@workos-inc/node 8.0.0-rc.4 → 8.0.0-rc.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/lib/common/crypto/seal.cjs +44 -0
  2. package/lib/common/crypto/seal.cjs.map +1 -0
  3. package/lib/common/crypto/seal.d.cts +16 -0
  4. package/lib/common/crypto/seal.d.ts +16 -0
  5. package/lib/common/crypto/seal.js +43 -0
  6. package/lib/common/crypto/seal.js.map +1 -0
  7. package/lib/user-management/session.cjs +3 -3
  8. package/lib/user-management/session.cjs.map +1 -1
  9. package/lib/user-management/session.js +1 -1
  10. package/lib/user-management/session.js.map +1 -1
  11. package/lib/user-management/user-management.cjs +4 -4
  12. package/lib/user-management/user-management.cjs.map +1 -1
  13. package/lib/user-management/user-management.js +1 -1
  14. package/lib/user-management/user-management.js.map +1 -1
  15. package/lib/workos.cjs +1 -1
  16. package/lib/workos.cjs.map +1 -1
  17. package/lib/workos.js +1 -1
  18. package/lib/workos.js.map +1 -1
  19. package/package.json +4 -4
package/lib/common/crypto/seal.cjs ADDED
@@ -0,0 +1,44 @@
1
+ let iron_webcrypto = require("iron-webcrypto");
2
+
3
+ //#region src/common/crypto/seal.ts
4
+ const VERSION_DELIMITER = "~";
5
+ const CURRENT_MAJOR_VERSION = 2;
6
+ function parseSeal(seal) {
7
+ const [sealWithoutVersion = "", tokenVersionAsString] = seal.split(VERSION_DELIMITER);
8
+ return {
9
+ sealWithoutVersion,
10
+ tokenVersion: tokenVersionAsString == null ? null : parseInt(tokenVersionAsString, 10)
11
+ };
12
+ }
13
+ async function sealData(data, { password }) {
14
+ return `${await (0, iron_webcrypto.seal)(data, {
15
+ id: "1",
16
+ secret: password
17
+ }, {
18
+ ...iron_webcrypto.defaults,
19
+ ttl: 0,
20
+ encode: JSON.stringify
21
+ })}${VERSION_DELIMITER}${CURRENT_MAJOR_VERSION}`;
22
+ }
23
+ async function unsealData(encryptedData, { password }) {
24
+ const { sealWithoutVersion, tokenVersion } = parseSeal(encryptedData);
25
+ const passwordMap = { 1: password };
26
+ let data;
27
+ try {
28
+ data = await (0, iron_webcrypto.unseal)(sealWithoutVersion, passwordMap, {
29
+ ...iron_webcrypto.defaults,
30
+ ttl: 0
31
+ }) ?? {};
32
+ } catch (error) {
33
+ if (error instanceof Error && /^(Expired seal|Bad hmac value|Cannot find password|Incorrect number of sealed components|Wrong mac prefix)/.test(error.message)) return {};
34
+ throw error;
35
+ }
36
+ if (tokenVersion === 2) return data;
37
+ else if (tokenVersion !== null) return data.persistent ?? data;
38
+ return data;
39
+ }
40
+
41
+ //#endregion
42
+ exports.sealData = sealData;
43
+ exports.unsealData = unsealData;
44
+ //# sourceMappingURL=seal.cjs.map
package/lib/common/crypto/seal.cjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"seal.cjs","names":["defaults","data: unknown"],"sources":["../../../src/common/crypto/seal.ts"],"sourcesContent":["import {\n seal as ironSeal,\n unseal as ironUnseal,\n defaults,\n} from 'iron-webcrypto';\n\nconst VERSION_DELIMITER = '~';\nconst CURRENT_MAJOR_VERSION = 2;\n\ninterface SealOptions {\n password: string;\n}\n\ninterface UnsealOptions {\n password: string;\n}\n\nfunction parseSeal(seal: string): {\n sealWithoutVersion: string;\n tokenVersion: number | null;\n} {\n const [sealWithoutVersion = '', tokenVersionAsString] =\n seal.split(VERSION_DELIMITER);\n const tokenVersion =\n tokenVersionAsString == null ? null : parseInt(tokenVersionAsString, 10);\n return { sealWithoutVersion, tokenVersion };\n}\n\nexport async function sealData(\n data: unknown,\n { password }: SealOptions,\n): Promise<string> {\n const passwordObj = {\n id: '1',\n secret: password,\n };\n\n const seal = await ironSeal(data, passwordObj, {\n ...defaults,\n ttl: 0,\n encode: JSON.stringify,\n });\n\n return `${seal}${VERSION_DELIMITER}${CURRENT_MAJOR_VERSION}`;\n}\n\nexport async function unsealData<T = unknown>(\n encryptedData: string,\n { password }: UnsealOptions,\n): Promise<T> {\n const { sealWithoutVersion, tokenVersion } = parseSeal(encryptedData);\n\n const passwordMap = { 1: password };\n\n let data: unknown;\n try {\n data =\n (await ironUnseal(sealWithoutVersion, passwordMap, {\n ...defaults,\n ttl: 0,\n })) ?? {};\n } catch (error) {\n if (\n error instanceof Error &&\n /^(Expired seal|Bad hmac value|Cannot find password|Incorrect number of sealed components|Wrong mac prefix)/.test(\n error.message,\n )\n ) {\n return {} as T;\n }\n throw error;\n }\n\n if (tokenVersion === 2) {\n return data as T;\n } else if (tokenVersion !== null) {\n const record = data as Record<string, unknown>;\n return (record.persistent ?? data) as T;\n }\n\n return data as T;\n}\n"],"mappings":";;;AAMA,MAAM,oBAAoB;AAC1B,MAAM,wBAAwB;AAU9B,SAAS,UAAU,MAGjB;CACA,MAAM,CAAC,qBAAqB,IAAI,wBAC9B,KAAK,MAAM,kBAAkB;AAG/B,QAAO;EAAE;EAAoB,cAD3B,wBAAwB,OAAO,OAAO,SAAS,sBAAsB,GAAG;EAC/B;;AAG7C,eAAsB,SACpB,MACA,EAAE,YACe;AAYjB,QAAO,GANM,+BAAe,MALR;EAClB,IAAI;EACJ,QAAQ;EACT,EAE8C;EAC7C,GAAGA;EACH,KAAK;EACL,QAAQ,KAAK;EACd,CAAC,GAEe,oBAAoB;;AAGvC,eAAsB,WACpB,eACA,EAAE,YACU;CACZ,MAAM,EAAE,oBAAoB,iBAAiB,UAAU,cAAc;CAErE,MAAM,cAAc,EAAE,GAAG,UAAU;CAEnC,IAAIC;AACJ,KAAI;AACF,SACG,iCAAiB,oBAAoB,aAAa;GACjD,GAAGD;GACH,KAAK;GACN,CAAC,IAAK,EAAE;UACJ,OAAO;AACd,MACE,iBAAiB,SACjB,6GAA6G,KAC3G,MAAM,QACP,CAED,QAAO,EAAE;AAEX,QAAM;;AAGR,KAAI,iBAAiB,EACnB,QAAO;UACE,iBAAiB,KAE1B,QADe,KACA,cAAc;AAG/B,QAAO"}
package/lib/common/crypto/seal.d.cts ADDED
@@ -0,0 +1,16 @@
1
+ //#region src/common/crypto/seal.d.ts
2
+ interface SealOptions {
3
+ password: string;
4
+ }
5
+ interface UnsealOptions {
6
+ password: string;
7
+ }
8
+ declare function sealData(data: unknown, {
9
+ password
10
+ }: SealOptions): Promise<string>;
11
+ declare function unsealData<T = unknown>(encryptedData: string, {
12
+ password
13
+ }: UnsealOptions): Promise<T>;
14
+ //#endregion
15
+ export { sealData, unsealData };
16
+ //# sourceMappingURL=seal.d.cts.map
package/lib/common/crypto/seal.d.ts ADDED
@@ -0,0 +1,16 @@
1
+ //#region src/common/crypto/seal.d.ts
2
+ interface SealOptions {
3
+ password: string;
4
+ }
5
+ interface UnsealOptions {
6
+ password: string;
7
+ }
8
+ declare function sealData(data: unknown, {
9
+ password
10
+ }: SealOptions): Promise<string>;
11
+ declare function unsealData<T = unknown>(encryptedData: string, {
12
+ password
13
+ }: UnsealOptions): Promise<T>;
14
+ //#endregion
15
+ export { sealData, unsealData };
16
+ //# sourceMappingURL=seal.d.ts.map
package/lib/common/crypto/seal.js ADDED
@@ -0,0 +1,43 @@
1
+ import { defaults, seal, unseal } from "iron-webcrypto";
2
+
3
+ //#region src/common/crypto/seal.ts
4
+ const VERSION_DELIMITER = "~";
5
+ const CURRENT_MAJOR_VERSION = 2;
6
+ function parseSeal(seal$1) {
7
+ const [sealWithoutVersion = "", tokenVersionAsString] = seal$1.split(VERSION_DELIMITER);
8
+ return {
9
+ sealWithoutVersion,
10
+ tokenVersion: tokenVersionAsString == null ? null : parseInt(tokenVersionAsString, 10)
11
+ };
12
+ }
13
+ async function sealData(data, { password }) {
14
+ return `${await seal(data, {
15
+ id: "1",
16
+ secret: password
17
+ }, {
18
+ ...defaults,
19
+ ttl: 0,
20
+ encode: JSON.stringify
21
+ })}${VERSION_DELIMITER}${CURRENT_MAJOR_VERSION}`;
22
+ }
23
+ async function unsealData(encryptedData, { password }) {
24
+ const { sealWithoutVersion, tokenVersion } = parseSeal(encryptedData);
25
+ const passwordMap = { 1: password };
26
+ let data;
27
+ try {
28
+ data = await unseal(sealWithoutVersion, passwordMap, {
29
+ ...defaults,
30
+ ttl: 0
31
+ }) ?? {};
32
+ } catch (error) {
33
+ if (error instanceof Error && /^(Expired seal|Bad hmac value|Cannot find password|Incorrect number of sealed components|Wrong mac prefix)/.test(error.message)) return {};
34
+ throw error;
35
+ }
36
+ if (tokenVersion === 2) return data;
37
+ else if (tokenVersion !== null) return data.persistent ?? data;
38
+ return data;
39
+ }
40
+
41
+ //#endregion
42
+ export { sealData, unsealData };
43
+ //# sourceMappingURL=seal.js.map
package/lib/common/crypto/seal.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"seal.js","names":["seal","ironSeal","data: unknown","ironUnseal"],"sources":["../../../src/common/crypto/seal.ts"],"sourcesContent":["import {\n seal as ironSeal,\n unseal as ironUnseal,\n defaults,\n} from 'iron-webcrypto';\n\nconst VERSION_DELIMITER = '~';\nconst CURRENT_MAJOR_VERSION = 2;\n\ninterface SealOptions {\n password: string;\n}\n\ninterface UnsealOptions {\n password: string;\n}\n\nfunction parseSeal(seal: string): {\n sealWithoutVersion: string;\n tokenVersion: number | null;\n} {\n const [sealWithoutVersion = '', tokenVersionAsString] =\n seal.split(VERSION_DELIMITER);\n const tokenVersion =\n tokenVersionAsString == null ? null : parseInt(tokenVersionAsString, 10);\n return { sealWithoutVersion, tokenVersion };\n}\n\nexport async function sealData(\n data: unknown,\n { password }: SealOptions,\n): Promise<string> {\n const passwordObj = {\n id: '1',\n secret: password,\n };\n\n const seal = await ironSeal(data, passwordObj, {\n ...defaults,\n ttl: 0,\n encode: JSON.stringify,\n });\n\n return `${seal}${VERSION_DELIMITER}${CURRENT_MAJOR_VERSION}`;\n}\n\nexport async function unsealData<T = unknown>(\n encryptedData: string,\n { password }: UnsealOptions,\n): Promise<T> {\n const { sealWithoutVersion, tokenVersion } = parseSeal(encryptedData);\n\n const passwordMap = { 1: password };\n\n let data: unknown;\n try {\n data =\n (await ironUnseal(sealWithoutVersion, passwordMap, {\n ...defaults,\n ttl: 0,\n })) ?? {};\n } catch (error) {\n if (\n error instanceof Error &&\n /^(Expired seal|Bad hmac value|Cannot find password|Incorrect number of sealed components|Wrong mac prefix)/.test(\n error.message,\n )\n ) {\n return {} as T;\n }\n throw error;\n }\n\n if (tokenVersion === 2) {\n return data as T;\n } else if (tokenVersion !== null) {\n const record = data as Record<string, unknown>;\n return (record.persistent ?? data) as T;\n }\n\n return data as T;\n}\n"],"mappings":";;;AAMA,MAAM,oBAAoB;AAC1B,MAAM,wBAAwB;AAU9B,SAAS,UAAU,QAGjB;CACA,MAAM,CAAC,qBAAqB,IAAI,wBAC9BA,OAAK,MAAM,kBAAkB;AAG/B,QAAO;EAAE;EAAoB,cAD3B,wBAAwB,OAAO,OAAO,SAAS,sBAAsB,GAAG;EAC/B;;AAG7C,eAAsB,SACpB,MACA,EAAE,YACe;AAYjB,QAAO,GANM,MAAMC,KAAS,MALR;EAClB,IAAI;EACJ,QAAQ;EACT,EAE8C;EAC7C,GAAG;EACH,KAAK;EACL,QAAQ,KAAK;EACd,CAAC,GAEe,oBAAoB;;AAGvC,eAAsB,WACpB,eACA,EAAE,YACU;CACZ,MAAM,EAAE,oBAAoB,iBAAiB,UAAU,cAAc;CAErE,MAAM,cAAc,EAAE,GAAG,UAAU;CAEnC,IAAIC;AACJ,KAAI;AACF,SACG,MAAMC,OAAW,oBAAoB,aAAa;GACjD,GAAG;GACH,KAAK;GACN,CAAC,IAAK,EAAE;UACJ,OAAO;AACd,MACE,iBAAiB,SACjB,6GAA6G,KAC3G,MAAM,QACP,CAED,QAAO,EAAE;AAEX,QAAM;;AAGR,KAAI,iBAAiB,EACnB,QAAO;UACE,iBAAiB,KAE1B,QADe,KACA,cAAc;AAG/B,QAAO"}
package/lib/user-management/session.cjs CHANGED
@@ -1,8 +1,8 @@
1
1
  const require_common_exceptions_oauth_exception = require('../common/exceptions/oauth.exception.cjs');
2
+ const require_common_crypto_seal = require('../common/crypto/seal.cjs');
2
3
  const require_user_management_interfaces_authenticate_with_session_cookie_interface = require('./interfaces/authenticate-with-session-cookie.interface.cjs');
3
4
  const require_user_management_interfaces_refresh_and_seal_session_data_interface = require('./interfaces/refresh-and-seal-session-data.interface.cjs');
4
5
  const require_utils_jose = require('../utils/jose.cjs');
5
- let iron_session = require("iron-session");
6
6
 
7
7
  //#region src/user-management/session.ts
8
8
  var CookieSession = class {
@@ -27,7 +27,7 @@ var CookieSession = class {
27
27
  };
28
28
  let session;
29
29
  try {
30
- session = await (0, iron_session.unsealData)(this.sessionData, { password: this.cookiePassword });
30
+ session = await require_common_crypto_seal.unsealData(this.sessionData, { password: this.cookiePassword });
31
31
  } catch (e) {
32
32
  return {
33
33
  authenticated: false,
@@ -68,7 +68,7 @@ var CookieSession = class {
68
68
  */
69
69
  async refresh(options = {}) {
70
70
  const { decodeJwt } = await require_utils_jose.getJose();
71
- const session = await (0, iron_session.unsealData)(this.sessionData, { password: this.cookiePassword });
71
+ const session = await require_common_crypto_seal.unsealData(this.sessionData, { password: this.cookiePassword });
72
72
  if (!session.refreshToken || !session.user) return {
73
73
  authenticated: false,
74
74
  reason: require_user_management_interfaces_refresh_and_seal_session_data_interface.RefreshSessionFailureReason.INVALID_SESSION_COOKIE
package/lib/user-management/session.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session.cjs","names":["AuthenticateWithSessionCookieFailureReason","session: SessionCookieData","getJose","RefreshSessionFailureReason","OauthException"],"sources":["../../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;;;;;;AAoBA,IAAa,gBAAb,MAA2B;CACzB,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,gBACA,aACA,gBACA;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,6BAA6B;AAG/C,OAAK,iBAAiB;AACtB,OAAK,iBAAiB;AACtB,OAAK,cAAc;;;;;;;CAQrB,MAAM,eAGJ;AACA,MAAI,CAAC,KAAK,YACR,QAAO;GACL,eAAe;GACf,QACEA,yHAA2C;GAC9C;EAGH,IAAIC;AAEJ,MAAI;AACF,aAAU,mCAAoC,KAAK,aAAa,EAC9D,UAAU,KAAK,gBAChB,CAAC;WACK,GAAG;AACV,UAAO;IACL,eAAe;IACf,QACED,yHAA2C;IAC9C;;AAGH,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACEA,yHAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQA,yHAA2C;GACpD;EAGH,MAAM,EAAE,cAAc,MAAME,4BAAS;EAErC,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd,cAAc,QAAQ;GACtB,aAAa,QAAQ;GACtB;;;;;;;;;;CAWH,MAAM,QAAQ,UAA0B,EAAE,EAAmC;EAC3E,MAAM,EAAE,cAAc,MAAMA,4BAAS;EACrC,MAAM,UAAU,mCAAoC,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,KACpC,QAAO;GACL,eAAe;GACf,QAAQC,uGAA4B;GACrC;EAGH,MAAM,EAAE,QAAQ,kCAAkC,UAChD,QAAQ,YACT;AAED,MAAI;GACF,MAAM,iBAAiB,QAAQ,kBAAkB,KAAK;GAEtD,MAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;IACrD,UAAU,KAAK,eAAe;IAC9B,cAAc,QAAQ;IACtB,gBACE,QAAQ,kBAAkB;IAC5B,SAAS;KAEP,aAAa;KACb;KACD;IACF,CAAC;AAGJ,OAAI,QAAQ,eACV,MAAK,iBAAiB,QAAQ;AAGhC,QAAK,cAAc,uBAAuB;GAE1C,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,uBAAuB,YAAY;AAI9D,UAAO;IACL,eAAe;IACf,eAAe,uBAAuB;IACtC,SAAS;IACT;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,QAAQ;IACd,cAAc,QAAQ;IACvB;WACM,OAAO;AACd,OACE,iBAAiBC,6DAEhB,MAAM,UAAUD,uGAA4B,iBAC3C,MAAM,UAAUA,uGAA4B,kBAC5C,MAAM,UAAUA,uGAA4B,cAE9C,QAAO;IACL,eAAe;IACf,QAAQ,MAAM;IACf;AAGH,SAAM;;;;;;;;CASV,MAAM,aAAa,EACjB,aACyB,EAAE,EAAmB;EAC9C,MAAM,yBAAyB,MAAM,KAAK,cAAc;AAExD,MAAI,CAAC,uBAAuB,eAAe;GACzC,MAAM,EAAE,WAAW;AACnB,SAAM,IAAI,MAAM,gDAAgD,SAAS;;AAG3E,SAAO,KAAK,eAAe,aAAa;GACtC,WAAW,uBAAuB;GAClC;GACD,CAAC;;CAGJ,MAAc,WAAW,aAAuC;EAC9D,MAAM,EAAE,cAAc,MAAMD,4BAAS;EACrC,MAAM,OAAO,MAAM,KAAK,eAAe,SAAS;AAChD,MAAI,CAAC,KACH,OAAM,IAAI,MACR,kEACD;AAGH,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AACV,UAAO"}
1
