@workos-inc/node 8.0.0-rc.6 → 8.0.0-rc.8

package/README.md

@@ -37,6 +37,60 @@ import { WorkOS } from '@workos-inc/node';
 const workos = new WorkOS('sk_1234');
 ```
 
+## Public Client Mode (Browser/Mobile/CLI)
+
+For apps that can't securely store secrets, initialize with just a client ID:
+
+```ts
+import { WorkOS } from '@workos-inc/node';
+
+const workos = new WorkOS({ clientId: 'client_...' }); // No API key needed
+
+// Generate auth URL with automatic PKCE
+const { url, codeVerifier } =
+  await workos.userManagement.getAuthorizationUrlWithPKCE({
+    provider: 'authkit',
+    redirectUri: 'myapp://callback',
+    clientId: 'client_...',
+  });
+
+// After user authenticates, exchange code for tokens
+const { accessToken, refreshToken } =
+  await workos.userManagement.authenticateWithCode({
+    code: authorizationCode,
+    codeVerifier,
+    clientId: 'client_...',
+  });
+```
+
+> [!IMPORTANT]
+> Store `codeVerifier` securely on-device between generating the auth URL and handling the callback. For mobile apps, use platform secure storage (iOS Keychain, Android Keystore). For CLI apps, consider OS credential storage. The verifier must survive app restarts during the auth flow.
+
+See the [AuthKit documentation](https://workos.com/docs/authkit) for details on PKCE authentication.
+
+### PKCE with Confidential Clients
+
+Server-side apps can also use PKCE alongside the client secret for defense in depth (recommended by OAuth 2.1):
+
+```ts
+const workos = new WorkOS('sk_...'); // With API key
+
+// Use PKCE even with API key for additional security
+const { url, codeVerifier } =
+  await workos.userManagement.getAuthorizationUrlWithPKCE({
+    provider: 'authkit',
+    redirectUri: 'https://example.com/callback',
+    clientId: 'client_...',
+  });
+
+// Both client_secret AND code_verifier will be sent
+const { accessToken } = await workos.userManagement.authenticateWithCode({
+  code: authorizationCode,
+  codeVerifier,
+  clientId: 'client_...',
+});
+```
+
 ## SDK Versioning
 
 For our SDKs WorkOS follows a Semantic Versioning ([SemVer](https://semver.org/)) process where all releases will have a version X.Y.Z (like 1.0.0) pattern wherein Z would be a bug fix (e.g., 1.0.1), Y would be a minor release (1.1.0) and X would be a major release (2.0.0). We permit any breaking changes to only be released in major versions and strongly recommend reading changelogs before making any major version upgrades.

package/lib/api-keys/api-keys.cjs

@@ -9,6 +9,9 @@ var ApiKeys = class {
 		const { data } = await this.workos.post("/api_keys/validations", payload);
 		return require_api_keys_serializers_validate_api_key_serializer.deserializeValidateApiKeyResponse(data);
 	}
+	async deleteApiKey(id) {
+		await this.workos.delete(`/api_keys/${id}`);
+	}
 };
 
 //#endregion

package/lib/api-keys/api-keys.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"api-keys.cjs","names":["workos: WorkOS","deserializeValidateApiKeyResponse"],"sources":["../../src/api-keys/api-keys.ts"],"sourcesContent":["import { WorkOS } from '../workos';\nimport {\n  SerializedValidateApiKeyResponse,\n  ValidateApiKeyOptions,\n  ValidateApiKeyResponse,\n} from './interfaces/validate-api-key.interface';\nimport { deserializeValidateApiKeyResponse } from './serializers/validate-api-key.serializer';\n\nexport class ApiKeys {\n  constructor(private readonly workos: WorkOS) {}\n\n  async validateApiKey(\n    payload: ValidateApiKeyOptions,\n  ): Promise<ValidateApiKeyResponse> {\n    const { data } = await this.workos.post<SerializedValidateApiKeyResponse>(\n      '/api_keys/validations',\n      payload,\n    );\n\n    return deserializeValidateApiKeyResponse(data);\n  }\n}\n"],"mappings":";;;AAQA,IAAa,UAAb,MAAqB;CACnB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,eACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,yBACA,QACD;AAED,SAAOC,2FAAkC,KAAK"}
+{"version":3,"file":"api-keys.cjs","names":["workos: WorkOS","deserializeValidateApiKeyResponse"],"sources":["../../src/api-keys/api-keys.ts"],"sourcesContent":["import { WorkOS } from '../workos';\nimport {\n  SerializedValidateApiKeyResponse,\n  ValidateApiKeyOptions,\n  ValidateApiKeyResponse,\n} from './interfaces/validate-api-key.interface';\nimport { deserializeValidateApiKeyResponse } from './serializers/validate-api-key.serializer';\n\nexport class ApiKeys {\n  constructor(private readonly workos: WorkOS) {}\n\n  async validateApiKey(\n    payload: ValidateApiKeyOptions,\n  ): Promise<ValidateApiKeyResponse> {\n    const { data } = await this.workos.post<SerializedValidateApiKeyResponse>(\n      '/api_keys/validations',\n      payload,\n    );\n\n    return deserializeValidateApiKeyResponse(data);\n  }\n\n  async deleteApiKey(id: string): Promise<void> {\n    await this.workos.delete(`/api_keys/${id}`);\n  }\n}\n"],"mappings":";;;AAQA,IAAa,UAAb,MAAqB;CACnB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,eACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,yBACA,QACD;AAED,SAAOC,2FAAkC,KAAK;;CAGhD,MAAM,aAAa,IAA2B;AAC5C,QAAM,KAAK,OAAO,OAAO,aAAa,KAAK"}

package/lib/api-keys/api-keys.d.cts

