npm - @workos-inc/node - Versions diffs - 8.0.0-rc.8 → 8.0.0 - Mend

@workos-inc/node 8.0.0-rc.8 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1299) hide show

package/lib/sso/serializers/connection.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"connection.serializer.cjs","names":[],"sources":["../../../src/sso/serializers/connection.serializer.ts"],"sourcesContent":["import { Connection, ConnectionResponse } from '../interfaces';\n\nexport const deserializeConnection = (\n connection: ConnectionResponse,\n): Connection => ({\n object: connection.object,\n id: connection.id,\n organizationId: connection.organization_id,\n name: connection.name,\n type: connection.connection_type,\n state: connection.state,\n domains: connection.domains,\n createdAt: connection.created_at,\n updatedAt: connection.updated_at,\n});\n"],"mappings":";;AAEA,MAAa,yBACX,gBACgB;CAChB,QAAQ,WAAW;CACnB,IAAI,WAAW;CACf,gBAAgB,WAAW;CAC3B,MAAM,WAAW;CACjB,MAAM,WAAW;CACjB,OAAO,WAAW;CAClB,SAAS,WAAW;CACpB,WAAW,WAAW;CACtB,WAAW,WAAW;CACvB"}

package/lib/sso/serializers/list-connections-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"list-connections-options.serializer.cjs","names":[],"sources":["../../../src/sso/serializers/list-connections-options.serializer.ts"],"sourcesContent":["import {\n ListConnectionsOptions,\n SerializedListConnectionsOptions,\n} from '../interfaces';\n\nexport const serializeListConnectionsOptions = (\n options: ListConnectionsOptions,\n): SerializedListConnectionsOptions => ({\n connection_type: options.connectionType,\n domain: options.domain,\n organization_id: options.organizationId,\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n"],"mappings":";;AAKA,MAAa,mCACX,aACsC;CACtC,iBAAiB,QAAQ;CACzB,QAAQ,QAAQ;CAChB,iBAAiB,QAAQ;CACzB,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB"}

package/lib/sso/serializers/profile-and-token.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"profile-and-token.serializer.cjs","names":["deserializeProfile","deserializeOauthTokens"],"sources":["../../../src/sso/serializers/profile-and-token.serializer.ts"],"sourcesContent":["import { UnknownRecord } from '../../common/interfaces/unknown-record.interface';\nimport { deserializeOauthTokens } from '../../user-management/serializers/oauth-tokens.serializer';\nimport { ProfileAndToken, ProfileAndTokenResponse } from '../interfaces';\nimport { deserializeProfile } from './profile.serializer';\n\nexport const deserializeProfileAndToken = <\n CustomAttributesType extends UnknownRecord,\n>(\n profileAndToken: ProfileAndTokenResponse<CustomAttributesType>,\n): ProfileAndToken<CustomAttributesType> => ({\n accessToken: profileAndToken.access_token,\n profile: deserializeProfile(profileAndToken.profile),\n oauthTokens: deserializeOauthTokens(profileAndToken.oauth_tokens),\n});\n"],"mappings":";;;;AAKA,MAAa,8BAGX,qBAC2C;CAC3C,aAAa,gBAAgB;CAC7B,SAASA,8DAAmB,gBAAgB,QAAQ;CACpD,aAAaC,mFAAuB,gBAAgB,aAAa;CAClE"}

package/lib/sso/serializers/profile.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"profile.serializer.cjs","names":[],"sources":["../../../src/sso/serializers/profile.serializer.ts"],"sourcesContent":["import { UnknownRecord } from '../../common/interfaces/unknown-record.interface';\nimport { Profile, ProfileResponse } from '../interfaces';\n\nexport const deserializeProfile = <CustomAttributesType extends UnknownRecord>(\n profile: ProfileResponse<CustomAttributesType>,\n): Profile<CustomAttributesType> => ({\n id: profile.id,\n idpId: profile.idp_id,\n organizationId: profile.organization_id,\n connectionId: profile.connection_id,\n connectionType: profile.connection_type,\n email: profile.email,\n firstName: profile.first_name,\n lastName: profile.last_name,\n role: profile.role,\n roles: profile.roles,\n groups: profile.groups,\n customAttributes: profile.custom_attributes,\n rawAttributes: profile.raw_attributes,\n});\n"],"mappings":";;AAGA,MAAa,sBACX,aACmC;CACnC,IAAI,QAAQ;CACZ,OAAO,QAAQ;CACf,gBAAgB,QAAQ;CACxB,cAAc,QAAQ;CACtB,gBAAgB,QAAQ;CACxB,OAAO,QAAQ;CACf,WAAW,QAAQ;CACnB,UAAU,QAAQ;CAClB,MAAM,QAAQ;CACd,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,kBAAkB,QAAQ;CAC1B,eAAe,QAAQ;CACxB"}

package/lib/sso/sso.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"sso.cjs","names":["workos: WorkOS","AutoPaginatable","fetchAndDeserialize","deserializeConnection","serializeListConnectionsOptions","toQueryString","deserializeProfileAndToken","deserializeProfile"],"sources":["../../src/sso/sso.ts"],"sourcesContent":["import { UnknownRecord } from '../common/interfaces/unknown-record.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { toQueryString } from '../common/utils/query-string';\nimport { WorkOS } from '../workos';\nimport {\n Connection,\n ConnectionResponse,\n GetProfileAndTokenOptions,\n GetProfileOptions,\n ListConnectionsOptions,\n Profile,\n ProfileAndToken,\n ProfileAndTokenResponse,\n ProfileResponse,\n SSOAuthorizationURLOptions,\n SSOPKCEAuthorizationURLResult,\n SerializedListConnectionsOptions,\n} from './interfaces';\nimport {\n deserializeConnection,\n deserializeProfile,\n deserializeProfileAndToken,\n serializeListConnectionsOptions,\n} from './serializers';\n\nexport class SSO {\n constructor(private readonly workos: WorkOS) {}\n\n async listConnections(\n options?: ListConnectionsOptions,\n ): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n options ? serializeListConnectionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n params,\n ),\n options ? serializeListConnectionsOptions(options) : undefined,\n );\n }\n async deleteConnection(id: string) {\n await this.workos.delete(`/connections/${id}`);\n }\n\n getAuthorizationUrl(options: SSOAuthorizationURLOptions): string {\n const {\n codeChallenge,\n codeChallengeMethod,\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n state,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n const query = toQueryString({\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n return `${this.workos.baseURL}/sso/authorize?${query}`;\n }\n\n /**\n * Generates an authorization URL with PKCE parameters automatically generated.\n * Use this for public clients (CLI apps, Electron, mobile) that cannot\n * securely store a client secret.\n *\n * @returns Object containing url, state, and codeVerifier\n *\n * @example\n * ```typescript\n * const { url, state, codeVerifier } = await workos.sso.getAuthorizationUrlWithPKCE({\n * connection: 'conn_123',\n * clientId: 'client_123',\n * redirectUri: 'myapp://callback',\n * });\n *\n * // Store state and codeVerifier securely, then redirect user to url\n * // After callback, exchange the code:\n * const { profile, accessToken } = await workos.sso.getProfileAndToken({\n * code: authorizationCode,\n * codeVerifier,\n * clientId: 'client_123',\n * });\n * ```\n */\n async getAuthorizationUrlWithPKCE(\n options: Omit<\n SSOAuthorizationURLOptions,\n 'codeChallenge' | 'codeChallengeMethod' | 'state'\n >,\n ): Promise<SSOPKCEAuthorizationURLResult> {\n const {\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n // Generate PKCE parameters\n const pkce = await this.workos.pkce.generate();\n\n // Generate secure random state\n const state = this.workos.pkce.generateCodeVerifier(43);\n\n const query = toQueryString({\n code_challenge: pkce.codeChallenge,\n code_challenge_method: 'S256',\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n const url = `${this.workos.baseURL}/sso/authorize?${query}`;\n\n return { url, state, codeVerifier: pkce.codeVerifier };\n }\n\n async getConnection(id: string): Promise<Connection> {\n const { data } = await this.workos.get<ConnectionResponse>(\n `/connections/${id}`,\n );\n\n return deserializeConnection(data);\n }\n\n /**\n * Exchange an authorization code for a profile and access token.\n *\n * Auto-detects public vs confidential client mode:\n * - If codeVerifier is provided: Uses PKCE flow (public client)\n * - If no codeVerifier: Uses client_secret from API key (confidential client)\n * - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)\n *\n * Using PKCE with confidential clients is recommended by OAuth 2.1 for defense\n * in depth and provides additional CSRF protection on the authorization flow.\n *\n * @throws Error if neither codeVerifier nor API key is available\n */\n async getProfileAndToken<\n CustomAttributesType extends UnknownRecord = UnknownRecord,\n >({\n code,\n clientId,\n codeVerifier,\n }: GetProfileAndTokenOptions): Promise<\n ProfileAndToken<CustomAttributesType>\n > {\n // Validate codeVerifier is not an empty string (common mistake)\n if (codeVerifier !== undefined && codeVerifier.trim() === '') {\n throw new TypeError(\n 'codeVerifier cannot be an empty string. ' +\n 'Generate a valid PKCE pair using workos.pkce.generate().',\n );\n }\n\n const hasApiKey = !!this.workos.key;\n const hasPKCE = !!codeVerifier;\n\n if (!hasPKCE && !hasApiKey) {\n throw new TypeError(\n 'getProfileAndToken requires either a codeVerifier (for public clients) ' +\n 'or an API key configured on the WorkOS instance (for confidential clients).',\n );\n }\n\n const form = new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n code,\n });\n\n // Support PKCE with confidential clients (OAuth 2.1 best practice)\n // Both can be sent together for defense in depth\n if (hasPKCE) {\n form.set('code_verifier', codeVerifier);\n }\n if (hasApiKey) {\n form.set('client_secret', this.workos.key as string);\n }\n\n const { data } = await this.workos.post<\n ProfileAndTokenResponse<CustomAttributesType>\n >('/sso/token', form, { skipApiKeyCheck: !hasApiKey });\n\n return deserializeProfileAndToken(data);\n }\n\n async getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({\n accessToken,\n }: GetProfileOptions): Promise<Profile<CustomAttributesType>> {\n const { data } = await this.workos.get<\n ProfileResponse<CustomAttributesType>\n >('/sso/profile', {\n accessToken,\n });\n\n return deserializeProfile(data);\n }\n}\n"],"mappings":";;;;;;;;;AA0BA,IAAa,MAAb,MAAiB;CACf,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAIC,gDACT,MAAMC,+DACJ,KAAK,QACL,gBACAC,qEACA,UAAUC,4FAAgC,QAAQ,GAAG,OACtD,GACA,WACCF,+DACE,KAAK,QACL,gBACAC,qEACA,OACD,EACH,UAAUC,4FAAgC,QAAQ,GAAG,OACtD;;CAEH,MAAM,iBAAiB,IAAY;AACjC,QAAM,KAAK,OAAO,OAAO,gBAAgB,KAAK;;CAGhD,oBAAoB,SAA6C;EAC/D,MAAM,EACJ,eACA,qBACA,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,aACA,UACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAGH,MAAM,QAAQC,gDAAc;GAC1B,gBAAgB;GAChB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAEF,SAAO,GAAG,KAAK,OAAO,QAAQ,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BjD,MAAM,4BACJ,SAIwC;EACxC,MAAM,EACJ,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,gBACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAIH,MAAM,OAAO,MAAM,KAAK,OAAO,KAAK,UAAU;EAG9C,MAAM,QAAQ,KAAK,OAAO,KAAK,qBAAqB,GAAG;EAEvD,MAAM,QAAQA,gDAAc;GAC1B,gBAAgB,KAAK;GACrB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAIF,SAAO;GAAE,KAFG,GAAG,KAAK,OAAO,QAAQ,iBAAiB;GAEtC;GAAO,cAAc,KAAK;GAAc;;CAGxD,MAAM,cAAc,IAAiC;EACnD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,KACjB;AAED,SAAOF,oEAAsB,KAAK;;;;;;;;;;;;;;;CAgBpC,MAAM,mBAEJ,EACA,MACA,UACA,gBAGA;AAEA,MAAI,iBAAiB,UAAa,aAAa,MAAM,KAAK,GACxD,OAAM,IAAI,UACR,mGAED;EAGH,MAAM,YAAY,CAAC,CAAC,KAAK,OAAO;EAChC,MAAM,UAAU,CAAC,CAAC;AAElB,MAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,UACR,qJAED;EAGH,MAAM,OAAO,IAAI,gBAAgB;GAC/B,WAAW;GACX,YAAY;GACZ;GACD,CAAC;AAIF,MAAI,QACF,MAAK,IAAI,iBAAiB,aAAa;AAEzC,MAAI,UACF,MAAK,IAAI,iBAAiB,KAAK,OAAO,IAAc;EAGtD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAEjC,cAAc,MAAM,EAAE,iBAAiB,CAAC,WAAW,CAAC;AAEtD,SAAOG,gFAA2B,KAAK;;CAGzC,MAAM,WAAuE,EAC3E,eAC4D;EAC5D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAEjC,gBAAgB,EAChB,aACD,CAAC;AAEF,SAAOC,8DAAmB,KAAK"}

