@workos-inc/node 1.4.0 → 2.1.0

package/lib/audit-trail/audit-trail.spec.js

@@ -127,7 +127,7 @@ describe('AuditTrail', () => {
                             },
                         },
                     ],
-                    listMetadata: { before: null, after: null },
+                    list_metadata: { before: null, after: null },
                 });
                 const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
                 const events = yield workos.auditTrail.listEvents();
@@ -159,7 +159,7 @@ describe('AuditTrail', () => {
                             },
                         },
                     ],
-                    listMetadata: { before: null, after: null },
+                    list_metadata: { before: null, after: null },
                 });
                 const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
                 const events = yield workos.auditTrail.listEvents({

package/lib/common/exceptions/index.d.ts

@@ -1,6 +1,7 @@
-export { GenericServerException } from './generic-server.exception';
-export { NoApiKeyProvidedException } from './no-api-key-provided.exception';
-export { NotFoundException } from './not-found.exception';
-export { UnauthorizedException } from './unauthorized.exception';
-export { UnprocessableEntityException } from './unprocessable-entity.exception';
-export { OauthException } from './oauth.exception';
+export * from './generic-server.exception';
+export * from './no-api-key-provided.exception';
+export * from './not-found.exception';
+export * from './oauth.exception';
+export * from './signature-verification.exception';
+export * from './unauthorized.exception';
+export * from './unprocessable-entity.exception';

package/lib/common/exceptions/index.js

@@ -1,15 +1,19 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OauthException = exports.UnprocessableEntityException = exports.UnauthorizedException = exports.NotFoundException = exports.NoApiKeyProvidedException = exports.GenericServerException = void 0;
-var generic_server_exception_1 = require("./generic-server.exception");
-Object.defineProperty(exports, "GenericServerException", { enumerable: true, get: function () { return generic_server_exception_1.GenericServerException; } });
-var no_api_key_provided_exception_1 = require("./no-api-key-provided.exception");
-Object.defineProperty(exports, "NoApiKeyProvidedException", { enumerable: true, get: function () { return no_api_key_provided_exception_1.NoApiKeyProvidedException; } });
-var not_found_exception_1 = require("./not-found.exception");
-Object.defineProperty(exports, "NotFoundException", { enumerable: true, get: function () { return not_found_exception_1.NotFoundException; } });
-var unauthorized_exception_1 = require("./unauthorized.exception");
-Object.defineProperty(exports, "UnauthorizedException", { enumerable: true, get: function () { return unauthorized_exception_1.UnauthorizedException; } });
-var unprocessable_entity_exception_1 = require("./unprocessable-entity.exception");
-Object.defineProperty(exports, "UnprocessableEntityException", { enumerable: true, get: function () { return unprocessable_entity_exception_1.UnprocessableEntityException; } });
-var oauth_exception_1 = require("./oauth.exception");
-Object.defineProperty(exports, "OauthException", { enumerable: true, get: function () { return oauth_exception_1.OauthException; } });
+__exportStar(require("./generic-server.exception"), exports);
+__exportStar(require("./no-api-key-provided.exception"), exports);
+__exportStar(require("./not-found.exception"), exports);
+__exportStar(require("./oauth.exception"), exports);
+__exportStar(require("./signature-verification.exception"), exports);
+__exportStar(require("./unauthorized.exception"), exports);
+__exportStar(require("./unprocessable-entity.exception"), exports);

package/lib/common/exceptions/signature-verification.exception.d.ts

@@ -0,0 +1,4 @@
+export declare class SignatureVerificationException extends Error {
+    readonly name: string;
+    constructor(message: string);
+}

package/lib/common/exceptions/signature-verification.exception.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SignatureVerificationException = void 0;
+class SignatureVerificationException extends Error {
+    constructor(message) {
+        super(message || 'Signature verification failed.');
+        this.name = 'SignatureVerificationException';
+    }
+}
+exports.SignatureVerificationException = SignatureVerificationException;

package/lib/common/interfaces/list.interface.d.ts

@@ -1,6 +1,7 @@
 export interface List<T> {
+    readonly object: 'list';
     data: T[];
-    listMetadata: {
+    list_metadata: {
         before?: string;
         after?: string;
     };

