@workos-inc/node 1.3.0 → 1.6.0

package/lib/common/exceptions/index.d.ts

@@ -1,6 +1,7 @@
-export { GenericServerException } from './generic-server.exception';
-export { NoApiKeyProvidedException } from './no-api-key-provided.exception';
-export { NotFoundException } from './not-found.exception';
-export { UnauthorizedException } from './unauthorized.exception';
-export { UnprocessableEntityException } from './unprocessable-entity.exception';
-export { OauthException } from './oauth.exception';
+export * from './generic-server.exception';
+export * from './no-api-key-provided.exception';
+export * from './not-found.exception';
+export * from './oauth.exception';
+export * from './signature-verification.exception';
+export * from './unauthorized.exception';
+export * from './unprocessable-entity.exception';

package/lib/common/exceptions/index.js

@@ -1,15 +1,19 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OauthException = exports.UnprocessableEntityException = exports.UnauthorizedException = exports.NotFoundException = exports.NoApiKeyProvidedException = exports.GenericServerException = void 0;
-var generic_server_exception_1 = require("./generic-server.exception");
-Object.defineProperty(exports, "GenericServerException", { enumerable: true, get: function () { return generic_server_exception_1.GenericServerException; } });
-var no_api_key_provided_exception_1 = require("./no-api-key-provided.exception");
-Object.defineProperty(exports, "NoApiKeyProvidedException", { enumerable: true, get: function () { return no_api_key_provided_exception_1.NoApiKeyProvidedException; } });
-var not_found_exception_1 = require("./not-found.exception");
-Object.defineProperty(exports, "NotFoundException", { enumerable: true, get: function () { return not_found_exception_1.NotFoundException; } });
-var unauthorized_exception_1 = require("./unauthorized.exception");
-Object.defineProperty(exports, "UnauthorizedException", { enumerable: true, get: function () { return unauthorized_exception_1.UnauthorizedException; } });
-var unprocessable_entity_exception_1 = require("./unprocessable-entity.exception");
-Object.defineProperty(exports, "UnprocessableEntityException", { enumerable: true, get: function () { return unprocessable_entity_exception_1.UnprocessableEntityException; } });
-var oauth_exception_1 = require("./oauth.exception");
-Object.defineProperty(exports, "OauthException", { enumerable: true, get: function () { return oauth_exception_1.OauthException; } });
+__exportStar(require("./generic-server.exception"), exports);
+__exportStar(require("./no-api-key-provided.exception"), exports);
+__exportStar(require("./not-found.exception"), exports);
+__exportStar(require("./oauth.exception"), exports);
+__exportStar(require("./signature-verification.exception"), exports);
+__exportStar(require("./unauthorized.exception"), exports);
+__exportStar(require("./unprocessable-entity.exception"), exports);

package/lib/common/exceptions/signature-verification.exception.d.ts

@@ -0,0 +1,4 @@
+export declare class SignatureVerificationException extends Error {
+    readonly name: string;
+    constructor(message: string);
+}

package/lib/common/exceptions/signature-verification.exception.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SignatureVerificationException = void 0;
+class SignatureVerificationException extends Error {
+    constructor(message) {
+        super(message || 'Signature verification failed.');
+        this.name = 'SignatureVerificationException';
+    }
+}
+exports.SignatureVerificationException = SignatureVerificationException;

package/lib/common/exceptions/unprocessable-entity.exception.js

@@ -11,7 +11,7 @@ class UnprocessableEntityException extends Error {
         this.requestID = requestID;
         this.status = 422;
         this.name = 'UnprocessableEntityException';
-        const requirement = pluralize_1.default('requirement', errors.length);
+        const requirement = (0, pluralize_1.default)('requirement', errors.length);
         this.message = `The following ${requirement} must be met:\n`;
         for (const { code } of errors) {
             this.message = this.message.concat(`\t${code}\n`);

