@workos-inc/node 10.2.0 → 10.3.0

package/lib/{factory-CenLS49y.mjs → factory-Bh2PZgM6.mjs}

@@ -349,8 +349,20 @@ var FetchHttpClientResponse = class FetchHttpClientResponse extends HttpClientRe
 	getRawResponse() {
 		return this._res;
 	}
-	toJSON() {
-		return this._res.headers.get("content-type")?.includes("application/json") ? this._res.json() : null;
+	async toJSON() {
+		if (!this._res.headers.get("content-type")?.includes("application/json")) return null;
+		const rawBody = await this._res.text();
+		try {
+			return JSON.parse(rawBody);
+		} catch (error) {
+			if (error instanceof SyntaxError) throw new ParseError({
+				message: error.message,
+				rawBody,
+				rawStatus: this._res.status,
+				requestID: this._res.headers.get("X-Request-ID") ?? ""
+			});
+			throw error;
+		}
 	}
 	static _transformHeadersToObject(headers) {
 		const headersObj = {};
@@ -3588,7 +3600,7 @@ function isJson(val) {
 	}
 	return !0;
 }
-const enc = /* @__PURE__ */ new TextEncoder(), dec = /* @__PURE__ */ new TextDecoder(), jsBase64Enabled = typeof Uint8Array.fromBase64 == "function" && typeof Uint8Array.prototype.toBase64 == "function" && typeof Uint8Array.prototype.toHex == "function";
+const enc = /* @__PURE__ */ new TextEncoder(), dec = /* @__PURE__ */ new TextDecoder(), jsBase64Enabled = /* @__PURE__ */ (() => typeof Uint8Array.fromBase64 == "function" && typeof Uint8Array.prototype.toBase64 == "function" && typeof Uint8Array.prototype.toHex == "function")();
 function b64ToU8(str) {
 	return jsBase64Enabled ? Uint8Array.fromBase64(str, { alphabet: "base64url" }) : base64ToUint8Array$1(str);
 }
@@ -3633,7 +3645,7 @@ const defaults = /* @__PURE__ */ Object.freeze({
 		ivBits: void 0,
 		name: "SHA-256"
 	})
-}), macPrefix = "Fe26.2";
+});
 function randomBits(bits) {
 	return crypto.getRandomValues(new Uint8Array(bits / 8));
 }
@@ -3727,7 +3739,7 @@ function normalizePassword(password) {
 async function seal(object, password, options) {
 	let now = Date.now() + (options.localtimeOffsetMsec || 0), { id = "", encryption, integrity } = normalizePassword(password);
 	if (id && !/^\w+$/.test(id)) throw Error("Invalid password id");
-	let { encrypted, key } = await encrypt(encryption, options.encryption, (options.encode || losslessJsonStringify)(object)), expiration = options.ttl ? now + options.ttl : "", macBaseString = macPrefix + "*" + id + "*" + key.salt + "*" + u8ToB64(key.iv) + "*" + u8ToB64(encrypted) + "*" + expiration, mac = await hmacWithPassword(integrity, options.integrity, macBaseString);
+	let { encrypted, key } = await encrypt(encryption, options.encryption, (options.encode || losslessJsonStringify)(object)), expiration = options.ttl ? now + options.ttl : "", macBaseString = "Fe26.2*" + id + "*" + key.salt + "*" + u8ToB64(key.iv) + "*" + u8ToB64(encrypted) + "*" + expiration, mac = await hmacWithPassword(integrity, options.integrity, macBaseString);
 	return macBaseString + "*" + mac.salt + "*" + mac.digest;
 }
 async function unseal(sealed, password, options) {
@@ -3975,7 +3987,7 @@ let _josePromise;
 * @returns Promise that resolves to the jose module
 */
 function getJose() {
-	return _josePromise ??= import("./webapi-CKFbiPvQ.mjs");
+	return _josePromise ??= import("./webapi-S8D5YgJz.mjs");
 }
 //#endregion
 //#region src/user-management/session.ts
@@ -5654,6 +5666,52 @@ const serializeRemoveRoleOptions = (options) => ({
 	}
 });
 //#endregion
+//#region src/authorization/serializers/group-role-assignment.serializer.ts
+const deserializeGroupRoleAssignment = (response) => ({
+	object: response.object,
+	id: response.id,
+	groupId: response.group_id,
+	role: response.role,
+	resource: {
+		id: response.resource.id,
+		externalId: response.resource.external_id,
+		resourceTypeSlug: response.resource.resource_type_slug
+	},
+	createdAt: response.created_at,
+	updatedAt: response.updated_at
+});
+//#endregion
+//#region src/authorization/serializers/create-group-role-assignment-options.serializer.ts
+const serializeCreateGroupRoleAssignmentOptions = (options) => ({
+	role_slug: options.roleSlug,
+	..."resourceId" in options && { resource_id: options.resourceId },
+	..."resourceExternalId" in options && {
+		resource_external_id: options.resourceExternalId,
+		resource_type_slug: options.resourceTypeSlug
+	}
+});
+//#endregion
+//#region src/authorization/serializers/remove-group-role-assignments-options.serializer.ts
+const serializeRemoveGroupRoleAssignmentsOptions = (options) => ({
+	role_slug: options.roleSlug,
