@workos-inc/node 8.0.0-rc.1 → 8.0.0-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/api-keys/api-keys.cjs +45 -0
- package/lib/cjs/api-keys/api-keys.cjs.map +1 -0
- package/lib/cjs/api-keys/api-keys.d.cts +130 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.cjs +17 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.cjs.map +1 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.d.cts +30 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.cjs +17 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.cjs.map +1 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.d.cts +13 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.cjs +43 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.cjs.map +1 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.d.cts +5 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.cjs +36 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.cjs.map +1 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.d.cts +6 -0
- package/lib/cjs/audit-logs/audit-logs.d.cts +11 -9
- package/lib/cjs/common/interfaces/delete-options.interface.cjs +17 -0
- package/lib/cjs/common/interfaces/delete-options.interface.cjs.map +1 -0
- package/lib/cjs/common/interfaces/delete-options.interface.d.cts +8 -0
- package/lib/cjs/common/utils/fetch-and-deserialize.d.cts +9 -7
- package/lib/cjs/directory-sync/directory-sync.d.cts +3 -1
- package/lib/cjs/events/events.d.cts +10 -8
- package/lib/cjs/fga/fga.d.cts +9 -7
- package/lib/cjs/fga/utils/fetch-and-deserialize-list.d.cts +10 -8
- package/lib/cjs/index.d.cts +3 -1
- package/lib/cjs/index.worker.d.cts +3 -1
- package/lib/cjs/mfa/mfa.d.cts +11 -9
- package/lib/cjs/organization-domains/organization-domains.d.cts +11 -9
- package/lib/cjs/organizations/organizations.d.cts +8 -6
- package/lib/cjs/passwordless/passwordless.d.cts +11 -9
- package/lib/cjs/portal/portal.d.cts +11 -9
- package/lib/cjs/sso/sso.d.cts +8 -6
- package/lib/cjs/user-management/session.cjs +10 -8
- package/lib/cjs/user-management/session.cjs.map +1 -1
- package/lib/cjs/user-management/session.d.cts +11 -9
- package/lib/cjs/user-management/user-management.cjs +14 -8
- package/lib/cjs/user-management/user-management.cjs.map +1 -1
- package/lib/cjs/user-management/user-management.d.cts +8 -6
- package/lib/cjs/utils/jose.cjs +44 -0
- package/lib/cjs/utils/jose.cjs.map +1 -0
- package/lib/cjs/utils/jose.d.cts +17 -0
- package/lib/cjs/vault/vault.d.cts +9 -7
- package/lib/cjs/widgets/widgets.d.cts +11 -9
- package/lib/cjs/workos-BjsIEalN.d.cts +399 -0
- package/lib/cjs/workos-X1cDErJB.d.cts +405 -0
- package/lib/cjs/workos-ZPbUKdml.d.cts +397 -0
- package/lib/cjs/workos.cjs +3 -1
- package/lib/cjs/workos.cjs.map +1 -1
- package/lib/cjs/workos.d.cts +11 -9
- package/lib/esm/api-keys/api-keys.d.ts +130 -0
- package/lib/esm/api-keys/api-keys.js +22 -0
- package/lib/esm/api-keys/api-keys.js.map +1 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.d.ts +30 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.js +1 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.js.map +1 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.d.ts +13 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.js +1 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.js.map +1 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.d.ts +5 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.js +20 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.js.map +1 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.d.ts +6 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.js +13 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.js.map +1 -0
- package/lib/esm/audit-logs/audit-logs.d.ts +11 -9
- package/lib/esm/common/utils/fetch-and-deserialize.d.ts +9 -7
- package/lib/esm/directory-sync/directory-sync.d.ts +3 -1
- package/lib/esm/events/events.d.ts +10 -8
- package/lib/esm/fga/fga.d.ts +9 -7
- package/lib/esm/fga/utils/fetch-and-deserialize-list.d.ts +10 -8
- package/lib/esm/index.d.ts +3 -1
- package/lib/esm/index.worker.d.ts +3 -1
- package/lib/esm/mfa/mfa.d.ts +11 -9
- package/lib/esm/organization-domains/organization-domains.d.ts +11 -9
- package/lib/esm/organizations/organizations.d.ts +8 -6
- package/lib/esm/passwordless/passwordless.d.ts +11 -9
- package/lib/esm/portal/portal.d.ts +11 -9
- package/lib/esm/sso/sso.d.ts +8 -6
- package/lib/esm/user-management/session.d.ts +11 -9
- package/lib/esm/user-management/session.js +7 -5
- package/lib/esm/user-management/session.js.map +1 -1