package/lib/index.d.ts

@@ -1,9 +1,11 @@
 import { WorkOS } from './workos';
 export * from './audit-trail/interfaces';
+export * from './common/exceptions';
 export * from './common/interfaces';
 export * from './directory-sync/interfaces';
 export * from './passwordless/interfaces';
 export * from './portal/interfaces';
 export * from './sso/interfaces';
+export * from './webhooks/interfaces';
 export { WorkOS };
 export default WorkOS;

package/lib/index.js

@@ -14,10 +14,12 @@ exports.WorkOS = void 0;
 const workos_1 = require("./workos");
 Object.defineProperty(exports, "WorkOS", { enumerable: true, get: function () { return workos_1.WorkOS; } });
 __exportStar(require("./audit-trail/interfaces"), exports);
+__exportStar(require("./common/exceptions"), exports);
 __exportStar(require("./common/interfaces"), exports);
 __exportStar(require("./directory-sync/interfaces"), exports);
 __exportStar(require("./passwordless/interfaces"), exports);
 __exportStar(require("./portal/interfaces"), exports);
 __exportStar(require("./sso/interfaces"), exports);
+__exportStar(require("./webhooks/interfaces"), exports);
 // tslint:disable-next-line:no-default-export
 exports.default = workos_1.WorkOS;

package/lib/organizations/fixtures/create-organization.json

@@ -2,6 +2,7 @@
     "name": "Test Organization",
     "object": "organization",
     "id": "org_01EHT88Z8J8795GZNQ4ZP1J81T",
+    "allow_profiles_outside_organization": false,
     "domains": [
         {
             "domain": "example.com",

package/lib/organizations/fixtures/get-organization.json

@@ -2,6 +2,7 @@
     "name": "Test Organization 3",
     "object": "organization",
     "id": "org_01EHT88Z8J8795GZNQ4ZP1J81T",
+    "allow_profiles_outside_organization": false,
     "domains": [
         {
             "domain": "example.com",

package/lib/organizations/fixtures/list-organizations.json

@@ -5,6 +5,7 @@
             "object": "organization",
             "id": "org_01EHQMYV6MBK39QC5PZXHY59C3",
             "name": "example.com",
+            "allow_profiles_outside_organization": false,
             "domains": [
                 {
                     "object": "organization_domain",
@@ -17,6 +18,7 @@
             "object": "organization",
             "id": "org_01EHQMVDTC2GRAHFCCRNTSKH46",
             "name": "example2.com",
+            "allow_profiles_outside_organization": false,
             "domains": [
                 {
                     "object": "organization_domain",
@@ -29,6 +31,7 @@
             "object": "organization",
             "id": "org_01EGS4P7QR31EZ4YWD1Z1XA176",
             "name": "foo-corp.com",
+            "allow_profiles_outside_organization": false,
             "domains": [
                 {
                     "object": "organization_domain",
@@ -41,6 +44,7 @@
             "object": "organization",
             "id": "org_01EGPYFYM0Y66AHNYQG9Z63DTN",
             "name": "example3.com",
+            "allow_profiles_outside_organization": false,
             "domains": [
                 {
                     "object": "organization_domain",
@@ -53,6 +57,7 @@
             "object": "organization",
             "id": "org_01EGPJWMT2EQMK7FMPR3TBC861",
             "name": "workos.com",
+            "allow_profiles_outside_organization": false,
             "domains": [
                 {
                     "object": "organization_domain",
@@ -65,6 +70,7 @@
             "object": "organization",
             "id": "org_01EGPJ5YY5P897573GJFGGY7ZF",
             "name": "example4.com",
+            "allow_profiles_outside_organization": false,
             "domains": [
                 {
                     "object": "organization_domain",
@@ -77,6 +83,7 @@
             "object": "organization",
             "id": "org_01EGP9Z6RY2J6YE0ZV57CGEXV2",
             "name": "example5.com",
+            "allow_profiles_outside_organization": false,
             "domains": [
                 {
                     "object": "organization_domain",

package/lib/organizations/fixtures/update-organization.json

@@ -2,6 +2,7 @@
     "name": "Test Organization 2",
     "object": "organization",
     "id": "org_01EHT88Z8J8795GZNQ4ZP1J81T",
+    "allow_profiles_outside_organization": false,
     "domains": [
         {
             "domain": "example.com",

package/lib/organizations/interfaces/create-organization-options.interface.d.ts

@@ -0,0 +1,5 @@
+export interface CreateOrganizationOptions {
+    name: string;
+    allow_profiles_outside_organization?: boolean;
+    domains?: string[];
+}

package/lib/organizations/interfaces/create-organization-options.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/organizations/interfaces/index.d.ts

