@workos-inc/node 8.0.0-rc.6 → 8.0.0-rc.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (261) hide show
  1. package/README.md +54 -0
  2. package/lib/api-keys/api-keys.cjs +3 -0
  3. package/lib/api-keys/api-keys.cjs.map +1 -1
  4. package/lib/api-keys/api-keys.d.cts +2 -1
  5. package/lib/api-keys/api-keys.d.ts +2 -1
  6. package/lib/api-keys/api-keys.js +3 -0
  7. package/lib/api-keys/api-keys.js.map +1 -1
  8. package/lib/api-keys/interfaces/create-organization-api-key-options.interface.cjs +0 -0
  9. package/lib/api-keys/interfaces/create-organization-api-key-options.interface.d.cts +16 -0
  10. package/lib/api-keys/interfaces/create-organization-api-key-options.interface.d.ts +16 -0
  11. package/lib/api-keys/interfaces/create-organization-api-key-options.interface.js +1 -0
  12. package/lib/api-keys/interfaces/created-api-key.interface.cjs +0 -0
  13. package/lib/api-keys/interfaces/created-api-key.interface.d.cts +34 -0
  14. package/lib/api-keys/interfaces/created-api-key.interface.d.ts +34 -0
  15. package/lib/api-keys/interfaces/created-api-key.interface.js +1 -0
  16. package/lib/api-keys/interfaces/index.cjs +0 -0
  17. package/lib/api-keys/interfaces/index.d.cts +6 -0
  18. package/lib/api-keys/interfaces/index.d.ts +6 -0
  19. package/lib/api-keys/interfaces/index.js +1 -0
  20. package/lib/api-keys/interfaces/list-organization-api-keys-options.interface.cjs +0 -0
  21. package/lib/api-keys/interfaces/list-organization-api-keys-options.interface.d.cts +9 -0
  22. package/lib/api-keys/interfaces/list-organization-api-keys-options.interface.d.ts +9 -0
  23. package/lib/api-keys/interfaces/list-organization-api-keys-options.interface.js +1 -0
  24. package/lib/api-keys/serializers/create-organization-api-key-options.serializer.cjs +12 -0
  25. package/lib/api-keys/serializers/create-organization-api-key-options.serializer.cjs.map +1 -0
  26. package/lib/api-keys/serializers/create-organization-api-key-options.serializer.d.cts +7 -0
  27. package/lib/api-keys/serializers/create-organization-api-key-options.serializer.d.ts +7 -0
  28. package/lib/api-keys/serializers/create-organization-api-key-options.serializer.js +11 -0
  29. package/lib/api-keys/serializers/create-organization-api-key-options.serializer.js.map +1 -0
  30. package/lib/api-keys/serializers/created-api-key.serializer.cjs +20 -0
  31. package/lib/api-keys/serializers/created-api-key.serializer.cjs.map +1 -0
  32. package/lib/api-keys/serializers/created-api-key.serializer.d.cts +7 -0
  33. package/lib/api-keys/serializers/created-api-key.serializer.d.ts +7 -0
  34. package/lib/api-keys/serializers/created-api-key.serializer.js +19 -0
  35. package/lib/api-keys/serializers/created-api-key.serializer.js.map +1 -0
  36. package/lib/api-keys/serializers/index.cjs +9 -0
  37. package/lib/api-keys/serializers/index.d.cts +5 -0
  38. package/lib/api-keys/serializers/index.d.ts +5 -0
  39. package/lib/api-keys/serializers/index.js +6 -0
  40. package/lib/common/crypto/seal.cjs +7 -7
  41. package/lib/common/crypto/seal.cjs.map +1 -1
  42. package/lib/common/crypto/seal.js +1 -1
  43. package/lib/common/exceptions/api-key-required.exception.cjs +15 -0
  44. package/lib/common/exceptions/api-key-required.exception.cjs.map +1 -0
  45. package/lib/common/exceptions/api-key-required.exception.d.cts +10 -0
  46. package/lib/common/exceptions/api-key-required.exception.d.ts +10 -0
  47. package/lib/common/exceptions/api-key-required.exception.js +14 -0
  48. package/lib/common/exceptions/api-key-required.exception.js.map +1 -0
  49. package/lib/common/exceptions/index.cjs +2 -0
  50. package/lib/common/exceptions/index.d.cts +2 -1
  51. package/lib/common/exceptions/index.d.ts +2 -1
  52. package/lib/common/exceptions/index.js +2 -1
  53. package/lib/common/interfaces/event.interface.d.cts +28 -3
  54. package/lib/common/interfaces/event.interface.d.ts +28 -3
  55. package/lib/common/interfaces/get-options.interface.d.cts +2 -0
  56. package/lib/common/interfaces/get-options.interface.d.ts +2 -0
  57. package/lib/common/interfaces/index.d.cts +2 -2
  58. package/lib/common/interfaces/index.d.ts +2 -2
  59. package/lib/common/interfaces/post-options.interface.d.cts +2 -0
  60. package/lib/common/interfaces/post-options.interface.d.ts +2 -0
  61. package/lib/common/interfaces/put-options.interface.d.cts +2 -0
  62. package/lib/common/interfaces/put-options.interface.d.ts +2 -0
  63. package/lib/common/interfaces/workos-options.interface.d.cts +1 -0
  64. package/lib/common/interfaces/workos-options.interface.d.ts +1 -0
  65. package/lib/common/net/http-client.cjs.map +1 -1
  66. package/lib/common/net/http-client.js.map +1 -1
  67. package/lib/common/serializers/event.serializer.cjs +13 -5
  68. package/lib/common/serializers/event.serializer.cjs.map +1 -1
  69. package/lib/common/serializers/event.serializer.js +13 -5
  70. package/lib/common/serializers/event.serializer.js.map +1 -1
  71. package/lib/directory-sync/directory-sync.cjs +1 -1
  72. package/lib/directory-sync/directory-sync.js +1 -1
  73. package/lib/factory.cjs +10 -0
  74. package/lib/factory.cjs.map +1 -0
  75. package/lib/factory.d.cts +83 -0
  76. package/lib/factory.d.ts +83 -0
  77. package/lib/factory.js +10 -0
  78. package/lib/factory.js.map +1 -0
  79. package/lib/feature-flags/feature-flags.cjs +37 -0
  80. package/lib/feature-flags/feature-flags.cjs.map +1 -0
  81. package/lib/feature-flags/feature-flags.d.cts +21 -0
  82. package/lib/feature-flags/feature-flags.d.ts +21 -0
  83. package/lib/feature-flags/feature-flags.js +37 -0
  84. package/lib/feature-flags/feature-flags.js.map +1 -0
  85. package/lib/feature-flags/interfaces/add-flag-target-options.interface.cjs +0 -0
  86. package/lib/feature-flags/interfaces/add-flag-target-options.interface.d.cts +8 -0
  87. package/lib/feature-flags/interfaces/add-flag-target-options.interface.d.ts +8 -0
  88. package/lib/feature-flags/interfaces/add-flag-target-options.interface.js +1 -0
  89. package/lib/feature-flags/interfaces/feature-flag.interface.d.cts +8 -2
  90. package/lib/feature-flags/interfaces/feature-flag.interface.d.ts +8 -2
  91. package/lib/feature-flags/interfaces/index.d.cts +4 -1
  92. package/lib/feature-flags/interfaces/index.d.ts +4 -1
  93. package/lib/feature-flags/interfaces/list-feature-flags-options.interface.cjs +0 -0
  94. package/lib/feature-flags/interfaces/list-feature-flags-options.interface.d.cts +7 -0
  95. package/lib/feature-flags/interfaces/list-feature-flags-options.interface.d.ts +7 -0
  96. package/lib/feature-flags/interfaces/list-feature-flags-options.interface.js +1 -0
  97. package/lib/feature-flags/interfaces/remove-flag-target-options.interface.cjs +0 -0
  98. package/lib/feature-flags/interfaces/remove-flag-target-options.interface.d.cts +8 -0
  99. package/lib/feature-flags/interfaces/remove-flag-target-options.interface.d.ts +8 -0
  100. package/lib/feature-flags/interfaces/remove-flag-target-options.interface.js +1 -0
  101. package/lib/feature-flags/serializers/feature-flag.serializer.cjs +3 -0
  102. package/lib/feature-flags/serializers/feature-flag.serializer.cjs.map +1 -1
  103. package/lib/feature-flags/serializers/feature-flag.serializer.js +3 -0
  104. package/lib/feature-flags/serializers/feature-flag.serializer.js.map +1 -1
  105. package/lib/feature-flags/serializers/index.cjs +3 -0
  106. package/lib/feature-flags/serializers/index.d.cts +2 -0
  107. package/lib/feature-flags/serializers/index.d.ts +2 -0
  108. package/lib/feature-flags/serializers/index.js +3 -0
  109. package/lib/fga/serializers/query-result.serializer.cjs.map +1 -1
  110. package/lib/fga/serializers/query-result.serializer.js.map +1 -1
  111. package/lib/index.cjs +18 -9
  112. package/lib/index.cjs.map +1 -1
  113. package/lib/index.d.cts +18 -5
  114. package/lib/index.d.ts +18 -5
  115. package/lib/index.js +16 -10
  116. package/lib/index.js.map +1 -1
  117. package/lib/index.worker.cjs +15 -9
  118. package/lib/index.worker.cjs.map +1 -1
  119. package/lib/index.worker.d.cts +10 -5
  120. package/lib/index.worker.d.ts +10 -5
  121. package/lib/index.worker.js +13 -10
  122. package/lib/index.worker.js.map +1 -1
  123. package/lib/node_modules/iron-webcrypto/index.cjs +218 -0
  124. package/lib/node_modules/iron-webcrypto/index.cjs.map +1 -0
  125. package/lib/node_modules/iron-webcrypto/index.js +216 -0
  126. package/lib/node_modules/iron-webcrypto/index.js.map +1 -0
  127. package/lib/node_modules/uint8array-extras/index.cjs +55 -0
  128. package/lib/node_modules/uint8array-extras/index.cjs.map +1 -0
  129. package/lib/node_modules/uint8array-extras/index.js +52 -0
  130. package/lib/node_modules/uint8array-extras/index.js.map +1 -0
  131. package/lib/organizations/organizations.cjs +14 -2
  132. package/lib/organizations/organizations.cjs.map +1 -1
  133. package/lib/organizations/organizations.d.cts +6 -0
  134. package/lib/organizations/organizations.d.ts +6 -0
  135. package/lib/organizations/organizations.js +14 -2
  136. package/lib/organizations/organizations.js.map +1 -1
  137. package/lib/organizations/serializers/index.cjs +1 -1
  138. package/lib/organizations/serializers/index.js +1 -1
  139. package/lib/pkce/pkce.cjs +54 -0
  140. package/lib/pkce/pkce.cjs.map +1 -0
  141. package/lib/pkce/pkce.d.cts +38 -0
  142. package/lib/pkce/pkce.d.ts +38 -0
  143. package/lib/pkce/pkce.js +53 -0
  144. package/lib/pkce/pkce.js.map +1 -0
  145. package/lib/sso/interfaces/authorization-url-options.interface.d.cts +34 -8
  146. package/lib/sso/interfaces/authorization-url-options.interface.d.ts +34 -8
  147. package/lib/sso/interfaces/get-profile-and-token-options.interface.d.cts +6 -0
  148. package/lib/sso/interfaces/get-profile-and-token-options.interface.d.ts +6 -0
  149. package/lib/sso/interfaces/index.d.cts +2 -2
  150. package/lib/sso/interfaces/index.d.ts +2 -2
  151. package/lib/sso/sso.cjs +90 -8
  152. package/lib/sso/sso.cjs.map +1 -1
  153. package/lib/sso/sso.d.cts +41 -2
  154. package/lib/sso/sso.d.ts +41 -2
  155. package/lib/sso/sso.js +90 -8
  156. package/lib/sso/sso.js.map +1 -1
  157. package/lib/user-management/interfaces/authenticate-with-code-and-verifier-options.interface.d.cts +2 -2
  158. package/lib/user-management/interfaces/authenticate-with-code-and-verifier-options.interface.d.ts +2 -2
  159. package/lib/user-management/interfaces/authenticate-with-options-base.interface.d.cts +19 -3
  160. package/lib/user-management/interfaces/authenticate-with-options-base.interface.d.ts +19 -3
  161. package/lib/user-management/interfaces/authenticate-with-refresh-token-public-client-options.interface.cjs +0 -0
  162. package/lib/user-management/interfaces/authenticate-with-refresh-token-public-client-options.interface.d.cts +16 -0
  163. package/lib/user-management/interfaces/authenticate-with-refresh-token-public-client-options.interface.d.ts +16 -0
  164. package/lib/user-management/interfaces/authenticate-with-refresh-token-public-client-options.interface.js +1 -0
