@workos-inc/node 8.0.0-rc.1 → 8.0.0-rc.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/api-keys/api-keys.cjs +45 -0
- package/lib/cjs/api-keys/api-keys.cjs.map +1 -0
- package/lib/cjs/api-keys/api-keys.d.cts +130 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.cjs +17 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.cjs.map +1 -0
- package/lib/cjs/api-keys/interfaces/api-key.interface.d.cts +30 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.cjs +17 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.cjs.map +1 -0
- package/lib/cjs/api-keys/interfaces/validate-api-key.interface.d.cts +13 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.cjs +43 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.cjs.map +1 -0
- package/lib/cjs/api-keys/serializers/api-key.serializer.d.cts +5 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.cjs +36 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.cjs.map +1 -0
- package/lib/cjs/api-keys/serializers/validate-api-key.serializer.d.cts +6 -0
- package/lib/cjs/audit-logs/audit-logs.d.cts +11 -9
- package/lib/cjs/client/sso.cjs +2 -2
- package/lib/cjs/client/sso.cjs.map +1 -1
- package/lib/cjs/client/user-management.cjs +2 -2
- package/lib/cjs/client/user-management.cjs.map +1 -1
- package/lib/cjs/common/exceptions/unprocessable-entity.exception.cjs +1 -12
- package/lib/cjs/common/exceptions/unprocessable-entity.exception.cjs.map +1 -1
- package/lib/cjs/common/net/fetch-client.cjs +4 -4
- package/lib/cjs/common/net/fetch-client.cjs.map +1 -1
- package/lib/cjs/common/net/http-client.cjs +4 -1
- package/lib/cjs/common/net/http-client.cjs.map +1 -1
- package/lib/cjs/common/net/http-client.d.cts +1 -0
- package/lib/cjs/common/utils/fetch-and-deserialize.d.cts +9 -7
- package/lib/cjs/common/utils/leb128.cjs +101 -0
- package/lib/cjs/common/utils/leb128.cjs.map +1 -0
- package/lib/cjs/common/utils/leb128.d.cts +24 -0
- package/lib/cjs/common/utils/query-string.cjs +66 -0
- package/lib/cjs/common/utils/query-string.cjs.map +1 -0
- package/lib/cjs/common/utils/query-string.d.cts +11 -0
- package/lib/cjs/directory-sync/directory-sync.d.cts +3 -1
- package/lib/cjs/events/events.d.cts +10 -8
- package/lib/cjs/fga/fga.d.cts +9 -7
- package/lib/cjs/fga/utils/fetch-and-deserialize-list.d.cts +10 -8
- package/lib/cjs/index.d.cts +3 -1
- package/lib/cjs/index.worker.d.cts +3 -1
- package/lib/cjs/mfa/mfa.d.cts +11 -9
- package/lib/cjs/organization-domains/organization-domains.d.cts +11 -9
- package/lib/cjs/organizations/organizations.d.cts +8 -6
- package/lib/cjs/passwordless/passwordless.d.cts +11 -9
- package/lib/cjs/portal/portal.d.cts +11 -9
- package/lib/cjs/sso/sso.d.cts +8 -6
- package/lib/cjs/user-management/session.cjs +10 -8
- package/lib/cjs/user-management/session.cjs.map +1 -1
- package/lib/cjs/user-management/session.d.cts +11 -9
- package/lib/cjs/user-management/user-management.cjs +14 -8
- package/lib/cjs/user-management/user-management.cjs.map +1 -1
- package/lib/cjs/user-management/user-management.d.cts +8 -6
- package/lib/cjs/{client/utils.cjs → utils/jose.cjs} +11 -16
- package/lib/cjs/utils/jose.cjs.map +1 -0
- package/lib/cjs/utils/jose.d.cts +17 -0
- package/lib/cjs/vault/vault.cjs +3 -3
- package/lib/cjs/vault/vault.cjs.map +1 -1
- package/lib/cjs/vault/vault.d.cts +9 -7
- package/lib/cjs/widgets/interfaces/get-token.cjs.map +1 -1
- package/lib/cjs/widgets/interfaces/get-token.d.cts +1 -1
- package/lib/cjs/widgets/widgets.d.cts +11 -9
- package/lib/cjs/{workos-BcNRiAbw.d.cts → workos-X1cDErJB.d.cts} +18 -11
- package/lib/cjs/workos.cjs +3 -1
- package/lib/cjs/workos.cjs.map +1 -1
- package/lib/cjs/workos.d.cts +11 -9
- package/lib/esm/api-keys/api-keys.d.ts +130 -0
- package/lib/esm/api-keys/api-keys.js +22 -0
- package/lib/esm/api-keys/api-keys.js.map +1 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.d.ts +30 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.js +1 -0
- package/lib/esm/api-keys/interfaces/api-key.interface.js.map +1 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.d.ts +13 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.js +1 -0
- package/lib/esm/api-keys/interfaces/validate-api-key.interface.js.map +1 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.d.ts +5 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.js +20 -0
- package/lib/esm/api-keys/serializers/api-key.serializer.js.map +1 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.d.ts +6 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.js +13 -0
- package/lib/esm/api-keys/serializers/validate-api-key.serializer.js.map +1 -0
- package/lib/esm/audit-logs/audit-logs.d.ts +11 -9
- package/lib/esm/client/sso.js +1 -1
- package/lib/esm/client/sso.js.map +1 -1
- package/lib/esm/client/user-management.js +1 -1
- package/lib/esm/client/user-management.js.map +1 -1
- package/lib/esm/common/exceptions/unprocessable-entity.exception.js +1 -2
- package/lib/esm/common/exceptions/unprocessable-entity.exception.js.map +1 -1
- package/lib/esm/common/net/fetch-client.js +4 -4
- package/lib/esm/common/net/fetch-client.js.map +1 -1
- package/lib/esm/common/net/http-client.d.ts +1 -0
- package/lib/esm/common/net/http-client.js +4 -1
- package/lib/esm/common/net/http-client.js.map +1 -1
- package/lib/esm/common/utils/fetch-and-deserialize.d.ts +9 -7
- package/lib/esm/common/utils/leb128.d.ts +24 -0
