@workos-inc/node 8.0.0-beta.3 → 8.0.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (246) hide show
  1. package/lib/cjs/audit-logs/audit-logs.d.cts +3 -2
  2. package/lib/cjs/client/index.cjs +42 -0
  3. package/lib/cjs/client/index.cjs.map +1 -0
  4. package/lib/cjs/client/index.d.cts +3 -0
  5. package/lib/cjs/client/sso.cjs +65 -0
  6. package/lib/cjs/client/sso.cjs.map +1 -0
  7. package/lib/cjs/client/sso.d.cts +2 -0
  8. package/lib/cjs/client/user-management.cjs +110 -0
  9. package/lib/cjs/client/user-management.cjs.map +1 -0
  10. package/lib/cjs/client/user-management.d.cts +1 -0
  11. package/lib/cjs/client/utils.cjs +49 -0
  12. package/lib/cjs/client/utils.cjs.map +1 -0
  13. package/lib/cjs/client/utils.d.cts +7 -0
  14. package/lib/cjs/common/decorators/public-method.cjs +48 -0
  15. package/lib/cjs/common/decorators/public-method.cjs.map +1 -0
  16. package/lib/cjs/common/decorators/public-method.d.cts +12 -0
  17. package/lib/cjs/common/interfaces/event.interface.cjs.map +1 -1
  18. package/lib/cjs/common/interfaces/event.interface.d.cts +19 -3
  19. package/lib/cjs/common/interfaces/index.d.cts +1 -1
  20. package/lib/cjs/common/interfaces/workos-options.interface.cjs.map +1 -1
  21. package/lib/cjs/common/interfaces/workos-options.interface.d.cts +1 -0
  22. package/lib/cjs/common/net/fetch-client.cjs +67 -36
  23. package/lib/cjs/common/net/fetch-client.cjs.map +1 -1
  24. package/lib/cjs/common/net/fetch-client.d.cts +5 -2
  25. package/lib/cjs/common/serializers/event.serializer.cjs +2 -0
  26. package/lib/cjs/common/serializers/event.serializer.cjs.map +1 -1
  27. package/lib/cjs/common/utils/fetch-and-deserialize.d.cts +3 -2
  28. package/lib/cjs/common/utils/pagination.cjs +2 -4
  29. package/lib/cjs/common/utils/pagination.cjs.map +1 -1
  30. package/lib/cjs/common/utils/runtime-info.cjs +73 -0
  31. package/lib/cjs/common/utils/runtime-info.cjs.map +1 -0
  32. package/lib/cjs/common/utils/runtime-info.d.cts +22 -0
  33. package/lib/cjs/directory-sync/directory-sync.d.cts +4 -3
  34. package/lib/cjs/events/events.d.cts +3 -2
  35. package/lib/cjs/fga/fga.d.cts +4 -3
  36. package/lib/cjs/fga/utils/fetch-and-deserialize-list.d.cts +3 -2
  37. package/lib/cjs/index.cjs +2 -0
  38. package/lib/cjs/index.cjs.map +1 -1
  39. package/lib/cjs/index.client.cjs +42 -0
  40. package/lib/cjs/index.client.cjs.map +1 -0
  41. package/lib/cjs/index.client.d.cts +3 -0
  42. package/lib/cjs/index.d.cts +3 -2
  43. package/lib/cjs/index.public.cjs +52 -0
  44. package/lib/cjs/index.public.cjs.map +1 -0
  45. package/lib/cjs/index.public.d.cts +36 -0
  46. package/lib/cjs/index.worker.d.cts +3 -2
  47. package/lib/cjs/mfa/mfa.d.cts +3 -2
  48. package/lib/cjs/organization-domains/organization-domains.d.cts +3 -2
  49. package/lib/cjs/organizations/interfaces/list-organization-feature-flags-options.interface.cjs.map +1 -1
  50. package/lib/cjs/organizations/interfaces/list-organization-feature-flags-options.interface.d.cts +3 -1
  51. package/lib/cjs/organizations/organizations.cjs +15 -5
  52. package/lib/cjs/organizations/organizations.cjs.map +1 -1
  53. package/lib/cjs/organizations/organizations.d.cts +4 -3
  54. package/lib/cjs/passwordless/passwordless.d.cts +3 -2
  55. package/lib/cjs/portal/portal.d.cts +3 -2
  56. package/lib/cjs/public/index.cjs +42 -0
  57. package/lib/cjs/public/index.cjs.map +1 -0
  58. package/lib/cjs/public/index.d.cts +2 -0
  59. package/lib/cjs/public/sso.cjs +65 -0
  60. package/lib/cjs/public/sso.cjs.map +1 -0
  61. package/lib/cjs/public/sso.d.cts +1 -0
  62. package/lib/cjs/public/user-management.cjs +110 -0
  63. package/lib/cjs/public/user-management.cjs.map +1 -0
  64. package/lib/cjs/public/user-management.d.cts +1 -0
  65. package/lib/cjs/public/utils.cjs +49 -0
  66. package/lib/cjs/public/utils.cjs.map +1 -0
  67. package/lib/cjs/public/utils.d.cts +7 -0
  68. package/lib/cjs/sso/interfaces/authorization-url-options.interface.cjs.map +1 -1
  69. package/lib/cjs/sso/interfaces/authorization-url-options.interface.d.cts +19 -4
  70. package/lib/cjs/sso/interfaces/connection-type.enum.cjs +1 -0
  71. package/lib/cjs/sso/interfaces/connection-type.enum.cjs.map +1 -1
  72. package/lib/cjs/sso/interfaces/connection-type.enum.d.cts +1 -0
  73. package/lib/cjs/sso/interfaces/index.d.cts +1 -0
  74. package/lib/cjs/sso/interfaces/profile-and-token.interface.cjs.map +1 -1
  75. package/lib/cjs/sso/interfaces/profile-and-token.interface.d.cts +3 -0
  76. package/lib/cjs/sso/serializers/index.d.cts +1 -0
  77. package/lib/cjs/sso/serializers/profile-and-token.serializer.cjs +3 -1
  78. package/lib/cjs/sso/serializers/profile-and-token.serializer.cjs.map +1 -1
  79. package/lib/cjs/sso/serializers/profile-and-token.serializer.d.cts +1 -0
  80. package/lib/cjs/sso/sso.cjs +15 -37
  81. package/lib/cjs/sso/sso.cjs.map +1 -1
  82. package/lib/cjs/sso/sso.d.cts +2 -1
  83. package/lib/cjs/sso-BkBnkcTC.d.cts +22 -0
  84. package/lib/cjs/sso-Cdnhezcz.d.cts +31 -0
  85. package/lib/cjs/sso-DwRz-nPM.d.cts +31 -0
  86. package/lib/cjs/user-management/interfaces/authenticate-with-session-cookie.interface.cjs.map +1 -1
  87. package/lib/cjs/user-management/interfaces/authenticate-with-session-cookie.interface.d.cts +2 -0
  88. package/lib/cjs/user-management/interfaces/authentication-response.interface.cjs.map +1 -1
  89. package/lib/cjs/user-management/interfaces/authentication-response.interface.d.cts +1 -1
  90. package/lib/cjs/user-management/interfaces/create-organization-membership-options.interface.cjs.map +1 -1
  91. package/lib/cjs/user-management/interfaces/create-organization-membership-options.interface.d.cts +2 -0
  92. package/lib/cjs/user-management/interfaces/identity.interface.cjs.map +1 -1
  93. package/lib/cjs/user-management/interfaces/identity.interface.d.cts +2 -2
  94. package/lib/cjs/user-management/interfaces/list-sessions-options.interface.cjs.map +1 -1
  95. package/lib/cjs/user-management/interfaces/organization-membership.interface.cjs.map +1 -1
  96. package/lib/cjs/user-management/interfaces/organization-membership.interface.d.cts +2 -0
  97. package/lib/cjs/user-management/interfaces/update-organization-membership-options.interface.cjs.map +1 -1
  98. package/lib/cjs/user-management/interfaces/update-organization-membership-options.interface.d.cts +2 -0
  99. package/lib/cjs/user-management/serializers/create-organization-membership-options.serializer.cjs +2 -1
  100. package/lib/cjs/user-management/serializers/create-organization-membership-options.serializer.cjs.map +1 -1
  101. package/lib/cjs/user-management/serializers/organization-membership.serializer.cjs +2 -1
  102. package/lib/cjs/user-management/serializers/organization-membership.serializer.cjs.map +1 -1
  103. package/lib/cjs/user-management/serializers/update-organization-membership-options.serializer.cjs +2 -1
  104. package/lib/cjs/user-management/serializers/update-organization-membership-options.serializer.cjs.map +1 -1
  105. package/lib/cjs/user-management/session.cjs +4 -0
  106. package/lib/cjs/user-management/session.cjs.map +1 -1
  107. package/lib/cjs/user-management/session.d.cts +2 -1
  108. package/lib/cjs/user-management/user-management.cjs +13 -81
  109. package/lib/cjs/user-management/user-management.cjs.map +1 -1
  110. package/lib/cjs/user-management/user-management.d.cts +3 -2
  111. package/lib/cjs/user-management-B-71OTAR.d.cts +401 -0
  112. package/lib/cjs/user-management-B38wNrIN.d.cts +68 -0
  113. package/lib/cjs/user-management-Dh73wyCr.d.cts +68 -0
  114. package/lib/cjs/vault/vault.d.cts +3 -2
  115. package/lib/cjs/widgets/interfaces/get-token.cjs.map +1 -1
  116. package/lib/cjs/widgets/interfaces/get-token.d.cts +5 -5
  117. package/lib/cjs/widgets/widgets.d.cts +3 -2
  118. package/lib/cjs/workos-BEHZtxw8.d.cts +401 -0