  165. package/lib/user-management/interfaces/authorization-url-options.interface.d.cts +30 -5
  166. package/lib/user-management/interfaces/authorization-url-options.interface.d.ts +30 -5
  167. package/lib/user-management/interfaces/index.d.cts +5 -3
  168. package/lib/user-management/interfaces/index.d.ts +5 -3
  169. package/lib/user-management/interfaces/logout-url-options.interface.cjs +0 -0
  170. package/lib/user-management/interfaces/logout-url-options.interface.d.cts +8 -0
  171. package/lib/user-management/interfaces/logout-url-options.interface.d.ts +8 -0
  172. package/lib/user-management/interfaces/logout-url-options.interface.js +1 -0
  173. package/lib/user-management/serializers/authenticate-with-code-and-verifier-options.serializer.cjs.map +1 -1
  174. package/lib/user-management/serializers/authenticate-with-code-and-verifier-options.serializer.d.cts +2 -1
  175. package/lib/user-management/serializers/authenticate-with-code-and-verifier-options.serializer.d.ts +2 -1
  176. package/lib/user-management/serializers/authenticate-with-code-and-verifier-options.serializer.js.map +1 -1
  177. package/lib/user-management/serializers/authenticate-with-code-options.serializer.cjs.map +1 -1
  178. package/lib/user-management/serializers/authenticate-with-code-options.serializer.d.cts +2 -1
  179. package/lib/user-management/serializers/authenticate-with-code-options.serializer.d.ts +2 -1
  180. package/lib/user-management/serializers/authenticate-with-code-options.serializer.js.map +1 -1
  181. package/lib/user-management/serializers/authenticate-with-email-verification.serializer.cjs.map +1 -1
  182. package/lib/user-management/serializers/authenticate-with-email-verification.serializer.d.cts +2 -1
  183. package/lib/user-management/serializers/authenticate-with-email-verification.serializer.d.ts +2 -1
  184. package/lib/user-management/serializers/authenticate-with-email-verification.serializer.js.map +1 -1
  185. package/lib/user-management/serializers/authenticate-with-magic-auth-options.serializer.cjs.map +1 -1
  186. package/lib/user-management/serializers/authenticate-with-magic-auth-options.serializer.d.cts +2 -1
  187. package/lib/user-management/serializers/authenticate-with-magic-auth-options.serializer.d.ts +2 -1
  188. package/lib/user-management/serializers/authenticate-with-magic-auth-options.serializer.js.map +1 -1
  189. package/lib/user-management/serializers/authenticate-with-organization-selection-options.serializer.cjs.map +1 -1
  190. package/lib/user-management/serializers/authenticate-with-organization-selection-options.serializer.d.cts +2 -1
  191. package/lib/user-management/serializers/authenticate-with-organization-selection-options.serializer.d.ts +2 -1
  192. package/lib/user-management/serializers/authenticate-with-organization-selection-options.serializer.js.map +1 -1
  193. package/lib/user-management/serializers/authenticate-with-password-options.serializer.cjs.map +1 -1
  194. package/lib/user-management/serializers/authenticate-with-password-options.serializer.d.cts +2 -1
  195. package/lib/user-management/serializers/authenticate-with-password-options.serializer.d.ts +2 -1
  196. package/lib/user-management/serializers/authenticate-with-password-options.serializer.js.map +1 -1
  197. package/lib/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.cjs +14 -0
  198. package/lib/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.cjs.map +1 -0
  199. package/lib/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.d.cts +8 -0
  200. package/lib/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.d.ts +8 -0
  201. package/lib/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.js +13 -0
  202. package/lib/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.js.map +1 -0
  203. package/lib/user-management/serializers/authenticate-with-refresh-token.options.serializer.cjs.map +1 -1
  204. package/lib/user-management/serializers/authenticate-with-refresh-token.options.serializer.d.cts +2 -1
  205. package/lib/user-management/serializers/authenticate-with-refresh-token.options.serializer.d.ts +2 -1
  206. package/lib/user-management/serializers/authenticate-with-refresh-token.options.serializer.js.map +1 -1
  207. package/lib/user-management/serializers/authenticate-with-totp-options.serializer.cjs.map +1 -1
  208. package/lib/user-management/serializers/authenticate-with-totp-options.serializer.d.cts +2 -1
  209. package/lib/user-management/serializers/authenticate-with-totp-options.serializer.d.ts +2 -1
  210. package/lib/user-management/serializers/authenticate-with-totp-options.serializer.js.map +1 -1
  211. package/lib/user-management/serializers/index.cjs +2 -0
  212. package/lib/user-management/serializers/index.d.cts +2 -1
  213. package/lib/user-management/serializers/index.d.ts +2 -1
  214. package/lib/user-management/serializers/index.js +2 -1
  215. package/lib/user-management/session.cjs +3 -10
  216. package/lib/user-management/session.cjs.map +1 -1
  217. package/lib/user-management/session.js +3 -10
  218. package/lib/user-management/session.js.map +1 -1
  219. package/lib/user-management/user-management.cjs +186 -31
  220. package/lib/user-management/user-management.cjs.map +1 -1
  221. package/lib/user-management/user-management.d.cts +71 -2
  222. package/lib/user-management/user-management.d.ts +71 -2
  223. package/lib/user-management/user-management.js +186 -31
  224. package/lib/user-management/user-management.js.map +1 -1
  225. package/lib/vault/vault.cjs +4 -0
  226. package/lib/vault/vault.cjs.map +1 -1
  227. package/lib/vault/vault.d.cts +1 -0
  228. package/lib/vault/vault.d.ts +1 -0
  229. package/lib/vault/vault.js +4 -0
  230. package/lib/vault/vault.js.map +1 -1
  231. package/lib/webhooks/webhooks.cjs +1 -1
  232. package/lib/webhooks/webhooks.js +1 -1
  233. package/lib/workos.cjs +68 -26
  234. package/lib/workos.cjs.map +1 -1
  235. package/lib/workos.d.cts +37 -8
  236. package/lib/workos.d.ts +37 -8
  237. package/lib/workos.js +68 -26
  238. package/lib/workos.js.map +1 -1
  239. package/package.json +4 -21
  240. package/lib/_virtual/rolldown_runtime.cjs +0 -19
  241. package/lib/_virtual/rolldown_runtime.js +0 -18
  242. package/lib/client/index.cjs +0 -15
  243. package/lib/client/index.d.cts +0 -3
  244. package/lib/client/index.d.ts +0 -3
  245. package/lib/client/index.js +0 -4
  246. package/lib/client/sso.cjs +0 -40
  247. package/lib/client/sso.cjs.map +0 -1
  248. package/lib/client/sso.d.cts +0 -21
  249. package/lib/client/sso.d.ts +0 -21
  250. package/lib/client/sso.js +0 -34
  251. package/lib/client/sso.js.map +0 -1
  252. package/lib/client/user-management.cjs +0 -80
  253. package/lib/client/user-management.cjs.map +0 -1
  254. package/lib/client/user-management.d.cts +0 -58
  255. package/lib/client/user-management.d.ts +0 -58
  256. package/lib/client/user-management.js +0 -72
  257. package/lib/client/user-management.js.map +0 -1
  258. package/lib/index.client.cjs +0 -15
  259. package/lib/index.client.d.cts +0 -3
  260. package/lib/index.client.d.ts +0 -3
  261. package/lib/index.client.js +0 -4
package/lib/vault/vault.d.ts CHANGED
@@ -21,6 +21,7 @@ declare class Vault {
21
21
  listObjects(options?: PaginationOptions | undefined): Promise<List<ObjectDigest>>;
22
22
  listObjectVersions(options: ReadObjectOptions): Promise<ObjectVersion[]>;
23
23
  readObject(options: ReadObjectOptions): Promise<VaultObject>;
24
+ readObjectByName(name: string): Promise<VaultObject>;
24
25
  describeObject(options: ReadObjectOptions): Promise<VaultObject>;
25
26
  updateObject(options: UpdateObjectOptions): Promise<VaultObject>;
26
27
  deleteObject(options: DeleteObjectOptions): Promise<void>;
package/lib/vault/vault.js CHANGED
@@ -41,6 +41,10 @@ var Vault = class {
41
41
  const { data } = await this.workos.get(`/vault/v1/kv/${encodeURIComponent(options.id)}`);
42
42
  return deserializeObject(data);
43
43
  }
44
+ async readObjectByName(name) {
45
+ const { data } = await this.workos.get(`/vault/v1/kv/name/${encodeURIComponent(name)}`);
46
+ return deserializeObject(data);
47
+ }
44
48
  async describeObject(options) {
45
49
  const { data } = await this.workos.get(`/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`);
46
50
  return deserializeObject(data);
package/lib/vault/vault.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"vault.js","names":["workos: WorkOS"],"sources":["../../src/vault/vault.ts"],"sourcesContent":["import { decodeUInt32, encodeUInt32 } from '../common/utils/leb128';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { List, ListResponse } from '../common/interfaces';\nimport { PaginationOptions } from '../index.worker';\nimport { base64ToUint8Array, uint8ArrayToBase64 } from '../common/utils/base64';\nimport type { WorkOS } from '../workos';\nimport {\n CreateDataKeyOptions,\n CreateDataKeyResponse,\n CreateObjectOptions,\n DataKey,\n DataKeyPair,\n DecryptDataKeyOptions,\n DecryptDataKeyResponse,\n DeleteObjectOptions,\n KeyContext,\n ListObjectVersionsResponse,\n ObjectDigest,\n ObjectDigestResponse,\n ObjectMetadata,\n ObjectVersion,\n ReadObjectMetadataResponse,\n ReadObjectOptions,\n ReadObjectResponse,\n UpdateObjectOptions,\n VaultObject,\n} from './interfaces';\nimport {\n deserializeCreateDataKeyResponse,\n deserializeDecryptDataKeyResponse,\n} from './serializers/vault-key.serializer';\nimport {\n deserializeListObjects,\n deserializeObject,\n deserializeObjectMetadata,\n desrializeListObjectVersions,\n serializeCreateObjectEntity,\n serializeUpdateObjectEntity,\n} from './serializers/vault-object.serializer';\n\ninterface Decoded {\n iv: Uint8Array;\n tag: Uint8Array;\n keys: string;\n ciphertext: Uint8Array;\n}\n\nexport class Vault {\n private cryptoProvider: CryptoProvider;\n\n constructor(private readonly workos: WorkOS) {\n this.cryptoProvider = workos.getCryptoProvider();\n }\n\n private decode(payload: string): Decoded {\n const inputData = base64ToUint8Array(payload);\n // Use 12 bytes for IV (standard for AES-GCM)\n const iv = new Uint8Array(inputData.subarray(0, 12));\n const tag = new Uint8Array(inputData.subarray(12, 28));\n const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);\n\n // Use subarray instead of slice and convert directly to base64\n const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);\n const keys = uint8ArrayToBase64(keysBuffer);\n\n const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));\n\n return {\n iv,\n tag,\n keys,\n ciphertext,\n };\n }\n\n async createObject(options: CreateObjectOptions): Promise<ObjectMetadata> {\n const { data } = await this.workos.post<ReadObjectMetadataResponse>(\n `/vault/v1/kv`,\n serializeCreateObjectEntity(options),\n );\n return deserializeObjectMetadata(data);\n }\n\n async listObjects(\n options?: PaginationOptions | undefined,\n ): Promise<List<ObjectDigest>> {\n const url = new URL('/vault/v1/kv', this.workos.baseURL);\n if (options?.after) {\n url.searchParams.set('after', options.after);\n }\n if (options?.limit) {\n