@workos-inc/node 10.2.1 → 10.4.0

package/lib/{factory-BzpScK-h.cjs → factory-CYqsa7gY.cjs}

@@ -1,4 +1,3 @@
-let eventemitter3 = require("eventemitter3");
 //#region src/common/crypto/crypto-provider.ts
 /**
 * Interface encapsulating the various crypto computations used by the library,
@@ -4817,7 +4816,7 @@ var UserManagement = class {
 	* Or use getAuthorizationUrlWithPKCE() which handles PKCE automatically.
 	*/
 	getAuthorizationUrl(options) {
-		const { claimNonce, connectionId, codeChallenge, codeChallengeMethod, clientId, domainHint, loginHint, organizationId, provider, providerQueryParams, providerScopes, prompt, redirectUri, state, screenHint } = options;
+		const { claimNonce, connectionId, codeChallenge, codeChallengeMethod, clientId, domainHint, invitationToken, loginHint, organizationId, provider, providerQueryParams, providerScopes, prompt, redirectUri, state, screenHint } = options;
 		const resolvedClientId = this.resolveClientId(clientId);
 		if (!provider && !connectionId && !organizationId) throw new TypeError(`Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`);
 		if (provider !== "authkit" && screenHint) throw new TypeError(`'screenHint' is only supported for 'authkit' provider`);
@@ -4828,6 +4827,7 @@ var UserManagement = class {
 			code_challenge_method: codeChallengeMethod,
 			organization_id: organizationId,
 			domain_hint: domainHint,
+			invitation_token: invitationToken,
 			login_hint: loginHint,
 			provider,
 			provider_query_params: providerQueryParams,
@@ -4928,6 +4928,81 @@ var UserManagement = class {
 	}
 };
 //#endregion
+//#region src/feature-flags/event-emitter.ts
+/**
+* Minimal, runtime-agnostic, typed event emitter.
+*
+* Replaces eventemitter3 so the SDK carries no event dependency and works in
+* edge runtimes where `node:events` is not available. Generic over an event
+* map (`{ eventName: [arg1, arg2, ...] }`) for compile-time-checked event
+* names and payloads.
+*
+* Unlike eventemitter3, an unhandled `'error'` event throws instead of being
+* silently dropped — matching Node's `EventEmitter` so failures are never
+* swallowed.
+*/
+var EventEmitter = class {
+	handlers = /* @__PURE__ */ new Map();
+	on(event, fn) {
+		return this.add(event, fn, false);
+	}
+	once(event, fn) {
+		return this.add(event, fn, true);
+	}
+	off(event, fn) {
+		this.remove(event, (h) => h.fn !== fn);
+		return this;
+	}
+	emit(event, ...args) {
+		const list = this.handlers.get(event);
+		if (!list || list.length === 0) {
+			if (event === "error") throw args[0] instanceof Error ? args[0] : new Error(String(args[0]));
+			return false;
+		}
+		for (const h of [...list]) {
+			if (h.once) this.remove(event, (existing) => existing !== h);
+			h.fn(...args);
+		}
+		return true;
+	}
+	listenerCount(event) {
+		return this.handlers.get(event)?.length ?? 0;
+	}
+	removeAllListeners(event) {
+		if (event === void 0) this.handlers.clear();
+		else this.handlers.delete(event);
+		return this;
+	}
+	addListener(event, fn) {
+		return this.on(event, fn);
+	}
+	removeListener(event, fn) {
+		return this.off(event, fn);
+	}
+	listeners(event) {
+		return (this.handlers.get(event) ?? []).map((h) => h.fn);
+	}
+	eventNames() {
+		return [...this.handlers.keys()];
+	}
+	add(event, fn, once) {
+		const list = this.handlers.get(event) ?? [];
+		list.push({
+			fn,
+			once
+		});
+		this.handlers.set(event, list);
+		return this;
+	}
+	remove(event, keep) {
+		const list = this.handlers.get(event);
+		if (!list) return;
+		const next = list.filter(keep);
+		if (next.length) this.handlers.set(event, next);
+		else this.handlers.delete(event);
+	}
+};
+//#endregion
 //#region src/feature-flags/in-memory-store.ts
 var InMemoryStore = class {
 	flags = {};
@@ -4982,7 +5057,7 @@ const JITTER_FACTOR = .1;
 const INITIAL_RETRY_MS = 1e3;
 const MAX_RETRY_MS = 6e4;
 const BACKOFF_MULTIPLIER = 2;
