@toznysecure/account-sdk / Exports / Client
The client for Tozny's Account API.
This documentation is automatically generated from the code. It is currently a work in progress as we refine our type definitions & document more and more of the API.
example
const { Account } = require('@toznysecure/account-sdk')
const Tozny = require('@toznysecure/sdk/node')
const accountFactory = new Account(Tozny, TOZNY_PLATFORM_API_URL)
// must be used inside an async function for access to `await`
const account = await accountFactory.login(USERNAME, PASSWORD)
const accountClient = account.client- addBillingCoupon
- addDefaultRealmGroups
- addGroupRoleMappings
- addRolesToIdentity
- billingStatus
- changePassword
- createRealm
- createRealmApplicationRole
- createRealmGroup
- createRealmRole
- deleteIdentity
- deleteMFA
- deleteRealm
- deleteRealmApplicationRole
- deleteRealmGroup
- deleteRealmRole
- deleteRegistrationToken
- deleteWebhook
- describeRealmApplicationRole
- describeRealmGroup
- describeRealmRole
- getAggregations
- getClientInfo
- getMFA
- getRealmUserCount
- getRequests
- groupMembership
- hostedBrokerInfo
- identityDetails
- initiateTotp
- initiateWebAuthn
- joinGroups
- leaveGroups
- listAccessPoliciesForGroups
- listApplications
- listApplicationsByClientIDs
- listClientInfo
- listDefaultRealmGroups
- listGroupRoleMappings
- listIdentities
- listRealmApplicationRoles
- listRealmGroups
- listRealmRoles
- listRealms
- newRegistrationToken
- newWebhook
- refreshProfile
- registerIdentity
- registerRealmBrokerIdentity
- registerTotp
- registerWebAuthnDevice
- registrationTokens
- removeDefaultRealmGroups
- removeGroupRoleMappings
- replaceDefaultRealmGroups
- resendVerificationEmail
- serialize
- setClientEnabled
- subscribe
- unsubscribe
- updateAccountBilling
- updateGroupMembership
- updateProfile
- updateRealmApplicationRole
- updateRealmGroup
- updateRealmRole
- updateRealmSettings
- upsertAccessPoliciesForGroup
- validatePassword
- webhooks
• new Client(api, account, profile, queenClient)
| Name | Type |
|---|---|
api |
API |
account |
Account |
profile |
any |
queenClient |
any |
• account: Account
• profile: any
• get queenClient(): any
any
▸ addBillingCoupon(couponCode): Promise<any>
| Name | Type |
|---|---|
couponCode |
string |
Promise<any>
▸ addDefaultRealmGroups(realmName, groups): Promise<boolean>
Add default groups for the request realm. note: when default realm groups are changed existing users' groups are not updated
example
const toznyEngineersGroup = await client.createRealmGroup(realmName, {
name: 'ToznyEngineers',
})
await client.addDefaultRealmGroups(realmName, {
groups: [toznyEngineersGroup.id],
})| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groups |
GroupsInput |
List of groups or group ids in an object on the groups key |
Promise<boolean>
▸ addGroupRoleMappings(realmName, groupId, groupRoleMapping): Promise<boolean>
Adds a set of realm/client roles to a group's role mapping
example
const realmName = 'kitchen'
const chefGroup = await client.createRealmGroup(realmName, { name: 'Chefs' })
const fridgeAccessRole = await client.createRealmRole(realmName, {
name: 'FridgeAccess',
description: 'Grants access to the secrets of the fridge.',
})
// map the "Chefs" realm group to the "FridgeAccess" realm role
// returns true on success
await client.addGroupRoleMappings(
realmName,
chefGroup.id,
{ realm: [fridgeAccessRole] }
)| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groupId |
string |
Id of realm group. |
groupRoleMapping |
GroupRoleMapping |
The map of roles to add to group's mapping. |
Promise<boolean>
True if successful
▸ addRolesToIdentity(realmName, identityId, roles): Promise<boolean>
Add role to an identity.
example
// Get the identityId you wish to delete
const identity = accountClient.identityDetails(realmName, username)
// Add role to the identity.
await accountClient.addRolesToIdentity(realmName, toznyId, roles)| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of the realm. |
identityId |
string |
Id of Tozny identity. |
roles |
string[] |
String Array of roles. Both realm and client roles. |
Promise<boolean>
True if successful.