- package/lib/esm/user-management/user-management.d.ts +8 -6
- package/lib/esm/user-management/user-management.js +11 -5
- package/lib/esm/user-management/user-management.js.map +1 -1
- package/lib/esm/utils/jose.d.ts +17 -0
- package/lib/esm/utils/jose.js +11 -0
- package/lib/esm/utils/jose.js.map +1 -0
- package/lib/esm/vault/vault.d.ts +9 -7
- package/lib/esm/widgets/widgets.d.ts +11 -9
- package/lib/esm/{workos-e5MfmByv.d.ts → workos-DLj13cxf.d.ts} +18 -11
- package/lib/esm/workos.d.ts +11 -9
- package/lib/esm/workos.js +3 -1
- package/lib/esm/workos.js.map +1 -1
- package/package.json +6 -2
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { a as OrganizationDomains } from '../workos-
|
|
1
|
+
export { a as OrganizationDomains } from '../workos-DLj13cxf.js';
|
|
2
2
|
import './interfaces/create-organization-domain-options.interface.js';
|
|
3
3
|
import './interfaces/organization-domain.interface.js';
|
|
4
4
|
import '../common/interfaces/get-options.interface.js';
|
|
@@ -6,12 +6,18 @@ import '../common/interfaces/post-options.interface.js';
|
|
|
6
6
|
import '../common/interfaces/put-options.interface.js';
|
|
7
7
|
import '../common/interfaces/workos-options.interface.js';
|
|
8
8
|
import '../common/interfaces/app-info.interface.js';
|
|
9
|
-
import '../
|
|
10
|
-
import '../common/interfaces/
|
|
9
|
+
import '../common/utils/pagination.js';
|
|
10
|
+
import '../common/interfaces/pagination-options.interface.js';
|
|
11
|
+
import '../common/interfaces/list.interface.js';
|
|
11
12
|
import '../directory-sync/interfaces/directory.interface.js';
|
|
12
13
|
import '../directory-sync/interfaces/directory-group.interface.js';
|
|
14
|
+
import '../directory-sync/interfaces/list-directories-options.interface.js';
|
|
15
|
+
import '../directory-sync/interfaces/list-groups-options.interface.js';
|
|
16
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
13
17
|
import '../directory-sync/interfaces/directory-user.interface.js';
|
|
14
18
|
import '../roles/interfaces/role.interface.js';
|
|
19
|
+
import '../events/interfaces/list-events-options.interface.js';
|
|
20
|
+
import '../common/interfaces/event.interface.js';
|
|
15
21
|
import '../organizations/interfaces/organization.interface.js';
|
|
16
22
|
import '../sso/interfaces/connection.interface.js';
|
|
17
23
|
import '../sso/interfaces/connection-type.enum.js';
|
|
@@ -25,9 +31,6 @@ import '../user-management/interfaces/magic-auth.interface.js';
|
|
|
25
31
|
import '../user-management/interfaces/password-reset.interface.js';
|
|
26
32
|
import '../user-management/interfaces/session.interface.js';
|
|
27
33
|
import '../user-management/interfaces/impersonator.interface.js';
|
|
28
|
-
import '../common/interfaces/list.interface.js';
|
|
29
|
-
import '../common/utils/pagination.js';
|
|
30
|
-
import '../common/interfaces/pagination-options.interface.js';
|
|
31
34
|
import '../organizations/interfaces/create-organization-options.interface.js';
|
|
32
35
|
import '../organizations/interfaces/domain-data.interface.js';
|
|
33
36
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.js';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.js';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.js';
|
|
124
127
|
import '../vault/interfaces/object.interface.js';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.js';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.js';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.js';
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import '../common/utils/pagination.js';
|
|
2
|
-
export { O as Organizations } from '../workos-
|
|
2
|
+
export { O as Organizations } from '../workos-DLj13cxf.js';
|
|
3
3
|
import './interfaces/create-organization-options.interface.js';
|
|
4
4
|
import './interfaces/list-organization-feature-flags-options.interface.js';
|
|
5
5
|
import './interfaces/list-organizations-options.interface.js';
|
|
@@ -15,11 +15,14 @@ import '../common/interfaces/post-options.interface.js';
|
|
|
15
15
|
import '../common/interfaces/put-options.interface.js';
|
|
16
16
|
import '../common/interfaces/workos-options.interface.js';
|
|
17
17
|
import '../common/interfaces/app-info.interface.js';
|
|
18
|
-
import '../events/interfaces/list-events-options.interface.js';
|
|
19
|
-
import '../common/interfaces/event.interface.js';
|
|
20
18
|
import '../directory-sync/interfaces/directory.interface.js';
|
|
21
19
|
import '../directory-sync/interfaces/directory-group.interface.js';
|
|
