@workos-inc/node 8.0.0-rc.1 → 8.0.0-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/api-keys/api-keys.cjs +45 -0
- package/lib/cjs/api-keys/api-keys.cjs.map +1 -0
- package/lib/cjs/api-keys/api-keys.d.cts +130 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.cjs +17 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.cjs.map +1 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.d.cts +30 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.cjs +17 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.cjs.map +1 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.d.cts +13 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.cjs +43 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.cjs.map +1 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.d.cts +5 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.cjs +36 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.cjs.map +1 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.d.cts +6 -0
- package/lib/cjs/audit-logs/audit-logs.d.cts +11 -9
- package/lib/cjs/common/interfaces/delete-options.interface.cjs +17 -0
- package/lib/cjs/common/interfaces/delete-options.interface.cjs.map +1 -0
- package/lib/cjs/common/interfaces/delete-options.interface.d.cts +8 -0
- package/lib/cjs/common/utils/fetch-and-deserialize.d.cts +9 -7
- package/lib/cjs/directory-sync/directory-sync.d.cts +3 -1
- package/lib/cjs/events/events.d.cts +10 -8
- package/lib/cjs/fga/fga.d.cts +9 -7
- package/lib/cjs/fga/utils/fetch-and-deserialize-list.d.cts +10 -8
- package/lib/cjs/index.d.cts +3 -1
- package/lib/cjs/index.worker.d.cts +3 -1
- package/lib/cjs/mfa/mfa.d.cts +11 -9
- package/lib/cjs/organization-domains/organization-domains.d.cts +11 -9
- package/lib/cjs/organizations/organizations.d.cts +8 -6
- package/lib/cjs/passwordless/passwordless.d.cts +11 -9
- package/lib/cjs/portal/portal.d.cts +11 -9
- package/lib/cjs/sso/sso.d.cts +8 -6
- package/lib/cjs/user-management/session.cjs +10 -8
- package/lib/cjs/user-management/session.cjs.map +1 -1
- package/lib/cjs/user-management/session.d.cts +11 -9
- package/lib/cjs/user-management/user-management.cjs +14 -8
- package/lib/cjs/user-management/user-management.cjs.map +1 -1
- package/lib/cjs/user-management/user-management.d.cts +8 -6
- package/lib/cjs/utils/jose.cjs +44 -0
- package/lib/cjs/utils/jose.cjs.map +1 -0
- package/lib/cjs/utils/jose.d.cts +17 -0
- package/lib/cjs/vault/vault.d.cts +9 -7
- package/lib/cjs/widgets/widgets.d.cts +11 -9
- package/lib/cjs/workos-BjsIEalN.d.cts +399 -0
- package/lib/cjs/workos-X1cDErJB.d.cts +405 -0
- package/lib/cjs/workos-ZPbUKdml.d.cts +397 -0
- package/lib/cjs/workos.cjs +3 -1
- package/lib/cjs/workos.cjs.map +1 -1
- package/lib/cjs/workos.d.cts +11 -9
- package/lib/esm/api-keys/api-keys.d.ts +130 -0
- package/lib/esm/api-keys/api-keys.js +22 -0
- package/lib/esm/api-keys/api-keys.js.map +1 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.d.ts +30 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.js +1 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.js.map +1 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.d.ts +13 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.js +1 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.js.map +1 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.d.ts +5 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.js +20 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.js.map +1 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.d.ts +6 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.js +13 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.js.map +1 -0
- package/lib/esm/audit-logs/audit-logs.d.ts +11 -9
- package/lib/esm/common/utils/fetch-and-deserialize.d.ts +9 -7
- package/lib/esm/directory-sync/directory-sync.d.ts +3 -1
- package/lib/esm/events/events.d.ts +10 -8
- package/lib/esm/fga/fga.d.ts +9 -7
- package/lib/esm/fga/utils/fetch-and-deserialize-list.d.ts +10 -8
- package/lib/esm/index.d.ts +3 -1
- package/lib/esm/index.worker.d.ts +3 -1
- package/lib/esm/mfa/mfa.d.ts +11 -9
- package/lib/esm/organization-domains/organization-domains.d.ts +11 -9
- package/lib/esm/organizations/organizations.d.ts +8 -6
- package/lib/esm/passwordless/passwordless.d.ts +11 -9
- package/lib/esm/portal/portal.d.ts +11 -9
- package/lib/esm/sso/sso.d.ts +8 -6
- package/lib/esm/user-management/session.d.ts +11 -9
- package/lib/esm/user-management/session.js +7 -5
- package/lib/esm/user-management/session.js.map +1 -1
- package/lib/esm/user-management/user-management.d.ts +8 -6
- package/lib/esm/user-management/user-management.js +11 -5
- package/lib/esm/user-management/user-management.js.map +1 -1
- package/lib/esm/utils/jose.d.ts +17 -0
- package/lib/esm/utils/jose.js +11 -0
- package/lib/esm/utils/jose.js.map +1 -0
- package/lib/esm/vault/vault.d.ts +9 -7
- package/lib/esm/widgets/widgets.d.ts +11 -9
- package/lib/esm/{workos-e5MfmByv.d.ts → workos-DLj13cxf.d.ts} +18 -11
- package/lib/esm/workos.d.ts +11 -9
- package/lib/esm/workos.js +3 -1
- package/lib/esm/workos.js.map +1 -1
- package/package.json +6 -2
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { W as WorkOS } from '../../workos-
|
|
1
|
+
import { W as WorkOS } from '../../workos-X1cDErJB.cjs';
|
|
2
2
|
import { FGAList } from '../interfaces/list.interface.cjs';
|
|
3
3
|
import { PaginationOptions } from '../../common/interfaces/pagination-options.interface.cjs';
|
|
4
4
|
import { QueryRequestOptions } from '../interfaces/query.interface.cjs';
|
|
@@ -7,12 +7,17 @@ import '../../common/interfaces/post-options.interface.cjs';
|
|
|
7
7
|
