@workos-inc/node 8.0.0-beta.3 → 8.0.0-beta.4

package/lib/cjs/user-management-B-71OTAR.d.cts

@@ -0,0 +1,401 @@
+import { createRemoteJWKSet } from 'jose';
+import { PaginationOptions } from './common/interfaces/pagination-options.interface.cjs';
+import { AutoPaginatable } from './common/utils/pagination.cjs';
+import { Challenge } from './mfa/interfaces/challenge.interface.cjs';
+import { GetOptions } from './common/interfaces/get-options.interface.cjs';
+import { PostOptions } from './common/interfaces/post-options.interface.cjs';
+import { PutOptions } from './common/interfaces/put-options.interface.cjs';
+import { WorkOSOptions } from './common/interfaces/workos-options.interface.cjs';
+import { Directory } from './directory-sync/interfaces/directory.interface.cjs';
+import { DirectoryGroup } from './directory-sync/interfaces/directory-group.interface.cjs';
+import { ListDirectoriesOptions, SerializedListDirectoriesOptions } from './directory-sync/interfaces/list-directories-options.interface.cjs';
+import { ListDirectoryGroupsOptions } from './directory-sync/interfaces/list-groups-options.interface.cjs';
+import { ListDirectoryUsersOptions } from './directory-sync/interfaces/list-directory-users-options.interface.cjs';
+import { DefaultCustomAttributes, DirectoryUserWithGroups } from './directory-sync/interfaces/directory-user.interface.cjs';
+import { ListEventOptions } from './events/interfaces/list-events-options.interface.cjs';
+import { Event } from './common/interfaces/event.interface.cjs';
+import { List } from './common/interfaces/list.interface.cjs';
+import { CreateOrganizationOptions, CreateOrganizationRequestOptions } from './organizations/interfaces/create-organization-options.interface.cjs';
+import { FeatureFlag } from './organizations/interfaces/feature-flag.interface.cjs';
+import { ListOrganizationFeatureFlagsOptions } from './organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
+import { ListOrganizationsOptions } from './organizations/interfaces/list-organizations-options.interface.cjs';
+import { Organization } from './organizations/interfaces/organization.interface.cjs';
+import { UpdateOrganizationOptions } from './organizations/interfaces/update-organization-options.interface.cjs';
+import { RoleList } from './roles/interfaces/role.interface.cjs';
+import { ListOrganizationRolesOptions } from './organizations/interfaces/list-organization-roles-options.interface.cjs';
+import { CreateOrganizationDomainOptions } from './organization-domains/interfaces/create-organization-domain-options.interface.cjs';
+import { OrganizationDomain } from './organization-domains/interfaces/organization-domain.interface.cjs';
+import { PasswordlessSession } from './passwordless/interfaces/passwordless-session.interface.cjs';
+import { CreatePasswordlessSessionOptions } from './passwordless/interfaces/create-passwordless-session-options.interface.cjs';
+import { SendSessionResponse } from './passwordless/interfaces/send-session-response.interface.cjs';
+import { GeneratePortalLinkIntent } from './portal/interfaces/generate-portal-link-intent.interface.cjs';
+import { UnknownRecord } from './common/interfaces/unknown-record.interface.cjs';
+import { SSOAuthorizationURLOptions } from './sso/interfaces/authorization-url-options.interface.cjs';
+import { Connection } from './sso/interfaces/connection.interface.cjs';
+import { GetProfileOptions } from './sso/interfaces/get-profile-options.interface.cjs';
+import { GetProfileAndTokenOptions } from './sso/interfaces/get-profile-and-token-options.interface.cjs';
+import { ListConnectionsOptions, SerializedListConnectionsOptions } from './sso/interfaces/list-connections-options.interface.cjs';
+import { ProfileAndToken } from './sso/interfaces/profile-and-token.interface.cjs';
+import { Profile } from './sso/interfaces/profile.interface.cjs';
+import { Webhooks } from './webhooks/webhooks.cjs';
+import { ChallengeFactorOptions } from './mfa/interfaces/challenge-factor-options.cjs';
+import { EnrollFactorOptions } from './mfa/interfaces/enroll-factor-options.cjs';
+import { Factor, FactorWithSecrets } from './mfa/interfaces/factor.interface.cjs';
+import { VerifyChallengeOptions } from './mfa/interfaces/verify-challenge-options.cjs';
+import { VerifyResponse } from './mfa/interfaces/verify-challenge-response.cjs';
+import { AuditLogExportOptions } from './audit-logs/interfaces/audit-log-export-options.interface.cjs';
+import { AuditLogExport } from './audit-logs/interfaces/audit-log-export.interface.cjs';
+import { CreateAuditLogEventOptions, CreateAuditLogEventRequestOptions } from './audit-logs/interfaces/create-audit-log-event-options.interface.cjs';
+import { CreateAuditLogSchemaOptions, CreateAuditLogSchemaRequestOptions, AuditLogSchema } from './audit-logs/interfaces/create-audit-log-schema-options.interface.cjs';
+import { AuthenticateWithCodeOptions } from './user-management/interfaces/authenticate-with-code-options.interface.cjs';
+import { AuthenticateWithCodeAndVerifierOptions } from './user-management/interfaces/authenticate-with-code-and-verifier-options.interface.cjs';