@@ -1,3 +1,4 @@
+export * from './create-organization-options.interface';
 export * from './list-organizations-options.interface';
 export * from './organization-domain.interface';
 export * from './organization.interface';

package/lib/organizations/interfaces/index.js

@@ -10,6 +10,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./create-organization-options.interface"), exports);
 __exportStar(require("./list-organizations-options.interface"), exports);
 __exportStar(require("./organization-domain.interface"), exports);
 __exportStar(require("./organization.interface"), exports);

package/lib/organizations/interfaces/organization.interface.d.ts

@@ -3,6 +3,7 @@ export interface Organization {
     object: 'organization';
     id: string;
     name: string;
+    allow_profiles_outside_organization: boolean;
     domains: OrganizationDomain[];
     created_at: string;
     updated_at: string;

package/lib/organizations/interfaces/update-organization-options.interface.d.ts

@@ -1,5 +1,6 @@
 export interface UpdateOrganizationOptions {
     organization: string;
     name: string;
+    allow_profiles_outside_organization?: boolean;
     domains?: string[];
 }

package/lib/organizations/organizations.d.ts

@@ -1,14 +1,11 @@
 import { List } from '../common/interfaces/list.interface';
 import { WorkOS } from '../workos';
-import { ListOrganizationsOptions, Organization, UpdateOrganizationOptions } from './interfaces';
+import { CreateOrganizationOptions, ListOrganizationsOptions, Organization, UpdateOrganizationOptions } from './interfaces';
 export declare class Organizations {
     private readonly workos;
     constructor(workos: WorkOS);
     listOrganizations(options?: ListOrganizationsOptions): Promise<List<Organization>>;
-    createOrganization({ domains, name, }: {
-        domains?: string[];
-        name: string;
-    }): Promise<Organization>;
+    createOrganization(payload: CreateOrganizationOptions): Promise<Organization>;
     deleteOrganization(id: string): Promise<void>;
     getOrganization(id: string): Promise<Organization>;
     updateOrganization(options: UpdateOrganizationOptions): Promise<Organization>;

package/lib/organizations/organizations.js

@@ -33,12 +33,9 @@ class Organizations {
             return data;
         });
     }
-    createOrganization({ domains, name, }) {
+    createOrganization(payload) {
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/organizations', {
-                domains,
-                name,
-            });
+            const { data } = yield this.workos.post('/organizations', payload);
             return data;
         });
     }

package/lib/organizations/organizations.spec.js

@@ -109,15 +109,10 @@ describe('Organizations', () => {
                 mock.onPost().reply(409, create_organization_invalid_json_1.default, {
                     'X-Request-ID': 'a-request-id',
                 });
-                try {
-                    yield workos.organizations.createOrganization({
-                        domains: ['example.com'],
-                        name: 'Test Organization',
-                    });
-                }
-                catch (error) {
-                    expect(error.message).toEqual('An Organization with the domain example.com already exists.');
-                }
+                yield expect(workos.organizations.createOrganization({
+                    domains: ['example.com'],
+                    name: 'Test Organization',
+                })).rejects.toThrowError('An Organization with the domain example.com already exists.');
             }));
         });
     });
@@ -130,6 +125,7 @@ describe('Organizations', () => {
             expect(mock.history.get[0].url).toEqual('/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T');
             expect(subject.id).toEqual('org_01EHT88Z8J8795GZNQ4ZP1J81T');
             expect(subject.name).toEqual('Test Organization 3');
+            expect(subject.allow_profiles_outside_organization).toEqual(false);
             expect(subject.domains).toHaveLength(1);
         }));
     });

