diff --git a/build.savant b/build.savant
index 5ecb81c..9dccde2 100644
--- a/build.savant
+++ b/build.savant
@@ -14,7 +14,7 @@
* language governing permissions and limitations under the License.
*/
-project(group: "io.fusionauth", name: "fusionauth-typescript-client", version: "1.54.0", licenses: ["ApacheV2_0"]) {
+project(group: "io.fusionauth", name: "fusionauth-typescript-client", version: "1.55.0", licenses: ["ApacheV2_0"]) {
workflow {
fetch {
cache()
diff --git a/package-lock.json b/package-lock.json
index 3e79744..534df81 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
{
"name": "@fusionauth/typescript-client",
- "version": "1.54.0",
+ "version": "1.55.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
diff --git a/package.json b/package.json
index 2384d9b..41d262c 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "@fusionauth/typescript-client",
- "version": "1.54.0",
+ "version": "1.55.0",
"description": "A typescript implementation of the FusionAuth client.",
"main": "build/index.js",
"types": "build/index.d.ts",
diff --git a/src/FusionAuthClient.ts b/src/FusionAuthClient.ts
index 7079248..3b1c5cb 100644
--- a/src/FusionAuthClient.ts
+++ b/src/FusionAuthClient.ts
@@ -5489,1853 +5489,2027 @@ export type UUID = string;
/**
- * Authorization Grant types as defined by the The OAuth 2.0 Authorization
- * Framework - RFC 6749.
- *
- * Specific names as defined by
- * OAuth 2.0 Dynamic Client Registration Protocol - RFC 7591 Section 4.1
+ * Facebook social login provider.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export enum GrantType {
- authorization_code = "authorization_code",
- implicit = "implicit",
- password = "password",
- client_credentials = "client_credentials",
- refresh_token = "refresh_token",
- unknown = "unknown",
- device_code = "urn:ietf:params:oauth:grant-type:device_code"
+export interface FacebookIdentityProvider extends BaseIdentityProvider {
+ appId?: string;
+ buttonText?: string;
+ client_secret?: string;
+ fields?: string;
+ loginMethod?: IdentityProviderLoginMethod;
+ permissions?: string;
+}
+
+export interface UniqueUsernameConfiguration extends Enableable {
+ numberOfDigits?: number;
+ separator?: string;
+ strategy?: UniqueUsernameStrategy;
}
/**
- * Identity Provider response.
+ * Models a set of localized Integers that can be stored as JSON.
*
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export interface IdentityProviderSearchResponse {
- identityProviders?: Array>;
- total?: number;
+export interface LocalizedIntegers extends Record {
+}
+
+export enum XMLSignatureLocation {
+ Assertion = "Assertion",
+ Response = "Response"
}
/**
- * Used to indicate what type of attestation was included in the authenticator response for a given WebAuthn credential at the time it was created
+ * @author Brett Pontarelli
+ */
+export interface EpicGamesApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
+ buttonText?: string;
+ client_id?: string;
+ client_secret?: string;
+ scope?: string;
+}
+
+/**
+ * API request for sending out family requests to parent's.
*
- * @author Spencer Witt
+ * @author Brian Pontarelli
*/
-export enum AttestationType {
- basic = "basic",
- self = "self",
- attestationCa = "attestationCa",
- anonymizationCa = "anonymizationCa",
- none = "none"
+export interface FamilyEmailRequest {
+ parentEmail?: string;
}
/**
- * @author Daniel DeGroff
+ * Login API request object.
+ *
+ * @author Seth Musselman
*/
-export interface BaseExportRequest {
- dateTimeSecondsFormat?: string;
- zoneId?: string;
+export interface LoginRequest extends BaseLoginRequest {
+ loginId?: string;
+ oneTimePassword?: string;
+ password?: string;
+ twoFactorTrustId?: string;
}
/**
- * Models the User Created Registration Event.
- *
- * This is different than the user.registration.create event in that it will be sent after the user has been created. This event cannot be made
- * transactional.
+ * Models a JWT Refresh Token.
*
* @author Daniel DeGroff
*/
-export interface UserRegistrationCreateCompleteEvent extends BaseUserEvent {
+export interface RefreshToken {
applicationId?: UUID;
- registration?: UserRegistration;
+ data?: Record;
+ id?: UUID;
+ insertInstant?: number;
+ metaData?: MetaData;
+ startInstant?: number;
+ tenantId?: UUID;
+ token?: string;
+ userId?: UUID;
}
/**
- * The user action response object.
+ * Forgot password request object.
*
* @author Brian Pontarelli
*/
-export interface ActionResponse {
- action?: UserActionLog;
- actions?: Array;
+export interface ForgotPasswordRequest extends BaseEventRequest {
+ applicationId?: UUID;
+ changePasswordId?: string;
+ email?: string;
+ loginId?: string;
+ sendForgotPasswordEmail?: boolean;
+ state?: Record;
+ username?: string;
}
/**
- * @author Michael Sleevi
+ * @author Daniel DeGroff
*/
-export interface SMSMessage {
- phoneNumber?: string;
- textMessage?: string;
+export interface LinkedInApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
+ buttonText?: string;
+ client_id?: string;
+ client_secret?: string;
+ scope?: string;
}
/**
+ * Search request for Groups.
+ *
* @author Daniel DeGroff
*/
-export interface MessengerTransport {
+export interface GroupSearchRequest {
+ search?: GroupSearchCriteria;
+}
+
+export enum KeyAlgorithm {
+ ES256 = "ES256",
+ ES384 = "ES384",
+ ES512 = "ES512",
+ HS256 = "HS256",
+ HS384 = "HS384",
+ HS512 = "HS512",
+ RS256 = "RS256",
+ RS384 = "RS384",
+ RS512 = "RS512"
}
/**
- * User registration information for a single application.
- *
- * @author Brian Pontarelli
+ * @author Seth Musselman
*/
-export interface UserRegistration {
- applicationId?: UUID;
- authenticationToken?: string;
- cleanSpeakId?: UUID;
+export interface Application {
+ accessControlConfiguration?: ApplicationAccessControlConfiguration;
+ active?: boolean;
+ authenticationTokenConfiguration?: AuthenticationTokenConfiguration;
+ cleanSpeakConfiguration?: CleanSpeakConfiguration;
data?: Record;
+ emailConfiguration?: ApplicationEmailConfiguration;
+ externalIdentifierConfiguration?: ApplicationExternalIdentifierConfiguration;
+ formConfiguration?: ApplicationFormConfiguration;
id?: UUID;
insertInstant?: number;
- lastLoginInstant?: number;
+ jwtConfiguration?: JWTConfiguration;
+ lambdaConfiguration?: LambdaConfiguration;
lastUpdateInstant?: number;
- preferredLanguages?: Array;
- roles?: Array;
- timezone?: string;
- tokens?: Record;
- username?: string;
- usernameStatus?: ContentStatus;
- verified?: boolean;
- verifiedInstant?: number;
+ loginConfiguration?: LoginConfiguration;
+ multiFactorConfiguration?: ApplicationMultiFactorConfiguration;
+ name?: string;
+ oauthConfiguration?: OAuth2Configuration;
+ passwordlessConfiguration?: PasswordlessConfiguration;
+ registrationConfiguration?: RegistrationConfiguration;
+ registrationDeletePolicy?: ApplicationRegistrationDeletePolicy;
+ roles?: Array;
+ samlv2Configuration?: SAMLv2Configuration;
+ scopes?: Array;
+ state?: ObjectState;
+ tenantId?: UUID;
+ themeId?: UUID;
+ unverified?: RegistrationUnverifiedOptions;
+ verificationEmailTemplateId?: UUID;
+ verificationStrategy?: VerificationStrategy;
+ verifyRegistration?: boolean;
+ webAuthnConfiguration?: ApplicationWebAuthnConfiguration;
}
/**
- * Base class for requests that can contain event information. This event information is used when sending Webhooks or emails
- * during the transaction. The caller is responsible for ensuring that the event information is correct.
+ * Form response.
*
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface BaseEventRequest {
- eventInfo?: EventInfo;
+export interface FormRequest {
+ form?: Form;
}
/**
- * A webhook call attempt log.
+ * The user action request object.
*
- * @author Spencer Witt
- */
-export interface WebhookAttemptLog {
- attemptResult?: WebhookAttemptResult;
- data?: Record;
- endInstant?: number;
- id?: UUID;
- startInstant?: number;
- webhookCallResponse?: WebhookCallResponse;
- webhookEventLogId?: UUID;
- webhookId?: UUID;
-}
-
-/**
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface JWTVendRequest {
- claims?: Record;
- keyId?: UUID;
- timeToLiveInSeconds?: number;
+export interface ActionRequest extends BaseEventRequest {
+ action?: ActionData;
+ broadcast?: boolean;
}
/**
- * Event log used internally by FusionAuth to help developers debug hooks, Webhooks, email templates, etc.
+ * Entity grant API response object.
*
* @author Brian Pontarelli
*/
-export interface EventLog {
- id?: number;
- insertInstant?: number;
- message?: string;
- type?: EventLogType;
+export interface EntityGrantResponse {
+ grant?: EntityGrant;
+ grants?: Array;
}
/**
+ * Models an event where a user's email is updated outside of a forgot / change password workflow.
+ *
* @author Daniel DeGroff
*/
-export interface LookupResponse {
- identityProvider?: IdentityProviderDetails;
-}
-
-export interface IdentityProviderDetails {
- applicationIds?: Array;
- id?: UUID;
- idpEndpoint?: string;
- name?: string;
- oauth2?: IdentityProviderOauth2Configuration;
- type?: IdentityProviderType;
+export interface UserEmailUpdateEvent extends BaseUserEvent {
+ previousEmail?: string;
}
/**
* @author Daniel DeGroff
*/
-export interface IntrospectResponse extends Record {
+export interface HYPRApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
+ relyingPartyApplicationId?: string;
+ relyingPartyURL?: string;
}
/**
- * Models the Group Member Update Event.
+ * A log for an event that happened to a User.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface GroupMemberUpdateEvent extends BaseGroupEvent {
- members?: Array;
+export interface UserComment {
+ comment?: string;
+ commenterId?: UUID;
+ id?: UUID;
+ insertInstant?: number;
+ userId?: UUID;
}
/**
- * Search request for webhooks
+ * WebAuthn Credential API response
*
* @author Spencer Witt
*/
-export interface WebhookSearchRequest {
- search?: WebhookSearchCriteria;
+export interface WebAuthnCredentialResponse {
+ credential?: WebAuthnCredential;
+ credentials?: Array;
}
/**
- * Change password response object.
+ * Models the Refresh Token Revoke Event. This event might be for a single token, a user
+ * or an entire application.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface ChangePasswordResponse {
- oneTimePassword?: string;
- state?: Record;
+export interface JWTRefreshTokenRevokeEvent extends BaseEvent {
+ applicationId?: UUID;
+ applicationTimeToLiveInSeconds?: Record;
+ refreshToken?: RefreshToken;
+ user?: User;
+ userId?: UUID;
}
/**
- * A server where events are sent. This includes user action events and any other events sent by FusionAuth.
+ * The use type of a key.
*
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface Webhook {
- connectTimeout?: number;
- data?: Record;
- description?: string;
- eventsEnabled?: Record;
- global?: boolean;
- headers?: HTTPHeaders;
- httpAuthenticationPassword?: string;
- httpAuthenticationUsername?: string;
- id?: UUID;
- insertInstant?: number;
- lastUpdateInstant?: number;
- readTimeout?: number;
- signatureConfiguration?: WebhookSignatureConfiguration;
- sslCertificate?: string;
- sslCertificateKeyId?: UUID;
- tenantIds?: Array;
- url?: string;
+export enum KeyUse {
+ SignOnly = "SignOnly",
+ SignAndVerify = "SignAndVerify",
+ VerifyOnly = "VerifyOnly"
}
/**
- * Available Integrations
- *
* @author Daniel DeGroff
*/
-export interface Integrations {
- cleanspeak?: CleanSpeakConfiguration;
- kafka?: KafkaConfiguration;
+export interface TwoFactorResponse {
+ code?: string;
+ recoveryCodes?: Array;
}
/**
- * Search criteria for the event log.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface EventLogSearchCriteria extends BaseSearchCriteria {
+export interface LoginRecordSearchCriteria extends BaseSearchCriteria {
+ applicationId?: UUID;
end?: number;
- message?: string;
start?: number;
- type?: EventLogType;
+ userId?: UUID;
}
/**
+ * Something that can be required and thus also optional. This currently extends Enableable because anything that is
+ * required/optional is almost always enableable as well.
+ *
* @author Brian Pontarelli
*/
-export interface EmailConfiguration {
- additionalHeaders?: Array;
- debug?: boolean;
- defaultFromEmail?: string;
- defaultFromName?: string;
- emailUpdateEmailTemplateId?: UUID;
- emailVerifiedEmailTemplateId?: UUID;
- forgotPasswordEmailTemplateId?: UUID;
- host?: string;
- implicitEmailVerificationAllowed?: boolean;
- loginIdInUseOnCreateEmailTemplateId?: UUID;
- loginIdInUseOnUpdateEmailTemplateId?: UUID;
- loginNewDeviceEmailTemplateId?: UUID;
- loginSuspiciousEmailTemplateId?: UUID;
- password?: string;
- passwordlessEmailTemplateId?: UUID;
- passwordResetSuccessEmailTemplateId?: UUID;
- passwordUpdateEmailTemplateId?: UUID;
- port?: number;
- properties?: string;
- security?: EmailSecurityType;
- setPasswordEmailTemplateId?: UUID;
- twoFactorMethodAddEmailTemplateId?: UUID;
- twoFactorMethodRemoveEmailTemplateId?: UUID;
- unverified?: EmailUnverifiedOptions;
- username?: string;
- verificationEmailTemplateId?: UUID;
- verificationStrategy?: VerificationStrategy;
- verifyEmail?: boolean;
- verifyEmailWhenChanged?: boolean;
-}
-
-export enum EmailSecurityType {
- NONE = "NONE",
- SSL = "SSL",
- TLS = "TLS"
+export interface Requirable extends Enableable {
+ required?: boolean;
}
/**
- * @author Brett Pontarelli
+ * Group Member Request
+ *
+ * @author Daniel DeGroff
*/
-export interface TwitchApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- scope?: string;
+export interface MemberRequest {
+ members?: Record>;
}
/**
- * @author Brett Pontarelli
+ * Search criteria for Groups
+ *
+ * @author Daniel DeGroff
*/
-export interface XboxApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- scope?: string;
+export interface GroupSearchCriteria extends BaseSearchCriteria {
+ name?: string;
+ tenantId?: UUID;
}
/**
- * Models a generic connector.
- *
- * @author Trevor Smith
+ * @author Daniel DeGroff
*/
-export interface GenericConnectorConfiguration extends BaseConnectorConfiguration {
- authenticationURL?: string;
- connectTimeout?: number;
- headers?: HTTPHeaders;
- httpAuthenticationPassword?: string;
- httpAuthenticationUsername?: string;
- readTimeout?: number;
- sslCertificateKeyId?: UUID;
+export interface PasswordlessLoginRequest extends BaseLoginRequest {
+ code?: string;
+ twoFactorTrustId?: string;
}
/**
- * An Event "event" to indicate an event log was created.
+ * A number identifying a cryptographic algorithm. Values should be registered with the IANA COSE Algorithms registry
*
- * @author Daniel DeGroff
+ * @author Spencer Witt
*/
-export interface EventLogCreateEvent extends BaseEvent {
- eventLog?: EventLog;
+export enum CoseAlgorithmIdentifier {
+ ES256 = "SHA256withECDSA",
+ ES384 = "SHA384withECDSA",
+ ES512 = "SHA512withECDSA",
+ RS256 = "SHA256withRSA",
+ RS384 = "SHA384withRSA",
+ RS512 = "SHA512withRSA",
+ PS256 = "SHA-256",
+ PS384 = "SHA-384",
+ PS512 = "SHA-512"
}
/**
+ * Information about a user event (login, register, etc) that helps identify the source of the event (location, device type, OS, etc).
+ *
* @author Brian Pontarelli
*/
-export interface SystemConfiguration {
- auditLogConfiguration?: AuditLogConfiguration;
- corsConfiguration?: CORSConfiguration;
+export interface EventInfo {
data?: Record;
- eventLogConfiguration?: EventLogConfiguration;
- insertInstant?: number;
- lastUpdateInstant?: number;
- loginRecordConfiguration?: LoginRecordConfiguration;
- reportTimezone?: string;
- trustedProxyConfiguration?: SystemTrustedProxyConfiguration;
- uiConfiguration?: UIConfiguration;
- webhookEventLogConfiguration?: WebhookEventLogConfiguration;
-}
-
-export interface AuditLogConfiguration {
- delete?: DeleteConfiguration;
+ deviceDescription?: string;
+ deviceName?: string;
+ deviceType?: string;
+ ipAddress?: string;
+ location?: Location;
+ os?: string;
+ userAgent?: string;
}
-export interface DeleteConfiguration extends Enableable {
- numberOfDaysToRetain?: number;
+/**
+ * Theme API request object.