  119. package/lib/cjs/workos-Bt8QqzZV.d.cts +395 -0
  120. package/lib/cjs/workos-C6IZ2mAH.d.cts +402 -0
  121. package/lib/cjs/workos-C7eLbzyK.d.cts +398 -0
  122. package/lib/cjs/workos-C9Z7mAdD.d.cts +399 -0
  123. package/lib/cjs/workos-CUh2oD_o.d.cts +396 -0
  124. package/lib/cjs/workos-Cuegztvg.d.cts +397 -0
  125. package/lib/cjs/workos-DiEirbod.d.cts +397 -0
  126. package/lib/cjs/workos-jsQjZHfV.d.cts +395 -0
  127. package/lib/cjs/workos.cjs +2 -1
  128. package/lib/cjs/workos.cjs.map +1 -1
  129. package/lib/cjs/workos.d.cts +3 -2
  130. package/lib/common/interfaces/event.interface.d.ts +18 -2
  131. package/lib/common/interfaces/workos-options.interface.d.ts +1 -0
  132. package/lib/common/net/fetch-client.d.ts +6 -2
  133. package/lib/common/net/fetch-client.js +67 -31
  134. package/lib/common/net/fetch-client.spec.js +71 -0
  135. package/lib/common/serializers/event.serializer.js +2 -0
  136. package/lib/common/utils/pagination.js +1 -1
  137. package/lib/esm/audit-logs/audit-logs.d.ts +3 -2
  138. package/lib/esm/client/index.d.ts +3 -0
  139. package/lib/esm/client/index.js +7 -0
  140. package/lib/esm/client/index.js.map +1 -0
  141. package/lib/esm/client/sso.d.ts +2 -0
  142. package/lib/esm/client/sso.js +42 -0
  143. package/lib/esm/client/sso.js.map +1 -0
  144. package/lib/esm/client/user-management.d.ts +1 -0
  145. package/lib/esm/client/user-management.js +85 -0
  146. package/lib/esm/client/user-management.js.map +1 -0
  147. package/lib/esm/client/utils.d.ts +7 -0
  148. package/lib/esm/client/utils.js +16 -0
  149. package/lib/esm/client/utils.js.map +1 -0
  150. package/lib/esm/common/interfaces/event.interface.d.ts +19 -3
  151. package/lib/esm/common/interfaces/index.d.ts +1 -1
  152. package/lib/esm/common/interfaces/workos-options.interface.d.ts +1 -0
  153. package/lib/esm/common/net/fetch-client.d.ts +5 -2
  154. package/lib/esm/common/net/fetch-client.js +67 -36
  155. package/lib/esm/common/net/fetch-client.js.map +1 -1
  156. package/lib/esm/common/serializers/event.serializer.js +2 -0
  157. package/lib/esm/common/serializers/event.serializer.js.map +1 -1
  158. package/lib/esm/common/utils/fetch-and-deserialize.d.ts +3 -2
  159. package/lib/esm/common/utils/pagination.js +2 -4
  160. package/lib/esm/common/utils/pagination.js.map +1 -1
  161. package/lib/esm/directory-sync/directory-sync.d.ts +4 -3
  162. package/lib/esm/events/events.d.ts +3 -2
  163. package/lib/esm/fga/fga.d.ts +4 -3
  164. package/lib/esm/fga/utils/fetch-and-deserialize-list.d.ts +3 -2
  165. package/lib/esm/index.client.d.ts +3 -0
  166. package/lib/esm/index.client.js +7 -0
  167. package/lib/esm/index.client.js.map +1 -0
  168. package/lib/esm/index.d.ts +3 -2
  169. package/lib/esm/index.js +2 -0
  170. package/lib/esm/index.js.map +1 -1
  171. package/lib/esm/index.worker.d.ts +3 -2
  172. package/lib/esm/mfa/mfa.d.ts +3 -2
  173. package/lib/esm/organization-domains/organization-domains.d.ts +3 -2
  174. package/lib/esm/organizations/interfaces/list-organization-feature-flags-options.interface.d.ts +3 -1
  175. package/lib/esm/organizations/organizations.d.ts +4 -3
  176. package/lib/esm/organizations/organizations.js +15 -5
  177. package/lib/esm/organizations/organizations.js.map +1 -1
  178. package/lib/esm/passwordless/passwordless.d.ts +3 -2
  179. package/lib/esm/portal/portal.d.ts +3 -2
  180. package/lib/esm/sso/interfaces/authorization-url-options.interface.d.ts +19 -4
  181. package/lib/esm/sso/interfaces/connection-type.enum.d.ts +1 -0
  182. package/lib/esm/sso/interfaces/connection-type.enum.js +1 -0
  183. package/lib/esm/sso/interfaces/connection-type.enum.js.map +1 -1
  184. package/lib/esm/sso/interfaces/index.d.ts +1 -0
  185. package/lib/esm/sso/interfaces/profile-and-token.interface.d.ts +3 -0
  186. package/lib/esm/sso/serializers/index.d.ts +1 -0
  187. package/lib/esm/sso/serializers/profile-and-token.serializer.d.ts +1 -0
  188. package/lib/esm/sso/serializers/profile-and-token.serializer.js +3 -1
  189. package/lib/esm/sso/serializers/profile-and-token.serializer.js.map +1 -1
  190. package/lib/esm/sso/sso.d.ts +2 -1
  191. package/lib/esm/sso/sso.js +5 -37
  192. package/lib/esm/sso/sso.js.map +1 -1
  193. package/lib/esm/sso-nFEQz_Js.d.ts +22 -0
  194. package/lib/esm/user-management/interfaces/authenticate-with-session-cookie.interface.d.ts +2 -0
  195. package/lib/esm/user-management/interfaces/authenticate-with-session-cookie.interface.js.map +1 -1
  196. package/lib/esm/user-management/interfaces/authentication-response.interface.d.ts +1 -1
  197. package/lib/esm/user-management/interfaces/create-organization-membership-options.interface.d.ts +2 -0
  198. package/lib/esm/user-management/interfaces/identity.interface.d.ts +2 -2
  199. package/lib/esm/user-management/interfaces/organization-membership.interface.d.ts +2 -0
  200. package/lib/esm/user-management/interfaces/update-organization-membership-options.interface.d.ts +2 -0
  201. package/lib/esm/user-management/serializers/create-organization-membership-options.serializer.js +2 -1
  202. package/lib/esm/user-management/serializers/create-organization-membership-options.serializer.js.map +1 -1
  203. package/lib/esm/user-management/serializers/organization-membership.serializer.js +2 -1
  204. package/lib/esm/user-management/serializers/organization-membership.serializer.js.map +1 -1
  205. package/lib/esm/user-management/serializers/update-organization-membership-options.serializer.js +2 -1
  206. package/lib/esm/user-management/serializers/update-organization-membership-options.serializer.js.map +1 -1
  207. package/lib/esm/user-management/session.d.ts +2 -1
  208. package/lib/esm/user-management/session.js +4 -0
  209. package/lib/esm/user-management/session.js.map +1 -1
  210. package/lib/esm/user-management/user-management.d.ts +3 -2
  211. package/lib/esm/user-management/user-management.js +13 -81
  212. package/lib/esm/user-management/user-management.js.map +1 -1
  213. package/lib/esm/user-management-B38wNrIN.d.ts +68 -0
  214. package/lib/esm/vault/vault.d.ts +3 -2
  215. package/lib/esm/widgets/interfaces/get-token.d.ts +5 -5
  216. package/lib/esm/widgets/interfaces/get-token.js.map +1 -1
  217. package/lib/esm/widgets/widgets.d.ts +3 -2
  218. package/lib/esm/{workos-DGRMJ65Z.d.ts → workos-EX3jNkYH.d.ts} +5 -7
  219. package/lib/esm/workos.d.ts +3 -2
  220. package/lib/esm/workos.js +2 -1
  221. package/lib/esm/workos.js.map +1 -1
  222. package/lib/index.js +1 -1
  223. package/lib/organizations/interfaces/list-organization-feature-flags-options.interface.d.ts +2 -1
  224. package/lib/organizations/organizations.d.ts +1 -2
  225. package/lib/organizations/organizations.js +2 -4
  226. package/lib/organizations/organizations.spec.js +46 -1
  227. package/lib/sso/interfaces/authorization-url-options.interface.d.ts +2 -0
  228. package/lib/sso/interfaces/profile-and-token.interface.d.ts +3 -0
  229. package/lib/sso/serializers/profile-and-token.serializer.js +2 -0
  230. package/lib/sso/sso.d.ts +1 -1
  231. package/lib/sso/sso.js +14 -10
  232. package/lib/sso/sso.spec.js +131 -0
  233. package/lib/user-management/interfaces/authenticate-with-session-cookie.interface.d.ts +2 -0
  234. package/lib/user-management/interfaces/create-organization-membership-options.interface.d.ts +2 -0
  235. package/lib/user-management/interfaces/organization-membership.interface.d.ts +2 -0
  236. package/lib/user-management/interfaces/update-organization-membership-options.interface.d.ts +2 -0
  237. package/lib/user-management/serializers/create-organization-membership-options.serializer.js +1 -0
  238. package/lib/user-management/serializers/organization-membership.serializer.js +1 -11
  239. package/lib/user-management/serializers/update-organization-membership-options.serializer.js +1 -0
  240. package/lib/user-management/session.js +4 -2