+import { AuthenticateWithEmailVerificationOptions } from './user-management/interfaces/authenticate-with-email-verification-options.interface.cjs';
+import { AuthenticateWithMagicAuthOptions } from './user-management/interfaces/authenticate-with-magic-auth-options.interface.cjs';
+import { AuthenticateWithOrganizationSelectionOptions } from './user-management/interfaces/authenticate-with-organization-selection.interface.cjs';
+import { AuthenticateWithPasswordOptions } from './user-management/interfaces/authenticate-with-password-options.interface.cjs';
+import { AuthenticateWithRefreshTokenOptions } from './user-management/interfaces/authenticate-with-refresh-token-options.interface.cjs';
+import { AuthenticateWithSessionCookieSuccessResponse, AuthenticateWithSessionCookieFailedResponse, AuthenticateWithSessionCookieOptions, SessionCookieData } from './user-management/interfaces/authenticate-with-session-cookie.interface.cjs';
+import { AuthenticateWithTotpOptions } from './user-management/interfaces/authenticate-with-totp-options.interface.cjs';
+import { AuthenticationResponse } from './user-management/interfaces/authentication-response.interface.cjs';
+import { UserManagementAuthorizationURLOptions } from './user-management/interfaces/authorization-url-options.interface.cjs';
+import { CreateMagicAuthOptions } from './user-management/interfaces/create-magic-auth-options.interface.cjs';
+import { CreateOrganizationMembershipOptions } from './user-management/interfaces/create-organization-membership-options.interface.cjs';
+import { CreatePasswordResetOptions } from './user-management/interfaces/create-password-reset-options.interface.cjs';
+import { CreateUserOptions } from './user-management/interfaces/create-user-options.interface.cjs';
+import { EmailVerification } from './user-management/interfaces/email-verification.interface.cjs';
+import { EnrollAuthFactorOptions } from './user-management/interfaces/enroll-auth-factor.interface.cjs';
+import { FactorWithSecrets as FactorWithSecrets$1, Factor as Factor$1 } from './user-management/interfaces/factor.interface.cjs';
+import { Identity } from './user-management/interfaces/identity.interface.cjs';
+import { Invitation } from './user-management/interfaces/invitation.interface.cjs';
+import { ListAuthFactorsOptions } from './user-management/interfaces/list-auth-factors-options.interface.cjs';
+import { ListInvitationsOptions, SerializedListInvitationsOptions } from './user-management/interfaces/list-invitations-options.interface.cjs';
+import { ListOrganizationMembershipsOptions, SerializedListOrganizationMembershipsOptions } from './user-management/interfaces/list-organization-memberships-options.interface.cjs';
+import { ListSessionsOptions, SerializedListSessionsOptions } from './user-management/interfaces/list-sessions-options.interface.cjs';
+import { ListUsersOptions, SerializedListUsersOptions } from './user-management/interfaces/list-users-options.interface.cjs';
+import { MagicAuth } from './user-management/interfaces/magic-auth.interface.cjs';
+import { OrganizationMembership } from './user-management/interfaces/organization-membership.interface.cjs';
+import { PasswordReset } from './user-management/interfaces/password-reset.interface.cjs';
+import { ResetPasswordOptions } from './user-management/interfaces/reset-password-options.interface.cjs';
+import { RevokeSessionOptions } from './user-management/interfaces/revoke-session-options.interface.cjs';
+import { SendInvitationOptions } from './user-management/interfaces/send-invitation-options.interface.cjs';
+import { SendVerificationEmailOptions } from './user-management/interfaces/send-verification-email-options.interface.cjs';
+import { Session } from './user-management/interfaces/session.interface.cjs';
+import { UpdateOrganizationMembershipOptions } from './user-management/interfaces/update-organization-membership-options.interface.cjs';
+import { UpdateUserOptions } from './user-management/interfaces/update-user-options.interface.cjs';
+import { User } from './user-management/interfaces/user.interface.cjs';
+import { VerifyEmailOptions } from './user-management/interfaces/verify-email-options.interface.cjs';
+import { SessionHandlerOptions } from './user-management/interfaces/session-handler-options.interface.cjs';
+import { RefreshSessionResponse } from './user-management/interfaces/refresh-and-seal-session-data.interface.cjs';
+import { CheckOptions, CheckRequestOptions, CheckResult, CheckBatchOptions } from './fga/interfaces/check.interface.cjs';
+import { QueryOptions, QueryRequestOptions, QueryResult, SerializedQueryOptions } from './fga/interfaces/query.interface.cjs';
+import { CreateResourceOptions, Resource, ResourceInterface, ResourceOptions, ListResourcesOptions, SerializedListResourcesOptions, UpdateResourceOptions, DeleteResourceOptions, BatchWriteResourcesOptions } from './fga/interfaces/resource.interface.cjs';
+import { WarrantToken } from './fga/interfaces/warrant-token.interface.cjs';
+import { WriteWarrantOptions, ListWarrantsOptions, ListWarrantsRequestOptions, Warrant, SerializedListWarrantsOptions } from './fga/interfaces/warrant.interface.cjs';
+import { FgaPaginatable } from './fga/utils/fga-paginatable.cjs';