package/lib/user-management/interfaces/authenticate-with-session-cookie.interface.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-session-cookie.interface.cjs","names":[],"sources":["../../../src/user-management/interfaces/authenticate-with-session-cookie.interface.ts"],"sourcesContent":["import { AuthenticationResponse } from './authentication-response.interface';\nimport { Impersonator } from './impersonator.interface';\nimport { User } from './user.interface';\n\nexport interface AuthenticateWithSessionCookieOptions {\n sessionData: string;\n cookiePassword?: string;\n}\n\nexport interface AccessToken {\n sid: string;\n org_id?: string;\n role?: string;\n roles?: string[];\n permissions?: string[];\n entitlements?: string[];\n feature_flags?: string[];\n}\n\nexport type SessionCookieData = Pick<\n AuthenticationResponse,\n | 'accessToken'\n | 'authenticationMethod'\n | 'impersonator'\n | 'organizationId'\n | 'refreshToken'\n | 'user'\n>;\n\nexport enum AuthenticateWithSessionCookieFailureReason {\n INVALID_JWT = 'invalid_jwt',\n INVALID_SESSION_COOKIE = 'invalid_session_cookie',\n NO_SESSION_COOKIE_PROVIDED = 'no_session_cookie_provided',\n}\n\nexport type AuthenticateWithSessionCookieFailedResponse = {\n authenticated: false;\n reason: AuthenticateWithSessionCookieFailureReason;\n};\n\nexport type AuthenticateWithSessionCookieSuccessResponse = {\n authenticated: true;\n accessToken: string;\n authenticationMethod: AuthenticationResponse['authenticationMethod'];\n sessionId: string;\n organizationId?: string;\n role?: string;\n roles?: string[];\n permissions?: string[];\n entitlements?: string[];\n featureFlags?: string[];\n user: User;\n impersonator?: Impersonator;\n};\n"],"mappings":";;AA6BA,IAAY,oHAAL;AACL;AACA;AACA"}

package/lib/user-management/interfaces/refresh-and-seal-session-data.interface.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"refresh-and-seal-session-data.interface.cjs","names":[],"sources":["../../../src/user-management/interfaces/refresh-and-seal-session-data.interface.ts"],"sourcesContent":["import { AuthenticateWithSessionCookieSuccessResponse } from './authenticate-with-session-cookie.interface';\nimport { AuthenticationResponse } from './authentication-response.interface';\n\nexport enum RefreshSessionFailureReason {\n INVALID_SESSION_COOKIE = 'invalid_session_cookie',\n NO_SESSION_COOKIE_PROVIDED = 'no_session_cookie_provided',\n\n // API OauthErrors for refresh tokens\n INVALID_GRANT = 'invalid_grant',\n MFA_ENROLLMENT = 'mfa_enrollment',\n SSO_REQUIRED = 'sso_required',\n}\n\ntype RefreshSessionFailedResponse = {\n authenticated: false;\n reason: RefreshSessionFailureReason;\n};\n\ntype RefreshSessionSuccessResponse = Omit<\n AuthenticateWithSessionCookieSuccessResponse,\n // accessToken is available in the session object and with session\n // helpers isn't necessarily useful to return top level\n 'accessToken'\n> & {\n authenticated: true;\n session?: AuthenticationResponse;\n sealedSession?: string;\n};\n\nexport type RefreshSessionResponse =\n | RefreshSessionFailedResponse\n | RefreshSessionSuccessResponse;\n"],"mappings":";;AAGA,IAAY,sFAAL;AACL;AACA;AAGA;AACA;AACA"}

package/lib/user-management/interfaces/revoke-session-options.interface.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"revoke-session-options.interface.cjs","names":[],"sources":["../../../src/user-management/interfaces/revoke-session-options.interface.ts"],"sourcesContent":["export interface RevokeSessionOptions {\n sessionId: string;\n}\n\nexport interface SerializedRevokeSessionOptions {\n session_id: string;\n}\n\nexport const serializeRevokeSessionOptions = (\n options: RevokeSessionOptions,\n): SerializedRevokeSessionOptions => ({\n session_id: options.sessionId,\n});\n"],"mappings":";;AAQA,MAAa,iCACX,aACoC,EACpC,YAAY,QAAQ,WACrB"}