+ {"version":3,"file":"session.cjs","names":["AuthenticateWithSessionCookieFailureReason","session: SessionCookieData","unsealData","getJose","RefreshSessionFailureReason","OauthException"],"sources":["../../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from '../common/crypto/seal';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;;;;;;AAoBA,IAAa,gBAAb,MAA2B;CACzB,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,gBACA,aACA,gBACA;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,6BAA6B;AAG/C,OAAK,iBAAiB;AACtB,OAAK,iBAAiB;AACtB,OAAK,cAAc;;;;;;;CAQrB,MAAM,eAGJ;AACA,MAAI,CAAC,KAAK,YACR,QAAO;GACL,eAAe;GACf,QACEA,yHAA2C;GAC9C;EAGH,IAAIC;AAEJ,MAAI;AACF,aAAU,MAAMC,sCAA8B,KAAK,aAAa,EAC9D,UAAU,KAAK,gBAChB,CAAC;WACK,GAAG;AACV,UAAO;IACL,eAAe;IACf,QACEF,yHAA2C;IAC9C;;AAGH,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACEA,yHAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQA,yHAA2C;GACpD;EAGH,MAAM,EAAE,cAAc,MAAMG,4BAAS;EAErC,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd,cAAc,QAAQ;GACtB,aAAa,QAAQ;GACtB;;;;;;;;;;CAWH,MAAM,QAAQ,UAA0B,EAAE,EAAmC;EAC3E,MAAM,EAAE,cAAc,MAAMA,4BAAS;EACrC,MAAM,UAAU,MAAMD,sCAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,KACpC,QAAO;GACL,eAAe;GACf,QAAQE,uGAA4B;GACrC;EAGH,MAAM,EAAE,QAAQ,kCAAkC,UAChD,QAAQ,YACT;AAED,MAAI;GACF,MAAM,iBAAiB,QAAQ,kBAAkB,KAAK;GAEtD,MAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;IACrD,UAAU,KAAK,eAAe;IAC9B,cAAc,QAAQ;IACtB,gBACE,QAAQ,kBAAkB;IAC5B,SAAS;KAEP,aAAa;KACb;KACD;IACF,CAAC;AAGJ,OAAI,QAAQ,eACV,MAAK,iBAAiB,QAAQ;AAGhC,QAAK,cAAc,uBAAuB;GAE1C,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,uBAAuB,YAAY;AAI9D,UAAO;IACL,eAAe;IACf,eAAe,uBAAuB;IACtC,SAAS;IACT;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,QAAQ;IACd,cAAc,QAAQ;IACvB;WACM,OAAO;AACd,OACE,iBAAiBC,6DAEhB,MAAM,UAAUD,uGAA4B,iBAC3C,MAAM,UAAUA,uGAA4B,kBAC5C,MAAM,UAAUA,uGAA4B,cAE9C,QAAO;IACL,eAAe;IACf,QAAQ,MAAM;IACf;AAGH,SAAM;;;;;;;;CASV,MAAM,aAAa,EACjB,aACyB,EAAE,EAAmB;EAC9C,MAAM,yBAAyB,MAAM,KAAK,cAAc;AAExD,MAAI,CAAC,uBAAuB,eAAe;GACzC,MAAM,EAAE,WAAW;AACnB,SAAM,IAAI,MAAM,gDAAgD,SAAS;;AAG3E,SAAO,KAAK,eAAe,aAAa;GACtC,WAAW,uBAAuB;GAClC;GACD,CAAC;;CAGJ,MAAc,WAAW,aAAuC;EAC9D,MAAM,EAAE,cAAc,MAAMD,4BAAS;EACrC,MAAM,OAAO,MAAM,KAAK,eAAe,SAAS;AAChD,MAAI,CAAC,KACH,OAAM,IAAI,MACR,kEACD;AAGH,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AACV,UAAO"}
package/lib/user-management/session.js CHANGED
@@ -1,8 +1,8 @@
1
1
  import { OauthException } from "../common/exceptions/oauth.exception.js";
2
+ import { unsealData } from "../common/crypto/seal.js";
2
3
  import { AuthenticateWithSessionCookieFailureReason } from "./interfaces/authenticate-with-session-cookie.interface.js";
3
4
  import { RefreshSessionFailureReason } from "./interfaces/refresh-and-seal-session-data.interface.js";
4
5
  import { getJose } from "../utils/jose.js";
5
- import { unsealData } from "iron-session";
6
6
 
7
7
  //#region src/user-management/session.ts
8
8
  var CookieSession = class {
package/lib/user-management/session.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session.js","names":["session: SessionCookieData"],"sources":["../../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from 'iron-session';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;;;;;;AAoBA,IAAa,gBAAb,MAA2B;CACzB,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,gBACA,aACA,gBACA;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,6BAA6B;AAG/C,OAAK,iBAAiB;AACtB,OAAK,iBAAiB;AACtB,OAAK,cAAc;;;;;;;CAQrB,MAAM,eAGJ;AACA,MAAI,CAAC,KAAK,YACR,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;EAGH,IAAIA;AAEJ,MAAI;AACF,aAAU,MAAM,WAA8B,KAAK,aAAa,EAC9D,UAAU,KAAK,gBAChB,CAAC;WACK,GAAG;AACV,UAAO;IACL,eAAe;IACf,QACE,2CAA2C;IAC9C;;AAGH,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQ,2CAA2C;GACpD;EAGH,MAAM,EAAE,cAAc,MAAM,SAAS;EAErC,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd,cAAc,QAAQ;GACtB,aAAa,QAAQ;GACtB;;;;;;;;;;CAWH,MAAM,QAAQ,UAA0B,EAAE,EAAmC;EAC3E,MAAM,EAAE,cAAc,MAAM,SAAS;EACrC,MAAM,UAAU,MAAM,WAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,KACpC,QAAO;GACL,eAAe;GACf,QAAQ,4BAA4B;GACrC;EAGH,MAAM,EAAE,QAAQ,kCAAkC,UAChD,QAAQ,YACT;AAED,MAAI;GACF,MAAM,iBAAiB,QAAQ,kBAAkB,KAAK;GAEtD,MAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;IACrD,UAAU,KAAK,eAAe;IAC9B,cAAc,QAAQ;IACtB,gBACE,QAAQ,kBAAkB;IAC5B,SAAS;KAEP,aAAa;KACb;KACD;IACF,CAAC;AAGJ,OAAI,QAAQ,eACV,MAAK,iBAAiB,QAAQ;AAGhC,QAAK,cAAc,uBAAuB;GAE1C,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,uBAAuB,YAAY;AAI9D,UAAO;IACL,eAAe;IACf,eAAe,uBAAuB;IACtC,SAAS;IACT;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,QAAQ;IACd,cAAc,QAAQ;IACvB;WACM,OAAO;AACd,OACE,iBAAiB,mBAEhB,MAAM,UAAU,4BAA4B,iBAC3C,MAAM,UAAU,4BAA4B,kBAC5C,MAAM,UAAU,4BAA4B,cAE9C,QAAO;IACL,eAAe;IACf,QAAQ,MAAM;IACf;AAGH,SAAM;;;;;;;;CASV,MAAM,aAAa,EACjB,aACyB,EAAE,EAAmB;EAC9C,MAAM,yBAAyB,MAAM,KAAK,cAAc;AAExD,MAAI,CAAC,uBAAuB,eAAe;GACzC,MAAM,EAAE,WAAW;AACnB,SAAM,IAAI,MAAM,gDAAgD,SAAS;;AAG3E,SAAO,KAAK,eAAe,aAAa;GACtC,WAAW,uBAAuB;GAClC;GACD,CAAC;;CAGJ,MAAc,WAAW,aAAuC;EAC9D,MAAM,EAAE,cAAc,MAAM,SAAS;EACrC,MAAM,OAAO,MAAM,KAAK,eAAe,SAAS;AAChD,MAAI,CAAC,KACH,OAAM,IAAI,MACR,kEACD;AAGH,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AACV,UAAO"}
1
+ {"version":3,"file":"session.js","names":["session: SessionCookieData"],"sources":["../../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from '../common/crypto/seal';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n let session: SessionCookieData;\n\n try {\n session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n } catch (e) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n}\n"],"mappings":";;;;;;;AAoBA,IAAa,gBAAb,MAA2B;CACzB,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,gBACA,aACA,gBACA;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,6BAA6B;AAG/C,OAAK,iBAAiB;AACtB,OAAK,iBAAiB;AACtB,OAAK,cAAc;;;;;;;CAQrB,MAAM,eAGJ;AACA,MAAI,CAAC,KAAK,YACR,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;EAGH,IAAIA;AAEJ,MAAI;AACF,aAAU,MAAM,WAA8B,KAAK,aAAa,EAC9D,UAAU,KAAK,gBAChB,CAAC;WACK,GAAG;AACV,UAAO;IACL,eAAe;IACf,QACE,2CAA2C;IAC9C;;AAGH,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQ,2CAA2C;GACpD;EAGH,MAAM,EAAE,cAAc,MAAM,SAAS;EAErC,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd,cAAc,QAAQ;GACtB,aAAa,QAAQ;GACtB;;;;;;;;;;CAWH,MAAM,QAAQ,UAA0B,EAAE,EAAmC;EAC3E,MAAM,EAAE,cAAc,MAAM,SAAS;EACrC,MAAM,UAAU,MAAM,WAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,KACpC,QAAO;GACL,eAAe;GACf,QAAQ,4BAA4B;GACrC;EAGH,MAAM,EAAE,QAAQ,kCAAkC,UAChD,QAAQ,YACT;AAED,MAAI;GACF,MAAM,iBAAiB,QAAQ,kBAAkB,KAAK;GAEtD,MAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;IACrD,UAAU,KAAK,eAAe;IAC9B,cAAc,QAAQ;IACtB,gBACE,QAAQ,kBAAkB;IAC5B,SAAS;KAEP,aAAa;KACb;KACD;IACF,CAAC;AAGJ,OAAI,QAAQ,eACV,MAAK,iBAAiB,QAAQ;AAGhC,QAAK,cAAc,uBAAuB;GAE1C,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,uBAAuB,YAAY;AAI9D,UAAO;IACL,eAAe;IACf,eAAe,uBAAuB;IACtC,SAAS;IACT;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,QAAQ;IACd,cAAc,QAAQ;IACvB;WACM,OAAO;AACd,OACE,iBAAiB,mBAEhB,MAAM,UAAU,4BAA4B,iBAC3C,MAAM,UAAU,4BAA4B,kBAC5C,MAAM,UAAU,4BAA4B,cAE9C,QAAO;IACL,eAAe;IACf,QAAQ,MAAM;IACf;AAGH,SAAM;;;;;;;;CASV,MAAM,aAAa,EACjB,aACyB,EAAE,EAAmB;EAC9C,MAAM,yBAAyB,MAAM,KAAK,cAAc;AAExD,MAAI,CAAC,uBAAuB,eAAe;GACzC,MAAM,EAAE,WAAW;AACnB,SAAM,IAAI,MAAM,gDAAgD,SAAS;;AAG3E,SAAO,KAAK,eAAe,aAAa;GACtC,WAAW,uBAAuB;GAClC;GACD,CAAC;;CAGJ,MAAc,WAAW,aAAuC;EAC9D,MAAM,EAAE,cAAc,MAAM,SAAS;EACrC,MAAM,OAAO,MAAM,KAAK,eAAe,SAAS;AAChD,MAAI,CAAC,KACH,OAAM,IAAI,MACR,kEACD;AAGH,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AACV,UAAO"}
package/lib/user-management/user-management.cjs CHANGED
@@ -25,6 +25,7 @@ const require_common_utils_pagination = require('../common/utils/pagination.cjs'
25
25
  const require_common_utils_fetch_and_deserialize = require('../common/utils/fetch-and-deserialize.cjs');
26
26
  const require_feature_flags_serializers_feature_flag_serializer = require('../feature-flags/serializers/feature-flag.serializer.cjs');
27
27
  const require_mfa_serializers_challenge_serializer = require('../mfa/serializers/challenge.serializer.cjs');
28
+ const require_common_crypto_seal = require('../common/crypto/seal.cjs');
28
29
  const require_common_utils_env = require('../common/utils/env.cjs');
29
30
  const require_user_management_interfaces_authenticate_with_session_cookie_interface = require('./interfaces/authenticate-with-session-cookie.interface.cjs');
30
31
  const require_user_management_interfaces_revoke_session_options_interface = require('./interfaces/revoke-session-options.interface.cjs');
@@ -39,7 +40,6 @@ const require_user_management_serializers_send_invitation_options_serializer = r
39
40
  const require_user_management_serializers_update_organization_membership_options_serializer = require('./serializers/update-organization-membership-options.serializer.cjs');
40
41
  const require_utils_jose = require('../utils/jose.cjs');
41
42
  const require_user_management_session = require('./session.cjs');
42
- let iron_session = require("iron-session");
43
43
 
44
44
  //#region src/user-management/user-management.ts
45
45
  var UserManagement = class {
@@ -175,7 +175,7 @@ var UserManagement = class {
175
175
  authenticated: false,
176
176
  reason: require_user_management_interfaces_authenticate_with_session_cookie_interface.AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED
177
177
  };
178
- const session = await (0, iron_session.unsealData)(sessionData, { password: cookiePassword });
178
+ const session = await require_common_crypto_seal.unsealData(sessionData, { password: cookiePassword });
179
179
  if (!session.accessToken) return {
180
180
  authenticated: false,
181
181
  reason: require_user_management_interfaces_authenticate_with_session_cookie_interface.AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE
@@ -223,7 +223,7 @@ var UserManagement = class {
223
223
  if (!cookiePassword) throw new Error("Cookie password is required");
224
224
  const { decodeJwt } = await require_utils_jose.getJose();
225
225
  const { org_id: organizationIdFromAccessToken } = decodeJwt(authenticationResponse.accessToken);
226
- return (0, iron_session.sealData)({
226
+ return require_common_crypto_seal.sealData({
227
227
  organizationId: organizationIdFromAccessToken,
228
228
  user: authenticationResponse.user,
229
229
  accessToken: authenticationResponse.accessToken,
@@ -233,7 +233,7 @@ var UserManagement = class {
233
233
  }
234
234
  async getSessionFromCookie({ sessionData, cookiePassword = require_common_utils_env.getEnv("WORKOS_COOKIE_PASSWORD") }) {
235
235
  if (!cookiePassword) throw new Error("Cookie password is required");
236
- if (sessionData) return (0, iron_session.unsealData)(sessionData, { password: cookiePassword });
236
+ if (sessionData) return require_common_crypto_seal.unsealData(sessionData, { password: cookiePassword });
237
237
  }
238
238
  async getEmailVerification(emailVerificationId) {
239
239
  const { data } = await this.workos.get(`/user_management/email_verification/${emailVerificationId}`);
package/lib/user-management/user-management.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user-management.cjs","names":["workos: WorkOS","getJose","CookieSession","deserializeUser","AutoPaginatable","fetchAndDeserialize","serializeListUsersOptions","serializeCreateUserOptions","serializeAuthenticateWithMagicAuthOptions","deserializeAuthenticationResponse","serializeAuthenticateWithPasswordOptions","serializeAuthenticateWithCodeOptions","serializeAuthenticateWithCodeAndVerifierOptions","serializeAuthenticateWithRefreshTokenOptions","serializeAuthenticateWithTotpOptions","serializeAuthenticateWithEmailVerificationOptions","serializeAuthenticateWithOrganizationSelectionOptions","getEnv","AuthenticateWithSessionCookieFailureReason","deserializeEmailVerification","deserializeMagicAuth","serializeCreateMagicAuthOptions","deserializePasswordReset","serializeCreatePasswordResetOptions","serializeResetPasswordOptions","serializeUpdateUserOptions","serializeEnrollAuthFactorOptions","deserializeFactorWithSecrets","deserializeChallenge","deserializeFactor","deserializeFeatureFlag","deserializeSession","serializeListSessionsOptions","deserializeIdentities","deserializeOrganizationMembership","serializeListOrganizationMembershipsOptions","serializeCreateOrganizationMembershipOptions","serializeUpdateOrganizationMembershipOptions","deserializeInvitation","serializeListInvitationsOptions","serializeSendInvitationOptions","serializeRevokeSessionOptions"],"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { sealData, unsealData } from 'iron-session';\nimport * as clientUserManagement from '../client/user-management';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport {\n FeatureFlag,\n FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers/feature-flag.serializer';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeAndVerifierOptions,\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListSessionsOptions,\n ListUsersOptions,\n ListUserFeatureFlagsOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListSessionsOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n Session,\n SessionResponse,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeSession,\n deserializeUser,\n serializeAuthenticateWithCodeAndVerifierOptions,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeListSessionsOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { CookieSession } from './session';\nimport { getJose } from '../utils/jose';\n\nexport class UserManagement {\n private _jwks:\n | ReturnType<typeof import('jose').createRemoteJWKSet>\n | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n async getJWKS(): Promise<\n ReturnType<typeof import('jose').createRemoteJWKSet> | undefined\n > {\n const { createRemoteJWKSet } = await getJose();\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): CookieSession {\n return new CookieSession(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCodeAndVerifier(\n payload: AuthenticateWithCodeAndVerifierOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeAndVerifierOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeAndVerifierOptions(remainingPayload),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const jwks = await this.getJWKS();\n\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n const { decodeJwt } = await getJose();\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n user: session.user,\n permissions,\n entitlements,\n featureFlags,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const jwks = await this.getJWKS();\n const { jwtVerify } = await getJose();\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { decodeJwt } = await getJose();\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async listUserFeatureFlags(\n options: ListUserFeatureFlagsOptions,\n ): Promise<AutoPaginatable<FeatureFlag>> {\n const { userId, ...paginationOptions } = options;\n\n return new AutoPaginatable(\n await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n paginationOptions,\n ),\n (params) =>\n fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n params,\n ),\n paginationOptions,\n );\n }\n\n async listSessions(\n userId: string,\n options?: ListSessionsOptions,\n ): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n options ? serializeListSessionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n params,\n ),\n options ? serializeListSessionsOptions(options) : undefined,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async resendInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/resend`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl(options: UserManagementAuthorizationURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getAuthorizationUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getLogoutUrl(options: clientUserManagement.LogoutURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getLogoutUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getJwksUrl(clientId: string): string {\n // Delegate to client implementation\n return