+import { HttpClient } from './common/net/http-client.cjs';
+import { GetTokenOptions } from './widgets/interfaces/get-token.cjs';
+import { Actions } from './actions/actions.cjs';
+import { CreateDataKeyOptions } from './vault/interfaces/key/create-data-key.interface.cjs';
+import { DecryptDataKeyOptions } from './vault/interfaces/key/decrypt-data-key.interface.cjs';
+import { DataKeyPair, DataKey, KeyContext } from './vault/interfaces/key.interface.cjs';
+import { CreateObjectOptions } from './vault/interfaces/object/create-object.interface.cjs';
+import { DeleteObjectOptions } from './vault/interfaces/object/delete-object.interface.cjs';
+import { ReadObjectOptions } from './vault/interfaces/object/read-object.interface.cjs';
+import { UpdateObjectOptions } from './vault/interfaces/object/update-object.interface.cjs';
+import { ObjectMetadata, ObjectDigest, ObjectVersion, VaultObject } from './vault/interfaces/object.interface.cjs';
+import { CryptoProvider } from './common/crypto/crypto-provider.cjs';
+
+declare class DirectorySync {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    listDirectories(options?: ListDirectoriesOptions): Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>;
+    getDirectory(id: string): Promise<Directory>;
+    deleteDirectory(id: string): Promise<void>;
+    listGroups(options: ListDirectoryGroupsOptions): Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>;
+    listUsers<TCustomAttributes extends object = DefaultCustomAttributes>(options: ListDirectoryUsersOptions): Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>;
+    getUser<TCustomAttributes extends object = DefaultCustomAttributes>(user: string): Promise<DirectoryUserWithGroups<TCustomAttributes>>;
+    getGroup(group: string): Promise<DirectoryGroup>;
+}
+
+declare class Events {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    listEvents(options: ListEventOptions): Promise<List<Event>>;
+}
+
+declare class Organizations {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    listOrganizations(options?: ListOrganizationsOptions): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>>;
+    createOrganization(payload: CreateOrganizationOptions, requestOptions?: CreateOrganizationRequestOptions): Promise<Organization>;
+    deleteOrganization(id: string): Promise<void>;
+    getOrganization(id: string): Promise<Organization>;
+    getOrganizationByExternalId(externalId: string): Promise<Organization>;
+    updateOrganization(options: UpdateOrganizationOptions): Promise<Organization>;
+    listOrganizationRoles(options: ListOrganizationRolesOptions): Promise<RoleList>;
+    listOrganizationFeatureFlags(options: ListOrganizationFeatureFlagsOptions): Promise<AutoPaginatable<FeatureFlag, ListOrganizationFeatureFlagsOptions>>;
+}
+
+declare class OrganizationDomains {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    get(id: string): Promise<OrganizationDomain>;
+    verify(id: string): Promise<OrganizationDomain>;
+    create(payload: CreateOrganizationDomainOptions): Promise<OrganizationDomain>;
+    delete(id: string): Promise<void>;
+}
+
+declare class Passwordless {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    createSession({ redirectURI, expiresIn, ...options }: CreatePasswordlessSessionOptions): Promise<PasswordlessSession>;
+    sendSession(sessionId: string): Promise<SendSessionResponse>;
+}
+
+declare class Portal {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    generateLink({ intent, organization, returnUrl, successUrl, }: {
+        intent: GeneratePortalLinkIntent;
+        organization: string;
+        returnUrl?: string;
+        successUrl?: string;
+    }): Promise<{
+        link: string;
+    }>;
+}
+
+declare class SSO {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    listConnections(options?: ListConnectionsOptions): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>>;
+    deleteConnection(id: string): Promise<void>;
+    getAuthorizationUrl({ connection, clientId, domainHint, loginHint, organization, provider, providerQueryParams, providerScopes, redirectUri, state, }: SSOAuthorizationURLOptions): string;
+    getConnection(id: string): Promise<Connection>;
+    getProfileAndToken<CustomAttributesType extends UnknownRecord = UnknownRecord>({ code, clientId, }: GetProfileAndTokenOptions): Promise<ProfileAndToken<CustomAttributesType>>;
+    getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({ accessToken, }: GetProfileOptions): Promise<Profile<CustomAttributesType>>;
+}
+
+declare class Mfa {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    deleteFactor(id: string): Promise<void>;
+    getFactor(id: string): Promise<Factor>;
+    enrollFactor(options: EnrollFactorOptions): Promise<FactorWithSecrets>;
+    challengeFactor(options: ChallengeFactorOptions): Promise<Challenge>;
+    verifyChallenge(options: VerifyChallengeOptions): Promise<VerifyResponse>;
+}
+
+declare class AuditLogs {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    createEvent(organization: string, event: CreateAuditLogEventOptions, options?: CreateAuditLogEventRequestOptions): Promise<void>;
+    createExport(options: AuditLogExportOptions): Promise<AuditLogExport>;