@@ -1,11 +1,12 @@
-import { WorkOS } from "../workos.cjs";
 import { ValidateApiKeyOptions, ValidateApiKeyResponse } from "./interfaces/validate-api-key.interface.cjs";
+import { WorkOS } from "../workos.cjs";
 
 //#region src/api-keys/api-keys.d.ts
 declare class ApiKeys {
   private readonly workos;
   constructor(workos: WorkOS);
   validateApiKey(payload: ValidateApiKeyOptions): Promise<ValidateApiKeyResponse>;
+  deleteApiKey(id: string): Promise<void>;
 }
 //#endregion
 export { ApiKeys };

package/lib/api-keys/api-keys.d.ts

@@ -1,11 +1,12 @@
-import { WorkOS } from "../workos.js";
 import { ValidateApiKeyOptions, ValidateApiKeyResponse } from "./interfaces/validate-api-key.interface.js";
+import { WorkOS } from "../workos.js";
 
 //#region src/api-keys/api-keys.d.ts
 declare class ApiKeys {
   private readonly workos;
   constructor(workos: WorkOS);
   validateApiKey(payload: ValidateApiKeyOptions): Promise<ValidateApiKeyResponse>;
+  deleteApiKey(id: string): Promise<void>;
 }
 //#endregion
 export { ApiKeys };

package/lib/api-keys/api-keys.js

@@ -9,6 +9,9 @@ var ApiKeys = class {
 		const { data } = await this.workos.post("/api_keys/validations", payload);
 		return deserializeValidateApiKeyResponse(data);
 	}
+	async deleteApiKey(id) {
+		await this.workos.delete(`/api_keys/${id}`);
+	}
 };
 
 //#endregion

package/lib/api-keys/api-keys.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-keys.js","names":["workos: WorkOS"],"sources":["../../src/api-keys/api-keys.ts"],"sourcesContent":["import { WorkOS } from '../workos';\nimport {\n  SerializedValidateApiKeyResponse,\n  ValidateApiKeyOptions,\n  ValidateApiKeyResponse,\n} from './interfaces/validate-api-key.interface';\nimport { deserializeValidateApiKeyResponse } from './serializers/validate-api-key.serializer';\n\nexport class ApiKeys {\n  constructor(private readonly workos: WorkOS) {}\n\n  async validateApiKey(\n    payload: ValidateApiKeyOptions,\n  ): Promise<ValidateApiKeyResponse> {\n    const { data } = await this.workos.post<SerializedValidateApiKeyResponse>(\n      '/api_keys/validations',\n      payload,\n    );\n\n    return deserializeValidateApiKeyResponse(data);\n  }\n}\n"],"mappings":";;;AAQA,IAAa,UAAb,MAAqB;CACnB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,eACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,yBACA,QACD;AAED,SAAO,kCAAkC,KAAK"}
+{"version":3,"file":"api-keys.js","names":["workos: WorkOS"],"sources":["../../src/api-keys/api-keys.ts"],"sourcesContent":["import { WorkOS } from '../workos';\nimport {\n  SerializedValidateApiKeyResponse,\n  ValidateApiKeyOptions,\n  ValidateApiKeyResponse,\n} from './interfaces/validate-api-key.interface';\nimport { deserializeValidateApiKeyResponse } from './serializers/validate-api-key.serializer';\n\nexport class ApiKeys {\n  constructor(private readonly workos: WorkOS) {}\n\n  async validateApiKey(\n    payload: ValidateApiKeyOptions,\n  ): Promise<ValidateApiKeyResponse> {\n    const { data } = await this.workos.post<SerializedValidateApiKeyResponse>(\n      '/api_keys/validations',\n      payload,\n    );\n\n    return deserializeValidateApiKeyResponse(data);\n  }\n\n  async deleteApiKey(id: string): Promise<void> {\n    await this.workos.delete(`/api_keys/${id}`);\n  }\n}\n"],"mappings":";;;AAQA,IAAa,UAAb,MAAqB;CACnB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,eACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,yBACA,QACD;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,aAAa,IAA2B;AAC5C,QAAM,KAAK,OAAO,OAAO,aAAa,KAAK"}

package/lib/api-keys/interfaces/create-organization-api-key-options.interface.d.cts

@@ -0,0 +1,16 @@
+import { PostOptions } from "../../common/interfaces/post-options.interface.cjs";
+
+//#region src/api-keys/interfaces/create-organization-api-key-options.interface.d.ts
+interface CreateOrganizationApiKeyOptions {
+  organizationId: string;
+  name: string;
+  permissions?: string[];
+}
+interface SerializedCreateOrganizationApiKeyOptions {
+  name: string;
+  permissions?: string[];
+}
+interface CreateOrganizationApiKeyRequestOptions extends Pick<PostOptions, 'idempotencyKey'> {}
+//#endregion
+export { CreateOrganizationApiKeyOptions, CreateOrganizationApiKeyRequestOptions, SerializedCreateOrganizationApiKeyOptions };
+//# sourceMappingURL=create-organization-api-key-options.interface.d.cts.map

package/lib/api-keys/interfaces/create-organization-api-key-options.interface.d.ts

@@ -0,0 +1,16 @@
+import { PostOptions } from "../../common/interfaces/post-options.interface.js";
+
+//#region src/api-keys/interfaces/create-organization-api-key-options.interface.d.ts
+interface CreateOrganizationApiKeyOptions {
+  organizationId: string;
+  name: string;
+  permissions?: string[];
+}
+interface SerializedCreateOrganizationApiKeyOptions {
+  name: string;
+  permissions?: string[];
+}
+interface CreateOrganizationApiKeyRequestOptions extends Pick<PostOptions, 'idempotencyKey'> {}
+//#endregion
+export { CreateOrganizationApiKeyOptions, CreateOrganizationApiKeyRequestOptions, SerializedCreateOrganizationApiKeyOptions };