- package/lib/esm/common/utils/leb128.js +77 -0
- package/lib/esm/common/utils/leb128.js.map +1 -0
- package/lib/esm/common/utils/query-string.d.ts +11 -0
- package/lib/esm/common/utils/query-string.js +43 -0
- package/lib/esm/common/utils/query-string.js.map +1 -0
- package/lib/esm/directory-sync/directory-sync.d.ts +3 -1
- package/lib/esm/events/events.d.ts +10 -8
- package/lib/esm/fga/fga.d.ts +9 -7
- package/lib/esm/fga/utils/fetch-and-deserialize-list.d.ts +10 -8
- package/lib/esm/index.d.ts +3 -1
- package/lib/esm/index.worker.d.ts +3 -1
- package/lib/esm/mfa/mfa.d.ts +11 -9
- package/lib/esm/organization-domains/organization-domains.d.ts +11 -9
- package/lib/esm/organizations/organizations.d.ts +8 -6
- package/lib/esm/passwordless/passwordless.d.ts +11 -9
- package/lib/esm/portal/portal.d.ts +11 -9
- package/lib/esm/sso/sso.d.ts +8 -6
- package/lib/esm/user-management/session.d.ts +11 -9
- package/lib/esm/user-management/session.js +7 -5
- package/lib/esm/user-management/session.js.map +1 -1
- package/lib/esm/user-management/user-management.d.ts +8 -6
- package/lib/esm/user-management/user-management.js +11 -5
- package/lib/esm/user-management/user-management.js.map +1 -1
- package/lib/esm/utils/jose.d.ts +17 -0
- package/lib/esm/utils/jose.js +11 -0
- package/lib/esm/utils/jose.js.map +1 -0
- package/lib/esm/vault/vault.d.ts +9 -7
- package/lib/esm/vault/vault.js +1 -1
- package/lib/esm/vault/vault.js.map +1 -1
- package/lib/esm/widgets/interfaces/get-token.d.ts +1 -1
- package/lib/esm/widgets/interfaces/get-token.js.map +1 -1
- package/lib/esm/widgets/widgets.d.ts +11 -9
- package/lib/esm/{workos-e5MfmByv.d.ts → workos-DLj13cxf.d.ts} +18 -11
- package/lib/esm/workos.d.ts +11 -9
- package/lib/esm/workos.js +3 -1
- package/lib/esm/workos.js.map +1 -1
- package/package.json +7 -7
- package/lib/cjs/client/utils.cjs.map +0 -1
- package/lib/cjs/client/utils.d.cts +0 -7
- package/lib/esm/client/utils.d.ts +0 -7
- package/lib/esm/client/utils.js +0 -16
- package/lib/esm/client/utils.js.map +0 -1
package/lib/cjs/mfa/mfa.d.cts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { M as Mfa } from '../workos-
|
|
1
|
+
export { M as Mfa } from '../workos-X1cDErJB.cjs';
|
|
2
2
|
import './interfaces/challenge-factor-options.cjs';
|
|
3
3
|
import './interfaces/challenge.interface.cjs';
|
|
4
4
|
import './interfaces/enroll-factor-options.cjs';
|
|
@@ -10,12 +10,18 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
10
10
|
import '../common/interfaces/put-options.interface.cjs';
|
|
11
11
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
12
12
|
import '../common/interfaces/app-info.interface.cjs';
|
|
13
|
-
import '../
|
|
14
|
-
import '../common/interfaces/
|
|
13
|
+
import '../common/utils/pagination.cjs';
|
|
14
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
15
|
+
import '../common/interfaces/list.interface.cjs';
|
|
15
16
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
16
17
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
18
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
19
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
20
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
17
21
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
18
22
|
import '../roles/interfaces/role.interface.cjs';
|
|
23
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
24
|
+
import '../common/interfaces/event.interface.cjs';
|
|
19
25
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
20
26
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
21
27
|
import '../sso/interfaces/connection.interface.cjs';
|
|
@@ -30,9 +36,6 @@ import '../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
30
36
|
import '../user-management/interfaces/password-reset.interface.cjs';
|
|
31
37
|
import '../user-management/interfaces/session.interface.cjs';
|
|
32
38
|
import '../user-management/interfaces/impersonator.interface.cjs';
|
|
33
|
-
import '../common/interfaces/list.interface.cjs';
|
|
34
|
-
import '../common/utils/pagination.cjs';
|
|
35
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
36
39
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
37
40
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
38
41
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -122,7 +125,6 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
122
125
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
123
126
|
import '../vault/interfaces/object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
125
|
-
import '../
|
|
126
|
-
import '../
|
|
127
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
128
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
128
130
|
import './interfaces/sms.interface.cjs';
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { a as OrganizationDomains } from '../workos-
|
|
1
|
+
export { a as OrganizationDomains } from '../workos-X1cDErJB.cjs';
|
|
2
2
|
import './interfaces/create-organization-domain-options.interface.cjs';
|
|
3
3
|
import './interfaces/organization-domain.interface.cjs';
|
|
4
4
|
import '../common/interfaces/get-options.interface.cjs';
|
|
@@ -6,12 +6,18 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
6
6
|
import '../common/interfaces/put-options.interface.cjs';
|
|
7
7
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
8
8
|