+    getExport(auditLogExportId: string): Promise<AuditLogExport>;
+    createSchema(schema: CreateAuditLogSchemaOptions, options?: CreateAuditLogSchemaRequestOptions): Promise<AuditLogSchema>;
+}
+
+declare class FGA {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    check(checkOptions: CheckOptions, options?: CheckRequestOptions): Promise<CheckResult>;
+    checkBatch(checkOptions: CheckBatchOptions, options?: CheckRequestOptions): Promise<CheckResult[]>;
+    createResource(resource: CreateResourceOptions): Promise<Resource>;
+    getResource(resource: ResourceInterface | ResourceOptions): Promise<Resource>;
+    listResources(options?: ListResourcesOptions): Promise<AutoPaginatable<Resource, SerializedListResourcesOptions>>;
+    updateResource(options: UpdateResourceOptions): Promise<Resource>;
+    deleteResource(resource: DeleteResourceOptions): Promise<void>;
+    batchWriteResources(options: BatchWriteResourcesOptions): Promise<Resource[]>;
+    writeWarrant(options: WriteWarrantOptions): Promise<WarrantToken>;
+    batchWriteWarrants(options: WriteWarrantOptions[]): Promise<WarrantToken>;
+    listWarrants(options?: ListWarrantsOptions, requestOptions?: ListWarrantsRequestOptions): Promise<AutoPaginatable<Warrant, SerializedListWarrantsOptions>>;
+    query(options: QueryOptions, requestOptions?: QueryRequestOptions): Promise<FgaPaginatable<QueryResult, SerializedQueryOptions>>;
+}
+
+declare class Widgets {
+    private readonly workos;
+    constructor(workos: WorkOS);
+    getToken(payload: GetTokenOptions): Promise<string>;
+}
+
+declare class Vault {
+    private readonly workos;
+    private cryptoProvider;
+    constructor(workos: WorkOS);
+    private decode;
+    createObject(options: CreateObjectOptions): Promise<ObjectMetadata>;
+    listObjects(options?: PaginationOptions | undefined): Promise<List<ObjectDigest>>;
+    listObjectVersions(options: ReadObjectOptions): Promise<ObjectVersion[]>;
+    readObject(options: ReadObjectOptions): Promise<VaultObject>;
+    describeObject(options: ReadObjectOptions): Promise<VaultObject>;
+    updateObject(options: UpdateObjectOptions): Promise<VaultObject>;
+    deleteObject(options: DeleteObjectOptions): Promise<void>;
+    createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair>;
+    decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey>;
+    encrypt(data: string, context: KeyContext, associatedData?: string): Promise<string>;
+    decrypt(encryptedData: string, associatedData?: string): Promise<string>;
+}
+
+declare class WorkOSBase {
+    readonly key?: string | undefined;
+    readonly options: WorkOSOptions;
+    readonly baseURL: string;
+    readonly client: HttpClient;
+    readonly clientId?: string;
+    readonly actions: Actions;
+    readonly auditLogs: AuditLogs;
+    readonly directorySync: DirectorySync;
+    readonly organizations: Organizations;
+    readonly organizationDomains: OrganizationDomains;
+    readonly passwordless: Passwordless;
+    readonly portal: Portal;
+    readonly sso: SSO;
+    readonly webhooks: Webhooks;
+    readonly mfa: Mfa;
+    readonly events: Events;
+    readonly userManagement: UserManagement;
+    readonly fga: FGA;
+    readonly widgets: Widgets;
+    readonly vault: Vault;
+    constructor(key?: string | undefined, options?: WorkOSOptions);
+    createWebhookClient(): Webhooks;
+    createActionsClient(): Actions;
+    getCryptoProvider(): CryptoProvider;
+    createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
+    get version(): string;
+    post<Result = any, Entity = any>(path: string, entity: Entity, options?: PostOptions): Promise<{
+        data: Result;
+    }>;
+    get<Result = any>(path: string, options?: GetOptions): Promise<{
+        data: Result;
+    }>;
+    put<Result = any, Entity = any>(path: string, entity: Entity, options?: PutOptions): Promise<{
+        data: Result;
+    }>;
+    delete(path: string, query?: any): Promise<void>;
+    emitWarning(warning: string): void;
+    private handleParseError;
+    private handleHttpError;
+}
+declare class WorkOS extends WorkOSBase {
+    readonly options: WorkOSOptions;
+    constructor(key?: string, options?: WorkOSOptions);
+}
+
+type RefreshOptions = {
+    cookiePassword?: string;
+    organizationId?: string;
+};
+declare class CookieSession {
+    private jwks;
+    private userManagement;
+    private cookiePassword;
+    private sessionData;
+    constructor(userManagement: UserManagement, sessionData: string, cookiePassword: string);
+    /**
+     * Authenticates a user with a session cookie.
+     *
+     * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.
+     */
+    authenticate(): Promise<AuthenticateWithSessionCookieSuccessResponse | AuthenticateWithSessionCookieFailedResponse>;
+    /**
+     * Refreshes the user's session.
+     *
+     * @param options - Optional options for refreshing the session.
+     * @param options.cookiePassword - The password to use for the new session cookie.
+     * @param options.organizationId - The organization ID to use for the new session cookie.
+     * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.
