@workos-inc/node 7.69.1 → 7.70.0

package/lib/common/interfaces/workos-options.interface.d.ts

@@ -7,4 +7,5 @@ export interface WorkOSOptions {
     appInfo?: AppInfo;
     fetchFn?: typeof fetch;
     clientId?: string;
+    timeout?: number;
 }

package/lib/common/net/fetch-client.d.ts

@@ -1,10 +1,13 @@
 import { HttpClientInterface, HttpClientResponseInterface, RequestOptions, ResponseHeaders } from '../interfaces/http-client.interface';
 import { HttpClient, HttpClientResponse } from './http-client';
+interface FetchHttpClientOptions extends RequestInit {
+    timeout?: number;
+}
 export declare class FetchHttpClient extends HttpClient implements HttpClientInterface {
     readonly baseURL: string;
-    readonly options?: RequestInit | undefined;
+    readonly options?: FetchHttpClientOptions | undefined;
     private readonly _fetchFn;
-    constructor(baseURL: string, options?: RequestInit | undefined, fetchFn?: typeof fetch);
+    constructor(baseURL: string, options?: FetchHttpClientOptions | undefined, fetchFn?: typeof fetch);
     /** @override */
     getClientName(): string;
     get(path: string, options: RequestOptions): Promise<HttpClientResponseInterface>;
@@ -22,3 +25,4 @@ export declare class FetchHttpClientResponse extends HttpClientResponse implemen
     toJSON(): Promise<any> | null;
     static _transformHeadersToObject(headers: Headers): ResponseHeaders;
 }
+export {};

