@scalekit-sdk/node 2.2.0 → 2.2.2

package/lib/core.js

@@ -67,7 +67,7 @@ class CoreClient {
         this.clientSecret = clientSecret;
         this.keys = [];
         this.accessToken = null;
-        this.sdkVersion = `Scalekit-Node/2.2.0`;
+        this.sdkVersion = `Scalekit-Node/2.2.2`;
         this.apiVersion = "20260202";
         this.userAgent = `${this.sdkVersion} Node/${process.version} (${process.platform}; ${os_1.default.arch()})`;
         this.axios = axios_1.default.create({ baseURL: envUrl });

package/package.json

@@ -1,9 +1,15 @@
 {
-  "version": "2.2.0",
+  "version": "2.2.2",
   "name": "@scalekit-sdk/node",
   "description": "Official Scalekit Node SDK",
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
+  "files": [
+    "lib",
+    "README.md",
+    "REFERENCE.md",
+    "LICENSE"
+  ],
   "repository": {
     "type": "git",
     "url": "git+https://github.com/scalekit-inc/scalekit-sdk-node.git"
@@ -27,9 +33,9 @@
     "@bufbuild/protobuf": "^2.7.0",
     "@connectrpc/connect": "^2.1.1",
     "@connectrpc/connect-node": "^2.1.1",
-    "axios": "^1.10.0",
+    "axios": "^1.13.5",
     "jose": "^5.6.3",
-    "qs": "^6.14.1"
+    "qs": "^6.14.2"
   },
   "devDependencies": {
     "@bufbuild/buf": "^1.36.0",

package/.github/dependabot.yml

@@ -1,10 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      time: "06:00"
-      timezone: "Asia/Kolkata"
-    reviewers:
-      - "dhawani"

package/.nvmrc

@@ -1 +0,0 @@
-20.0.0

package/buf.gen.yaml

@@ -1,20 +0,0 @@
-version: v1
-plugins:
-  - plugin: es
-    path: node_modules/.bin/protoc-gen-es
-    opt: target=ts
-    out: src/pkg/grpc
-types:
-  include:
-    - scalekit.v1.errdetails
-    - scalekit.v1.connections
-    - scalekit.v1.domains
-    - scalekit.v1.organizations
-    - scalekit.v1.directories
-    - scalekit.v1.users
-    - scalekit.v1.auth.passwordless
-    - scalekit.v1.auditlogs
-    - scalekit.v1.sessions
-    - scalekit.v1.roles
-    - scalekit.v1.auth
-    - scalekit.v1.auth.webauthn

package/jest.config.js

@@ -1,15 +0,0 @@
-module.exports = {
-  verbose: true,
-  testEnvironment: 'node',
-  testPathIgnorePatterns: ['/node_modules/', '/lib/'],
-  roots: ['<rootDir>/tests'],
-  setupFilesAfterEnv: ['./tests/setup.ts'],
-  transform: {
-    '^.+\\.ts?$': 'ts-jest',
-  },
-  moduleNameMapper: {
-    '^jose': require.resolve('jose'),
-    '^(\\.{1,2}/.*)\\.js$': '$1',
-  },
-  testTimeout: 10000,
-}; 