clientUserManagement.getJwksUrl(clientId, this.workos.baseURL);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2JA,IAAa,iBAAb,MAA4B;CAC1B,AAAQ;CAGR,AAAO;CAEP,YAAY,AAAiBA,QAAgB;EAAhB;EAC3B,MAAM,EAAE,aAAa,OAAO;AAE5B,OAAK,WAAW;;CAGlB,MAAM,UAEJ;EACA,MAAM,EAAE,uBAAuB,MAAMC,4BAAS;AAC9C,MAAI,CAAC,KAAK,SACR;AAIF,OAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,SAAS,CAAC,EAAE,EACzE,kBAAkB,MAAO,KAAK,GAC/B,CAAC;AAEF,SAAO,KAAK;;;;;;;;;;CAWd,kBAAkB,SAGA;AAChB,SAAO,IAAIC,8CAAc,MAAM,QAAQ,aAAa,QAAQ,eAAe;;CAG7E,MAAM,QAAQ,QAA+B;EAC3C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,SAC3B;AAED,SAAOC,oEAAgB,KAAK;;CAG9B,MAAM,oBAAoB,YAAmC;EAC3D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,sCAAsC,aACvC;AAED,SAAOA,oEAAgB,KAAK;;CAG9B,MAAM,UACJ,SAC4D;AAC5D,SAAO,IAAIC,gDACT,MAAMC,+DACJ,KAAK,QACL,0BACAF,qEACA,UAAUG,4FAA0B,QAAQ,GAAG,OAChD,GACA,WACCD,+DACE,KAAK,QACL,0BACAF,qEACA,OACD,EACH,UAAUG,4FAA0B,QAAQ,GAAG,OAChD;;CAGH,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0BC,8FAA2B,QAAQ,CAAC;AAEhE,SAAOJ,oEAAgB,KAAK;;CAG9B,MAAM,0BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAK,8HAA0C;GACxC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBC,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,yBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAC,2HAAyC;GACvC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBD,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAE,mHAAqC;GACnC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBF,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,gCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAG,2IAAgD,iBAAiB,CAClE;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBH,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAI,oIAA6C;GAC3C,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBJ,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAK,mHAAqC;GACnC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBL,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,kCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAM,sIAAkD;GAChD,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBN,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,sCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAO,sJAAsD;GACpD,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBP,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,8BAA8B,EAClC,aACA,iBAAiBQ,gCAAO,yBAAyB,IAIjD;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAKhD,MAAI,CAFS,MAAM,KAAK,SAAS,CAG/B,OAAM,IAAI,MAAM,2CAA2C;EAG7D,MAAM,EAAE,cAAc,MAAMhB,4BAAS;AAErC,MAAI,CAAC,YACH,QAAO;GACL,eAAe;GACf,QACEiB,yHAA2C;GAC9C;EAGH,MAAM,UAAU,mCAAoC,aAAa,EAC/D,UAAU,gBACX,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACEA,yHAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQA,yHAA2C;GACpD;EAGH,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd;GACA;GACA;GACA,aAAa,QAAQ;GACtB;;CAGH,MAAc,WAAW,aAAuC;EAC9D,MAAM,OAAO,MAAM,KAAK,SAAS;EACjC,MAAM,EAAE,cAAc,MAAMjB,4BAAS;AACrC,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,2CAA2C;AAG7D,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AACV,UAAO;;;CAIX,MAAc,8BAA8B,EAC1C,wBACA,WAIkC;AAClC,MAAI,SAAS,YACX,QAAO;GACL,GAAG;GACH,eAAe,MAAM,KAAK,0CAA0C;IAClE;IACA,gBAAgB,QAAQ;IACzB,CAAC;GACH;AAGH,SAAO;;CAGT,MAAc,0CAA0C,EACtD,wBACA,kBAIkB;AAClB,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;EAGhD,MAAM,EAAE,cAAc,MAAMA,4BAAS;EAErC,MAAM,EAAE,QAAQ,kCAAkC,UAChD,uBAAuB,YACxB;AAUD,oCARuC;GACrC,gBAAgB;GAChB,MAAM,uBAAuB;GAC7B,aAAa,uBAAuB;GACpC,cAAc,uBAAuB;GACrC,cAAc,uBAAuB;GACtC,EAE4B,EAC3B,UAAU,gBACX,CAAC;;CAGJ,MAAM,qBAAqB,EACzB,aACA,iBAAiBgB,gCAAO,yBAAyB,IACe;AAChE,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAGhD,MAAI,YACF,qCAAqC,aAAa,EAChD,UAAU,gBACX,CAAC;;CAMN,MAAM,qBACJ,qBAC4B;EAC5B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,uCAAuC,sBACxC;AAED,SAAOE,+FAA6B,KAAK;;CAG3C,MAAM,sBAAsB,EAC1B,UACwD;EACxD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BAA0B,OAAO,2BACjC,EAAE,CACH;AAED,SAAO,EAAE,MAAMhB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,aAAa,aAAyC;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,+BAA+B,cAChC;AAED,SAAOiB,+EAAqB,KAAK;;CAGnC,MAAM,gBAAgB,SAAqD;EACzE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,+BACAC,yGAAgC,EAC9B,GAAG,SACJ,CAAC,CACH;AAED,SAAOD,+EAAqB,KAAK;;CAGnC,MAAM,YAAY,EAChB,MACA,UAC8C;EAC9C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,OAAO,8BAA8B,EAC/D,MACD,CAAC;AAEF,SAAO,EAAE,MAAMjB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,iBAAiB,iBAAiD;EACtE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,mCAAmC,kBACpC;AAED,SAAOmB,uFAAyB,KAAK;;CAGvC,MAAM,oBACJ,SACwB;EACxB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,mCACAC,iHAAoC,EAClC,GAAG,SACJ,CAAC,CACH;AAED,SAAOD,uFAAyB,KAAK;;CAGvC,MAAM,cAAc,SAAwD;EAC1E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,2CACAE,oGAA8B,QAAQ,CACvC;AAED,SAAO,EAAE,MAAMrB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,QAAQ,UAClCsB,8FAA2B,QAAQ,CACpC;AAED,SAAOtB,oEAAgB,KAAK;;CAG9B,MAAM,iBAAiB,SAGpB;EACD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,0BAA0B,QAAQ,OAAO,gBACzCuB,2GAAiC,QAAQ,CAC1C;AAED,SAAO;GACL,sBAAsBC,mFACpB,KAAK,sBACN;GACD,yBAAyBC,kEACvB,KAAK,yBACN;GACF;;CAGH,MAAM,gBACJ,SACqD;EACrD,MAAM,EAAE,QAAQ,GAAG,kBAAkB;AACrC,SAAO,IAAIxB,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,gBACjCwB,yEACA,cACD,GACA,WACCxB,+DACE,KAAK,QACL,0BAA0B,OAAO,gBACjCwB,yEACA,OACD,EACH,cACD;;CAGH,MAAM,qBACJ,SACuC;EACvC,MAAM,EAAE,QAAQ,GAAG,sBAAsB;AAEzC,SAAO,IAAIzB,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,iBACjCyB,kFACA,kBACD,GACA,WACCzB,+DACE,KAAK,QACL,0BAA0B,OAAO,iBACjCyB,kFACA,OACD,EACH,kBACD;;CAGH,MAAM,aACJ,QACA,SACkE;AAClE,SAAO,IAAI1B,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,YACjC0B,2EACA,UAAUC,kGAA6B,QAAQ,GAAG,OACnD,GACA,WACC3B,+DACE,KAAK,QACL,0BAA0B,OAAO,YACjC0B,2EACA,OACD,EACH,UAAUC,kGAA6B,QAAQ,GAAG,OACnD;;CAGH,MAAM,WAAW,QAAgB;AAC/B,QAAM,KAAK,OAAO,OAAO,0BAA0B,SAAS;;CAG9D,MAAM,kBAAkB,QAAqC;AAC3D,MAAI,CAAC,OACH,OAAM,IAAI,UAAU,kDAAkD;EAGxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,OAAO,aAClC;AAED,SAAOC,8EAAsB,KAAK;;CAGpC,MAAM,0BACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,2BAC9C;AAED,SAAOC,yGAAkC,KAAK;;CAGhD,MAAM,4BACJ,SAMA;EACA,MAAM,oBACJC,iIAA4C,QAAQ;AAEtD,SAAO,IAAI/B,gDACT,MAAMC,+DAIJ,KAAK,QACL,6CACA6B,0GACA,kBACD,GACA,WACC7B,+DAIE,KAAK,QACL,6CACA6B,0GACA,OACD,EACH,kBACD;;CAGH,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,6CACAE,mIAA6C,QAAQ,CACtD;AAED,SAAOF,yGAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACA,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAIjC,6CAA6C,4BAC7CG,mIAA6C,QAAQ,CACtD;AAED,SAAOH,yGAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACe;AACf,QAAM,KAAK,OAAO,OAChB,6CAA6C,2BAC9C;;CAGH,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAOA,yGAAkC,KAAK;;CAGhD,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAOA,yGAAkC,KAAK;;CAGhD,MAAM,cAAc,cAA2C;EAC7D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eACjC;AAED,SAAOI,gFAAsB,KAAK;;CAGpC,MAAM,sBAAsB,iBAA8C;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,yCAAyC,kBAC1C;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAIlC,gDACT,MAAMC,+DACJ,KAAK,QACL,gCACAiC,iFACA,UAAUC,wGAAgC,QAAQ,GAAG,OACtD,GACA,WACClC,+DACE,KAAK,QACL,gCACAiC,iFACA,OACD,EACH,UAAUC,wGAAgC,QAAQ,GAAG,OACtD;;CAGH,MAAM,eAAe,SAAqD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,gCACAC,sGAA+B,EAC7B,GAAG,SACJ,CAAC,CACH;AAED,SAAOF,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,cAAc,SAA8C;AAChE,QAAM,KAAK,OAAO,KAChB,oCACAG,kGAA8B,QAAQ,CACvC;;CAGH,oBAAoB,SAAwD;AAE1E,4DAAgD;GAC9C,GAAG;GACH,SAAS,KAAK,OAAO;GACtB,CAAC;;CAGJ,aAAa,SAAwD;AAEnE,qDAAyC;GACvC,GAAG;GACH,SAAS,KAAK,OAAO;GACtB,CAAC;;CAGJ,WAAW,UAA0B;AAEnC,mDAAuC,UAAU,KAAK,OAAO,QAAQ"}
1
+ {"version":3,"file":"user-management.cjs","names":["workos: WorkOS","getJose","CookieSession","deserializeUser","AutoPaginatable","fetchAndDeserialize","serializeListUsersOptions","serializeCreateUserOptions","serializeAuthenticateWithMagicAuthOptions","deserializeAuthenticationResponse","serializeAuthenticateWithPasswordOptions","serializeAuthenticateWithCodeOptions","serializeAuthenticateWithCodeAndVerifierOptions","serializeAuthenticateWithRefreshTokenOptions","serializeAuthenticateWithTotpOptions","serializeAuthenticateWithEmailVerificationOptions","serializeAuthenticateWithOrganizationSelectionOptions","getEnv","AuthenticateWithSessionCookieFailureReason","unsealData","sealData","deserializeEmailVerification","deserializeMagicAuth","serializeCreateMagicAuthOptions","deserializePasswordReset","serializeCreatePasswordResetOptions","serializeResetPasswordOptions","serializeUpdateUserOptions","serializeEnrollAuthFactorOptions","deserializeFactorWithSecrets","deserializeChallenge","deserializeFactor","deserializeFeatureFlag","deserializeSession","serializeListSessionsOptions","deserializeIdentities","deserializeOrganizationMembership","serializeListOrganizationMembershipsOptions","serializeCreateOrganizationMembershipOptions","serializeUpdateOrganizationMembershipOptions","deserializeInvitation","serializeListInvitationsOptions","serializeSendInvitationOptions","serializeRevokeSessionOptions"],"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { sealData, unsealData } from '../common/crypto/seal';\nimport * as clientUserManagement from '../client/user-management';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport {\n FeatureFlag,\n FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers/feature-flag.serializer';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeAndVerifierOptions,\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListSessionsOptions,\n ListUsersOptions,\n ListUserFeatureFlagsOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListSessionsOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n Session,\n SessionResponse,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeSession,\n deserializeUser,\n serializeAuthenticateWithCodeAndVerifierOptions,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeListSessionsOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { CookieSession } from './session';\nimport { getJose } from '../utils/jose';\n\nexport class UserManagement {\n private _jwks:\n | ReturnType<typeof import('jose').createRemoteJWKSet>\n | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n async getJWKS(): Promise<\n ReturnType<typeof import('jose').createRemoteJWKSet> | undefined\n > {\n const { createRemoteJWKSet } = await getJose();\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): CookieSession {\n return new CookieSession(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCodeAndVerifier(\n payload: AuthenticateWithCodeAndVerifierOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeAndVerifierOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeAndVerifierOptions(remainingPayload),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const jwks = await this.getJWKS();\n\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n const { decodeJwt } = await getJose();\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n user: session.user,\n permissions,\n entitlements,\n featureFlags,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const jwks = await this.getJWKS();\n const { jwtVerify } = await getJose();\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { decodeJwt } = await getJose();\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async listUserFeatureFlags(\n options: ListUserFeatureFlagsOptions,\n ): Promise<AutoPaginatable<FeatureFlag>> {\n const { userId, ...paginationOptions } = options;\n\n return new AutoPaginatable(\n await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n paginationOptions,\n ),\n (params) =>\n fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n params,\n ),\n paginationOptions,\n );\n }\n\n async listSessions(\n userId: string,\n options?: ListSessionsOptions,\n ): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n options ? serializeListSessionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n params,\n ),\n options ? serializeListSessionsOptions(options) : undefined,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async resendInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/resend`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl(options: UserManagementAuthorizationURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getAuthorizationUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getLogoutUrl(options: clientUserManagement.LogoutURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getLogoutUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getJwksUrl(clientId: string): string {\n // Delegate to client implementation\n return clientUserManagement.getJwksUrl(clientId, this.workos.baseURL);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2JA,IAAa,iBAAb,MAA4B;CAC1B,AAAQ;CAGR,AAAO;CAEP,YAAY,AAAiBA,QAAgB;EAAhB;EAC3B,MAAM,EAAE,aAAa,OAAO;AAE5B,OAAK,WAAW;;CAGlB,MAAM,UAEJ;EACA,MAAM,EAAE,uBAAuB,MAAMC,4BAAS;AAC9C,MAAI,CAAC,KAAK,SACR;AAIF,OAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,SAAS,CAAC,EAAE,EACzE,kBAAkB,MAAO,KAAK,GAC/B,CAAC;AAEF,SAAO,KAAK;;;;;;;;;;CAWd,kBAAkB,SAGA;AAChB,SAAO,IAAIC,8CAAc,MAAM,QAAQ,aAAa,QAAQ,eAAe;;CAG7E,MAAM,QAAQ,QAA+B;EAC3C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,SAC3B;AAED,SAAOC,oEAAgB,KAAK;;CAG9B,MAAM,oBAAoB,YAAmC;EAC3D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,sCAAsC,aACvC;AAED,SAAOA,oEAAgB,KAAK;;CAG9B,MAAM,UACJ,SAC4D;AAC5D,SAAO,IAAIC,gDACT,MAAMC,+DACJ,KAAK,QACL,0BACAF,qEACA,UAAUG,4FAA0B,QAAQ,GAAG,OAChD,GACA,WACCD,+DACE,KAAK,QACL,0BACAF,qEACA,OACD,EACH,UAAUG,4FAA0B,QAAQ,GAAG,OAChD;;CAGH,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0BC,8FAA2B,QAAQ,CAAC;AAEhE,SAAOJ,oEAAgB,KAAK;;CAG9B,MAAM,0BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAK,8HAA0C;GACxC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBC,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,yBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAC,2HAAyC;GACvC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBD,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAE,mHAAqC;GACnC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBF,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,gCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAG,2IAAgD,iBAAiB,CAClE;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBH,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAI,oIAA6C;GAC3C,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBJ,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAK,mHAAqC;GACnC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBL,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,kCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAM,sIAAkD;GAChD,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBN,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,sCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAO,sJAAsD;GACpD,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBP,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,8BAA8B,EAClC,aACA,iBAAiBQ,gCAAO,yBAAyB,IAIjD;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAKhD,MAAI,CAFS,MAAM,KAAK,SAAS,CAG/B,OAAM,IAAI,MAAM,2CAA2C;EAG7D,MAAM,EAAE,cAAc,MAAMhB,4BAAS;AAErC,MAAI,CAAC,YACH,QAAO;GACL,eAAe;GACf,QACEiB,yHAA2C;GAC9C;EAGH,MAAM,UAAU,MAAMC,sCAA8B,aAAa,EAC/D,UAAU,gBACX,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACED,yHAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQA,yHAA2C;GACpD;EAGH,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd;GACA;GACA;GACA,aAAa,QAAQ;GACtB;;CAGH,MAAc,WAAW,aAAuC;EAC9D,MAAM,OAAO,MAAM,KAAK,SAAS;EACjC,MAAM,EAAE,cAAc,MAAMjB,4BAAS;AACrC,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,2CAA2C;AAG7D,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AACV,UAAO;;;CAIX,MAAc,8BAA8B,EAC1C,wBACA,WAIkC;AAClC,MAAI,SAAS,YACX,QAAO;GACL,GAAG;GACH,eAAe,MAAM,KAAK,0CAA0C;IAClE;IACA,gBAAgB,QAAQ;IACzB,CAAC;GACH;AAGH,SAAO;;CAGT,MAAc,0CAA0C,EACtD,wBACA,kBAIkB;AAClB,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;EAGhD,MAAM,EAAE,cAAc,MAAMA,4BAAS;EAErC,MAAM,EAAE,QAAQ,kCAAkC,UAChD,uBAAuB,YACxB;AAUD,SAAOmB,oCARgC;GACrC,gBAAgB;GAChB,MAAM,uBAAuB;GAC7B,aAAa,uBAAuB;GACpC,cAAc,uBAAuB;GACrC,cAAc,uBAAuB;GACtC,EAE4B,EAC3B,UAAU,gBACX,CAAC;;CAGJ,MAAM,qBAAqB,EACzB,aACA,iBAAiBH,gCAAO,yBAAyB,IACe;AAChE,