+	..."resourceId" in options && { resource_id: options.resourceId },
+	..."resourceExternalId" in options && {
+		resource_external_id: options.resourceExternalId,
+		resource_type_slug: options.resourceTypeSlug
+	}
+});
+//#endregion
+//#region src/authorization/serializers/replace-group-role-assignments-options.serializer.ts
+const serializeEntry = (entry) => ({
+	role_slug: entry.roleSlug,
+	..."resourceId" in entry && { resource_id: entry.resourceId },
+	..."resourceExternalId" in entry && {
+		resource_external_id: entry.resourceExternalId,
+		resource_type_slug: entry.resourceTypeSlug
+	}
+});
+const serializeReplaceGroupRoleAssignmentsOptions = (options) => ({ role_assignments: options.roleAssignments.map(serializeEntry) });
+//#endregion
 //#region src/authorization/serializers/list-effective-permissions-options.serializer.ts
 const serializeListEffectivePermissionsOptions = (options) => ({ ...serializePaginationOptions(options) });
 //#endregion
@@ -6338,6 +6396,112 @@ var Authorization = class {
 		await this.workos.delete(`/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments/${options.roleAssignmentId}`);
 	}
 	/**
+	* List role assignments for a group
+	*
+	* List all role assignments granted to a group. Each assignment represents a role granted to the group on a resource.
+	* @param options - Pagination options.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @returns {Promise<AutoPaginatable<GroupRoleAssignment>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async listGroupRoleAssignments(options) {
+		const { groupId, ...paginationOptions } = options;
+		const endpoint = `/authorization/groups/${groupId}/role_assignments`;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeGroupRoleAssignment, paginationOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeGroupRoleAssignment, params), paginationOptions);
+	}
+	/**
+	* Get a group role assignment
+	*
+	* Get a specific role assignment for a group by its ID.
+	* @param options - Object containing groupId and roleAssignmentId.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options.roleAssignmentId - The ID of the group role assignment.
+	*
+	* @example
+	* "gra_01HXYZ123456789ABCDEFGH"
+	*
+	* @returns {Promise<GroupRoleAssignment>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async getGroupRoleAssignment(options) {
+		const { data } = await this.workos.get(`/authorization/groups/${options.groupId}/role_assignments/${options.roleAssignmentId}`);
+		return deserializeGroupRoleAssignment(data);
+	}
+	/**
+	* Assign a role to a group
+	*
+	* Assign a role to a group on a specific resource. Omit the resource fields to assign the role on the organization itself.
+	* @param options - Object containing groupId and roleSlug.
+	* @returns {Promise<GroupRoleAssignment>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createGroupRoleAssignment(options) {
+		const { data } = await this.workos.post(`/authorization/groups/${options.groupId}/role_assignments`, serializeCreateGroupRoleAssignmentOptions(options));
+		return deserializeGroupRoleAssignment(data);
+	}
+	/**
+	* Remove a group role assignment
+	*
+	* Remove a specific role assignment from a group by its ID.
+	* @param options - Object containing groupId and roleAssignmentId.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options.roleAssignmentId - The ID of the group role assignment to remove.
+	*
+	* @example
+	* "gra_01HXYZ123456789ABCDEFGH"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async removeGroupRoleAssignment(options) {
+		await this.workos.delete(`/authorization/groups/${options.groupId}/role_assignments/${options.roleAssignmentId}`);
+	}
+	/**
+	* Remove group role assignments by criteria
+	*
+	* Remove role assignments from a group that match the provided role and resource. Omit the resource fields to target the organization itself.
+	* @param options - Object containing groupId and roleSlug.
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async removeGroupRoleAssignments(options) {
+		await this.workos.deleteWithBody(`/authorization/groups/${options.groupId}/role_assignments`, serializeRemoveGroupRoleAssignmentsOptions(options));
+	}
+	/**
+	* Replace role assignments for a group
+	*
+	* Replace all of a group's role assignments with the provided list. Assignments not present in the list are removed and new ones are created. Pass an empty `roleAssignments` array to clear all assignments. Returns the resulting set of assignments.
