@workos-inc/node 10.2.1 → 10.4.0

package/lib/{factory-Bp8G8dsp.mjs → factory-CRqtXIIK.mjs}

@@ -1,4 +1,3 @@
-import { EventEmitter } from "eventemitter3";
 //#region src/common/crypto/crypto-provider.ts
 /**
 * Interface encapsulating the various crypto computations used by the library,
@@ -4817,7 +4816,7 @@ var UserManagement = class {
 	* Or use getAuthorizationUrlWithPKCE() which handles PKCE automatically.
 	*/
 	getAuthorizationUrl(options) {
-		const { claimNonce, connectionId, codeChallenge, codeChallengeMethod, clientId, domainHint, loginHint, organizationId, provider, providerQueryParams, providerScopes, prompt, redirectUri, state, screenHint } = options;
+		const { claimNonce, connectionId, codeChallenge, codeChallengeMethod, clientId, domainHint, invitationToken, loginHint, organizationId, provider, providerQueryParams, providerScopes, prompt, redirectUri, state, screenHint } = options;
 		const resolvedClientId = this.resolveClientId(clientId);
 		if (!provider && !connectionId && !organizationId) throw new TypeError(`Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`);
 		if (provider !== "authkit" && screenHint) throw new TypeError(`'screenHint' is only supported for 'authkit' provider`);
@@ -4828,6 +4827,7 @@ var UserManagement = class {
 			code_challenge_method: codeChallengeMethod,
 			organization_id: organizationId,
 			domain_hint: domainHint,
+			invitation_token: invitationToken,
 			login_hint: loginHint,
 			provider,
 			provider_query_params: providerQueryParams,
@@ -4928,6 +4928,81 @@ var UserManagement = class {
 	}
 };
 //#endregion
+//#region src/feature-flags/event-emitter.ts
+/**
+* Minimal, runtime-agnostic, typed event emitter.
+*
+* Replaces eventemitter3 so the SDK carries no event dependency and works in
+* edge runtimes where `node:events` is not available. Generic over an event
+* map (`{ eventName: [arg1, arg2, ...] }`) for compile-time-checked event
+* names and payloads.
+*
+* Unlike eventemitter3, an unhandled `'error'` event throws instead of being
+* silently dropped — matching Node's `EventEmitter` so failures are never
+* swallowed.
+*/
+var EventEmitter = class {
+	handlers = /* @__PURE__ */ new Map();
+	on(event, fn) {
+		return this.add(event, fn, false);
+	}
+	once(event, fn) {
+		return this.add(event, fn, true);
+	}
+	off(event, fn) {
+		this.remove(event, (h) => h.fn !== fn);
+		return this;
+	}
+	emit(event, ...args) {
+		const list = this.handlers.get(event);
+		if (!list || list.length === 0) {
+			if (event === "error") throw args[0] instanceof Error ? args[0] : new Error(String(args[0]));
+			return false;
+		}
+		for (const h of [...list]) {
+			if (h.once) this.remove(event, (existing) => existing !== h);
+			h.fn(...args);
+		}
+		return true;
+	}
+	listenerCount(event) {
+		return this.handlers.get(event)?.length ?? 0;
+	}
+	removeAllListeners(event) {
+		if (event === void 0) this.handlers.clear();
+		else this.handlers.delete(event);
+		return this;
+	}
+	addListener(event, fn) {
+		return this.on(event, fn);
+	}
+	removeListener(event, fn) {
+		return this.off(event, fn);
+	}
+	listeners(event) {
+		return (this.handlers.get(event) ?? []).map((h) => h.fn);
+	}
+	eventNames() {
+		return [...this.handlers.keys()];
+	}
+	add(event, fn, once) {
+		const list = this.handlers.get(event) ?? [];
+		list.push({
+			fn,
+			once
+		});
+		this.handlers.set(event, list);
+		return this;
+	}
+	remove(event, keep) {
+		const list = this.handlers.get(event);
+		if (!list) return;
+		const next = list.filter(keep);
+		if (next.length) this.handlers.set(event, next);
+		else this.handlers.delete(event);
+	}
+};
+//#endregion
 //#region src/feature-flags/in-memory-store.ts
 var InMemoryStore = class {
 	flags = {};
@@ -5036,10 +5111,6 @@ var FeatureFlagsRuntimeClient = class extends EventEmitter {
 			clearTimeout(timeoutId);
 		});
 	}
-	emit(event, ...args) {
-		if (event === "error" && this.listenerCount(event) === 0) throw args[0] instanceof Error ? args[0] : new Error(String(args[0]));
-		return super.emit(event, ...args);
