@boxyhq/saml-jackson 1.33.0 → 1.33.1-beta.1

package/dist/src/ee/identity-federation/index.js

@@ -0,0 +1,43 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { SSO } from './sso';
+import { App } from './app';
+import { SSOHandler } from '../../controller/sso-handler';
+import { IdPLogin } from './idp-login';
+// This is the main entry point for the Identity Federation module
+const IdentityFederation = (_a) => __awaiter(void 0, [_a], void 0, function* ({ db, opts, ssoTraces, }) {
+    const appStore = db.store('samlfed:apps');
+    const sessionStore = db.store('oauth:session', opts.db.ttl);
+    const connectionStore = db.store('saml:config');
+    const ssoHandler = new SSOHandler({
+        connection: connectionStore,
+        session: sessionStore,
+        opts,
+    });
+    const app = new App({ store: appStore, opts });
+    const sso = new SSO({ app, ssoHandler, ssoTraces, opts });
+    const idpLogin = new IdPLogin({ app, ssoHandler, ssoTraces, opts });
+    const response = {
+        app,
+        sso,
+        idpLogin,
+    };
+    return response;
+});
+export default IdentityFederation;
+export * from './types';
+// SAML Federation flow:
+// SP (Eg: Twilio Flex) --> SAML Jackson --> IdP (Eg: Okta) --> SAML Jackson --> SP (Eg: Twilio Flex)
+// 1. SP send SAML Request to Jackson's SSO endpoint
+// 2. Jackson process SAML Request and create a new session to store SP request information
+// 3. Jackson create a new SAML Request and send it to chosen IdP
+// 4. After successful authentication, IdP send (POST) SAML Response to Jackson's ACS endpoint
+// 5. Jackson process SAML Response from the IdP and create a new SAML Response to send (POST) back to the SP's ACS endpoint
+//# sourceMappingURL=index.js.map

package/dist/src/ee/identity-federation/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/ee/identity-federation/index.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAC5B,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAE5B,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,kEAAkE;AAClE,MAAM,kBAAkB,GAAG,KAQxB,EAAE,4CAR6B,EAChC,EAAE,EACF,IAAI,EACJ,SAAS,GAKV;IACC,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,EAAE,CAAC,KAAK,CAAC,eAAe,EAAE,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IAC5D,MAAM,eAAe,GAAG,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAEhD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;QAChC,UAAU,EAAE,eAAe;QAC3B,OAAO,EAAE,YAAY;QACrB,IAAI;KACL,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpE,MAAM,QAAQ,GAAG;QACf,GAAG;QACH,GAAG;QACH,QAAQ;KACT,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAA,CAAC;AAEF,eAAe,kBAAkB,CAAC;AAElC,cAAc,SAAS,CAAC;AAExB,wBAAwB;AACxB,qGAAqG;AACrG,oDAAoD;AACpD,2FAA2F;AAC3F,iEAAiE;AACjE,8FAA8F;AAC9F,4HAA4H"}

package/dist/src/ee/identity-federation/sso.d.ts

@@ -0,0 +1,24 @@
+import { App } from './app';
+import { SSOHandler } from '../../controller/sso-handler';
+import type { JacksonOption, SSOTracesInstance } from '../../typings';
+export declare class SSO {
+    private app;
+    private ssoHandler;
+    private ssoTraces;
+    private opts;
+    constructor({ app, ssoHandler, ssoTraces, opts, }: {
+        app: App;
+        ssoHandler: SSOHandler;
+        ssoTraces: SSOTracesInstance;
+        opts: JacksonOption;
+    });
+    getAuthorizeUrl: ({ request, relayState, idp_hint, samlBinding, }: {
+        request: string;
+        relayState: string;
+        samlBinding: "HTTP-POST" | "HTTP-Redirect";
+        idp_hint?: string;
+    }) => Promise<{
+        redirect_url: any;
+        authorize_form: any;
+    }>;
+}

