npm - @workos-inc/node - Versions diffs - 7.48.0 → 7.50.0 - Mend

@workos-inc/node 7.48.0 → 7.50.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/lib/common/interfaces/event.interface.d.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import { AuthenticationEvent, AuthenticationEventResponse, EmailVerificationEven
 import { OrganizationMembership, OrganizationMembershipResponse } from '../../user-management/interfaces/organization-membership.interface';
 import { RoleEvent, RoleEventResponse } from '../../roles/interfaces/role.interface';
 import { OrganizationDomain, OrganizationDomainResponse } from '../../organization-domains/interfaces';
+import { AuthenticationRadarRiskDetectedEventData, AuthenticationRadarRiskDetectedEventResponseData } from '../../user-management/interfaces/authentication-radar-risk-detected-event.interface';
 export interface EventBase {
     id: string;
     createdAt: string;
@@ -77,6 +78,14 @@ export interface AuthenticationPasswordSucceededEventResponse extends EventRespo
     event: 'authentication.password_succeeded';
     data: AuthenticationEventResponse;
 }
+export interface AuthenticationRadarRiskDetectedEvent extends EventBase {
+    event: 'authentication.radar_risk_detected';
+    data: AuthenticationRadarRiskDetectedEventData;
+}
+export interface AuthenticationRadarRiskDetectedEventResponse extends EventResponseBase {
+    event: 'authentication.radar_risk_detected';
+    data: AuthenticationRadarRiskDetectedEventResponseData;
+}
 export interface AuthenticationSSOFailedEvent extends EventBase {
     event: 'authentication.sso_failed';
     data: AuthenticationEvent;
@@ -409,7 +418,7 @@ export interface OrganizationDomainVerificationFailedEventResponse extends Event
     event: 'organization_domain.verification_failed';
     data: OrganizationDomainResponse;
 }
-export type Event = AuthenticationEmailVerificationSucceededEvent | AuthenticationMfaSucceededEvent | AuthenticationOAuthFailedEvent | AuthenticationOAuthSucceededEvent | AuthenticationSSOFailedEvent | AuthenticationSSOSucceededEvent | AuthenticationPasswordFailedEvent | AuthenticationPasswordSucceededEvent | AuthenticationMagicAuthFailedEvent | AuthenticationMagicAuthSucceededEvent | ConnectionActivatedEvent | ConnectionDeactivatedEvent | ConnectionDeletedEvent | DsyncActivatedEvent | DsyncDeactivatedEvent | DsyncDeletedEvent | DsyncGroupCreatedEvent | DsyncGroupUpdatedEvent | DsyncGroupDeletedEvent | DsyncGroupUserAddedEvent | DsyncGroupUserRemovedEvent | DsyncUserCreatedEvent | DsyncUserUpdatedEvent | DsyncUserDeletedEvent | EmailVerificationCreatedEvent | InvitationCreatedEvent | MagicAuthCreatedEvent | PasswordResetCreatedEvent | PasswordResetSucceededEvent | UserCreatedEvent | UserUpdatedEvent | UserDeletedEvent | OrganizationMembershipAdded | OrganizationMembershipCreated | OrganizationMembershipDeleted | OrganizationMembershipUpdated | OrganizationMembershipRemoved | RoleCreatedEvent | RoleDeletedEvent | RoleUpdatedEvent | SessionCreatedEvent | OrganizationCreatedEvent | OrganizationUpdatedEvent | OrganizationDeletedEvent | OrganizationDomainVerifiedEvent | OrganizationDomainVerificationFailedEvent;
-export type EventResponse = AuthenticationEmailVerificationSucceededEventResponse | AuthenticationMagicAuthFailedEventResponse | AuthenticationMagicAuthSucceededEventResponse | AuthenticationMfaSucceededEventResponse | AuthenticationOAuthFailedEventResponse | AuthenticationOAuthSucceededEventResponse | AuthenticationPasswordFailedEventResponse | AuthenticationPasswordSucceededEventResponse | AuthenticationSSOFailedEventResponse | AuthenticationSSOSucceededEventResponse | ConnectionActivatedEventResponse | ConnectionDeactivatedEventResponse | ConnectionDeletedEventResponse | DsyncActivatedEventResponse | DsyncDeactivatedEventResponse | DsyncDeletedEventResponse | DsyncGroupCreatedEventResponse | DsyncGroupUpdatedEventResponse | DsyncGroupDeletedEventResponse | DsyncGroupUserAddedEventResponse | DsyncGroupUserRemovedEventResponse | DsyncUserCreatedEventResponse | DsyncUserUpdatedEventResponse | DsyncUserDeletedEventResponse | EmailVerificationCreatedEventResponse | InvitationCreatedEventResponse | MagicAuthCreatedEventResponse | PasswordResetCreatedEventResponse | PasswordResetSucceededEventResponse | UserCreatedEventResponse | UserUpdatedEventResponse | UserDeletedEventResponse | OrganizationMembershipAddedResponse | OrganizationMembershipCreatedResponse | OrganizationMembershipDeletedResponse | OrganizationMembershipUpdatedResponse | OrganizationMembershipRemovedResponse | RoleCreatedEventResponse | RoleDeletedEventResponse | RoleUpdatedEventResponse | SessionCreatedEventResponse | OrganizationCreatedResponse | OrganizationUpdatedResponse | OrganizationDeletedResponse | OrganizationDomainVerifiedEventResponse | OrganizationDomainVerificationFailedEventResponse;
+export type Event = AuthenticationEmailVerificationSucceededEvent | AuthenticationMfaSucceededEvent | AuthenticationOAuthFailedEvent | AuthenticationOAuthSucceededEvent | AuthenticationSSOFailedEvent | AuthenticationSSOSucceededEvent | AuthenticationPasswordFailedEvent | AuthenticationPasswordSucceededEvent | AuthenticationMagicAuthFailedEvent | AuthenticationMagicAuthSucceededEvent | AuthenticationRadarRiskDetectedEvent | ConnectionActivatedEvent | ConnectionDeactivatedEvent | ConnectionDeletedEvent | DsyncActivatedEvent | DsyncDeactivatedEvent | DsyncDeletedEvent | DsyncGroupCreatedEvent | DsyncGroupUpdatedEvent | DsyncGroupDeletedEvent | DsyncGroupUserAddedEvent | DsyncGroupUserRemovedEvent | DsyncUserCreatedEvent | DsyncUserUpdatedEvent | DsyncUserDeletedEvent | EmailVerificationCreatedEvent | InvitationCreatedEvent | MagicAuthCreatedEvent | PasswordResetCreatedEvent | PasswordResetSucceededEvent | UserCreatedEvent | UserUpdatedEvent | UserDeletedEvent | OrganizationMembershipAdded | OrganizationMembershipCreated | OrganizationMembershipDeleted | OrganizationMembershipUpdated | OrganizationMembershipRemoved | RoleCreatedEvent | RoleDeletedEvent | RoleUpdatedEvent | SessionCreatedEvent | OrganizationCreatedEvent | OrganizationUpdatedEvent | OrganizationDeletedEvent | OrganizationDomainVerifiedEvent | OrganizationDomainVerificationFailedEvent;
+export type EventResponse = AuthenticationEmailVerificationSucceededEventResponse | AuthenticationMagicAuthFailedEventResponse | AuthenticationMagicAuthSucceededEventResponse | AuthenticationMfaSucceededEventResponse | AuthenticationOAuthFailedEventResponse | AuthenticationOAuthSucceededEventResponse | AuthenticationPasswordFailedEventResponse | AuthenticationPasswordSucceededEventResponse | AuthenticationSSOFailedEventResponse | AuthenticationSSOSucceededEventResponse | AuthenticationRadarRiskDetectedEventResponse | ConnectionActivatedEventResponse | ConnectionDeactivatedEventResponse | ConnectionDeletedEventResponse | DsyncActivatedEventResponse | DsyncDeactivatedEventResponse | DsyncDeletedEventResponse | DsyncGroupCreatedEventResponse | DsyncGroupUpdatedEventResponse | DsyncGroupDeletedEventResponse | DsyncGroupUserAddedEventResponse | DsyncGroupUserRemovedEventResponse | DsyncUserCreatedEventResponse | DsyncUserUpdatedEventResponse | DsyncUserDeletedEventResponse | EmailVerificationCreatedEventResponse | InvitationCreatedEventResponse | MagicAuthCreatedEventResponse | PasswordResetCreatedEventResponse | PasswordResetSucceededEventResponse | UserCreatedEventResponse | UserUpdatedEventResponse | UserDeletedEventResponse | OrganizationMembershipAddedResponse | OrganizationMembershipCreatedResponse | OrganizationMembershipDeletedResponse | OrganizationMembershipUpdatedResponse | OrganizationMembershipRemovedResponse | RoleCreatedEventResponse | RoleDeletedEventResponse | RoleUpdatedEventResponse | SessionCreatedEventResponse | OrganizationCreatedResponse | OrganizationUpdatedResponse | OrganizationDeletedResponse | OrganizationDomainVerifiedEventResponse | OrganizationDomainVerificationFailedEventResponse;
 export type EventName = Event['event'];
 export {};