20
|
+
import '../directory-sync/interfaces/list-directories-options.interface.js';
|
|
21
|
+
import '../directory-sync/interfaces/list-groups-options.interface.js';
|
|
22
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
22
23
|
import '../directory-sync/interfaces/directory-user.interface.js';
|
|
24
|
+
import '../events/interfaces/list-events-options.interface.js';
|
|
25
|
+
import '../common/interfaces/event.interface.js';
|
|
23
26
|
import '../sso/interfaces/connection.interface.js';
|
|
24
27
|
import '../sso/interfaces/connection-type.enum.js';
|
|
25
28
|
import '../user-management/interfaces/user.interface.js';
|
|
@@ -122,7 +125,6 @@ import '../vault/interfaces/object/delete-object.interface.js';
|
|
|
122
125
|
import '../vault/interfaces/object/read-object.interface.js';
|
|
123
126
|
import '../vault/interfaces/object.interface.js';
|
|
124
127
|
import '../vault/interfaces/object/update-object.interface.js';
|
|
125
|
-
import '../
|
|
126
|
-
import '../
|
|
127
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
128
|
+
import '../api-keys/interfaces/validate-api-key.interface.js';
|
|
129
|
+
import '../api-keys/interfaces/api-key.interface.js';
|
|
128
130
|
import './interfaces/domain-data.interface.js';
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { P as Passwordless } from '../workos-
|
|
1
|
+
export { P as Passwordless } from '../workos-DLj13cxf.js';
|
|
2
2
|
import './interfaces/passwordless-session.interface.js';
|
|
3
3
|
import './interfaces/create-passwordless-session-options.interface.js';
|
|
4
4
|
import './interfaces/send-session-response.interface.js';
|
|
@@ -7,12 +7,18 @@ import '../common/interfaces/post-options.interface.js';
|
|
|
7
7
|
import '../common/interfaces/put-options.interface.js';
|
|
8
8
|
import '../common/interfaces/workos-options.interface.js';
|
|
9
9
|
import '../common/interfaces/app-info.interface.js';
|
|
10
|
-
import '../
|
|
11
|
-
import '../common/interfaces/
|
|
10
|
+
import '../common/utils/pagination.js';
|
|
11
|
+
import '../common/interfaces/pagination-options.interface.js';
|
|
12
|
+
import '../common/interfaces/list.interface.js';
|
|
12
13
|
import '../directory-sync/interfaces/directory.interface.js';
|
|
13
14
|
import '../directory-sync/interfaces/directory-group.interface.js';
|
|
15
|
+
import '../directory-sync/interfaces/list-directories-options.interface.js';
|
|
16
|
+
import '../directory-sync/interfaces/list-groups-options.interface.js';
|
|
17
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
14
18
|
import '../directory-sync/interfaces/directory-user.interface.js';
|
|
15
19
|
import '../roles/interfaces/role.interface.js';
|
|
20
|
+
import '../events/interfaces/list-events-options.interface.js';
|
|
21
|
+
import '../common/interfaces/event.interface.js';
|
|
16
22
|
import '../organizations/interfaces/organization.interface.js';
|
|
17
23
|
import '../organization-domains/interfaces/organization-domain.interface.js';
|
|
18
24
|
import '../sso/interfaces/connection.interface.js';
|
|
@@ -27,9 +33,6 @@ import '../user-management/interfaces/magic-auth.interface.js';
|
|
|
27
33
|
import '../user-management/interfaces/password-reset.interface.js';
|
|
28
34
|
import '../user-management/interfaces/session.interface.js';
|
|
29
35
|
import '../user-management/interfaces/impersonator.interface.js';
|
|
30
|
-
import '../common/interfaces/list.interface.js';
|
|
31
|
-
import '../common/utils/pagination.js';
|
|
32
|
-
import '../common/interfaces/pagination-options.interface.js';
|
|
33
36
|
import '../organizations/interfaces/create-organization-options.interface.js';
|
|
34
37
|
import '../organizations/interfaces/domain-data.interface.js';
|
|
35
38
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.js';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.js';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.js';
|
|
124
127
|
import '../vault/interfaces/object.interface.js';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.js';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.js';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.js';
|
|
@@ -1,16 +1,22 @@
|
|
|
1
|
-
export { b as Portal } from '../workos-
|
|
1
|
+
export { b as Portal } from '../workos-DLj13cxf.js';
|
|
2
2
|
import './interfaces/generate-portal-link-intent.interface.js';
|
|
3
3
|
import '../common/interfaces/get-options.interface.js';
|
|
4
4
|
import '../common/interfaces/post-options.interface.js';
|
|
5
5
|
