@workos-inc/node 8.0.0-beta.1 → 8.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/lib/actions/actions.cjs +1 -0
  2. package/lib/actions/actions.cjs.map +1 -1
  3. package/lib/actions/actions.js +1 -0
  4. package/lib/actions/actions.js.map +1 -1
  5. package/lib/common/crypto/crypto-provider.cjs +1 -3
  6. package/lib/common/crypto/crypto-provider.cjs.map +1 -1
  7. package/lib/common/crypto/crypto-provider.js +1 -3
  8. package/lib/common/crypto/crypto-provider.js.map +1 -1
  9. package/lib/common/crypto/signature-provider.cjs +1 -0
  10. package/lib/common/crypto/signature-provider.cjs.map +1 -1
  11. package/lib/common/crypto/signature-provider.js +1 -0
  12. package/lib/common/crypto/signature-provider.js.map +1 -1
  13. package/lib/common/crypto/subtle-crypto-provider.cjs +1 -0
  14. package/lib/common/crypto/subtle-crypto-provider.cjs.map +1 -1
  15. package/lib/common/crypto/subtle-crypto-provider.js +1 -0
  16. package/lib/common/crypto/subtle-crypto-provider.js.map +1 -1
  17. package/lib/common/exceptions/bad-request.exception.cjs +9 -6
  18. package/lib/common/exceptions/bad-request.exception.cjs.map +1 -1
  19. package/lib/common/exceptions/bad-request.exception.js +9 -6
  20. package/lib/common/exceptions/bad-request.exception.js.map +1 -1
  21. package/lib/common/exceptions/conflict.exception.cjs +6 -5
  22. package/lib/common/exceptions/conflict.exception.cjs.map +1 -1
  23. package/lib/common/exceptions/conflict.exception.js +6 -5
  24. package/lib/common/exceptions/conflict.exception.js.map +1 -1
  25. package/lib/common/exceptions/generic-server.exception.cjs +2 -2
  26. package/lib/common/exceptions/generic-server.exception.cjs.map +1 -1
  27. package/lib/common/exceptions/generic-server.exception.js +2 -2
  28. package/lib/common/exceptions/generic-server.exception.js.map +1 -1
  29. package/lib/common/exceptions/no-api-key-provided.exception.cjs +3 -6
  30. package/lib/common/exceptions/no-api-key-provided.exception.cjs.map +1 -1
  31. package/lib/common/exceptions/no-api-key-provided.exception.js +3 -6
  32. package/lib/common/exceptions/no-api-key-provided.exception.js.map +1 -1
  33. package/lib/common/exceptions/not-found.exception.cjs +8 -5
  34. package/lib/common/exceptions/not-found.exception.cjs.map +1 -1
  35. package/lib/common/exceptions/not-found.exception.js +8 -5
  36. package/lib/common/exceptions/not-found.exception.js.map +1 -1
  37. package/lib/common/exceptions/oauth.exception.cjs +1 -1
  38. package/lib/common/exceptions/oauth.exception.cjs.map +1 -1
  39. package/lib/common/exceptions/oauth.exception.js +1 -1
  40. package/lib/common/exceptions/oauth.exception.js.map +1 -1
  41. package/lib/common/exceptions/rate-limit-exceeded.exception.cjs +1 -1
  42. package/lib/common/exceptions/rate-limit-exceeded.exception.cjs.map +1 -1
  43. package/lib/common/exceptions/rate-limit-exceeded.exception.js +1 -1
  44. package/lib/common/exceptions/rate-limit-exceeded.exception.js.map +1 -1
  45. package/lib/common/exceptions/signature-verification.exception.cjs +4 -4
  46. package/lib/common/exceptions/signature-verification.exception.cjs.map +1 -1
  47. package/lib/common/exceptions/signature-verification.exception.js +4 -4
  48. package/lib/common/exceptions/signature-verification.exception.js.map +1 -1
  49. package/lib/common/exceptions/unauthorized.exception.cjs +3 -2
  50. package/lib/common/exceptions/unauthorized.exception.cjs.map +1 -1
  51. package/lib/common/exceptions/unauthorized.exception.js +3 -2
  52. package/lib/common/exceptions/unauthorized.exception.js.map +1 -1
  53. package/lib/common/exceptions/unprocessable-entity.exception.cjs +8 -6
  54. package/lib/common/exceptions/unprocessable-entity.exception.cjs.map +1 -1
  55. package/lib/common/exceptions/unprocessable-entity.exception.js +8 -6
  56. package/lib/common/exceptions/unprocessable-entity.exception.js.map +1 -1
  57. package/lib/common/net/fetch-client.cjs +2 -0
  58. package/lib/common/net/fetch-client.cjs.map +1 -1
  59. package/lib/common/net/fetch-client.js +2 -0
  60. package/lib/common/net/fetch-client.js.map +1 -1
  61. package/lib/common/net/http-client.cjs +15 -12
  62. package/lib/common/net/http-client.cjs.map +1 -1
  63. package/lib/common/net/http-client.js +15 -12
  64. package/lib/common/net/http-client.js.map +1 -1
  65. package/lib/common/utils/fetch-error.cjs +6 -5
  66. package/lib/common/utils/fetch-error.cjs.map +1 -1
  67. package/lib/common/utils/fetch-error.js +6 -5
  68. package/lib/common/utils/fetch-error.js.map +1 -1
  69. package/lib/common/utils/pagination.cjs +2 -1
  70. package/lib/common/utils/pagination.cjs.map +1 -1
  71. package/lib/common/utils/pagination.js +2 -1
  72. package/lib/common/utils/pagination.js.map +1 -1
  73. package/lib/fga/interfaces/check.interface.cjs +5 -0
  74. package/lib/fga/interfaces/check.interface.cjs.map +1 -1
  75. package/lib/fga/interfaces/check.interface.js +5 -0
  76. package/lib/fga/interfaces/check.interface.js.map +1 -1
  77. package/lib/fga/utils/fga-paginatable.cjs +1 -0
  78. package/lib/fga/utils/fga-paginatable.cjs.map +1 -1
  79. package/lib/fga/utils/fga-paginatable.js +1 -0
  80. package/lib/fga/utils/fga-paginatable.js.map +1 -1
  81. package/lib/user-management/session.cjs +4 -0
  82. package/lib/user-management/session.cjs.map +1 -1
  83. package/lib/user-management/session.js +4 -0
  84. package/lib/user-management/session.js.map +1 -1
  85. package/lib/user-management/user-management.cjs +2 -0
  86. package/lib/user-management/user-management.cjs.map +1 -1
  87. package/lib/user-management/user-management.js +2 -0
  88. package/lib/user-management/user-management.js.map +1 -1
  89. package/lib/vault/vault.cjs +1 -0
  90. package/lib/vault/vault.cjs.map +1 -1
  91. package/lib/vault/vault.js +1 -0
  92. package/lib/vault/vault.js.map +1 -1
  93. package/lib/webhooks/webhooks.cjs +1 -0
  94. package/lib/webhooks/webhooks.cjs.map +1 -1
  95. package/lib/webhooks/webhooks.js +1 -0
  96. package/lib/webhooks/webhooks.js.map +1 -1
  97. package/lib/workos.cjs +19 -13
  98. package/lib/workos.cjs.map +1 -1
  99. package/lib/workos.js +19 -13
  100. package/lib/workos.js.map +1 -1
  101. package/package.json +1 -1
package/lib/user-management/user-management.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListUsersOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeUser,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { Session } from './session';\nimport { sealData, unsealData } from 'iron-session';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\n\nconst toQueryString = (\n options: Record<string, string | string[] | undefined>,\n): string => {\n const searchParams = new URLSearchParams();\n const keys = Object.keys(options).sort();\n\n for (const key of keys) {\n const value = options[key];\n\n if (Array.isArray(value)) {\n value.forEach((item) => {\n searchParams.append(key, item);\n });\n }\n\n if (typeof value === 'string') {\n searchParams.append(key, value);\n }\n }\n\n return searchParams.toString();\n};\n\nexport class UserManagement {\n private _jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n get jwks(): ReturnType<typeof createRemoteJWKSet> | undefined {\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): Session {\n return new Session(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n permissions,\n entitlements,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n user: session.user,\n permissions,\n entitlements,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl({\n connectionId,\n codeChallenge,\n codeChallengeMethod,\n context,\n clientId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerScopes,\n redirectUri,\n state,\n screenHint,\n }: UserManagementAuthorizationURLOptions): string {\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n if (context) {\n this.workos.emitWarning(\n `\\`context\\` is deprecated. We previously required initiate login endpoints to return the\n\\`context\\` query parameter when getting the authorization URL. This is no longer necessary.`,\n );\n }\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n context,\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n return `${this.workos.baseURL}/user_management/authorize?${query}`;\n }\n\n getLogoutUrl({\n sessionId,\n returnTo,\n }: {\n sessionId: string;\n returnTo?: string;\n }): string {\n if (!sessionId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);\n }\n\n const url = new URL(\n '/user_management/sessions/logout',\n this.workos.baseURL,\n );\n\n url.searchParams.set('session_id', sessionId);\n if (returnTo) {\n url.searchParams.set('return_to', returnTo);\n }\n\n return url.toString();\n }\n\n getJwksUrl(clientId: string): string {\n if (!clientId) {\n throw TypeError('clientId must be a valid clientId');\n }\n\n return `${this.workos.baseURL}/sso/jwks/${clientId}`;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAAyD;AACzD,mCAAoC;AACpC,wBAAgC;AAChC,iBAAuB;AAEvB,yBAAqC;AAiDrC,8CAOO;AA6BP,oCAIO;AAUP,IAAAA,sBAkBO;AACP,kDAAkE;AAClE,8DAAsE;AACtE,IAAAC,iDAA6D;AAC7D,IAAAC,iBAAkC;AAClC,IAAAC,mBAAsC;AACtC,IAAAC,qBAAsC;AACtC,IAAAC,mCAAgD;AAChD,IAAAC,gDAA4D;AAC5D,gCAA0C;AAC1C,IAAAC,kCAAkD;AAClD,IAAAC,kCAA+C;AAC/C,IAAAC,iDAA6D;AAC7D,qBAAwB;AACxB,0BAAqC;AAGrC,MAAM,gBAAgB,wBACpB,YACW;AACX,QAAM,eAAe,IAAI,gBAAgB;AACzC,QAAM,OAAO,OAAO,KAAK,OAAO,EAAE,KAAK;AAEvC,aAAW,OAAO,MAAM;AACtB,UAAM,QAAQ,QAAQ,GAAG;AAEzB,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAM,QAAQ,CAAC,SAAS;AACtB,qBAAa,OAAO,KAAK,IAAI;AAAA,MAC/B,CAAC;AAAA,IACH;AAEA,QAAI,OAAO,UAAU,UAAU;AAC7B,mBAAa,OAAO,KAAK,KAAK;AAAA,IAChC;AAAA,EACF;AAEA,SAAO,aAAa,SAAS;AAC/B,GArBsB;AAuBf,MAAM,eAAe;AAAA,EAI1B,YAA6B,QAAgB;AAAhB;AAC3B,UAAM,EAAE,SAAS,IAAI,OAAO;AAE5B,SAAK,WAAW;AAAA,EAClB;AAAA,EA1KF,OAkK4B;AAAA;AAAA;AAAA,EAU1B,IAAI,OAA0D;AAC5D,QAAI,CAAC,KAAK,UAAU;AAClB;AAAA,IACF;AAGA,SAAK,cAAU,gCAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,QAAQ,CAAC,GAAG;AAAA,MACzE,kBAAkB,MAAO,KAAK;AAAA,IAChC,CAAC;AAED,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,kBAAkB,SAGN;AACV,WAAO,IAAI,uBAAQ,MAAM,QAAQ,aAAa,QAAQ,cAAc;AAAA,EACtE;AAAA,EAEA,MAAM,QAAQ,QAA+B;AAC3C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,eAAO,qCAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,oBAAoB,YAAmC;AAC3D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,sCAAsC,UAAU;AAAA,IAClD;AAEA,eAAO,qCAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,UACJ,SAC4D;AAC5D,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,cAAU,qDAA0B,OAAO,IAAI;AAAA,MACjD;AAAA,MACA,CAAC,eACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,cAAU,qDAA0B,OAAO,IAAI;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,8BAA0B,gDAA2B,OAAO,CAAC;AAE/D,eAAO,qCAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,0BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,+DAA0C;AAAA,QACxC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,yBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,8DAAyC;AAAA,QACvC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,0DAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,kEAA6C;AAAA,QAC3C,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,0DAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,kCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,+FAAkD;AAAA,QAChD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,sCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,+GAAsD;AAAA,QACpD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,qBAAiB,mBAAO,wBAAwB;AAAA,EAClD,GAGE;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,mFAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,UAAU,UAAM,gCAA8B,aAAa;AAAA,MAC/D,UAAU;AAAA,IACZ,CAAC;AAED,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,mFAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,mFAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF,QAAI,uBAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd;AAAA,MACA;AAAA,MACA,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI;AACF,gBAAM,uBAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAc,8BAA8B;AAAA,IAC1C;AAAA,IACA;AAAA,EACF,GAGoC;AAClC,QAAI,SAAS,aAAa;AACxB,aAAO;AAAA,QACL,GAAG;AAAA,QACH,eAAe,MAAM,KAAK,0CAA0C;AAAA,UAClE;AAAA,UACA,gBAAgB,QAAQ;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,0CAA0C;AAAA,IACtD;AAAA,IACA;AAAA,EACF,GAGoB;AAClB,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,UAAM,EAAE,QAAQ,8BAA8B,QAAI;AAAA,MAChD,uBAAuB;AAAA,