package/lib/common/serializers/event.serializer.js CHANGED Viewed

@@ -9,6 +9,7 @@ const organization_domain_serializer_1 = require("../../organization-domains/ser
 const organization_membership_serializer_1 = require("../../user-management/serializers/organization-membership.serializer");
 const role_serializer_1 = require("../../user-management/serializers/role.serializer");
 const session_serializer_1 = require("../../user-management/serializers/session.serializer");
+const authentication_radar_risk_event_serializer_1 = require("../../user-management/serializers/authentication-radar-risk-event-serializer");
 const deserializeEvent = (event) => {
     const eventBase = {
         id: event.id,
@@ -26,6 +27,8 @@ const deserializeEvent = (event) => {
         case 'authentication.sso_failed':
         case 'authentication.sso_succeeded':
             return Object.assign(Object.assign({}, eventBase), { event: event.event, data: (0, serializers_4.deserializeAuthenticationEvent)(event.data) });
+        case 'authentication.radar_risk_detected':
+            return Object.assign(Object.assign({}, eventBase), { event: event.event, data: (0, authentication_radar_risk_event_serializer_1.deserializeAuthenticationRadarRiskDetectedEvent)(event.data) });
         case 'connection.activated':
         case 'connection.deactivated':
         case 'connection.deleted':

package/lib/user-management/interfaces/authentication-radar-risk-detected-event.interface.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+export type AuthenticationRadarRiskDetectedEventData = {
+    authMethod: string;
+    action: 'signup' | 'login';
+    control: string | null;
+    blocklistType: string | null;
+    ipAddress: string | null;
+    userAgent: string | null;
+    userId: string;
+    email: string;
+};
+export interface AuthenticationRadarRiskDetectedEventResponseData {
+    auth_method: string;
+    action: 'signup' | 'login';
+    control: string | null;
+    blocklist_type: string | null;
+    ip_address: string | null;
+    user_agent: string | null;
+    user_id: string;
+    email: string;
+}

package/lib/user-management/interfaces/authentication-radar-risk-detected-event.interface.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/lib/user-management/interfaces/authorization-url-options.interface.d.ts CHANGED Viewed

@@ -3,6 +3,10 @@ export interface AuthorizationURLOptions {
     codeChallenge?: string;
     codeChallengeMethod?: 'S256';
     connectionId?: string;
+    /**
+     *  @deprecated We previously required initiate login endpoints to return the `context`
+     *  query parameter when getting the authorization URL. This is no longer necessary.
+     */
     context?: string;
     organizationId?: string;
     domainHint?: string;

package/lib/user-management/interfaces/index.d.ts CHANGED Viewed

@@ -9,6 +9,7 @@ export * from './authenticate-with-session-cookie.interface';
 export * from './authenticate-with-totp-options.interface';
 export * from './authentication-event.interface';
 export * from './authentication-response.interface';
+export * from './authentication-radar-risk-detected-event.interface';
 export * from './create-magic-auth-options.interface';
 export * from './create-organization-membership-options.interface';
 export * from './create-password-reset-options.interface';

package/lib/user-management/interfaces/index.js CHANGED Viewed

@@ -25,6 +25,7 @@ __exportStar(require("./authenticate-with-session-cookie.interface"), exports);
 __exportStar(require("./authenticate-with-totp-options.interface"), exports);
 __exportStar(require("./authentication-event.interface"), exports);
 __exportStar(require("./authentication-response.interface"), exports);
+__exportStar(require("./authentication-radar-risk-detected-event.interface"), exports);
 __exportStar(require("./create-magic-auth-options.interface"), exports);
 __exportStar(require("./create-organization-membership-options.interface"), exports);
 __exportStar(require("./create-password-reset-options.interface"), exports);