+ *
+ * @author Trevor Smith
+ */
+export interface ThemeRequest {
+ sourceThemeId?: UUID;
+ theme?: Theme;
}
-export interface EventLogConfiguration {
- numberToRetain?: number;
+/**
+ * @author Brian Pontarelli
+ */
+export interface EventLogSearchRequest {
+ search?: EventLogSearchCriteria;
}
-export interface LoginRecordConfiguration {
- delete?: DeleteConfiguration;
+/**
+ * Supply additional information about the Relying Party when creating a new credential
+ *
+ * @author Spencer Witt
+ */
+export interface PublicKeyCredentialRelyingPartyEntity extends PublicKeyCredentialEntity {
+ id?: string;
}
-export interface UIConfiguration {
- headerColor?: string;
- logoURL?: string;
- menuFontColor?: string;
+/**
+ * Entity grant API request object.
+ *
+ * @author Brian Pontarelli
+ */
+export interface EntityGrantRequest {
+ grant?: EntityGrant;
}
/**
* @author Daniel DeGroff
*/
-export interface TenantUsernameConfiguration {
- unique?: UniqueUsernameConfiguration;
+export interface PasswordBreachDetection extends Enableable {
+ matchMode?: BreachMatchMode;
+ notifyUserEmailTemplateId?: UUID;
+ onLogin?: BreachAction;
}
-export enum UniqueUsernameStrategy {
- Always = "Always",
- OnCollision = "OnCollision"
+/**
+ * The system configuration for Webhook Event Log data.
+ *
+ * @author Spencer Witt
+ */
+export interface WebhookEventLogConfiguration {
+ delete?: DeleteConfiguration;
}
-export interface UniqueUsernameConfiguration extends Enableable {
- numberOfDigits?: number;
- separator?: string;
- strategy?: UniqueUsernameStrategy;
+/**
+ * Models a set of localized Strings that can be stored as JSON.
+ *
+ * @author Brian Pontarelli
+ */
+export interface LocalizedStrings extends Record {
}
/**
- * Consent search response
+ * Model a user event when a two-factor method has been added.
*
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export interface ConsentSearchResponse {
- consents?: Array;
- total?: number;
+export interface UserTwoFactorMethodRemoveEvent extends BaseUserEvent {
+ method?: TwoFactorMethod;
}
/**
- *
+ * Available JSON Web Algorithms (JWA) as described in RFC 7518 available for this JWT implementation.
*
* @author Daniel DeGroff
*/
-export enum TokenType {
- Bearer = "Bearer",
- MAC = "MAC"
+export enum Algorithm {
+ ES256 = "ES256",
+ ES384 = "ES384",
+ ES512 = "ES512",
+ HS256 = "HS256",
+ HS384 = "HS384",
+ HS512 = "HS512",
+ PS256 = "PS256",
+ PS384 = "PS384",
+ PS512 = "PS512",
+ RS256 = "RS256",
+ RS384 = "RS384",
+ RS512 = "RS512",
+ none = "none"
}
-/**
- * A grant for an entity to a user or another entity.
- *
- * @author Brian Pontarelli
- */
-export interface EntityGrant {
+// Do not require a setter for 'type', it is defined by the concrete class and is not mutable
+export interface BaseConnectorConfiguration {
data?: Record;
- entity?: Entity;
+ debug?: boolean;
id?: UUID;
insertInstant?: number;
lastUpdateInstant?: number;
- permissions?: Array;
- recipientEntityId?: UUID;
- userId?: UUID;
+ name?: string;
+ type?: ConnectorType;
}
/**
- * Search criteria for user comments.
+ * Search request for entity grants.
*
- * @author Spencer Witt
+ * @author Brian Pontarelli
*/
-export interface UserCommentSearchCriteria extends BaseSearchCriteria {
- comment?: string;
- commenterId?: UUID;
- tenantId?: UUID;
- userId?: UUID;
+export interface EntityGrantSearchResponse {
+ grants?: Array;
+ total?: number;
}
/**
- * @author Derek Klatt
+ * @author Brett Guy
*/
-export interface PasswordValidationRules {
- breachDetection?: PasswordBreachDetection;
- maxLength?: number;
- minLength?: number;
- rememberPreviousPasswords?: RememberPreviousPasswords;
- requireMixedCase?: boolean;
- requireNonAlpha?: boolean;
- requireNumber?: boolean;
- validateOnLogin?: boolean;
+export interface IPAccessControlEntry {
+ action?: IPAccessControlEntryAction;
+ endIPAddress?: string;
+ startIPAddress?: string;
}
/**
- * Models the User Email Verify Event.
+ * Search request for webhooks
*
- * @author Trevor Smith
+ * @author Spencer Witt
*/
-export interface UserEmailVerifiedEvent extends BaseUserEvent {
+export interface WebhookSearchRequest {
+ search?: WebhookSearchCriteria;
+}
+
+export interface SAMLv2SingleLogout extends Enableable {
+ keyId?: UUID;
+ url?: string;
+ xmlSignatureC14nMethod?: CanonicalizationMethod;
}
/**
- * API response for User consent.
+ * A JSON Web Key as defined by RFC 7517 JSON Web Key (JWK)
+ * Section 4 and RFC 7518 JSON Web Algorithms (JWA).
*
* @author Daniel DeGroff
*/
-export interface UserConsentResponse {
- userConsent?: UserConsent;
- userConsents?: Array;
+export interface JSONWebKey {
+ alg?: Algorithm;
+ crv?: string;
+ d?: string;
+ dp?: string;
+ dq?: string;
+ e?: string;
+ kid?: string;
+ kty?: KeyType;
+ n?: string;
+ [other: string]: any; // Any other fields
+ p?: string;
+ q?: string;
+ qi?: string;
+ use?: string;
+ x?: string;
+ x5c?: Array;
+ x5t?: string;
+ x5t_S256?: string;
+ y?: string;
}
/**
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface PreviewRequest {
- emailTemplate?: EmailTemplate;
- locale?: string;
+export interface AccessToken {
+ access_token?: string;
+ expires_in?: number;
+ id_token?: string;
+ refresh_token?: string;
+ refresh_token_id?: UUID;
+ scope?: string;
+ token_type?: TokenType;
+ userId?: UUID;
}
/**
- * @author Mikey Sleevi
+ * @author Brett Guy
*/
-export interface TenantMultiFactorConfiguration {
- authenticator?: MultiFactorAuthenticatorMethod;
- email?: MultiFactorEmailMethod;
- loginPolicy?: MultiFactorLoginPolicy;
- sms?: MultiFactorSMSMethod;
-}
-
-export interface MultiFactorAuthenticatorMethod extends Enableable {
- algorithm?: TOTPAlgorithm;
- codeLength?: number;
- timeStep?: number;
-}
-
-export interface MultiFactorEmailMethod extends Enableable {
- templateId?: UUID;
+export interface IPAccessControlListResponse {
+ ipAccessControlList?: IPAccessControlList;
+ ipAccessControlLists?: Array;
}
-export interface MultiFactorSMSMethod extends Enableable {
- messengerId?: UUID;
- templateId?: UUID;
+/**
+ * Group Member Delete Request
+ *
+ * @author Daniel DeGroff
+ */
+export interface MemberDeleteRequest {
+ memberIds?: Array;
+ members?: Record>;
}
/**
- * Entity grant API response object.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface EntityGrantResponse {
- grant?: EntityGrant;
- grants?: Array;
+export interface FormFieldValidator extends Enableable {
+ expression?: string;
}
/**
- * API request to start a WebAuthn authentication ceremony
+ * Webhook event log search request.
*
* @author Spencer Witt
*/
-export interface WebAuthnStartRequest {
- applicationId?: UUID;
- credentialId?: UUID;
- loginId?: string;
- state?: Record;
- userId?: UUID;
- workflow?: WebAuthnWorkflow;
+export interface WebhookEventLogSearchRequest {
+ search?: WebhookEventLogSearchCriteria;
}
/**
- * API response for consent.
+ * Available Integrations
*
* @author Daniel DeGroff
*/
-export interface ConsentResponse {
- consent?: Consent;
- consents?: Array;
+export interface Integrations {
+ cleanspeak?: CleanSpeakConfiguration;
+ kafka?: KafkaConfiguration;
}
/**
- * A User's membership into a Group
- *
* @author Daniel DeGroff
*/
-export interface GroupMember {
- data?: Record;
- groupId?: UUID;
- id?: UUID;
- insertInstant?: number;
- user?: User;
- userId?: UUID;
+export interface IdentityProviderOauth2Configuration {
+ authorization_endpoint?: string;
+ client_id?: string;
+ client_secret?: string;
+ clientAuthenticationMethod?: ClientAuthenticationMethod;
+ emailClaim?: string;
+ emailVerifiedClaim?: string;
+ issuer?: string;
+ scope?: string;
+ token_endpoint?: string;
+ uniqueIdClaim?: string;
+ userinfo_endpoint?: string;
+ usernameClaim?: string;
}
/**
- * Models an entity that a user can be granted permissions to. Or an entity that can be granted permissions to another entity.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface Entity {
- clientId?: string;
- clientSecret?: string;
- data?: Record;
- id?: UUID;
- insertInstant?: number;
- lastUpdateInstant?: number;
- name?: string;
- parentId?: UUID;
+export interface DeviceApprovalResponse {
+ deviceGrantStatus?: string;
+ deviceInfo?: DeviceInfo;
+ identityProviderLink?: IdentityProviderLink;
tenantId?: UUID;
- type?: EntityType;
+ userId?: UUID;
}
/**
+ * Models the User Login Success Event.
+ *
* @author Daniel DeGroff
*/
-export interface ReactorResponse {
- status?: ReactorStatus;
+export interface UserLoginSuccessEvent extends BaseUserEvent {
+ applicationId?: UUID;
+ authenticationType?: string;
+ connectorId?: UUID;
+ identityProviderId?: UUID;
+ identityProviderName?: string;
+ ipAddress?: string;
}
/**
- * Login API request object.
+ * Lambda API response object.
*
- * @author Seth Musselman
+ * @author Brian Pontarelli
*/
-export interface LoginRequest extends BaseLoginRequest {
- loginId?: string;
- oneTimePassword?: string;
- password?: string;
- twoFactorTrustId?: string;
+export interface LambdaResponse {
+ lambda?: Lambda;
+ lambdas?: Array;
}
/**
- * Models the User Identity Provider Unlink Event.
- *
- * @author Rob Davis
+ * @author Trevor Smith
*/
-export interface UserIdentityProviderUnlinkEvent extends BaseUserEvent {
- identityProviderLink?: IdentityProviderLink;
+export enum ChangePasswordReason {
+ Administrative = "Administrative",
+ Breached = "Breached",
+ Expired = "Expired",
+ Validation = "Validation"
}
/**
- * WebAuthn Credential API response
- *
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export interface WebAuthnCredentialResponse {
- credential?: WebAuthnCredential;
- credentials?: Array;
+export interface UserinfoResponse extends Record {
}
/**
- * Contains the output for the {@code credProps} extension
- *
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export interface CredentialPropertiesOutput {
- rk?: boolean;
+export interface JWTVendResponse {
+ token?: string;
}
/**
- * IdP Initiated login configuration
+ * Twitter social login provider.
*
* @author Daniel DeGroff
*/
-export interface SAMLv2IdPInitiatedLoginConfiguration extends Enableable {
- nameIdFormat?: string;
+export interface TwitterIdentityProvider extends BaseIdentityProvider {
+ buttonText?: string;
+ consumerKey?: string;
+ consumerSecret?: string;
}
/**
- * Entity Type API response object.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface EntityTypeResponse {
- entityType?: EntityType;
- entityTypes?: Array;
- permission?: EntityTypePermission;
+export interface BaseLoginRequest extends BaseEventRequest {
+ applicationId?: UUID;
+ ipAddress?: string;
+ metaData?: MetaData;
+ newDevice?: boolean;
+ noJWT?: boolean;
}
/**
- * User API response object.
+ * Used to indicate what type of attestation was included in the authenticator response for a given WebAuthn credential at the time it was created
*
- * @author Brian Pontarelli
+ * @author Spencer Witt
*/
-export interface UserResponse {
- emailVerificationId?: string;
- emailVerificationOneTimeCode?: string;
- registrationVerificationIds?: Record;
- registrationVerificationOneTimeCodes?: Record;
- token?: string;
- tokenExpirationInstant?: number;
- user?: User;
+export enum AttestationType {
+ basic = "basic",
+ self = "self",
+ attestationCa = "attestationCa",
+ anonymizationCa = "anonymizationCa",
+ none = "none"
}
/**
- * Status for content like usernames, profile attributes, etc.
+ * Models the User Event (and can be converted to JSON) that is used for all user modifications (create, update,
+ * delete).
*
* @author Brian Pontarelli
*/
-export enum ContentStatus {
- ACTIVE = "ACTIVE",
- PENDING = "PENDING",
- REJECTED = "REJECTED"
+export interface UserDeleteEvent extends BaseUserEvent {
}
/**
- * Search request for Keys
+ * Registration delete API request object.
*
- * @author Spencer Witt
+ * @author Brian Pontarelli
*/
-export interface KeySearchRequest {
- search?: KeySearchCriteria;
+export interface RegistrationDeleteRequest extends BaseEventRequest {
}
/**
- * @author Matthew Altman
+ * Key API request object.
+ *
+ * @author Daniel DeGroff
*/
-export enum LogoutBehavior {
- RedirectOnly = "RedirectOnly",
- AllApplications = "AllApplications"
+export interface KeyRequest {
+ key?: Key;
}
/**
+ * Domain for a public key, key pair or an HMAC secret. This is used by KeyMaster to manage keys for JWTs, SAML, etc.
+ *
* @author Brian Pontarelli
*/
-export interface Tenantable {
+export interface Key {
+ algorithm?: KeyAlgorithm;
+ certificate?: string;
+ certificateInformation?: CertificateInformation;
+ expirationInstant?: number;
+ hasPrivateKey?: boolean;
+ id?: UUID;
+ insertInstant?: number;
+ issuer?: string;
+ kid?: string;
+ lastUpdateInstant?: number;
+ length?: number;
+ name?: string;
+ privateKey?: string;
+ publicKey?: string;
+ secret?: string;
+ type?: KeyType;
}
/**
- * Models the User Bulk Create Event.
+ * COSE Elliptic Curve identifier to determine which elliptic curve to use with a given key
*
- * @author Brian Pontarelli
+ * @author Spencer Witt
*/
-export interface UserBulkCreateEvent extends BaseEvent {
- users?: Array;
+export enum CoseEllipticCurve {
+ Reserved = "Reserved",
+ P256 = "P256",
+ P384 = "P384",
+ P521 = "P521",
+ X25519 = "X25519",
+ X448 = "X448",
+ Ed25519 = "Ed25519",
+ Ed448 = "Ed448",
+ Secp256k1 = "Secp256k1"
}
/**
- * Models a single family member.
+ * Models a family grouping of users.
*
* @author Brian Pontarelli
*/
-export interface FamilyMember {
- data?: Record;
+export interface Family {
+ id?: UUID;
insertInstant?: number;
lastUpdateInstant?: number;
- owner?: boolean;
- role?: FamilyRole;
- userId?: UUID;
+ members?: Array;
}
-export enum FamilyRole {
- Child = "Child",
- Teen = "Teen",
- Adult = "Adult"
+/**
+ * The phases of a time-based user action.
+ *
+ * @author Brian Pontarelli
+ */
+export enum UserActionPhase {
+ start = "start",
+ modify = "modify",
+ cancel = "cancel",
+ end = "end"
}
/**
- * An email address.
+ * Models the User Deactivate Event.
*
* @author Brian Pontarelli
*/
-export interface EmailAddress {
- address?: string;
- display?: string;
+export interface UserDeactivateEvent extends BaseUserEvent {
}
/**
- * @author Daniel DeGroff
+ * Interface for any object that can provide JSON Web key Information.
*/
-export interface ExternalJWTApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
+export interface JSONWebKeyInfoProvider {
}
/**
- * Search request for Tenants
- *
- * @author Mark Manes
+ * @author Daniel DeGroff
*/
-export interface TenantSearchRequest {
- search?: TenantSearchCriteria;
+export interface OAuthResponse {
}
/**
* @author Daniel DeGroff
*/
-export interface FacebookApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- appId?: string;
- buttonText?: string;
- client_secret?: string;
- fields?: string;
- loginMethod?: IdentityProviderLoginMethod;
- permissions?: string;
+export interface VersionResponse {
+ version?: string;
}
/**
- * Models the user action Event.
+ * The summary of the action that is preventing login to be returned on the login response.
*
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface UserActionEvent extends BaseEvent {
- action?: string;
- actioneeUserId?: UUID;
+export interface LoginPreventedResponse {
actionerUserId?: UUID;
actionId?: UUID;
- applicationIds?: Array;
- comment?: string;
- email?: Email;
- emailedUser?: boolean;
expiry?: number;
- localizedAction?: string;
- localizedDuration?: string;
+ localizedName?: string;
localizedOption?: string;
localizedReason?: string;
- notifyUser?: boolean;
+ name?: string;
option?: string;
- phase?: UserActionPhase;
reason?: string;
reasonCode?: string;
}
/**
- * Models the User Create Registration Event.
