@workos-inc/node 8.0.0-rc.6 → 8.0.0-rc.8

package/lib/node_modules/uint8array-extras/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","names":[],"sources":["../../../node_modules/uint8array-extras/index.js"],"sourcesContent":["const objectToString = Object.prototype.toString;\nconst uint8ArrayStringified = '[object Uint8Array]';\nconst arrayBufferStringified = '[object ArrayBuffer]';\n\nfunction isType(value, typeConstructor, typeStringified) {\n\tif (!value) {\n\t\treturn false;\n\t}\n\n\tif (value.constructor === typeConstructor) {\n\t\treturn true;\n\t}\n\n\treturn objectToString.call(value) === typeStringified;\n}\n\nexport function isUint8Array(value) {\n\treturn isType(value, Uint8Array, uint8ArrayStringified);\n}\n\nfunction isArrayBuffer(value) {\n\treturn isType(value, ArrayBuffer, arrayBufferStringified);\n}\n\nfunction isUint8ArrayOrArrayBuffer(value) {\n\treturn isUint8Array(value) || isArrayBuffer(value);\n}\n\nexport function assertUint8Array(value) {\n\tif (!isUint8Array(value)) {\n\t\tthrow new TypeError(`Expected \\`Uint8Array\\`, got \\`${typeof value}\\``);\n\t}\n}\n\nexport function assertUint8ArrayOrArrayBuffer(value) {\n\tif (!isUint8ArrayOrArrayBuffer(value)) {\n\t\tthrow new TypeError(`Expected \\`Uint8Array\\` or \\`ArrayBuffer\\`, got \\`${typeof value}\\``);\n\t}\n}\n\nexport function toUint8Array(value) {\n\tif (value instanceof ArrayBuffer) {\n\t\treturn new Uint8Array(value);\n\t}\n\n\tif (ArrayBuffer.isView(value)) {\n\t\treturn new Uint8Array(value.buffer, value.byteOffset, value.byteLength);\n\t}\n\n\tthrow new TypeError(`Unsupported value, got \\`${typeof value}\\`.`);\n}\n\nexport function concatUint8Arrays(arrays, totalLength) {\n\tif (arrays.length === 0) {\n\t\treturn new Uint8Array(0);\n\t}\n\n\ttotalLength ??= arrays.reduce((accumulator, currentValue) => accumulator + currentValue.length, 0);\n\n\tconst returnValue = new Uint8Array(totalLength);\n\n\tlet offset = 0;\n\tfor (const array of arrays) {\n\t\tassertUint8Array(array);\n\t\treturnValue.set(array, offset);\n\t\toffset += array.length;\n\t}\n\n\treturn returnValue;\n}\n\nexport function areUint8ArraysEqual(a, b) {\n\tassertUint8Array(a);\n\tassertUint8Array(b);\n\n\tif (a === b) {\n\t\treturn true;\n\t}\n\n\tif (a.length !== b.length) {\n\t\treturn false;\n\t}\n\n\t// eslint-disable-next-line unicorn/no-for-loop\n\tfor (let index = 0; index < a.length; index++) {\n\t\tif (a[index] !== b[index]) {\n\t\t\treturn false;\n\t\t}\n\t}\n\n\treturn true;\n}\n\nexport function compareUint8Arrays(a, b) {\n\tassertUint8Array(a);\n\tassertUint8Array(b);\n\n\tconst length = Math.min(a.length, b.length);\n\n\tfor (let index = 0; index < length; index++) {\n\t\tconst diff = a[index] - b[index];\n\t\tif (diff !== 0) {\n\t\t\treturn Math.sign(diff);\n\t\t}\n\t}\n\n\t// At this point, all the compared elements are equal.\n\t// The shorter array should come first if the arrays are of different lengths.\n\treturn Math.sign(a.length - b.length);\n}\n\nconst cachedDecoders = {\n\tutf8: new globalThis.TextDecoder('utf8'),\n};\n\nexport function uint8ArrayToString(array, encoding = 'utf8') {\n\tassertUint8ArrayOrArrayBuffer(array);\n\tcachedDecoders[encoding] ??= new globalThis.TextDecoder(encoding);\n\treturn cachedDecoders[encoding].decode(array);\n}\n\nfunction assertString(value) {\n\tif (typeof value !== 'string') {\n\t\tthrow new TypeError(`Expected \\`string\\`, got \\`${typeof value}\\``);\n\t}\n}\n\nconst cachedEncoder = new globalThis.TextEncoder();\n\nexport function stringToUint8Array(string) {\n\tassertString(string);\n\treturn cachedEncoder.encode(string);\n}\n\nfunction base64ToBase64Url(base64) {\n\treturn base64.replaceAll('+', '-').replaceAll('/', '_').replace(/=+$/, '');\n}\n\nfunction base64UrlToBase64(base64url) {\n\tconst base64 = base64url.replaceAll('-', '+').replaceAll('_', '/');\n\tconst padding = (4 - (base64.length % 4)) % 4;\n\treturn base64 + '='.repeat(padding);\n}\n\n// Reference: https://phuoc.ng/collection/this-vs-that/concat-vs-push/\n// Important: Keep this value divisible by 3 so intermediate chunks produce no Base64 padding.\nconst MAX_BLOCK_SIZE = 65_535;\n\nexport function uint8ArrayToBase64(array, {urlSafe = false} = {}) {\n\tassertUint8Array(array);\n\n\tlet base64 = '';\n\n\tfor (let index = 0; index < array.length; index += MAX_BLOCK_SIZE) {\n\t\tconst chunk = array.subarray(index, index + MAX_BLOCK_SIZE);\n\t\t// Required as `btoa` and `atob` don't properly support Unicode: https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem\n\t\tbase64 += globalThis.btoa(String.fromCodePoint.apply(undefined, chunk));\n\t}\n\n\treturn urlSafe ? base64ToBase64Url(base64) : base64;\n}\n\nexport function base64ToUint8Array(base64String) {\n\tassertString(base64String);\n\treturn Uint8Array.from(globalThis.atob(base64UrlToBase64(base64String)), x => x.codePointAt(0));\n}\n\nexport function stringToBase64(string, {urlSafe = false} = {}) {\n\tassertString(string);\n\treturn uint8ArrayToBase64(stringToUint8Array(string), {urlSafe});\n}\n\nexport function base64ToString(base64String) {\n\tassertString(base64String);\n\treturn uint8ArrayToString(base64ToUint8Array(base64String));\n}\n\nconst byteToHexLookupTable = Array.from({length: 256}, (_, index) => index.toString(16).padStart(2, '0'));\n\nexport function uint8ArrayToHex(array) {\n\tassertUint8Array(array);\n\n\t// Concatenating a string is faster than using an array.\n\tlet hexString = '';\n\n\t// eslint-disable-next-line unicorn/no-for-loop -- Max performance is critical.\n\tfor (let index = 0; index < array.length; index++) {\n\t\thexString += byteToHexLookupTable[array[index]];\n\t}\n\n\treturn hexString;\n}\n\nconst hexToDecimalLookupTable = {\n\t0: 0,\n\t1: 1,\n\t2: 2,\n\t3: 3,\n\t4: 4,\n\t5: 5,\n\t6: 6,\n\t7: 7,\n\t8: 8,\n\t9: 9,\n\ta: 10,\n\tb: 11,\n\tc: 12,\n\td: 13,\n\te: 14,\n\tf: 15,\n\tA: 10,\n\tB: 11,\n\tC: 12,\n\tD: 13,\n\tE: 14,\n\tF: 15,\n};\n\nexport function hexToUint8Array(hexString) {\n\tassertString(hexString);\n\n\tif (hexString.length % 2 !== 0) {\n\t\tthrow new Error('Invalid Hex string length.');\n\t}\n\n\tconst resultLength = hexString.length / 2;\n\tconst bytes = new Uint8Array(resultLength);\n\n\tfor (let index = 0; index < resultLength; index++) {\n\t\tconst highNibble = hexToDecimalLookupTable[hexString[index * 2]];\n\t\tconst lowNibble = hexToDecimalLookupTable[hexString[(index * 2) + 1]];\n\n\t\tif (highNibble === undefined || lowNibble === undefined) {\n\t\t\tthrow new Error(`Invalid Hex character encountered at position ${index * 2}`);\n\t\t}\n\n\t\tbytes[index] = (highNibble << 4) | lowNibble; // eslint-disable-line no-bitwise\n\t}\n\n\treturn bytes;\n}\n\n/**\n@param {DataView} view\n@returns {number}\n*/\nexport function getUintBE(view) {\n\tconst {byteLength} = view;\n\n\tif (byteLength === 6) {\n\t\treturn (view.getUint16(0) * (2 ** 32)) + view.getUint32(2);\n\t}\n\n\tif (byteLength === 5) {\n\t\treturn (view.getUint8(0) * (2 ** 32)) + view.getUint32(1);\n\t}\n\n\tif (byteLength === 4) {\n\t\treturn view.getUint32(0);\n\t}\n\n\tif (byteLength === 3) {\n\t\treturn (view.getUint8(0) * (2 ** 16)) + view.getUint16(1);\n\t}\n\n\tif (byteLength === 2) {\n\t\treturn view.getUint16(0);\n\t}\n\n\tif (byteLength === 1) {\n\t\treturn view.getUint8(0);\n\t}\n}\n\n/**\n@param {Uint8Array} array\n@param {Uint8Array} value\n@returns {number}\n*/\nexport function indexOf(array, value) {\n\tconst arrayLength = array.length;\n\tconst valueLength = value.length;\n\n\tif (valueLength === 0) {\n\t\treturn -1;\n\t}\n\n\tif (valueLength > arrayLength) {\n\t\treturn -1;\n\t}\n\n\tconst validOffsetLength = arrayLength - valueLength;\n\n\tfor (let index = 0; index <= validOffsetLength; index++) {\n\t\tlet isMatch = true;\n\t\tfor (let index2 = 0; index2 < valueLength; index2++) {\n\t\t\tif (array[index + index2] !== value[index2]) {\n\t\t\t\tisMatch = false;\n\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\n\t\tif (isMatch) {\n\t\t\treturn index;\n\t\t}\n\t}\n\n\treturn -1;\n}\n\n/**\n@param {Uint8Array} array\n@param {Uint8Array} value\n@returns {boolean}\n*/\nexport function includes(array, value) {\n\treturn indexOf(array, value) !== -1;\n}\n"],"x_google_ignoreList":[0],"mappings":";AAAA,MAAM,iBAAiB,OAAO,UAAU;AACxC,MAAM,wBAAwB;AAG9B,SAAS,OAAO,OAAO,iBAAiB,iBAAiB;AACxD,KAAI,CAAC,MACJ,QAAO;AAGR,KAAI,MAAM,gBAAgB,gBACzB,QAAO;AAGR,QAAO,eAAe,KAAK,MAAM,KAAK;;AAGvC,SAAgB,aAAa,OAAO;AACnC,QAAO,OAAO,OAAO,YAAY,sBAAsB;;AAWxD,SAAgB,iBAAiB,OAAO;AACvC,KAAI,CAAC,aAAa,MAAM,CACvB,OAAM,IAAI,UAAU,kCAAkC,OAAO,MAAM,IAAI;;AAiFzE,MAAM,iBAAiB,EACtB,MAAM,IAAI,WAAW,YAAY,OAAO,EACxC;AAQD,SAAS,aAAa,OAAO;AAC5B,KAAI,OAAO,UAAU,SACpB,OAAM,IAAI,UAAU,8BAA8B,OAAO,MAAM,IAAI;;AAIrE,MAAM,gBAAgB,IAAI,WAAW,aAAa;AAOlD,SAAS,kBAAkB,QAAQ;AAClC,QAAO,OAAO,WAAW,KAAK,IAAI,CAAC,WAAW,KAAK,IAAI,CAAC,QAAQ,OAAO,GAAG;;AAG3E,SAAS,kBAAkB,WAAW;CACrC,MAAM,SAAS,UAAU,WAAW,KAAK,IAAI,CAAC,WAAW,KAAK,IAAI;CAClE,MAAM,WAAW,IAAK,OAAO,SAAS,KAAM;AAC5C,QAAO,SAAS,IAAI,OAAO,QAAQ;;AAKpC,MAAM,iBAAiB;AAEvB,SAAgB,mBAAmB,OAAO,EAAC,UAAU,UAAS,EAAE,EAAE;AACjE,kBAAiB,MAAM;CAEvB,IAAI,SAAS;AAEb,MAAK,IAAI,QAAQ,GAAG,QAAQ,MAAM,QAAQ,SAAS,gBAAgB;EAClE,MAAM,QAAQ,MAAM,SAAS,OAAO,QAAQ,eAAe;AAE3D,YAAU,WAAW,KAAK,OAAO,cAAc,MAAM,QAAW,MAAM,CAAC;;AAGxE,QAAO,UAAU,kBAAkB,OAAO,GAAG;;AAG9C,SAAgB,mBAAmB,cAAc;AAChD,cAAa,aAAa;AAC1B,QAAO,WAAW,KAAK,WAAW,KAAK,kBAAkB,aAAa,CAAC,GAAE,MAAK,EAAE,YAAY,EAAE,CAAC;;AAahG,MAAM,uBAAuB,MAAM,KAAK,EAAC,QAAQ,KAAI,GAAG,GAAG,UAAU,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC;AAEzG,SAAgB,gBAAgB,OAAO;AACtC,kBAAiB,MAAM;CAGvB,IAAI,YAAY;AAGhB,MAAK,IAAI,QAAQ,GAAG,QAAQ,MAAM,QAAQ,QACzC,cAAa,qBAAqB,MAAM;AAGzC,QAAO"}