package/lib/directory-sync/directory-sync.d.ts

@@ -10,6 +10,7 @@ export declare class DirectorySync {
     private readonly workos;
     constructor(workos: WorkOS);
     listDirectories(options?: ListDirectoriesOptions): Promise<List<Directory>>;
+    getDirectory(id: string): Promise<Directory>;
     deleteDirectory(id: string): Promise<void>;
     listGroups(options: ListGroupsOptions): Promise<List<Group>>;
     listUsers<TCustomAttributes extends object = DefaultCustomAttributes>(options: ListUsersOptions): Promise<List<UserWithGroups<TCustomAttributes>>>;

package/lib/directory-sync/directory-sync.js

@@ -22,6 +22,12 @@ class DirectorySync {
             return data;
         });
     }
+    getDirectory(id) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { data } = yield this.workos.get(`/directories/${id}`);
+            return data;
+        });
+    }
     deleteDirectory(id) {
         return __awaiter(this, void 0, void 0, function* () {
             yield this.workos.delete(`/directories/${id}`);

package/lib/directory-sync/directory-sync.spec.js

@@ -33,6 +33,14 @@ describe('DirectorySync', () => {
             }));
         });
     });
+    describe('getDirectory', () => {
+        it(`requests a Directory`, () => __awaiter(void 0, void 0, void 0, function* () {
+            mock.onGet().reply(200, {});
+            const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
+            yield workos.directorySync.getDirectory('directory_123');
+            expect(mock.history.get[0].url).toEqual('/directories/directory_123');
+        }));
+    });
     describe('deleteDirectory', () => {
         it('sends a request to delete the directory', () => __awaiter(void 0, void 0, void 0, function* () {
             mock.onDelete().reply(202, {});

package/lib/directory-sync/interfaces/directory.interface.d.ts

@@ -5,7 +5,7 @@ export interface Directory {
     external_key: string;
     name: string;
     environment_id: string;
-    organization_id: string;
+    organization_id?: string;
     state: 'unlinked' | 'linked' | 'invalid_credentials';
     type: string;
     created_at: string;

package/lib/directory-sync/interfaces/user.interface.d.ts

@@ -13,7 +13,7 @@ export interface User<TCustomAttributes extends object = DefaultCustomAttributes
     }[];
     username: string;
     last_name: string;
-    state: 'active' | 'suspended';
+    state: 'active' | 'inactive' | 'suspended';
 }
 export interface UserWithGroups<TCustomAttributes extends object = DefaultCustomAttributes> extends User<TCustomAttributes> {
     groups: Group[];

package/lib/index.d.ts

@@ -1,9 +1,11 @@
 import { WorkOS } from './workos';
 export * from './audit-trail/interfaces';
+export * from './common/exceptions';
 export * from './common/interfaces';
 export * from './directory-sync/interfaces';
 export * from './passwordless/interfaces';
 export * from './portal/interfaces';
 export * from './sso/interfaces';
+export * from './webhooks/interfaces';
 export { WorkOS };
 export default WorkOS;

package/lib/index.js

@@ -14,10 +14,12 @@ exports.WorkOS = void 0;
 const workos_1 = require("./workos");
 Object.defineProperty(exports, "WorkOS", { enumerable: true, get: function () { return workos_1.WorkOS; } });
 __exportStar(require("./audit-trail/interfaces"), exports);
+__exportStar(require("./common/exceptions"), exports);
 __exportStar(require("./common/interfaces"), exports);
 __exportStar(require("./directory-sync/interfaces"), exports);
 __exportStar(require("./passwordless/interfaces"), exports);
 __exportStar(require("./portal/interfaces"), exports);
 __exportStar(require("./sso/interfaces"), exports);
+__exportStar(require("./webhooks/interfaces"), exports);
 // tslint:disable-next-line:no-default-export
 exports.default = workos_1.WorkOS;

package/lib/organizations/fixtures/list-organizations.json

@@ -93,5 +93,5 @@
             ]
         }
     ],
-    "listMetadata": { "before": "before-id", "after": null }
+    "list_metadata": { "before": "before-id", "after": null }
 }

package/lib/organizations/organizations.spec.js

@@ -28,7 +28,7 @@ describe('Organizations', () => {
         describe('without any options', () => {
             it('returns organizations and metadata', () => __awaiter(void 0, void 0, void 0, function* () {
                 mock.onGet().reply(200, list_organizations_json_1.default);
-                const { data, listMetadata } = yield workos.organizations.listOrganizations();
+                const { data, list_metadata: listMetadata } = yield workos.organizations.listOrganizations();
                 expect(mock.history.get[0].params).toBeUndefined();
                 expect(mock.history.get[0].url).toEqual('/organizations');
                 expect(data).toHaveLength(7);