package/dist/src/ee/identity-federation/sso.js

@@ -0,0 +1,124 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import saml from '@boxyhq/saml20';
+import { JacksonError } from '../../controller/error';
+import { getErrorMessage, isConnectionActive } from '../../controller/utils';
+import { throwIfInvalidLicense } from '../common/checkLicense';
+const isSAMLConnection = (connection) => {
+    return 'idpMetadata' in connection;
+};
+export class SSO {
+    constructor({ app, ssoHandler, ssoTraces, opts, }) {
+        // Accept the SAML Request from Service Provider, and create a new SAML Request to be sent to Identity Provider
+        this.getAuthorizeUrl = (_a) => __awaiter(this, [_a], void 0, function* ({ request, relayState, idp_hint, samlBinding, }) {
+            yield throwIfInvalidLicense(this.opts.boxyhqLicenseKey);
+            const isPostBinding = samlBinding === 'HTTP-POST';
+            let connection;
+            let app;
+            let id, acsUrl, entityId, publicKey, providerName, decodedRequest;
+            const context = {
+                isSAMLFederated: true,
+                relayState,
+            };
+            try {
+                decodedRequest = yield saml.decodeBase64(request, !isPostBinding);
+                context.samlRequest = decodedRequest || request;
+                const parsedSAMLRequest = yield saml.parseSAMLRequest(decodedRequest, isPostBinding);
+                id = parsedSAMLRequest.id;
+                entityId = parsedSAMLRequest.audience;
+                publicKey = parsedSAMLRequest.publicKey;
+                providerName = parsedSAMLRequest.providerName;
+                context.entityId = entityId;
+                context.providerName = providerName;
+                // Verify the request if it is signed
+                if (publicKey && !saml.hasValidSignature(decodedRequest, publicKey, null)) {
+                    throw new JacksonError('Invalid SAML Request signature.', 400);
+                }
+                app = yield this.app.getByEntityId(entityId);
+                acsUrl = parsedSAMLRequest.acsUrl || app.acsUrl; // acsUrl is optional in the SAMLRequest
+                context.tenant = app.tenant;
+                context.product = app.product;
+                context.acsUrl = acsUrl;
+                if (app.acsUrl !== acsUrl) {
+                    throw new JacksonError("Assertion Consumer Service URL doesn't match.", 400);
+                }
+                const response = yield this.ssoHandler.resolveConnection({
+                    tenant: app.tenant,
+                    product: app.product,
+                    idp_hint,
+                    authFlow: 'saml',
+                    idFedAppId: app.id,
+                    originalParams: {
+                        RelayState: relayState,
+                        SAMLRequest: request,
+                        samlBinding,
+                    },
+                    tenants: app.tenants,
+                });
+                // If there is a redirect URL, then we need to redirect to that URL
+                if ('redirectUrl' in response) {
+                    return {
+                        redirect_url: response.redirectUrl,
+                        authorize_form: null,
+                    };
+                }
+                // If there is a connection, use that connection
+                if ('connection' in response) {
+                    connection = response.connection;
+                }
+                if (!connection) {
+                    throw new JacksonError('No SSO connection found.', 404);
+                }
+                context.clientID = connection.clientID;
+                if (!isConnectionActive(connection)) {
+                    throw new JacksonError('SSO connection is deactivated. Please contact your administrator.', 403);
+                }
+                const requestParams = {
+                    id,
+                    acsUrl,
+                    entityId,
+                    publicKey,
+                    providerName,
+                    relayState,
+                    tenant: app.tenant,
+                    product: app.product,
+                };
+                return isSAMLConnection(connection)
+                    ? yield this.ssoHandler.createSAMLRequest({
+                        connection,
+                        requestParams,
+                        mappings: app.mappings,
+                    })
+                    : yield this.ssoHandler.createOIDCRequest({
+                        connection,
+                        requestParams,
+                        mappings: app.mappings,
+                        ssoTraces: {
+                            instance: this.ssoTraces,
+                            context,
+                        },
+                    });
+            }
+            catch (err) {
+                const error_description = getErrorMessage(err);
+                this.ssoTraces.saveTrace({
+                    error: error_description,
+                    context,
+                });
+                throw err;
+            }
+        });
+        this.app = app;
+        this.ssoHandler = ssoHandler;
+        this.ssoTraces = ssoTraces;
+        this.opts = opts;
+    }
+}
+//# sourceMappingURL=sso.js.map