package/src/auth.ts

@@ -1,99 +0,0 @@
-import type { JsonObject } from "@bufbuild/protobuf";
-import { create } from "@bufbuild/protobuf";
-import type { MessageShape } from "@bufbuild/protobuf";
-import { EmptySchema } from "@bufbuild/protobuf/wkt";
-import CoreClient from "./core";
-import type { Client } from "@connectrpc/connect";
-import GrpcConnect from "./connect";
-import {
-  AuthService,
-  UpdateLoginUserDetailsRequestSchema,
-  UserSchema,
-  type User,
-} from "./pkg/grpc/scalekit/v1/auth/auth_pb";
-
-/** User input for updateLoginUserDetails; customAttributes is a plain object (proto Struct → JsonObject in v2). */
-type UserInput = Partial<User> & {
-  customAttributes?: JsonObject;
-};
-
-/**
- * If you are using Auth for MCP solution of Scalekit in "Bring your own Auth" mode, this client helps updating Scalekit with the currently logged in user details for the ongoing authentication request.
- *
- *
- * @example
- * const scalekitClient = new ScalekitClient(envUrl, clientId, clientSecret);
- * const authClient = scalekitClient.auth;
- *
- * @see {@link https://docs.scalekit.com/apis/#tag/api%20auth | Authentication API Documentation}
- */
-export default class AuthClient {
-  private readonly client: Client<typeof AuthService>;
-
-  constructor(
-    private readonly grpcConnect: GrpcConnect,
-    private readonly coreClient: CoreClient
-  ) {
-    this.client = this.grpcConnect.createClient(AuthService);
-  }
-
-  /**
-   * Updates user details for an ongoing authentication request.
-   *
-   *
-   * @param {string} connectionId - The SSO connection ID being used for authentication
-   * @param {string} loginRequestId - The unique login request identifier from the auth flow
-   * @param {UserInput} user - User details to update or associate with the login request
-   * @param {string} [user.email] - User's email address
-   * @param {string} [user.sub] - Unique user identifier (subject)
-   *
-   * @returns {Promise<MessageShape<EmptySchema>>} Empty response on successful update
-   *
-   * @throws {Error} When connectionId is missing or invalid
-   * @throws {Error} When loginRequestId is missing or invalid
-   * @throws {Error} When user object is invalid
-   *
-   * @example
-   * await scalekitClient.auth.updateLoginUserDetails(
-   *   'conn_abc123',
-   *   'login_xyz789',
-   *   {
-   *     email: 'john.doe@company.com',
-   *     sub: 'unique_user_id_456',
-   *   }
-   * );
-   *
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/api%20auth | Update Login User Details API}
-   */
-  async updateLoginUserDetails(
-    connectionId: string,
-    loginRequestId: string,
-    user: UserInput
-  ): Promise<MessageShape<typeof EmptySchema>> {
-    if (!connectionId || typeof connectionId !== "string") {
-      throw new Error("connectionId must be a non-empty string");
-    }
-
-    if (!loginRequestId || typeof loginRequestId !== "string") {
-      throw new Error("loginRequestId must be a non-empty string");
-    }
-
-    if (!user || typeof user !== "object") {
-      throw new Error("user must be a valid object");
-    }
-
-    const userMessage = create(UserSchema, user as Parameters<typeof create<typeof UserSchema>>[1]);
-
-    const request = create(UpdateLoginUserDetailsRequestSchema, {
-      connectionId,
-      loginRequestId,
-      user: userMessage,
-    });
-
-    return this.coreClient.connectExec(
-      this.client.updateLoginUserDetails,
-      request
-    );
-  }
-}

package/src/connect.ts

@@ -1,32 +0,0 @@
-import type { DescService } from '@bufbuild/protobuf';
-import { type Client, type Transport, createClient } from '@connectrpc/connect';
-import { createGrpcTransport } from '@connectrpc/connect-node';
-import CoreClient, { headers } from './core';
-
-export default class GrpcConnect {
-  private transport: Transport;
-  constructor(
-    private readonly coreClient: CoreClient
-  ) {
-    this.transport = createGrpcTransport({
-      baseUrl: this.coreClient.envUrl,
-      interceptors: [
-        (next) => {
-          return (req) => {
-            req.header.set(headers['user-agent'], this.coreClient.userAgent)
-            req.header.set(headers['x-sdk-version'], this.coreClient.sdkVersion)
-            req.header.set(headers['x-api-version'], this.coreClient.apiVersion)
-            if (this.coreClient.accessToken) {
-              req.header.set(headers.authorization, `Bearer ${this.coreClient.accessToken}`)
-            }
-            return next(req)
-          }
-        }
-      ],
-    });
-  }
-
-  createClient<T extends DescService>(service: T): Client<T> {
-    return createClient(service, this.transport);
-  }
-}

