@workos-inc/node 8.0.0-beta.3 → 8.0.0-beta.4

package/lib/user-management/serializers/organization-membership.serializer.js

@@ -1,15 +1,5 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.deserializeOrganizationMembership = void 0;
-const deserializeOrganizationMembership = (organizationMembership) => ({
-    object: organizationMembership.object,
-    id: organizationMembership.id,
-    userId: organizationMembership.user_id,
-    organizationId: organizationMembership.organization_id,
-    organizationName: organizationMembership.organization_name,
-    status: organizationMembership.status,
-    createdAt: organizationMembership.created_at,
-    updatedAt: organizationMembership.updated_at,
-    role: organizationMembership.role,
-});
+const deserializeOrganizationMembership = (organizationMembership) => (Object.assign({ object: organizationMembership.object, id: organizationMembership.id, userId: organizationMembership.user_id, organizationId: organizationMembership.organization_id, organizationName: organizationMembership.organization_name, status: organizationMembership.status, createdAt: organizationMembership.created_at, updatedAt: organizationMembership.updated_at, role: organizationMembership.role }, (organizationMembership.roles && { roles: organizationMembership.roles })));
 exports.deserializeOrganizationMembership = deserializeOrganizationMembership;

package/lib/user-management/serializers/update-organization-membership-options.serializer.js

@@ -3,5 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.serializeUpdateOrganizationMembershipOptions = void 0;
 const serializeUpdateOrganizationMembershipOptions = (options) => ({
     role_slug: options.roleSlug,
+    role_slugs: options.roleSlugs,
 });
 exports.serializeUpdateOrganizationMembershipOptions = serializeUpdateOrganizationMembershipOptions;

package/lib/user-management/session.js

@@ -61,12 +61,13 @@ class CookieSession {
                     reason: interfaces_1.AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
                 };
             }
-            const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
+            const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
             return {
                 authenticated: true,
                 sessionId,
                 organizationId,
                 role,
+                roles,
                 permissions,
                 entitlements,
                 featureFlags,
@@ -114,7 +115,7 @@ class CookieSession {
                     this.cookiePassword = options.cookiePassword;
                 }
                 this.sessionData = authenticationResponse.sealedSession;
-                const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(authenticationResponse.accessToken);
+                const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(authenticationResponse.accessToken);
                 // TODO: Returning `session` here means there's some duplicated data.
                 // Slim down the return type in a future major version.
                 return {
@@ -124,6 +125,7 @@ class CookieSession {
                     sessionId,
                     organizationId,
                     role,
+                    roles,
                     permissions,
                     entitlements,
                     featureFlags,