+//# sourceMappingURL=create-organization-api-key-options.interface.d.ts.map

package/lib/api-keys/interfaces/create-organization-api-key-options.interface.js

@@ -0,0 +1 @@
+export {  };

package/lib/api-keys/interfaces/created-api-key.interface.d.cts

@@ -0,0 +1,34 @@
+//#region src/api-keys/interfaces/created-api-key.interface.d.ts
+interface CreatedApiKey {
+  object: 'api_key';
+  id: string;
+  owner: {
+    type: 'organization';
+    id: string;
+  };
+  name: string;
+  obfuscatedValue: string;
+  value: string;
+  lastUsedAt: string | null;
+  permissions: string[];
+  createdAt: string;
+  updatedAt: string;
+}
+interface SerializedCreatedApiKey {
+  object: 'api_key';
+  id: string;
+  owner: {
+    type: 'organization';
+    id: string;
+  };
+  name: string;
+  obfuscated_value: string;
+  value: string;
+  last_used_at: string | null;
+  permissions: string[];
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+export { CreatedApiKey, SerializedCreatedApiKey };
+//# sourceMappingURL=created-api-key.interface.d.cts.map

package/lib/api-keys/interfaces/created-api-key.interface.d.ts

@@ -0,0 +1,34 @@
+//#region src/api-keys/interfaces/created-api-key.interface.d.ts
+interface CreatedApiKey {
+  object: 'api_key';
+  id: string;
+  owner: {
+    type: 'organization';
+    id: string;
+  };
+  name: string;
+  obfuscatedValue: string;
+  value: string;
+  lastUsedAt: string | null;
+  permissions: string[];
+  createdAt: string;
+  updatedAt: string;
+}
+interface SerializedCreatedApiKey {
+  object: 'api_key';
+  id: string;
+  owner: {
+    type: 'organization';
+    id: string;
+  };
+  name: string;
+  obfuscated_value: string;
+  value: string;
+  last_used_at: string | null;
+  permissions: string[];
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+export { CreatedApiKey, SerializedCreatedApiKey };
+//# sourceMappingURL=created-api-key.interface.d.ts.map

package/lib/api-keys/interfaces/created-api-key.interface.js

@@ -0,0 +1 @@
+export {  };

package/lib/api-keys/interfaces/index.d.cts

@@ -0,0 +1,6 @@
+import { ApiKey, SerializedApiKey } from "./api-key.interface.cjs";
+import { CreateOrganizationApiKeyOptions, CreateOrganizationApiKeyRequestOptions, SerializedCreateOrganizationApiKeyOptions } from "./create-organization-api-key-options.interface.cjs";
+import { CreatedApiKey, SerializedCreatedApiKey } from "./created-api-key.interface.cjs";
+import { ListOrganizationApiKeysOptions } from "./list-organization-api-keys-options.interface.cjs";
+import { SerializedValidateApiKeyResponse, ValidateApiKeyOptions, ValidateApiKeyResponse } from "./validate-api-key.interface.cjs";
+export { ApiKey, CreateOrganizationApiKeyOptions, CreateOrganizationApiKeyRequestOptions, CreatedApiKey, ListOrganizationApiKeysOptions, SerializedApiKey, SerializedCreateOrganizationApiKeyOptions, SerializedCreatedApiKey, SerializedValidateApiKeyResponse, ValidateApiKeyOptions, ValidateApiKeyResponse };

package/lib/api-keys/interfaces/index.d.ts

@@ -0,0 +1,6 @@
+import { ApiKey, SerializedApiKey } from "./api-key.interface.js";
+import { CreateOrganizationApiKeyOptions, CreateOrganizationApiKeyRequestOptions, SerializedCreateOrganizationApiKeyOptions } from "./create-organization-api-key-options.interface.js";
+import { CreatedApiKey, SerializedCreatedApiKey } from "./created-api-key.interface.js";
+import { ListOrganizationApiKeysOptions } from "./list-organization-api-keys-options.interface.js";
+import { SerializedValidateApiKeyResponse, ValidateApiKeyOptions, ValidateApiKeyResponse } from "./validate-api-key.interface.js";
+export { ApiKey, CreateOrganizationApiKeyOptions, CreateOrganizationApiKeyRequestOptions, CreatedApiKey, ListOrganizationApiKeysOptions, SerializedApiKey, SerializedCreateOrganizationApiKeyOptions, SerializedCreatedApiKey, SerializedValidateApiKeyResponse, ValidateApiKeyOptions, ValidateApiKeyResponse };

package/lib/api-keys/interfaces/index.js

@@ -0,0 +1 @@
+export {  };

package/lib/api-keys/interfaces/list-organization-api-keys-options.interface.d.cts

@@ -0,0 +1,9 @@
+import { PaginationOptions } from "../../common/interfaces/pagination-options.interface.cjs";
+
+//#region src/api-keys/interfaces/list-organization-api-keys-options.interface.d.ts
+interface ListOrganizationApiKeysOptions extends PaginationOptions {
+  organizationId: string;
+}
+//#endregion
+export { ListOrganizationApiKeysOptions };
+//# sourceMappingURL=list-organization-api-keys-options.interface.d.cts.map

package/lib/api-keys/interfaces/list-organization-api-keys-options.interface.d.ts

@@ -0,0 +1,9 @@
+import { PaginationOptions } from "../../common/interfaces/pagination-options.interface.js";
+
+//#region src/api-keys/interfaces/list-organization-api-keys-options.interface.d.ts
+interface ListOrganizationApiKeysOptions extends PaginationOptions {
+  organizationId: string;
+}
+//#endregion
+export { ListOrganizationApiKeysOptions };
+//# sourceMappingURL=list-organization-api-keys-options.interface.d.ts.map

package/lib/api-keys/interfaces/list-organization-api-keys-options.interface.js

@@ -0,0 +1 @@
+export {  };