import '../common/interfaces/app-info.interface.cjs';
|
|
9
|
-
import '../
|
|
10
|
-
import '../common/interfaces/
|
|
9
|
+
import '../common/utils/pagination.cjs';
|
|
10
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
11
|
+
import '../common/interfaces/list.interface.cjs';
|
|
11
12
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
12
13
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
14
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
15
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
16
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
13
17
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
14
18
|
import '../roles/interfaces/role.interface.cjs';
|
|
19
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
20
|
+
import '../common/interfaces/event.interface.cjs';
|
|
15
21
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
16
22
|
import '../sso/interfaces/connection.interface.cjs';
|
|
17
23
|
import '../sso/interfaces/connection-type.enum.cjs';
|
|
@@ -25,9 +31,6 @@ import '../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
25
31
|
import '../user-management/interfaces/password-reset.interface.cjs';
|
|
26
32
|
import '../user-management/interfaces/session.interface.cjs';
|
|
27
33
|
import '../user-management/interfaces/impersonator.interface.cjs';
|
|
28
|
-
import '../common/interfaces/list.interface.cjs';
|
|
29
|
-
import '../common/utils/pagination.cjs';
|
|
30
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
31
34
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
32
35
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
33
36
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import '../common/utils/pagination.cjs';
|
|
2
|
-
export { O as Organizations } from '../workos-
|
|
2
|
+
export { O as Organizations } from '../workos-X1cDErJB.cjs';
|
|
3
3
|
import './interfaces/create-organization-options.interface.cjs';
|
|
4
4
|
import './interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
5
5
|
import './interfaces/list-organizations-options.interface.cjs';
|
|
@@ -15,11 +15,14 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
15
15
|
import '../common/interfaces/put-options.interface.cjs';
|
|
16
16
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
17
17
|
import '../common/interfaces/app-info.interface.cjs';
|
|
18
|
-
import '../events/interfaces/list-events-options.interface.cjs';
|
|
19
|
-
import '../common/interfaces/event.interface.cjs';
|
|
20
18
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
21
19
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
20
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
21
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
22
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
22
23
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
24
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
25
|
+
import '../common/interfaces/event.interface.cjs';
|
|
23
26
|
import '../sso/interfaces/connection.interface.cjs';
|
|
24
27
|
import '../sso/interfaces/connection-type.enum.cjs';
|
|
25
28
|
import '../user-management/interfaces/user.interface.cjs';
|
|
@@ -122,7 +125,6 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
122
125
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
123
126
|
import '../vault/interfaces/object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
125
|
-
import '../
|
|
126
|
-
import '../
|
|
127
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
128
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
128
130
|
import './interfaces/domain-data.interface.cjs';
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { P as Passwordless } from '../workos-
|
|
1
|
+
export { P as Passwordless } from '../workos-X1cDErJB.cjs';
|
|
2
2
|
import './interfaces/passwordless-session.interface.cjs';
|
|
3
3
|
import './interfaces/create-passwordless-session-options.interface.cjs';
|
|
4
4
|
import './interfaces/send-session-response.interface.cjs';
|
|
@@ -7,12 +7,18 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
7
7
|
import '../common/interfaces/put-options.interface.cjs';
|
|
8
8
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
9
9
|
import '../common/interfaces/app-info.interface.cjs';
|
|
10
|
-
import '../
|
|
11
|
-
import '../common/interfaces/
|
|
10
|
+
import '../common/utils/pagination.cjs';
|
|
11
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
12
|
+
import '../common/interfaces/list.interface.cjs';
|
|
12
13
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
13
14
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
15
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
16
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
17
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
14
18
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
15
19
|
import '../roles/interfaces/role.interface.cjs';
|
|
20
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
21
|
+
import '../common/interfaces/event.interface.cjs';
|
|
16
22
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
17
23
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
18
24
|
import '../sso/interfaces/connection.interface.cjs';
|
|
@@ -27,9 +33,6 @@ import '../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
27
33
|
import '../user-management/interfaces/password-reset.interface.cjs';
|
|
28
34