import '../common/interfaces/put-options.interface.js';
|
|
6
6
|
import '../common/interfaces/workos-options.interface.js';
|
|
7
7
|
import '../common/interfaces/app-info.interface.js';
|
|
8
|
-
import '../
|
|
9
|
-
import '../common/interfaces/
|
|
8
|
+
import '../common/utils/pagination.js';
|
|
9
|
+
import '../common/interfaces/pagination-options.interface.js';
|
|
10
|
+
import '../common/interfaces/list.interface.js';
|
|
10
11
|
import '../directory-sync/interfaces/directory.interface.js';
|
|
11
12
|
import '../directory-sync/interfaces/directory-group.interface.js';
|
|
13
|
+
import '../directory-sync/interfaces/list-directories-options.interface.js';
|
|
14
|
+
import '../directory-sync/interfaces/list-groups-options.interface.js';
|
|
15
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
12
16
|
import '../directory-sync/interfaces/directory-user.interface.js';
|
|
13
17
|
import '../roles/interfaces/role.interface.js';
|
|
18
|
+
import '../events/interfaces/list-events-options.interface.js';
|
|
19
|
+
import '../common/interfaces/event.interface.js';
|
|
14
20
|
import '../organizations/interfaces/organization.interface.js';
|
|
15
21
|
import '../organization-domains/interfaces/organization-domain.interface.js';
|
|
16
22
|
import '../sso/interfaces/connection.interface.js';
|
|
@@ -25,9 +31,6 @@ import '../user-management/interfaces/magic-auth.interface.js';
|
|
|
25
31
|
import '../user-management/interfaces/password-reset.interface.js';
|
|
26
32
|
import '../user-management/interfaces/session.interface.js';
|
|
27
33
|
import '../user-management/interfaces/impersonator.interface.js';
|
|
28
|
-
import '../common/interfaces/list.interface.js';
|
|
29
|
-
import '../common/utils/pagination.js';
|
|
30
|
-
import '../common/interfaces/pagination-options.interface.js';
|
|
31
34
|
import '../organizations/interfaces/create-organization-options.interface.js';
|
|
32
35
|
import '../organizations/interfaces/domain-data.interface.js';
|
|
33
36
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.js';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.js';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.js';
|
|
124
127
|
import '../vault/interfaces/object.interface.js';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.js';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.js';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.js';
|
package/lib/esm/sso/sso.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import '../common/interfaces/unknown-record.interface.js';
|
|
2
2
|
import '../common/utils/pagination.js';
|
|
3
|
-
export { S as SSO } from '../workos-
|
|
3
|
+
export { S as SSO } from '../workos-DLj13cxf.js';
|
|
4
4
|
import './interfaces/authorization-url-options.interface.js';
|
|
5
5
|
import './interfaces/connection.interface.js';
|
|
6
6
|
import './interfaces/get-profile-options.interface.js';
|
|
@@ -15,12 +15,15 @@ import '../common/interfaces/post-options.interface.js';
|
|
|
15
15
|
import '../common/interfaces/put-options.interface.js';
|
|
16
16
|
import '../common/interfaces/workos-options.interface.js';
|
|
17
17
|
import '../common/interfaces/app-info.interface.js';
|
|
18
|
-
import '../events/interfaces/list-events-options.interface.js';
|
|
19
|
-
import '../common/interfaces/event.interface.js';
|
|
20
18
|
import '../directory-sync/interfaces/directory.interface.js';
|
|
21
19
|
import '../directory-sync/interfaces/directory-group.interface.js';
|
|
20
|
+
import '../directory-sync/interfaces/list-directories-options.interface.js';
|
|
21
|
+
import '../directory-sync/interfaces/list-groups-options.interface.js';
|
|
22
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
22
23
|
import '../directory-sync/interfaces/directory-user.interface.js';
|
|
23
24
|
import '../roles/interfaces/role.interface.js';
|
|
25
|
+
import '../events/interfaces/list-events-options.interface.js';
|
|
26
|
+
import '../common/interfaces/event.interface.js';
|
|
24
27
|
import '../organizations/interfaces/organization.interface.js';
|
|
25
28
|
import '../organization-domains/interfaces/organization-domain.interface.js';
|
|
26
29
|
import '../user-management/interfaces/user.interface.js';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.js';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.js';
|
|
124
127
|
import '../vault/interfaces/object.interface.js';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.js';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.js';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.js';
