@workos-inc/node 7.8.0 → 7.10.0

package/lib/common/net/node-client.js

@@ -0,0 +1,155 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NodeHttpClientResponse = exports.NodeHttpClient = void 0;
+const http_client_1 = require("./http-client");
+const http_ = __importStar(require("http"));
+const https_ = __importStar(require("https"));
+// `import * as http_ from 'http'` creates a "Module Namespace Exotic Object"
+// which is immune to monkey-patching, whereas http_.default (in an ES Module context)
+// will resolve to the same thing as require('http'), which is
+// monkey-patchable. We care about this because users in their test
+// suites might be using a library like "nock" which relies on the ability
+// to monkey-patch and intercept calls to http.request.
+const http = http_.default || http_;
+const https = https_.default || https_;
+class NodeHttpClient extends http_client_1.HttpClient {
+    constructor(baseURL, options) {
+        super(baseURL, options);
+        this.baseURL = baseURL;
+        this.options = options;
+        this.httpAgent = new http.Agent({ keepAlive: true });
+        this.httpsAgent = new https.Agent({ keepAlive: true });
+    }
+    getClientName() {
+        return 'node';
+    }
+    get(path, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const resourceURL = http_client_1.HttpClient.getResourceURL(this.baseURL, path, options.params);
+            return yield this.nodeRequest(resourceURL, 'GET', null, options.headers);
+        });
+    }
+    post(path, entity, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const resourceURL = http_client_1.HttpClient.getResourceURL(this.baseURL, path, options.params);
+            return yield this.nodeRequest(resourceURL, 'POST', http_client_1.HttpClient.getBody(entity), Object.assign(Object.assign({}, http_client_1.HttpClient.getContentTypeHeader(entity)), options.headers));
+        });
+    }
+    put(path, entity, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const resourceURL = http_client_1.HttpClient.getResourceURL(this.baseURL, path, options.params);
+            return yield this.nodeRequest(resourceURL, 'PUT', http_client_1.HttpClient.getBody(entity), Object.assign(Object.assign({}, http_client_1.HttpClient.getContentTypeHeader(entity)), options.headers));
+        });
+    }
+    delete(path, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const resourceURL = http_client_1.HttpClient.getResourceURL(this.baseURL, path, options.params);
+            return yield this.nodeRequest(resourceURL, 'DELETE', null, options.headers);
+        });
+    }
+    nodeRequest(url, method, body, headers) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return new Promise((resolve, reject) => {
+                var _a, _b;
+                const isSecureConnection = url.startsWith('https');
+                const agent = isSecureConnection ? this.httpsAgent : this.httpAgent;
+                const lib = isSecureConnection ? https : http;
+                const { 'User-Agent': userAgent } = (_a = this.options) === null || _a === void 0 ? void 0 : _a.headers;
+                const options = {
+                    method,
+                    headers: Object.assign(Object.assign(Object.assign({ Accept: 'application/json, text/plain, */*', 'Content-Type': 'application/json' }, (_b = this.options) === null || _b === void 0 ? void 0 : _b.headers), headers), { 'User-Agent': this.addClientToUserAgent(userAgent.toString()) }),
+                    agent,
+                };
+                const req = lib.request(url, options, (res) => __awaiter(this, void 0, void 0, function* () {
+                    const clientResponse = new NodeHttpClientResponse(res);
+                    if (res.statusCode && (res.statusCode < 200 || res.statusCode > 299)) {
+                        reject(new http_client_1.HttpClientError({
+                            message: res.statusMessage,
+                            response: {
+                                status: res.statusCode,
+                                headers: res.headers,
+                                data: yield clientResponse.toJSON(),
+                            },
+                        }));
+                    }
+                    resolve(clientResponse);
+                }));
+                req.on('error', (err) => {
+                    reject(new Error(err.message));
+                });
+                if (body) {
+                    req.setHeader('Content-Length', Buffer.byteLength(body));
+                    req.write(body);
+                }
+                req.end();
+            });
+        });
+    }
+}
+exports.NodeHttpClient = NodeHttpClient;
+// tslint:disable-next-line
+class NodeHttpClientResponse extends http_client_1.HttpClientResponse {
+    constructor(res) {
+        // @ts-ignore
+        super(res.statusCode, res.headers || {});
+        this._res = res;
+    }
+    getRawResponse() {
+        return this._res;
+    }
+    toJSON() {
+        return new Promise((resolve, reject) => {
+            const contentType = this._res.headers['content-type'];
+            const isJsonResponse = contentType === null || contentType === void 0 ? void 0 : contentType.includes('application/json');
+            if (!isJsonResponse) {
+                resolve(null);
+            }
+            let response = '';
+            this._res.setEncoding('utf8');
+            this._res.on('data', (chunk) => {
+                response += chunk;
+            });
+            this._res.once('end', () => {
+                try {
+                    resolve(JSON.parse(response));
+                }
+                catch (e) {
+                    reject(e);
+                }
+            });
+        });
+    }
+}
+exports.NodeHttpClientResponse = NodeHttpClientResponse;