IACzB;AAEA,UAAM,cAAiC;AAAA,MACrC,gBAAgB;AAAA,MAChB,MAAM,uBAAuB;AAAA,MAC7B,aAAa,uBAAuB;AAAA,MACpC,cAAc,uBAAuB;AAAA,MACrC,cAAc,uBAAuB;AAAA,IACvC;AAEA,eAAO,8BAAS,aAAa;AAAA,MAC3B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AAAA,IACzB;AAAA,IACA,qBAAiB,mBAAO,wBAAwB;AAAA,EAClD,GAAkE;AAChE,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,aAAa;AACf,iBAAO,gCAA8B,aAAa;AAAA,QAChD,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBACJ,qBAC4B;AAC5B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,uCAAuC,mBAAmB;AAAA,IAC5D;AAEA,eAAO,kDAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,sBAAsB;AAAA,IAC1B;AAAA,EACF,GAA0D;AACxD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,MAChC,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,UAAM,qCAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,aAAyC;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,+BAA+B,WAAW;AAAA,IAC5C;AAEA,eAAO,0CAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,gBAAgB,SAAqD;AACzE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,qDAAgC;AAAA,QAC9B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,eAAO,0CAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY;AAAA,IAChB;AAAA,IACA;AAAA,EACF,GAAgD;AAC9C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,MAAM,+BAA+B;AAAA,MAC/D;AAAA,IACF,CAAC;AAED,WAAO,EAAE,UAAM,qCAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,iBAAiB,iBAAiD;AACtE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,mCAAmC,eAAe;AAAA,IACpD;AAEA,eAAO,8CAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,oBACJ,SACwB;AACxB,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,yDAAoC;AAAA,QAClC,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,eAAO,8CAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,SAAwD;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,mDAA8B,OAAO;AAAA,IACvC;AAEA,WAAO,EAAE,UAAM,qCAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,QAAQ,MAAM;AAAA,UACxC,gDAA2B,OAAO;AAAA,IACpC;AAEA,eAAO,qCAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,iBAAiB,SAGpB;AACD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,0BAA0B,QAAQ,MAAM;AAAA,UACxC,sDAAiC,OAAO;AAAA,IAC1C;AAEA,WAAO;AAAA,MACL,0BAAsB;AAAA,QACpB,KAAK;AAAA,MACP;AAAA,MACA,6BAAyB;AAAA,QACvB,KAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,gBACJ,SACqD;AACrD,UAAM,EAAE,QAAQ,GAAG,cAAc,IAAI;AACrC,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QACJ,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,eACC;AAAA,QACE,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,QAAgB;AAC/B,UAAM,KAAK,OAAO,OAAO,0BAA0B,MAAM,EAAE;AAAA,EAC7D;AAAA,EAEA,MAAM,kBAAkB,QAAqC;AAC3D,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,UAAU,iDAAiD;AAAA,IACvE;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,eAAO,wCAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,0BACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,IACvE;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,4BACJ,SAMA;AACA,UAAM,wBACJ,2FAA4C,OAAO;AAErD,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QAIJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,eACC;AAAA,QAIE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,6FAA6C,OAAO;AAAA,IACtD;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACA,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,6CAA6C,wBAAwB;AAAA,UACrE,6FAA6C,OAAO;AAAA,IACtD;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACe;AACf,UAAM,KAAK,OAAO;AAAA,MAChB,6CAA6C,wBAAwB;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,cAAc,cAA2C;AAC7D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,IAC9C;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,sBAAsB,iBAA8C;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,yCAAyC,eAAe;AAAA,IAC1D;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,gBACJ,SACwE;AACxE,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,cAAU,kEAAgC,OAAO,IAAI;AAAA,MACvD;AAAA,MACA,CAAC,eACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,cAAU,kEAAgC,OAAO,IAAI;AAAA,IACvD;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,SAAqD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,gEAA+B;AAAA,QAC7B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,cAAc,SAA8C;AAChE,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,UACA,6DAA8B,OAAO;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,oBAAoB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAkD;AAChD,QAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,gBAAgB;AACjD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,aAAa,YAAY;AACxC,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS;AACX,WAAK,OAAO;AAAA,QACV;AAAA;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,QAAQ,cAAc;AAAA,MAC1B,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,uBAAuB;AAAA,MACvB;AAAA,MACA,iBAAiB;AAAA,MACjB,aAAa;AAAA,MACb,YAAY;AAAA,MACZ;AAAA,MACA,iBAAiB;AAAA,MACjB,WAAW;AAAA,MACX,cAAc;AAAA,MACd,eAAe;AAAA,MACf;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,WAAO,GAAG,KAAK,OAAO,OAAO,8BAA8B,KAAK;AAAA,EAClE;AAAA,EAEA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,EACF,GAGW;AACT,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,UAAU,oDAAoD;AAAA,IAC1E;AAEA,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,MACA,KAAK,OAAO;AAAA,IACd;AAEA,QAAI,aAAa,IAAI,cAAc,SAAS;AAC5C,QAAI,UAAU;AACZ,UAAI,aAAa,IAAI,aAAa,QAAQ;AAAA,IAC5C;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,WAAW,UAA0B;AACnC,QAAI,CAAC,UAAU;AACb,YAAM,UAAU,mCAAmC;AAAA,IACrD;AAEA,WAAO,GAAG,KAAK,OAAO,OAAO,aAAa,QAAQ;AAAA,EACpD;AACF;","names":["import_serializers","import_create_organization_membership_options","import_factor","import_identity","import_invitation","import_list_invitations_options","import_list_organization_memberships_options","import_organization_membership","import_send_invitation_options","import_update_organization_membership_options"]}
1
+ {"version":3,"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListUsersOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeUser,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { Session } from './session';\nimport { sealData, unsealData } from 'iron-session';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\n\nconst toQueryString = (\n options: Record<string, string | string[] | undefined>,\n): string => {\n const searchParams = new URLSearchParams();\n const keys = Object.keys(options).sort();\n\n for (const key of keys) {\n const value = options[key];\n\n if (Array.isArray(value)) {\n value.forEach((item) => {\n searchParams.append(key, item);\n });\n }\n\n if (typeof value === 'string') {\n searchParams.append(key, value);\n }\n }\n\n return searchParams.toString();\n};\n\nexport class UserManagement {\n private _jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n get jwks(): ReturnType<typeof createRemoteJWKSet> | undefined {\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): Session {\n return new Session(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n permissions,\n entitlements,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n user: session.user,\n permissions,\n entitlements,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl({\n connectionId,\n codeChallenge,\n codeChallengeMethod,\n context,\n clientId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerScopes,\n redirectUri,\n state,\n screenHint,\n }: UserManagementAuthorizationURLOptions): string {\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n if (context) {\n this.workos.emitWarning(\n `\\`context\\` is deprecated. We previously required initiate login endpoints to return the\n\\`context\\` query parameter when getting the authorization URL. This is no longer necessary.`,\n );\n }\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n context,\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n return `${this.workos.baseURL}/user_management/authorize?${query}`;\n }\n\n getLogoutUrl({\n sessionId,\n returnTo,\n }: {\n sessionId: string;\n returnTo?: string;\n }): string {\n if (!sessionId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);\n }\n\n const url = new URL(\n '/user_management/sessions/logout',\n this.workos.baseURL,\n );\n\n url.searchParams.set('session_id', sessionId);\n if (returnTo) {\n url.searchParams.set('return_to', returnTo);\n }\n\n return url.toString();\n }\n\n getJwksUrl(clientId: string): string {\n if (!clientId) {\n throw TypeError('clientId must be a valid clientId');\n }\n\n return `${this.workos.baseURL}/sso/jwks/${clientId}`;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAAyD;AACzD,mCAAoC;AACpC,wBAAgC;AAChC,iBAAuB;AAEvB,yBAAqC;AAiDrC,8CAOO;AA6BP,oCAIO;AAUP,IAAAA,sBAkBO;AACP,kDAAkE;AAClE,8DAAsE;AACtE,IAAAC,iDAA6D;AAC7D,IAAAC,iBAAkC;AAClC,IAAAC,mBAAsC;AACtC,IAAAC,qBAAsC;AACtC,IAAAC,mCAAgD;AAChD,IAAAC,gDAA4D;AAC5D,gCAA0C;AAC1C,IAAAC,kCAAkD;AAClD,IAAAC,kCAA+C;AAC/C,IAAAC,iDAA6D;AAC7D,qBAAwB;AACxB,0BAAqC;AAGrC,MAAM,gBAAgB,wBACpB,YACW;AACX,QAAM,eAAe,IAAI,gBAAgB;AACzC,QAAM,OAAO,OAAO,KAAK,OAAO,EAAE,KAAK;AAEvC,aAAW,OAAO,MAAM;AACtB,UAAM,QAAQ,QAAQ,GAAG;AAEzB,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAM,QAAQ,CAAC,SAAS;AACtB,qBAAa,OAAO,KAAK,IAAI;AAAA,MAC/B,CAAC;AAAA,IACH;AAEA,QAAI,OAAO,UAAU,UAAU;AAC7B,mBAAa,OAAO,KAAK,KAAK;AAAA,IAChC;AAAA,EACF;AAEA,SAAO,aAAa,SAAS;AAC/B,GArBsB;AAuBf,MAAM,eAAe;AAAA,EAI1B,YAA6B,QAAgB;AAAhB;AAC3B,UAAM,EAAE,SAAS,IAAI,OAAO;AAE5B,SAAK,WAAW;AAAA,EAClB;AAAA,EA1KF,OAkK4B;AAAA;AAAA;AAAA,EAClB;AAAA,EACD;AAAA,EAQP,IAAI,OAA0D;AAC5D,QAAI,CAAC,KAAK,UAAU;AAClB;AAAA,IACF;AAGA,SAAK,cAAU,gCAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,QAAQ,CAAC,GAAG;AAAA,MACzE,kBAAkB,MAAO,KAAK;AAAA,IAChC,CAAC;AAED,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,kBAAkB,SAGN;AACV,WAAO,IAAI,uBAAQ,MAAM,QAAQ,aAAa,QAAQ,cAAc;AAAA,EACtE;AAAA,EAEA,MAAM,QAAQ,QAA+B;AAC3C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,eAAO,qCAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,oBAAoB,YAAmC;AAC3D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,sCAAsC,UAAU;AAAA,IAClD;AAEA,eAAO,qCAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,UACJ,SAC4D;AAC5D,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,cAAU,qDAA0B,OAAO,IAAI;AAAA,MACjD;AAAA,MACA,CAAC,eACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,cAAU,qDAA0B,OAAO,IAAI;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,8BAA0B,gDAA2B,OAAO,CAAC;AAE/D,eAAO,qCAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,0BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,+DAA0C;AAAA,QACxC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,yBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,8DAAyC;AAAA,QACvC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,0DAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,kEAA6C;AAAA,QAC3C,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,0DAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,kCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,+FAAkD;AAAA,QAChD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,sCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,+GAAsD;AAAA,QACpD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,4BAAwB,uDAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,qBAAiB,mBAAO,wBAAwB;AAAA,EAClD,GAGE;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,mFAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,UAAU,UAAM,gCAA8B,aAAa;AAAA,MAC/D,UAAU;AAAA,IACZ,CAAC;AAED,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,mFAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,mFAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF,QAAI,uBAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd;AAAA,MACA;AAAA,MACA,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI;AACF,gBAAM,uBAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAc,8BAA8B;AAAA,IAC1C;AAAA,IACA;AAAA,EACF,GAGoC;AAClC,QAAI,SAAS,aAAa;AACxB,aAAO;AAAA,QACL,GAAG;AAAA,QACH,eAAe,MAAM,KAAK,0CAA0C;AAAA,UAClE;AAAA,UACA,gBAAgB,QAAQ;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,0CAA0C;AAAA,IACtD;AAAA,IACA;AAAA,EACF,GAGoB;AAClB,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,UAAM,EAAE,QAAQ,8BAA8B,QAAI;AAAA,MAChD,uBAAuB;AAAA,IACzB;AAEA,UAAM,cAAiC;AAAA,MACrC,gBAAgB;AAAA,MAChB,MAAM,uBAAuB;AAAA,MAC7B,aAAa,uBAAuB;AAAA,MACpC,cAAc,uBAAuB;AAAA,MACrC,cAAc,uBAAuB;AAAA,IACvC;AAEA,eAAO,8BAAS,aAAa;AAAA,MAC3B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AAAA,IACzB;AAAA,IACA,qBAAiB,mBAAO,wBAAwB;AAAA,EAClD,GAAkE;AAChE,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,aAAa;AACf,iBAAO,gCAA8