- *
* @author Daniel DeGroff
*/
-export interface UserRegistrationCreateEvent extends BaseUserEvent {
- applicationId?: UUID;
- registration?: UserRegistration;
+export enum FormDataType {
+ bool = "bool",
+ consent = "consent",
+ date = "date",
+ email = "email",
+ number = "number",
+ string = "string"
+}
+
+export interface LoginRecordConfiguration {
+ delete?: DeleteConfiguration;
}
/**
- * A displayable raw login that includes application name and user loginId.
- *
- * @author Brian Pontarelli
+ * @author Michael Sleevi
*/
-export interface DisplayableRawLogin extends RawLogin {
- applicationName?: string;
- location?: Location;
- loginId?: string;
+export interface MessageTemplateResponse {
+ messageTemplate?: MessageTemplate;
+ messageTemplates?: Array;
}
/**
- * A number identifying a cryptographic algorithm. Values should be registered with the IANA COSE Algorithms registry
+ * Models a consent.
*
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export enum CoseAlgorithmIdentifier {
- ES256 = "SHA256withECDSA",
- ES384 = "SHA384withECDSA",
- ES512 = "SHA512withECDSA",
- RS256 = "SHA256withRSA",
- RS384 = "SHA384withRSA",
- RS512 = "SHA512withRSA",
- PS256 = "SHA-256",
- PS384 = "SHA-384",
- PS512 = "SHA-512"
+export enum ConsentStatus {
+ Active = "Active",
+ Revoked = "Revoked"
}
/**
* @author Daniel DeGroff
*/
-export interface UserinfoResponse extends Record {
+export enum UnverifiedBehavior {
+ Allow = "Allow",
+ Gated = "Gated"
}
/**
- * @author Brett Pontarelli
+ * @author Brett Guy
*/
-export interface SteamApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- apiMode?: SteamAPIMode;
- buttonText?: string;
- client_id?: string;
- scope?: string;
- webAPIKey?: string;
+export interface MessengerRequest {
+ messenger?: BaseMessengerConfiguration;
}
/**
* @author Daniel DeGroff
*/
-export interface TwoFactorSendRequest {
- applicationId?: UUID;
- email?: string;
- method?: string;
- methodId?: string;
- mobilePhone?: string;
- userId?: UUID;
+export interface MessengerTransport {
}
/**
- * Search criteria for Email templates
+ * Search request for Applications
*
- * @author Mark Manes
+ * @author Spencer Witt
*/
-export interface EmailTemplateSearchCriteria extends BaseSearchCriteria {
- name?: string;
+export interface ApplicationSearchRequest extends ExpandableRequest {
+ search?: ApplicationSearchCriteria;
}
/**
- * @author Brian Pontarelli
+ * Email template response.
+ *
+ * @author Brian Pontarelli
*/
-export enum ReactorFeatureStatus {
- ACTIVE = "ACTIVE",
- DISCONNECTED = "DISCONNECTED",
- PENDING = "PENDING",
- DISABLED = "DISABLED",
- UNKNOWN = "UNKNOWN"
+export interface EmailTemplateResponse {
+ emailTemplate?: EmailTemplate;
+ emailTemplates?: Array;
+}
+
+export interface ApplicationEmailConfiguration {
+ emailUpdateEmailTemplateId?: UUID;
+ emailVerificationEmailTemplateId?: UUID;
+ emailVerifiedEmailTemplateId?: UUID;
+ forgotPasswordEmailTemplateId?: UUID;
+ loginIdInUseOnCreateEmailTemplateId?: UUID;
+ loginIdInUseOnUpdateEmailTemplateId?: UUID;
+ loginNewDeviceEmailTemplateId?: UUID;
+ loginSuspiciousEmailTemplateId?: UUID;
+ passwordlessEmailTemplateId?: UUID;
+ passwordResetSuccessEmailTemplateId?: UUID;
+ passwordUpdateEmailTemplateId?: UUID;
+ setPasswordEmailTemplateId?: UUID;
+ twoFactorMethodAddEmailTemplateId?: UUID;
+ twoFactorMethodRemoveEmailTemplateId?: UUID;
}
/**
- * @author Brett Pontarelli
+ * Models the Group Member Update Complete Event.
+ *
+ * @author Daniel DeGroff
*/
-export interface SonyPSNApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- scope?: string;
+export interface GroupMemberUpdateCompleteEvent extends BaseGroupEvent {
+ members?: Array;
}
/**
- * An audit log.
- *
* @author Brian Pontarelli
*/
-export interface AuditLog {
- data?: Record;
- id?: number;
- insertInstant?: number;
- insertUser?: string;
- message?: string;
- newValue?: any;
- oldValue?: any;
- reason?: string;
+export interface AuditLogRequest extends BaseEventRequest {
+ auditLog?: AuditLog;
}
/**
- * A webhook call response.
- *
- * @author Spencer Witt
+ * @author Brett Guy
*/
-export interface WebhookCallResponse {
- exception?: string;
- statusCode?: number;
- url?: string;
+export interface KafkaMessengerConfiguration extends BaseMessengerConfiguration {
+ defaultTopic?: string;
+ producer?: Record;
}
/**
- * Provides the authenticator with the data it needs to generate an assertion.
+ * Models action reasons.
*
- * @author Spencer Witt
+ * @author Brian Pontarelli
*/
-export interface PublicKeyCredentialRequestOptions {
- allowCredentials?: Array;
- challenge?: string;
- rpId?: string;
- timeout?: number;
- userVerification?: UserVerificationRequirement;
+export interface UserActionReason {
+ code?: string;
+ id?: UUID;
+ insertInstant?: number;
+ lastUpdateInstant?: number;
+ localizedTexts?: LocalizedStrings;
+ text?: string;
}
/**
- * Search request for user comments
+ * Status for content like usernames, profile attributes, etc.
*
- * @author Spencer Witt
+ * @author Brian Pontarelli
*/
-export interface UserCommentSearchRequest {
- search?: UserCommentSearchCriteria;
+export enum ContentStatus {
+ ACTIVE = "ACTIVE",
+ PENDING = "PENDING",
+ REJECTED = "REJECTED"
}
/**
- * @author Daniel DeGroff
+ * @author Spencer Witt
*/
-export enum UnverifiedBehavior {
- Allow = "Allow",
- Gated = "Gated"
+export interface TenantWebAuthnWorkflowConfiguration extends Enableable {
+ authenticatorAttachmentPreference?: AuthenticatorAttachmentPreference;
+ userVerificationRequirement?: UserVerificationRequirement;
}
/**
- * Models the Group Member Remove Event.
- *
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface GroupMemberRemoveEvent extends BaseGroupEvent {
- members?: Array;
+export interface TwoFactorDisableRequest extends BaseEventRequest {
+ applicationId?: UUID;
+ code?: string;
+ methodId?: string;
}
/**
- * @author Brett Guy
+ * Search criteria for Applications
+ *
+ * @author Spencer Witt
*/
-export enum MessengerType {
- Generic = "Generic",
- Kafka = "Kafka",
- Twilio = "Twilio"
+export interface ApplicationSearchCriteria extends BaseSearchCriteria {
+ name?: string;
+ state?: ObjectState;
+ tenantId?: UUID;
}
/**
- * @author Brian Pontarelli
+ * Configuration for the behavior of failed login attempts. This helps us protect against brute force password attacks.
+ *
+ * @author Daniel DeGroff
*/
-export interface EventLogSearchRequest {
- search?: EventLogSearchCriteria;
+export interface FailedAuthenticationConfiguration {
+ actionCancelPolicy?: FailedAuthenticationActionCancelPolicy;
+ actionDuration?: number;
+ actionDurationUnit?: ExpiryUnit;
+ emailUser?: boolean;
+ resetCountInSeconds?: number;
+ tooManyAttempts?: number;
+ userActionId?: UUID;
}
/**
- * Event log response.
+ * This class contains the managed fields that are also put into the database during FusionAuth setup.
+ *
+ * Internal Note: These fields are also declared in SQL in order to bootstrap the system. These need to stay in sync.
+ * Any changes to these fields needs to also be reflected in mysql.sql and postgresql.sql
*
* @author Brian Pontarelli
*/
-export interface EventLogSearchResponse {
- eventLogs?: Array;
- total?: number;
+export interface ManagedFields {
}
/**
- * Webhook event log response.
+ * API response for starting a WebAuthn authentication ceremony
*
* @author Spencer Witt
*/
-export interface WebhookEventLogResponse {
- webhookEventLog?: WebhookEventLog;
+export interface WebAuthnStartResponse {
+ options?: PublicKeyCredentialRequestOptions;
}
/**
+ * Models the User Login event that is suspicious.
+ *
* @author Daniel DeGroff
*/
-export interface TwoFactorRecoveryCodeResponse {
- recoveryCodes?: Array;
+export interface UserLoginSuspiciousEvent extends UserLoginSuccessEvent {
+ threatsDetected?: Array;
+}
+
+export interface SAMLv2AssertionEncryptionConfiguration extends Enableable {
+ digestAlgorithm?: string;
+ encryptionAlgorithm?: string;
+ keyLocation?: string;
+ keyTransportAlgorithm?: string;
+ keyTransportEncryptionKeyId?: UUID;
+ maskGenerationFunction?: string;
+}
+
+export interface LambdaConfiguration {
+ accessTokenPopulateId?: UUID;
+ idTokenPopulateId?: UUID;
+ samlv2PopulateId?: UUID;
+ selfServiceRegistrationValidationId?: UUID;
+ userinfoPopulateId?: UUID;
}
/**
- * An expandable API response.
- *
* @author Daniel DeGroff
*/
-export interface ExpandableResponse {
- expandable?: Array;
+export interface IdentityProviderResponse {
+ identityProvider?: BaseIdentityProvider;
+ identityProviders?: Array>;
}
/**
- * Model a user event when a two-factor method has been added.
- *
* @author Daniel DeGroff
*/
-export interface UserTwoFactorMethodRemoveEvent extends BaseUserEvent {
- method?: TwoFactorMethod;
+export interface SecureIdentity {
+ breachedPasswordLastCheckedInstant?: number;
+ breachedPasswordStatus?: BreachedPasswordStatus;
+ connectorId?: UUID;
+ encryptionScheme?: string;
+ factor?: number;
+ id?: UUID;
+ lastLoginInstant?: number;
+ password?: string;
+ passwordChangeReason?: ChangePasswordReason;
+ passwordChangeRequired?: boolean;
+ passwordLastUpdateInstant?: number;
+ salt?: string;
+ uniqueUsername?: string;
+ username?: string;
+ usernameStatus?: ContentStatus;
+ verified?: boolean;
+ verifiedInstant?: number;
}
/**
- * The response from the total report. This report stores the total numbers for each application.
+ * Models the User Login event for a new device (un-recognized)
*
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface TotalsReportResponse {
- applicationTotals?: Record;
- globalRegistrations?: number;
- totalGlobalRegistrations?: number;
+export interface UserLoginNewDeviceEvent extends UserLoginSuccessEvent {
}
-export interface Totals {
- logins?: number;
- registrations?: number;
- totalRegistrations?: number;
+/**
+ * External JWT-only identity provider.
+ *
+ * @author Daniel DeGroff and Brian Pontarelli
+ */
+export interface ExternalJWTIdentityProvider extends BaseIdentityProvider {
+ claimMap?: Record;
+ defaultKeyId?: UUID;
+ domains?: Array;
+ headerKeyParameter?: string;
+ oauth2?: IdentityProviderOauth2Configuration;
+ uniqueIdentityClaim?: string;
}
/**
- * @author Brett Guy
+ * An email address.
+ *
+ * @author Brian Pontarelli
*/
-export interface IPAccessControlListResponse {
- ipAccessControlList?: IPAccessControlList;
- ipAccessControlLists?: Array;
+export interface EmailAddress {
+ address?: string;
+ display?: string;
}
/**
- * API request to start a WebAuthn registration ceremony
+ * Base class for requests that can contain event information. This event information is used when sending Webhooks or emails
+ * during the transaction. The caller is responsible for ensuring that the event information is correct.
*
- * @author Spencer Witt
+ * @author Brian Pontarelli
*/
-export interface WebAuthnRegisterStartRequest {
- displayName?: string;
- name?: string;
- userAgent?: string;
- userId?: UUID;
- workflow?: WebAuthnWorkflow;
+export interface BaseEventRequest {
+ eventInfo?: EventInfo;
}
/**
- * Models the User Login event that is suspicious.
- *
* @author Daniel DeGroff
*/
-export interface UserLoginSuspiciousEvent extends UserLoginSuccessEvent {
- threatsDetected?: Array;
+export interface ApplicationWebAuthnWorkflowConfiguration extends Enableable {
}
/**
- * User API delete request object for a single user.
+ * The reason for the login failure.
*
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface UserDeleteSingleRequest extends BaseEventRequest {
- hardDelete?: boolean;
+export interface UserLoginFailedReason {
+ code?: string;
+ lambdaId?: UUID;
+ lambdaResult?: Errors;
}
/**
- * API response for refreshing a JWT with a Refresh Token.
- *
- * Using a different response object from RefreshTokenResponse because the retrieve response will return an object for refreshToken, and this is a
- * string.
- *
* @author Daniel DeGroff
*/
-export interface JWTRefreshResponse {
- refreshToken?: string;
- refreshTokenId?: UUID;
- token?: string;
+export interface SecureGeneratorConfiguration {
+ length?: number;
+ type?: SecureGeneratorType;
+}
+
+/**
+ * @author Johnathon Wood
+ */
+export enum Oauth2AuthorizedURLValidationPolicy {
+ AllowWildcards = "AllowWildcards",
+ ExactMatch = "ExactMatch"
}
/**
* @author Brian Pontarelli
*/
-export interface AuditLogSearchRequest {
- search?: AuditLogSearchCriteria;
+export interface AuditLogSearchCriteria extends BaseSearchCriteria {
+ end?: number;
+ message?: string;
+ newValue?: string;
+ oldValue?: string;
+ reason?: string;
+ start?: number;
+ user?: string;
}
/**
- * @author Brett Guy
+ * Search criteria for user comments.
+ *
+ * @author Spencer Witt
*/
-export interface IPAccessControlListSearchResponse {
- ipAccessControlLists?: Array;
- total?: number;
+export interface UserCommentSearchCriteria extends BaseSearchCriteria {
+ comment?: string;
+ commenterId?: UUID;
+ tenantId?: UUID;
+ userId?: UUID;
}
/**
- * @author Daniel DeGroff
+ * A policy for deleting Users based upon some external criteria.
+ *
+ * @author Trevor Smith
*/
-export interface VersionResponse {
- version?: string;
+export interface TimeBasedDeletePolicy extends Enableable {
+ enabledInstant?: number;
+ numberOfDaysToRetain?: number;
}
/**
- * @author Brian Pontarelli
+ * Search criteria for Email templates
+ *
+ * @author Mark Manes
*/
-export interface TwoFactorDisableRequest extends BaseEventRequest {
- applicationId?: UUID;
- code?: string;
- methodId?: string;
+export interface EmailTemplateSearchCriteria extends BaseSearchCriteria {
+ name?: string;
}
/**
- * @author Brett Pontarelli
+ * Search request for Identity Providers
+ *
+ * @author Spencer Witt
*/
-export interface NintendoApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- emailClaim?: string;
- scope?: string;
- uniqueIdClaim?: string;
- usernameClaim?: string;
+export interface IdentityProviderSearchRequest {
+ search?: IdentityProviderSearchCriteria;
}
/**
* @author Daniel DeGroff
*/
-export interface PasswordBreachDetection extends Enableable {
- matchMode?: BreachMatchMode;
- notifyUserEmailTemplateId?: UUID;
- onLogin?: BreachAction;
+export interface ReactorStatus {
+ advancedIdentityProviders?: ReactorFeatureStatus;
+ advancedLambdas?: ReactorFeatureStatus;
+ advancedMultiFactorAuthentication?: ReactorFeatureStatus;
+ advancedOAuthScopes?: ReactorFeatureStatus;
+ advancedOAuthScopesCustomScopes?: ReactorFeatureStatus;
+ advancedOAuthScopesThirdPartyApplications?: ReactorFeatureStatus;
+ advancedRegistration?: ReactorFeatureStatus;
+ applicationMultiFactorAuthentication?: ReactorFeatureStatus;
+ applicationThemes?: ReactorFeatureStatus;
+ breachedPasswordDetection?: ReactorFeatureStatus;
+ connectors?: ReactorFeatureStatus;
+ entityManagement?: ReactorFeatureStatus;
+ expiration?: string;
+ licenseAttributes?: Record;
+ licensed?: boolean;
+ scimServer?: ReactorFeatureStatus;
+ threatDetection?: ReactorFeatureStatus;
+ webAuthn?: ReactorFeatureStatus;
+ webAuthnPlatformAuthenticators?: ReactorFeatureStatus;
+ webAuthnRoamingAuthenticators?: ReactorFeatureStatus;
}
-export enum BreachAction {
- Off = "Off",
- RecordOnly = "RecordOnly",
- NotifyUser = "NotifyUser",
- RequireChange = "RequireChange"
+/**
+ * Search request for entity types.
