@workos-inc/node 7.37.2 → 7.39.0

package/lib/fga/fga.spec.js

@@ -24,6 +24,7 @@ describe('FGA', () => {
             (0, test_utils_1.fetchOnce)({
                 result: 'authorized',
                 is_implicit: false,
+                warrant_token: 'abc',
             });
             const checkResult = yield workos.fga.check({
                 checks: [
@@ -44,6 +45,7 @@ describe('FGA', () => {
             expect(checkResult).toMatchObject({
                 result: 'authorized',
                 isImplicit: false,
+                warrantToken: 'abc',
             });
         }));
     });

package/lib/fga/interfaces/check.interface.d.ts

@@ -37,6 +37,7 @@ export interface SerializedCheckBatchOptions {
 export interface CheckResultResponse {
     result: string;
     is_implicit: boolean;
+    warrant_token: string;
     debug_info?: DebugInfoResponse;
 }
 export interface DebugInfo {
@@ -64,11 +65,13 @@ export interface DecisionTreeNodeResponse {
 export interface CheckResultInterface {
     result: string;
     isImplicit: boolean;
+    warrantToken: string;
     debugInfo?: DebugInfo;
 }
 export declare class CheckResult implements CheckResultInterface {
     result: string;
     isImplicit: boolean;
+    warrantToken: string;
     debugInfo?: DebugInfo;
     constructor(json: CheckResultResponse);
     isAuthorized(): boolean;

package/lib/fga/interfaces/check.interface.js

@@ -7,6 +7,7 @@ class CheckResult {
     constructor(json) {
         this.result = json.result;
         this.isImplicit = json.is_implicit;
+        this.warrantToken = json.warrant_token;
         this.debugInfo = json.debug_info
             ? {
                 processingTime: json.debug_info.processing_time,

package/lib/organizations/fixtures/list-organization-roles.json

@@ -7,6 +7,10 @@
             "name": "Admin",
             "slug": "admin",
             "description": null,
+            "permissions": [
+                "posts:create",
+                "posts:delete"
+            ],
             "type": "EnvironmentRole",
             "created_at": "2024-01-01T00:00:00.000Z",
             "updated_at": "2024-01-01T00:00:00.000Z"
@@ -17,6 +21,7 @@
             "name": "Member",
             "slug": "member",
             "description": null,
+            "permissions": [],
             "type": "EnvironmentRole",
             "created_at": "2024-01-01T00:00:00.000Z",
             "updated_at": "2024-01-01T00:00:00.000Z"
@@ -27,6 +32,9 @@
             "name": "OrganizationMember",
             "slug": "org-member",
             "description": null,
+            "permissions": [
+                "posts:read"
+            ],
             "type": "OrganizationRole",
             "created_at": "2024-01-01T00:00:00.000Z",
             "updated_at": "2024-01-01T00:00:00.000Z"

package/lib/organizations/organizations.spec.js

@@ -285,6 +285,41 @@ describe('Organizations', () => {
             expect((0, test_utils_1.fetchURL)()).toContain('/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles');
             expect(object).toEqual('list');
             expect(data).toHaveLength(3);
+            expect(data).toEqual([
+                {
+                    object: 'role',
+                    id: 'role_01EHQMYV6MBK39QC5PZXHY59C5',
+                    name: 'Admin',
+                    slug: 'admin',
+                    description: null,
+                    permissions: ['posts:create', 'posts:delete'],
+                    type: 'EnvironmentRole',
+                    createdAt: '2024-01-01T00:00:00.000Z',
+                    updatedAt: '2024-01-01T00:00:00.000Z',
+                },
+                {
+                    object: 'role',
+                    id: 'role_01EHQMYV6MBK39QC5PZXHY59C3',
+                    name: 'Member',
+                    slug: 'member',
+                    description: null,
+                    permissions: [],
+                    type: 'EnvironmentRole',
+                    createdAt: '2024-01-01T00:00:00.000Z',
+                    updatedAt: '2024-01-01T00:00:00.000Z',
+                },
+                {
+                    object: 'role',
+                    id: 'role_01EHQMYV6MBK39QC5PZXHY59C3',
+                    name: 'OrganizationMember',
+                    slug: 'org-member',
+                    description: null,
+                    permissions: ['posts:read'],
+                    type: 'OrganizationRole',
+                    createdAt: '2024-01-01T00:00:00.000Z',
+                    updatedAt: '2024-01-01T00:00:00.000Z',
+                },
+            ]);
         }));
     });
 });