package/lib/user-management/serializers/authenticate-with-code-and-verifier-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-code-and-verifier-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-code-and-verifier-options.serializer.ts"],"sourcesContent":["import {\n AuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithCodeAndVerifierOptions = (\n options: WithResolvedClientId<AuthenticateWithCodeAndVerifierOptions>,\n): SerializedAuthenticateWithCodeAndVerifierOptions => ({\n grant_type: 'authorization_code',\n client_id: options.clientId,\n code: options.code,\n code_verifier: options.codeVerifier,\n invitation_token: options.invitationToken,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAMA,MAAa,mDACX,aACsD;CACtD,YAAY;CACZ,WAAW,QAAQ;CACnB,MAAM,QAAQ;CACd,eAAe,QAAQ;CACvB,kBAAkB,QAAQ;CAC1B,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authenticate-with-code-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-code-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-code-options.serializer.ts"],"sourcesContent":["import {\n AuthenticateUserWithCodeCredentials,\n AuthenticateWithCodeOptions,\n SerializedAuthenticateWithCodeOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithCodeOptions = (\n options: WithResolvedClientId<AuthenticateWithCodeOptions> &\n AuthenticateUserWithCodeCredentials,\n): SerializedAuthenticateWithCodeOptions => ({\n grant_type: 'authorization_code',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n code: options.code,\n code_verifier: options.codeVerifier,\n invitation_token: options.invitationToken,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAOA,MAAa,wCACX,aAE2C;CAC3C,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,MAAM,QAAQ;CACd,eAAe,QAAQ;CACvB,kBAAkB,QAAQ;CAC1B,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authenticate-with-email-verification.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-email-verification.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-email-verification.serializer.ts"],"sourcesContent":["import {\n AuthenticateUserWithEmailVerificationCredentials,\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from '../interfaces/authenticate-with-email-verification-options.interface';\nimport { WithResolvedClientId } from '../interfaces';\n\nexport const serializeAuthenticateWithEmailVerificationOptions = (\n options: WithResolvedClientId<AuthenticateWithEmailVerificationOptions> &\n AuthenticateUserWithEmailVerificationCredentials,\n): SerializedAuthenticateWithEmailVerificationOptions => ({\n grant_type: 'urn:workos:oauth:grant-type:email-verification:code',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n pending_authentication_token: options.pendingAuthenticationToken,\n code: options.code,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAOA,MAAa,qDACX,aAEwD;CACxD,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,8BAA8B,QAAQ;CACtC,MAAM,QAAQ;CACd,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authenticate-with-magic-auth-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-magic-auth-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-magic-auth-options.serializer.ts"],"sourcesContent":["import {\n AuthenticateUserWithMagicAuthCredentials,\n AuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithMagicAuthOptions = (\n options: WithResolvedClientId<AuthenticateWithMagicAuthOptions> &\n AuthenticateUserWithMagicAuthCredentials,\n): SerializedAuthenticateWithMagicAuthOptions => ({\n grant_type: 'urn:workos:oauth:grant-type:magic-auth:code',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n code: options.code,\n email: options.email,\n invitation_token: options.invitationToken,\n link_authorization_code: options.linkAuthorizationCode,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAOA,MAAa,6CACX,aAEgD;CAChD,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,MAAM,QAAQ;CACd,OAAO,QAAQ;CACf,kBAAkB,QAAQ;CAC1B,yBAAyB,QAAQ;CACjC,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authenticate-with-organization-selection-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-organization-selection-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-organization-selection-options.serializer.ts"],"sourcesContent":["import {\n AuthenticateUserWithOrganizationSelectionCredentials,\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from '../interfaces/authenticate-with-organization-selection.interface';\nimport { WithResolvedClientId } from '../interfaces';\n\nexport const serializeAuthenticateWithOrganizationSelectionOptions = (\n options: WithResolvedClientId<AuthenticateWithOrganizationSelectionOptions> &\n AuthenticateUserWithOrganizationSelectionCredentials,\n): SerializedAuthenticateWithOrganizationSelectionOptions => ({\n grant_type: 'urn:workos:oauth:grant-type:organization-selection',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n pending_authentication_token: options.pendingAuthenticationToken,\n organization_id: options.organizationId,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAOA,MAAa,yDACX,aAE4D;CAC5D,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,8BAA8B,QAAQ;CACtC,iBAAiB,QAAQ;CACzB,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authenticate-with-password-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-password-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-password-options.serializer.ts"],"sourcesContent":["import {\n AuthenticateUserWithPasswordCredentials,\n AuthenticateWithPasswordOptions,\n SerializedAuthenticateWithPasswordOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithPasswordOptions = (\n options: WithResolvedClientId<AuthenticateWithPasswordOptions> &\n AuthenticateUserWithPasswordCredentials,\n): SerializedAuthenticateWithPasswordOptions => ({\n grant_type: 'password',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n email: options.email,\n password: options.password,\n invitation_token: options.invitationToken,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAOA,MAAa,4CACX,aAE+C;CAC/C,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,OAAO,QAAQ;CACf,UAAU,QAAQ;CAClB,kBAAkB,QAAQ;CAC1B,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-refresh-token-public-client-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.ts"],"sourcesContent":["import {\n AuthenticateWithRefreshTokenPublicClientOptions,\n SerializedAuthenticateWithRefreshTokenPublicClientOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithRefreshTokenPublicClientOptions = (\n options: WithResolvedClientId<AuthenticateWithRefreshTokenPublicClientOptions>,\n): SerializedAuthenticateWithRefreshTokenPublicClientOptions => ({\n grant_type: 'refresh_token',\n client_id: options.clientId,\n refresh_token: options.refreshToken,\n organization_id: options.organizationId,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAMA,MAAa,4DACX,aAC+D;CAC/D,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,iBAAiB,QAAQ;CACzB,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authenticate-with-refresh-token.options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-refresh-token.options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-refresh-token.options.serializer.ts"],"sourcesContent":["import {\n AuthenticateUserWithCodeCredentials,\n AuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithRefreshTokenOptions = (\n options: WithResolvedClientId<AuthenticateWithRefreshTokenOptions> &\n AuthenticateUserWithCodeCredentials,\n): SerializedAuthenticateWithRefreshTokenOptions => ({\n grant_type: 'refresh_token',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n refresh_token: options.refreshToken,\n organization_id: options.organizationId,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAOA,MAAa,gDACX,aAEmD;CACnD,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,eAAe,QAAQ;CACvB,iBAAiB,QAAQ;CACzB,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authenticate-with-totp-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authenticate-with-totp-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authenticate-with-totp-options.serializer.ts"],"sourcesContent":["import {\n AuthenticateUserWithTotpCredentials,\n AuthenticateWithTotpOptions,\n SerializedAuthenticateWithTotpOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithTotpOptions = (\n options: WithResolvedClientId<AuthenticateWithTotpOptions> &\n AuthenticateUserWithTotpCredentials,\n): SerializedAuthenticateWithTotpOptions => ({\n grant_type: 'urn:workos:oauth:grant-type:mfa-totp',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n code: options.code,\n authentication_challenge_id: options.authenticationChallengeId,\n pending_authentication_token: options.pendingAuthenticationToken,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n"],"mappings":";;AAOA,MAAa,wCACX,aAE2C;CAC3C,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,MAAM,QAAQ;CACd,6BAA6B,QAAQ;CACrC,8BAA8B,QAAQ;CACtC,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/authentication-event.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authentication-event.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authentication-event.serializer.ts"],"sourcesContent":["import {\n AuthenticationEvent,\n AuthenticationEventResponse,\n} from '../interfaces';\n\nexport const deserializeAuthenticationEvent = (\n authenticationEvent: AuthenticationEventResponse,\n): AuthenticationEvent => ({\n email: authenticationEvent.email,\n error: authenticationEvent.error,\n ipAddress: authenticationEvent.ip_address,\n status: authenticationEvent.status,\n type: authenticationEvent.type,\n userAgent: authenticationEvent.user_agent,\n userId: authenticationEvent.user_id,\n});\n"],"mappings":";;AAKA,MAAa,kCACX,yBACyB;CACzB,OAAO,oBAAoB;CAC3B,OAAO,oBAAoB;CAC3B,WAAW,oBAAoB;CAC/B,QAAQ,oBAAoB;CAC5B,MAAM,oBAAoB;CAC1B,WAAW,oBAAoB;CAC/B,QAAQ,oBAAoB;CAC7B"}

package/lib/user-management/serializers/authentication-radar-risk-event-serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authentication-radar-risk-event-serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/authentication-radar-risk-event-serializer.ts"],"sourcesContent":["import type {\n AuthenticationRadarRiskDetectedEventData,\n AuthenticationRadarRiskDetectedEventResponseData,\n} from '../interfaces';\n\nexport const deserializeAuthenticationRadarRiskDetectedEvent = (\n authenticationRadarRiskDetectedEvent: AuthenticationRadarRiskDetectedEventResponseData,\n): AuthenticationRadarRiskDetectedEventData => ({\n authMethod: authenticationRadarRiskDetectedEvent.auth_method,\n action: authenticationRadarRiskDetectedEvent.action,\n control: authenticationRadarRiskDetectedEvent.control,\n blocklistType: authenticationRadarRiskDetectedEvent.blocklist_type,\n ipAddress: authenticationRadarRiskDetectedEvent.ip_address,\n userAgent: authenticationRadarRiskDetectedEvent.user_agent,\n userId: authenticationRadarRiskDetectedEvent.user_id,\n email: authenticationRadarRiskDetectedEvent.email,\n});\n"],"mappings":";;AAKA,MAAa,mDACX,0CAC8C;CAC9C,YAAY,qCAAqC;CACjD,QAAQ,qCAAqC;CAC7C,SAAS,qCAAqC;CAC9C,eAAe,qCAAqC;CACpD,WAAW,qCAAqC;CAChD,WAAW,qCAAqC;CAChD,QAAQ,qCAAqC;CAC7C,OAAO,qCAAqC;CAC7C"}

package/lib/user-management/serializers/authentication-response.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authentication-response.serializer.cjs","names":["deserializeUser","deserializeOauthTokens"],"sources":["../../../src/user-management/serializers/authentication-response.serializer.ts"],"sourcesContent":["import {\n AuthenticationResponse,\n AuthenticationResponseResponse,\n} from '../interfaces';\nimport { deserializeOauthTokens } from './oauth-tokens.serializer';\nimport { deserializeUser } from './user.serializer';\n\nexport const deserializeAuthenticationResponse = (\n authenticationResponse: AuthenticationResponseResponse,\n): AuthenticationResponse => {\n const {\n user,\n organization_id,\n access_token,\n refresh_token,\n authentication_method,\n impersonator,\n oauth_tokens,\n ...rest\n } = authenticationResponse;\n\n return {\n user: deserializeUser(user),\n organizationId: organization_id,\n accessToken: access_token,\n refreshToken: refresh_token,\n impersonator,\n authenticationMethod: authentication_method,\n oauthTokens: deserializeOauthTokens(oauth_tokens),\n ...rest,\n };\n};\n"],"mappings":";;;;AAOA,MAAa,qCACX,2BAC2B;CAC3B,MAAM,EACJ,MACA,iBACA,cACA,eACA,uBACA,cACA,cACA,GAAG,SACD;AAEJ,QAAO;EACL,MAAMA,oEAAgB,KAAK;EAC3B,gBAAgB;EAChB,aAAa;EACb,cAAc;EACd;EACA,sBAAsB;EACtB,aAAaC,mFAAuB,aAAa;EACjD,GAAG;EACJ"}

package/lib/user-management/serializers/create-magic-auth-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"create-magic-auth-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/create-magic-auth-options.serializer.ts"],"sourcesContent":["import {\n CreateMagicAuthOptions,\n SerializedCreateMagicAuthOptions,\n} from '../interfaces';\n\nexport const serializeCreateMagicAuthOptions = (\n options: CreateMagicAuthOptions,\n): SerializedCreateMagicAuthOptions => ({\n email: options.email,\n invitation_token: options.invitationToken,\n});\n"],"mappings":";;AAKA,MAAa,mCACX,aACsC;CACtC,OAAO,QAAQ;CACf,kBAAkB,QAAQ;CAC3B"}

package/lib/user-management/serializers/create-organization-membership-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"create-organization-membership-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/create-organization-membership-options.serializer.ts"],"sourcesContent":["import {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from '../interfaces/create-organization-membership-options.interface';\n\nexport const serializeCreateOrganizationMembershipOptions = (\n options: CreateOrganizationMembershipOptions,\n): SerializedCreateOrganizationMembershipOptions => ({\n organization_id: options.organizationId,\n user_id: options.userId,\n role_slug: options.roleSlug,\n role_slugs: options.roleSlugs,\n});\n"],"mappings":";;AAKA,MAAa,gDACX,aACmD;CACnD,iBAAiB,QAAQ;CACzB,SAAS,QAAQ;CACjB,WAAW,QAAQ;CACnB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/create-password-reset-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"create-password-reset-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/create-password-reset-options.serializer.ts"],"sourcesContent":["import {\n CreatePasswordResetOptions,\n SerializedCreatePasswordResetOptions,\n} from '../interfaces';\n\nexport const serializeCreatePasswordResetOptions = (\n options: CreatePasswordResetOptions,\n): SerializedCreatePasswordResetOptions => ({\n email: options.email,\n});\n"],"mappings":";;AAKA,MAAa,uCACX,aAC0C,EAC1C,OAAO,QAAQ,OAChB"}

package/lib/user-management/serializers/create-user-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"create-user-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/create-user-options.serializer.ts"],"sourcesContent":["import { CreateUserOptions, SerializedCreateUserOptions } from '../interfaces';\n\nexport const serializeCreateUserOptions = (\n options: CreateUserOptions,\n): SerializedCreateUserOptions => ({\n email: options.email,\n password: options.password,\n password_hash: options.passwordHash,\n password_hash_type: options.passwordHashType,\n first_name: options.firstName,\n last_name: options.lastName,\n email_verified: options.emailVerified,\n external_id: options.externalId,\n metadata: options.metadata,\n});\n"],"mappings":";;AAEA,MAAa,8BACX,aACiC;CACjC,OAAO,QAAQ;CACf,UAAU,QAAQ;CAClB,eAAe,QAAQ;CACvB,oBAAoB,QAAQ;CAC5B,YAAY,QAAQ;CACpB,WAAW,QAAQ;CACnB,gBAAgB,QAAQ;CACxB,aAAa,QAAQ;CACrB,UAAU,QAAQ;CACnB"}