+ *
+ * @author Brian Pontarelli
+ */
+export interface EntityTypeSearchRequest {
+ search?: EntityTypeSearchCriteria;
}
-export enum BreachMatchMode {
- Low = "Low",
- Medium = "Medium",
- High = "High"
+export interface MultiFactorSMSMethod extends Enableable {
+ messengerId?: UUID;
+ templateId?: UUID;
}
/**
+ * Login Ping API request object.
+ *
* @author Daniel DeGroff
*/
-export enum FormFieldAdminPolicy {
- Edit = "Edit",
- View = "View"
+export interface LoginPingRequest extends BaseLoginRequest {
+ userId?: UUID;
+}
+
+export enum RegistrationType {
+ basic = "basic",
+ advanced = "advanced"
}
/**
- * Used to communicate whether and how authenticator attestation should be delivered to the Relying Party
+ * Config for Usage Data / Stats
*
- * @author Spencer Witt
+ * @author Lyle Schemmerling
*/
-export enum AttestationConveyancePreference {
- none = "none",
- indirect = "indirect",
- direct = "direct",
- enterprise = "enterprise"
+export interface UsageDataConfiguration extends Enableable {
+ numberOfDaysToRetain?: number;
+}
+
+export enum EmailSecurityType {
+ NONE = "NONE",
+ SSL = "SSL",
+ TLS = "TLS"
}
/**
- * A policy to configure if and when the user-action is canceled prior to the expiration of the action.
- *
* @author Daniel DeGroff
*/
-export interface FailedAuthenticationActionCancelPolicy {
- onPasswordReset?: boolean;
+export enum LambdaEngineType {
+ GraalJS = "GraalJS",
+ Nashorn = "Nashorn"
}
/**
- * The possible result states of a webhook event. This tracks the success of the overall webhook transaction according to the {@link TransactionType}
- * and configured webhooks.
- *
- * @author Spencer Witt
+ * @author Michael Sleevi
*/
-export enum WebhookEventResult {
- Failed = "Failed",
- Running = "Running",
- Succeeded = "Succeeded"
+export interface SMSMessageTemplate extends MessageTemplate {
+ defaultTemplate?: string;
+ localizedTemplates?: LocalizedStrings;
}
/**
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface BaseSearchCriteria {
- numberOfResults?: number;
- orderBy?: string;
- startRow?: number;
+export enum FormControl {
+ checkbox = "checkbox",
+ number = "number",
+ password = "password",
+ radio = "radio",
+ select = "select",
+ textarea = "textarea",
+ text = "text"
}
/**
- * Forgot password request object.
- *
- * @author Brian Pontarelli
+ * @author Trevor Smith
*/
-export interface ForgotPasswordRequest extends BaseEventRequest {
- applicationId?: UUID;
- changePasswordId?: string;
- email?: string;
- loginId?: string;
- sendForgotPasswordEmail?: boolean;
- state?: Record;
- username?: string;
+export interface Theme {
+ data?: Record;
+ defaultMessages?: string;
+ id?: UUID;
+ insertInstant?: number;
+ lastUpdateInstant?: number;
+ localizedMessages?: LocalizedStrings;
+ name?: string;
+ stylesheet?: string;
+ templates?: Templates;
+ type?: ThemeType;
+ variables?: SimpleThemeVariables;
}
/**
- * The FormField API request object.
+ * Models the JWT public key Refresh Token Revoke Event. This event might be for a single
+ * token, a user or an entire application.
*
- * @author Brett Guy
+ * @author Brian Pontarelli
*/
-export interface FormFieldRequest {
- field?: FormField;
- fields?: Array;
+export interface JWTPublicKeyUpdateEvent extends BaseEvent {
+ applicationIds?: Array;
}
/**
+ * Models the User Password Reset Send Event.
+ *
* @author Daniel DeGroff
*/
-export interface SendRequest {
- applicationId?: UUID;
- bccAddresses?: Array;
- ccAddresses?: Array;
- preferredLanguages?: Array;
- requestData?: Record;
- toAddresses?: Array;
- userIds?: Array;
+export interface UserPasswordResetSendEvent extends BaseUserEvent {
}
/**
- * Identifies the WebAuthn workflow. This will affect the parameters used for credential creation
- * and request based on the Tenant configuration.
+ * Models the Group Member Remove Complete Event.
*
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export enum WebAuthnWorkflow {
- bootstrap = "bootstrap",
- general = "general",
- reauthentication = "reauthentication"
+export interface GroupMemberRemoveCompleteEvent extends BaseGroupEvent {
+ members?: Array;
}
/**
- * @author Michael Sleevi
+ * Search request for Tenants
+ *
+ * @author Mark Manes
*/
-export interface MessageTemplateResponse {
- messageTemplate?: MessageTemplate;
- messageTemplates?: Array;
+export interface TenantSearchRequest {
+ search?: TenantSearchCriteria;
}
/**
- * Models a consent.
+ * The Application Scope API response.
*
- * @author Daniel DeGroff
+ * @author Spencer Witt
*/
-export enum ConsentStatus {
- Active = "Active",
- Revoked = "Revoked"
+export interface ApplicationOAuthScopeResponse {
+ scope?: ApplicationOAuthScope;
}
-/**
- * @author Daniel DeGroff
- */
-export enum HTTPMethod {
- GET = "GET",
- POST = "POST",
- PUT = "PUT",
- DELETE = "DELETE",
- HEAD = "HEAD",
- OPTIONS = "OPTIONS",
- PATCH = "PATCH"
+export interface MultiFactorSMSTemplate {
+ templateId?: UUID;
}
/**
- * Models the User Deleted Registration Event.
- *
- * This is different than user.registration.delete in that it is sent after the TX has been committed. This event cannot be transactional.
+ * User API request object.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface UserRegistrationDeleteCompleteEvent extends BaseUserEvent {
+export interface UserRequest extends BaseEventRequest {
applicationId?: UUID;
- registration?: UserRegistration;
-}
-
-/**
- * Steam gaming login provider.
- *
- * @author Brett Pontarelli
- */
-export interface SteamIdentityProvider extends BaseIdentityProvider {
- apiMode?: SteamAPIMode;
- buttonText?: string;
- client_id?: string;
- scope?: string;
- webAPIKey?: string;
+ currentPassword?: string;
+ disableDomainBlock?: boolean;
+ sendSetPasswordEmail?: boolean;
+ skipVerification?: boolean;
+ user?: User;
}
/**
- * Nintendo gaming login provider.
- *
- * @author Brett Pontarelli
+ * @author Brian Pontarelli
*/
-export interface NintendoIdentityProvider extends BaseIdentityProvider {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- emailClaim?: string;
- scope?: string;
- uniqueIdClaim?: string;
- usernameClaim?: string;
+export interface PendingResponse {
+ users?: Array;
}
/**
* @author Daniel DeGroff
*/
-export interface TwoFactorLoginRequest extends BaseLoginRequest {
+export interface TwoFactorStartResponse {
code?: string;
- trustComputer?: boolean;
+ methods?: Array;
twoFactorId?: string;
- userId?: UUID;
}
/**
- * Search API request.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface SearchRequest extends ExpandableRequest {
- search?: UserSearchCriteria;
+export interface VerifyEmailResponse {
+ oneTimeCode?: string;
+ verificationId?: string;
}
/**
* @author Daniel DeGroff
*/
-export interface BaseIdentityProviderApplicationConfiguration extends Enableable {
- createRegistration?: boolean;
- data?: Record;
+export interface OpenIdConnectApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
+ buttonImageURL?: string;
+ buttonText?: string;
+ oauth2?: IdentityProviderOauth2Configuration;
}
/**
- * This class is an abstraction of a simple email message.
+ * Defines valid credential types. This is an extension point in the WebAuthn spec. The only defined value at this time is "public-key"
*
- * @author Brian Pontarelli
+ * @author Spencer Witt
*/
-export interface Email {
- attachments?: Array;
- bcc?: Array;
- cc?: Array;
- from?: EmailAddress;
- html?: string;
- replyTo?: EmailAddress;
- subject?: string;
- text?: string;
- to?: Array;
+export enum PublicKeyCredentialType {
+ publicKey = "public-key"
}
/**
- * Search request for Lambdas
- *
- * @author Mark Manes
+ * @author Daniel DeGroff
*/
-export interface LambdaSearchRequest {
- search?: LambdaSearchCriteria;
+export interface PasswordlessStartRequest {
+ applicationId?: UUID;
+ loginId?: string;
+ state?: Record;
}
/**
- * User login failed reason codes.
+ * Response for the registration report.
+ *
+ * @author Brian Pontarelli
*/
-export interface UserLoginFailedReasonCode {
+export interface RegistrationReportResponse {
+ hourlyCounts?: Array;
+ total?: number;
}
/**
- * @author Brian Pontarelli
+ * Authentication key request object.
+ *
+ * @author Sanjay
*/
-export interface BaseElasticSearchCriteria extends BaseSearchCriteria {
- accurateTotal?: boolean;
- ids?: Array;
- nextResults?: string;
- query?: string;
- queryString?: string;
- sortFields?: Array;
+export interface APIKeyRequest {
+ apiKey?: APIKey;
+ sourceKeyId?: UUID;
}
/**
- * Application search response
+ * A webhook call response.
*
* @author Spencer Witt
*/
-export interface ApplicationSearchResponse extends ExpandableResponse {
- applications?: Array;
- total?: number;
+export interface WebhookCallResponse {
+ exception?: string;
+ statusCode?: number;
+ url?: string;
}
/**
- * Lambda search response
+ * User Action Reason API request object.
*
- * @author Mark Manes
+ * @author Brian Pontarelli
*/
-export interface LambdaSearchResponse {
- lambdas?: Array;
- total?: number;
+export interface UserActionReasonRequest {
+ userActionReason?: UserActionReason;
}
/**
- * Webhook attempt log response.
- *
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export interface WebhookAttemptLogResponse {
- webhookAttemptLog?: WebhookAttemptLog;
+export interface OAuthError {
+ change_password_id?: string;
+ error?: OAuthErrorType;
+ error_description?: string;
+ error_reason?: OAuthErrorReason;
+ error_uri?: string;
+ two_factor_id?: string;
+ two_factor_methods?: Array;
+}
+
+export enum OAuthErrorReason {
+ auth_code_not_found = "auth_code_not_found",
+ access_token_malformed = "access_token_malformed",
+ access_token_expired = "access_token_expired",
+ access_token_unavailable_for_processing = "access_token_unavailable_for_processing",
+ access_token_failed_processing = "access_token_failed_processing",
+ access_token_invalid = "access_token_invalid",
+ access_token_required = "access_token_required",
+ refresh_token_not_found = "refresh_token_not_found",
+ refresh_token_type_not_supported = "refresh_token_type_not_supported",
+ invalid_client_id = "invalid_client_id",
+ invalid_user_credentials = "invalid_user_credentials",
+ invalid_grant_type = "invalid_grant_type",
+ invalid_origin = "invalid_origin",
+ invalid_origin_opaque = "invalid_origin_opaque",
+ invalid_pkce_code_verifier = "invalid_pkce_code_verifier",
+ invalid_pkce_code_challenge = "invalid_pkce_code_challenge",
+ invalid_pkce_code_challenge_method = "invalid_pkce_code_challenge_method",
+ invalid_redirect_uri = "invalid_redirect_uri",
+ invalid_response_mode = "invalid_response_mode",
+ invalid_response_type = "invalid_response_type",
+ invalid_id_token_hint = "invalid_id_token_hint",
+ invalid_post_logout_redirect_uri = "invalid_post_logout_redirect_uri",
+ invalid_device_code = "invalid_device_code",
+ invalid_user_code = "invalid_user_code",
+ invalid_additional_client_id = "invalid_additional_client_id",
+ invalid_target_entity_scope = "invalid_target_entity_scope",
+ invalid_entity_permission_scope = "invalid_entity_permission_scope",
+ invalid_user_id = "invalid_user_id",
+ grant_type_disabled = "grant_type_disabled",
+ missing_client_id = "missing_client_id",
+ missing_client_secret = "missing_client_secret",
+ missing_code = "missing_code",
+ missing_code_challenge = "missing_code_challenge",
+ missing_code_verifier = "missing_code_verifier",
+ missing_device_code = "missing_device_code",
+ missing_grant_type = "missing_grant_type",
+ missing_redirect_uri = "missing_redirect_uri",
+ missing_refresh_token = "missing_refresh_token",
+ missing_response_type = "missing_response_type",
+ missing_token = "missing_token",
+ missing_user_code = "missing_user_code",
+ missing_user_id = "missing_user_id",
+ missing_verification_uri = "missing_verification_uri",
+ login_prevented = "login_prevented",
+ not_licensed = "not_licensed",
+ user_code_expired = "user_code_expired",
+ user_expired = "user_expired",
+ user_locked = "user_locked",
+ user_not_found = "user_not_found",
+ client_authentication_missing = "client_authentication_missing",
+ invalid_client_authentication_scheme = "invalid_client_authentication_scheme",
+ invalid_client_authentication = "invalid_client_authentication",
+ client_id_mismatch = "client_id_mismatch",
+ change_password_administrative = "change_password_administrative",
+ change_password_breached = "change_password_breached",
+ change_password_expired = "change_password_expired",
+ change_password_validation = "change_password_validation",
+ unknown = "unknown",
+ missing_required_scope = "missing_required_scope",
+ unknown_scope = "unknown_scope",
+ consent_canceled = "consent_canceled"
}
/**
- * Password Encryption Scheme Configuration
+ * An Event "event" to indicate an event log was created.
*
* @author Daniel DeGroff
*/
-export interface PasswordEncryptionConfiguration {
- encryptionScheme?: string;
- encryptionSchemeFactor?: number;
- modifyEncryptionSchemeOnLogin?: boolean;
+export interface EventLogCreateEvent extends BaseEvent {
+ eventLog?: EventLog;
}
/**
- * The Application API response.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface ApplicationResponse {
- application?: Application;
- applications?: Array;
- role?: ApplicationRole;
+export enum RefreshTokenExpirationPolicy {
+ Fixed = "Fixed",
+ SlidingWindow = "SlidingWindow",
+ SlidingWindowWithMaximumLifetime = "SlidingWindowWithMaximumLifetime"
}
/**
- * Response for the daily active user report.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface MonthlyActiveUserReportResponse {
- monthlyActiveUsers?: Array;
- total?: number;
+export interface TenantLoginConfiguration {
+ requireAuthentication?: boolean;
}
/**
- * @author Tyler Scott
- */
-export interface Group {
- data?: Record;
- id?: UUID;
- insertInstant?: number;
- lastUpdateInstant?: number;
- name?: string;
- roles?: Record>;
- tenantId?: UUID;
+ * Models the User Login Failed Event.
+ *
+ * @author Daniel DeGroff
+ */
+export interface UserLoginFailedEvent extends BaseUserEvent {
+ applicationId?: UUID;
+ authenticationType?: string;
+ ipAddress?: string;
+ reason?: UserLoginFailedReason;
}
/**
* @author Daniel DeGroff
*/
-export interface Form {
- data?: Record;
- id?: UUID;
- insertInstant?: number;
- lastUpdateInstant?: number;
- name?: string;
- steps?: Array;
- type?: FormType;
+export interface AppleIdentityProvider extends BaseIdentityProvider {
+ bundleId?: string;
+ buttonText?: string;
+ keyId?: UUID;
+ scope?: string;
+ servicesId?: string;
+ teamId?: string;
}
/**
- * Base class for all {@link User}-related events.
- *
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export interface BaseUserEvent extends BaseEvent {
- user?: User;
+export interface SendResponse {
+ anonymousResults?: Record;
+ results?: Record;
}
/**
* @author Daniel DeGroff
*/
-export enum UserState {
- Authenticated = "Authenticated",
- AuthenticatedNotRegistered = "AuthenticatedNotRegistered",
- AuthenticatedNotVerified = "AuthenticatedNotVerified",
- AuthenticatedRegistrationNotVerified = "AuthenticatedRegistrationNotVerified"
+export enum FormType {
+ registration = "registration",
+ adminRegistration = "adminRegistration",
+ adminUser = "adminUser",
+ selfServiceUser = "selfServiceUser"
}
/**
- * The system configuration for Webhook Event Log data.
- *
- * @author Spencer Witt
+ * @author Brett Guy
*/
-export interface WebhookEventLogConfiguration {
- delete?: DeleteConfiguration;
+export interface MessengerResponse {
+ messenger?: BaseMessengerConfiguration;
+ messengers?: Array;
}
/**
* @author Daniel DeGroff
*/
-export interface LinkedInApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- scope?: string;
+export enum RateLimitedRequestType {
+ FailedLogin = "FailedLogin",
+ ForgotPassword = "ForgotPassword",
+ SendEmailVerification = "SendEmailVerification",
+ SendPasswordless = "SendPasswordless",
+ SendRegistrationVerification = "SendRegistrationVerification",
+ SendTwoFactor = "SendTwoFactor"
}
/**
- * Model a user event when a two-factor method has been removed.