package/lib/roles/interfaces/role.interface.d.ts

@@ -4,10 +4,16 @@ export interface RoleResponse {
 export interface RoleEvent {
     object: 'role';
     slug: string;
+    permissions: string[];
+    createdAt: string;
+    updatedAt: string;
 }
 export interface RoleEventResponse {
     object: 'role';
     slug: string;
+    permissions: string[];
+    created_at: string;
+    updated_at: string;
 }
 export interface ListOrganizationRolesResponse {
     object: 'list';
@@ -19,6 +25,7 @@ export interface OrganizationRoleResponse {
     name: string;
     slug: string;
     description: string | null;
+    permissions: string[];
     type: 'EnvironmentRole' | 'OrganizationRole';
     created_at: string;
     updated_at: string;
@@ -29,6 +36,7 @@ export interface Role {
     name: string;
     slug: string;
     description: string | null;
+    permissions: string[];
     type: 'EnvironmentRole' | 'OrganizationRole';
     createdAt: string;
     updatedAt: string;

package/lib/roles/serializers/role.serializer.js

@@ -7,6 +7,7 @@ const deserializeRole = (role) => ({
     name: role.name,
     slug: role.slug,
     description: role.description,
+    permissions: role.permissions,
     type: role.type,
     createdAt: role.created_at,
     updatedAt: role.updated_at,

package/lib/user-management/fixtures/list-users.json

@@ -9,7 +9,9 @@
             "last_name": "User",
             "created_at": "2023-07-18T02:07:19.911Z",
             "updated_at": "2023-07-18T02:07:19.911Z",
-            "email_verified_at": "2023-07-17T20:07:20.055Z"
+            "email_verified": true,
+            "profile_picture_url": "https://example.com/profile_picture.jpg",
+            "last_sign_in_at": "2023-07-18T02:07:19.911Z"
         }
     ],
     "list_metadata": {

package/lib/user-management/fixtures/user.json

@@ -7,5 +7,6 @@
     "created_at": "2023-07-18T02:07:19.911Z",
     "updated_at": "2023-07-18T02:07:19.911Z",
     "email_verified": true,
-    "profile_picture_url": "https://example.com/profile_picture.jpg"
+    "profile_picture_url": "https://example.com/profile_picture.jpg",
+    "last_sign_in_at": "2023-07-18T02:07:19.911Z"
 }

package/lib/user-management/interfaces/refresh-and-seal-session-data.interface.d.ts

@@ -1,3 +1,4 @@
+import { AuthenticateWithSessionCookieSuccessResponse } from './authenticate-with-session-cookie.interface';
 import { AuthenticationResponse } from './authentication-response.interface';
 export declare enum RefreshAndSealSessionDataFailureReason {
     /**
@@ -14,14 +15,23 @@ export declare enum RefreshAndSealSessionDataFailureReason {
      */
     ORGANIZATION_NOT_AUTHORIZED = "organization_not_authorized"
 }
-type RefreshAndSealSessionDataFailedResponse = {
+type RefreshSessionFailedResponse = {
     authenticated: false;
     reason: RefreshAndSealSessionDataFailureReason;
 };
+/**
+ * @deprecated To be removed in a future major version along with `refreshAndSealSessionData`.
+ */
 type RefreshAndSealSessionDataSuccessResponse = {
     authenticated: true;
     session?: AuthenticationResponse;
     sealedSession?: string;
 };
-export type RefreshAndSealSessionDataResponse = RefreshAndSealSessionDataFailedResponse | RefreshAndSealSessionDataSuccessResponse;
+export type RefreshAndSealSessionDataResponse = RefreshSessionFailedResponse | RefreshAndSealSessionDataSuccessResponse;
+type RefreshSessionSuccessResponse = Omit<AuthenticateWithSessionCookieSuccessResponse, 'accessToken'> & {
+    authenticated: true;
+    session?: AuthenticationResponse;
+    sealedSession?: string;
+};
+export type RefreshSessionResponse = RefreshSessionFailedResponse | RefreshSessionSuccessResponse;
 export {};

package/lib/user-management/interfaces/user.interface.d.ts

@@ -6,6 +6,7 @@ export interface User {
     profilePictureUrl: string | null;
     firstName: string | null;
     lastName: string | null;
+    lastSignInAt: string | null;
     createdAt: string;
     updatedAt: string;
 }
@@ -17,6 +18,7 @@ export interface UserResponse {
     profile_picture_url: string | null;
     first_name: string | null;
     last_name: string | null;
+    last_sign_in_at: string | null;
     created_at: string;
     updated_at: string;
 }