url.searchParams.set('limit', options.limit.toString());\n }\n\n const { data } = await this.workos.get<ListResponse<ObjectDigestResponse>>(\n url.toString(),\n );\n return deserializeListObjects(data);\n }\n\n async listObjectVersions(\n options: ReadObjectOptions,\n ): Promise<ObjectVersion[]> {\n const { data } = await this.workos.get<ListObjectVersionsResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/versions`,\n );\n return desrializeListObjectVersions(data);\n }\n\n async readObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n );\n return deserializeObject(data);\n }\n\n async describeObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`,\n );\n return deserializeObject(data);\n }\n\n async updateObject(options: UpdateObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.put<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n serializeUpdateObjectEntity(options),\n );\n return deserializeObject(data);\n }\n\n async deleteObject(options: DeleteObjectOptions): Promise<void> {\n return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);\n }\n\n async createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair> {\n const { data } = await this.workos.post<CreateDataKeyResponse>(\n `/vault/v1/keys/data-key`,\n options,\n );\n return deserializeCreateDataKeyResponse(data);\n }\n\n async decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey> {\n const { data } = await this.workos.post<DecryptDataKeyResponse>(\n `/vault/v1/keys/decrypt`,\n options,\n );\n return deserializeDecryptDataKeyResponse(data);\n }\n\n async encrypt(\n data: string,\n context: KeyContext,\n associatedData?: string,\n ): Promise<string> {\n const keyPair = await this.createDataKey({\n context,\n });\n\n // Convert base64 key to Uint8Array\n const encoder = new TextEncoder();\n\n // Use our cross-runtime base64 utility\n const key = base64ToUint8Array(keyPair.dataKey.key);\n const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);\n\n const prefixLenBuffer = encodeUInt32(keyBlob.length);\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n // Use a 12-byte IV for AES-GCM (industry standard)\n const iv = this.cryptoProvider.randomBytes(12);\n\n const {\n ciphertext,\n iv: resultIv,\n tag,\n } = await this.cryptoProvider.encrypt(\n encoder.encode(data),\n key,\n iv,\n aadBuffer,\n );\n\n // Concatenate all parts into a single array\n const resultArray = new Uint8Array(\n resultIv.length +\n tag.length +\n prefixLenBuffer.length +\n keyBlob.length +\n ciphertext.length,\n );\n\n let offset = 0;\n resultArray.set(resultIv, offset);\n offset += resultIv.length;\n\n resultArray.set(tag, offset);\n offset += tag.length;\n\n resultArray.set(new Uint8Array(prefixLenBuffer), offset);\n offset += prefixLenBuffer.length;\n\n resultArray.set(keyBlob, offset);\n offset += keyBlob.length;\n\n resultArray.set(ciphertext, offset);\n\n // Convert to base64 using our cross-runtime utility\n return uint8ArrayToBase64(resultArray);\n }\n\n async decrypt(\n encryptedData: string,\n associatedData?: string,\n ): Promise<string> {\n const decoded = this.decode(encryptedData);\n const dataKey = await this.decryptDataKey({ keys: decoded.keys });\n\n // Convert base64 key to Uint8Array using our cross-runtime utility\n const key = base64ToUint8Array(dataKey.key);\n\n const encoder = new TextEncoder();\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n const decrypted = await this.cryptoProvider.decrypt(\n decoded.ciphertext,\n key,\n decoded.iv,\n decoded.tag,\n aadBuffer,\n );\n\n return new TextDecoder().decode(decrypted);\n }\n}\n"],"mappings":";;;;;;AA+CA,IAAa,QAAb,MAAmB;CACjB,AAAQ;CAER,YAAY,AAAiBA,QAAgB;EAAhB;AAC3B,OAAK,iBAAiB,OAAO,mBAAmB;;CAGlD,AAAQ,OAAO,SAA0B;EACvC,MAAM,YAAY,mBAAmB,QAAQ;EAE7C,MAAM,KAAK,IAAI,WAAW,UAAU,SAAS,GAAG,GAAG,CAAC;EACpD,MAAM,MAAM,IAAI,WAAW,UAAU,SAAS,IAAI,GAAG,CAAC;EACtD,MAAM,EAAE,OAAO,QAAQ,cAAc,aAAa,WAAW,GAAG;AAQhE,SAAO;GACL;GACA;GACA,MAPW,mBADM,UAAU,SAAS,WAAW,YAAY,OAAO,CACzB;GAQzC,YANiB,IAAI,WAAW,UAAU,SAAS,YAAY,OAAO,CAAC;GAOxE;;CAGH,MAAM,aAAa,SAAuD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gBACA,4BAA4B,QAAQ,CACrC;AACD,SAAO,0BAA0B,KAAK;;CAGxC,MAAM,YACJ,SAC6B;EAC7B,MAAM,MAAM,IAAI,IAAI,gBAAgB,KAAK,OAAO,QAAQ;AACxD,MAAI,SAAS,MACX,KAAI,aAAa,IAAI,SAAS,QAAQ,MAAM;AAE9C,MAAI,SAAS,MACX,KAAI,aAAa,IAAI,SAAS,QAAQ,MAAM,UAAU,CAAC;EAGzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,IAAI,UAAU,CACf;AACD,SAAO,uBAAuB,KAAK;;CAGrC,MAAM,mBACJ,SAC0B;EAC1B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,CAAC,WAChD;AACD,SAAO,6BAA6B,KAAK;;CAG3C,MAAM,WAAW,SAAkD;EACjE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,GAC/C;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,eAAe,SAAkD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,CAAC,WAChD;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,aAAa,SAAoD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,IAC9C,4BAA4B,QAAQ,CACrC;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,aAAa,SAA6C;AAC9D,SAAO,KAAK,OAAO,OAAO,gBAAgB,mBAAmB,QAAQ,GAAG,GAAG;;CAG7E,MAAM,cAAc,SAAqD;EACvE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,2BACA,QACD;AACD,SAAO,iCAAiC,KAAK;;CAG/C,MAAM,eAAe,SAAkD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BACA,QACD;AACD,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,QACJ,MACA,SACA,gBACiB;EACjB,MAAM,UAAU,MAAM,KAAK,cAAc,EACvC,SACD,CAAC;EAGF,MAAM,UAAU,IAAI,aAAa;EAGjC,MAAM,MAAM,mBAAmB,QAAQ,QAAQ,IAAI;EACnD,MAAM,UAAU,mBAAmB,QAAQ,cAAc;EAEzD,MAAM,kBAAkB,aAAa,QAAQ,OAAO;EACpD,MAAM,YAAY,iBACd,QAAQ,OAAO,eAAe,GAC9B;EAGJ,MAAM,KAAK,KAAK,eAAe,YAAY,GAAG;EAE9C,MAAM,EACJ,YACA,IAAI,UACJ,QACE,MAAM,KAAK,eAAe,QAC5B,QAAQ,OAAO,KAAK,EACpB,KACA,IACA,UACD;EAGD,MAAM,cAAc,IAAI,WACtB,SAAS,SACP,IAAI,SACJ,gBAAgB,SAChB,QAAQ,SACR,WAAW,OACd;EAED,IAAI,SAAS;AACb,cAAY,IAAI,UAAU,OAAO;AACjC,YAAU,SAAS;AAEnB,cAAY,IAAI,KAAK,OAAO;AAC5B,YAAU,IAAI;AAEd,cAAY,IAAI,IAAI,WAAW,gBAAgB,EAAE,OAAO;AACxD,YAAU,gBAAgB;AAE1B,cAAY,IAAI,SAAS,OAAO;AAChC,YAAU,QAAQ;AAElB,cAAY,IAAI,YAAY,OAAO;AAGnC,SAAO,mBAAmB,YAAY;;CAGxC,MAAM,QACJ,eACA,gBACiB;EACjB,MAAM,UAAU,KAAK,OAAO,cAAc;EAI1C,MAAM,MAAM,oBAHI,MAAM,KAAK,eAAe,EAAE,MAAM,QAAQ,MAAM,CAAC,EAG1B,IAAI;EAE3C,MAAM,UAAU,IAAI,aAAa;EACjC,MAAM,YAAY,iBACd,QAAQ,OAAO,eAAe,GAC9B;EAEJ,MAAM,YAAY,MAAM,KAAK,eAAe,QAC1C,QAAQ,YACR,KACA,QAAQ,IACR,QAAQ,KACR,UACD;AAED,SAAO,IAAI,aAAa,CAAC,OAAO,UAAU"}
1
+ {"version":3,"file":"vault.js","names":["workos: WorkOS"],"sources":["../../src/vault/vault.ts"],"sourcesContent":["import { decodeUInt32, encodeUInt32 } from '../common/utils/leb128';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { List, ListResponse } from '../common/interfaces';\nimport { PaginationOptions } from '../index.worker';\nimport { base64ToUint8Array, uint8ArrayToBase64 } from '../common/utils/base64';\nimport type { WorkOS } from '../workos';\nimport {\n CreateDataKeyOptions,\n CreateDataKeyResponse,\n CreateObjectOptions,\n DataKey,\n DataKeyPair,\n DecryptDataKeyOptions,\n DecryptDataKeyResponse,\n DeleteObjectOptions,\n KeyContext,\n ListObjectVersionsResponse,\n ObjectDigest,\n ObjectDigestResponse,\n ObjectMetadata,\n ObjectVersion,\n ReadObjectMetadataResponse,\n ReadObjectOptions,\n ReadObjectResponse,\n UpdateObjectOptions,\n VaultObject,\n} from './interfaces';\nimport {\n deserializeCreateDataKeyResponse,\n deserializeDecryptDataKeyResponse,\n} from './serializers/vault-key.serializer';\nimport {\n deserializeListObjects,\n deserializeObject,\n deserializeObjectMetadata,\n desrializeListObjectVersions,\n serializeCreateObjectEntity,\n serializeUpdateObjectEntity,\n} from './serializers/vault-object.serializer';\n\ninterface Decoded {\n iv: Uint8Array;\n tag: Uint8Array;\n keys: string;\n ciphertext: Uint8Array;\n}\n\nexport class Vault {\n private cryptoProvider: CryptoProvider;\n\n constructor(private readonly workos: WorkOS) {\n this.cryptoProvider = workos.getCryptoProvider();\n }\n\n private decode(payload: string): Decoded {\n const inputData = base64ToUint8Array(payload);\n // Use 12 bytes for IV (standard for AES-GCM)\n const iv = new Uint8Array(inputData.subarray(0, 12));\n const tag = new Uint8Array(inputData.subarray(12, 28));\n const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);\n\n // Use subarray instead of slice and convert directly to base64\n const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);\n const keys = uint8ArrayToBase64(keysBuffer);\n\n const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));\n\n return {\n iv,\n tag,\n keys,\n ciphertext,\n };\n }\n\n async createObject(options: CreateObjectOptions): Promise<ObjectMetadata> {\n const { data } = await this.workos.post<ReadObjectMetadataResponse>(\n `/vault/v1/kv`,\n serializeCreateObjectEntity(options),\n );\n return deserializeObjectMetadata(data);\n }\n\n async listObjects(\n options?: PaginationOptions | undefined,\n ): Promise<List<ObjectDigest>> {\n const url = new URL('/vault/v1/kv', this.workos.baseURL);\n if (options?.after) {\n url.searchParams.set('after', options.after);\n }\n if (options?.limit) {\n url.searchParams.set('limit', options.limit.toString());\n }\n\n const { data } = await this.workos.get<ListResponse<ObjectDigestResponse>>(\n url.toString(),\n );\n return deserializeListObjects(data);\n }\n\n async listObjectVersions(\n options: ReadObjectOptions,\n ): Promise<ObjectVersion[]> {\n const { data } = await this.workos.get<ListObjectVersionsResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/versions`,\n );\n return desrializeListObjectVersions(data);\n }\n\n async readObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n );\n return deserializeObject(data);\n }\n\n async readObjectByName(name: string): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/name/${encodeURIComponent(name)}`,\n );\n return deserializeObject(data);\n }\n\n async describeObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`,\n );\n return deserializeObject(data);\n }\n\n async updateObject(options: UpdateObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.put<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n serializeUpdateObjectEntity(options),\n );\n return deserializeObject(data);\n }\n\n async deleteObject(options: DeleteObjectOptions): Promise<void> {\n return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);\n }\n\n async createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair> {\n const { data } = await this.workos.post<CreateDataKeyResponse>(\n `/vault/v1/keys/data-key`,\n options,\n );\n return deserializeCreateDataKeyResponse(data);\n }\n\n async decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey> {\n const { data } = await this.workos.post<DecryptDataKeyResponse>(\n `/vault/v1/keys/decrypt`,\n options,\n );\n return deserializeDecryptDataKeyResponse(data);\n }\n\n async encrypt(\n data: string,\n context: KeyContext,\n associatedData?: string,\n ): Promise<string> {\n const keyPair = await this.createDataKey({\n context,\n });\n\n // Convert base64 key to Uint8Array\n const encoder = new TextEncoder();\n\n // Use our cross-runtime base64 utility\n const key = base64ToUint8Array(keyPair.dataKey.key);\n