  241. package/lib/user-management/session.spec.js +4 -2
  242. package/lib/user-management/user-management.js +2 -1
  243. package/lib/user-management/user-management.spec.js +33 -0
  244. package/lib/widgets/interfaces/get-token.d.ts +5 -5
  245. package/lib/workos.js +2 -2
  246. package/package.json +10 -5
package/lib/esm/user-management/serializers/update-organization-membership-options.serializer.js CHANGED
@@ -1,7 +1,8 @@
1
1
  var __defProp = Object.defineProperty;
2
2
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
3
3
  const serializeUpdateOrganizationMembershipOptions = /* @__PURE__ */ __name((options) => ({
4
- role_slug: options.roleSlug
4
+ role_slug: options.roleSlug,
5
+ role_slugs: options.roleSlugs
5
6
  }), "serializeUpdateOrganizationMembershipOptions");
6
7
  export {
7
8
  serializeUpdateOrganizationMembershipOptions
package/lib/esm/user-management/serializers/update-organization-membership-options.serializer.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/user-management/serializers/update-organization-membership-options.serializer.ts"],"sourcesContent":["import {\n UpdateOrganizationMembershipOptions,\n SerializedUpdateOrganizationMembershipOptions,\n} from '../interfaces/update-organization-membership-options.interface';\n\nexport const serializeUpdateOrganizationMembershipOptions = (\n options: UpdateOrganizationMembershipOptions,\n): SerializedUpdateOrganizationMembershipOptions => ({\n role_slug: options.roleSlug,\n});\n"],"mappings":";;AAKO,MAAM,+CAA+C,wBAC1D,aACmD;AAAA,EACnD,WAAW,QAAQ;AACrB,IAJ4D;","names":[]}
1
+ {"version":3,"sources":["../../../../src/user-management/serializers/update-organization-membership-options.serializer.ts"],"sourcesContent":["import {\n UpdateOrganizationMembershipOptions,\n SerializedUpdateOrganizationMembershipOptions,\n} from '../interfaces/update-organization-membership-options.interface';\n\nexport const serializeUpdateOrganizationMembershipOptions = (\n options: UpdateOrganizationMembershipOptions,\n): SerializedUpdateOrganizationMembershipOptions => ({\n role_slug: options.roleSlug,\n role_slugs: options.roleSlugs,\n});\n"],"mappings":";;AAKO,MAAM,+CAA+C,wBAC1D,aACmD;AAAA,EACnD,WAAW,QAAQ;AAAA,EACnB,YAAY,QAAQ;AACtB,IAL4D;","names":[]}
package/lib/esm/user-management/session.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import './interfaces/authenticate-with-session-cookie.interface.js';
2
2
  import './interfaces/refresh-and-seal-session-data.interface.js';
3
- export { C as CookieSession } from '../workos-DGRMJ65Z.js';
3
+ export { C as CookieSession } from '../workos-EX3jNkYH.js';
4
4
  import './interfaces/authentication-response.interface.js';
5
5
  import './interfaces/impersonator.interface.js';
6
6
  import './interfaces/oauth-tokens.interface.js';
@@ -65,6 +65,7 @@ import '../audit-logs/interfaces/audit-log-export.interface.js';
65
65
  import '../audit-logs/interfaces/create-audit-log-event-options.interface.js';
66
66
  import '../audit-logs/interfaces/create-audit-log-schema-options.interface.js';
67
67
  import 'jose';
68
+ import '../user-management-B38wNrIN.js';
68
69
  import './interfaces/authenticate-with-code-options.interface.js';
69
70
  import './interfaces/authenticate-with-options-base.interface.js';
70
71
  import './interfaces/authenticate-with-code-and-verifier-options.interface.js';
package/lib/esm/user-management/session.js CHANGED
@@ -63,6 +63,7 @@ class CookieSession {
63
63
  sid: sessionId,
64
64
  org_id: organizationId,
65
65
  role,
66
+ roles,
66
67
  permissions,
67
68
  entitlements,
68
69
  feature_flags: featureFlags
@@ -72,6 +73,7 @@ class CookieSession {
72
73
  sessionId,
73
74
  organizationId,
74
75
  role,
76
+ roles,
75
77
  permissions,
76
78
  entitlements,
77
79
  featureFlags,
@@ -121,6 +123,7 @@ class CookieSession {
121
123
  sid: sessionId,
122
124
  org_id: organizationId,
123
125
  role,
126
+ roles,
124
127
  permissions,
125
128
  entitlements,
126
129
  feature_flags: featureFlags
@@ -132,6 +135,7 @@ class CookieSession {
132
135
  sessionId,
133
136
  organizationId,
134
137
  role,
138
+ roles,
135
139
  permissions,
136
140
  entitlements,
137
141
  featureFlags,
package/lib/esm/user-management/session.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/user-management/session.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n\n this.jwks = this.userManagement.jwks;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;AAAA,SAA6B,WAAW,iBAAiB;AACzD,SAAS,sBAAsB;AAC/B;AAAA,EAGE;AAAA,EAGA;AAAA,OAGK;AAEP,SAAS,kBAAkB;AAOpB,MAAM,cAAc;AAAA,EApB3B,OAoB2B;AAAA;AAAA;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,gBACA,aACA,gBACA;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAEA,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AAEnB,SAAK,OAAO,KAAK,eAAe;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAGJ;AACA,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI;AAEJ,QAAI;AACF,gBAAU,MAAM,WAA8B,KAAK,aAAa;AAAA,QAC9D,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,2CAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,UAA0B,CAAC,GAAoC;AAC3E,UAAM,UAAU,MAAM,WAA8B,KAAK,aAAa;AAAA,MACpE,UAAU,KAAK;AAAA,IACjB,CAAC;AAED,QAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,MAAM;AAC1C,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,4BAA4B;AAAA,MACtC;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,QAAQ;AAAA,IACV;AAEA,QAAI;AACF,YAAM,iBAAiB,QAAQ,kBAAkB,KAAK;AAEtD,YAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;AAAA,QACrD,UAAU,KAAK,eAAe;AAAA,QAC9B,cAAc,QAAQ;AAAA,QACtB,gBACE,QAAQ,kBAAkB;AAAA,QAC5B,SAAS;AAAA;AAAA,UAEP,aAAa;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AAGH,UAAI,QAAQ,gBAAgB;AAC1B,aAAK,iBAAiB,QAAQ;AAAA,MAChC;AAEA,WAAK,cAAc,uBAAuB;AAE1C,YAAM;AAAA,QACJ,KAAK;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,MACjB,IAAI,UAAuB,uBAAuB,WAAW;AAI7D,aAAO;AAAA,QACL,eAAe;AAAA,QACf,eAAe,uBAAuB;AAAA,QACtC,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,OAAO;AACd,UACE,iBAAiB;AAAA,OAEhB,MAAM,UAAU,4BAA4B,iBAC3C,MAAM,UAAU,4BAA4B,kBAC5C,MAAM,UAAU,4BAA4B,eAC9C;AACA,eAAO;AAAA,UACL,eAAe;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB;AAAA,MACF;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa;AAAA,IACjB;AAAA,EACF,IAA2B,CAAC,GAAoB;AAC9C,UAAM,yBAAyB,MAAM,KAAK,aAAa;AAEvD,QAAI,CAAC,uBAAuB,eAAe;AACzC,YAAM,EAAE,OAAO,IAAI;AACnB,YAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,IAC1E;AAEA,WAAO,KAAK,eAAe,aAAa;AAAA,MACtC,WAAW,uBAAuB;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../src/user-management/session.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n\n this.jwks = this.userManagement.jwks;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;AAAA,SAA6B,WAAW,iBAAiB;AACzD,SAAS,sBAAsB;AAC/B;AAAA,EAGE;AAAA,EAGA;AAAA,OAGK;AAEP,SAAS,kBAAkB;AAOpB,MAAM,cAAc;AAAA,EApB3B,OAoB2B;AAAA;AAAA;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,gBACA,aACA,gBACA;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAEA,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AAEnB,SAAK,OAAO,KAAK,eAAe;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAGJ;AACA,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI;AAEJ,QAAI;AACF,gBAAU,MAAM,WAA8B,KAAK,aAAa;AAAA,QAC9D,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,2CAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,UAA0B,CAAC,GAAoC;AAC3E,UAAM,UAAU,MAAM,WAA8B,KAAK,aAAa;AAAA,MACpE,UAAU,KAAK;AAAA,IACjB,CAAC;AAED,QAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,MAAM;AAC1C,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,4BAA4B;AAAA,MACtC;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,QAAQ;AAAA,IACV;AAEA,QAAI;AACF,YAAM,iBAAiB,QAAQ,kBAAkB,KAAK;AAEtD,YAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;AAAA,QACrD,UAAU,KAAK,eAAe;AAAA,QAC9B,cAAc,QAAQ;AAAA,QACtB,gBACE,QAAQ,kBAAkB;AAAA,QAC5B,SAAS;AAAA;AAAA,UAEP,aAAa;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AAGH,UAAI,QAAQ,gBAAgB;AAC1B,aAAK,iBAAiB,QAAQ;AAAA,MAChC;AAEA,WAAK,cAAc,uBAAuB;AAE1C,YAAM;AAAA,QACJ,KAAK;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,MACjB,IAAI,UAAuB,uBAAuB,WAAW;AAI7D,aAAO;AAAA,QACL,eAAe;AAAA,QACf,eAAe,uBAAuB;AAAA,QACtC,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,OAAO;AACd,UACE,iBAAiB;AAAA,OAEhB,MAAM,UAAU,4BAA4B,iBAC3C,MAAM,UAAU,4BAA4B,kBAC5C,MAAM,UAAU,4BAA4B,eAC9C;AACA,eAAO;AAAA,UACL,eAAe;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB;AAAA,MACF;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa;AAAA,IACjB;AAAA,EACF,IAA2B,CAAC,GAAoB;AAC9C,UAAM,yBAAyB,MAAM,KAAK,aAAa;AAEvD,QAAI,CAAC,uBAAuB,eAAe;AACzC,YAAM,EAAE,OAAO,IAAI;AACnB,YAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,IAC1E;AAEA,WAAO,KAAK,eAAe,aAAa;AAAA,MACtC,WAAW,uBAAuB;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