package/lib/user-management/interfaces/authenticate-with-code-options.interface.d.ts

@@ -1,5 +1,6 @@
 import { AuthenticateWithOptionsBase, SerializedAuthenticateWithOptionsBase } from './authenticate-with-options-base.interface';
 export interface AuthenticateWithCodeOptions extends AuthenticateWithOptionsBase {
+    codeVerifier?: string;
     code: string;
     invitationToken?: string;
 }
@@ -8,6 +9,7 @@ export interface AuthenticateUserWithCodeCredentials {
 }
 export interface SerializedAuthenticateWithCodeOptions extends SerializedAuthenticateWithOptionsBase {
     grant_type: 'authorization_code';
+    code_verifier?: string;
     code: string;
     invitation_token?: string;
 }

package/lib/user-management/interfaces/authorization-url-options.interface.d.ts

@@ -1,5 +1,7 @@
 export interface AuthorizationURLOptions {
     clientId: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: 'S256';
     connectionId?: string;
     organizationId?: string;
     domainHint?: string;

package/lib/user-management/serializers/authenticate-with-code-options.serializer.js

@@ -6,6 +6,7 @@ const serializeAuthenticateWithCodeOptions = (options) => ({
     client_id: options.clientId,
     client_secret: options.clientSecret,
     code: options.code,
+    code_verifier: options.codeVerifier,
     invitation_token: options.invitationToken,
     ip_address: options.ipAddress,
     user_agent: options.userAgent,

package/lib/user-management/user-management.d.ts

@@ -69,7 +69,7 @@ export declare class UserManagement {
     sendInvitation(payload: SendInvitationOptions): Promise<Invitation>;
     revokeInvitation(invitationId: string): Promise<Invitation>;
     revokeSession(payload: RevokeSessionOptions): Promise<void>;
-    getAuthorizationUrl({ connectionId, clientId, domainHint, loginHint, organizationId, provider, redirectUri, state, screenHint, }: AuthorizationURLOptions): string;
+    getAuthorizationUrl({ connectionId, codeChallenge, codeChallengeMethod, clientId, domainHint, loginHint, organizationId, provider, redirectUri, state, screenHint, }: AuthorizationURLOptions): string;
     getLogoutUrl({ sessionId }: {
         sessionId: string;
     }): string;

package/lib/user-management/user-management.js

@@ -269,7 +269,7 @@ class UserManagement {
             yield this.workos.post('/user_management/sessions/revoke', (0, revoke_session_options_interface_1.serializeRevokeSessionOptions)(payload));
         });
     }
-    getAuthorizationUrl({ connectionId, clientId, domainHint, loginHint, organizationId, provider, redirectUri, state, screenHint, }) {
+    getAuthorizationUrl({ connectionId, codeChallenge, codeChallengeMethod, clientId, domainHint, loginHint, organizationId, provider, redirectUri, state, screenHint, }) {
         if (!provider && !connectionId && !organizationId) {
             throw new TypeError(`Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`);
         }
@@ -278,6 +278,8 @@ class UserManagement {
         }
         const query = toQueryString({
             connection_id: connectionId,
+            code_challenge: codeChallenge,
+            code_challenge_method: codeChallengeMethod,
             organization_id: organizationId,
             domain_hint: domainHint,
             login_hint: loginHint,