package/src/connection.ts

@@ -1,267 +0,0 @@
-import type { Client } from "@connectrpc/connect";
-import GrpcConnect from "./connect";
-import CoreClient from "./core";
-import { ConnectionService } from "./pkg/grpc/scalekit/v1/connections/connections_pb";
-import {
-  GetConnectionResponse,
-  ToggleConnectionResponse,
-  ListConnectionsResponse,
-} from "./pkg/grpc/scalekit/v1/connections/connections_pb";
-
-/**
- * Client for managing enterprise SSO connections for organizations.
- *
- * Connections represent the SSO integration between an organization and their identity provider (IdP).
- * Each organization can have an enterprise connection supporting different protocols (SAML, OIDC) and
- * providers (Okta, Azure AD, Google Workspace, etc.). Use this client to retrieve connection details,
- * list connections, and enable/disable them.
- *
- * @example
- * const scalekitClient = new ScalekitClient(envUrl, clientId, clientSecret);
- * const connectionClient = scalekitClient.connection;
- *
- * @see {@link https://docs.scalekit.com/apis/#tag/connections | Connection API Documentation}
- */
-export default class ConnectionClient {
-  private client: Client<typeof ConnectionService>;
-  constructor(
-    private readonly grpcConnect: GrpcConnect,
-    private readonly coreClient: CoreClient
-  ) {
-    this.client = this.grpcConnect.createClient(ConnectionService);
-  }
-
-  /**
-   * Retrieves complete configuration and status details for a specific SSO connection.
-   *
-   * Use this method to fetch comprehensive information about an organization's SSO connection,
-   * including provider settings, protocol details (SAML/OIDC), enabled status, and configuration
-   * metadata. This is useful for verifying connection setup, auditing configurations, checking
-   * connection health before authentication flows, or displaying connection details to administrators.
-   *
-   * @param {string} organizationId - The organization ID that owns the connection (format: "org_...")
-   * @param {string} id - The connection identifier to retrieve (format: "conn_...")
-   *
-   * @returns {Promise<GetConnectionResponse>} Response containing:
-   *   - connection: Complete connection object with:
-   *     - id: Unique connection identifier
-   *     - organizationId: Parent organization ID
-   *     - provider: Identity provider name (e.g., "okta", "azure_ad", "google")
-   *     - type: Protocol type ("saml", "oidc")
-   *     - enabled: Whether the connection is active
-   *     - status: Configuration status
-   *     - domains: Associated email domains for this connection
-   *     - metadata: Provider-specific configuration details
-   *     - createTime: When the connection was created
-   *     - updateTime: When the connection was last modified
-   *
-   * @throws {Error} If the organization or connection is not found
-   *
-   * @example
-   * // Get connection details
-   * const response = await scalekitClient.connection.getConnection(
-   *   'org_123456',
-   *   'conn_abc123'
-   * );
-   *
-   * const conn = response.connection;
-   * console.log('Provider:', conn.provider);
-   * console.log('Type:', conn.type);
-   * console.log('Status:', conn.enabled ? 'Enabled' : 'Disabled');
-   * console.log('Domains:', conn.domains);
-   *
-   * @example
-   * // Verify connection is ready for authentication
-   * const response = await scalekitClient.connection.getConnection(orgId, connId);
-   *
-   * if (response.connection.enabled && response.connection.status === 'active') {