package/lib/portal/portal.spec.js

@@ -52,16 +52,11 @@ describe('Portal', () => {
                 mock.onPost().reply(400, generate_link_invalid_json_1.default, {
                     'X-Request-ID': 'a-request-id',
                 });
-                try {
-                    yield workos.portal.generateLink({
-                        intent: generate_portal_link_intent_interface_1.GeneratePortalLinkIntent.SSO,
-                        organization: 'bogus-id',
-                        returnUrl: 'https://www.example.com',
-                    });
-                }
-                catch (error) {
-                    expect(error.message).toEqual('Could not find an organization with the id, bogus-id.');
-                }
+                yield expect(workos.portal.generateLink({
+                    intent: generate_portal_link_intent_interface_1.GeneratePortalLinkIntent.SSO,
+                    organization: 'bogus-id',
+                    returnUrl: 'https://www.example.com',
+                })).rejects.toThrowError('Could not find an organization with the id, bogus-id.');
             }));
         });
     });

package/lib/sso/interfaces/connection-type.enum.d.ts

@@ -1,5 +1,6 @@
 export declare enum ConnectionType {
     ADFSSAML = "ADFSSAML",
+    Auth0SAML = "Auth0SAML",
     AzureSAML = "AzureSAML",
     GenericOIDC = "GenericOIDC",
     GenericSAML = "GenericSAML",

package/lib/sso/interfaces/connection-type.enum.js

@@ -4,6 +4,7 @@ exports.ConnectionType = void 0;
 var ConnectionType;
 (function (ConnectionType) {
     ConnectionType["ADFSSAML"] = "ADFSSAML";
+    ConnectionType["Auth0SAML"] = "Auth0SAML";
     ConnectionType["AzureSAML"] = "AzureSAML";
     ConnectionType["GenericOIDC"] = "GenericOIDC";
     ConnectionType["GenericSAML"] = "GenericSAML";

package/lib/sso/interfaces/index.d.ts

@@ -2,4 +2,5 @@ export * from './authorization-url-options.interface';
 export * from './connection-type.enum';
 export * from './connection.interface';
 export * from './get-profile-and-token-options.interface';
+export * from './profile-and-token.interface';
 export * from './profile.interface';

package/lib/sso/interfaces/index.js

@@ -14,4 +14,5 @@ __exportStar(require("./authorization-url-options.interface"), exports);
 __exportStar(require("./connection-type.enum"), exports);
 __exportStar(require("./connection.interface"), exports);
 __exportStar(require("./get-profile-and-token-options.interface"), exports);
+__exportStar(require("./profile-and-token.interface"), exports);
 __exportStar(require("./profile.interface"), exports);

package/lib/sso/interfaces/profile.interface.d.ts

@@ -2,6 +2,7 @@ import { ConnectionType } from './connection-type.enum';
 export interface Profile {
     id: string;
     idp_id: string;
+    organization_id: string;
     connection_id: string;
     connection_type: ConnectionType;
     email: string;

package/lib/sso/sso.spec.js

@@ -100,6 +100,7 @@ describe('SSO', () => {
                         profile: {
                             id: 'prof_123',
                             idp_id: '123',
+                            organization_id: 'org_123',
                             connection_id: 'conn_123',
                             connection_type: 'OktaSAML',
                             email: 'foo@test.com',
@@ -132,6 +133,7 @@ describe('SSO', () => {
                 mock.onGet().reply(200, {
                     id: 'prof_123',
                     idp_id: '123',
+                    organization_id: 'org_123',
                     connection_id: 'conn_123',
                     connection_type: 'OktaSAML',
                     email: 'foo@test.com',