package/dist/src/ee/identity-federation/sso.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso.js","sourceRoot":"","sources":["../../../../src/ee/identity-federation/sso.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,IAAI,MAAM,gBAAgB,CAAC;AAGlC,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAUtD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAE/D,MAAM,gBAAgB,GAAG,CAAC,UAAyC,EAA+B,EAAE;IAClG,OAAO,aAAa,IAAI,UAAU,CAAC;AACrC,CAAC,CAAC;AAEF,MAAM,OAAO,GAAG;IAMd,YAAY,EACV,GAAG,EACH,UAAU,EACV,SAAS,EACT,IAAI,GAML;QAOD,+GAA+G;QACxG,oBAAe,GAAG,KAUtB,EAAE,0CAV2B,EAC9B,OAAO,EACP,UAAU,EACV,QAAQ,EACR,WAAW,GAMZ;YACC,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAExD,MAAM,aAAa,GAAG,WAAW,KAAK,WAAW,CAAC;YAClD,IAAI,UAAqD,CAAC;YAC1D,IAAI,GAAsC,CAAC;YAC3C,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC;YAClE,MAAM,OAAO,GAAG;gBACd,eAAe,EAAE,IAAI;gBACrB,UAAU;aACuB,CAAC;YAEpC,IAAI,CAAC;gBACH,cAAc,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,aAAa,CAAC,CAAC;gBAClE,OAAO,CAAC,WAAW,GAAG,cAAc,IAAI,OAAO,CAAC;gBAEhD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;gBAErF,EAAE,GAAG,iBAAiB,CAAC,EAAE,CAAC;gBAC1B,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC;gBACtC,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC;gBACxC,YAAY,GAAG,iBAAiB,CAAC,YAAY,CAAC;gBAC9C,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;gBAC5B,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;gBAEpC,qCAAqC;gBACrC,IAAI,SAAS,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;oBAC1E,MAAM,IAAI,YAAY,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;gBACjE,CAAC;gBAED,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAC7C,MAAM,GAAG,iBAAiB,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,wCAAwC;gBACzF,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC5B,OAAO,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;gBAC9B,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;gBAExB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC1B,MAAM,IAAI,YAAY,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;gBAC/E,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;oBACvD,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,QAAQ;oBACR,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,GAAG,CAAC,EAAE;oBAClB,cAAc,EAAE;wBACd,UAAU,EAAE,UAAU;wBACtB,WAAW,EAAE,OAAO;wBACpB,WAAW;qBACZ;oBACD,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBAEH,mEAAmE;gBACnE,IAAI,aAAa,IAAI,QAAQ,EAAE,CAAC;oBAC9B,OAAO;wBACL,YAAY,EAAE,QAAQ,CAAC,WAAW;wBAClC,cAAc,EAAE,IAAI;qBACrB,CAAC;gBACJ,CAAC;gBAED,gDAAgD;gBAChD,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;oBAC7B,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC;gBACnC,CAAC;gBAED,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,YAAY,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;gBAC1D,CAAC;gBAED,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;gBAEvC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,YAAY,CAAC,mEAAmE,EAAE,GAAG,CAAC,CAAC;gBACnG,CAAC;gBAED,MAAM,aAAa,GAAG;oBACpB,EAAE;oBACF,MAAM;oBACN,QAAQ;oBACR,SAAS;oBACT,YAAY;oBACZ,UAAU;oBACV,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC;gBAEF,OAAO,gBAAgB,CAAC,UAAU,CAAC;oBACjC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;wBACtC,UAAU;wBACV,aAAa;wBACb,QAAQ,EAAE,GAAG,CAAC,QAAQ;qBACvB,CAAC;oBACJ,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;wBACtC,UAAU;wBACV,aAAa;wBACb,QAAQ,EAAE,GAAG,CAAC,QAAQ;wBACtB,SAAS,EAAE;4BACT,QAAQ,EAAE,IAAI,CAAC,SAAS;4BACxB,OAAO;yBACR;qBACF,CAAC,CAAC;YACT,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,iBAAiB,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;gBAE/C,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;oBACvB,KAAK,EAAE,iBAAiB;oBACxB,OAAO;iBACR,CAAC,CAAC;gBAEH,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAA,CAAC;QAlIA,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CA+HF"}

package/dist/src/ee/identity-federation/types.d.ts

@@ -0,0 +1,38 @@
+import IdentityFederation from '.';
+export type IIdentityFederationController = Awaited<ReturnType<typeof IdentityFederation>>;
+export type AttributeMapping = {
+    key: string;
+    value: string;
+};
+export type IdentityFederationApp = {
+    id: string;
+    type?: string;
+    clientID?: string;
+    clientSecret?: string;
+    redirectUrl?: string[] | string;
+    name: string;
+    tenant: string;
+    product: string;
+    acsUrl: string;
+    entityId: string;
+    logoUrl: string | null;
+    faviconUrl: string | null;
+    primaryColor: string | null;
+    tenants?: string[];
+    mappings?: AttributeMapping[] | null;
+};
+export type IdentityFederationAppWithMetadata = IdentityFederationApp & {
+    metadata: {
+        entityId: string;
+        ssoUrl: string;
+        x509cert: string;
+        xml: string;
+    };
+};
+export type AppRequestParams = {
+    id: string;
+} | {
+    tenant: string;
+    product: string;
+    type?: string;
+};