+     */
+    refresh(options?: RefreshOptions): Promise<RefreshSessionResponse>;
+    /**
+     * Gets the URL to redirect the user to for logging out.
+     *
+     * @returns The URL to redirect the user to for logging out.
+     */
+    getLogoutUrl({ returnTo, }?: {
+        returnTo?: string;
+    }): Promise<string>;
+    private isValidJwt;
+}
+
+declare class UserManagement {
+    private readonly workos;
+    private _jwks;
+    clientId: string | undefined;
+    constructor(workos: WorkOS);
+    get jwks(): ReturnType<typeof createRemoteJWKSet> | undefined;
+    /**
+     * Loads a sealed session using the provided session data and cookie password.
+     *
+     * @param options - The options for loading the sealed session.
+     * @param options.sessionData - The sealed session data.
+     * @param options.cookiePassword - The password used to encrypt the session data.
+     * @returns The session class.
+     */
+    loadSealedSession(options: {
+        sessionData: string;
+        cookiePassword: string;
+    }): CookieSession;
+    getUser(userId: string): Promise<User>;
+    getUserByExternalId(externalId: string): Promise<User>;
+    listUsers(options?: ListUsersOptions): Promise<AutoPaginatable<User, SerializedListUsersOptions>>;
+    createUser(payload: CreateUserOptions): Promise<User>;
+    authenticateWithMagicAuth(payload: AuthenticateWithMagicAuthOptions): Promise<AuthenticationResponse>;
+    authenticateWithPassword(payload: AuthenticateWithPasswordOptions): Promise<AuthenticationResponse>;
+    authenticateWithCode(payload: AuthenticateWithCodeOptions): Promise<AuthenticationResponse>;
+    authenticateWithCodeAndVerifier(payload: AuthenticateWithCodeAndVerifierOptions): Promise<AuthenticationResponse>;
+    authenticateWithRefreshToken(payload: AuthenticateWithRefreshTokenOptions): Promise<AuthenticationResponse>;
+    authenticateWithTotp(payload: AuthenticateWithTotpOptions): Promise<AuthenticationResponse>;
+    authenticateWithEmailVerification(payload: AuthenticateWithEmailVerificationOptions): Promise<AuthenticationResponse>;
+    authenticateWithOrganizationSelection(payload: AuthenticateWithOrganizationSelectionOptions): Promise<AuthenticationResponse>;
+    authenticateWithSessionCookie({ sessionData, cookiePassword, }: AuthenticateWithSessionCookieOptions): Promise<AuthenticateWithSessionCookieSuccessResponse | AuthenticateWithSessionCookieFailedResponse>;
+    private isValidJwt;
+    private prepareAuthenticationResponse;
+    private sealSessionDataFromAuthenticationResponse;
+    getSessionFromCookie({ sessionData, cookiePassword, }: SessionHandlerOptions): Promise<SessionCookieData | undefined>;
+    getEmailVerification(emailVerificationId: string): Promise<EmailVerification>;
+    sendVerificationEmail({ userId, }: SendVerificationEmailOptions): Promise<{
+        user: User;
+    }>;
+    getMagicAuth(magicAuthId: string): Promise<MagicAuth>;
+    createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth>;
+    verifyEmail({ code, userId, }: VerifyEmailOptions): Promise<{
+        user: User;
+    }>;
+    getPasswordReset(passwordResetId: string): Promise<PasswordReset>;
+    createPasswordReset(options: CreatePasswordResetOptions): Promise<PasswordReset>;
+    resetPassword(payload: ResetPasswordOptions): Promise<{
+        user: User;
+    }>;
+    updateUser(payload: UpdateUserOptions): Promise<User>;
+    enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{
+        authenticationFactor: FactorWithSecrets$1;
+        authenticationChallenge: Challenge;
+    }>;
+    listAuthFactors(options: ListAuthFactorsOptions): Promise<AutoPaginatable<Factor$1, PaginationOptions>>;
+    listSessions(userId: string, options?: ListSessionsOptions): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>>;
+    deleteUser(userId: string): Promise<void>;
+    getUserIdentities(userId: string): Promise<Identity[]>;
+    getOrganizationMembership(organizationMembershipId: string): Promise<OrganizationMembership>;
+    listOrganizationMemberships(options: ListOrganizationMembershipsOptions): Promise<AutoPaginatable<OrganizationMembership, SerializedListOrganizationMembershipsOptions>>;
+    createOrganizationMembership(options: CreateOrganizationMembershipOptions): Promise<OrganizationMembership>;
+    updateOrganizationMembership(organizationMembershipId: string, options: UpdateOrganizationMembershipOptions): Promise<OrganizationMembership>;
+    deleteOrganizationMembership(organizationMembershipId: string): Promise<void>;
+    deactivateOrganizationMembership(organizationMembershipId: string): Promise<OrganizationMembership>;
+    reactivateOrganizationMembership(organizationMembershipId: string): Promise<OrganizationMembership>;
+    getInvitation(invitationId: string): Promise<Invitation>;
+    findInvitationByToken(invitationToken: string): Promise<Invitation>;
+    listInvitations(options: ListInvitationsOptions): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>>;
+    sendInvitation(payload: SendInvitationOptions): Promise<Invitation>;
+    acceptInvitation(invitationId: string): Promise<Invitation>;
+    revokeInvitation(invitationId: string): Promise<Invitation>;
+    revokeSession(payload: RevokeSessionOptions): Promise<void>;
+    getAuthorizationUrl({ connectionId, codeChallenge, codeChallengeMethod, context, clientId, domainHint, loginHint, organizationId, provider, providerQueryParams, providerScopes, prompt, redirectUri, state, screenHint, }: UserManagementAuthorizationURLOptions): string;
+    getLogoutUrl({ sessionId, returnTo, }: {
+        sessionId: string;
+        returnTo?: string;
+    }): string;
+    getJwksUrl(clientId: string): string;
+}
+
+export { AuditLogs as A, CookieSession as C, DirectorySync as D, Events as E, FGA as F, Mfa as M, Organizations as O, Passwordless as P, SSO as S, UserManagement as U, Vault as V, WorkOS as W, OrganizationDomains as a, Portal as b, Widgets as c, WorkOSBase as d };

package/lib/cjs/user-management-B38wNrIN.d.cts

@@ -0,0 +1,68 @@
+interface AuthorizationURLOptions {
+    clientId: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: 'S256';
+    connectionId?: string;
+    /**
+     *  @deprecated We previously required initiate login endpoints to return the `context`
+     *  query parameter when getting the authorization URL. This is no longer necessary.
