@workos-inc/node 7.50.0 → 7.51.0

package/lib/fga/serializers/list.serializer.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deserializeFGAList = void 0;
+const deserializeFGAList = (response, deserializeFn) => ({
+    object: 'list',
+    data: response.data.map(deserializeFn),
+    listMetadata: response.list_metadata,
+    warnings: response.warnings,
+});
+exports.deserializeFGAList = deserializeFGAList;

package/lib/fga/serializers/query-result.serializer.d.ts

@@ -1,2 +1,7 @@
 import { QueryResult, QueryResultResponse } from '../interfaces';
+import { Warning } from '../interfaces/warning.interface';
+import { ListResponse } from '../../common/interfaces';
+export interface QueryResultListResponse extends ListResponse<QueryResultResponse> {
+    warnings?: Warning[];
+}
 export declare const deserializeQueryResult: (queryResult: QueryResultResponse) => QueryResult;

package/lib/fga/utils/fetch-and-deserialize-list.d.ts

@@ -0,0 +1,5 @@
+import { WorkOS } from '../../workos';
+import { FGAList } from '../interfaces/list.interface';
+import { QueryRequestOptions } from '../interfaces';
+import { PaginationOptions } from '../../common/interfaces';
+export declare const fetchAndDeserializeFGAList: <T, U>(workos: WorkOS, endpoint: string, deserializeFn: (data: T) => U, options?: PaginationOptions, requestOptions?: QueryRequestOptions) => Promise<FGAList<U>>;

package/lib/fga/utils/fetch-and-deserialize-list.js

@@ -0,0 +1,18 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchAndDeserializeFGAList = void 0;
+const list_serializer_1 = require("../serializers/list.serializer");
+const fetchAndDeserializeFGAList = (workos, endpoint, deserializeFn, options, requestOptions) => __awaiter(void 0, void 0, void 0, function* () {
+    const { data: response } = yield workos.get(endpoint, Object.assign({ query: options }, requestOptions));
+    return (0, list_serializer_1.deserializeFGAList)(response, deserializeFn);
+});
+exports.fetchAndDeserializeFGAList = fetchAndDeserializeFGAList;

package/lib/fga/utils/fga-paginatable.d.ts

@@ -0,0 +1,9 @@
+import { AutoPaginatable } from '../../common/utils/pagination';
+import { FGAList } from '../interfaces/list.interface';
+import { Warning } from '../interfaces/warning.interface';
+import { PaginationOptions } from '../../common/interfaces';
+export declare class FgaPaginatable<T> extends AutoPaginatable<T> {
+    protected list: FGAList<T>;
+    constructor(list: FGAList<T>, apiCall: (params: PaginationOptions) => Promise<FGAList<T>>, options?: PaginationOptions);
+    get warnings(): Warning[] | undefined;
+}

package/lib/fga/utils/fga-paginatable.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FgaPaginatable = void 0;
+const pagination_1 = require("../../common/utils/pagination");
+class FgaPaginatable extends pagination_1.AutoPaginatable {
+    constructor(list, apiCall, options) {
+        super(list, apiCall, options);
+    }
+    get warnings() {
+        return this.list.warnings;
+    }
+}
+exports.FgaPaginatable = FgaPaginatable;

package/lib/index.d.ts

@@ -1,3 +1,4 @@
+import { CryptoProvider } from './common/crypto/crypto-provider';
 import { HttpClient } from './common/net/http-client';
 import { Actions } from './actions/actions';
 import { Webhooks } from './webhooks/webhooks';
@@ -25,6 +26,7 @@ declare class WorkOSNode extends WorkOS {
     createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
     /** @override */
     createWebhookClient(): Webhooks;
+    getCryptoProvider(): CryptoProvider;
     /** @override */
     createActionsClient(): Actions;
     /** @override */

package/lib/index.js

@@ -54,6 +54,9 @@ class WorkOSNode extends workos_1.WorkOS {
     }
     /** @override */
     createWebhookClient() {
+        return new webhooks_1.Webhooks(this.getCryptoProvider());
+    }
+    getCryptoProvider() {
         let cryptoProvider;
         if (typeof crypto !== 'undefined' && typeof crypto.subtle !== 'undefined') {
             cryptoProvider = new subtle_crypto_provider_1.SubtleCryptoProvider();
@@ -61,18 +64,11 @@ class WorkOSNode extends workos_1.WorkOS {
         else {
             cryptoProvider = new node_crypto_provider_1.NodeCryptoProvider();
         }
-        return new webhooks_1.Webhooks(cryptoProvider);
+        return cryptoProvider;
     }
     /** @override */
     createActionsClient() {
-        let cryptoProvider;
-        if (typeof crypto !== 'undefined' && typeof crypto.subtle !== 'undefined') {
-            cryptoProvider = new subtle_crypto_provider_1.SubtleCryptoProvider();
-        }
-        else {
-            cryptoProvider = new node_crypto_provider_1.NodeCryptoProvider();
-        }
-        return new actions_1.Actions(cryptoProvider);
+        return new actions_1.Actions(this.getCryptoProvider());
     }
     /** @override */
     createIronSessionProvider() {