package/lib/organizations/organizations.cjs

@@ -1,10 +1,13 @@
-const require_organizations_serializers_organization_serializer = require('./serializers/organization.serializer.cjs');
+const require_api_keys_serializers_api_key_serializer = require('../api-keys/serializers/api-key.serializer.cjs');
+const require_common_utils_pagination = require('../common/utils/pagination.cjs');
 const require_organizations_serializers_create_organization_options_serializer = require('./serializers/create-organization-options.serializer.cjs');
+const require_organizations_serializers_organization_serializer = require('./serializers/organization.serializer.cjs');
 const require_organizations_serializers_update_organization_options_serializer = require('./serializers/update-organization-options.serializer.cjs');
-const require_common_utils_pagination = require('../common/utils/pagination.cjs');
 const require_common_utils_fetch_and_deserialize = require('../common/utils/fetch-and-deserialize.cjs');
 const require_roles_serializers_role_serializer = require('../roles/serializers/role.serializer.cjs');
 const require_feature_flags_serializers_feature_flag_serializer = require('../feature-flags/serializers/feature-flag.serializer.cjs');
+const require_api_keys_serializers_create_organization_api_key_options_serializer = require('../api-keys/serializers/create-organization-api-key-options.serializer.cjs');
+const require_api_keys_serializers_created_api_key_serializer = require('../api-keys/serializers/created-api-key.serializer.cjs');
 
 //#region src/organizations/organizations.ts
 var Organizations = class {
@@ -46,6 +49,15 @@ var Organizations = class {
 		const { organizationId, ...paginationOptions } = options;
 		return new require_common_utils_pagination.AutoPaginatable(await require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/organizations/${organizationId}/feature-flags`, require_feature_flags_serializers_feature_flag_serializer.deserializeFeatureFlag, paginationOptions), (params) => require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/organizations/${organizationId}/feature-flags`, require_feature_flags_serializers_feature_flag_serializer.deserializeFeatureFlag, params), options);
 	}
+	async listOrganizationApiKeys(options) {
+		const { organizationId, ...paginationOptions } = options;
+		return new require_common_utils_pagination.AutoPaginatable(await require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/organizations/${organizationId}/api_keys`, require_api_keys_serializers_api_key_serializer.deserializeApiKey, paginationOptions), (params) => require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/organizations/${organizationId}/api_keys`, require_api_keys_serializers_api_key_serializer.deserializeApiKey, params), paginationOptions);
+	}
+	async createOrganizationApiKey(options, requestOptions = {}) {
+		const { organizationId } = options;
+		const { data } = await this.workos.post(`/organizations/${organizationId}/api_keys`, require_api_keys_serializers_create_organization_api_key_options_serializer.serializeCreateOrganizationApiKeyOptions(options), requestOptions);
+		return require_api_keys_serializers_created_api_key_serializer.deserializeCreatedApiKey(data);
+	}
 };
 