package/lib/user-management/session.spec.js

@@ -119,7 +119,7 @@ describe('Session', () => {
                 .spyOn(jose, 'jwtVerify')
                 .mockResolvedValue({});
             const cookiePassword = 'alongcookiesecretmadefortestingsessions';
-            const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoZW50aWNhdGVkIjp0cnVlLCJpbXBlcnNvbmF0b3IiOnsiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsInJlYXNvbiI6InRlc3QifSwic2lkIjoic2Vzc2lvbl8xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwicm9sZSI6Im1lbWJlciIsInBlcm1pc3Npb25zIjpbInBvc3RzOmNyZWF0ZSIsInBvc3RzOmRlbGV0ZSJdLCJlbnRpdGxlbWVudHMiOlsiYXVkaXQtbG9ncyJdLCJmZWF0dXJlX2ZsYWdzIjpbImRhcmstbW9kZSIsImJldGEtZmVhdHVyZXMiXSwidXNlciI6eyJvYmplY3QiOiJ1c2VyIiwiaWQiOiJ1c2VyXzAxSDVKUURWN1I3QVRFWVpERUcwVzVQUllTIiwiZW1haWwiOiJ0ZXN0QGV4YW1wbGUuY29tIn19.YVNjR8S2xGn2jAoLuEcBQNJ1_xY3OzjRE1-BK0zjfQE';
+            const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoZW50aWNhdGVkIjp0cnVlLCJpbXBlcnNvbmF0b3IiOnsiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsInJlYXNvbiI6InRlc3QifSwic2lkIjoic2Vzc2lvbl8xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwicm9sZSI6Im1lbWJlciIsInJvbGVzIjpbIm1lbWJlciIsImFkbWluIl0sInBlcm1pc3Npb25zIjpbInBvc3RzOmNyZWF0ZSIsInBvc3RzOmRlbGV0ZSJdLCJlbnRpdGxlbWVudHMiOlsiYXVkaXQtbG9ncyJdLCJmZWF0dXJlX2ZsYWdzIjpbImRhcmstbW9kZSIsImJldGEtZmVhdHVyZXMiXSwidXNlciI6eyJvYmplY3QiOiJ1c2VyIiwiaWQiOiJ1c2VyXzAxSDVKUURWN1I3QVRFWVpERUcwVzVQUllTIiwiZW1haWwiOiJ0ZXN0QGV4YW1wbGUuY29tIn19.TNUzJYn6lzLWFFsiWiKEgIshyUs-bKJQf1VxwNr1cGI';
             const sessionData = yield (0, iron_session_1.sealData)({
                 accessToken,
                 refreshToken: 'def456',
@@ -146,6 +146,7 @@ describe('Session', () => {
                 sessionId: 'session_123',
                 organizationId: 'org_123',
                 role: 'member',
+                roles: ['member', 'admin'],
                 permissions: ['posts:create', 'posts:delete'],
                 entitlements: ['audit-logs'],
                 featureFlags: ['dark-mode', 'beta-features'],
@@ -173,7 +174,7 @@ describe('Session', () => {
         }));
         describe('when the session data is valid', () => {
             it('returns a successful response with a sealed and unsealed session', () => __awaiter(void 0, void 0, void 0, function* () {
-                const accessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICJzdWIiOiAiMTIzNDU2Nzg5MCIsCiAgIm5hbWUiOiAiSm9obiBEb2UiLAogICJpYXQiOiAxNTE2MjM5MDIyLAogICJzaWQiOiAic2Vzc2lvbl8xMjMiLAogICJvcmdfaWQiOiAib3JnXzEyMyIsCiAgInJvbGUiOiAibWVtYmVyIiwKICAicGVybWlzc2lvbnMiOiBbInBvc3RzOmNyZWF0ZSIsICJwb3N0czpkZWxldGUiXQp9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+                const accessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzaWQiOiJzZXNzaW9uXzEyMyIsIm9yZ19pZCI6Im9yZ18xMjMiLCJyb2xlIjoibWVtYmVyIiwicm9sZXMiOlsibWVtYmVyIiwiYWRtaW4iXSwicGVybWlzc2lvbnMiOlsicG9zdHM6Y3JlYXRlIiwicG9zdHM6ZGVsZXRlIl19.N5zveP149QhRR5zNvzGJPiCX098uXaN8VM1_lwsMg4A';
                 const refreshToken = 'def456';
                 (0, test_utils_1.fetchOnce)({
                     user: user_json_1.default,
@@ -216,6 +217,7 @@ describe('Session', () => {
                     entitlements: undefined,
                     permissions: ['posts:create', 'posts:delete'],
                     role: 'member',
+                    roles: ['member', 'admin'],
                     sessionId: 'session_123',
                     user: expect.objectContaining({
                         email: 'test01@example.com',

package/lib/user-management/user-management.js

@@ -217,12 +217,13 @@ class UserManagement {
                     reason: authenticate_with_session_cookie_interface_1.AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
                 };
             }
-            const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
+            const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags, } = (0, jose_1.decodeJwt)(session.accessToken);
             return {
                 authenticated: true,
                 sessionId,
                 organizationId,
                 role,
+                roles,
                 user: session.user,
                 permissions,
                 entitlements,