package/lib/api-keys/serializers/create-organization-api-key-options.serializer.cjs

@@ -0,0 +1,12 @@
+
+//#region src/api-keys/serializers/create-organization-api-key-options.serializer.ts
+function serializeCreateOrganizationApiKeyOptions(options) {
+	return {
+		name: options.name,
+		permissions: options.permissions
+	};
+}
+
+//#endregion
+exports.serializeCreateOrganizationApiKeyOptions = serializeCreateOrganizationApiKeyOptions;
+//# sourceMappingURL=create-organization-api-key-options.serializer.cjs.map

package/lib/api-keys/serializers/create-organization-api-key-options.serializer.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-organization-api-key-options.serializer.cjs","names":[],"sources":["../../../src/api-keys/serializers/create-organization-api-key-options.serializer.ts"],"sourcesContent":["import {\n  CreateOrganizationApiKeyOptions,\n  SerializedCreateOrganizationApiKeyOptions,\n} from '../interfaces/create-organization-api-key-options.interface';\n\nexport function serializeCreateOrganizationApiKeyOptions(\n  options: CreateOrganizationApiKeyOptions,\n): SerializedCreateOrganizationApiKeyOptions {\n  return {\n    name: options.name,\n    permissions: options.permissions,\n  };\n}\n"],"mappings":";;AAKA,SAAgB,yCACd,SAC2C;AAC3C,QAAO;EACL,MAAM,QAAQ;EACd,aAAa,QAAQ;EACtB"}

package/lib/api-keys/serializers/create-organization-api-key-options.serializer.d.cts

@@ -0,0 +1,7 @@
+import { CreateOrganizationApiKeyOptions, SerializedCreateOrganizationApiKeyOptions } from "../interfaces/create-organization-api-key-options.interface.cjs";
+
+//#region src/api-keys/serializers/create-organization-api-key-options.serializer.d.ts
+declare function serializeCreateOrganizationApiKeyOptions(options: CreateOrganizationApiKeyOptions): SerializedCreateOrganizationApiKeyOptions;
+//#endregion
+export { serializeCreateOrganizationApiKeyOptions };
+//# sourceMappingURL=create-organization-api-key-options.serializer.d.cts.map

package/lib/api-keys/serializers/create-organization-api-key-options.serializer.d.ts

@@ -0,0 +1,7 @@
+import { CreateOrganizationApiKeyOptions, SerializedCreateOrganizationApiKeyOptions } from "../interfaces/create-organization-api-key-options.interface.js";
+
+//#region src/api-keys/serializers/create-organization-api-key-options.serializer.d.ts
+declare function serializeCreateOrganizationApiKeyOptions(options: CreateOrganizationApiKeyOptions): SerializedCreateOrganizationApiKeyOptions;
+//#endregion
+export { serializeCreateOrganizationApiKeyOptions };
+//# sourceMappingURL=create-organization-api-key-options.serializer.d.ts.map

package/lib/api-keys/serializers/create-organization-api-key-options.serializer.js

@@ -0,0 +1,11 @@
+//#region src/api-keys/serializers/create-organization-api-key-options.serializer.ts
+function serializeCreateOrganizationApiKeyOptions(options) {
+	return {
+		name: options.name,
+		permissions: options.permissions
+	};
+}
+
+//#endregion
+export { serializeCreateOrganizationApiKeyOptions };
+//# sourceMappingURL=create-organization-api-key-options.serializer.js.map

package/lib/api-keys/serializers/create-organization-api-key-options.serializer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-organization-api-key-options.serializer.js","names":[],"sources":["../../../src/api-keys/serializers/create-organization-api-key-options.serializer.ts"],"sourcesContent":["import {\n  CreateOrganizationApiKeyOptions,\n  SerializedCreateOrganizationApiKeyOptions,\n} from '../interfaces/create-organization-api-key-options.interface';\n\nexport function serializeCreateOrganizationApiKeyOptions(\n  options: CreateOrganizationApiKeyOptions,\n): SerializedCreateOrganizationApiKeyOptions {\n  return {\n    name: options.name,\n    permissions: options.permissions,\n  };\n}\n"],"mappings":";AAKA,SAAgB,yCACd,SAC2C;AAC3C,QAAO;EACL,MAAM,QAAQ;EACd,aAAa,QAAQ;EACtB"}

package/lib/api-keys/serializers/created-api-key.serializer.cjs

@@ -0,0 +1,20 @@
+
+//#region src/api-keys/serializers/created-api-key.serializer.ts
+function deserializeCreatedApiKey(apiKey) {
+	return {
+		object: apiKey.object,
+		id: apiKey.id,
+		owner: apiKey.owner,
+		name: apiKey.name,
+		obfuscatedValue: apiKey.obfuscated_value,
+		value: apiKey.value,
+		lastUsedAt: apiKey.last_used_at,
+		permissions: apiKey.permissions,
+		createdAt: apiKey.created_at,
+		updatedAt: apiKey.updated_at
+	};
+}
+
+//#endregion
+exports.deserializeCreatedApiKey = deserializeCreatedApiKey;
+//# sourceMappingURL=created-api-key.serializer.cjs.map

package/lib/api-keys/serializers/created-api-key.serializer.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"created-api-key.serializer.cjs","names":[],"sources":["../../../src/api-keys/serializers/created-api-key.serializer.ts"],"sourcesContent":["import {\n  CreatedApiKey,\n  SerializedCreatedApiKey,\n} from '../interfaces/created-api-key.interface';\n\nexport function deserializeCreatedApiKey(\n  apiKey: SerializedCreatedApiKey,\n): CreatedApiKey {\n  return {\n    object: apiKey.object,\n    id: apiKey.id,\n    owner: apiKey.owner,\n    name: apiKey.name,\n    obfuscatedValue: apiKey.obfuscated_value,\n    value: apiKey.value,\n    lastUsedAt: apiKey.last_used_at,\n    permissions: apiKey.permissions,\n    createdAt: apiKey.created_at,\n    updatedAt: apiKey.updated_at,\n  };\n}\n"],"mappings":";;AAKA,SAAgB,yBACd,QACe;AACf,QAAO;EACL,QAAQ,OAAO;EACf,IAAI,OAAO;EACX,OAAO,OAAO;EACd,MAAM,OAAO;EACb,iBAAiB,OAAO;EACxB,OAAO,OAAO;EACd,YAAY,OAAO;EACnB,aAAa,OAAO;EACpB,WAAW,OAAO;EAClB,WAAW,OAAO;EACnB"}