package/lib/esm/user-management/user-management.d.ts CHANGED
@@ -1,8 +1,9 @@
1
1
  import 'jose';
2
+ import '../user-management-B38wNrIN.js';
2
3
  import '../common/interfaces/pagination-options.interface.js';
3
4
  import '../common/utils/pagination.js';
4
5
  import '../mfa/interfaces/challenge.interface.js';
5
- export { U as UserManagement } from '../workos-DGRMJ65Z.js';
6
+ export { U as UserManagement } from '../workos-EX3jNkYH.js';
6
7
  import './interfaces/authenticate-with-code-options.interface.js';
7
8
  import './interfaces/authenticate-with-code-and-verifier-options.interface.js';
8
9
  import './interfaces/authenticate-with-email-verification-options.interface.js';
@@ -78,6 +79,7 @@ import '../sso/interfaces/get-profile-options.interface.js';
78
79
  import '../sso/interfaces/get-profile-and-token-options.interface.js';
79
80
  import '../sso/interfaces/list-connections-options.interface.js';
80
81
  import '../sso/interfaces/profile-and-token.interface.js';
82
+ import './interfaces/oauth-tokens.interface.js';
81
83
  import '../sso/interfaces/profile.interface.js';
82
84
  import '../webhooks/webhooks.js';
83
85
  import '../common/crypto/crypto-provider.js';
@@ -93,7 +95,6 @@ import '../audit-logs/interfaces/audit-log-export.interface.js';
93
95
  import '../audit-logs/interfaces/create-audit-log-event-options.interface.js';
94
96
  import '../audit-logs/interfaces/create-audit-log-schema-options.interface.js';
95
97
  import './interfaces/refresh-and-seal-session-data.interface.js';
96
- import './interfaces/oauth-tokens.interface.js';
97
98
  import '../fga/interfaces/check.interface.js';
98
99
  import '../fga/interfaces/resource.interface.js';
99
100
  import '../fga/interfaces/resource-op.enum.js';
package/lib/esm/user-management/user-management.js CHANGED
@@ -2,7 +2,7 @@ var __defProp = Object.defineProperty;
2
2
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
3
3
  import { sealData, unsealData } from "iron-session";
4
4
  import { createRemoteJWKSet, decodeJwt, jwtVerify } from "jose";
5
- import qs from "qs";
5
+ import * as clientUserManagement from "../client/user-management.js";
6
6
  import { fetchAndDeserialize } from "../common/utils/fetch-and-deserialize.js";
7
7
  import { AutoPaginatable } from "../common/utils/pagination.js";
8
8
  import { getEnv } from "../common/utils/env.js";
@@ -48,15 +48,6 @@ import { deserializeOrganizationMembership } from "./serializers/organization-me
48
48
  import { serializeSendInvitationOptions } from "./serializers/send-invitation-options.serializer.js";
49
49
  import { serializeUpdateOrganizationMembershipOptions } from "./serializers/update-organization-membership-options.serializer.js";
50
50
  import { CookieSession } from "./session.js";
51
- const toQueryString = /* @__PURE__ */ __name((options) => {
52
- return qs.stringify(options, {
53
- arrayFormat: "repeat",
54
- // sorts the keys alphabetically to maintain backwards compatibility
55
- sort: /* @__PURE__ */ __name((a, b) => a.localeCompare(b), "sort"),
56
- // encodes space as + instead of %20 to maintain backwards compatibility
57
- format: "RFC1738"
58
- });
59
- }, "toQueryString");
60
51
  class UserManagement {
61
52
  constructor(workos) {
62
53
  this.workos = workos;
@@ -265,6 +256,7 @@ class UserManagement {
265
256
  sid: sessionId,
266
257
  org_id: organizationId,
267
258
  role,
259
+ roles,
268
260
  permissions,
269
261
  entitlements,
270
262
  feature_flags: featureFlags
@@ -274,6 +266,7 @@ class UserManagement {
274
266
  sessionId,
275
267
  organizationId,
276
268
  role,
269
+ roles,
277
270
  user: session.user,
278
271
  permissions,
279
272
  entitlements,
@@ -586,81 +579,20 @@ class UserManagement {
586
579
  serializeRevokeSessionOptions(payload)
587
580
  );
588
581
  }
589
- getAuthorizationUrl({
590
- connectionId,
591
- codeChallenge,
592
- codeChallengeMethod,
593
- context,
594
- clientId,
595
- domainHint,
596
- loginHint,
597
- organizationId,
598
- provider,
599
- providerQueryParams,
600
- providerScopes,
601
- prompt,
602
- redirectUri,
603
- state,
604
- screenHint
605
- }) {
606
- if (!provider && !connectionId && !organizationId) {
607
- throw new TypeError(
608
- `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`
609
- );
610
- }
611
- if (provider !== "authkit" && screenHint) {
612
- throw new TypeError(
613
- `'screenHint' is only supported for 'authkit' provider`
614
- );
615
- }
616
- if (context) {
617
- this.workos.emitWarning(
618
- `\`context\` is deprecated. We previously required initiate login endpoints to return the
619
- \`context\` query parameter when getting the authorization URL. This is no longer necessary.`
620
- );
621
- }
622
- const query = toQueryString({
623
- connection_id: connectionId,
624
- code_challenge: codeChallenge,
625
- code_challenge_method: codeChallengeMethod,
626
- context,
627
- organization_id: organizationId,
628
- domain_hint: domainHint,
629
- login_hint: loginHint,
630
- provider,
631
- provider_query_params: providerQueryParams,
632
- provider_scopes: providerScopes,
633
- prompt,
634
- client_id: clientId,
635
- redirect_uri: redirectUri,
636
- response_type: "code",
637
- state,
638
- screen_hint: screenHint
582
+ getAuthorizationUrl(options) {
583
+ return clientUserManagement.getAuthorizationUrl({
584
+ ...options,
585
+ baseURL: this.workos.baseURL
639
586
  });
640
- return `${this.workos.baseURL}/user_management/authorize?${query}`;
641
587
  }
642
- getLogoutUrl({
643
- sessionId,
644
- returnTo
645
- }) {
646
- if (!sessionId) {
647
- throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);
648
- }
649
- const url = new URL(
650
- "/user_management/sessions/logout",
651
- this.workos.baseURL
652
- );
653
- url.searchParams.set("session_id", sessionId);
654
- if (returnTo) {
655
- url.searchParams.set("return_to", returnTo);
656
- }
657
- return url.toString();
588
+ getLogoutUrl(options) {
589
+ return clientUserManagement.getLogoutUrl({
590
+ ...options,
591
+ baseURL: this.workos.baseURL
592
+ });
658
593
  }
659
594
  getJwksUrl(clientId) {
660
- if (!clientId) {
661
- throw TypeError("clientId must be a valid clientId");
662
- }
663
- return `${this.workos.baseURL}/sso/jwks/${clientId}`;
595
+ return clientUserManagement.getJwksUrl(clientId, this.workos.baseURL);
664
596
  }
665
597
  }
666
598
  export {