▸ billingStatus(): Promise<fn>
Promise<fn>
▸ changePassword(__namedParameters): Promise<any>
| Name | Type |
|---|---|
__namedParameters |
Object |
Promise<any>
▸ createRealm(realmName, sovereignName, realmRegistrationToken?): Promise<Realm>
Requests the creation of a new TozID Realm.
| Name | Type | Default value | Description |
|---|---|---|---|
realmName |
string |
undefined |
The user defined name for the realm to create. |
sovereignName |
string |
undefined |
The user defined name for the ruler of the realm to create. |
realmRegistrationToken |
string |
'' |
- |
Promise<Realm>
The representation of the created realm returned by the server.
▸ createRealmApplicationRole(realmName, applicationId, role): Promise<Role>
Creates a new application role for a realm.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
applicationId |
string |
Id of client application. |
role |
MinimumRoleData |
Object with name and description of role. |
Promise<Role>
The newly created role.
▸ createRealmGroup(realmName, group): Promise<Group>
Creates a new group in the realm.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
group |
Object |
Object containing name of group. |
group.name |
string |
- |
Promise<Group>
The newly created group.
▸ createRealmRole(realmName, role): Promise<Role>
Creates a new role for a realm.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
role |
MinimumRoleData |
Object with name and description of role. |
Promise<Role>
The newly created role.
▸ deleteIdentity(realmName, identityId): Promise<boolean>
Removes an identity in the given realm.
example
// Get the identityId you wish to delete
const identity = accountClient.identityDetails(realmName, username)
// Delete identity
await accountClient.deleteIdentity(realmName, identity.toznyId)| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
identityId |
string |
Id of Tozny identity |
Promise<boolean>
True if successful
▸ deleteMFA(id): Promise<Response>
Delete MFA
| Name | Type |
|---|---|
id |
any |
Promise<Response>
▸ deleteRealm(realmName): Promise<object>
Requests the deletion of a named TozID Realm belonging to the account.
| Name | Type | Description |
|---|---|---|
realmName |
string |
The name for the realm to delete. |
Promise<object>
Empty object.
▸ deleteRealmApplicationRole(realmName, applicationId, roleName): Promise<boolean>
Deletes a realm application role by id.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
applicationId |
string |
Id of client application. |
roleName |
string |
Name of role to delete. |
Promise<boolean>
True if successful.
▸ deleteRealmGroup(realmName, groupId): Promise<boolean>
Deletes a group in the named realm by id.
| Name | Type | Description |
|---|---|---|
realmName |
string |
The name of the realm containing the group. |
groupId |
string |
The id of the group to delete. |
Promise<boolean>
True if successful.
▸ deleteRealmRole(realmName, roleId): Promise<boolean>
Deletes a realm role by id.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
roleId |
string |
Id of role to delete. |
Promise<boolean>
True if successful.
▸ deleteRegistrationToken(token): Promise<boolean>
Removes a token object from the accounts available tokens.
| Name | Type | Description |
|---|---|---|
token |
Token |
The token to remove from the account. |
Promise<boolean>
True if the operation succeeds.
▸ deleteWebhook(webhookId): Promise<boolean>
Removes a webhook object from the accounts available webhooks.
| Name | Type |
|---|---|
webhookId |
string |
Promise<boolean>
True if the operation succeeds.
▸ describeRealmApplicationRole(realmName, applicationId, roleName): Promise<Role>
Describe a realm application role by id.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
applicationId |
string |
Id of client application. |
roleName |
string |
Name of role to describe. |
Promise<Role>
▸ describeRealmGroup(realmName, groupId): Promise<Group>
Describe a realm group by id.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groupId |
string |
Id of group to describe. |
Promise<Group>
▸ describeRealmRole(realmName, roleId): Promise<Role>
Describe a realm role by id.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
roleId |
string |
Id of role to describe. |
Promise<Role>
▸ getAggregations(startTime, endTime): object
Gets aggregations for the api calls made in a given time frame.
