npm - @workos-inc/node - Versions diffs - 8.0.0-beta.3 → 8.0.0-beta.4 - Mend

@workos-inc/node 8.0.0-beta.3 → 8.0.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (246) hide show

package/lib/cjs/public/user-management.cjs ADDED Viewed

@@ -0,0 +1,110 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var user_management_exports = {};
+__export(user_management_exports, {
+  getAuthorizationUrl: () => getAuthorizationUrl,
+  getJwksUrl: () => getJwksUrl,
+  getLogoutUrl: () => getLogoutUrl
+});
+module.exports = __toCommonJS(user_management_exports);
+var import_utils = require('./utils.cjs');
+function getAuthorizationUrl(options) {
+  const {
+    connectionId,
+    codeChallenge,
+    codeChallengeMethod,
+    context,
+    clientId,
+    domainHint,
+    loginHint,
+    organizationId,
+    provider,
+    providerQueryParams,
+    providerScopes,
+    prompt,
+    redirectUri,
+    state,
+    screenHint,
+    baseURL = "https://api.workos.com"
+  } = options;
+  if (!provider && !connectionId && !organizationId) {
+    throw new TypeError(
+      `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`
+    );
+  }
+  if (provider !== "authkit" && screenHint) {
+    throw new TypeError(
+      `'screenHint' is only supported for 'authkit' provider`
+    );
+  }
+  if (context) {
+    console.warn(
+      `WorkOS: \`context\` is deprecated. We previously required initiate login endpoints to return the
+\`context\` query parameter when getting the authorization URL. This is no longer necessary.`
+    );
+  }
+  const query = (0, import_utils.toQueryString)({
+    connection_id: connectionId,
+    code_challenge: codeChallenge,
+    code_challenge_method: codeChallengeMethod,
+    context,
+    organization_id: organizationId,
+    domain_hint: domainHint,
+    login_hint: loginHint,
+    provider,
+    provider_query_params: providerQueryParams,
+    provider_scopes: providerScopes,
+    prompt,
+    client_id: clientId,
+    redirect_uri: redirectUri,
+    response_type: "code",
+    state,
+    screen_hint: screenHint
+  });
+  return `${baseURL}/user_management/authorize?${query}`;
+}
+__name(getAuthorizationUrl, "getAuthorizationUrl");
+function getLogoutUrl(options) {
+  const { sessionId, returnTo, baseURL = "https://api.workos.com" } = options;
+  if (!sessionId) {
+    throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);
+  }
+  const url = new URL("/user_management/sessions/logout", baseURL);
+  url.searchParams.set("session_id", sessionId);
+  if (returnTo) {
+    url.searchParams.set("return_to", returnTo);
+  }
+  return url.toString();
+}
+__name(getLogoutUrl, "getLogoutUrl");
+function getJwksUrl(clientId, baseURL = "https://api.workos.com") {
+  if (!clientId) {
+    throw TypeError("clientId must be a valid clientId");
+  }
+  return `${baseURL}/sso/jwks/${clientId}`;
+}
+__name(getJwksUrl, "getJwksUrl");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getAuthorizationUrl,
+  getJwksUrl,
+  getLogoutUrl
+});
+//# sourceMappingURL=user-management.cjs.map

package/lib/cjs/public/user-management.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../src/public/user-management.ts"],"sourcesContent":["import { toQueryString } from './utils';\n\n// Re-export necessary interfaces for public use\nexport interface AuthorizationURLOptions {\n clientId: string;\n codeChallenge?: string;\n codeChallengeMethod?: 'S256';\n connectionId?: string;\n /**\n * @deprecated We previously required initiate login endpoints to return the `context`\n * query parameter when getting the authorization URL. This is no longer necessary.\n */\n context?: string;\n organizationId?: string;\n domainHint?: string;\n loginHint?: string;\n provider?: string;\n providerQueryParams?: Record<string, string | boolean | number>;\n providerScopes?: string[];\n prompt?: string;\n redirectUri: string;\n state?: string;\n screenHint?: 'sign-up' | 'sign-in';\n}\n\nexport interface LogoutURLOptions {\n sessionId: string;\n returnTo?: string;\n}\n\n/**\n * Generates the authorization URL for user authentication.\n * This method is safe to use in browser environments as it doesn't require an API key.\n *\n * @param options - Authorization URL options\n * @returns The authorization URL as a string\n * @throws TypeError if required arguments are missing\n */\nexport function getAuthorizationUrl(\n options: AuthorizationURLOptions & { baseURL?: string },\n): string {\n const {\n connectionId,\n codeChallenge,\n codeChallengeMethod,\n context,\n clientId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerQueryParams,\n providerScopes,\n prompt,\n redirectUri,\n state,\n screenHint,\n baseURL = 'https://api.workos.com',\n } = options;\n\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n if (context) {\n console.warn(\n `WorkOS: \\`context\\` is deprecated. We previously required initiate login endpoints to return the\n\\`context\\` query parameter when getting the authorization URL. This is no longer necessary.`,\n );\n }\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n context,\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n prompt,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n return `${baseURL}/user_management/authorize?${query}`;\n}\n\n/**\n * Generates the logout URL for ending a user session.\n * This method is safe to use in browser environments as it doesn't require an API key.\n *\n * @param options - Logout URL options\n * @returns The logout URL as a string\n * @throws TypeError if sessionId is not provided\n */\nexport function getLogoutUrl(\n options: LogoutURLOptions & { baseURL?: string },\n): string {\n const { sessionId, returnTo, baseURL = 'https://api.workos.com' } = options;\n\n if (!sessionId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);\n }\n\n const url = new URL('/user_management/sessions/logout', baseURL);\n\n url.searchParams.set('session_id', sessionId);\n if (returnTo) {\n url.searchParams.set('return_to', returnTo);\n }\n\n return url.toString();\n}\n\n/**\n * Gets the JWKS (JSON Web Key Set) URL for a given client ID.\n * This method is safe to use in browser environments as it doesn't require an API key.\n *\n * @param clientId - The WorkOS client ID\n * @param baseURL - Optional base URL for the API (defaults to https://api.workos.com)\n * @returns The JWKS URL as a string\n * @throws TypeError if clientId is not provided\n */\nexport function getJwksUrl(\n clientId: string,\n baseURL = 'https://api.workos.com',\n): string {\n if (!clientId) {\n throw TypeError('clientId must be a valid clientId');\n }\n\n return `${baseURL}/sso/jwks/${clientId}`;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAA8B;AAsCvB,SAAS,oBACd,SACQ;AACR,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU;AAAA,EACZ,IAAI;AAEJ,MAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,gBAAgB;AACjD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,MAAI,aAAa,aAAa,YAAY;AACxC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS;AACX,YAAQ;AAAA,MACN;AAAA;AAAA,IAEF;AAAA,EACF;AAEA,QAAM,YAAQ,4BAAc;AAAA,IAC1B,eAAe;AAAA,IACf,gBAAgB;AAAA,IAChB,uBAAuB;AAAA,IACvB;AAAA,IACA,iBAAiB;AAAA,IACjB,aAAa;AAAA,IACb,YAAY;AAAA,IACZ;AAAA,IACA,uBAAuB;AAAA,IACvB,iBAAiB;AAAA,IACjB;AAAA,IACA,WAAW;AAAA,IACX,cAAc;AAAA,IACd,eAAe;AAAA,IACf;AAAA,IACA,aAAa;AAAA,EACf,CAAC;AAED,SAAO,GAAG,OAAO,8BAA8B,KAAK;AACtD;AA7DgB;AAuET,SAAS,aACd,SACQ;AACR,QAAM,EAAE,WAAW,UAAU,UAAU,yBAAyB,IAAI;AAEpE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,UAAU,oDAAoD;AAAA,EAC1E;AAEA,QAAM,MAAM,IAAI,IAAI,oCAAoC,OAAO;AAE/D,MAAI,aAAa,IAAI,cAAc,SAAS;AAC5C,MAAI,UAAU;AACZ,QAAI,aAAa,IAAI,aAAa,QAAQ;AAAA,EAC5C;AAEA,SAAO,IAAI,SAAS;AACtB;AAjBgB;AA4BT,SAAS,WACd,UACA,UAAU,0BACF;AACR,MAAI,CAAC,UAAU;AACb,UAAM,UAAU,mCAAmC;AAAA,EACrD;AAEA,SAAO,GAAG,OAAO,aAAa,QAAQ;AACxC;AATgB;","names":[]}