 //#endregion

package/lib/organizations/organizations.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"organizations.cjs","names":["workos: WorkOS","AutoPaginatable","fetchAndDeserialize","deserializeOrganization","serializeCreateOrganizationOptions","serializeUpdateOrganizationOptions","deserializeRole","deserializeFeatureFlag"],"sources":["../../src/organizations/organizations.ts"],"sourcesContent":["import { AutoPaginatable } from '../common/utils/pagination';\nimport { WorkOS } from '../workos';\nimport {\n  CreateOrganizationOptions,\n  CreateOrganizationRequestOptions,\n  ListOrganizationsOptions,\n  Organization,\n  OrganizationResponse,\n  UpdateOrganizationOptions,\n} from './interfaces';\nimport {\n  FeatureFlag,\n  FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport {\n  deserializeOrganization,\n  serializeCreateOrganizationOptions,\n  serializeUpdateOrganizationOptions,\n} from './serializers';\n\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { ListOrganizationRolesResponse, RoleList } from '../roles/interfaces';\nimport { deserializeRole } from '../roles/serializers/role.serializer';\nimport { ListOrganizationRolesOptions } from './interfaces/list-organization-roles-options.interface';\nimport { ListOrganizationFeatureFlagsOptions } from './interfaces/list-organization-feature-flags-options.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers/feature-flag.serializer';\n\nexport class Organizations {\n  constructor(private readonly workos: WorkOS) {}\n\n  async listOrganizations(\n    options?: ListOrganizationsOptions,\n  ): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>> {\n    return new AutoPaginatable(\n      await fetchAndDeserialize<OrganizationResponse, Organization>(\n        this.workos,\n        '/organizations',\n        deserializeOrganization,\n        options,\n      ),\n      (params) =>\n        fetchAndDeserialize<OrganizationResponse, Organization>(\n          this.workos,\n          '/organizations',\n          deserializeOrganization,\n          params,\n        ),\n      options,\n    );\n  }\n\n  async createOrganization(\n    payload: CreateOrganizationOptions,\n    requestOptions: CreateOrganizationRequestOptions = {},\n  ): Promise<Organization> {\n    const { data } = await this.workos.post<OrganizationResponse>(\n      '/organizations',\n      serializeCreateOrganizationOptions(payload),\n      requestOptions,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async deleteOrganization(id: string) {\n    await this.workos.delete(`/organizations/${id}`);\n  }\n\n  async getOrganization(id: string): Promise<Organization> {\n    const { data } = await this.workos.get<OrganizationResponse>(\n      `/organizations/${id}`,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async getOrganizationByExternalId(externalId: string): Promise<Organization> {\n    const { data } = await this.workos.get<OrganizationResponse>(\n      `/organizations/external_id/${externalId}`,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async updateOrganization(\n    options: UpdateOrganizationOptions,\n  ): Promise<Organization> {\n    const { organization: organizationId, ...payload } = options;\n\n    const { data } = await this.workos.put<OrganizationResponse>(\n      `/organizations/${organizationId}`,\n      serializeUpdateOrganizationOptions(payload),\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async listOrganizationRoles(\n    options: ListOrganizationRolesOptions,\n  ): Promise<RoleList> {\n    const { organizationId } = options;\n\n    const { data: response } =\n      await this.workos.get<ListOrganizationRolesResponse>(\n        `/organizations/${organizationId}/roles`,\n      );\n\n    return {\n      object: 'list',\n      data: response.data.map((role) => deserializeRole(role)),\n    };\n  }\n\n  async listOrganizationFeatureFlags(\n    options: ListOrganizationFeatureFlagsOptions,\n  ): Promise<\n    AutoPaginatable<FeatureFlag, ListOrganizationFeatureFlagsOptions>\n  > {\n    const { organizationId, ...paginationOptions } = options;\n\n    return new AutoPaginatable(\n      await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n        this.workos,\n        `/organizations/${organizationId}/feature-flags`,\n        deserializeFeatureFlag,\n        paginationOptions,\n      ),\n      (params) =>\n        fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n          this.workos,\n          `/organizations/${organizationId}/feature-flags`,\n          deserializeFeatureFlag,\n          params,\n        ),\n      options,\n    );\n  }\n}\n"],"mappings":";;;;;;;;;AA2BA,IAAa,gBAAb,MAA2B;CACzB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,kBACJ,SACkE;AAClE,SAAO,IAAIC,gDACT,MAAMC,+DACJ,KAAK,QACL,kBACAC,mFACA,QACD,GACA,WACCD,+DACE,KAAK,QACL,kBACAC,mFACA,OACD,EACH,QACD;;CAGH,MAAM,mBACJ,SACA,iBAAmD,EAAE,EAC9B;EACvB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,kBACAC,4GAAmC,QAAQ,EAC3C,eACD;AAED,SAAOD,kFAAwB,KAAK;;CAGtC,MAAM,mBAAmB,IAAY;AACnC,QAAM,KAAK,OAAO,OAAO,kBAAkB,KAAK;;CAGlD,MAAM,gBAAgB,IAAmC;EACvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,KACnB;AAED,SAAOA,kFAAwB,KAAK;;CAGtC,MAAM,4BAA4B,YAA2C;EAC3E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,8BAA8B,aAC/B;AAED,SAAOA,kFAAwB,KAAK;;CAGtC,MAAM,mBACJ,SACuB;EACvB,MAAM,EAAE,cAAc,gBAAgB,GAAG,YAAY;EAErD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,kBAClBE,4GAAmC,QAAQ,CAC5C;AAED,SAAOF,kFAAwB,KAAK;;CAGtC,MAAM,sBACJ,SACmB;EACnB,MAAM,EAAE,mBAAmB;EAE3B,MAAM,EAAE,MAAM,aACZ,MAAM,KAAK,OAAO,IAChB,kBAAkB,eAAe,QAClC;AAEH,SAAO;GACL,QAAQ;GACR,MAAM,SAAS,KAAK,KAAK,SAASG,0DAAgB,KAAK,CAAC;GACzD;;CAGH,MAAM,6BACJ,SAGA;EACA,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;AAEjD,SAAO,IAAIL,gDACT,MAAMC,+DACJ,KAAK,QACL,kBAAkB,eAAe,iBACjCK,kFACA,kBACD,GACA,WACCL,+DACE,KAAK,QACL,kBAAkB,eAAe,iBACjCK,kFACA,OACD,EACH,QACD"}
+{"version":3,"file":"organizations.cjs","names":["workos: WorkOS","AutoPaginatable","fetchAndDeserialize","deserializeOrganization","serializeCreateOrganizationOptions","serializeUpdateOrganizationOptions","deserializeRole","deserializeFeatureFlag","deserializeApiKey","serializeCreateOrganizationApiKeyOptions","deserializeCreatedApiKey"],"sources":["../../src/organizations/organizations.ts"],"sourcesContent":["import { AutoPaginatable } from '../common/utils/pagination';\nimport { WorkOS } from '../workos';\nimport {\n  CreateOrganizationOptions,\n  CreateOrganizationRequestOptions,\n  ListOrganizationsOptions,\n  Organization,\n  OrganizationResponse,\n  UpdateOrganizationOptions,\n} from './interfaces';\nimport {\n  FeatureFlag,\n  FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport {\n  deserializeOrganization,\n  serializeCreateOrganizationOptions,\n  serializeUpdateOrganizationOptions,\n} from './serializers';\n\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { ListOrganizationRolesResponse, RoleList } from '../roles/interfaces';\nimport { deserializeRole } from '../roles/serializers/role.serializer';\nimport { ListOrganizationRolesOptions } from './interfaces/list-organization-roles-options.interface';\nimport { ListOrganizationFeatureFlagsOptions } from './interfaces/list-organization-feature-flags-options.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers';\nimport {\n  ApiKey,\n  SerializedApiKey,\n  ListOrganizationApiKeysOptions,\n  CreateOrganizationApiKeyOptions,\n  CreateOrganizationApiKeyRequestOptions,\n  CreatedApiKey,\n  SerializedCreatedApiKey,\n} from '../api-keys/interfaces';\nimport {\n  deserializeApiKey,\n  serializeCreateOrganizationApiKeyOptions,\n  deserializeCreatedApiKey,\n} from '../api-keys/serializers';\n\nexport class Organizations {\n  constructor(private readonly workos: WorkOS) {}\n\n  async listOrganizations(\n    options?: ListOrganizationsOptions,\n  ): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>> {\n    return new AutoPaginatable(\n      await fetchAndDeserialize<OrganizationResponse, Organization>(\n        this.workos,\n        '/organizations',\n        deserializeOrganization,\n        options,\n      ),\n      (params) =>\n        fetchAndDeserialize<OrganizationResponse, Organization>(\n          this.workos,\n          '/organizations',\n          deserializeOrganization,\n          params,\n        ),\n      options,\n    );\n  }\n\n  async createOrganization(\n    payload: CreateOrganizationOptions,\n    requestOptions: CreateOrganizationRequestOptions = {},\n  ): Promise<Organization> {\n    const { data } = await this.workos.post<OrganizationResponse>(\n      '/organizations',\n      serializeCreateOrganizationOptions(payload),\n      requestOptions,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async deleteOrganization(id: string) {\n    await this.workos.delete(`/organizations/${id}`);\n  }\n\n  async getOrganization(id: string): Promise<Organization> {\n    const { data } = await this.workos.get<OrganizationResponse>(\n      `/organizations/${id}`,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async getOrganizationByExternalId(externalId: string): Promise<Organization> {\n    const { data } = await this.workos.get<OrganizationResponse>(\n      `/organizations/external_id/${externalId}`,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async updateOrganization(\n    options: UpdateOrganizationOptions,\n  ): Promise<Organization> {\n    const { organization: organizationId, ...payload } = options;\n\n    const { data } = await this.workos.put<OrganizationResponse>(\n      `/organizations/${organizationId}`,\n      serializeUpdateOrganizationOptions(payload),\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async listOrganizationRoles(\n    options: ListOrganizationRolesOptions,\n  ): Promise<RoleList> {\n    const { organizationId } = options;\n\n    const { data: response } =\n      await this.workos.get<ListOrganizationRolesResponse>(\n        `/organizations/${organizationId}/roles`,\n      );\n\n    return {\n      object: 'list',\n      data: response.data.map((role) => deserializeRole(role)),\n    };\n  }\n\n  async listOrganizationFeatureFlags(\n    options: ListOrganizationFeatureFlagsOptions,\n  ): Promise<\n    AutoPaginatable<FeatureFlag, ListOrganizationFeatureFlagsOptions>\n  > {\n    const { organizationId, ...paginationOptions } = options;\n\n    return new AutoPaginatable(\n      await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n        this.workos,\n        `/organizations/${organizationId}/feature-flags`,\n        deserializeFeatureFlag,\n        paginationOptions,\n      ),\n      (params) =>\n        fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n          this.workos,\n          `/organizations/${organizationId}/feature-flags`,\n          deserializeFeatureFlag,\n          params,\n        ),\n      options,\n    );\n  }\n\n  async listOrganizationApiKeys(\n    options: ListOrganizationApiKeysOptions,\n  ): Promise<AutoPaginatable<ApiKey>> {\n    const { organizationId, ...paginationOptions } = options;\n\n    return new AutoPaginatable(\n      await fetchAndDeserialize<SerializedApiKey, ApiKey>(\n        this.workos,\n        `/organizations/${organizationId}/api_keys`,\n        deserializeApiKey,\n        paginationOptions,\n      ),\n      (params) =>\n        fetchAndDeserialize<SerializedApiKey, ApiKey>(\n          this.workos,\n          `/organizations/${organizationId}/api_keys`,\n          deserializeApiKey,\n          params,\n        ),\n      paginationOptions,\n    );\n  }\n\n  async createOrganizationApiKey(\n    options: CreateOrganizationApiKeyOptions,\n    requestOptions: CreateOrganizationApiKeyRequestOptions = {},\n  ): Promise<CreatedApiKey> {\n    const { organizationId } = options;\n\n    const { data } = await this.workos.post<SerializedCreatedApiKey>(\n      `/organizations/${organizationId}/api_keys`,\n      serializeCreateOrganizationApiKeyOptions(options),\n      requestOptions,\n    );\n\n    return deserializeCreatedApiKey(data);\n  }\n}\n"],"mappings":";;;;;;;;;;;;AAyCA,IAAa,gBAAb,MAA2B;CACzB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,kBACJ,SACkE;AAClE,SAAO,IAAIC,gDACT,MAAMC,+DACJ,KAAK,QACL,kBACAC,mFACA,QACD,GACA,WACCD,+DACE,KAAK,QACL,kBACAC,mFACA,OACD,EACH,QACD;;CAGH,MAAM,mBACJ,SACA,iBAAmD,EAAE,EAC9B;EACvB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,kBACAC,4GAAmC,QAAQ,EAC3C,eACD;AAED,SAAOD,kFAAwB,KAAK;;CAGtC,MAAM,mBAAmB,IAAY;AACnC,QAAM,KAAK,OAAO,OAAO,kBAAkB,KAAK;;CAGlD,MAAM,gBAAgB,IAAmC;EACvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,KACnB;AAED,SAAOA,kFAAwB,KAAK;;CAGtC,MAAM,4BAA4B,YAA2C;EAC3E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,8BAA8B,aAC/B;AAED,SAAOA,kFAAwB,KAAK;;CAGtC,MAAM,mBACJ,SACuB;EACvB,MAAM,EAAE,cAAc,gBAAgB,GAAG,YAAY;EAErD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,kBAClBE,4GAAmC,QAAQ,CAC5C;AAED,SAAOF,kFAAwB,KAAK;;CAGtC,MAAM,sBACJ,SACmB;EACnB,MAAM,EAAE,mBAAmB;EAE3B,MAAM,EAAE,MAAM,aACZ,MAAM,KAAK,OAAO,IAChB,kBAAkB,eAAe,QAClC;AAEH,SAAO;GACL,QAAQ;GACR,MAAM,SAAS,KAAK,KAAK,SAASG,0DAAgB,KAAK,CAAC;GACzD;;CAGH,MAAM,6BACJ,SAGA;EACA,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;AAEjD,SAAO,IAAIL,gDACT,MAAMC,+DACJ,KAAK,QACL,kBAAkB,eAAe,iBACjCK,kFACA,kBACD,GACA,WACCL,+DACE,KAAK,QACL,kBAAkB,eAAe,iBACjCK,kFACA,OACD,EACH,QACD;;CAGH,MAAM,wBACJ,SACkC;EAClC,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;AAEjD,SAAO,IAAIN,gDACT,MAAMC,+DACJ,KAAK,QACL,kBAAkB,eAAe,YACjCM,mEACA,kBACD,GACA,WACCN,+DACE,KAAK,QACL,kBAAkB,eAAe,YACjCM,mEACA,OACD,EACH,kBACD;;CAGH,MAAM,yBACJ,SACA,iBAAyD,EAAE,EACnC;EACxB,MAAM,EAAE,mBAAmB;EAE3B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,kBAAkB,eAAe,YACjCC,qHAAyC,QAAQ,EACjD,eACD;AAED,SAAOC,iFAAyB,KAAK"}