package/lib/sso/interfaces/connection-type.enum.d.ts

@@ -1,5 +1,6 @@
 export declare enum ConnectionType {
     ADFSSAML = "ADFSSAML",
+    Auth0SAML = "Auth0SAML",
     AzureSAML = "AzureSAML",
     GenericOIDC = "GenericOIDC",
     GenericSAML = "GenericSAML",

package/lib/sso/interfaces/connection-type.enum.js

@@ -4,6 +4,7 @@ exports.ConnectionType = void 0;
 var ConnectionType;
 (function (ConnectionType) {
     ConnectionType["ADFSSAML"] = "ADFSSAML";
+    ConnectionType["Auth0SAML"] = "Auth0SAML";
     ConnectionType["AzureSAML"] = "AzureSAML";
     ConnectionType["GenericOIDC"] = "GenericOIDC";
     ConnectionType["GenericSAML"] = "GenericSAML";

package/lib/sso/interfaces/connection.interface.d.ts

@@ -7,7 +7,7 @@ export interface ConnectionDomain {
 export interface Connection {
     object: 'connection';
     id: string;
-    organization_id: string;
+    organization_id?: string;
     name: string;
     connection_type: ConnectionType;
     state: 'draft' | 'active' | 'inactive';

package/lib/sso/interfaces/profile.interface.d.ts

@@ -2,7 +2,7 @@ import { ConnectionType } from './connection-type.enum';
 export interface Profile {
     id: string;
     idp_id: string;
-    organization_id: string;
+    organization_id?: string;
     connection_id: string;
     connection_type: ConnectionType;
     email: string;

package/lib/webhooks/fixtures/webhook.json

@@ -0,0 +1 @@
+{ "id": "wh_123", "data": { "id": "directory_user_01FAEAJCR3ZBZ30D8BD1924TVG", "state": "active", "emails": [{ "type": "work", "value": "blair@foo-corp.com", "primary": true }], "idp_id": "00u1e8mutl6wlH3lL4x7", "object": "directory_user", "username": "blair@foo-corp.com", "last_name": "Lunceford", "first_name": "Blair", "directory_id": "directory_01F9M7F68PZP8QXP8G7X5QRHS7", "raw_attributes": { "name": { "givenName": "Blair", "familyName": "Lunceford", "middleName": "Elizabeth", "honorificPrefix": "Ms." }, "title": "Developer Success Engineer", "active": true, "emails": [{ "type": "work", "value": "blair@foo-corp.com", "primary": true }], "groups": [], "locale": "en-US", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], "userName": "blair@foo-corp.com", "addresses": [{ "region": "CO", "primary": true, "locality": "Steamboat Springs", "postalCode": "80487" }], "externalId": "00u1e8mutl6wlH3lL4x7", "displayName": "Blair Lunceford", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "manager": { "value": "2", "displayName": "Kathleen Chung" }, "division": "Engineering", "department": "Customer Success" } } }, "event": "dsync.user.created" }

package/lib/webhooks/interfaces/index.d.ts

@@ -0,0 +1,2 @@
+export * from './webhook.interface';
+export * from './webhook-directory.interface';

package/lib/webhooks/interfaces/index.js

@@ -0,0 +1,14 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./webhook.interface"), exports);
+__exportStar(require("./webhook-directory.interface"), exports);

package/lib/webhooks/interfaces/webhook-directory.interface.d.ts

@@ -0,0 +1,4 @@
+import { Directory } from '../../directory-sync/interfaces';
+export interface WebhookDirectory extends Omit<Directory, 'state'> {
+    state: 'active' | 'validating' | 'invalid_credentials' | 'inactive' | 'deleting';
+}

package/lib/webhooks/interfaces/webhook-directory.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/webhooks/interfaces/webhook.interface.d.ts