package/lib/user-management/serializers/email-verification.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"email-verification.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/email-verification.serializer.ts"],"sourcesContent":["import {\n EmailVerification,\n EmailVerificationEvent,\n EmailVerificationEventResponse,\n EmailVerificationResponse,\n} from '../interfaces';\n\nexport const deserializeEmailVerification = (\n emailVerification: EmailVerificationResponse,\n): EmailVerification => ({\n object: emailVerification.object,\n id: emailVerification.id,\n userId: emailVerification.user_id,\n email: emailVerification.email,\n expiresAt: emailVerification.expires_at,\n code: emailVerification.code,\n createdAt: emailVerification.created_at,\n updatedAt: emailVerification.updated_at,\n});\n\nexport const deserializeEmailVerificationEvent = (\n emailVerification: EmailVerificationEventResponse,\n): EmailVerificationEvent => ({\n object: emailVerification.object,\n id: emailVerification.id,\n userId: emailVerification.user_id,\n email: emailVerification.email,\n expiresAt: emailVerification.expires_at,\n createdAt: emailVerification.created_at,\n updatedAt: emailVerification.updated_at,\n});\n"],"mappings":";;AAOA,MAAa,gCACX,uBACuB;CACvB,QAAQ,kBAAkB;CAC1B,IAAI,kBAAkB;CACtB,QAAQ,kBAAkB;CAC1B,OAAO,kBAAkB;CACzB,WAAW,kBAAkB;CAC7B,MAAM,kBAAkB;CACxB,WAAW,kBAAkB;CAC7B,WAAW,kBAAkB;CAC9B;AAED,MAAa,qCACX,uBAC4B;CAC5B,QAAQ,kBAAkB;CAC1B,IAAI,kBAAkB;CACtB,QAAQ,kBAAkB;CAC1B,OAAO,kBAAkB;CACzB,WAAW,kBAAkB;CAC7B,WAAW,kBAAkB;CAC7B,WAAW,kBAAkB;CAC9B"}

package/lib/user-management/serializers/enroll-auth-factor-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"enroll-auth-factor-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/enroll-auth-factor-options.serializer.ts"],"sourcesContent":["import {\n EnrollAuthFactorOptions,\n SerializedEnrollUserInMfaFactorOptions,\n} from '../interfaces';\n\nexport const serializeEnrollAuthFactorOptions = (\n options: EnrollAuthFactorOptions,\n): SerializedEnrollUserInMfaFactorOptions => ({\n type: options.type,\n totp_issuer: options.totpIssuer,\n totp_user: options.totpUser,\n totp_secret: options.totpSecret,\n});\n"],"mappings":";;AAKA,MAAa,oCACX,aAC4C;CAC5C,MAAM,QAAQ;CACd,aAAa,QAAQ;CACrB,WAAW,QAAQ;CACnB,aAAa,QAAQ;CACtB"}

package/lib/user-management/serializers/factor.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"factor.serializer.cjs","names":["deserializeTotp","deserializeTotpWithSecrets"],"sources":["../../../src/user-management/serializers/factor.serializer.ts"],"sourcesContent":["import {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from '../interfaces/factor.interface';\nimport {\n deserializeTotp,\n deserializeTotpWithSecrets,\n} from '../../mfa/serializers/totp.serializer';\n\nexport const deserializeFactor = (factor: FactorResponse): Factor => ({\n object: factor.object,\n id: factor.id,\n createdAt: factor.created_at,\n updatedAt: factor.updated_at,\n type: factor.type,\n totp: deserializeTotp(factor.totp),\n userId: factor.user_id,\n});\n\nexport const deserializeFactorWithSecrets = (\n factor: FactorWithSecretsResponse,\n): FactorWithSecrets => ({\n object: factor.object,\n id: factor.id,\n createdAt: factor.created_at,\n updatedAt: factor.updated_at,\n type: factor.type,\n totp: deserializeTotpWithSecrets(factor.totp),\n userId: factor.user_id,\n});\n"],"mappings":";;;AAWA,MAAa,qBAAqB,YAAoC;CACpE,QAAQ,OAAO;CACf,IAAI,OAAO;CACX,WAAW,OAAO;CAClB,WAAW,OAAO;CAClB,MAAM,OAAO;CACb,MAAMA,wDAAgB,OAAO,KAAK;CAClC,QAAQ,OAAO;CAChB;AAED,MAAa,gCACX,YACuB;CACvB,QAAQ,OAAO;CACf,IAAI,OAAO;CACX,WAAW,OAAO;CAClB,WAAW,OAAO;CAClB,MAAM,OAAO;CACb,MAAMC,mEAA2B,OAAO,KAAK;CAC7C,QAAQ,OAAO;CAChB"}

package/lib/user-management/serializers/identity.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"identity.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/identity.serializer.ts"],"sourcesContent":["import { Identity, IdentityResponse } from '../interfaces/identity.interface';\n\nexport const deserializeIdentities = (\n identities: IdentityResponse[],\n): Identity[] => {\n return identities.map((identity) => {\n return {\n idpId: identity.idp_id,\n type: identity.type,\n provider: identity.provider,\n };\n });\n};\n"],"mappings":";;AAEA,MAAa,yBACX,eACe;AACf,QAAO,WAAW,KAAK,aAAa;AAClC,SAAO;GACL,OAAO,SAAS;GAChB,MAAM,SAAS;GACf,UAAU,SAAS;GACpB;GACD"}

package/lib/user-management/serializers/invitation.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"invitation.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/invitation.serializer.ts"],"sourcesContent":["import {\n Invitation,\n InvitationEvent,\n InvitationEventResponse,\n InvitationResponse,\n} from '../interfaces/invitation.interface';\n\nexport const deserializeInvitation = (\n invitation: InvitationResponse,\n): Invitation => ({\n object: invitation.object,\n id: invitation.id,\n email: invitation.email,\n state: invitation.state,\n acceptedAt: invitation.accepted_at,\n revokedAt: invitation.revoked_at,\n expiresAt: invitation.expires_at,\n organizationId: invitation.organization_id,\n inviterUserId: invitation.inviter_user_id,\n acceptedUserId: invitation.accepted_user_id,\n token: invitation.token,\n acceptInvitationUrl: invitation.accept_invitation_url,\n createdAt: invitation.created_at,\n updatedAt: invitation.updated_at,\n});\n\nexport const deserializeInvitationEvent = (\n invitation: InvitationEventResponse,\n): InvitationEvent => ({\n object: invitation.object,\n id: invitation.id,\n email: invitation.email,\n state: invitation.state,\n acceptedAt: invitation.accepted_at,\n revokedAt: invitation.revoked_at,\n expiresAt: invitation.expires_at,\n organizationId: invitation.organization_id,\n inviterUserId: invitation.inviter_user_id,\n acceptedUserId: invitation.accepted_user_id,\n createdAt: invitation.created_at,\n updatedAt: invitation.updated_at,\n});\n"],"mappings":";;AAOA,MAAa,yBACX,gBACgB;CAChB,QAAQ,WAAW;CACnB,IAAI,WAAW;CACf,OAAO,WAAW;CAClB,OAAO,WAAW;CAClB,YAAY,WAAW;CACvB,WAAW,WAAW;CACtB,WAAW,WAAW;CACtB,gBAAgB,WAAW;CAC3B,eAAe,WAAW;CAC1B,gBAAgB,WAAW;CAC3B,OAAO,WAAW;CAClB,qBAAqB,WAAW;CAChC,WAAW,WAAW;CACtB,WAAW,WAAW;CACvB;AAED,MAAa,8BACX,gBACqB;CACrB,QAAQ,WAAW;CACnB,IAAI,WAAW;CACf,OAAO,WAAW;CAClB,OAAO,WAAW;CAClB,YAAY,WAAW;CACvB,WAAW,WAAW;CACtB,WAAW,WAAW;CACtB,gBAAgB,WAAW;CAC3B,eAAe,WAAW;CAC1B,gBAAgB,WAAW;CAC3B,WAAW,WAAW;CACtB,WAAW,WAAW;CACvB"}

package/lib/user-management/serializers/list-invitations-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"list-invitations-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/list-invitations-options.serializer.ts"],"sourcesContent":["import {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from '../interfaces/list-invitations-options.interface';\n\nexport const serializeListInvitationsOptions = (\n options: ListInvitationsOptions,\n): SerializedListInvitationsOptions => ({\n email: options.email,\n organization_id: options.organizationId,\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n"],"mappings":";;AAKA,MAAa,mCACX,aACsC;CACtC,OAAO,QAAQ;CACf,iBAAiB,QAAQ;CACzB,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB"}

package/lib/user-management/serializers/list-organization-memberships-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"list-organization-memberships-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/list-organization-memberships-options.serializer.ts"],"sourcesContent":["import {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from '../interfaces/list-organization-memberships-options.interface';\n\nexport const serializeListOrganizationMembershipsOptions = (\n options: ListOrganizationMembershipsOptions,\n): SerializedListOrganizationMembershipsOptions => ({\n user_id: options.userId,\n organization_id: options.organizationId,\n statuses: options.statuses?.join(','),\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n"],"mappings":";;AAKA,MAAa,+CACX,aACkD;CAClD,SAAS,QAAQ;CACjB,iBAAiB,QAAQ;CACzB,UAAU,QAAQ,UAAU,KAAK,IAAI;CACrC,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB"}

package/lib/user-management/serializers/list-sessions-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"list-sessions-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/list-sessions-options.serializer.ts"],"sourcesContent":["import {\n ListSessionsOptions,\n SerializedListSessionsOptions,\n} from '../interfaces/list-sessions-options.interface';\n\nexport const serializeListSessionsOptions = (\n options: ListSessionsOptions,\n): SerializedListSessionsOptions => ({\n ...options,\n});\n"],"mappings":";;AAKA,MAAa,gCACX,aACmC,EACnC,GAAG,SACJ"}