package/lib/user-management/user-management.spec.js

@@ -889,6 +889,39 @@ describe('UserManagement', () => {
                 accessToken,
             });
         }));
+        it('returns the JWT claims when provided a valid JWT with multiple roles', () => __awaiter(void 0, void 0, void 0, function* () {
+            jest
+                .spyOn(jose, 'jwtVerify')
+                .mockResolvedValue({});
+            const cookiePassword = 'alongcookiesecretmadefortestingsessions';
+            const accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoZW50aWNhdGVkIjp0cnVlLCJpbXBlcnNvbmF0b3IiOnsiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsInJlYXNvbiI6InRlc3QifSwic2lkIjoic2Vzc2lvbl8xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwicm9sZSI6ImFkbWluIiwicm9sZXMiOlsiYWRtaW4iLCJtZW1iZXIiXSwicGVybWlzc2lvbnMiOlsicG9zdHM6Y3JlYXRlIiwicG9zdHM6ZGVsZXRlIl0sImVudGl0bGVtZW50cyI6WyJhdWRpdC1sb2dzIl0sImZlYXR1cmVfZmxhZ3MiOlsiZGFyay1tb2RlIiwiYmV0YS1mZWF0dXJlcyJdLCJ1c2VyIjp7Im9iamVjdCI6InVzZXIiLCJpZCI6InVzZXJfMDFINUpRRFY3UjdBVEVZWkRFRzBXNVBSWVMiLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifX0.hsMptIB7PmbF5pxxtgTtCdUyOAhA11ZIAP-JY5zU5fE';
+            const sessionData = yield (0, iron_session_1.sealData)({
+                accessToken,
+                refreshToken: 'def456',
+                user: {
+                    object: 'user',
+                    id: 'user_01H5JQDV7R7ATEYZDEG0W5PRYS',
+                    email: 'test@example.com',
+                },
+            }, { password: cookiePassword });
+            yield expect(workos.userManagement.authenticateWithSessionCookie({
+                sessionData,
+                cookiePassword,
+            })).resolves.toEqual({
+                authenticated: true,
+                sessionId: 'session_123',
+                organizationId: 'org_123',
+                role: 'admin',
+                roles: ['admin', 'member'],
+                permissions: ['posts:create', 'posts:delete'],
+                entitlements: ['audit-logs'],
+                featureFlags: ['dark-mode', 'beta-features'],
+                user: expect.objectContaining({
+                    email: 'test@example.com',
+                }),
+                accessToken,
+            });
+        }));
     });
     describe('refreshAndSealSessionData', () => {
         it('throws an error when the cookie password is undefined', () => __awaiter(void 0, void 0, void 0, function* () {

package/lib/widgets/interfaces/get-token.d.ts

@@ -1,13 +1,13 @@
-export type WidgetScope = 'widgets:users-table:manage';
+export type WidgetScope = 'widgets:users-table:manage' | 'widgets:sso:manage' | 'widgets:domain-verification:manage';
 export interface GetTokenOptions {
     organizationId: string;
-    userId: string;
-    scopes?: [WidgetScope];
+    userId?: string;
+    scopes?: WidgetScope[];
 }
 export interface SerializedGetTokenOptions {
     organization_id: string;
-    user_id: string;
-    scopes?: [WidgetScope];
+    user_id?: string;
+    scopes?: WidgetScope[];
 }
 export declare const serializeGetTokenOptions: (options: GetTokenOptions) => SerializedGetTokenOptions;
 export interface GetTokenResponse {

package/lib/workos.js

@@ -32,7 +32,7 @@ const actions_1 = require("./actions/actions");
 const vault_1 = require("./vault/vault");
 const conflict_exception_1 = require("./common/exceptions/conflict.exception");
 const parse_error_1 = require("./common/exceptions/parse-error");
-const VERSION = '7.63.0';
+const VERSION = '7.70.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 const HEADER_AUTHORIZATION = 'Authorization';
 const HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';
@@ -99,7 +99,7 @@ class WorkOS {
     }
     createHttpClient(options, userAgent) {
         var _a;
-        return new fetch_client_1.FetchHttpClient(this.baseURL, Object.assign(Object.assign({}, options.config), { headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) }));
+        return new fetch_client_1.FetchHttpClient(this.baseURL, Object.assign(Object.assign({}, options.config), { timeout: options.timeout, headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) }));
     }
     createIronSessionProvider() {
         throw new Error('IronSessionProvider not implemented. Use WorkOSNode or WorkOSWorker instead.');

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "8.0.0-beta.3",
+  "version": "8.0.0-beta.4",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",
@@ -8,10 +8,6 @@
   "keywords": [
     "workos"
   ],
-  "volta": {
-    "node": "19.9.0",
-    "yarn": "1.22.19"
-  },
   "engines": {
     "node": ">=18"
   },
@@ -107,6 +103,15 @@
       "require": "./lib/cjs/index.cjs",
       "default": "./lib/esm/index.js"
     },
+    "./client": {
+      "types": {
+        "require": "./lib/cjs/index.client.d.cts",
+        "import": "./lib/esm/index.client.d.ts"
+      },
+      "import": "./lib/esm/index.client.js",
+      "require": "./lib/cjs/index.client.cjs",
+      "default": "./lib/esm/index.client.js"
+    },
     "./worker": {
       "types": {
         "require": "./lib/cjs/index.worker.d.cts",