+     */
+    context?: string;
+    organizationId?: string;
+    domainHint?: string;
+    loginHint?: string;
+    provider?: string;
+    providerQueryParams?: Record<string, string | boolean | number>;
+    providerScopes?: string[];
+    prompt?: string;
+    redirectUri: string;
+    state?: string;
+    screenHint?: 'sign-up' | 'sign-in';
+}
+interface LogoutURLOptions {
+    sessionId: string;
+    returnTo?: string;
+}
+/**
+ * Generates the authorization URL for OAuth client authentication.
+ * Suitable for PKCE flows and other OAuth client operations that don't require an API key.
+ *
+ * @param options - Authorization URL options
+ * @returns The authorization URL as a string
+ * @throws TypeError if required arguments are missing
+ */
+declare function getAuthorizationUrl(options: AuthorizationURLOptions & {
+    baseURL?: string;
+}): string;
+/**
+ * Generates the logout URL for ending a user session.
+ * This method is safe to use in browser environments as it doesn't require an API key.
+ *
+ * @param options - Logout URL options
+ * @returns The logout URL as a string
+ * @throws TypeError if sessionId is not provided
+ */
+declare function getLogoutUrl(options: LogoutURLOptions & {
+    baseURL?: string;
+}): string;
+/**
+ * Gets the JWKS (JSON Web Key Set) URL for a given client ID.
+ * Does not require an API key, returns the public JWKS endpoint.
+ *
+ * @param clientId - The WorkOS client ID
+ * @param baseURL - Optional base URL for the API (defaults to https://api.workos.com)
+ * @returns The JWKS URL as a string
+ * @throws TypeError if clientId is not provided
+ */
+declare function getJwksUrl(clientId: string, baseURL?: string): string;
+
+type userManagement_AuthorizationURLOptions = AuthorizationURLOptions;
+type userManagement_LogoutURLOptions = LogoutURLOptions;
+declare const userManagement_getAuthorizationUrl: typeof getAuthorizationUrl;
+declare const userManagement_getJwksUrl: typeof getJwksUrl;
+declare const userManagement_getLogoutUrl: typeof getLogoutUrl;
+declare namespace userManagement {
+  export { type userManagement_AuthorizationURLOptions as AuthorizationURLOptions, type userManagement_LogoutURLOptions as LogoutURLOptions, userManagement_getAuthorizationUrl as getAuthorizationUrl, userManagement_getJwksUrl as getJwksUrl, userManagement_getLogoutUrl as getLogoutUrl };
+}
+
+export { type AuthorizationURLOptions as A, type LogoutURLOptions as L, getLogoutUrl as a, getJwksUrl as b, getAuthorizationUrl as g, userManagement as u };

package/lib/cjs/user-management-Dh73wyCr.d.cts

@@ -0,0 +1,68 @@
+interface AuthorizationURLOptions {
+    clientId: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: 'S256';
+    connectionId?: string;
+    /**
+     *  @deprecated We previously required initiate login endpoints to return the `context`
+     *  query parameter when getting the authorization URL. This is no longer necessary.
+     */
+    context?: string;
+    organizationId?: string;
+    domainHint?: string;
+    loginHint?: string;
+    provider?: string;
+    providerQueryParams?: Record<string, string | boolean | number>;
+    providerScopes?: string[];
+    prompt?: string;
+    redirectUri: string;
+    state?: string;
+    screenHint?: 'sign-up' | 'sign-in';
+}
+interface LogoutURLOptions {
+    sessionId: string;
+    returnTo?: string;
+}
+/**
+ * Generates the authorization URL for user authentication.
+ * This method is safe to use in browser environments as it doesn't require an API key.