package/lib/user-management/serializers/authentication-radar-risk-event-serializer.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { AuthenticationRadarRiskDetectedEventData, AuthenticationRadarRiskDetectedEventResponseData } from '../interfaces';
2	+ export declare const deserializeAuthenticationRadarRiskDetectedEvent: (authenticationRadarRiskDetectedEvent: AuthenticationRadarRiskDetectedEventResponseData) => AuthenticationRadarRiskDetectedEventData;

package/lib/user-management/serializers/authentication-radar-risk-event-serializer.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deserializeAuthenticationRadarRiskDetectedEvent = void 0;
+const deserializeAuthenticationRadarRiskDetectedEvent = (authenticationRadarRiskDetectedEvent) => ({
+    authMethod: authenticationRadarRiskDetectedEvent.auth_method,
+    action: authenticationRadarRiskDetectedEvent.action,
+    control: authenticationRadarRiskDetectedEvent.control,
+    blocklistType: authenticationRadarRiskDetectedEvent.blocklist_type,
+    ipAddress: authenticationRadarRiskDetectedEvent.ip_address,
+    userAgent: authenticationRadarRiskDetectedEvent.user_agent,
+    userId: authenticationRadarRiskDetectedEvent.user_id,
+    email: authenticationRadarRiskDetectedEvent.email,
+});
+exports.deserializeAuthenticationRadarRiskDetectedEvent = deserializeAuthenticationRadarRiskDetectedEvent;

package/lib/user-management/user-management.js CHANGED Viewed

@@ -526,6 +526,10 @@ class UserManagement {
         if (provider !== 'authkit' && screenHint) {
             throw new TypeError(`'screenHint' is only supported for 'authkit' provider`);
         }
+        if (context) {
+            this.workos.emitWarning(`\`context\` is deprecated. We previously required initiate login endpoints to return the
+\`context\` query parameter when getting the authorization URL. This is no longer necessary.`);
+        }
         const query = toQueryString({
             connection_id: connectionId,
             code_challenge: codeChallenge,

package/lib/vault/cryptography/decrypt.d.ts CHANGED Viewed

@@ -5,5 +5,5 @@ export interface Decoded {
     keys: string;
     ciphertext: Buffer;
 }
-export declare const decrypt: (payload: string | Decoded, dataKey: string) => string;
+export declare const decrypt: (payload: string | Decoded, dataKey: string, aad: string) => string;
 export declare const decode: (payload: string) => Decoded;

package/lib/vault/cryptography/decrypt.js CHANGED Viewed

@@ -6,14 +6,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.decode = exports.decrypt = void 0;
 const crypto_1 = __importDefault(require("crypto"));
 const leb_1 = require("leb");
-const decrypt = (payload, dataKey) => {
+const decrypt = (payload, dataKey, aad) => {
     if (typeof payload === 'string') {
         payload = (0, exports.decode)(payload);
     }
     const { iv, tag, ciphertext } = payload;
     const key = Buffer.from(dataKey, 'base64');
-    const decipher = crypto_1.default.createDecipheriv('aes-256-gcm', key, iv);
-    decipher.setAuthTag(tag);
+    const decipher = crypto_1.default
+        .createDecipheriv('aes-256-gcm', key, iv)
+        .setAAD(Buffer.from(aad))
+        .setAuthTag(tag);
     const decrypted = decipher.update(ciphertext, undefined, 'utf-8') + decipher.final('utf-8');
     return decrypted;
 };

package/lib/vault/cryptography/encrypt.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export declare const encrypt: (data: string, dataKey: string, encryptedKeys: string) => string;
1	+ export declare const encrypt: (data: string, dataKey: string, encryptedKeys: string, aad: string) => string;