package/lib/common/net/fetch-client.js

@@ -12,6 +12,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.FetchHttpClientResponse = exports.FetchHttpClient = void 0;
 const http_client_1 = require("./http-client");
 const parse_error_1 = require("../exceptions/parse-error");
+const DEFAULT_FETCH_TIMEOUT = 60000; // 60 seconds
 class FetchHttpClient extends http_client_1.HttpClient {
     constructor(baseURL, options, fetchFn) {
         super(baseURL, options);
@@ -75,47 +76,82 @@ class FetchHttpClient extends http_client_1.HttpClient {
         });
     }
     fetchRequest(url, method, body, headers) {
-        var _a, _b, _c;
+        var _a, _b, _c, _d, _e;
         return __awaiter(this, void 0, void 0, function* () {
             // For methods which expect payloads, we should always pass a body value
             // even when it is empty. Without this, some JS runtimes (eg. Deno) will
             // inject a second Content-Length header.
             const methodHasPayload = method === 'POST' || method === 'PUT' || method === 'PATCH';
             const requestBody = body || (methodHasPayload ? '' : undefined);
-            const { 'User-Agent': userAgent } = (_a = this.options) === null || _a === void 0 ? void 0 : _a.headers;
-            const res = yield this._fetchFn(url, {
-                method,
-                headers: Object.assign(Object.assign(Object.assign({ Accept: 'application/json, text/plain, */*', 'Content-Type': 'application/json' }, (_b = this.options) === null || _b === void 0 ? void 0 : _b.headers), headers), { 'User-Agent': this.addClientToUserAgent(userAgent.toString()) }),
-                body: requestBody,
-            });
-            if (!res.ok) {
-                const requestID = (_c = res.headers.get('X-Request-ID')) !== null && _c !== void 0 ? _c : '';
-                const rawBody = yield res.text();
-                let responseJson;
-                try {
-                    responseJson = JSON.parse(rawBody);
+            const { 'User-Agent': userAgent } = (((_a = this.options) === null || _a === void 0 ? void 0 : _a.headers) ||
+                {});
+            // Create AbortController for timeout if configured
+            let abortController;
+            let timeoutId;
+            // Access timeout from the options with default of 60 seconds
+            const timeout = (_c = (_b = this.options) === null || _b === void 0 ? void 0 : _b.timeout) !== null && _c !== void 0 ? _c : DEFAULT_FETCH_TIMEOUT; // Default 60 seconds
+            abortController = new AbortController();
+            timeoutId = setTimeout(() => {
+                abortController === null || abortController === void 0 ? void 0 : abortController.abort();
+            }, timeout);
+            try {
+                const res = yield this._fetchFn(url, {
+                    method,
+                    headers: Object.assign(Object.assign(Object.assign({ Accept: 'application/json, text/plain, */*', 'Content-Type': 'application/json' }, (_d = this.options) === null || _d === void 0 ? void 0 : _d.headers), headers), { 'User-Agent': this.addClientToUserAgent((userAgent || 'workos-node').toString()) }),
+                    body: requestBody,
+                    signal: abortController === null || abortController === void 0 ? void 0 : abortController.signal,
+                });
+                // Clear timeout if request completed successfully
+                if (timeoutId) {
+                    clearTimeout(timeoutId);
                 }
-                catch (error) {
-                    if (error instanceof SyntaxError) {
-                        throw new parse_error_1.ParseError({
-                            message: error.message,
-                            rawBody,
-                            requestID,
-                            rawStatus: res.status,
-                        });
+                if (!res.ok) {
+                    const requestID = (_e = res.headers.get('X-Request-ID')) !== null && _e !== void 0 ? _e : '';
+                    const rawBody = yield res.text();
+                    let responseJson;
+                    try {
+                        responseJson = JSON.parse(rawBody);
+                    }
+                    catch (error) {
+                        if (error instanceof SyntaxError) {
+                            throw new parse_error_1.ParseError({
+                                message: error.message,
+                                rawBody,
+                                requestID,
+                                rawStatus: res.status,
+                            });
+                        }
+                        throw error;
                     }
-                    throw error;
+                    throw new http_client_1.HttpClientError({
+                        message: res.statusText,
+                        response: {
+                            status: res.status,
+                            headers: res.headers,
+                            data: responseJson,
+                        },
+                    });
                 }
-                throw new http_client_1.HttpClientError({
-                    message: res.statusText,
-                    response: {
-                        status: res.status,
-                        headers: res.headers,
-                        data: responseJson,
-                    },
-                });
+                return new FetchHttpClientResponse(res);
+            }
+            catch (error) {
+                // Clear timeout if request failed
+                if (timeoutId) {
+                    clearTimeout(timeoutId);
+                }
+                // Handle timeout errors
+                if (error instanceof Error && error.name === 'AbortError') {
+                    throw new http_client_1.HttpClientError({
+                        message: `Request timeout after ${timeout}ms`,
+                        response: {
+                            status: 408,
+                            headers: {},
+                            data: { error: 'Request timeout' },
+                        },
+                    });
+                }
+                throw error;
             }
-            return new FetchHttpClientResponse(res);
         });
     }
     fetchRequestWithRetry(url, method, body, headers) {