import '../../common/interfaces/put-options.interface.cjs';
|
|
8
8
|
import '../../common/interfaces/workos-options.interface.cjs';
|
|
9
9
|
import '../../common/interfaces/app-info.interface.cjs';
|
|
10
|
-
import '../../
|
|
11
|
-
import '../../common/interfaces/
|
|
10
|
+
import '../../common/utils/pagination.cjs';
|
|
11
|
+
import '../../common/interfaces/list.interface.cjs';
|
|
12
12
|
import '../../directory-sync/interfaces/directory.interface.cjs';
|
|
13
13
|
import '../../directory-sync/interfaces/directory-group.interface.cjs';
|
|
14
|
+
import '../../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
15
|
+
import '../../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
16
|
+
import '../../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
14
17
|
import '../../directory-sync/interfaces/directory-user.interface.cjs';
|
|
15
18
|
import '../../roles/interfaces/role.interface.cjs';
|
|
19
|
+
import '../../events/interfaces/list-events-options.interface.cjs';
|
|
20
|
+
import '../../common/interfaces/event.interface.cjs';
|
|
16
21
|
import '../../organizations/interfaces/organization.interface.cjs';
|
|
17
22
|
import '../../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
18
23
|
import '../../sso/interfaces/connection.interface.cjs';
|
|
@@ -27,8 +32,6 @@ import '../../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
27
32
|
import '../../user-management/interfaces/password-reset.interface.cjs';
|
|
28
33
|
import '../../user-management/interfaces/session.interface.cjs';
|
|
29
34
|
import '../../user-management/interfaces/impersonator.interface.cjs';
|
|
30
|
-
import '../../common/interfaces/list.interface.cjs';
|
|
31
|
-
import '../../common/utils/pagination.cjs';
|
|
32
35
|
import '../../organizations/interfaces/create-organization-options.interface.cjs';
|
|
33
36
|
import '../../organizations/interfaces/domain-data.interface.cjs';
|
|
34
37
|
import '../../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,9 +126,8 @@ import '../../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../../
|
|
127
|
-
import '../../
|
|
128
|
-
import '../../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../../api-keys/interfaces/api-key.interface.cjs';
|
|
129
131
|
|
|
130
132
|
declare const fetchAndDeserializeFGAList: <T, U>(workos: WorkOS, endpoint: string, deserializeFn: (data: T) => U, options?: PaginationOptions, requestOptions?: QueryRequestOptions) => Promise<FGAList<U>>;
|
|
131
133
|
|
package/lib/cjs/index.d.cts
CHANGED
|
@@ -2,7 +2,7 @@ import { CryptoProvider } from './common/crypto/crypto-provider.cjs';
|
|
|
2
2
|
import { HttpClient } from './common/net/http-client.cjs';
|
|
3
3
|
import { Actions } from './actions/actions.cjs';
|
|
4
4
|
import { Webhooks } from './webhooks/webhooks.cjs';
|
|
5
|
-
import { W as WorkOS } from './workos-
|
|
5
|
+
import { W as WorkOS } from './workos-X1cDErJB.cjs';
|
|
6
6
|
export { AuthenticationEmailVerificationSucceededEvent, AuthenticationEmailVerificationSucceededEventResponse, AuthenticationMagicAuthFailedEvent, AuthenticationMagicAuthFailedEventResponse, AuthenticationMagicAuthSucceededEvent, AuthenticationMagicAuthSucceededEventResponse, AuthenticationMfaSucceededEvent, AuthenticationMfaSucceededEventResponse, AuthenticationOAuthFailedEvent, AuthenticationOAuthFailedEventResponse, AuthenticationOAuthSucceededEvent, AuthenticationOAuthSucceededEventResponse, AuthenticationPasswordFailedEvent, AuthenticationPasswordFailedEventResponse, AuthenticationPasswordSucceededEvent, AuthenticationPasswordSucceededEventResponse, AuthenticationRadarRiskDetectedEvent, AuthenticationRadarRiskDetectedEventResponse, AuthenticationSSOFailedEvent, AuthenticationSSOFailedEventResponse, AuthenticationSSOSucceededEvent, AuthenticationSSOSucceededEventResponse, ConnectionActivatedEvent, ConnectionActivatedEventResponse, ConnectionDeactivatedEvent, ConnectionDeactivatedEventResponse, ConnectionDeletedEvent, ConnectionDeletedEventResponse, DsyncActivatedEvent, DsyncActivatedEventResponse, DsyncDeletedEvent, DsyncDeletedEventResponse, DsyncGroupCreatedEvent, DsyncGroupCreatedEventResponse, DsyncGroupDeletedEvent, DsyncGroupDeletedEventResponse, DsyncGroupUpdatedEvent, DsyncGroupUpdatedEventResponse, DsyncGroupUserAddedEvent, DsyncGroupUserAddedEventResponse, DsyncGroupUserRemovedEvent, DsyncGroupUserRemovedEventResponse, DsyncUserCreatedEvent, DsyncUserCreatedEventResponse, DsyncUserDeletedEvent, DsyncUserDeletedEventResponse, DsyncUserUpdatedEvent, DsyncUserUpdatedEventResponse, EmailVerificationCreatedEvent, EmailVerificationCreatedEventResponse, Event, EventBase, EventName, EventResponse, InvitationAcceptedEvent, InvitationAcceptedEventResponse, InvitationCreatedEvent, InvitationCreatedEventResponse, InvitationRevokedEvent, InvitationRevokedEventResponse, MagicAuthCreatedEvent, MagicAuthCreatedEventResponse, OrganizationCreatedEvent, OrganizationCreatedResponse, OrganizationDeletedEvent, OrganizationDeletedResponse, OrganizationDomainCreatedEvent, OrganizationDomainCreatedEventResponse, OrganizationDomainDeletedEvent, OrganizationDomainDeletedEventResponse, OrganizationDomainUpdatedEvent, OrganizationDomainUpdatedEventResponse, OrganizationDomainVerificationFailedEvent, OrganizationDomainVerificationFailedEventResponse, OrganizationDomainVerifiedEvent, OrganizationDomainVerifiedEventResponse, OrganizationMembershipCreated, OrganizationMembershipCreatedResponse, OrganizationMembershipDeleted, OrganizationMembershipDeletedResponse, OrganizationMembershipUpdated, OrganizationMembershipUpdatedResponse, OrganizationUpdatedEvent, OrganizationUpdatedResponse, PasswordResetCreatedEvent, PasswordResetCreatedEventResponse, PasswordResetSucceededEvent, PasswordResetSucceededEventResponse, RoleCreatedEvent, RoleCreatedEventResponse, RoleDeletedEvent, RoleDeletedEventResponse, RoleUpdatedEvent, RoleUpdatedEventResponse, SessionCreatedEvent, SessionCreatedEventResponse, SessionRevokedEvent, SessionRevokedEventResponse, UserCreatedEvent, UserCreatedEventResponse, UserDeletedEvent, UserDeletedEventResponse, UserUpdatedEvent, UserUpdatedEventResponse } from './common/interfaces/event.interface.cjs';