package/lib/webhooks/fixtures/webhook.json

@@ -0,0 +1 @@
+{ "id": "wh_123", "data": { "id": "directory_user_01FAEAJCR3ZBZ30D8BD1924TVG", "state": "active", "emails": [{ "type": "work", "value": "blair@foo-corp.com", "primary": true }], "idp_id": "00u1e8mutl6wlH3lL4x7", "object": "directory_user", "username": "blair@foo-corp.com", "last_name": "Lunceford", "first_name": "Blair", "directory_id": "directory_01F9M7F68PZP8QXP8G7X5QRHS7", "raw_attributes": { "name": { "givenName": "Blair", "familyName": "Lunceford", "middleName": "Elizabeth", "honorificPrefix": "Ms." }, "title": "Developer Success Engineer", "active": true, "emails": [{ "type": "work", "value": "blair@foo-corp.com", "primary": true }], "groups": [], "locale": "en-US", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], "userName": "blair@foo-corp.com", "addresses": [{ "region": "CO", "primary": true, "locality": "Steamboat Springs", "postalCode": "80487" }], "externalId": "00u1e8mutl6wlH3lL4x7", "displayName": "Blair Lunceford", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "manager": { "value": "2", "displayName": "Kathleen Chung" }, "division": "Engineering", "department": "Customer Success" } } }, "event": "dsync.user.created" }

package/lib/webhooks/interfaces/index.d.ts

@@ -0,0 +1 @@
+export * from './webhook.interface';

package/lib/webhooks/interfaces/index.js

@@ -0,0 +1,13 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./webhook.interface"), exports);

package/lib/webhooks/interfaces/webhook.interface.d.ts

@@ -0,0 +1,5 @@
+export interface Webhook {
+    id: string;
+    event: string;
+    data: Record<string, any>;
+}

package/lib/webhooks/interfaces/webhook.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/webhooks/webhooks.d.ts

@@ -0,0 +1,13 @@
+import { Webhook } from './interfaces/webhook.interface';
+export declare class Webhooks {
+    constructEvent({ payload, sigHeader, secret, tolerance, }: {
+        payload: unknown;
+        sigHeader: string;
+        secret: string;
+        tolerance?: number;
+    }): Webhook;
+    private verifyHeader;
+    private getTimestampAndSignatureHash;
+    private computeSignature;
+    private secureCompare;
+}

package/lib/webhooks/webhooks.js

@@ -0,0 +1,67 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Webhooks = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const exceptions_1 = require("../common/exceptions");
+class Webhooks {
+    constructEvent({ payload, sigHeader, secret, tolerance = 180, }) {
+        const options = { payload, sigHeader, secret, tolerance };
+        this.verifyHeader(options);
+        const webhookPayload = payload;
+        return webhookPayload;
+    }
+    verifyHeader({ payload, sigHeader, secret, tolerance = 180, }) {
+        const [timestamp, signatureHash] = this.getTimestampAndSignatureHash(sigHeader);
+        if (!signatureHash || Object.keys(signatureHash).length === 0) {
+            throw new exceptions_1.SignatureVerificationException('No signature hash found with expected scheme v1');
+        }
+        if (parseInt(timestamp, 10) < Date.now() - tolerance) {
+            throw new exceptions_1.SignatureVerificationException('Timestamp outside the tolerance zone');
+        }
+        const expectedSig = this.computeSignature(timestamp, payload, secret);
+        if (this.secureCompare(expectedSig, signatureHash) === false) {
+            throw new exceptions_1.SignatureVerificationException('Signature hash does not match the expected signature hash for payload');
+        }
+        return true;
+    }
+    getTimestampAndSignatureHash(sigHeader) {
+        const signature = sigHeader;
+        const [t, v1] = signature.split(',');
+        if (typeof t === 'undefined' || typeof v1 === 'undefined') {
+            throw new exceptions_1.SignatureVerificationException('Signature or timestamp missing');
+        }
+        const { 1: timestamp } = t.split('=');
+        const { 1: signatureHash } = v1.split('=');
+        return [timestamp, signatureHash];
+    }
+    computeSignature(timestamp, payload, secret) {
+        const signedPayload = `${timestamp}.${payload}`;
+        const expectedSignature = crypto_1.default
+            .createHmac('sha256', secret)
+            .update(signedPayload)
+            .digest()
+            .toString('hex');
+        return expectedSignature;
+    }
+    secureCompare(stringA, stringB) {
+        const strA = Buffer.from(stringA);
+        const strB = Buffer.from(stringB);
+        if (strA.length !== strB.length) {
+            return false;
+        }
+        if (crypto_1.default.timingSafeEqual) {
+            return crypto_1.default.timingSafeEqual(strA, strB);
+        }
+        const len = strA.length;
+        let result = 0;
+        for (let i = 0; i < len; ++i) {
+            // tslint:disable-next-line:no-bitwise
+            result |= strA[i] ^ strB[i];
+        }
+        return result === 0;
+    }
+}
+exports.Webhooks = Webhooks;