package/dist/src/ee/identity-federation/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/ee/identity-federation/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/ee/identity-federation/types.ts"],"names":[],"mappings":""}

package/dist/src/ee/ory/ory.d.ts

@@ -0,0 +1,18 @@
+import { JacksonOption, OryConfig, OryRes } from '../../typings';
+import { ProductController } from '../product';
+export declare class OryController {
+    private opts;
+    private productController;
+    constructor({ opts, productController }: {
+        opts: JacksonOption;
+        productController: ProductController;
+    });
+    private getOrgName;
+    private getIssuerUrl;
+    private addOrUpdateConnection;
+    private createOrganization;
+    private sanitizeConfig;
+    createConnection(config: OryConfig, tenant: string, product: string): Promise<OryRes | null>;
+    updateConnection(config: OryConfig, tenant: string, product: string): Promise<OryRes | null>;
+    private isEnabled;
+}

package/dist/src/ee/ory/ory.js

@@ -0,0 +1,195 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import axios from 'axios';
+import { throwIfInvalidLicense } from '../common/checkLicense';
+const basePath = 'https://api.console.ory.sh';
+const providerId = 'sso_boxyhq';
+const dataMapping = 'base64://bG9jYWwgY2xhaW1zID0gewogIGVtYWlsX3ZlcmlmaWVkOiB0cnVlLAp9ICsgc3RkLmV4dFZhcignY2xhaW1zJyk7Cgp7CiAgaWRlbnRpdHk6IHsKICAgIHRyYWl0czogewogICAgICBbaWYgJ2VtYWlsJyBpbiBjbGFpbXMgJiYgY2xhaW1zLmVtYWlsX3ZlcmlmaWVkIHRoZW4gJ2VtYWlsJyBlbHNlIG51bGxdOiBjbGFpbXMuZW1haWwsCiAgICB9LAogIH0sCn0=';
+const issuerUrl = 'https://sso.eu.boxyhq.com';
+export class OryController {
+    constructor({ opts, productController }) {
+        this.opts = opts;
+        this.productController = productController;
+    }
+    getOrgName(tenant, product) {
+        return this.opts.boxyhqHosted ? tenant : `${tenant}:${product}`;
+    }
+    getIssuerUrl() {
+        if (this.opts.boxyhqHosted) {
+            return issuerUrl;
+        }
+        else {
+            return this.opts.externalUrl;
+        }
+    }
+    addOrUpdateConnection(config, tenant, product) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const project = yield axios.get(`${basePath}/projects/${config.projectId}`, {
+                headers: {
+                    Authorization: `Bearer ${config.sdkToken}`,
+                },
+            });
+            let index = '-';
+            try {
+                for (const idx in project.data.services.identity.config.selfservice.methods.oidc.config.providers) {
+                    const provider = project.data.services.identity.config.selfservice.methods.oidc.config.providers[idx];
+                    if (provider.id === providerId && provider.organization_id === config.organizationId) {
+                        index = idx;
+                        break;
+                    }
+                }
+                // eslint-disable-next-line @typescript-eslint/no-unused-vars
+            }
+            catch (err) {
+                // empty
+            }
+            const op = index === '-' ? 'add' : 'replace';
+            yield axios.patch(`${basePath}/normalized/projects/${config.projectId}/revision/${project.data.revision_id}`, [
+                { op: 'replace', path: '/kratos_selfservice_methods_oidc_enabled', value: true },
+                {
+                    op,
+                    path: `/kratos_selfservice_methods_oidc_config_providers/${index}`,
+                    value: {
+                        provider_id: providerId,
+                        provider: 'generic',
+                        label: 'SSO',
+                        client_id: `tenant=${tenant}&product=${product}`,
+                        client_secret: this.opts.clientSecretVerifier,
+                        organization_id: config.organizationId,
+                        scope: [],
+                        mapper_url: dataMapping,
+                        additional_id_token_audiences: [],
+                        issuer_url: this.getIssuerUrl(),
+                    },
+                },
+            ], {
+                headers: {
+                    Authorization: `Bearer ${config.sdkToken}`,
+                },
+            });
+        });
+    }
+    createOrganization(config, label) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            if (!config.sdkToken || !config.projectId) {
+                throw new Error('Ory SDK Token or Project ID not set');
+            }