package/lib/user-management/serializers/list-users-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"list-users-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/list-users-options.serializer.ts"],"sourcesContent":["import { ListUsersOptions, SerializedListUsersOptions } from '../interfaces';\n\nexport const serializeListUsersOptions = (\n options: ListUsersOptions,\n): SerializedListUsersOptions => ({\n email: options.email,\n organization_id: options.organizationId,\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n"],"mappings":";;AAEA,MAAa,6BACX,aACgC;CAChC,OAAO,QAAQ;CACf,iBAAiB,QAAQ;CACzB,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB"}

package/lib/user-management/serializers/magic-auth.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"magic-auth.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/magic-auth.serializer.ts"],"sourcesContent":["import {\n MagicAuth,\n MagicAuthEvent,\n MagicAuthEventResponse,\n MagicAuthResponse,\n} from '../interfaces/magic-auth.interface';\n\nexport const deserializeMagicAuth = (\n magicAuth: MagicAuthResponse,\n): MagicAuth => ({\n object: magicAuth.object,\n id: magicAuth.id,\n userId: magicAuth.user_id,\n email: magicAuth.email,\n expiresAt: magicAuth.expires_at,\n code: magicAuth.code,\n createdAt: magicAuth.created_at,\n updatedAt: magicAuth.updated_at,\n});\n\nexport const deserializeMagicAuthEvent = (\n magicAuth: MagicAuthEventResponse,\n): MagicAuthEvent => ({\n object: magicAuth.object,\n id: magicAuth.id,\n userId: magicAuth.user_id,\n email: magicAuth.email,\n expiresAt: magicAuth.expires_at,\n createdAt: magicAuth.created_at,\n updatedAt: magicAuth.updated_at,\n});\n"],"mappings":";;AAOA,MAAa,wBACX,eACe;CACf,QAAQ,UAAU;CAClB,IAAI,UAAU;CACd,QAAQ,UAAU;CAClB,OAAO,UAAU;CACjB,WAAW,UAAU;CACrB,MAAM,UAAU;CAChB,WAAW,UAAU;CACrB,WAAW,UAAU;CACtB;AAED,MAAa,6BACX,eACoB;CACpB,QAAQ,UAAU;CAClB,IAAI,UAAU;CACd,QAAQ,UAAU;CAClB,OAAO,UAAU;CACjB,WAAW,UAAU;CACrB,WAAW,UAAU;CACrB,WAAW,UAAU;CACtB"}

package/lib/user-management/serializers/oauth-tokens.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"oauth-tokens.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/oauth-tokens.serializer.ts"],"sourcesContent":["import { OauthTokensResponse, OauthTokens } from '../interfaces';\n\nexport const deserializeOauthTokens = (\n oauthTokens?: OauthTokensResponse,\n): OauthTokens | undefined =>\n oauthTokens\n ? {\n accessToken: oauthTokens.access_token,\n refreshToken: oauthTokens.refresh_token,\n expiresAt: oauthTokens.expires_at,\n scopes: oauthTokens.scopes,\n }\n : undefined;\n"],"mappings":";;AAEA,MAAa,0BACX,gBAEA,cACI;CACE,aAAa,YAAY;CACzB,cAAc,YAAY;CAC1B,WAAW,YAAY;CACvB,QAAQ,YAAY;CACrB,GACD"}

package/lib/user-management/serializers/organization-membership.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"organization-membership.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/organization-membership.serializer.ts"],"sourcesContent":["import {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from '../interfaces/organization-membership.interface';\n\nexport const deserializeOrganizationMembership = (\n organizationMembership: OrganizationMembershipResponse,\n): OrganizationMembership => ({\n object: organizationMembership.object,\n id: organizationMembership.id,\n userId: organizationMembership.user_id,\n organizationId: organizationMembership.organization_id,\n organizationName: organizationMembership.organization_name,\n status: organizationMembership.status,\n createdAt: organizationMembership.created_at,\n updatedAt: organizationMembership.updated_at,\n role: organizationMembership.role,\n ...(organizationMembership.roles && { roles: organizationMembership.roles }),\n});\n"],"mappings":";;AAKA,MAAa,qCACX,4BAC4B;CAC5B,QAAQ,uBAAuB;CAC/B,IAAI,uBAAuB;CAC3B,QAAQ,uBAAuB;CAC/B,gBAAgB,uBAAuB;CACvC,kBAAkB,uBAAuB;CACzC,QAAQ,uBAAuB;CAC/B,WAAW,uBAAuB;CAClC,WAAW,uBAAuB;CAClC,MAAM,uBAAuB;CAC7B,GAAI,uBAAuB,SAAS,EAAE,OAAO,uBAAuB,OAAO;CAC5E"}

package/lib/user-management/serializers/password-reset.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"password-reset.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/password-reset.serializer.ts"],"sourcesContent":["import {\n PasswordReset,\n PasswordResetEvent,\n PasswordResetEventResponse,\n PasswordResetResponse,\n} from '../interfaces';\n\nexport const deserializePasswordReset = (\n passwordReset: PasswordResetResponse,\n): PasswordReset => ({\n object: passwordReset.object,\n id: passwordReset.id,\n userId: passwordReset.user_id,\n email: passwordReset.email,\n passwordResetToken: passwordReset.password_reset_token,\n passwordResetUrl: passwordReset.password_reset_url,\n expiresAt: passwordReset.expires_at,\n createdAt: passwordReset.created_at,\n});\n\nexport const deserializePasswordResetEvent = (\n passwordReset: PasswordResetEventResponse,\n): PasswordResetEvent => ({\n object: passwordReset.object,\n id: passwordReset.id,\n userId: passwordReset.user_id,\n email: passwordReset.email,\n expiresAt: passwordReset.expires_at,\n createdAt: passwordReset.created_at,\n});\n"],"mappings":";;AAOA,MAAa,4BACX,mBACmB;CACnB,QAAQ,cAAc;CACtB,IAAI,cAAc;CAClB,QAAQ,cAAc;CACtB,OAAO,cAAc;CACrB,oBAAoB,cAAc;CAClC,kBAAkB,cAAc;CAChC,WAAW,cAAc;CACzB,WAAW,cAAc;CAC1B;AAED,MAAa,iCACX,mBACwB;CACxB,QAAQ,cAAc;CACtB,IAAI,cAAc;CAClB,QAAQ,cAAc;CACtB,OAAO,cAAc;CACrB,WAAW,cAAc;CACzB,WAAW,cAAc;CAC1B"}

package/lib/user-management/serializers/reset-password-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"reset-password-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/reset-password-options.serializer.ts"],"sourcesContent":["import {\n ResetPasswordOptions,\n SerializedResetPasswordOptions,\n} from '../interfaces';\n\nexport const serializeResetPasswordOptions = (\n options: ResetPasswordOptions,\n): SerializedResetPasswordOptions => ({\n token: options.token,\n new_password: options.newPassword,\n});\n"],"mappings":";;AAKA,MAAa,iCACX,aACoC;CACpC,OAAO,QAAQ;CACf,cAAc,QAAQ;CACvB"}

package/lib/user-management/serializers/role.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"role.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/role.serializer.ts"],"sourcesContent":["import { RoleEvent, RoleEventResponse } from '../../roles/interfaces';\n\nexport const deserializeRoleEvent = (role: RoleEventResponse): RoleEvent => ({\n object: 'role',\n slug: role.slug,\n permissions: role.permissions,\n createdAt: role.created_at,\n updatedAt: role.updated_at,\n});\n"],"mappings":";;AAEA,MAAa,wBAAwB,UAAwC;CAC3E,QAAQ;CACR,MAAM,KAAK;CACX,aAAa,KAAK;CAClB,WAAW,KAAK;CAChB,WAAW,KAAK;CACjB"}

package/lib/user-management/serializers/send-invitation-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"send-invitation-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/send-invitation-options.serializer.ts"],"sourcesContent":["import {} from '../interfaces';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from '../interfaces/send-invitation-options.interface';\n\nexport const serializeSendInvitationOptions = (\n options: SendInvitationOptions,\n): SerializedSendInvitationOptions => ({\n email: options.email,\n organization_id: options.organizationId,\n expires_in_days: options.expiresInDays,\n inviter_user_id: options.inviterUserId,\n role_slug: options.roleSlug,\n});\n"],"mappings":";;AAMA,MAAa,kCACX,aACqC;CACrC,OAAO,QAAQ;CACf,iBAAiB,QAAQ;CACzB,iBAAiB,QAAQ;CACzB,iBAAiB,QAAQ;CACzB,WAAW,QAAQ;CACpB"}

package/lib/user-management/serializers/session.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"session.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/session.serializer.ts"],"sourcesContent":["import { Session, SessionResponse } from '../interfaces';\n\nexport const deserializeSession = (session: SessionResponse): Session => ({\n object: 'session',\n id: session.id,\n userId: session.user_id,\n ipAddress: session.ip_address,\n userAgent: session.user_agent,\n organizationId: session.organization_id,\n impersonator: session.impersonator,\n authMethod: session.auth_method,\n status: session.status,\n expiresAt: session.expires_at,\n endedAt: session.ended_at,\n createdAt: session.created_at,\n updatedAt: session.updated_at,\n});\n"],"mappings":";;AAEA,MAAa,sBAAsB,aAAuC;CACxE,QAAQ;CACR,IAAI,QAAQ;CACZ,QAAQ,QAAQ;CAChB,WAAW,QAAQ;CACnB,WAAW,QAAQ;CACnB,gBAAgB,QAAQ;CACxB,cAAc,QAAQ;CACtB,YAAY,QAAQ;CACpB,QAAQ,QAAQ;CAChB,WAAW,QAAQ;CACnB,SAAS,QAAQ;CACjB,WAAW,QAAQ;CACnB,WAAW,QAAQ;CACpB"}

package/lib/user-management/serializers/update-organization-membership-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"update-organization-membership-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/update-organization-membership-options.serializer.ts"],"sourcesContent":["import {\n UpdateOrganizationMembershipOptions,\n SerializedUpdateOrganizationMembershipOptions,\n} from '../interfaces/update-organization-membership-options.interface';\n\nexport const serializeUpdateOrganizationMembershipOptions = (\n options: UpdateOrganizationMembershipOptions,\n): SerializedUpdateOrganizationMembershipOptions => ({\n role_slug: options.roleSlug,\n role_slugs: options.roleSlugs,\n});\n"],"mappings":";;AAKA,MAAa,gDACX,aACmD;CACnD,WAAW,QAAQ;CACnB,YAAY,QAAQ;CACrB"}