package/lib/index.worker.d.ts

@@ -1,4 +1,5 @@
 import { Actions } from './actions/actions';
+import { CryptoProvider } from './common/crypto/crypto-provider';
 import { IronSessionProvider } from './common/iron-session/iron-session-provider';
 import { HttpClient } from './common/net/http-client';
 import { WorkOSOptions } from './index.worker';
@@ -25,6 +26,7 @@ declare class WorkOSWorker extends WorkOS {
     createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
     /** @override */
     createWebhookClient(): Webhooks;
+    getCryptoProvider(): CryptoProvider;
     /** @override */
     createActionsClient(): Actions;
     /** @override */

package/lib/index.worker.js

@@ -48,6 +48,9 @@ class WorkOSWorker extends workos_1.WorkOS {
         const cryptoProvider = new subtle_crypto_provider_1.SubtleCryptoProvider();
         return new webhooks_1.Webhooks(cryptoProvider);
     }
+    getCryptoProvider() {
+        return new subtle_crypto_provider_1.SubtleCryptoProvider();
+    }
     /** @override */
     createActionsClient() {
         const cryptoProvider = new subtle_crypto_provider_1.SubtleCryptoProvider();

package/lib/user-management/interfaces/update-user-options.interface.d.ts

@@ -1,6 +1,7 @@
 import { PasswordHashType } from './password-hash-type.interface';
 export interface UpdateUserOptions {
     userId: string;
+    email?: string;
     firstName?: string;
     lastName?: string;
     emailVerified?: boolean;
@@ -8,9 +9,10 @@ export interface UpdateUserOptions {
     passwordHash?: string;
     passwordHashType?: PasswordHashType;
     externalId?: string;
-    metadata?: Record<string, string>;
+    metadata?: Record<string, string | null>;
 }
 export interface SerializedUpdateUserOptions {
+    email?: string;
     first_name?: string;
     last_name?: string;
     email_verified?: boolean;
@@ -18,5 +20,5 @@ export interface SerializedUpdateUserOptions {
     password_hash?: string;
     password_hash_type?: PasswordHashType;
     external_id?: string;
-    metadata?: Record<string, string>;
+    metadata?: Record<string, string | null>;
 }

package/lib/user-management/serializers/update-user-options.serializer.js

@@ -2,9 +2,10 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.serializeUpdateUserOptions = void 0;
 const serializeUpdateUserOptions = (options) => ({
+    email: options.email,
+    email_verified: options.emailVerified,
     first_name: options.firstName,
     last_name: options.lastName,
-    email_verified: options.emailVerified,
     password: options.password,
     password_hash: options.passwordHash,
     password_hash_type: options.passwordHashType,

package/lib/user-management/user-management.spec.js

@@ -1112,6 +1112,16 @@ describe('UserManagement', () => {
                 metadata: { key: 'value' },
             });
         }));
+        it('removes metadata from the request', () => __awaiter(void 0, void 0, void 0, function* () {
+            (0, test_utils_1.fetchOnce)(user_json_1.default);
+            yield workos.userManagement.updateUser({
+                userId,
+                metadata: { key: null },
+            });
+            expect((0, test_utils_1.fetchBody)()).toMatchObject({
+                metadata: {},
+            });
+        }));
     });
     describe('enrollAuthFactor', () => {
         it('sends an enrollAuthFactor request', () => __awaiter(void 0, void 0, void 0, function* () {