+            if (config && config.organizationId) {
+                try {
+                    const res = yield axios.get(`${basePath}/projects/${config.projectId}/organizations/${config.organizationId}`, {
+                        headers: {
+                            Authorization: `Bearer ${config.sdkToken}`,
+                        },
+                    });
+                    return res.data.organization.id;
+                }
+                catch (err) {
+                    // if org doesn't exist fall through to section that creates it below
+                    if (((_a = err.response) === null || _a === void 0 ? void 0 : _a.status) !== 404) {
+                        throw err;
+                    }
+                }
+            }
+            const res = yield axios.post(`${basePath}/projects/${config.projectId}/organizations`, {
+                label,
+                domains: config.domains,
+            }, {
+                headers: {
+                    Authorization: `Bearer ${config.sdkToken}`,
+                },
+            });
+            return res.data.id;
+        });
+    }
+    sanitizeConfig(config, tenant) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b;
+            if (!config.sdkToken) {
+                config.sdkToken = (_a = this.opts.ory) === null || _a === void 0 ? void 0 : _a.sdkToken;
+            }
+            if (!config.projectId) {
+                config.projectId = (_b = this.opts.ory) === null || _b === void 0 ? void 0 : _b.projectId;
+            }
+            config.domains = config.domains || [];
+            if (!config.domains.includes(tenant)) {
+                config.domains.push(tenant);
+            }
+            return config;
+        });
+    }
+    createConnection(config, tenant, product) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!(yield this.isEnabled(config, tenant, product))) {
+                return null;
+            }
+            const organizationId = yield this.createOrganization(config, this.getOrgName(tenant, product));
+            config.organizationId = organizationId;
+            let error;
+            try {
+                yield this.addOrUpdateConnection(config, tenant, product);
+            }
+            catch (err) {
+                error = err;
+            }
+            return { projectId: config.projectId, domains: config.domains, organizationId, error };
+        });
+    }
+    updateConnection(config, tenant, product) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!(yield this.isEnabled(config, tenant, product))) {
+                return null;
+            }
+            const organizationId = yield this.createOrganization(config, this.getOrgName(tenant, product));
+            let error;
+            try {
+                yield this.addOrUpdateConnection(config, tenant, product);
+            }
+            catch (err) {
+                error = err;
+            }
+            return { projectId: config.projectId, domains: config.domains, organizationId, error };
+        });
+    }
+    isEnabled(config, tenant, product) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b;
+            if (this.opts.boxyhqHosted) {
+                const productConfig = yield this.productController.get(product);
+                if (!productConfig ||
+                    !productConfig.ory ||
+                    !productConfig.ory.sdkToken ||
+                    !productConfig.ory.projectId) {
+                    return false;
+                }
+                config.sdkToken = productConfig.ory.sdkToken;
+                config.projectId = productConfig.ory.projectId;
+                this.sanitizeConfig(config, tenant);
+                return true;
+            }
+            else {
+                if (!((_a = this.opts.ory) === null || _a === void 0 ? void 0 : _a.sdkToken) || !((_b = this.opts.ory) === null || _b === void 0 ? void 0 : _b.projectId)) {
+                    return false;
+                }
+                try {
+                    yield throwIfInvalidLicense(this.opts.boxyhqLicenseKey);
+                    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+                }
+                catch (err) {
+                    console.error('Ory is not enabled because of invalid license');
+                    return false;
+                }
+                this.sanitizeConfig(config, tenant);
+                return true;
+            }
+        });
+    }
+}
+//# sourceMappingURL=ory.js.map