|
import '../user-management/interfaces/session.interface.cjs';
|
|
29
35
|
import '../user-management/interfaces/impersonator.interface.cjs';
|
|
30
|
-
import '../common/interfaces/list.interface.cjs';
|
|
31
|
-
import '../common/utils/pagination.cjs';
|
|
32
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
33
36
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
34
37
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
35
38
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
@@ -1,16 +1,22 @@
|
|
|
1
|
-
export { b as Portal } from '../workos-
|
|
1
|
+
export { b as Portal } from '../workos-X1cDErJB.cjs';
|
|
2
2
|
import './interfaces/generate-portal-link-intent.interface.cjs';
|
|
3
3
|
import '../common/interfaces/get-options.interface.cjs';
|
|
4
4
|
import '../common/interfaces/post-options.interface.cjs';
|
|
5
5
|
import '../common/interfaces/put-options.interface.cjs';
|
|
6
6
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
7
7
|
import '../common/interfaces/app-info.interface.cjs';
|
|
8
|
-
import '../
|
|
9
|
-
import '../common/interfaces/
|
|
8
|
+
import '../common/utils/pagination.cjs';
|
|
9
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
10
|
+
import '../common/interfaces/list.interface.cjs';
|
|
10
11
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
11
12
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
13
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
14
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
15
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
12
16
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
13
17
|
import '../roles/interfaces/role.interface.cjs';
|
|
18
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
19
|
+
import '../common/interfaces/event.interface.cjs';
|
|
14
20
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
15
21
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
16
22
|
import '../sso/interfaces/connection.interface.cjs';
|
|
@@ -25,9 +31,6 @@ import '../user-management/interfaces/magic-auth.interface.cjs';
|
|
|
25
31
|
import '../user-management/interfaces/password-reset.interface.cjs';
|
|
26
32
|
import '../user-management/interfaces/session.interface.cjs';
|
|
27
33
|
import '../user-management/interfaces/impersonator.interface.cjs';
|
|
28
|
-
import '../common/interfaces/list.interface.cjs';
|
|
29
|
-
import '../common/utils/pagination.cjs';
|
|
30
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
31
34
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
32
35
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
33
36
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
package/lib/cjs/sso/sso.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import '../common/interfaces/unknown-record.interface.cjs';
|
|
2
2
|
import '../common/utils/pagination.cjs';
|
|
3
|
-
export { S as SSO } from '../workos-
|
|
3
|
+
export { S as SSO } from '../workos-X1cDErJB.cjs';
|
|
4
4
|
import './interfaces/authorization-url-options.interface.cjs';
|
|
5
5
|
import './interfaces/connection.interface.cjs';
|
|
6
6
|
import './interfaces/get-profile-options.interface.cjs';
|
|
@@ -15,12 +15,15 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
15
15
|
import '../common/interfaces/put-options.interface.cjs';
|
|
16
16
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
17
17
|
import '../common/interfaces/app-info.interface.cjs';
|
|
18
|
-
import '../events/interfaces/list-events-options.interface.cjs';
|
|
19
|
-
import '../common/interfaces/event.interface.cjs';
|
|
20
18
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
21
19
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
20
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
21
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
22
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
22
23
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
23
24
|
import '../roles/interfaces/role.interface.cjs';
|
|
25
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
26
|
+
import '../common/interfaces/event.interface.cjs';
|
|
24
27
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
25
28
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
26
29
|
import '../user-management/interfaces/user.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
@@ -22,15 +22,14 @@ __export(session_exports, {
|
|
|
22
22
|
CookieSession: () => CookieSession
|
|
23
23
|
});
|
|
24
24
|
module.exports = __toCommonJS(session_exports);
|
|
25
|
-
var import_jose = require("jose");
|
|
26
25
|
var import_oauth = require('../common/exceptions/oauth.exception.cjs');
|
|
27
26
|
var import_interfaces = require('./interfaces/index.cjs');
|
|
28
27
|
var import_iron_session = require("iron-session");
|
|
28
|
+
var import_jose = require('../utils/jose.cjs');
|
|
29
29
|
class CookieSession {
|
|
30
30
|
static {
|
|
31
31
|
__name(this, "CookieSession");
|
|
32
32
|
}
|
|
33
|
-
jwks;
|
|
34
33
|
userManagement;
|
|
35
34
|
cookiePassword;
|
|
36
35
|
sessionData;
|
|
@@ -41,7 +40,6 @@ class CookieSession {
|
|
|
41
40
|
this.userManagement = userManagement;
|
|
42
41
|
this.cookiePassword = cookiePassword;
|
|
43
42
|
this.sessionData = sessionData;
|
|
44
|
-
this.jwks = this.userManagement.jwks;
|
|
45
43
|
}
|
|
46
44
|
/**
|
|
47
45
|
* Authenticates a user with a session cookie.