+ *
+ * @param options - Authorization URL options
+ * @returns The authorization URL as a string
+ * @throws TypeError if required arguments are missing
+ */
+declare function getAuthorizationUrl(options: AuthorizationURLOptions & {
+    baseURL?: string;
+}): string;
+/**
+ * Generates the logout URL for ending a user session.
+ * This method is safe to use in browser environments as it doesn't require an API key.
+ *
+ * @param options - Logout URL options
+ * @returns The logout URL as a string
+ * @throws TypeError if sessionId is not provided
+ */
+declare function getLogoutUrl(options: LogoutURLOptions & {
+    baseURL?: string;
+}): string;
+/**
+ * Gets the JWKS (JSON Web Key Set) URL for a given client ID.
+ * This method is safe to use in browser environments as it doesn't require an API key.
+ *
+ * @param clientId - The WorkOS client ID
+ * @param baseURL - Optional base URL for the API (defaults to https://api.workos.com)
+ * @returns The JWKS URL as a string
+ * @throws TypeError if clientId is not provided
+ */
+declare function getJwksUrl(clientId: string, baseURL?: string): string;
+
+type userManagement_AuthorizationURLOptions = AuthorizationURLOptions;
+type userManagement_LogoutURLOptions = LogoutURLOptions;
+declare const userManagement_getAuthorizationUrl: typeof getAuthorizationUrl;
+declare const userManagement_getJwksUrl: typeof getJwksUrl;
+declare const userManagement_getLogoutUrl: typeof getLogoutUrl;
+declare namespace userManagement {
+  export { type userManagement_AuthorizationURLOptions as AuthorizationURLOptions, type userManagement_LogoutURLOptions as LogoutURLOptions, userManagement_getAuthorizationUrl as getAuthorizationUrl, userManagement_getJwksUrl as getJwksUrl, userManagement_getLogoutUrl as getLogoutUrl };
+}
+
+export { type AuthorizationURLOptions as A, type LogoutURLOptions as L, getLogoutUrl as a, getJwksUrl as b, getAuthorizationUrl as g, userManagement as u };

package/lib/cjs/vault/vault.d.cts

@@ -1,6 +1,6 @@
 import '../common/interfaces/pagination-options.interface.cjs';
 import '../common/interfaces/list.interface.cjs';
-export { V as Vault } from '../workos-Da6gE2T5.cjs';
+export { V as Vault } from '../workos-Bt8QqzZV.cjs';
 import './interfaces/key/create-data-key.interface.cjs';
 import './interfaces/key/decrypt-data-key.interface.cjs';
 import './interfaces/key.interface.cjs';
@@ -53,6 +53,7 @@ import '../sso/interfaces/get-profile-options.interface.cjs';
 import '../sso/interfaces/get-profile-and-token-options.interface.cjs';
 import '../sso/interfaces/list-connections-options.interface.cjs';
 import '../sso/interfaces/profile-and-token.interface.cjs';
+import '../user-management/interfaces/oauth-tokens.interface.cjs';
 import '../sso/interfaces/profile.interface.cjs';
 import '../webhooks/webhooks.cjs';
 import '../common/crypto/crypto-provider.cjs';
@@ -69,6 +70,7 @@ import '../audit-logs/interfaces/audit-log-export.interface.cjs';
 import '../audit-logs/interfaces/create-audit-log-event-options.interface.cjs';
 import '../audit-logs/interfaces/create-audit-log-schema-options.interface.cjs';
 import 'jose';
+import '../user-management-B38wNrIN.cjs';
 import '../user-management/interfaces/authenticate-with-code-options.interface.cjs';
 import '../user-management/interfaces/authenticate-with-options-base.interface.cjs';
 import '../user-management/interfaces/authenticate-with-code-and-verifier-options.interface.cjs';
@@ -79,7 +81,6 @@ import '../user-management/interfaces/authenticate-with-password-options.interfa
 import '../user-management/interfaces/authenticate-with-refresh-token-options.interface.cjs';
 import '../user-management/interfaces/authenticate-with-session-cookie.interface.cjs';
 import '../user-management/interfaces/authentication-response.interface.cjs';
-import '../user-management/interfaces/oauth-tokens.interface.cjs';
 import '../user-management/interfaces/authenticate-with-totp-options.interface.cjs';
 import '../user-management/interfaces/authorization-url-options.interface.cjs';
 import '../user-management/interfaces/create-magic-auth-options.interface.cjs';