| Name | Type | Description |
|---|---|---|
startTime |
string |
Start time for range of requests |
endTime |
string |
End time for range of requests |
object
aggregations response object
▸ getClientInfo(clientId): Promise<fn>
| Name | Type |
|---|---|
clientId |
string |
Promise<fn>
▸ getMFA(): Promise<any>
Get MFA devices
Promise<any>
▸ getRealmUserCount(realmName): Promise<object>
Requests the user count of a specified TozID Realm
| Name | Type | Description |
|---|---|---|
realmName |
string |
The name for the realm to delete. |
Promise<object>
The user count
▸ getRequests(startTime, endTime, nextToken, endpointsToExclude): object
Gets the api request history using provided params.
| Name | Type | Description |
|---|---|---|
startTime |
string |
Start time for range of requests |
endTime |
string |
End time for range of requests |
nextToken |
number |
allows backend to paginate requests |
endpointsToExclude |
any |
- |
object
request response object
▸ groupMembership(realmName, identityToznyId): Promise<Group[]>
List all realm groups for an identity
example
const identity = await accountClient.identityDetails(realmName, username)
const groupList = await client.groupMembership(realmName, identity.toznyId)| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
identityToznyId |
string |
Id of Tozny identity |
Promise<Group[]>
▸ hostedBrokerInfo(): Promise<object>
Gets the public info about the Tozny hosted broker
Promise<object>
The hosted broker public info.
▸ identityDetails(realmName, username): Promise<DetailedIdentity>
Fetches the details of an identity by username.
| Name | Type |
|---|---|
realmName |
string |
username |
string |
Promise<DetailedIdentity>
The identity
▸ initiateTotp(): Promise<any>
Initiate Totp. Get QR info from API
Promise<any>
response
▸ initiateWebAuthn(): Promise<any>
Initiate WebAuthn
Promise<any>
▸ joinGroups(realmName, identityToznyId, groups): Promise<boolean>
Join a list of Realm groups for an identity
example
const identity = await accountClient.identityDetails(realmName, username)
const toznyEngineersGroup = await client.createRealmGroup(realmName, {
name: 'ToznyEngineers',
})
await client.joinGroups(realmName, identity.toznyId, {
groups: [toznyEngineersGroup.id],
})| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
identityToznyId |
string |
Id of Tozny identity |
groups |
GroupsInput |
List of groups or group ids to join in an object on the groups key |
Promise<boolean>
True if successful
▸ leaveGroups(realmName, identityToznyId, groups): Promise<boolean>
Leave a list of Realm Groups for an identity
example
const identity = await accountClient.identityDetails(realmName, username)
const toznyEngineersGroup = await client.createRealmGroup(realmName, {
name: 'ToznyEngineers',
})
await client.joinGroups(realmName, identity.toznyId, {
groups: [toznyEngineersGroup.id],
})
await client.leaveGroups(realmName, identity.toznyId, {
groups: [toznyEngineersGroup.id],
})| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
identityToznyId |
string |
Id of Tozny identity |
groups |
GroupsInput |
List of groups or group ids to leave in an object on the groups key |
Promise<boolean>
True if successful
▸ listAccessPoliciesForGroups(realmName, groupIds): Promise<ListAccessPoliciesResponse>
Lists the Current Access Policies for the Group Ids sent. Additionally configuration settings info about multi-party control for the realm is included.
The method handles multiple group ids and returns access policy information about each one in
the same order on the groupAccessPolicies of the response.
example
const realmName = 'westeros'
const groupId = '200dd632-3faf-48d0-933f-e3ed40e27d92'
const data = await accountClient.listAccessPoliciesForGroups(
realmName,
[groupId]
)
// here we see the MPC settings for the realm.
