@workos-inc/node 7.13.0 → 7.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/common/interfaces/workos-options.interface.d.ts +1 -0
- package/lib/common/net/node-client.d.ts +0 -1
- package/lib/sso/interfaces/connection-type.enum.d.ts +2 -0
- package/lib/sso/interfaces/connection-type.enum.js +2 -0
- package/lib/user-management/interfaces/authenticate-with-options-base.interface.d.ts +5 -0
- package/lib/user-management/interfaces/authenticate-with-session-cookie.interface.d.ts +24 -0
- package/lib/user-management/interfaces/authenticate-with-session-cookie.interface.js +9 -0
- package/lib/user-management/interfaces/authentication-response.interface.d.ts +2 -1
- package/lib/user-management/interfaces/index.d.ts +2 -0
- package/lib/user-management/interfaces/index.js +2 -0
- package/lib/user-management/interfaces/refresh-and-seal-session-data.interface.d.ts +16 -0
- package/lib/user-management/interfaces/refresh-and-seal-session-data.interface.js +11 -0
- package/lib/user-management/interfaces/session-handler-options.interface.d.ts +4 -0
- package/lib/user-management/interfaces/session-handler-options.interface.js +2 -0
- package/lib/user-management/user-management.d.ts +20 -10
- package/lib/user-management/user-management.js +225 -47
- package/lib/user-management/user-management.spec.js +503 -5
- package/lib/workos.d.ts +1 -0
- package/lib/workos.js +5 -2
- package/package.json +4 -2
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
export declare enum ConnectionType {
|
|
2
2
|
ADFSSAML = "ADFSSAML",
|
|
3
3
|
AdpOidc = "AdpOidc",
|
|
4
|
+
AppleOAuth = "AppleOAuth",
|
|
4
5
|
Auth0SAML = "Auth0SAML",
|
|
5
6
|
AzureSAML = "AzureSAML",
|
|
6
7
|
CasSAML = "CasSAML",
|
|
@@ -10,6 +11,7 @@ export declare enum ConnectionType {
|
|
|
10
11
|
DuoSAML = "DuoSAML",
|
|
11
12
|
GenericOIDC = "GenericOIDC",
|
|
12
13
|
GenericSAML = "GenericSAML",
|
|
14
|
+
GitHubOAuth = "GitHubOAuth",
|
|
13
15
|
GoogleOAuth = "GoogleOAuth",
|
|
14
16
|
GoogleSAML = "GoogleSAML",
|
|
15
17
|
JumpCloudSAML = "JumpCloudSAML",
|
|
@@ -5,6 +5,7 @@ var ConnectionType;
|
|
|
5
5
|
(function (ConnectionType) {
|
|
6
6
|
ConnectionType["ADFSSAML"] = "ADFSSAML";
|
|
7
7
|
ConnectionType["AdpOidc"] = "AdpOidc";
|
|
8
|
+
ConnectionType["AppleOAuth"] = "AppleOAuth";
|
|
8
9
|
ConnectionType["Auth0SAML"] = "Auth0SAML";
|
|
9
10
|
ConnectionType["AzureSAML"] = "AzureSAML";
|
|
10
11
|
ConnectionType["CasSAML"] = "CasSAML";
|
|
@@ -14,6 +15,7 @@ var ConnectionType;
|
|
|
14
15
|
ConnectionType["DuoSAML"] = "DuoSAML";
|
|
15
16
|
ConnectionType["GenericOIDC"] = "GenericOIDC";
|
|
16
17
|
ConnectionType["GenericSAML"] = "GenericSAML";
|
|
18
|
+
ConnectionType["GitHubOAuth"] = "GitHubOAuth";
|
|
17
19
|
ConnectionType["GoogleOAuth"] = "GoogleOAuth";
|
|
18
20
|
ConnectionType["GoogleSAML"] = "GoogleSAML";
|
|
19
21
|
ConnectionType["JumpCloudSAML"] = "JumpCloudSAML";
|
|
@@ -1,7 +1,12 @@
|
|
|
1
|
+
export interface AuthenticateWithSessionOptions {
|
|
2
|
+
cookiePassword?: string;
|
|
3
|
+
sealSession: boolean;
|
|
4
|
+
}
|
|
1
5
|
export interface AuthenticateWithOptionsBase {
|
|
2
6
|