package/lib/common/net/fetch-client.spec.js

@@ -15,6 +15,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const jest_fetch_mock_1 = __importDefault(require("jest-fetch-mock"));
 const test_utils_1 = require("../../common/utils/test-utils");
 const fetch_client_1 = require("./fetch-client");
+const http_client_1 = require("./http-client");
 const parse_error_1 = require("../exceptions/parse-error");
 const fetchClient = new fetch_client_1.FetchHttpClient('https://test.workos.com', {
     headers: {
@@ -205,3 +206,73 @@ describe('Fetch client', () => {
         }));
     });
 });
+describe('FetchHttpClient with timeout', () => {
+    let client;
+    let mockFetch;
+    beforeEach(() => {
+        mockFetch = jest.fn();
+        client = new fetch_client_1.FetchHttpClient('https://api.example.com', { timeout: 100 }, mockFetch);
+    });
+    it('should timeout requests that take too long', () => __awaiter(void 0, void 0, void 0, function* () {
+        // Mock a fetch that respects AbortController
+        mockFetch.mockImplementation((_, options) => {
+            return new Promise((_, reject) => {
+                if (options.signal) {
+                    options.signal.addEventListener('abort', () => {
+                        const error = new Error('AbortError');
+                        error.name = 'AbortError';
+                        reject(error);
+                    });
+                }
+                // Never resolve - let the timeout trigger
+            });
+        });
+        yield expect(client.post('/test', { data: 'test' }, {})).rejects.toThrow(http_client_1.HttpClientError);
+        // Reset the mock for the second test
+        mockFetch.mockClear();
+        mockFetch.mockImplementation((_, options) => {
+            return new Promise((_, reject) => {
+                if (options.signal) {
+                    options.signal.addEventListener('abort', () => {
+                        const error = new Error('AbortError');
+                        error.name = 'AbortError';
+                        reject(error);
+                    });
+                }
+                // Never resolve - let the timeout trigger
+            });
+        });
+        yield expect(client.post('/test', { data: 'test' }, {})).rejects.toMatchObject({
+            message: 'Request timeout after 100ms',
+            response: {
+                status: 408,
+                data: { error: 'Request timeout' },
+            },
+        });
+    }));
+    it('should not timeout requests that complete quickly', () => __awaiter(void 0, void 0, void 0, function* () {
+        const mockResponse = {
+            ok: true,
+            status: 200,
+            headers: new Map(),
+            json: () => Promise.resolve({ success: true }),
+            text: () => Promise.resolve('{"success": true}'),
+        };
+        mockFetch.mockResolvedValue(mockResponse);
+        const result = yield client.post('/test', { data: 'test' }, {});
+        expect(result).toBeDefined();
+    }));
+    it('should work without timeout configured', () => __awaiter(void 0, void 0, void 0, function* () {
+        const clientWithoutTimeout = new fetch_client_1.FetchHttpClient('https://api.example.com', {}, mockFetch);
+        const mockResponse = {
+            ok: true,
+            status: 200,
+            headers: new Map(),
+            json: () => Promise.resolve({ success: true }),
+            text: () => Promise.resolve('{"success": true}'),
+        };
+        mockFetch.mockResolvedValue(mockResponse);
+        const result = yield clientWithoutTimeout.post('/test', { data: 'test' }, {});
+        expect(result).toBeDefined();
+    }));
+});

package/lib/index.js

@@ -43,7 +43,7 @@ class WorkOSNode extends workos_1.WorkOS {
     /** @override */
     createHttpClient(options, userAgent) {
         var _a;
-        const opts = Object.assign(Object.assign({}, options.config), { headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) });
+        const opts = Object.assign(Object.assign({}, options.config), { timeout: options.timeout, headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) });
         if (typeof fetch !== 'undefined' ||
             typeof options.fetchFn !== 'undefined') {
             return new fetch_client_1.FetchHttpClient(this.baseURL, opts, options.fetchFn);

package/lib/user-management/interfaces/authenticate-with-session-cookie.interface.d.ts

@@ -9,6 +9,7 @@ export interface AccessToken {
     sid: string;
     org_id?: string;
     role?: string;
+    roles?: string[];
     permissions?: string[];
     entitlements?: string[];
     feature_flags?: string[];
@@ -28,6 +29,7 @@ export type AuthenticateWithSessionCookieSuccessResponse = {
     sessionId: string;
     organizationId?: string;
     role?: string;
+    roles?: string[];
     permissions?: string[];
     entitlements?: string[];
     featureFlags?: string[];

package/lib/user-management/interfaces/create-organization-membership-options.interface.d.ts

@@ -2,9 +2,11 @@ export interface CreateOrganizationMembershipOptions {
     organizationId: string;
     userId: string;
     roleSlug?: string;
+    roleSlugs?: string[];
 }
 export interface SerializedCreateOrganizationMembershipOptions {
     organization_id: string;
     user_id: string;
     role_slug?: string;
+    role_slugs?: string[];
 }

package/lib/user-management/interfaces/organization-membership.interface.d.ts

@@ -10,6 +10,7 @@ export interface OrganizationMembership {
     createdAt: string;
     updatedAt: string;
     role: RoleResponse;
+    roles?: RoleResponse[];
 }
 export interface OrganizationMembershipResponse {
     object: 'organization_membership';
@@ -21,4 +22,5 @@ export interface OrganizationMembershipResponse {
     created_at: string;
     updated_at: string;
     role: RoleResponse;
+    roles?: RoleResponse[];
 }

package/lib/user-management/interfaces/update-organization-membership-options.interface.d.ts

@@ -1,6 +1,8 @@
 export interface UpdateOrganizationMembershipOptions {
     roleSlug?: string;
+    roleSlugs?: string[];
 }
 export interface SerializedUpdateOrganizationMembershipOptions {
     role_slug?: string;
+    role_slugs?: string[];
 }

package/lib/user-management/serializers/create-organization-membership-options.serializer.js