package/dist/src/ee/ory/ory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ory.js","sourceRoot":"","sources":["../../../../src/ee/ory/ory.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,KAAqB,MAAM,OAAO,CAAC;AAC1C,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,MAAM,QAAQ,GAAG,4BAA4B,CAAC;AAC9C,MAAM,UAAU,GAAG,YAAY,CAAC;AAChC,MAAM,WAAW,GACf,2RAA2R,CAAC;AAC9R,MAAM,SAAS,GAAG,2BAA2B,CAAC;AAE9C,MAAM,OAAO,aAAa;IAIxB,YAAY,EAAE,IAAI,EAAE,iBAAiB,EAAiE;QACpG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IAC7C,CAAC;IAEO,UAAU,CAAC,MAAc,EAAE,OAAe;QAChD,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC;IAClE,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;QAC/B,CAAC;IACH,CAAC;IAEa,qBAAqB,CAAC,MAAiB,EAAE,MAAc,EAAE,OAAe;;YACpF,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,QAAQ,aAAa,MAAM,CAAC,SAAS,EAAE,EAAE;gBAC1E,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,MAAM,CAAC,QAAQ,EAAE;iBAC3C;aACF,CAAC,CAAC;YAEH,IAAI,KAAK,GAAG,GAAG,CAAC;YAChB,IAAI,CAAC;gBACH,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;oBAClG,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACtG,IAAI,QAAQ,CAAC,EAAE,KAAK,UAAU,IAAI,QAAQ,CAAC,eAAe,KAAK,MAAM,CAAC,cAAc,EAAE,CAAC;wBACrF,KAAK,GAAG,GAAG,CAAC;wBACZ,MAAM;oBACR,CAAC;gBACH,CAAC;gBACD,6DAA6D;YAC/D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,QAAQ;YACV,CAAC;YAED,MAAM,EAAE,GAAG,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAE7C,MAAM,KAAK,CAAC,KAAK,CACf,GAAG,QAAQ,wBAAwB,MAAM,CAAC,SAAS,aAAa,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,EAC1F;gBACE,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,0CAA0C,EAAE,KAAK,EAAE,IAAI,EAAE;gBAChF;oBACE,EAAE;oBACF,IAAI,EAAE,qDAAqD,KAAK,EAAE;oBAClE,KAAK,EAAE;wBACL,WAAW,EAAE,UAAU;wBACvB,QAAQ,EAAE,SAAS;wBACnB,KAAK,EAAE,KAAK;wBACZ,SAAS,EAAE,UAAU,MAAM,YAAY,OAAO,EAAE;wBAChD,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,oBAAoB;wBAC7C,eAAe,EAAE,MAAM,CAAC,cAAc;wBACtC,KAAK,EAAE,EAAE;wBACT,UAAU,EAAE,WAAW;wBACvB,6BAA6B,EAAE,EAAE;wBACjC,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;qBAChC;iBACF;aACF,EACD;gBACE,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,MAAM,CAAC,QAAQ,EAAE;iBAC3C;aACF,CACF,CAAC;QACJ,CAAC;KAAA;IAEa,kBAAkB,CAAC,MAAiB,EAAE,KAAa;;;YAC/D,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC1C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACzD,CAAC;YAED,IAAI,MAAM,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CACzB,GAAG,QAAQ,aAAa,MAAM,CAAC,SAAS,kBAAkB,MAAM,CAAC,cAAc,EAAE,EACjF;wBACE,OAAO,EAAE;4BACP,aAAa,EAAE,UAAU,MAAM,CAAC,QAAQ,EAAE;yBAC3C;qBACF,CACF,CAAC;oBACF,OAAO,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,qEAAqE;oBACrE,IAAI,CAAA,MAAC,GAAkB,CAAC,QAAQ,0CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;wBACjD,MAAM,GAAG,CAAC;oBACZ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAC1B,GAAG,QAAQ,aAAa,MAAM,CAAC,SAAS,gBAAgB,EACxD;gBACE,KAAK;gBACL,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,EACD;gBACE,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,MAAM,CAAC,QAAQ,EAAE;iBAC3C;aACF,CACF,CAAC;YACF,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,CAAC;KAAA;IAEa,cAAc,CAAC,MAAiB,EAAE,MAAc;;;YAC5D,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACrB,MAAM,CAAC,QAAQ,GAAG,MAAA,IAAI,CAAC,IAAI,CAAC,GAAG,0CAAE,QAAQ,CAAC;YAC5C,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACtB,MAAM,CAAC,SAAS,GAAG,MAAA,IAAI,CAAC,IAAI,CAAC,GAAG,0CAAE,SAAS,CAAC;YAC9C,CAAC;YACD,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC9B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IAEY,gBAAgB,CAAC,MAAiB,EAAE,MAAc,EAAE,OAAe;;YAC9E,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,CAAC;gBACrD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;YAC/F,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC;YAEvC,IAAI,KAAK,CAAC;YACV,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,KAAK,GAAG,GAAG,CAAC;YACd,CAAC;YAED,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;QACzF,CAAC;KAAA;IAEY,gBAAgB,CAAC,MAAiB,EAAE,MAAc,EAAE,OAAe;;YAC9E,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,CAAC;gBACrD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;YAE/F,IAAI,KAAK,CAAC;YACV,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,KAAK,GAAG,GAAG,CAAC;YACd,CAAC;YAED,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;QACzF,CAAC;KAAA;IAEa,SAAS,CAAC,MAAiB,EAAE,MAAc,EAAE,OAAe;;;YACxE,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAChE,IACE,CAAC,aAAa;oBACd,CAAC,aAAa,CAAC,GAAG;oBAClB,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ;oBAC3B,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,EAC5B,CAAC;oBACD,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,MAAM,CAAC,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC;gBAC7C,MAAM,CAAC,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC;gBAE/C,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAEpC,OAAO,IAAI,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,IAAI,CAAC,GAAG,0CAAE,QAAQ,CAAA,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,IAAI,CAAC,GAAG,0CAAE,SAAS,CAAA,EAAE,CAAC;oBAC1D,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,IAAI,CAAC;oBACH,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;oBACxD,6DAA6D;gBAC/D,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;oBAC/D,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBACpC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;KAAA;CACF"}