// additionally, we see that access to the group is governed by access policy #131
// {
// "settings": {
// "defaultAccessDurationSeconds": 10800,
// "defaultRequiredApprovals": 1,
// "mpcEnabledForRealm": true
// },
// "groupAccessPolicies": [
// {
// "id": "200dd632-3faf-48d0-933f-e3ed40e27d92",
// "accessPolicies": [
// {
// "id": 131,
// "approvalRoles": [
// {
// "id": "24613e76-5a9d-4803-a55e-5f8d9e598f4e",
// "name": "approver-role",
// "description": "It will be the role approvers must have.",
// }
// ],
// "maxAccessDurationSeconds": 172800,
// "requiredApprovals": 1
// }
// ]
// }
// ]
// }| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groupIds |
string[] |
The IDs for the Tozny Groups |
Promise<ListAccessPoliciesResponse>
▸ listApplications(realmName): Promise<RealmApplication[]>
Lists all the applications for the realm.
example
const realmName = 'westeros'
// Get a list of realm applications
const applications = await accountClient.listApplications(realmName)| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of the realm |
Promise<RealmApplication[]>
▸ listApplicationsByClientIDs(realmName, applicationClientIDs): RealmApplication[]
Lists all the applications for the realm with the provided client IDs.
example
const realmName = 'westeros'
// An array of the client IDs for applications to list
const clientIds = ['account']
const applications = await accountClient.listApplicationsByClientIDs(
realmName,
clientIds
)
// Get the application id for the application with client OD
const applicationID = applications[0].id| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of the realm |
applicationClientIDs |
string[] |
Client IDs of the applications to list |
RealmApplication[]
▸ listClientInfo(nextToken?, perPage?): Promise<fn>
| Name | Type | Default value |
|---|---|---|
nextToken |
number |
0 |
perPage |
number |
50 |
Promise<fn>
▸ listDefaultRealmGroups(realmName): Promise<Group[]>
Lists all default groups for the request realm.
example
const groupList = await client.listDefaultRealmGroups(realmName)| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
Promise<Group[]>
List of all groups at realm.
▸ listGroupRoleMappings(realmName, groupId): Promise<GroupRoleMapping>
Gets realm & client (application) roles that are mapped to a particular realm group.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groupId |
string |
Id of group for which to list role mappings. |
Promise<GroupRoleMapping>
List of all roles at realm.
▸ listIdentities(realmName, max, next): ListIdentitiesResult
Set up the pagination result for listing identities
Each page is returned when the next() function is invoked on the ListIdentitiesResult object.
example
const realmName = 'westeros'
// list identities in westeros 10 at a time
const idList = accountClient.listIdentities(realmName, 10)
// Must call idList.next() to receive results
while (!idList.done) {
const identities = await idList.next()
for (let identity of identities) {
console.log(identity.username)
}
}Note: If the value of max is higher than the maximum allowed by the server, idList.next() will only return up to the number of identities allowed by the server
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
max |
number |
The maximum number of identities per page. Up to the max allowed by the server. |
next |
number |
The next token, used for paging. Default is 0. |
ListIdentitiesResult
A object usable for making paginated queries.
▸ listRealmApplicationRoles(realmName, applicationId): Promise<Role[]>
Lists all realm application roles for a realm.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
applicationId |
string |
Id of client application. |
Promise<Role[]>
List of all roles for application.
▸ listRealmGroups(realmName): Promise<Group[]>
Lists all realm groups for a realm.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
Promise<Group[]>
List of all groups at realm.
▸ listRealmRoles(realmName): Promise<Role[]>
Lists all realm roles for a realm.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
Promise<Role[]>
List of all roles at realm.
▸ listRealms(): Promise<Realms>
Lists all Realms belonging to the account.
Promise<Realms>
The listed realm representations returned by the server.
▸ newRegistrationToken(name, permissions?, totalUsesAllowed): Promise<RegistrationToken>
Create a new registration token for the account.
| Name | Type | Description |
|---|---|---|
name |
string |
The user defined name for the new token. Not unique. |
permissions |
object |
A set of key-value pair of permissions for the token. |
totalUsesAllowed |
number |
The number of uses the token is allowed. If not set, unlimited uses are allowed. |
Promise<RegistrationToken>
The created registration token.
▸ newWebhook(webhook_url, triggers): Promise<Webhook>
Create a new webhook for the account.
| Name | Type | Description |
|---|---|---|
webhook_url |
string |
The payload url |
triggers |
object |
A list of triggers to associate with the webhook not set, unlimited uses are allowed. |
Promise<Webhook>
The created webhook.