package/lib/cjs/public/user-management.d.cts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { A as AuthorizationURLOptions, L as LogoutURLOptions, g as getAuthorizationUrl, b as getJwksUrl, a as getLogoutUrl } from '../user-management-Dh73wyCr.cjs';

package/lib/cjs/public/utils.cjs ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var utils_exports = {};
+__export(utils_exports, {
+  toQueryString: () => toQueryString
+});
+module.exports = __toCommonJS(utils_exports);
+var import_qs = __toESM(require("qs"), 1);
+const toQueryString = /* @__PURE__ */ __name((options) => {
+  return import_qs.default.stringify(options, {
+    arrayFormat: "repeat",
+    // sorts the keys alphabetically to maintain backwards compatibility
+    sort: /* @__PURE__ */ __name((a, b) => a.localeCompare(b), "sort"),
+    // encodes space as + instead of %20 to maintain backwards compatibility
+    format: "RFC1738"
+  });
+}, "toQueryString");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  toQueryString
+});
+//# sourceMappingURL=utils.cjs.map

package/lib/cjs/public/utils.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../src/public/utils.ts"],"sourcesContent":["import qs from 'qs';\n\n/**\n * Converts an options object to a query string using qs library.\n * Maintains backwards compatibility with existing URL formatting.\n */\nexport const toQueryString = (\n options: Record<\n string,\n string | string[] | Record<string, string | boolean | number> | undefined\n >,\n): string => {\n return qs.stringify(options, {\n arrayFormat: 'repeat',\n // sorts the keys alphabetically to maintain backwards compatibility\n sort: (a, b) => a.localeCompare(b),\n // encodes space as + instead of %20 to maintain backwards compatibility\n format: 'RFC1738',\n });\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gBAAe;AAMR,MAAM,gBAAgB,wBAC3B,YAIW;AACX,SAAO,UAAAA,QAAG,UAAU,SAAS;AAAA,IAC3B,aAAa;AAAA;AAAA,IAEb,MAAM,wBAAC,GAAG,MAAM,EAAE,cAAc,CAAC,GAA3B;AAAA;AAAA,IAEN,QAAQ;AAAA,EACV,CAAC;AACH,GAb6B;","names":["qs"]}

package/lib/cjs/public/utils.d.cts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Converts an options object to a query string using qs library.
+ * Maintains backwards compatibility with existing URL formatting.
+ */
+declare const toQueryString: (options: Record<string, string | string[] | Record<string, string | boolean | number> | undefined>) => string;
+export { toQueryString };

package/lib/cjs/sso/interfaces/authorization-url-options.interface.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/sso/interfaces/authorization-url-options.interface.ts"],"sourcesContent":["~~export~~ interface ~~SSOAuthorizationURLOptions~~ {\n clientId: string;\n ~~connection~~?: string;\n ~~organization~~?: string;\n ~~domainHint~~?: string;\n ~~loginHint~~?: string;\n provider?: ~~string~~;\n ~~redirectUri~~: string;\n ~~state~~?: string;\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
1	+ {"version":3,"sources":["../../../../src/sso/interfaces/authorization-url-options.interface.ts"],"sourcesContent":["interface SSOAuthorizationURLBase {\n clientId: string;\n domainHint?: string;\n loginHint?: string;\n providerQueryParams?: Record<string, string \| boolean \| number>;\n providerScopes?: string[];\n redirectUri: string;\n state?: string;\n}\n\ninterface SSOWithConnection extends SSOAuthorizationURLBase {\n connection: string;\n organization?: never;\n provider?: never;\n}\n\ninterface SSOWithOrganization extends SSOAuthorizationURLBase {\n organization: string;\n connection?: never;\n provider?: never;\n}\n\ninterface SSOWithProvider extends SSOAuthorizationURLBase {\n provider: string;\n connection?: never;\n organization?: never;\n}\n\nexport type SSOAuthorizationURLOptions =\n \| SSOWithConnection\n \| SSOWithOrganization\n \| SSOWithProvider;\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/lib/cjs/sso/interfaces/authorization-url-options.interface.d.cts CHANGED Viewed

@@ -1,12 +1,27 @@
-interface SSOAuthorizationURLOptions {
+interface SSOAuthorizationURLBase {
     clientId: string;
-    connection?: string;
-    organization?: string;
     domainHint?: string;
     loginHint?: string;
-    provider?: string;
+    providerQueryParams?: Record<string, string | boolean | number>;
+    providerScopes?: string[];
     redirectUri: string;
     state?: string;
 }
+interface SSOWithConnection extends SSOAuthorizationURLBase {
+    connection: string;
+    organization?: never;
+    provider?: never;
+}
+interface SSOWithOrganization extends SSOAuthorizationURLBase {
+    organization: string;
+    connection?: never;
+    provider?: never;
+}
+interface SSOWithProvider extends SSOAuthorizationURLBase {
+    provider: string;
+    connection?: never;
+    organization?: never;
+}
+type SSOAuthorizationURLOptions = SSOWithConnection | SSOWithOrganization | SSOWithProvider;
 export type { SSOAuthorizationURLOptions };

package/lib/cjs/sso/interfaces/connection-type.enum.cjs CHANGED Viewed

@@ -51,6 +51,7 @@ var ConnectionType = /* @__PURE__ */ ((ConnectionType2) => {
   ConnectionType2["PingFederateSAML"] = "PingFederateSAML";
   ConnectionType2["PingOneSAML"] = "PingOneSAML";
   ConnectionType2["RipplingSAML"] = "RipplingSAML";
+  ConnectionType2["SalesforceOAuth"] = "SalesforceOAuth";
   ConnectionType2["SalesforceSAML"] = "SalesforceSAML";
   ConnectionType2["ShibbolethGenericSAML"] = "ShibbolethGenericSAML";
   ConnectionType2["ShibbolethSAML"] = "ShibbolethSAML";