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAGhD,MAAI,YACF,QAAOE,sCAA8B,aAAa,EAChD,UAAU,gBACX,CAAC;;CAMN,MAAM,qBACJ,qBAC4B;EAC5B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,uCAAuC,sBACxC;AAED,SAAOE,+FAA6B,KAAK;;CAG3C,MAAM,sBAAsB,EAC1B,UACwD;EACxD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BAA0B,OAAO,2BACjC,EAAE,CACH;AAED,SAAO,EAAE,MAAMlB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,aAAa,aAAyC;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,+BAA+B,cAChC;AAED,SAAOmB,+EAAqB,KAAK;;CAGnC,MAAM,gBAAgB,SAAqD;EACzE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,+BACAC,yGAAgC,EAC9B,GAAG,SACJ,CAAC,CACH;AAED,SAAOD,+EAAqB,KAAK;;CAGnC,MAAM,YAAY,EAChB,MACA,UAC8C;EAC9C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,OAAO,8BAA8B,EAC/D,MACD,CAAC;AAEF,SAAO,EAAE,MAAMnB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,iBAAiB,iBAAiD;EACtE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,mCAAmC,kBACpC;AAED,SAAOqB,uFAAyB,KAAK;;CAGvC,MAAM,oBACJ,SACwB;EACxB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,mCACAC,iHAAoC,EAClC,GAAG,SACJ,CAAC,CACH;AAED,SAAOD,uFAAyB,KAAK;;CAGvC,MAAM,cAAc,SAAwD;EAC1E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,2CACAE,oGAA8B,QAAQ,CACvC;AAED,SAAO,EAAE,MAAMvB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,QAAQ,UAClCwB,8FAA2B,QAAQ,CACpC;AAED,SAAOxB,oEAAgB,KAAK;;CAG9B,MAAM,iBAAiB,SAGpB;EACD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,0BAA0B,QAAQ,OAAO,gBACzCyB,2GAAiC,QAAQ,CAC1C;AAED,SAAO;GACL,sBAAsBC,mFACpB,KAAK,sBACN;GACD,yBAAyBC,kEACvB,KAAK,yBACN;GACF;;CAGH,MAAM,gBACJ,SACqD;EACrD,MAAM,EAAE,QAAQ,GAAG,kBAAkB;AACrC,SAAO,IAAI1B,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,gBACjC0B,yEACA,cACD,GACA,WACC1B,+DACE,KAAK,QACL,0BAA0B,OAAO,gBACjC0B,yEACA,OACD,EACH,cACD;;CAGH,MAAM,qBACJ,SACuC;EACvC,MAAM,EAAE,QAAQ,GAAG,sBAAsB;AAEzC,SAAO,IAAI3B,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,iBACjC2B,kFACA,kBACD,GACA,WACC3B,+DACE,KAAK,QACL,0BAA0B,OAAO,iBACjC2B,kFACA,OACD,EACH,kBACD;;CAGH,MAAM,aACJ,QACA,SACkE;AAClE,SAAO,IAAI5B,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,YACjC4B,2EACA,UAAUC,kGAA6B,QAAQ,GAAG,OACnD,GACA,WACC7B,+DACE,KAAK,QACL,0BAA0B,OAAO,YACjC4B,2EACA,OACD,EACH,UAAUC,kGAA6B,QAAQ,GAAG,OACnD;;CAGH,MAAM,WAAW,QAAgB;AAC/B,QAAM,KAAK,OAAO,OAAO,0BAA0B,SAAS;;CAG9D,MAAM,kBAAkB,QAAqC;AAC3D,MAAI,CAAC,OACH,OAAM,IAAI,UAAU,kDAAkD;EAGxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,OAAO,aAClC;AAED,SAAOC,8EAAsB,KAAK;;CAGpC,MAAM,0BACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,2BAC9C;AAED,SAAOC,yGAAkC,KAAK;;CAGhD,MAAM,4BACJ,SAMA;EACA,MAAM,oBACJC,iIAA4C,QAAQ;AAEtD,SAAO,IAAIjC,gDACT,MAAMC,+DAIJ,KAAK,QACL,6CACA+B,0GACA,kBACD,GACA,WACC/B,+DAIE,KAAK,QACL,6CACA+B,0GACA,OACD,EACH,kBACD;;CAGH,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,6CACAE,mIAA6C,QAAQ,CACtD;AAED,SAAOF,yGAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACA,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAIjC,6CAA6C,4BAC7CG,mIAA6C,QAAQ,CACtD;AAED,SAAOH,yGAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACe;AACf,QAAM,KAAK,OAAO,OAChB,6CAA6C,2BAC9C;;CAGH,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAOA,yGAAkC,KAAK;;CAGhD,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAOA,yGAAkC,KAAK;;CAGhD,MAAM,cAAc,cAA2C;EAC7D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eACjC;AAED,SAAOI,gFAAsB,KAAK;;CAGpC,MAAM,sBAAsB,iBAA8C;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,yCAAyC,kBAC1C;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAIpC,gDACT,MAAMC,+DACJ,KAAK,QACL,gCACAmC,iFACA,UAAUC,wGAAgC,QAAQ,GAAG,OACtD,GACA,WACCpC,+DACE,KAAK,QACL,gCACAmC,iFACA,OACD,EACH,UAAUC,wGAAgC,QAAQ,GAAG,OACtD;;CAGH,MAAM,eAAe,SAAqD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,gCACAC,sGAA+B,EAC7B,GAAG,SACJ,CAAC,CACH;AAED,SAAOF,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,cAAc,SAA8C;AAChE,QAAM,KAAK,OAAO,KAChB,oCACAG,kGAA8B,QAAQ,CACvC;;CAGH,oBAAoB,SAAwD;AAE1E,4DAAgD;GAC9C,GAAG;GACH,SAAS,KAAK,OAAO;GACtB,CAAC;;CAGJ,aAAa,SAAwD;AAEnE,qDAAyC;GACvC,GAAG;GACH,SAAS,KAAK,OAAO;GACtB,CAAC;;CAGJ,WAAW,UAA0B;AAEnC,mDAAuC,UAAU,KAAK,OAAO,QAAQ"}
package/lib/user-management/user-management.js CHANGED
@@ -25,6 +25,7 @@ import { AutoPaginatable } from "../common/utils/pagination.js";
25
25
  import { fetchAndDeserialize } from "../common/utils/fetch-and-deserialize.js";
26
26
  import { deserializeFeatureFlag } from "../feature-flags/serializers/feature-flag.serializer.js";
27
27
  import { deserializeChallenge } from "../mfa/serializers/challenge.serializer.js";
28
+ import { sealData, unsealData } from "../common/crypto/seal.js";
28
29
  import { getEnv } from "../common/utils/env.js";
29
30
  import { AuthenticateWithSessionCookieFailureReason } from "./interfaces/authenticate-with-session-cookie.interface.js";
30
31
  import { serializeRevokeSessionOptions } from "./interfaces/revoke-session-options.interface.js";
@@ -39,7 +40,6 @@ import { serializeSendInvitationOptions } from "./serializers/send-invitation-op
39
40
  import { serializeUpdateOrganizationMembershipOptions } from "./serializers/update-organization-membership-options.serializer.js";
40
41
  import { getJose } from "../utils/jose.js";
41
42
  import { CookieSession } from "./session.js";
42
- import { sealData, unsealData } from "iron-session";
43
43
 
44
44
  //#region src/user-management/user-management.ts
45
45
  var UserManagement = class {
package/lib/user-management/user-management.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user-management.js","names":["workos: WorkOS","clientUserManagement.getAuthorizationUrl","clientUserManagement.getLogoutUrl","clientUserManagement.getJwksUrl"],"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { sealData, unsealData } from 'iron-session';\nimport * as clientUserManagement from '../client/user-management';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport {\n FeatureFlag,\n FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers/feature-flag.serializer';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeAndVerifierOptions,\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListSessionsOptions,\n ListUsersOptions,\n ListUserFeatureFlagsOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListSessionsOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n Session,\n SessionResponse,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeSession,\n deserializeUser,\n serializeAuthenticateWithCodeAndVerifierOptions,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeListSessionsOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { CookieSession } from './session';\nimport { getJose } from '../utils/jose';\n\nexport class UserManagement {\n private _jwks:\n | ReturnType<typeof import('jose').createRemoteJWKSet>\n | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n async getJWKS(): Promise<\n ReturnType<typeof import('jose').createRemoteJWKSet> | undefined\n > {\n const { createRemoteJWKSet } = await getJose();\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): CookieSession {\n return new CookieSession(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCodeAndVerifier(\n payload: AuthenticateWithCodeAndVerifierOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeAndVerifierOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeAndVerifierOptions(remainingPayload),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const jwks = await this.getJWKS();\n\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n const { decodeJwt } = await getJose();\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n user: session.user,\n permissions,\n entitlements,\n featureFlags,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const jwks = await this.getJWKS();\n const { jwtVerify } = await getJose();\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { decodeJwt } = await getJose();\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async listUserFeatureFlags(\n options: ListUserFeatureFlagsOptions,\n ): Promise<AutoPaginatable<FeatureFlag>> {\n const { userId, ...paginationOptions } = options;\n\n return new AutoPaginatable(\n await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n paginationOptions,\n ),\n (params) =>\n fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n params,\n ),\n paginationOptions,\n );\n }\n\n async listSessions(\n userId: string,\n options?: ListSessionsOptions,\n ): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n options ? serializeListSessionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n params,\n ),\n options ? serializeListSessionsOptions(options) : undefined,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async resendInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/resend`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl(options: UserManagementAuthorizationURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getAuthorizationUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getLogoutUrl(options: clientUserManagement.LogoutURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getLogoutUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getJwksUrl(clientId: string): string {\n // Delegate to client implementation\n return clientUserManagement.getJwksUrl(clientId, this.workos.baseURL);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2JA,IAAa,iBAAb,MAA4B;CAC1B,AAAQ;CAGR,AAAO;CAEP,YAAY,AAAiBA,QAAgB;EAAhB;EAC3B,MAAM,EAAE,aAAa,OAAO;AAE5B,OAAK,WAAW;;CAGlB,MAAM,UAEJ;EACA,MAAM,EAAE,uBAAuB,MAAM,SAAS;AAC9C,MAAI,CAAC,KAAK,SACR;AAIF,OAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,SAAS,CAAC,EAAE,EACzE,kBAAkB,MAAO,KAAK,GAC/B,CAAC;AAEF,SAAO,KAAK;;;;;;;;;;CAWd,kBAAkB,SAGA;AAChB,SAAO,IAAI,cAAc,MAAM,QAAQ,aAAa,QAAQ,eAAe;;CAG7E,MAAM,QAAQ,QAA+B;EAC3C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,SAC3B;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,oBAAoB,YAAmC;EAC3D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,sCAAsC,aACvC;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,UACJ,SAC4D;AAC5D,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BACA,iBACA,UAAU,0BAA0B,QAAQ,GAAG,OAChD,GACA,WACC,oBACE,KAAK,QACL,0BACA,iBACA,OACD,EACH,UAAU,0BAA0B,QAAQ,GAAG,OAChD;;CAGH,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,2BAA2B,QAAQ,CAAC;AAEhE,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,0BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,0CAA0C;GACxC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,yBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,yCAAyC;GACvC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,qCAAqC;GACnC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,gCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,gDAAgD,iBAAiB,CAClE;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,6CAA6C;GAC3C,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,qCAAqC;GACnC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,kCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,kDAAkD;GAChD,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,sCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,sDAAsD;GACpD,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,8BAA8B,EAClC,aACA,iBAAiB,OAAO,yBAAyB,IAIjD;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAKhD,MAAI,CAFS,MAAM,KAAK,SAAS,CAG/B,OAAM,IAAI,MAAM,2CAA2C;EAG7D,MAAM,EAAE,cAAc,MAAM,SAAS;AAErC,MAAI,CAAC,YACH,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;EAGH,MAAM,UAAU,MAAM,WAA8B,aAAa,EAC/D,UAAU,gBACX,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQ,2CAA2C;GACpD;EAGH,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd;GACA;GACA;GACA,aAAa,QAAQ;GACtB;;CAGH,MAAc,WAAW,aAAuC;EAC9D,MAAM,OAAO,MAAM,KAAK,SAAS;EACjC,MAAM,EAAE,cAAc,MAAM,SAAS;AACrC,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,2CAA2C;AAG7D,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AACV,UAAO;;;CAIX,MAAc,8BAA8B,EAC1C,wBACA,WAIkC;AAClC,MAAI,SAAS,YACX,QAAO;GACL,GAAG;GACH,eAAe,MAAM,KAAK,0CAA0C;IAClE;IACA,gBAAgB,QAAQ;IACzB,CAAC;GACH;AAGH,SAAO;;CAGT,MAAc,0CAA0C,EACtD,wBACA,kBAIkB;AAClB,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;EAGhD,MAAM,EAAE,cAAc,MAAM,SAAS;EAErC,MAAM,EAAE,QAAQ,kCAAkC,UAChD,uBAAuB,YACxB;AAUD,SAAO,SARgC;GACrC,gBAAgB;GAChB,MAAM,uBAAuB;GAC7B,aAAa,uBAAuB;GACpC,cAAc,uBAAuB;GACrC,cAAc,uBAAuB;GACtC,EAE4B,EAC3B,UAAU,gBACX,CAAC;;CAGJ,MAAM,qBAAqB,EACzB,aACA,iBAAiB,OAAO,yBAAyB,IACe;AAChE,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAGhD,MAAI,YACF,QAAO,WAA8B,aAAa,EAChD,UAAU,gBACX,CAAC;;CAMN,MAAM,qBACJ,qBAC4B;EAC5B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,uCAAuC,sBACxC;AAED,SAAO,6BAA6B,KAAK;;CAG3C,MAAM,sBAAsB,EAC1B,UACwD;EACxD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BAA0B,OAAO,2BACjC,EAAE,CACH;AAED,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,aAAa,aAAyC;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,+BAA+B,cAChC;AAED,SAAO,qBAAqB,KAAK;;CAGnC,MAAM,gBAAgB,SAAqD;EACzE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,+BACA,gCAAgC,EAC9B,GAAG,SACJ,CAAC,CACH;AAED,SAAO,qBAAqB,KAAK;;CAGnC,MAAM,YAAY,EAChB,MACA,UAC8C;EAC9C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,OAAO,8BAA8B,EAC/D,MACD,CAAC;AAEF,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,iBAAiB,iBAAiD;EACtE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,mCAAmC,kBACpC;AAED,SAAO,yBAAyB,KAAK;;CAGvC,MAAM,oBACJ,SACwB;EACxB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,mCACA,oCAAoC,EAClC,GAAG,SACJ,CAAC,CACH;AAED,SAAO,yBAAyB,KAAK;;CAGvC,MAAM,cAAc,SAAwD;EAC1E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,2CACA,8BAA8B,QAAQ,CACvC;AAED,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,QAAQ,UAClC,2BAA2B,QAAQ,CACpC;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,iBAAiB,SAGpB;EACD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,0BAA0B,QAAQ,OAAO,gBACzC,iCAAiC,QAAQ,CAC1C;AAED,SAAO;GACL,sBAAsB,6BACpB,KAAK,sBACN;GACD,yBAAyB,qBACvB,KAAK,yBACN;GACF;;CAGH,MAAM,gBACJ,SACqD;EACrD,MAAM,EAAE,QAAQ,GAAG,kBAAkB;AACrC,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,gBACjC,mBACA,cACD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,gBACjC,mBACA,OACD,EACH,cACD;;CAGH,MAAM,qBACJ,SACuC;EACvC,MAAM,EAAE,QAAQ,GAAG,sBAAsB;AAEzC,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,iBACjC,wBACA,kBACD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,iBACjC,wBACA,OACD,EACH,kBACD;;CAGH,MAAM,aACJ,QACA,SACkE;AAClE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,YACjC,oBACA,UAAU,6BAA6B,QAAQ,GAAG,OACnD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,YACjC,oBACA,OACD,EACH,UAAU,6BAA6B,QAAQ,GAAG,OACnD;;CAGH,MAAM,WAAW,QAAgB;AAC/B,QAAM,KAAK,OAAO,OAAO,0BAA0B,SAAS;;CAG9D,MAAM,kBAAkB,QAAqC;AAC3D,MAAI,CAAC,OACH,OAAM,IAAI,UAAU,kDAAkD;EAGxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,OAAO,aAClC;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,0BACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,2BAC9C;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,4BACJ,SAMA;EACA,MAAM,oBACJ,4CAA4C,QAAQ;AAEtD,SAAO,IAAI,gBACT,MAAM,oBAIJ,KAAK,QACL,6CACA,mCACA,kBACD,GACA,WACC,oBAIE,KAAK,QACL,6CACA,mCACA,OACD,EACH,kBACD;;CAGH,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,6CACA,6CAA6C,QAAQ,CACtD;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACA,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAIjC,6CAA6C,4BAC7C,6CAA6C,QAAQ,CACtD;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACe;AACf,QAAM,KAAK,OAAO,OAChB,6CAA6C,2BAC9C;;CAGH,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,cAAc,cAA2C;EAC7D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eACjC;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,sBAAsB,iBAA8C;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,yCAAyC,kBAC1C;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,gCACA,uBACA,UAAU,gCAAgC,QAAQ,GAAG,OACtD,GACA,WACC,oBACE,KAAK,QACL,gCACA,uBACA,OACD,EACH,UAAU,gCAAgC,QAAQ,GAAG,OACtD;;CAGH,MAAM,eAAe,SAAqD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,gCACA,+BAA+B,EAC7B,GAAG,SACJ,CAAC,CACH;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,cAAc,SAA8C;AAChE,QAAM,KAAK,OAAO,KAChB,oCACA,8BAA8B,QAAQ,CACvC;;CAGH,oBAAoB,SAAwD;AAE1E,SAAOC,oBAAyC;GAC9C,GAAG;GACH,SAAS,KAAK,OAAO;GACtB,CAAC;;CAGJ,aAAa,SAAwD;AAEnE,SAAOC,aAAkC;GACvC,GAAG;GACH,SAAS,KAAK,OAAO;GACtB,CAAC;;CAGJ,WAAW,UAA0B;AAEnC,SAAOC,WAAgC,UAAU,KAAK,OAAO,QAAQ"}