-   *   console.log('Connection is ready for SSO authentication');
-   * } else {
-   *   console.log('Connection not ready:', response.connection.status);
-   * }
-   *
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/connections | Get Connection API}
-   * @see {@link listConnections} - List all connections for an organization
-   * @see {@link enableConnection} - Enable this connection
-   * @see {@link disableConnection} - Disable this connection
-   */
-  async getConnection(
-    organizationId: string,
-    id: string
-  ): Promise<GetConnectionResponse> {
-    return this.coreClient.connectExec(this.client.getConnection, {
-      id,
-      organizationId,
-    });
-  }
-
-  /**
-   * Lists all SSO connections associated with a specific email domain.
-   *
-   * Use this method to discover which organizations have SSO configured for a particular
-   * domain. This is useful for implementing domain-based SSO routing where users are
-   * automatically directed to their organization's SSO based on their email domain.
-   *
-   * @param {string} domain - The email domain to search for (e.g., "acme.com")
-   *
-   * @returns {Promise<ListConnectionsResponse>} Response containing:
-   *   - connections: Array of connection objects for the domain
-   *
-   * @example
-   * // Find SSO connections for a domain
-   * const response = await scalekitClient.connection.listConnectionsByDomain('acme.com');
-   *
-   * if (response.connections.length > 0) {
-   *   console.log('SSO available for domain acme.com');
-   *   const connection = response.connections[0];
-   *   console.log('Organization:', connection.organizationId);
-   *   console.log('Provider:', connection.provider);
-   * }
-   *
-   * @example
-   * // Implement domain-based SSO routing
-   * app.post('/auth/login', async (req, res) => {
-   *   const email = req.body.email;
-   *   const domain = email.split('@')[1];
-   *
-   *   const response = await scalekitClient.connection.listConnectionsByDomain(domain);
-   *
-   *   if (response.connections.length > 0) {
-   *     // Redirect to SSO
-   *     const authUrl = scalekitClient.getAuthorizationUrl(redirectUri, {
-   *       connectionId: response.connections[0].id,
-   *       loginHint: email
-   *     });
-   *     return res.redirect(authUrl);
-   *   } else {
-   *     // Use password-based login
-   *     return res.render('password-login');
-   *   }
-   * });
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/connections | List Connections API}
-   * @see {@link listConnections} - List all connections for an organization
-   */
-  async listConnectionsByDomain(
-    domain: string
-  ): Promise<ListConnectionsResponse> {
-    return this.coreClient.connectExec(this.client.listConnections, {
-      domain,
-    });
-  }
-
-  /**
-   * Lists all SSO connections configured for an organization.
-   *
-   * Retrieves all enterprise SSO connections (SAML, OIDC) that have been configured for
-   * the specified organization. Each connection includes details about the provider,
-   * status, and configuration.
-   *
-   * @param {string} organizationId - The organization ID
-   *
-   * @returns {Promise<ListConnectionsResponse>} Response containing:
-   *   - connections: Array of connection objects with provider details and status
-   *
-   * @example
-   * // List all SSO connections for an organization
-   * const response = await scalekitClient.connection.listConnections('org_123456');
-   *
-   * console.log(`Found ${response.connections.length} connections`);