package/lib/organizations/organizations.d.cts

@@ -1,4 +1,8 @@
 import { RoleList } from "../roles/interfaces/role.interface.cjs";
+import { ApiKey } from "../api-keys/interfaces/api-key.interface.cjs";
+import { CreateOrganizationApiKeyOptions, CreateOrganizationApiKeyRequestOptions } from "../api-keys/interfaces/create-organization-api-key-options.interface.cjs";
+import { CreatedApiKey } from "../api-keys/interfaces/created-api-key.interface.cjs";
+import { ListOrganizationApiKeysOptions } from "../api-keys/interfaces/list-organization-api-keys-options.interface.cjs";
 import { CreateOrganizationOptions, CreateOrganizationRequestOptions } from "./interfaces/create-organization-options.interface.cjs";
 import { ListOrganizationFeatureFlagsOptions } from "./interfaces/list-organization-feature-flags-options.interface.cjs";
 import { ListOrganizationsOptions } from "./interfaces/list-organizations-options.interface.cjs";
@@ -21,6 +25,8 @@ declare class Organizations {
   updateOrganization(options: UpdateOrganizationOptions): Promise<Organization>;
   listOrganizationRoles(options: ListOrganizationRolesOptions): Promise<RoleList>;
   listOrganizationFeatureFlags(options: ListOrganizationFeatureFlagsOptions): Promise<AutoPaginatable<FeatureFlag, ListOrganizationFeatureFlagsOptions>>;
+  listOrganizationApiKeys(options: ListOrganizationApiKeysOptions): Promise<AutoPaginatable<ApiKey>>;
+  createOrganizationApiKey(options: CreateOrganizationApiKeyOptions, requestOptions?: CreateOrganizationApiKeyRequestOptions): Promise<CreatedApiKey>;
 }
 //#endregion
 export { Organizations };

package/lib/organizations/organizations.d.ts

@@ -1,4 +1,8 @@
 import { RoleList } from "../roles/interfaces/role.interface.js";
+import { ApiKey } from "../api-keys/interfaces/api-key.interface.js";
+import { CreateOrganizationApiKeyOptions, CreateOrganizationApiKeyRequestOptions } from "../api-keys/interfaces/create-organization-api-key-options.interface.js";
+import { CreatedApiKey } from "../api-keys/interfaces/created-api-key.interface.js";
+import { ListOrganizationApiKeysOptions } from "../api-keys/interfaces/list-organization-api-keys-options.interface.js";
 import { CreateOrganizationOptions, CreateOrganizationRequestOptions } from "./interfaces/create-organization-options.interface.js";
 import { ListOrganizationFeatureFlagsOptions } from "./interfaces/list-organization-feature-flags-options.interface.js";
 import { ListOrganizationsOptions } from "./interfaces/list-organizations-options.interface.js";
@@ -21,6 +25,8 @@ declare class Organizations {
   updateOrganization(options: UpdateOrganizationOptions): Promise<Organization>;
   listOrganizationRoles(options: ListOrganizationRolesOptions): Promise<RoleList>;
   listOrganizationFeatureFlags(options: ListOrganizationFeatureFlagsOptions): Promise<AutoPaginatable<FeatureFlag, ListOrganizationFeatureFlagsOptions>>;
+  listOrganizationApiKeys(options: ListOrganizationApiKeysOptions): Promise<AutoPaginatable<ApiKey>>;
+  createOrganizationApiKey(options: CreateOrganizationApiKeyOptions, requestOptions?: CreateOrganizationApiKeyRequestOptions): Promise<CreatedApiKey>;
 }
 //#endregion
 export { Organizations };

package/lib/organizations/organizations.js

@@ -1,10 +1,13 @@
-import { deserializeOrganization } from "./serializers/organization.serializer.js";
+import { deserializeApiKey } from "../api-keys/serializers/api-key.serializer.js";
+import { AutoPaginatable } from "../common/utils/pagination.js";
 import { serializeCreateOrganizationOptions } from "./serializers/create-organization-options.serializer.js";
+import { deserializeOrganization } from "./serializers/organization.serializer.js";
 import { serializeUpdateOrganizationOptions } from "./serializers/update-organization-options.serializer.js";
-import { AutoPaginatable } from "../common/utils/pagination.js";
 import { fetchAndDeserialize } from "../common/utils/fetch-and-deserialize.js";
 import { deserializeRole } from "../roles/serializers/role.serializer.js";
 import { deserializeFeatureFlag } from "../feature-flags/serializers/feature-flag.serializer.js";
+import { serializeCreateOrganizationApiKeyOptions } from "../api-keys/serializers/create-organization-api-key-options.serializer.js";
+import { deserializeCreatedApiKey } from "../api-keys/serializers/created-api-key.serializer.js";
 
 //#region src/organizations/organizations.ts
 var Organizations = class {
@@ -46,6 +49,15 @@ var Organizations = class {
 		const { organizationId, ...paginationOptions } = options;
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${organizationId}/feature-flags`, deserializeFeatureFlag, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${organizationId}/feature-flags`, deserializeFeatureFlag, params), options);
 	}
+	async listOrganizationApiKeys(options) {
+		const { organizationId, ...paginationOptions } = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${organizationId}/api_keys`, deserializeApiKey, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${organizationId}/api_keys`, deserializeApiKey, params), paginationOptions);
+	}
+	async createOrganizationApiKey(options, requestOptions = {}) {
+		const { organizationId } = options;
+		const { data } = await this.workos.post(`/organizations/${organizationId}/api_keys`, serializeCreateOrganizationApiKeyOptions(options), requestOptions);
+		return deserializeCreatedApiKey(data);
+	}
 };
 