const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);\n\n const prefixLenBuffer = encodeUInt32(keyBlob.length);\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n // Use a 12-byte IV for AES-GCM (industry standard)\n const iv = this.cryptoProvider.randomBytes(12);\n\n const {\n ciphertext,\n iv: resultIv,\n tag,\n } = await this.cryptoProvider.encrypt(\n encoder.encode(data),\n key,\n iv,\n aadBuffer,\n );\n\n // Concatenate all parts into a single array\n const resultArray = new Uint8Array(\n resultIv.length +\n tag.length +\n prefixLenBuffer.length +\n keyBlob.length +\n ciphertext.length,\n );\n\n let offset = 0;\n resultArray.set(resultIv, offset);\n offset += resultIv.length;\n\n resultArray.set(tag, offset);\n offset += tag.length;\n\n resultArray.set(new Uint8Array(prefixLenBuffer), offset);\n offset += prefixLenBuffer.length;\n\n resultArray.set(keyBlob, offset);\n offset += keyBlob.length;\n\n resultArray.set(ciphertext, offset);\n\n // Convert to base64 using our cross-runtime utility\n return uint8ArrayToBase64(resultArray);\n }\n\n async decrypt(\n encryptedData: string,\n associatedData?: string,\n ): Promise<string> {\n const decoded = this.decode(encryptedData);\n const dataKey = await this.decryptDataKey({ keys: decoded.keys });\n\n // Convert base64 key to Uint8Array using our cross-runtime utility\n const key = base64ToUint8Array(dataKey.key);\n\n const encoder = new TextEncoder();\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n const decrypted = await this.cryptoProvider.decrypt(\n decoded.ciphertext,\n key,\n decoded.iv,\n decoded.tag,\n aadBuffer,\n );\n\n return new TextDecoder().decode(decrypted);\n }\n}\n"],"mappings":";;;;;;AA+CA,IAAa,QAAb,MAAmB;CACjB,AAAQ;CAER,YAAY,AAAiBA,QAAgB;EAAhB;AAC3B,OAAK,iBAAiB,OAAO,mBAAmB;;CAGlD,AAAQ,OAAO,SAA0B;EACvC,MAAM,YAAY,mBAAmB,QAAQ;EAE7C,MAAM,KAAK,IAAI,WAAW,UAAU,SAAS,GAAG,GAAG,CAAC;EACpD,MAAM,MAAM,IAAI,WAAW,UAAU,SAAS,IAAI,GAAG,CAAC;EACtD,MAAM,EAAE,OAAO,QAAQ,cAAc,aAAa,WAAW,GAAG;AAQhE,SAAO;GACL;GACA;GACA,MAPW,mBADM,UAAU,SAAS,WAAW,YAAY,OAAO,CACzB;GAQzC,YANiB,IAAI,WAAW,UAAU,SAAS,YAAY,OAAO,CAAC;GAOxE;;CAGH,MAAM,aAAa,SAAuD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gBACA,4BAA4B,QAAQ,CACrC;AACD,SAAO,0BAA0B,KAAK;;CAGxC,MAAM,YACJ,SAC6B;EAC7B,MAAM,MAAM,IAAI,IAAI,gBAAgB,KAAK,OAAO,QAAQ;AACxD,MAAI,SAAS,MACX,KAAI,aAAa,IAAI,SAAS,QAAQ,MAAM;AAE9C,MAAI,SAAS,MACX,KAAI,aAAa,IAAI,SAAS,QAAQ,MAAM,UAAU,CAAC;EAGzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,IAAI,UAAU,CACf;AACD,SAAO,uBAAuB,KAAK;;CAGrC,MAAM,mBACJ,SAC0B;EAC1B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,CAAC,WAChD;AACD,SAAO,6BAA6B,KAAK;;CAG3C,MAAM,WAAW,SAAkD;EACjE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,GAC/C;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,iBAAiB,MAAoC;EACzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,qBAAqB,mBAAmB,KAAK,GAC9C;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,eAAe,SAAkD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,CAAC,WAChD;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,aAAa,SAAoD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,IAC9C,4BAA4B,QAAQ,CACrC;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,aAAa,SAA6C;AAC9D,SAAO,KAAK,OAAO,OAAO,gBAAgB,mBAAmB,QAAQ,GAAG,GAAG;;CAG7E,MAAM,cAAc,SAAqD;EACvE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,2BACA,QACD;AACD,SAAO,iCAAiC,KAAK;;CAG/C,MAAM,eAAe,SAAkD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BACA,QACD;AACD,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,QACJ,MACA,SACA,gBACiB;EACjB,MAAM,UAAU,MAAM,KAAK,cAAc,EACvC,SACD,CAAC;EAGF,MAAM,UAAU,IAAI,aAAa;EAGjC,MAAM,MAAM,mBAAmB,QAAQ,QAAQ,IAAI;EACnD,MAAM,UAAU,mBAAmB,QAAQ,cAAc;EAEzD,MAAM,kBAAkB,aAAa,QAAQ,OAAO;EACpD,MAAM,YAAY,iBACd,QAAQ,OAAO,eAAe,GAC9B;EAGJ,MAAM,KAAK,KAAK,eAAe,YAAY,GAAG;EAE9C,MAAM,EACJ,YACA,IAAI,UACJ,QACE,MAAM,KAAK,eAAe,QAC5B,QAAQ,OAAO,KAAK,EACpB,KACA,IACA,UACD;EAGD,MAAM,cAAc,IAAI,WACtB,SAAS,SACP,IAAI,SACJ,gBAAgB,SAChB,QAAQ,SACR,WAAW,OACd;EAED,IAAI,SAAS;AACb,cAAY,IAAI,UAAU,OAAO;AACjC,YAAU,SAAS;AAEnB,cAAY,IAAI,KAAK,OAAO;AAC5B,YAAU,IAAI;AAEd,cAAY,IAAI,IAAI,WAAW,gBAAgB,EAAE,OAAO;AACxD,YAAU,gBAAgB;AAE1B,cAAY,IAAI,SAAS,OAAO;AAChC,YAAU,QAAQ;AAElB,cAAY,IAAI,YAAY,OAAO;AAGnC,SAAO,mBAAmB,YAAY;;CAGxC,MAAM,QACJ,eACA,gBACiB;EACjB,MAAM,UAAU,KAAK,OAAO,cAAc;EAI1C,MAAM,MAAM,oBAHI,MAAM,KAAK,eAAe,EAAE,MAAM,QAAQ,MAAM,CAAC,EAG1B,IAAI;EAE3C,MAAM,UAAU,IAAI,aAAa;EACjC,MAAM,YAAY,iBACd,QAAQ,OAAO,eAAe,GAC9B;EAEJ,MAAM,YAAY,MAAM,KAAK,eAAe,QAC1C,QAAQ,YACR,KACA,QAAQ,IACR,QAAQ,KACR,UACD;AAED,SAAO,IAAI,aAAa,CAAC,OAAO,UAAU"}
package/lib/webhooks/webhooks.cjs CHANGED
@@ -1,5 +1,5 @@
1
- const require_common_crypto_signature_provider = require('../common/crypto/signature-provider.cjs');
2
1
  const require_common_serializers_event_serializer = require('../common/serializers/event.serializer.cjs');
2
+ const require_common_crypto_signature_provider = require('../common/crypto/signature-provider.cjs');
3
3
 
4
4
  //#region src/webhooks/webhooks.ts
5
5
  var Webhooks = class {
package/lib/webhooks/webhooks.js CHANGED
@@ -1,5 +1,5 @@
1
- import { SignatureProvider } from "../common/crypto/signature-provider.js";
2
1
  import { deserializeEvent } from "../common/serializers/event.serializer.js";
2
+ import { SignatureProvider } from "../common/crypto/signature-provider.js";
3
3
 
4
4
  //#region src/webhooks/webhooks.ts
5
5
  var Webhooks = class {
package/lib/workos.cjs CHANGED
@@ -1,17 +1,12 @@
1
- const require_common_crypto_subtle_crypto_provider = require('./common/crypto/subtle-crypto-provider.cjs');
2
- const require_common_net_http_client = require('./common/net/http-client.cjs');
3
- const require_common_exceptions_parse_error = require('./common/exceptions/parse-error.cjs');
4
- const require_common_net_fetch_client = require('./common/net/fetch-client.cjs');
1
+ const require_common_exceptions_api_key_required_exception = require('./common/exceptions/api-key-required.exception.cjs');
5
2
  const require_common_exceptions_generic_server_exception = require('./common/exceptions/generic-server.exception.cjs');
6
3
  const require_common_exceptions_bad_request_exception = require('./common/exceptions/bad-request.exception.cjs');
7
- const require_common_exceptions_no_api_key_provided_exception = require('./common/exceptions/no-api-key-provided.exception.cjs');
8
4
  const require_common_exceptions_not_found_exception = require('./common/exceptions/not-found.exception.cjs');
9
5
  const require_common_exceptions_oauth_exception = require('./common/exceptions/oauth.exception.cjs');
10
6
  const require_common_exceptions_rate_limit_exceeded_exception = require('./common/exceptions/rate-limit-exceeded.exception.cjs');
11
7
  const require_common_exceptions_unauthorized_exception = require('./common/exceptions/unauthorized.exception.cjs');
12
8
  const require_common_exceptions_unprocessable_entity_exception = require('./common/exceptions/unprocessable-entity.exception.cjs');
13
- const require_actions_actions = require('./actions/actions.cjs');
14
- const require_webhooks_webhooks = require('./webhooks/webhooks.cjs');
9
+ const require_pkce_pkce = require('./pkce/pkce.cjs');
15
10
  const require_api_keys_api_keys = require('./api-keys/api-keys.cjs');
16
11
  const require_directory_sync_directory_sync = require('./directory-sync/directory-sync.cjs');
17
12
  const require_events_events = require('./events/events.cjs');
@@ -21,18 +16,25 @@ const require_passwordless_passwordless = require('./passwordless/passwordless.c
21
16
  const require_pipes_pipes = require('./pipes/pipes.cjs');
22
17
  const require_portal_portal = require('./portal/portal.cjs');
23
18
  const require_sso_sso = require('./sso/sso.cjs');
19
+ const require_webhooks_webhooks = require('./webhooks/webhooks.cjs');
24
20
  const require_mfa_mfa = require('./mfa/mfa.cjs');
25
21
  const require_audit_logs_audit_logs = require('./audit-logs/audit-logs.cjs');
26
22
  const require_common_utils_env = require('./common/utils/env.cjs');
27
23
  const require_user_management_user_management = require('./user-management/user-management.cjs');
28
24
  const require_fga_fga = require('./fga/fga.cjs');
25
+ const require_feature_flags_feature_flags = require('./feature-flags/feature-flags.cjs');
26
+ const require_common_net_http_client = require('./common/net/http-client.cjs');
27
+ const require_common_crypto_subtle_crypto_provider = require('./common/crypto/subtle-crypto-provider.cjs');
28
+ const require_common_exceptions_parse_error = require('./common/exceptions/parse-error.cjs');
29
+ const require_common_net_fetch_client = require('./common/net/fetch-client.cjs');
29
30
  const require_widgets_widgets = require('./widgets/widgets.cjs');
31
+ const require_actions_actions = require('./actions/actions.cjs');
30
32
  const require_vault_vault = require('./vault/vault.cjs');
31
33
  const require_common_exceptions_conflict_exception = require('./common/exceptions/conflict.exception.cjs');
32
34
  const require_common_utils_runtime_info = require('./common/utils/runtime-info.cjs');
33
35
 
34
36
  //#region src/workos.ts
35
- const VERSION = "8.0.0-rc.6";
37
+ const VERSION = "8.0.0-rc.8";
36
38
  const DEFAULT_HOSTNAME = "api.workos.com";
37
39
  const HEADER_AUTHORIZATION = "Authorization";
38
40
  const HEADER_IDEMPOTENCY_KEY = "Idempotency-Key";
@@ -41,43 +43,71 @@ var WorkOS = class {
41
43
  baseURL;
42
44
  client;
43
45
  clientId;
46
+ key;
47
+ options;
48
+ pkce;
49
+ hasApiKey;
44
50
  actions;
45
51
  apiKeys = new require_api_keys_api_keys.ApiKeys(this);
46
52
  auditLogs = new require_audit_logs_audit_logs.AuditLogs(this);
47
53
  directorySync = new require_directory_sync_directory_sync.DirectorySync(this);
54
+ events = new require_events_events.Events(this);
55
+ featureFlags = new require_feature_flags_feature_flags.FeatureFlags(this);
56
+ fga = new require_fga_fga.FGA(this);
57
+ mfa = new require_mfa_mfa.Mfa(this);
48
58
  organizations = new require_organizations_organizations.Organizations(this);
49
59
  organizationDomains = new require_organization_domains_organization_domains.OrganizationDomains(this);
50
60
  passwordless = new require_passwordless_passwordless.Passwordless(this);
51
61
  pipes = new require_pipes_pipes.Pipes(this);
52
62
  portal = new require_portal_portal.Portal(this);
53
63
  sso = new require_sso_sso.SSO(this);
54
- webhooks;
55
- mfa = new require_mfa_mfa.Mfa(this);
56
- events = new require_events_events.Events(this);
57
64
  userManagement;
58
- fga = new require_fga_fga.FGA(this);
59
- widgets = new require_widgets_widgets.Widgets(this);
60
65
  vault = new require_vault_vault.Vault(this);
61
- constructor(key, options = {}) {
62
- this.key = key;
63
- this.options = options;
64
- if (!key) {
65
- this.key = require_common_utils_env.getEnv("WORKOS_API_KEY");
66
- if (!this.key) throw new require_common_exceptions_no_api_key_provided_exception.NoApiKeyProvidedException();
66
+ webhooks;
67
+ widgets = new require_widgets_widgets.Widgets(this);
68
+ /**
69
+ * Create a new WorkOS client.