@@ -0,0 +1,78 @@
+import { Group, User } from '../../directory-sync/interfaces';
+import { Connection } from '../../sso/interfaces';
+import { WebhookDirectory as Directory } from './webhook-directory.interface';
+interface WebhookBase {
+    id: string;
+}
+export interface ConnectionActivatedWebhook extends WebhookBase {
+    event: 'connection.activated';
+    data: Connection;
+}
+export interface ConnectionDeactivatedWebhook extends WebhookBase {
+    event: 'connection.deactivated';
+    data: Connection;
+}
+export interface ConnectionDeletedWebhook extends WebhookBase {
+    event: 'connection.deleted';
+    data: Connection;
+}
+export interface DsyncActivatedWebhook extends WebhookBase {
+    event: 'dsync.activated';
+    data: Directory;
+}
+export interface DsyncDeactivatedWebhook extends WebhookBase {
+    event: 'dsync.deactivated';
+    data: Directory;
+}
+export interface DsyncDeletedWebhook extends WebhookBase {
+    event: 'dsync.deleted';
+    data: Directory;
+}
+export interface DsyncGroupCreatedWebhook extends WebhookBase {
+    event: 'dsync.group.created';
+    data: Group & {
+        directory_id: string;
+    };
+}
+export interface DsyncGroupDeletedWebhook extends WebhookBase {
+    event: 'dsync.group.deleted';
+    data: Group & {
+        directory_id: string;
+    };
+}
+export interface DsyncGroupUpdatedWebhook extends WebhookBase {
+    event: 'dsync.group.updated';
+    data: Group & {
+        directory_id: string;
+    };
+}
+export interface DsyncGroupUserAddedWebhook extends WebhookBase {
+    event: 'dsync.group.user_added';
+    data: {
+        directory_id: string;
+        user: User;
+        group: Group;
+    };
+}
+export interface DsyncGroupUserRemovedWebhook extends WebhookBase {
+    event: 'dsync.group.user_removed';
+    data: {
+        directory_id: string;
+        user: User;
+        group: Group;
+    };
+}
+export interface DsyncUserCreatedWebhook extends WebhookBase {
+    event: 'dsync.user.created';
+    data: User;
+}
+export interface DsyncUserDeletedWebhook extends WebhookBase {
+    event: 'dsync.user.deleted';
+    data: User;
+}
+export interface DsyncUserUpdatedWebhook extends WebhookBase {
+    event: 'dsync.user.updated';
+    data: User;
+}
+export declare type Webhook = ConnectionActivatedWebhook | ConnectionDeactivatedWebhook | ConnectionDeletedWebhook | DsyncActivatedWebhook | DsyncDeactivatedWebhook | DsyncDeletedWebhook | DsyncGroupCreatedWebhook | DsyncGroupUpdatedWebhook | DsyncGroupDeletedWebhook | DsyncGroupUserAddedWebhook | DsyncGroupUserRemovedWebhook | DsyncUserCreatedWebhook | DsyncUserUpdatedWebhook | DsyncUserDeletedWebhook;
+export {};

package/lib/webhooks/interfaces/webhook.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/webhooks/webhooks.d.ts

@@ -0,0 +1,13 @@
+import { Webhook } from './interfaces/webhook.interface';
+export declare class Webhooks {
+    constructEvent({ payload, sigHeader, secret, tolerance, }: {
+        payload: unknown;
+        sigHeader: string;
+        secret: string;
+        tolerance?: number;
+    }): Webhook;
+    private verifyHeader;
+    private getTimestampAndSignatureHash;
+    private computeSignature;
+    private secureCompare;
+}