package/lib/user-management/serializers/update-user-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"update-user-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/update-user-options.serializer.ts"],"sourcesContent":["import { SerializedUpdateUserOptions, UpdateUserOptions } from '../interfaces';\n\nexport const serializeUpdateUserOptions = (\n options: UpdateUserOptions,\n): SerializedUpdateUserOptions => ({\n email: options.email,\n email_verified: options.emailVerified,\n first_name: options.firstName,\n last_name: options.lastName,\n password: options.password,\n password_hash: options.passwordHash,\n password_hash_type: options.passwordHashType,\n external_id: options.externalId,\n locale: options.locale,\n metadata: options.metadata,\n});\n"],"mappings":";;AAEA,MAAa,8BACX,aACiC;CACjC,OAAO,QAAQ;CACf,gBAAgB,QAAQ;CACxB,YAAY,QAAQ;CACpB,WAAW,QAAQ;CACnB,UAAU,QAAQ;CAClB,eAAe,QAAQ;CACvB,oBAAoB,QAAQ;CAC5B,aAAa,QAAQ;CACrB,QAAQ,QAAQ;CAChB,UAAU,QAAQ;CACnB"}

package/lib/user-management/serializers/update-user-password-options.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"update-user-password-options.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/update-user-password-options.serializer.ts"],"sourcesContent":["import {\n SerializedUpdateUserPasswordOptions,\n UpdateUserPasswordOptions,\n} from '../interfaces';\n\nexport const serializeUpdateUserPasswordOptions = (\n options: UpdateUserPasswordOptions,\n): SerializedUpdateUserPasswordOptions => ({\n password: options.password,\n});\n"],"mappings":";;AAKA,MAAa,sCACX,aACyC,EACzC,UAAU,QAAQ,UACnB"}

package/lib/user-management/serializers/user.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"user.serializer.cjs","names":[],"sources":["../../../src/user-management/serializers/user.serializer.ts"],"sourcesContent":["import { User, UserResponse } from '../interfaces';\n\nexport const deserializeUser = (user: UserResponse): User => ({\n object: user.object,\n id: user.id,\n email: user.email,\n emailVerified: user.email_verified,\n firstName: user.first_name,\n profilePictureUrl: user.profile_picture_url,\n lastName: user.last_name,\n lastSignInAt: user.last_sign_in_at,\n locale: user.locale,\n createdAt: user.created_at,\n updatedAt: user.updated_at,\n externalId: user.external_id ?? null,\n metadata: user.metadata ?? {},\n});\n"],"mappings":";;AAEA,MAAa,mBAAmB,UAA8B;CAC5D,QAAQ,KAAK;CACb,IAAI,KAAK;CACT,OAAO,KAAK;CACZ,eAAe,KAAK;CACpB,WAAW,KAAK;CAChB,mBAAmB,KAAK;CACxB,UAAU,KAAK;CACf,cAAc,KAAK;CACnB,QAAQ,KAAK;CACb,WAAW,KAAK;CAChB,WAAW,KAAK;CAChB,YAAY,KAAK,eAAe;CAChC,UAAU,KAAK,YAAY,EAAE;CAC9B"}

package/lib/user-management/session.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"session.cjs","names":["AuthenticateWithSessionCookieFailureReason","unsealData","getJose","RefreshSessionFailureReason","OauthException"],"sources":["../../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from '../common/crypto/seal';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n // unsealData returns {} for known seal errors (expired, bad hmac, etc.)\n // Unknown errors propagate - don't catch them as \"invalid session\"\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n authenticationMethod: session.authenticationMethod,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n authenticationMethod: authenticationResponse.authenticationMethod,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n // Only treat as invalid JWT if it's an actual JWT/JWS error from jose\n // Network errors, crypto failures, etc. should propagate\n if (\n e instanceof Error &&\n 'code' in e &&\n typeof e.code === 'string' &&\n (e.code.startsWith('ERR_JWT_') || e.code.startsWith('ERR_JWS_'))\n ) {\n return false;\n }\n throw e;\n }\n }\n}\n"],"mappings":";;;;;;;AAoBA,IAAa,gBAAb,MAA2B;CACzB,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,gBACA,aACA,gBACA;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,6BAA6B;AAG/C,OAAK,iBAAiB;AACtB,OAAK,iBAAiB;AACtB,OAAK,cAAc;;;;;;;CAQrB,MAAM,eAGJ;AACA,MAAI,CAAC,KAAK,YACR,QAAO;GACL,eAAe;GACf,QACEA,yHAA2C;GAC9C;EAKH,MAAM,UAAU,MAAMC,sCAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACED,yHAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQA,yHAA2C;GACpD;EAGH,MAAM,EAAE,cAAc,MAAME,4BAAS;EAErC,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd,sBAAsB,QAAQ;GAC9B,cAAc,QAAQ;GACtB,aAAa,QAAQ;GACtB;;;;;;;;;;CAWH,MAAM,QAAQ,UAA0B,EAAE,EAAmC;EAC3E,MAAM,EAAE,cAAc,MAAMA,4BAAS;EACrC,MAAM,UAAU,MAAMD,sCAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,KACpC,QAAO;GACL,eAAe;GACf,QAAQE,uGAA4B;GACrC;EAGH,MAAM,EAAE,QAAQ,kCAAkC,UAChD,QAAQ,YACT;AAED,MAAI;GACF,MAAM,iBAAiB,QAAQ,kBAAkB,KAAK;GAEtD,MAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;IACrD,UAAU,KAAK,eAAe;IAC9B,cAAc,QAAQ;IACtB,gBACE,QAAQ,kBAAkB;IAC5B,SAAS;KAEP,aAAa;KACb;KACD;IACF,CAAC;AAGJ,OAAI,QAAQ,eACV,MAAK,iBAAiB,QAAQ;AAGhC,QAAK,cAAc,uBAAuB;GAE1C,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,uBAAuB,YAAY;AAI9D,UAAO;IACL,eAAe;IACf,eAAe,uBAAuB;IACtC,SAAS;IACT,sBAAsB,uBAAuB;IAC7C;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,QAAQ;IACd,cAAc,QAAQ;IACvB;WACM,OAAO;AACd,OACE,iBAAiBC,6DAEhB,MAAM,UAAUD,uGAA4B,iBAC3C,MAAM,UAAUA,uGAA4B,kBAC5C,MAAM,UAAUA,uGAA4B,cAE9C,QAAO;IACL,eAAe;IACf,QAAQ,MAAM;IACf;AAGH,SAAM;;;;;;;;CASV,MAAM,aAAa,EACjB,aACyB,EAAE,EAAmB;EAC9C,MAAM,yBAAyB,MAAM,KAAK,cAAc;AAExD,MAAI,CAAC,uBAAuB,eAAe;GACzC,MAAM,EAAE,WAAW;AACnB,SAAM,IAAI,MAAM,gDAAgD,SAAS;;AAG3E,SAAO,KAAK,eAAe,aAAa;GACtC,WAAW,uBAAuB;GAClC;GACD,CAAC;;CAGJ,MAAc,WAAW,aAAuC;EAC9D,MAAM,EAAE,cAAc,MAAMD,4BAAS;EACrC,MAAM,OAAO,MAAM,KAAK,eAAe,SAAS;AAChD,MAAI,CAAC,KACH,OAAM,IAAI,MACR,kEACD;AAGH,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AAGV,OACE,aAAa,SACb,UAAU,KACV,OAAO,EAAE,SAAS,aACjB,EAAE,KAAK,WAAW,WAAW,IAAI,EAAE,KAAK,WAAW,WAAW,EAE/D,QAAO;AAET,SAAM"}