70
+ *
71
+ * @param keyOrOptions - API key string, or options object
72
+ * @param maybeOptions - Options when first argument is API key
73
+ *
74
+ * @example
75
+ * // Server-side with API key (string)
76
+ * const workos = new WorkOS('sk_...');
77
+ *
78
+ * @example
79
+ * // Server-side with API key (object)
80
+ * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });
81
+ *
82
+ * @example
83
+ * // PKCE/public client (no API key)
84
+ * const workos = new WorkOS({ clientId: 'client_...' });
85
+ */
86
+ constructor(keyOrOptions, maybeOptions) {
87
+ if (typeof keyOrOptions === "object") {
88
+ this.key = keyOrOptions.apiKey;
89
+ this.options = keyOrOptions;
90
+ } else {
91
+ this.key = keyOrOptions;
92
+ this.options = maybeOptions ?? {};
67
93
  }
94
+ if (!this.key) this.key = require_common_utils_env.getEnv("WORKOS_API_KEY");
95
+ this.hasApiKey = !!this.key;
68
96
  if (this.options.https === void 0) this.options.https = true;
69
97
  this.clientId = this.options.clientId;
70
98
  if (!this.clientId) this.clientId = require_common_utils_env.getEnv("WORKOS_CLIENT_ID");
99
+ if (!this.hasApiKey && !this.clientId) throw new Error("WorkOS requires either an API key or a clientId. For server-side: new WorkOS(\"sk_...\") or new WorkOS({ apiKey: \"sk_...\" }). For PKCE/public clients: new WorkOS({ clientId: \"client_...\" })");
71
100
  const protocol = this.options.https ? "https" : "http";
72
101
  const apiHostname = this.options.apiHostname || DEFAULT_HOSTNAME;
73
102
  const port = this.options.port;
74
103
  this.baseURL = `${protocol}://${apiHostname}`;
75
104
  if (port) this.baseURL = this.baseURL + `:${port}`;
105
+ this.pkce = new require_pkce_pkce.PKCE();
76
106
  this.webhooks = this.createWebhookClient();
77
107
  this.actions = this.createActionsClient();
78
108
  this.userManagement = new require_user_management_user_management.UserManagement(this);
79
- const userAgent = this.createUserAgent(options);
80
- this.client = this.createHttpClient(options, userAgent);
109
+ const userAgent = this.createUserAgent(this.options);
110
+ this.client = this.createHttpClient(this.options, userAgent);
81
111
  }
82
112
  createUserAgent(options) {
83
113
  let userAgent = `workos-node/${VERSION}`;
@@ -99,20 +129,29 @@ var WorkOS = class {
99
129
  return new require_common_crypto_subtle_crypto_provider.SubtleCryptoProvider();
100
130
  }
101
131
  createHttpClient(options, userAgent) {
132
+ const headers = { "User-Agent": userAgent };
133
+ const configHeaders = options.config?.headers;
134
+ if (configHeaders && typeof configHeaders === "object" && !Array.isArray(configHeaders) && !(configHeaders instanceof Headers)) Object.assign(headers, configHeaders);
135
+ if (this.key) headers["Authorization"] = `Bearer ${this.key}`;
102
136
  return new require_common_net_fetch_client.FetchHttpClient(this.baseURL, {
103
137
  ...options.config,
104
138
  timeout: options.timeout,
105
- headers: {
106
- ...options.config?.headers,
107
- Authorization: `Bearer ${this.key}`,
108
- "User-Agent": userAgent
109
- }
139
+ headers
110
140
  });
111
141
  }
112
142
  get version() {
113
143
  return VERSION;
114
144
  }
145
+ /**
146
+ * Require API key for methods that need it.
147
+ * @param methodName - Name of the method requiring API key (for error message)
148
+ * @throws ApiKeyRequiredException if no API key was provided
149
+ */
150
+ requireApiKey(methodName) {
151
+ if (!this.hasApiKey) throw new require_common_exceptions_api_key_required_exception.ApiKeyRequiredException(methodName);
152
+ }
115
153
  async post(path, entity, options = {}) {
154
+ if (!options.skipApiKeyCheck) this.requireApiKey(path);
116
155
  const requestHeaders = {};
117
156
  if (options.idempotencyKey) requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;
118
157
  if (options.warrantToken) requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;
@@ -137,6 +176,7 @@ var WorkOS = class {
137
176
  }
138
177
  }
139
178
  async get(path, options = {}) {
179
+ if (!options.skipApiKeyCheck) this.requireApiKey(path);
140
180
  const requestHeaders = {};
141
181
  if (options.accessToken) requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;
142
182
  if (options.warrantToken) requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;
@@ -161,6 +201,7 @@ var WorkOS = class {
161
201
  }
162
202
  }
163
203
  async put(path, entity, options = {}) {
204
+ if (!options.skipApiKeyCheck) this.requireApiKey(path);
164
205
  const requestHeaders = {};
165
206
  if (options.idempotencyKey) requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;
166
207
  let res;
@@ -184,6 +225,7 @@ var WorkOS = class {
184
225
  }
185
226
  }
186
227
  async delete(path, query) {
228
+ this.requireApiKey(path);
187
229
  try {
188
230
  await this.client.delete(path, { params: query });
189
231
  } catch (error) {
package/lib/workos.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"workos.cjs","names":["ApiKeys","AuditLogs","DirectorySync","Organizations","OrganizationDomains","Passwordless","Pipes","Portal","SSO","Mfa","Events","FGA","Widgets","Vault","key?: string","options: WorkOSOptions","getEnv","NoApiKeyProvidedException","protocol: string","apiHostname: string","port: number | undefined","UserManagement","userAgent: string","getRuntimeInfo","Webhooks","Actions","SubtleCryptoProvider","FetchHttpClient","requestHeaders: Record<string, string>","res: HttpClientResponseInterface","ParseError","HttpClientError","UnauthorizedException","ConflictException","UnprocessableEntityException","NotFoundException","RateLimitExceededException","error","OauthException","BadRequestException","GenericServerException"],"sources":["../src/workos.ts"],"sourcesContent":["import {\n GenericServerException,\n NoApiKeyProvidedException,\n NotFoundException,\n UnauthorizedException,\n UnprocessableEntityException,\n OauthException,\n RateLimitExceededException,\n} from './common/exceptions';\nimport {\n GetOptions,\n HttpClientResponseInterface,\n PostOptions,\n PutOptions,\n WorkOSOptions,\n WorkOSResponseError,\n} from './common/interfaces';\nimport { ApiKeys } from './api-keys/api-keys';\nimport { DirectorySync } from './directory-sync/directory-sync';\nimport { Events } from './events/events';\nimport { Organizations } from './organizations/organizations';\nimport { OrganizationDomains } from './organization-domains/organization-domains';\nimport { Passwordless } from './passwordless/passwordless';\nimport { Pipes } from './pipes/pipes';\nimport { Portal } from './portal/portal';\nimport { SSO } from './sso/sso';\nimport { Webhooks } from './webhooks/webhooks';\nimport { Mfa } from './mfa/mfa';\nimport { AuditLogs } from './audit-logs/audit-logs';\nimport { UserManagement } from './user-management/user-management';\nimport { FGA } from './fga/fga';\nimport { BadRequestException } from './common/exceptions/bad-request.exception';\n\nimport { HttpClient, HttpClientError } from './common/net/http-client';\nimport { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';\nimport { FetchHttpClient } from './common/net/fetch-client';\nimport { Widgets } from './widgets/widgets';\nimport { Actions } from './actions/actions';\nimport { Vault } from './vault/vault';\nimport { ConflictException } from './common/exceptions/conflict.exception';\nimport { CryptoProvider } from './common/crypto/crypto-provider';\nimport { ParseError } from './common/exceptions/parse-error';\nimport { getEnv } from './common/utils/env';\nimport { getRuntimeInfo } from './common/utils/runtime-info';\n\nconst VERSION = '8.0.0-rc.6';\n\nconst DEFAULT_HOSTNAME = 'api.workos.com';\n\nconst HEADER_AUTHORIZATION = 'Authorization';\nconst HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';\nconst HEADER_WARRANT_TOKEN = 'Warrant-Token';\n\nexport class WorkOS {\n readonly baseURL: string;\n readonly client: HttpClient;\n readonly clientId?: string;\n\n readonly actions: Actions;\n readonly apiKeys = new ApiKeys(this);\n readonly auditLogs = new AuditLogs(this);\n readonly directorySync = new DirectorySync(this);\n readonly organizations = new Organizations(this);\n readonly organizationDomains = new OrganizationDomains(this);\n readonly passwordless = new Passwordless(this);\n readonly pipes = new Pipes(this);\n readonly portal = new Portal(this);\n readonly sso = new SSO(this);\n readonly webhooks: Webhooks;\n readonly mfa = new Mfa(this);\n readonly events = new Events(this);\n readonly userManagement: UserManagement;\n readonly fga = new FGA(this);\n readonly widgets = new Widgets(this);\n readonly vault = new Vault(this);\n\n constructor(\n readonly key?: string,\n readonly options: WorkOSOptions = {},\n ) {\n if (!key) {\n this.key = getEnv('WORKOS_API_KEY');\n\n if (!this.key) {\n throw new NoApiKeyProvidedException();\n }\n }\n\n if (this.options.https === undefined) {\n this.options.https = true;\n }\n\n this.clientId = this.options.clientId;\n if (!this.clientId) {\n this.clientId = getEnv('WORKOS_CLIENT_ID');\n }\n\n const protocol: string = this.options.https ? 