package/lib/webhooks/webhooks.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/webhooks/webhooks.spec.js

@@ -0,0 +1,154 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const crypto_1 = __importDefault(require("crypto"));
+const workos_1 = require("../workos");
+const webhook_json_1 = __importDefault(require("./fixtures/webhook.json"));
+const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
+const exceptions_1 = require("../common/exceptions");
+describe('Webhooks', () => {
+    let payload;
+    let secret;
+    let timestamp;
+    let unhashedString;
+    let signatureHash;
+    let expectation;
+    beforeEach(() => {
+        payload = webhook_json_1.default;
+        secret = 'secret';
+        timestamp = Date.now() * 1000;
+        unhashedString = `${timestamp}.${payload}`;
+        signatureHash = crypto_1.default
+            .createHmac('sha256', secret)
+            .update(unhashedString)
+            .digest()
+            .toString('hex');
+        expectation = {
+            id: 'directory_user_01FAEAJCR3ZBZ30D8BD1924TVG',
+            state: 'active',
+            emails: [
+                {
+                    type: 'work',
+                    value: 'blair@foo-corp.com',
+                    primary: true,
+                },
+            ],
+            idp_id: '00u1e8mutl6wlH3lL4x7',
+            object: 'directory_user',
+            username: 'blair@foo-corp.com',
+            last_name: 'Lunceford',
+            first_name: 'Blair',
+            directory_id: 'directory_01F9M7F68PZP8QXP8G7X5QRHS7',
+            raw_attributes: {
+                name: {
+                    givenName: 'Blair',
+                    familyName: 'Lunceford',
+                    middleName: 'Elizabeth',
+                    honorificPrefix: 'Ms.',
+                },
+                title: 'Developer Success Engineer',
+                active: true,
+                emails: [
+                    {
+                        type: 'work',
+                        value: 'blair@foo-corp.com',
+                        primary: true,
+                    },
+                ],
+                groups: [],
+                locale: 'en-US',
+                schemas: [
+                    'urn:ietf:params:scim:schemas:core:2.0:User',
+                    'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User',
+                ],
+                userName: 'blair@foo-corp.com',
+                addresses: [
+                    {
+                        region: 'CO',
+                        primary: true,
+                        locality: 'Steamboat Springs',
+                        postalCode: '80487',
+                    },
+                ],
+                externalId: '00u1e8mutl6wlH3lL4x7',
+                displayName: 'Blair Lunceford',
+                'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User': {
+                    manager: {
+                        value: '2',
+                        displayName: 'Kathleen Chung',
+                    },
+                    division: 'Engineering',
+                    department: 'Customer Success',
+                },
+            },
+        };
+    });
+    describe('constructEvent', () => {
+        describe('with the correct payload, sig_header, and secret', () => {
+            it('returns a webhook event', () => {
+                const sigHeader = `t=${timestamp}, v1=${signatureHash}`;
+                const options = { payload, sigHeader, secret };
+                const webhook = workos.webhooks.constructEvent(options);
+                expect(webhook.data).toEqual(expectation);
+                expect(webhook.event).toEqual('dsync.user.created');
+                expect(webhook.id).toEqual('wh_123');
+            });
+        });
+        describe('with the correct payload, sig_header, secret, and tolerance', () => {
+            it('returns a webhook event', () => {
+                const sigHeader = `t=${timestamp}, v1=${signatureHash}`;
+                const options = { payload, sigHeader, secret, tolerance: 200 };
+                const webhook = workos.webhooks.constructEvent(options);
+                expect(webhook.data).toEqual(expectation);
+                expect(webhook.event).toEqual('dsync.user.created');
+                expect(webhook.id).toEqual('wh_123');
+            });
+        });
+        describe('with an empty header', () => {
+            it('raises an error', () => {
+                const sigHeader = '';
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with an empty signature hash', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=${timestamp}, v1=`;
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with an incorrect signature hash', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=${timestamp}, v1=99999`;
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with an incorrect payload', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=${timestamp}, v1=${signatureHash}`;
+                payload = 'invalid';
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with an incorrect webhook secret', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=${timestamp}, v1=${signatureHash}`;
+                secret = 'invalid';
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with a timestamp outside tolerance', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=9999, v1=${signatureHash}`;
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+    });
+});