|
|
7
7
|
export { GetOptions } from './common/interfaces/get-options.interface.cjs';
|
|
8
8
|
export { List, ListResponse } from './common/interfaces/list.interface.cjs';
|
|
@@ -136,6 +136,8 @@ import './vault/interfaces/object/delete-object.interface.cjs';
|
|
|
136
136
|
import './vault/interfaces/object/read-object.interface.cjs';
|
|
137
137
|
import './vault/interfaces/object.interface.cjs';
|
|
138
138
|
import './vault/interfaces/object/update-object.interface.cjs';
|
|
139
|
+
import './api-keys/interfaces/validate-api-key.interface.cjs';
|
|
140
|
+
import './api-keys/interfaces/api-key.interface.cjs';
|
|
139
141
|
import './common/interfaces/app-info.interface.cjs';
|
|
140
142
|
import './common/interfaces/request-exception.interface.cjs';
|
|
141
143
|
import './user-management/interfaces/password-hash-type.interface.cjs';
|
|
@@ -2,7 +2,7 @@ import { Actions } from './actions/actions.cjs';
|
|
|
2
2
|
import { CryptoProvider } from './common/crypto/crypto-provider.cjs';
|
|
3
3
|
import { HttpClient } from './common/net/http-client.cjs';
|
|
4
4
|
import { Webhooks } from './webhooks/webhooks.cjs';
|
|
5
|
-
import { W as WorkOS } from './workos-
|
|
5
|
+
import { W as WorkOS } from './workos-X1cDErJB.cjs';
|
|
6
6
|
export { ActionContext, ActionPayload, UserData, UserDataPayload, UserRegistrationActionPayload } from './actions/interfaces/action.interface.cjs';
|
|
7
7
|
export { AuthenticationActionResponseData, ResponsePayload, UserRegistrationActionResponseData } from './actions/interfaces/response-payload.interface.cjs';
|
|
8
8
|
export { AuditLogExportOptions, SerializedAuditLogExportOptions } from './audit-logs/interfaces/audit-log-export-options.interface.cjs';
|
|
@@ -136,6 +136,8 @@ import './vault/interfaces/object/delete-object.interface.cjs';
|
|
|
136
136
|
import './vault/interfaces/object/read-object.interface.cjs';
|
|
137
137
|
import './vault/interfaces/object.interface.cjs';
|
|
138
138
|
import './vault/interfaces/object/update-object.interface.cjs';
|
|
139
|
+
import './api-keys/interfaces/validate-api-key.interface.cjs';
|
|
140
|
+
import './api-keys/interfaces/api-key.interface.cjs';
|
|
139
141
|
import './common/interfaces/request-exception.interface.cjs';
|
|
140
142
|
import './common/interfaces/app-info.interface.cjs';
|
|
141
143
|
import './user-management/interfaces/password-hash-type.interface.cjs';
|
package/lib/cjs/mfa/mfa.d.cts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { M as Mfa } from '../workos-
|
|
1
|
+
export { M as Mfa } from '../workos-X1cDErJB.cjs';
|
|
2
2
|
import './interfaces/challenge-factor-options.cjs';
|
|
3
3
|
import './interfaces/challenge.interface.cjs';
|
|
4
4
|
import './interfaces/enroll-factor-options.cjs';
|
|
@@ -10,12 +10,18 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
10
10
|
import '../common/interfaces/put-options.interface.cjs';
|
|
11
11
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
12
12
|
import '../common/interfaces/app-info.interface.cjs';
|
|
13
|
-
import '../
|
|
14
|
-
import '../common/interfaces/
|
|
13
|
+
import '../common/utils/pagination.cjs';
|
|
14
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
15
|
+
import '../common/interfaces/list.interface.cjs';
|
|
15
16
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
16
17
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
18
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
19
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
20
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
17
21
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
18
22
|
import '../roles/interfaces/role.interface.cjs';
|
|
23
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
24
|
+
import '../common/interfaces/event.interface.cjs';
|
|
19
25
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
20
26
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
21
27
|
import '../sso/interfaces/connection.interface.cjs';
|
|
@@ -30,9 +36,6 @@ import '../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
30
36
|
import '../user-management/interfaces/password-reset.interface.cjs';
|
|
31
37
|
import '../user-management/interfaces/session.interface.cjs';
|
|
32
38
|
import '../user-management/interfaces/impersonator.interface.cjs';
|
|
33
|
-
import '../common/interfaces/list.interface.cjs';
|
|
34
|
-
import '../common/utils/pagination.cjs';
|
|
35
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
36
39
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
37
40
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
38
41
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -122,7 +125,6 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
122
125
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
123
126
|
import '../vault/interfaces/object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
125
|
-
import '../
|
|
126
|
-
import '../
|
|
127
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
128
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
128
130
|
import './interfaces/sms.interface.cjs';