1
+ {"version":3,"file":"user-management.js","names":["workos: WorkOS","clientUserManagement.getAuthorizationUrl","clientUserManagement.getLogoutUrl","clientUserManagement.getJwksUrl"],"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { sealData, unsealData } from '../common/crypto/seal';\nimport * as clientUserManagement from '../client/user-management';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport {\n FeatureFlag,\n FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers/feature-flag.serializer';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeAndVerifierOptions,\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListSessionsOptions,\n ListUsersOptions,\n ListUserFeatureFlagsOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListSessionsOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n Session,\n SessionResponse,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport { UserManagementAuthorizationURLOptions } from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeSession,\n deserializeUser,\n serializeAuthenticateWithCodeAndVerifierOptions,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeListSessionsOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { CookieSession } from './session';\nimport { getJose } from '../utils/jose';\n\nexport class UserManagement {\n private _jwks:\n | ReturnType<typeof import('jose').createRemoteJWKSet>\n | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n async getJWKS(): Promise<\n ReturnType<typeof import('jose').createRemoteJWKSet> | undefined\n > {\n const { createRemoteJWKSet } = await getJose();\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): CookieSession {\n return new CookieSession(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithCodeAndVerifier(\n payload: AuthenticateWithCodeAndVerifierOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeAndVerifierOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeAndVerifierOptions(remainingPayload),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithRefreshTokenOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, ...remainingPayload } = payload;\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const jwks = await this.getJWKS();\n\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n const { decodeJwt } = await getJose();\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n user: session.user,\n permissions,\n entitlements,\n featureFlags,\n accessToken: session.accessToken,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const jwks = await this.getJWKS();\n const { jwtVerify } = await getJose();\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n return false;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { decodeJwt } = await getJose();\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async listUserFeatureFlags(\n options: ListUserFeatureFlagsOptions,\n ): Promise<AutoPaginatable<FeatureFlag>> {\n const { userId, ...paginationOptions } = options;\n\n return new AutoPaginatable(\n await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n paginationOptions,\n ),\n (params) =>\n fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n params,\n ),\n paginationOptions,\n );\n }\n\n async listSessions(\n userId: string,\n options?: ListSessionsOptions,\n ): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n options ? serializeListSessionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n params,\n ),\n options ? serializeListSessionsOptions(options) : undefined,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async resendInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/resend`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n getAuthorizationUrl(options: UserManagementAuthorizationURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getAuthorizationUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getLogoutUrl(options: clientUserManagement.LogoutURLOptions): string {\n // Delegate to client implementation\n return clientUserManagement.getLogoutUrl({\n ...options,\n baseURL: this.workos.baseURL,\n });\n }\n\n getJwksUrl(clientId: string): string {\n // Delegate to client implementation\n return clientUserManagement.getJwksUrl(clientId, this.workos.baseURL);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2JA,IAAa,iBAAb,MAA4B;CAC1B,AAAQ;CAGR,AAAO;CAEP,YAAY,AAAiBA,QAAgB;EAAhB;EAC3B,MAAM,EAAE,aAAa,OAAO;AAE5B,OAAK,WAAW;;CAGlB,MAAM,UAEJ;EACA,MAAM,EAAE,uBAAuB,MAAM,SAAS;AAC9C,MAAI,CAAC,KAAK,SACR;AAIF,OAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,SAAS,CAAC,EAAE,EACzE,kBAAkB,MAAO,KAAK,GAC/B,CAAC;AAEF,SAAO,KAAK;;;;;;;;;;CAWd,kBAAkB,SAGA;AAChB,SAAO,IAAI,cAAc,MAAM,QAAQ,aAAa,QAAQ,eAAe;;CAG7E,MAAM,QAAQ,QAA+B;EAC3C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,SAC3B;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,oBAAoB,YAAmC;EAC3D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,sCAAsC,aACvC;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,UACJ,SAC4D;AAC5D,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BACA,iBACA,UAAU,0BAA0B,QAAQ,GAAG,OAChD,GACA,WACC,oBACE,KAAK,QACL,0BACA,iBACA,OACD,EACH,UAAU,0BAA0B,QAAQ,GAAG,OAChD;;CAGH,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,2BAA2B,QAAQ,CAAC;AAEhE,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,0BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,0CAA0C;GACxC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,yBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,yCAAyC;GACvC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,qCAAqC;GACnC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,gCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,gDAAgD,iBAAiB,CAClE;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,6CAA6C;GAC3C,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,qCAAqC;GACnC,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,kCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,kDAAkD;GAChD,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,sCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,GAAG,qBAAqB;EAEzC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,sDAAsD;GACpD,GAAG;GACH,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,8BAA8B,EAClC,aACA,iBAAiB,OAAO,yBAAyB,IAIjD;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAKhD,MAAI,CAFS,MAAM,KAAK,SAAS,CAG/B,OAAM,IAAI,MAAM,2CAA2C;EAG7D,MAAM,EAAE,cAAc,MAAM,SAAS;AAErC,MAAI,CAAC,YACH,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;EAGH,MAAM,UAAU,MAAM,WAA8B,aAAa,EAC/D,UAAU,gBACX,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQ,2CAA2C;GACpD;EAGH,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd;GACA;GACA;GACA,aAAa,QAAQ;GACtB;;CAGH,MAAc,WAAW,aAAuC;EAC9D,MAAM,OAAO,MAAM,KAAK,SAAS;EACjC,MAAM,EAAE,cAAc,MAAM,SAAS;AACrC,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,2CAA2C;AAG7D,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AACV,UAAO;;;CAIX,MAAc,8BAA8B,EAC1C,wBACA,WAIkC;AAClC,MAAI,SAAS,YACX,QAAO;GACL,GAAG;GACH,eAAe,MAAM,KAAK,0CAA0C;IAClE;IACA,gBAAgB,QAAQ;IACzB,CAAC;GACH;AAGH,SAAO;;CAGT,MAAc,0CAA0C,EACtD,wBACA,kBAIkB;AAClB,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;EAGhD,MAAM,EAAE,cAAc,MAAM,SAAS;EAErC,MAAM,EAAE,QAAQ,kCAAkC,UAChD,uBAAuB,YACxB;AAUD,SAAO,SARgC;GACrC,gBAAgB;GAChB,MAAM,uBAAuB;GAC7B,aAAa,uBAAuB;GACpC,cAAc,uBAAuB;GACrC,cAAc,uBAAuB;GACtC,EAE4B,EAC3B,UAAU,gBACX,CAAC;;CAGJ,MAAM,qBAAqB,EACzB,aACA,iBAAiB,OAAO,yBAAyB,IACe;AAChE,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAGhD,MAAI,YACF,QAAO,WAA8B,aAAa,EAChD,UAAU,gBACX,CAAC;;CAMN,MAAM,qBACJ,qBAC4B;EAC5B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,uCAAuC,sBACxC;AAED,SAAO,6BAA6B,KAAK;;CAG3C,MAAM,sBAAsB,EAC1B,UACwD;EACxD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BAA0B,OAAO,2BACjC,EAAE,CACH;AAED,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,aAAa,aAAyC;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,+BAA+B,cAChC;AAED,SAAO,qBAAqB,KAAK;;CAGnC,MAAM,gBAAgB,SAAqD;EACzE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,+BACA,gCAAgC,EAC9B,GAAG,SACJ,CAAC,CACH;AAED,SAAO,qBAAqB,KAAK;;CAGnC,MAAM,YAAY,EAChB,MACA,UAC8C;EAC9C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,OAAO,8BAA8B,EAC/D,MACD,CAAC;AAEF,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,iBAAiB,iBAAiD;EACtE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,mCAAmC,kBACpC;AAED,SAAO,yBAAyB,KAAK;;CAGvC,MAAM,oBACJ,SACwB;EACxB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,mCACA,oCAAoC,EAClC,GAAG,SACJ,CAAC,CACH;AAED,SAAO,yBAAyB,KAAK;;CAGvC,MAAM,cAAc,SAAwD;EAC1E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,2CACA,8BAA8B,QAAQ,CACvC;AAED,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,QAAQ,UAClC,2BAA2B,QAAQ,CACpC;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,iBAAiB,SAGpB;EACD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,0BAA0B,QAAQ,OAAO,gBACzC,iCAAiC,QAAQ,CAC1C;AAED,SAAO;GACL,sBAAsB,6BACpB,KAAK,sBACN;GACD,yBAAyB,qBACvB,KAAK,yBACN;GACF;;CAGH,MAAM,gBACJ,SACqD;EACrD,MAAM,EAAE,QAAQ,GAAG,kBAAkB;AACrC,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,gBACjC,mBACA,cACD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,gBACjC,mBACA,OACD,EACH,cACD;;CAGH,MAAM,qBACJ,SACuC;EACvC,MAAM,EAAE,QAAQ,GAAG,sBAAsB;AAEzC,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,iBACjC,wBACA,kBACD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,iBACjC,wBACA,OACD,EACH,kBACD;;CAGH,MAAM,aACJ,QACA,SACkE;AAClE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,YACjC,oBACA,UAAU,6BAA6B,QAAQ,GAAG,OACnD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,YACjC,oBACA,OACD,EACH,UAAU,6BAA6B,QAAQ,GAAG,OACnD;;CAGH,MAAM,WAAW,QAAgB;AAC/B,QAAM,KAAK,OAAO,OAAO,0BAA0B,SAAS;;CAG9D,MAAM,kBAAkB,QAAqC;AAC3D,MAAI,CAAC,OACH,OAAM,IAAI,UAAU,kDAAkD;EAGxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,OAAO,aAClC;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,0BACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,2BAC9C;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,4BACJ,SAMA;EACA,MAAM,oBACJ,4CAA4C,QAAQ;AAEtD,SAAO,IAAI,gBACT,MAAM,oBAIJ,KAAK,QACL,6CACA,mCACA,kBACD,GACA,WACC,oBAIE,KAAK,QACL,6CACA,mCACA,OACD,EACH,kBACD;;CAGH,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,6CACA,6CAA6C,QAAQ,CACtD;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACA,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAIjC,6CAA6C,4BAC7C,6CAA6C,QAAQ,CACtD;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACe;AACf,QAAM,KAAK,OAAO,OAChB,6CAA6C,2BAC9C;;CAGH,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,cAAc,cAA2C;EAC7D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eACjC;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,sBAAsB,iBAA8C;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,yCAAyC,kBAC1C;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,gCACA,uBACA,UAAU,gCAAgC,QAAQ,GAAG,OACtD,GACA,WACC,oBACE,KAAK,QACL,gCACA,uBACA,OACD,EACH,UAAU,gCAAgC,QAAQ,GAAG,OACtD;;CAGH,MAAM,eAAe,SAAqD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,gCACA,+BAA+B,EAC7B,GAAG,SACJ,CAAC,CACH;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,cAAc,SAA8C;AAChE,QAAM,KAAK,OAAO,KAChB,oCACA,8BAA8B,QAAQ,CACvC;;CAGH,oBAAoB,SAAwD;AAE1E,SAAOC,oBAAyC;GAC9C,GAAG;GACH,SAAS,KAAK,OAAO;GACtB,CAAC;;CAGJ,aAAa,SAAwD;AAEnE,SAAOC,aAAkC;GACvC,GAAG;GACH,SAAS,KAAK,OAAO;GACtB,CAAC;;CAGJ,WAAW,UAA0B;AAEnC,SAAOC,WAAgC,UAAU,KAAK,OAAO,QAAQ"}
package/lib/workos.cjs CHANGED
@@ -32,7 +32,7 @@ const require_common_exceptions_conflict_exception = require('./common/exception
32
32
  const require_common_utils_runtime_info = require('./common/utils/runtime-info.cjs');
33
33
 
34
34
  //#region src/workos.ts
35
- const VERSION = "8.0.0-rc.4";
35
+ const VERSION = "8.0.0-rc.5";
36
36
  const DEFAULT_HOSTNAME = "api.workos.com";
37
37
  const HEADER_AUTHORIZATION = "Authorization";
38
38
  const HEADER_IDEMPOTENCY_KEY = "Idempotency-Key";
package/lib/workos.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"workos.cjs","names":["ApiKeys","AuditLogs","DirectorySync","Organizations","OrganizationDomains","Passwordless","Pipes","Portal","SSO","Mfa","Events","FGA","Widgets","Vault","key?: string","options: WorkOSOptions","getEnv","NoApiKeyProvidedException","protocol: string","apiHostname: string","port: number | undefined","UserManagement","userAgent: string","getRuntimeInfo","Webhooks","Actions","SubtleCryptoProvider","FetchHttpClient","requestHeaders: Record<string, string>","res: HttpClientResponseInterface","ParseError","HttpClientError","UnauthorizedException","ConflictException","UnprocessableEntityException","NotFoundException","RateLimitExceededException","error","OauthException","BadRequestException","GenericServerException"],"sources":["../src/workos.ts"],"sourcesContent":["import {\n GenericServerException,\n NoApiKeyProvidedException,\n NotFoundException,\n UnauthorizedException,\n UnprocessableEntityException,\n OauthException,\n RateLimitExceededException,\n} from './common/exceptions';\nimport {\n GetOptions,\n HttpClientResponseInterface,\n PostOptions,\n PutOptions,\n WorkOSOptions,\n WorkOSResponseError,\n} from './common/interfaces';\nimport { ApiKeys } from './api-keys/api-keys';\nimport { DirectorySync } from './directory-sync/directory-sync';\nimport { Events } from './events/events';\nimport { Organizations } from './organizations/organizations';\nimport { OrganizationDomains } from './organization-domains/organization-domains';\nimport { Passwordless } from './passwordless/passwordless';\nimport { Pipes } from './pipes/pipes';\nimport { Portal } from './portal/portal';\nimport { SSO } from './sso/sso';\nimport { Webhooks } from './webhooks/webhooks';\nimport { Mfa } from './mfa/mfa';\nimport { AuditLogs } from './audit-logs/audit-logs';\nimport { UserManagement } from './user-management/user-management';\nimport { FGA } from './fga/fga';\nimport { BadRequestException } from './common/exceptions/bad-request.exception';\n\nimport { HttpClient, HttpClientError } from './common/net/http-client';\nimport { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';\nimport { FetchHttpClient } from './common/net/fetch-client';\nimport { Widgets } from './widgets/widgets';\nimport { Actions } from './actions/actions';\nimport { Vault } from './vault/vault';\nimport { ConflictException } from './common/exceptions/conflict.exception';\nimport { CryptoProvider } from './common/crypto/crypto-provider';\nimport { ParseError } from './common/exceptions/parse-error';\nimport { getEnv } from './common/utils/env';\nimport { getRuntimeInfo } from './common/utils/runtime-info';\n\nconst VERSION = '8.0.0-rc.4';\n\nconst DEFAULT_HOSTNAME = 'api.workos.com';\n\nconst HEADER_AUTHORIZATION = 'Authorization';\nconst HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';\nconst HEADER_WARRANT_TOKEN = 'Warrant-Token';\n\nexport class WorkOS {\n readonly baseURL: string;\n readonly client: HttpClient;\n readonly clientId?: string;\n\n readonly actions: Actions;\n readonly apiKeys = new ApiKeys(this);\n readonly auditLogs = new AuditLogs(this);\n readonly directorySync = new DirectorySync(this);\n readonly organizations = new Organizations(this);\n readonly organizationDomains = new OrganizationDomains(this);\n readonly passwordless = new Passwordless(this);\n readonly pipes = new Pipes(this);\n readonly portal = new Portal(this);\n readonly sso = new SSO(this);\n readonly webhooks: Webhooks;\n readonly mfa = new Mfa(this);\n readonly events = new Events(this);\n readonly userManagement: UserManagement;\n readonly fga = new FGA(this);\n readonly widgets = new Widgets(this);\n readonly vault = new Vault(this);\n\n constructor(\n readonly key?: string,\n readonly options: WorkOSOptions = {},\n ) {\n if (!key) {\n this.key = getEnv('WORKOS_API_KEY');\n\n if (!this.key) {\n throw new NoApiKeyProvidedException();\n }\n }\n\n if (this.options.https === undefined) {\n this.options.https = true;\n }\n\n this.clientId = this.options.clientId;\n if (!this.clientId) {\n this.clientId = getEnv('WORKOS_CLIENT_ID');\n }\n\n const protocol: string = this.options.https ? 