+ * The public Status API response
*
* @author Daniel DeGroff
*/
-export interface UserTwoFactorMethodAddEvent extends BaseUserEvent {
- method?: TwoFactorMethod;
+export interface StatusResponse extends Record {
}
/**
- * @author Lyle Schemmerling
+ * @author Daniel DeGroff
*/
-export interface SAMLv2AssertionConfiguration {
- destination?: SAMLv2DestinationAssertionConfiguration;
+export interface ReactorMetrics {
+ breachedPasswordMetrics?: Record;
}
/**
- * Theme API response object.
+ * Identifies the WebAuthn workflow. This will affect the parameters used for credential creation
+ * and request based on the Tenant configuration.
*
- * @author Trevor Smith
+ * @author Spencer Witt
*/
-export interface ThemeResponse {
- theme?: Theme;
- themes?: Array;
+export enum WebAuthnWorkflow {
+ bootstrap = "bootstrap",
+ general = "general",
+ reauthentication = "reauthentication"
}
/**
- * The authenticator's response for the authentication ceremony in its encoded format
+ * The types of lambdas that indicate how they are invoked by FusionAuth.
*
- * @author Spencer Witt
+ * @author Brian Pontarelli
*/
-export interface WebAuthnAuthenticatorAuthenticationResponse {
- authenticatorData?: string;
- clientDataJSON?: string;
- signature?: string;
- userHandle?: string;
+export enum LambdaType {
+ JWTPopulate = "JWTPopulate",
+ OpenIDReconcile = "OpenIDReconcile",
+ SAMLv2Reconcile = "SAMLv2Reconcile",
+ SAMLv2Populate = "SAMLv2Populate",
+ AppleReconcile = "AppleReconcile",
+ ExternalJWTReconcile = "ExternalJWTReconcile",
+ FacebookReconcile = "FacebookReconcile",
+ GoogleReconcile = "GoogleReconcile",
+ HYPRReconcile = "HYPRReconcile",
+ TwitterReconcile = "TwitterReconcile",
+ LDAPConnectorReconcile = "LDAPConnectorReconcile",
+ LinkedInReconcile = "LinkedInReconcile",
+ EpicGamesReconcile = "EpicGamesReconcile",
+ NintendoReconcile = "NintendoReconcile",
+ SonyPSNReconcile = "SonyPSNReconcile",
+ SteamReconcile = "SteamReconcile",
+ TwitchReconcile = "TwitchReconcile",
+ XboxReconcile = "XboxReconcile",
+ ClientCredentialsJWTPopulate = "ClientCredentialsJWTPopulate",
+ SCIMServerGroupRequestConverter = "SCIMServerGroupRequestConverter",
+ SCIMServerGroupResponseConverter = "SCIMServerGroupResponseConverter",
+ SCIMServerUserRequestConverter = "SCIMServerUserRequestConverter",
+ SCIMServerUserResponseConverter = "SCIMServerUserResponseConverter",
+ SelfServiceRegistrationValidation = "SelfServiceRegistrationValidation",
+ UserInfoPopulate = "UserInfoPopulate",
+ LoginValidation = "LoginValidation"
+}
+
+/**
+ * CleanSpeak configuration at the system and application level.
+ *
+ * @author Brian Pontarelli
+ */
+export interface CleanSpeakConfiguration extends Enableable {
+ apiKey?: string;
+ applicationIds?: Array;
+ url?: string;
+ usernameModeration?: UsernameModeration;
+}
+
+export enum LDAPSecurityMethod {
+ None = "None",
+ LDAPS = "LDAPS",
+ StartTLS = "StartTLS"
+}
+
+/**
+ * Entity API request object.
+ *
+ * @author Brian Pontarelli
+ */
+export interface EntityRequest {
+ entity?: Entity;
}
/**
+ * Something that can be enabled and thus also disabled.
+ *
* @author Daniel DeGroff
*/
-export interface SecureGeneratorConfiguration {
- length?: number;
- type?: SecureGeneratorType;
+export interface Enableable {
+ enabled?: boolean;
+}
+
+export interface EmailTemplateErrors {
+ parseErrors?: Record;
+ renderErrors?: Record;
}
/**
- * Webhook API request object.
+ * Base class for all FusionAuth events.
*
* @author Brian Pontarelli
*/
-export interface WebhookRequest {
- webhook?: Webhook;
+export interface BaseEvent {
+ createInstant?: number;
+ id?: UUID;
+ info?: EventInfo;
+ tenantId?: UUID;
+ type?: EventType;
}
/**
- * The Application Scope API request object.
+ * Controls the policy for requesting user permission to grant access to requested scopes during an OAuth workflow
+ * for a third-party application.
*
* @author Spencer Witt
*/
-export interface ApplicationOAuthScopeRequest {
- scope?: ApplicationOAuthScope;
+export enum OAuthScopeConsentMode {
+ AlwaysPrompt = "AlwaysPrompt",
+ RememberDecision = "RememberDecision",
+ NeverPrompt = "NeverPrompt"
}
/**
- * Models the User Created Event.
- *
- * This is different than the user.create event in that it will be sent after the user has been created. This event cannot be made transactional.
+ * Models the User Identity Provider Link Event.
*
- * @author Daniel DeGroff
+ * @author Rob Davis
*/
-export interface UserCreateCompleteEvent extends BaseUserEvent {
+export interface UserIdentityProviderLinkEvent extends BaseUserEvent {
+ identityProviderLink?: IdentityProviderLink;
}
/**
- * Models the User Password Reset Start Event.
+ * Location information. Useful for IP addresses and other displayable data objects.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface UserPasswordResetStartEvent extends BaseUserEvent {
+export interface Location {
+ city?: string;
+ country?: string;
+ displayString?: string;
+ latitude?: number;
+ longitude?: number;
+ region?: string;
+ zipcode?: string;
}
/**
- * Webhook event log search response.
+ * Base class for all {@link User}-related events.
*
* @author Spencer Witt
*/
-export interface WebhookEventLogSearchResponse {
- total?: number;
- webhookEventLogs?: Array;
+export interface BaseUserEvent extends BaseEvent {
+ user?: User;
}
/**
- * A JavaScript lambda function that is executed during certain events inside FusionAuth.
+ * A grant for an entity to a user or another entity.
*
* @author Brian Pontarelli
*/
-export interface Lambda {
- body?: string;
- debug?: boolean;
- engineType?: LambdaEngineType;
+export interface EntityGrant {
+ data?: Record;
+ entity?: Entity;
id?: UUID;
insertInstant?: number;
lastUpdateInstant?: number;
- name?: string;
- type?: LambdaType;
+ permissions?: Array;
+ recipientEntityId?: UUID;
+ userId?: UUID;
}
-/**
- * @author Daniel DeGroff
- */
-export interface HYPRApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- relyingPartyApplicationId?: string;
- relyingPartyURL?: string;
+export interface TenantOAuth2Configuration {
+ clientCredentialsAccessTokenPopulateLambdaId?: UUID;
}
/**
- * @author Daniel DeGroff
+ * Request for managing FusionAuth Reactor and licenses.
+ *
+ * @author Brian Pontarelli
*/
-export interface FormFieldValidator extends Enableable {
- expression?: string;
+export interface ReactorRequest {
+ license?: string;
+ licenseId?: string;
}
/**
+ * Models the User Password Reset Success Event.
+ *
* @author Daniel DeGroff
*/
-export interface PasswordValidationRulesResponse {
- passwordValidationRules?: PasswordValidationRules;
+export interface UserPasswordResetSuccessEvent extends BaseUserEvent {
}
-/**
- * @author Brian Pontarelli
- */
-export interface EventConfiguration {
- events?: Record;
-}
-
-export interface EventConfigurationData extends Enableable {
- transactionType?: TransactionType;
+export interface AuthenticationTokenConfiguration extends Enableable {
}
/**
- * Models the User Deactivate Event.
+ * Controls the policy for whether OAuth workflows will more strictly adhere to the OAuth and OIDC specification
+ * or run in backwards compatibility mode.
*
- * @author Brian Pontarelli
+ * @author David Charles
*/
-export interface UserDeactivateEvent extends BaseUserEvent {
+export enum OAuthScopeHandlingPolicy {
+ Compatibility = "Compatibility",
+ Strict = "Strict"
}
/**
- * Models the User Update Registration Event.
+ * Models the User Created Registration Event.
+ *
+ * This is different than the user.registration.create event in that it will be sent after the user has been created. This event cannot be made
+ * transactional.
*
* @author Daniel DeGroff
*/
-export interface UserRegistrationUpdateEvent extends BaseUserEvent {
+export interface UserRegistrationCreateCompleteEvent extends BaseUserEvent {
applicationId?: UUID;
- original?: UserRegistration;
registration?: UserRegistration;
}
/**
- * Search request for entities
+ * The response from the total report. This report stores the total numbers for each application.
*
- * @author Brett Guy
+ * @author Brian Pontarelli
*/
-export interface EntitySearchRequest {
- search?: EntitySearchCriteria;
+export interface TotalsReportResponse {
+ applicationTotals?: Record;
+ globalRegistrations?: number;
+ totalGlobalRegistrations?: number;
}
/**
- * The user action request object.
+ * A JavaScript lambda function that is executed during certain events inside FusionAuth.
*
* @author Brian Pontarelli
*/
-export interface ActionRequest extends BaseEventRequest {
- action?: ActionData;
- broadcast?: boolean;
-}
-
-export interface ActionData {
- actioneeUserId?: UUID;
- actionerUserId?: UUID;
- applicationIds?: Array;
- comment?: string;
- emailUser?: boolean;
- expiry?: number;
- notifyUser?: boolean;
- option?: string;
- reasonId?: UUID;
- userActionId?: UUID;
+export interface Lambda {
+ body?: string;
+ debug?: boolean;
+ engineType?: LambdaEngineType;
+ id?: UUID;
+ insertInstant?: number;
+ lastUpdateInstant?: number;
+ name?: string;
+ type?: LambdaType;
}
/**
- * The Integration Response
- *
- * @author Daniel DeGroff
+ * @author Lyle Schemmerling
*/
-export interface IntegrationResponse {
- integrations?: Integrations;
+export interface SAMLv2DestinationAssertionConfiguration {
+ alternates?: Array;
+ policy?: SAMLv2DestinationAssertionPolicy;
}
/**
- * Models the User Password Update Event.
+ * A policy to configure if and when the user-action is canceled prior to the expiration of the action.
*
* @author Daniel DeGroff
*/
-export interface UserPasswordUpdateEvent extends BaseUserEvent {
+export interface FailedAuthenticationActionCancelPolicy {
+ onPasswordReset?: boolean;
}
/**
- * Models the Group Create Event.
+ * Steam gaming login provider.
*
- * @author Daniel DeGroff
- */
-export interface GroupCreateEvent extends BaseGroupEvent {
-}
-
-/**
- * @author Daniel DeGroff
+ * @author Brett Pontarelli
*/
-export interface IdentityProviderResponse {
- identityProvider?: BaseIdentityProvider;
- identityProviders?: Array>;
+export interface SteamIdentityProvider extends BaseIdentityProvider {
+ apiMode?: SteamAPIMode;
+ buttonText?: string;
+ client_id?: string;
+ scope?: string;
+ webAPIKey?: string;
}
/**
- * Something that can be enabled and thus also disabled.
- *
* @author Daniel DeGroff
*/
-export interface Enableable {
- enabled?: boolean;
+export interface BreachedPasswordTenantMetric {
+ actionRequired?: number;
+ matchedCommonPasswordCount?: number;
+ matchedExactCount?: number;
+ matchedPasswordCount?: number;
+ matchedSubAddressCount?: number;
+ passwordsCheckedCount?: number;
}
/**
- * Models the Group Member Add Event.
+ * Response for the daily active user report.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface GroupMemberAddEvent extends BaseGroupEvent {
- members?: Array;
+export interface DailyActiveUserReportResponse {
+ dailyActiveUsers?: Array;
+ total?: number;
}
/**
- * The public Status API response
- *
* @author Daniel DeGroff
*/
-export interface StatusResponse extends Record {
+export interface TwitterApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
+ buttonText?: string;
+ consumerKey?: string;
+ consumerSecret?: string;
}
/**
- * Models the User Password Reset Success Event.
- *
- * @author Daniel DeGroff
+ * @author Trevor Smith
*/
-export interface UserPasswordResetSuccessEvent extends BaseUserEvent {
+export interface ConnectorPolicy {
+ connectorId?: UUID;
+ data?: Record;
+ domains?: Array;
+ migrate?: boolean;
}
/**
* @author Daniel DeGroff
*/
-export enum RefreshTokenExpirationPolicy {
- Fixed = "Fixed",
- SlidingWindow = "SlidingWindow",
- SlidingWindowWithMaximumLifetime = "SlidingWindowWithMaximumLifetime"
+export enum HTTPMethod {
+ GET = "GET",
+ POST = "POST",
+ PUT = "PUT",
+ DELETE = "DELETE",
+ HEAD = "HEAD",
+ OPTIONS = "OPTIONS",
+ PATCH = "PATCH"
}
/**
* @author Brett Guy
*/
-export interface KafkaMessengerConfiguration extends BaseMessengerConfiguration {
- defaultTopic?: string;
- producer?: Record;
+export interface IPAccessControlListRequest {
+ ipAccessControlList?: IPAccessControlList;
}
/**
- * Models the User Password Breach Event.
+ * Search request for entities
*
- * @author Matthew Altman
+ * @author Brett Guy
*/
-export interface UserPasswordBreachEvent extends BaseUserEvent {
+export interface EntitySearchResponse {
+ entities?: Array;
+ nextResults?: string;
+ total?: number;
}
/**
- * The use type of a key.
+ * Search API request.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export enum KeyUse {
- SignOnly = "SignOnly",
- SignAndVerify = "SignAndVerify",
- VerifyOnly = "VerifyOnly"
+export interface SearchRequest extends ExpandableRequest {
+ search?: UserSearchCriteria;
}
-/**
- * @author Daniel DeGroff
- */
-export interface ApplicationWebAuthnWorkflowConfiguration extends Enableable {
+export enum ThemeType {
+ advanced = "advanced",
+ simple = "simple"
}
/**
- * Models an entity type that has a specific set of permissions. These are global objects and can be used across tenants.
+ * Response for the user login report.
*
- * @author Brian Pontarelli
- */
-export interface EntityType {
- data?: Record;
- id?: UUID;
- insertInstant?: number;
- jwtConfiguration?: EntityJWTConfiguration;
- lastUpdateInstant?: number;
- name?: string;
- permissions?: Array;
-}
-
-/**
- * JWT Configuration for entities.
+ * @author Seth Musselman
*/
-export interface EntityJWTConfiguration extends Enableable {
- accessTokenKeyId?: UUID;
- timeToLiveInSeconds?: number;
+export interface RecentLoginResponse {
+ logins?: Array;
}
/**
- * Models the Group Member Update Complete Event.
+ * Supply information on credential type and algorithm to the authenticator.
*
- * @author Daniel DeGroff
+ * @author Spencer Witt
*/
-export interface GroupMemberUpdateCompleteEvent extends BaseGroupEvent {
- members?: Array;
+export interface PublicKeyCredentialParameters {
+ alg?: CoseAlgorithmIdentifier;
+ type?: PublicKeyCredentialType;
}
/**
@@ -7348,680 +7522,637 @@ export interface ConsentSearchCriteria extends BaseSearchCriteria {
}
/**
- * A policy for deleting Users based upon some external criteria.
+ * The possible result states of a webhook event. This tracks the success of the overall webhook transaction according to the {@link TransactionType}
+ * and configured webhooks.
*
- * @author Trevor Smith
+ * @author Spencer Witt
*/
-export interface TimeBasedDeletePolicy extends Enableable {
- enabledInstant?: number;
- numberOfDaysToRetain?: number;
+export enum WebhookEventResult {
+ Failed = "Failed",
+ Running = "Running",
+ Succeeded = "Succeeded"
}
/**
- * Raw login information for each time a user logs into an application.
+ * Password Encryption Scheme Configuration
*
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface RawLogin {
- applicationId?: UUID;
- instant?: number;
- ipAddress?: string;
- userId?: UUID;
+export interface PasswordEncryptionConfiguration {
+ encryptionScheme?: string;
+ encryptionSchemeFactor?: number;
+ modifyEncryptionSchemeOnLogin?: boolean;
}
-/**
- * @author Daniel DeGroff
- */
-export enum BreachedPasswordStatus {
- None = "None",
- ExactMatch = "ExactMatch",
- SubAddressMatch = "SubAddressMatch",
- PasswordOnly = "PasswordOnly",
- CommonPassword = "CommonPassword"
+export interface SAMLv2Logout {
+ behavior?: SAMLLogoutBehavior;
+ defaultVerificationKeyId?: UUID;
+ keyId?: UUID;
+ requireSignedRequests?: boolean;
+ singleLogout?: SAMLv2SingleLogout;
+ xmlSignatureC14nMethod?: CanonicalizationMethod;
}
/**
- * Base class for all FusionAuth events.