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import './interfaces/authenticate-with-session-cookie.interface.js';
|
|
2
2
|
import './interfaces/refresh-and-seal-session-data.interface.js';
|
|
3
|
-
export { C as CookieSession } from '../workos-
|
|
3
|
+
export { C as CookieSession } from '../workos-DLj13cxf.js';
|
|
4
4
|
import './interfaces/authentication-response.interface.js';
|
|
5
5
|
import './interfaces/impersonator.interface.js';
|
|
6
6
|
import './interfaces/oauth-tokens.interface.js';
|
|
@@ -10,12 +10,18 @@ import '../common/interfaces/post-options.interface.js';
|
|
|
10
10
|
import '../common/interfaces/put-options.interface.js';
|
|
11
11
|
import '../common/interfaces/workos-options.interface.js';
|
|
12
12
|
import '../common/interfaces/app-info.interface.js';
|
|
13
|
-
import '../
|
|
14
|
-
import '../common/interfaces/
|
|
13
|
+
import '../common/utils/pagination.js';
|
|
14
|
+
import '../common/interfaces/pagination-options.interface.js';
|
|
15
|
+
import '../common/interfaces/list.interface.js';
|
|
15
16
|
import '../directory-sync/interfaces/directory.interface.js';
|
|
16
17
|
import '../directory-sync/interfaces/directory-group.interface.js';
|
|
18
|
+
import '../directory-sync/interfaces/list-directories-options.interface.js';
|
|
19
|
+
import '../directory-sync/interfaces/list-groups-options.interface.js';
|
|
20
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
17
21
|
import '../directory-sync/interfaces/directory-user.interface.js';
|
|
18
22
|
import '../roles/interfaces/role.interface.js';
|
|
23
|
+
import '../events/interfaces/list-events-options.interface.js';
|
|
24
|
+
import '../common/interfaces/event.interface.js';
|
|
19
25
|
import '../organizations/interfaces/organization.interface.js';
|
|
20
26
|
import '../organization-domains/interfaces/organization-domain.interface.js';
|
|
21
27
|
import '../sso/interfaces/connection.interface.js';
|
|
@@ -28,9 +34,6 @@ import './interfaces/organization-membership.interface.js';
|
|
|
28
34
|
import './interfaces/magic-auth.interface.js';
|
|
29
35
|
import './interfaces/password-reset.interface.js';
|
|
30
36
|
import './interfaces/session.interface.js';
|
|
31
|
-
import '../common/interfaces/list.interface.js';
|
|
32
|
-
import '../common/utils/pagination.js';
|
|
33
|
-
import '../common/interfaces/pagination-options.interface.js';
|
|
34
37
|
import '../organizations/interfaces/create-organization-options.interface.js';
|
|
35
38
|
import '../organizations/interfaces/domain-data.interface.js';
|
|
36
39
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.js';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.js';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.js';
|
|
124
127
|
import '../vault/interfaces/object.interface.js';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.js';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.js';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.js';
|
|
@@ -1,17 +1,16 @@
|
|
|
1
1
|
var __defProp = Object.defineProperty;
|
|
2
2
|
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
3
|
-
import { decodeJwt, jwtVerify } from "jose";
|
|
4
3
|
import { OauthException } from "../common/exceptions/oauth.exception.js";
|
|
5
4
|
import {
|
|
6
5
|
AuthenticateWithSessionCookieFailureReason,
|
|
7
6
|
RefreshSessionFailureReason
|
|
8
7
|
} from "./interfaces/index.js";
|
|
9
8
|
import { unsealData } from "iron-session";
|
|
9
|
+
import { getJose } from "../utils/jose.js";
|
|
10
10
|
class CookieSession {
|
|
11
11
|
static {
|
|
12
12
|
__name(this, "CookieSession");
|
|
13
13
|
}
|
|
14
|
-
jwks;
|
|
15
14
|
userManagement;
|
|
16
15
|
cookiePassword;
|
|
17
16
|
sessionData;
|
|
@@ -22,7 +21,6 @@ class CookieSession {
|
|
|
22
21
|
this.userManagement = userManagement;
|
|
23
22
|
this.cookiePassword = cookiePassword;
|
|
24
23
|
this.sessionData = sessionData;
|
|
25
|
-
this.jwks = this.userManagement.jwks;
|
|
26
24
|
}
|
|
27
25
|
/**
|
|
28
26
|
* Authenticates a user with a session cookie.
|
|
@@ -59,6 +57,7 @@ class CookieSession {
|
|
|
59
57
|
reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT
|
|
60
58
|
};
|
|
61
59
|
}
|
|
60
|
+
const { decodeJwt } = await getJose();
|
|
62
61
|
const {
|
|
63
62
|
sid: sessionId,
|
|
64
63
|
org_id: organizationId,
|
|
@@ -91,6 +90,7 @@ class CookieSession {
|
|
|
91
90
|
* @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.