'https' : 'http';\n const apiHostname: string = this.options.apiHostname || DEFAULT_HOSTNAME;\n const port: number | undefined = this.options.port;\n this.baseURL = `${protocol}://${apiHostname}`;\n\n if (port) {\n this.baseURL = this.baseURL + `:${port}`;\n }\n\n this.webhooks = this.createWebhookClient();\n this.actions = this.createActionsClient();\n\n // Must initialize UserManagement after baseURL is configured\n this.userManagement = new UserManagement(this);\n\n const userAgent = this.createUserAgent(options);\n\n this.client = this.createHttpClient(options, userAgent);\n }\n\n private createUserAgent(options: WorkOSOptions): string {\n let userAgent: string = `workos-node/${VERSION}`;\n\n const { name: runtimeName, version: runtimeVersion } = getRuntimeInfo();\n userAgent += ` (${runtimeName}${runtimeVersion ? `/${runtimeVersion}` : ''})`;\n\n if (options.appInfo) {\n const { name, version } = options.appInfo;\n userAgent += ` ${name}: ${version}`;\n }\n\n return userAgent;\n }\n\n createWebhookClient() {\n return new Webhooks(this.getCryptoProvider());\n }\n\n createActionsClient() {\n return new Actions(this.getCryptoProvider());\n }\n\n getCryptoProvider(): CryptoProvider {\n return new SubtleCryptoProvider();\n }\n\n createHttpClient(options: WorkOSOptions, userAgent: string) {\n return new FetchHttpClient(this.baseURL, {\n ...options.config,\n timeout: options.timeout,\n headers: {\n ...options.config?.headers,\n Authorization: `Bearer ${this.key}`,\n 'User-Agent': userAgent,\n },\n }) as HttpClient;\n }\n\n get version() {\n return VERSION;\n }\n\n async post<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PostOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.post<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async get<Result = any>(\n path: string,\n options: GetOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.accessToken) {\n requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n try {\n res = await this.client.get(path, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async put<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PutOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.put<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async delete(path: string, query?: any): Promise<void> {\n try {\n await this.client.delete(path, {\n params: query,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n emitWarning(warning: string) {\n // tslint:disable-next-line:no-console\n console.warn(`WorkOS: ${warning}`);\n }\n\n private async handleParseError(\n error: unknown,\n res: HttpClientResponseInterface,\n ) {\n if (error instanceof SyntaxError) {\n const rawResponse = res.getRawResponse() as Response;\n const requestID = rawResponse.headers.get('X-Request-ID') ?? '';\n const rawStatus = rawResponse.status;\n const rawBody = await rawResponse.text();\n throw new ParseError({\n message: error.message,\n rawBody,\n rawStatus,\n requestID,\n });\n }\n }\n\n private handleHttpError({ path, error }: { path: string; error: unknown }) {\n if (!(error instanceof HttpClientError)) {\n throw new Error(`Unexpected error: ${error}`, { cause: error });\n }\n\n const { response } = error as HttpClientError<WorkOSResponseError>;\n\n if (response) {\n const { status, data, headers } = response;\n\n const requestID = headers['X-Request-ID'] ?? '';\n const {\n code,\n error_description: errorDescription,\n error,\n errors,\n message,\n } = data;\n\n switch (status) {\n case 401: {\n throw new UnauthorizedException(requestID);\n }\n case 409: {\n throw new ConflictException({ requestID, message, error });\n }\n case 422: {\n throw new UnprocessableEntityException({\n code,\n errors,\n message,\n requestID,\n });\n }\n case 404: {\n throw new NotFoundException({\n code,\n message,\n path,\n requestID,\n });\n }\n case 429: {\n const retryAfter = headers.get('Retry-After');\n\n throw new RateLimitExceededException(\n data.message,\n requestID,\n retryAfter ? Number(retryAfter) : null,\n );\n }\n default: {\n if (error || errorDescription) {\n throw new OauthException(\n status,\n requestID,\n error,\n errorDescription,\n data,\n );\n } else if (code && errors) {\n // Note: ideally this should be mapped directly with a `400` status code.\n // However, this would break existing logic for the `OauthException` exception.\n throw new BadRequestException({\n code,\n errors,\n message,\n requestID,\n });\n } else {\n throw new GenericServerException(\n status,\n data.message,\n data,\n requestID,\n );\n }\n }\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,MAAM,UAAU;AAEhB,MAAM,mBAAmB;AAEzB,MAAM,uBAAuB;AAC7B,MAAM,yBAAyB;AAC/B,MAAM,uBAAuB;AAE7B,IAAa,SAAb,MAAoB;CAClB,AAAS;CACT,AAAS;CACT,AAAS;CAET,AAAS;CACT,AAAS,UAAU,IAAIA,kCAAQ,KAAK;CACpC,AAAS,YAAY,IAAIC,wCAAU,KAAK;CACxC,AAAS,gBAAgB,IAAIC,oDAAc,KAAK;CAChD,AAAS,gBAAgB,IAAIC,kDAAc,KAAK;CAChD,AAAS,sBAAsB,IAAIC,sEAAoB,KAAK;CAC5D,AAAS,eAAe,IAAIC,+CAAa,KAAK;CAC9C,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAChC,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS;CACT,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS;CACT,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,UAAU,IAAIC,gCAAQ,KAAK;CACpC,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAEhC,YACE,AAASC,KACT,AAASC,UAAyB,EAAE,EACpC;EAFS;EACA;AAET,MAAI,CAAC,KAAK;AACR,QAAK,MAAMC,gCAAO,iBAAiB;AAEnC,OAAI,CAAC,KAAK,IACR,OAAM,IAAIC,mFAA2B;;AAIzC,MAAI,KAAK,QAAQ,UAAU,OACzB,MAAK,QAAQ,QAAQ;AAGvB,OAAK,WAAW,KAAK,QAAQ;AAC7B,MAAI,CAAC,KAAK,SACR,MAAK,WAAWD,gCAAO,mBAAmB;EAG5C,MAAME,WAAmB,KAAK,QAAQ,QAAQ,UAAU;EACxD,MAAMC,cAAsB,KAAK,QAAQ,eAAe;EACxD,MAAMC,OAA2B,KAAK,QAAQ;AAC9C,OAAK,UAAU,GAAG,SAAS,KAAK;AAEhC,MAAI,KACF,MAAK,UAAU,KAAK,UAAU,IAAI;AAGpC,OAAK,WAAW,KAAK,qBAAqB;AAC1C,OAAK,UAAU,KAAK,qBAAqB;AAGzC,OAAK,iBAAiB,IAAIC,uDAAe,KAAK;EAE9C,MAAM,YAAY,KAAK,gBAAgB,QAAQ;AAE/C,OAAK,SAAS,KAAK,iBAAiB,SAAS,UAAU;;CAGzD,AAAQ,gBAAgB,SAAgC;EACtD,IAAIC,YAAoB,eAAe;EAEvC,MAAM,EAAE,MAAM,aAAa,SAAS,mBAAmBC,kDAAgB;AACvE,eAAa,KAAK,cAAc,iBAAiB,IAAI,mBAAmB,GAAG;AAE3E,MAAI,QAAQ,SAAS;GACnB,MAAM,EAAE,MAAM,YAAY,QAAQ;AAClC,gBAAa,IAAI,KAAK,IAAI;;AAG5B,SAAO;;CAGT,sBAAsB;AACpB,SAAO,IAAIC,mCAAS,KAAK,mBAAmB,CAAC;;CAG/C,sBAAsB;AACpB,SAAO,IAAIC,gCAAQ,KAAK,mBAAmB,CAAC;;CAG9C,oBAAoC;AAClC,SAAO,IAAIC,mEAAsB;;CAGnC,iBAAiB,SAAwB,WAAmB;AAC1D,SAAO,IAAIC,gDAAgB,KAAK,SAAS;GACvC,GAAG,QAAQ;GACX,SAAS,QAAQ;GACjB,SAAS;IACP,GAAG,QAAQ,QAAQ;IACnB,eAAe,UAAU,KAAK;IAC9B,cAAc;IACf;GACF,CAAC;;CAGJ,IAAI,UAAU;AACZ,SAAO;;CAGT,MAAM,KACJ,MACA,QACA,UAAuB,EAAE,EACE;EAC3B,MAAMC,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;AAGnD,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,KAAa,MAAM,QAAQ;IACjD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AACrC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,YACV,gBAAe,wBAAwB,UAAU,QAAQ;AAG3D,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AACJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAI,MAAM;IAChC,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,QACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAY,MAAM,QAAQ;IAChD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,OAAO,MAAc,OAA4B;AACrD,MAAI;AACF,SAAM,KAAK,OAAO,OAAO,MAAM,EAC7B,QAAQ,OACT,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,YAAY,SAAiB;AAE3B,UAAQ,KAAK,WAAW,UAAU;;CAGpC,MAAc,iBACZ,OACA,KACA;AACA,MAAI,iBAAiB,aAAa;GAChC,MAAM,cAAc,IAAI,gBAAgB;GACxC,MAAM,YAAY,YAAY,QAAQ,IAAI,eAAe,IAAI;GAC7D,MAAM,YAAY,YAAY;GAC9B,MAAM,UAAU,MAAM,YAAY,MAAM;AACxC,SAAM,IAAIC,iDAAW;IACnB,SAAS,MAAM;IACf;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,gBAAgB,EAAE,MAAM,SAA2C;AACzE,MAAI,EAAE,iBAAiBC,gDACrB,OAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE,OAAO,OAAO,CAAC;EAGjE,MAAM,EAAE,aAAa;AAErB,MAAI,UAAU;GACZ,MAAM,EAAE,QAAQ,MAAM,YAAY;GAElC,MAAM,YAAY,QAAQ,mBAAmB;GAC7C,MAAM,EACJ,MACA,mBAAmB,kBACnB,gBACA,QACA,YACE;AAEJ,WAAQ,QAAR;IACE,KAAK,IACH,OAAM,IAAIC,uEAAsB,UAAU;IAE5C,KAAK,IACH,OAAM,IAAIC,+DAAkB;KAAE;KAAW;KAAS;KAAO,CAAC;IAE5D,KAAK,IACH,OAAM,IAAIC,sFAA6B;KACrC;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,IACH,OAAM,IAAIC,gEAAkB;KAC1B;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,KAAK;KACR,MAAM,aAAa,QAAQ,IAAI,cAAc;AAE7C,WAAM,IAAIC,mFACR,KAAK,SACL,WACA,aAAa,OAAO,WAAW,GAAG,KACnC;;IAEH,QACE,KAAIC,WAAS,iBACX,OAAM,IAAIC,yDACR,QACA,WACAD,SACA,kBACA,KACD;aACQ,QAAQ,OAGjB,OAAM,IAAIE,oEAAoB;KAC5B;KACA;KACA;KACA;KACD,CAAC;QAEF,OAAM,IAAIC,0EACR,QACA,KAAK,SACL,MACA,UACD"}
1
+ {"version":3,"file":"workos.cjs","names":["ApiKeys","AuditLogs","DirectorySync","Organizations","OrganizationDomains","Passwordless","Pipes","Portal","SSO","Mfa","Events","FGA","Widgets","Vault","key?: string","options: WorkOSOptions","getEnv","NoApiKeyProvidedException","protocol: string","apiHostname: string","port: number | undefined","UserManagement","userAgent: string","getRuntimeInfo","Webhooks","Actions","SubtleCryptoProvider","FetchHttpClient","requestHeaders: Record<string, string>","res: HttpClientResponseInterface","ParseError","HttpClientError","UnauthorizedException","ConflictException","UnprocessableEntityException","NotFoundException","RateLimitExceededException","error","OauthException","BadRequestException","GenericServerException"],"sources":["../src/workos.ts"],"sourcesContent":["import {\n GenericServerException,\n NoApiKeyProvidedException,\n NotFoundException,\n UnauthorizedException,\n UnprocessableEntityException,\n OauthException,\n RateLimitExceededException,\n} from './common/exceptions';\nimport {\n GetOptions,\n HttpClientResponseInterface,\n PostOptions,\n PutOptions,\n WorkOSOptions,\n WorkOSResponseError,\n} from './common/interfaces';\nimport { ApiKeys } from './api-keys/api-keys';\nimport { DirectorySync } from './directory-sync/directory-sync';\nimport { Events } from './events/events';\nimport { Organizations } from './organizations/organizations';\nimport { OrganizationDomains } from './organization-domains/organization-domains';\nimport { Passwordless } from './passwordless/passwordless';\nimport { Pipes } from './pipes/pipes';\nimport { Portal } from './portal/portal';\nimport { SSO } from './sso/sso';\nimport { Webhooks } from './webhooks/webhooks';\nimport { Mfa } from './mfa/mfa';\nimport { AuditLogs } from './audit-logs/audit-logs';\nimport { UserManagement } from './user-management/user-management';\nimport { FGA } from './fga/fga';\nimport { BadRequestException } from './common/exceptions/bad-request.exception';\n\nimport { HttpClient, HttpClientError } from './common/net/http-client';\nimport { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';\nimport { FetchHttpClient } from './common/net/fetch-client';\nimport { Widgets } from './widgets/widgets';\nimport { Actions } from './actions/actions';\nimport { Vault } from './vault/vault';\nimport { ConflictException } from './common/exceptions/conflict.exception';\nimport { CryptoProvider } from './common/crypto/crypto-provider';\nimport { ParseError } from './common/exceptions/parse-error';\nimport { getEnv } from './common/utils/env';\nimport { getRuntimeInfo } from './common/utils/runtime-info';\n\nconst VERSION = '8.0.0-rc.5';\n\nconst DEFAULT_HOSTNAME = 'api.workos.com';\n\nconst HEADER_AUTHORIZATION = 'Authorization';\nconst HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';\nconst HEADER_WARRANT_TOKEN = 'Warrant-Token';\n\nexport class WorkOS {\n readonly baseURL: string;\n readonly client: HttpClient;\n readonly clientId?: string;\n\n readonly actions: Actions;\n readonly apiKeys = new ApiKeys(this);\n readonly auditLogs = new AuditLogs(this);\n readonly directorySync = new DirectorySync(this);\n readonly organizations = new Organizations(this);\n readonly organizationDomains = new OrganizationDomains(this);\n readonly passwordless = new Passwordless(this);\n readonly pipes = new Pipes(this);\n readonly portal = new Portal(this);\n readonly sso = new SSO(this);\n readonly webhooks: Webhooks;\n readonly mfa = new Mfa(this);\n readonly events = new Events(this);\n readonly userManagement: UserManagement;\n readonly fga = new FGA(this);\n readonly widgets = new Widgets(this);\n readonly vault = new Vault(this);\n\n constructor(\n readonly key?: string,\n readonly options: WorkOSOptions = {},\n ) {\n if (!key) {\n this.key = getEnv('WORKOS_API_KEY');\n\n if (!this.key) {\n throw new NoApiKeyProvidedException();\n }\n }\n\n if (this.options.https === undefined) {\n this.options.https = true;\n }\n\n this.clientId = this.options.clientId;\n if (!this.clientId) {\n this.clientId = getEnv('WORKOS_CLIENT_ID');\n }\n\n const protocol: string = this.options.https ? 'https' : 'http';\n const apiHostname: string = this.options.apiHostname || DEFAULT_HOSTNAME;\n const port: number | undefined = this.options.port;\n this.baseURL = `${protocol}://${apiHostname}`;\n\n if (port) {\n this.baseURL = this.baseURL + `:${port}`;\n }\n\n this.webhooks = this.createWebhookClient();\n this.actions = this.createActionsClient();\n\n // Must initialize UserManagement after baseURL is configured\n this.userManagement = new UserManagement(this);\n\n const userAgent = this.createUserAgent(options);\n\n this.client = this.createHttpClient(options, userAgent);\n }\n\n private createUserAgent(options: WorkOSOptions): string {\n let userAgent: string = `workos-node/${VERSION}`;\n\n const { name: runtimeName, version: runtimeVersion } = getRuntimeInfo();\n userAgent += ` (${runtimeName}${runtimeVersion ? `/${runtimeVersion}` : ''})`;\n\n if (options.appInfo) {\n const { name, version } = options.appInfo;\n userAgent += ` ${name}: ${version}`;\n }\n\n return userAgent;\n }\n\n createWebhookClient() {\n return new Webhooks(this.getCryptoProvider());\n }\n\n createActionsClient() {\n return new Actions(this.getCryptoProvider());\n }\n\n getCryptoProvider(): CryptoProvider {\n return new SubtleCryptoProvider();\n }\n\n createHttpClient(options: WorkOSOptions, userAgent: string) {\n return new FetchHttpClient(this.baseURL, {\n ...options.config,\n timeout: options.timeout,\n headers: {\n ...options.config?.headers,\n Authorization: `Bearer ${this.key}`,\n 'User-Agent': userAgent,\n },\n }) as HttpClient;\n }\n\n get version() {\n return VERSION;\n }\n\n async post<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PostOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.post<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async get<Result = any>(\n path: string,\n options: GetOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.accessToken) {\n requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n try {\n res = await this.client.get(path, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async put<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PutOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.put<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async delete(path: string, query?: any): Promise<void> {\n try {\n await this.client.delete(path, {\n params: query,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n emitWarning(warning: string) {\n // tslint:disable-next-line:no-console\n console.warn(`WorkOS: ${warning}`);\n }\n\n private async handleParseError(\n error: unknown,\n res: HttpClientResponseInterface,\n ) {\n if (error instanceof SyntaxError) {\n const rawResponse = res.getRawResponse() as Response;\n const requestID = rawResponse.headers.get('X-Request-ID') ?? '';\n const rawStatus = rawResponse.status;\n const rawBody = await rawResponse.text();\n throw new ParseError({\n message: error.message,\n rawBody,\n rawStatus,\n requestID,\n });\n }\n }\n\n private handleHttpError({ path, error }: { path: string; error: unknown }) {\n if (!