clientId: string;
|
|
3
7
|
ipAddress?: string;
|
|
4
8
|
userAgent?: string;
|
|
9
|
+
session?: AuthenticateWithSessionOptions;
|
|
5
10
|
}
|
|
6
11
|
export interface SerializedAuthenticateWithOptionsBase {
|
|
7
12
|
client_id: string;
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { AuthenticationResponse } from './authentication-response.interface';
|
|
2
|
+
export interface AccessToken {
|
|
3
|
+
sid: string;
|
|
4
|
+
org_id?: string;
|
|
5
|
+
role?: string;
|
|
6
|
+
permissions?: string[];
|
|
7
|
+
}
|
|
8
|
+
export type SessionCookieData = Pick<AuthenticationResponse, 'accessToken' | 'impersonator' | 'organizationId' | 'refreshToken' | 'user'>;
|
|
9
|
+
export declare enum AuthenticateWithSessionCookieFailureReason {
|
|
10
|
+
INVALID_JWT = "invalid_jwt",
|
|
11
|
+
INVALID_SESSION_COOKIE = "invalid_session_cookie",
|
|
12
|
+
NO_SESSION_COOKIE_PROVIDED = "no_session_cookie_provided"
|
|
13
|
+
}
|
|
14
|
+
export type AuthenticateWithSessionCookieFailedResponse = {
|
|
15
|
+
authenticated: false;
|
|
16
|
+
reason: AuthenticateWithSessionCookieFailureReason;
|
|
17
|
+
};
|
|
18
|
+
export type AuthenticateWithSessionCookieSuccessResponse = {
|
|
19
|
+
authenticated: true;
|
|
20
|
+
sessionId: string;
|
|
21
|
+
organizationId?: string;
|
|
22
|
+
role?: string;
|
|
23
|
+
permissions?: string[];
|
|
24
|
+
};
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthenticateWithSessionCookieFailureReason = void 0;
|
|
4
|
+
var AuthenticateWithSessionCookieFailureReason;
|
|
5
|
+
(function (AuthenticateWithSessionCookieFailureReason) {
|
|
6
|
+
AuthenticateWithSessionCookieFailureReason["INVALID_JWT"] = "invalid_jwt";
|
|
7
|
+
AuthenticateWithSessionCookieFailureReason["INVALID_SESSION_COOKIE"] = "invalid_session_cookie";
|
|
8
|
+
AuthenticateWithSessionCookieFailureReason["NO_SESSION_COOKIE_PROVIDED"] = "no_session_cookie_provided";
|
|
9
|
+
})(AuthenticateWithSessionCookieFailureReason || (exports.AuthenticateWithSessionCookieFailureReason = AuthenticateWithSessionCookieFailureReason = {}));
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Impersonator, ImpersonatorResponse } from './impersonator.interface';
|
|
2
2
|
import { User, UserResponse } from './user.interface';
|
|
3
|
-
type AuthenticationMethod = 'SSO' | 'Password' | 'GitHubOAuth' | 'GoogleOAuth' | 'MicrosoftOAuth' | 'MagicAuth' | 'Impersonation';
|
|
3
|
+
type AuthenticationMethod = 'SSO' | 'Password' | 'AppleOAuth' | 'GitHubOAuth' | 'GoogleOAuth' | 'MicrosoftOAuth' | 'MagicAuth' | 'Impersonation';
|
|
4
4
|
export interface AuthenticationResponse {
|
|
5
5
|
user: User;
|
|
6
6
|
organizationId?: string;
|
|
@@ -8,6 +8,7 @@ export interface AuthenticationResponse {
|
|
|
8
8
|
refreshToken: string;
|
|
9
9
|
impersonator?: Impersonator;
|
|
10
10
|
authenticationMethod?: AuthenticationMethod;
|
|
11
|
+
sealedSession?: string;
|
|
11
12
|
}
|
|
12
13
|
export interface AuthenticationResponseResponse {
|
|
13
14
|
user: UserResponse;
|
|
@@ -7,6 +7,7 @@ export * from './authenticate-with-options-base.interface';
|
|
|
7
7
|
export * from './authenticate-with-organization-selection.interface';