@@ -5,5 +5,6 @@ const serializeCreateOrganizationMembershipOptions = (options) => ({
     organization_id: options.organizationId,
     user_id: options.userId,
     role_slug: options.roleSlug,
+    role_slugs: options.roleSlugs,
 });
 exports.serializeCreateOrganizationMembershipOptions = serializeCreateOrganizationMembershipOptions;

package/lib/user-management/serializers/organization-membership.serializer.js

@@ -1,15 +1,5 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.deserializeOrganizationMembership = void 0;
-const deserializeOrganizationMembership = (organizationMembership) => ({
-    object: organizationMembership.object,
-    id: organizationMembership.id,
-    userId: organizationMembership.user_id,
-    organizationId: organizationMembership.organization_id,
-    organizationName: organizationMembership.organization_name,
-    status: organizationMembership.status,
-    createdAt: organizationMembership.created_at,
-    updatedAt: organizationMembership.updated_at,
-    role: organizationMembership.role,
-});
+const deserializeOrganizationMembership = (organizationMembership) => (Object.assign({ object: organizationMembership.object, id: organizationMembership.id, userId: organizationMembership.user_id, organizationId: organizationMembership.organization_id, organizationName: organizationMembership.organization_name, status: organizationMembership.status, createdAt: organizationMembership.created_at, updatedAt: organizationMembership.updated_at, role: organizationMembership.role }, (organizationMembership.roles && { roles: organizationMembership.roles })));
 exports.deserializeOrganizationMembership = deserializeOrganizationMembership;

package/lib/user-management/serializers/update-organization-membership-options.serializer.js

@@ -3,5 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.serializeUpdateOrganizationMembershipOptions = void 0;
 const serializeUpdateOrganizationMembershipOptions = (options) => ({
     role_slug: options.roleSlug,
+    role_slugs: options.roleSlugs,
 });
 exports.serializeUpdateOrganizationMembershipOptions = serializeUpdateOrganizationMembershipOptions;

package/lib/user-management/session.js

@@ -61,12 +61,13 @@ class CookieSession {
                     reason: interfaces_1.AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
                 };
             }
-            const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
+            const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
             return {
                 authenticated: true,
                 sessionId,
                 organizationId,
                 role,
+                roles,
                 permissions,
                 entitlements,
                 featureFlags,
@@ -114,7 +115,7 @@ class CookieSession {
                     this.cookiePassword = options.cookiePassword;
                 }
                 this.sessionData = authenticationResponse.sealedSession;
-                const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(authenticationResponse.accessToken);
+                const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(authenticationResponse.accessToken);
                 // TODO: Returning `session` here means there's some duplicated data.
                 // Slim down the return type in a future major version.
                 return {
@@ -124,6 +125,7 @@ class CookieSession {
                     sessionId,
                     organizationId,
                     role,
+                    roles,
                     permissions,
                     entitlements,
                     featureFlags,