(error instanceof HttpClientError)) {\n throw new Error(`Unexpected error: ${error}`, { cause: error });\n }\n\n const { response } = error as HttpClientError<WorkOSResponseError>;\n\n if (response) {\n const { status, data, headers } = response;\n\n const requestID = headers['X-Request-ID'] ?? '';\n const {\n code,\n error_description: errorDescription,\n error,\n errors,\n message,\n } = data;\n\n switch (status) {\n case 401: {\n throw new UnauthorizedException(requestID);\n }\n case 409: {\n throw new ConflictException({ requestID, message, error });\n }\n case 422: {\n throw new UnprocessableEntityException({\n code,\n errors,\n message,\n requestID,\n });\n }\n case 404: {\n throw new NotFoundException({\n code,\n message,\n path,\n requestID,\n });\n }\n case 429: {\n const retryAfter = headers.get('Retry-After');\n\n throw new RateLimitExceededException(\n data.message,\n requestID,\n retryAfter ? Number(retryAfter) : null,\n );\n }\n default: {\n if (error || errorDescription) {\n throw new OauthException(\n status,\n requestID,\n error,\n errorDescription,\n data,\n );\n } else if (code && errors) {\n // Note: ideally this should be mapped directly with a `400` status code.\n // However, this would break existing logic for the `OauthException` exception.\n throw new BadRequestException({\n code,\n errors,\n message,\n requestID,\n });\n } else {\n throw new GenericServerException(\n status,\n data.message,\n data,\n requestID,\n );\n }\n }\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,MAAM,UAAU;AAEhB,MAAM,mBAAmB;AAEzB,MAAM,uBAAuB;AAC7B,MAAM,yBAAyB;AAC/B,MAAM,uBAAuB;AAE7B,IAAa,SAAb,MAAoB;CAClB,AAAS;CACT,AAAS;CACT,AAAS;CAET,AAAS;CACT,AAAS,UAAU,IAAIA,kCAAQ,KAAK;CACpC,AAAS,YAAY,IAAIC,wCAAU,KAAK;CACxC,AAAS,gBAAgB,IAAIC,oDAAc,KAAK;CAChD,AAAS,gBAAgB,IAAIC,kDAAc,KAAK;CAChD,AAAS,sBAAsB,IAAIC,sEAAoB,KAAK;CAC5D,AAAS,eAAe,IAAIC,+CAAa,KAAK;CAC9C,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAChC,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS;CACT,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS;CACT,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,UAAU,IAAIC,gCAAQ,KAAK;CACpC,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAEhC,YACE,AAASC,KACT,AAASC,UAAyB,EAAE,EACpC;EAFS;EACA;AAET,MAAI,CAAC,KAAK;AACR,QAAK,MAAMC,gCAAO,iBAAiB;AAEnC,OAAI,CAAC,KAAK,IACR,OAAM,IAAIC,mFAA2B;;AAIzC,MAAI,KAAK,QAAQ,UAAU,OACzB,MAAK,QAAQ,QAAQ;AAGvB,OAAK,WAAW,KAAK,QAAQ;AAC7B,MAAI,CAAC,KAAK,SACR,MAAK,WAAWD,gCAAO,mBAAmB;EAG5C,MAAME,WAAmB,KAAK,QAAQ,QAAQ,UAAU;EACxD,MAAMC,cAAsB,KAAK,QAAQ,eAAe;EACxD,MAAMC,OAA2B,KAAK,QAAQ;AAC9C,OAAK,UAAU,GAAG,SAAS,KAAK;AAEhC,MAAI,KACF,MAAK,UAAU,KAAK,UAAU,IAAI;AAGpC,OAAK,WAAW,KAAK,qBAAqB;AAC1C,OAAK,UAAU,KAAK,qBAAqB;AAGzC,OAAK,iBAAiB,IAAIC,uDAAe,KAAK;EAE9C,MAAM,YAAY,KAAK,gBAAgB,QAAQ;AAE/C,OAAK,SAAS,KAAK,iBAAiB,SAAS,UAAU;;CAGzD,AAAQ,gBAAgB,SAAgC;EACtD,IAAIC,YAAoB,eAAe;EAEvC,MAAM,EAAE,MAAM,aAAa,SAAS,mBAAmBC,kDAAgB;AACvE,eAAa,KAAK,cAAc,iBAAiB,IAAI,mBAAmB,GAAG;AAE3E,MAAI,QAAQ,SAAS;GACnB,MAAM,EAAE,MAAM,YAAY,QAAQ;AAClC,gBAAa,IAAI,KAAK,IAAI;;AAG5B,SAAO;;CAGT,sBAAsB;AACpB,SAAO,IAAIC,mCAAS,KAAK,mBAAmB,CAAC;;CAG/C,sBAAsB;AACpB,SAAO,IAAIC,gCAAQ,KAAK,mBAAmB,CAAC;;CAG9C,oBAAoC;AAClC,SAAO,IAAIC,mEAAsB;;CAGnC,iBAAiB,SAAwB,WAAmB;AAC1D,SAAO,IAAIC,gDAAgB,KAAK,SAAS;GACvC,GAAG,QAAQ;GACX,SAAS,QAAQ;GACjB,SAAS;IACP,GAAG,QAAQ,QAAQ;IACnB,eAAe,UAAU,KAAK;IAC9B,cAAc;IACf;GACF,CAAC;;CAGJ,IAAI,UAAU;AACZ,SAAO;;CAGT,MAAM,KACJ,MACA,QACA,UAAuB,EAAE,EACE;EAC3B,MAAMC,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;AAGnD,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,KAAa,MAAM,QAAQ;IACjD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AACrC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,YACV,gBAAe,wBAAwB,UAAU,QAAQ;AAG3D,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AACJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAI,MAAM;IAChC,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,QACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAY,MAAM,QAAQ;IAChD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,OAAO,MAAc,OAA4B;AACrD,MAAI;AACF,SAAM,KAAK,OAAO,OAAO,MAAM,EAC7B,QAAQ,OACT,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,YAAY,SAAiB;AAE3B,UAAQ,KAAK,WAAW,UAAU;;CAGpC,MAAc,iBACZ,OACA,KACA;AACA,MAAI,iBAAiB,aAAa;GAChC,MAAM,cAAc,IAAI,gBAAgB;GACxC,MAAM,YAAY,YAAY,QAAQ,IAAI,eAAe,IAAI;GAC7D,MAAM,YAAY,YAAY;GAC9B,MAAM,UAAU,MAAM,YAAY,MAAM;AACxC,SAAM,IAAIC,iDAAW;IACnB,SAAS,MAAM;IACf;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,gBAAgB,EAAE,MAAM,SAA2C;AACzE,MAAI,EAAE,iBAAiBC,gDACrB,OAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE,OAAO,OAAO,CAAC;EAGjE,MAAM,EAAE,aAAa;AAErB,MAAI,UAAU;GACZ,MAAM,EAAE,QAAQ,MAAM,YAAY;GAElC,MAAM,YAAY,QAAQ,mBAAmB;GAC7C,MAAM,EACJ,MACA,mBAAmB,kBACnB,gBACA,QACA,YACE;AAEJ,WAAQ,QAAR;IACE,KAAK,IACH,OAAM,IAAIC,uEAAsB,UAAU;IAE5C,KAAK,IACH,OAAM,IAAIC,+DAAkB;KAAE;KAAW;KAAS;KAAO,CAAC;IAE5D,KAAK,IACH,OAAM,IAAIC,sFAA6B;KACrC;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,IACH,OAAM,IAAIC,gEAAkB;KAC1B;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,KAAK;KACR,MAAM,aAAa,QAAQ,IAAI,cAAc;AAE7C,WAAM,IAAIC,mFACR,KAAK,SACL,WACA,aAAa,OAAO,WAAW,GAAG,KACnC;;IAEH,QACE,KAAIC,WAAS,iBACX,OAAM,IAAIC,yDACR,QACA,WACAD,SACA,kBACA,KACD;aACQ,QAAQ,OAGjB,OAAM,IAAIE,oEAAoB;KAC5B;KACA;KACA;KACA;KACD,CAAC;QAEF,OAAM,IAAIC,0EACR,QACA,KAAK,SACL,MACA,UACD"}
package/lib/workos.js CHANGED
@@ -32,7 +32,7 @@ import { ConflictException } from "./common/exceptions/conflict.exception.js";
32
32
  import { getRuntimeInfo } from "./common/utils/runtime-info.js";
33
33
 
34
34
  //#region src/workos.ts
35
- const VERSION = "8.0.0-rc.4";
35
+ const VERSION = "8.0.0-rc.5";
36
36
  const DEFAULT_HOSTNAME = "api.workos.com";
37
37
  const HEADER_AUTHORIZATION = "Authorization";
38
38
  const HEADER_IDEMPOTENCY_KEY = "Idempotency-Key";
package/lib/workos.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"workos.js","names":["key?: string","options: WorkOSOptions","protocol: string","apiHostname: string","port: number | undefined","userAgent: string","requestHeaders: Record<string, string>","res: HttpClientResponseInterface","error"],"sources":["../src/workos.ts"],"sourcesContent":["import {\n GenericServerException,\n NoApiKeyProvidedException,\n NotFoundException,\n UnauthorizedException,\n UnprocessableEntityException,\n OauthException,\n RateLimitExceededException,\n} from './common/exceptions';\nimport {\n GetOptions,\n HttpClientResponseInterface,\n PostOptions,\n PutOptions,\n WorkOSOptions,\n WorkOSResponseError,\n} from './common/interfaces';\nimport { ApiKeys } from './api-keys/api-keys';\nimport { DirectorySync } from './directory-sync/directory-sync';\nimport { Events } from './events/events';\nimport { Organizations } from './organizations/organizations';\nimport { OrganizationDomains } from './organization-domains/organization-domains';\nimport { Passwordless } from './passwordless/passwordless';\nimport { Pipes } from './pipes/pipes';\nimport { Portal } from './portal/portal';\nimport { SSO } from './sso/sso';\nimport { Webhooks } from './webhooks/webhooks';\nimport { Mfa } from './mfa/mfa';\nimport { AuditLogs } from './audit-logs/audit-logs';\nimport { UserManagement } from './user-management/user-management';\nimport { FGA } from './fga/fga';\nimport { BadRequestException } from './common/exceptions/bad-request.exception';\n\nimport { HttpClient, HttpClientError } from './common/net/http-client';\nimport { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';\nimport { FetchHttpClient } from './common/net/fetch-client';\nimport { Widgets } from './widgets/widgets';\nimport { Actions } from './actions/actions';\nimport { Vault } from './vault/vault';\nimport { ConflictException } from './common/exceptions/conflict.exception';\nimport { CryptoProvider } from './common/crypto/crypto-provider';\nimport { ParseError } from './common/exceptions/parse-error';\nimport { getEnv } from './common/utils/env';\nimport { getRuntimeInfo } from './common/utils/runtime-info';\n\nconst VERSION = '8.0.0-rc.4';\n\nconst DEFAULT_HOSTNAME = 'api.workos.com';\n\nconst HEADER_AUTHORIZATION = 'Authorization';\nconst HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';\nconst HEADER_WARRANT_TOKEN = 'Warrant-Token';\n\nexport class WorkOS {\n readonly baseURL: string;\n readonly client: HttpClient;\n readonly clientId?: string;\n\n readonly actions: Actions;\n readonly apiKeys = new ApiKeys(this);\n readonly auditLogs = new AuditLogs(this);\n readonly directorySync = new DirectorySync(this);\n readonly organizations = new Organizations(this);\n readonly organizationDomains = new OrganizationDomains(this);\n readonly passwordless = new Passwordless(this);\n readonly pipes = new Pipes(this);\n readonly portal = new Portal(this);\n readonly sso = new SSO(this);\n readonly webhooks: Webhooks;\n readonly mfa = new Mfa(this);\n readonly events = new Events(this);\n readonly userManagement: UserManagement;\n readonly fga = new FGA(this);\n readonly widgets = new Widgets(this);\n readonly vault = new Vault(this);\n\n constructor(\n readonly key?: string,\n readonly options: WorkOSOptions = {},\n ) {\n if (!key) {\n this.key = getEnv('WORKOS_API_KEY');\n\n if (!this.key) {\n throw new NoApiKeyProvidedException();\n }\n }\n\n if (this.options.https === undefined) {\n this.options.https = true;\n }\n\n this.clientId = this.options.clientId;\n if (!this.clientId) {\n this.clientId = getEnv('WORKOS_CLIENT_ID');\n }\n\n const protocol: string = this.options.https ? 'https' : 'http';\n const apiHostname: string = this.options.apiHostname || DEFAULT_HOSTNAME;\n const port: number | undefined = this.options.port;\n this.baseURL = `${protocol}://${apiHostname}`;\n\n if (port) {\n this.baseURL = this.baseURL + `:${port}`;\n }\n\n this.webhooks = this.createWebhookClient();\n this.actions = this.createActionsClient();\n\n // Must initialize UserManagement after baseURL is configured\n this.userManagement = new UserManagement(this);\n\n const userAgent = this.createUserAgent(options);\n\n this.client = this.createHttpClient(options, userAgent);\n }\n\n private createUserAgent(options: WorkOSOptions): string {\n let userAgent: string = `workos-node/${VERSION}`;\n\n const { name: runtimeName, version: runtimeVersion } = getRuntimeInfo();\n userAgent += ` (${runtimeName}${runtimeVersion ? `/${runtimeVersion}` : ''})`;\n\n if (options.appInfo) {\n const { name, version } = options.appInfo;\n userAgent += ` ${name}: ${version}`;\n }\n\n return userAgent;\n }\n\n createWebhookClient() {\n return new Webhooks(this.getCryptoProvider());\n }\n\n createActionsClient() {\n return new Actions(this.getCryptoProvider());\n }\n\n getCryptoProvider(): CryptoProvider {\n return new SubtleCryptoProvider();\n }\n\n createHttpClient(options: WorkOSOptions, userAgent: string) {\n return new FetchHttpClient(this.baseURL, {\n ...options.config,\n timeout: options.timeout,\n headers: {\n ...options.config?.headers,\n Authorization: `Bearer ${this.key}`,\n 'User-Agent': userAgent,\n },\n }) as HttpClient;\n }\n\n get version() {\n return VERSION;\n }\n\n async post<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PostOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.post<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async get<Result = any>(\n path: string,\n options: GetOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.accessToken) {\n requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n try {\n res = await this.client.get(path, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async put<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PutOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.put<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async delete(path: string, query?: any): Promise<void> {\n try {\n await this.client.delete(path, {\n params: query,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n emitWarning(warning: string) {\n // tslint:disable-next-line:no-console\n console.warn(`WorkOS: ${warning}`);\n }\n\n private async handleParseError(\n error: unknown,\n res: HttpClientResponseInterface,\n ) {\n if (error instanceof SyntaxError) {\n const rawResponse = res.getRawResponse() as Response;\n const requestID = rawResponse.headers.get('X-Request-ID') ?? '';\n const rawStatus = rawResponse.status;\n const rawBody = await rawResponse.text();\n throw new ParseError({\n message: error.message,\n rawBody,\n rawStatus,\n requestID,\n });\n }\n }\n\n private handleHttpError({ path, error }: { path: string; error: unknown }) {\n if (!(error instanceof HttpClientError)) {\n throw new Error(`Unexpected error: ${error}`, { cause: error });\n }\n\n const { response } = error as HttpClientError<WorkOSResponseError>;\n\n if (response) {\n const { status, data, headers } = response;\n\n const requestID = headers['X-Request-ID'] ?? '';\n const {\n code,\n error_description: errorDescription,\n error,\n errors,\n message,\n } = data;\n\n switch (status) {\n case 401: {\n throw new UnauthorizedException(requestID);\n }\n case 409: {\n throw new ConflictException({ requestID, message, error });\n }\n case 422: {\n throw new UnprocessableEntityException({\n code,\n errors,\n message,\n requestID,\n });\n }\n case 404: {\n throw new NotFoundException({\n code,\n message,\n path,\n requestID,\n });\n }\n case 429: {\n const retryAfter = headers.get('Retry-After');\n\n throw new RateLimitExceededException(\n data.message,\n requestID,\n retryAfter ? Number(retryAfter) : null,\n );\n }\n default: {\n if (error || errorDescription) {\n throw new OauthException(\n status,\n requestID,\n error,\n errorDescription,\n data,\n );\n } else if (code && errors) {\n // Note: ideally this should be mapped directly with a `400` status code.\n // However, this would break existing logic for the `OauthException` exception.