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { a as OrganizationDomains } from '../workos-
|
|
1
|
+
export { a as OrganizationDomains } from '../workos-X1cDErJB.cjs';
|
|
2
2
|
import './interfaces/create-organization-domain-options.interface.cjs';
|
|
3
3
|
import './interfaces/organization-domain.interface.cjs';
|
|
4
4
|
import '../common/interfaces/get-options.interface.cjs';
|
|
@@ -6,12 +6,18 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
6
6
|
import '../common/interfaces/put-options.interface.cjs';
|
|
7
7
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
8
8
|
import '../common/interfaces/app-info.interface.cjs';
|
|
9
|
-
import '../
|
|
10
|
-
import '../common/interfaces/
|
|
9
|
+
import '../common/utils/pagination.cjs';
|
|
10
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
11
|
+
import '../common/interfaces/list.interface.cjs';
|
|
11
12
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
12
13
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
14
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
15
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
16
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
13
17
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
14
18
|
import '../roles/interfaces/role.interface.cjs';
|
|
19
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
20
|
+
import '../common/interfaces/event.interface.cjs';
|
|
15
21
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
16
22
|
import '../sso/interfaces/connection.interface.cjs';
|
|
17
23
|
import '../sso/interfaces/connection-type.enum.cjs';
|
|
@@ -25,9 +31,6 @@ import '../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
25
31
|
import '../user-management/interfaces/password-reset.interface.cjs';
|
|
26
32
|
import '../user-management/interfaces/session.interface.cjs';
|
|
27
33
|
import '../user-management/interfaces/impersonator.interface.cjs';
|
|
28
|
-
import '../common/interfaces/list.interface.cjs';
|
|
29
|
-
import '../common/utils/pagination.cjs';
|
|
30
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
31
34
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
32
35
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
33
36
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import '../common/utils/pagination.cjs';
|
|
2
|
-
export { O as Organizations } from '../workos-
|
|
2
|
+
export { O as Organizations } from '../workos-X1cDErJB.cjs';
|
|
3
3
|
import './interfaces/create-organization-options.interface.cjs';
|
|
4
4
|
import './interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
5
5
|
import './interfaces/list-organizations-options.interface.cjs';
|
|
@@ -15,11 +15,14 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
15
15
|
import '../common/interfaces/put-options.interface.cjs';
|
|
16
16
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
17
17
|
import '../common/interfaces/app-info.interface.cjs';
|
|
18
|
-
import '../events/interfaces/list-events-options.interface.cjs';
|
|
19
|
-
import '../common/interfaces/event.interface.cjs';
|
|
20
18
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
21
19
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
20
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
21
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
22
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
22
23
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
24
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
25
|
+
import '../common/interfaces/event.interface.cjs';
|
|
23
26
|
import '../sso/interfaces/connection.interface.cjs';
|
|
24
27
|
import '../sso/interfaces/connection-type.enum.cjs';
|
|
25
28
|
import '../user-management/interfaces/user.interface.cjs';
|
|
@@ -122,7 +125,6 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
122
125
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
123
126
|
import '../vault/interfaces/object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
125
|
-
import '../
|
|
126
|
-
import '../
|
|
127
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
128
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
128
130
|
import './interfaces/domain-data.interface.cjs';
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { P as Passwordless } from '../workos-
|
|
1
|
+
export { P as Passwordless } from '../workos-X1cDErJB.cjs';
|
|
2
2
|
import './interfaces/passwordless-session.interface.cjs';
|
|
3
3
|
import './interfaces/create-passwordless-session-options.interface.cjs';
|
|
4
4
|
import './interfaces/send-session-response.interface.cjs';
|
|
@@ -7,12 +7,18 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
7
7
|
import '../common/interfaces/put-options.interface.cjs';
|
|
8
8
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
9
9
|
import '../common/interfaces/app-info.interface.cjs';
|
|
10
|
-
import '../
|
|
11
|
-
import '../common/interfaces/
|
|
10
|
+
import '../common/utils/pagination.cjs';
|
|
11
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
12
|
+
import '../common/interfaces/list.interface.cjs';
|
|
12
13
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
13
14
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
15
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
16
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
17
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
14
18
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
15
19
|
import '../roles/interfaces/role.interface.cjs';
|
|
20
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
21
|
+
import '../common/interfaces/event.interface.cjs';
|
|
16
22
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
