export interface UserLoginIdDuplicateOnCreateEvent extends BaseUserEvent { + duplicateEmail?: string; + duplicateUsername?: string; + existing?: User; } /** - * @author Daniel DeGroff + * @author Mikey Sleevi */ -export interface TenantRateLimitConfiguration { - failedLogin?: RateLimitedRequestConfiguration; - forgotPassword?: RateLimitedRequestConfiguration; - sendEmailVerification?: RateLimitedRequestConfiguration; - sendPasswordless?: RateLimitedRequestConfiguration; - sendRegistrationVerification?: RateLimitedRequestConfiguration; - sendTwoFactor?: RateLimitedRequestConfiguration; +export interface Message { } /** * @author Daniel DeGroff */ -export interface BaseLoginRequest extends BaseEventRequest { - applicationId?: UUID; - ipAddress?: string; - metaData?: MetaData; - newDevice?: boolean; - noJWT?: boolean; +export interface RefreshRequest extends BaseEventRequest { + refreshToken?: string; + token?: string; } /** - * Nintendo gaming login provider. - * - * @author Brett Pontarelli + * @author Brian Pontarelli */ -export interface NintendoIdentityProvider extends BaseIdentityProvider { - buttonText?: string; - client_id?: string; - client_secret?: string; - emailClaim?: string; - scope?: string; - uniqueIdClaim?: string; - usernameClaim?: string; +export interface TwoFactorRequest extends BaseEventRequest { + applicationId?: UUID; + authenticatorId?: string; + code?: string; + email?: string; + method?: string; + mobilePhone?: string; + secret?: string; + secretBase32Encoded?: string; + twoFactorId?: string; } /** - * Models the User Update Event once it is completed. This cannot be transactional. - * * @author Daniel DeGroff */ -export interface UserUpdateCompleteEvent extends BaseUserEvent { - original?: User; -} - -/** - * A marker interface indicating this event is an event that can supply a linked object Id. - * - * @author Spencer Witt - */ -export interface ObjectIdentifiable { +export interface VerifyEmailResponse { + oneTimeCode?: string; + verificationId?: string; } /** - * The transaction types for Webhooks and other event systems within FusionAuth. + * The global view of a User. This object contains all global information about the user including birthdate, registration information + * preferred languages, global attributes, etc. * - * @author Brian Pontarelli + * @author Seth Musselman */ -export enum TransactionType { - None = "None", - Any = "Any", - SimpleMajority = "SimpleMajority", - SuperMajority = "SuperMajority", - AbsoluteMajority = "AbsoluteMajority" +export interface User extends SecureIdentity { + active?: boolean; + birthDate?: string; + cleanSpeakId?: UUID; + data?: Record; + email?: string; + expiry?: number; + firstName?: string; + fullName?: string; + imageUrl?: string; + insertInstant?: number; + lastName?: string; + lastUpdateInstant?: number; + memberships?: Array; + middleName?: string; + mobilePhone?: string; + parentEmail?: string; + preferredLanguages?: Array; + registrations?: Array; + tenantId?: UUID; + timezone?: string; + twoFactor?: UserTwoFactorConfiguration; } /** - * Models the User Login Success Event. - * * @author Daniel DeGroff */ -export interface UserLoginSuccessEvent extends BaseUserEvent { +export interface BaseLoginRequest extends BaseEventRequest { applicationId?: UUID; - authenticationType?: string; - connectorId?: UUID; - identityProviderId?: UUID; - identityProviderName?: string; ipAddress?: string; + metaData?: MetaData; + newDevice?: boolean; + noJWT?: boolean; } /** - * Group Member Delete Request - * * @author Daniel DeGroff */ -export interface MemberDeleteRequest { - memberIds?: Array; - members?: Record>; +export interface KafkaConfiguration extends Enableable { + defaultTopic?: string; + producer?: Record; } /** - * Registration API request object. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface RegistrationResponse { - refreshToken?: string; - registration?: UserRegistration; - registrationVerificationId?: string; - registrationVerificationOneTimeCode?: string; - token?: string; - tokenExpirationInstant?: number; - user?: User; +export interface PasswordlessLoginRequest extends BaseLoginRequest { + code?: string; + twoFactorTrustId?: string; } /** - * Models the User Update Registration Event. - *

- * This is different than user.registration.update in that it is sent after this event completes, this cannot be transactional. + * Models the User Update Event once it is completed. This cannot be transactional. * * @author Daniel DeGroff */ -export interface UserRegistrationUpdateCompleteEvent extends BaseUserEvent { - applicationId?: UUID; - original?: UserRegistration; - registration?: UserRegistration; +export interface UserUpdateCompleteEvent extends BaseUserEvent { + original?: User; } /** - * Search response for Themes + * Models the User Update Event. * - * @author Mark Manes + * @author Brian Pontarelli */ -export interface ThemeSearchResponse { - themes?: Array; - total?: number; +export interface UserUpdateEvent extends BaseUserEvent { + original?: User; } /** - * Used to express whether the Relying Party requires user verification for the - * current operation. + * Entity API response object. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export enum UserVerificationRequirement { - required = "required", - preferred = "preferred", - discouraged = "discouraged" +export interface EntityResponse { + entity?: Entity; } /** - * @author Trevor Smith + * Used by the Relying Party to specify their requirements for authenticator attributes. Fields use the deprecated "resident key" terminology to refer + * to client-side discoverable credentials to maintain backwards compatibility with WebAuthn Level 1. + * + * @author Spencer Witt */ -export interface DeviceResponse { - device_code?: string; - expires_in?: number; - interval?: number; - user_code?: string; - verification_uri?: string; - verification_uri_complete?: string; +export interface AuthenticatorSelectionCriteria { + authenticatorAttachment?: AuthenticatorAttachment; + requireResidentKey?: boolean; + residentKey?: ResidentKeyRequirement; + userVerification?: UserVerificationRequirement; } /** - * Search criteria for Email templates + * Events that are bound to applications. * - * @author Mark Manes + * @author Brian Pontarelli */ -export interface EmailTemplateSearchCriteria extends BaseSearchCriteria { - name?: string; -} - -export interface APIKeyPermissions { - endpoints?: Record>; +export interface ApplicationEvent { } /** + * API request for sending out family requests to parent's. + * * @author Brian Pontarelli */ -export interface BaseElasticSearchCriteria extends BaseSearchCriteria { - accurateTotal?: boolean; - ids?: Array; - nextResults?: string; - query?: string; - queryString?: string; - sortFields?: Array; +export interface FamilyEmailRequest { + parentEmail?: string; } /** - * Search request for IP ACLs . + * Refresh Token Import request. * * @author Brett Guy */ -export interface IPAccessControlListSearchRequest { - search?: IPAccessControlListSearchCriteria; +export interface RefreshTokenImportRequest { + refreshTokens?: Array; + validateDbConstraints?: boolean; } /** - * The Application Scope API request object. + * The IdP behavior when no user link has been made yet. * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface ApplicationOAuthScopeRequest { - scope?: ApplicationOAuthScope; +export enum IdentityProviderLinkingStrategy { + CreatePendingLink = "CreatePendingLink", + Disabled = "Disabled", + LinkAnonymously = "LinkAnonymously", + LinkByEmail = "LinkByEmail", + LinkByEmailForExistingUser = "LinkByEmailForExistingUser", + LinkByUsername = "LinkByUsername", + LinkByUsernameForExistingUser = "LinkByUsernameForExistingUser", + Unsupported = "Unsupported" } -export interface LoginConfiguration { - allowTokenRefresh?: boolean; - generateRefreshTokens?: boolean; - requireAuthentication?: boolean; +/** + * @author Daniel DeGroff + */ +export enum MultiFactorLoginPolicy { + Disabled = "Disabled", + Enabled = "Enabled", + Required = "Required" } /** - * Models the Group Member Add Event. + * @author Daniel DeGroff + */ +export interface IdentityProviderLinkRequest extends BaseEventRequest { + identityProviderLink?: IdentityProviderLink; + pendingIdPLinkId?: string; +} + +/** + * Google social login provider. * * @author Daniel DeGroff */ -export interface GroupMemberAddEvent extends BaseGroupEvent { - members?: Array; +export interface GoogleIdentityProvider extends BaseIdentityProvider { + buttonText?: string; + client_id?: string; + client_secret?: string; + loginMethod?: IdentityProviderLoginMethod; + properties?: GoogleIdentityProviderProperties; + scope?: string; } /** - * Key API request object. + * Group Member Request * * @author Daniel DeGroff */ -export interface KeyRequest { - key?: Key; +export interface MemberRequest { + members?: Record>; } /** - * Event log response. + * Email template response. * * @author Brian Pontarelli */ -export interface EventLogSearchResponse { - eventLogs?: Array; - total?: number; +export interface EmailTemplateResponse { + emailTemplate?: EmailTemplate; + emailTemplates?: Array; } -export interface TwoFactorTrust { - applicationId?: UUID; - expiration?: number; - startInstant?: number; +/** + * @author Brett Guy + */ +export enum IPAccessControlEntryAction { + Allow = "Allow", + Block = "Block" } /** - * Application-level configuration for WebAuthn + * Key API response object. * * @author Daniel DeGroff */ -export interface ApplicationWebAuthnConfiguration extends Enableable { - bootstrapWorkflow?: ApplicationWebAuthnWorkflowConfiguration; - reauthenticationWorkflow?: ApplicationWebAuthnWorkflowConfiguration; +export interface KeyResponse { + key?: Key; + keys?: Array; } /** - * Models a generic connector. - * - * @author Trevor Smith - */ -export interface GenericConnectorConfiguration extends BaseConnectorConfiguration { - authenticationURL?: string; - connectTimeout?: number; - headers?: HTTPHeaders; - httpAuthenticationPassword?: string; - httpAuthenticationUsername?: string; - readTimeout?: number; - sslCertificateKeyId?: UUID; -} - -/** - * Base class for all {@link Group} and {@link GroupMember} events. + * Search criteria for Keys * * @author Spencer Witt */ -export interface BaseGroupEvent extends BaseEvent { - group?: Group; -} - -/** - * @author Daniel DeGroff - */ -export interface MessengerTransport { +export interface KeySearchCriteria extends BaseSearchCriteria { + algorithm?: KeyAlgorithm; + name?: string; + type?: KeyType; } /** - * @author Daniel DeGroff + * Stores an message template used to distribute messages; + * + * @author Michael Sleevi */ -export interface IdentityProviderTenantConfiguration { +export interface MessageTemplate { data?: Record; - limitUserLinkCount?: IdentityProviderLimitUserLinkingPolicy; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + name?: string; + type?: MessageType; } /** + * Models the User Reactivate Event. + * * @author Brian Pontarelli */ -export