package/lib/cjs/sso/interfaces/connection-type.enum.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/sso/interfaces/connection-type.enum.ts"],"sourcesContent":["export enum ConnectionType {\n ADFSSAML = 'ADFSSAML',\n AdpOidc = 'AdpOidc',\n AppleOAuth = 'AppleOAuth',\n Auth0SAML = 'Auth0SAML',\n AzureSAML = 'AzureSAML',\n CasSAML = 'CasSAML',\n ClassLinkSAML = 'ClassLinkSAML',\n CloudflareSAML = 'CloudflareSAML',\n CyberArkSAML = 'CyberArkSAML',\n DuoSAML = 'DuoSAML',\n GenericOIDC = 'GenericOIDC',\n GenericSAML = 'GenericSAML',\n GitHubOAuth = 'GitHubOAuth',\n GoogleOAuth = 'GoogleOAuth',\n GoogleSAML = 'GoogleSAML',\n JumpCloudSAML = 'JumpCloudSAML',\n KeycloakSAML = 'KeycloakSAML',\n LastPassSAML = 'LastPassSAML',\n LoginGovOidc = 'LoginGovOidc',\n MagicLink = 'MagicLink',\n MicrosoftOAuth = 'MicrosoftOAuth',\n MiniOrangeSAML = 'MiniOrangeSAML',\n NetIqSAML = 'NetIqSAML',\n OktaSAML = 'OktaSAML',\n OneLoginSAML = 'OneLoginSAML',\n OracleSAML = 'OracleSAML',\n PingFederateSAML = 'PingFederateSAML',\n PingOneSAML = 'PingOneSAML',\n RipplingSAML = 'RipplingSAML',\n SalesforceSAML = 'SalesforceSAML',\n ShibbolethGenericSAML = 'ShibbolethGenericSAML',\n ShibbolethSAML = 'ShibbolethSAML',\n SimpleSamlPhpSAML = 'SimpleSamlPhpSAML',\n VMwareSAML = 'VMwareSAML',\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,cAAW;AACX,EAAAA,gBAAA,aAAU;AACV,EAAAA,gBAAA,gBAAa;AACb,EAAAA,gBAAA,eAAY;AACZ,EAAAA,gBAAA,eAAY;AACZ,EAAAA,gBAAA,aAAU;AACV,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,aAAU;AACV,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,gBAAa;AACb,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,eAAY;AACZ,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,eAAY;AACZ,EAAAA,gBAAA,cAAW;AACX,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,gBAAa;AACb,EAAAA,gBAAA,sBAAmB;AACnB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,2BAAwB;AACxB,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,uBAAoB;AACpB,EAAAA,gBAAA,gBAAa;~~AAlCH~~,SAAAA;AAAA,GAAA;","names":["ConnectionType"]}
1	+ {"version":3,"sources":["../../../../src/sso/interfaces/connection-type.enum.ts"],"sourcesContent":["export enum ConnectionType {\n ADFSSAML = 'ADFSSAML',\n AdpOidc = 'AdpOidc',\n AppleOAuth = 'AppleOAuth',\n Auth0SAML = 'Auth0SAML',\n AzureSAML = 'AzureSAML',\n CasSAML = 'CasSAML',\n ClassLinkSAML = 'ClassLinkSAML',\n CloudflareSAML = 'CloudflareSAML',\n CyberArkSAML = 'CyberArkSAML',\n DuoSAML = 'DuoSAML',\n GenericOIDC = 'GenericOIDC',\n GenericSAML = 'GenericSAML',\n GitHubOAuth = 'GitHubOAuth',\n GoogleOAuth = 'GoogleOAuth',\n GoogleSAML = 'GoogleSAML',\n JumpCloudSAML = 'JumpCloudSAML',\n KeycloakSAML = 'KeycloakSAML',\n LastPassSAML = 'LastPassSAML',\n LoginGovOidc = 'LoginGovOidc',\n MagicLink = 'MagicLink',\n MicrosoftOAuth = 'MicrosoftOAuth',\n MiniOrangeSAML = 'MiniOrangeSAML',\n NetIqSAML = 'NetIqSAML',\n OktaSAML = 'OktaSAML',\n OneLoginSAML = 'OneLoginSAML',\n OracleSAML = 'OracleSAML',\n PingFederateSAML = 'PingFederateSAML',\n PingOneSAML = 'PingOneSAML',\n RipplingSAML = 'RipplingSAML',\n SalesforceOAuth = 'SalesforceOAuth',\n SalesforceSAML = 'SalesforceSAML',\n ShibbolethGenericSAML = 'ShibbolethGenericSAML',\n ShibbolethSAML = 'ShibbolethSAML',\n SimpleSamlPhpSAML = 'SimpleSamlPhpSAML',\n VMwareSAML = 'VMwareSAML',\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,cAAW;AACX,EAAAA,gBAAA,aAAU;AACV,EAAAA,gBAAA,gBAAa;AACb,EAAAA,gBAAA,eAAY;AACZ,EAAAA,gBAAA,eAAY;AACZ,EAAAA,gBAAA,aAAU;AACV,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,aAAU;AACV,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,gBAAa;AACb,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,eAAY;AACZ,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,eAAY;AACZ,EAAAA,gBAAA,cAAW;AACX,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,gBAAa;AACb,EAAAA,gBAAA,sBAAmB;AACnB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,qBAAkB;AAClB,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,2BAAwB;AACxB,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,uBAAoB;AACpB,EAAAA,gBAAA,gBAAa;AAnCH,SAAAA;AAAA,GAAA;","names":["ConnectionType"]}

package/lib/cjs/sso/interfaces/connection-type.enum.d.cts CHANGED Viewed

@@ -28,6 +28,7 @@ declare enum ConnectionType {
     PingFederateSAML = "PingFederateSAML",
     PingOneSAML = "PingOneSAML",
     RipplingSAML = "RipplingSAML",
+    SalesforceOAuth = "SalesforceOAuth",
     SalesforceSAML = "SalesforceSAML",
     ShibbolethGenericSAML = "ShibbolethGenericSAML",
     ShibbolethSAML = "ShibbolethSAML",

package/lib/cjs/sso/interfaces/index.d.cts CHANGED Viewed

@@ -8,4 +8,5 @@ export { ProfileAndToken, ProfileAndTokenResponse } from './profile-and-token.in
 export { Profile, ProfileResponse } from './profile.interface.cjs';
 import '../../common/interfaces/pagination-options.interface.cjs';
 import '../../common/interfaces/unknown-record.interface.cjs';
+import '../../user-management/interfaces/oauth-tokens.interface.cjs';
 import '../../roles/interfaces/role.interface.cjs';