|
|
@@ -78,6 +76,7 @@ class CookieSession {
|
|
|
78
76
|
reason: import_interfaces.AuthenticateWithSessionCookieFailureReason.INVALID_JWT
|
|
79
77
|
};
|
|
80
78
|
}
|
|
79
|
+
const { decodeJwt } = await (0, import_jose.getJose)();
|
|
81
80
|
const {
|
|
82
81
|
sid: sessionId,
|
|
83
82
|
org_id: organizationId,
|
|
@@ -86,7 +85,7 @@ class CookieSession {
|
|
|
86
85
|
permissions,
|
|
87
86
|
entitlements,
|
|
88
87
|
feature_flags: featureFlags
|
|
89
|
-
} =
|
|
88
|
+
} = decodeJwt(session.accessToken);
|
|
90
89
|
return {
|
|
91
90
|
authenticated: true,
|
|
92
91
|
sessionId,
|
|
@@ -110,6 +109,7 @@ class CookieSession {
|
|
|
110
109
|
* @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.
|
|
111
110
|
*/
|
|
112
111
|
async refresh(options = {}) {
|
|
112
|
+
const { decodeJwt } = await (0, import_jose.getJose)();
|
|
113
113
|
const session = await (0, import_iron_session.unsealData)(this.sessionData, {
|
|
114
114
|
password: this.cookiePassword
|
|
115
115
|
});
|
|
@@ -119,7 +119,7 @@ class CookieSession {
|
|
|
119
119
|
reason: import_interfaces.RefreshSessionFailureReason.INVALID_SESSION_COOKIE
|
|
120
120
|
};
|
|
121
121
|
}
|
|
122
|
-
const { org_id: organizationIdFromAccessToken } =
|
|
122
|
+
const { org_id: organizationIdFromAccessToken } = decodeJwt(
|
|
123
123
|
session.accessToken
|
|
124
124
|
);
|
|
125
125
|
try {
|
|
@@ -146,7 +146,7 @@ class CookieSession {
|
|
|
146
146
|
permissions,
|
|
147
147
|
entitlements,
|
|
148
148
|
feature_flags: featureFlags
|
|
149
|
-
} =
|
|
149
|
+
} = decodeJwt(authenticationResponse.accessToken);
|
|
150
150
|
return {
|
|
151
151
|
authenticated: true,
|
|
152
152
|
sealedSession: authenticationResponse.sealedSession,
|
|
@@ -191,13 +191,15 @@ class CookieSession {
|
|
|
191
191
|
});
|
|
192
192
|
}
|
|
193
193
|
async isValidJwt(accessToken) {
|
|
194
|
-
|
|
194
|
+
const { jwtVerify } = await (0, import_jose.getJose)();
|
|
195
|
+
const jwks = await this.userManagement.getJWKS();
|
|
196
|
+
if (!jwks) {
|
|
195
197
|
throw new Error(
|
|
196
198
|
"Missing client ID. Did you provide it when initializing WorkOS?"