▸ refreshProfile(): Promise<void>
refreshProfile users internal logic in the api token refresher to update the user's profile info from the backend. Currently, this is used to allow a user to verify their email, hit refresh in an already open window, and continue with an updated accountClient on the frontend.
This will likely be replaced by a call to GET the account profile.
Promise<void>
▸ registerIdentity(realmName, registrationToken, identity): Promise<Identity>
Registers an identity with the specified realm using the specified parameters,returning the created identity and error (if any).
Note that the identity input takes snake_case values.
registerIdentity() is intended for internal use. The JS SDK (@toznysecure/sdk/node) should be used instead to register Identities.
Note that no notes are written in this method, so the broker Identity is unable to perform password recovery for Identities registered with this method. The Identity will be unable to login to the Realm as a result.
example
// Create a token
const token = await accountClient.newRegistrationToken(tokenName, permissions)
const identity = {
name: 'identityName',
email: 'identity@example.com',
first_name: 'firstName',
last_name: 'lastName',
}
// Register Identity
const identityResponse = await accountClient.registerIdentity(
realmName,
token.token,
identity
)| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
registrationToken |
string |
the token for the realm |
identity |
any |
Configuration for the new identity |
Promise<Identity>
▸ registerRealmBrokerIdentity(realmName, registrationToken): Promise<Identity>
registerRealmBrokerIdentity registers an identity to be the broker for a realm.
| Name | Type | Description |
|---|---|---|
realmName |
string |
The name of the realm to register the broker identity with. |
registrationToken |
string |
A registration for the account that has permissions for registering clients of type broker. |
Promise<Identity>
The broker identity for the realm.
▸ registerTotp(data): Promise<any>
Register Totp.
| Name | Type |
|---|---|
data |
any |
Promise<any>
response
▸ registerWebAuthnDevice(data): Promise<Response>
| Name | Type |
|---|---|
data |
any |
Promise<Response>
▸ registrationTokens(): Promise<RegistrationToken[]>
Get a list of the current registration tokens for an account.
Promise<RegistrationToken[]>
▸ removeDefaultRealmGroups(realmName, groups): Promise<boolean>
Remove groups for the request realm. note: when default realm groups are changed existing users' groups are not updated
example
const toznyEngineersGroup = await client.createRealmGroup(realmName, {
name: 'ToznyEngineers',
})
await client.addDefaultRealmGroups(realmName, {
groups: [toznyEngineersGroup.id],
})
await client.removeDefaultRealmGroups(realmName, {
groups: [toznyEngineersGroup.id],
})| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groups |
GroupsInput |
List of groups or group ids in an object on the groups key |
Promise<boolean>
True if successful
▸ removeGroupRoleMappings(realmName, groupId, groupRoleMapping): Promise<boolean>
Removes a set of realm/client roles from a group's role mapping.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groupId |
string |
Id of realm group. |
groupRoleMapping |
GroupRoleMapping |
The map of roles to remove to group's mapping. |
Promise<boolean>
True if successful
▸ replaceDefaultRealmGroups(realmName, groups): Promise<boolean>
Replace default groups for the request realm. note: when default realm groups are changed existing users' groups are not updated
example
const toznyEngineersGroup = await client.createRealmGroup(realmName, {
name: 'ToznyEngineers',
})
await client.replaceDefaultRealmGroups(realmName, {
groups: [toznyEngineersGroup.id],
})| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groups |
GroupsInput |
List of groups or group ids to leave in an object on the groups key |
Promise<boolean>
True if successful
▸ resendVerificationEmail(): Promise<any>
Requests Tozny account email verification be resent.