package/lib/cjs/sso/interfaces/profile-and-token.interface.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/sso/interfaces/profile-and-token.interface.ts"],"sourcesContent":["import { UnknownRecord } from '../../common/interfaces/unknown-record.interface';\nimport { Profile, ProfileResponse } from './profile.interface';\n\nexport interface ProfileAndToken<CustomAttributesType extends UnknownRecord> {\n accessToken: string;\n profile: Profile<CustomAttributesType>;\n}\n\nexport interface ProfileAndTokenResponse<\n CustomAttributesType extends UnknownRecord,\n> {\n access_token: string;\n profile: ProfileResponse<CustomAttributesType>;\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
1	+ {"version":3,"sources":["../../../../src/sso/interfaces/profile-and-token.interface.ts"],"sourcesContent":["import { UnknownRecord } from '../../common/interfaces/unknown-record.interface';\nimport {\n OauthTokens,\n OauthTokensResponse,\n} from '../../user-management/interfaces/oauth-tokens.interface';\nimport { Profile, ProfileResponse } from './profile.interface';\n\nexport interface ProfileAndToken<CustomAttributesType extends UnknownRecord> {\n accessToken: string;\n profile: Profile<CustomAttributesType>;\n oauthTokens?: OauthTokens;\n}\n\nexport interface ProfileAndTokenResponse<\n CustomAttributesType extends UnknownRecord,\n> {\n access_token: string;\n profile: ProfileResponse<CustomAttributesType>;\n oauth_tokens?: OauthTokensResponse;\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/lib/cjs/sso/interfaces/profile-and-token.interface.d.cts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { UnknownRecord } from '../../common/interfaces/unknown-record.interface.cjs';
+import { OauthTokens, OauthTokensResponse } from '../../user-management/interfaces/oauth-tokens.interface.cjs';
 import { Profile, ProfileResponse } from './profile.interface.cjs';
 import '../../roles/interfaces/role.interface.cjs';
 import './connection-type.enum.cjs';
@@ -6,10 +7,12 @@ import './connection-type.enum.cjs';
 interface ProfileAndToken<CustomAttributesType extends UnknownRecord> {
     accessToken: string;
     profile: Profile<CustomAttributesType>;
+    oauthTokens?: OauthTokens;
 }
 interface ProfileAndTokenResponse<CustomAttributesType extends UnknownRecord> {
     access_token: string;
     profile: ProfileResponse<CustomAttributesType>;
+    oauth_tokens?: OauthTokensResponse;
 }
 export type { ProfileAndToken, ProfileAndTokenResponse };

package/lib/cjs/sso/serializers/index.d.cts CHANGED Viewed

@@ -8,5 +8,6 @@ import '../interfaces/list-connections-options.interface.cjs';
 import '../../common/interfaces/pagination-options.interface.cjs';
 import '../../common/interfaces/unknown-record.interface.cjs';
 import '../interfaces/profile-and-token.interface.cjs';
+import '../../user-management/interfaces/oauth-tokens.interface.cjs';
 import '../interfaces/profile.interface.cjs';
 import '../../roles/interfaces/role.interface.cjs';

package/lib/cjs/sso/serializers/profile-and-token.serializer.cjs CHANGED Viewed

@@ -22,10 +22,12 @@ __export(profile_and_token_serializer_exports, {
   deserializeProfileAndToken: () => deserializeProfileAndToken
 });
 module.exports = __toCommonJS(profile_and_token_serializer_exports);
+var import_oauth_tokens = require('../../user-management/serializers/oauth-tokens.serializer.cjs');
 var import_profile = require('./profile.serializer.cjs');
 const deserializeProfileAndToken = /* @__PURE__ */ __name((profileAndToken) => ({
   accessToken: profileAndToken.access_token,
-  profile: (0, import_profile.deserializeProfile)(profileAndToken.profile)
+  profile: (0, import_profile.deserializeProfile)(profileAndToken.profile),
+  oauthTokens: (0, import_oauth_tokens.deserializeOauthTokens)(profileAndToken.oauth_tokens)
 }), "deserializeProfileAndToken");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/lib/cjs/sso/serializers/profile-and-token.serializer.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/sso/serializers/profile-and-token.serializer.ts"],"sourcesContent":["import { UnknownRecord } from '../../common/interfaces/unknown-record.interface';\nimport { ProfileAndToken, ProfileAndTokenResponse } from '../interfaces';\nimport { deserializeProfile } from './profile.serializer';\n\nexport const deserializeProfileAndToken = <\n CustomAttributesType extends UnknownRecord,\n>(\n profileAndToken: ProfileAndTokenResponse<CustomAttributesType>,\n): ProfileAndToken<CustomAttributesType> => ({\n accessToken: profileAndToken.access_token,\n profile: deserializeProfile(profileAndToken.profile),\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;~~AAEA~~,qBAAmC;AAE5B,MAAM,6BAA6B,wBAGxC,qBAC2C;AAAA,EAC3C,aAAa,gBAAgB;AAAA,EAC7B,aAAS,mCAAmB,gBAAgB,OAAO;~~AACrD~~,~~IAP0C~~;","names":[]}
1	+ {"version":3,"sources":["../../../../src/sso/serializers/profile-and-token.serializer.ts"],"sourcesContent":["import { UnknownRecord } from '../../common/interfaces/unknown-record.interface';\nimport { deserializeOauthTokens } from '../../user-management/serializers/oauth-tokens.serializer';\nimport { ProfileAndToken, ProfileAndTokenResponse } from '../interfaces';\nimport { deserializeProfile } from './profile.serializer';\n\nexport const deserializeProfileAndToken = <\n CustomAttributesType extends UnknownRecord,\n>(\n profileAndToken: ProfileAndTokenResponse<CustomAttributesType>,\n): ProfileAndToken<CustomAttributesType> => ({\n accessToken: profileAndToken.access_token,\n profile: deserializeProfile(profileAndToken.profile),\n oauthTokens: deserializeOauthTokens(profileAndToken.oauth_tokens),\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,0BAAuC;AAEvC,qBAAmC;AAE5B,MAAM,6BAA6B,wBAGxC,qBAC2C;AAAA,EAC3C,aAAa,gBAAgB;AAAA,EAC7B,aAAS,mCAAmB,gBAAgB,OAAO;AAAA,EACnD,iBAAa,4CAAuB,gBAAgB,YAAY;AAClE,IAR0C;","names":[]}

package/lib/cjs/sso/serializers/profile-and-token.serializer.d.cts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { UnknownRecord } from '../../common/interfaces/unknown-record.interface.cjs';
 import { ProfileAndTokenResponse, ProfileAndToken } from '../interfaces/profile-and-token.interface.cjs';
+import '../../user-management/interfaces/oauth-tokens.interface.cjs';
 import '../interfaces/profile.interface.cjs';
 import '../../roles/interfaces/role.interface.cjs';
 import '../interfaces/connection-type.enum.cjs';