+ * Response for the login report.
*
* @author Brian Pontarelli
*/
-export interface BaseEvent {
- createInstant?: number;
- id?: UUID;
- info?: EventInfo;
- tenantId?: UUID;
- type?: EventType;
-}
+export interface LoginReportResponse {
+ hourlyCounts?: Array;
+ total?: number;
+}
/**
- * @author Daniel DeGroff
+ * A User's WebAuthnCredential. Contains all data required to complete WebAuthn authentication ceremonies.
+ *
+ * @author Spencer Witt
*/
-export interface SystemTrustedProxyConfiguration {
- trusted?: Array;
- trustPolicy?: SystemTrustedProxyConfigurationPolicy;
+export interface WebAuthnCredential {
+ algorithm?: CoseAlgorithmIdentifier;
+ attestationType?: AttestationType;
+ authenticatorSupportsUserVerification?: boolean;
+ credentialId?: string;
+ data?: Record;
+ discoverable?: boolean;
+ displayName?: string;
+ id?: UUID;
+ insertInstant?: number;
+ lastUseInstant?: number;
+ name?: string;
+ publicKey?: string;
+ relyingPartyId?: string;
+ signCount?: number;
+ tenantId?: UUID;
+ transports?: Array;
+ userAgent?: string;
+ userId?: UUID;
}
/**
- * Authentication key response object.
+ * Search criteria for Identity Providers.
*
- * @author Sanjay
+ * @author Spencer Witt
*/
-export interface APIKeyResponse {
- apiKey?: APIKey;
+export interface IdentityProviderSearchCriteria extends BaseSearchCriteria {
+ applicationId?: UUID;
+ name?: string;
+ type?: IdentityProviderType;
}
/**
+ * Models the JWT Refresh Event. This event will be fired when a JWT is "refreshed" (generated) using a Refresh Token.
+ *
* @author Daniel DeGroff
*/
-export interface LoginRecordExportRequest extends BaseExportRequest {
- criteria?: LoginRecordSearchCriteria;
+export interface JWTRefreshEvent extends BaseEvent {
+ applicationId?: UUID;
+ original?: string;
+ refreshToken?: string;
+ token?: string;
+ userId?: UUID;
}
-/**
- * Search criteria for the webhook event log.
- *
- * @author Spencer Witt
- */
-export interface WebhookEventLogSearchCriteria extends BaseSearchCriteria {
- end?: number;
- event?: string;
- eventResult?: WebhookEventResult;
- eventType?: EventType;
- start?: number;
+export interface UsernameModeration extends Enableable {
+ applicationId?: UUID;
+}
+
+export enum OAuthErrorType {
+ invalid_request = "invalid_request",
+ invalid_client = "invalid_client",
+ invalid_grant = "invalid_grant",
+ invalid_token = "invalid_token",
+ unauthorized_client = "unauthorized_client",
+ invalid_scope = "invalid_scope",
+ server_error = "server_error",
+ unsupported_grant_type = "unsupported_grant_type",
+ unsupported_response_type = "unsupported_response_type",
+ access_denied = "access_denied",
+ change_password_required = "change_password_required",
+ not_licensed = "not_licensed",
+ two_factor_required = "two_factor_required",
+ authorization_pending = "authorization_pending",
+ expired_token = "expired_token",
+ unsupported_token_type = "unsupported_token_type"
}
/**
- * Application-level configuration for WebAuthn
+ * Models the Group Member Remove Event.
*
* @author Daniel DeGroff
*/
-export interface ApplicationWebAuthnConfiguration extends Enableable {
- bootstrapWorkflow?: ApplicationWebAuthnWorkflowConfiguration;
- reauthenticationWorkflow?: ApplicationWebAuthnWorkflowConfiguration;
+export interface GroupMemberRemoveEvent extends BaseGroupEvent {
+ members?: Array;
}
/**
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface VerifyEmailRequest extends BaseEventRequest {
- oneTimeCode?: string;
- userId?: UUID;
- verificationId?: string;
+export interface TwoFactorRequest extends BaseEventRequest {
+ applicationId?: UUID;
+ authenticatorId?: string;
+ code?: string;
+ email?: string;
+ method?: string;
+ mobilePhone?: string;
+ secret?: string;
+ secretBase32Encoded?: string;
+ twoFactorId?: string;
}
/**
- * @author Daniel DeGroff
+ * Policy for handling unknown OAuth scopes in the request
+ *
+ * @author Spencer Witt
*/
-export interface SecureIdentity {
- breachedPasswordLastCheckedInstant?: number;
- breachedPasswordStatus?: BreachedPasswordStatus;
- connectorId?: UUID;
- encryptionScheme?: string;
- factor?: number;
- id?: UUID;
- lastLoginInstant?: number;
- password?: string;
- passwordChangeReason?: ChangePasswordReason;
- passwordChangeRequired?: boolean;
- passwordLastUpdateInstant?: number;
- salt?: string;
- uniqueUsername?: string;
- username?: string;
- usernameStatus?: ContentStatus;
- verified?: boolean;
- verifiedInstant?: number;
+export enum UnknownScopePolicy {
+ Allow = "Allow",
+ Remove = "Remove",
+ Reject = "Reject"
}
/**
- * @author Daniel DeGroff
+ * @author Brett Guy
*/
-export enum FormControl {
- checkbox = "checkbox",
- number = "number",
- password = "password",
- radio = "radio",
- select = "select",
- textarea = "textarea",
- text = "text"
+export interface IPAccessControlListSearchCriteria extends BaseSearchCriteria {
+ name?: string;
}
/**
- * A raw login record response
+ * User Action API response object.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface LoginRecordSearchResponse {
- logins?: Array;
- total?: number;
+export interface UserActionResponse {
+ userAction?: UserAction;
+ userActions?: Array;
}
/**
- * Response for the registration report.
+ * Models the Group Created Event.
*
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface RegistrationReportResponse {
- hourlyCounts?: Array;
- total?: number;
+export interface GroupCreateCompleteEvent extends BaseGroupEvent {
}
/**
- * Forgot password response object.
+ * Authorization Grant types as defined by the The OAuth 2.0 Authorization
+ * Framework - RFC 6749.
+ *
+ * Specific names as defined by
+ * OAuth 2.0 Dynamic Client Registration Protocol - RFC 7591 Section 4.1
*
* @author Daniel DeGroff
*/
-export interface ForgotPasswordResponse {
- changePasswordId?: string;
+export enum GrantType {
+ authorization_code = "authorization_code",
+ implicit = "implicit",
+ password = "password",
+ client_credentials = "client_credentials",
+ refresh_token = "refresh_token",
+ unknown = "unknown",
+ device_code = "urn:ietf:params:oauth:grant-type:device_code"
}
/**
- * Models a User consent.
+ * User API bulk response object.
*
- * @author Daniel DeGroff
+ * @author Trevor Smith
*/
-export interface UserConsent {
- consent?: Consent;
- consentId?: UUID;
+export interface UserDeleteResponse {
+ dryRun?: boolean;
+ hardDelete?: boolean;
+ total?: number;
+ userIds?: Array;
+}
+
+/**
+ * @author Brett Guy
+ */
+export interface IPAccessControlList {
data?: Record;
- giverUserId?: UUID;
+ entries?: Array;
id?: UUID;
insertInstant?: number;
lastUpdateInstant?: number;
- status?: ConsentStatus;
- userId?: UUID;
- values?: Array;
+ name?: string;
+}
+
+export interface MultiFactorEmailMethod extends Enableable {
+ templateId?: UUID;
}
/**
- * Twitch gaming login provider.
+ * A historical state of a user log event. Since events can be modified, this stores the historical state.
*
- * @author Brett Pontarelli
+ * @author Brian Pontarelli
*/
-export interface TwitchIdentityProvider extends BaseIdentityProvider {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- scope?: string;
+export interface LogHistory {
+ historyItems?: Array;
}
/**
- * @author Daniel DeGroff
+ * Container for the event information. This is the JSON that is sent from FusionAuth to webhooks.
+ *
+ * @author Brian Pontarelli
*/
-export interface IdentityProviderStartLoginResponse {
- code?: string;
+export interface EventRequest {
+ event?: BaseEvent;
}
/**
- * Form response.
- *
* @author Daniel DeGroff
*/
-export interface FormRequest {
- form?: Form;
+export interface IdentityProviderLimitUserLinkingPolicy extends Enableable {
+ maximumLinks?: number;
}
/**
- * Tenant search response
- *
- * @author Mark Manes
+ * @author Brett Pontarelli
*/
-export interface TenantSearchResponse {
- tenants?: Array;
- total?: number;
+export enum CaptchaMethod {
+ GoogleRecaptchaV2 = "GoogleRecaptchaV2",
+ GoogleRecaptchaV3 = "GoogleRecaptchaV3",
+ HCaptcha = "HCaptcha",
+ HCaptchaEnterprise = "HCaptchaEnterprise"
}
/**
- * Key API request object.
- *
- * @author Daniel DeGroff
+ * @author Lyle Schemmerling
*/
-export interface KeyRequest {
- key?: Key;
+export enum SAMLv2DestinationAssertionPolicy {
+ Enabled = "Enabled",
+ Disabled = "Disabled",
+ AllowAlternates = "AllowAlternates"
}
/**
- * Models an event where a user is being updated and tries to use an "in-use" login Id (email or username).
+ * Search request for IP ACLs .
*
- * @author Daniel DeGroff
+ * @author Brett Guy
*/
-export interface UserLoginIdDuplicateOnUpdateEvent extends UserLoginIdDuplicateOnCreateEvent {
+export interface IPAccessControlListSearchRequest {
+ search?: IPAccessControlListSearchCriteria;
}
/**
- * Location information. Useful for IP addresses and other displayable data objects.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface Location {
- city?: string;
- country?: string;
- displayString?: string;
- latitude?: number;
- longitude?: number;
- region?: string;
- zipcode?: string;
+export enum ObjectState {
+ Active = "Active",
+ Inactive = "Inactive",
+ PendingDelete = "PendingDelete"
}
/**
- * @author Brett Guy
+ * @author Daniel DeGroff
*/
-export interface IPAccessControlListRequest {
- ipAccessControlList?: IPAccessControlList;
+export interface SystemLogsExportRequest extends BaseExportRequest {
+ includeArchived?: boolean;
+ lastNBytes?: number;
}
/**
- * Controls the policy for whether OAuth workflows will more strictly adhere to the OAuth and OIDC specification
- * or run in backwards compatibility mode.
+ * Search criteria for the webhook event log.
*
- * @author David Charles
+ * @author Spencer Witt
*/
-export enum OAuthScopeHandlingPolicy {
- Compatibility = "Compatibility",
- Strict = "Strict"
+export interface WebhookEventLogSearchCriteria extends BaseSearchCriteria {
+ end?: number;
+ event?: string;
+ eventResult?: WebhookEventResult;
+ eventType?: EventType;
+ start?: number;
}
/**
- * Import request.
+ * Request for the Logout API that can be used as an alternative to URL parameters.
*
* @author Brian Pontarelli
*/
-export interface ImportRequest extends BaseEventRequest {
- encryptionScheme?: string;
- factor?: number;
- users?: Array;
- validateDbConstraints?: boolean;
+export interface LogoutRequest extends BaseEventRequest {
+ global?: boolean;
+ refreshToken?: string;
}
/**
- * Models an event where a user's email is updated outside of a forgot / change password workflow.
+ * Event log response.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface UserEmailUpdateEvent extends BaseUserEvent {
- previousEmail?: string;
+export interface EventLogSearchResponse {
+ eventLogs?: Array;
+ total?: number;
}
/**
- * @author Lyle Schemmerling
+ * @author Daniel DeGroff
*/
-export interface SAMLv2DestinationAssertionConfiguration {
- alternates?: Array;
- policy?: SAMLv2DestinationAssertionPolicy;
+export interface EmailHeader {
+ name?: string;
+ value?: string;
}
/**
- * The possible states of an individual webhook attempt to a single endpoint.
+ * Helper interface that indicates an identity provider can be federated to using the HTTP POST method.
*
- * @author Spencer Witt
+ * @author Brian Pontarelli
*/
-export enum WebhookAttemptResult {
- Success = "Success",
- Failure = "Failure",
- Unknown = "Unknown"
+export interface SupportsPostBindings {
}
/**
- * Models the User Login Success Event.
+ * An expandable API response.
*
* @author Daniel DeGroff
*/
-export interface UserLoginSuccessEvent extends BaseUserEvent {
- applicationId?: UUID;
- authenticationType?: string;
- connectorId?: UUID;
- identityProviderId?: UUID;
- identityProviderName?: string;
- ipAddress?: string;
+export interface ExpandableResponse {
+ expandable?: Array;
+}
+
+export interface EventLogConfiguration {
+ numberToRetain?: number;
}
/**
- * Models the User Update Registration Event.
- *
- * This is different than user.registration.update in that it is sent after this event completes, this cannot be transactional.
+ * Type for webhook headers.
*
- * @author Daniel DeGroff
+ * @author Brian Pontarelli
*/
-export interface UserRegistrationUpdateCompleteEvent extends BaseUserEvent {
- applicationId?: UUID;
- original?: UserRegistration;
- registration?: UserRegistration;
+export interface HTTPHeaders extends Record {
}
/**
- * Group API response object.
- *
* @author Daniel DeGroff
*/
-export interface GroupResponse {
- group?: Group;
- groups?: Array;
+export interface Form {
+ data?: Record;
+ id?: UUID;
+ insertInstant?: number;
+ lastUpdateInstant?: number;
+ name?: string;
+ steps?: Array;
+ type?: FormType;
}
/**
+ * Search response for Groups
+ *
* @author Daniel DeGroff
*/
-export interface GoogleApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- loginMethod?: IdentityProviderLoginMethod;
- properties?: GoogleIdentityProviderProperties;
- scope?: string;
+export interface GroupSearchResponse {
+ groups?: Array;
+ total?: number;
}
/**
- * Event Log Type
+ * API request for User consent types.
*
* @author Daniel DeGroff
*/
-export enum EventLogType {
- Information = "Information",
- Debug = "Debug",
- Error = "Error"
+export interface ConsentRequest {
+ consent?: Consent;
}
/**
- * The transaction types for Webhooks and other event systems within FusionAuth.
+ * Application search response
*
- * @author Brian Pontarelli
+ * @author Spencer Witt
*/
-export enum TransactionType {
- None = "None",
- Any = "Any",
- SimpleMajority = "SimpleMajority",
- SuperMajority = "SuperMajority",
- AbsoluteMajority = "AbsoluteMajority"
+export interface ApplicationSearchResponse extends ExpandableResponse {
+ applications?: Array;
+ total?: number;
}
/**
* @author Daniel DeGroff
*/
-export interface TenantFormConfiguration {
- adminUserFormId?: UUID;
+export interface PasswordlessStartResponse {
+ code?: string;
}
/**
- * Facebook social login provider.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface FacebookIdentityProvider extends BaseIdentityProvider {
- appId?: string;
- buttonText?: string;
- client_secret?: string;
- fields?: string;
- loginMethod?: IdentityProviderLoginMethod;
- permissions?: string;
+export interface IssueResponse {
+ refreshToken?: string;
+ token?: string;
}
-/**
- * Request for the system configuration API.
- *
- * @author Brian Pontarelli
- */
-export interface SystemConfigurationRequest {
- systemConfiguration?: SystemConfiguration;
+export interface MultiFactorAuthenticatorMethod extends Enableable {
+ algorithm?: TOTPAlgorithm;
+ codeLength?: number;
+ timeStep?: number;
}
/**
- * Email template search response
+ * Request for the Tenant API to delete a tenant rather than using the URL parameters.
*
- * @author Mark Manes
+ * @author Brian Pontarelli
*/
-export interface EmailTemplateSearchResponse {
- emailTemplates?: Array;
- total?: number;
+export interface TenantDeleteRequest extends BaseEventRequest {
+ async?: boolean;
}
/**
- * @author Daniel DeGroff
+ * @author Brett Pontarelli
*/
-export interface EmailUnverifiedOptions {
- allowEmailChangeWhenGated?: boolean;
- behavior?: UnverifiedBehavior;
+export enum AuthenticationThreats {
+ ImpossibleTravel = "ImpossibleTravel"
}
/**
- * COSE key type
+ * A marker interface indicating this event cannot be made transactional.
*
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export enum CoseKeyType {
- Reserved = "0",
- OKP = "1",
- EC2 = "2",
- RSA = "3",
- Symmetric = "4"
+export interface NonTransactionalEvent {
}
/**
- * @author Brian Pontarelli
+ * @author Michael Sleevi
*/
-export interface FamilyConfiguration extends Enableable {
- allowChildRegistrations?: boolean;
- confirmChildEmailTemplateId?: UUID;
- deleteOrphanedAccounts?: boolean;
- deleteOrphanedAccountsDays?: number;
- familyRequestEmailTemplateId?: UUID;
- maximumChildAge?: number;
- minimumOwnerAge?: number;
- parentEmailRequired?: boolean;
- parentRegistrationEmailTemplateId?: UUID;
+export interface PreviewMessageTemplateResponse {
+ errors?: Errors;
+ message?: SMSMessage;
}
/**
- * API response for completing WebAuthn credential registration or assertion
+ * Theme API response object.