17
23
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
18
24
|
import '../sso/interfaces/connection.interface.cjs';
|
|
@@ -27,9 +33,6 @@ import '../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
27
33
|
import '../user-management/interfaces/password-reset.interface.cjs';
|
|
28
34
|
import '../user-management/interfaces/session.interface.cjs';
|
|
29
35
|
import '../user-management/interfaces/impersonator.interface.cjs';
|
|
30
|
-
import '../common/interfaces/list.interface.cjs';
|
|
31
|
-
import '../common/utils/pagination.cjs';
|
|
32
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
33
36
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
34
37
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
35
38
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
@@ -1,16 +1,22 @@
|
|
|
1
|
-
export { b as Portal } from '../workos-
|
|
1
|
+
export { b as Portal } from '../workos-X1cDErJB.cjs';
|
|
2
2
|
import './interfaces/generate-portal-link-intent.interface.cjs';
|
|
3
3
|
import '../common/interfaces/get-options.interface.cjs';
|
|
4
4
|
import '../common/interfaces/post-options.interface.cjs';
|
|
5
5
|
import '../common/interfaces/put-options.interface.cjs';
|
|
6
6
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
7
7
|
import '../common/interfaces/app-info.interface.cjs';
|
|
8
|
-
import '../
|
|
9
|
-
import '../common/interfaces/
|
|
8
|
+
import '../common/utils/pagination.cjs';
|
|
9
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
10
|
+
import '../common/interfaces/list.interface.cjs';
|
|
10
11
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
11
12
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
13
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
14
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
15
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
12
16
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
13
17
|
import '../roles/interfaces/role.interface.cjs';
|
|
18
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
19
|
+
import '../common/interfaces/event.interface.cjs';
|
|
14
20
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
15
21
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
16
22
|
import '../sso/interfaces/connection.interface.cjs';
|
|
@@ -25,9 +31,6 @@ import '../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
25
31
|
import '../user-management/interfaces/password-reset.interface.cjs';
|
|
26
32
|
import '../user-management/interfaces/session.interface.cjs';
|
|
27
33
|
import '../user-management/interfaces/impersonator.interface.cjs';
|
|
28
|
-
import '../common/interfaces/list.interface.cjs';
|
|
29
|
-
import '../common/utils/pagination.cjs';
|
|
30
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
31
34
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
32
35
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
33
36
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
package/lib/cjs/sso/sso.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import '../common/interfaces/unknown-record.interface.cjs';
|
|
2
2
|
import '../common/utils/pagination.cjs';
|
|
3
|
-
export { S as SSO } from '../workos-
|
|
3
|
+
export { S as SSO } from '../workos-X1cDErJB.cjs';
|
|
4
4
|
import './interfaces/authorization-url-options.interface.cjs';
|
|
5
5
|
import './interfaces/connection.interface.cjs';
|
|
6
6
|
import './interfaces/get-profile-options.interface.cjs';
|
|
@@ -15,12 +15,15 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
15
15
|
import '../common/interfaces/put-options.interface.cjs';
|
|
16
16
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
17
17
|
import '../common/interfaces/app-info.interface.cjs';
|
|
18
|
-
import '../events/interfaces/list-events-options.interface.cjs';
|
|
19
|
-
import '../common/interfaces/event.interface.cjs';
|
|
20
18
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
21
19
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
20
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
21
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
22
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
22
23
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
23
24
|
import '../roles/interfaces/role.interface.cjs';
|
|
25
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
26
|
+
import '../common/interfaces/event.interface.cjs';
|
|
24
27
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
25
28
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
26
29
|
import '../user-management/interfaces/user.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
@@ -22,15 +22,14 @@ __export(session_exports, {
|
|
|
22
22
|
CookieSession: () => CookieSession
|
|
23
23
|
});
|
|
24
24
|
module.exports = __toCommonJS(session_exports);
|
|
25
|
-
var import_jose = require("jose");
|
|
26
25
|
var import_oauth = require('../common/exceptions/oauth.exception.cjs');
|
|
27
26
|
var import_interfaces = require('./interfaces/index.cjs');
|
|
28
27
|
var import_iron_session = require("iron-session");
|
|
28
|
+
var import_jose = require('../utils/jose.cjs');
|
|
29
29
|
class CookieSession {
|
|
30
30
|
static {
|
|
31
31
|
__name(this, "CookieSession");
|
|
32
32
|
}
|
|
33
|
-
jwks;
|
|
34
33
|
userManagement;
|
|
35
34
|
cookiePassword;
|
|
36
35
|
sessionData;
|
|
@@ -41,7 +40,6 @@ class CookieSession {
|
|
|
41
40
|
this.userManagement = userManagement;
|
|
42
41
|
this.cookiePassword = cookiePassword;
|
|
43
42
|
this.sessionData = sessionData;
|
|
44
|
-
this.jwks = this.userManagement.jwks;
|
|
45
43
|
}
|
|
46
44
|
/**
|
|
47
45
|
* Authenticates a user with a session cookie.