+	* @param options - Object containing groupId and roleAssignments.
+	* @returns {Promise<List<GroupRoleAssignment>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async replaceGroupRoleAssignments(options) {
+		const { data } = await this.workos.put(`/authorization/groups/${options.groupId}/role_assignments`, serializeReplaceGroupRoleAssignmentsOptions(options));
+		return deserializeList(data, deserializeGroupRoleAssignment);
+	}
+	/**
 	* List resources for organization membership
 	*
 	* Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?"
@@ -6905,7 +7069,7 @@ var Vault = class {
 };
 //#endregion
 //#region package.json
-var version = "10.2.0";
+var version = "10.3.0";
 //#endregion
 //#region src/workos.ts
 const DEFAULT_HOSTNAME = "api.workos.com";
@@ -7038,12 +7202,7 @@ var WorkOS = class {
 			});
 			throw error;
 		}
-		try {
-			return { data: await res.toJSON() };
-		} catch (error) {
-			await this.handleParseError(error, res);
-			throw error;
-		}
+		return { data: await res.toJSON() };
 	}
 	async get(path, options = {}) {
 		if (!options.skipApiKeyCheck) this.requireApiKey(path);
@@ -7063,12 +7222,7 @@ var WorkOS = class {
 			});
 			throw error;
 		}
-		try {
-			return { data: await res.toJSON() };
-		} catch (error) {
-			await this.handleParseError(error, res);
-			throw error;
-		}
+		return { data: await res.toJSON() };
 	}
 	async put(path, entity, options = {}) {
 		if (!options.skipApiKeyCheck) this.requireApiKey(path);
@@ -7087,12 +7241,7 @@ var WorkOS = class {
 			});
 			throw error;
 		}
-		try {
-			return { data: await res.toJSON() };
-		} catch (error) {
-			await this.handleParseError(error, res);
-			throw error;
-		}
+		return { data: await res.toJSON() };
 	}
 	async patch(path, entity, options = {}) {
 		if (!options.skipApiKeyCheck) this.requireApiKey(path);
@@ -7111,12 +7260,7 @@ var WorkOS = class {
 			});
 			throw error;
 		}
-		try {
-			return { data: await res.toJSON() };
-		} catch (error) {
-			await this.handleParseError(error, res);
-			throw error;
-		}
+		return { data: await res.toJSON() };
 	}
 	async delete(path, query) {
 		this.requireApiKey(path);
@@ -7145,20 +7289,6 @@ var WorkOS = class {
 	emitWarning(warning) {
 		console.warn(`WorkOS: ${warning}`);
 	}
-	async handleParseError(error, res) {
-		if (error instanceof SyntaxError) {
-			const rawResponse = res.getRawResponse();
-			const requestID = rawResponse.headers.get("X-Request-ID") ?? "";
-			const rawStatus = rawResponse.status;
-			const rawBody = await rawResponse.text();
-			throw new ParseError({
-				message: error.message,
-				rawBody,
-				rawStatus,
-				requestID
-			});
-		}
-	}
 	handleHttpError({ path, error }) {
 		if (!(error instanceof HttpClientError)) throw new Error(`Unexpected error: ${error}`, { cause: error });
 		const { response } = error;
@@ -7285,4 +7415,4 @@ function createWorkOS(options) {
 //#endregion
 export { FetchHttpClient as A, NoApiKeyProvidedException as C, isAuthenticationErrorData as D, AuthenticationException as E, GenericServerException as O, NotFoundException as S, BadRequestException as T, UnprocessableEntityException as _, DomainDataState as a, RateLimitExceededException as b, FeatureFlagsRuntimeClient as c, serializeRevokeSessionOptions as d, AuthenticateWithSessionCookieFailureReason as f, Actions as g, AutoPaginatable as h, OrganizationDomainVerificationStrategy as i, SubtleCryptoProvider as j, ApiKeyRequiredException as k, CookieSession as l, Webhooks as m, ConnectionType as n, GenerateLinkIntent as o, PKCE as p, OrganizationDomainState as r, WorkOS as s, createWorkOS as t, RefreshSessionFailureReason as u, UnauthorizedException as v, ConflictException as w, OauthException as x, SignatureVerificationException as y };
 
-//# sourceMappingURL=factory-CenLS49y.mjs.map
+//# sourceMappingURL=factory-Bh2PZgM6.mjs.map