package/lib/vault/vault.d.ts

@@ -1,10 +1,12 @@
-import { PaginationOptions } from '../index.worker';
-import { WorkOS } from '../workos';
-import { CreateDataKeyOptions, CreateObjectOptions, DataKey, DataKeyPair, DecryptDataKeyOptions, DeleteObjectOptions, ReadObjectOptions, KeyContext, ObjectDigest, ObjectMetadata, ObjectVersion, UpdateObjectOptions, VaultObject } from './interfaces';
 import { List } from '../common/interfaces';
+import { PaginationOptions } from '../index.worker';
+import type { WorkOS } from '../workos';
+import { CreateDataKeyOptions, CreateObjectOptions, DataKey, DataKeyPair, DecryptDataKeyOptions, DeleteObjectOptions, KeyContext, ObjectDigest, ObjectMetadata, ObjectVersion, ReadObjectOptions, UpdateObjectOptions, VaultObject } from './interfaces';
 export declare class Vault {
     private readonly workos;
+    private cryptoProvider;
     constructor(workos: WorkOS);
+    private decode;
     createObject(options: CreateObjectOptions): Promise<ObjectMetadata>;
     listObjects(options?: PaginationOptions | undefined): Promise<List<ObjectDigest>>;
     listObjectVersions(options: ReadObjectOptions): Promise<ObjectVersion[]>;

package/lib/vault/vault.js

@@ -10,8 +10,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Vault = void 0;
-const decrypt_1 = require("./cryptography/decrypt");
-const encrypt_1 = require("./cryptography/encrypt");
+const leb_1 = require("leb");
+const base64_1 = require("../common/utils/base64");
 const vault_key_serializer_1 = require("./serializers/vault-key.serializer");
 const vault_object_serializer_1 = require("./serializers/vault-object.serializer");
 class Vault {
@@ -45,6 +45,24 @@ class Vault {
          * @deprecated Use `deleteObject` instead.
          */
         this.deleteSecret = this.deleteObject;
+        this.cryptoProvider = workos.getCryptoProvider();
+    }
+    decode(payload) {
+        const inputData = (0, base64_1.base64ToUint8Array)(payload);
+        // Use 12 bytes for IV (standard for AES-GCM)
+        const iv = new Uint8Array(inputData.subarray(0, 12));
+        const tag = new Uint8Array(inputData.subarray(12, 28));
+        const { value: keyLen, nextIndex } = (0, leb_1.decodeUInt32)(inputData, 28);
+        // Use subarray instead of slice and convert directly to base64
+        const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);
+        const keys = (0, base64_1.uint8ArrayToBase64)(keysBuffer);
+        const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));
+        return {
+            iv,
+            tag,
+            keys,
+            ciphertext,
+        };
     }
     createObject(options) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -108,17 +126,53 @@ class Vault {
     }
     encrypt(data, context, associatedData) {
         return __awaiter(this, void 0, void 0, function* () {
-            const { dataKey, encryptedKeys } = yield this.createDataKey({
+            const keyPair = yield this.createDataKey({
                 context,
             });
-            return (0, encrypt_1.encrypt)(data, dataKey.key, encryptedKeys, associatedData || '');
+            // Convert base64 key to Uint8Array
+            const encoder = new TextEncoder();
+            // Use our cross-runtime base64 utility
+            const key = (0, base64_1.base64ToUint8Array)(keyPair.dataKey.key);
+            const keyBlob = (0, base64_1.base64ToUint8Array)(keyPair.encryptedKeys);
+            const prefixLenBuffer = (0, leb_1.encodeUInt32)(keyBlob.length);
+            const aadBuffer = associatedData
+                ? encoder.encode(associatedData)
+                : undefined;
+            // Use a 12-byte IV for AES-GCM (industry standard)
+            const iv = this.cryptoProvider.randomBytes(12);
+            const { ciphertext, iv: resultIv, tag, } = yield this.cryptoProvider.encrypt(encoder.encode(data), key, iv, aadBuffer);
+            // Concatenate all parts into a single array
+            const resultArray = new Uint8Array(resultIv.length +
+                tag.length +
+                prefixLenBuffer.length +
+                keyBlob.length +
+                ciphertext.length);
+            let offset = 0;
+            resultArray.set(resultIv, offset);
+            offset += resultIv.length;
+            resultArray.set(tag, offset);
+            offset += tag.length;
+            resultArray.set(new Uint8Array(prefixLenBuffer), offset);
+            offset += prefixLenBuffer.length;
+            resultArray.set(keyBlob, offset);
+            offset += keyBlob.length;
+            resultArray.set(ciphertext, offset);
+            // Convert to base64 using our cross-runtime utility
+            return (0, base64_1.uint8ArrayToBase64)(resultArray);
         });
     }
     decrypt(encryptedData, associatedData) {
         return __awaiter(this, void 0, void 0, function* () {
-            const decoded = (0, decrypt_1.decode)(encryptedData);
+            const decoded = this.decode(encryptedData);
             const dataKey = yield this.decryptDataKey({ keys: decoded.keys });
-            return (0, decrypt_1.decrypt)(decoded, dataKey.key, associatedData || '');
+            // Convert base64 key to Uint8Array using our cross-runtime utility
+            const key = (0, base64_1.base64ToUint8Array)(dataKey.key);
+            const encoder = new TextEncoder();
+            const aadBuffer = associatedData
+                ? encoder.encode(associatedData)
+                : undefined;
+            const decrypted = yield this.cryptoProvider.decrypt(decoded.ciphertext, key, decoded.iv, decoded.tag, aadBuffer);
+            return new TextDecoder().decode(decrypted);
         });
     }
 }