'https' : 'http';\n const apiHostname: string = this.options.apiHostname || DEFAULT_HOSTNAME;\n const port: number | undefined = this.options.port;\n this.baseURL = `${protocol}://${apiHostname}`;\n\n if (port) {\n this.baseURL = this.baseURL + `:${port}`;\n }\n\n this.webhooks = this.createWebhookClient();\n this.actions = this.createActionsClient();\n\n // Must initialize UserManagement after baseURL is configured\n this.userManagement = new UserManagement(this);\n\n const userAgent = this.createUserAgent(options);\n\n this.client = this.createHttpClient(options, userAgent);\n }\n\n private createUserAgent(options: WorkOSOptions): string {\n let userAgent: string = `workos-node/${VERSION}`;\n\n const { name: runtimeName, version: runtimeVersion } = getRuntimeInfo();\n userAgent += ` (${runtimeName}${runtimeVersion ? `/${runtimeVersion}` : ''})`;\n\n if (options.appInfo) {\n const { name, version } = options.appInfo;\n userAgent += ` ${name}: ${version}`;\n }\n\n return userAgent;\n }\n\n createWebhookClient() {\n return new Webhooks(this.getCryptoProvider());\n }\n\n createActionsClient() {\n return new Actions(this.getCryptoProvider());\n }\n\n getCryptoProvider(): CryptoProvider {\n return new SubtleCryptoProvider();\n }\n\n createHttpClient(options: WorkOSOptions, userAgent: string) {\n return new FetchHttpClient(this.baseURL, {\n ...options.config,\n timeout: options.timeout,\n headers: {\n ...options.config?.headers,\n Authorization: `Bearer ${this.key}`,\n 'User-Agent': userAgent,\n },\n }) as HttpClient;\n }\n\n get version() {\n return VERSION;\n }\n\n async post<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PostOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.post<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async get<Result = any>(\n path: string,\n options: GetOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.accessToken) {\n requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n try {\n res = await this.client.get(path, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async put<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PutOptions = {},\n ): Promise<{ data: Result }> {\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.put<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async delete(path: string, query?: any): Promise<void> {\n try {\n await this.client.delete(path, {\n params: query,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n emitWarning(warning: string) {\n // tslint:disable-next-line:no-console\n console.warn(`WorkOS: ${warning}`);\n }\n\n private async handleParseError(\n error: unknown,\n res: HttpClientResponseInterface,\n ) {\n if (error instanceof SyntaxError) {\n const rawResponse = res.getRawResponse() as Response;\n const requestID = rawResponse.headers.get('X-Request-ID') ?? '';\n const rawStatus = rawResponse.status;\n const rawBody = await rawResponse.text();\n throw new ParseError({\n message: error.message,\n rawBody,\n rawStatus,\n requestID,\n });\n }\n }\n\n private handleHttpError({ path, error }: { path: string; error: unknown }) {\n if (!(error instanceof HttpClientError)) {\n throw new Error(`Unexpected error: ${error}`, { cause: error });\n }\n\n const { response } = error as HttpClientError<WorkOSResponseError>;\n\n if (response) {\n const { status, data, headers } = response;\n\n const requestID = headers['X-Request-ID'] ?? '';\n const {\n code,\n error_description: errorDescription,\n error,\n errors,\n message,\n } = data;\n\n switch (status) {\n case 401: {\n throw new UnauthorizedException(requestID);\n }\n case 409: {\n throw new ConflictException({ requestID, message, error });\n }\n case 422: {\n throw new UnprocessableEntityException({\n code,\n errors,\n message,\n requestID,\n });\n }\n case 404: {\n throw new NotFoundException({\n code,\n message,\n path,\n requestID,\n });\n }\n case 429: {\n const retryAfter = headers.get('Retry-After');\n\n throw new RateLimitExceededException(\n data.message,\n requestID,\n retryAfter ? Number(retryAfter) : null,\n );\n }\n default: {\n if (error || errorDescription) {\n throw new OauthException(\n status,\n requestID,\n error,\n errorDescription,\n data,\n );\n } else if (code && errors) {\n // Note: ideally this should be mapped directly with a `400` status code.\n // However, this would break existing logic for the `OauthException` exception.\n throw new BadRequestException({\n code,\n errors,\n message,\n requestID,\n });\n } else {\n throw new GenericServerException(\n status,\n data.message,\n data,\n requestID,\n );\n }\n }\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,MAAM,UAAU;AAEhB,MAAM,mBAAmB;AAEzB,MAAM,uBAAuB;AAC7B,MAAM,yBAAyB;AAC/B,MAAM,uBAAuB;AAE7B,IAAa,SAAb,MAAoB;CAClB,AAAS;CACT,AAAS;CACT,AAAS;CAET,AAAS;CACT,AAAS,UAAU,IAAIA,kCAAQ,KAAK;CACpC,AAAS,YAAY,IAAIC,wCAAU,KAAK;CACxC,AAAS,gBAAgB,IAAIC,oDAAc,KAAK;CAChD,AAAS,gBAAgB,IAAIC,kDAAc,KAAK;CAChD,AAAS,sBAAsB,IAAIC,sEAAoB,KAAK;CAC5D,AAAS,eAAe,IAAIC,+CAAa,KAAK;CAC9C,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAChC,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS;CACT,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS;CACT,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,UAAU,IAAIC,gCAAQ,KAAK;CACpC,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAEhC,YACE,AAASC,KACT,AAASC,UAAyB,EAAE,EACpC;EAFS;EACA;AAET,MAAI,CAAC,KAAK;AACR,QAAK,MAAMC,gCAAO,iBAAiB;AAEnC,OAAI,CAAC,KAAK,IACR,OAAM,IAAIC,mFAA2B;;AAIzC,MAAI,KAAK,QAAQ,UAAU,OACzB,MAAK,QAAQ,QAAQ;AAGvB,OAAK,WAAW,KAAK,QAAQ;AAC7B,MAAI,CAAC,KAAK,SACR,MAAK,WAAWD,gCAAO,mBAAmB;EAG5C,MAAME,WAAmB,KAAK,QAAQ,QAAQ,UAAU;EACxD,MAAMC,cAAsB,KAAK,QAAQ,eAAe;EACxD,MAAMC,OAA2B,KAAK,QAAQ;AAC9C,OAAK,UAAU,GAAG,SAAS,KAAK;AAEhC,MAAI,KACF,MAAK,UAAU,KAAK,UAAU,IAAI;AAGpC,OAAK,WAAW,KAAK,qBAAqB;AAC1C,OAAK,UAAU,KAAK,qBAAqB;AAGzC,OAAK,iBAAiB,IAAIC,uDAAe,KAAK;EAE9C,MAAM,YAAY,KAAK,gBAAgB,QAAQ;AAE/C,OAAK,SAAS,KAAK,iBAAiB,SAAS,UAAU;;CAGzD,AAAQ,gBAAgB,SAAgC;EACtD,IAAIC,YAAoB,eAAe;EAEvC,MAAM,EAAE,MAAM,aAAa,SAAS,mBAAmBC,kDAAgB;AACvE,eAAa,KAAK,cAAc,iBAAiB,IAAI,mBAAmB,GAAG;AAE3E,MAAI,QAAQ,SAAS;GACnB,MAAM,EAAE,MAAM,YAAY,QAAQ;AAClC,gBAAa,IAAI,KAAK,IAAI;;AAG5B,SAAO;;CAGT,sBAAsB;AACpB,SAAO,IAAIC,mCAAS,KAAK,mBAAmB,CAAC;;CAG/C,sBAAsB;AACpB,SAAO,IAAIC,gCAAQ,KAAK,mBAAmB,CAAC;;CAG9C,oBAAoC;AAClC,SAAO,IAAIC,mEAAsB;;CAGnC,iBAAiB,SAAwB,WAAmB;AAC1D,SAAO,IAAIC,gDAAgB,KAAK,SAAS;GACvC,GAAG,QAAQ;GACX,SAAS,QAAQ;GACjB,SAAS;IACP,GAAG,QAAQ,QAAQ;IACnB,eAAe,UAAU,KAAK;IAC9B,cAAc;IACf;GACF,CAAC;;CAGJ,IAAI,UAAU;AACZ,SAAO;;CAGT,MAAM,KACJ,MACA,QACA,UAAuB,EAAE,EACE;EAC3B,MAAMC,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;AAGnD,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,KAAa,MAAM,QAAQ;IACjD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AACrC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,YACV,gBAAe,wBAAwB,UAAU,QAAQ;AAG3D,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AACJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAI,MAAM;IAChC,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,QACA,UAAsB,EAAE,EACG;EAC3B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAY,MAAM,QAAQ;IAChD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,OAAO,MAAc,OAA4B;AACrD,MAAI;AACF,SAAM,KAAK,OAAO,OAAO,MAAM,EAC7B,QAAQ,OACT,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,YAAY,SAAiB;AAE3B,UAAQ,KAAK,WAAW,UAAU;;CAGpC,MAAc,iBACZ,OACA,KACA;AACA,MAAI,iBAAiB,aAAa;GAChC,MAAM,cAAc,IAAI,gBAAgB;GACxC,MAAM,YAAY,YAAY,QAAQ,IAAI,eAAe,IAAI;GAC7D,MAAM,YAAY,YAAY;GAC9B,MAAM,UAAU,MAAM,YAAY,MAAM;AACxC,SAAM,IAAIC,iDAAW;IACnB,SAAS,MAAM;IACf;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,gBAAgB,EAAE,MAAM,SAA2C;AACzE,MAAI,EAAE,iBAAiBC,gDACrB,OAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE,OAAO,OAAO,CAAC;EAGjE,MAAM,EAAE,aAAa;AAErB,MAAI,UAAU;GACZ,MAAM,EAAE,QAAQ,MAAM,YAAY;GAElC,MAAM,YAAY,QAAQ,mBAAmB;GAC7C,MAAM,EACJ,MACA,mBAAmB,kBACnB,gBACA,QACA,YACE;AAEJ,WAAQ,QAAR;IACE,KAAK,IACH,OAAM,IAAIC,uEAAsB,UAAU;IAE5C,KAAK,IACH,OAAM,IAAIC,+DAAkB;KAAE;KAAW;KAAS;KAAO,CAAC;IAE5D,KAAK,IACH,OAAM,IAAIC,sFAA6B;KACrC;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,IACH,OAAM,IAAIC,gEAAkB;KAC1B;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,KAAK;KACR,MAAM,aAAa,QAAQ,IAAI,cAAc;AAE7C,WAAM,IAAIC,mFACR,KAAK,SACL,WACA,aAAa,OAAO,WAAW,GAAG,KACnC;;IAEH,QACE,KAAIC,WAAS,iBACX,OAAM,IAAIC,yDACR,QACA,WACAD,SACA,kBACA,KACD;aACQ,QAAQ,OAGjB,OAAM,IAAIE,oEAAoB;KAC5B;KACA;KACA;KACA;KACD,CAAC;QAEF,OAAM,IAAIC,0EACR,QACA,KAAK,SACL,MACA,UACD"}
1
+ {"version":3,"file":"workos.cjs","names":["ApiKeys","AuditLogs","DirectorySync","Events","FeatureFlags","FGA","Mfa","Organizations","OrganizationDomains","Passwordless","Pipes","Portal","SSO","Vault","Widgets","getEnv","protocol: string","apiHostname: string","port: number | undefined","PKCE","UserManagement","userAgent: string","getRuntimeInfo","Webhooks","Actions","SubtleCryptoProvider","headers: Record<string, string>","FetchHttpClient","ApiKeyRequiredException","requestHeaders: Record<string, string>","res: HttpClientResponseInterface","ParseError","HttpClientError","UnauthorizedException","ConflictException","UnprocessableEntityException","NotFoundException","RateLimitExceededException","error","OauthException","BadRequestException","GenericServerException"],"sources":["../src/workos.ts"],"sourcesContent":["import {\n ApiKeyRequiredException,\n GenericServerException,\n NotFoundException,\n UnauthorizedException,\n UnprocessableEntityException,\n OauthException,\n RateLimitExceededException,\n} from './common/exceptions';\nimport { PKCE } from './pkce/pkce';\nimport {\n GetOptions,\n HttpClientResponseInterface,\n PostOptions,\n PutOptions,\n WorkOSOptions,\n WorkOSResponseError,\n} from './common/interfaces';\nimport { ApiKeys } from './api-keys/api-keys';\nimport { DirectorySync } from './directory-sync/directory-sync';\nimport { Events } from './events/events';\nimport { Organizations } from './organizations/organizations';\nimport { OrganizationDomains } from './organization-domains/organization-domains';\nimport { Passwordless } from './passwordless/passwordless';\nimport { Pipes } from './pipes/pipes';\nimport { Portal } from './portal/portal';\nimport { SSO } from './sso/sso';\nimport { Webhooks } from './webhooks/webhooks';\nimport { Mfa } from './mfa/mfa';\nimport { AuditLogs } from './audit-logs/audit-logs';\nimport { UserManagement } from './user-management/user-management';\nimport { FGA } from './fga/fga';\nimport { BadRequestException } from './common/exceptions/bad-request.exception';\nimport { FeatureFlags } from './feature-flags/feature-flags';\n\nimport { HttpClient, HttpClientError } from './common/net/http-client';\nimport { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';\nimport { FetchHttpClient } from './common/net/fetch-client';\nimport { Widgets } from './widgets/widgets';\nimport { Actions } from './actions/actions';\nimport { Vault } from './vault/vault';\nimport { ConflictException } from './common/exceptions/conflict.exception';\nimport { CryptoProvider } from './common/crypto/crypto-provider';\nimport { ParseError } from './common/exceptions/parse-error';\nimport { getEnv } from './common/utils/env';\nimport { getRuntimeInfo } from './common/utils/runtime-info';\n\nconst VERSION = '8.0.0-rc.8';\n\nconst DEFAULT_HOSTNAME = 'api.workos.com';\n\nconst HEADER_AUTHORIZATION = 'Authorization';\nconst HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';\nconst HEADER_WARRANT_TOKEN = 'Warrant-Token';\n\nexport class WorkOS {\n readonly baseURL: string;\n readonly client: HttpClient;\n readonly clientId?: string;\n readonly key?: string;\n readonly options: WorkOSOptions;\n readonly pkce: PKCE;\n\n private readonly hasApiKey: boolean;\n\n readonly actions: Actions;\n readonly apiKeys = new ApiKeys(this);\n readonly auditLogs = new AuditLogs(this);\n readonly directorySync = new DirectorySync(this);\n readonly events = new Events(this);\n readonly featureFlags = new FeatureFlags(this);\n readonly fga = new FGA(this);\n readonly mfa = new Mfa(this);\n readonly organizations = new Organizations(this);\n readonly organizationDomains = new OrganizationDomains(this);\n readonly passwordless = new Passwordless(this);\n readonly pipes = new Pipes(this);\n readonly portal = new Portal(this);\n readonly sso = new SSO(this);\n readonly userManagement: UserManagement;\n readonly vault = new Vault(this);\n readonly webhooks: Webhooks;\n readonly widgets = new Widgets(this);\n\n /**\n * Create a new WorkOS client.\n *\n * @param keyOrOptions - API key string, or options object\n * @param maybeOptions - Options when first argument is API key\n *\n * @example\n * // Server-side with API key (string)\n * const workos = new WorkOS('sk_...');\n *\n * @example\n * // Server-side with API key (object)\n * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });\n *\n * @example\n * // PKCE/public client (no API key)\n * const workos = new WorkOS({ clientId: 'client_...' });\n */\n constructor(\n keyOrOptions?: string | WorkOSOptions,\n maybeOptions?: WorkOSOptions,\n ) {\n if (typeof keyOrOptions === 'object') {\n this.key = keyOrOptions.apiKey;\n this.options = keyOrOptions;\n } else {\n this.key = keyOrOptions;\n this.options = maybeOptions ?? {};\n }\n\n if (!this.key) {\n this.key = getEnv('WORKOS_API_KEY');\n }\n\n this.hasApiKey = !!this.key;\n\n if (this.options.https === undefined) {\n this.options.https = true;\n }\n\n this.clientId = this.options.clientId;\n if (!this.clientId) {\n this.clientId = getEnv('WORKOS_CLIENT_ID');\n }\n\n if (!this.hasApiKey && !this.clientId) {\n throw new Error(\n 'WorkOS requires either an API key or a clientId. ' +\n 'For server-side: new WorkOS(\"sk_...\") or new WorkOS({ apiKey: \"sk_...\" }). ' +\n 'For PKCE/public clients: new WorkOS({ clientId: \"client_...\" })',\n );\n }\n\n const protocol: string = this.options.https ? 'https' : 'http';\n const apiHostname: string = this.options.apiHostname || DEFAULT_HOSTNAME;\n const port: number | undefined = this.options.port;\n this.baseURL = `${protocol}://${apiHostname}`;\n\n if (port) {\n this.baseURL = this.baseURL + `:${port}`;\n }\n\n this.pkce = new PKCE();\n\n this.webhooks = this.createWebhookClient();\n this.actions = this.createActionsClient();\n\n // Must initialize UserManagement after baseURL is configured\n this.userManagement = new UserManagement(this);\n\n const userAgent = this.createUserAgent(this.options);\n\n this.client = this.createHttpClient(this.options, userAgent);\n }\n\n private createUserAgent(options: WorkOSOptions): string {\n let userAgent: string = `workos-node/${VERSION}`;\n\n const { name: runtimeName, version: runtimeVersion } = getRuntimeInfo();\n userAgent += ` (${runtimeName}${runtimeVersion ? `/${runtimeVersion}` : ''})`;\n\n if (options.appInfo) {\n const { name, version } = options.appInfo;\n userAgent += ` ${name}: ${version}`;\n }\n\n return userAgent;\n }\n\n createWebhookClient() {\n return new Webhooks(this.getCryptoProvider());\n }\n\n createActionsClient() {\n return new Actions(this.getCryptoProvider());\n }\n\n getCryptoProvider(): CryptoProvider {\n return new SubtleCryptoProvider();\n }\n\n createHttpClient(options: WorkOSOptions, userAgent: string) {\n const headers: Record<string, string> = {\n 'User-Agent': userAgent,\n };\n\n const configHeaders = options.config?.headers;\n if (\n configHeaders &&\n typeof configHeaders === 'object' &&\n !Array.isArray(configHeaders) &&\n !(configHeaders instanceof Headers)\n ) {\n Object.assign(headers, configHeaders);\n }\n\n if (this.key) {\n headers['Authorization'] = `Bearer ${this.key}`;\n }\n\n return new FetchHttpClient(this.baseURL, {\n ...options.config,\n timeout: options.timeout,\n headers,\n }) as HttpClient;\n }\n\n get version() {\n return VERSION;\n }\n\n /**\n * Require API key for methods that need it.\n * @param methodName - Name of the method requiring API key (for error message)\n * @throws ApiKeyRequiredException if no API key was provided\n */\n requireApiKey(methodName: string): void {\n if (!this.hasApiKey) {\n throw new ApiKeyRequiredException(methodName);\n }\n }\n\n async post<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PostOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.post<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async get<Result = any>(\n path: string,\n options: GetOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.accessToken) {\n requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n try {\n res = await this.client.get(path, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async put<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PutOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.put<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async delete(path: string, query?: any): Promise<void> {\n this.requireApiKey(path);\n\n try {\n await this.client.delete(path, {\n params: query,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n emitWarning(warning: string) {\n // tslint:disable-next-line:no-console\n console.warn(`WorkOS: ${warning}`);\n }\n\n private async handleParseError(\n error: unknown,\n res: HttpClientResponseInterface,\n ) {\n if (error instanceof SyntaxError) {\n const rawResponse = res.getRawResponse() as Response;\n const requestID = rawResponse.headers.get('X-Request-ID') ?? '';\n const rawStatus = rawResponse.status;\n const rawBody = await rawResponse.text();\n throw new ParseError({\n message: error.message,\n rawBody,\n rawStatus,\n requestID,\n });\n }\n }\n\n private handleHttpError({ path, error }: { path: string; error: unknown }) {\n if (!(error instanceof HttpClientError)) {\n throw new Error(`Unexpected error: ${error}`, { cause: error });\n }\n\n const { response } = error as HttpClientError<WorkOSResponseError>;\n\n if (response) {\n const { status, data, headers } = response;\n\n const requestID = headers['X-Request-ID'] ?? '';\n const {\n code,\n error_description: errorDescription,\n error,\n errors,\n message,\n } = data;\n\n switch (status) {\n case 401: {\n throw new UnauthorizedException(requestID);\n }\n case 409: {\n throw new ConflictException({ requestID, message, error });\n }\n case 422: {\n throw new UnprocessableEntityException({\n code,\n errors,\n message,\n requestID,\n });\n }\n case 404: {\n throw new NotFoundException({\n code,\n message,\n path,\n requestID,\n });\n }\n case 429: {\n const retryAfter = headers.get('Retry-After');\n\n throw new RateLimitExceededException(\n data.message,\n requestID,\n retryAfter ? Number(retryAfter) : null,\n );\n }\n default: {\n if (error || errorDescription) {\n throw new OauthException(\n status,\n requestID,\n error,\n errorDescription,\n data,\n );\n } else if (code && errors) {\n // Note: ideally this should be mapped directly with a `400` status code.\n // However, this would break existing logic for the `OauthException` exception.\n throw new BadRequestException({\n code,\n errors,\n message,\n requestID,\n });\n } else {\n throw new GenericServerException(\n status,\n data.message,\n data,\n requestID,\n );\n }\n }\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CA,MAAM,UAAU;AAEhB,MAAM,mBAAmB;AAEzB,MAAM,uBAAuB;AAC7B,MAAM,yBAAyB;AAC/B,MAAM,uBAAuB;AAE7B,IAAa,SAAb,MAAoB;CAClB,AAAS;CACT,AAAS;CACT,AAAS;CACT,AAAS;CACT,AAAS;CACT,AAAS;CAET,AAAiB;CAEjB,AAAS;CACT,AAAS,UAAU,IAAIA,kCAAQ,KAAK;CACpC,AAAS,YAAY,IAAIC,wCAAU,KAAK;CACxC,AAAS,gBAAgB,IAAIC,oDAAc,KAAK;CAChD,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS,eAAe,IAAIC,iDAAa,KAAK;CAC9C,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,gBAAgB,IAAIC,kDAAc,KAAK;CAChD,AAAS,sBAAsB,IAAIC,sEAAoB,KAAK;CAC5D,AAAS,eAAe,IAAIC,+CAAa,KAAK;CAC9C,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAChC,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS;CACT,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAChC,AAAS;CACT,AAAS,UAAU,IAAIC,gCAAQ,KAAK;;;;;;;;;;;;;;;;;;;CAoBpC,YACE,cACA,cACA;AACA,MAAI,OAAO,iBAAiB,UAAU;AACpC,QAAK,MAAM,aAAa;AACxB,QAAK,UAAU;SACV;AACL,QAAK,MAAM;AACX,QAAK,UAAU,gBAAgB,EAAE;;AAGnC,MAAI,CAAC,KAAK,IACR,MAAK,MAAMC,gCAAO,iBAAiB;AAGrC,OAAK,YAAY,CAAC,CAAC,KAAK;AAExB,MAAI,KAAK,QAAQ,UAAU,OACzB,MAAK,QAAQ,QAAQ;AAGvB,OAAK,WAAW,KAAK,QAAQ;AAC7B,MAAI,CAAC,KAAK,SACR,MAAK,WAAWA,gCAAO,mBAAmB;AAG5C,MAAI,CAAC,KAAK,aAAa,CAAC,KAAK,SAC3B,OAAM,IAAI,MACR,oMAGD;EAGH,MAAMC,WAAmB,KAAK,QAAQ,QAAQ,UAAU;EACxD,MAAMC,cAAsB,KAAK,QAAQ,eAAe;EACxD,MAAMC,OAA2B,KAAK,QAAQ;AAC9C,OAAK,UAAU,GAAG,SAAS,KAAK;AAEhC,MAAI,KACF,MAAK,UAAU,KAAK,UAAU,IAAI;AAGpC,OAAK,OAAO,IAAIC,wBAAM;AAEtB,OAAK,WAAW,KAAK,qBAAqB;AAC1C,OAAK,UAAU,KAAK,qBAAqB;AAGzC,OAAK,iBAAiB,IAAIC,uDAAe,KAAK;EAE9C,MAAM,YAAY,KAAK,gBAAgB,KAAK,QAAQ;AAEpD,OAAK,SAAS,KAAK,iBAAiB,KAAK,SAAS,UAAU;;CAG9D,AAAQ,gBAAgB,SAAgC;EACtD,IAAIC,YAAoB,eAAe;EAEvC,MAAM,EAAE,MAAM,aAAa,SAAS,mBAAmBC,kDAAgB;AACvE,eAAa,KAAK,cAAc,iBAAiB,IAAI,mBAAmB,GAAG;AAE3E,MAAI,QAAQ,SAAS;GACnB,MAAM,EAAE,MAAM,YAAY,QAAQ;AAClC,gBAAa,IAAI,KAAK,IAAI;;AAG5B,SAAO;;CAGT,sBAAsB;AACpB,SAAO,IAAIC,mCAAS,KAAK,mBAAmB,CAAC;;CAG/C,sBAAsB;AACpB,SAAO,IAAIC,gCAAQ,KAAK,mBAAmB,CAAC;;CAG9C,oBAAoC;AAClC,SAAO,IAAIC,mEAAsB;;CAGnC,iBAAiB,SAAwB,WAAmB;EAC1D,MAAMC,UAAkC,EACtC,cAAc,WACf;EAED,MAAM,gBAAgB,QAAQ,QAAQ;AACtC,MACE,iBACA,OAAO,kBAAkB,YACzB,CAAC,MAAM,QAAQ,cAAc,IAC7B,EAAE,yBAAyB,SAE3B,QAAO,OAAO,SAAS,cAAc;AAGvC,MAAI,KAAK,IACP,SAAQ,mBAAmB,UAAU,KAAK;AAG5C,SAAO,IAAIC,gDAAgB,KAAK,SAAS;GACvC,GAAG,QAAQ;GACX,SAAS,QAAQ;GACjB;GACD,CAAC;;CAGJ,IAAI,UAAU;AACZ,SAAO;;;;;;;CAQT,cAAc,YAA0B;AACtC,MAAI,CAAC,KAAK,UACR,OAAM,IAAIC,6EAAwB,WAAW;;CAIjD,MAAM,KACJ,MACA,QACA,UAAuB,EAAE,EACE;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAMC,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;AAGnD,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,KAAa,MAAM,QAAQ;IACjD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AACrC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,UAAsB,EAAE,EACG;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,YACV,gBAAe,wBAAwB,UAAU,QAAQ;AAG3D,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AACJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAI,MAAM;IAChC,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,QACA,UAAsB,EAAE,EACG;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAY,MAAM,QAAQ;IAChD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,OAAO,MAAc,OAA4B;AACrD,OAAK,cAAc,KAAK;AAExB,MAAI;AACF,SAAM,KAAK,OAAO,OAAO,MAAM,EAC7B,QAAQ,OACT,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,YAAY,SAAiB;AAE3B,UAAQ,KAAK,WAAW,UAAU;;CAGpC,MAAc,iBACZ,OACA,KACA;AACA,MAAI,iBAAiB,aAAa;GAChC,MAAM,cAAc,IAAI,gBAAgB;GACxC,MAAM,YAAY,YAAY,QAAQ,IAAI,eAAe,IAAI;GAC7D,MAAM,YAAY,YAAY;GAC9B,MAAM,UAAU,MAAM,YAAY,MAAM;AACxC,SAAM,IAAIC,iDAAW;IACnB,SAAS,MAAM;IACf;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,gBAAgB,EAAE,MAAM,SAA2C;AACzE,MAAI,EAAE,iBAAiBC,gDACrB,OAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE,OAAO,OAAO,CAAC;EAGjE,MAAM,EAAE,aAAa;AAErB,MAAI,UAAU;GACZ,MAAM,EAAE,QAAQ,MAAM,YAAY;GAElC,MAAM,YAAY,QAAQ,mBAAmB;GAC7C,MAAM,EACJ,MACA,mBAAmB,kBACnB,gBACA,QACA,YACE;AAEJ,WAAQ,QAAR;IACE,KAAK,IACH,OAAM,IAAIC,uEAAsB,UAAU;IAE5C,KAAK,IACH,OAAM,IAAIC,+DAAkB;KAAE;KAAW;KAAS;KAAO,CAAC;IAE5D,KAAK,IACH,OAAM,IAAIC,sFAA6B;KACrC;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,IACH,OAAM,IAAIC,gEAAkB;KAC1B;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,KAAK;KACR,MAAM,aAAa,QAAQ,IAAI,cAAc;AAE7C,WAAM,IAAIC,mFACR,KAAK,SACL,WACA,aAAa,OAAO,WAAW,GAAG,KACnC;;IAEH,QACE,KAAIC,WAAS,iBACX,OAAM,IAAIC,yDACR,QACA,WACAD,SACA,kBACA,KACD;aACQ,QAAQ,OAGjB,OAAM,IAAIE,oEAAoB;KAC5B;KACA;KACA;KACA;KACD,CAAC;QAEF,OAAM,IAAIC,0EACR,QACA,KAAK,SACL,MACA,UACD"}
package/lib/workos.d.cts CHANGED
@@ -4,6 +4,7 @@ import { PostOptions } from "./common/interfaces/post-options.interface.cjs";
4
4
  import { PutOptions } from "./common/interfaces/put-options.interface.cjs";
5
5
  import { WorkOSOptions } from "./common/interfaces/workos-options.interface.cjs";
6
6
  import { Actions } from "./actions/actions.cjs";
7
+ import { PKCE } from "./pkce/pkce.cjs";
7
8
  import { DirectorySync } from "./directory-sync/directory-sync.cjs";
8
9
  import { Events } from "./events/events.cjs";
9
10
  import { Organizations } from "./organizations/organizations.cjs";
@@ -17,6 +18,7 @@ import { Mfa } from "./mfa/mfa.cjs";
17
18
  import { AuditLogs } from "./audit-logs/audit-logs.cjs";
18
19
  import { UserManagement } from "./user-management/user-management.cjs";
19
20
  import { FGA } from "./fga/fga.cjs";
21
+ import { FeatureFlags } from "./feature-flags/feature-flags.cjs";
20
22
  import { HttpClient } from "./common/net/http-client.cjs";
21
23
  import { Widgets } from "./widgets/widgets.cjs";
22
24
  import { Vault } from "./vault/vault.cjs";
@@ -24,35 +26,62 @@ import { ApiKeys } from "./api-keys/api-keys.cjs";
24
26
 
25
27
  //#region src/workos.d.ts
26
28
  declare class WorkOS {
27
- readonly key?: string | undefined;
28
- readonly options: WorkOSOptions;
29
29
  readonly baseURL: string;
30
30
  readonly client: HttpClient;
31
31
  readonly clientId?: string;
32
+ readonly key?: string;
33
+ readonly options: WorkOSOptions;
34
+ readonly pkce: PKCE;
35
+ private readonly hasApiKey;
32
36
  readonly actions: Actions;
33
37
  readonly apiKeys: ApiKeys;
34
38
  readonly auditLogs: AuditLogs;
35
39
  readonly directorySync: DirectorySync;
40
+ readonly events: Events;
41
+ readonly featureFlags: FeatureFlags;
42
+ readonly fga: FGA;
43
+ readonly mfa: Mfa;
36
44
  readonly organizations: Organizations;
37
45
  readonly organizationDomains: OrganizationDomains;
38
46
  readonly passwordless: Passwordless;
39
47
  readonly pipes: Pipes;
40
48
  readonly portal: Portal;
41
49
  readonly sso: SSO;
42
- readonly webhooks: Webhooks;
43
- readonly mfa: Mfa;
44
- readonly events: Events;
45
50
  readonly userManagement: UserManagement;
46
- readonly fga: FGA;
47
- readonly widgets: Widgets;
48
51
  readonly vault: Vault;
49
- constructor(key?: string | undefined, options?: WorkOSOptions);
52
+ readonly webhooks: Webhooks;
53
+ readonly widgets: Widgets;
54
+ /**
55
+ * Create a new WorkOS client.
56
+ *
57
+ * @param keyOrOptions - API key string, or options object
58
+ * @param maybeOptions - Options when first argument is API key
59
+ *
60
+ * @example
61
+ * // Server-side with API key (string)
62
+ * const workos = new WorkOS('sk_...');
63
+ *
64
+ * @example
65
+ * // Server-side with API key (object)
66
+ * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });
67
+ *
68
+ * @example
69
+ * // PKCE/public client (no API key)
70
+ * const workos = new WorkOS({ clientId: 'client_...' });
71
+ */
72
+ constructor(keyOrOptions?: string | WorkOSOptions, maybeOptions?: WorkOSOptions);
50
73
  private createUserAgent;
51
74
  createWebhookClient(): Webhooks;
52
75
  createActionsClient(): Actions;
53
76
  getCryptoProvider(): CryptoProvider;
54
77
  createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
55
78
  get version(): string;
79
+ /**
80
+ * Require API key for methods that need it.
81
+ * @param methodName - Name of the method requiring API key (for error message)
82
+ * @throws ApiKeyRequiredException if no API key was provided
83
+ */
84
+ requireApiKey(methodName: string): void;
56
85
  post<Result = any, Entity = any>(path: string, entity: Entity, options?: PostOptions): Promise<{
57
86
  data: Result;
58
87
  }>;
package/lib/workos.d.ts CHANGED
@@ -4,6 +4,7 @@ import { PostOptions } from "./common/interfaces/post-options.interface.js";
4
4
  import { PutOptions } from "./common/interfaces/put-options.interface.js";
5
5
  import { WorkOSOptions } from "./common/interfaces/workos-options.interface.js";
6
6
  import { Actions } from "./actions/actions.js";
7
+ import { PKCE } from "./pkce/pkce.js";
7
8
  import { DirectorySync } from "./directory-sync/directory-sync.js";
8
9
  import { Events } from "./events/events.js";
9
10
  import { Organizations } from "./organizations/organizations.js";
@@ -17,6 +18,7 @@ import { Mfa } from "./mfa/mfa.js";
17
18
  import { AuditLogs } from "./audit-logs/audit-logs.js";
18
19
  import { UserManagement } from "./user-management/user-management.js";
19
20
  import { FGA } from "./fga/fga.js";
21
+ import { FeatureFlags } from "./feature-flags/feature-flags.js";
20
22
  import { HttpClient } from "./common/net/http-client.js";
21
23
  import { Widgets } from "./widgets/widgets.js";
22
24
  import { Vault } from "./vault/vault.js";
@@ -24,35 +26,62 @@ import { ApiKeys } from "./api-keys/api-keys.js";
24
26
 
25
27
  //#region src/workos.d.ts
26
28
  declare class WorkOS {
27
- readonly key?: string | undefined;
28
- readonly options: WorkOSOptions;
29
29
  readonly baseURL: string;
30
30
  readonly client: HttpClient;
31
31
  readonly clientId?: string;
32
+ readonly key?: string;
33
+ readonly options: WorkOSOptions;
34
+ readonly pkce: PKCE;
35
+ private readonly hasApiKey;
32
36
  readonly actions: Actions;
33
37
  readonly apiKeys: ApiKeys;
34
38
  readonly auditLogs: AuditLogs;
35
39
  readonly directorySync: DirectorySync;
40
+ readonly events: Events;
41
+ readonly featureFlags: FeatureFlags;
42
+ readonly fga: FGA;
43
+ readonly mfa: Mfa;
36
44
  readonly organizations: Organizations;
37
45
  readonly organizationDomains: OrganizationDomains;
38
46
  readonly passwordless: Passwordless;
39
47
  readonly pipes: Pipes;
40
48
  readonly portal: Portal;
41
49
  readonly sso: SSO;
42
- readonly webhooks: Webhooks;
43
- readonly mfa: Mfa;
44
- readonly events: Events;
45
50
  readonly userManagement: UserManagement;
46
- readonly fga: FGA;
47
- readonly widgets: Widgets;
48
51
  readonly vault: Vault;
49
- constructor(key?: string | undefined, options?: WorkOSOptions);
52
+ readonly webhooks: Webhooks;
53
+ readonly widgets: Widgets;
54
+ /**
55
+ * Create a new WorkOS client.
56
+ *
57
+ * @param keyOrOptions - API key string, or options object
58
+ * @param maybeOptions - Options when first argument is API key
59
+ *
60
+ * @example
61
+ * // Server-side with API key (string)
62
+ * const workos = new WorkOS('sk_...');
63
+ *
64
+ * @example
65
+ * // Server-side with API key (object)
66
+ * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });
67
+ *
68
+ * @example
69
+ * // PKCE/public client (no API key)
70
+ * const workos = new WorkOS({ clientId: 'client_...' });
71
+ */
72
+ constructor(keyOrOptions?: string | WorkOSOptions, maybeOptions?: WorkOSOptions);
50
73
  private createUserAgent;
51
74
  createWebhookClient(): Webhooks;
52
75
  createActionsClient(): Actions;
53
76
  getCryptoProvider(): CryptoProvider;
54
77
  createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
55
78
  get version(): string;
79
+ /**
80
+ * Require API key for methods that need it.
81
+ * @param methodName - Name of the method requiring API key (for error message)
82
+ * @throws ApiKeyRequiredException if no API key was provided
83
+ */
84
+ requireApiKey(methodName: string): void;
56
85
  post<Result = any, Entity = any>(path: string, entity: Entity, options?: PostOptions): Promise<{
57
86
  data: Result;
58
87
  }>;