|
|
8
8
|
export * from './authenticate-with-password-options.interface';
|
|
9
9
|
export * from './authenticate-with-refresh-token-options.interface';
|
|
10
|
+
export * from './authenticate-with-session-cookie.interface';
|
|
10
11
|
export * from './authenticate-with-totp-options.interface';
|
|
11
12
|
export * from './authentication-response.interface';
|
|
12
13
|
export * from './create-magic-auth-options.interface';
|
|
@@ -25,6 +26,7 @@ export * from './list-users-options.interface';
|
|
|
25
26
|
export * from './magic-auth.interface';
|
|
26
27
|
export * from './organization-membership.interface';
|
|
27
28
|
export * from './password-reset.interface';
|
|
29
|
+
export * from './refresh-and-seal-session-data.interface';
|
|
28
30
|
export * from './reset-password-options.interface';
|
|
29
31
|
export * from './revoke-session-options.interface';
|
|
30
32
|
export * from './send-invitation-options.interface';
|
|
@@ -23,6 +23,7 @@ __exportStar(require("./authenticate-with-options-base.interface"), exports);
|
|
|
23
23
|
__exportStar(require("./authenticate-with-organization-selection.interface"), exports);
|
|
24
24
|
__exportStar(require("./authenticate-with-password-options.interface"), exports);
|
|
25
25
|
__exportStar(require("./authenticate-with-refresh-token-options.interface"), exports);
|
|
26
|
+
__exportStar(require("./authenticate-with-session-cookie.interface"), exports);
|
|
26
27
|
__exportStar(require("./authenticate-with-totp-options.interface"), exports);
|
|
27
28
|
__exportStar(require("./authentication-response.interface"), exports);
|
|
28
29
|
__exportStar(require("./create-magic-auth-options.interface"), exports);
|
|
@@ -41,6 +42,7 @@ __exportStar(require("./list-users-options.interface"), exports);
|
|
|
41
42
|
__exportStar(require("./magic-auth.interface"), exports);
|
|
42
43
|
__exportStar(require("./organization-membership.interface"), exports);
|
|
43
44
|
__exportStar(require("./password-reset.interface"), exports);
|
|
45
|
+
__exportStar(require("./refresh-and-seal-session-data.interface"), exports);
|
|
44
46
|
__exportStar(require("./reset-password-options.interface"), exports);
|
|
45
47
|
__exportStar(require("./revoke-session-options.interface"), exports);
|
|
46
48
|
__exportStar(require("./send-invitation-options.interface"), exports);
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export declare enum RefreshAndSealSessionDataFailureReason {
|
|
2
|
+
INVALID_SESSION_COOKE = "invalid_session_cookie",
|
|
3
|
+
NO_SESSION_COOKIE_PROVIDED = "no_session_cookie_provided",
|
|
4
|
+
INVALID_GRANT = "invalid_grant",
|
|
5
|
+
ORGANIZATION_NOT_AUTHORIZED = "organization_not_authorized"
|
|
6
|
+
}
|
|
7
|
+
type RefreshAndSealSessionDataFailedResponse = {
|
|
8
|
+
authenticated: false;
|
|
9
|
+
reason: RefreshAndSealSessionDataFailureReason;
|
|
10
|
+
};
|
|
11
|
+
type RefreshAndSealSessionDataSuccessResponse = {
|
|
12
|
+
authenticated: true;
|
|
13
|
+
sealedSession: string;
|
|
14
|
+
};
|
|
15
|
+
export type RefreshAndSealSessionDataResponse = RefreshAndSealSessionDataFailedResponse | RefreshAndSealSessionDataSuccessResponse;