package/lib/user-management/user-management.spec.js

@@ -163,6 +163,27 @@ describe('UserManagement', () => {
                 },
             });
         }));
+        it('sends a token authentication request when including the code_verifier', () => __awaiter(void 0, void 0, void 0, function* () {
+            (0, test_utils_1.fetchOnce)({ user: user_json_1.default });
+            const resp = yield workos.userManagement.authenticateWithCode({
+                clientId: 'proj_whatever',
+                code: 'or this',
+                codeVerifier: 'code_verifier_value',
+            });
+            expect((0, test_utils_1.fetchURL)()).toContain('/user_management/authenticate');
+            expect((0, test_utils_1.fetchBody)()).toEqual({
+                client_id: 'proj_whatever',
+                client_secret: 'sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU',
+                code: 'or this',
+                code_verifier: 'code_verifier_value',
+                grant_type: 'authorization_code',
+            });
+            expect(resp).toMatchObject({
+                user: {
+                    email: 'test01@example.com',
+                },
+            });
+        }));
         it('deserializes authentication_method', () => __awaiter(void 0, void 0, void 0, function* () {
             (0, test_utils_1.fetchOnce)({
                 user: user_json_1.default,
@@ -868,6 +889,19 @@ describe('UserManagement', () => {
                 expect(url).toMatchSnapshot();
             });
         });
+        describe('with a code_challenge and code_challenge_method', () => {
+            it('generates an authorize url', () => {
+                const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
+                const url = workos.userManagement.getAuthorizationUrl({
+                    provider: 'authkit',
+                    clientId: 'proj_123',
+                    redirectUri: 'example.com/auth/workos/callback',
+                    codeChallenge: 'code_challenge_value',
+                    codeChallengeMethod: 'S256',
+                });
+                expect(url).toMatchSnapshot();
+            });
+        });
         describe('with no custom api hostname', () => {
             it('generates an authorize url with the default api hostname', () => {
                 const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');

package/lib/webhooks/webhooks.d.ts

@@ -1,6 +1,7 @@
 import { Event } from '../common/interfaces';
 export declare class Webhooks {
-    private encoder;
+    private cryptoProvider;
+    constructor(subtleCrypto?: typeof crypto.subtle);
     constructEvent({ payload, sigHeader, secret, tolerance, }: {
         payload: unknown;
         sigHeader: string;
@@ -15,5 +16,4 @@ export declare class Webhooks {
     }): Promise<boolean>;
     getTimestampAndSignatureHash(sigHeader: string): [string, string];
     computeSignature(timestamp: any, payload: any, secret: string): Promise<string>;
-    secureCompare(stringA: string, stringB: string): Promise<boolean>;
 }

package/lib/webhooks/webhooks.js

@@ -12,9 +12,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Webhooks = void 0;
 const exceptions_1 = require("../common/exceptions");
 const serializers_1 = require("../common/serializers");
+const crypto_1 = require("../common/crypto");
 class Webhooks {
-    constructor() {
-        this.encoder = new TextEncoder();
+    constructor(subtleCrypto) {
+        if (typeof crypto !== 'undefined' && typeof crypto.subtle !== 'undefined') {
+            this.cryptoProvider = new crypto_1.SubtleCryptoProvider(subtleCrypto);
+        }
+        else {
+            this.cryptoProvider = new crypto_1.NodeCryptoProvider();
+        }
     }
     constructEvent({ payload, sigHeader, secret, tolerance = 180000, }) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -34,7 +40,8 @@ class Webhooks {
                 throw new exceptions_1.SignatureVerificationException('Timestamp outside the tolerance zone');
             }
             const expectedSig = yield this.computeSignature(timestamp, payload, secret);
-            if ((yield this.secureCompare(expectedSig, signatureHash)) === false) {
+            if ((yield this.cryptoProvider.secureCompare(expectedSig, signatureHash)) ===
+                false) {
                 throw new exceptions_1.SignatureVerificationException('Signature hash does not match the expected signature hash for payload');
             }
             return true;
@@ -54,41 +61,8 @@ class Webhooks {
         return __awaiter(this, void 0, void 0, function* () {
             payload = JSON.stringify(payload);
             const signedPayload = `${timestamp}.${payload}`;
-            const key = yield crypto.subtle.importKey('raw', this.encoder.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
-            const signatureBuffer = yield crypto.subtle.sign('HMAC', key, this.encoder.encode(signedPayload));
-            // crypto.subtle returns the signature in base64 format. This must be
-            // encoded in hex to match the CryptoProvider contract. We map each byte in
-            // the buffer to its corresponding hex octet and then combine into a string.
-            const signatureBytes = new Uint8Array(signatureBuffer);
-            const signatureHexCodes = new Array(signatureBytes.length);
-            for (let i = 0; i < signatureBytes.length; i++) {
-                signatureHexCodes[i] = byteHexMapping[signatureBytes[i]];
-            }
-            return signatureHexCodes.join('');
-        });
-    }
-    secureCompare(stringA, stringB) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const bufferA = this.encoder.encode(stringA);
-            const bufferB = this.encoder.encode(stringB);
-            if (bufferA.length !== bufferB.length) {
-                return false;
-            }
-            const algorithm = { name: 'HMAC', hash: 'SHA-256' };
-            const key = (yield crypto.subtle.generateKey(algorithm, false, [
-                'sign',
-                'verify',
-            ]));
-            const hmac = yield crypto.subtle.sign(algorithm, key, bufferA);
-            const equal = yield crypto.subtle.verify(algorithm, key, hmac, bufferB);
-            return equal;
+            return yield this.cryptoProvider.computeHMACSignatureAsync(signedPayload, secret);
         });
     }
 }
 exports.Webhooks = Webhooks;
-// Cached mapping of byte to hex representation. We do this once to avoid re-
-// computing every time we need to convert the result of a signature to hex.
-const byteHexMapping = new Array(256);
-for (let i = 0; i < byteHexMapping.length; i++) {
-    byteHexMapping[i] = i.toString(16).padStart(2, '0');
-}