package/lib/vault/vault.spec.js

@@ -244,4 +244,43 @@ describe('Vault', () => {
             expect((0, test_utils_1.fetchMethod)()).toBe('PUT');
         }));
     });
+    describe('encrypt and decrypt', () => {
+        it('correctly encrypts and decrypts data', () => __awaiter(void 0, void 0, void 0, function* () {
+            // Generate a valid 32-byte (256-bit) key for AES-256-GCM
+            const validKey = Buffer.alloc(32).fill('A').toString('base64');
+            // Mock createDataKey to return a valid key for testing
+            (0, test_utils_1.fetchOnce)({
+                data_key: validKey,
+                encrypted_keys: 'ZW5jcnlwdGVkX2tleXM=',
+                id: 'key123',
+                context: { type: 'test' },
+            });
+            // Mock decryptDataKey to return same key
+            (0, test_utils_1.fetchOnce)({
+                data_key: validKey,
+                id: 'key123',
+            });
+            const originalText = 'This is a secret message';
+            const context = { type: 'test' };
+            const associatedData = 'additional-auth-data';
+            // Encrypt the data
+            const encrypted = yield workos.vault.encrypt(originalText, context, associatedData);
+            // Verify encrypt API call
+            expect((0, test_utils_1.fetchURL)()).toContain('/vault/v1/keys/data-key');
+            expect((0, test_utils_1.fetchMethod)()).toBe('POST');
+            // Reset fetch for the decrypt call
+            jest_fetch_mock_1.default.resetMocks();
+            (0, test_utils_1.fetchOnce)({
+                data_key: validKey,
+                id: 'key123',
+            });
+            // Decrypt the data
+            const decrypted = yield workos.vault.decrypt(encrypted, associatedData);
+            // Verify decrypt API call
+            expect((0, test_utils_1.fetchURL)()).toContain('/vault/v1/keys/decrypt');
+            expect((0, test_utils_1.fetchMethod)()).toBe('POST');
+            // Verify the decrypted text matches the original
+            expect(decrypted).toBe(originalText);
+        }));
+    });
 });

package/lib/webhooks/webhooks.js

@@ -11,10 +11,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Webhooks = void 0;
 const serializers_1 = require("../common/serializers");
-const SignatureProvider_1 = require("../common/crypto/SignatureProvider");
+const signature_provider_1 = require("../common/crypto/signature-provider");
 class Webhooks {
     constructor(cryptoProvider) {
-        this.signatureProvider = new SignatureProvider_1.SignatureProvider(cryptoProvider);
+        this.signatureProvider = new signature_provider_1.SignatureProvider(cryptoProvider);
     }
     get verifyHeader() {
         return this.signatureProvider.verifyHeader.bind(this.signatureProvider);

package/lib/workos.d.ts

@@ -16,6 +16,7 @@ import { IronSessionProvider } from './common/iron-session/iron-session-provider
 import { Widgets } from './widgets/widgets';
 import { Actions } from './actions/actions';
 import { Vault } from './vault/vault';
+import { CryptoProvider } from './common/crypto/crypto-provider';
 export declare class WorkOS {
     readonly key?: string | undefined;
     readonly options: WorkOSOptions;
@@ -40,6 +41,7 @@ export declare class WorkOS {
     constructor(key?: string | undefined, options?: WorkOSOptions);
     createWebhookClient(): Webhooks;
     createActionsClient(): Actions;
+    getCryptoProvider(): CryptoProvider;
     createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
     createIronSessionProvider(): IronSessionProvider;
     get version(): string;