|
|
16
|
+
export {};
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RefreshAndSealSessionDataFailureReason = void 0;
|
|
4
|
+
var RefreshAndSealSessionDataFailureReason;
|
|
5
|
+
(function (RefreshAndSealSessionDataFailureReason) {
|
|
6
|
+
RefreshAndSealSessionDataFailureReason["INVALID_SESSION_COOKE"] = "invalid_session_cookie";
|
|
7
|
+
RefreshAndSealSessionDataFailureReason["NO_SESSION_COOKIE_PROVIDED"] = "no_session_cookie_provided";
|
|
8
|
+
// API OauthErrors for refresh tokens
|
|
9
|
+
RefreshAndSealSessionDataFailureReason["INVALID_GRANT"] = "invalid_grant";
|
|
10
|
+
RefreshAndSealSessionDataFailureReason["ORGANIZATION_NOT_AUTHORIZED"] = "organization_not_authorized";
|
|
11
|
+
})(RefreshAndSealSessionDataFailureReason || (exports.RefreshAndSealSessionDataFailureReason = RefreshAndSealSessionDataFailureReason = {}));
|
|
@@ -1,22 +1,26 @@
|
|
|
1
|
-
import { WorkOS } from '../workos';
|
|
2
1
|
import { AutoPaginatable } from '../common/utils/pagination';
|
|
3
|
-
import { AuthenticateWithCodeOptions, AuthenticateWithMagicAuthOptions, AuthenticateWithPasswordOptions, AuthenticateWithTotpOptions, AuthenticationResponse, ResetPasswordOptions, SendPasswordResetEmailOptions, CreateUserOptions, EnrollAuthFactorOptions, ListAuthFactorsOptions, ListUsersOptions, SendMagicAuthCodeOptions, SendVerificationEmailOptions, UpdateUserOptions, User, VerifyEmailOptions, AuthenticateWithRefreshTokenOptions, MagicAuth, CreateMagicAuthOptions, EmailVerification, PasswordReset, CreatePasswordResetOptions } from './interfaces';
|
|
4
2
|
import { Challenge } from '../mfa/interfaces';
|
|
5
|
-
import {
|
|
6
|
-
import {
|
|
7
|
-
import { CreateOrganizationMembershipOptions } from './interfaces/create-organization-membership-options.interface';
|
|
8
|
-
import { Invitation } from './interfaces/invitation.interface';
|
|
9
|
-
import { ListInvitationsOptions } from './interfaces/list-invitations-options.interface';
|
|
10
|
-
import { SendInvitationOptions } from './interfaces/send-invitation-options.interface';
|
|
11
|
-
import { AuthorizationURLOptions } from './interfaces/authorization-url-options.interface';
|
|
3
|
+
import { WorkOS } from '../workos';
|
|
4
|
+
import { AuthenticateWithCodeOptions, AuthenticateWithMagicAuthOptions, AuthenticateWithPasswordOptions, AuthenticateWithRefreshTokenOptions, AuthenticateWithTotpOptions, AuthenticationResponse, CreateMagicAuthOptions, CreatePasswordResetOptions, CreateUserOptions, EmailVerification, EnrollAuthFactorOptions, ListAuthFactorsOptions, ListUsersOptions, MagicAuth, PasswordReset, ResetPasswordOptions, SendMagicAuthCodeOptions, SendPasswordResetEmailOptions, SendVerificationEmailOptions, UpdateUserOptions, User, VerifyEmailOptions } from './interfaces';
|
|
12
5
|
import { AuthenticateWithEmailVerificationOptions } from './interfaces/authenticate-with-email-verification-options.interface';
|
|
13
6
|
import { AuthenticateWithOrganizationSelectionOptions } from './interfaces/authenticate-with-organization-selection.interface';
|
|
7
|
+