package/lib/vault/cryptography/encrypt.js CHANGED Viewed

@@ -6,13 +6,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.encrypt = void 0;
 const crypto_1 = __importDefault(require("crypto"));
 const leb_1 = require("leb");
-const encrypt = (data, dataKey, encryptedKeys) => {
+const encrypt = (data, dataKey, encryptedKeys, aad) => {
     // encrypt using the returned data key
     const key = Buffer.from(dataKey, 'base64');
     const keyBlob = Buffer.from(encryptedKeys, 'base64');
     const prefixLen = (0, leb_1.encodeUInt32)(keyBlob.length);
     const iv = crypto_1.default.randomBytes(32);
-    const cipher = crypto_1.default.createCipheriv('aes-256-gcm', key, iv);
+    const cipher = crypto_1.default
+        .createCipheriv('aes-256-gcm', key, iv)
+        .setAAD(Buffer.from(aad));
     const ciphertext = Buffer.concat([
         cipher.update(data, 'utf8'),
         cipher.final(),

package/lib/vault/vault-live-test.spec.js CHANGED Viewed

@@ -241,5 +241,20 @@ describe.skip('Vault Live Test', () => {
             const decrypted = yield workos.vault.decrypt(encrypted);
             expect(decrypted).toBe(superObject);
         }));
+        it('authenticates additional data', () => __awaiter(void 0, void 0, void 0, function* () {
+            const data = 'hot water freezes faster than cold water';
+            const keyContext = { everything: 'everywhere' };
+            const aad = 'seq1';
+            const encrypted = yield workos.vault.encrypt(data, keyContext, aad);
+            const decrypted = yield workos.vault.decrypt(encrypted, aad);
+            expect(decrypted).toBe(data);
+        }));
+        it('fails with invalid AD', () => __awaiter(void 0, void 0, void 0, function* () {
+            const data = 'hot water freezes faster than cold water';
+            const keyContext = { everything: 'everywhere' };
+            const aad = 'seq1';
+            const encrypted = yield workos.vault.encrypt(data, keyContext, aad);
+            yield expect(() => workos.vault.decrypt(encrypted)).rejects.toThrow('unable to authenticate data');
+        }));
     });
 });

package/lib/vault/vault.d.ts CHANGED Viewed

@@ -14,8 +14,8 @@ export declare class Vault {
     deleteObject(options: DeleteObjectOptions): Promise<void>;
     createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair>;
     decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey>;
-    encrypt(data: string, context: KeyContext): Promise<string>;
-    decrypt(encryptedData: string): Promise<string>;
+    encrypt(data: string, context: KeyContext, associatedData?: string): Promise<string>;
+    decrypt(encryptedData: string, associatedData?: string): Promise<string>;
     createSecret: (options: CreateObjectOptions) => Promise<ObjectMetadata>;
     listSecrets: (options?: PaginationOptions | undefined) => Promise<List<ObjectDigest>>;
     listSecretVersions: (options: ReadObjectOptions) => Promise<ObjectVersion[]>;

package/lib/vault/vault.js CHANGED Viewed

@@ -106,19 +106,19 @@ class Vault {
             return (0, vault_key_serializer_1.deserializeDecryptDataKeyResponse)(data);
         });
     }
-    encrypt(data, context) {
+    encrypt(data, context, associatedData) {
         return __awaiter(this, void 0, void 0, function* () {
             const { dataKey, encryptedKeys } = yield this.createDataKey({
                 context,
             });
-            return (0, encrypt_1.encrypt)(data, dataKey.key, encryptedKeys);
+            return (0, encrypt_1.encrypt)(data, dataKey.key, encryptedKeys, associatedData || '');
         });
     }
-    decrypt(encryptedData) {
+    decrypt(encryptedData, associatedData) {
         return __awaiter(this, void 0, void 0, function* () {
             const decoded = (0, decrypt_1.decode)(encryptedData);
             const dataKey = yield this.decryptDataKey({ keys: decoded.keys });
-            return (0, decrypt_1.decrypt)(decoded, dataKey.key);
+            return (0, decrypt_1.decrypt)(decoded, dataKey.key, associatedData || '');
         });
     }
 }

package/lib/workos.js CHANGED Viewed

@@ -31,7 +31,7 @@ const widgets_1 = require("./widgets/widgets");
 const actions_1 = require("./actions/actions");
 const vault_1 = require("./vault/vault");
 const conflict_exception_1 = require("./common/exceptions/conflict.exception");
-const VERSION = '7.48.0';
+const VERSION = '7.50.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 const HEADER_AUTHORIZATION = 'Authorization';
 const HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';

package/package.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "7.48.0",
+  "version": "7.50.0",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",