package/dist/src/ee/product/index.d.ts

@@ -0,0 +1,14 @@
+import type { Storable, JacksonOption, ProductConfig } from '../../typings';
+export declare class ProductController {
+    private productStore;
+    private opts;
+    constructor({ productStore, opts }: {
+        productStore: Storable;
+        opts: JacksonOption;
+    });
+    get(productId: string): Promise<ProductConfig>;
+    upsert(params: Partial<ProductConfig> & {
+        id: string;
+    }): Promise<void>;
+    delete(productId: string): Promise<void>;
+}

package/dist/src/ee/product/index.js

@@ -0,0 +1,45 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { JacksonError } from '../../controller/error';
+import { throwIfInvalidLicense } from '../common/checkLicense';
+export class ProductController {
+    constructor({ productStore, opts }) {
+        this.productStore = productStore;
+        this.opts = opts;
+    }
+    get(productId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield throwIfInvalidLicense(this.opts.boxyhqLicenseKey);
+            const productConfig = (yield this.productStore.get(productId));
+            // if (!productConfig) {
+            //   console.error(`Product config not found for ${productId}`);
+            // }
+            return Object.assign(Object.assign({}, productConfig), { id: productId, name: (productConfig === null || productConfig === void 0 ? void 0 : productConfig.name) || null, teamId: (productConfig === null || productConfig === void 0 ? void 0 : productConfig.teamId) || null, teamName: (productConfig === null || productConfig === void 0 ? void 0 : productConfig.teamName) || null, logoUrl: (productConfig === null || productConfig === void 0 ? void 0 : productConfig.logoUrl) || null, faviconUrl: (productConfig === null || productConfig === void 0 ? void 0 : productConfig.faviconUrl) || null, companyName: (productConfig === null || productConfig === void 0 ? void 0 : productConfig.companyName) || null, primaryColor: (productConfig === null || productConfig === void 0 ? void 0 : productConfig.primaryColor) || '#25c2a0' });
+        });
+    }
+    upsert(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield throwIfInvalidLicense(this.opts.boxyhqLicenseKey);
+            if (!('id' in params)) {
+                throw new JacksonError('Provide a product id', 400);
+            }
+            const productConfig = (yield this.productStore.get(params.id));
+            const toUpdate = productConfig ? Object.assign(Object.assign({}, productConfig), params) : params;
+            yield this.productStore.put(params.id, toUpdate);
+        });
+    }
+    delete(productId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield throwIfInvalidLicense(this.opts.boxyhqLicenseKey);
+            yield this.productStore.delete(productId);
+        });
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/src/ee/product/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/ee/product/index.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,MAAM,OAAO,iBAAiB;IAI5B,YAAY,EAAE,YAAY,EAAE,IAAI,EAAmD;QACjF,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAEY,GAAG,CAAC,SAAiB;;YAChC,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAExD,MAAM,aAAa,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAkB,CAAC;YAEhF,wBAAwB;YACxB,gEAAgE;YAChE,IAAI;YAEJ,uCACK,aAAa,KAChB,EAAE,EAAE,SAAS,EACb,IAAI,EAAE,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,IAAI,KAAI,IAAI,EACjC,MAAM,EAAE,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,MAAM,KAAI,IAAI,EACrC,QAAQ,EAAE,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,QAAQ,KAAI,IAAI,EACzC,OAAO,EAAE,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,OAAO,KAAI,IAAI,EACvC,UAAU,EAAE,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,UAAU,KAAI,IAAI,EAC7C,WAAW,EAAE,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,WAAW,KAAI,IAAI,EAC/C,YAAY,EAAE,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,YAAY,KAAI,SAAS,IACtD;QACJ,CAAC;KAAA;IAEY,MAAM,CAAC,MAA+C;;YACjE,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAExD,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,YAAY,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,aAAa,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAkB,CAAC;YAEhF,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,iCAAM,aAAa,GAAK,MAAM,EAAG,CAAC,CAAC,MAAM,CAAC;YAE1E,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QACnD,CAAC;KAAA;IAEY,MAAM,CAAC,SAAiB;;YACnC,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAExD,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;KAAA;CACF"}