package/lib/workos.js

@@ -31,7 +31,7 @@ const widgets_1 = require("./widgets/widgets");
 const actions_1 = require("./actions/actions");
 const vault_1 = require("./vault/vault");
 const conflict_exception_1 = require("./common/exceptions/conflict.exception");
-const VERSION = '7.50.0';
+const VERSION = '7.51.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 const HEADER_AUTHORIZATION = 'Authorization';
 const HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';
@@ -88,10 +88,13 @@ class WorkOS {
         this.client = this.createHttpClient(options, userAgent);
     }
     createWebhookClient() {
-        return new webhooks_1.Webhooks(new subtle_crypto_provider_1.SubtleCryptoProvider());
+        return new webhooks_1.Webhooks(this.getCryptoProvider());
     }
     createActionsClient() {
-        return new actions_1.Actions(new subtle_crypto_provider_1.SubtleCryptoProvider());
+        return new actions_1.Actions(this.getCryptoProvider());
+    }
+    getCryptoProvider() {
+        return new subtle_crypto_provider_1.SubtleCryptoProvider();
     }
     createHttpClient(options, userAgent) {
         var _a;

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "7.50.0",
+  "version": "7.51.0",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",

package/lib/common/crypto/CryptoProvider.d.ts

@@ -1,32 +0,0 @@
-/**
- * Interface encapsulating the various crypto computations used by the library,
- * allowing pluggable underlying crypto implementations.
- */
-export declare abstract class CryptoProvider {
-    encoder: TextEncoder;
-    /**
-     * Computes a SHA-256 HMAC given a secret and a payload (encoded in UTF-8).
-     * The output HMAC should be encoded in hexadecimal.
-     *
-     * Sample values for implementations:
-     * - computeHMACSignature('', 'test_secret') => 'f7f9bd47fb987337b5796fdc1fdb9ba221d0d5396814bfcaf9521f43fd8927fd'
-     * - computeHMACSignature('\ud83d\ude00', 'test_secret') => '837da296d05c4fe31f61d5d7ead035099d9585a5bcde87de952012a78f0b0c43
-     */
-    abstract computeHMACSignature(payload: string, secret: string): string;
-    /**
-     * Asynchronous version of `computeHMACSignature`. Some implementations may
-     * only allow support async signature computation.
-     *
-     * Computes a SHA-256 HMAC given a secret and a payload (encoded in UTF-8).
-     * The output HMAC should be encoded in hexadecimal.
-     *
-     * Sample values for implementations:
-     * - computeHMACSignature('', 'test_secret') => 'f7f9bd47fb987337b5796fdc1fdb9ba221d0d5396814bfcaf9521f43fd8927fd'
-     * - computeHMACSignature('\ud83d\ude00', 'test_secret') => '837da296d05c4fe31f61d5d7ead035099d9585a5bcde87de952012a78f0b0c43
-     */
-    abstract computeHMACSignatureAsync(payload: string, secret: string): Promise<string>;
-    /**
-     * Cryptographically determine whether two signatures are equal
-     */
-    abstract secureCompare(stringA: string, stringB: string): Promise<boolean>;
-}

package/lib/common/crypto/CryptoProvider.js

@@ -1,13 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CryptoProvider = void 0;
-/**
- * Interface encapsulating the various crypto computations used by the library,
- * allowing pluggable underlying crypto implementations.
- */
-class CryptoProvider {
-    constructor() {
-        this.encoder = new TextEncoder();
-    }
-}
-exports.CryptoProvider = CryptoProvider;

package/lib/common/crypto/NodeCryptoProvider.d.ts

@@ -1,12 +0,0 @@
-import { CryptoProvider } from './CryptoProvider';
-/**
- * `CryptoProvider which uses the Node `crypto` package for its computations.
- */
-export declare class NodeCryptoProvider extends CryptoProvider {
-    /** @override */
-    computeHMACSignature(payload: string, secret: string): string;
-    /** @override */
-    computeHMACSignatureAsync(payload: string, secret: string): Promise<string>;
-    /** @override */
-    secureCompare(stringA: string, stringB: string): Promise<boolean>;
-}