B,aAAa;AAAA,QAChD,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBACJ,qBAC4B;AAC5B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,uCAAuC,mBAAmB;AAAA,IAC5D;AAEA,eAAO,kDAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,sBAAsB;AAAA,IAC1B;AAAA,EACF,GAA0D;AACxD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,MAChC,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,UAAM,qCAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,aAAyC;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,+BAA+B,WAAW;AAAA,IAC5C;AAEA,eAAO,0CAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,gBAAgB,SAAqD;AACzE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,qDAAgC;AAAA,QAC9B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,eAAO,0CAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY;AAAA,IAChB;AAAA,IACA;AAAA,EACF,GAAgD;AAC9C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,MAAM,+BAA+B;AAAA,MAC/D;AAAA,IACF,CAAC;AAED,WAAO,EAAE,UAAM,qCAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,iBAAiB,iBAAiD;AACtE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,mCAAmC,eAAe;AAAA,IACpD;AAEA,eAAO,8CAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,oBACJ,SACwB;AACxB,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,yDAAoC;AAAA,QAClC,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,eAAO,8CAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,SAAwD;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,mDAA8B,OAAO;AAAA,IACvC;AAEA,WAAO,EAAE,UAAM,qCAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,QAAQ,MAAM;AAAA,UACxC,gDAA2B,OAAO;AAAA,IACpC;AAEA,eAAO,qCAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,iBAAiB,SAGpB;AACD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,0BAA0B,QAAQ,MAAM;AAAA,UACxC,sDAAiC,OAAO;AAAA,IAC1C;AAEA,WAAO;AAAA,MACL,0BAAsB;AAAA,QACpB,KAAK;AAAA,MACP;AAAA,MACA,6BAAyB;AAAA,QACvB,KAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,gBACJ,SACqD;AACrD,UAAM,EAAE,QAAQ,GAAG,cAAc,IAAI;AACrC,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QACJ,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,eACC;AAAA,QACE,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,QAAgB;AAC/B,UAAM,KAAK,OAAO,OAAO,0BAA0B,MAAM,EAAE;AAAA,EAC7D;AAAA,EAEA,MAAM,kBAAkB,QAAqC;AAC3D,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,UAAU,iDAAiD;AAAA,IACvE;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,eAAO,wCAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,0BACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,IACvE;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,4BACJ,SAMA;AACA,UAAM,wBACJ,2FAA4C,OAAO;AAErD,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QAIJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,eACC;AAAA,QAIE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,6FAA6C,OAAO;AAAA,IACtD;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACA,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,6CAA6C,wBAAwB;AAAA,UACrE,6FAA6C,OAAO;AAAA,IACtD;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACe;AACf,UAAM,KAAK,OAAO;AAAA,MAChB,6CAA6C,wBAAwB;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,eAAO,mEAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,cAAc,cAA2C;AAC7D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,IAC9C;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,sBAAsB,iBAA8C;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,yCAAyC,eAAe;AAAA,IAC1D;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,gBACJ,SACwE;AACxE,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,cAAU,kEAAgC,OAAO,IAAI;AAAA,MACvD;AAAA,MACA,CAAC,eACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,cAAU,kEAAgC,OAAO,IAAI;AAAA,IACvD;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,SAAqD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,UACA,gEAA+B;AAAA,QAC7B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,cAAc,SAA8C;AAChE,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,UACA,6DAA8B,OAAO;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,oBAAoB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAkD;AAChD,QAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,gBAAgB;AACjD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,aAAa,YAAY;AACxC,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS;AACX,WAAK,OAAO;AAAA,QACV;AAAA;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,QAAQ,cAAc;AAAA,MAC1B,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,uBAAuB;AAAA,MACvB;AAAA,MACA,iBAAiB;AAAA,MACjB,aAAa;AAAA,MACb,YAAY;AAAA,MACZ;AAAA,MACA,iBAAiB;AAAA,MACjB,WAAW;AAAA,MACX,cAAc;AAAA,MACd,eAAe;AAAA,MACf;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,WAAO,GAAG,KAAK,OAAO,OAAO,8BAA8B,KAAK;AAAA,EAClE;AAAA,EAEA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,EACF,GAGW;AACT,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,UAAU,oDAAoD;AAAA,IAC1E;AAEA,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,MACA,KAAK,OAAO;AAAA,IACd;AAEA,QAAI,aAAa,IAAI,cAAc,SAAS;AAC5C,QAAI,UAAU;AACZ,UAAI,aAAa,IAAI,aAAa,QAAQ;AAAA,IAC5C;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,WAAW,UAA0B;AACnC,QAAI,CAAC,UAAU;AACb,YAAM,UAAU,mCAAmC;AAAA,IACrD;AAEA,WAAO,GAAG,KAAK,OAAO,OAAO,aAAa,QAAQ;AAAA,EACpD;AACF;","names":["import_serializers","import_create_organization_membership_options","import_factor","import_identity","import_invitation","import_list_invitations_options","import_list_organization_memberships_options","import_organization_membership","import_send_invitation_options","import_update_organization_membership_options"]}
package/lib/user-management/user-management.js CHANGED
@@ -69,6 +69,8 @@ class UserManagement {
69
69
  static {
70
70
  __name(this, "UserManagement");
71
71
  }
72
+ _jwks;
73
+ clientId;
72
74
  get jwks() {
73
75
  if (!this.clientId) {
74
76
  return;
package/lib/user-management/user-management.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListUsersOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeUser,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { Session } from './session';\nimport { sealData, unsealData } from 'iron-session';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\n\nconst toQueryString = (\n options: Record<string, string | string[] | undefined>,\n): string => {\n const searchParams = new URLSearchParams();\n const keys = Object.keys(options).sort();\n\n for (const key of keys) {\n const value = options[key];\n\n if (Array.isArray(value)) {\n value.forEach((item) => {\n searchParams.append(key, item);\n });\n }\n\n if (typeof value === 'string') {\n searchParams.append(key, value);\n }\n }\n\n return searchParams.toString();\n};\n\nexport class UserManagement {\n private _jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n get jwks(): ReturnType<typeof createRemoteJWKSet> | undefined {\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): Session {\n return new Session(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n permissions,\n entitlements,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n user: session.user,\n permissions,\n entitlements,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl({\n connectionId,\n codeChallenge,\n codeChallengeMethod,\n context,\n clientId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerScopes,\n redirectUri,\n state,\n screenHint,\n }: UserManagementAuthorizationURLOptions): string {\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n if (context) {\n this.workos.emitWarning(\n `\\`context\\` is deprecated. We previously required initiate login endpoints to return the\n\\`context\\` query parameter when getting the authorization URL. This is no longer necessary.`,\n );\n }\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n context,\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n return `${this.workos.baseURL}/user_management/authorize?${query}`;\n }\n\n getLogoutUrl({\n sessionId,\n returnTo,\n }: {\n sessionId: string;\n returnTo?: string;\n }): string {\n if (!sessionId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);\n }\n\n const url = new URL(\n '/user_management/sessions/logout',\n this.workos.baseURL,\n );\n\n url.searchParams.set('session_id', sessionId);\n if (returnTo) {\n url.searchParams.set('return_to', returnTo);\n }\n\n return url.toString();\n }\n\n getJwksUrl(clientId: string): string {\n if (!clientId) {\n throw TypeError('clientId must be a valid clientId');\n }\n\n return `${this.workos.baseURL}/sso/jwks/${clientId}`;\n }\n}\n"],"mappings":";;AAAA,SAAS,oBAAoB,WAAW,iBAAiB;AACzD,SAAS,2BAA2B;AACpC,SAAS,uBAAuB;AAChC,SAAS,cAAc;AAEvB,SAAS,4BAA4B;AAiDrC;AAAA,EAGE;AAAA,OAIK;AA6BP;AAAA,EAGE;AAAA,OACK;AAUP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,yDAAyD;AAClE,SAAS,6DAA6D;AACtE,SAAS,oDAAoD;AAC7D,SAAS,yBAAyB;AAClC,SAAS,6BAA6B;AACtC,SAAS,6BAA6B;AACtC,SAAS,uCAAuC;AAChD,SAAS,mDAAmD;AAC5D,SAAS,iCAAiC;AAC1C,SAAS,yCAAyC;AAClD,SAAS,sCAAsC;AAC/C,SAAS,oDAAoD;AAC7D,SAAS,eAAe;AACxB,SAAS,UAAU,kBAAkB;AAGrC,MAAM,gBAAgB,wBACpB,YACW;AACX,QAAM,eAAe,IAAI,gBAAgB;AACzC,QAAM,OAAO,OAAO,KAAK,OAAO,EAAE,KAAK;AAEvC,aAAW,OAAO,MAAM;AACtB,UAAM,QAAQ,QAAQ,GAAG;AAEzB,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAM,QAAQ,CAAC,SAAS;AACtB,qBAAa,OAAO,KAAK,IAAI;AAAA,MAC/B,CAAC;AAAA,IACH;AAEA,QAAI,OAAO,UAAU,UAAU;AAC7B,mBAAa,OAAO,KAAK,KAAK;AAAA,IAChC;AAAA,EACF;AAEA,SAAO,aAAa,SAAS;AAC/B,GArBsB;AAuBf,MAAM,eAAe;AAAA,EAI1B,YAA6B,QAAgB;AAAhB;AAC3B,UAAM,EAAE,SAAS,IAAI,OAAO;AAE5B,SAAK,WAAW;AAAA,EAClB;AAAA,EA1KF,OAkK4B;AAAA;AAAA;AAAA,EAU1B,IAAI,OAA0D;AAC5D,QAAI,CAAC,KAAK,UAAU;AAClB;AAAA,IACF;AAGA,SAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,QAAQ,CAAC,GAAG;AAAA,MACzE,kBAAkB,MAAO,KAAK;AAAA,IAChC,CAAC;AAED,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,kBAAkB,SAGN;AACV,WAAO,IAAI,QAAQ,MAAM,QAAQ,aAAa,QAAQ,cAAc;AAAA,EACtE;AAAA,EAEA,MAAM,QAAQ,QAA+B;AAC3C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,oBAAoB,YAAmC;AAC3D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,sCAAsC,UAAU;AAAA,IAClD;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,UACJ,SAC4D;AAC5D,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,UAAU,0BAA0B,OAAO,IAAI;AAAA,MACjD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,0BAA0B,OAAO,IAAI;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,2BAA2B,OAAO,CAAC;AAE/D,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,0BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,0CAA0C;AAAA,QACxC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,yBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,yCAAyC;AAAA,QACvC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,qCAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,6CAA6C;AAAA,QAC3C,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,qCAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,kCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,kDAAkD;AAAA,QAChD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,sCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,sDAAsD;AAAA,QACpD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,iBAAiB,OAAO,wBAAwB;AAAA,EAClD,GAGE;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,UAAU,MAAM,WAA8B,aAAa;AAAA,MAC/D,UAAU;AAAA,IACZ,CAAC;AAED,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,2CAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd;AAAA,MACA;AAAA,MACA,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAc,8BAA8B;AAAA,IAC1C;AAAA,IACA;AAAA,EACF,GAGoC;AAClC,QAAI,SAAS,aAAa;AACxB,aAAO;AAAA,QACL,GAAG;AAAA,QACH,eAAe,MAAM,KAAK,0CAA0C;AAAA,UAClE;AAAA,UACA,gBAAgB,QAAQ;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,0CAA0C;AAAA,IACtD;AAAA,IACA;AAAA,EACF,GAGoB;AAClB,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,uBAAuB;AAAA,IACzB;AAEA,UAAM,cAAiC;AAAA,MACrC,gBAAgB;AAAA,MAChB,MAAM,uBAAuB;AAAA,MAC7B,aAAa,uBAAuB;AAAA,MACpC,cAAc,uBAAuB;AAAA,MACrC,cAAc,uBAAuB;AAAA,IACvC;AAEA,WAAO,SAAS,aAAa;AAAA,MAC3B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AAAA,IACzB;AAAA,IACA,iBAAiB,OAAO,wBAAwB;AAAA,EAClD,GAAkE;AAChE,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,aAAa;AACf,aAAO,WAA8B,aAAa;AAAA,QAChD,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBACJ,qBAC4B;AAC5B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,uCAAuC,mBAAmB;AAAA,IAC5D;AAEA,WAAO,6BAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,sBAAsB;AAAA,IAC1B;AAAA,EACF,GAA0D;AACxD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,MAChC,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,aAAyC;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