package/lib/user-management/session.spec.js

@@ -119,7 +119,7 @@ describe('Session', () => {
                 .spyOn(jose, 'jwtVerify')
                 .mockResolvedValue({});
             const cookiePassword = 'alongcookiesecretmadefortestingsessions';
-            const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoZW50aWNhdGVkIjp0cnVlLCJpbXBlcnNvbmF0b3IiOnsiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsInJlYXNvbiI6InRlc3QifSwic2lkIjoic2Vzc2lvbl8xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwicm9sZSI6Im1lbWJlciIsInBlcm1pc3Npb25zIjpbInBvc3RzOmNyZWF0ZSIsInBvc3RzOmRlbGV0ZSJdLCJlbnRpdGxlbWVudHMiOlsiYXVkaXQtbG9ncyJdLCJmZWF0dXJlX2ZsYWdzIjpbImRhcmstbW9kZSIsImJldGEtZmVhdHVyZXMiXSwidXNlciI6eyJvYmplY3QiOiJ1c2VyIiwiaWQiOiJ1c2VyXzAxSDVKUURWN1I3QVRFWVpERUcwVzVQUllTIiwiZW1haWwiOiJ0ZXN0QGV4YW1wbGUuY29tIn19.YVNjR8S2xGn2jAoLuEcBQNJ1_xY3OzjRE1-BK0zjfQE';
+            const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoZW50aWNhdGVkIjp0cnVlLCJpbXBlcnNvbmF0b3IiOnsiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsInJlYXNvbiI6InRlc3QifSwic2lkIjoic2Vzc2lvbl8xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwicm9sZSI6Im1lbWJlciIsInJvbGVzIjpbIm1lbWJlciIsImFkbWluIl0sInBlcm1pc3Npb25zIjpbInBvc3RzOmNyZWF0ZSIsInBvc3RzOmRlbGV0ZSJdLCJlbnRpdGxlbWVudHMiOlsiYXVkaXQtbG9ncyJdLCJmZWF0dXJlX2ZsYWdzIjpbImRhcmstbW9kZSIsImJldGEtZmVhdHVyZXMiXSwidXNlciI6eyJvYmplY3QiOiJ1c2VyIiwiaWQiOiJ1c2VyXzAxSDVKUURWN1I3QVRFWVpERUcwVzVQUllTIiwiZW1haWwiOiJ0ZXN0QGV4YW1wbGUuY29tIn19.TNUzJYn6lzLWFFsiWiKEgIshyUs-bKJQf1VxwNr1cGI';
             const sessionData = yield (0, iron_session_1.sealData)({
                 accessToken,
                 refreshToken: 'def456',
@@ -146,6 +146,7 @@ describe('Session', () => {
                 sessionId: 'session_123',
                 organizationId: 'org_123',
                 role: 'member',
+                roles: ['member', 'admin'],
                 permissions: ['posts:create', 'posts:delete'],
                 entitlements: ['audit-logs'],
                 featureFlags: ['dark-mode', 'beta-features'],
@@ -173,7 +174,7 @@ describe('Session', () => {
         }));
         describe('when the session data is valid', () => {
             it('returns a successful response with a sealed and unsealed session', () => __awaiter(void 0, void 0, void 0, function* () {
-                const accessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICJzdWIiOiAiMTIzNDU2Nzg5MCIsCiAgIm5hbWUiOiAiSm9obiBEb2UiLAogICJpYXQiOiAxNTE2MjM5MDIyLAogICJzaWQiOiAic2Vzc2lvbl8xMjMiLAogICJvcmdfaWQiOiAib3JnXzEyMyIsCiAgInJvbGUiOiAibWVtYmVyIiwKICAicGVybWlzc2lvbnMiOiBbInBvc3RzOmNyZWF0ZSIsICJwb3N0czpkZWxldGUiXQp9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+                const accessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzaWQiOiJzZXNzaW9uXzEyMyIsIm9yZ19pZCI6Im9yZ18xMjMiLCJyb2xlIjoibWVtYmVyIiwicm9sZXMiOlsibWVtYmVyIiwiYWRtaW4iXSwicGVybWlzc2lvbnMiOlsicG9zdHM6Y3JlYXRlIiwicG9zdHM6ZGVsZXRlIl19.N5zveP149QhRR5zNvzGJPiCX098uXaN8VM1_lwsMg4A';
                 const refreshToken = 'def456';
                 (0, test_utils_1.fetchOnce)({
                     user: user_json_1.default,
@@ -216,6 +217,7 @@ describe('Session', () => {
                     entitlements: undefined,
                     permissions: ['posts:create', 'posts:delete'],
                     role: 'member',
+                    roles: ['member', 'admin'],
                     sessionId: 'session_123',
                     user: expect.objectContaining({
                         email: 'test01@example.com',

package/lib/user-management/user-management.js

@@ -217,12 +217,13 @@ class UserManagement {
                     reason: authenticate_with_session_cookie_interface_1.AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
                 };
             }
-            const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
+            const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
             return {
                 authenticated: true,
                 sessionId,
                 organizationId,
                 role,
+                roles,
                 user: session.user,
                 permissions,
                 entitlements,