|
|
92
91
|
*/
|
|
93
92
|
async refresh(options = {}) {
|
|
93
|
+
const { decodeJwt } = await getJose();
|
|
94
94
|
const session = await unsealData(this.sessionData, {
|
|
95
95
|
password: this.cookiePassword
|
|
96
96
|
});
|
|
@@ -172,13 +172,15 @@ class CookieSession {
|
|
|
172
172
|
});
|
|
173
173
|
}
|
|
174
174
|
async isValidJwt(accessToken) {
|
|
175
|
-
|
|
175
|
+
const { jwtVerify } = await getJose();
|
|
176
|
+
const jwks = await this.userManagement.getJWKS();
|
|
177
|
+
if (!jwks) {
|
|
176
178
|
throw new Error(
|
|
177
179
|
"Missing client ID. Did you provide it when initializing WorkOS?"
|
|
178
180
|
);
|
|
179
181
|
}
|
|
180
182
|
try {
|
|
181
|
-
await jwtVerify(accessToken,
|
|
183
|
+
await jwtVerify(accessToken, jwks);
|
|
182
184
|
return true;
|
|
183
185
|
} catch (e) {
|
|
184
186
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/user-management/session.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n\n this.jwks = this.userManagement.jwks;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;AAAA,SAA6B,WAAW,iBAAiB;AACzD,SAAS,sBAAsB;AAC/B;AAAA,EAGE;AAAA,EAGA;AAAA,OAGK;AAEP,SAAS,kBAAkB;AAOpB,MAAM,cAAc;AAAA,EApB3B,OAoB2B;AAAA;AAAA;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,gBACA,aACA,gBACA;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAEA,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AAEnB,SAAK,OAAO,KAAK,eAAe;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAGJ;AACA,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI;AAEJ,QAAI;AACF,gBAAU,MAAM,WAA8B,KAAK,aAAa;AAAA,QAC9D,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,2CAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,UAA0B,CAAC,GAAoC;AAC3E,UAAM,UAAU,MAAM,WAA8B,KAAK,aAAa;AAAA,MACpE,UAAU,KAAK;AAAA,IACjB,CAAC;AAED,QAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,MAAM;AAC1C,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,4BAA4B;AAAA,MACtC;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,QAAQ;AAAA,IACV;AAEA,QAAI;AACF,YAAM,iBAAiB,QAAQ,kBAAkB,KAAK;AAEtD,YAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;AAAA,QACrD,UAAU,KAAK,eAAe;AAAA,QAC9B,cAAc,QAAQ;AAAA,QACtB,gBACE,QAAQ,kBAAkB;AAAA,QAC5B,SAAS;AAAA;AAAA,UAEP,aAAa;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AAGH,UAAI,QAAQ,gBAAgB;AAC1B,aAAK,iBAAiB,QAAQ;AAAA,MAChC;AAEA,WAAK,cAAc,uBAAuB;AAE1C,YAAM;AAAA,QACJ,KAAK;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,MACjB,IAAI,UAAuB,uBAAuB,WAAW;AAI7D,aAAO;AAAA,QACL,eAAe;AAAA,QACf,eAAe,uBAAuB;AAAA,QACtC,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,OAAO;AACd,UACE,iBAAiB;AAAA,OAEhB,MAAM,UAAU,4BAA4B,iBAC3C,MAAM,UAAU,4BAA4B,kBAC5C,MAAM,UAAU,4BAA4B,eAC9C;AACA,eAAO;AAAA,UACL,eAAe;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB;AAAA,MACF;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa;AAAA,IACjB;AAAA,EACF,IAA2B,CAAC,GAAoB;AAC9C,UAAM,yBAAyB,MAAM,KAAK,aAAa;AAEvD,QAAI,CAAC,uBAAuB,eAAe;AACzC,YAAM,EAAE,OAAO,IAAI;AACnB,YAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,IAC1E;AAEA,WAAO,KAAK,eAAe,aAAa;AAAA,MACtC,WAAW,uBAAuB;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;AAAA,SAAS,sBAAsB;AAC/B;AAAA,EAGE;AAAA,EAGA;AAAA,OAGK;AAEP,SAAS,kBAAkB;AAC3B,SAAS,eAAe;AAOjB,MAAM,cAAc;AAAA,EApB3B,OAoB2B;AAAA;AAAA;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,gBACA,aACA,gBACA;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAEA,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAGJ;AACA,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI;AAEJ,QAAI;AACF,gBAAU,MAAM,WAA8B,KAAK,aAAa;AAAA,QAC9D,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,2CAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