package/lib/api-keys/serializers/created-api-key.serializer.d.cts

@@ -0,0 +1,7 @@
+import { CreatedApiKey, SerializedCreatedApiKey } from "../interfaces/created-api-key.interface.cjs";
+
+//#region src/api-keys/serializers/created-api-key.serializer.d.ts
+declare function deserializeCreatedApiKey(apiKey: SerializedCreatedApiKey): CreatedApiKey;
+//#endregion
+export { deserializeCreatedApiKey };
+//# sourceMappingURL=created-api-key.serializer.d.cts.map

package/lib/api-keys/serializers/created-api-key.serializer.d.ts

@@ -0,0 +1,7 @@
+import { CreatedApiKey, SerializedCreatedApiKey } from "../interfaces/created-api-key.interface.js";
+
+//#region src/api-keys/serializers/created-api-key.serializer.d.ts
+declare function deserializeCreatedApiKey(apiKey: SerializedCreatedApiKey): CreatedApiKey;
+//#endregion
+export { deserializeCreatedApiKey };
+//# sourceMappingURL=created-api-key.serializer.d.ts.map

package/lib/api-keys/serializers/created-api-key.serializer.js

@@ -0,0 +1,19 @@
+//#region src/api-keys/serializers/created-api-key.serializer.ts
+function deserializeCreatedApiKey(apiKey) {
+	return {
+		object: apiKey.object,
+		id: apiKey.id,
+		owner: apiKey.owner,
+		name: apiKey.name,
+		obfuscatedValue: apiKey.obfuscated_value,
+		value: apiKey.value,
+		lastUsedAt: apiKey.last_used_at,
+		permissions: apiKey.permissions,
+		createdAt: apiKey.created_at,
+		updatedAt: apiKey.updated_at
+	};
+}
+
+//#endregion
+export { deserializeCreatedApiKey };
+//# sourceMappingURL=created-api-key.serializer.js.map

package/lib/api-keys/serializers/created-api-key.serializer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"created-api-key.serializer.js","names":[],"sources":["../../../src/api-keys/serializers/created-api-key.serializer.ts"],"sourcesContent":["import {\n  CreatedApiKey,\n  SerializedCreatedApiKey,\n} from '../interfaces/created-api-key.interface';\n\nexport function deserializeCreatedApiKey(\n  apiKey: SerializedCreatedApiKey,\n): CreatedApiKey {\n  return {\n    object: apiKey.object,\n    id: apiKey.id,\n    owner: apiKey.owner,\n    name: apiKey.name,\n    obfuscatedValue: apiKey.obfuscated_value,\n    value: apiKey.value,\n    lastUsedAt: apiKey.last_used_at,\n    permissions: apiKey.permissions,\n    createdAt: apiKey.created_at,\n    updatedAt: apiKey.updated_at,\n  };\n}\n"],"mappings":";AAKA,SAAgB,yBACd,QACe;AACf,QAAO;EACL,QAAQ,OAAO;EACf,IAAI,OAAO;EACX,OAAO,OAAO;EACd,MAAM,OAAO;EACb,iBAAiB,OAAO;EACxB,OAAO,OAAO;EACd,YAAY,OAAO;EACnB,aAAa,OAAO;EACpB,WAAW,OAAO;EAClB,WAAW,OAAO;EACnB"}

package/lib/api-keys/serializers/index.cjs

@@ -0,0 +1,9 @@
+const require_api_keys_serializers_api_key_serializer = require('./api-key.serializer.cjs');
+const require_api_keys_serializers_validate_api_key_serializer = require('./validate-api-key.serializer.cjs');
+const require_api_keys_serializers_create_organization_api_key_options_serializer = require('./create-organization-api-key-options.serializer.cjs');
+const require_api_keys_serializers_created_api_key_serializer = require('./created-api-key.serializer.cjs');
+
+exports.deserializeApiKey = require_api_keys_serializers_api_key_serializer.deserializeApiKey;
+exports.deserializeCreatedApiKey = require_api_keys_serializers_created_api_key_serializer.deserializeCreatedApiKey;
+exports.deserializeValidateApiKeyResponse = require_api_keys_serializers_validate_api_key_serializer.deserializeValidateApiKeyResponse;
+exports.serializeCreateOrganizationApiKeyOptions = require_api_keys_serializers_create_organization_api_key_options_serializer.serializeCreateOrganizationApiKeyOptions;

package/lib/api-keys/serializers/index.d.cts

@@ -0,0 +1,5 @@
+import { deserializeApiKey } from "./api-key.serializer.cjs";
+import { serializeCreateOrganizationApiKeyOptions } from "./create-organization-api-key-options.serializer.cjs";
+import { deserializeCreatedApiKey } from "./created-api-key.serializer.cjs";
+import { deserializeValidateApiKeyResponse } from "./validate-api-key.serializer.cjs";
+export { deserializeApiKey, deserializeCreatedApiKey, deserializeValidateApiKeyResponse, serializeCreateOrganizationApiKeyOptions };

package/lib/api-keys/serializers/index.d.ts

@@ -0,0 +1,5 @@
+import { deserializeApiKey } from "./api-key.serializer.js";
+import { serializeCreateOrganizationApiKeyOptions } from "./create-organization-api-key-options.serializer.js";
+import { deserializeCreatedApiKey } from "./created-api-key.serializer.js";
+import { deserializeValidateApiKeyResponse } from "./validate-api-key.serializer.js";
+export { deserializeApiKey, deserializeCreatedApiKey, deserializeValidateApiKeyResponse, serializeCreateOrganizationApiKeyOptions };

package/lib/api-keys/serializers/index.js