package/lib/webhooks/webhooks.spec.js

@@ -17,6 +17,7 @@ const workos_1 = require("../workos");
 const webhook_json_1 = __importDefault(require("./fixtures/webhook.json"));
 const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
 const exceptions_1 = require("../common/exceptions");
+const crypto_2 = require("../common/crypto");
 describe('Webhooks', () => {
     let payload;
     let secret;
@@ -187,4 +188,32 @@ describe('Webhooks', () => {
             expect(signature).toEqual(signatureHash);
         }));
     });
+    describe('when in an environment that supports SubtleCrypto', () => {
+        it('automatically uses the subtle crypto library', () => {
+            // tslint:disable-next-line
+            expect(workos.webhooks['cryptoProvider']).toBeInstanceOf(crypto_2.SubtleCryptoProvider);
+        });
+    });
+    describe('CryptoProvider', () => {
+        describe('when computing HMAC signature', () => {
+            it('returns the same for the Node crypto and Web Crypto versions', () => __awaiter(void 0, void 0, void 0, function* () {
+                const nodeCryptoProvider = new crypto_2.NodeCryptoProvider();
+                const subtleCryptoProvider = new crypto_2.SubtleCryptoProvider();
+                const stringifiedPayload = JSON.stringify(payload);
+                const payloadHMAC = `${timestamp}.${stringifiedPayload}`;
+                const nodeCompare = yield nodeCryptoProvider.computeHMACSignatureAsync(payloadHMAC, secret);
+                const subtleCompare = yield subtleCryptoProvider.computeHMACSignatureAsync(payloadHMAC, secret);
+                expect(nodeCompare).toEqual(subtleCompare);
+            }));
+        });
+        describe('when securely comparing', () => {
+            it('returns the same for the Node crypto and Web Crypto versions', () => __awaiter(void 0, void 0, void 0, function* () {
+                const nodeCryptoProvider = new crypto_2.NodeCryptoProvider();
+                const subtleCryptoProvider = new crypto_2.SubtleCryptoProvider();
+                const signature = yield workos.webhooks.computeSignature(timestamp, payload, secret);
+                expect(nodeCryptoProvider.secureCompare(signature, signatureHash)).toEqual(subtleCryptoProvider.secureCompare(signature, signatureHash));
+                expect(nodeCryptoProvider.secureCompare(signature, 'foo')).toEqual(subtleCryptoProvider.secureCompare(signature, 'foo'));
+            }));
+        });
+    });
 });

package/lib/workos.d.ts

@@ -39,5 +39,5 @@ export declare class WorkOS {
     }>;
     delete(path: string, query?: any): Promise<void>;
     emitWarning(warning: string): void;
-    private handleFetchError;
+    private handleHttpError;
 }