|
|
197
199
|
);
|
|
198
200
|
}
|
|
199
201
|
try {
|
|
200
|
-
await
|
|
202
|
+
await jwtVerify(accessToken, jwks);
|
|
201
203
|
return true;
|
|
202
204
|
} catch (e) {
|
|
203
205
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/user-management/session.ts"],"sourcesContent":["import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';\nimport { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private jwks: ReturnType<typeof createRemoteJWKSet> | undefined;\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n\n this.jwks = this.userManagement.jwks;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n if (!this.jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, this.jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAAyD;AACzD,mBAA+B;AAC/B,wBASO;AAEP,0BAA2B;AAOpB,MAAM,cAAc;AAAA,EApB3B,OAoB2B;AAAA;AAAA;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,gBACA,aACA,gBACA;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAEA,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AAEnB,SAAK,OAAO,KAAK,eAAe;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAGJ;AACA,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI;AAEJ,QAAI;AACF,gBAAU,UAAM,gCAA8B,KAAK,aAAa;AAAA,QAC9D,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,6DAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,QAAI,uBAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,UAA0B,CAAC,GAAoC;AAC3E,UAAM,UAAU,UAAM,gCAA8B,KAAK,aAAa;AAAA,MACpE,UAAU,KAAK;AAAA,IACjB,CAAC;AAED,QAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,MAAM;AAC1C,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,8CAA4B;AAAA,MACtC;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,8BAA8B,QAAI;AAAA,MAChD,QAAQ;AAAA,IACV;AAEA,QAAI;AACF,YAAM,iBAAiB,QAAQ,kBAAkB,KAAK;AAEtD,YAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;AAAA,QACrD,UAAU,KAAK,eAAe;AAAA,QAC9B,cAAc,QAAQ;AAAA,QACtB,gBACE,QAAQ,kBAAkB;AAAA,QAC5B,SAAS;AAAA;AAAA,UAEP,aAAa;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AAGH,UAAI,QAAQ,gBAAgB;AAC1B,aAAK,iBAAiB,QAAQ;AAAA,MAChC;AAEA,WAAK,cAAc,uBAAuB;AAE1C,YAAM;AAAA,QACJ,KAAK;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,MACjB,QAAI,uBAAuB,uBAAuB,WAAW;AAI7D,aAAO;AAAA,QACL,eAAe;AAAA,QACf,eAAe,uBAAuB;AAAA,QACtC,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,OAAO;AACd,UACE,iBAAiB;AAAA,OAEhB,MAAM,UAAU,8CAA4B,iBAC3C,MAAM,UAAU,8CAA4B,kBAC5C,MAAM,UAAU,8CAA4B,eAC9C;AACA,eAAO;AAAA,UACL,eAAe;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB;AAAA,MACF;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa;AAAA,IACjB;AAAA,EACF,IAA2B,CAAC,GAAoB;AAC9C,UAAM,yBAAyB,MAAM,KAAK,aAAa;AAEvD,QAAI,CAAC,uBAAuB,eAAe;AACzC,YAAM,EAAE,OAAO,IAAI;AACnB,YAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,IAC1E;AAEA,WAAO,KAAK,eAAe,aAAa;AAAA,MACtC,WAAW,uBAAuB;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,gBAAM,uBAAU,aAAa,KAAK,IAAI;AACtC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAA+B;AAC/B,wBASO;AAEP,0BAA2B;AAC3B,kBAAwB;AAOjB,MAAM,cAAc;AAAA,EApB3B,OAoB2B;AAAA;AAAA;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,gBACA,aACA,gBACA;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAEA,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAGJ;AACA,QAAI,CAAC,KAAK,aAAa;AACrB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI;AAEJ,QAAI;AACF,gBAAU,UAAM,gCAA8B,KAAK,aAAa;AAAA,QAC9D,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAC,QAAQ,aAAa;AACxB,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QACE,6DAA2C;AAAA,MAC/C;AAAA,IACF;AAEA,QAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,WAAW,GAAI;AACjD,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,6DAA2C;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,EAAE,UAAU,IAAI,UAAM,qBAAQ;AAEpC,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACjB,IAAI,UAAuB,QAAQ,WAAW;AAE9C,WAAO;AAAA,MACL,eAAe;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,aAAa,QAAQ;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,UAA0B,CAAC,GAAoC;AAC3E,UAAM,EAAE,UAAU,IAAI,UAAM,qBAAQ;AACpC,UAAM,UAAU,UAAM,gCAA8B,KAAK,aAAa;AAAA,MACpE,UAAU,KAAK;AAAA,IACjB,CAAC;AAED,QAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,MAAM;AAC1C,aAAO;AAAA,QACL,eAAe;AAAA,QACf,QAAQ,8CAA4B;AAAA,MACtC;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,8BAA8B,IAAI;AAAA,MAChD,QAAQ;AAAA,IACV;AAEA,QAAI;AACF,YAAM,iBAAiB,QAAQ,kBAAkB,KAAK;AAEtD,YAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;AAAA,QACrD,UAAU,KAAK,eAAe;AAAA,QAC9B,cAAc,QAAQ;AAAA,QACtB,gBACE,QAAQ,kBAAkB;AAAA,QAC5B,SAAS;AAAA;AAAA,UAEP,aAAa;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AAGH,UAAI,QAAQ,gBAAgB;AAC1B,aAAK,iBAAiB,QAAQ;AAAA,MAChC;AAEA,WAAK,cAAc,uBAAuB;AAE1C,YAAM;AAAA,QACJ,KAAK;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,MACjB,IAAI,UAAuB,uBAAuB,WAAW;AAI7D,aAAO;AAAA,QACL,eAAe;AAAA,QACf,eAAe,uBAAuB;AAAA,QACtC,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,OAAO;AACd,UACE,iBAAiB;AAAA,OAEhB,MAAM,UAAU,8CAA4B,iBAC3C,MAAM,UAAU,8CAA4B,kBAC5C,MAAM,UAAU,8CAA4B,eAC9C;AACA,eAAO;AAAA,UACL,eAAe;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB;AAAA,MACF;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa;AAAA,IACjB;AAAA,EACF,IAA2B,CAAC,GAAoB;AAC9C,UAAM,yBAAyB,MAAM,KAAK,aAAa;AAEvD,QAAI,CAAC,uBAAuB,eAAe;AACzC,YAAM,EAAE,OAAO,IAAI;AACnB,YAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,IAC1E;AAEA,WAAO,KAAK,eAAe,aAAa;AAAA,MACtC,WAAW,uBAAuB;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,aAAuC;AAC9D,UAAM,EAAE,UAAU,IAAI,UAAM,qBAAQ;AACpC,UAAM,OAAO,MAAM,KAAK,eAAe,QAAQ;AAC/C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,YAAM,UAAU,aAAa,IAAI;AACjC,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import './interfaces/authenticate-with-session-cookie.interface.cjs';
|
|
2
2
|
import './interfaces/refresh-and-seal-session-data.interface.cjs';
|
|
3
|
-
export { C as CookieSession } from '../workos-
|
|
3
|
+
export { C as CookieSession } from '../workos-X1cDErJB.cjs';
|
|
4
4
|
import './interfaces/authentication-response.interface.cjs';
|
|
5
5
|
import './interfaces/impersonator.interface.cjs';
|
|
6
6
|
import './interfaces/oauth-tokens.interface.cjs';
|
|
@@ -10,12 +10,18 @@ import '../common/interfaces/post-options.interface.cjs';
|
|
|
10
10
|
import '../common/interfaces/put-options.interface.cjs';
|
|
11
11
|
import '../common/interfaces/workos-options.interface.cjs';
|
|
12
12
|
import '../common/interfaces/app-info.interface.cjs';
|
|
13
|
-
import '../
|
|
14
|
-
import '../common/interfaces/
|
|
13
|
+
import '../common/utils/pagination.cjs';
|
|
14
|
+
import '../common/interfaces/pagination-options.interface.cjs';
|
|
15
|
+
import '../common/interfaces/list.interface.cjs';
|
|
15
16
|
import '../directory-sync/interfaces/directory.interface.cjs';
|
|
16
17
|
import '../directory-sync/interfaces/directory-group.interface.cjs';
|
|
18
|
+
import '../directory-sync/interfaces/list-directories-options.interface.cjs';
|
|
19
|
+
import '../directory-sync/interfaces/list-groups-options.interface.cjs';
|
|
20
|
+
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
17
21
|
import '../directory-sync/interfaces/directory-user.interface.cjs';
|
|
18
22
|
import '../roles/interfaces/role.interface.cjs';
|
|
23
|
+
import '../events/interfaces/list-events-options.interface.cjs';
|
|
24
|
+
import '../common/interfaces/event.interface.cjs';
|
|
19
25
|
import '../organizations/interfaces/organization.interface.cjs';
|
|
20
26
|
import '../organization-domains/interfaces/organization-domain.interface.cjs';
|
|
21
27
|
import '../sso/interfaces/connection.interface.cjs';
|
|
@@ -28,9 +34,6 @@ import './interfaces/organization-membership.interface.cjs';
|
|
|
28
34
|
import './interfaces/magic-auth.interface.cjs';
|
|
29
35
|
import './interfaces/password-reset.interface.cjs';
|
|
30
36
|
import './interfaces/session.interface.cjs';
|
|
31
|
-
import '../common/interfaces/list.interface.cjs';
|
|
32
|
-
import '../common/utils/pagination.cjs';
|
|
33
|
-
import '../common/interfaces/pagination-options.interface.cjs';
|
|
34
37
|
import '../organizations/interfaces/create-organization-options.interface.cjs';
|
|
35
38
|
import '../organizations/interfaces/domain-data.interface.cjs';