Promise<any>
▸ serialize(): Object
Object
| Name | Type |
|---|---|
account |
Account |
api |
Object |
api.apiUrl |
string |
profile |
any |
storageClient |
any |
▸ setClientEnabled(clientId, enabled): Promise<boolean>
| Name | Type |
|---|---|
clientId |
string |
enabled |
boolean |
Promise<boolean>
▸ subscribe(): Promise<any>
Promise<any>
▸ unsubscribe(): Promise<any>
Promise<any>
▸ updateAccountBilling(stripeToken): Promise<any>
| Name | Type |
|---|---|
stripeToken |
any |
Promise<any>
▸ updateGroupMembership(realmName, identityToznyId, groups): Promise<boolean>
Update group membership
example
const identity = await accountClient.identityDetails(realmName, username)
const toznyEngineersGroup = await client.createRealmGroup(realmName, {
name: 'ToznyEngineers',
})
await client.updateGroupMembership(realmName, identity.toznyId, {
groups: [toznyEngineersGroup.id],
})| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
identityToznyId |
string |
Id of Tozny identity |
groups |
GroupsInput |
List of groups or group ids to update in an object on the groups key |
Promise<boolean>
True if successful
▸ updateProfile(profile): Promise<any>
Allows user to update the name and email on their account. Profile param contains a name and email for the user.
| Name | Type |
|---|---|
profile |
Object |
profile.email |
string |
profile.name |
string |
Promise<any>
▸ updateRealmApplicationRole(realmName, applicationId, originalRoleName, role): Promise<Role>
Update an existing application role in the realm given the original role name.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
applicationId |
string |
Id of client application. |
originalRoleName |
string |
Name of the role being updated. |
role |
MinimumRoleWithId |
Updated attributes of the role. |
Promise<Role>
▸ updateRealmGroup(realmName, groupId, group): Promise<Group>
Update an existing group in the realm given a group id.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groupId |
string |
Id of group to update. |
group |
Group |
Updated attributes of the group |
Promise<Group>
▸ updateRealmRole(realmName, role): Promise<Role>
Update an existing role in the realm given a role id.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
role |
MinimumRoleWithId |
Updated attributes of the role. |
Promise<Role>
The updated role
▸ updateRealmSettings(realmName, settings): Promise<RealmSettings>
Updates settings for the realm. Some of these features enabled by these settings are experimental and may be subject to change.
| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
settings |
RealmSettings |
Object containing settings to enable. |
Promise<RealmSettings>
Updated realm settings.
▸ upsertAccessPoliciesForGroup(realmName, groupId, accessPolicies): Promise<GroupAccessPolicies>
Create, update, or remove an Access Policy for a Group
This method is built to handle attaching multiple policies to a single group. However, currently only one policy per group is supported.
example
const realmName = 'westeros'
const groupId = '12345678-90ab-cdef-0000-000000000000'
const approvalRole = await accountClient.createRealmRole(
realmName,
{ name: "NightsWatch", description: "They guard the wall." }
);
// create a new policy for group.
// a request for access must be approved by one user with `approvalRole`
// upon approval, access is granted for 1 day
let groupAccessPolicy = await accountClient.upsertAccessPoliciesForGroup(
realmName,
groupId,
[{ approvalRoles: [approvalRole], requiredApprovals: 1, maxAccessDurationSeconds: 24*3600 }]
)
groupAccessPolicy.id === groupId //=> true
const accessPolicy = groupAccessPolicy.accessPolicies[0]
// update approval roles of existing policy
const anotherRole = await accountClient.describeRealmRole(realmName, roleId)
groupAccessPolicy = await accountClient.upsertAccessPoliciesForGroup(
realmName,
groupId,
[{
id: accessPolicy.id, //<-- updating the existing policy.
approvalRoles: [approvalRole, anotherRole],
requiredApprovals: 1,
maxAccessDurationSeconds: 24*3600,
}]
)
// remove access policy by setting policies to empty array
groupAccessPolicy = await accountClient.upsertAccessPoliciesForGroup(
realmName,
groupId,
[] // <-- the group will no longer be governed by any access policy
)| Name | Type | Description |
|---|---|---|
realmName |
string |
Name of realm. |
groupId |
string |
The ID of the Group in Tozny |
accessPolicies |
AccessPolicyData[] |
Configuration for the new identity |
Promise<GroupAccessPolicies>
Object containing groups id & accessPolicies
▸ validatePassword(password): Promise<boolean>
| Name | Type |
|---|---|
password |
string |
Promise<boolean>
▸ webhooks(): Promise<Webhook[]>
Get a list of the current webhooks for an account.
Promise<Webhook[]>