package/lib/cjs/widgets/interfaces/get-token.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/widgets/interfaces/get-token.ts"],"sourcesContent":["export type WidgetScope = 'widgets:users-table:manage';\n\nexport interface GetTokenOptions {\n  organizationId: string;\n  userId: string;\n  scopes?: [WidgetScope];\n}\n\nexport interface SerializedGetTokenOptions {\n  organization_id: string;\n  user_id: string;\n  scopes?: [WidgetScope];\n}\n\nexport const serializeGetTokenOptions = (\n  options: GetTokenOptions,\n): SerializedGetTokenOptions => ({\n  organization_id: options.organizationId,\n  user_id: options.userId,\n  scopes: options.scopes,\n});\n\nexport interface GetTokenResponse {\n  token: string;\n}\n\nexport interface GetTokenResponseResponse {\n  token: string;\n}\n\nexport const deserializeGetTokenResponse = (\n  data: GetTokenResponseResponse,\n): GetTokenResponse => ({\n  token: data.token,\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcO,MAAM,2BAA2B,wBACtC,aAC+B;AAAA,EAC/B,iBAAiB,QAAQ;AAAA,EACzB,SAAS,QAAQ;AAAA,EACjB,QAAQ,QAAQ;AAClB,IANwC;AAgBjC,MAAM,8BAA8B,wBACzC,UACsB;AAAA,EACtB,OAAO,KAAK;AACd,IAJ2C;","names":[]}
+{"version":3,"sources":["../../../../src/widgets/interfaces/get-token.ts"],"sourcesContent":["export type WidgetScope =\n  | 'widgets:users-table:manage'\n  | 'widgets:sso:manage'\n  | 'widgets:domain-verification:manage';\n\nexport interface GetTokenOptions {\n  organizationId: string;\n  userId?: string;\n  scopes?: WidgetScope[];\n}\n\nexport interface SerializedGetTokenOptions {\n  organization_id: string;\n  user_id?: string;\n  scopes?: WidgetScope[];\n}\n\nexport const serializeGetTokenOptions = (\n  options: GetTokenOptions,\n): SerializedGetTokenOptions => ({\n  organization_id: options.organizationId,\n  user_id: options.userId,\n  scopes: options.scopes,\n});\n\nexport interface GetTokenResponse {\n  token: string;\n}\n\nexport interface GetTokenResponseResponse {\n  token: string;\n}\n\nexport const deserializeGetTokenResponse = (\n  data: GetTokenResponseResponse,\n): GetTokenResponse => ({\n  token: data.token,\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAiBO,MAAM,2BAA2B,wBACtC,aAC+B;AAAA,EAC/B,iBAAiB,QAAQ;AAAA,EACzB,SAAS,QAAQ;AAAA,EACjB,QAAQ,QAAQ;AAClB,IANwC;AAgBjC,MAAM,8BAA8B,wBACzC,UACsB;AAAA,EACtB,OAAO,KAAK;AACd,IAJ2C;","names":[]}

package/lib/cjs/widgets/interfaces/get-token.d.cts

@@ -1,13 +1,13 @@
-type WidgetScope = 'widgets:users-table:manage';
+type WidgetScope = 'widgets:users-table:manage' | 'widgets:sso:manage' | 'widgets:domain-verification:manage';
 interface GetTokenOptions {
     organizationId: string;
-    userId: string;
-    scopes?: [WidgetScope];
+    userId?: string;
+    scopes?: WidgetScope[];
 }
 interface SerializedGetTokenOptions {
     organization_id: string;
-    user_id: string;
-    scopes?: [WidgetScope];
+    user_id?: string;
+    scopes?: WidgetScope[];
 }
 declare const serializeGetTokenOptions: (options: GetTokenOptions) => SerializedGetTokenOptions;
 interface GetTokenResponse {

package/lib/cjs/widgets/widgets.d.cts

@@ -1,4 +1,4 @@
-export { c as Widgets } from '../workos-Da6gE2T5.cjs';
+export { c as Widgets } from '../workos-Bt8QqzZV.cjs';
 import './interfaces/get-token.cjs';
 import '../common/interfaces/get-options.interface.cjs';
 import '../common/interfaces/post-options.interface.cjs';
@@ -46,6 +46,7 @@ import '../sso/interfaces/get-profile-options.interface.cjs';
 import '../sso/interfaces/get-profile-and-token-options.interface.cjs';
 import '../sso/interfaces/list-connections-options.interface.cjs';
 import '../sso/interfaces/profile-and-token.interface.cjs';
+import '../user-management/interfaces/oauth-tokens.interface.cjs';
 import '../sso/interfaces/profile.interface.cjs';
 import '../webhooks/webhooks.cjs';
 import '../common/crypto/crypto-provider.cjs';
@@ -62,6 +63,7 @@ import '../audit-logs/interfaces/audit-log-export.interface.cjs';
 import '../audit-logs/interfaces/create-audit-log-event-options.interface.cjs';
 import '../audit-logs/interfaces/create-audit-log-schema-options.interface.cjs';
 import 'jose';
+import '../user-management-B38wNrIN.cjs';
 import '../user-management/interfaces/authenticate-with-code-options.interface.cjs';
 import '../user-management/interfaces/authenticate-with-options-base.interface.cjs';
 import '../user-management/interfaces/authenticate-with-code-and-verifier-options.interface.cjs';
@@ -72,7 +74,6 @@ import '../user-management/interfaces/authenticate-with-password-options.interfa
 import '../user-management/interfaces/authenticate-with-refresh-token-options.interface.cjs';
 import '../user-management/interfaces/authenticate-with-session-cookie.interface.cjs';
 import '../user-management/interfaces/authentication-response.interface.cjs';
-import '../user-management/interfaces/oauth-tokens.interface.cjs';
 import '../user-management/interfaces/authenticate-with-totp-options.interface.cjs';
 import '../user-management/interfaces/authorization-url-options.interface.cjs';
 import '../user-management/interfaces/create-magic-auth-options.interface.cjs';