package/lib/user-management/user-management.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"user-management.cjs","names":["workos: WorkOS","getJose","CookieSession","deserializeUser","AutoPaginatable","fetchAndDeserialize","serializeListUsersOptions","serializeCreateUserOptions","serializeAuthenticateWithMagicAuthOptions","deserializeAuthenticationResponse","serializeAuthenticateWithPasswordOptions","serializeAuthenticateWithCodeOptions","serializeAuthenticateWithCodeAndVerifierOptions","serializeAuthenticateWithRefreshTokenPublicClientOptions","serializeAuthenticateWithRefreshTokenOptions","serializeAuthenticateWithTotpOptions","serializeAuthenticateWithEmailVerificationOptions","serializeAuthenticateWithOrganizationSelectionOptions","getEnv","AuthenticateWithSessionCookieFailureReason","unsealData","sealData","deserializeEmailVerification","deserializeMagicAuth","serializeCreateMagicAuthOptions","deserializePasswordReset","serializeCreatePasswordResetOptions","serializeResetPasswordOptions","serializeUpdateUserOptions","serializeEnrollAuthFactorOptions","deserializeFactorWithSecrets","deserializeChallenge","deserializeFactor","deserializeFeatureFlag","deserializeSession","serializeListSessionsOptions","deserializeIdentities","deserializeOrganizationMembership","serializeListOrganizationMembershipsOptions","serializeCreateOrganizationMembershipOptions","serializeUpdateOrganizationMembershipOptions","deserializeInvitation","serializeListInvitationsOptions","serializeSendInvitationOptions","serializeRevokeSessionOptions","toQueryString"],"sources":["../../src/user-management/user-management.ts"],"sourcesContent":["import { sealData, unsealData } from '../common/crypto/seal';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { toQueryString } from '../common/utils/query-string';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport {\n FeatureFlag,\n FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeAndVerifierOptions,\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListSessionsOptions,\n ListUsersOptions,\n ListUserFeatureFlagsOptions,\n LogoutURLOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithRefreshTokenPublicClientOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListSessionsOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n Session,\n SessionResponse,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport {\n PKCEAuthorizationURLResult,\n UserManagementAuthorizationURLOptions,\n} from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeSession,\n deserializeUser,\n serializeAuthenticateWithCodeAndVerifierOptions,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithRefreshTokenPublicClientOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeListSessionsOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { CookieSession } from './session';\nimport { getJose } from '../utils/jose';\n\nexport class UserManagement {\n private _jwks:\n | ReturnType<typeof import('jose').createRemoteJWKSet>\n | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n /**\n * Resolve clientId from method options or fall back to constructor-provided value.\n * @throws TypeError if clientId is not available from either source\n */\n private resolveClientId(clientId?: string): string {\n const resolved = clientId ?? this.clientId;\n if (!resolved) {\n throw new TypeError(\n 'clientId is required. Provide it in method options or when initializing WorkOS.',\n );\n }\n return resolved;\n }\n\n async getJWKS(): Promise<\n ReturnType<typeof import('jose').createRemoteJWKSet> | undefined\n > {\n const { createRemoteJWKSet } = await getJose();\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): CookieSession {\n return new CookieSession(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n /**\n * Exchange an authorization code for tokens.\n *\n * Auto-detects public vs confidential client mode:\n * - If codeVerifier is provided: Uses PKCE flow (public client)\n * - If no codeVerifier: Uses client_secret from API key (confidential client)\n * - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)\n *\n * Using PKCE with confidential clients is recommended by OAuth 2.1 for defense\n * in depth and provides additional CSRF protection on the authorization flow.\n *\n * @throws Error if neither codeVerifier nor API key is available\n */\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, codeVerifier, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n // Validate codeVerifier is not an empty string (common mistake)\n if (codeVerifier !== undefined && codeVerifier.trim() === '') {\n throw new TypeError(\n 'codeVerifier cannot be an empty string. ' +\n 'Generate a valid PKCE pair using workos.pkce.generate().',\n );\n }\n\n const hasApiKey = !!this.workos.key;\n const hasPKCE = !!codeVerifier;\n\n if (!hasPKCE && !hasApiKey) {\n throw new TypeError(\n 'authenticateWithCode requires either a codeVerifier (for public clients) ' +\n 'or an API key configured on the WorkOS instance (for confidential clients).',\n );\n }\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n codeVerifier,\n clientSecret: hasApiKey ? this.workos.key : undefined,\n }),\n { skipApiKeyCheck: !hasApiKey },\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n /**\n * Exchange an authorization code for tokens using PKCE (public client flow).\n * Use this instead of authenticateWithCode() when the client cannot securely\n * store a client_secret (browser, mobile, CLI, desktop apps).\n *\n * @param payload.clientId - Your WorkOS client ID\n * @param payload.code - The authorization code from the OAuth callback\n * @param payload.codeVerifier - The PKCE code verifier used to generate the code challenge\n */\n async authenticateWithCodeAndVerifier(\n payload: AuthenticateWithCodeAndVerifierOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeAndVerifierOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeAndVerifierOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n }),\n { skipApiKeyCheck: true },\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n /**\n * Refresh an access token using a refresh token.\n * Automatically detects public client mode - if no API key is configured,\n * omits client_secret from the request.\n */\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n const isPublicClient = !this.workos.key;\n\n const body = isPublicClient\n ? serializeAuthenticateWithRefreshTokenPublicClientOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n })\n : serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n });\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n | SerializedAuthenticateWithRefreshTokenOptions\n | SerializedAuthenticateWithRefreshTokenPublicClientOptions\n >('/user_management/authenticate', body, {\n skipApiKeyCheck: isPublicClient,\n });\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const jwks = await this.getJWKS();\n\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n const { decodeJwt } = await getJose();\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n user: session.user,\n permissions,\n entitlements,\n featureFlags,\n accessToken: session.accessToken,\n authenticationMethod: session.authenticationMethod,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const jwks = await this.getJWKS();\n const { jwtVerify } = await getJose();\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n // Only treat as invalid JWT if it's an actual JWT/JWS error from jose\n // Network errors, crypto failures, etc. should propagate\n if (\n e instanceof Error &&\n 'code' in e &&\n typeof e.code === 'string' &&\n (e.code.startsWith('ERR_JWT_') || e.code.startsWith('ERR_JWS_'))\n ) {\n return false;\n }\n throw e;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n if (!this.workos.key) {\n throw new Error(\n 'Session sealing requires server-side usage with an API key. ' +\n 'Public clients should store tokens directly ' +\n '(e.g., secure storage on mobile, keychain on desktop).',\n );\n }\n\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { decodeJwt } = await getJose();\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n authenticationMethod: authenticationResponse.authenticationMethod,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async listUserFeatureFlags(\n options: ListUserFeatureFlagsOptions,\n ): Promise<AutoPaginatable<FeatureFlag>> {\n const { userId, ...paginationOptions } = options;\n\n return new AutoPaginatable(\n await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n paginationOptions,\n ),\n (params) =>\n fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n params,\n ),\n paginationOptions,\n );\n }\n\n async listSessions(\n userId: string,\n options?: ListSessionsOptions,\n ): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n options ? serializeListSessionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n params,\n ),\n options ? serializeListSessionsOptions(options) : undefined,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async resendInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/resend`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n /**\n * Generate an OAuth 2.0 authorization URL.\n *\n * For public clients (browser, mobile, CLI), include PKCE parameters:\n * - Generate PKCE using workos.pkce.generate()\n * - Pass codeChallenge and codeChallengeMethod here\n * - Store codeVerifier and pass to authenticateWithCode() later\n *\n * Or use getAuthorizationUrlWithPKCE() which handles PKCE automatically.\n */\n getAuthorizationUrl(options: UserManagementAuthorizationURLOptions): string {\n const {\n connectionId,\n codeChallenge,\n codeChallengeMethod,\n clientId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerQueryParams,\n providerScopes,\n prompt,\n redirectUri,\n state,\n screenHint,\n } = options;\n const resolvedClientId = this.resolveClientId(clientId);\n\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n prompt,\n client_id: resolvedClientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n return `${this.workos.baseURL}/user_management/authorize?${query}`;\n }\n\n /**\n * Generate an OAuth 2.0 authorization URL with automatic PKCE.\n *\n * This method generates PKCE parameters internally and returns them along with\n * the authorization URL. Use this for public clients (CLI apps, Electron, mobile)\n * that cannot securely store a client secret.