package/lib/user-management/user-management.spec.js

@@ -889,6 +889,39 @@ describe('UserManagement', () => {
                 accessToken,
             });
         }));
+        it('returns the JWT claims when provided a valid JWT with multiple roles', () => __awaiter(void 0, void 0, void 0, function* () {
+            jest
+                .spyOn(jose, 'jwtVerify')
+                .mockResolvedValue({});
+            const cookiePassword = 'alongcookiesecretmadefortestingsessions';
+            const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoZW50aWNhdGVkIjp0cnVlLCJpbXBlcnNvbmF0b3IiOnsiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsInJlYXNvbiI6InRlc3QifSwic2lkIjoic2Vzc2lvbl8xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwicm9sZSI6ImFkbWluIiwicm9sZXMiOlsiYWRtaW4iLCJtZW1iZXIiXSwicGVybWlzc2lvbnMiOlsicG9zdHM6Y3JlYXRlIiwicG9zdHM6ZGVsZXRlIl0sImVudGl0bGVtZW50cyI6WyJhdWRpdC1sb2dzIl0sImZlYXR1cmVfZmxhZ3MiOlsiZGFyay1tb2RlIiwiYmV0YS1mZWF0dXJlcyJdLCJ1c2VyIjp7Im9iamVjdCI6InVzZXIiLCJpZCI6InVzZXJfMDFINUpRRFY3UjdBVEVZWkRFRzBXNVBSWVMiLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifX0.hsMptIB7PmbF5pxxtgTtCdUyOAhA11ZIAP-JY5zU5fE';
+            const sessionData = yield (0, iron_session_1.sealData)({
+                accessToken,
+                refreshToken: 'def456',
+                user: {
+                    object: 'user',
+                    id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
+                    email: 'test@example.com',
+                },
+            }, { password: cookiePassword });
+            yield expect(workos.userManagement.authenticateWithSessionCookie({
+                sessionData,
+                cookiePassword,
+            })).resolves.toEqual({
+                authenticated: true,
+                sessionId: 'session_123',
+                organizationId: 'org_123',
+                role: 'admin',
+                roles: ['admin', 'member'],
+                permissions: ['posts:create', 'posts:delete'],
+                entitlements: ['audit-logs'],
+                featureFlags: ['dark-mode', 'beta-features'],
+                user: expect.objectContaining({
+                    email: 'test@example.com',
+                }),
+                accessToken,
+            });
+        }));
     });
     describe('refreshAndSealSessionData', () => {
         it('throws an error when the cookie password is undefined', () => __awaiter(void 0, void 0, void 0, function* () {

package/lib/widgets/interfaces/get-token.d.ts

@@ -2,12 +2,12 @@ export type WidgetScope = 'widgets:users-table:manage' | 'widgets:sso:manage' |
 export interface GetTokenOptions {
     organizationId: string;
     userId?: string;
-    scopes?: [WidgetScope];
+    scopes?: WidgetScope[];
 }
 export interface SerializedGetTokenOptions {
     organization_id: string;
     user_id?: string;
-    scopes?: [WidgetScope];
+    scopes?: WidgetScope[];
 }
 export declare const serializeGetTokenOptions: (options: GetTokenOptions) => SerializedGetTokenOptions;
 export interface GetTokenResponse {

package/lib/workos.js

@@ -32,7 +32,7 @@ const actions_1 = require("./actions/actions");
 const vault_1 = require("./vault/vault");
 const conflict_exception_1 = require("./common/exceptions/conflict.exception");
 const parse_error_1 = require("./common/exceptions/parse-error");
-const VERSION = '7.69.1';
+const VERSION = '7.70.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 const HEADER_AUTHORIZATION = 'Authorization';
 const HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';
@@ -99,7 +99,7 @@ class WorkOS {
     }
     createHttpClient(options, userAgent) {
         var _a;
-        return new fetch_client_1.FetchHttpClient(this.baseURL, Object.assign(Object.assign({}, options.config), { headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) }));
+        return new fetch_client_1.FetchHttpClient(this.baseURL, Object.assign(Object.assign({}, options.config), { timeout: options.timeout, headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) }));
     }
     createIronSessionProvider() {
         throw new Error('IronSessionProvider not implemented. Use WorkOSNode or WorkOSWorker instead.');

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "7.69.1",
+  "version": "7.70.0",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",