-var FeatureFlagsRuntimeClient = class extends eventemitter3.EventEmitter {
+var FeatureFlagsRuntimeClient = class extends EventEmitter {
 	workos;
 	store;
 	evaluator;
@@ -5036,10 +5111,6 @@ var FeatureFlagsRuntimeClient = class extends eventemitter3.EventEmitter {
 			clearTimeout(timeoutId);
 		});
 	}
-	emit(event, ...args) {
-		if (event === "error" && this.listenerCount(event) === 0) throw args[0] instanceof Error ? args[0] : new Error(String(args[0]));
-		return super.emit(event, ...args);
-	}
 	close() {
 		this.closed = true;
 		this.pollAbortController?.abort();
@@ -5087,14 +5158,15 @@ var FeatureFlagsRuntimeClient = class extends eventemitter3.EventEmitter {
 			this.logger?.debug("Poll successful", { flagCount: this.store.size });
 		} catch (error) {
 			if (this.closed) return;
+			const err = error instanceof Error ? error : new Error(String(error));
 			this.consecutiveErrors++;
 			this.stats.pollErrorCount++;
-			this.emit("error", error);
-			this.logger?.error("Poll failed", error);
-			if (error instanceof UnauthorizedException) {
-				this.emit("failed", error);
+			this.emit("error", err);
+			this.logger?.error("Poll failed", err);
+			if (err instanceof UnauthorizedException) {
+				this.emit("failed", err);
 				if (!this.initialized && this.readyReject) {
-					this.readyReject(error);
+					this.readyReject(err);
 					this.readyReject = null;
 				}
 				return;
@@ -5666,6 +5738,52 @@ const serializeRemoveRoleOptions = (options) => ({
 	}
 });
 //#endregion
+//#region src/authorization/serializers/group-role-assignment.serializer.ts
+const deserializeGroupRoleAssignment = (response) => ({
+	object: response.object,
+	id: response.id,
+	groupId: response.group_id,
+	role: response.role,
+	resource: {
+		id: response.resource.id,
+		externalId: response.resource.external_id,
+		resourceTypeSlug: response.resource.resource_type_slug
+	},
+	createdAt: response.created_at,
+	updatedAt: response.updated_at
+});
+//#endregion
+//#region src/authorization/serializers/create-group-role-assignment-options.serializer.ts
+const serializeCreateGroupRoleAssignmentOptions = (options) => ({
+	role_slug: options.roleSlug,
+	..."resourceId" in options && { resource_id: options.resourceId },
+	..."resourceExternalId" in options && {
+		resource_external_id: options.resourceExternalId,
+		resource_type_slug: options.resourceTypeSlug
+	}
+});
+//#endregion
+//#region src/authorization/serializers/remove-group-role-assignments-options.serializer.ts
+const serializeRemoveGroupRoleAssignmentsOptions = (options) => ({
+	role_slug: options.roleSlug,
+	..."resourceId" in options && { resource_id: options.resourceId },
+	..."resourceExternalId" in options && {
+		resource_external_id: options.resourceExternalId,
+		resource_type_slug: options.resourceTypeSlug
+	}
+});
+//#endregion
+//#region src/authorization/serializers/replace-group-role-assignments-options.serializer.ts
+const serializeEntry = (entry) => ({
+	role_slug: entry.roleSlug,
+	..."resourceId" in entry && { resource_id: entry.resourceId },
+	..."resourceExternalId" in entry && {
+		resource_external_id: entry.resourceExternalId,
+		resource_type_slug: entry.resourceTypeSlug
+	}
+});
+const serializeReplaceGroupRoleAssignmentsOptions = (options) => ({ role_assignments: options.roleAssignments.map(serializeEntry) });
+//#endregion
 //#region src/authorization/serializers/list-effective-permissions-options.serializer.ts
 const serializeListEffectivePermissionsOptions = (options) => ({ ...serializePaginationOptions(options) });
 //#endregion
@@ -6350,6 +6468,112 @@ var Authorization = class {
 		await this.workos.delete(`/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments/${options.roleAssignmentId}`);
 	}
 	/**
+	* List role assignments for a group
+	*
+	* List all role assignments granted to a group. Each assignment represents a role granted to the group on a resource.