package/lib/cjs/sso/sso.cjs CHANGED Viewed

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
 var __export = (target, all) => {
@@ -16,26 +18,24 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var sso_exports = {};
 __export(sso_exports, {
   SSO: () => SSO
 });
 module.exports = __toCommonJS(sso_exports);
+var clientSSO = __toESM(require('../client/sso.cjs'), 1);
 var import_fetch_and_deserialize = require('../common/utils/fetch-and-deserialize.cjs');
 var import_pagination = require('../common/utils/pagination.cjs');
 var import_serializers = require('./serializers/index.cjs');
-const toQueryString = /* @__PURE__ */ __name((options) => {
-  const searchParams = new URLSearchParams();
-  const keys = Object.keys(options).sort();
-  for (const key of keys) {
-    const value = options[key];
-    if (value) {
-      searchParams.append(key, value);
-    }
-  }
-  return searchParams.toString();
-}, "toQueryString");
 class SSO {
   constructor(workos) {
     this.workos = workos;
@@ -63,33 +63,11 @@ class SSO {
   async deleteConnection(id) {
     await this.workos.delete(`/connections/${id}`);
   }
-  getAuthorizationUrl({
-    connection,
-    clientId,
-    domainHint,
-    loginHint,
-    organization,
-    provider,
-    redirectUri,
-    state
-  }) {
-    if (!provider && !connection && !organization) {
-      throw new Error(
-        `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`
-      );
-    }
-    const query = toQueryString({
-      connection,
-      organization,
-      domain_hint: domainHint,
-      login_hint: loginHint,
-      provider,
-      client_id: clientId,
-      redirect_uri: redirectUri,
-      response_type: "code",
-      state
+  getAuthorizationUrl(options) {
+    return clientSSO.getAuthorizationUrl({
+      ...options,
+      baseURL: this.workos.baseURL
     });
-    return `${this.workos.baseURL}/sso/authorize?${query}`;
   }
   async getConnection(id) {
     const { data } = await this.workos.get(

package/lib/cjs/sso/sso.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../src/sso/sso.ts"],"sourcesContent":["import { UnknownRecord } from '../common/interfaces/unknown-record.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { WorkOS } from '../workos';\nimport {\n Connection,\n ConnectionResponse,\n GetProfileAndTokenOptions,\n GetProfileOptions,\n ListConnectionsOptions,\n Profile,\n ProfileAndToken,\n ProfileAndTokenResponse,\n ProfileResponse,\n SSOAuthorizationURLOptions,\n SerializedListConnectionsOptions,\n} from './interfaces';\nimport {\n deserializeConnection,\n deserializeProfile,\n deserializeProfileAndToken,\n serializeListConnectionsOptions,\n} from './serializers';\n\nconst toQueryString = (options: Record<string, string \| undefined>): string => {\n const searchParams = new URLSearchParams();\n const keys = Object.keys(options).sort();\n\n for (const key of keys) {\n const value = options[key];\n\n if (value) {\n searchParams.append(key, value);\n }\n }\n\n return searchParams.toString();\n};\n\nexport class SSO {\n constructor(private readonly workos: WorkOS) {}\n\n async listConnections(\n options?: ListConnectionsOptions,\n ): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n options ? serializeListConnectionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n params,\n ),\n options ? serializeListConnectionsOptions(options) : undefined,\n );\n }\n async deleteConnection(id: string) {\n await this.workos.delete(`/connections/${id}`);\n }\n\n getAuthorizationUrl(~~{\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n redirectUri,\n state,\n }~~: SSOAuthorizationURLOptions): string {\n if ~~(!provider~~ ~~&& !connection && !organization) {\n throw new Error(\n `Incomplete arguments. Need~~ to ~~specify~~ ~~either a 'connection', 'organization', or 'provider'.`,\n );\n }~~\n\n ~~const~~ ~~query = toQueryString~~({\n ~~connection~~,\n ~~organization,\n domain_hint~~: ~~domainHint~~,\n ~~login_hint: loginHint,\n provider,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n~~ });\n~~\n return `${this.workos.baseURL}/sso/authorize?${query}`;\n~~ }\n\n async getConnection(id: string): Promise<Connection> {\n const { data } = await this.workos.get<ConnectionResponse>(\n `/connections/${id}`,\n );\n\n return deserializeConnection(data);\n }\n\n async getProfileAndToken<\n CustomAttributesType extends UnknownRecord = UnknownRecord,\n >({\n code,\n clientId,\n }: GetProfileAndTokenOptions): Promise<\n ProfileAndToken<CustomAttributesType>\n > {\n const form = new URLSearchParams({\n client_id: clientId,\n client_secret: this.workos.key as string,\n grant_type: 'authorization_code',\n code,\n });\n\n const { data } = await this.workos.post<\n ProfileAndTokenResponse<CustomAttributesType>\n >('/sso/token', form);\n\n return deserializeProfileAndToken(data);\n }\n\n async getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({\n accessToken,\n }: GetProfileOptions): Promise<Profile<CustomAttributesType>> {\n const { data } = await this.workos.get<\n ProfileResponse<CustomAttributesType>\n >('/sso/profile', {\n accessToken,\n });\n\n return