package/lib/esm/user-management/user-management.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/user-management/user-management.ts"],"sourcesContent":["import { sealData, unsealData } from 'iron-session';\nimport { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport qs from 'qs';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeAndVerifierOptions,\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListSessionsOptions,\n ListUsersOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListSessionsOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n Session,\n SessionResponse,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeSession,\n deserializeUser,\n serializeAuthenticateWithCodeAndVerifierOptions,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeListSessionsOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { CookieSession } from './session';\n\nconst toQueryString = (\n options: Record<\n string,\n string | string[] | Record<string, string | boolean | number> | undefined\n >,\n): string => {\n return qs.stringify(options, {\n arrayFormat: 'repeat',\n // sorts the keys alphabetically to maintain backwards compatibility\n sort: (a, b) => a.localeCompare(b),\n // encodes space as + instead of %20 to maintain backwards compatibility\n format: 'RFC1738',\n });\n};\n\nexport class UserManagement {\n private _jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n get jwks(): ReturnType<typeof createRemoteJWKSet> | undefined {\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): CookieSession {\n return new CookieSession(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCodeAndVerifier(\n payload: AuthenticateWithCodeAndVerifierOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeAndVerifierOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeAndVerifierOptions(remainingPayload),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n user: session.user,\n permissions,\n entitlements,\n featureFlags,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async listSessions(\n userId: string,\n options?: ListSessionsOptions,\n ): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n options ? serializeListSessionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n params,\n ),\n options ? serializeListSessionsOptions(options) : undefined,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl({\n connectionId,\n codeChallenge,\n codeChallengeMethod,\n context,\n clientId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerQueryParams,\n providerScopes,\n prompt,\n redirectUri,\n state,\n screenHint,\n }: UserManagementAuthorizationURLOptions): string {\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n if (context) {\n this.workos.emitWarning(\n `\\`context\\` is deprecated. We previously required initiate login endpoints to return the\n\\`context\\` query parameter when getting the authorization URL. This is no longer necessary.`,\n );\n }\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n context,\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n prompt,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n return `${this.workos.baseURL}/user_management/authorize?${query}`;\n }\n\n getLogoutUrl({\n sessionId,\n returnTo,\n }: {\n sessionId: string;\n returnTo?: string;\n }): string {\n if (!sessionId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);\n }\n\n const url = new URL(\n '/user_management/sessions/logout',\n this.workos.baseURL,\n );\n\n url.searchParams.set('session_id', sessionId);\n if (returnTo) {\n url.searchParams.set('return_to', returnTo);\n }\n\n return url.toString();\n }\n\n getJwksUrl(clientId: string): string {\n if (!clientId) {\n throw TypeError('clientId must be a valid clientId');\n }\n\n return `${this.workos.baseURL}/sso/jwks/${clientId}`;\n }\n}\n"],"mappings":";;AAAA,SAAS,UAAU,kBAAkB;AACrC,SAAS,oBAAoB,WAAW,iBAAiB;AACzD,OAAO,QAAQ;AAEf,SAAS,2BAA2B;AACpC,SAAS,uBAAuB;AAChC,SAAS,cAAc;AAEvB,SAAS,4BAA4B;AAuDrC;AAAA,EAGE;AAAA,OAIK;AA6BP;AAAA,EAGE;AAAA,OACK;AAUP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,yDAAyD;AAClE,SAAS,6DAA6D;AACtE,SAAS,oDAAoD;AAC7D,SAAS,yBAAyB;AAClC,SAAS,6BAA6B;AACtC,SAAS,6BAA6B;AACtC,SAAS,uCAAuC;AAChD,SAAS,mDAAmD;AAC5D,SAAS,iCAAiC;AAC1C,SAAS,yCAAyC;AAClD,SAAS,sCAAsC;AAC/C,SAAS,oDAAoD;AAC7D,SAAS,qBAAqB;AAE9B,MAAM,gBAAgB,wBACpB,YAIW;AACX,SAAO,GAAG,UAAU,SAAS;AAAA,IAC3B,aAAa;AAAA;AAAA,IAEb,MAAM,wBAAC,GAAG,MAAM,EAAE,cAAc,CAAC,GAA3B;AAAA;AAAA,IAEN,QAAQ;AAAA,EACV,CAAC;AACH,GAbsB;AAef,MAAM,eAAe;AAAA,EAI1B,YAA6B,QAAgB;AAAhB;AAC3B,UAAM,EAAE,SAAS,IAAI,OAAO;AAE5B,SAAK,WAAW;AAAA,EAClB;AAAA,EA5KF,OAoK4B;AAAA;AAAA;AAAA,EAClB;AAAA,EACD;AAAA,EAQP,IAAI,OAA0D;AAC5D,QAAI,CAAC,KAAK,UAAU;AAClB;AAAA,IACF;AAGA,SAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,QAAQ,CAAC,GAAG;AAAA,MACzE,kBAAkB,MAAO,KAAK;AAAA,IAChC,CAAC;AAED,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,kBAAkB,SAGA;AAChB,WAAO,IAAI,cAAc,MAAM,QAAQ,aAAa,QAAQ,cAAc;AAAA,EAC5E;AAAA,EAEA,MAAM,QAAQ,QAA+B;AAC3C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,oBAAoB,YAAmC;AAC3D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,sCAAsC,UAAU;AAAA,IAClD;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,UACJ,SAC4D;AAC5D,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,UAAU,0BAA0B,OAAO,IAAI;AAAA,MACjD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,0BAA0B,OAAO,IAAI;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,2BAA2B,OAAO,CAAC;AAE/D,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,0BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,0CAA0C;AAAA,QACxC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,yBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,yCAAyC;AAAA,QACvC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,qCAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,gCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,gDAAgD,gBAAgB;AAAA,IAClE;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,6CAA6C;AAAA,QAC3C,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,qCAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,kCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,kDAAkD;AAAA,QAChD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,sCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,sDAAsD;AAAA,QACpD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,iBAAiB,OAAO,wBAAwB;AAAA,EAClD,GAGE;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,UAAU,MAAM,WAA8B,aAAa;AAAA,MAC/D,UAAU;AAAA,IACZ,CAAC;AAED,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,2CAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd;AAAA,MACA;AAAA,MACA;AAAA,MACA,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAc,8BAA8B;AAAA,IAC1C;AAAA,IACA;AAAA,EACF,GAGoC;AAClC,QAAI,SAAS,aAAa;AACxB,aAAO;AAAA,QACL,GAAG;AAAA,QACH,eAAe,MAAM,KAAK,0CAA0C;AAAA,UAClE;AAAA,UACA,gBAAgB,QAAQ;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,0CAA0C;AAAA,IACtD;AAAA,IACA;AAAA,EACF,GAGoB;AAClB,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,uBAAuB;AAAA,IACzB;AAEA,UAAM,cAAiC;AAAA,MACrC,gBAAgB;AAAA,MAChB,MAAM,uBAAuB;AAAA,MAC7B,aAAa,uBAAuB;AAAA,MACpC,cAAc,uBAAuB;AAAA,MACrC,cAAc,uBAAuB;AAAA,IACvC;AAEA,WAAO,SAAS,aAAa;AAAA,MAC3B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AAAA,IACzB;AAAA,IACA,iBAAiB,OAAO,wBAAwB;AAAA,EAClD,GAAkE;AAChE,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,aAAa;AACf,aAAO,WAA8B,aAAa;AAAA,QAChD,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBACJ,qBAC4B;AAC5B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,uCAAuC,mBAAmB;AAAA,IAC5D;AAEA,WAAO,6BAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,sBAAsB;AAAA,IAC1B;AAAA,EACF,GAA0D;AACxD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,MAChC,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,aAAyC;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,+BAA+B,WAAW;AAAA,IAC5C;AAEA,WAAO,qBAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,gBAAgB,SAAqD;AACzE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,gCAAgC;AAAA,QAC9B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,qBAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY;AAAA,IAChB;AAAA,IACA;AAAA,EACF,GAAgD;AAC9C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,MAAM,+BAA+B;AAAA,MAC/D;AAAA,IACF,CAAC;AAED,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,iBAAiB,iBAAiD;AACtE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,mCAAmC,eAAe;AAAA,IACpD;AAEA,WAAO,yBAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,oBACJ,SACwB;AACxB,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