import { AuthenticateWithSessionCookieFailedResponse, AuthenticateWithSessionCookieSuccessResponse, SessionCookieData } from './interfaces/authenticate-with-session-cookie.interface';
|
|
8
|
+
import { AuthorizationURLOptions } from './interfaces/authorization-url-options.interface';
|
|
9
|
+
import { CreateOrganizationMembershipOptions } from './interfaces/create-organization-membership-options.interface';
|
|
14
10
|
import { Factor, FactorWithSecrets } from './interfaces/factor.interface';
|
|
11
|
+
import { Identity } from './interfaces/identity.interface';
|
|
12
|
+
import { Invitation } from './interfaces/invitation.interface';
|
|
13
|
+
import { ListInvitationsOptions } from './interfaces/list-invitations-options.interface';
|
|
14
|
+
import { ListOrganizationMembershipsOptions } from './interfaces/list-organization-memberships-options.interface';
|
|
15
|
+
import { OrganizationMembership } from './interfaces/organization-membership.interface';
|
|
16
|
+
import { RefreshAndSealSessionDataResponse } from './interfaces/refresh-and-seal-session-data.interface';
|
|
15
17
|
import { RevokeSessionOptions } from './interfaces/revoke-session-options.interface';
|
|
18
|
+
import { SendInvitationOptions } from './interfaces/send-invitation-options.interface';
|
|
19
|
+
import { SessionHandlerOptions } from './interfaces/session-handler-options.interface';
|
|
16
20
|
import { UpdateOrganizationMembershipOptions } from './interfaces/update-organization-membership-options.interface';
|
|
17
|
-
import { Identity } from './interfaces/identity.interface';
|
|
18
21
|
export declare class UserManagement {
|
|
19
22
|
private readonly workos;
|
|
23
|
+
private jwks;
|
|
20
24
|
constructor(workos: WorkOS);
|
|
21
25
|
getUser(userId: string): Promise<User>;
|
|
22
26
|
listUsers(options?: ListUsersOptions): Promise<AutoPaginatable<User>>;
|
|
@@ -28,6 +32,12 @@ export declare class UserManagement {
|
|
|
28
32
|
authenticateWithTotp(payload: AuthenticateWithTotpOptions): Promise<AuthenticationResponse>;
|
|
29
33
|
authenticateWithEmailVerification(payload: AuthenticateWithEmailVerificationOptions): Promise<AuthenticationResponse>;
|
|
30
34
|
authenticateWithOrganizationSelection(payload: AuthenticateWithOrganizationSelectionOptions): Promise<AuthenticationResponse>;
|
|
35
|
+
authenticateWithSessionCookie({ sessionData, cookiePassword, }: SessionHandlerOptions): Promise<AuthenticateWithSessionCookieSuccessResponse | AuthenticateWithSessionCookieFailedResponse>;
|
|
36
|
+
private isValidJwt;
|
|
37
|
+
refreshAndSealSessionData({ sessionData, cookiePassword, }: SessionHandlerOptions): Promise<RefreshAndSealSessionDataResponse>;
|
|
38
|
+
private prepareAuthenticationResponse;
|
|
39
|
+
private sealSessionDataFromAuthenticationResponse;
|
|
40
|
+
getSessionFromCookie({ sessionData, cookiePassword, }: SessionHandlerOptions): Promise<SessionCookieData | undefined>;
|
|
31
41
|
getEmailVerification(emailVerificationId: string): Promise<EmailVerification>;
|
|
32
42
|
sendVerificationEmail({ userId, }: SendVerificationEmailOptions): Promise<{
|
|
33
43
|
user: User;
|