deserializeProfile(data);\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;;;;~~AAAA;AAAA;AAAA;AAAA;AAAA;~~AACA~~,mCAAoC;AACpC,wBAAgC;AAehC,yBAKO;AAEP,MAAM,gBAAgB,wBAAC,YAAwD;AAC7E,QAAM,eAAe,IAAI,gBAAgB;AACzC,QAAM,OAAO,OAAO,KAAK,OAAO,EAAE,KAAK;AAEvC,aAAW,OAAO,MAAM;AACtB,UAAM,QAAQ,QAAQ,GAAG;AAEzB,QAAI,OAAO;AACT,mBAAa,OAAO,KAAK,KAAK;AAAA,IAChC;AAAA,EACF;AAEA,~~SAAO,aAAa,SAAS;AAC/B,GAbsB;AAef,~~MAAM,IAAI;AAAA,EACf,YAA6B,QAAgB;AAAhB;AAAA,EAAiB;AAAA,~~EAxChD~~,~~OAuCiB~~;AAAA;AAAA;AAAA,EAGf,MAAM,gBACJ,SACwE;AACxE,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,cAAU,oDAAgC,OAAO,IAAI;AAAA,MACvD;AAAA,MACA,CAAC,eACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,cAAU,oDAAgC,OAAO,IAAI;AAAA,IACvD;AAAA,EACF;AAAA,EACA,MAAM,iBAAiB,IAAY;AACjC,UAAM,KAAK,OAAO,OAAO,gBAAgB,EAAE,EAAE;AAAA,EAC/C;AAAA,EAEA,oBAAoB~~;AAAA~~,~~IAClB~~;~~AAAA~~,~~IACA;AAAA~~,~~IACA;AAAA~~,~~IACA~~;AAAA,~~IACA;AAAA~~,~~IACA~~;AAAA,~~IACA;AAAA~~,~~IACA;AAAA~~,~~EACF~~,~~GAAuC~~;~~AACrC,QAAI,CAAC,YAAY,CAAC,cAAc,CAAC,cAAc;AAC7C,YAAM,IAAI;~~AAAA,~~QACR;AAAA~~,~~MACF;AAAA,IACF;AAEA,UAAM,QAAQ,cAAc;AAAA,MAC1B;AAAA,MACA;AAAA,MACA,aAAa;AAAA,MACb,YAAY;AAAA,MACZ;AAAA,MACA,WAAW;AAAA,MACX,cAAc;AAAA,MACd,eAAe;AAAA,MACf;AAAA,IACF,~~CAAC;~~AAED,WAAO,GAAG,KAAK,OAAO,OAAO,kBAAkB,KAAK;~~AAAA,~~EACtD~~;AAAA,EAEA,MAAM,cAAc,IAAiC;AACnD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,EAAE;AAAA,IACpB;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,mBAEJ;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,IAAI,gBAAgB;AAAA,MAC/B,WAAW;AAAA,MACX,eAAe,KAAK,OAAO;AAAA,MAC3B,YAAY;AAAA,MACZ;AAAA,IACF,CAAC;AAED,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAEjC,cAAc,IAAI;AAEpB,eAAO,+CAA2B,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,WAAuE;AAAA,IAC3E;AAAA,EACF,GAA8D;AAC5D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,IAEjC,gBAAgB;AAAA,MAChB;AAAA,IACF,CAAC;AAED,eAAO,uCAAmB,IAAI;AAAA,EAChC;AACF;","names":[]}
1	+ {"version":3,"sources":["../../../src/sso/sso.ts"],"sourcesContent":["import * as clientSSO from '../client/sso';\nimport { UnknownRecord } from '../common/interfaces/unknown-record.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { WorkOS } from '../workos';\nimport {\n Connection,\n ConnectionResponse,\n GetProfileAndTokenOptions,\n GetProfileOptions,\n ListConnectionsOptions,\n Profile,\n ProfileAndToken,\n ProfileAndTokenResponse,\n ProfileResponse,\n SSOAuthorizationURLOptions,\n SerializedListConnectionsOptions,\n} from './interfaces';\nimport {\n deserializeConnection,\n deserializeProfile,\n deserializeProfileAndToken,\n serializeListConnectionsOptions,\n} from './serializers';\n\nexport class SSO {\n constructor(private readonly workos: WorkOS) {}\n\n async listConnections(\n options?: ListConnectionsOptions,\n ): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n options ? serializeListConnectionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n params,\n ),\n options ? serializeListConnectionsOptions(options) : undefined,\n );\n }\n async deleteConnection(id: string) {\n await this.workos.delete(`/connections/${id}`);\n }\n\n getAuthorizationUrl(options: SSOAuthorizationURLOptions): string {\n // Delegate to client implementation\n return clientSSO.getAuthorizationUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n async getConnection(id: string): Promise<Connection> {\n const { data } = await this.workos.get<ConnectionResponse>(\n `/connections/${id}`,\n );\n\n return deserializeConnection(data);\n }\n\n async getProfileAndToken<\n CustomAttributesType extends UnknownRecord = UnknownRecord,\n >({\n code,\n clientId,\n }: GetProfileAndTokenOptions): Promise<\n ProfileAndToken<CustomAttributesType>\n > {\n const form = new URLSearchParams({\n client_id: clientId,\n client_secret: this.workos.key as string,\n grant_type: 'authorization_code',\n code,\n });\n\n const { data } = await this.workos.post<\n ProfileAndTokenResponse<CustomAttributesType>\n >('/sso/token', form);\n\n return deserializeProfileAndToken(data);\n }\n\n async getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({\n accessToken,\n }: GetProfileOptions): Promise<Profile<CustomAttributesType>> {\n const { data } = await this.workos.get<\n ProfileResponse<CustomAttributesType>\n >('/sso/profile', {\n accessToken,\n });\n\n return deserializeProfile(data);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gBAA2B;AAE3B,mCAAoC;AACpC,wBAAgC;AAehC,yBAKO;AAEA,MAAM,IAAI;AAAA,EACf,YAA6B,QAAgB;AAAhB;AAAA,EAAiB;AAAA,EA1BhD,OAyBiB;AAAA;AAAA;AAAA,EAGf,MAAM,gBACJ,SACwE;AACxE,WAAO,IAAI;AAAA,MACT,UAAM;AAAA,QACJ,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA,cAAU,oDAAgC,OAAO,IAAI;AAAA,MACvD;AAAA,MACA,CAAC,eACC;AAAA,QACE,KAAK;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACF,cAAU,oDAAgC,OAAO,IAAI;AAAA,IACvD;AAAA,EACF;AAAA,EACA,MAAM,iBAAiB,IAAY;AACjC,UAAM,KAAK,OAAO,OAAO,gBAAgB,EAAE,EAAE;AAAA,EAC/C;AAAA,EAEA,oBAAoB,SAA6C;AAE/D,WAAO,UAAU,oBAAoB;AAAA,MACnC,GAAG;AAAA,MACH,SAAS,KAAK,OAAO;AAAA,IACvB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,IAAiC;AACnD,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO;AAAA,MACjC,gBAAgB,EAAE;AAAA,IACpB;AAEA,eAAO,0CAAsB,IAAI;AAAA,EACnC;AAAA,EAEA,MAAM,mBAEJ;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,IAAI,gBAAgB;AAAA,MAC/B,WAAW;AAAA,MACX,eAAe,KAAK,OAAO;AAAA,MAC3B,YAAY;AAAA,MACZ;AAAA,IACF,CAAC;AAED,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,KAEjC,cAAc,IAAI;AAEpB,eAAO,+CAA2B,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,WAAuE;AAAA,IAC3E;AAAA,EACF,GAA8D;AAC5D,UAAM,EAAE,KAAK,IAAI,MAAM,KAAK,OAAO,IAEjC,gBAAgB;AAAA,MAChB;AAAA,IACF,CAAC;AAED,eAAO,uCAAmB,IAAI;AAAA,EAChC;AACF;","names":[]}