package/lib/webhooks/webhooks.js

@@ -0,0 +1,67 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Webhooks = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const exceptions_1 = require("../common/exceptions");
+class Webhooks {
+    constructEvent({ payload, sigHeader, secret, tolerance = 180, }) {
+        const options = { payload, sigHeader, secret, tolerance };
+        this.verifyHeader(options);
+        const webhookPayload = payload;
+        return webhookPayload;
+    }
+    verifyHeader({ payload, sigHeader, secret, tolerance = 180, }) {
+        const [timestamp, signatureHash] = this.getTimestampAndSignatureHash(sigHeader);
+        if (!signatureHash || Object.keys(signatureHash).length === 0) {
+            throw new exceptions_1.SignatureVerificationException('No signature hash found with expected scheme v1');
+        }
+        if (parseInt(timestamp, 10) < Date.now() - tolerance) {
+            throw new exceptions_1.SignatureVerificationException('Timestamp outside the tolerance zone');
+        }
+        const expectedSig = this.computeSignature(timestamp, payload, secret);
+        if (this.secureCompare(expectedSig, signatureHash) === false) {
+            throw new exceptions_1.SignatureVerificationException('Signature hash does not match the expected signature hash for payload');
+        }
+        return true;
+    }
+    getTimestampAndSignatureHash(sigHeader) {
+        const signature = sigHeader;
+        const [t, v1] = signature.split(',');
+        if (typeof t === 'undefined' || typeof v1 === 'undefined') {
+            throw new exceptions_1.SignatureVerificationException('Signature or timestamp missing');
+        }
+        const { 1: timestamp } = t.split('=');
+        const { 1: signatureHash } = v1.split('=');
+        return [timestamp, signatureHash];
+    }
+    computeSignature(timestamp, payload, secret) {
+        const signedPayload = `${timestamp}.${payload}`;
+        const expectedSignature = crypto_1.default
+            .createHmac('sha256', secret)
+            .update(signedPayload)
+            .digest()
+            .toString('hex');
+        return expectedSignature;
+    }
+    secureCompare(stringA, stringB) {
+        const strA = Buffer.from(stringA);
+        const strB = Buffer.from(stringB);
+        if (strA.length !== strB.length) {
+            return false;
+        }
+        if (crypto_1.default.timingSafeEqual) {
+            return crypto_1.default.timingSafeEqual(strA, strB);
+        }
+        const len = strA.length;
+        let result = 0;
+        for (let i = 0; i < len; ++i) {
+            // tslint:disable-next-line:no-bitwise
+            result |= strA[i] ^ strB[i];
+        }
+        return result === 0;
+    }
+}
+exports.Webhooks = Webhooks;

package/lib/webhooks/webhooks.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/webhooks/webhooks.spec.js

@@ -0,0 +1,154 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const crypto_1 = __importDefault(require("crypto"));
+const workos_1 = require("../workos");
+const webhook_json_1 = __importDefault(require("./fixtures/webhook.json"));
+const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
+const exceptions_1 = require("../common/exceptions");
+describe('Webhooks', () => {
+    let payload;
+    let secret;
+    let timestamp;
+    let unhashedString;
+    let signatureHash;
+    let expectation;
+    beforeEach(() => {
+        payload = webhook_json_1.default;
+        secret = 'secret';
+        timestamp = Date.now() * 1000;
+        unhashedString = `${timestamp}.${payload}`;
+        signatureHash = crypto_1.default
+            .createHmac('sha256', secret)
+            .update(unhashedString)
+            .digest()
+            .toString('hex');
+        expectation = {
+            id: 'directory_user_01FAEAJCR3ZBZ30D8BD1924TVG',
+            state: 'active',
+            emails: [
+                {
+                    type: 'work',
+                    value: 'blair@foo-corp.com',
+                    primary: true,
+                },
+            ],
+            idp_id: '00u1e8mutl6wlH3lL4x7',
+            object: 'directory_user',
+            username: 'blair@foo-corp.com',
+            last_name: 'Lunceford',
+            first_name: 'Blair',
+            directory_id: 'directory_01F9M7F68PZP8QXP8G7X5QRHS7',
+            raw_attributes: {
+                name: {
+                    givenName: 'Blair',
+                    familyName: 'Lunceford',
+                    middleName: 'Elizabeth',
+                    honorificPrefix: 'Ms.',
+                },
+                title: 'Developer Success Engineer',
+                active: true,
+                emails: [
+                    {
+                        type: 'work',
+                        value: 'blair@foo-corp.com',
+                        primary: true,
+                    },
+                ],
+                groups: [],
+                locale: 'en-US',
+                schemas: [
+                    'urn:ietf:params:scim:schemas:core:2.0:User',
+                    'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User',
+                ],
+                userName: 'blair@foo-corp.com',
+                addresses: [
+                    {
+                        region: 'CO',
+                        primary: true,
+                        locality: 'Steamboat Springs',
+                        postalCode: '80487',
+                    },
+                ],
+                externalId: '00u1e8mutl6wlH3lL4x7',
+                displayName: 'Blair Lunceford',
+                'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User': {
+                    manager: {
+                        value: '2',
+                        displayName: 'Kathleen Chung',
+                    },
+                    division: 'Engineering',
+                    department: 'Customer Success',
+                },
+            },
+        };
+    });
+    describe('constructEvent', () => {
+        describe('with the correct payload, sig_header, and secret', () => {
+            it('returns a webhook event', () => {
+                const sigHeader = `t=${timestamp}, v1=${signatureHash}`;
+                const options = { payload, sigHeader, secret };
+                const webhook = workos.webhooks.constructEvent(options);
+                expect(webhook.data).toEqual(expectation);
+                expect(webhook.event).toEqual('dsync.user.created');
+                expect(webhook.id).toEqual('wh_123');
+            });
+        });
+        describe('with the correct payload, sig_header, secret, and tolerance', () => {
+            it('returns a webhook event', () => {
+                const sigHeader = `t=${timestamp}, v1=${signatureHash}`;
+                const options = { payload, sigHeader, secret, tolerance: 200 };
+                const webhook = workos.webhooks.constructEvent(options);
+                expect(webhook.data).toEqual(expectation);
+                expect(webhook.event).toEqual('dsync.user.created');
+                expect(webhook.id).toEqual('wh_123');
+            });
+        });
+        describe('with an empty header', () => {
+            it('raises an error', () => {
+                const sigHeader = '';
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with an empty signature hash', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=${timestamp}, v1=`;
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with an incorrect signature hash', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=${timestamp}, v1=99999`;
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with an incorrect payload', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=${timestamp}, v1=${signatureHash}`;
+                payload = 'invalid';
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with an incorrect webhook secret', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=${timestamp}, v1=${signatureHash}`;
+                secret = 'invalid';
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+        describe('with a timestamp outside tolerance', () => {
+            it('raises an error', () => {
+                const sigHeader = `t=9999, v1=${signatureHash}`;
+                const options = { payload, sigHeader, secret };
+                expect(() => workos.webhooks.constructEvent(options)).toThrowError(exceptions_1.SignatureVerificationException);
+            });
+        });
+    });
+});