package/lib/common/crypto/NodeCryptoProvider.js

@@ -1,73 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.NodeCryptoProvider = void 0;
-const crypto = __importStar(require("crypto"));
-const CryptoProvider_1 = require("./CryptoProvider");
-/**
- * `CryptoProvider which uses the Node `crypto` package for its computations.
- */
-class NodeCryptoProvider extends CryptoProvider_1.CryptoProvider {
-    /** @override */
-    computeHMACSignature(payload, secret) {
-        return crypto
-            .createHmac('sha256', secret)
-            .update(payload, 'utf8')
-            .digest('hex');
-    }
-    /** @override */
-    computeHMACSignatureAsync(payload, secret) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const signature = yield this.computeHMACSignature(payload, secret);
-            return signature;
-        });
-    }
-    /** @override */
-    secureCompare(stringA, stringB) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const bufferA = this.encoder.encode(stringA);
-            const bufferB = this.encoder.encode(stringB);
-            if (bufferA.length !== bufferB.length) {
-                return false;
-            }
-            // Generate a random key for HMAC
-            const key = crypto.randomBytes(32); // Generates a 256-bit key
-            const hmacA = crypto.createHmac('sha256', key).update(bufferA).digest();
-            const hmacB = crypto.createHmac('sha256', key).update(bufferB).digest();
-            // Perform a constant time comparison
-            return crypto.timingSafeEqual(hmacA, hmacB);
-        });
-    }
-}
-exports.NodeCryptoProvider = NodeCryptoProvider;

package/lib/common/crypto/SubtleCryptoProvider.d.ts

@@ -1,15 +0,0 @@
-import { CryptoProvider } from './CryptoProvider';
-/**
- * `CryptoProvider which uses the SubtleCrypto interface of the Web Crypto API.
- *
- * This only supports asynchronous operations.
- */
-export declare class SubtleCryptoProvider extends CryptoProvider {
-    subtleCrypto: SubtleCrypto;
-    constructor(subtleCrypto?: SubtleCrypto);
-    computeHMACSignature(_payload: string, _secret: string): string;
-    /** @override */
-    computeHMACSignatureAsync(payload: string, secret: string): Promise<string>;
-    /** @override */
-    secureCompare(stringA: string, stringB: string): Promise<boolean>;
-}

package/lib/common/crypto/SubtleCryptoProvider.js

@@ -1,75 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SubtleCryptoProvider = void 0;
-const CryptoProvider_1 = require("./CryptoProvider");
-/**
- * `CryptoProvider which uses the SubtleCrypto interface of the Web Crypto API.
- *
- * This only supports asynchronous operations.
- */
-class SubtleCryptoProvider extends CryptoProvider_1.CryptoProvider {
-    constructor(subtleCrypto) {
-        super();
-        // If no subtle crypto is interface, default to the global namespace. This
-        // is to allow custom interfaces (eg. using the Node webcrypto interface in
-        // tests).
-        this.subtleCrypto = subtleCrypto || crypto.subtle;
-    }
-    computeHMACSignature(_payload, _secret) {
-        throw new Error('SubleCryptoProvider cannot be used in a synchronous context.');
-    }
-    /** @override */
-    computeHMACSignatureAsync(payload, secret) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const encoder = new TextEncoder();
-            const key = yield this.subtleCrypto.importKey('raw', encoder.encode(secret), {
-                name: 'HMAC',
-                hash: { name: 'SHA-256' },
-            }, false, ['sign']);
-            const signatureBuffer = yield this.subtleCrypto.sign('hmac', key, encoder.encode(payload));
-            // crypto.subtle returns the signature in base64 format. This must be
-            // encoded in hex to match the CryptoProvider contract. We map each byte in
-            // the buffer to its corresponding hex octet and then combine into a string.
-            const signatureBytes = new Uint8Array(signatureBuffer);
-            const signatureHexCodes = new Array(signatureBytes.length);
-            for (let i = 0; i < signatureBytes.length; i++) {
-                signatureHexCodes[i] = byteHexMapping[signatureBytes[i]];
-            }
-            return signatureHexCodes.join('');
-        });
-    }
-    /** @override */
-    secureCompare(stringA, stringB) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const bufferA = this.encoder.encode(stringA);
-            const bufferB = this.encoder.encode(stringB);
-            if (bufferA.length !== bufferB.length) {
-                return false;
-            }
-            const algorithm = { name: 'HMAC', hash: 'SHA-256' };
-            const key = (yield crypto.subtle.generateKey(algorithm, false, [
-                'sign',
-                'verify',
-            ]));
-            const hmac = yield crypto.subtle.sign(algorithm, key, bufferA);
-            const equal = yield crypto.subtle.verify(algorithm, key, hmac, bufferB);
-            return equal;
-        });
-    }
-}
-exports.SubtleCryptoProvider = SubtleCryptoProvider;
-// Cached mapping of byte to hex representation. We do this once to avoid re-
-// computing every time we need to convert the result of a signature to hex.
-const byteHexMapping = new Array(256);
-for (let i = 0; i < byteHexMapping.length; i++) {
-    byteHexMapping[i] = i.toString(16).padStart(2, '0');
-}