*
- * @author Spencer Witt
+ * @author Trevor Smith
*/
-export interface WebAuthnRegisterCompleteResponse {
- credential?: WebAuthnCredential;
+export interface ThemeResponse {
+ theme?: Theme;
+ themes?: Array;
}
/**
- * @author Daniel DeGroff
+ * Interface for all identity providers that are passwordless and do not accept a password.
*/
-export interface TwoFactorStatusResponse {
- trusts?: Array;
- twoFactorTrustId?: string;
-}
-
-export interface TwoFactorTrust {
- applicationId?: UUID;
- expiration?: number;
- startInstant?: number;
+export interface PasswordlessIdentityProvider {
}
/**
+ * This class is an abstraction of a simple email message.
+ *
* @author Brian Pontarelli
*/
-export interface PendingResponse {
- users?: Array;
+export interface Email {
+ attachments?: Array;
+ bcc?: Array;
+ cc?: Array;
+ from?: EmailAddress;
+ html?: string;
+ replyTo?: EmailAddress;
+ subject?: string;
+ text?: string;
+ to?: Array;
}
/**
- * Search criteria for Groups
- *
- * @author Daniel DeGroff
+ * The global view of a User. This object contains all global information about the user including birthdate, registration information
+ * preferred languages, global attributes, etc.
+ *
+ * @author Seth Musselman
*/
-export interface GroupSearchCriteria extends BaseSearchCriteria {
- name?: string;
+export interface User extends SecureIdentity {
+ active?: boolean;
+ birthDate?: string;
+ cleanSpeakId?: UUID;
+ data?: Record;
+ email?: string;
+ expiry?: number;
+ firstName?: string;
+ fullName?: string;
+ imageUrl?: string;
+ insertInstant?: number;
+ lastName?: string;
+ lastUpdateInstant?: number;
+ memberships?: Array;
+ middleName?: string;
+ mobilePhone?: string;
+ parentEmail?: string;
+ preferredLanguages?: Array;
+ registrations?: Array;
tenantId?: UUID;
+ timezone?: string;
+ twoFactor?: UserTwoFactorConfiguration;
}
/**
- * Models the User Event (and can be converted to JSON) that is used for all user modifications (create, update,
- * delete).
- *
- * This is different than user.delete because it is sent after the tx is committed, this cannot be transactional.
- *
* @author Daniel DeGroff
*/
-export interface UserDeleteCompleteEvent extends BaseUserEvent {
+export interface OAuthConfigurationResponse {
+ httpSessionMaxInactiveInterval?: number;
+ logoutURL?: string;
+ oauthConfiguration?: OAuth2Configuration;
}
/**
* @author Daniel DeGroff
*/
-export interface SortField {
- missing?: string;
- name?: string;
- order?: Sort;
-}
-
-/**
- * Request to complete the WebAuthn registration ceremony for a new credential,.
- *
- * @author Spencer Witt
- */
-export interface WebAuthnRegisterCompleteRequest {
- credential?: WebAuthnPublicKeyRegistrationRequest;
- origin?: string;
- rpId?: string;
- userId?: UUID;
+export interface LinkedInIdentityProvider extends BaseIdentityProvider {
+ buttonText?: string;
+ client_id?: string;
+ client_secret?: string;
+ scope?: string;
}
/**
- * Search criteria for Lambdas
+ * JWT Configuration. A JWT Configuration for an Application may not be active if it is using the global configuration, the configuration
+ * may be enabled = false.
*
- * @author Mark Manes
+ * @author Daniel DeGroff
*/
-export interface LambdaSearchCriteria extends BaseSearchCriteria {
- body?: string;
- name?: string;
- type?: LambdaType;
+export interface JWTConfiguration extends Enableable {
+ accessTokenKeyId?: UUID;
+ idTokenKeyId?: UUID;
+ refreshTokenExpirationPolicy?: RefreshTokenExpirationPolicy;
+ refreshTokenOneTimeUseConfiguration?: RefreshTokenOneTimeUseConfiguration;
+ refreshTokenRevocationPolicy?: RefreshTokenRevocationPolicy;
+ refreshTokenSlidingWindowConfiguration?: RefreshTokenSlidingWindowConfiguration;
+ refreshTokenTimeToLiveInMinutes?: number;
+ refreshTokenUsagePolicy?: RefreshTokenUsagePolicy;
+ timeToLiveInSeconds?: number;
}
/**
- * User API request object.
+ * Models the Group Member Update Event.
*
- * @author Brian Pontarelli
- */
-export interface UserRequest extends BaseEventRequest {
- applicationId?: UUID;
- currentPassword?: string;
- disableDomainBlock?: boolean;
- sendSetPasswordEmail?: boolean;
- skipVerification?: boolean;
- user?: User;
-}
-
-/**
* @author Daniel DeGroff
*/
-export interface TenantLoginConfiguration {
- requireAuthentication?: boolean;
+export interface GroupMemberUpdateEvent extends BaseGroupEvent {
+ members?: Array;
}
/**
- * @author Trevor Smith
+ * @author Daniel DeGroff
*/
-export interface DeviceResponse {
- device_code?: string;
- expires_in?: number;
- interval?: number;
- user_code?: string;
- verification_uri?: string;
- verification_uri_complete?: string;
+export interface BaseExportRequest {
+ dateTimeSecondsFormat?: string;
+ zoneId?: string;
}
/**
- * Request for the Logout API that can be used as an alternative to URL parameters.
+ * Models the Group Delete Event.
*
- * @author Brian Pontarelli
- */
-export interface LogoutRequest extends BaseEventRequest {
- global?: boolean;
- refreshToken?: string;
-}
-
-/**
* @author Daniel DeGroff
*/
-export interface VerifyRegistrationRequest extends BaseEventRequest {
- oneTimeCode?: string;
- verificationId?: string;
+export interface GroupDeleteEvent extends BaseGroupEvent {
}
-export enum ThemeType {
- advanced = "advanced",
- simple = "simple"
+// Do not require a setter for 'type', it is defined by the concrete class and is not mutable
+export interface BaseMessengerConfiguration {
+ data?: Record;
+ debug?: boolean;
+ id?: UUID;
+ insertInstant?: number;
+ lastUpdateInstant?: number;
+ name?: string;
+ transport?: string;
+ type?: MessengerType;
}
/**
* @author Daniel DeGroff
*/
-export interface TenantRateLimitConfiguration {
- failedLogin?: RateLimitedRequestConfiguration;
- forgotPassword?: RateLimitedRequestConfiguration;
- sendEmailVerification?: RateLimitedRequestConfiguration;
- sendPasswordless?: RateLimitedRequestConfiguration;
- sendRegistrationVerification?: RateLimitedRequestConfiguration;
- sendTwoFactor?: RateLimitedRequestConfiguration;
+export interface RateLimitedRequestConfiguration extends Enableable {
+ limit?: number;
+ timePeriodInSeconds?: number;
}
/**
- * @author Daniel DeGroff
+ * User comment search response
+ *
+ * @author Spencer Witt
*/
-export interface Tenant {
- accessControlConfiguration?: TenantAccessControlConfiguration;
- captchaConfiguration?: TenantCaptchaConfiguration;
- configured?: boolean;
- connectorPolicies?: Array;
- data?: Record;
- emailConfiguration?: EmailConfiguration;
- eventConfiguration?: EventConfiguration;
- externalIdentifierConfiguration?: ExternalIdentifierConfiguration;
- failedAuthenticationConfiguration?: FailedAuthenticationConfiguration;
- familyConfiguration?: FamilyConfiguration;
- formConfiguration?: TenantFormConfiguration;
- httpSessionMaxInactiveInterval?: number;
- id?: UUID;
- insertInstant?: number;
- issuer?: string;
- jwtConfiguration?: JWTConfiguration;
- lambdaConfiguration?: TenantLambdaConfiguration;
- lastUpdateInstant?: number;
- loginConfiguration?: TenantLoginConfiguration;
- logoutURL?: string;
- maximumPasswordAge?: MaximumPasswordAge;
- minimumPasswordAge?: MinimumPasswordAge;
- multiFactorConfiguration?: TenantMultiFactorConfiguration;
- name?: string;
- oauthConfiguration?: TenantOAuth2Configuration;
- passwordEncryptionConfiguration?: PasswordEncryptionConfiguration;
- passwordValidationRules?: PasswordValidationRules;
- rateLimitConfiguration?: TenantRateLimitConfiguration;
- registrationConfiguration?: TenantRegistrationConfiguration;
- scimServerConfiguration?: TenantSCIMServerConfiguration;
- ssoConfiguration?: TenantSSOConfiguration;
- state?: ObjectState;
- themeId?: UUID;
- userDeletePolicy?: TenantUserDeletePolicy;
- usernameConfiguration?: TenantUsernameConfiguration;
- webAuthnConfiguration?: TenantWebAuthnConfiguration;
-}
-
-export interface TenantOAuth2Configuration {
- clientCredentialsAccessTokenPopulateLambdaId?: UUID;
+export interface UserCommentSearchResponse {
+ total?: number;
+ userComments?: Array;
}
/**
- * Models the Group Member Add Complete Event.
- *
* @author Daniel DeGroff
*/
-export interface GroupMemberAddCompleteEvent extends BaseGroupEvent {
- members?: Array;
+export enum MultiFactorLoginPolicy {
+ Disabled = "Disabled",
+ Enabled = "Enabled",
+ Required = "Required"
+}
+
+export enum SAMLLogoutBehavior {
+ AllParticipants = "AllParticipants",
+ OnlyOriginator = "OnlyOriginator"
}
/**
- * Request for the Tenant API to delete a tenant rather than using the URL parameters.
+ * Models the User Password Breach Event.
*
- * @author Brian Pontarelli
+ * @author Matthew Altman
*/
-export interface TenantDeleteRequest extends BaseEventRequest {
- async?: boolean;
+export interface UserPasswordBreachEvent extends BaseUserEvent {
}
/**
@@ -8035,76 +8166,116 @@ export enum ConnectorType {
LDAP = "LDAP"
}
-/**
- * Models the User Login event for a new device (un-recognized)
- *
- * @author Daniel DeGroff
- */
-export interface UserLoginNewDeviceEvent extends UserLoginSuccessEvent {
+export interface MetaData {
+ data?: Record;
+ device?: DeviceInfo;
+ scopes?: Array;
}
/**
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export interface TenantWebAuthnWorkflowConfiguration extends Enableable {
- authenticatorAttachmentPreference?: AuthenticatorAttachmentPreference;
- userVerificationRequirement?: UserVerificationRequirement;
+export interface VerifyRegistrationRequest extends BaseEventRequest {
+ oneTimeCode?: string;
+ verificationId?: string;
}
/**
- * Xbox gaming login provider.
+ * Search request for Themes.
*
- * @author Brett Pontarelli
- */
-export interface XboxIdentityProvider extends BaseIdentityProvider {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- scope?: string;
-}
-
-/**
- * @author Daniel DeGroff
+ * @author Mark Manes
*/
-export interface TwitterApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- buttonText?: string;
- consumerKey?: string;
- consumerSecret?: string;
+export interface ThemeSearchRequest {
+ search?: ThemeSearchCriteria;
}
/**
- * @author Trevor Smith
+ * @author Brian Pontarelli
*/
-export interface ConnectorRequest {
- connector?: BaseConnectorConfiguration;
-}
-
+export interface EmailConfiguration {
+ additionalHeaders?: Array;
+ debug?: boolean;
+ defaultFromEmail?: string;
+ defaultFromName?: string;
+ emailUpdateEmailTemplateId?: UUID;
+ emailVerifiedEmailTemplateId?: UUID;
+ forgotPasswordEmailTemplateId?: UUID;
+ host?: string;
+ implicitEmailVerificationAllowed?: boolean;
+ loginIdInUseOnCreateEmailTemplateId?: UUID;
+ loginIdInUseOnUpdateEmailTemplateId?: UUID;
+ loginNewDeviceEmailTemplateId?: UUID;
+ loginSuspiciousEmailTemplateId?: UUID;
+ password?: string;
+ passwordlessEmailTemplateId?: UUID;
+ passwordResetSuccessEmailTemplateId?: UUID;
+ passwordUpdateEmailTemplateId?: UUID;
+ port?: number;
+ properties?: string;
+ security?: EmailSecurityType;
+ setPasswordEmailTemplateId?: UUID;
+ twoFactorMethodAddEmailTemplateId?: UUID;
+ twoFactorMethodRemoveEmailTemplateId?: UUID;
+ unverified?: EmailUnverifiedOptions;
+ username?: string;
+ verificationEmailTemplateId?: UUID;
+ verificationStrategy?: VerificationStrategy;
+ verifyEmail?: boolean;
+ verifyEmailWhenChanged?: boolean;
+}
+
/**
- * External JWT-only identity provider.
+ * @author Daniel DeGroff
+ */
+export interface ReloadRequest {
+ names?: Array;
+}
+
+/**
+ * @author Trevor Smith
+ */
+export interface CORSConfiguration extends Enableable {
+ allowCredentials?: boolean;
+ allowedHeaders?: Array;
+ allowedMethods?: Array;
+ allowedOrigins?: Array;
+ debug?: boolean;
+ exposedHeaders?: Array;
+ preflightMaxAgeInSeconds?: number;
+}
+
+/**
+ * Audit log response.
*
- * @author Daniel DeGroff and Brian Pontarelli
+ * @author Brian Pontarelli
*/
-export interface ExternalJWTIdentityProvider extends BaseIdentityProvider {
- claimMap?: Record;
- defaultKeyId?: UUID;
- domains?: Array;
- headerKeyParameter?: string;
- oauth2?: IdentityProviderOauth2Configuration;
- uniqueIdentityClaim?: string;
+export interface AuditLogResponse {
+ auditLog?: AuditLog;
}
/**
- * Request to register a new public key with WebAuthn
+ * Models a generic connector.
*
- * @author Spencer Witt
+ * @author Trevor Smith
*/
-export interface WebAuthnPublicKeyRegistrationRequest {
- clientExtensionResults?: WebAuthnExtensionsClientOutputs;
- id?: string;
- response?: WebAuthnAuthenticatorRegistrationResponse;
- rpId?: string;
- transports?: Array;
- type?: string;
+export interface GenericConnectorConfiguration extends BaseConnectorConfiguration {
+ authenticationURL?: string;
+ connectTimeout?: number;
+ headers?: HTTPHeaders;
+ httpAuthenticationPassword?: string;
+ httpAuthenticationUsername?: string;
+ readTimeout?: number;
+ sslCertificateKeyId?: UUID;
+}
+
+/**
+ * @author Brett Pontarelli
+ */
+export interface TwitchApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
+ buttonText?: string;
+ client_id?: string;
+ client_secret?: string;
+ scope?: string;
}
/**
@@ -8118,68 +8289,82 @@ export interface WebhookSearchResponse {
}
/**
- * Response for the login report.
+ * Model a user event when a two-factor method has been removed.
*
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface LoginReportResponse {
- hourlyCounts?: Array;
- total?: number;
+export interface UserTwoFactorMethodAddEvent extends BaseUserEvent {
+ method?: TwoFactorMethod;
}
/**
- * @author Daniel DeGroff
+ * Stores an email template used to send emails to users.
+ *
+ * @author Brian Pontarelli
*/
-export interface RefreshResponse {
+export interface EmailTemplate {
+ defaultFromName?: string;
+ defaultHtmlTemplate?: string;
+ defaultSubject?: string;
+ defaultTextTemplate?: string;
+ fromEmail?: string;
+ id?: UUID;
+ insertInstant?: number;
+ lastUpdateInstant?: number;
+ localizedFromNames?: LocalizedStrings;
+ localizedHtmlTemplates?: LocalizedStrings;
+ localizedSubjects?: LocalizedStrings;
+ localizedTextTemplates?: LocalizedStrings;
+ name?: string;
}
/**
- * Group Member Delete Request
- *
* @author Daniel DeGroff
*/
-export interface MemberDeleteRequest {
- memberIds?: Array;
- members?: Record>;
+export interface UserTwoFactorConfiguration {
+ methods?: Array;
+ recoveryCodes?: Array;
}
/**
- * A historical state of a user log event. Since events can be modified, this stores the historical state.
- *
- * @author Brian Pontarelli
+ * @author Daniel DeGroff
*/
-export interface LogHistory {
- historyItems?: Array;
+export interface ExternalJWTApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
}
-export interface HistoryItem {
- actionerUserId?: UUID;
- comment?: string;
- createInstant?: number;
- expiry?: number;
+/**
+ * JWT Configuration for entities.