package/lib/workos.js

@@ -23,8 +23,8 @@ const mfa_1 = require("./mfa/mfa");
 const audit_logs_1 = require("./audit-logs/audit-logs");
 const user_management_1 = require("./user-management/user-management");
 const bad_request_exception_1 = require("./common/exceptions/bad-request.exception");
-const fetch_client_1 = require("./common/utils/fetch-client");
-const VERSION = '7.8.0';
+const net_1 = require("./common/net");
+const VERSION = '7.10.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 class WorkOS {
     constructor(key, options = {}) {
@@ -64,7 +64,7 @@ class WorkOS {
             const { name, version } = options.appInfo;
             userAgent += ` ${name}: ${version}`;
         }
-        this.client = new fetch_client_1.FetchClient(this.baseURL, Object.assign(Object.assign({}, options.config), { headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) }));
+        this.client = (0, net_1.createHttpClient)(this.baseURL, Object.assign(Object.assign({}, options.config), { headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) }), options.fetchFn);
     }
     get version() {
         return VERSION;
@@ -76,13 +76,14 @@ class WorkOS {
                 requestHeaders['Idempotency-Key'] = options.idempotencyKey;
             }
             try {
-                return yield this.client.post(path, entity, {
+                const res = yield this.client.post(path, entity, {
                     params: options.query,
                     headers: requestHeaders,
                 });
+                return { data: yield res.toJSON() };
             }
             catch (error) {
-                this.handleFetchError({ path, error });
+                this.handleHttpError({ path, error });
                 throw error;
             }
         });
@@ -91,15 +92,16 @@ class WorkOS {
         return __awaiter(this, void 0, void 0, function* () {
             try {
                 const { accessToken } = options;
-                return yield this.client.get(path, {
+                const res = yield this.client.get(path, {
                     params: options.query,
                     headers: accessToken
                         ? { Authorization: `Bearer ${accessToken}` }
                         : undefined,
                 });
+                return { data: yield res.toJSON() };
             }
             catch (error) {
-                this.handleFetchError({ path, error });
+                this.handleHttpError({ path, error });
                 throw error;
             }
         });
@@ -111,13 +113,14 @@ class WorkOS {
                 requestHeaders['Idempotency-Key'] = options.idempotencyKey;
             }
             try {
-                return yield this.client.put(path, entity, {
+                const res = yield this.client.put(path, entity, {
                     params: options.query,
                     headers: requestHeaders,
                 });
+                return { data: yield res.toJSON() };
             }
             catch (error) {
-                this.handleFetchError({ path, error });
+                this.handleHttpError({ path, error });
                 throw error;
             }
         });
@@ -130,7 +133,7 @@ class WorkOS {
                 });
             }
             catch (error) {
-                this.handleFetchError({ path, error });
+                this.handleHttpError({ path, error });
                 throw error;
             }
         });
@@ -143,12 +146,15 @@ class WorkOS {
         }
         return process.emitWarning(warning, 'WorkOS');
     }
-    handleFetchError({ path, error }) {
+    handleHttpError({ path, error }) {
         var _a;
+        if (!(error instanceof net_1.HttpClientError)) {
+            throw new Error(`Unexpected error: ${error}`);
+        }
         const { response } = error;
         if (response) {
             const { status, data, headers } = response;
-            const requestID = (_a = headers.get('X-Request-ID')) !== null && _a !== void 0 ? _a : '';
+            const requestID = (_a = headers['X-Request-ID']) !== null && _a !== void 0 ? _a : '';
             const { code, error_description: errorDescription, error, errors, message, } = data;
             switch (status) {
                 case 401: {