 //#endregion

package/lib/organizations/organizations.js.map

@@ -1 +1 @@
-{"version":3,"file":"organizations.js","names":["workos: WorkOS"],"sources":["../../src/organizations/organizations.ts"],"sourcesContent":["import { AutoPaginatable } from '../common/utils/pagination';\nimport { WorkOS } from '../workos';\nimport {\n  CreateOrganizationOptions,\n  CreateOrganizationRequestOptions,\n  ListOrganizationsOptions,\n  Organization,\n  OrganizationResponse,\n  UpdateOrganizationOptions,\n} from './interfaces';\nimport {\n  FeatureFlag,\n  FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport {\n  deserializeOrganization,\n  serializeCreateOrganizationOptions,\n  serializeUpdateOrganizationOptions,\n} from './serializers';\n\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { ListOrganizationRolesResponse, RoleList } from '../roles/interfaces';\nimport { deserializeRole } from '../roles/serializers/role.serializer';\nimport { ListOrganizationRolesOptions } from './interfaces/list-organization-roles-options.interface';\nimport { ListOrganizationFeatureFlagsOptions } from './interfaces/list-organization-feature-flags-options.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers/feature-flag.serializer';\n\nexport class Organizations {\n  constructor(private readonly workos: WorkOS) {}\n\n  async listOrganizations(\n    options?: ListOrganizationsOptions,\n  ): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>> {\n    return new AutoPaginatable(\n      await fetchAndDeserialize<OrganizationResponse, Organization>(\n        this.workos,\n        '/organizations',\n        deserializeOrganization,\n        options,\n      ),\n      (params) =>\n        fetchAndDeserialize<OrganizationResponse, Organization>(\n          this.workos,\n          '/organizations',\n          deserializeOrganization,\n          params,\n        ),\n      options,\n    );\n  }\n\n  async createOrganization(\n    payload: CreateOrganizationOptions,\n    requestOptions: CreateOrganizationRequestOptions = {},\n  ): Promise<Organization> {\n    const { data } = await this.workos.post<OrganizationResponse>(\n      '/organizations',\n      serializeCreateOrganizationOptions(payload),\n      requestOptions,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async deleteOrganization(id: string) {\n    await this.workos.delete(`/organizations/${id}`);\n  }\n\n  async getOrganization(id: string): Promise<Organization> {\n    const { data } = await this.workos.get<OrganizationResponse>(\n      `/organizations/${id}`,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async getOrganizationByExternalId(externalId: string): Promise<Organization> {\n    const { data } = await this.workos.get<OrganizationResponse>(\n      `/organizations/external_id/${externalId}`,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async updateOrganization(\n    options: UpdateOrganizationOptions,\n  ): Promise<Organization> {\n    const { organization: organizationId, ...payload } = options;\n\n    const { data } = await this.workos.put<OrganizationResponse>(\n      `/organizations/${organizationId}`,\n      serializeUpdateOrganizationOptions(payload),\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async listOrganizationRoles(\n    options: ListOrganizationRolesOptions,\n  ): Promise<RoleList> {\n    const { organizationId } = options;\n\n    const { data: response } =\n      await this.workos.get<ListOrganizationRolesResponse>(\n        `/organizations/${organizationId}/roles`,\n      );\n\n    return {\n      object: 'list',\n      data: response.data.map((role) => deserializeRole(role)),\n    };\n  }\n\n  async listOrganizationFeatureFlags(\n    options: ListOrganizationFeatureFlagsOptions,\n  ): Promise<\n    AutoPaginatable<FeatureFlag, ListOrganizationFeatureFlagsOptions>\n  > {\n    const { organizationId, ...paginationOptions } = options;\n\n    return new AutoPaginatable(\n      await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n        this.workos,\n        `/organizations/${organizationId}/feature-flags`,\n        deserializeFeatureFlag,\n        paginationOptions,\n      ),\n      (params) =>\n        fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n          this.workos,\n          `/organizations/${organizationId}/feature-flags`,\n          deserializeFeatureFlag,\n          params,\n        ),\n      options,\n    );\n  }\n}\n"],"mappings":";;;;;;;;;AA2BA,IAAa,gBAAb,MAA2B;CACzB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,kBACJ,SACkE;AAClE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBACA,yBACA,QACD,GACA,WACC,oBACE,KAAK,QACL,kBACA,yBACA,OACD,EACH,QACD;;CAGH,MAAM,mBACJ,SACA,iBAAmD,EAAE,EAC9B;EACvB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,kBACA,mCAAmC,QAAQ,EAC3C,eACD;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,mBAAmB,IAAY;AACnC,QAAM,KAAK,OAAO,OAAO,kBAAkB,KAAK;;CAGlD,MAAM,gBAAgB,IAAmC;EACvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,KACnB;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,4BAA4B,YAA2C;EAC3E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,8BAA8B,aAC/B;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,mBACJ,SACuB;EACvB,MAAM,EAAE,cAAc,gBAAgB,GAAG,YAAY;EAErD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,kBAClB,mCAAmC,QAAQ,CAC5C;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,sBACJ,SACmB;EACnB,MAAM,EAAE,mBAAmB;EAE3B,MAAM,EAAE,MAAM,aACZ,MAAM,KAAK,OAAO,IAChB,kBAAkB,eAAe,QAClC;AAEH,SAAO;GACL,QAAQ;GACR,MAAM,SAAS,KAAK,KAAK,SAAS,gBAAgB,KAAK,CAAC;GACzD;;CAGH,MAAM,6BACJ,SAGA;EACA,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;AAEjD,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBAAkB,eAAe,iBACjC,wBACA,kBACD,GACA,WACC,oBACE,KAAK,QACL,kBAAkB,eAAe,iBACjC,wBACA,OACD,EACH,QACD"}
+{"version":3,"file":"organizations.js","names":["workos: WorkOS"],"sources":["../../src/organizations/organizations.ts"],"sourcesContent":["import { AutoPaginatable } from '../common/utils/pagination';\nimport { WorkOS } from '../workos';\nimport {\n  CreateOrganizationOptions,\n  CreateOrganizationRequestOptions,\n  ListOrganizationsOptions,\n  Organization,\n  OrganizationResponse,\n  UpdateOrganizationOptions,\n} from './interfaces';\nimport {\n  FeatureFlag,\n  FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport {\n  deserializeOrganization,\n  serializeCreateOrganizationOptions,\n  serializeUpdateOrganizationOptions,\n} from './serializers';\n\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { ListOrganizationRolesResponse, RoleList } from '../roles/interfaces';\nimport { deserializeRole } from '../roles/serializers/role.serializer';\nimport { ListOrganizationRolesOptions } from './interfaces/list-organization-roles-options.interface';\nimport { ListOrganizationFeatureFlagsOptions } from './interfaces/list-organization-feature-flags-options.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers';\nimport {\n  ApiKey,\n  SerializedApiKey,\n  ListOrganizationApiKeysOptions,\n  CreateOrganizationApiKeyOptions,\n  CreateOrganizationApiKeyRequestOptions,\n  CreatedApiKey,\n  SerializedCreatedApiKey,\n} from '../api-keys/interfaces';\nimport {\n  deserializeApiKey,\n  serializeCreateOrganizationApiKeyOptions,\n  deserializeCreatedApiKey,\n} from '../api-keys/serializers';\n\nexport class Organizations {\n  constructor(private readonly workos: WorkOS) {}\n\n  async listOrganizations(\n    options?: ListOrganizationsOptions,\n  ): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>> {\n    return new AutoPaginatable(\n      await fetchAndDeserialize<OrganizationResponse, Organization>(\n        this.workos,\n        '/organizations',\n        deserializeOrganization,\n        options,\n      ),\n      (params) =>\n        fetchAndDeserialize<OrganizationResponse, Organization>(\n          this.workos,\n          '/organizations',\n          deserializeOrganization,\n          params,\n        ),\n      options,\n    );\n  }\n\n  async createOrganization(\n    payload: CreateOrganizationOptions,\n    requestOptions: CreateOrganizationRequestOptions = {},\n  ): Promise<Organization> {\n    const { data } = await this.workos.post<OrganizationResponse>(\n      '/organizations',\n      serializeCreateOrganizationOptions(payload),\n      requestOptions,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async deleteOrganization(id: string) {\n    await this.workos.delete(`/organizations/${id}`);\n  }\n\n  async getOrganization(id: string): Promise<Organization> {\n    const { data } = await this.workos.get<OrganizationResponse>(\n      `/organizations/${id}`,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async getOrganizationByExternalId(externalId: string): Promise<Organization> {\n    const { data } = await this.workos.get<OrganizationResponse>(\n      `/organizations/external_id/${externalId}`,\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async updateOrganization(\n    options: UpdateOrganizationOptions,\n  ): Promise<Organization> {\n    const { organization: organizationId, ...payload } = options;\n\n    const { data } = await this.workos.put<OrganizationResponse>(\n      `/organizations/${organizationId}`,\n      serializeUpdateOrganizationOptions(payload),\n    );\n\n    return deserializeOrganization(data);\n  }\n\n  async listOrganizationRoles(\n    options: ListOrganizationRolesOptions,\n  ): Promise<RoleList> {\n    const { organizationId } = options;\n\n    const { data: response } =\n      await this.workos.get<ListOrganizationRolesResponse>(\n        `/organizations/${organizationId}/roles`,\n      );\n\n    return {\n      object: 'list',\n      data: response.data.map((role) => deserializeRole(role)),\n    };\n  }\n\n  async listOrganizationFeatureFlags(\n    options: ListOrganizationFeatureFlagsOptions,\n  ): Promise<\n    AutoPaginatable<FeatureFlag, ListOrganizationFeatureFlagsOptions>\n  > {\n    const { organizationId, ...paginationOptions } = options;\n\n    return new AutoPaginatable(\n      await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n        this.workos,\n        `/organizations/${organizationId}/feature-flags`,\n        deserializeFeatureFlag,\n        paginationOptions,\n      ),\n      (params) =>\n        fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n          this.workos,\n          `/organizations/${organizationId}/feature-flags`,\n          deserializeFeatureFlag,\n          params,\n        ),\n      options,\n    );\n  }\n\n  async listOrganizationApiKeys(\n    options: ListOrganizationApiKeysOptions,\n  ): Promise<AutoPaginatable<ApiKey>> {\n    const { organizationId, ...paginationOptions } = options;\n\n    return new AutoPaginatable(\n      await fetchAndDeserialize<SerializedApiKey, ApiKey>(\n        this.workos,\n        `/organizations/${organizationId}/api_keys`,\n        deserializeApiKey,\n        paginationOptions,\n      ),\n      (params) =>\n        fetchAndDeserialize<SerializedApiKey, ApiKey>(\n          this.workos,\n          `/organizations/${organizationId}/api_keys`,\n          deserializeApiKey,\n          params,\n        ),\n      paginationOptions,\n    );\n  }\n\n  async createOrganizationApiKey(\n    options: CreateOrganizationApiKeyOptions,\n    requestOptions: CreateOrganizationApiKeyRequestOptions = {},\n  ): Promise<CreatedApiKey> {\n    const { organizationId } = options;\n\n    const { data } = await this.workos.post<SerializedCreatedApiKey>(\n      `/organizations/${organizationId}/api_keys`,\n      serializeCreateOrganizationApiKeyOptions(options),\n      requestOptions,\n    );\n\n    return deserializeCreatedApiKey(data);\n  }\n}\n"],"mappings":";;;;;;;;;;;;AAyCA,IAAa,gBAAb,MAA2B;CACzB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,kBACJ,SACkE;AAClE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBACA,yBACA,QACD,GACA,WACC,oBACE,KAAK,QACL,kBACA,yBACA,OACD,EACH,QACD;;CAGH,MAAM,mBACJ,SACA,iBAAmD,EAAE,EAC9B;EACvB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,kBACA,mCAAmC,QAAQ,EAC3C,eACD;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,mBAAmB,IAAY;AACnC,QAAM,KAAK,OAAO,OAAO,kBAAkB,KAAK;;CAGlD,MAAM,gBAAgB,IAAmC;EACvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,KACnB;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,4BAA4B,YAA2C;EAC3E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,8BAA8B,aAC/B;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,mBACJ,SACuB;EACvB,MAAM,EAAE,cAAc,gBAAgB,GAAG,YAAY;EAErD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,kBAClB,mCAAmC,QAAQ,CAC5C;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,sBACJ,SACmB;EACnB,MAAM,EAAE,mBAAmB;EAE3B,MAAM,EAAE,MAAM,aACZ,MAAM,KAAK,OAAO,IAChB,kBAAkB,eAAe,QAClC;AAEH,SAAO;GACL,QAAQ;GACR,MAAM,SAAS,KAAK,KAAK,SAAS,gBAAgB,KAAK,CAAC;GACzD;;CAGH,MAAM,6BACJ,SAGA;EACA,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;AAEjD,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBAAkB,eAAe,iBACjC,wBACA,kBACD,GACA,WACC,oBACE,KAAK,QACL,kBAAkB,eAAe,iBACjC,wBACA,OACD,EACH,QACD;;CAGH,MAAM,wBACJ,SACkC;EAClC,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;AAEjD,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBAAkB,eAAe,YACjC,mBACA,kBACD,GACA,WACC,oBACE,KAAK,QACL,kBAAkB,eAAe,YACjC,mBACA,OACD,EACH,kBACD;;CAGH,MAAM,yBACJ,SACA,iBAAyD,EAAE,EACnC;EACxB,MAAM,EAAE,mBAAmB;EAE3B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,kBAAkB,eAAe,YACjC,yCAAyC,QAAQ,EACjD,eACD;AAED,SAAO,yBAAyB,KAAK"}