interface AuditLogSearchCriteria extends BaseSearchCriteria { - end?: number; - message?: string; - newValue?: string; - oldValue?: string; - reason?: string; - start?: number; - user?: string; +export interface UserReactivateEvent extends BaseUserEvent { } /** - * Refresh Token Import request. - * - * @author Brett Guy + * @author Daniel DeGroff */ -export interface RefreshTokenImportRequest { - refreshTokens?: Array; - validateDbConstraints?: boolean; +export interface FormField { + confirm?: boolean; + consentId?: UUID; + control?: FormControl; + data?: Record; + description?: string; + id?: UUID; + insertInstant?: number; + key?: string; + lastUpdateInstant?: number; + name?: string; + options?: Array; + required?: boolean; + type?: FormDataType; + validator?: FormFieldValidator; } /** - * WebAuthn Credential API response + * Search request for Applications * * @author Spencer Witt */ -export interface WebAuthnCredentialResponse { - credential?: WebAuthnCredential; - credentials?: Array; +export interface ApplicationSearchRequest extends ExpandableRequest { + search?: ApplicationSearchCriteria; } /** - * Webhook event log search response. + * Type for webhook headers. * - * @author Spencer Witt - */ -export interface WebhookEventLogSearchResponse { - total?: number; - webhookEventLogs?: Array; -} - -/** - * @author Trevor Smith + * @author Brian Pontarelli */ -export interface ConnectorResponse { - connector?: BaseConnectorConfiguration; - connectors?: Array; +export interface HTTPHeaders extends Record { } /** - * Models a User consent. + * A custom OAuth scope for a specific application. * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface UserConsent { - consent?: Consent; - consentId?: UUID; +export interface ApplicationOAuthScope { + applicationId?: UUID; data?: Record; - giverUserId?: UUID; + defaultConsentDetail?: string; + defaultConsentMessage?: string; + description?: string; id?: UUID; insertInstant?: number; lastUpdateInstant?: number; - status?: ConsentStatus; - userId?: UUID; - values?: Array; + name?: string; + required?: boolean; } /** - * Steam API modes. + * Models the Group Create Complete Event. * * @author Daniel DeGroff */ -export enum SteamAPIMode { - Public = "Public", - Partner = "Partner" +export interface GroupDeleteCompleteEvent extends BaseGroupEvent { } /** - * Request for the Logout API that can be used as an alternative to URL parameters. + * Models the JWT Refresh Event. This event will be fired when a JWT is "refreshed" (generated) using a Refresh Token. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface LogoutRequest extends BaseEventRequest { - global?: boolean; +export interface JWTRefreshEvent extends BaseEvent { + applicationId?: UUID; + original?: string; refreshToken?: string; + token?: string; + userId?: UUID; } /** - * @author Daniel DeGroff + * @author Brett Pontarelli */ -export interface LookupResponse { - identityProvider?: IdentityProviderDetails; +export interface TenantCaptchaConfiguration extends Enableable { + captchaMethod?: CaptchaMethod; + secretKey?: string; + siteKey?: string; + threshold?: number; } /** - * Models a family grouping of users. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface Family { - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; - members?: Array; -} - -export interface LambdaConfiguration { - reconcileId?: UUID; +export interface LoginRecordSearchRequest { + retrieveTotal?: boolean; + search?: LoginRecordSearchCriteria; } /** - * Search response for entity types. + * Models the User Create Event. * * @author Brian Pontarelli */ -export interface EntityTypeSearchResponse { - entityTypes?: Array; - total?: number; +export interface UserCreateEvent extends BaseUserEvent { } /** @@ -10700,146 +10302,130 @@ export interface BaseSAMLv2IdentityProvider; } /** - * Search request for email templates - * - * @author Mark Manes + * @author Daniel DeGroff */ -export interface EmailTemplateSearchRequest { - search?: EmailTemplateSearchCriteria; +export interface SendResponse { + anonymousResults?: Record; + results?: Record; } -export enum EmailSecurityType { - NONE = "NONE", - SSL = "SSL", - TLS = "TLS" +export interface EmailTemplateErrors { + parseErrors?: Record; + renderErrors?: Record; } /** - * Provides the authenticator with the data it needs to generate an assertion. + * The phases of a time-based user action. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface PublicKeyCredentialRequestOptions { - allowCredentials?: Array; - challenge?: string; - rpId?: string; - timeout?: number; - userVerification?: UserVerificationRequirement; +export enum UserActionPhase { + start = "start", + modify = "modify", + cancel = "cancel", + end = "end" } /** - * Supply additional information about the Relying Party when creating a new credential - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface PublicKeyCredentialRelyingPartyEntity extends PublicKeyCredentialEntity { - id?: string; +export interface RememberPreviousPasswords extends Enableable { + count?: number; } /** - * API response for User consent. + * The types of lambdas that indicate how they are invoked by FusionAuth. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface UserConsentResponse { - userConsent?: UserConsent; - userConsents?: Array; -} - -/** - * @author Daniel DeGroff - */ -export interface BaseIdentityProviderApplicationConfiguration extends Enableable { - createRegistration?: boolean; - data?: Record; +export enum LambdaType { + JWTPopulate = "JWTPopulate", + OpenIDReconcile = "OpenIDReconcile", + SAMLv2Reconcile = "SAMLv2Reconcile", + SAMLv2Populate = "SAMLv2Populate", + AppleReconcile = "AppleReconcile", + ExternalJWTReconcile = "ExternalJWTReconcile", + FacebookReconcile = "FacebookReconcile", + GoogleReconcile = "GoogleReconcile", + HYPRReconcile = "HYPRReconcile", + TwitterReconcile = "TwitterReconcile", + LDAPConnectorReconcile = "LDAPConnectorReconcile", + LinkedInReconcile = "LinkedInReconcile", + EpicGamesReconcile = "EpicGamesReconcile", + NintendoReconcile = "NintendoReconcile", + SonyPSNReconcile = "SonyPSNReconcile", + SteamReconcile = "SteamReconcile", + TwitchReconcile = "TwitchReconcile", + XboxReconcile = "XboxReconcile", + ClientCredentialsJWTPopulate = "ClientCredentialsJWTPopulate", + SCIMServerGroupRequestConverter = "SCIMServerGroupRequestConverter", + SCIMServerGroupResponseConverter = "SCIMServerGroupResponseConverter", + SCIMServerUserRequestConverter = "SCIMServerUserRequestConverter", + SCIMServerUserResponseConverter = "SCIMServerUserResponseConverter", + SelfServiceRegistrationValidation = "SelfServiceRegistrationValidation", + UserInfoPopulate = "UserInfoPopulate", + LoginValidation = "LoginValidation" } /** - * API response for refreshing a JWT with a Refresh Token. - *

- * Using a different response object from RefreshTokenResponse because the retrieve response will return an object for refreshToken, and this is a - * string. + * The authenticator's response for the registration ceremony in its encoded format * - * @author Daniel DeGroff - */ -export interface JWTRefreshResponse { - refreshToken?: string; - refreshTokenId?: UUID; - token?: string; -} - -/** - * @author Brian Pontarelli - */ -export interface Count { - count?: number; - interval?: number; -} - -/** - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface AuditLogExportRequest extends BaseExportRequest { - criteria?: AuditLogSearchCriteria; +export interface WebAuthnAuthenticatorRegistrationResponse { + attestationObject?: string; + clientDataJSON?: string; } /** - * Defines an error. + * A marker interface indicating this event is not scoped to a tenant and will be sent to all webhooks. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface Error { - code?: string; - data?: Record; - message?: string; +export interface InstanceEvent extends NonTransactionalEvent { } /** @@ -10853,1397 +10439,1811 @@ export interface WebAuthnCredentialImportRequest { } /** - * @author Brian Pontarelli + * Configuration for signing webhooks. + * + * @author Brent Halsey */ -export enum ExpiryUnit { - MINUTES = "MINUTES", - HOURS = "HOURS", - DAYS = "DAYS", - WEEKS = "WEEKS", - MONTHS = "MONTHS", - YEARS = "YEARS" +export interface WebhookSignatureConfiguration extends Enableable { + signingKeyId?: UUID; } /** - * @author Brett Guy + * @author Daniel DeGroff */ -export enum MessengerType { - Generic = "Generic", - Kafka = "Kafka", - Twilio = "Twilio" +export interface PasswordlessStartRequest { + applicationId?: UUID; + loginId?: string; + state?: Record; } /** - * An expandable API response. + * API response for retrieving Refresh Tokens * * @author Daniel DeGroff */ -export interface ExpandableResponse { - expandable?: Array; +export interface RefreshTokenResponse { + refreshToken?: RefreshToken; + refreshTokens?: Array; } /** - * Search request for Themes. + * Registration API request object. * - * @author Mark Manes + * @author Brian Pontarelli */ -export interface ThemeSearchRequest { - search?: ThemeSearchCriteria; +export interface RegistrationRequest extends BaseEventRequest { + disableDomainBlock?: boolean; + generateAuthenticationToken?: boolean; + registration?: UserRegistration; + sendSetPasswordEmail?: boolean; + skipRegistrationVerification?: boolean; + skipVerification?: boolean; + user?: User; } /** * @author Daniel DeGroff */ -export interface PasswordValidationRulesResponse { - passwordValidationRules?: PasswordValidationRules; +export enum SystemTrustedProxyConfigurationPolicy { + All = "All", + OnlyConfigured = "OnlyConfigured" } /** - * API request to start a WebAuthn authentication ceremony + * Request for managing FusionAuth Reactor and licenses. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface WebAuthnStartRequest { - applicationId?: UUID; - credentialId?: UUID; - loginId?: string; - state?: Record; - userId?: UUID; - workflow?: WebAuthnWorkflow; +export interface ReactorRequest { + license?: string; + licenseId?: string; } /** - * A raw login record response + * Search results. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface LoginRecordSearchResponse { - logins?: Array; +export interface SearchResults { + nextResults?: string; + results?: Array; total?: number; + totalEqualToActual?: boolean; } /** - * Response for the registration report. + * Response for the daily active user report. * * @author Brian Pontarelli */ -export interface RegistrationReportResponse { - hourlyCounts?: Array; +export interface DailyActiveUserReportResponse { + dailyActiveUsers?: Array; total?: number; } /** - * @author Brett Guy + * SAML v2 IdP Initiated identity provider configuration. + * + * @author Daniel DeGroff */ -export interface IPAccessControlListSearchResponse { - ipAccessControlLists?: Array; - total?: number; +export interface SAMLv2IdPInitiatedIdentityProvider extends BaseSAMLv2IdentityProvider { + issuer?: string; } /** * @author Daniel DeGroff */ -export interface TwoFactorStatusResponse { - trusts?: Array; - twoFactorTrustId?: string; +export interface DeviceApprovalResponse { + deviceGrantStatus?: string; + deviceInfo?: DeviceInfo; + identityProviderLink?: IdentityProviderLink; + tenantId?: UUID; + userId?: UUID; } /** - * Consent search response + * @author Daniel DeGroff + */ +export interface UserTwoFactorConfiguration { + methods?: Array; + recoveryCodes?: Array; +} + +/** + * Search request for email templates * - * @author Spencer Witt + * @author Mark Manes */ -export interface ConsentSearchResponse { - consents?: Array; - total?: number; +export interface EmailTemplateSearchRequest { + search?: EmailTemplateSearchCriteria; } /** + * The summary of the action that is preventing login to be returned on the login response. + * * @author Daniel DeGroff */ -export interface RefreshResponse { +export interface LoginPreventedResponse { + actionerUserId?: UUID; + actionId?: UUID; + expiry?: number; + localizedName?: string; + localizedOption?: string; + localizedReason?: string; + name?: string; + option?: string; + reason?: string; + reasonCode?: string; } /** - * Stores an message template used to distribute messages; + * Models content user action options. * - * @author Michael Sleevi + * @author Brian Pontarelli */ -export interface MessageTemplate { - data?: Record; - id?: UUID; - insertInstant?: number; - lastUpdateInstant?: number; +export interface UserActionOption { + localizedNames?: LocalizedStrings; name?: string; - type?: MessageType; } /** - * Models the JWT public key Refresh Token Revoke Event. This event might be for a single - * token, a user or an entire application. + * Event log response. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface JWTPublicKeyUpdateEvent extends BaseEvent { - applicationIds?: Array; +export interface EventLogResponse { + eventLog?: EventLog; } /** * @author Daniel DeGroff */ -export interface DeviceUserCodeResponse { - client_id?: string; - deviceInfo?: DeviceInfo; - expires_in?: number; - pendingIdPLink?: PendingIdPLink; - scope?: string; - tenantId?: UUID; - user_code?: string; +export interface SAMLv2IdPInitiatedApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { } /** - * Models an entity type that has a specific set of permissions. These are global objects and can be used across tenants. - * - * @author Brian Pontarelli + * @author andrewpai */ -export interface EntityType { - data?: Record; - id?: UUID; - insertInstant?: number; - jwtConfiguration?: EntityJWTConfiguration; - lastUpdateInstant?: number; - name?: string; - permissions?: Array; +export interface SelfServiceFormConfiguration { + requireCurrentPasswordOnPasswordChange?: boolean; } /** + * Models the Group Update Complete Event. + * * @author Daniel DeGroff */ -export enum IdentityProviderType { - Apple = "Apple", - EpicGames = "EpicGames", - ExternalJWT = "ExternalJWT", - Facebook = "Facebook", - Google = "Google", - HYPR = "HYPR", - LinkedIn = "LinkedIn", - Nintendo = "Nintendo", - OpenIDConnect = "OpenIDConnect", - SAMLv2 = "SAMLv2", - SAMLv2IdPInitiated = "SAMLv2IdPInitiated", - SonyPSN = "SonyPSN", - Steam = "Steam", - Twitch = "Twitch", - Twitter = "Twitter", - Xbox = "Xbox" +export interface GroupUpdateCompleteEvent extends BaseGroupEvent { + original?: Group; +} + +/** + * Reindex API request + * + * @author Daniel DeGroff + */ +export interface ReindexRequest { + index?: string; +} + +/** + * @author Daniel DeGroff + */ +export interface ApplicationExternalIdentifierConfiguration { + twoFactorTrustIdTimeToLiveInSeconds?: number; } /** * @author Seth Musselman */ -export interface PreviewResponse { - email?: Email; - errors?: Errors; +export interface Application { + accessControlConfiguration?: ApplicationAccessControlConfiguration; + active?: boolean; + authenticationTokenConfiguration?: AuthenticationTokenConfiguration; + cleanSpeakConfiguration?: CleanSpeakConfiguration; + data?: Record; + emailConfiguration?: ApplicationEmailConfiguration; + externalIdentifierConfiguration?: ApplicationExternalIdentifierConfiguration; + formConfiguration?: ApplicationFormConfiguration; + id?: UUID; + insertInstant?: number; + jwtConfiguration?: JWTConfiguration; + lambdaConfiguration?: LambdaConfiguration; + lastUpdateInstant?: number; + loginConfiguration?: LoginConfiguration; + multiFactorConfiguration?: ApplicationMultiFactorConfiguration; + name?: string; + oauthConfiguration?: OAuth2Configuration; + passwordlessConfiguration?: PasswordlessConfiguration; + registrationConfiguration?: RegistrationConfiguration; + registrationDeletePolicy?: ApplicationRegistrationDeletePolicy; + roles?: Array; + samlv2Configuration?: SAMLv2Configuration; + scopes?: Array; + state?: ObjectState; + tenantId?: UUID; + themeId?: UUID; + unverified?: RegistrationUnverifiedOptions; + verificationEmailTemplateId?: UUID; + verificationStrategy?: VerificationStrategy; + verifyRegistration?: boolean; + webAuthnConfiguration?: ApplicationWebAuthnConfiguration; +} + +export interface ApplicationEmailConfiguration { + emailUpdateEmailTemplateId?: UUID; + emailVerificationEmailTemplateId?: UUID; + emailVerifiedEmailTemplateId?: UUID; + forgotPasswordEmailTemplateId?: UUID; + loginIdInUseOnCreateEmailTemplateId?: UUID; + loginIdInUseOnUpdateEmailTemplateId?: UUID; + loginNewDeviceEmailTemplateId?: UUID; + loginSuspiciousEmailTemplateId?: UUID; + passwordlessEmailTemplateId?: UUID; + passwordResetSuccessEmailTemplateId?: UUID; + passwordUpdateEmailTemplateId?: UUID; + setPasswordEmailTemplateId?: UUID; + twoFactorMethodAddEmailTemplateId?: UUID; + twoFactorMethodRemoveEmailTemplateId?: UUID; +} + +export interface AuthenticationTokenConfiguration extends Enableable { +} + +export interface LambdaConfiguration { + accessTokenPopulateId?: UUID; + idTokenPopulateId?: UUID; + samlv2PopulateId?: UUID; + selfServiceRegistrationValidationId?: UUID; + userinfoPopulateId?: UUID; +} + +export interface LoginConfiguration { + allowTokenRefresh?: boolean; + generateRefreshTokens?: boolean; + requireAuthentication?: boolean; +} + +export interface PasswordlessConfiguration extends Enableable { +} + +export interface RegistrationConfiguration extends Enableable { + birthDate?: Requirable; + confirmPassword?: boolean; + firstName?: Requirable; + formId?: UUID; + fullName?: Requirable; + lastName?: Requirable; + loginIdType?: LoginIdType; + middleName?: Requirable; + mobilePhone?: Requirable; + preferredLanguages?: Requirable; + type?: RegistrationType; +} + +export enum LoginIdType { + email = "email", + username = "username" +} + +export enum RegistrationType { + basic = "basic", + advanced = "advanced" +} + +export interface SAMLv2Configuration extends Enableable { + assertionEncryptionConfiguration?: SAMLv2AssertionEncryptionConfiguration; + audience?: string; + authorizedRedirectURLs?: Array; + callbackURL?: string; + debug?: boolean; + defaultVerificationKeyId?: UUID; + initiatedLogin?: SAMLv2IdPInitiatedLoginConfiguration; + issuer?: string; + keyId?: UUID; + loginHintConfiguration?: LoginHintConfiguration; + logout?: SAMLv2Logout; + logoutURL?: string; + requireSignedRequests?: boolean; + xmlSignatureC14nMethod?: CanonicalizationMethod; + xmlSignatureLocation?: XMLSignatureLocation; +} + +export enum SAMLLogoutBehavior { + AllParticipants = "AllParticipants", + OnlyOriginator = "OnlyOriginator" +} + +export enum XMLSignatureLocation { + Assertion = "Assertion", + Response = "Response" +} + +export interface SAMLv2AssertionEncryptionConfiguration extends Enableable { + digestAlgorithm?: string; + encryptionAlgorithm?: string; + keyLocation?: string; + keyTransportAlgorithm?: string; + keyTransportEncryptionKeyId?: UUID; + maskGenerationFunction?: string; +} + +export interface SAMLv2Logout { + behavior?: SAMLLogoutBehavior; + defaultVerificationKeyId?: UUID; + keyId?: UUID; + requireSignedRequests?: boolean; + singleLogout?: SAMLv2SingleLogout; + xmlSignatureC14nMethod?: CanonicalizationMethod; +} + +export interface SAMLv2SingleLogout extends Enableable { + keyId?: UUID; + url?: string; + xmlSignatureC14nMethod?: CanonicalizationMethod; } /** - * Event to indicate kickstart has been successfully completed. + * Allows the Relying Party to specify desired attributes of a new credential. * + * @author Spencer Witt + */ +export interface PublicKeyCredentialCreationOptions { + attestation?: AttestationConveyancePreference; + authenticatorSelection?: AuthenticatorSelectionCriteria; + challenge?: string; + excludeCredentials?: Array; + extensions?: WebAuthnRegistrationExtensionOptions; + pubKeyCredParams?: Array; + rp?: PublicKeyCredentialRelyingPartyEntity; + timeout?: number; + user?: PublicKeyCredentialUserEntity; +} + +/** * @author Daniel DeGroff */ -export interface KickstartSuccessEvent extends BaseEvent { - instanceId?: UUID; +export interface JWTVendResponse { + token?: string; +} + +/** + * Theme object for values used in the css variables for simple themes. + * + * @author Lyle Schemmerling + */ +export interface SimpleThemeVariables { + alertBackgroundColor?: string; + alertFontColor?: string; + backgroundImageURL?: string; + backgroundSize?: string; + borderRadius?: string; + deleteButtonColor?: string; + deleteButtonFocusColor?: string; + deleteButtonTextColor?: string; + deleteButtonTextFocusColor?: string; + errorFontColor?: string; + errorIconColor?: string; + fontColor?: string; + fontFamily?: string; + footerDisplay?: boolean; + iconBackgroundColor?: string; + iconColor?: string; + infoIconColor?: string; + inputBackgroundColor?: string; + inputIconColor?: string; + inputTextColor?: string; + linkTextColor?: string; + linkTextFocusColor?: string; + logoImageSize?: string; + logoImageURL?: string; + monoFontColor?: string; + monoFontFamily?: string; + pageBackgroundColor?: string; + panelBackgroundColor?: string; + primaryButtonColor?: string; + primaryButtonFocusColor?: string; + primaryButtonTextColor?: string; + primaryButtonTextFocusColor?: string; } /** * @author Daniel DeGroff */ -export enum SystemTrustedProxyConfigurationPolicy { - All = "All", - OnlyConfigured = "OnlyConfigured" +export enum Sort { + asc = "asc", + desc = "desc" } /** + * Event to indicate an audit log was created. + * * @author Daniel DeGroff */ -export interface TenantUsernameConfiguration { - unique?: UniqueUsernameConfiguration; +export interface AuditLogCreateEvent extends BaseEvent { + auditLog?: AuditLog; } /** - * Interface for all identity providers that are passwordless and do not accept a password. + * Describes the authenticator attachment modality preference for a WebAuthn workflow. See {@link AuthenticatorAttachment} + * + * @author Spencer Witt */ -export interface PasswordlessIdentityProvider { +export enum AuthenticatorAttachmentPreference { + any = "any", + platform = "platform", + crossPlatform = "crossPlatform" +} + +/** + * User API bulk response object. + * + * @author Trevor Smith + */ +export interface UserDeleteResponse { + dryRun?: boolean; + hardDelete?: boolean; + total?: number; + userIds?: Array; } /** * @author Daniel DeGroff */ -export interface PasswordBreachDetection extends Enableable { - matchMode?: BreachMatchMode; - notifyUserEmailTemplateId?: UUID; - onLogin?: BreachAction; +export interface TwoFactorStartResponse { + code?: string; + methods?: Array; + twoFactorId?: string; } /** - * Base class for all FusionAuth events. + * User Action Reason API response object. * * @author Brian Pontarelli */ -export interface BaseEvent { - createInstant?: number; - id?: UUID; - info?: EventInfo; - tenantId?: UUID; - type?: EventType; +export interface UserActionReasonResponse { + userActionReason?: UserActionReason; + userActionReasons?: Array; +} + +/** + * Models the User Event (and can be converted to JSON) that is used for all user modifications (create, update, + * delete). + * + * @author Brian Pontarelli + */ +export interface UserDeleteEvent extends BaseUserEvent { +} + +/** + * An expandable API request. + * + * @author Daniel DeGroff + */ +export interface ExpandableRequest { + expand?: Array; } /** + * API response for User consent. + * * @author Daniel DeGroff */ -export interface EmailHeader { - name?: string; - value?: string; +export interface UserConsentRequest { + userConsent?: UserConsent; +} + +/** + * @author Rob Davis + */ +export interface TenantSCIMServerConfiguration extends Enableable { + clientEntityTypeId?: UUID; + schemas?: Record; + serverEntityTypeId?: UUID; } /** - * The FormField API request object. + * Theme API request object. * - * @author Brett Guy + * @author Trevor Smith */ -export interface FormFieldRequest { - field?: FormField; - fields?: Array; +export interface ThemeRequest { + sourceThemeId?: UUID; + theme?: Theme; } /** * @author Daniel DeGroff */ -export interface TwoFactorMethod { - authenticator?: AuthenticatorConfiguration; - email?: string; - id?: string; - lastUsed?: boolean; - method?: string; - mobilePhone?: string; - secret?: string; +export interface OAuthConfigurationResponse { + httpSessionMaxInactiveInterval?: number; + logoutURL?: string; + oauthConfiguration?: OAuth2Configuration; } /** - * Models the event types that FusionAuth produces. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export enum EventType { - JWTPublicKeyUpdate = "jwt.public-key.update", - JWTRefreshTokenRevoke = "jwt.refresh-token.revoke", - JWTRefresh = "jwt.refresh", - AuditLogCreate = "audit-log.create", - EventLogCreate = "event-log.create", - KickstartSuccess = "kickstart.success", - GroupCreate = "group.create", - GroupCreateComplete = "group.create.complete", - GroupDelete = "group.delete", - GroupDeleteComplete = "group.delete.complete", - GroupMemberAdd = "group.member.add", - GroupMemberAddComplete = "group.member.add.complete", - GroupMemberRemove = "group.member.remove", - GroupMemberRemoveComplete = "group.member.remove.complete", - GroupMemberUpdate = "group.member.update", - GroupMemberUpdateComplete = "group.member.update.complete", - GroupUpdate = "group.update", - GroupUpdateComplete = "group.update.complete", - UserAction = "user.action", - UserBulkCreate = "user.bulk.create", - UserCreate = "user.create", - UserCreateComplete = "user.create.complete", - UserDeactivate = "user.deactivate", - UserDelete = "user.delete", - UserDeleteComplete = "user.delete.complete", - UserEmailUpdate = "user.email.update", - UserEmailVerified = "user.email.verified", - UserIdentityProviderLink = "user.identity-provider.link", - UserIdentityProviderUnlink = "user.identity-provider.unlink", - UserLoginIdDuplicateOnCreate = "user.loginId.duplicate.create", - UserLoginIdDuplicateOnUpdate = "user.loginId.duplicate.update", - UserLoginFailed = "user.login.failed", - UserLoginNewDevice = "user.login.new-device", - UserLoginSuccess = "user.login.success", - UserLoginSuspicious = "user.login.suspicious", - UserPasswordBreach = "user.password.breach", - UserPasswordResetSend = "user.password.reset.send", - UserPasswordResetStart = "user.password.reset.start", - UserPasswordResetSuccess = "user.password.reset.success", - UserPasswordUpdate = "user.password.update", - UserReactivate = "user.reactivate", - UserRegistrationCreate = "user.registration.create", - UserRegistrationCreateComplete = "user.registration.create.complete", - UserRegistrationDelete = "user.registration.delete", - UserRegistrationDeleteComplete = "user.registration.delete.complete", - UserRegistrationUpdate = "user.registration.update", - UserRegistrationUpdateComplete = "user.registration.update.complete", - UserRegistrationVerified = "user.registration.verified", - UserTwoFactorMethodAdd = "user.two-factor.method.add", - UserTwoFactorMethodRemove = "user.two-factor.method.remove", - UserUpdate = "user.update", - UserUpdateComplete = "user.update.complete", - Test = "test" +export interface ExternalIdentifierConfiguration { + authorizationGrantIdTimeToLiveInSeconds?: number; + changePasswordIdGenerator?: SecureGeneratorConfiguration; + changePasswordIdTimeToLiveInSeconds?: number; + deviceCodeTimeToLiveInSeconds?: number; + deviceUserCodeIdGenerator?: SecureGeneratorConfiguration; + emailVerificationIdGenerator?: SecureGeneratorConfiguration; + emailVerificationIdTimeToLiveInSeconds?: number; + emailVerificationOneTimeCodeGenerator?: SecureGeneratorConfiguration; + externalAuthenticationIdTimeToLiveInSeconds?: number; + loginIntentTimeToLiveInSeconds?: number; + oneTimePasswordTimeToLiveInSeconds?: number; + passwordlessLoginGenerator?: SecureGeneratorConfiguration; + passwordlessLoginTimeToLiveInSeconds?: number; + pendingAccountLinkTimeToLiveInSeconds?: number; + registrationVerificationIdGenerator?: SecureGeneratorConfiguration; + registrationVerificationIdTimeToLiveInSeconds?: number; + registrationVerificationOneTimeCodeGenerator?: SecureGeneratorConfiguration; + rememberOAuthScopeConsentChoiceTimeToLiveInSeconds?: number; + samlv2AuthNRequestIdTimeToLiveInSeconds?: number; + setupPasswordIdGenerator?: SecureGeneratorConfiguration; + setupPasswordIdTimeToLiveInSeconds?: number; + trustTokenTimeToLiveInSeconds?: number; + twoFactorIdTimeToLiveInSeconds?: number; + twoFactorOneTimeCodeIdGenerator?: SecureGeneratorConfiguration; + twoFactorOneTimeCodeIdTimeToLiveInSeconds?: number; + twoFactorTrustIdTimeToLiveInSeconds?: number; + webAuthnAuthenticationChallengeTimeToLiveInSeconds?: number; + webAuthnRegistrationChallengeTimeToLiveInSeconds?: number; } /** - * Tenant search response + * Defines valid credential types. This is an extension point in the WebAuthn spec. The only defined value at this time is "public-key" * - * @author Mark Manes + * @author Spencer Witt */ -export interface TenantSearchResponse { - tenants?: Array; - total?: number; +export enum PublicKeyCredentialType { + publicKey = "public-key" } /** - * Search API request. + * This class is the entity query. It provides a build pattern as well as public fields for use on forms and in actions. * * @author Brian Pontarelli */ -export interface SearchRequest extends ExpandableRequest { - search?: UserSearchCriteria; +export interface EntitySearchCriteria extends BaseElasticSearchCriteria { } /** - * Lambda search response - * - * @author Mark Manes + * @author Seth Musselman */ -export interface LambdaSearchResponse { - lambdas?: Array; - total?: number; +export interface PreviewResponse { + email?: Email; + errors?: Errors; } -export interface Templates { - accountEdit?: string; - accountIndex?: string; - accountTwoFactorDisable?: string; - accountTwoFactorEnable?: string; - accountTwoFactorIndex?: string; - accountWebAuthnAdd?: string; - accountWebAuthnDelete?: string; - accountWebAuthnIndex?: string; - confirmationRequired?: string; - emailComplete?: string; - emailSend?: string; - emailSent?: string; - emailVerificationRequired?: string; - emailVerify?: string; - helpers?: string; - index?: string; - oauth2Authorize?: string; - oauth2AuthorizedNotRegistered?: string; - oauth2ChildRegistrationNotAllowed?: string; - oauth2ChildRegistrationNotAllowedComplete?: string; - oauth2CompleteRegistration?: string; - oauth2Consent?: string; - oauth2Device?: string; - oauth2DeviceComplete?: string; - oauth2Error?: string; - oauth2Logout?: string; - oauth2Passwordless?: string; - oauth2Register?: string; - oauth2StartIdPLink?: string; - oauth2TwoFactor?: string; - oauth2TwoFactorEnable?: string; - oauth2TwoFactorEnableComplete?: string; - oauth2TwoFactorMethods?: string; - oauth2Wait?: string; - oauth2WebAuthn?: string; - oauth2WebAuthnReauth?: string; - oauth2WebAuthnReauthEnable?: string; - passwordChange?: string; - passwordComplete?: string; - passwordForgot?: string; - passwordSent?: string; - registrationComplete?: string; - registrationSend?: string; - registrationSent?: string; - registrationVerificationRequired?: string; - registrationVerify?: string; - samlv2Logout?: string; - unauthorized?: string; +/** + * @author Brett Pontarelli + */ +export interface EpicGamesApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; } /** - * Search request for Lambdas + * OpenID Connect Configuration as described by the OpenID + * Provider Metadata. * - * @author Mark Manes + * @author Daniel DeGroff */ -export interface LambdaSearchRequest { - search?: LambdaSearchCriteria; +export interface OpenIdConfiguration { + authorization_endpoint?: string; + backchannel_logout_supported?: boolean; + claims_supported?: Array; + device_authorization_endpoint?: string; + end_session_endpoint?: string; + frontchannel_logout_supported?: boolean; + grant_types_supported?: Array; + id_token_signing_alg_values_supported?: Array; + issuer?: string; + jwks_uri?: string; + response_modes_supported?: Array; + response_types_supported?: Array; + scopes_supported?: Array; + subject_types_supported?: Array; + token_endpoint?: string; + token_endpoint_auth_methods_supported?: Array; + userinfo_endpoint?: string; + userinfo_signing_alg_values_supported?: Array; } /** - * Models the User Password Reset Send Event. + * COSE Elliptic Curve identifier to determine which elliptic curve to use with a given key * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface UserPasswordResetSendEvent extends BaseUserEvent { +export enum CoseEllipticCurve { + Reserved = "Reserved", + P256 = "P256", + P384 = "P384", + P521 = "P521", + X25519 = "X25519", + X448 = "X448", + Ed25519 = "Ed25519", + Ed448 = "Ed448", + Secp256k1 = "Secp256k1" } /** - * The Integration Request + * Form response. * * @author Daniel DeGroff */ -export interface IntegrationRequest { - integrations?: Integrations; +export interface FormResponse { + form?: Form; + forms?: Array; } -export enum TOTPAlgorithm { - HmacSHA1 = "HmacSHA1", - HmacSHA256 = "HmacSHA256", - HmacSHA512 = "HmacSHA512" +// Do not require a setter for 'type', it is defined by the concrete class and is not mutable +export interface BaseIdentityProvider extends Enableable { + applicationConfiguration?: Record; + data?: Record; + debug?: boolean; + id?: UUID; + insertInstant?: number; + lambdaConfiguration?: LambdaConfiguration; + lastUpdateInstant?: number; + linkingStrategy?: IdentityProviderLinkingStrategy; + name?: string; + tenantConfiguration?: Record; + type?: IdentityProviderType; } -export enum LDAPSecurityMethod { - None = "None", - LDAPS = "LDAPS", - StartTLS = "StartTLS" +export interface LambdaConfiguration { + reconcileId?: UUID; } /** - * User API delete request object. - * * @author Daniel DeGroff */ -export interface UserDeleteRequest extends BaseEventRequest { - dryRun?: boolean; - hardDelete?: boolean; - limit?: number; - query?: string; - queryString?: string; - userIds?: Array; +export interface ValidateResponse { + jwt?: JWT; } /** * @author Daniel DeGroff */ -export interface IdentityProviderStartLoginRequest extends BaseLoginRequest { - data?: Record; - identityProviderId?: UUID; - loginId?: string; - state?: Record; +export interface VerifyRegistrationResponse { + oneTimeCode?: string; + verificationId?: string; } -export enum UniqueUsernameStrategy { - Always = "Always", - OnCollision = "OnCollision" +/** + * @author Daniel DeGroff + */ +export interface LoginRecordSearchCriteria extends BaseSearchCriteria { + applicationId?: UUID; + end?: number; + start?: number; + userId?: UUID; } /** * @author Daniel DeGroff */ -export interface ExternalJWTApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { +export interface OAuthResponse { } /** + * Domain for a public key, key pair or an HMAC secret. This is used by KeyMaster to manage keys for JWTs, SAML, etc. + * * @author Brian Pontarelli */ -export interface LoginResponse { - actions?: Array; - changePasswordId?: string; - changePasswordReason?: ChangePasswordReason; - configurableMethods?: Array; - emailVerificationId?: string; - methods?: Array; - pendingIdPLinkId?: string; - refreshToken?: string; - refreshTokenId?: UUID; - registrationVerificationId?: string; - state?: Record; - threatsDetected?: Array; - token?: string; - tokenExpirationInstant?: number; - trustToken?: string; - twoFactorId?: string; - twoFactorTrustId?: string; - user?: User; +export interface Key { + algorithm?: KeyAlgorithm; + certificate?: string; + certificateInformation?: CertificateInformation; + expirationInstant?: number; + hasPrivateKey?: boolean; + id?: UUID; + insertInstant?: number; + issuer?: string; + kid?: string; + lastUpdateInstant?: number; + length?: number; + name?: string; + privateKey?: string; + publicKey?: string; + secret?: string; + type?: KeyType; +} + +export enum KeyAlgorithm { + ES256 = "ES256", + ES384 = "ES384", + ES512 = "ES512", + HS256 = "HS256", + HS384 = "HS384", + HS512 = "HS512", + RS256 = "RS256", + RS384 = "RS384", + RS512 = "RS512" +} + +export enum KeyType { + EC = "EC", + RSA = "RSA", + HMAC = "HMAC" +} + +export interface CertificateInformation { + issuer?: string; + md5Fingerprint?: string; + serialNumber?: string; + sha1Fingerprint?: string; + sha1Thumbprint?: string; + sha256Fingerprint?: string; + sha256Thumbprint?: string; + subject?: string; + validFrom?: number; + validTo?: number; } /** - * The Application Scope API response. + * Search criteria for entity grants. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface ApplicationOAuthScopeResponse { - scope?: ApplicationOAuthScope; +export interface EntityGrantSearchCriteria extends BaseSearchCriteria { + entityId?: UUID; + name?: string; + userId?: UUID; } /** - * Search API response. + * Controls the policy for requesting user permission to grant access to requested scopes during an OAuth workflow + * for a third-party application. * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface SearchResponse extends ExpandableResponse { - nextResults?: string; - total?: number; - users?: Array; +export enum OAuthScopeConsentMode { + AlwaysPrompt = "AlwaysPrompt", + RememberDecision = "RememberDecision", + NeverPrompt = "NeverPrompt" } /** - * @author Daniel DeGroff + * @author Trevor Smith */ -export interface SendResponse { - anonymousResults?: Record; - results?: Record; +export interface ConnectorResponse { + connector?: BaseConnectorConfiguration; + connectors?: Array; } /** - * @author Daniel DeGroff + * Models the FusionAuth connector. + * + * @author Trevor Smith */ -export interface SystemLogsExportRequest extends BaseExportRequest { - includeArchived?: boolean; - lastNBytes?: number; +export interface FusionAuthConnectorConfiguration extends BaseConnectorConfiguration { } /** * @author Daniel DeGroff */ -export interface ReactorMetricsResponse { - metrics?: ReactorMetrics; +export interface RefreshTokenSlidingWindowConfiguration { + maximumTimeToLiveInMinutes?: number; } /** - * Location information. Useful for IP addresses and other displayable data objects. + * Search request for Themes. * - * @author Brian Pontarelli + * @author Mark Manes */ -export interface Location { - city?: string; - country?: string; - displayString?: string; - latitude?: number; - longitude?: number; - region?: string; - zipcode?: string; +export interface ThemeSearchRequest { + search?: ThemeSearchCriteria; } /** - * @author Brett Guy + * Search request for Consents + * + * @author Spencer Witt */ -export interface TenantAccessControlConfiguration { - uiIPAccessControlListId?: UUID; +export interface ConsentSearchRequest { + search?: ConsentSearchCriteria; } /** * @author Daniel DeGroff */ -export interface TenantResponse { - tenant?: Tenant; - tenants?: Array; +export enum ObjectState { + Active = "Active", + Inactive = "Inactive", + PendingDelete = "PendingDelete" } /** - * @author Brett Guy + * Search request for Identity Providers + * + * @author Spencer Witt */ -export interface TwilioMessengerConfiguration extends BaseMessengerConfiguration { - accountSID?: string; - authToken?: string; - fromPhoneNumber?: string; - messagingServiceSid?: string; - url?: string; +export interface IdentityProviderSearchRequest { + search?: IdentityProviderSearchCriteria; } /** * @author Daniel DeGroff */ -export enum VerificationStrategy { - ClickableLink = "ClickableLink", - FormField = "FormField" +export interface RefreshTokenRevocationPolicy { + onLoginPrevented?: boolean; + onMultiFactorEnable?: boolean; + onPasswordChanged?: boolean; } /** - * Model a user event when a two-factor method has been removed. + * Models a family grouping of users. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface UserTwoFactorMethodAddEvent extends BaseUserEvent { - method?: TwoFactorMethod; +export interface Family { + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + members?: Array; } /** - * API request to start a WebAuthn registration ceremony + * The Application Scope API response. * * @author Spencer Witt */ -export interface WebAuthnRegisterStartRequest { - displayName?: string; - name?: string; - userAgent?: string; - userId?: UUID; - workflow?: WebAuthnWorkflow; +export interface ApplicationOAuthScopeResponse { + scope?: ApplicationOAuthScope; } /** * @author Daniel DeGroff */ -export interface MaximumPasswordAge extends Enableable { - days?: number; +export interface OAuth2Configuration { + authorizedOriginURLs?: Array; + authorizedRedirectURLs?: Array; + authorizedURLValidationPolicy?: Oauth2AuthorizedURLValidationPolicy; + clientAuthenticationPolicy?: ClientAuthenticationPolicy; + clientId?: string; + clientSecret?: string; + consentMode?: OAuthScopeConsentMode; + debug?: boolean; + deviceVerificationURL?: string; + enabledGrants?: Array; + generateRefreshTokens?: boolean; + logoutBehavior?: LogoutBehavior; + logoutURL?: string; + proofKeyForCodeExchangePolicy?: ProofKeyForCodeExchangePolicy; + providedScopePolicy?: ProvidedScopePolicy; + relationship?: OAuthApplicationRelationship; + requireClientAuthentication?: boolean; + requireRegistration?: boolean; + scopeHandlingPolicy?: OAuthScopeHandlingPolicy; + unknownScopePolicy?: UnknownScopePolicy; } /** - * @author Brett Guy + * Interface for all identity providers that are passwordless and do not accept a password. */ -export interface IPAccessControlEntry { - action?: IPAccessControlEntryAction; - endIPAddress?: string; - startIPAddress?: string; +export interface PasswordlessIdentityProvider { } /** - * Models the Group Member Update Event. + * A log for an event that happened to a User. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface GroupMemberUpdateEvent extends BaseGroupEvent { - members?: Array; +export interface UserComment { + comment?: string; + commenterId?: UUID; + id?: UUID; + insertInstant?: number; + userId?: UUID; } /** - * Models the User Deactivate Event. + * Models the Group Created Event. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface UserDeactivateEvent extends BaseUserEvent { +export interface GroupCreateCompleteEvent extends BaseGroupEvent { } /** - * Search criteria for the webhook event log. - * - * @author Spencer Witt + * @author Brett Pontarelli */ -export interface WebhookEventLogSearchCriteria extends BaseSearchCriteria { - end?: number; - event?: string; - eventResult?: WebhookEventResult; - eventType?: EventType; - start?: number; +export interface TenantSSOConfiguration { + deviceTrustTimeToLiveInSeconds?: number; } /** - * Group Member Response - * * @author Daniel DeGroff */ -export interface MemberResponse { - members?: Record>; +export interface TwoFactorMethod { + authenticator?: AuthenticatorConfiguration; + email?: string; + id?: string; + lastUsed?: boolean; + method?: string; + mobilePhone?: string; + secret?: string; } /** - * Webhook event log search request. + * Search criteria for Tenants * - * @author Spencer Witt + * @author Mark Manes */ -export interface WebhookEventLogSearchRequest { - search?: WebhookEventLogSearchCriteria; +export interface TenantSearchCriteria extends BaseSearchCriteria { + name?: string; } /** - * API response for completing WebAuthn assertion + * Models the User Identity Provider Link Event. * - * @author Spencer Witt + * @author Rob Davis */ -export interface WebAuthnAssertResponse { - credential?: WebAuthnCredential; +export interface UserIdentityProviderLinkEvent extends BaseUserEvent { + identityProviderLink?: IdentityProviderLink; } /** - * @author Daniel DeGroff + * @author Michael Sleevi */ -export enum SecureGeneratorType { - randomDigits = "randomDigits", - randomBytes = "randomBytes", - randomAlpha = "randomAlpha", - randomAlphaNumeric = "randomAlphaNumeric" +export interface PreviewMessageTemplateRequest { + locale?: string; + messageTemplate?: MessageTemplate; } /** - * XML canonicalization method enumeration. This is used for the IdP and SP side of FusionAuth SAML. + * Login API request object used for login to third-party systems (i.e. Login with Facebook). * * @author Brian Pontarelli */ -export enum CanonicalizationMethod { - exclusive = "exclusive", - exclusive_with_comments = "exclusive_with_comments", - inclusive = "inclusive", - inclusive_with_comments = "inclusive_with_comments" +export interface IdentityProviderLoginRequest extends BaseLoginRequest { + data?: Record; + encodedJWT?: string; + identityProviderId?: UUID; + noLink?: boolean; } /** - * Search criteria for themes + * An action that can be executed