package/lib/user-management/serializers/role.serializer.js

@@ -4,5 +4,8 @@ exports.deserializeRoleEvent = void 0;
 const deserializeRoleEvent = (role) => ({
     object: 'role',
     slug: role.slug,
+    permissions: role.permissions,
+    createdAt: role.created_at,
+    updatedAt: role.updated_at,
 });
 exports.deserializeRoleEvent = deserializeRoleEvent;

package/lib/user-management/serializers/user.serializer.js

@@ -9,6 +9,7 @@ const deserializeUser = (user) => ({
     firstName: user.first_name,
     profilePictureUrl: user.profile_picture_url,
     lastName: user.last_name,
+    lastSignInAt: user.last_sign_in_at,
     createdAt: user.created_at,
     updatedAt: user.updated_at,
 });

package/lib/user-management/session.d.ts

@@ -1,5 +1,5 @@
+import { AuthenticateWithSessionCookieFailedResponse, AuthenticateWithSessionCookieSuccessResponse, RefreshSessionResponse } from './interfaces';
 import { UserManagement } from './user-management';
-import { AuthenticateWithSessionCookieFailedResponse, AuthenticateWithSessionCookieSuccessResponse, RefreshAndSealSessionDataResponse } from './interfaces';
 type RefreshOptions = {
     cookiePassword?: string;
     organizationId?: string;
@@ -25,7 +25,7 @@ export declare class Session {
      * @param options.organizationId - The organization ID to use for the new session cookie.
      * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.
      */
-    refresh(options?: RefreshOptions): Promise<RefreshAndSealSessionDataResponse>;
+    refresh(options?: RefreshOptions): Promise<RefreshSessionResponse>;
     /**
      * Gets the URL to redirect the user to for logging out.
      *

package/lib/user-management/session.js

@@ -116,10 +116,20 @@ class Session {
                     this.cookiePassword = options.cookiePassword;
                 }
                 this.sessionData = authenticationResponse.sealedSession;
+                const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, } = (0, jose_1.decodeJwt)(authenticationResponse.accessToken);
+                // TODO: Returning `session` here means there's some duplicated data.
+                // Slim down the return type in a future major version.
                 return {
                     authenticated: true,
                     sealedSession: authenticationResponse.sealedSession,
                     session: authenticationResponse,
+                    sessionId,
+                    organizationId,
+                    role,
+                    permissions,
+                    entitlements,
+                    user: session.user,
+                    impersonator: session.impersonator,
                 };
             }
             catch (error) {

package/lib/user-management/session.spec.js

@@ -200,11 +200,11 @@ describe('Session', () => {
                 const response = yield session.refresh();
                 expect(response).toEqual({
                     authenticated: true,
-                    accessToken: undefined,
-                    authenticationMethod: undefined,
-                    impersonator: undefined,
-                    organizationId: undefined,
-                    refreshToken: undefined,
+                    impersonator: {
+                        email: 'admin@example.com',
+                        reason: 'test',
+                    },
+                    organizationId: 'org_123',
                     sealedSession: expect.any(String),
                     session: expect.objectContaining({
                         sealedSession: expect.any(String),
@@ -212,6 +212,15 @@ describe('Session', () => {
                             email: 'test01@example.com',
                         }),
                     }),
+                    entitlements: undefined,
+                    permissions: ['posts:create', 'posts:delete'],
+                    role: 'member',
+                    sessionId: 'session_123',
+                    user: expect.objectContaining({
+                        email: 'test01@example.com',
+                        id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
+                        object: 'user',
+                    }),
                 });
             }));
             it('overwrites the cookie password if a new one is provided', () => __awaiter(void 0, void 0, void 0, function* () {

package/lib/user-management/user-management.spec.js

@@ -81,6 +81,7 @@ describe('UserManagement', () => {
                 firstName: 'Test 01',
                 lastName: 'User',
                 emailVerified: true,
+                lastSignInAt: '2023-07-18T02:07:19.911Z',
             });
         }));
     });

package/lib/workos.js

@@ -29,7 +29,7 @@ const subtle_crypto_provider_1 = require("./common/crypto/subtle-crypto-provider
 const fetch_client_1 = require("./common/net/fetch-client");
 const widgets_1 = require("./widgets/widgets");
 const actions_1 = require("./actions/actions");
-const VERSION = '7.37.2';
+const VERSION = '7.39.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 const HEADER_AUTHORIZATION = 'Authorization';
 const HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "7.37.2",
+  "version": "7.39.0",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",