+ */
+export interface EntityJWTConfiguration extends Enableable {
+ accessTokenKeyId?: UUID;
+ timeToLiveInSeconds?: number;
}
/**
- * @author Brian Pontarelli
+ * @author Mikey Sleevi
*/
-export interface AuditLogRequest extends BaseEventRequest {
- auditLog?: AuditLog;
+export interface Message {
}
/**
- * @author Daniel DeGroff
+ * @author Mikey Sleevi
*/
-export interface RateLimitedRequestConfiguration extends Enableable {
- limit?: number;
- timePeriodInSeconds?: number;
+export interface TenantMultiFactorConfiguration {
+ authenticator?: MultiFactorAuthenticatorMethod;
+ email?: MultiFactorEmailMethod;
+ loginPolicy?: MultiFactorLoginPolicy;
+ sms?: MultiFactorSMSMethod;
}
/**
- * A marker interface indicating this event cannot be made transactional.
+ * Describes the authenticator attachment modality preference for a WebAuthn workflow. See {@link AuthenticatorAttachment}
*
- * @author Daniel DeGroff
+ * @author Spencer Witt
*/
-export interface NonTransactionalEvent {
+export enum AuthenticatorAttachmentPreference {
+ any = "any",
+ platform = "platform",
+ crossPlatform = "crossPlatform"
}
/**
@@ -8191,1368 +8376,1666 @@ export enum ProofKeyForCodeExchangePolicy {
NotRequiredWhenUsingClientAuthentication = "NotRequiredWhenUsingClientAuthentication"
}
+/**
+ * Request for the Refresh Token API to revoke a refresh token rather than using the URL parameters.
+ *
+ * @author Brian Pontarelli
+ */
+export interface RefreshTokenRevokeRequest extends BaseEventRequest {
+ applicationId?: UUID;
+ token?: string;
+ userId?: UUID;
+}
+
/**
* @author Daniel DeGroff
*/
-export interface TwoFactorResponse {
- code?: string;
- recoveryCodes?: Array;
+export interface TwoFactorStatusResponse {
+ trusts?: Array;
+ twoFactorTrustId?: string;
}
/**
- * Epic gaming login provider.
- *
- * @author Brett Pontarelli
+ * @author Daniel DeGroff
*/
-export interface EpicGamesIdentityProvider extends BaseIdentityProvider {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- scope?: string;
+export enum Sort {
+ asc = "asc",
+ desc = "desc"
}
-// Do not require a setter for 'type', it is defined by the concrete class and is not mutable
-export interface BaseMessengerConfiguration {
- data?: Record;
- debug?: boolean;
- id?: UUID;
- insertInstant?: number;
- lastUpdateInstant?: number;
- name?: string;
- transport?: string;
- type?: MessengerType;
+export enum LoginIdType {
+ email = "email",
+ username = "username"
}
/**
- * @author Daniel DeGroff
+ * The Application Scope API request object.
+ *
+ * @author Spencer Witt
*/
-export interface SecretResponse {
- secret?: string;
- secretBase32Encoded?: string;
+export interface ApplicationOAuthScopeRequest {
+ scope?: ApplicationOAuthScope;
}
/**
- * Search request for entities
+ * Refresh Token Import request.
*
* @author Brett Guy
*/
-export interface EntitySearchResponse {
- entities?: Array;
- nextResults?: string;
- total?: number;
+export interface RefreshTokenImportRequest {
+ refreshTokens?: Array;
+ validateDbConstraints?: boolean;
}
/**
- * @author Rob Davis
+ * @author Brett Guy
*/
-export interface TenantLambdaConfiguration {
- loginValidationId?: UUID;
- scimEnterpriseUserRequestConverterId?: UUID;
- scimEnterpriseUserResponseConverterId?: UUID;
- scimGroupRequestConverterId?: UUID;
- scimGroupResponseConverterId?: UUID;
- scimUserRequestConverterId?: UUID;
- scimUserResponseConverterId?: UUID;
+export enum IPAccessControlEntryAction {
+ Allow = "Allow",
+ Block = "Block"
}
/**
- * @author Mikey Sleevi
+ * API response for managing families and members.
+ *
+ * @author Brian Pontarelli
*/
-export enum MessageType {
- SMS = "SMS"
+export interface FamilyResponse {
+ families?: Array;
+ family?: Family;
}
/**
- * Describes the Relying Party's requirements for client-side
- * discoverable credentials (formerly known as "resident keys")
- *
- * @author Spencer Witt
+ * @author Daniel DeGroff
*/
-export enum ResidentKeyRequirement {
- discouraged = "discouraged",
- preferred = "preferred",
- required = "required"
+export interface IdentityProviderStartLoginRequest extends BaseLoginRequest {
+ data?: Record;
+ identityProviderId?: UUID;
+ loginId?: string;
+ state?: Record;
}
/**
- * @author Trevor Smith
+ * @author Daniel DeGroff
*/
-export enum ChangePasswordReason {
- Administrative = "Administrative",
- Breached = "Breached",
- Expired = "Expired",
- Validation = "Validation"
+export enum ApplicationMultiFactorTrustPolicy {
+ Any = "Any",
+ This = "This",
+ None = "None"
}
/**
- * @author Brett Guy
+ * Identity Provider response.
+ *
+ * @author Spencer Witt
*/
-export interface GenericMessengerConfiguration extends BaseMessengerConfiguration {
- connectTimeout?: number;
- headers?: HTTPHeaders;
- httpAuthenticationPassword?: string;
- httpAuthenticationUsername?: string;
- readTimeout?: number;
- sslCertificate?: string;
- url?: string;
+export interface IdentityProviderSearchResponse {
+ identityProviders?: Array>;
+ total?: number;
}
/**
- * SonyPSN gaming login provider.
+ * Webhook event log search response.
*
- * @author Brett Pontarelli
+ * @author Spencer Witt
*/
-export interface SonyPSNIdentityProvider extends BaseIdentityProvider {
- buttonText?: string;
- client_id?: string;
- client_secret?: string;
- scope?: string;
+export interface WebhookEventLogSearchResponse {
+ total?: number;
+ webhookEventLogs?: Array;
}
-/**
- * @author Brett Guy
- */
-export interface IPAccessControlEntry {
- action?: IPAccessControlEntryAction;
- endIPAddress?: string;
- startIPAddress?: string;
+export interface SAMLv2Configuration extends Enableable {
+ assertionEncryptionConfiguration?: SAMLv2AssertionEncryptionConfiguration;
+ audience?: string;
+ authorizedRedirectURLs?: Array;
+ callbackURL?: string;
+ debug?: boolean;
+ defaultVerificationKeyId?: UUID;
+ initiatedLogin?: SAMLv2IdPInitiatedLoginConfiguration;
+ issuer?: string;
+ keyId?: UUID;
+ loginHintConfiguration?: LoginHintConfiguration;
+ logout?: SAMLv2Logout;
+ logoutURL?: string;
+ requireSignedRequests?: boolean;
+ xmlSignatureC14nMethod?: CanonicalizationMethod;
+ xmlSignatureLocation?: XMLSignatureLocation;
}
/**
- * @author Brian Pontarelli
+ * Describes the authenticator attachment modality.
+ *
+ * @author Spencer Witt
*/
-export interface Count {
- count?: number;
- interval?: number;
+export enum AuthenticatorAttachment {
+ platform = "platform",
+ crossPlatform = "crossPlatform"
}
/**
- * Models an LDAP connector.
+ * The authenticator's response for the authentication ceremony in its encoded format
*
- * @author Trevor Smith
+ * @author Spencer Witt
*/
-export interface LDAPConnectorConfiguration extends BaseConnectorConfiguration {
- authenticationURL?: string;
- baseStructure?: string;
- connectTimeout?: number;
- identifyingAttribute?: string;
- lambdaConfiguration?: LambdaConfiguration;
- loginIdAttribute?: string;
- readTimeout?: number;
- requestedAttributes?: Array;
- securityMethod?: LDAPSecurityMethod;
- systemAccountDN?: string;
- systemAccountPassword?: string;
-}
-
-export enum LDAPSecurityMethod {
- None = "None",
- LDAPS = "LDAPS",
- StartTLS = "StartTLS"
+export interface WebAuthnAuthenticatorAuthenticationResponse {
+ authenticatorData?: string;
+ clientDataJSON?: string;
+ signature?: string;
+ userHandle?: string;
}
-export interface LambdaConfiguration {
- reconcileId?: UUID;
+/**
+ * Search request for Consents
+ *
+ * @author Spencer Witt
+ */
+export interface ConsentSearchRequest {
+ search?: ConsentSearchCriteria;
}
/**
- * @author Johnathon Wood
+ * XML canonicalization method enumeration. This is used for the IdP and SP side of FusionAuth SAML.
+ *
+ * @author Brian Pontarelli
*/
-export enum Oauth2AuthorizedURLValidationPolicy {
- AllowWildcards = "AllowWildcards",
- ExactMatch = "ExactMatch"
+export enum CanonicalizationMethod {
+ exclusive = "exclusive",
+ exclusive_with_comments = "exclusive_with_comments",
+ inclusive = "inclusive",
+ inclusive_with_comments = "inclusive_with_comments"
}
/**
- * @author Trevor Smith
+ * @author Daniel DeGroff
*/
-export interface CORSConfiguration extends Enableable {
- allowCredentials?: boolean;
- allowedHeaders?: Array;
- allowedMethods?: Array;
- allowedOrigins?: Array;
- debug?: boolean;
- exposedHeaders?: Array;
- preflightMaxAgeInSeconds?: number;
+export interface DeviceInfo {
+ description?: string;
+ lastAccessedAddress?: string;
+ lastAccessedInstant?: number;
+ name?: string;
+ type?: string;
}
/**
- * Describes the authenticator attachment modality.
+ * Search request for Lambdas
*
- * @author Spencer Witt
+ * @author Mark Manes
*/
-export enum AuthenticatorAttachment {
- platform = "platform",
- crossPlatform = "crossPlatform"
+export interface LambdaSearchRequest {
+ search?: LambdaSearchCriteria;
}
/**
+ * OpenID Connect Configuration as described by the OpenID
+ * Provider Metadata.
+ *
* @author Daniel DeGroff
*/
-export interface AuditLogExportRequest extends BaseExportRequest {
- criteria?: AuditLogSearchCriteria;
+export interface OpenIdConfiguration {
+ authorization_endpoint?: string;
+ backchannel_logout_supported?: boolean;
+ claims_supported?: Array;
+ device_authorization_endpoint?: string;
+ end_session_endpoint?: string;
+ frontchannel_logout_supported?: boolean;
+ grant_types_supported?: Array;
+ id_token_signing_alg_values_supported?: Array;
+ issuer?: string;
+ jwks_uri?: string;
+ response_modes_supported?: Array;
+ response_types_supported?: Array;
+ scopes_supported?: Array;
+ subject_types_supported?: Array;
+ token_endpoint?: string;
+ token_endpoint_auth_methods_supported?: Array;
+ userinfo_endpoint?: string;
+ userinfo_signing_alg_values_supported?: Array;
+}
+
+export interface APIKeyMetaData {
+ attributes?: Record;
}
/**
- * Supply additional information about the user account when creating a new credential
+ * The FormField API request object.
*
- * @author Spencer Witt
+ * @author Brett Guy
*/
-export interface PublicKeyCredentialUserEntity extends PublicKeyCredentialEntity {
- displayName?: string;
- id?: string;
+export interface FormFieldRequest {
+ field?: FormField;
+ fields?: Array;
}
/**
+ * Models the User Created Event.
+ *
+ * This is different than the user.create event in that it will be sent after the user has been created. This event cannot be made transactional.
+ *
* @author Daniel DeGroff
*/
-export interface FormStep {
- fields?: Array;
+export interface UserCreateCompleteEvent extends BaseUserEvent {
+}
+
+export interface EventConfigurationData extends Enableable {
+ transactionType?: TransactionType;
}
/**
- * Search criteria for entity types.
+ * This class is the user query. It provides a build pattern as well as public fields for use on forms and in actions.
*
* @author Brian Pontarelli
*/
-export interface EntityTypeSearchCriteria extends BaseSearchCriteria {
- name?: string;
+export interface UserSearchCriteria extends BaseElasticSearchCriteria {
+}
+
+export interface MultiFactorEmailTemplate {
+ templateId?: UUID;
}
/**
- * Search criteria for Group Members
+ * Models the User Delete Registration Event.
*
* @author Daniel DeGroff
*/
-export interface GroupMemberSearchCriteria extends BaseSearchCriteria {
- groupId?: UUID;
- tenantId?: UUID;
- userId?: UUID;
+export interface UserRegistrationDeleteEvent extends BaseUserEvent {
+ applicationId?: UUID;
+ registration?: UserRegistration;
}
/**
- * @author Brett Pontarelli
+ * User login failed reason codes.
*/
-export enum IdentityProviderLoginMethod {
- UsePopup = "UsePopup",
- UseRedirect = "UseRedirect",
- UseVendorJavaScript = "UseVendorJavaScript"
+export interface UserLoginFailedReasonCode {
}
/**
- * Search criteria for themes
+ * Webhook API response object.
*
- * @author Mark Manes
+ * @author Brian Pontarelli
*/
-export interface ThemeSearchCriteria extends BaseSearchCriteria {
- name?: string;
- type?: ThemeType;
+export interface WebhookResponse {
+ webhook?: Webhook;
+ webhooks?: Array;
}
/**
+ * A raw login record response
+ *
* @author Daniel DeGroff
*/
-export interface MinimumPasswordAge extends Enableable {
- seconds?: number;
+export interface LoginRecordSearchResponse {
+ logins?: Array;
+ total?: number;
}
/**
- * Login Ping API request object.
- *
* @author Daniel DeGroff
*/
-export interface LoginPingRequest extends BaseLoginRequest {
- userId?: UUID;
+export interface VerifyRegistrationResponse {
+ oneTimeCode?: string;
+ verificationId?: string;
}
/**
- * @author Daniel DeGroff
- */
-export interface OpenIdConnectApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
- buttonImageURL?: string;
- buttonText?: string;
+ * API request for managing families and members.
+ *
+ * @author Brian Pontarelli
+ */
+export interface FamilyRequest {
+ familyMember?: FamilyMember;
+}
+
+/**
+ * @author Daniel DeGroff
+ */
+export interface RememberPreviousPasswords extends Enableable {
+ count?: number;
+}
+
+/**
+ * @author Daniel DeGroff
+ */
+export interface MinimumPasswordAge extends Enableable {
+ seconds?: number;
+}
+
+/**
+ * @author Daniel DeGroff
+ */
+export interface EmailUnverifiedOptions {
+ allowEmailChangeWhenGated?: boolean;
+ behavior?: UnverifiedBehavior;
+}
+
+/**
+ * @author Daniel DeGroff
+ */
+export interface TwoFactorEnableDisableSendRequest {
+ email?: string;
+ method?: string;
+ methodId?: string;
+ mobilePhone?: string;
+}
+
+export interface IdentityProviderDetails {
+ applicationIds?: Array;
+ id?: UUID;
+ idpEndpoint?: string;
+ name?: string;
oauth2?: IdentityProviderOauth2Configuration;
+ type?: IdentityProviderType;
+}
+
+export interface Totals {
+ logins?: number;
+ registrations?: number;
+ totalRegistrations?: number;
+}
+
+export enum BreachMatchMode {
+ Low = "Low",
+ Medium = "Medium",
+ High = "High"
}
/**
* @author Daniel DeGroff
*/
-export interface IdentityProviderTenantConfiguration {
+export enum BreachedPasswordStatus {
+ None = "None",
+ ExactMatch = "ExactMatch",
+ SubAddressMatch = "SubAddressMatch",
+ PasswordOnly = "PasswordOnly",
+ CommonPassword = "CommonPassword"
+}
+
+/**
+ * A server where events are sent. This includes user action events and any other events sent by FusionAuth.
+ *
+ * @author Brian Pontarelli
+ */
+export interface Webhook {
+ connectTimeout?: number;
data?: Record;
- limitUserLinkCount?: IdentityProviderLimitUserLinkingPolicy;
+ description?: string;
+ eventsEnabled?: Record;
+ global?: boolean;
+ headers?: HTTPHeaders;
+ httpAuthenticationPassword?: string;
+ httpAuthenticationUsername?: string;
+ id?: UUID;
+ insertInstant?: number;
+ lastUpdateInstant?: number;
+ readTimeout?: number;
+ signatureConfiguration?: WebhookSignatureConfiguration;
+ sslCertificate?: string;
+ sslCertificateKeyId?: UUID;
+ tenantIds?: Array;
+ url?: string;
}
/**
- * API request for User consent types.
+ * Email template request.
*
+ * @author Brian Pontarelli
+ */
+export interface EmailTemplateRequest {
+ emailTemplate?: EmailTemplate;
+}
+
+/**
+ * @author Brett Pontarelli
+ */
+export interface XboxApplicationConfiguration extends BaseIdentityProviderApplicationConfiguration {
+ buttonText?: string;
+ client_id?: string;
+ client_secret?: string;
+ scope?: string;
+}
+
+/**
* @author Daniel DeGroff
*/
-export interface ConsentRequest {
- consent?: Consent;
+export interface LookupResponse {
+ identityProvider?: IdentityProviderDetails;
}
/**
- * Supply information on credential type and algorithm to the