|
|
@@ -78,6 +76,7 @@ class CookieSession {
|
|
|
78
76
|
reason: import_interfaces.AuthenticateWithSessionCookieFailureReason.INVALID_JWT
|
|
79
77
|
};
|
|
80
78
|
}
|
|
79
|
+
const { decodeJwt } = await (0, import_jose.getJose)();
|
|
81
80
|
const {
|
|
82
81
|
sid: sessionId,
|
|
83
82
|
org_id: organizationId,
|
|
@@ -86,7 +85,7 @@ class CookieSession {
|
|
|
86
85
|
permissions,
|
|
87
86
|
entitlements,
|
|
88
87
|
feature_flags: featureFlags
|
|
89
|
-
} =
|
|
88
|
+
} = decodeJwt(session.accessToken);
|
|
90
89
|
return {
|
|
91
90
|
authenticated: true,
|
|
92
91
|
sessionId,
|
|
@@ -110,6 +109,7 @@ class CookieSession {
|
|
|
110
109
|
* @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.
|
|
111
110
|
*/
|
|
112
111
|
async refresh(options = {}) {
|
|
112
|
+
const { decodeJwt } = await (0, import_jose.getJose)();
|
|
113
113
|
const session = await (0, import_iron_session.unsealData)(this.sessionData, {
|
|
114
114
|
password: this.cookiePassword
|
|
115
115
|
});
|
|
@@ -119,7 +119,7 @@ class CookieSession {
|
|
|
119
119
|
reason: import_interfaces.RefreshSessionFailureReason.INVALID_SESSION_COOKIE
|
|
120
120
|
};
|
|
121
121
|
}
|
|
122
|
-
const { org_id: organizationIdFromAccessToken } =
|
|
122
|
+
const { org_id: organizationIdFromAccessToken } = decodeJwt(
|
|
123
123
|
session.accessToken
|
|
124
124
|
);
|
|
125
125
|
try {
|
|
@@ -146,7 +146,7 @@ class CookieSession {
|
|
|
146
146
|
permissions,
|
|
147
147
|
entitlements,
|
|
148
148
|
feature_flags: featureFlags
|
|
149
|
-
} =
|
|
149
|
+
} = decodeJwt(authenticationResponse.accessToken);
|
|
150
150
|
return {
|
|
151
151
|
authenticated: true,
|
|
152
152
|
sealedSession: authenticationResponse.sealedSession,
|
|
@@ -191,13 +191,15 @@ class CookieSession {
|
|
|
191
191
|
});
|
|
192
192
|
}
|
|
193
193
|
async isValidJwt(accessToken) {
|
|
194
|
-
|
|
194
|
+
const { jwtVerify } = await (0, import_jose.getJose)();
|
|
195
|
+
const jwks = await this.userManagement.getJWKS();
|
|
196
|
+
if (!jwks) {
|
|
195
197
|
throw new Error(
|
|
196
198
|
"Missing client ID. Did you provide it when initializing WorkOS?"
|
|
197
199
|
);
|
|
198
200
|
}
|
|
199
201
|
try {
|
|
200
|
-
await
|
|
202
|
+
await jwtVerify(accessToken, jwks);
|
|
201
203
|
return true;
|
|
202
204
|
} catch (e) {
|
|
203
205
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/user-management/session.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n\n this.jwks = this.userManagement.jwks;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAAyD;AACzD,mBAA+B;AAC/B,wBASO;AAEP,0BAA2B;AAOpB,MAAM,cAAc;AAAA,EApB3B,OAoB2B;AAAA;AAAA;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,gBACA,aACA,gBACA;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAEA,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AAEnB,SAAK,OAAO,KAAK,eAAe;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAGJ;AACA,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI;AAEJ,QAAI;AACF,gBAAU,UAAM,gCAA8B,KAAK,aAAa;AAAA,QAC9D,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,6DAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,QAAI,uBAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,UAA0B,CAAC,GAAoC;AAC3E,UAAM,UAAU,UAAM,gCAA8B,KAAK,aAAa;AAAA,MACpE,UAAU,KAAK;AAAA,IACjB,CAAC;AAED,QAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,MAAM;AAC1C,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,8CAA4B;AAAA,MACtC;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,8BAA8B,QAAI;AAAA,MAChD,QAAQ;AAAA,IACV;AAEA,QAAI;AACF,YAAM,iBAAiB,QAAQ,kBAAkB,KAAK;AAEtD,YAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;AAAA,QACrD,UAAU,KAAK,eAAe;AAAA,QAC9B,cAAc,QAAQ;AAAA,QACtB,gBACE,QAAQ,kBAAkB;AAAA,QAC5B,SAAS;AAAA;AAAA,UAEP,aAAa;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AAGH,UAAI,QAAQ,gBAAgB;AAC1B,aAAK,iBAAiB,QAAQ;AAAA,MAChC;AAEA,WAAK,cAAc,uBAAuB;AAE1C,YAAM;AAAA,QACJ,KAAK;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,MACjB,QAAI,uBAAuB,uBAAuB,WAAW;AAI7D,aAAO;AAAA,QACL,eAAe;AAAA,QACf,eAAe,uBAAuB;AAAA,QACtC,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,OAAO;AACd,UACE,iBAAiB;AAAA,OAEhB,MAAM,UAAU,8CAA4B,iBAC3C,MAAM,UAAU,8CAA4B,kBAC5C,MAAM,UAAU,8CAA4B,eAC9C;AACA,eAAO;AAAA,UACL,eAAe;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB;AAAA,MACF;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa;AAAA,IACjB;AAAA,EACF,IAA2B,CAAC,GAAoB;AAC9C,UAAM,yBAAyB,MAAM,KAAK,aAAa;AAEvD,QAAI,CAAC,uBAAuB,eAAe;AACzC,YAAM,EAAE,OAAO,IAAI;AACnB,YAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,IAC1E;AAEA,WAAO,KAAK,eAAe,aAAa;AAAA,MACtC,WAAW,uBAAuB;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,gBAAM,uBAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAA+B;AAC/B,wBASO;AAEP,0BAA2B;AAC3B,kBAAwB;AAOjB,MAAM,cAAc;AAAA,EApB3B,OAoB2B;AAAA;AAAA;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,gBACA,aACA,gBACA;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAEA,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAGJ;AACA,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI;AAEJ,QAAI;AACF,gBAAU,UAAM,gCAA8B,KAAK,aAAa;AAAA,QAC9D,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,6DAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,EAAE,UAAU,IAAI,UAAM,qBAAQ;AAEpC,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,UAA0B,CAAC,GAAoC;AAC3E,UAAM,EAAE,UAAU,IAAI,UAAM,qBAAQ;AACpC,UAAM,UAAU,UAAM,gCAA8B,KAAK,aAAa;AAAA,MACpE,UAAU,KAAK;AAAA,IACjB,CAAC;AAED,QAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,MAAM;AAC1C,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,8CAA4B;AAAA,MACtC;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,QAAQ;AAAA,IACV;AAEA,QAAI;AACF,YAAM,iBAAiB,QAAQ,kBAAkB,KAAK;AAEtD,YAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;AAAA,QACrD,UAAU,KAAK,eAAe;AAAA,QAC9B,cAAc,QAAQ;AAAA,QACtB,gBACE,QAAQ,kBAAkB;AAAA,QAC5B,SAAS;AAAA;AAAA,UAEP,aAAa;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AAGH,UAAI,QAAQ,gBAAgB;AAC1B,aAAK,iBAAiB,QAAQ;AAAA,MAChC;AAEA,WAAK,cAAc,uBAAuB;AAE1C,YAAM;AAAA,QACJ,KAAK;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,MACjB,IAAI,UAAuB,uBAAuB,WAAW;AAI7D,aAAO;AAAA,QACL,eAAe;AAAA,QACf,eAAe,uBAAuB;AAAA,QACtC,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,OAAO;AACd,UACE,iBAAiB;AAAA,OAEhB,MAAM,UAAU,8CAA4B,iBAC3C,MAAM,UAAU,8CAA4B,kBAC5C,MAAM,UAAU,8CAA4B,eAC9C;AACA,eAAO;AAAA,UACL,eAAe;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB;AAAA,MACF;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa;AAAA,IACjB;AAAA,EACF,IAA2B,CAAC,GAAoB;AAC9C,UAAM,yBAAyB,MAAM,KAAK,aAAa;AAEvD,QAAI,CAAC,uBAAuB,eAAe;AACzC,YAAM,EAAE,OAAO,IAAI;AACnB,YAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,IAC1E;AAEA,WAAO,KAAK,eAAe,aAAa;AAAA,MACtC,WAAW,uBAAuB;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,UAAM,EAAE,UAAU,IAAI,UAAM,qBAAQ;AACpC,UAAM,OAAO,MAAM,KAAK,eAAe,QAAQ;AAC/C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,IAAI;AACjC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import './interfaces/authenticate-with-session-cookie.interface.cjs';
|
|
2
2
|
import './interfaces/refresh-and-seal-session-data.interface.cjs';
|
|
3
|
-
export { C as CookieSession } from '../workos-
|
|
3
|
+
export { C as CookieSession } from '../workos-X1cDErJB.cjs';
|
|
4
4
|
import './interfaces/authentication-response.interface.cjs';
|
|
5
5
|
import './interfaces/impersonator.interface.cjs';
|
|
6
6
|
import './interfaces/oauth-tokens.interface.cjs';
|
|
@@ -10,12 +10,18 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
10
10
|
import '../common/interfaces/put-options.interface.cjs';
|
|
11
11
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
12
12
|
import '../common/interfaces/app-info.interface.cjs';
|
|
13
|
-
import '../
|
|
14
|
-
import '../common/interfaces/
|
|
13
|
+
import '../common/utils/pagination.cjs';
|
|
14
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
15
|
+
import '../common/interfaces/list.interface.cjs';
|
|
15
16
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
16
17
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
18
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
19
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
20
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
17
21
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
18
22
|
import '../roles/interfaces/role.interface.cjs';
|
|
23
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
24
|
+