,oCAAoC;AAAA,QAClC,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,yBAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,SAAwD;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,8BAA8B,OAAO;AAAA,IACvC;AAEA,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,QAAQ,MAAM;AAAA,MACxC,2BAA2B,OAAO;AAAA,IACpC;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,iBAAiB,SAGpB;AACD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,0BAA0B,QAAQ,MAAM;AAAA,MACxC,iCAAiC,OAAO;AAAA,IAC1C;AAEA,WAAO;AAAA,MACL,sBAAsB;AAAA,QACpB,KAAK;AAAA,MACP;AAAA,MACA,yBAAyB;AAAA,QACvB,KAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,gBACJ,SACqD;AACrD,UAAM,EAAE,QAAQ,GAAG,cAAc,IAAI;AACrC,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,aACJ,QACA,SACkE;AAClE,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA,UAAU,6BAA6B,OAAO,IAAI;AAAA,MACpD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,6BAA6B,OAAO,IAAI;AAAA,IACpD;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,QAAgB;AAC/B,UAAM,KAAK,OAAO,OAAO,0BAA0B,MAAM,EAAE;AAAA,EAC7D;AAAA,EAEA,MAAM,kBAAkB,QAAqC;AAC3D,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,UAAU,iDAAiD;AAAA,IACvE;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,0BACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,IACvE;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,4BACJ,SAMA;AACA,UAAM,oBACJ,4CAA4C,OAAO;AAErD,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QAIJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,WACC;AAAA,QAIE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,6CAA6C,OAAO;AAAA,IACtD;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACA,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,6CAA6C,wBAAwB;AAAA,MACrE,6CAA6C,OAAO;AAAA,IACtD;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACe;AACf,UAAM,KAAK,OAAO;AAAA,MAChB,6CAA6C,wBAAwB;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,cAAc,cAA2C;AAC7D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,IAC9C;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,sBAAsB,iBAA8C;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,yCAAyC,eAAe;AAAA,IAC1D;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,gBACJ,SACwE;AACxE,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,UAAU,gCAAgC,OAAO,IAAI;AAAA,MACvD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,gCAAgC,OAAO,IAAI;AAAA,IACvD;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,SAAqD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,+BAA+B;AAAA,QAC7B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,cAAc,SAA8C;AAChE,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,MACA,8BAA8B,OAAO;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,oBAAoB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAkD;AAChD,QAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,gBAAgB;AACjD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,aAAa,aAAa,YAAY;AACxC,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS;AACX,WAAK,OAAO;AAAA,QACV;AAAA;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,QAAQ,cAAc;AAAA,MAC1B,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,uBAAuB;AAAA,MACvB;AAAA,MACA,iBAAiB;AAAA,MACjB,aAAa;AAAA,MACb,YAAY;AAAA,MACZ;AAAA,MACA,uBAAuB;AAAA,MACvB,iBAAiB;AAAA,MACjB;AAAA,MACA,WAAW;AAAA,MACX,cAAc;AAAA,MACd,eAAe;AAAA,MACf;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,WAAO,GAAG,KAAK,OAAO,OAAO,8BAA8B,KAAK;AAAA,EAClE;AAAA,EAEA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,EACF,GAGW;AACT,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,UAAU,oDAAoD;AAAA,IAC1E;AAEA,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,MACA,KAAK,OAAO;AAAA,IACd;AAEA,QAAI,aAAa,IAAI,cAAc,SAAS;AAC5C,QAAI,UAAU;AACZ,UAAI,aAAa,IAAI,aAAa,QAAQ;AAAA,IAC5C;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,WAAW,UAA0B;AACnC,QAAI,CAAC,UAAU;AACb,YAAM,UAAU,mCAAmC;AAAA,IACrD;AAEA,WAAO,GAAG,KAAK,OAAO,OAAO,aAAa,QAAQ;AAAA,EACpD;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../src/user-management/user-management.ts"],"sourcesContent":["import { sealData, unsealData } from 'iron-session';\nimport { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport * as clientUserManagement from '../client/user-management';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeAndVerifierOptions,\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListSessionsOptions,\n ListUsersOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListSessionsOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n Session,\n SessionResponse,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeSession,\n deserializeUser,\n serializeAuthenticateWithCodeAndVerifierOptions,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeListSessionsOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { CookieSession } from './session';\n\nexport class UserManagement {\n private _jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n get jwks(): ReturnType<typeof createRemoteJWKSet> | undefined {\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): CookieSession {\n return new CookieSession(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCodeAndVerifier(\n payload: AuthenticateWithCodeAndVerifierOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeAndVerifierOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeAndVerifierOptions(remainingPayload),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n user: session.user,\n permissions,\n entitlements,\n featureFlags,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async listSessions(\n userId: string,\n options?: ListSessionsOptions,\n ): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n options ? serializeListSessionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n params,\n ),\n options ? serializeListSessionsOptions(options) : undefined,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl(options: UserManagementAuthorizationURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getAuthorizationUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getLogoutUrl(options: clientUserManagement.LogoutURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getLogoutUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getJwksUrl(clientId: string): string {\n // Delegate to client implementation\n return clientUserManagement.getJwksUrl(clientId, this.workos.baseURL);\n }\n}\n"],"mappings":";;AAAA,SAAS,UAAU,kBAAkB;AACrC,SAAS,oBAAoB,WAAW,iBAAiB;AACzD,YAAY,0BAA0B;AAEtC,SAAS,2BAA2B;AACpC,SAAS,uBAAuB;AAChC,SAAS,cAAc;AAEvB,SAAS,4BAA4B;AAuDrC;AAAA,EAGE;AAAA,OAIK;AA6BP;AAAA,EAGE;AAAA,OACK;AAUP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,yDAAyD;AAClE,SAAS,6DAA6D;AACtE,SAAS,oDAAoD;AAC7D,SAAS,yBAAyB;AAClC,SAAS,6BAA6B;AACtC,SAAS,6BAA6B;AACtC,SAAS,uCAAuC;AAChD,SAAS,mDAAmD;AAC5D,SAAS,iCAAiC;AAC1C,SAAS,yCAAyC;AAClD,SAAS,sCAAsC;AAC/C,SAAS,oDAAoD;AAC7D,SAAS,qBAAqB;AAEvB,MAAM,eAAe;AAAA,EAI1B,YAA6B,QAAgB;AAAhB;AAC3B,UAAM,EAAE,SAAS,IAAI,OAAO;AAE5B,SAAK,WAAW;AAAA,EAClB;AAAA,EA7JF,OAqJ4B;AAAA;AAAA;AAAA,EAClB;AAAA,EACD;AAAA,EAQP,IAAI,OAA0D;AAC5D,QAAI,CAAC,KAAK,UAAU;AAClB;AAAA,IACF;AAGA,SAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,QAAQ,CAAC,GAAG;AAAA,MACzE,kBAAkB,MAAO,KAAK;AAAA,IAChC,CAAC;AAED,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,kBAAkB,SAGA;AAChB,WAAO,IAAI,cAAc,MAAM,QAAQ,aAAa,QAAQ,cAAc;AAAA,EAC5E;AAAA,EAEA,MAAM,QAAQ,QAA+B;AAC3C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,oBAAoB,YAAmC;AAC3D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,sCAAsC,UAAU;AAAA,IAClD;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,UACJ,SAC4D;AAC5D,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,UAAU,0BAA0B,OAAO,IAAI;AAAA,MACjD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,0BAA0B,OAAO,IAAI;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,2BAA2B,OAAO,CAAC;AAE/D,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,0BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