-	}
 	close() {
 		this.closed = true;
 		this.pollAbortController?.abort();
@@ -5087,14 +5158,15 @@ var FeatureFlagsRuntimeClient = class extends EventEmitter {
 			this.logger?.debug("Poll successful", { flagCount: this.store.size });
 		} catch (error) {
 			if (this.closed) return;
+			const err = error instanceof Error ? error : new Error(String(error));
 			this.consecutiveErrors++;
 			this.stats.pollErrorCount++;
-			this.emit("error", error);
-			this.logger?.error("Poll failed", error);
-			if (error instanceof UnauthorizedException) {
-				this.emit("failed", error);
+			this.emit("error", err);
+			this.logger?.error("Poll failed", err);
+			if (err instanceof UnauthorizedException) {
+				this.emit("failed", err);
 				if (!this.initialized && this.readyReject) {
-					this.readyReject(error);
+					this.readyReject(err);
 					this.readyReject = null;
 				}
 				return;
@@ -5666,6 +5738,52 @@ const serializeRemoveRoleOptions = (options) => ({
 	}
 });
 //#endregion
+//#region src/authorization/serializers/group-role-assignment.serializer.ts
+const deserializeGroupRoleAssignment = (response) => ({
+	object: response.object,
+	id: response.id,
+	groupId: response.group_id,
+	role: response.role,
+	resource: {
+		id: response.resource.id,
+		externalId: response.resource.external_id,
+		resourceTypeSlug: response.resource.resource_type_slug
+	},
+	createdAt: response.created_at,
+	updatedAt: response.updated_at
+});
+//#endregion
+//#region src/authorization/serializers/create-group-role-assignment-options.serializer.ts
+const serializeCreateGroupRoleAssignmentOptions = (options) => ({
+	role_slug: options.roleSlug,
+	..."resourceId" in options && { resource_id: options.resourceId },
+	..."resourceExternalId" in options && {
+		resource_external_id: options.resourceExternalId,
+		resource_type_slug: options.resourceTypeSlug
+	}
+});
+//#endregion
+//#region src/authorization/serializers/remove-group-role-assignments-options.serializer.ts
+const serializeRemoveGroupRoleAssignmentsOptions = (options) => ({
+	role_slug: options.roleSlug,
+	..."resourceId" in options && { resource_id: options.resourceId },
+	..."resourceExternalId" in options && {
+		resource_external_id: options.resourceExternalId,
+		resource_type_slug: options.resourceTypeSlug
+	}
+});
+//#endregion
+//#region src/authorization/serializers/replace-group-role-assignments-options.serializer.ts
+const serializeEntry = (entry) => ({
+	role_slug: entry.roleSlug,
+	..."resourceId" in entry && { resource_id: entry.resourceId },
+	..."resourceExternalId" in entry && {
+		resource_external_id: entry.resourceExternalId,
+		resource_type_slug: entry.resourceTypeSlug
+	}
+});
+const serializeReplaceGroupRoleAssignmentsOptions = (options) => ({ role_assignments: options.roleAssignments.map(serializeEntry) });
+//#endregion
 //#region src/authorization/serializers/list-effective-permissions-options.serializer.ts
 const serializeListEffectivePermissionsOptions = (options) => ({ ...serializePaginationOptions(options) });
 //#endregion
@@ -6350,6 +6468,112 @@ var Authorization = class {
 		await this.workos.delete(`/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments/${options.roleAssignmentId}`);
 	}
 	/**
+	* List role assignments for a group
+	*
+	* List all role assignments granted to a group. Each assignment represents a role granted to the group on a resource.
+	* @param options - Pagination options.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @returns {Promise<AutoPaginatable<GroupRoleAssignment>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async listGroupRoleAssignments(options) {
+		const { groupId, ...paginationOptions } = options;
+		const endpoint = `/authorization/groups/${groupId}/role_assignments`;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeGroupRoleAssignment, paginationOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeGroupRoleAssignment, params), paginationOptions);
+	}
+	/**
+	* Get a group role assignment
+	*
+	* Get a specific role assignment for a group by its ID.