,2CAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,EAAE,UAAU,IAAI,MAAM,QAAQ;AAEpC,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,UAA0B,CAAC,GAAoC;AAC3E,UAAM,EAAE,UAAU,IAAI,MAAM,QAAQ;AACpC,UAAM,UAAU,MAAM,WAA8B,KAAK,aAAa;AAAA,MACpE,UAAU,KAAK;AAAA,IACjB,CAAC;AAED,QAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,MAAM;AAC1C,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,4BAA4B;AAAA,MACtC;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,QAAQ;AAAA,IACV;AAEA,QAAI;AACF,YAAM,iBAAiB,QAAQ,kBAAkB,KAAK;AAEtD,YAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;AAAA,QACrD,UAAU,KAAK,eAAe;AAAA,QAC9B,cAAc,QAAQ;AAAA,QACtB,gBACE,QAAQ,kBAAkB;AAAA,QAC5B,SAAS;AAAA;AAAA,UAEP,aAAa;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AAGH,UAAI,QAAQ,gBAAgB;AAC1B,aAAK,iBAAiB,QAAQ;AAAA,MAChC;AAEA,WAAK,cAAc,uBAAuB;AAE1C,YAAM;AAAA,QACJ,KAAK;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,MACjB,IAAI,UAAuB,uBAAuB,WAAW;AAI7D,aAAO;AAAA,QACL,eAAe;AAAA,QACf,eAAe,uBAAuB;AAAA,QACtC,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,OAAO;AACd,UACE,iBAAiB;AAAA,OAEhB,MAAM,UAAU,4BAA4B,iBAC3C,MAAM,UAAU,4BAA4B,kBAC5C,MAAM,UAAU,4BAA4B,eAC9C;AACA,eAAO;AAAA,UACL,eAAe;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB;AAAA,MACF;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa;AAAA,IACjB;AAAA,EACF,IAA2B,CAAC,GAAoB;AAC9C,UAAM,yBAAyB,MAAM,KAAK,aAAa;AAEvD,QAAI,CAAC,uBAAuB,eAAe;AACzC,YAAM,EAAE,OAAO,IAAI;AACnB,YAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,IAC1E;AAEA,WAAO,KAAK,eAAe,aAAa;AAAA,MACtC,WAAW,uBAAuB;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,UAAM,EAAE,UAAU,IAAI,MAAM,QAAQ;AACpC,UAAM,OAAO,MAAM,KAAK,eAAe,QAAQ;AAC/C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,IAAI;AACjC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
|
|
@@ -4,7 +4,7 @@ import '../common/interfaces/pagination-options.interface.js';
|
|
|
4
4
|
import '../common/utils/pagination.js';
|
|
5
5
|
import '../mfa/interfaces/challenge.interface.js';
|
|
6
6
|
import '../feature-flags/interfaces/feature-flag.interface.js';
|
|
7
|
-
export { U as UserManagement } from '../workos-
|
|
7
|
+
export { U as UserManagement } from '../workos-DLj13cxf.js';
|
|
8
8
|
import './interfaces/authenticate-with-code-options.interface.js';
|
|
9
9
|
import './interfaces/authenticate-with-code-and-verifier-options.interface.js';
|
|
10
10
|
import './interfaces/authenticate-with-email-verification-options.interface.js';
|
|
@@ -50,12 +50,15 @@ import '../common/interfaces/post-options.interface.js';
|
|
|
50
50
|
import '../common/interfaces/put-options.interface.js';
|
|
51
51
|
import '../common/interfaces/workos-options.interface.js';
|
|
52
52
|
import '../common/interfaces/app-info.interface.js';
|
|
53
|
-
import '../events/interfaces/list-events-options.interface.js';
|
|
54
|
-
import '../common/interfaces/event.interface.js';
|
|
55
53
|
import '../directory-sync/interfaces/directory.interface.js';
|
|
56
54
|
import '../directory-sync/interfaces/directory-group.interface.js';
|
|
55
|
+
import '../directory-sync/interfaces/list-directories-options.interface.js';
|
|
56
|
+
import '../directory-sync/interfaces/list-groups-options.interface.js';
|
|
57
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
57
58
|
import '../directory-sync/interfaces/directory-user.interface.js';
|
|
58
59
|
import '../roles/interfaces/role.interface.js';
|
|
60
|
+
import '../events/interfaces/list-events-options.interface.js';
|
|
61
|
+
import '../common/interfaces/event.interface.js';
|
|
59
62
|
import '../organizations/interfaces/organization.interface.js';
|
|
60
63
|