on a user (discipline or reward potentially). * - * @author Mark Manes + * @author Brian Pontarelli */ -export interface ThemeSearchCriteria extends BaseSearchCriteria { +export interface UserAction { + active?: boolean; + cancelEmailTemplateId?: UUID; + endEmailTemplateId?: UUID; + id?: UUID; + includeEmailInEventJSON?: boolean; + insertInstant?: number; + lastUpdateInstant?: number; + localizedNames?: LocalizedStrings; + modifyEmailTemplateId?: UUID; name?: string; - type?: ThemeType; + options?: Array; + preventLogin?: boolean; + sendEndEvent?: boolean; + startEmailTemplateId?: UUID; + temporal?: boolean; + transactionType?: TransactionType; + userEmailingEnabled?: boolean; + userNotificationsEnabled?: boolean; } /** - * @author Daniel DeGroff + * @author Trevor Smith */ -export enum RateLimitedRequestType { - FailedLogin = "FailedLogin", - ForgotPassword = "ForgotPassword", - SendEmailVerification = "SendEmailVerification", - SendPasswordless = "SendPasswordless", - SendRegistrationVerification = "SendRegistrationVerification", - SendTwoFactor = "SendTwoFactor" +export interface Theme { + data?: Record; + defaultMessages?: string; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + localizedMessages?: LocalizedStrings; + name?: string; + stylesheet?: string; + templates?: Templates; + type?: ThemeType; + variables?: SimpleThemeVariables; } -/** - * @author Daniel DeGroff - */ -export interface LoginHintConfiguration extends Enableable { - parameterName?: string; +export interface Templates { + accountEdit?: string; + accountIndex?: string; + accountTwoFactorDisable?: string; + accountTwoFactorEnable?: string; + accountTwoFactorIndex?: string; + accountWebAuthnAdd?: string; + accountWebAuthnDelete?: string; + accountWebAuthnIndex?: string; + confirmationRequired?: string; + emailComplete?: string; + emailSend?: string; + emailSent?: string; + emailVerificationRequired?: string; + emailVerify?: string; + helpers?: string; + index?: string; + oauth2Authorize?: string; + oauth2AuthorizedNotRegistered?: string; + oauth2ChildRegistrationNotAllowed?: string; + oauth2ChildRegistrationNotAllowedComplete?: string; + oauth2CompleteRegistration?: string; + oauth2Consent?: string; + oauth2Device?: string; + oauth2DeviceComplete?: string; + oauth2Error?: string; + oauth2Logout?: string; + oauth2Passwordless?: string; + oauth2Register?: string; + oauth2StartIdPLink?: string; + oauth2TwoFactor?: string; + oauth2TwoFactorEnable?: string; + oauth2TwoFactorEnableComplete?: string; + oauth2TwoFactorMethods?: string; + oauth2Wait?: string; + oauth2WebAuthn?: string; + oauth2WebAuthnReauth?: string; + oauth2WebAuthnReauthEnable?: string; + passwordChange?: string; + passwordComplete?: string; + passwordForgot?: string; + passwordSent?: string; + registrationComplete?: string; + registrationSend?: string; + registrationSent?: string; + registrationVerificationRequired?: string; + registrationVerify?: string; + samlv2Logout?: string; + unauthorized?: string; } /** - * Controls the policy for whether OAuth workflows will more strictly adhere to the OAuth and OIDC specification - * or run in backwards compatibility mode. - * - * @author David Charles + * @author Daniel DeGroff */ -export enum OAuthScopeHandlingPolicy { - Compatibility = "Compatibility", - Strict = "Strict" +export enum IdentityProviderType { + Apple = "Apple", + EpicGames = "EpicGames", + ExternalJWT = "ExternalJWT", + Facebook = "Facebook", + Google = "Google", + HYPR = "HYPR", + LinkedIn = "LinkedIn", + Nintendo = "Nintendo", + OpenIDConnect = "OpenIDConnect", + SAMLv2 = "SAMLv2", + SAMLv2IdPInitiated = "SAMLv2IdPInitiated", + SonyPSN = "SonyPSN", + Steam = "Steam", + Twitch = "Twitch", + Twitter = "Twitter", + Xbox = "Xbox" } /** - * API request for managing families and members. - * - * @author Brian Pontarelli + * @author Brett Guy */ -export interface FamilyRequest { - familyMember?: FamilyMember; +export interface IPAccessControlList { + data?: Record; + entries?: Array; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + name?: string; } /** - * @author Matthew Altman + * @author Daniel DeGroff */ -export enum LogoutBehavior { - RedirectOnly = "RedirectOnly", - AllApplications = "AllApplications" +export enum VerificationStrategy { + ClickableLink = "ClickableLink", + FormField = "FormField" } /** - * The response from the total report. This report stores the total numbers for each application. + * This class contains the managed fields that are also put into the database during FusionAuth setup. + *

+ * Internal Note: These fields are also declared in SQL in order to bootstrap the system. These need to stay in sync. + * Any changes to these fields needs to also be reflected in mysql.sql and postgresql.sql * * @author Brian Pontarelli */ -export interface TotalsReportResponse { - applicationTotals?: Record; - globalRegistrations?: number; - totalGlobalRegistrations?: number; +export interface ManagedFields { } /** - * A historical state of a user log event. Since events can be modified, this stores the historical state. + * Webhook event log search request. * - * @author Brian Pontarelli + * @author Spencer Witt */ -export interface LogHistory { - historyItems?: Array; +export interface WebhookEventLogSearchRequest { + search?: WebhookEventLogSearchCriteria; } /** - * Models the User Create Registration Event. - * * @author Daniel DeGroff */ -export interface UserRegistrationCreateEvent extends BaseUserEvent { - applicationId?: UUID; - registration?: UserRegistration; +export interface AuthenticatorConfiguration { + algorithm?: TOTPAlgorithm; + codeLength?: number; + timeStep?: number; +} + +export enum TOTPAlgorithm { + HmacSHA1 = "HmacSHA1", + HmacSHA256 = "HmacSHA256", + HmacSHA512 = "HmacSHA512" } /** - * Search request for Applications + * Models action reasons. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface ApplicationSearchRequest extends ExpandableRequest { - search?: ApplicationSearchCriteria; +export interface UserActionReason { + code?: string; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + localizedTexts?: LocalizedStrings; + text?: string; } /** - * A webhook call response. + * A User's WebAuthnCredential. Contains all data required to complete WebAuthn authentication ceremonies. * * @author Spencer Witt */ -export interface WebhookCallResponse { - exception?: string; - statusCode?: number; - url?: string; +export interface WebAuthnCredential { + algorithm?: CoseAlgorithmIdentifier; + attestationType?: AttestationType; + authenticatorSupportsUserVerification?: boolean; + credentialId?: string; + data?: Record; + discoverable?: boolean; + displayName?: string; + id?: UUID; + insertInstant?: number; + lastUseInstant?: number; + name?: string; + publicKey?: string; + relyingPartyId?: string; + signCount?: number; + tenantId?: UUID; + transports?: Array; + userAgent?: string; + userId?: UUID; } /** - * API request for User consent types. - * * @author Daniel DeGroff */ -export interface ConsentRequest { - consent?: Consent; +export interface TestEvent extends BaseEvent { + message?: string; } /** - * @author Daniel DeGroff + * Models the Refresh Token Revoke Event. This event might be for a single token, a user + * or an entire application. + * + * @author Brian Pontarelli */ -export interface FacebookApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { - appId?: string; - buttonText?: string; - client_secret?: string; - fields?: string; - loginMethod?: IdentityProviderLoginMethod; - permissions?: string; +export interface JWTRefreshTokenRevokeEvent extends BaseEvent { + applicationId?: UUID; + applicationTimeToLiveInSeconds?: Record; + refreshToken?: RefreshToken; + user?: User; + userId?: UUID; } /** - * @author Johnathon Wood + * @author Trevor Smith */ -export enum Oauth2AuthorizedURLValidationPolicy { - AllowWildcards = "AllowWildcards", - ExactMatch = "ExactMatch" +export interface ConnectorPolicy { + connectorId?: UUID; + data?: Record; + domains?: Array; + migrate?: boolean; } /** - * Models content user action options. - * - * @author Brian Pontarelli + * @author Brett Pontarelli */ -export interface UserActionOption { - localizedNames?: LocalizedStrings; - name?: string; +export enum AuthenticationThreats { + ImpossibleTravel = "ImpossibleTravel" } /** - * Identifies the WebAuthn workflow. This will affect the parameters used for credential creation - * and request based on the Tenant configuration. + * Models the User Password Reset Send Event. * - * @author Spencer Witt + * @author Daniel DeGroff */ -export enum WebAuthnWorkflow { - bootstrap = "bootstrap", - general = "general", - reauthentication = "reauthentication" +export interface UserPasswordResetSendEvent extends BaseUserEvent { } /** - * An action that can be executed on a user (discipline or reward potentially). + * Event to indicate kickstart has been successfully completed. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface UserAction { - active?: boolean; - cancelEmailTemplateId?: UUID; - endEmailTemplateId?: UUID; - id?: UUID; - includeEmailInEventJSON?: boolean; - insertInstant?: number; - lastUpdateInstant?: number; - localizedNames?: LocalizedStrings; - modifyEmailTemplateId?: UUID; - name?: string; - options?: Array; - preventLogin?: boolean; - sendEndEvent?: boolean; - startEmailTemplateId?: UUID; - temporal?: boolean; - transactionType?: TransactionType; - userEmailingEnabled?: boolean; - userNotificationsEnabled?: boolean; +export interface KickstartSuccessEvent extends BaseEvent { + instanceId?: UUID; } /** - * Forgot password response object. + * User API delete request object. * * @author Daniel DeGroff */ -export interface ForgotPasswordResponse { - changePasswordId?: string; +export interface UserDeleteRequest extends BaseEventRequest { + dryRun?: boolean; + hardDelete?: boolean; + limit?: number; + query?: string; + queryString?: string; + userIds?: Array; } /** - * Models the JWT Refresh Event. This event will be fired when a JWT is "refreshed" (generated) using a Refresh Token. - * - * @author Daniel DeGroff + * @author Brett Guy */ -export interface JWTRefreshEvent extends BaseEvent { - applicationId?: UUID; - original?: string; - refreshToken?: string; - token?: string; - userId?: UUID; +export interface TenantAccessControlConfiguration { + uiIPAccessControlListId?: UUID; } /** - * Search results. + * This class is a simple attachment with a byte array, name and MIME type. * * @author Brian Pontarelli */ -export interface SearchResults { - nextResults?: string; - results?: Array; - total?: number; - totalEqualToActual?: boolean; +export interface Attachment { + attachment?: Array; + mime?: string; + name?: string; } /** - * Models a set of localized Strings that can be stored as JSON. - * - * @author Brian Pontarelli + * Interface for any object that can provide JSON Web key Information. */ -export interface LocalizedStrings extends Record { +export interface JSONWebKeyInfoProvider { } /** - * Search request for entities + * Tenant-level configuration for WebAuthn * - * @author Brett Guy + * @author Spencer Witt */ -export interface EntitySearchResponse { - entities?: Array; - nextResults?: string; - total?: number; +export interface TenantWebAuthnConfiguration extends Enableable { + bootstrapWorkflow?: TenantWebAuthnWorkflowConfiguration; + debug?: boolean; + reauthenticationWorkflow?: TenantWebAuthnWorkflowConfiguration; + relyingPartyId?: string; + relyingPartyName?: string; } /** - * @author Derek Klatt + * Email template request. + * + * @author Brian Pontarelli */ -export interface PasswordValidationRules { - breachDetection?: PasswordBreachDetection; - maxLength?: number; - minLength?: number; - rememberPreviousPasswords?: RememberPreviousPasswords; - requireMixedCase?: boolean; - requireNonAlpha?: boolean; - requireNumber?: boolean; - validateOnLogin?: boolean; +export interface EmailTemplateRequest { + emailTemplate?: EmailTemplate; } /** * @author Daniel DeGroff */ -export interface SecretResponse { - secret?: string; - secretBase32Encoded?: string; +export interface IdentityProviderPendingLinkResponse { + identityProviderTenantConfiguration?: IdentityProviderTenantConfiguration; + linkCount?: number; + pendingIdPLink?: PendingIdPLink; } /** - * Twitter social login provider. - * * @author Daniel DeGroff */ -export interface TwitterIdentityProvider extends BaseIdentityProvider { - buttonText?: string; - consumerKey?: string; - consumerSecret?: string; +export interface PasswordlessSendRequest { + applicationId?: UUID; + code?: string; + loginId?: string; + state?: Record; } /** * @author Daniel DeGroff */ -export interface HYPRIdentityProvider extends BaseIdentityProvider { - relyingPartyApplicationId?: string; - relyingPartyURL?: string; +export interface TenantRegistrationConfiguration { + blockedDomains?: Array; } /** - * Models the User Password Reset Success Event. - * * @author Daniel DeGroff */ -export interface UserPasswordResetSuccessEvent extends BaseUserEvent { +export interface IdentityProviderLink { + data?: Record; + displayName?: string; + identityProviderId?: UUID; + identityProviderName?: string; + identityProviderType?: IdentityProviderType; + identityProviderUserId?: string; + insertInstant?: number; + lastLoginInstant?: number; + tenantId?: UUID; + token?: string; + userId?: UUID; } /** - * Something that can be required and thus also optional. This currently extends Enableable because anything that is - * required/optional is almost always enableable as well. + * Registration API request object. * * @author Brian Pontarelli */ -export interface Requirable extends Enableable { - required?: boolean; -} - -/** - * JWT Configuration for entities. - */ -export interface EntityJWTConfiguration extends Enableable { - accessTokenKeyId?: UUID; - timeToLiveInSeconds?: number; +export interface RegistrationResponse { + refreshToken?: string; + registration?: UserRegistration; + registrationVerificationId?: string; + registrationVerificationOneTimeCode?: string; + token?: string; + tokenExpirationInstant?: number; + user?: User; } /** - * @author Daniel DeGroff + * A role given to a user for a specific application. + * + * @author Seth Musselman */ -export interface ReloadRequest { - names?: Array; +export interface ApplicationRole { + description?: string; + id?: UUID; + insertInstant?: number; + isDefault?: boolean; + isSuperRole?: boolean; + lastUpdateInstant?: number; + name?: string; } /** - * Search request for user comments + * Google social login provider parameters. * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface UserCommentSearchRequest { - search?: UserCommentSearchCriteria; +export interface GoogleIdentityProviderProperties { + api?: string; + button?: string; } /** - * Request to complete the WebAuthn registration ceremony - * - * @author Spencer Witt + * @author Daniel DeGroff */ -export interface WebAuthnLoginRequest extends BaseLoginRequest { - credential?: WebAuthnPublicKeyAuthenticationRequest; - origin?: string; - rpId?: string; - twoFactorTrustId?: string; +export interface JWKSResponse { + keys?: Array; } /** - * domain POJO to represent AuthenticationKey + * Steam API modes. * - * @author sanjay + * @author Daniel DeGroff */ -export interface APIKey { - id?: UUID; - insertInstant?: number; - ipAccessControlListId?: UUID; - key?: string; - keyManager?: boolean; - lastUpdateInstant?: number; - metaData?: APIKeyMetaData; - permissions?: APIKeyPermissions; - tenantId?: UUID; +export enum SteamAPIMode { + Public = "Public", + Partner = "Partner" } /** - * Search criteria for webhooks. + * Lambda API response object. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export interface WebhookSearchCriteria extends BaseSearchCriteria { - description?: string; - tenantId?: UUID; - url?: string; +export interface LambdaResponse { + lambda?: Lambda; + lambdas?: Array; } /** - * Policy for handling unknown OAuth scopes in the request + * Models the JWT public key Refresh Token Revoke Event. This event might be for a single + * token, a user or an entire application. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export enum UnknownScopePolicy { - Allow = "Allow", - Remove = "Remove", - Reject = "Reject" +export interface JWTPublicKeyUpdateEvent extends BaseEvent { + applicationIds?: Array; } /** - * Models the User Password Reset Start Event. + * The Integration Request * * @author Daniel DeGroff */ -export interface UserPasswordResetStartEvent extends BaseUserEvent { +export interface IntegrationRequest { + integrations?: Integrations; } /** - * Models the Group Delete Event. - * - * @author Daniel DeGroff + * @author Brett Pontarelli */ -export interface GroupDeleteEvent extends BaseGroupEvent { -} - -export interface MultiFactorEmailTemplate { - templateId?: UUID; +export enum CaptchaMethod { + GoogleRecaptchaV2 = "GoogleRecaptchaV2", + GoogleRecaptchaV3 = "GoogleRecaptchaV3", + HCaptcha = "HCaptcha", + HCaptchaEnterprise = "HCaptchaEnterprise" } -export enum OAuthErrorReason { - auth_code_not_found = "auth_code_not_found", - access_token_malformed = "access_token_malformed", - access_token_expired = "access_token_expired", - access_token_unavailable_for_processing = "access_token_unavailable_for_processing", - access_token_failed_processing = "access_token_failed_processing", - access_token_invalid = "access_token_invalid", - access_token_required = "access_token_required", - refresh_token_not_found = "refresh_token_not_found", - refresh_token_type_not_supported = "refresh_token_type_not_supported", - invalid_client_id = "invalid_client_id", - invalid_user_credentials = "invalid_user_credentials", - invalid_grant_type = "invalid_grant_type", - invalid_origin = "invalid_origin", - invalid_origin_opaque = "invalid_origin_opaque", - invalid_pkce_code_verifier = "invalid_pkce_code_verifier", - invalid_pkce_code_challenge = "invalid_pkce_code_challenge", - invalid_pkce_code_challenge_method = "invalid_pkce_code_challenge_method", - invalid_redirect_uri = "invalid_redirect_uri", - invalid_response_mode = "invalid_response_mode", - invalid_response_type = "invalid_response_type", - invalid_id_token_hint = "invalid_id_token_hint", - invalid_post_logout_redirect_uri = "invalid_post_logout_redirect_uri", - invalid_device_code = "invalid_device_code", - invalid_user_code = "invalid_user_code", - invalid_additional_client_id = "invalid_additional_client_id", - invalid_target_entity_scope = "invalid_target_entity_scope", - invalid_entity_permission_scope = "invalid_entity_permission_scope", - invalid_user_id = "invalid_user_id", - grant_type_disabled = "grant_type_disabled", - missing_client_id = "missing_client_id", - missing_client_secret = "missing_client_secret", - missing_code = "missing_code", - missing_code_challenge = "missing_code_challenge", - missing_code_verifier = "missing_code_verifier", - missing_device_code = "missing_device_code", - missing_grant_type = "missing_grant_type", - missing_redirect_uri = "missing_redirect_uri", - missing_refresh_token = "missing_refresh_token", - missing_response_type = "missing_response_type", - missing_token = "missing_token", - missing_user_code = "missing_user_code", - missing_user_id = "missing_user_id", - missing_verification_uri = "missing_verification_uri", - login_prevented = "login_prevented", - not_licensed = "not_licensed", - user_code_expired = "user_code_expired", - user_expired = "user_expired", - user_locked = "user_locked", - user_not_found = "user_not_found", - client_authentication_missing = "client_authentication_missing", - invalid_client_authentication_scheme = "invalid_client_authentication_scheme", - invalid_client_authentication = "invalid_client_authentication", - client_id_mismatch = "client_id_mismatch", - change_password_administrative = "change_password_administrative", - change_password_breached = "change_password_breached", - change_password_expired = "change_password_expired", - change_password_validation = "change_password_validation", - unknown = "unknown", - missing_required_scope = "missing_required_scope", - unknown_scope = "unknown_scope", - consent_canceled = "consent_canceled" +/** + * Models the event types that FusionAuth produces. + * + * @author Brian Pontarelli + */ +export enum EventType { + JWTPublicKeyUpdate = "jwt.public-key.update", + JWTRefreshTokenRevoke = "jwt.refresh-token.revoke", + JWTRefresh = "jwt.refresh", + AuditLogCreate = "audit-log.create", + EventLogCreate = "event-log.create", + KickstartSuccess = "kickstart.success", + GroupCreate = "group.create", + GroupCreateComplete = "group.create.complete", + GroupDelete = "group.delete", + GroupDeleteComplete = "group.delete.complete", + GroupMemberAdd = "group.member.add", + GroupMemberAddComplete = "group.member.add.complete", + GroupMemberRemove = "group.member.remove", + GroupMemberRemoveComplete = "group.member.remove.complete", + GroupMemberUpdate = "group.member.update", + GroupMemberUpdateComplete = "group.member.update.complete", + GroupUpdate = "group.update", + GroupUpdateComplete = "group.update.complete", + UserAction = "user.action", + UserBulkCreate = "user.bulk.create", + UserCreate = "user.create", + UserCreateComplete = "user.create.complete", + UserDeactivate = "user.deactivate", + UserDelete = "user.delete", + UserDeleteComplete = "user.delete.complete", + UserEmailUpdate = "user.email.update", + UserEmailVerified = "user.email.verified", + UserIdentityProviderLink = "user.identity-provider.link", + UserIdentityProviderUnlink = "user.identity-provider.unlink", + UserLoginIdDuplicateOnCreate = "user.loginId.duplicate.create", + UserLoginIdDuplicateOnUpdate = "user.loginId.duplicate.update", + UserLoginFailed = "user.login.failed", + UserLoginNewDevice = "user.login.new-device", + UserLoginSuccess = "user.login.success", + UserLoginSuspicious = "user.login.suspicious", + UserPasswordBreach = "user.password.breach", + UserPasswordResetSend = "user.password.reset.send", + UserPasswordResetStart = "user.password.reset.start", + UserPasswordResetSuccess = "user.password.reset.success", + UserPasswordUpdate = "user.password.update", + UserReactivate = "user.reactivate", + UserRegistrationCreate = "user.registration.create", + UserRegistrationCreateComplete = "user.registration.create.complete", + UserRegistrationDelete = "user.registration.delete", + UserRegistrationDeleteComplete = "user.registration.delete.complete", + UserRegistrationUpdate = "user.registration.update", + UserRegistrationUpdateComplete = "user.registration.update.complete", + UserRegistrationVerified = "user.registration.verified", + UserTwoFactorMethodAdd = "user.two-factor.method.add", + UserTwoFactorMethodRemove = "user.two-factor.method.remove", + UserUpdate = "user.update", + UserUpdateComplete = "user.update.complete", + Test = "test" } /** - * @author Brett Pontarelli + * @author Daniel DeGroff */ -export interface TenantSSOConfiguration { - deviceTrustTimeToLiveInSeconds?: number; +export interface PasswordlessStartResponse { + code?: string; } /** - * Supply information on credential type and algorithm to the authenticator. + * Policy for handling unknown OAuth scopes in the request * * @author Spencer Witt */ -export interface PublicKeyCredentialParameters { - alg?: CoseAlgorithmIdentifier; - type?: PublicKeyCredentialType; +export enum UnknownScopePolicy { + Allow = "Allow", + Remove = "Remove", + Reject = "Reject" } /** - * API response for consent. - * * @author Daniel DeGroff */ -export interface ConsentResponse { - consent?: Consent; - consents?: Array; +export interface AppleApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { + bundleId?: string; + buttonText?: string; + keyId?: UUID; + scope?: string; + servicesId?: string; + teamId?: string; } /** - * Models the Group Member Remove Event. + * Audit log response. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface GroupMemberRemoveEvent extends BaseGroupEvent { - members?: Array; +export interface AuditLogResponse { + auditLog?: AuditLog; } /** - * @author Daniel DeGroff + * domain POJO to represent AuthenticationKey + * + * @author sanjay */ -export interface IdentityProviderPendingLinkResponse { - identityProviderTenantConfiguration?: IdentityProviderTenantConfiguration; - linkCount?: number; - pendingIdPLink?: PendingIdPLink; +export interface APIKey { + id?: UUID; + insertInstant?: number; + ipAccessControlListId?: UUID; + key?: string; + keyManager?: boolean; + lastUpdateInstant?: number; + metaData?: APIKeyMetaData; + permissions?: APIKeyPermissions; + tenantId?: UUID; +} + +export interface APIKeyMetaData { + attributes?: Record; +} + +export interface APIKeyPermissions { + endpoints?: Record>; } /** - * Change password response object. + * The application's relationship to the authorization server. First-party applications will be granted implicit permission for requested scopes. + * Third-party applications will use the {@link OAuthScopeConsentMode} policy. * - * @author Daniel DeGroff + * @author Spencer Witt */ -export interface ChangePasswordResponse { - oneTimePassword?: string; - state?: Record; +export enum OAuthApplicationRelationship { + FirstParty = "FirstParty", + ThirdParty = "ThirdParty" } /** - * The user action response object. - * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface ActionResponse { - action?: UserActionLog; - actions?: Array; +export interface IdentityProviderOauth2Configuration { + authorization_endpoint?: string; + client_id?: string; + client_secret?: string; + clientAuthenticationMethod?: ClientAuthenticationMethod; + emailClaim?: string; + emailVerifiedClaim?: string; + issuer?: string; + scope?: string; + token_endpoint?: string; + uniqueIdClaim?: string; + userinfo_endpoint?: string; + usernameClaim?: string; } -export interface Totals { - logins?: number; - registrations?: number; - totalRegistrations?: number; +export enum ClientAuthenticationMethod { + none = "none", + client_secret_basic = "client_secret_basic", + client_secret_post = "client_secret_post" } /** - * Config for regular SAML IDP configurations that support IdP initiated requests - * - * @author Lyle Schemmerling + * @author Daniel DeGroff */ -export interface SAMLv2IdpInitiatedConfiguration extends Enableable { - issuer?: string; +export interface LinkedInIdentityProvider extends BaseIdentityProvider { + buttonText?: string; + client_id?: string; + client_secret?: string; + scope?: string; } /** - * Request for the system configuration API. - * * @author Brian Pontarelli */ -export interface SystemConfigurationRequest { - systemConfiguration?: SystemConfiguration; +export interface LoginResponse { + actions?: Array; + changePasswordId?: string; + changePasswordReason?: ChangePasswordReason; + configurableMethods?: Array; + emailVerificationId?: string; + methods?: Array; + pendingIdPLinkId?: string; + refreshToken?: string; + refreshTokenId?: UUID; + registrationVerificationId?: string; + state?: Record; + threatsDetected?: Array; + token?: string; + tokenExpirationInstant?: number; + trustToken?: string; + twoFactorId?: string; + twoFactorTrustId?: string; + user?: User; } /** - * User Action API request object. + * Models a consent. * - * @author Brian Pontarelli + * @author Daniel DeGroff */ -export interface UserActionRequest { - userAction?: UserAction; +export interface Consent { + consentEmailTemplateId?: UUID; + countryMinimumAgeForSelfConsent?: LocalizedIntegers; + data?: Record; + defaultMinimumAgeForSelfConsent?: number; + emailPlus?: EmailPlus; + id?: UUID; + insertInstant?: number; + lastUpdateInstant?: number; + multipleValuesAllowed?: boolean; + name?: string; + values?: Array; } -export enum ClientAuthenticationMethod { - none = "none", - client_secret_basic = "client_secret_basic", - client_secret_post = "client_secret_post" +export interface EmailPlus extends Enableable { + emailTemplateId?: UUID; + maximumTimeToSendEmailInHours?: number; + minimumTimeToSendEmailInHours?: number; } /** - * @author Brett Guy + * Base class for all {@link Group} and {@link GroupMember} events. + * + * @author Spencer Witt */ -export interface IPAccessControlListResponse { - ipAccessControlList?: IPAccessControlList; - ipAccessControlLists?: Array; +export interface BaseGroupEvent extends BaseEvent { + group?: Group; } /** - * Request for managing FusionAuth Reactor and licenses. + * Models a specific entity type permission. This permission can be granted to users or other entities. * * @author Brian Pontarelli */ -export interface ReactorRequest { - license?: string; - licenseId?: string; +export interface EntityTypePermission { + data?: Record; + description?: string; + id?: UUID; + insertInstant?: number; + isDefault?: boolean; + lastUpdateInstant?: number; + name?: string; } /** - * Controls the policy for requesting user permission to grant access to requested scopes during an OAuth workflow - * for a third-party application. + * This class is the user query. It provides a build pattern as well as public fields for use on forms and in actions. * - * @author Spencer Witt + * @author Brian Pontarelli */ -export enum OAuthScopeConsentMode { - AlwaysPrompt = "AlwaysPrompt", - RememberDecision = "RememberDecision", - NeverPrompt = "NeverPrompt" +export interface UserSearchCriteria extends BaseElasticSearchCriteria { } /** - * @author Michael Sleevi + * User comment search response + * + * @author Spencer Witt */ -export interface MessageTemplateResponse { - messageTemplate?: MessageTemplate; - messageTemplates?: Array; +export interface UserCommentSearchResponse { + total?: number; + userComments?: Array; } /** - * @author Brett Pontarelli + * @author Daniel DeGroff */ -export enum IdentityProviderLoginMethod { - UsePopup = "UsePopup", - UseRedirect = "UseRedirect", - UseVendorJavaScript = "UseVendorJavaScript" +export interface IdentityProviderRequest { + identityProvider?: BaseIdentityProvider; } /** - * @author Brett Guy + * Search criteria for Identity Providers. + * + * @author Spencer Witt */ -export interface MessengerRequest { - messenger?: BaseMessengerConfiguration; +export interface IdentityProviderSearchCriteria extends BaseSearchCriteria { + applicationId?: UUID; + name?: string; + type?: IdentityProviderType; } /** - * Request for the Tenant API to delete a tenant rather than using the URL parameters. + * Standard error domain object that can also be used as the response from an API call. * * @author Brian Pontarelli */ -export interface TenantDeleteRequest extends BaseEventRequest { - async?: boolean; +export interface Errors { + fieldErrors?: Record>; + generalErrors?: Array; } /** - * An Event "event" to indicate an event log was created. + * Defines an error. * - * @author Daniel DeGroff + * @author Brian Pontarelli */ -export interface EventLogCreateEvent extends BaseEvent { - eventLog?: EventLog; +export interface Error { + code?: string; + data?: Record; + message?: string; } /** - * The possible result states of a webhook event. This tracks the success of the overall webhook transaction according to the {@link TransactionType} - * and configured webhooks. + * Available JSON Web Algorithms (JWA) as described in RFC 7518 available for this JWT implementation. * - * @author Spencer Witt - */ -export enum WebhookEventResult { - Failed = "Failed", - Running = "Running", - Succeeded = "Succeeded" -} - -export interface UniqueUsernameConfiguration extends Enableable { - numberOfDigits?: number; - separator?: string; - strategy?: UniqueUsernameStrategy; -} - -/** * @author Daniel DeGroff */ -export interface SAMLv2IdPInitiatedApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration { +export enum Algorithm { + ES256 = "ES256", + ES384 = "ES384", + ES512 = "ES512", + HS256 = "HS256", + HS384 = "HS384", + HS512 = "HS512", + PS256 = "PS256", + PS384 = "PS384", + PS512 = "PS512", + RS256 = "RS256", + RS384 = "RS384", + RS512 = "RS512", + none = "none" } /** - * Event log response. + * JSON Web Token (JWT) as defined by RFC 7519. + * 

+ * From RFC 7519 Section 1. Introduction:
+ *    The suggested pronunciation of JWT is the same as the English word "jot".
+ *
+ * The JWT is not Thread-Safe and should not be re-used. * * @author Daniel DeGroff */ -export interface EventLogResponse { - eventLog?: EventLog; +export interface JWT { + aud?: any; + exp?: number; + iat?: number; + iss?: string; + jti?: string; + nbf?: number; + [otherClaims: string]: any; // Any other fields + sub?: string; } /** + * A JSON Web Key as defined by RFC 7517 JSON Web Key (JWK) + * Section 4 and RFC 7518 JSON Web Algorithms (JWA). + * * @author Daniel DeGroff */ -export interface TenantRegistrationConfiguration { - blockedDomains?: Array; +export interface JSONWebKey { + alg?: Algorithm; + crv?: string; + d?: string; + dp?: string; + dq?: string; + e?: string; + kid?: string; + kty?: KeyType; + n?: string; + [other: string]: any; // Any other fields + p?: string; + q?: string; + qi?: string; + use?: string; + x?: string; + x5c?: Array; + x5t?: string; + x5t_S256?: string; + y?: string; }