package/lib/workos.spec.js

@@ -18,6 +18,7 @@ const promises_1 = __importDefault(require("fs/promises"));
 const exceptions_1 = require("./common/exceptions");
 const workos_1 = require("./workos");
 const rate_limit_exceeded_exception_1 = require("./common/exceptions/rate-limit-exceeded.exception");
+const net_1 = require("./common/net");
 describe('WorkOS', () => {
     beforeEach(() => jest_fetch_mock_1.default.resetMocks());
     describe('constructor', () => {
@@ -95,10 +96,40 @@ describe('WorkOS', () => {
                 });
                 yield workos.post('/somewhere', {});
                 expect((0, test_utils_1.fetchHeaders)()).toMatchObject({
-                    'User-Agent': `workos-node/${packageJson.version} fooApp: 1.0.0`,
+                    'User-Agent': `workos-node/${packageJson.version}/fetch fooApp: 1.0.0`,
                 });
             }));
         });
+        describe('when no `appInfo` option is provided', () => {
+            it('adds the HTTP client name to the user-agent', () => __awaiter(void 0, void 0, void 0, function* () {
+                (0, test_utils_1.fetchOnce)('{}');
+                const packageJson = JSON.parse(yield promises_1.default.readFile('package.json', 'utf8'));
+                const workos = new workos_1.WorkOS('sk_test');
+                yield workos.post('/somewhere', {});
+                expect((0, test_utils_1.fetchHeaders)()).toMatchObject({
+                    'User-Agent': `workos-node/${packageJson.version}/fetch`,
+                });
+            }));
+        });
+        describe('when no `appInfo` option is provided', () => {
+            it('adds the HTTP client name to the user-agent', () => __awaiter(void 0, void 0, void 0, function* () {
+                (0, test_utils_1.fetchOnce)('{}');
+                const packageJson = JSON.parse(yield promises_1.default.readFile('package.json', 'utf8'));
+                const workos = new workos_1.WorkOS('sk_test');
+                yield workos.post('/somewhere', {});
+                expect((0, test_utils_1.fetchHeaders)()).toMatchObject({
+                    'User-Agent': `workos-node/${packageJson.version}/fetch`,
+                });
+            }));
+        });
+        describe('when using an environment that supports fetch', () => {
+            it('automatically uses the fetch HTTP client', () => {
+                const workos = new workos_1.WorkOS('sk_test');
+                // Bracket notation gets past private visibility
+                // tslint:disable-next-line
+                expect(workos['client']).toBeInstanceOf(net_1.FetchHttpClient);
+            });
+        });
     });
     describe('version', () => {
         it('matches the version in `package.json`', () => __awaiter(void 0, void 0, void 0, function* () {
@@ -177,12 +208,34 @@ describe('WorkOS', () => {
             }));
         });
         describe('when the entity is null', () => {
-            it('sends a null body', () => __awaiter(void 0, void 0, void 0, function* () {
+            it('sends an empty string body', () => __awaiter(void 0, void 0, void 0, function* () {
                 (0, test_utils_1.fetchOnce)();
                 const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
                 yield workos.post('/somewhere', null);
-                expect((0, test_utils_1.fetchBody)({ raw: true })).toBeNull();
+                expect((0, test_utils_1.fetchBody)({ raw: true })).toBe('');
             }));
         });
     });
+    describe('when in an environment that does not support fetch', () => {
+        const fetchFn = globalThis.fetch;
+        beforeEach(() => {
+            // @ts-ignore
+            delete globalThis.fetch;
+        });
+        afterEach(() => {
+            globalThis.fetch = fetchFn;
+        });
+        it('automatically uses the node HTTP client', () => {
+            const workos = new workos_1.WorkOS('sk_test_key');
+            // tslint:disable-next-line
+            expect(workos['client']).toBeInstanceOf(net_1.NodeHttpClient);
+        });
+        it('uses a fetch function if provided', () => {
+            const workos = new workos_1.WorkOS('sk_test_key', {
+                fetchFn,
+            });
+            // tslint:disable-next-line
+            expect(workos['client']).toBeInstanceOf(net_1.FetchHttpClient);
+        });
+    });
 });

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "7.8.0",
+  "version": "7.10.0",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",
@@ -13,9 +13,8 @@
     "yarn": "1.22.19"
   },
   "engines": {
-    "node": ">=19"
+    "node": ">=16"
   },
-  "engineStrict": true,
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
   "files": [

package/lib/common/utils/fetch-client.d.ts

@@ -1,31 +0,0 @@
-export declare class FetchClient {
-    readonly baseURL: string;
-    readonly options?: RequestInit | undefined;
-    constructor(baseURL: string, options?: RequestInit | undefined);
-    get(path: string, options: {
-        params?: Record<string, any>;
-        headers?: HeadersInit;
-    }): Promise<{
-        data: any;
-    }>;
-    post<Entity = any>(path: string, entity: Entity, options: {
-        params?: Record<string, any>;
-        headers?: HeadersInit;
-    }): Promise<{
-        data: any;
-    }>;
-    put<Entity = any>(path: string, entity: Entity, options: {
-        params?: Record<string, any>;
-        headers?: HeadersInit;
-    }): Promise<{
-        data: any;
-    }>;
-    delete(path: string, options: {
-        params?: Record<string, any>;
-        headers?: HeadersInit;
-    }): Promise<{
-        data: any;
-    }>;
-    private getResourceURL;
-    private fetch;
-}