+	* @param options - Pagination options.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @returns {Promise<AutoPaginatable<GroupRoleAssignment>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async listGroupRoleAssignments(options) {
+		const { groupId, ...paginationOptions } = options;
+		const endpoint = `/authorization/groups/${groupId}/role_assignments`;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeGroupRoleAssignment, paginationOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeGroupRoleAssignment, params), paginationOptions);
+	}
+	/**
+	* Get a group role assignment
+	*
+	* Get a specific role assignment for a group by its ID.
+	* @param options - Object containing groupId and roleAssignmentId.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options.roleAssignmentId - The ID of the group role assignment.
+	*
+	* @example
+	* "gra_01HXYZ123456789ABCDEFGH"
+	*
+	* @returns {Promise<GroupRoleAssignment>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async getGroupRoleAssignment(options) {
+		const { data } = await this.workos.get(`/authorization/groups/${options.groupId}/role_assignments/${options.roleAssignmentId}`);
+		return deserializeGroupRoleAssignment(data);
+	}
+	/**
+	* Assign a role to a group
+	*
+	* Assign a role to a group on a specific resource. Omit the resource fields to assign the role on the organization itself.
+	* @param options - Object containing groupId and roleSlug.
+	* @returns {Promise<GroupRoleAssignment>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createGroupRoleAssignment(options) {
+		const { data } = await this.workos.post(`/authorization/groups/${options.groupId}/role_assignments`, serializeCreateGroupRoleAssignmentOptions(options));
+		return deserializeGroupRoleAssignment(data);
+	}
+	/**
+	* Remove a group role assignment
+	*
+	* Remove a specific role assignment from a group by its ID.
+	* @param options - Object containing groupId and roleAssignmentId.
+	* @param options.groupId - The ID of the group.
+	*
+	* @example
+	* "group_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options.roleAssignmentId - The ID of the group role assignment to remove.
+	*
+	* @example
+	* "gra_01HXYZ123456789ABCDEFGH"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async removeGroupRoleAssignment(options) {
+		await this.workos.delete(`/authorization/groups/${options.groupId}/role_assignments/${options.roleAssignmentId}`);
+	}
+	/**
+	* Remove group role assignments by criteria
+	*
+	* Remove role assignments from a group that match the provided role and resource. Omit the resource fields to target the organization itself.
+	* @param options - Object containing groupId and roleSlug.
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async removeGroupRoleAssignments(options) {
+		await this.workos.deleteWithBody(`/authorization/groups/${options.groupId}/role_assignments`, serializeRemoveGroupRoleAssignmentsOptions(options));
+	}
+	/**
+	* Replace role assignments for a group
+	*
+	* Replace all of a group's role assignments with the provided list. Assignments not present in the list are removed and new ones are created. Pass an empty `roleAssignments` array to clear all assignments. Returns the resulting set of assignments.
+	* @param options - Object containing groupId and roleAssignments.
+	* @returns {Promise<List<GroupRoleAssignment>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async replaceGroupRoleAssignments(options) {
+		const { data } = await this.workos.put(`/authorization/groups/${options.groupId}/role_assignments`, serializeReplaceGroupRoleAssignmentsOptions(options));
+		return deserializeList(data, deserializeGroupRoleAssignment);
+	}
+	/**
 	* List resources for organization membership
 	*
 	* Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?"
@@ -6917,7 +7141,7 @@ var Vault = class {
 };
 //#endregion
 //#region package.json
-var version = "10.2.1";
+var version = "10.4.0";
 //#endregion
 //#region src/workos.ts
 const DEFAULT_HOSTNAME = "api.workos.com";
@@ -7448,4 +7672,4 @@ Object.defineProperty(exports, "serializeRevokeSessionOptions", {
 	}
 });
 
-//# sourceMappingURL=factory-BzpScK-h.cjs.map
+//# sourceMappingURL=factory-CYqsa7gY.cjs.map