package/lib/organizations/serializers/index.cjs

@@ -1,5 +1,5 @@
-const require_organizations_serializers_organization_serializer = require('./organization.serializer.cjs');
 const require_organizations_serializers_create_organization_options_serializer = require('./create-organization-options.serializer.cjs');
+const require_organizations_serializers_organization_serializer = require('./organization.serializer.cjs');
 const require_organizations_serializers_update_organization_options_serializer = require('./update-organization-options.serializer.cjs');
 
 exports.deserializeOrganization = require_organizations_serializers_organization_serializer.deserializeOrganization;

package/lib/organizations/serializers/index.js

@@ -1,5 +1,5 @@
-import { deserializeOrganization } from "./organization.serializer.js";
 import { serializeCreateOrganizationOptions } from "./create-organization-options.serializer.js";
+import { deserializeOrganization } from "./organization.serializer.js";
 import { serializeUpdateOrganizationOptions } from "./update-organization-options.serializer.js";
 
 export { deserializeOrganization, serializeCreateOrganizationOptions, serializeUpdateOrganizationOptions };

package/lib/pkce/pkce.cjs

@@ -0,0 +1,54 @@
+
+//#region src/pkce/pkce.ts
+/**
+* PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0 public clients.
+*
+* Implements RFC 7636 for secure authorization code exchange without a client secret.
+* Used by Electron apps, React Native/mobile apps, CLI tools, and other public clients.
+*/
+var PKCE = class {
+	/**
+	* Generate a cryptographically random code verifier.
+	*
+	* @param length - Length of verifier (43-128, default 43)
+	* @returns RFC 7636 compliant code verifier
+	*/
+	generateCodeVerifier(length = 43) {
+		if (length < 43 || length > 128) throw new RangeError(`Code verifier length must be between 43 and 128, got ${length}`);
+		const byteLength = Math.ceil(length * 3 / 4);
+		const randomBytes = new Uint8Array(byteLength);
+		crypto.getRandomValues(randomBytes);
+		return this.base64UrlEncode(randomBytes).slice(0, length);
+	}
+	/**
+	* Generate S256 code challenge from a verifier.
+	*
+	* @param verifier - The code verifier
+	* @returns Base64URL-encoded SHA256 hash
+	*/
+	async generateCodeChallenge(verifier) {
+		const data = new TextEncoder().encode(verifier);
+		const hash = await crypto.subtle.digest("SHA-256", data);
+		return this.base64UrlEncode(new Uint8Array(hash));
+	}
+	/**
+	* Generate a complete PKCE pair (verifier + challenge).
+	*
+	* @returns Code verifier, challenge, and method ('S256')
+	*/
+	async generate() {
+		const codeVerifier = this.generateCodeVerifier();
+		return {
+			codeVerifier,
+			codeChallenge: await this.generateCodeChallenge(codeVerifier),
+			codeChallengeMethod: "S256"
+		};
+	}
+	base64UrlEncode(buffer) {
+		return btoa(String.fromCharCode(...buffer)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+	}
+};
+
+//#endregion
+exports.PKCE = PKCE;
+//# sourceMappingURL=pkce.cjs.map

package/lib/pkce/pkce.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.cjs","names":[],"sources":["../../src/pkce/pkce.ts"],"sourcesContent":["export interface PKCEPair {\n  codeVerifier: string;\n  codeChallenge: string;\n  codeChallengeMethod: 'S256';\n}\n\n/**\n * PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0 public clients.\n *\n * Implements RFC 7636 for secure authorization code exchange without a client secret.\n * Used by Electron apps, React Native/mobile apps, CLI tools, and other public clients.\n */\nexport class PKCE {\n  /**\n   * Generate a cryptographically random code verifier.\n   *\n   * @param length - Length of verifier (43-128, default 43)\n   * @returns RFC 7636 compliant code verifier\n   */\n  generateCodeVerifier(length: number = 43): string {\n    if (length < 43 || length > 128) {\n      throw new RangeError(\n        `Code verifier length must be between 43 and 128, got ${length}`,\n      );\n    }\n\n    const byteLength = Math.ceil((length * 3) / 4);\n    const randomBytes = new Uint8Array(byteLength);\n    crypto.getRandomValues(randomBytes);\n\n    return this.base64UrlEncode(randomBytes).slice(0, length);\n  }\n\n  /**\n   * Generate S256 code challenge from a verifier.\n   *\n   * @param verifier - The code verifier\n   * @returns Base64URL-encoded SHA256 hash\n   */\n  async generateCodeChallenge(verifier: string): Promise<string> {\n    const encoder = new TextEncoder();\n    const data = encoder.encode(verifier);\n    const hash = await crypto.subtle.digest('SHA-256', data);\n    return this.base64UrlEncode(new Uint8Array(hash));\n  }\n\n  /**\n   * Generate a complete PKCE pair (verifier + challenge).\n   *\n   * @returns Code verifier, challenge, and method ('S256')\n   */\n  async generate(): Promise<PKCEPair> {\n    const codeVerifier = this.generateCodeVerifier();\n    const codeChallenge = await this.generateCodeChallenge(codeVerifier);\n    return { codeVerifier, codeChallenge, codeChallengeMethod: 'S256' };\n  }\n\n  private base64UrlEncode(buffer: Uint8Array): string {\n    const base64 = btoa(String.fromCharCode(...buffer));\n    return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n  }\n}\n"],"mappings":";;;;;;;;AAYA,IAAa,OAAb,MAAkB;;;;;;;CAOhB,qBAAqB,SAAiB,IAAY;AAChD,MAAI,SAAS,MAAM,SAAS,IAC1B,OAAM,IAAI,WACR,wDAAwD,SACzD;EAGH,MAAM,aAAa,KAAK,KAAM,SAAS,IAAK,EAAE;EAC9C,MAAM,cAAc,IAAI,WAAW,WAAW;AAC9C,SAAO,gBAAgB,YAAY;AAEnC,SAAO,KAAK,gBAAgB,YAAY,CAAC,MAAM,GAAG,OAAO;;;;;;;;CAS3D,MAAM,sBAAsB,UAAmC;EAE7D,MAAM,OADU,IAAI,aAAa,CACZ,OAAO,SAAS;EACrC,MAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK;AACxD,SAAO,KAAK,gBAAgB,IAAI,WAAW,KAAK,CAAC;;;;;;;CAQnD,MAAM,WAA8B;EAClC,MAAM,eAAe,KAAK,sBAAsB;AAEhD,SAAO;GAAE;GAAc,eADD,MAAM,KAAK,sBAAsB,aAAa;GAC9B,qBAAqB;GAAQ;;CAGrE,AAAQ,gBAAgB,QAA4B;AAElD,SADe,KAAK,OAAO,aAAa,GAAG,OAAO,CAAC,CACrC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG"}