,0CAA0C;AAAA,QACxC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,yBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,yCAAyC;AAAA,QACvC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,qCAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,gCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,gDAAgD,gBAAgB;AAAA,IAClE;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,6CAA6C;AAAA,QAC3C,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,qCAAqC;AAAA,QACnC,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,kCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,kDAAkD;AAAA,QAChD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,sCACJ,SACiC;AACjC,UAAM,EAAE,SAAS,GAAG,iBAAiB,IAAI;AAEzC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,sDAAsD;AAAA,QACpD,GAAG;AAAA,QACH,cAAc,KAAK,OAAO;AAAA,MAC5B,CAAC;AAAA,IACH;AAEA,WAAO,KAAK,8BAA8B;AAAA,MACxC,wBAAwB,kCAAkC,IAAI;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,8BAA8B;AAAA,IAClC;AAAA,IACA,iBAAiB,OAAO,wBAAwB;AAAA,EAClD,GAGE;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,UAAM,UAAU,MAAM,WAA8B,aAAa;AAAA,MAC/D,UAAU;AAAA,IACZ,CAAC;AAED,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,2CAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd;AAAA,MACA;AAAA,MACA;AAAA,MACA,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAc,8BAA8B;AAAA,IAC1C;AAAA,IACA;AAAA,EACF,GAGoC;AAClC,QAAI,SAAS,aAAa;AACxB,aAAO;AAAA,QACL,GAAG;AAAA,QACH,eAAe,MAAM,KAAK,0CAA0C;AAAA,UAClE;AAAA,UACA,gBAAgB,QAAQ;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,0CAA0C;AAAA,IACtD;AAAA,IACA;AAAA,EACF,GAGoB;AAClB,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,uBAAuB;AAAA,IACzB;AAEA,UAAM,cAAiC;AAAA,MACrC,gBAAgB;AAAA,MAChB,MAAM,uBAAuB;AAAA,MAC7B,aAAa,uBAAuB;AAAA,MACpC,cAAc,uBAAuB;AAAA,MACrC,cAAc,uBAAuB;AAAA,IACvC;AAEA,WAAO,SAAS,aAAa;AAAA,MAC3B,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AAAA,IACzB;AAAA,IACA,iBAAiB,OAAO,wBAAwB;AAAA,EAClD,GAAkE;AAChE,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI,aAAa;AACf,aAAO,WAA8B,aAAa;AAAA,QAChD,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBACJ,qBAC4B;AAC5B,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,uCAAuC,mBAAmB;AAAA,IAC5D;AAEA,WAAO,6BAA6B,IAAI;AAAA,EAC1C;AAAA,EAEA,MAAM,sBAAsB;AAAA,IAC1B;AAAA,EACF,GAA0D;AACxD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,MAChC,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,aAAyC;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,+BAA+B,WAAW;AAAA,IAC5C;AAEA,WAAO,qBAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,gBAAgB,SAAqD;AACzE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,gCAAgC;AAAA,QAC9B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,qBAAqB,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAY;AAAA,IAChB;AAAA,IACA;AAAA,EACF,GAAgD;AAC9C,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAGjC,0BAA0B,MAAM,+BAA+B;AAAA,MAC/D;AAAA,IACF,CAAC;AAED,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,iBAAiB,iBAAiD;AACtE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,mCAAmC,eAAe;AAAA,IACpD;AAEA,WAAO,yBAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,oBACJ,SACwB;AACxB,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,oCAAoC;AAAA,QAClC,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,yBAAyB,IAAI;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,SAAwD;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,8BAA8B,OAAO;AAAA,IACvC;AAEA,WAAO,EAAE,MAAM,gBAAgB,KAAK,IAAI,EAAE;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,SAA2C;AAC1D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,QAAQ,MAAM;AAAA,MACxC,2BAA2B,OAAO;AAAA,IACpC;AAEA,WAAO,gBAAgB,IAAI;AAAA,EAC7B;AAAA,EAEA,MAAM,iBAAiB,SAGpB;AACD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,0BAA0B,QAAQ,MAAM;AAAA,MACxC,iCAAiC,OAAO;AAAA,IAC1C;AAEA,WAAO;AAAA,MACL,sBAAsB;AAAA,QACpB,KAAK;AAAA,MACP;AAAA,MACA,yBAAyB;AAAA,QACvB,KAAK;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,gBACJ,SACqD;AACrD,UAAM,EAAE,QAAQ,GAAG,cAAc,IAAI;AACrC,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,aACJ,QACA,SACkE;AAClE,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA,UAAU,6BAA6B,OAAO,IAAI;AAAA,MACpD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL,0BAA0B,MAAM;AAAA,QAChC;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,6BAA6B,OAAO,IAAI;AAAA,IACpD;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,QAAgB;AAC/B,UAAM,KAAK,OAAO,OAAO,0BAA0B,MAAM,EAAE;AAAA,EAC7D;AAAA,EAEA,MAAM,kBAAkB,QAAqC;AAC3D,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,UAAU,iDAAiD;AAAA,IACvE;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,0BAA0B,MAAM;AAAA,IAClC;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,0BACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,IACvE;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,4BACJ,SAMA;AACA,UAAM,oBACJ,4CAA4C,OAAO;AAErD,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QAIJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACA,CAAC,WACC;AAAA,QAIE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,6BACJ,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,6CAA6C,OAAO;AAAA,IACtD;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACA,SACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC,6CAA6C,wBAAwB;AAAA,MACrE,6CAA6C,OAAO;AAAA,IACtD;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,6BACJ,0BACe;AACf,UAAM,KAAK,OAAO;AAAA,MAChB,6CAA6C,wBAAwB;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,iCACJ,0BACiC;AACjC,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,6CAA6C,wBAAwB;AAAA,MACrE,CAAC;AAAA,IACH;AAEA,WAAO,kCAAkC,IAAI;AAAA,EAC/C;AAAA,EAEA,MAAM,cAAc,cAA2C;AAC7D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,IAC9C;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,sBAAsB,iBAA8C;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,yCAAyC,eAAe;AAAA,IAC1D;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,gBACJ,SACwE;AACxE,WAAO,IAAI;AAAA,MACT,MAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,UAAU,gCAAgC,OAAO,IAAI;AAAA,MACvD;AAAA,MACA,CAAC,WACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,UAAU,gCAAgC,OAAO,IAAI;AAAA,IACvD;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,SAAqD;AACxE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MAIjC;AAAA,MACA,+BAA+B;AAAA,QAC7B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,iBAAiB,cAA2C;AAChE,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gCAAgC,YAAY;AAAA,MAC5C;AAAA,IACF;AAEA,WAAO,sBAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,cAAc,SAA8C;AAChE,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,MACA,8BAA8B,OAAO;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,oBAAoB,SAAwD;AAE1E,WAAO,qBAAqB,oBAAoB;AAAA,MAC9C,GAAG;AAAA,MACH,SAAS,KAAK,OAAO;AAAA,IACvB,CAAC;AAAA,EACH;AAAA,EAEA,aAAa,SAAwD;AAEnE,WAAO,qBAAqB,aAAa;AAAA,MACvC,GAAG;AAAA,MACH,SAAS,KAAK,OAAO;AAAA,IACvB,CAAC;AAAA,EACH;AAAA,EAEA,WAAW,UAA0B;AAEnC,WAAO,qBAAqB,WAAW,UAAU,KAAK,OAAO,OAAO;AAAA,EACtE;AACF;","names":[]}
package/lib/esm/user-management-B38wNrIN.d.ts ADDED
@@ -0,0 +1,68 @@
1
+ interface AuthorizationURLOptions {
2
+ clientId: string;
3
+ codeChallenge?: string;
4
+ codeChallengeMethod?: 'S256';
5
+ connectionId?: string;
6
+ /**
7
+ * @deprecated We previously required initiate login endpoints to return the `context`
8
+ * query parameter when getting the authorization URL. This is no longer necessary.
9
+ */
10
+ context?: string;
11
+ organizationId?: string;
12
+ domainHint?: string;
13
+ loginHint?: string;
14
+ provider?: string;
15
+ providerQueryParams?: Record<string, string | boolean | number>;
16
+ providerScopes?: string[];
17
+ prompt?: string;
18
+ redirectUri: string;
19
+ state?: string;
20
+ screenHint?: 'sign-up' | 'sign-in';
21
+ }
22
+ interface LogoutURLOptions {
23
+ sessionId: string;
24
+ returnTo?: string;
25
+ }
26
+ /**
27
+ * Generates the authorization URL for OAuth client authentication.