package/dist/src/event/axios.d.ts

@@ -0,0 +1,2 @@
+declare const axiosInstance: any;
+export default axiosInstance;

package/dist/src/event/axios.js

@@ -0,0 +1,27 @@
+import axios from 'axios';
+const retry = 3;
+const retryDelay = 3000;
+const axiosInstance = axios.create();
+// Axios interceptors to handle the Webhook retries
+axiosInstance.interceptors.response.use(undefined, (err) => {
+    const config = err.config;
+    if (!config) {
+        return Promise.reject(err);
+    }
+    config.__retryCount = config.__retryCount || 0;
+    if (config.__retryCount >= retry) {
+        return Promise.reject(err);
+    }
+    config.__retryCount += 1;
+    const backoff = new Promise(function (resolve) {
+        setTimeout(function () {
+            resolve(1);
+        }, retryDelay);
+    });
+    return backoff.then(function () {
+        console.info(`Retrying sending webhook event to ${config.url}... Attempt ${config.__retryCount}`);
+        return axiosInstance(config);
+    });
+});
+export default axiosInstance;
+//# sourceMappingURL=axios.js.map

package/dist/src/event/axios.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"axios.js","sourceRoot":"","sources":["../../../src/event/axios.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,KAAK,GAAG,CAAC,CAAC;AAChB,MAAM,UAAU,GAAG,IAAI,CAAC;AACxB,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;AAErC,mDAAmD;AACnD,aAAa,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,GAAQ,EAAE,EAAE;IAC9D,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;IAE1B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC;IAE/C,IAAI,MAAM,CAAC,YAAY,IAAI,KAAK,EAAE,CAAC;QACjC,OAAO,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC;IAEzB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,UAAU,OAAO;QAC3C,UAAU,CAAC;YACT,OAAO,CAAC,CAAC,CAAC,CAAC;QACb,CAAC,EAAE,UAAU,CAAC,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,IAAI,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,qCAAqC,MAAM,CAAC,GAAG,eAAe,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC;QAClG,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,eAAe,aAAa,CAAC"}

package/dist/src/event/index.d.ts

@@ -0,0 +1,11 @@
+import type { Directory, JacksonOption, SAMLSSORecord, EventType, SSOConnectionEventType, Webhook, EventPayloadSchema, OIDCSSORecord } from '../typings';
+export default class Event {
+    private webhook;
+    private dsync;
+    constructor({ opts }: {
+        opts: JacksonOption;
+    });
+    notify<T extends EventType>(event: T, data: T extends SSOConnectionEventType ? SAMLSSORecord | OIDCSSORecord : Directory): Promise<any>;
+    private constructPayload;
+    sendWebhookEvent(webhook: Webhook | undefined, payload: EventPayloadSchema): Promise<any>;
+}

package/dist/src/event/index.js

@@ -0,0 +1,53 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { sendPayloadToWebhook } from './webhook';
+import { transformSAMLSSOConnection, transformDirectoryConnection, transformOIDCSSOConnection, } from './utils';
+export default class Event {
+    constructor({ opts }) {
+        this.webhook = opts.webhook;
+        this.dsync = opts.dsync;
+    }
+    notify(event, data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const payload = this.constructPayload(event, data);
+            return this.sendWebhookEvent(this.webhook, payload);
+        });
+    }
+    constructPayload(event, data) {
+        let transformedData;
+        if ('idpMetadata' in data) {
+            transformedData = transformSAMLSSOConnection(data);
+        }
+        else if ('oidcProvider' in data) {
+            transformedData = transformOIDCSSOConnection(data);
+        }
+        else {
+            transformedData = transformDirectoryConnection(data);
+        }
+        const { tenant, product } = data;
+        const payload = {
+            event,
+            tenant,
+            product,
+            data: transformedData,
+        };
+        return payload;
+    }
+    sendWebhookEvent(webhook, payload) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            if (!(webhook === null || webhook === void 0 ? void 0 : webhook.endpoint) || !webhook.secret) {
+                return;
+            }
+            return yield sendPayloadToWebhook(webhook, payload, (_a = this.dsync) === null || _a === void 0 ? void 0 : _a.debugWebhooks);
+        });
+    }
+}
+//# sourceMappingURL=index.js.map