-   * response.connections.forEach(conn => {
-   *   console.log(`- ${conn.provider} (${conn.type}): ${conn.enabled ? 'Enabled' : 'Disabled'}`);
-   * });
-   *
-   * @example
-   * // Check if organization has any enabled connections
-   * const response = await scalekitClient.connection.listConnections('org_123456');
-   * const hasEnabledSSO = response.connections.some(conn => conn.enabled);
-   *
-   * if (!hasEnabledSSO) {
-   *   console.log('No SSO connections enabled for this organization');
-   * }
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/connections | List Connections API}
-   * @see {@link getConnection} - Get details of a specific connection
-   * @see {@link enableConnection} - Enable a connection
-   * @see {@link disableConnection} - Disable a connection
-   */
-  async listConnections(
-    organizationId: string
-  ): Promise<ListConnectionsResponse> {
-    return this.coreClient.connectExec(this.client.listConnections, {
-      organizationId,
-    });
-  }
-
-  /**
-   * Enables an SSO connection for an organization.
-   *
-   * Activates a previously disabled or newly configured SSO connection, allowing users
-   * from the organization to authenticate using this identity provider. Once enabled,
-   * users can immediately start using SSO to log in.
-   *
-   * @param {string} organizationId - The organization ID
-   * @param {string} id - The connection ID to enable
-   *
-   * @returns {Promise<ToggleConnectionResponse>} Response with updated connection status
-   *
-   * @example
-   * // Enable an SSO connection
-   * const response = await scalekitClient.connection.enableConnection(
-   *   'org_123456',
-   *   'conn_abc123'
-   * );
-   *
-   * console.log('Connection enabled:', response.connection.enabled); // true
-   *
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/connections | Enable Connection API}
-   * @see {@link disableConnection} - Disable a connection
-   * @see {@link listConnections} - List all connections
-   */
-  async enableConnection(
-    organizationId: string,
-    id: string
-  ): Promise<ToggleConnectionResponse> {
-    return this.coreClient.connectExec(this.client.enableConnection, {
-      id,
-      organizationId,
-    });
-  }
-
-  /**
-   * Disables an SSO connection for an organization.
-   *
-   * Deactivates an SSO connection, preventing users from authenticating via this identity
-   * provider. This is useful for temporarily suspending SSO access, during maintenance,
-   * or when migrating to a different provider. Existing user sessions remain valid.
-   *
-   * @param {string} organizationId - The organization ID
-   * @param {string} id - The connection ID to disable
-   *
-   * @returns {Promise<ToggleConnectionResponse>} Response with updated connection status
-   *
-   * @example
-   * // Disable an SSO connection
-   * const response = await scalekitClient.connection.disableConnection(
-   *   'org_123456',
-   *   'conn_abc123'
-   * );
-   *
-   * console.log('Connection disabled:', !response.connection.enabled); // true
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/connections | Disable Connection API}
-   * @see {@link enableConnection} - Enable a connection
-   * @see {@link listConnections} - List all connections
-   */
-  async disableConnection(
-    organizationId: string,
-    id: string
-  ): Promise<ToggleConnectionResponse> {
-    return this.coreClient.connectExec(this.client.disableConnection, {
-      id,
-      organizationId,
-    });
-  }
-}