package/lib/cjs/sso/sso.d.cts CHANGED Viewed

@@ -1,6 +1,6 @@
 import '../common/interfaces/unknown-record.interface.cjs';
 import '../common/utils/pagination.cjs';
-export { S as SSO } from '../workos-Da6gE2T5.cjs';
+export { S as SSO } from '../workos-Bt8QqzZV.cjs';
 import './interfaces/authorization-url-options.interface.cjs';
 import './interfaces/connection.interface.cjs';
 import './interfaces/get-profile-options.interface.cjs';
@@ -61,6 +61,7 @@ import '../audit-logs/interfaces/audit-log-export.interface.cjs';
 import '../audit-logs/interfaces/create-audit-log-event-options.interface.cjs';
 import '../audit-logs/interfaces/create-audit-log-schema-options.interface.cjs';
 import 'jose';
+import '../user-management-B38wNrIN.cjs';
 import '../user-management/interfaces/authenticate-with-code-options.interface.cjs';
 import '../user-management/interfaces/authenticate-with-options-base.interface.cjs';
 import '../user-management/interfaces/authenticate-with-code-and-verifier-options.interface.cjs';

package/lib/cjs/sso-BkBnkcTC.d.cts ADDED Viewed

@@ -0,0 +1,22 @@
+import { SSOAuthorizationURLOptions as SSOAuthorizationURLOptions$1 } from './sso/interfaces/authorization-url-options.interface.cjs';
+type SSOAuthorizationURLOptions = SSOAuthorizationURLOptions$1 & {
+    baseURL?: string;
+};
+/**
+ * Generates the authorization URL for SSO authentication.
+ * Does not require an API key, suitable for OAuth client operations.
+ *
+ * @param options - SSO authorization URL options
+ * @returns The authorization URL as a string
+ * @throws Error if required arguments are missing
+ */
+declare function getAuthorizationUrl(options: SSOAuthorizationURLOptions): string;
+type sso_SSOAuthorizationURLOptions = SSOAuthorizationURLOptions;
+declare const sso_getAuthorizationUrl: typeof getAuthorizationUrl;
+declare namespace sso {
+  export { type sso_SSOAuthorizationURLOptions as SSOAuthorizationURLOptions, sso_getAuthorizationUrl as getAuthorizationUrl };
+}
+export { type SSOAuthorizationURLOptions as S, getAuthorizationUrl as g, sso as s };

package/lib/cjs/sso-Cdnhezcz.d.cts ADDED Viewed

@@ -0,0 +1,31 @@
+interface SSOAuthorizationURLOptions {
+    clientId: string;
+    connection?: string;
+    organization?: string;
+    domainHint?: string;
+    loginHint?: string;
+    provider?: string;
+    providerQueryParams?: Record<string, string | boolean | number>;
+    providerScopes?: string[];
+    redirectUri: string;
+    state?: string;
+}
+/**
+ * Generates the authorization URL for SSO authentication.
+ * This method is safe to use in browser environments as it doesn't require an API key.
+ *
+ * @param options - SSO authorization URL options
+ * @returns The authorization URL as a string
+ * @throws Error if required arguments are missing
+ */
+declare function getAuthorizationUrl(options: SSOAuthorizationURLOptions & {
+    baseURL?: string;
+}): string;
+type sso_SSOAuthorizationURLOptions = SSOAuthorizationURLOptions;
+declare const sso_getAuthorizationUrl: typeof getAuthorizationUrl;
+declare namespace sso {
+  export { type sso_SSOAuthorizationURLOptions as SSOAuthorizationURLOptions, sso_getAuthorizationUrl as getAuthorizationUrl };
+}
+export { type SSOAuthorizationURLOptions as S, getAuthorizationUrl as g, sso as s };

package/lib/cjs/sso-DwRz-nPM.d.cts ADDED Viewed

@@ -0,0 +1,31 @@
+interface SSOAuthorizationURLOptions {
+    clientId: string;
+    connection?: string;
+    organization?: string;
+    domainHint?: string;
+    loginHint?: string;
+    provider?: string;
+    providerQueryParams?: Record<string, string | boolean | number>;
+    providerScopes?: string[];
+    redirectUri: string;
+    state?: string;
+}
+/**
+ * Generates the authorization URL for SSO authentication.
+ * Does not require an API key, suitable for OAuth client operations.
+ *
+ * @param options - SSO authorization URL options
+ * @returns The authorization URL as a string
+ * @throws Error if required arguments are missing
+ */
+declare function getAuthorizationUrl(options: SSOAuthorizationURLOptions & {
+    baseURL?: string;
+}): string;
+type sso_SSOAuthorizationURLOptions = SSOAuthorizationURLOptions;
+declare const sso_getAuthorizationUrl: typeof getAuthorizationUrl;
+declare namespace sso {
+  export { type sso_SSOAuthorizationURLOptions as SSOAuthorizationURLOptions, sso_getAuthorizationUrl as getAuthorizationUrl };
+}
+export { type SSOAuthorizationURLOptions as S, getAuthorizationUrl as g, sso as s };

package/lib/cjs/user-management/interfaces/authenticate-with-session-cookie.interface.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/user-management/interfaces/authenticate-with-session-cookie.interface.ts"],"sourcesContent":["import { AuthenticationResponse } from './authentication-response.interface';\nimport { Impersonator } from './impersonator.interface';\nimport { User } from './user.interface';\n\nexport interface AuthenticateWithSessionCookieOptions {\n sessionData: string;\n cookiePassword?: string;\n}\n\nexport interface AccessToken {\n sid: string;\n org_id?: string;\n role?: string;\n permissions?: string[];\n entitlements?: string[];\n feature_flags?: string[];\n}\n\nexport type SessionCookieData = Pick<\n AuthenticationResponse,\n 'accessToken' \| 'impersonator' \| 'organizationId' \| 'refreshToken' \| 'user'\n>;\n\nexport enum AuthenticateWithSessionCookieFailureReason {\n INVALID_JWT = 'invalid_jwt',\n INVALID_SESSION_COOKIE = 'invalid_session_cookie',\n NO_SESSION_COOKIE_PROVIDED = 'no_session_cookie_provided',\n}\n\nexport type AuthenticateWithSessionCookieFailedResponse = {\n authenticated: false;\n reason: AuthenticateWithSessionCookieFailureReason;\n};\n\nexport type AuthenticateWithSessionCookieSuccessResponse = {\n authenticated: true;\n sessionId: string;\n organizationId?: string;\n role?: string;\n permissions?: string[];\n entitlements?: string[];\n featureFlags?: string[];\n user: User;\n impersonator?: Impersonator;\n accessToken: string;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;~~AAuBO~~,IAAK,6CAAL,kBAAKA,gDAAL;AACL,EAAAA,4CAAA,iBAAc;AACd,EAAAA,4CAAA,4BAAyB;AACzB,EAAAA,4CAAA,gCAA6B;AAHnB,SAAAA;AAAA,GAAA;","names":["AuthenticateWithSessionCookieFailureReason"]}
1	+ {"version":3,"sources":["../../../../src/user-management/interfaces/authenticate-with-session-cookie.interface.ts"],"sourcesContent":["import { AuthenticationResponse } from './authentication-response.interface';\nimport { Impersonator } from './impersonator.interface';\nimport { User } from './user.interface';\n\nexport interface AuthenticateWithSessionCookieOptions {\n sessionData: string;\n cookiePassword?: string;\n}\n\nexport interface AccessToken {\n sid: string;\n org_id?: string;\n role?: string;\n roles?: string[];\n permissions?: string[];\n entitlements?: string[];\n feature_flags?: string[];\n}\n\nexport type SessionCookieData = Pick<\n AuthenticationResponse,\n 'accessToken' \| 'impersonator' \| 'organizationId' \| 'refreshToken' \| 'user'\n>;\n\nexport enum AuthenticateWithSessionCookieFailureReason {\n INVALID_JWT = 'invalid_jwt',\n INVALID_SESSION_COOKIE = 'invalid_session_cookie',\n NO_SESSION_COOKIE_PROVIDED = 'no_session_cookie_provided',\n}\n\nexport type AuthenticateWithSessionCookieFailedResponse = {\n authenticated: false;\n reason: AuthenticateWithSessionCookieFailureReason;\n};\n\nexport type AuthenticateWithSessionCookieSuccessResponse = {\n authenticated: true;\n sessionId: string;\n organizationId?: string;\n role?: string;\n roles?: string[];\n permissions?: string[];\n entitlements?: string[];\n featureFlags?: string[];\n user: User;\n impersonator?: Impersonator;\n accessToken: string;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAwBO,IAAK,6CAAL,kBAAKA,gDAAL;AACL,EAAAA,4CAAA,iBAAc;AACd,EAAAA,4CAAA,4BAAyB;AACzB,EAAAA,4CAAA,gCAA6B;AAHnB,SAAAA;AAAA,GAAA;","names":["AuthenticateWithSessionCookieFailureReason"]}

package/lib/cjs/user-management/interfaces/authenticate-with-session-cookie.interface.d.cts CHANGED Viewed