,+BAA+B,WAAW;AAAA,IAC5C;AAEA,WAAO,qBAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,gBAAgB,SAAqD;AACzE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,gCAAgC;AAAA,QAC9B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,qBAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY;AAAA,IAChB;AAAA,IACA;AAAA,EACF,GAAgD;AAC9C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,MAAM,+BAA+B;AAAA,MAC/D;AAAA,IACF,CAAC;AAED,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,iBAAiB,iBAAiD;AACtE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,mCAAmC,eAAe;AAAA,IACpD;AAEA,WAAO,yBAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,oBACJ,SACwB;AACxB,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,oCAAoC;AAAA,QAClC,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,yBAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,SAAwD;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,8BAA8B,OAAO;AAAA,IACvC;AAEA,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,QAAQ,MAAM;AAAA,MACxC,2BAA2B,OAAO;AAAA,IACpC;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,iBAAiB,SAGpB;AACD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,0BAA0B,QAAQ,MAAM;AAAA,MACxC,iCAAiC,OAAO;AAAA,IAC1C;AAEA,WAAO;AAAA,MACL,sBAAsB;AAAA,QACpB,KAAK;AAAA,MACP;AAAA,MACA,yBAAyB;AAAA,QACvB,KAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,gBACJ,SACqD;AACrD,UAAM,EAAE,QAAQ,GAAG,cAAc,IAAI;AACrC,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,QAAgB;AAC/B,UAAM,KAAK,OAAO,OAAO,0BAA0B,MAAM,EAAE;AAAA,EAC7D;AAAA,EAEA,MAAM,kBAAkB,QAAqC;AAC3D,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,UAAU,iDAAiD;AAAA,IACvE;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,0BACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,IACvE;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,4BACJ,SAMA;AACA,UAAM,oBACJ,4CAA4C,OAAO;AAErD,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QAIJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,WACC;AAAA,QAIE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,6CAA6C,OAAO;AAAA,IACtD;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACA,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,6CAA6C,wBAAwB;AAAA,MACrE,6CAA6C,OAAO;AAAA,IACtD;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACe;AACf,UAAM,KAAK,OAAO;AAAA,MAChB,6CAA6C,wBAAwB;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,cAAc,cAA2C;AAC7D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,IAC9C;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,sBAAsB,iBAA8C;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,yCAAyC,eAAe;AAAA,IAC1D;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,gBACJ,SACwE;AACxE,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,UAAU,gCAAgC,OAAO,IAAI;AAAA,MACvD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,gCAAgC,OAAO,IAAI;AAAA,IACvD;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,SAAqD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,+BAA+B;AAAA,QAC7B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,cAAc,SAA8C;AAChE,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,MACA,8BAA8B,OAAO;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,oBAAoB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAkD;AAChD,QAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,gBAAgB;AACjD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,aAAa,YAAY;AACxC,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS;AACX,WAAK,OAAO;AAAA,QACV;AAAA;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,QAAQ,cAAc;AAAA,MAC1B,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,uBAAuB;AAAA,MACvB;AAAA,MACA,iBAAiB;AAAA,MACjB,aAAa;AAAA,MACb,YAAY;AAAA,MACZ;AAAA,MACA,iBAAiB;AAAA,MACjB,WAAW;AAAA,MACX,cAAc;AAAA,MACd,eAAe;AAAA,MACf;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,WAAO,GAAG,KAAK,OAAO,OAAO,8BAA8B,KAAK;AAAA,EAClE;AAAA,EAEA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,EACF,GAGW;AACT,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,UAAU,oDAAoD;AAAA,IAC1E;AAEA,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,MACA,KAAK,OAAO;AAAA,IACd;AAEA,QAAI,aAAa,IAAI,cAAc,SAAS;AAC5C,QAAI,UAAU;AACZ,UAAI,aAAa,IAAI,aAAa,QAAQ;AAAA,IAC5C;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,WAAW,UAA0B;AACnC,QAAI,CAAC,UAAU;AACb,YAAM,UAAU,mCAAmC;AAAA,IACrD;AAEA,WAAO,GAAG,KAAK,OAAO,OAAO,aAAa,QAAQ;AAAA,EACpD;AACF;","names":[]}
1
+ {"version":3,"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListUsersOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeUser,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { Session } from './session';\nimport { sealData, unsealData } from 'iron-session';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\n\nconst toQueryString = (\n options: Record<string, string | string[] | undefined>,\n): string => {\n const searchParams = new URLSearchParams();\n const keys = Object.keys(options).sort();\n\n for (const key of keys) {\n const value = options[key];\n\n if (Array.isArray(value)) {\n value.forEach((item) => {\n searchParams.append(key, item);\n });\n }\n\n if (typeof value === 'string') {\n searchParams.append(key, value);\n }\n }\n\n return searchParams.toString();\n};\n\nexport class UserManagement {\n private _jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n get jwks(): ReturnType<typeof createRemoteJWKSet> | undefined {\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): Session {\n return new Session(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n permissions,\n entitlements,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n user: session.user,\n permissions,\n entitlements,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl({\n connectionId,\n codeChallenge,\n codeChallengeMethod,\n context,\n clientId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerScopes,\n redirectUri,\n state,\n screenHint,\n }: UserManagementAuthorizationURLOptions): string {\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n if (context) {\n this.workos.emitWarning(\n `\\`context\\` is deprecated. We previously required initiate login endpoints to return the\n\\`context\\` query parameter when getting the authorization URL. This is no longer necessary.`,\n );\n }\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n context,\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n return `${this.workos.baseURL}/user_management/authorize?${query}`;\n }\n\n getLogoutUrl({\n sessionId,\n returnTo,\n }: {\n sessionId: string;\n returnTo?: string;\n }): string {\n if (!sessionId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);\n }\n\n const url = new URL(\n '/user_management/sessions/logout',\n this.workos.baseURL,\n );\n\n url.searchParams.set('session_id', sessionId);\n if (returnTo) {\n url.searchParams.set('return_to', returnTo);\n }\n\n return url.toString();\n }\n\n getJwksUrl(clientId: string): string {\n if (!clientId) {\n throw TypeError('clientId must be a valid clientId');\n }\n\n return `${this.workos.baseURL}/sso/jwks/${clientId}`;\n }\n}\n"],"mappings":";;AAAA,SAAS,oBAAoB,WAAW,iBAAiB;AACzD,SAAS,2BAA2B;AACpC,SAAS,uBAAuB;AAChC,SAAS,cAAc;AAEvB,SAAS,4BAA4B;AAiDrC;AAAA,EAGE;AAAA,OAIK;AA6BP;AAAA,EAGE;AAAA,OACK;AAUP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,yDAAyD;AAClE,SAAS,6DAA6D;AACtE,SAAS,oDAAoD;AAC7D,SAAS,yBAAyB;AAClC,SAAS,6BAA6B;AACtC,SAAS,6BAA6B;AACtC,SAAS,uCAAuC;AAChD,SAAS,mDAAmD;AAC5D,SAAS,iCAAiC;AAC1C,SAAS,yCAAyC;AAClD,SAAS,sCAAsC;AAC/C,SAAS,oDAAoD;AAC7D,SAAS,eAAe;AACxB,SAAS,UAAU,kBAAkB;AAGrC,MAAM,gBAAgB,wBACpB,YACW;AACX,QAAM,eAAe,IAAI,gBAAgB;AACzC,QAAM,OAAO,OAAO,KAAK,OAAO,EAAE,KAAK;AAEvC,aAAW,OAAO,MAAM;AACtB,UAAM,QAAQ,QAAQ,GAAG;AAEzB,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAM,QAAQ,CAAC,SAAS;AACtB,qBAAa,OAAO,KAAK,IAAI;AAAA,MAC/B,CAAC;AAAA,IACH;AAEA,QAAI,OAAO,UAAU,UAAU;AAC7B,mBAAa,OAAO,KAAK,KAAK;AAAA,IAChC;AAAA,EACF;AAEA,SAAO,aAAa,SAAS;AAC/B,GArBsB;AAuBf,MAAM,eAAe;AAAA,EAI1B,YAA6B,QAAgB;AAAhB;AAC3B,UAAM,EAAE,SAAS,IAAI,OAAO;AAE5B,SAAK,WAAW;AAAA,EAClB;AAAA,EA1KF,OAkK4B;AAAA;AAAA;AAAA,EAClB;AAAA,EACD;AAAA,EAQP,IAAI,OAA0D;AAC5D,QAAI,CAAC,KAAK,UAAU;AAClB;AAAA,IACF;AAGA,SAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,QAAQ,CAAC,GAAG;AAAA,MACzE,kBAAkB,MAAO,KAAK;AAAA,IAChC,CAAC;AAED,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,kBAAkB,SAGN;AACV,WAAO,IAAI,QAAQ,MAAM,QAAQ,aAAa,QAAQ,cAAc;AAAA,EACtE;AAAA,EAEA,MAAM,QAAQ,QAA+B;AAC3C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,oBAAoB,YAAmC;AAC3D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,sCAAsC,UAAU;AAAA,IAClD;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,UACJ,SAC4D;AAC5D,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,UAAU,0BAA0B,OAAO,IAAI;AAAA,MACjD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,0BAA0B,OAAO,IAAI;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,2BAA2B,OAAO,CAAC;AAE/D,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,0BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,0CAA0C;AAAA,QACxC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,yBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,yCAAyC;AAAA,QACvC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,qCAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,6CAA6C;AAAA,QAC3C,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,qCAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,kCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,kDAAkD;AAAA,QAChD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,sCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,sDAAsD;AAAA,QACpD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,iBAAiB,OAAO,wBAAwB;AAAA,EAClD,GAGE;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,UAAU,MAAM,WAA8B,aAAa;AAAA,MAC/D,UAAU;AAAA,IACZ,CAAC;AAED,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,2CAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd;AAAA,MACA;AAAA,MACA,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAc,8BAA8B;AAAA,IAC1C;AAAA,IACA;AAAA,EACF,GAGoC;AAClC,QAAI,SAAS,aAAa;AACxB,aAAO;AAAA,QACL,GAAG;AAAA,QACH,eAAe,MAAM,KAAK,0CAA0C;AAAA,UAClE;AAAA,UACA,gBAAgB,QAAQ;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,0CAA0C;AAAA,IACtD;AAAA,IACA;AAAA,EACF,GAGoB;AAClB,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,uBAAuB;AAAA,IACzB;AAEA,UAAM,cAAiC;AAAA,MACrC,gBAAgB;AAAA,MAChB,MAAM,uBAAuB;AAAA,MAC7B,aAAa,uBAAuB;AAAA,MACpC,cAAc,uBAAuB;AAAA,MACrC,cAAc,uBAAuB;AAAA,IACvC;AAEA,WAAO,SAAS,aAAa;AAAA,MAC3B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AAAA,IACzB;AAAA,IACA,iBAAiB,OAAO,wBAAwB;AAAA,EAClD,GAAkE;AAChE,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,aAAa;AACf,aAAO,WAA8B,aAAa;AAAA,QAChD,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBACJ,qBAC4B;AAC5B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,uCAAuC,mBAAmB;AAAA,IAC5D;AAEA,WAAO,6BAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,sBAAsB;AAAA,IAC1B;AAAA,EACF,GAA0D;AACxD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,MAChC,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,aAAyC;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,+BAA+B,WAAW;AAAA,IAC5C;AAEA,WAAO,qBAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,gBAAgB,SAAqD;AACzE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,gCAAgC;AAAA,QAC9B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,qBAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY;AAAA,IAChB;AAAA,IACA;AAAA,EACF,GAAgD;AAC9C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,MAAM,+BAA+B;AAAA,MAC/D;AAAA,IACF,CAAC;AAED,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,iBAAiB,iBAAiD;AACtE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,mCAAmC,eAAe;AAAA,IACpD;AAEA,WAAO,yBAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,oBACJ,SACwB;AACxB,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,oCAAoC;AAAA,QAClC,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,yBAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,SAAwD;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,8BAA8B,OAAO;AAAA,IACvC;AAEA,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,QAAQ,MAAM;AAAA,MACxC,2BAA2B,OAAO;AAAA,IACpC;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,iBAAiB,SAGpB;AACD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,0BAA0B,QAAQ,MAAM;AAAA,MACxC,iCAAiC,OAAO;AAAA,IAC1C;AAEA,WAAO;AAAA,MACL,sBAAsB;AAAA,QACpB,KAAK;AAAA,MACP;AAAA,MACA,yBAAyB;AAAA,QACvB,KAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,gBACJ,SACqD;AACrD,UAAM,EAAE,QAAQ,GAAG,cAAc,IAAI;AACrC,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,QAAgB;AAC/B,UAAM,KAAK,OAAO,OAAO,0BAA0B,MAAM,EAAE;AAAA,EAC7D;AAAA,EAEA,MAAM,kBAAkB,QAAqC;AAC3D,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,UAAU,iDAAiD;AAAA,IACvE;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,0BACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,IACvE;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,4BACJ,SAMA;AACA,UAAM,oBACJ,4CAA4C,OAAO;AAErD,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QAIJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,WACC;AAAA,QAIE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,6CAA6C,OAAO;AAAA,IACtD;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACA,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,6CAA6C,wBAAwB;AAAA,MACrE,6CAA6C,OAAO;AAAA,IACtD;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACe;AACf,UAAM,KAAK,OAAO;AAAA,MAChB,6CAA6C,wBAAwB;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,cAAc,cAA2C;AAC7D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,IAC9C;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,sBAAsB,iBAA8C;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,yCAAyC,eAAe;AAAA,IAC1D;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,gBACJ,SACwE;AACxE,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,UAAU,gCAAgC,OAAO,IAAI;AAAA,MACvD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,gCAAgC,OAAO,IAAI;AAAA,IACvD;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,SAAqD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,+BAA+B;AAAA,QAC7B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,cAAc,SAA8C;AAChE,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,MACA,8BAA8B,OAAO;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,oBAAoB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAkD;AAChD,QAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,gBAAgB;AACjD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,aAAa,YAAY;AACxC,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS;AACX,WAAK,OAAO;AAAA,QACV;AAAA;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,QAAQ,cAAc;AAAA,MAC1B,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,uBAAuB;AAAA,MACvB;AAAA,MACA,iBAAiB;AAAA,MACjB,aAAa;AAAA,MACb,YAAY;AAAA,MACZ;AAAA,MACA,iBAAiB;AAAA,MACjB,WAAW;AAAA,MACX,cAAc;AAAA,MACd,eAAe;AAAA,MACf;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,WAAO,GAAG,KAAK,OAAO,OAAO,8BAA8B,KAAK;AAAA,EAClE;AAAA,EAEA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,EACF,GAGW;AACT,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,UAAU,oDAAoD;AAAA,IAC1E;AAEA,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,MACA,KAAK,OAAO;AAAA,IACd;AAEA,QAAI,aAAa,IAAI,cAAc,SAAS;AAC5C,QAAI,UAAU;AACZ,UAAI,aAAa,IAAI,aAAa,QAAQ;AAAA,IAC5C;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,WAAW,UAA0B;AACnC,QAAI,CAAC,UAAU;AACb,YAAM,UAAU,mCAAmC;AAAA,IACrD;AAEA,WAAO,GAAG,KAAK,OAAO,OAAO,aAAa,QAAQ;AAAA,EACpD;AACF;","names":[]}
package/lib/vault/vault.cjs CHANGED
@@ -34,6 +34,7 @@ class Vault {
34
34
  static {
35
35
  __name(this, "Vault");
36
36
  }
37
+ cryptoProvider;
37
38
  decode(payload) {
38
39
  const inputData = (0, import_base64.base64ToUint8Array)(payload);
39
40
  const iv = new Uint8Array(inputData.subarray(0, 12));
package/lib/vault/vault.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/vault/vault.ts"],"sourcesContent":["import { decodeUInt32, encodeUInt32 } from 'leb';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { List, ListResponse } from '../common/interfaces';\nimport { PaginationOptions } from '../index.worker';\nimport { base64ToUint8Array, uint8ArrayToBase64 } from '../common/utils/base64';\nimport type { WorkOS } from '../workos';\nimport {\n CreateDataKeyOptions,\n CreateDataKeyResponse,\n CreateObjectOptions,\n DataKey,\n DataKeyPair,\n DecryptDataKeyOptions,\n DecryptDataKeyResponse,\n DeleteObjectOptions,\n KeyContext,\n ListObjectVersionsResponse,\n ObjectDigest,\n ObjectDigestResponse,\n ObjectMetadata,\n ObjectVersion,\n ReadObjectMetadataResponse,\n ReadObjectOptions,\n ReadObjectResponse,\n UpdateObjectOptions,\n VaultObject,\n} from './interfaces';\nimport {\n deserializeCreateDataKeyResponse,\n deserializeDecryptDataKeyResponse,\n} from './serializers/vault-key.serializer';\nimport {\n deserializeListObjects,\n deserializeObject,\n deserializeObjectMetadata,\n desrializeListObjectVersions,\n serializeCreateObjectEntity,\n serializeUpdateObjectEntity,\n} from './serializers/vault-object.serializer';\n\ninterface Decoded {\n iv: Uint8Array;\n tag: Uint8Array;\n keys: string;\n ciphertext: Uint8Array;\n}\n\nexport class Vault {\n private cryptoProvider: CryptoProvider;\n\n constructor(private readonly workos: WorkOS) {\n this.cryptoProvider = workos.getCryptoProvider();\n }\n\n private decode(payload: string): Decoded {\n const inputData = base64ToUint8Array(payload);\n // Use 12 bytes for IV (standard for AES-GCM)\n const iv = new Uint8Array(inputData.subarray(0, 12));\n const tag = new Uint8Array(inputData.subarray(12, 28));\n const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);\n\n // Use subarray instead of slice and convert directly to base64\n const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);\n const keys = uint8ArrayToBase64(keysBuffer);\n\n const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));\n\n return {\n iv,\n tag,\n keys,\n ciphertext,\n };\n }\n\n async createObject(options: CreateObjectOptions): Promise<ObjectMetadata> {\n const { data } = await this.workos.post<ReadObjectMetadataResponse>(\n `/vault/v1/kv`,\n serializeCreateObjectEntity(options),\n );\n return deserializeObjectMetadata(data);\n }\n\n async listObjects(\n options?: PaginationOptions | undefined,\n ): Promise<List<ObjectDigest>> {\n const url = new URL('/vault/v1/kv', this.workos.baseURL);\n if (options?.after) {\n url.searchParams.set('after', options.after);\n }\n if (options?.limit) {\n url.searchParams.set('limit', options.limit.toString());\n }\n\n const { data } = await this.workos.get<ListResponse<ObjectDigestResponse>>(\n url.toString(),\n );\n return deserializeListObjects(data);\n }\n\n async listObjectVersions(\n options: ReadObjectOptions,\n ): Promise<ObjectVersion[]> {\n const { data } = await this.workos.get<ListObjectVersionsResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/versions`,\n );\n return desrializeListObjectVersions(data);\n }\n\n async readObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n );\n return deserializeObject(data);\n }\n\n async describeObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`,\n );\n return deserializeObject(data);\n }\n\n async updateObject(options: UpdateObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.put<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n serializeUpdateObjectEntity(options),\n );\n return deserializeObject(data);\n }\n\n async deleteObject(options: DeleteObjectOptions): Promise<void> {\n return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);\n }\n\n async createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair> {\n const { data } = await this.workos.post<CreateDataKeyResponse>(\n `/vault/v1/keys/data-key`,\n options,\n );\n return deserializeCreateDataKeyResponse(data);\n }\n\n async decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey> {\n const { data } = await this.workos.post<DecryptDataKeyResponse>(\n `/vault/v1/keys/decrypt`,\n options,\n );\n return deserializeDecryptDataKeyResponse(data);\n }\n\n async encrypt(\n data: string,\n context: KeyContext,\n associatedData?: string,\n ): Promise<string> {\n const keyPair = await this.createDataKey({\n context,\n });\n\n // Convert base64 key to Uint8Array\n const encoder = new TextEncoder();\n\n // Use our cross-runtime base64 utility\n const key = base64ToUint8Array(keyPair.dataKey.key);\n const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);\n\n const prefixLenBuffer = encodeUInt32(keyBlob.length);\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n // Use a 12-byte IV for AES-GCM (industry standard)\n const iv = this.cryptoProvider.randomBytes(12);\n\n const {\n ciphertext,\n iv: resultIv,\n tag,\n } = await this.cryptoProvider.encrypt(\n encoder.encode(data),\n key,\n iv,\n aadBuffer,\n );\n\n // Concatenate all parts into a single array\n const resultArray = new Uint8Array(\n resultIv.length +\n tag.length +\n prefixLenBuffer.length +\n keyBlob.length +\n ciphertext.length,\n );\n\n let offset = 0;\n resultArray.set(resultIv, offset);\n offset += resultIv.length;\n\n resultArray.set(tag, offset);\n offset += tag.length;\n\n resultArray.set(new Uint8Array(prefixLenBuffer), offset);\n offset += prefixLenBuffer.length;\n\n resultArray.set(keyBlob, offset);\n offset += keyBlob.length;\n\n resultArray.set(ciphertext, offset);\n\n // Convert to base64 using our cross-runtime utility\n return uint8ArrayToBase64(resultArray);\n }\n\n async decrypt(\n encryptedData: string,\n associatedData?: string,\n ): Promise<string> {\n const decoded = this.decode(encryptedData);\n const dataKey = await this.decryptDataKey({ keys: decoded.keys });\n\n // Convert base64 key to Uint8Array using our cross-runtime utility\n const key = base64ToUint8Array(dataKey.key);\n\n const encoder = new TextEncoder();\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n const decrypted = await this.cryptoProvider.decrypt(\n decoded.ciphertext,\n key,\n decoded.iv,\n decoded.tag,\n aadBuffer,\n );\n\n return new TextDecoder().decode(decrypted);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,iBAA2C;AAI3C,oBAAuD;AAuBvD,uBAGO;AACP,0BAOO;AASA,MAAM,MAAM;AAAA,EAGjB,YAA6B,QAAgB;AAAhB;AAC3B,SAAK,iBAAiB,OAAO,kBAAkB;AAAA,EACjD;AAAA,EApDF,OA+CmB;AAAA;AAAA;AAAA,EAOT,OAAO,SAA0B;AACvC,UAAM,gBAAY,kCAAmB,OAAO;AAE5C,UAAM,KAAK,IAAI,WAAW,UAAU,SAAS,GAAG,EAAE,CAAC;AACnD,UAAM,MAAM,IAAI,WAAW,UAAU,SAAS,IAAI,EAAE,CAAC;AACrD,UAAM,EAAE,OAAO,QAAQ,UAAU,QAAI,yBAAa,WAAW,EAAE;AAG/D,UAAM,aAAa,UAAU,SAAS,WAAW,YAAY,MAAM;AACnE,UAAM,WAAO,kCAAmB,UAAU;AAE1C,UAAM,aAAa,IAAI,WAAW,UAAU,SAAS,YAAY,MAAM,CAAC;AAExE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,SAAuD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,UACA,iDAA4B,OAAO;AAAA,IACrC;AACA,eAAO,+CAA0B,IAAI;AAAA,EACvC;AAAA,EAEA,MAAM,YACJ,SAC6B;AAC7B,UAAM,MAAM,IAAI,IAAI,gBAAgB,KAAK,OAAO,OAAO;AACvD,QAAI,SAAS,OAAO;AAClB,UAAI,aAAa,IAAI,SAAS,QAAQ,KAAK;AAAA,IAC7C;AACA,QAAI,SAAS,OAAO;AAClB,UAAI,aAAa,IAAI,SAAS,QAAQ,MAAM,SAAS,CAAC;AAAA,IACxD;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,IAAI,SAAS;AAAA,IACf;AACA,eAAO,4CAAuB,IAAI;AAAA,EACpC;AAAA,EAEA,MAAM,mBACJ,SAC0B;AAC1B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,eAAO,kDAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,WAAW,SAAkD;AACjE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,eAAO,uCAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,eAAe,SAAkD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,eAAO,uCAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,aAAa,SAAoD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,UAC9C,iDAA4B,OAAO;AAAA,IACrC;AACA,eAAO,uCAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,aAAa,SAA6C;AAC9D,WAAO,KAAK,OAAO,OAAO,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC,EAAE;AAAA,EAC5E;AAAA,EAEA,MAAM,cAAc,SAAqD;AACvE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA;AAAA,IACF;AACA,eAAO,mDAAiC,IAAI;AAAA,EAC9C;AAAA,EAEA,MAAM,eAAe,SAAkD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA;AAAA,IACF;AACA,eAAO,oDAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,QACJ,MACA,SACA,gBACiB;AACjB,UAAM,UAAU,MAAM,KAAK,cAAc;AAAA,MACvC;AAAA,IACF,CAAC;AAGD,UAAM,UAAU,IAAI,YAAY;AAGhC,UAAM,UAAM,kCAAmB,QAAQ,QAAQ,GAAG;AAClD,UAAM,cAAU,kCAAmB,QAAQ,aAAa;AAExD,UAAM,sBAAkB,yBAAa,QAAQ,MAAM;AACnD,UAAM,YAAY,iBACd,QAAQ,OAAO,cAAc,IAC7B;AAGJ,UAAM,KAAK,KAAK,eAAe,YAAY,EAAE;AAE7C,UAAM;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF,IAAI,MAAM,KAAK,eAAe;AAAA,MAC5B,QAAQ,OAAO,IAAI;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAGA,UAAM,cAAc,IAAI;AAAA,MACtB,SAAS,SACP,IAAI,SACJ,gBAAgB,SAChB,QAAQ,SACR,WAAW;AAAA,IACf;AAEA,QAAI,SAAS;AACb,gBAAY,IAAI,UAAU,MAAM;AAChC,cAAU,SAAS;AAEnB,gBAAY,IAAI,KAAK,MAAM;AAC3B,cAAU,IAAI;AAEd,gBAAY,IAAI,IAAI,WAAW,eAAe,GAAG,MAAM;AACvD,cAAU,gBAAgB;AAE1B,gBAAY,IAAI,SAAS,MAAM;AAC/B,cAAU,QAAQ;AAElB,gBAAY,IAAI,YAAY,MAAM;AAGlC,eAAO,kCAAmB,WAAW;AAAA,EACvC;AAAA,EAEA,MAAM,QACJ,eACA,gBACiB;AACjB,UAAM,UAAU,KAAK,OAAO,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,eAAe,EAAE,MAAM,QAAQ,KAAK,CAAC;AAGhE,UAAM,UAAM,kCAAmB,QAAQ,GAAG;AAE1C,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,YAAY,iBACd,QAAQ,OAAO,cAAc,IAC7B;AAEJ,UAAM,YAAY,MAAM,KAAK,eAAe;AAAA,MAC1C,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,WAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EAC3C;AACF;","names":[]}