|
|
36
39
|
import '../organizations/interfaces/list-organization-feature-flags-options.interface.cjs';
|
|
@@ -123,6 +126,5 @@ import '../vault/interfaces/object/delete-object.interface.cjs';
|
|
|
123
126
|
import '../vault/interfaces/object/read-object.interface.cjs';
|
|
124
127
|
import '../vault/interfaces/object.interface.cjs';
|
|
125
128
|
import '../vault/interfaces/object/update-object.interface.cjs';
|
|
126
|
-
import '../
|
|
127
|
-
import '../
|
|
128
|
-
import '../directory-sync/interfaces/list-directory-users-options.interface.cjs';
|
|
129
|
+
import '../api-keys/interfaces/validate-api-key.interface.cjs';
|
|
130
|
+
import '../api-keys/interfaces/api-key.interface.cjs';
|
|
@@ -33,7 +33,6 @@ __export(user_management_exports, {
|
|
|
33
33
|
});
|
|
34
34
|
module.exports = __toCommonJS(user_management_exports);
|
|
35
35
|
var import_iron_session = require("iron-session");
|
|
36
|
-
var import_jose = require("jose");
|
|
37
36
|
var clientUserManagement = __toESM(require('../client/user-management.cjs'), 1);
|
|
38
37
|
var import_fetch_and_deserialize = require('../common/utils/fetch-and-deserialize.cjs');
|
|
39
38
|
var import_pagination = require('../common/utils/pagination.cjs');
|
|
@@ -56,6 +55,7 @@ var import_organization_membership2 = require('./serializers/organization-member
|
|
|
56
55
|
var import_send_invitation_options2 = require('./serializers/send-invitation-options.serializer.cjs');
|
|
57
56
|
var import_update_organization_membership_options2 = require('./serializers/update-organization-membership-options.serializer.cjs');
|
|
58
57
|
var import_session = require('./session.cjs');
|
|
58
|
+
var import_jose = require('../utils/jose.cjs');
|
|
59
59
|
class UserManagement {
|
|
60
60
|
constructor(workos) {
|
|
61
61
|
this.workos = workos;
|
|
@@ -67,11 +67,12 @@ class UserManagement {
|
|
|
67
67
|
}
|
|
68
68
|
_jwks;
|
|
69
69
|
clientId;
|
|
70
|
-
|
|
70
|
+
async getJWKS() {
|
|
71
|
+
const { createRemoteJWKSet } = await (0, import_jose.getJose)();
|
|
71
72
|
if (!this.clientId) {
|
|
72
73
|
return;
|
|
73
74
|
}
|
|
74
|
-
this._jwks ??=
|
|
75
|
+
this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {
|
|
75
76
|
cooldownDuration: 1e3 * 60 * 5
|
|
76
77
|
});
|
|
77
78
|
return this._jwks;
|
|
@@ -236,9 +237,11 @@ class UserManagement {
|
|
|
236
237
|
if (!cookiePassword) {
|
|
237
238
|
throw new Error("Cookie password is required");
|
|
238
239
|
}
|
|
239
|
-
|
|
240
|
+
const jwks = await this.getJWKS();
|
|
241
|
+
if (!jwks) {
|
|
240
242
|
throw new Error("Must provide clientId to initialize JWKS");
|
|
241
243
|
}
|
|
244
|
+
const { decodeJwt } = await (0, import_jose.getJose)();
|
|
242
245
|
if (!sessionData) {
|
|
243
246
|
return {
|
|
244
247
|
authenticated: false,
|
|
@@ -268,7 +271,7 @@ class UserManagement {
|
|
|
268
271
|
permissions,
|
|
269
272
|
entitlements,
|
|
270
273
|
feature_flags: featureFlags
|
|
271
|
-
} =
|
|
274
|
+
} = decodeJwt(session.accessToken);
|
|
272
275
|
return {
|
|
273
276
|
authenticated: true,
|
|
274
277
|
sessionId,
|
|
@@ -283,11 +286,13 @@ class UserManagement {
|
|
|
283
286
|
};
|
|
284
287
|
}
|
|
285
288
|
async isValidJwt(accessToken) {
|
|
286
|
-
|
|
289
|
+
const jwks = await this.getJWKS();
|
|
290
|
+
const { jwtVerify } = await (0, import_jose.getJose)();
|
|
291
|
+
if (!jwks) {
|
|
287
292
|
throw new Error("Must provide clientId to initialize JWKS");
|
|
288
293
|
}
|
|
289
294
|
try {
|
|
290
|
-
await
|
|
295
|
+
await jwtVerify(accessToken, jwks);
|
|
291
296
|
return true;
|
|
292
297
|
} catch (e) {
|
|
293
298
|
return false;
|
|
@@ -315,7 +320,8 @@ class UserManagement {
|
|
|
315
320
|
if (!cookiePassword) {
|
|
316
321
|
throw new Error("Cookie password is required");
|
|
317
322
|
}
|
|
318
|
-
const {
|
|
323
|
+
const { decodeJwt } = await (0, import_jose.getJose)();
|
|
324
|
+
const { org_id: organizationIdFromAccessToken } = decodeJwt(
|
|
319
325
|
authenticationResponse.accessToken
|
|
320
326
|
);
|
|
321
327
|
const sessionData = {
|