@@ -11,6 +11,7 @@ interface AccessToken {
     sid: string;
     org_id?: string;
     role?: string;
+    roles?: string[];
     permissions?: string[];
     entitlements?: string[];
     feature_flags?: string[];
@@ -30,6 +31,7 @@ type AuthenticateWithSessionCookieSuccessResponse = {
     sessionId: string;
     organizationId?: string;
     role?: string;
+    roles?: string[];
     permissions?: string[];
     entitlements?: string[];
     featureFlags?: string[];

package/lib/cjs/user-management/interfaces/authentication-response.interface.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/user-management/interfaces/authentication-response.interface.ts"],"sourcesContent":["import { Impersonator, ImpersonatorResponse } from './impersonator.interface';\nimport { OauthTokens, OauthTokensResponse } from './oauth-tokens.interface';\nimport { User, UserResponse } from './user.interface';\n\ntype AuthenticationMethod =\n \| 'SSO'\n \| 'Password'\n \| 'Passkey'\n \| 'AppleOAuth'\n \| 'GitHubOAuth'\n \| 'GoogleOAuth'\n \| 'MicrosoftOAuth'\n \| 'MagicAuth'\n \| 'Impersonation';\n\nexport interface AuthenticationResponse {\n user: User;\n organizationId?: string;\n accessToken: string;\n refreshToken: string;\n impersonator?: Impersonator;\n authenticationMethod?: AuthenticationMethod;\n sealedSession?: string;\n oauthTokens?: OauthTokens;\n}\n\nexport interface AuthenticationResponseResponse {\n user: UserResponse;\n organization_id?: string;\n access_token: string;\n refresh_token: string;\n impersonator?: ImpersonatorResponse;\n authentication_method?: AuthenticationMethod;\n oauth_tokens?: OauthTokensResponse;\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
1	+ {"version":3,"sources":["../../../../src/user-management/interfaces/authentication-response.interface.ts"],"sourcesContent":["import { Impersonator, ImpersonatorResponse } from './impersonator.interface';\nimport { OauthTokens, OauthTokensResponse } from './oauth-tokens.interface';\nimport { User, UserResponse } from './user.interface';\n\ntype AuthenticationMethod =\n \| 'SSO'\n \| 'Password'\n \| 'Passkey'\n \| 'AppleOAuth'\n \| 'GitHubOAuth'\n \| 'GoogleOAuth'\n \| 'MicrosoftOAuth'\n \| 'SalesforceOAuth'\n \| 'MagicAuth'\n \| 'Impersonation';\n\nexport interface AuthenticationResponse {\n user: User;\n organizationId?: string;\n accessToken: string;\n refreshToken: string;\n impersonator?: Impersonator;\n authenticationMethod?: AuthenticationMethod;\n sealedSession?: string;\n oauthTokens?: OauthTokens;\n}\n\nexport interface AuthenticationResponseResponse {\n user: UserResponse;\n organization_id?: string;\n access_token: string;\n refresh_token: string;\n impersonator?: ImpersonatorResponse;\n authentication_method?: AuthenticationMethod;\n oauth_tokens?: OauthTokensResponse;\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/lib/cjs/user-management/interfaces/authentication-response.interface.d.cts CHANGED Viewed

@@ -2,7 +2,7 @@ import { Impersonator, ImpersonatorResponse } from './impersonator.interface.cjs
 import { OauthTokens, OauthTokensResponse } from './oauth-tokens.interface.cjs';
 import { User, UserResponse } from './user.interface.cjs';
-type AuthenticationMethod = 'SSO' | 'Password' | 'Passkey' | 'AppleOAuth' | 'GitHubOAuth' | 'GoogleOAuth' | 'MicrosoftOAuth' | 'MagicAuth' | 'Impersonation';
+type AuthenticationMethod = 'SSO' | 'Password' | 'Passkey' | 'AppleOAuth' | 'GitHubOAuth' | 'GoogleOAuth' | 'MicrosoftOAuth' | 'SalesforceOAuth' | 'MagicAuth' | 'Impersonation';
 interface AuthenticationResponse {
     user: User;
     organizationId?: string;

package/lib/cjs/user-management/interfaces/create-organization-membership-options.interface.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/user-management/interfaces/create-organization-membership-options.interface.ts"],"sourcesContent":["export interface CreateOrganizationMembershipOptions {\n organizationId: string;\n userId: string;\n roleSlug?: string;\n}\n\nexport interface SerializedCreateOrganizationMembershipOptions {\n organization_id: string;\n user_id: string;\n role_slug?: string;\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
1	+ {"version":3,"sources":["../../../../src/user-management/interfaces/create-organization-membership-options.interface.ts"],"sourcesContent":["export interface CreateOrganizationMembershipOptions {\n organizationId: string;\n userId: string;\n roleSlug?: string;\n roleSlugs?: string[];\n}\n\nexport interface SerializedCreateOrganizationMembershipOptions {\n organization_id: string;\n user_id: string;\n role_slug?: string;\n role_slugs?: string[];\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/lib/cjs/user-management/interfaces/create-organization-membership-options.interface.d.cts CHANGED Viewed

@@ -2,11 +2,13 @@ interface CreateOrganizationMembershipOptions {
     organizationId: string;
     userId: string;
     roleSlug?: string;
+    roleSlugs?: string[];
 }
 interface SerializedCreateOrganizationMembershipOptions {
     organization_id: string;
     user_id: string;
     role_slug?: string;
+    role_slugs?: string[];
 }
 export type { CreateOrganizationMembershipOptions, SerializedCreateOrganizationMembershipOptions };

package/lib/cjs/user-management/interfaces/identity.interface.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/user-management/interfaces/identity.interface.ts"],"sourcesContent":["export interface Identity {\n idpId: string;\n type: 'OAuth';\n provider: 'AppleOAuth' \| 'GoogleOAuth' \| 'GitHubOAuth' \| 'MicrosoftOAuth';\n}\n\nexport interface IdentityResponse {\n idp_id: string;\n type: 'OAuth';\n provider: 'AppleOAuth' \| 'GoogleOAuth' \| 'GitHubOAuth' \| 'MicrosoftOAuth';\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
1	+ {"version":3,"sources":["../../../../src/user-management/interfaces/identity.interface.ts"],"sourcesContent":["export interface Identity {\n idpId: string;\n type: 'OAuth';\n provider:\n \| 'AppleOAuth'\n \| 'GoogleOAuth'\n \| 'GitHubOAuth'\n \| 'MicrosoftOAuth'\n \| 'SalesforceOAuth';\n}\n\nexport interface IdentityResponse {\n idp_id: string;\n type: 'OAuth';\n provider:\n \| 'AppleOAuth'\n \| 'GoogleOAuth'\n \| 'GitHubOAuth'\n \| 'MicrosoftOAuth'\n \| 'SalesforceOAuth';\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}