package/src/constants/user.ts

@@ -1,22 +0,0 @@
-import type { IdTokenClaim, User } from '../types/auth';
-
-export const IdTokenClaimToUserMap: { [k in keyof IdTokenClaim]: keyof User } = {
-  "sub": "id",
-  "name": "name",
-  "preferred_username": "username",
-  "given_name": "givenName",
-  "family_name": "familyName",
-  "email": "email",
-  "email_verified": "emailVerified",
-  "phone_number": "phoneNumber",
-  "phone_number_verified": "phoneNumberVerified",
-  "profile": 'profile',
-  "picture": "picture",
-  "gender": "gender",
-  "birthdate": "birthDate",
-  "zoneinfo": "zoneInfo",
-  "locale": "locale",
-  "updated_at": "updatedAt",
-  "identities": "identities",
-  "metadata": "metadata"
-}

package/src/core.ts

@@ -1,139 +0,0 @@
-import { Code, ConnectError } from "@connectrpc/connect";
-import axios, { Axios, AxiosError, AxiosResponse, HttpStatusCode } from "axios";
-import { JWK } from "jose";
-import os from "os";
-import QueryString from "qs";
-import { GrantType } from "./types/scalekit";
-import { TokenResponse } from "./types/auth";
-import {
-  ScalekitException,
-  ScalekitServerException,
-} from "./errors/base-exception";
-
-export const headers = {
-  "user-agent": "user-agent",
-  "x-sdk-version": "x-sdk-version",
-  "x-api-version": "x-api-version",
-  authorization: "authorization",
-};
-
-const tokenEndpoint = "oauth/token";
-const jwksEndpoint = "keys";
-export default class CoreClient {
-  public keys: JWK[] = [];
-  public accessToken: string | null = null;
-  public axios: Axios;
-  public sdkVersion = `Scalekit-Node/2.2.0`;
-  public apiVersion = "20260202";
-  public userAgent = `${this.sdkVersion} Node/${process.version} (${
-    process.platform
-  }; ${os.arch()})`;
-  constructor(
-    readonly envUrl: string,
-    readonly clientId: string,
-    readonly clientSecret: string
-  ) {
-    this.axios = axios.create({ baseURL: envUrl });
-    this.axios.interceptors.request.use((config) => {
-      config.headers[headers["user-agent"]] = this.userAgent;
-      config.headers[headers["x-sdk-version"]] = this.sdkVersion;
-      config.headers[headers["x-api-version"]] = this.apiVersion;
-      if (this.accessToken) {
-        config.headers[headers.authorization] = `Bearer ${this.accessToken}`;
-      }
-
-      return config;
-    });
-    // removing token creation at the time of constructor and instead letting the retry functionality handle generating a token whenever required.
-    //this.authenticateClient();
-  }
-
-  private async authenticateClient() {
-    const res = await this.authenticate(
-      QueryString.stringify({
-        grant_type: GrantType.ClientCredentials,
-        client_id: this.clientId,
-        client_secret: this.clientSecret,
-      })
-    );
-
-    this.accessToken = res.data.access_token;
-  }
-  /**
-   * Authenticate with the code
-   * @param {string} data Data to authenticate
-   * @returns {Promise<AxiosResponse<TokenResponse>>} Returns access token and id token
-   */
-  async authenticate(data: string): Promise<AxiosResponse<TokenResponse, any>> {
-    return this.axios.post<TokenResponse>(tokenEndpoint, data, {
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-    });
-  }
-
-  /**
-   * Get the JWKS from the server and store it in the client instance
-   * @returns {Promise<void>} Returns nothing
-   */
-  async getJwks(): Promise<void> {
-    if (this.keys.length) {
-      return Promise.resolve();
-    }
-    const {
-      data: { keys },
-    } = await this.axios.get<{ keys: JWK[] }>(jwksEndpoint);
-    this.keys = keys;
-  }
-
-  /**
-   * Execute a function with error handling and retry logic
-   * @param fn Function to execute
-   * @param data Data to pass to the function
-   * @param retryLeft Number of retries left
-   * @returns {Promise<TResponse>} Returns the response
-   */
-  async connectExec<TRequest, TResponse>(
-    fn: (request: TRequest) => Promise<TResponse>,
-    data: TRequest,
-    retryLeft: number = 1
-  ): Promise<TResponse> {
-    try {
-      const res = await fn(data);
-      return res;
-    } catch (error) {
-      // Handle gRPC Connect errors
-      if (error instanceof ConnectError) {
-        if (retryLeft > 0) {
-          const serverException = new ScalekitServerException(error);
-          if (serverException.httpStatus === 401) {
-            await this.authenticateClient();
-            return this.connectExec(fn, data, retryLeft - 1);
-          }
-        }
-        throw ScalekitServerException.promote(error);
-      }
-      // Handle HTTP/Axios errors
-      if (error instanceof AxiosError) {
-        if (error.response) {
-          if (retryLeft > 0) {
-            const serverException = new ScalekitServerException(error.response);
-            if (serverException.httpStatus === 401) {
-              await this.authenticateClient();
-              return this.connectExec(fn, data, retryLeft - 1);
-            }
-          }
-          throw ScalekitServerException.promote(error.response);
-        } else {
-          throw new ScalekitException(error);
-        }
-      }
-      // Handle existing ScalekitException instances
-      if (error instanceof ScalekitException) {
-        throw error;
-      }
-      // Handle generic errors
-      throw new ScalekitException(error);
-    }
-  }
-}