@@ -0,0 +1,6 @@
+import { deserializeApiKey } from "./api-key.serializer.js";
+import { deserializeValidateApiKeyResponse } from "./validate-api-key.serializer.js";
+import { serializeCreateOrganizationApiKeyOptions } from "./create-organization-api-key-options.serializer.js";
+import { deserializeCreatedApiKey } from "./created-api-key.serializer.js";
+
+export { deserializeApiKey, deserializeCreatedApiKey, deserializeValidateApiKeyResponse, serializeCreateOrganizationApiKeyOptions };

package/lib/common/crypto/seal.cjs

@@ -1,21 +1,21 @@
-let iron_webcrypto = require("iron-webcrypto");
+const require_index = require('../../node_modules/iron-webcrypto/index.cjs');
 
 //#region src/common/crypto/seal.ts
 const VERSION_DELIMITER = "~";
 const CURRENT_MAJOR_VERSION = 2;
-function parseSeal(seal) {
-	const [sealWithoutVersion = "", tokenVersionAsString] = seal.split(VERSION_DELIMITER);
+function parseSeal(seal$1) {
+	const [sealWithoutVersion = "", tokenVersionAsString] = seal$1.split(VERSION_DELIMITER);
 	return {
 		sealWithoutVersion,
 		tokenVersion: tokenVersionAsString == null ? null : parseInt(tokenVersionAsString, 10)
 	};
 }
 async function sealData(data, { password }) {
-	return `${await (0, iron_webcrypto.seal)(data, {
+	return `${await require_index.seal(data, {
 		id: "1",
 		secret: password
 	}, {
-		...iron_webcrypto.defaults,
+		...require_index.defaults,
 		ttl: 0,
 		encode: JSON.stringify
 	})}${VERSION_DELIMITER}${CURRENT_MAJOR_VERSION}`;
@@ -25,8 +25,8 @@ async function unsealData(encryptedData, { password }) {
 	const passwordMap = { 1: password };
 	let data;
 	try {
-		data = await (0, iron_webcrypto.unseal)(sealWithoutVersion, passwordMap, {
-			...iron_webcrypto.defaults,
+		data = await require_index.unseal(sealWithoutVersion, passwordMap, {
+			...require_index.defaults,
 			ttl: 0
 		}) ?? {};
 	} catch (error) {

package/lib/common/crypto/seal.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"seal.cjs","names":["defaults","data: unknown"],"sources":["../../../src/common/crypto/seal.ts"],"sourcesContent":["import {\n  seal as ironSeal,\n  unseal as ironUnseal,\n  defaults,\n} from 'iron-webcrypto';\n\nconst VERSION_DELIMITER = '~';\nconst CURRENT_MAJOR_VERSION = 2;\n\ninterface SealOptions {\n  password: string;\n}\n\ninterface UnsealOptions {\n  password: string;\n}\n\nfunction parseSeal(seal: string): {\n  sealWithoutVersion: string;\n  tokenVersion: number | null;\n} {\n  const [sealWithoutVersion = '', tokenVersionAsString] =\n    seal.split(VERSION_DELIMITER);\n  const tokenVersion =\n    tokenVersionAsString == null ? null : parseInt(tokenVersionAsString, 10);\n  return { sealWithoutVersion, tokenVersion };\n}\n\nexport async function sealData(\n  data: unknown,\n  { password }: SealOptions,\n): Promise<string> {\n  const passwordObj = {\n    id: '1',\n    secret: password,\n  };\n\n  const seal = await ironSeal(data, passwordObj, {\n    ...defaults,\n    ttl: 0,\n    encode: JSON.stringify,\n  });\n\n  return `${seal}${VERSION_DELIMITER}${CURRENT_MAJOR_VERSION}`;\n}\n\nexport async function unsealData<T = unknown>(\n  encryptedData: string,\n  { password }: UnsealOptions,\n): Promise<T> {\n  const { sealWithoutVersion, tokenVersion } = parseSeal(encryptedData);\n\n  const passwordMap = { 1: password };\n\n  let data: unknown;\n  try {\n    data =\n      (await ironUnseal(sealWithoutVersion, passwordMap, {\n        ...defaults,\n        ttl: 0,\n      })) ?? {};\n  } catch (error) {\n    if (\n      error instanceof Error &&\n      /^(Expired seal|Bad hmac value|Cannot find password|Incorrect number of sealed components|Wrong mac prefix)/.test(\n        error.message,\n      )\n    ) {\n      return {} as T;\n    }\n    throw error;\n  }\n\n  if (tokenVersion === 2) {\n    return data as T;\n  } else if (tokenVersion !== null) {\n    const record = data as Record<string, unknown>;\n    return (record.persistent ?? data) as T;\n  }\n\n  return data as T;\n}\n"],"mappings":";;;AAMA,MAAM,oBAAoB;AAC1B,MAAM,wBAAwB;AAU9B,SAAS,UAAU,MAGjB;CACA,MAAM,CAAC,qBAAqB,IAAI,wBAC9B,KAAK,MAAM,kBAAkB;AAG/B,QAAO;EAAE;EAAoB,cAD3B,wBAAwB,OAAO,OAAO,SAAS,sBAAsB,GAAG;EAC/B;;AAG7C,eAAsB,SACpB,MACA,EAAE,YACe;AAYjB,QAAO,GANM,+BAAe,MALR;EAClB,IAAI;EACJ,QAAQ;EACT,EAE8C;EAC7C,GAAGA;EACH,KAAK;EACL,QAAQ,KAAK;EACd,CAAC,GAEe,oBAAoB;;AAGvC,eAAsB,WACpB,eACA,EAAE,YACU;CACZ,MAAM,EAAE,oBAAoB,iBAAiB,UAAU,cAAc;CAErE,MAAM,cAAc,EAAE,GAAG,UAAU;CAEnC,IAAIC;AACJ,KAAI;AACF,SACG,iCAAiB,oBAAoB,aAAa;GACjD,GAAGD;GACH,KAAK;GACN,CAAC,IAAK,EAAE;UACJ,OAAO;AACd,MACE,iBAAiB,SACjB,6GAA6G,KAC3G,MAAM,QACP,CAED,QAAO,EAAE;AAEX,QAAM;;AAGR,KAAI,iBAAiB,EACnB,QAAO;UACE,iBAAiB,KAE1B,QADe,KACA,cAAc;AAG/B,QAAO"}