package/lib/workos.d.ts

@@ -6,6 +6,7 @@ import { Organizations } from './organizations/organizations';
 import { Passwordless } from './passwordless/passwordless';
 import { Portal } from './portal/portal';
 import { SSO } from './sso/sso';
+import { Webhooks } from './webhooks/webhooks';
 export declare class WorkOS {
     readonly key?: string | undefined;
     readonly options: WorkOSOptions;
@@ -17,6 +18,7 @@ export declare class WorkOS {
     readonly passwordless: Passwordless;
     readonly portal: Portal;
     readonly sso: SSO;
+    readonly webhooks: Webhooks;
     constructor(key?: string | undefined, options?: WorkOSOptions);
     post(path: string, entity: any, options?: PostOptions): Promise<AxiosResponse>;
     get(path: string, options?: GetOptions): Promise<AxiosResponse>;

package/lib/workos.js

@@ -21,7 +21,8 @@ const organizations_1 = require("./organizations/organizations");
 const passwordless_1 = require("./passwordless/passwordless");
 const portal_1 = require("./portal/portal");
 const sso_1 = require("./sso/sso");
-const VERSION = '1.3.0';
+const webhooks_1 = require("./webhooks/webhooks");
+const VERSION = '1.6.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 class WorkOS {
     constructor(key, options = {}) {
@@ -33,6 +34,7 @@ class WorkOS {
         this.passwordless = new passwordless_1.Passwordless(this);
         this.portal = new portal_1.Portal(this);
         this.sso = new sso_1.SSO(this);
+        this.webhooks = new webhooks_1.Webhooks();
         if (!key) {
             this.key = process.env.WORKOS_API_KEY;
             if (!this.key) {

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.3.0",
+  "version": "1.6.0",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",
@@ -9,8 +9,8 @@
     "workos"
   ],
   "volta": {
-    "node": "14.17.5",
-    "yarn": "1.22.11"
+    "node": "14.18.1",
+    "yarn": "1.22.17"
   },
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
@@ -34,20 +34,20 @@
     "prepublishOnly": "yarn run build"
   },
   "dependencies": {
-    "axios": "0.21.1",
+    "axios": "0.21.4",
     "pluralize": "8.0.0",
     "query-string": "7.0.1"
   },
   "devDependencies": {
-    "@types/jest": "26.0.24",
-    "@types/node": "14.17.9",
+    "@types/jest": "27.0.2",
+    "@types/node": "14.17.32",
     "@types/pluralize": "0.0.29",
     "axios-mock-adapter": "1.20.0",
-    "jest": "27.0.6",
-    "prettier": "2.3.2",
-    "supertest": "6.1.5",
-    "ts-jest": "27.0.4",
+    "jest": "27.3.1",
+    "prettier": "2.4.1",
+    "supertest": "6.1.6",
+    "ts-jest": "27.0.7",
     "tslint": "6.1.3",
-    "typescript": "4.3.5"
+    "typescript": "4.4.4"
   }
 }