28
+ * Suitable for PKCE flows and other OAuth client operations that don't require an API key.
29
+ *
30
+ * @param options - Authorization URL options
31
+ * @returns The authorization URL as a string
32
+ * @throws TypeError if required arguments are missing
33
+ */
34
+ declare function getAuthorizationUrl(options: AuthorizationURLOptions & {
35
+ baseURL?: string;
36
+ }): string;
37
+ /**
38
+ * Generates the logout URL for ending a user session.
39
+ * This method is safe to use in browser environments as it doesn't require an API key.
40
+ *
41
+ * @param options - Logout URL options
42
+ * @returns The logout URL as a string
43
+ * @throws TypeError if sessionId is not provided
44
+ */
45
+ declare function getLogoutUrl(options: LogoutURLOptions & {
46
+ baseURL?: string;
47
+ }): string;
48
+ /**
49
+ * Gets the JWKS (JSON Web Key Set) URL for a given client ID.
50
+ * Does not require an API key, returns the public JWKS endpoint.
51
+ *
52
+ * @param clientId - The WorkOS client ID
53
+ * @param baseURL - Optional base URL for the API (defaults to https://api.workos.com)
54
+ * @returns The JWKS URL as a string
55
+ * @throws TypeError if clientId is not provided
56
+ */
57
+ declare function getJwksUrl(clientId: string, baseURL?: string): string;
58
+
59
+ type userManagement_AuthorizationURLOptions = AuthorizationURLOptions;
60
+ type userManagement_LogoutURLOptions = LogoutURLOptions;
61
+ declare const userManagement_getAuthorizationUrl: typeof getAuthorizationUrl;
62
+ declare const userManagement_getJwksUrl: typeof getJwksUrl;
63
+ declare const userManagement_getLogoutUrl: typeof getLogoutUrl;
64
+ declare namespace userManagement {
65
+ export { type userManagement_AuthorizationURLOptions as AuthorizationURLOptions, type userManagement_LogoutURLOptions as LogoutURLOptions, userManagement_getAuthorizationUrl as getAuthorizationUrl, userManagement_getJwksUrl as getJwksUrl, userManagement_getLogoutUrl as getLogoutUrl };
66
+ }
67
+
68
+ export { type AuthorizationURLOptions as A, type LogoutURLOptions as L, getLogoutUrl as a, getJwksUrl as b, getAuthorizationUrl as g, userManagement as u };
package/lib/esm/vault/vault.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import '../common/interfaces/pagination-options.interface.js';
2
2
  import '../common/interfaces/list.interface.js';
3
- export { V as Vault } from '../workos-DGRMJ65Z.js';
3
+ export { V as Vault } from '../workos-EX3jNkYH.js';
4
4
  import './interfaces/key/create-data-key.interface.js';
5
5
  import './interfaces/key/decrypt-data-key.interface.js';
6
6
  import './interfaces/key.interface.js';
@@ -53,6 +53,7 @@ import '../sso/interfaces/get-profile-options.interface.js';
53
53
  import '../sso/interfaces/get-profile-and-token-options.interface.js';
54
54
  import '../sso/interfaces/list-connections-options.interface.js';
55
55
  import '../sso/interfaces/profile-and-token.interface.js';
56
+ import '../user-management/interfaces/oauth-tokens.interface.js';
56
57
  import '../sso/interfaces/profile.interface.js';
57
58
  import '../webhooks/webhooks.js';
58
59
  import '../common/crypto/crypto-provider.js';
@@ -69,6 +70,7 @@ import '../audit-logs/interfaces/audit-log-export.interface.js';
69
70
  import '../audit-logs/interfaces/create-audit-log-event-options.interface.js';
70
71
  import '../audit-logs/interfaces/create-audit-log-schema-options.interface.js';
71
72
  import 'jose';
73
+ import '../user-management-B38wNrIN.js';
72
74
  import '../user-management/interfaces/authenticate-with-code-options.interface.js';
73
75
  import '../user-management/interfaces/authenticate-with-options-base.interface.js';
74
76
  import '../user-management/interfaces/authenticate-with-code-and-verifier-options.interface.js';
@@ -79,7 +81,6 @@ import '../user-management/interfaces/authenticate-with-password-options.interfa
79
81
  import '../user-management/interfaces/authenticate-with-refresh-token-options.interface.js';
80
82
  import '../user-management/interfaces/authenticate-with-session-cookie.interface.js';
81
83
  import '../user-management/interfaces/authentication-response.interface.js';
82
- import '../user-management/interfaces/oauth-tokens.interface.js';
83
84
  import '../user-management/interfaces/authenticate-with-totp-options.interface.js';
84
85
  import '../user-management/interfaces/authorization-url-options.interface.js';
85
86
  import '../user-management/interfaces/create-magic-auth-options.interface.js';
package/lib/esm/widgets/interfaces/get-token.d.ts CHANGED
@@ -1,13 +1,13 @@
1
- type WidgetScope = 'widgets:users-table:manage';
1
+ type WidgetScope = 'widgets:users-table:manage' | 'widgets:sso:manage' | 'widgets:domain-verification:manage';
2
2
  interface GetTokenOptions {
3
3
  organizationId: string;
4
- userId: string;
5
- scopes?: [WidgetScope];
4
+ userId?: string;
5
+ scopes?: WidgetScope[];
6
6
  }
7
7
  interface SerializedGetTokenOptions {
8
8
  organization_id: string;
9
- user_id: string;
10
- scopes?: [WidgetScope];
9
+ user_id?: string;
10
+ scopes?: WidgetScope[];
11
11
  }
12
12
  declare const serializeGetTokenOptions: (options: GetTokenOptions) => SerializedGetTokenOptions;
13
13
  interface GetTokenResponse {
package/lib/esm/widgets/interfaces/get-token.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/widgets/interfaces/get-token.ts"],"sourcesContent":["export type WidgetScope = 'widgets:users-table:manage';\n\nexport interface GetTokenOptions {\n organizationId: string;\n userId: string;\n scopes?: [WidgetScope];\n}\n\nexport interface SerializedGetTokenOptions {\n organization_id: string;\n user_id: string;\n scopes?: [WidgetScope];\n}\n\nexport const serializeGetTokenOptions = (\n options: GetTokenOptions,\n): SerializedGetTokenOptions => ({\n organization_id: options.organizationId,\n user_id: options.userId,\n scopes: options.scopes,\n});\n\nexport interface GetTokenResponse {\n token: string;\n}\n\nexport interface GetTokenResponseResponse {\n token: string;\n}\n\nexport const deserializeGetTokenResponse = (\n data: GetTokenResponseResponse,\n): GetTokenResponse => ({\n token: data.token,\n});\n"],"mappings":";;AAcO,MAAM,2BAA2B,wBACtC,aAC+B;AAAA,EAC/B,iBAAiB,QAAQ;AAAA,EACzB,SAAS,QAAQ;AAAA,EACjB,QAAQ,QAAQ;AAClB,IANwC;AAgBjC,MAAM,8BAA8B,wBACzC,UACsB;AAAA,EACtB,OAAO,KAAK;AACd,IAJ2C;","names":[]}
1
+ {"version":3,"sources":["../../../../src/widgets/interfaces/get-token.ts"],"sourcesContent":["export type WidgetScope =\n | 'widgets:users-table:manage'\n | 'widgets:sso:manage'\n | 'widgets:domain-verification:manage';\n\nexport interface GetTokenOptions {\n organizationId: string;\n userId?: string;\n scopes?: WidgetScope[];\n}\n\nexport interface SerializedGetTokenOptions {\n organization_id: string;\n user_id?: string;\n scopes?: WidgetScope[];\n}\n\nexport const serializeGetTokenOptions = (\n options: GetTokenOptions,\n): SerializedGetTokenOptions => ({\n organization_id: options.organizationId,\n user_id: options.userId,\n scopes: options.scopes,\n});\n\nexport interface GetTokenResponse {\n token: string;\n}\n\nexport interface GetTokenResponseResponse {\n token: string;\n}\n\nexport const deserializeGetTokenResponse = (\n data: GetTokenResponseResponse,\n): GetTokenResponse => ({\n token: data.token,\n});\n"],"mappings":";;AAiBO,MAAM,2BAA2B,wBACtC,aAC+B;AAAA,EAC/B,iBAAiB,QAAQ;AAAA,EACzB,SAAS,QAAQ;AAAA,EACjB,QAAQ,QAAQ;AAClB,IANwC;AAgBjC,MAAM,8BAA8B,wBACzC,UACsB;AAAA,EACtB,OAAO,KAAK;AACd,IAJ2C;","names":[]}