1
+ {"version":3,"sources":["../../src/vault/vault.ts"],"sourcesContent":["import { decodeUInt32, encodeUInt32 } from 'leb';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { List, ListResponse } from '../common/interfaces';\nimport { PaginationOptions } from '../index.worker';\nimport { base64ToUint8Array, uint8ArrayToBase64 } from '../common/utils/base64';\nimport type { WorkOS } from '../workos';\nimport {\n CreateDataKeyOptions,\n CreateDataKeyResponse,\n CreateObjectOptions,\n DataKey,\n DataKeyPair,\n DecryptDataKeyOptions,\n DecryptDataKeyResponse,\n DeleteObjectOptions,\n KeyContext,\n ListObjectVersionsResponse,\n ObjectDigest,\n ObjectDigestResponse,\n ObjectMetadata,\n ObjectVersion,\n ReadObjectMetadataResponse,\n ReadObjectOptions,\n ReadObjectResponse,\n UpdateObjectOptions,\n VaultObject,\n} from './interfaces';\nimport {\n deserializeCreateDataKeyResponse,\n deserializeDecryptDataKeyResponse,\n} from './serializers/vault-key.serializer';\nimport {\n deserializeListObjects,\n deserializeObject,\n deserializeObjectMetadata,\n desrializeListObjectVersions,\n serializeCreateObjectEntity,\n serializeUpdateObjectEntity,\n} from './serializers/vault-object.serializer';\n\ninterface Decoded {\n iv: Uint8Array;\n tag: Uint8Array;\n keys: string;\n ciphertext: Uint8Array;\n}\n\nexport class Vault {\n private cryptoProvider: CryptoProvider;\n\n constructor(private readonly workos: WorkOS) {\n this.cryptoProvider = workos.getCryptoProvider();\n }\n\n private decode(payload: string): Decoded {\n const inputData = base64ToUint8Array(payload);\n // Use 12 bytes for IV (standard for AES-GCM)\n const iv = new Uint8Array(inputData.subarray(0, 12));\n const tag = new Uint8Array(inputData.subarray(12, 28));\n const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);\n\n // Use subarray instead of slice and convert directly to base64\n const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);\n const keys = uint8ArrayToBase64(keysBuffer);\n\n const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));\n\n return {\n iv,\n tag,\n keys,\n ciphertext,\n };\n }\n\n async createObject(options: CreateObjectOptions): Promise<ObjectMetadata> {\n const { data } = await this.workos.post<ReadObjectMetadataResponse>(\n `/vault/v1/kv`,\n serializeCreateObjectEntity(options),\n );\n return deserializeObjectMetadata(data);\n }\n\n async listObjects(\n options?: PaginationOptions | undefined,\n ): Promise<List<ObjectDigest>> {\n const url = new URL('/vault/v1/kv', this.workos.baseURL);\n if (options?.after) {\n url.searchParams.set('after', options.after);\n }\n if (options?.limit) {\n url.searchParams.set('limit', options.limit.toString());\n }\n\n const { data } = await this.workos.get<ListResponse<ObjectDigestResponse>>(\n url.toString(),\n );\n return deserializeListObjects(data);\n }\n\n async listObjectVersions(\n options: ReadObjectOptions,\n ): Promise<ObjectVersion[]> {\n const { data } = await this.workos.get<ListObjectVersionsResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/versions`,\n );\n return desrializeListObjectVersions(data);\n }\n\n async readObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n );\n return deserializeObject(data);\n }\n\n async describeObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`,\n );\n return deserializeObject(data);\n }\n\n async updateObject(options: UpdateObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.put<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n serializeUpdateObjectEntity(options),\n );\n return deserializeObject(data);\n }\n\n async deleteObject(options: DeleteObjectOptions): Promise<void> {\n return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);\n }\n\n async createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair> {\n const { data } = await this.workos.post<CreateDataKeyResponse>(\n `/vault/v1/keys/data-key`,\n options,\n );\n return deserializeCreateDataKeyResponse(data);\n }\n\n async decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey> {\n const { data } = await this.workos.post<DecryptDataKeyResponse>(\n `/vault/v1/keys/decrypt`,\n options,\n );\n return deserializeDecryptDataKeyResponse(data);\n }\n\n async encrypt(\n data: string,\n context: KeyContext,\n associatedData?: string,\n ): Promise<string> {\n const keyPair = await this.createDataKey({\n context,\n });\n\n // Convert base64 key to Uint8Array\n const encoder = new TextEncoder();\n\n // Use our cross-runtime base64 utility\n const key = base64ToUint8Array(keyPair.dataKey.key);\n const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);\n\n const prefixLenBuffer = encodeUInt32(keyBlob.length);\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n // Use a 12-byte IV for AES-GCM (industry standard)\n const iv = this.cryptoProvider.randomBytes(12);\n\n const {\n ciphertext,\n iv: resultIv,\n tag,\n } = await this.cryptoProvider.encrypt(\n encoder.encode(data),\n key,\n iv,\n aadBuffer,\n );\n\n // Concatenate all parts into a single array\n const resultArray = new Uint8Array(\n resultIv.length +\n tag.length +\n prefixLenBuffer.length +\n keyBlob.length +\n ciphertext.length,\n );\n\n let offset = 0;\n resultArray.set(resultIv, offset);\n offset += resultIv.length;\n\n resultArray.set(tag, offset);\n offset += tag.length;\n\n resultArray.set(new Uint8Array(prefixLenBuffer), offset);\n offset += prefixLenBuffer.length;\n\n resultArray.set(keyBlob, offset);\n offset += keyBlob.length;\n\n resultArray.set(ciphertext, offset);\n\n // Convert to base64 using our cross-runtime utility\n return uint8ArrayToBase64(resultArray);\n }\n\n async decrypt(\n encryptedData: string,\n associatedData?: string,\n ): Promise<string> {\n const decoded = this.decode(encryptedData);\n const dataKey = await this.decryptDataKey({ keys: decoded.keys });\n\n // Convert base64 key to Uint8Array using our cross-runtime utility\n const key = base64ToUint8Array(dataKey.key);\n\n const encoder = new TextEncoder();\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n const decrypted = await this.cryptoProvider.decrypt(\n decoded.ciphertext,\n key,\n decoded.iv,\n decoded.tag,\n aadBuffer,\n );\n\n return new TextDecoder().decode(decrypted);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,iBAA2C;AAI3C,oBAAuD;AAuBvD,uBAGO;AACP,0BAOO;AASA,MAAM,MAAM;AAAA,EAGjB,YAA6B,QAAgB;AAAhB;AAC3B,SAAK,iBAAiB,OAAO,kBAAkB;AAAA,EACjD;AAAA,EApDF,OA+CmB;AAAA;AAAA;AAAA,EACT;AAAA,EAMA,OAAO,SAA0B;AACvC,UAAM,gBAAY,kCAAmB,OAAO;AAE5C,UAAM,KAAK,IAAI,WAAW,UAAU,SAAS,GAAG,EAAE,CAAC;AACnD,UAAM,MAAM,IAAI,WAAW,UAAU,SAAS,IAAI,EAAE,CAAC;AACrD,UAAM,EAAE,OAAO,QAAQ,UAAU,QAAI,yBAAa,WAAW,EAAE;AAG/D,UAAM,aAAa,UAAU,SAAS,WAAW,YAAY,MAAM;AACnE,UAAM,WAAO,kCAAmB,UAAU;AAE1C,UAAM,aAAa,IAAI,WAAW,UAAU,SAAS,YAAY,MAAM,CAAC;AAExE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,SAAuD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,UACA,iDAA4B,OAAO;AAAA,IACrC;AACA,eAAO,+CAA0B,IAAI;AAAA,EACvC;AAAA,EAEA,MAAM,YACJ,SAC6B;AAC7B,UAAM,MAAM,IAAI,IAAI,gBAAgB,KAAK,OAAO,OAAO;AACvD,QAAI,SAAS,OAAO;AAClB,UAAI,aAAa,IAAI,SAAS,QAAQ,KAAK;AAAA,IAC7C;AACA,QAAI,SAAS,OAAO;AAClB,UAAI,aAAa,IAAI,SAAS,QAAQ,MAAM,SAAS,CAAC;AAAA,IACxD;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,IAAI,SAAS;AAAA,IACf;AACA,eAAO,4CAAuB,IAAI;AAAA,EACpC;AAAA,EAEA,MAAM,mBACJ,SAC0B;AAC1B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,eAAO,kDAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,WAAW,SAAkD;AACjE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,eAAO,uCAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,eAAe,SAAkD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,eAAO,uCAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,aAAa,SAAoD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,UAC9C,iDAA4B,OAAO;AAAA,IACrC;AACA,eAAO,uCAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,aAAa,SAA6C;AAC9D,WAAO,KAAK,OAAO,OAAO,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC,EAAE;AAAA,EAC5E;AAAA,EAEA,MAAM,cAAc,SAAqD;AACvE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA;AAAA,IACF;AACA,eAAO,mDAAiC,IAAI;AAAA,EAC9C;AAAA,EAEA,MAAM,eAAe,SAAkD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA;AAAA,IACF;AACA,eAAO,oDAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,QACJ,MACA,SACA,gBACiB;AACjB,UAAM,UAAU,MAAM,KAAK,cAAc;AAAA,MACvC;AAAA,IACF,CAAC;AAGD,UAAM,UAAU,IAAI,YAAY;AAGhC,UAAM,UAAM,kCAAmB,QAAQ,QAAQ,GAAG;AAClD,UAAM,cAAU,kCAAmB,QAAQ,aAAa;AAExD,UAAM,sBAAkB,yBAAa,QAAQ,MAAM;AACnD,UAAM,YAAY,iBACd,QAAQ,OAAO,cAAc,IAC7B;AAGJ,UAAM,KAAK,KAAK,eAAe,YAAY,EAAE;AAE7C,UAAM;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF,IAAI,MAAM,KAAK,eAAe;AAAA,MAC5B,QAAQ,OAAO,IAAI;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAGA,UAAM,cAAc,IAAI;AAAA,MACtB,SAAS,SACP,IAAI,SACJ,gBAAgB,SAChB,QAAQ,SACR,WAAW;AAAA,IACf;AAEA,QAAI,SAAS;AACb,gBAAY,IAAI,UAAU,MAAM;AAChC,cAAU,SAAS;AAEnB,gBAAY,IAAI,KAAK,MAAM;AAC3B,cAAU,IAAI;AAEd,gBAAY,IAAI,IAAI,WAAW,eAAe,GAAG,MAAM;AACvD,cAAU,gBAAgB;AAE1B,gBAAY,IAAI,SAAS,MAAM;AAC/B,cAAU,QAAQ;AAElB,gBAAY,IAAI,YAAY,MAAM;AAGlC,eAAO,kCAAmB,WAAW;AAAA,EACvC;AAAA,EAEA,MAAM,QACJ,eACA,gBACiB;AACjB,UAAM,UAAU,KAAK,OAAO,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,eAAe,EAAE,MAAM,QAAQ,KAAK,CAAC;AAGhE,UAAM,UAAM,kCAAmB,QAAQ,GAAG;AAE1C,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,YAAY,iBACd,QAAQ,OAAO,cAAc,IAC7B;AAEJ,UAAM,YAAY,MAAM,KAAK,eAAe;AAAA,MAC1C,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,WAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EAC3C;AACF;","names":[]}
package/lib/vault/vault.js CHANGED
@@ -22,6 +22,7 @@ class Vault {
22
22
  static {
23
23
  __name(this, "Vault");
24
24
  }
25
+ cryptoProvider;
25
26
  decode(payload) {
26
27
  const inputData = base64ToUint8Array(payload);
27
28
  const iv = new Uint8Array(inputData.subarray(0, 12));
package/lib/vault/vault.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/vault/vault.ts"],"sourcesContent":["import { decodeUInt32, encodeUInt32 } from 'leb';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { List, ListResponse } from '../common/interfaces';\nimport { PaginationOptions } from '../index.worker';\nimport { base64ToUint8Array, uint8ArrayToBase64 } from '../common/utils/base64';\nimport type { WorkOS } from '../workos';\nimport {\n CreateDataKeyOptions,\n CreateDataKeyResponse,\n CreateObjectOptions,\n DataKey,\n DataKeyPair,\n DecryptDataKeyOptions,\n DecryptDataKeyResponse,\n DeleteObjectOptions,\n KeyContext,\n ListObjectVersionsResponse,\n ObjectDigest,\n ObjectDigestResponse,\n ObjectMetadata,\n ObjectVersion,\n ReadObjectMetadataResponse,\n ReadObjectOptions,\n ReadObjectResponse,\n UpdateObjectOptions,\n VaultObject,\n} from './interfaces';\nimport {\n deserializeCreateDataKeyResponse,\n deserializeDecryptDataKeyResponse,\n} from './serializers/vault-key.serializer';\nimport {\n deserializeListObjects,\n deserializeObject,\n deserializeObjectMetadata,\n desrializeListObjectVersions,\n serializeCreateObjectEntity,\n serializeUpdateObjectEntity,\n} from './serializers/vault-object.serializer';\n\ninterface Decoded {\n iv: Uint8Array;\n tag: Uint8Array;\n keys: string;\n ciphertext: Uint8Array;\n}\n\nexport class Vault {\n private cryptoProvider: CryptoProvider;\n\n constructor(private readonly workos: WorkOS) {\n this.cryptoProvider = workos.getCryptoProvider();\n }\n\n private decode(payload: string): Decoded {\n const inputData = base64ToUint8Array(payload);\n // Use 12 bytes for IV (standard for AES-GCM)\n const iv = new Uint8Array(inputData.subarray(0, 12));\n const tag = new Uint8Array(inputData.subarray(12, 28));\n const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);\n\n // Use subarray instead of slice and convert directly to base64\n const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);\n const keys = uint8ArrayToBase64(keysBuffer);\n\n const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));\n\n return {\n iv,\n tag,\n keys,\n ciphertext,\n };\n }\n\n async createObject(options: CreateObjectOptions): Promise<ObjectMetadata> {\n const { data } = await this.workos.post<ReadObjectMetadataResponse>(\n `/vault/v1/kv`,\n serializeCreateObjectEntity(options),\n );\n return deserializeObjectMetadata(data);\n }\n\n async listObjects(\n options?: PaginationOptions | undefined,\n ): Promise<List<ObjectDigest>> {\n const url = new URL('/vault/v1/kv', this.workos.baseURL);\n if (options?.after) {\n url.searchParams.set('after', options.after);\n }\n if (options?.limit) {\n url.searchParams.set('limit', options.limit.toString());\n }\n\n const { data } = await this.workos.get<ListResponse<ObjectDigestResponse>>(\n url.toString(),\n );\n return deserializeListObjects(data);\n }\n\n async listObjectVersions(\n options: ReadObjectOptions,\n ): Promise<ObjectVersion[]> {\n const { data } = await this.workos.get<ListObjectVersionsResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/versions`,\n );\n return desrializeListObjectVersions(data);\n }\n\n async readObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n );\n return deserializeObject(data);\n }\n\n async describeObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`,\n );\n return deserializeObject(data);\n }\n\n async updateObject(options: UpdateObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.put<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n serializeUpdateObjectEntity(options),\n );\n return deserializeObject(data);\n }\n\n async deleteObject(options: DeleteObjectOptions): Promise<void> {\n return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);\n }\n\n async createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair> {\n const { data } = await this.workos.post<CreateDataKeyResponse>(\n `/vault/v1/keys/data-key`,\n options,\n );\n return deserializeCreateDataKeyResponse(data);\n }\n\n async decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey> {\n const { data } = await this.workos.post<DecryptDataKeyResponse>(\n `/vault/v1/keys/decrypt`,\n options,\n );\n return deserializeDecryptDataKeyResponse(data);\n }\n\n async encrypt(\n data: string,\n context: KeyContext,\n associatedData?: string,\n ): Promise<string> {\n const keyPair = await this.createDataKey({\n context,\n });\n\n // Convert base64 key to Uint8Array\n const encoder = new TextEncoder();\n\n // Use our cross-runtime base64 utility\n const key = base64ToUint8Array(keyPair.dataKey.key);\n const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);\n\n const prefixLenBuffer = encodeUInt32(keyBlob.length);\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n // Use a 12-byte IV for AES-GCM (industry standard)\n const iv = this.cryptoProvider.randomBytes(12);\n\n const {\n ciphertext,\n iv: resultIv,\n tag,\n } = await this.cryptoProvider.encrypt(\n encoder.encode(data),\n key,\n iv,\n aadBuffer,\n );\n\n // Concatenate all parts into a single array\n const resultArray = new Uint8Array(\n resultIv.length +\n tag.length +\n prefixLenBuffer.length +\n keyBlob.length +\n ciphertext.length,\n );\n\n let offset = 0;\n resultArray.set(resultIv, offset);\n offset += resultIv.length;\n\n resultArray.set(tag, offset);\n offset += tag.length;\n\n resultArray.set(new Uint8Array(prefixLenBuffer), offset);\n offset += prefixLenBuffer.length;\n\n resultArray.set(keyBlob, offset);\n offset += keyBlob.length;\n\n resultArray.set(ciphertext, offset);\n\n // Convert to base64 using our cross-runtime utility\n return uint8ArrayToBase64(resultArray);\n }\n\n async decrypt(\n encryptedData: string,\n associatedData?: string,\n ): Promise<string> {\n const decoded = this.decode(encryptedData);\n const dataKey = await this.decryptDataKey({ keys: decoded.keys });\n\n // Convert base64 key to Uint8Array using our cross-runtime utility\n const key = base64ToUint8Array(dataKey.key);\n\n const encoder = new TextEncoder();\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n const decrypted = await this.cryptoProvider.decrypt(\n decoded.ciphertext,\n key,\n decoded.iv,\n decoded.tag,\n aadBuffer,\n );\n\n return new TextDecoder().decode(decrypted);\n }\n}\n"],"mappings":";;AAAA,SAAS,cAAc,oBAAoB;AAI3C,SAAS,oBAAoB,0BAA0B;AAuBvD;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASA,MAAM,MAAM;AAAA,EAGjB,YAA6B,QAAgB;AAAhB;AAC3B,SAAK,iBAAiB,OAAO,kBAAkB;AAAA,EACjD;AAAA,EApDF,OA+CmB;AAAA;AAAA;AAAA,EAOT,OAAO,SAA0B;AACvC,UAAM,YAAY,mBAAmB,OAAO;AAE5C,UAAM,KAAK,IAAI,WAAW,UAAU,SAAS,GAAG,EAAE,CAAC;AACnD,UAAM,MAAM,IAAI,WAAW,UAAU,SAAS,IAAI,EAAE,CAAC;AACrD,UAAM,EAAE,OAAO,QAAQ,UAAU,IAAI,aAAa,WAAW,EAAE;AAG/D,UAAM,aAAa,UAAU,SAAS,WAAW,YAAY,MAAM;AACnE,UAAM,OAAO,mBAAmB,UAAU;AAE1C,UAAM,aAAa,IAAI,WAAW,UAAU,SAAS,YAAY,MAAM,CAAC;AAExE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,SAAuD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA,4BAA4B,OAAO;AAAA,IACrC;AACA,WAAO,0BAA0B,IAAI;AAAA,EACvC;AAAA,EAEA,MAAM,YACJ,SAC6B;AAC7B,UAAM,MAAM,IAAI,IAAI,gBAAgB,KAAK,OAAO,OAAO;AACvD,QAAI,SAAS,OAAO;AAClB,UAAI,aAAa,IAAI,SAAS,QAAQ,KAAK;AAAA,IAC7C;AACA,QAAI,SAAS,OAAO;AAClB,UAAI,aAAa,IAAI,SAAS,QAAQ,MAAM,SAAS,CAAC;AAAA,IACxD;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,IAAI,SAAS;AAAA,IACf;AACA,WAAO,uBAAuB,IAAI;AAAA,EACpC;AAAA,EAEA,MAAM,mBACJ,SAC0B;AAC1B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,WAAO,6BAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,WAAW,SAAkD;AACjE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,WAAO,kBAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,eAAe,SAAkD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,WAAO,kBAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,aAAa,SAAoD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAC9C,4BAA4B,OAAO;AAAA,IACrC;AACA,WAAO,kBAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,aAAa,SAA6C;AAC9D,WAAO,KAAK,OAAO,OAAO,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC,EAAE;AAAA,EAC5E;AAAA,EAEA,MAAM,cAAc,SAAqD;AACvE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA;AAAA,IACF;AACA,WAAO,iCAAiC,IAAI;AAAA,EAC9C;AAAA,EAEA,MAAM,eAAe,SAAkD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA;AAAA,IACF;AACA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,QACJ,MACA,SACA,gBACiB;AACjB,UAAM,UAAU,MAAM,KAAK,cAAc;AAAA,MACvC;AAAA,IACF,CAAC;AAGD,UAAM,UAAU,IAAI,YAAY;AAGhC,UAAM,MAAM,mBAAmB,QAAQ,QAAQ,GAAG;AAClD,UAAM,UAAU,mBAAmB,QAAQ,aAAa;AAExD,UAAM,kBAAkB,aAAa,QAAQ,MAAM;AACnD,UAAM,YAAY,iBACd,QAAQ,OAAO,cAAc,IAC7B;AAGJ,UAAM,KAAK,KAAK,eAAe,YAAY,EAAE;AAE7C,UAAM;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF,IAAI,MAAM,KAAK,eAAe;AAAA,MAC5B,QAAQ,OAAO,IAAI;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAGA,UAAM,cAAc,IAAI;AAAA,MACtB,SAAS,SACP,IAAI,SACJ,gBAAgB,SAChB,QAAQ,SACR,WAAW;AAAA,IACf;AAEA,QAAI,SAAS;AACb,gBAAY,IAAI,UAAU,MAAM;AAChC,cAAU,SAAS;AAEnB,gBAAY,IAAI,KAAK,MAAM;AAC3B,cAAU,IAAI;AAEd,gBAAY,IAAI,IAAI,WAAW,eAAe,GAAG,MAAM;AACvD,cAAU,gBAAgB;AAE1B,gBAAY,IAAI,SAAS,MAAM;AAC/B,cAAU,QAAQ;AAElB,gBAAY,IAAI,YAAY,MAAM;AAGlC,WAAO,mBAAmB,WAAW;AAAA,EACvC;AAAA,EAEA,MAAM,QACJ,eACA,gBACiB;AACjB,UAAM,UAAU,KAAK,OAAO,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,eAAe,EAAE,MAAM,QAAQ,KAAK,CAAC;AAGhE,UAAM,MAAM,mBAAmB,QAAQ,GAAG;AAE1C,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,YAAY,iBACd,QAAQ,OAAO,cAAc,IAC7B;AAEJ,UAAM,YAAY,MAAM,KAAK,eAAe;AAAA,MAC1C,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,WAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EAC3C;AACF;","names":[]}
1
+ {"version":3,"sources":["../../src/vault/vault.ts"],"sourcesContent":["import { decodeUInt32, encodeUInt32 } from 'leb';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { List, ListResponse } from '../common/interfaces';\nimport { PaginationOptions } from '../index.worker';\nimport { base64ToUint8Array, uint8ArrayToBase64 } from '../common/utils/base64';\nimport type { WorkOS } from '../workos';\nimport {\n CreateDataKeyOptions,\n CreateDataKeyResponse,\n CreateObjectOptions,\n DataKey,\n DataKeyPair,\n DecryptDataKeyOptions,\n DecryptDataKeyResponse,\n DeleteObjectOptions,\n KeyContext,\n ListObjectVersionsResponse,\n ObjectDigest,\n ObjectDigestResponse,\n ObjectMetadata,\n ObjectVersion,\n ReadObjectMetadataResponse,\n ReadObjectOptions,\n ReadObjectResponse,\n UpdateObjectOptions,\n VaultObject,\n} from './interfaces';\nimport {\n deserializeCreateDataKeyResponse,\n deserializeDecryptDataKeyResponse,\n} from './serializers/vault-key.serializer';\nimport {\n deserializeListObjects,\n deserializeObject,\n deserializeObjectMetadata,\n desrializeListObjectVersions,\n serializeCreateObjectEntity,\n serializeUpdateObjectEntity,\n} from './serializers/vault-object.serializer';\n\ninterface Decoded {\n iv: Uint8Array;\n tag: Uint8Array;\n keys: string;\n ciphertext: Uint8Array;\n}\n\nexport class Vault {\n private cryptoProvider: CryptoProvider;\n\n constructor(private readonly workos: WorkOS) {\n this.cryptoProvider = workos.getCryptoProvider();\n }\n\n private decode(payload: string): Decoded {\n const inputData = base64ToUint8Array(payload);\n // Use 12 bytes for IV (standard for AES-GCM)\n const iv = new Uint8Array(inputData.subarray(0, 12));\n const tag = new Uint8Array(inputData.subarray(12, 28));\n const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);\n\n // Use subarray instead of slice and convert directly to base64\n const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);\n const keys = uint8ArrayToBase64(keysBuffer);\n\n const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));\n\n return {\n iv,\n tag,\n keys,\n ciphertext,\n };\n }\n\n async createObject(options: CreateObjectOptions): Promise<ObjectMetadata> {\n const { data } = await this.workos.post<ReadObjectMetadataResponse>(\n `/vault/v1/kv`,\n serializeCreateObjectEntity(options),\n );\n return deserializeObjectMetadata(data);\n }\n\n async listObjects(\n options?: PaginationOptions | undefined,\n ): Promise<List<ObjectDigest>> {\n const url = new URL('/vault/v1/kv', this.workos.baseURL);\n if (options?.after) {\n url.searchParams.set('after', options.after);\n }\n if (options?.limit) {\n url.searchParams.set('limit', options.limit.toString());\n }\n\n const { data } = await this.workos.get<ListResponse<ObjectDigestResponse>>(\n url.toString(),\n );\n return deserializeListObjects(data);\n }\n\n async listObjectVersions(\n options: ReadObjectOptions,\n ): Promise<ObjectVersion[]> {\n const { data } = await this.workos.get<ListObjectVersionsResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/versions`,\n );\n return desrializeListObjectVersions(data);\n }\n\n async readObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n );\n return deserializeObject(data);\n }\n\n async describeObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`,\n );\n return deserializeObject(data);\n }\n\n async updateObject(options: UpdateObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.put<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n serializeUpdateObjectEntity(options),\n );\n return deserializeObject(data);\n }\n\n async deleteObject(options: DeleteObjectOptions): Promise<void> {\n return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);\n }\n\n async createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair> {\n const { data } = await this.workos.post<CreateDataKeyResponse>(\n `/vault/v1/keys/data-key`,\n options,\n );\n return deserializeCreateDataKeyResponse(data);\n }\n\n async decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey> {\n const { data } = await this.workos.post<DecryptDataKeyResponse>(\n `/vault/v1/keys/decrypt`,\n options,\n );\n return deserializeDecryptDataKeyResponse(data);\n }\n\n async encrypt(\n data: string,\n context: KeyContext,\n associatedData?: string,\n ): Promise<string> {\n const keyPair = await this.createDataKey({\n context,\n });\n\n // Convert base64 key to Uint8Array\n const encoder = new TextEncoder();\n\n // Use our cross-runtime base64 utility\n const key = base64ToUint8Array(keyPair.dataKey.key);\n const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);\n\n const prefixLenBuffer = encodeUInt32(keyBlob.length);\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n // Use a 12-byte IV for AES-GCM (industry standard)\n const iv = this.cryptoProvider.randomBytes(12);\n\n const {\n ciphertext,\n iv: resultIv,\n tag,\n } = await this.cryptoProvider.encrypt(\n encoder.encode(data),\n key,\n iv,\n aadBuffer,\n );\n\n // Concatenate all parts into a single array\n const resultArray = new Uint8Array(\n resultIv.length +\n tag.length +\n prefixLenBuffer.length +\n keyBlob.length +\n ciphertext.length,\n );\n\n let offset = 0;\n resultArray.set(resultIv, offset);\n