\n throw new BadRequestException({\n code,\n errors,\n message,\n requestID,\n });\n } else {\n throw new GenericServerException(\n status,\n data.message,\n data,\n requestID,\n );\n }\n }\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,MAAM,UAAU;AAEhB,MAAM,mBAAmB;AAEzB,MAAM,uBAAuB;AAC7B,MAAM,yBAAyB;AAC/B,MAAM,uBAAuB;AAE7B,IAAa,SAAb,MAAoB;CAClB,AAAS;CACT,AAAS;CACT,AAAS;CAET,AAAS;CACT,AAAS,UAAU,IAAI,QAAQ,KAAK;CACpC,AAAS,YAAY,IAAI,UAAU,KAAK;CACxC,AAAS,gBAAgB,IAAI,cAAc,KAAK;CAChD,AAAS,gBAAgB,IAAI,cAAc,KAAK;CAChD,AAAS,sBAAsB,IAAI,oBAAoB,KAAK;CAC5D,AAAS,eAAe,IAAI,aAAa,KAAK;CAC9C,AAAS,QAAQ,IAAI,MAAM,KAAK;CAChC,AAAS,SAAS,IAAI,OAAO,KAAK;CAClC,AAAS,MAAM,IAAI,IAAI,KAAK;CAC5B,AAAS;CACT,AAAS,MAAM,IAAI,IAAI,KAAK;CAC5B,AAAS,SAAS,IAAI,OAAO,KAAK;CAClC,AAAS;CACT,AAAS,MAAM,IAAI,IAAI,KAAK;CAC5B,AAAS,UAAU,IAAI,QAAQ,KAAK;CACpC,AAAS,QAAQ,IAAI,MAAM,KAAK;CAEhC,YACE,AAASA,KACT,AAASC,UAAyB,EAAE,EACpC;EAFS;EACA;AAET,MAAI,CAAC,KAAK;AACR,QAAK,MAAM,OAAO,iBAAiB;AAEnC,OAAI,CAAC,KAAK,IACR,OAAM,IAAI,2BAA2B;;AAIzC,MAAI,KAAK,QAAQ,UAAU,OACzB,MAAK,QAAQ,QAAQ;AAGvB,OAAK,WAAW,KAAK,QAAQ;AAC7B,MAAI,CAAC,KAAK,SACR,MAAK,WAAW,OAAO,mBAAmB;EAG5C,MAAMC,WAAmB,KAAK,QAAQ,QAAQ,UAAU;EACxD,MAAMC,cAAsB,KAAK,QAAQ,eAAe;EACxD,MAAMC,OAA2B,KAAK,QAAQ;AAC9C,OAAK,UAAU,GAAG,SAAS,KAAK;AAEhC,MAAI,KACF,MAAK,UAAU,KAAK,UAAU,IAAI;AAGpC,OAAK,WAAW,KAAK,qBAAqB;AAC1C,OAAK,UAAU,KAAK,qBAAqB;AAGzC,OAAK,iBAAiB,IAAI,eAAe,KAAK;EAE9C,MAAM,YAAY,KAAK,gBAAgB,QAAQ;AAE/C,OAAK,SAAS,KAAK,iBAAiB,SAAS,UAAU;;CAGzD,AAAQ,gBAAgB,SAAgC;EACtD,IAAIC,YAAoB,eAAe;EAEvC,MAAM,EAAE,MAAM,aAAa,SAAS,mBAAmB,gBAAgB;AACvE,eAAa,KAAK,cAAc,iBAAiB,IAAI,mBAAmB,GAAG;AAE3E,MAAI,QAAQ,SAAS;GACnB,MAAM,EAAE,MAAM,YAAY,QAAQ;AAClC,gBAAa,IAAI,KAAK,IAAI;;AAG5B,SAAO;;CAGT,sBAAsB;AACpB,SAAO,IAAI,SAAS,KAAK,mBAAmB,CAAC;;CAG/C,sBAAsB;AACpB,SAAO,IAAI,QAAQ,KAAK,mBAAmB,CAAC;;CAG9C,oBAAoC;AAClC,SAAO,IAAI,sBAAsB;;CAGnC,iBAAiB,SAAwB,WAAmB;AAC1D,SAAO,IAAI,gBAAgB,KAAK,SAAS;GACvC,GAAG,QAAQ;GACX,SAAS,QAAQ;GACjB,SAAS;IACP,GAAG,QAAQ,QAAQ;IACnB,eAAe,UAAU,KAAK;IAC9B,cAAc;IACf;GACF,CAAC;;CAGJ,IAAI,UAAU;AACZ,SAAO;;CAGT,MAAM,KACJ,MACA,QACA,UAAuB,EAAE,EACE;EAC3B,MAAMC,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;AAGnD,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,KAAa,MAAM,QAAQ;IACjD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AACrC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,YACV,gBAAe,wBAAwB,UAAU,QAAQ;AAG3D,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AACJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAI,MAAM;IAChC,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,QACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAY,MAAM,QAAQ;IAChD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,OAAO,MAAc,OAA4B;AACrD,MAAI;AACF,SAAM,KAAK,OAAO,OAAO,MAAM,EAC7B,QAAQ,OACT,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,YAAY,SAAiB;AAE3B,UAAQ,KAAK,WAAW,UAAU;;CAGpC,MAAc,iBACZ,OACA,KACA;AACA,MAAI,iBAAiB,aAAa;GAChC,MAAM,cAAc,IAAI,gBAAgB;GACxC,MAAM,YAAY,YAAY,QAAQ,IAAI,eAAe,IAAI;GAC7D,MAAM,YAAY,YAAY;GAC9B,MAAM,UAAU,MAAM,YAAY,MAAM;AACxC,SAAM,IAAI,WAAW;IACnB,SAAS,MAAM;IACf;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,gBAAgB,EAAE,MAAM,SAA2C;AACzE,MAAI,EAAE,iBAAiB,iBACrB,OAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE,OAAO,OAAO,CAAC;EAGjE,MAAM,EAAE,aAAa;AAErB,MAAI,UAAU;GACZ,MAAM,EAAE,QAAQ,MAAM,YAAY;GAElC,MAAM,YAAY,QAAQ,mBAAmB;GAC7C,MAAM,EACJ,MACA,mBAAmB,kBACnB,gBACA,QACA,YACE;AAEJ,WAAQ,QAAR;IACE,KAAK,IACH,OAAM,IAAI,sBAAsB,UAAU;IAE5C,KAAK,IACH,OAAM,IAAI,kBAAkB;KAAE;KAAW;KAAS;KAAO,CAAC;IAE5D,KAAK,IACH,OAAM,IAAI,6BAA6B;KACrC;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,IACH,OAAM,IAAI,kBAAkB;KAC1B;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,KAAK;KACR,MAAM,aAAa,QAAQ,IAAI,cAAc;AAE7C,WAAM,IAAI,2BACR,KAAK,SACL,WACA,aAAa,OAAO,WAAW,GAAG,KACnC;;IAEH,QACE,KAAIC,WAAS,iBACX,OAAM,IAAI,eACR,QACA,WACAA,SACA,kBACA,KACD;aACQ,QAAQ,OAGjB,OAAM,IAAI,oBAAoB;KAC5B;KACA;KACA;KACA;KACD,CAAC;QAEF,OAAM,IAAI,uBACR,QACA,KAAK,SACL,MACA,UACD"}
1
+ {"version":3,"file":"workos.js","names":["key?: string","options: WorkOSOptions","protocol: string","apiHostname: string","port: number | undefined","userAgent: string","requestHeaders: Record<string, string>","res: HttpClientResponseInterface","error"],"sources":["../src/workos.ts"],"sourcesContent":["import {\n GenericServerException,\n NoApiKeyProvidedException,\n NotFoundException,\n UnauthorizedException,\n UnprocessableEntityException,\n OauthException,\n RateLimitExceededException,\n} from './common/exceptions';\nimport {\n GetOptions,\n HttpClientResponseInterface,\n PostOptions,\n PutOptions,\n WorkOSOptions,\n WorkOSResponseError,\n} from './common/interfaces';\nimport { ApiKeys } from './api-keys/api-keys';\nimport { DirectorySync } from './directory-sync/directory-sync';\nimport { Events } from './events/events';\nimport { Organizations } from './organizations/organizations';\nimport { OrganizationDomains } from './organization-domains/organization-domains';\nimport { Passwordless } from './passwordless/passwordless';\nimport { Pipes } from './pipes/pipes';\nimport { Portal } from './portal/portal';\nimport { SSO } from './sso/sso';\nimport { Webhooks } from './webhooks/webhooks';\nimport { Mfa } from './mfa/mfa';\nimport { AuditLogs } from './audit-logs/audit-logs';\nimport { UserManagement } from './user-management/user-management';\nimport { FGA } from './fga/fga';\nimport { BadRequestException } from './common/exceptions/bad-request.exception';\n\nimport { HttpClient, HttpClientError } from './common/net/http-client';\nimport { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';\nimport { FetchHttpClient } from './common/net/fetch-client';\nimport { Widgets } from './widgets/widgets';\nimport { Actions } from './actions/actions';\nimport { Vault } from './vault/vault';\nimport { ConflictException } from './common/exceptions/conflict.exception';\nimport { CryptoProvider } from './common/crypto/crypto-provider';\nimport { ParseError } from './common/exceptions/parse-error';\nimport { getEnv } from './common/utils/env';\nimport { getRuntimeInfo } from './common/utils/runtime-info';\n\nconst VERSION = '8.0.0-rc.5';\n\nconst DEFAULT_HOSTNAME = 'api.workos.com';\n\nconst HEADER_AUTHORIZATION = 'Authorization';\nconst HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';\nconst HEADER_WARRANT_TOKEN = 'Warrant-Token';\n\nexport class WorkOS {\n readonly baseURL: string;\n readonly client: HttpClient;\n readonly clientId?: string;\n\n readonly actions: Actions;\n readonly apiKeys = new ApiKeys(this);\n readonly auditLogs = new AuditLogs(this);\n readonly directorySync = new DirectorySync(this);\n readonly organizations = new Organizations(this);\n readonly organizationDomains = new OrganizationDomains(this);\n readonly passwordless = new Passwordless(this);\n readonly pipes = new Pipes(this);\n readonly portal = new Portal(this);\n readonly sso = new SSO(this);\n readonly webhooks: Webhooks;\n readonly mfa = new Mfa(this);\n readonly events = new Events(this);\n readonly userManagement: UserManagement;\n readonly fga = new FGA(this);\n readonly widgets = new Widgets(this);\n readonly vault = new Vault(this);\n\n constructor(\n readonly key?: string,\n readonly options: WorkOSOptions = {},\n ) {\n if (!key) {\n this.key = getEnv('WORKOS_API_KEY');\n\n if (!this.key) {\n throw new NoApiKeyProvidedException();\n }\n }\n\n if (this.options.https === undefined) {\n this.options.https = true;\n }\n\n this.clientId = this.options.clientId;\n if (!this.clientId) {\n this.clientId = getEnv('WORKOS_CLIENT_ID');\n }\n\n const protocol: string = this.options.https ? 'https' : 'http';\n const apiHostname: string = this.options.apiHostname || DEFAULT_HOSTNAME;\n const port: number | undefined = this.options.port;\n this.baseURL = `${protocol}://${apiHostname}`;\n\n if (port) {\n this.baseURL = this.baseURL + `:${port}`;\n }\n\n this.webhooks = this.createWebhookClient();\n this.actions = this.createActionsClient();\n\n // Must initialize UserManagement after baseURL is configured\n this.userManagement = new UserManagement(this);\n\n const userAgent = this.createUserAgent(options);\n\n this.client = this.createHttpClient(options, userAgent);\n }\n\n private createUserAgent(options: WorkOSOptions): string {\n let userAgent: string = `workos-node/${VERSION}`;\n\n const { name: runtimeName, version: runtimeVersion } = getRuntimeInfo();\n userAgent += ` (${runtimeName}${runtimeVersion ? `/${runtimeVersion}` : ''})`;\n\n if (options.appInfo) {\n const { name, version } = options.appInfo;\n userAgent += ` ${name}: ${version}`;\n }\n\n return userAgent;\n }\n\n createWebhookClient() {\n return new Webhooks(this.getCryptoProvider());\n }\n\n createActionsClient() {\n return new Actions(this.getCryptoProvider());\n }\n\n getCryptoProvider(): CryptoProvider {\n return new SubtleCryptoProvider();\n }\n\n createHttpClient(options: WorkOSOptions, userAgent: string) {\n return new FetchHttpClient(this.baseURL, {\n ...options.config,\n timeout: options.timeout,\n headers: {\n ...options.config?.headers,\n Authorization: `Bearer ${this.key}`,\n 'User-Agent': userAgent,\n },\n }) as HttpClient;\n }\n\n get version() {\n return VERSION;\n }\n\n async post<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PostOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.post<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async get<Result = any>(\n path: string,\n options: GetOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.accessToken) {\n requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n try {\n res = await this.client.get(path, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async put<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PutOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.put<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async delete(path: string, query?: any): Promise<void> {\n try {\n await this.client.delete(path, {\n params: query,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n emitWarning(warning: string) {\n // tslint:disable-next-line:no-console\n console.warn(`WorkOS: ${warning}`);\n }\n\n private async handleParseError(\n error: unknown,\n res: HttpClientResponseInterface,\n ) {\n if (error instanceof SyntaxError) {\n const rawResponse = res.getRawResponse() as Response;\n const requestID = rawResponse.headers.get('X-Request-ID') ?? '';\n const rawStatus = rawResponse.status;\n const rawBody = await rawResponse.text();\n throw new ParseError({\n message: error.message,\n rawBody,\n rawStatus,\n requestID,\n });\n }\n }\n\n private handleHttpError({ path, error }: { path: string; error: unknown }) {\n if (!(error instanceof HttpClientError)) {\n throw new Error(`Unexpected error: ${error}`, { cause: error });\n }\n\n const { response } = error as HttpClientError<WorkOSResponseError>;\n\n if (response) {\n const { status, data, headers } = response;\n\n const requestID = headers['X-Request-ID'] ?? '';\n const {\n code,\n error_description: errorDescription,\n error,\n errors,\n message,\n } = data;\n\n switch (status) {\n case 401: {\n throw new UnauthorizedException(requestID);\n }\n case 409: {\n throw new ConflictException({ requestID, message, error });\n }\n case 422: {\n throw new UnprocessableEntityException({\n code,\n errors,\n message,\n requestID,\n });\n }\n case 404: {\n throw new NotFoundException({\n code,\n message,\n path,\n requestID,\n });\n }\n case 429: {\n const retryAfter = headers.get('Retry-After');\n\n throw new RateLimitExceededException(\n data.message,\n requestID,\n retryAfter ? Number(retryAfter) : null,\n );\n }\n default: {\n if (error || errorDescription) {\n throw new OauthException(\n status,\n requestID,\n error,\n errorDescription,\n data,\n );\n } else if (code && errors) {\n // Note: ideally this should be mapped directly with a `400` status code.\n // However, this would break existing logic for the `OauthException` exception.\n throw new BadRequestException({\n code,\n errors,\n message,\n requestID,\n });\n } else {\n throw new GenericServerException(\n status,\n data.message,\n data,\n requestID,\n );\n }\n }\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,MAAM,UAAU;AAEhB,MAAM,mBAAmB;AAEzB,MAAM,uBAAuB;AAC7B,MAAM,yBAAyB;AAC/B,MAAM,uBAAuB;AAE7B,IAAa,SAAb,MAAoB;CAClB,AAAS;CACT,AAAS;CACT,AAAS;CAET,AAAS;CACT,AAAS,UAAU,IAAI,QAAQ,KAAK;CACpC,AAAS,YAAY,IAAI,UAAU,KAAK;CACxC,AAAS,gBAAgB,IAAI,cAAc,KAAK;CAChD,AAAS,gBAAgB,IAAI,cAAc,KAAK;CAChD,AAAS,sBAAsB,IAAI,oBAAoB,KAAK;CAC5D,AAAS,eAAe,IAAI,aAAa,KAAK;CAC9C,AAAS,QAAQ,IAAI,MAAM,KAAK;CAChC,AAAS,SAAS,IAAI,OAAO,KAAK;CAClC,AAAS,MAAM,IAAI,IAAI,KAAK;CAC5B,AAAS;CACT,AAAS,MAAM,IAAI,IAAI,KAAK;CAC5B,AAAS,SAAS,IAAI,OAAO,KAAK;CAClC,AAAS;CACT,AAAS,MAAM,IAAI,IAAI,KAAK;CAC5B,AAAS,UAAU,IAAI,QAAQ,KAAK;CACpC,AAAS,QAAQ,IAAI,MAAM,KAAK;CAEhC,YACE,AAASA,KACT,AAASC,UAAyB,EAAE,EACpC;EAFS;EACA;AAET,MAAI,CAAC,KAAK;AACR,QAAK,MAAM,OAAO,iBAAiB;AAEnC,OAAI,CAAC,KAAK,IACR,OAAM,IAAI,2BAA2B;;AAIzC,MAAI,KAAK,QAAQ,UAAU,OACzB,MAAK,QAAQ,QAAQ;AAGvB,OAAK,WAAW,KAAK,QAAQ;AAC7B,MAAI,CAAC,KAAK,SACR,MAAK,WAAW,OAAO,mBAAmB;EAG5C,MAAMC,WAAmB,KAAK,QAAQ,QAAQ,UAAU;EACxD,MAAMC,cAAsB,KAAK,QAAQ,eAAe;EACxD,MAAMC,OAA2B,KAAK,QAAQ;AAC9C,OAAK,UAAU,GAAG,SAAS,KAAK;AAEhC,MAAI,KACF,MAAK,UAAU,KAAK,UAAU,IAAI;AAGpC,OAAK,WAAW,KAAK,qBAAqB;AAC1C,OAAK,UAAU,KAAK,qBAAqB;AAGzC,OAAK,iBAAiB,IAAI,eAAe,KAAK;EAE9C,MAAM,YAAY,KAAK,gBAAgB,QAAQ;AAE/C,OAAK,SAAS,KAAK,iBAAiB,SAAS,UAAU;;CAGzD,AAAQ,gBAAgB,SAAgC;EACtD,IAAIC,YAAoB,eAAe;EAEvC,MAAM,EAAE,MAAM,aAAa,SAAS,mBAAmB,gBAAgB;AACvE,eAAa,KAAK,cAAc,iBAAiB,IAAI,mBAAmB,GAAG;AAE3E,MAAI,QAAQ,SAAS;GACnB,MAAM,EAAE,MAAM,YAAY,QAAQ;AAClC,gBAAa,IAAI,KAAK,IAAI;;AAG5B,SAAO;;CAGT,sBAAsB;AACpB,SAAO,IAAI,SAAS,KAAK,mBAAmB,CAAC;;CAG/C,sBAAsB;AACpB,SAAO,IAAI,QAAQ,KAAK,mBAAmB,CAAC;;CAG9C,oBAAoC;AAClC,SAAO,IAAI,sBAAsB;;CAGnC,iBAAiB,SAAwB,WAAmB;AAC1D,SAAO,IAAI,gBAAgB,KAAK,SAAS;GACvC,GAAG,QAAQ;GACX,SAAS,QAAQ;GACjB,SAAS;IACP,GAAG,QAAQ,QAAQ;IACnB,eAAe,UAAU,KAAK;IAC9B,cAAc;IACf;GACF,CAAC;;CAGJ,IAAI,UAAU;AACZ,SAAO;;CAGT,MAAM,KACJ,MACA,QACA,UAAuB,EAAE,EACE;EAC3B,MAAMC,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;AAGnD,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,KAAa,MAAM,QAAQ;IACjD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AACrC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,YACV,gBAAe,wBAAwB,UAAU,QAAQ;AAG3D,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AACJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAI,MAAM;IAChC,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,QACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAY,MAAM,QAAQ;IAChD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,OAAO,MAAc,OAA4B;AACrD,MAAI;AACF,SAAM,KAAK,OAAO,OAAO,MAAM,EAC7B,QAAQ,OACT,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,YAAY,SAAiB;AAE3B,UAAQ,KAAK,WAAW,UAAU;;CAGpC,MAAc,iBACZ,OACA,KACA;AACA,MAAI,iBAAiB,aAAa;GAChC,MAAM,cAAc,IAAI,gBAAgB;GACxC,MAAM,YAAY,YAAY,QAAQ,IAAI,eAAe,IAAI;GAC7D,MAAM,YAAY,YAAY;GAC9B,MAAM,UAAU,MAAM,YAAY,MAAM;AACxC,SAAM,IAAI,WAAW;IACnB,SAAS,MAAM;IACf;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,gBAAgB,EAAE,MAAM,SAA2C;AACzE,MAAI,EAAE,iBAAiB,iBACrB,OAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE,OAAO,OAAO,CAAC;EAGjE,MAAM,EAAE,aAAa;AAErB,MAAI,UAAU;GACZ,MAAM,EAAE,QAAQ,MAAM,YAAY;GAElC,MAAM,YAAY,QAAQ,mBAAmB;GAC7C,MAAM,EACJ,MACA,mBAAmB,kBACnB,gBACA,QACA,YACE;AAEJ,WAAQ,QAAR;IACE,KAAK,IACH,OAAM,IAAI,sBAAsB,UAAU;IAE5C,KAAK,IACH,OAAM,IAAI,kBAAkB;KAAE;KAAW;KAAS;KAAO,CAAC;IAE5D,KAAK,IACH,OAAM,IAAI,6BAA6B;KACrC;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,IACH,OAAM,IAAI,kBAAkB;KAC1B;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,KAAK;KACR,MAAM,aAAa,QAAQ,IAAI,cAAc;AAE7C,WAAM,IAAI,2BACR,KAAK,SACL,WACA,aAAa,OAAO,WAAW,GAAG,KACnC;;IAEH,QACE,KAAIC,WAAS,iBACX,OAAM,IAAI,eACR,QACA,WACAA,SACA,kBACA,KACD;aACQ,QAAQ,OAGjB,OAAM,IAAI,oBAAoB;KAC5B;KACA;KACA;KACA;KACD,CAAC;QAEF,OAAM,IAAI,uBACR,QACA,KAAK,SACL,MACA,UACD"}
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "8.0.0-rc.4",
2
+ "version": "8.0.0-rc.5",
3
3
  "name": "@workos-inc/node",
4
4
  "author": "WorkOS",
5
5
  "description": "A Node wrapper for the WorkOS API",
@@ -41,10 +41,11 @@
41
41
  "typecheck": "tsc --noEmit"
42
42
  },
43
43
  "dependencies": {
44
- "iron-session": "^8.0.4",
44
+ "iron-webcrypto": "^2.0.0",
45
45
  "jose": "~6.1.0"
46
46
  },
47
47
  "devDependencies": {
48
+ "@arethetypeswrong/cli": "^0.18.2",
48
49
  "@babel/plugin-transform-modules-commonjs": "^7.26.3",
49
50
  "@babel/preset-env": "^7.26.9",
50
51
  "@babel/preset-typescript": "^7.27.0",
@@ -71,8 +72,7 @@
71
72
  "tsdown": "^0.17.0",
72
73
  "tsx": "^4.20.6",
73
74
  "typescript": "5.9.3",
74
- "typescript-eslint": "^8.46.0",
75
- "@arethetypeswrong/cli": "^0.18.2"
75
+ "typescript-eslint": "^8.46.0"
76
76
  },
77
77
  "exports": {
78
78
  ".": {