+	* @param options - Object containing groupId and roleAssignmentId.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options.roleAssignmentId - The ID of the group role assignment.
+	*
+	* @example
+	* "gra_01HXYZ123456789ABCDEFGH"
+	*
+	* @returns {Promise<GroupRoleAssignment>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async getGroupRoleAssignment(options) {
+		const { data } = await this.workos.get(`/authorization/groups/${options.groupId}/role_assignments/${options.roleAssignmentId}`);
+		return deserializeGroupRoleAssignment(data);
+	}
+	/**
+	* Assign a role to a group
+	*
+	* Assign a role to a group on a specific resource. Omit the resource fields to assign the role on the organization itself.
+	* @param options - Object containing groupId and roleSlug.
+	* @returns {Promise<GroupRoleAssignment>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createGroupRoleAssignment(options) {
+		const { data } = await this.workos.post(`/authorization/groups/${options.groupId}/role_assignments`, serializeCreateGroupRoleAssignmentOptions(options));
+		return deserializeGroupRoleAssignment(data);
+	}
+	/**
+	* Remove a group role assignment
+	*
+	* Remove a specific role assignment from a group by its ID.
+	* @param options - Object containing groupId and roleAssignmentId.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options.roleAssignmentId - The ID of the group role assignment to remove.
+	*
+	* @example
+	* "gra_01HXYZ123456789ABCDEFGH"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async removeGroupRoleAssignment(options) {
+		await this.workos.delete(`/authorization/groups/${options.groupId}/role_assignments/${options.roleAssignmentId}`);
+	}
+	/**
+	* Remove group role assignments by criteria
+	*
+	* Remove role assignments from a group that match the provided role and resource. Omit the resource fields to target the organization itself.
+	* @param options - Object containing groupId and roleSlug.
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async removeGroupRoleAssignments(options) {
+		await this.workos.deleteWithBody(`/authorization/groups/${options.groupId}/role_assignments`, serializeRemoveGroupRoleAssignmentsOptions(options));
+	}
+	/**
+	* Replace role assignments for a group
+	*
+	* Replace all of a group's role assignments with the provided list. Assignments not present in the list are removed and new ones are created. Pass an empty `roleAssignments` array to clear all assignments. Returns the resulting set of assignments.
+	* @param options - Object containing groupId and roleAssignments.
+	* @returns {Promise<List<GroupRoleAssignment>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async replaceGroupRoleAssignments(options) {
+		const { data } = await this.workos.put(`/authorization/groups/${options.groupId}/role_assignments`, serializeReplaceGroupRoleAssignmentsOptions(options));
+		return deserializeList(data, deserializeGroupRoleAssignment);
+	}
+	/**
 	* List resources for organization membership
 	*
 	* Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?"
@@ -6917,7 +7141,7 @@ var Vault = class {
 };
 //#endregion
 //#region package.json
-var version = "10.2.1";
+var version = "10.4.0";
 //#endregion
 //#region src/workos.ts
 const DEFAULT_HOSTNAME = "api.workos.com";
@@ -7263,4 +7487,4 @@ function createWorkOS(options) {
 //#endregion
 export { FetchHttpClient as A, NoApiKeyProvidedException as C, isAuthenticationErrorData as D, AuthenticationException as E, GenericServerException as O, NotFoundException as S, BadRequestException as T, UnprocessableEntityException as _, DomainDataState as a, RateLimitExceededException as b, FeatureFlagsRuntimeClient as c, serializeRevokeSessionOptions as d, AuthenticateWithSessionCookieFailureReason as f, Actions as g, AutoPaginatable as h, OrganizationDomainVerificationStrategy as i, SubtleCryptoProvider as j, ApiKeyRequiredException as k, CookieSession as l, Webhooks as m, ConnectionType as n, GenerateLinkIntent as o, PKCE as p, OrganizationDomainState as r, WorkOS as s, createWorkOS as t, RefreshSessionFailureReason as u, UnauthorizedException as v, ConflictException as w, OauthException as x, SignatureVerificationException as y };
 
-//# sourceMappingURL=factory-Bp8G8dsp.mjs.map
+//# sourceMappingURL=factory-CRqtXIIK.mjs.map