+{"version":3,"file":"seal.cjs","names":["seal","ironSeal","defaults","data: unknown","ironUnseal"],"sources":["../../../src/common/crypto/seal.ts"],"sourcesContent":["import {\n  seal as ironSeal,\n  unseal as ironUnseal,\n  defaults,\n} from 'iron-webcrypto';\n\nconst VERSION_DELIMITER = '~';\nconst CURRENT_MAJOR_VERSION = 2;\n\ninterface SealOptions {\n  password: string;\n}\n\ninterface UnsealOptions {\n  password: string;\n}\n\nfunction parseSeal(seal: string): {\n  sealWithoutVersion: string;\n  tokenVersion: number | null;\n} {\n  const [sealWithoutVersion = '', tokenVersionAsString] =\n    seal.split(VERSION_DELIMITER);\n  const tokenVersion =\n    tokenVersionAsString == null ? null : parseInt(tokenVersionAsString, 10);\n  return { sealWithoutVersion, tokenVersion };\n}\n\nexport async function sealData(\n  data: unknown,\n  { password }: SealOptions,\n): Promise<string> {\n  const passwordObj = {\n    id: '1',\n    secret: password,\n  };\n\n  const seal = await ironSeal(data, passwordObj, {\n    ...defaults,\n    ttl: 0,\n    encode: JSON.stringify,\n  });\n\n  return `${seal}${VERSION_DELIMITER}${CURRENT_MAJOR_VERSION}`;\n}\n\nexport async function unsealData<T = unknown>(\n  encryptedData: string,\n  { password }: UnsealOptions,\n): Promise<T> {\n  const { sealWithoutVersion, tokenVersion } = parseSeal(encryptedData);\n\n  const passwordMap = { 1: password };\n\n  let data: unknown;\n  try {\n    data =\n      (await ironUnseal(sealWithoutVersion, passwordMap, {\n        ...defaults,\n        ttl: 0,\n      })) ?? {};\n  } catch (error) {\n    if (\n      error instanceof Error &&\n      /^(Expired seal|Bad hmac value|Cannot find password|Incorrect number of sealed components|Wrong mac prefix)/.test(\n        error.message,\n      )\n    ) {\n      return {} as T;\n    }\n    throw error;\n  }\n\n  if (tokenVersion === 2) {\n    return data as T;\n  } else if (tokenVersion !== null) {\n    const record = data as Record<string, unknown>;\n    return (record.persistent ?? data) as T;\n  }\n\n  return data as T;\n}\n"],"mappings":";;;AAMA,MAAM,oBAAoB;AAC1B,MAAM,wBAAwB;AAU9B,SAAS,UAAU,QAGjB;CACA,MAAM,CAAC,qBAAqB,IAAI,wBAC9BA,OAAK,MAAM,kBAAkB;AAG/B,QAAO;EAAE;EAAoB,cAD3B,wBAAwB,OAAO,OAAO,SAAS,sBAAsB,GAAG;EAC/B;;AAG7C,eAAsB,SACpB,MACA,EAAE,YACe;AAYjB,QAAO,GANM,MAAMC,mBAAS,MALR;EAClB,IAAI;EACJ,QAAQ;EACT,EAE8C;EAC7C,GAAGC;EACH,KAAK;EACL,QAAQ,KAAK;EACd,CAAC,GAEe,oBAAoB;;AAGvC,eAAsB,WACpB,eACA,EAAE,YACU;CACZ,MAAM,EAAE,oBAAoB,iBAAiB,UAAU,cAAc;CAErE,MAAM,cAAc,EAAE,GAAG,UAAU;CAEnC,IAAIC;AACJ,KAAI;AACF,SACG,MAAMC,qBAAW,oBAAoB,aAAa;GACjD,GAAGF;GACH,KAAK;GACN,CAAC,IAAK,EAAE;UACJ,OAAO;AACd,MACE,iBAAiB,SACjB,6GAA6G,KAC3G,MAAM,QACP,CAED,QAAO,EAAE;AAEX,QAAM;;AAGR,KAAI,iBAAiB,EACnB,QAAO;UACE,iBAAiB,KAE1B,QADe,KACA,cAAc;AAG/B,QAAO"}

package/lib/common/crypto/seal.js

@@ -1,4 +1,4 @@
-import { defaults, seal, unseal } from "iron-webcrypto";
+import { defaults, seal, unseal } from "../../node_modules/iron-webcrypto/index.js";
 
 //#region src/common/crypto/seal.ts
 const VERSION_DELIMITER = "~";

package/lib/common/exceptions/api-key-required.exception.cjs

@@ -0,0 +1,15 @@
+
+//#region src/common/exceptions/api-key-required.exception.ts
+var ApiKeyRequiredException = class extends Error {
+	status = 403;
+	name = "ApiKeyRequiredException";
+	path;
+	constructor(path) {
+		super(`API key required for "${path}". For server-side apps, initialize with: new WorkOS("sk_..."). For browser/mobile/CLI apps, use authenticateWithCodeAndVerifier() and authenticateWithRefreshToken() which work without an API key.`);
+		this.path = path;
+	}
+};
+
+//#endregion
+exports.ApiKeyRequiredException = ApiKeyRequiredException;
+//# sourceMappingURL=api-key-required.exception.cjs.map

package/lib/common/exceptions/api-key-required.exception.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-required.exception.cjs","names":[],"sources":["../../../src/common/exceptions/api-key-required.exception.ts"],"sourcesContent":["export class ApiKeyRequiredException extends Error {\n  readonly status = 403;\n  readonly name = 'ApiKeyRequiredException';\n  readonly path: string;\n\n  constructor(path: string) {\n    super(\n      `API key required for \"${path}\". ` +\n        `For server-side apps, initialize with: new WorkOS(\"sk_...\"). ` +\n        `For browser/mobile/CLI apps, use authenticateWithCodeAndVerifier() and authenticateWithRefreshToken() which work without an API key.`,\n    );\n    this.path = path;\n  }\n}\n"],"mappings":";;AAAA,IAAa,0BAAb,cAA6C,MAAM;CACjD,AAAS,SAAS;CAClB,AAAS,OAAO;CAChB,AAAS;CAET,YAAY,MAAc;AACxB,QACE,yBAAyB,KAAK,sMAG/B;AACD,OAAK,OAAO"}

package/lib/common/exceptions/api-key-required.exception.d.cts

@@ -0,0 +1,10 @@
+//#region src/common/exceptions/api-key-required.exception.d.ts
+declare class ApiKeyRequiredException extends Error {
+  readonly status = 403;
+  readonly name = "ApiKeyRequiredException";
+  readonly path: string;
+  constructor(path: string);
+}
+//#endregion
+export { ApiKeyRequiredException };
+//# sourceMappingURL=api-key-required.exception.d.cts.map

package/lib/common/exceptions/api-key-required.exception.d.ts

@@ -0,0 +1,10 @@
+//#region src/common/exceptions/api-key-required.exception.d.ts
+declare class ApiKeyRequiredException extends Error {
+  readonly status = 403;
+  readonly name = "ApiKeyRequiredException";
+  readonly path: string;
+  constructor(path: string);
+}
+//#endregion
+export { ApiKeyRequiredException };
+//# sourceMappingURL=api-key-required.exception.d.ts.map

package/lib/common/exceptions/api-key-required.exception.js

