/
EmbeddedTypes.ts
222 lines (212 loc) · 5.91 KB
/
EmbeddedTypes.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
/**
* Information associated with the current authentication request.
*
* Note that the `authUrl` field may differ from the URL passed into
* `getAuthenticationContext`. In this event, the new `authUrl` must be
* passed into `authenticate` or `authenticateOtp`, rather than the
* original URL.
*/
interface AuthenticationContext {
/**
* A URL containing the state of the current authentication transaction.
*/
authUrl: string;
/**
* The authenticating application information
*/
application: {
id: string;
displayName?: string;
};
/**
* The authenticating request origin information
*/
origin: {
sourceIp?: string;
userAgent?: string;
geolocation?: string;
referer?: string;
};
}
/**
* A response returned after successfully authenticating.
*/
interface AuthenticateResponse {
/**
* The redirect URL that originates from the /authorize call's `redirect_uri` parameter.
* The OAuth2 authorization `code` and the `state` parameter of the /authorize call are attached with the "code" and "state" parameters to this URL.
*/
redirectUrl: string;
/**
* An optional displayable message defined by policy returned by the cloud on success.
*/
message?: string;
/**
* An optional one-time-token returned from successful `redeemOtp` that may be redeemed for a credential_binding_link from the /credential-binding-jobs endpoint.
*/
passkeyBindingToken?: string;
}
/**
* A response returned after successfully binding a passkey to a device.
*/
interface BindPasskeyResponse {
/**
* The passkey bound to the device.
*/
passkey: Passkey;
/**
* A URI that can be redirected to once a passkey is bound. This could be a URI that automatically logs the user in with the newly bound passkey, or a success page indicating that a passkey has been bound.
*/
postBindingRedirectUri?: string;
}
/**
* A response returned if the SDK requires an OTP.
*/
interface OtpChallengeResponse {
/**
* A URL containing the state of the current authentication transaction.
* This should be used in the next `redeemOtp` or `authenticateOtp` function.
*/
url: string;
}
/**
* A Universal Passkey is a public and private key pair. The private key is generated, stored, and never leaves the user’s devices’ hardware root of trust (i.e. Secure Enclave).
* The public key is sent to the Beyond Identity cloud. The private key cannot be tampered with, viewed, or removed from the device in which it is created unless the user explicitly indicates that the trusted device be removed.
* Passkeys are cryptographically linked to devices and an Identity. A single device can store multiple passkeys for different users and a single Identity can have multiple passkeys.
*/
interface Passkey {
/**
* The globally unique identifier of the passkey.
*/
id: string;
/**
* The time this passkey was created.
*/
created: string;
/**
* The last time this passkey was updated.
*/
updated: string;
/**
* The time when this passkey was created locally.
* This could be different from "created" which is the time when this passkey was created on the server.
*/
localCreated: string;
/**
* The last time when this passkey was updated locally.
* This could be different from "updated" which is the last time when this passkey was updated on the server.
*/
localUpdated: string;
/**
* The base URL for all binding & auth requests
*/
apiBaseUrl: string;
/**
* Associated key handle.
*/
keyHandle: string;
/**
* Current state of the passkey.
*/
state: 'Active' | 'Revoked';
/**
* Realm information associated with this passkey.
*/
realm: PasskeyRealm;
/**
* Identity information associated with this passkey.
*/
identity: PasskeyIdentity;
/**
* Tenant information associated with this passkey.
*/
tenant: PasskeyTenant;
/**
* Theme information associated with this passkey.
*/
theme: PasskeyTheme;
}
/**
* Realm information associated with a `Passkey`.
* A Realm is a unique administrative domain within a `Tenant`.
* Some Tenants will only need the use of a single Realm, in this case a Realm and a Tenant may seem synonymous.
* Each Realm contains a unique set of Directory, Policy, Event, Application, and Branding objects.
*/
interface PasskeyRealm {
/**
* The unique identifier of the realm.
*/
id: string;
/**
* The display name of the realm.
*/
displayName: string;
}
/**
* Identity information associated with a `Passkey`.
* An Identity is a unique identifier that may be used by an end-user to gain access governed by Beyond Identity.
* An Identity is created at the Realm level.
* An end-user may have multiple identities. A Realm can have many Identities.
*/
interface PasskeyIdentity {
/**
* The unique identifier of the identity..
*/
id: string;
/**
* The display name of the identity.
*/
displayName: string;
/**
* The username of the identity.
*/
username: string;
/**
* The primary email address of the identity.
*/
primaryEmailAddress?: string;
}
/**
* Tenant information associated with a `Passkey`.
* A Tenant represents an organization in the Beyond Identity Cloud and serves as a root container for all other cloud components in your configuration.
*/
interface PasskeyTenant {
/**
* The unique identifier of the tenant.
*/
id: string;
/**
* The display name of the tenant.
*/
displayName: string;
}
/**
* Theme associated with a `Passkey`.
*/
interface PasskeyTheme {
/**
* URL resolving the logo in light mode.
*/
logoLightUrl: string;
/**
* URL resolving the logo in dark mode.
*/
logoDarkUrl: string;
/**
* URL for customer support.
*/
supportUrl: string;
}
type Success = 'success';
export {
AuthenticationContext,
AuthenticateResponse,
BindPasskeyResponse,
OtpChallengeResponse,
Passkey,
PasskeyRealm,
PasskeyIdentity,
PasskeyTenant,
PasskeyTheme,
Success,
};