package/lib/pkce/pkce.d.cts

@@ -0,0 +1,38 @@
+//#region src/pkce/pkce.d.ts
+interface PKCEPair {
+  codeVerifier: string;
+  codeChallenge: string;
+  codeChallengeMethod: 'S256';
+}
+/**
+ * PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0 public clients.
+ *
+ * Implements RFC 7636 for secure authorization code exchange without a client secret.
+ * Used by Electron apps, React Native/mobile apps, CLI tools, and other public clients.
+ */
+declare class PKCE {
+  /**
+   * Generate a cryptographically random code verifier.
+   *
+   * @param length - Length of verifier (43-128, default 43)
+   * @returns RFC 7636 compliant code verifier
+   */
+  generateCodeVerifier(length?: number): string;
+  /**
+   * Generate S256 code challenge from a verifier.
+   *
+   * @param verifier - The code verifier
+   * @returns Base64URL-encoded SHA256 hash
+   */
+  generateCodeChallenge(verifier: string): Promise<string>;
+  /**
+   * Generate a complete PKCE pair (verifier + challenge).
+   *
+   * @returns Code verifier, challenge, and method ('S256')
+   */
+  generate(): Promise<PKCEPair>;
+  private base64UrlEncode;
+}
+//#endregion
+export { PKCE, PKCEPair };
+//# sourceMappingURL=pkce.d.cts.map

package/lib/pkce/pkce.d.ts

@@ -0,0 +1,38 @@
+//#region src/pkce/pkce.d.ts
+interface PKCEPair {
+  codeVerifier: string;
+  codeChallenge: string;
+  codeChallengeMethod: 'S256';
+}
+/**
+ * PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0 public clients.
+ *
+ * Implements RFC 7636 for secure authorization code exchange without a client secret.
+ * Used by Electron apps, React Native/mobile apps, CLI tools, and other public clients.
+ */
+declare class PKCE {
+  /**
+   * Generate a cryptographically random code verifier.
+   *
+   * @param length - Length of verifier (43-128, default 43)
+   * @returns RFC 7636 compliant code verifier
+   */
+  generateCodeVerifier(length?: number): string;
+  /**
+   * Generate S256 code challenge from a verifier.
+   *
+   * @param verifier - The code verifier
+   * @returns Base64URL-encoded SHA256 hash
+   */
+  generateCodeChallenge(verifier: string): Promise<string>;
+  /**
+   * Generate a complete PKCE pair (verifier + challenge).
+   *
+   * @returns Code verifier, challenge, and method ('S256')
+   */
+  generate(): Promise<PKCEPair>;
+  private base64UrlEncode;
+}
+//#endregion
+export { PKCE, PKCEPair };
+//# sourceMappingURL=pkce.d.ts.map

package/lib/pkce/pkce.js

@@ -0,0 +1,53 @@
+//#region src/pkce/pkce.ts
+/**
+* PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0 public clients.
+*
+* Implements RFC 7636 for secure authorization code exchange without a client secret.
+* Used by Electron apps, React Native/mobile apps, CLI tools, and other public clients.
+*/
+var PKCE = class {
+	/**
+	* Generate a cryptographically random code verifier.
+	*
+	* @param length - Length of verifier (43-128, default 43)
+	* @returns RFC 7636 compliant code verifier
+	*/
+	generateCodeVerifier(length = 43) {
+		if (length < 43 || length > 128) throw new RangeError(`Code verifier length must be between 43 and 128, got ${length}`);
+		const byteLength = Math.ceil(length * 3 / 4);
+		const randomBytes = new Uint8Array(byteLength);
+		crypto.getRandomValues(randomBytes);
+		return this.base64UrlEncode(randomBytes).slice(0, length);
+	}
+	/**
+	* Generate S256 code challenge from a verifier.
+	*
+	* @param verifier - The code verifier
+	* @returns Base64URL-encoded SHA256 hash
+	*/
+	async generateCodeChallenge(verifier) {
+		const data = new TextEncoder().encode(verifier);
+		const hash = await crypto.subtle.digest("SHA-256", data);
+		return this.base64UrlEncode(new Uint8Array(hash));
+	}
+	/**
+	* Generate a complete PKCE pair (verifier + challenge).
+	*
+	* @returns Code verifier, challenge, and method ('S256')
+	*/
+	async generate() {
+		const codeVerifier = this.generateCodeVerifier();
+		return {
+			codeVerifier,
+			codeChallenge: await this.generateCodeChallenge(codeVerifier),
+			codeChallengeMethod: "S256"
+		};
+	}
+	base64UrlEncode(buffer) {
+		return btoa(String.fromCharCode(...buffer)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+	}
+};
+
+//#endregion
+export { PKCE };
+//# sourceMappingURL=pkce.js.map

package/lib/pkce/pkce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.js","names":[],"sources":["../../src/pkce/pkce.ts"],"sourcesContent":["export interface PKCEPair {\n  codeVerifier: string;\n  codeChallenge: string;\n  codeChallengeMethod: 'S256';\n}\n\n/**\n * PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0 public clients.\n *\n * Implements RFC 7636 for secure authorization code exchange without a client secret.\n * Used by Electron apps, React Native/mobile apps, CLI tools, and other public clients.\n */\nexport class PKCE {\n  /**\n   * Generate a cryptographically random code verifier.\n   *\n   * @param length - Length of verifier (43-128, default 43)\n   * @returns RFC 7636 compliant code verifier\n   */\n  generateCodeVerifier(length: number = 43): string {\n    if (length < 43 || length > 128) {\n      throw new RangeError(\n        `Code verifier length must be between 43 and 128, got ${length}`,\n      );\n    }\n\n    const byteLength = Math.ceil((length * 3) / 4);\n    const randomBytes = new Uint8Array(byteLength);\n    crypto.getRandomValues(randomBytes);\n\n    return this.base64UrlEncode(randomBytes).slice(0, length);\n  }\n\n  /**\n   * Generate S256 code challenge from a verifier.\n   *\n   * @param verifier - The code verifier\n   * @returns Base64URL-encoded SHA256 hash\n   */\n  async generateCodeChallenge(verifier: string): Promise<string> {\n    const encoder = new TextEncoder();\n    const data = encoder.encode(verifier);\n    const hash = await crypto.subtle.digest('SHA-256', data);\n    return this.base64UrlEncode(new Uint8Array(hash));\n  }\n\n  /**\n   * Generate a complete PKCE pair (verifier + challenge).\n   *\n   * @returns Code verifier, challenge, and method ('S256')\n   */\n  async generate(): Promise<PKCEPair> {\n    const codeVerifier = this.generateCodeVerifier();\n    const codeChallenge = await this.generateCodeChallenge(codeVerifier);\n    return { codeVerifier, codeChallenge, codeChallengeMethod: 'S256' };\n  }\n\n  private base64UrlEncode(buffer: Uint8Array): string {\n    const base64 = btoa(String.fromCharCode(...buffer));\n    return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n  }\n}\n"],"mappings":";;;;;;;AAYA,IAAa,OAAb,MAAkB;;;;;;;CAOhB,qBAAqB,SAAiB,IAAY;AAChD,MAAI,SAAS,MAAM,SAAS,IAC1B,OAAM,IAAI,WACR,wDAAwD,SACzD;EAGH,MAAM,aAAa,KAAK,KAAM,SAAS,IAAK,EAAE;EAC9C,MAAM,cAAc,IAAI,WAAW,WAAW;AAC9C,SAAO,gBAAgB,YAAY;AAEnC,SAAO,KAAK,gBAAgB,YAAY,CAAC,MAAM,GAAG,OAAO;;;;;;;;CAS3D,MAAM,sBAAsB,UAAmC;EAE7D,MAAM,OADU,IAAI,aAAa,CACZ,OAAO,SAAS;EACrC,MAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK;AACxD,SAAO,KAAK,gBAAgB,IAAI,WAAW,KAAK,CAAC;;;;;;;CAQnD,MAAM,WAA8B;EAClC,MAAM,eAAe,KAAK,sBAAsB;AAEhD,SAAO;GAAE;GAAc,eADD,MAAM,KAAK,sBAAsB,aAAa;GAC9B,qBAAqB;GAAQ;;CAGrE,AAAQ,gBAAgB,QAA4B;AAElD,SADe,KAAK,OAAO,aAAa,GAAG,OAAO,CAAC,CACrC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG"}