@@ -0,0 +1,14 @@
+//#region src/common/exceptions/api-key-required.exception.ts
+var ApiKeyRequiredException = class extends Error {
+	status = 403;
+	name = "ApiKeyRequiredException";
+	path;
+	constructor(path) {
+		super(`API key required for "${path}". For server-side apps, initialize with: new WorkOS("sk_..."). For browser/mobile/CLI apps, use authenticateWithCodeAndVerifier() and authenticateWithRefreshToken() which work without an API key.`);
+		this.path = path;
+	}
+};
+
+//#endregion
+export { ApiKeyRequiredException };
+//# sourceMappingURL=api-key-required.exception.js.map

package/lib/common/exceptions/api-key-required.exception.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-required.exception.js","names":[],"sources":["../../../src/common/exceptions/api-key-required.exception.ts"],"sourcesContent":["export class ApiKeyRequiredException extends Error {\n  readonly status = 403;\n  readonly name = 'ApiKeyRequiredException';\n  readonly path: string;\n\n  constructor(path: string) {\n    super(\n      `API key required for \"${path}\". ` +\n        `For server-side apps, initialize with: new WorkOS(\"sk_...\"). ` +\n        `For browser/mobile/CLI apps, use authenticateWithCodeAndVerifier() and authenticateWithRefreshToken() which work without an API key.`,\n    );\n    this.path = path;\n  }\n}\n"],"mappings":";AAAA,IAAa,0BAAb,cAA6C,MAAM;CACjD,AAAS,SAAS;CAClB,AAAS,OAAO;CAChB,AAAS;CAET,YAAY,MAAc;AACxB,QACE,yBAAyB,KAAK,sMAG/B;AACD,OAAK,OAAO"}

package/lib/common/exceptions/index.cjs

@@ -1,3 +1,4 @@
+const require_common_exceptions_api_key_required_exception = require('./api-key-required.exception.cjs');
 const require_common_exceptions_generic_server_exception = require('./generic-server.exception.cjs');
 const require_common_exceptions_bad_request_exception = require('./bad-request.exception.cjs');
 const require_common_exceptions_no_api_key_provided_exception = require('./no-api-key-provided.exception.cjs');
@@ -8,6 +9,7 @@ const require_common_exceptions_signature_verification_exception = require('./si
 const require_common_exceptions_unauthorized_exception = require('./unauthorized.exception.cjs');
 const require_common_exceptions_unprocessable_entity_exception = require('./unprocessable-entity.exception.cjs');
 
+exports.ApiKeyRequiredException = require_common_exceptions_api_key_required_exception.ApiKeyRequiredException;
 exports.BadRequestException = require_common_exceptions_bad_request_exception.BadRequestException;
 exports.GenericServerException = require_common_exceptions_generic_server_exception.GenericServerException;
 exports.NoApiKeyProvidedException = require_common_exceptions_no_api_key_provided_exception.NoApiKeyProvidedException;

package/lib/common/exceptions/index.d.cts

@@ -1,3 +1,4 @@
+import { ApiKeyRequiredException } from "./api-key-required.exception.cjs";
 import { GenericServerException } from "./generic-server.exception.cjs";
 import { BadRequestException } from "./bad-request.exception.cjs";
 import { NoApiKeyProvidedException } from "./no-api-key-provided.exception.cjs";
@@ -7,4 +8,4 @@ import { RateLimitExceededException } from "./rate-limit-exceeded.exception.cjs"
 import { SignatureVerificationException } from "./signature-verification.exception.cjs";
 import { UnauthorizedException } from "./unauthorized.exception.cjs";
 import { UnprocessableEntityException } from "./unprocessable-entity.exception.cjs";
-export { BadRequestException, GenericServerException, NoApiKeyProvidedException, NotFoundException, OauthException, RateLimitExceededException, SignatureVerificationException, UnauthorizedException, UnprocessableEntityException };
+export { ApiKeyRequiredException, BadRequestException, GenericServerException, NoApiKeyProvidedException, NotFoundException, OauthException, RateLimitExceededException, SignatureVerificationException, UnauthorizedException, UnprocessableEntityException };

package/lib/common/exceptions/index.d.ts

@@ -1,3 +1,4 @@
+import { ApiKeyRequiredException } from "./api-key-required.exception.js";
 import { GenericServerException } from "./generic-server.exception.js";
 import { BadRequestException } from "./bad-request.exception.js";
 import { NoApiKeyProvidedException } from "./no-api-key-provided.exception.js";
@@ -7,4 +8,4 @@ import { RateLimitExceededException } from "./rate-limit-exceeded.exception.js";
 import { SignatureVerificationException } from "./signature-verification.exception.js";
 import { UnauthorizedException } from "./unauthorized.exception.js";
 import { UnprocessableEntityException } from "./unprocessable-entity.exception.js";
-export { BadRequestException, GenericServerException, NoApiKeyProvidedException, NotFoundException, OauthException, RateLimitExceededException, SignatureVerificationException, UnauthorizedException, UnprocessableEntityException };
+export { ApiKeyRequiredException, BadRequestException, GenericServerException, NoApiKeyProvidedException, NotFoundException, OauthException, RateLimitExceededException, SignatureVerificationException, UnauthorizedException, UnprocessableEntityException };