package/lib/workos.d.ts

@@ -6,6 +6,7 @@ import { Organizations } from './organizations/organizations';
 import { Passwordless } from './passwordless/passwordless';
 import { Portal } from './portal/portal';
 import { SSO } from './sso/sso';
+import { Webhooks } from './webhooks/webhooks';
 export declare class WorkOS {
     readonly key?: string | undefined;
     readonly options: WorkOSOptions;
@@ -17,6 +18,7 @@ export declare class WorkOS {
     readonly passwordless: Passwordless;
     readonly portal: Portal;
     readonly sso: SSO;
+    readonly webhooks: Webhooks;
     constructor(key?: string | undefined, options?: WorkOSOptions);
     post(path: string, entity: any, options?: PostOptions): Promise<AxiosResponse>;
     get(path: string, options?: GetOptions): Promise<AxiosResponse>;

package/lib/workos.js

@@ -21,7 +21,8 @@ const organizations_1 = require("./organizations/organizations");
 const passwordless_1 = require("./passwordless/passwordless");
 const portal_1 = require("./portal/portal");
 const sso_1 = require("./sso/sso");
-const VERSION = '1.4.0';
+const webhooks_1 = require("./webhooks/webhooks");
+const VERSION = '2.1.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 class WorkOS {
     constructor(key, options = {}) {
@@ -33,6 +34,7 @@ class WorkOS {
         this.passwordless = new passwordless_1.Passwordless(this);
         this.portal = new portal_1.Portal(this);
         this.sso = new sso_1.SSO(this);
+        this.webhooks = new webhooks_1.Webhooks();
         if (!key) {
             this.key = process.env.WORKOS_API_KEY;
             if (!this.key) {

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.4.0",
+  "version": "2.1.0",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",
@@ -9,8 +9,8 @@
     "workos"
   ],
   "volta": {
-    "node": "14.17.6",
-    "yarn": "1.22.11"
+    "node": "14.18.1",
+    "yarn": "1.22.17"
   },
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
@@ -40,14 +40,14 @@
   },
   "devDependencies": {
     "@types/jest": "27.0.2",
-    "@types/node": "14.17.17",
+    "@types/node": "14.17.32",
     "@types/pluralize": "0.0.29",
     "axios-mock-adapter": "1.20.0",
-    "jest": "27.2.1",
+    "jest": "27.3.1",
     "prettier": "2.4.1",
     "supertest": "6.1.6",
-    "ts-jest": "27.0.5",
+    "ts-jest": "27.0.7",
     "tslint": "6.1.3",
-    "typescript": "4.4.3"
+    "typescript": "4.4.4"
   }
 }