offset += resultIv.length;\n\n resultArray.set(tag, offset);\n offset += tag.length;\n\n resultArray.set(new Uint8Array(prefixLenBuffer), offset);\n offset += prefixLenBuffer.length;\n\n resultArray.set(keyBlob, offset);\n offset += keyBlob.length;\n\n resultArray.set(ciphertext, offset);\n\n // Convert to base64 using our cross-runtime utility\n return uint8ArrayToBase64(resultArray);\n }\n\n async decrypt(\n encryptedData: string,\n associatedData?: string,\n ): Promise<string> {\n const decoded = this.decode(encryptedData);\n const dataKey = await this.decryptDataKey({ keys: decoded.keys });\n\n // Convert base64 key to Uint8Array using our cross-runtime utility\n const key = base64ToUint8Array(dataKey.key);\n\n const encoder = new TextEncoder();\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n const decrypted = await this.cryptoProvider.decrypt(\n decoded.ciphertext,\n key,\n decoded.iv,\n decoded.tag,\n aadBuffer,\n );\n\n return new TextDecoder().decode(decrypted);\n }\n}\n"],"mappings":";;AAAA,SAAS,cAAc,oBAAoB;AAI3C,SAAS,oBAAoB,0BAA0B;AAuBvD;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASA,MAAM,MAAM;AAAA,EAGjB,YAA6B,QAAgB;AAAhB;AAC3B,SAAK,iBAAiB,OAAO,kBAAkB;AAAA,EACjD;AAAA,EApDF,OA+CmB;AAAA;AAAA;AAAA,EACT;AAAA,EAMA,OAAO,SAA0B;AACvC,UAAM,YAAY,mBAAmB,OAAO;AAE5C,UAAM,KAAK,IAAI,WAAW,UAAU,SAAS,GAAG,EAAE,CAAC;AACnD,UAAM,MAAM,IAAI,WAAW,UAAU,SAAS,IAAI,EAAE,CAAC;AACrD,UAAM,EAAE,OAAO,QAAQ,UAAU,IAAI,aAAa,WAAW,EAAE;AAG/D,UAAM,aAAa,UAAU,SAAS,WAAW,YAAY,MAAM;AACnE,UAAM,OAAO,mBAAmB,UAAU;AAE1C,UAAM,aAAa,IAAI,WAAW,UAAU,SAAS,YAAY,MAAM,CAAC;AAExE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,SAAuD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA,4BAA4B,OAAO;AAAA,IACrC;AACA,WAAO,0BAA0B,IAAI;AAAA,EACvC;AAAA,EAEA,MAAM,YACJ,SAC6B;AAC7B,UAAM,MAAM,IAAI,IAAI,gBAAgB,KAAK,OAAO,OAAO;AACvD,QAAI,SAAS,OAAO;AAClB,UAAI,aAAa,IAAI,SAAS,QAAQ,KAAK;AAAA,IAC7C;AACA,QAAI,SAAS,OAAO;AAClB,UAAI,aAAa,IAAI,SAAS,QAAQ,MAAM,SAAS,CAAC;AAAA,IACxD;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,IAAI,SAAS;AAAA,IACf;AACA,WAAO,uBAAuB,IAAI;AAAA,EACpC;AAAA,EAEA,MAAM,mBACJ,SAC0B;AAC1B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,WAAO,6BAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,WAAW,SAAkD;AACjE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,WAAO,kBAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,eAAe,SAAkD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,IAChD;AACA,WAAO,kBAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,aAAa,SAAoD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAC9C,4BAA4B,OAAO;AAAA,IACrC;AACA,WAAO,kBAAkB,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAM,aAAa,SAA6C;AAC9D,WAAO,KAAK,OAAO,OAAO,gBAAgB,mBAAmB,QAAQ,EAAE,CAAC,EAAE;AAAA,EAC5E;AAAA,EAEA,MAAM,cAAc,SAAqD;AACvE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA;AAAA,IACF;AACA,WAAO,iCAAiC,IAAI;AAAA,EAC9C;AAAA,EAEA,MAAM,eAAe,SAAkD;AACrE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC;AAAA,MACA;AAAA,IACF;AACA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,QACJ,MACA,SACA,gBACiB;AACjB,UAAM,UAAU,MAAM,KAAK,cAAc;AAAA,MACvC;AAAA,IACF,CAAC;AAGD,UAAM,UAAU,IAAI,YAAY;AAGhC,UAAM,MAAM,mBAAmB,QAAQ,QAAQ,GAAG;AAClD,UAAM,UAAU,mBAAmB,QAAQ,aAAa;AAExD,UAAM,kBAAkB,aAAa,QAAQ,MAAM;AACnD,UAAM,YAAY,iBACd,QAAQ,OAAO,cAAc,IAC7B;AAGJ,UAAM,KAAK,KAAK,eAAe,YAAY,EAAE;AAE7C,UAAM;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF,IAAI,MAAM,KAAK,eAAe;AAAA,MAC5B,QAAQ,OAAO,IAAI;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAGA,UAAM,cAAc,IAAI;AAAA,MACtB,SAAS,SACP,IAAI,SACJ,gBAAgB,SAChB,QAAQ,SACR,WAAW;AAAA,IACf;AAEA,QAAI,SAAS;AACb,gBAAY,IAAI,UAAU,MAAM;AAChC,cAAU,SAAS;AAEnB,gBAAY,IAAI,KAAK,MAAM;AAC3B,cAAU,IAAI;AAEd,gBAAY,IAAI,IAAI,WAAW,eAAe,GAAG,MAAM;AACvD,cAAU,gBAAgB;AAE1B,gBAAY,IAAI,SAAS,MAAM;AAC/B,cAAU,QAAQ;AAElB,gBAAY,IAAI,YAAY,MAAM;AAGlC,WAAO,mBAAmB,WAAW;AAAA,EACvC;AAAA,EAEA,MAAM,QACJ,eACA,gBACiB;AACjB,UAAM,UAAU,KAAK,OAAO,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,eAAe,EAAE,MAAM,QAAQ,KAAK,CAAC;AAGhE,UAAM,MAAM,mBAAmB,QAAQ,GAAG;AAE1C,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,YAAY,iBACd,QAAQ,OAAO,cAAc,IAC7B;AAEJ,UAAM,YAAY,MAAM,KAAK,eAAe;AAAA,MAC1C,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,WAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EAC3C;AACF;","names":[]}
package/lib/webhooks/webhooks.cjs CHANGED
@@ -28,6 +28,7 @@ class Webhooks {
28
28
  static {
29
29
  __name(this, "Webhooks");
30
30
  }
31
+ signatureProvider;
31
32
  constructor(cryptoProvider) {
32
33
  this.signatureProvider = new import_signature_provider.SignatureProvider(cryptoProvider);
33
34
  }
package/lib/webhooks/webhooks.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/webhooks/webhooks.ts"],"sourcesContent":["import { deserializeEvent } from '../common/serializers';\nimport { Event, EventResponse } from '../common/interfaces';\nimport { SignatureProvider } from '../common/crypto/signature-provider';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\n\nexport class Webhooks {\n private signatureProvider: SignatureProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.signatureProvider = new SignatureProvider(cryptoProvider);\n }\n\n get verifyHeader() {\n return this.signatureProvider.verifyHeader.bind(this.signatureProvider);\n }\n\n get computeSignature() {\n return this.signatureProvider.computeSignature.bind(this.signatureProvider);\n }\n\n get getTimestampAndSignatureHash() {\n return this.signatureProvider.getTimestampAndSignatureHash.bind(\n this.signatureProvider,\n );\n }\n\n async constructEvent({\n payload,\n sigHeader,\n secret,\n tolerance = 180000,\n }: {\n payload: unknown;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<Event> {\n const options = { payload, sigHeader, secret, tolerance };\n await this.verifyHeader(options);\n\n const webhookPayload = payload as EventResponse;\n\n return deserializeEvent(webhookPayload);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAiC;AAEjC,gCAAkC;AAG3B,MAAM,SAAS;AAAA,EALtB,OAKsB;AAAA;AAAA;AAAA,EAGpB,YAAY,gBAAgC;AAC1C,SAAK,oBAAoB,IAAI,4CAAkB,cAAc;AAAA,EAC/D;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK,kBAAkB,aAAa,KAAK,KAAK,iBAAiB;AAAA,EACxE;AAAA,EAEA,IAAI,mBAAmB;AACrB,WAAO,KAAK,kBAAkB,iBAAiB,KAAK,KAAK,iBAAiB;AAAA,EAC5E;AAAA,EAEA,IAAI,+BAA+B;AACjC,WAAO,KAAK,kBAAkB,6BAA6B;AAAA,MACzD,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,EACd,GAKmB;AACjB,UAAM,UAAU,EAAE,SAAS,WAAW,QAAQ,UAAU;AACxD,UAAM,KAAK,aAAa,OAAO;AAE/B,UAAM,iBAAiB;AAEvB,eAAO,qCAAiB,cAAc;AAAA,EACxC;AACF;","names":[]}
1
+ {"version":3,"sources":["../../src/webhooks/webhooks.ts"],"sourcesContent":["import { deserializeEvent } from '../common/serializers';\nimport { Event, EventResponse } from '../common/interfaces';\nimport { SignatureProvider } from '../common/crypto/signature-provider';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\n\nexport class Webhooks {\n private signatureProvider: SignatureProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.signatureProvider = new SignatureProvider(cryptoProvider);\n }\n\n get verifyHeader() {\n return this.signatureProvider.verifyHeader.bind(this.signatureProvider);\n }\n\n get computeSignature() {\n return this.signatureProvider.computeSignature.bind(this.signatureProvider);\n }\n\n get getTimestampAndSignatureHash() {\n return this.signatureProvider.getTimestampAndSignatureHash.bind(\n this.signatureProvider,\n );\n }\n\n async constructEvent({\n payload,\n sigHeader,\n secret,\n tolerance = 180000,\n }: {\n payload: unknown;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<Event> {\n const options = { payload, sigHeader, secret, tolerance };\n await this.verifyHeader(options);\n\n const webhookPayload = payload as EventResponse;\n\n return deserializeEvent(webhookPayload);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAiC;AAEjC,gCAAkC;AAG3B,MAAM,SAAS;AAAA,EALtB,OAKsB;AAAA;AAAA;AAAA,EACZ;AAAA,EAER,YAAY,gBAAgC;AAC1C,SAAK,oBAAoB,IAAI,4CAAkB,cAAc;AAAA,EAC/D;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK,kBAAkB,aAAa,KAAK,KAAK,iBAAiB;AAAA,EACxE;AAAA,EAEA,IAAI,mBAAmB;AACrB,WAAO,KAAK,kBAAkB,iBAAiB,KAAK,KAAK,iBAAiB;AAAA,EAC5E;AAAA,EAEA,IAAI,+BAA+B;AACjC,WAAO,KAAK,kBAAkB,6BAA6B;AAAA,MACzD,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,EACd,GAKmB;AACjB,UAAM,UAAU,EAAE,SAAS,WAAW,QAAQ,UAAU;AACxD,UAAM,KAAK,aAAa,OAAO;AAE/B,UAAM,iBAAiB;AAEvB,eAAO,qCAAiB,cAAc;AAAA,EACxC;AACF;","names":[]}
package/lib/webhooks/webhooks.js CHANGED
@@ -6,6 +6,7 @@ class Webhooks {
6
6
  static {
7
7
  __name(this, "Webhooks");
8
8
  }
9
+ signatureProvider;
9
10
  constructor(cryptoProvider) {
10
11
  this.signatureProvider = new SignatureProvider(cryptoProvider);
11
12
  }
package/lib/webhooks/webhooks.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/webhooks/webhooks.ts"],"sourcesContent":["import { deserializeEvent } from '../common/serializers';\nimport { Event, EventResponse } from '../common/interfaces';\nimport { SignatureProvider } from '../common/crypto/signature-provider';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\n\nexport class Webhooks {\n private signatureProvider: SignatureProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.signatureProvider = new SignatureProvider(cryptoProvider);\n }\n\n get verifyHeader() {\n return this.signatureProvider.verifyHeader.bind(this.signatureProvider);\n }\n\n get computeSignature() {\n return this.signatureProvider.computeSignature.bind(this.signatureProvider);\n }\n\n get getTimestampAndSignatureHash() {\n return this.signatureProvider.getTimestampAndSignatureHash.bind(\n this.signatureProvider,\n );\n }\n\n async constructEvent({\n payload,\n sigHeader,\n secret,\n tolerance = 180000,\n }: {\n payload: unknown;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<Event> {\n const options = { payload, sigHeader, secret, tolerance };\n await this.verifyHeader(options);\n\n const webhookPayload = payload as EventResponse;\n\n return deserializeEvent(webhookPayload);\n }\n}\n"],"mappings":";;AAAA,SAAS,wBAAwB;AAEjC,SAAS,yBAAyB;AAG3B,MAAM,SAAS;AAAA,EALtB,OAKsB;AAAA;AAAA;AAAA,EAGpB,YAAY,gBAAgC;AAC1C,SAAK,oBAAoB,IAAI,kBAAkB,cAAc;AAAA,EAC/D;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK,kBAAkB,aAAa,KAAK,KAAK,iBAAiB;AAAA,EACxE;AAAA,EAEA,IAAI,mBAAmB;AACrB,WAAO,KAAK,kBAAkB,iBAAiB,KAAK,KAAK,iBAAiB;AAAA,EAC5E;AAAA,EAEA,IAAI,+BAA+B;AACjC,WAAO,KAAK,kBAAkB,6BAA6B;AAAA,MACzD,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,EACd,GAKmB;AACjB,UAAM,UAAU,EAAE,SAAS,WAAW,QAAQ,UAAU;AACxD,UAAM,KAAK,aAAa,OAAO;AAE/B,UAAM,iBAAiB;AAEvB,WAAO,iBAAiB,cAAc;AAAA,EACxC;AACF;","names":[]}
1
+ {"version":3,"sources":["../../src/webhooks/webhooks.ts"],"sourcesContent":["import { deserializeEvent } from '../common/serializers';\nimport { Event, EventResponse } from '../common/interfaces';\nimport { SignatureProvider } from '../common/crypto/signature-provider';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\n\nexport class Webhooks {\n private signatureProvider: SignatureProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.signatureProvider = new SignatureProvider(cryptoProvider);\n }\n\n get verifyHeader() {\n return this.signatureProvider.verifyHeader.bind(this.signatureProvider);\n }\n\n get computeSignature() {\n return this.signatureProvider.computeSignature.bind(this.signatureProvider);\n }\n\n get getTimestampAndSignatureHash() {\n return this.signatureProvider.getTimestampAndSignatureHash.bind(\n this.signatureProvider,\n );\n }\n\n async constructEvent({\n payload,\n sigHeader,\n secret,\n tolerance = 180000,\n }: {\n payload: unknown;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<Event> {\n const options = { payload, sigHeader, secret, tolerance };\n await this.verifyHeader(options);\n\n const webhookPayload = payload as EventResponse;\n\n return deserializeEvent(webhookPayload);\n }\n}\n"],"mappings":";;AAAA,SAAS,wBAAwB;AAEjC,SAAS,yBAAyB;AAG3B,MAAM,SAAS;AAAA,EALtB,OAKsB;AAAA;AAAA;AAAA,EACZ;AAAA,EAER,YAAY,gBAAgC;AAC1C,SAAK,oBAAoB,IAAI,kBAAkB,cAAc;AAAA,EAC/D;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK,kBAAkB,aAAa,KAAK,KAAK,iBAAiB;AAAA,EACxE;AAAA,EAEA,IAAI,mBAAmB;AACrB,WAAO,KAAK,kBAAkB,iBAAiB,KAAK,KAAK,iBAAiB;AAAA,EAC5E;AAAA,EAEA,IAAI,+BAA+B;AACjC,WAAO,KAAK,kBAAkB,6BAA6B;AAAA,MACzD,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,EACd,GAKmB;AACjB,UAAM,UAAU,EAAE,SAAS,WAAW,QAAQ,UAAU;AACxD,UAAM,KAAK,aAAa,OAAO;AAE/B,UAAM,iBAAiB;AAEvB,WAAO,iBAAiB,cAAc;AAAA,EACxC;AACF;","names":[]}