import '../organization-domains/interfaces/organization-domain.interface.js';
|
|
61
64
|
import '../sso/interfaces/connection.interface.js';
|
|
@@ -121,8 +124,7 @@ import '../vault/interfaces/object/delete-object.interface.js';
|
|
|
121
124
|
import '../vault/interfaces/object/read-object.interface.js';
|
|
122
125
|
import '../vault/interfaces/object.interface.js';
|
|
123
126
|
import '../vault/interfaces/object/update-object.interface.js';
|
|
124
|
-
import '../
|
|
125
|
-
import '../
|
|
126
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.js';
|
|
127
|
+
import '../api-keys/interfaces/validate-api-key.interface.js';
|
|
128
|
+
import '../api-keys/interfaces/api-key.interface.js';
|
|
127
129
|
import './interfaces/authenticate-with-options-base.interface.js';
|
|
128
130
|
import './interfaces/password-hash-type.interface.js';
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
var __defProp = Object.defineProperty;
|
|
2
2
|
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
3
3
|
import { sealData, unsealData } from "iron-session";
|
|
4
|
-
import { createRemoteJWKSet, decodeJwt, jwtVerify } from "jose";
|
|
5
4
|
import * as clientUserManagement from "../client/user-management.js";
|
|
6
5
|
import { fetchAndDeserialize } from "../common/utils/fetch-and-deserialize.js";
|
|
7
6
|
import { AutoPaginatable } from "../common/utils/pagination.js";
|
|
@@ -49,6 +48,7 @@ import { deserializeOrganizationMembership } from "./serializers/organization-me
|
|
|
49
48
|
import { serializeSendInvitationOptions } from "./serializers/send-invitation-options.serializer.js";
|
|
50
49
|
import { serializeUpdateOrganizationMembershipOptions } from "./serializers/update-organization-membership-options.serializer.js";
|
|
51
50
|
import { CookieSession } from "./session.js";
|
|
51
|
+
import { getJose } from "../utils/jose.js";
|
|
52
52
|
class UserManagement {
|
|
53
53
|
constructor(workos) {
|
|
54
54
|
this.workos = workos;
|
|
@@ -60,7 +60,8 @@ class UserManagement {
|
|
|
60
60
|
}
|
|
61
61
|
_jwks;
|
|
62
62
|
clientId;
|
|
63
|
-
|
|
63
|
+
async getJWKS() {
|
|
64
|
+
const { createRemoteJWKSet } = await getJose();
|
|
64
65
|
if (!this.clientId) {
|
|
65
66
|
return;
|
|
66
67
|
}
|
|
@@ -229,9 +230,11 @@ class UserManagement {
|
|
|
229
230
|
if (!cookiePassword) {
|
|
230
231
|
throw new Error("Cookie password is required");
|
|
231
232
|
}
|
|
232
|
-
|
|
233
|
+
const jwks = await this.getJWKS();
|
|
234
|
+
if (!jwks) {
|
|
233
235
|
throw new Error("Must provide clientId to initialize JWKS");
|
|
234
236
|
}
|
|
237
|
+
const { decodeJwt } = await getJose();
|
|
235
238
|
if (!sessionData) {
|
|
236
239
|
return {
|
|
237
240
|
authenticated: false,
|
|
@@ -276,11 +279,13 @@ class UserManagement {
|
|
|
276
279
|
};
|
|
277
280
|
}
|
|
278
281
|
async isValidJwt(accessToken) {
|
|
279
|
-
|
|
282
|
+
const jwks = await this.getJWKS();
|
|
283
|
+
const { jwtVerify } = await getJose();
|
|
284
|
+
if (!jwks) {
|
|
280
285
|
throw new Error("Must provide clientId to initialize JWKS");
|
|
281
286
|
}
|
|
282
287
|
try {
|
|
283
|
-
await jwtVerify(accessToken,
|
|
288
|
+
await jwtVerify(accessToken, jwks);
|
|
284
289
|
return true;
|
|
285
290
|
} catch (e) {
|
|
286
291
|
return false;
|
|
@@ -308,6 +313,7 @@ class UserManagement {
|
|
|
308
313
|
if (!cookiePassword) {
|
|
309
314
|
throw new Error("Cookie password is required");
|
|
310
315
|
}
|
|
316
|
+
const { decodeJwt } = await getJose();
|
|
311
317
|
const { org_id: organizationIdFromAccessToken } = decodeJwt(
|
|
312
318
|
authenticationResponse.accessToken
|
|
313
319
|
);
|