package/lib/sso/interfaces/authorization-url-options.interface.d.cts

@@ -1,5 +1,16 @@
 //#region src/sso/interfaces/authorization-url-options.interface.d.ts
-interface SSOAuthorizationURLBase {
+/**
+ * PKCE fields must be provided together or not at all.
+ * Use workos.pkce.generate() to create a valid pair.
+ */
+type PKCEFields = {
+  codeChallenge?: never;
+  codeChallengeMethod?: never;
+} | {
+  codeChallenge: string;
+  codeChallengeMethod: 'S256';
+};
+interface SSOAuthorizationURLBaseFields {
   clientId: string;
   domainHint?: string;
   loginHint?: string;
@@ -8,22 +19,37 @@ interface SSOAuthorizationURLBase {
   redirectUri: string;
   state?: string;
 }
-interface SSOWithConnection extends SSOAuthorizationURLBase {
+/**
+ * Result of getAuthorizationUrlWithPKCE() containing the URL,
+ * state, and PKCE code verifier.
+ *
+ * The codeVerifier must be stored securely and passed to
+ * getProfileAndToken() during token exchange.
+ */
+interface SSOPKCEAuthorizationURLResult {
+  /** The complete authorization URL to redirect the user to */
+  url: string;
+  /** The state parameter (auto-generated) */
+  state: string;
+  /** The PKCE code verifier. Store securely and pass to getProfileAndToken(). */
+  codeVerifier: string;
+}
+type SSOWithConnection = SSOAuthorizationURLBaseFields & PKCEFields & {
   connection: string;
   organization?: never;
   provider?: never;
-}
-interface SSOWithOrganization extends SSOAuthorizationURLBase {
+};
+type SSOWithOrganization = SSOAuthorizationURLBaseFields & PKCEFields & {
   organization: string;
   connection?: never;
   provider?: never;
-}
-interface SSOWithProvider extends SSOAuthorizationURLBase {
+};
+type SSOWithProvider = SSOAuthorizationURLBaseFields & PKCEFields & {
   provider: string;
   connection?: never;
   organization?: never;
-}
+};
 type SSOAuthorizationURLOptions = SSOWithConnection | SSOWithOrganization | SSOWithProvider;
 //#endregion
-export { SSOAuthorizationURLOptions };
+export { SSOAuthorizationURLOptions, SSOPKCEAuthorizationURLResult };
 //# sourceMappingURL=authorization-url-options.interface.d.cts.map

package/lib/sso/interfaces/authorization-url-options.interface.d.ts

@@ -1,5 +1,16 @@
 //#region src/sso/interfaces/authorization-url-options.interface.d.ts
-interface SSOAuthorizationURLBase {
+/**
+ * PKCE fields must be provided together or not at all.
+ * Use workos.pkce.generate() to create a valid pair.
+ */
+type PKCEFields = {
+  codeChallenge?: never;
+  codeChallengeMethod?: never;
+} | {
+  codeChallenge: string;
+  codeChallengeMethod: 'S256';
+};
+interface SSOAuthorizationURLBaseFields {
   clientId: string;
   domainHint?: string;
   loginHint?: string;
@@ -8,22 +19,37 @@ interface SSOAuthorizationURLBase {
   redirectUri: string;
   state?: string;
 }
-interface SSOWithConnection extends SSOAuthorizationURLBase {
+/**
+ * Result of getAuthorizationUrlWithPKCE() containing the URL,
+ * state, and PKCE code verifier.
+ *
+ * The codeVerifier must be stored securely and passed to
+ * getProfileAndToken() during token exchange.
+ */
+interface SSOPKCEAuthorizationURLResult {
+  /** The complete authorization URL to redirect the user to */
+  url: string;
+  /** The state parameter (auto-generated) */
+  state: string;
+  /** The PKCE code verifier. Store securely and pass to getProfileAndToken(). */
+  codeVerifier: string;
+}
+type SSOWithConnection = SSOAuthorizationURLBaseFields & PKCEFields & {
   connection: string;
   organization?: never;
   provider?: never;
-}
-interface SSOWithOrganization extends SSOAuthorizationURLBase {
+};
+type SSOWithOrganization = SSOAuthorizationURLBaseFields & PKCEFields & {
   organization: string;
   connection?: never;
   provider?: never;
-}
-interface SSOWithProvider extends SSOAuthorizationURLBase {
+};
+type SSOWithProvider = SSOAuthorizationURLBaseFields & PKCEFields & {
   provider: string;
   connection?: never;
   organization?: never;
-}
+};
 type SSOAuthorizationURLOptions = SSOWithConnection | SSOWithOrganization | SSOWithProvider;
 //#endregion
-export { SSOAuthorizationURLOptions };
+export { SSOAuthorizationURLOptions, SSOPKCEAuthorizationURLResult };
 //# sourceMappingURL=authorization-url-options.interface.d.ts.map

package/lib/sso/interfaces/get-profile-and-token-options.interface.d.cts

@@ -2,6 +2,12 @@
 interface GetProfileAndTokenOptions {
   clientId: string;
   code: string;
+  /**
+   * PKCE code verifier for public clients.
+   * Pass the codeVerifier that was generated with getAuthorizationUrlWithPKCE().
+   * When provided, client_secret is not sent (public client mode).
+   */
+  codeVerifier?: string;
 }
 //#endregion
 export { GetProfileAndTokenOptions };

package/lib/sso/interfaces/get-profile-and-token-options.interface.d.ts

@@ -2,6 +2,12 @@
 interface GetProfileAndTokenOptions {
   clientId: string;
   code: string;
+  /**
+   * PKCE code verifier for public clients.
+   * Pass the codeVerifier that was generated with getAuthorizationUrlWithPKCE().
+   * When provided, client_secret is not sent (public client mode).
+   */
+  codeVerifier?: string;
 }
 //#endregion
 export { GetProfileAndTokenOptions };

package/lib/sso/interfaces/index.d.cts

@@ -1,4 +1,4 @@
-import { SSOAuthorizationURLOptions } from "./authorization-url-options.interface.cjs";
+import { SSOAuthorizationURLOptions, SSOPKCEAuthorizationURLResult } from "./authorization-url-options.interface.cjs";
 import { ConnectionType } from "./connection-type.enum.cjs";
 import { Connection, ConnectionDomain, ConnectionResponse } from "./connection.interface.cjs";
 import { GetProfileOptions } from "./get-profile-options.interface.cjs";
@@ -6,4 +6,4 @@ import { GetProfileAndTokenOptions } from "./get-profile-and-token-options.inter
 import { ListConnectionsOptions, SerializedListConnectionsOptions } from "./list-connections-options.interface.cjs";
 import { Profile, ProfileResponse } from "./profile.interface.cjs";
 import { ProfileAndToken, ProfileAndTokenResponse } from "./profile-and-token.interface.cjs";
-export { Connection, ConnectionDomain, ConnectionResponse, ConnectionType, GetProfileAndTokenOptions, GetProfileOptions, ListConnectionsOptions, Profile, ProfileAndToken, ProfileAndTokenResponse, ProfileResponse, SSOAuthorizationURLOptions, SerializedListConnectionsOptions };
+export { Connection, ConnectionDomain, ConnectionResponse, ConnectionType, GetProfileAndTokenOptions, GetProfileOptions, ListConnectionsOptions, Profile, ProfileAndToken, ProfileAndTokenResponse, ProfileResponse, SSOAuthorizationURLOptions, type SSOPKCEAuthorizationURLResult, SerializedListConnectionsOptions };

package/lib/sso/interfaces/index.d.ts

@@ -1,4 +1,4 @@
-import { SSOAuthorizationURLOptions } from "./authorization-url-options.interface.js";
+import { SSOAuthorizationURLOptions, SSOPKCEAuthorizationURLResult } from "./authorization-url-options.interface.js";
 import { ConnectionType } from "./connection-type.enum.js";
 import { Connection, ConnectionDomain, ConnectionResponse } from "./connection.interface.js";
 import { GetProfileOptions } from "./get-profile-options.interface.js";
@@ -6,4 +6,4 @@ import { GetProfileAndTokenOptions } from "./get-profile-and-token-options.inter
 import { ListConnectionsOptions, SerializedListConnectionsOptions } from "./list-connections-options.interface.js";
 import { Profile, ProfileResponse } from "./profile.interface.js";
 import { ProfileAndToken, ProfileAndTokenResponse } from "./profile-and-token.interface.js";
-export { Connection, ConnectionDomain, ConnectionResponse, ConnectionType, GetProfileAndTokenOptions, GetProfileOptions, ListConnectionsOptions, Profile, ProfileAndToken, ProfileAndTokenResponse, ProfileResponse, SSOAuthorizationURLOptions, SerializedListConnectionsOptions };
+export { Connection, ConnectionDomain, ConnectionResponse, ConnectionType, GetProfileAndTokenOptions, GetProfileOptions, ListConnectionsOptions, Profile, ProfileAndToken, ProfileAndTokenResponse, ProfileResponse, SSOAuthorizationURLOptions, type SSOPKCEAuthorizationURLResult, SerializedListConnectionsOptions };