import '../common/interfaces/event.interface.cjs';
|
|
19
25
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
20
26
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
21
27
|
import '../sso/interfaces/connection.interface.cjs';
|
|
@@ -28,9 +34,6 @@ import './interfaces/organization-membership.interface.cjs';
|
|
|
28
34
|
import './interfaces/magic-auth.interface.cjs';
|
|
29
35
|
import './interfaces/password-reset.interface.cjs';
|
|
30
36
|
import './interfaces/session.interface.cjs';
|
|
31
|
-
import '../common/interfaces/list.interface.cjs';
|
|
32
|
-
import '../common/utils/pagination.cjs';
|
|
33
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
34
37
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
35
38
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
36
39
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
@@ -33,7 +33,6 @@ __export(user_management_exports, {
|
|
|
33
33
|
});
|
|
34
34
|
module.exports = __toCommonJS(user_management_exports);
|
|
35
35
|
var import_iron_session = require("iron-session");
|
|
36
|
-
var import_jose = require("jose");
|
|
37
36
|
var clientUserManagement = __toESM(require('../client/user-management.cjs'), 1);
|
|
38
37
|
var import_fetch_and_deserialize = require('../common/utils/fetch-and-deserialize.cjs');
|
|
39
38
|
var import_pagination = require('../common/utils/pagination.cjs');
|
|
@@ -56,6 +55,7 @@ var import_organization_membership2 = require('./serializers/organization-member
|
|
|
56
55
|
var import_send_invitation_options2 = require('./serializers/send-invitation-options.serializer.cjs');
|
|
57
56
|
var import_update_organization_membership_options2 = require('./serializers/update-organization-membership-options.serializer.cjs');
|
|
58
57
|
var import_session = require('./session.cjs');
|
|
58
|
+
var import_jose = require('../utils/jose.cjs');
|
|
59
59
|
class UserManagement {
|
|
60
60
|
constructor(workos) {
|
|
61
61
|
this.workos = workos;
|
|
@@ -67,11 +67,12 @@ class UserManagement {
|
|
|
67
67
|
}
|
|
68
68
|
_jwks;
|
|
69
69
|
clientId;
|
|
70
|
-
|
|
70
|
+
async getJWKS() {
|
|
71
|
+
const { createRemoteJWKSet } = await (0, import_jose.getJose)();
|
|
71
72
|
if (!this.clientId) {
|
|
72
73
|
return;
|
|
73
74
|
}
|
|
74
|
-
this._jwks ??=
|
|
75
|
+
this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {
|
|
75
76
|
cooldownDuration: 1e3 * 60 * 5
|
|
76
77
|
});
|
|
77
78
|
return this._jwks;
|
|
@@ -236,9 +237,11 @@ class UserManagement {
|
|
|
236
237
|
if (!cookiePassword) {
|
|
237
238
|
throw new Error("Cookie password is required");
|
|
238
239
|
}
|
|
239
|
-
|
|
240
|
+
const jwks = await this.getJWKS();
|
|
241
|
+
if (!jwks) {
|
|
240
242
|
throw new Error("Must provide clientId to initialize JWKS");
|
|
241
243
|
}
|
|
244
|
+
const { decodeJwt } = await (0, import_jose.getJose)();
|
|
242
245
|
if (!sessionData) {
|
|
243
246
|
return {
|
|
244
247
|
authenticated: false,
|
|
@@ -268,7 +271,7 @@ class UserManagement {
|
|
|
268
271
|
permissions,
|
|
269
272
|
entitlements,
|
|
270
273
|
feature_flags: featureFlags
|
|
271
|
-
} =
|
|
274
|
+
} = decodeJwt(session.accessToken);
|
|
272
275
|
return {
|
|
273
276
|
authenticated: true,
|
|
274
277
|
sessionId,
|
|
@@ -283,11 +286,13 @@ class UserManagement {
|
|
|
283
286
|
};
|
|
284
287
|
}
|
|
285
288
|
async isValidJwt(accessToken) {
|
|
286
|
-
|
|
289
|
+
const jwks = await this.getJWKS();
|
|
290
|
+
const { jwtVerify } = await (0, import_jose.getJose)();
|
|
291
|
+
if (!jwks) {
|
|
287
292
|
throw new Error("Must provide clientId to initialize JWKS");
|
|
288
293
|
}
|
|
289
294
|
try {
|
|
290
|
-
await
|
|
295
|
+
await jwtVerify(accessToken, jwks);
|
|
291
296
|
return true;
|
|
292
297
|
} catch (e) {
|
|
293
298
|
return false;
|
|
@@ -315,7 +320,8 @@ class UserManagement {
|
|
|
315
320
|
if (!cookiePassword) {
|
|
316
321
|
throw new Error("Cookie password is required");
|
|
317
322
|
}
|
|
318
|
-
const {
|
|
323
|
+
const { decodeJwt } = await (0, import_jose.getJose)();
|
|
324
|
+
const { org_id: organizationIdFromAccessToken } = decodeJwt(
|
|
319
325
|
authenticationResponse.accessToken
|
|
320
326
|
);
|
|
321
327
|
const sessionData = {
|