\n *\n * @returns Object containing url, state, and codeVerifier\n *\n * @example\n * ```typescript\n * const { url, state, codeVerifier } = await workos.userManagement.getAuthorizationUrlWithPKCE({\n * provider: 'authkit',\n * clientId: 'client_123',\n * redirectUri: 'myapp://callback',\n * });\n *\n * // Store state and codeVerifier securely, then redirect user to url\n * // After callback, exchange the code:\n * const response = await workos.userManagement.authenticateWithCode({\n * code: authorizationCode,\n * codeVerifier,\n * clientId: 'client_123',\n * });\n * ```\n */\n async getAuthorizationUrlWithPKCE(\n options: Omit<\n UserManagementAuthorizationURLOptions,\n 'codeChallenge' | 'codeChallengeMethod' | 'state'\n >,\n ): Promise<PKCEAuthorizationURLResult> {\n const {\n clientId,\n connectionId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerQueryParams,\n providerScopes,\n prompt,\n redirectUri,\n screenHint,\n } = options;\n const resolvedClientId = this.resolveClientId(clientId);\n\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n // Generate PKCE parameters\n const pkce = await this.workos.pkce.generate();\n\n // Generate secure random state\n const state = this.workos.pkce.generateCodeVerifier(43);\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: pkce.codeChallenge,\n code_challenge_method: 'S256',\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n prompt,\n client_id: resolvedClientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n const url = `${this.workos.baseURL}/user_management/authorize?${query}`;\n\n return { url, state, codeVerifier: pkce.codeVerifier };\n }\n\n getLogoutUrl(options: LogoutURLOptions): string {\n const { sessionId, returnTo } = options;\n\n if (!sessionId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);\n }\n\n const url = new URL(\n '/user_management/sessions/logout',\n this.workos.baseURL,\n );\n\n url.searchParams.set('session_id', sessionId);\n if (returnTo) {\n url.searchParams.set('return_to', returnTo);\n }\n\n return url.toString();\n }\n\n getJwksUrl(clientId: string): string {\n if (!clientId) {\n throw new TypeError('clientId must be a valid clientId');\n }\n\n return `${this.workos.baseURL}/sso/jwks/${clientId}`;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiKA,IAAa,iBAAb,MAA4B;CAC1B,AAAQ;CAGR,AAAO;CAEP,YAAY,AAAiBA,QAAgB;EAAhB;EAC3B,MAAM,EAAE,aAAa,OAAO;AAE5B,OAAK,WAAW;;;;;;CAOlB,AAAQ,gBAAgB,UAA2B;EACjD,MAAM,WAAW,YAAY,KAAK;AAClC,MAAI,CAAC,SACH,OAAM,IAAI,UACR,kFACD;AAEH,SAAO;;CAGT,MAAM,UAEJ;EACA,MAAM,EAAE,uBAAuB,MAAMC,4BAAS;AAC9C,MAAI,CAAC,KAAK,SACR;AAIF,OAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,SAAS,CAAC,EAAE,EACzE,kBAAkB,MAAO,KAAK,GAC/B,CAAC;AAEF,SAAO,KAAK;;;;;;;;;;CAWd,kBAAkB,SAGA;AAChB,SAAO,IAAIC,8CAAc,MAAM,QAAQ,aAAa,QAAQ,eAAe;;CAG7E,MAAM,QAAQ,QAA+B;EAC3C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,SAC3B;AAED,SAAOC,oEAAgB,KAAK;;CAG9B,MAAM,oBAAoB,YAAmC;EAC3D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,sCAAsC,aACvC;AAED,SAAOA,oEAAgB,KAAK;;CAG9B,MAAM,UACJ,SAC4D;AAC5D,SAAO,IAAIC,gDACT,MAAMC,+DACJ,KAAK,QACL,0BACAF,qEACA,UAAUG,4FAA0B,QAAQ,GAAG,OAChD,GACA,WACCD,+DACE,KAAK,QACL,0BACAF,qEACA,OACD,EACH,UAAUG,4FAA0B,QAAQ,GAAG,OAChD;;CAGH,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0BC,8FAA2B,QAAQ,CAAC;AAEhE,SAAOJ,oEAAgB,KAAK;;CAG9B,MAAM,0BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAK,8HAA0C;GACxC,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBC,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,yBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAC,2HAAyC;GACvC,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBD,yGAAkC,KAAK;GAC/D;GACD,CAAC;;;;;;;;;;;;;;;CAgBJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,cAAc,GAAG,qBAAqB;EACjE,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;AAGvD,MAAI,iBAAiB,UAAa,aAAa,MAAM,KAAK,GACxD,OAAM,IAAI,UACR,mGAED;EAGH,MAAM,YAAY,CAAC,CAAC,KAAK,OAAO;AAGhC,MAAI,CAFY,CAAC,CAAC,gBAEF,CAAC,UACf,OAAM,IAAI,UACR,uJAED;EAGH,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAE,mHAAqC;GACnC,GAAG;GACH,UAAU;GACV;GACA,cAAc,YAAY,KAAK,OAAO,MAAM;GAC7C,CAAC,EACF,EAAE,iBAAiB,CAAC,WAAW,CAChC;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBF,yGAAkC,KAAK;GAC/D;GACD,CAAC;;;;;;;;;;;CAYJ,MAAM,gCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAG,2IAAgD;GAC9C,GAAG;GACH,UAAU;GACX,CAAC,EACF,EAAE,iBAAiB,MAAM,CAC1B;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBH,yGAAkC,KAAK;GAC/D;GACD,CAAC;;;;;;;CAQJ,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EACvD,MAAM,iBAAiB,CAAC,KAAK,OAAO;EAEpC,MAAM,OAAO,iBACTI,8JAAyD;GACvD,GAAG;GACH,UAAU;GACX,CAAC,GACFC,oIAA6C;GAC3C,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC;EAEN,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCAAiC,MAAM,EACvC,iBAAiB,gBAClB,CAAC;AAEF,SAAO,KAAK,8BAA8B;GACxC,wBAAwBL,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAM,mHAAqC;GACnC,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBN,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,kCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAO,sIAAkD;GAChD,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBP,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,sCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACAQ,sJAAsD;GACpD,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwBR,yGAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,8BAA8B,EAClC,aACA,iBAAiBS,gCAAO,yBAAyB,IAIjD;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAKhD,MAAI,CAFS,MAAM,KAAK,SAAS,CAG/B,OAAM,IAAI,MAAM,2CAA2C;EAG7D,MAAM,EAAE,cAAc,MAAMjB,4BAAS;AAErC,MAAI,CAAC,YACH,QAAO;GACL,eAAe;GACf,QACEkB,yHAA2C;GAC9C;EAGH,MAAM,UAAU,MAAMC,sCAA8B,aAAa,EAC/D,UAAU,gBACX,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACED,yHAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQA,yHAA2C;GACpD;EAGH,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd;GACA;GACA;GACA,aAAa,QAAQ;GACrB,sBAAsB,QAAQ;GAC/B;;CAGH,MAAc,WAAW,aAAuC;EAC9D,MAAM,OAAO,MAAM,KAAK,SAAS;EACjC,MAAM,EAAE,cAAc,MAAMlB,4BAAS;AACrC,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,2CAA2C;AAG7D,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AAGV,OACE,aAAa,SACb,UAAU,KACV,OAAO,EAAE,SAAS,aACjB,EAAE,KAAK,WAAW,WAAW,IAAI,EAAE,KAAK,WAAW,WAAW,EAE/D,QAAO;AAET,SAAM;;;CAIV,MAAc,8BAA8B,EAC1C,wBACA,WAIkC;AAClC,MAAI,SAAS,aAAa;AACxB,OAAI,CAAC,KAAK,OAAO,IACf,OAAM,IAAI,MACR,iKAGD;AAGH,UAAO;IACL,GAAG;IACH,eAAe,MAAM,KAAK,0CAA0C;KAClE;KACA,gBAAgB,QAAQ;KACzB,CAAC;IACH;;AAGH,SAAO;;CAGT,MAAc,0CAA0C,EACtD,wBACA,kBAIkB;AAClB,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;EAGhD,MAAM,EAAE,cAAc,MAAMA,4BAAS;EAErC,MAAM,EAAE,QAAQ,kCAAkC,UAChD,uBAAuB,YACxB;AAWD,SAAOoB,oCATgC;GACrC,gBAAgB;GAChB,MAAM,uBAAuB;GAC7B,aAAa,uBAAuB;GACpC,cAAc,uBAAuB;GACrC,sBAAsB,uBAAuB;GAC7C,cAAc,uBAAuB;GACtC,EAE4B,EAC3B,UAAU,gBACX,CAAC;;CAGJ,MAAM,qBAAqB,EACzB,aACA,iBAAiBH,gCAAO,yBAAyB,IACe;AAChE,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAGhD,MAAI,YACF,QAAOE,sCAA8B,aAAa,EAChD,UAAU,gBACX,CAAC;;CAMN,MAAM,qBACJ,qBAC4B;EAC5B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,uCAAuC,sBACxC;AAED,SAAOE,+FAA6B,KAAK;;CAG3C,MAAM,sBAAsB,EAC1B,UACwD;EACxD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BAA0B,OAAO,2BACjC,EAAE,CACH;AAED,SAAO,EAAE,MAAMnB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,aAAa,aAAyC;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,+BAA+B,cAChC;AAED,SAAOoB,+EAAqB,KAAK;;CAGnC,MAAM,gBAAgB,SAAqD;EACzE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,+BACAC,yGAAgC,EAC9B,GAAG,SACJ,CAAC,CACH;AAED,SAAOD,+EAAqB,KAAK;;CAGnC,MAAM,YAAY,EAChB,MACA,UAC8C;EAC9C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,OAAO,8BAA8B,EAC/D,MACD,CAAC;AAEF,SAAO,EAAE,MAAMpB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,iBAAiB,iBAAiD;EACtE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,mCAAmC,kBACpC;AAED,SAAOsB,uFAAyB,KAAK;;CAGvC,MAAM,oBACJ,SACwB;EACxB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,mCACAC,iHAAoC,EAClC,GAAG,SACJ,CAAC,CACH;AAED,SAAOD,uFAAyB,KAAK;;CAGvC,MAAM,cAAc,SAAwD;EAC1E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,2CACAE,oGAA8B,QAAQ,CACvC;AAED,SAAO,EAAE,MAAMxB,oEAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,QAAQ,UAClCyB,8FAA2B,QAAQ,CACpC;AAED,SAAOzB,oEAAgB,KAAK;;CAG9B,MAAM,iBAAiB,SAGpB;EACD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,0BAA0B,QAAQ,OAAO,gBACzC0B,2GAAiC,QAAQ,CAC1C;AAED,SAAO;GACL,sBAAsBC,mFACpB,KAAK,sBACN;GACD,yBAAyBC,kEACvB,KAAK,yBACN;GACF;;CAGH,MAAM,gBACJ,SACqD;EACrD,MAAM,EAAE,QAAQ,GAAG,kBAAkB;AACrC,SAAO,IAAI3B,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,gBACjC2B,yEACA,cACD,GACA,WACC3B,+DACE,KAAK,QACL,0BAA0B,OAAO,gBACjC2B,yEACA,OACD,EACH,cACD;;CAGH,MAAM,qBACJ,SACuC;EACvC,MAAM,EAAE,QAAQ,GAAG,sBAAsB;AAEzC,SAAO,IAAI5B,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,iBACjC4B,kFACA,kBACD,GACA,WACC5B,+DACE,KAAK,QACL,0BAA0B,OAAO,iBACjC4B,kFACA,OACD,EACH,kBACD;;CAGH,MAAM,aACJ,QACA,SACkE;AAClE,SAAO,IAAI7B,gDACT,MAAMC,+DACJ,KAAK,QACL,0BAA0B,OAAO,YACjC6B,2EACA,UAAUC,kGAA6B,QAAQ,GAAG,OACnD,GACA,WACC9B,+DACE,KAAK,QACL,0BAA0B,OAAO,YACjC6B,2EACA,OACD,EACH,UAAUC,kGAA6B,QAAQ,GAAG,OACnD;;CAGH,MAAM,WAAW,QAAgB;AAC/B,QAAM,KAAK,OAAO,OAAO,0BAA0B,SAAS;;CAG9D,MAAM,kBAAkB,QAAqC;AAC3D,MAAI,CAAC,OACH,OAAM,IAAI,UAAU,kDAAkD;EAGxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,OAAO,aAClC;AAED,SAAOC,8EAAsB,KAAK;;CAGpC,MAAM,0BACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,2BAC9C;AAED,SAAOC,yGAAkC,KAAK;;CAGhD,MAAM,4BACJ,SAMA;EACA,MAAM,oBACJC,iIAA4C,QAAQ;AAEtD,SAAO,IAAIlC,gDACT,MAAMC,+DAIJ,KAAK,QACL,6CACAgC,0GACA,kBACD,GACA,WACChC,+DAIE,KAAK,QACL,6CACAgC,0GACA,OACD,EACH,kBACD;;CAGH,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,6CACAE,mIAA6C,QAAQ,CACtD;AAED,SAAOF,yGAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACA,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAIjC,6CAA6C,4BAC7CG,mIAA6C,QAAQ,CACtD;AAED,SAAOH,yGAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACe;AACf,QAAM,KAAK,OAAO,OAChB,6CAA6C,2BAC9C;;CAGH,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAOA,yGAAkC,KAAK;;CAGhD,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAOA,yGAAkC,KAAK;;CAGhD,MAAM,cAAc,cAA2C;EAC7D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eACjC;AAED,SAAOI,gFAAsB,KAAK;;CAGpC,MAAM,sBAAsB,iBAA8C;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,yCAAyC,kBAC1C;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAIrC,gDACT,MAAMC,+DACJ,KAAK,QACL,gCACAoC,iFACA,UAAUC,wGAAgC,QAAQ,GAAG,OACtD,GACA,WACCrC,+DACE,KAAK,QACL,gCACAoC,iFACA,OACD,EACH,UAAUC,wGAAgC,QAAQ,GAAG,OACtD;;CAGH,MAAM,eAAe,SAAqD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,gCACAC,sGAA+B,EAC7B,GAAG,SACJ,CAAC,CACH;AAED,SAAOF,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAOA,gFAAsB,KAAK;;CAGpC,MAAM,cAAc,SAA8C;AAChE,QAAM,KAAK,OAAO,KAChB,oCACAG,kGAA8B,QAAQ,CACvC;;;;;;;;;;;;CAaH,oBAAoB,SAAwD;EAC1E,MAAM,EACJ,cACA,eACA,qBACA,UACA,YACA,WACA,gBACA,UACA,qBACA,gBACA,QACA,aACA,OACA,eACE;EACJ,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;AAEvD,MAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,eACjC,OAAM,IAAI,UACR,kGACD;AAGH,MAAI,aAAa,aAAa,WAC5B,OAAM,IAAI,UACR,wDACD;EAGH,MAAM,QAAQC,gDAAc;GAC1B,eAAe;GACf,gBAAgB;GAChB,uBAAuB;GACvB,iBAAiB;GACjB,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB;GACA,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACA,aAAa;GACd,CAAC;AAEF,SAAO,GAAG,KAAK,OAAO,QAAQ,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6B7D,MAAM,4BACJ,SAIqC;EACrC,MAAM,EACJ,UACA,cACA,YACA,WACA,gBACA,UACA,qBACA,gBACA,QACA,aACA,eACE;EACJ,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;AAEvD,MAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,eACjC,OAAM,IAAI,UACR,kGACD;AAGH,MAAI,aAAa,aAAa,WAC5B,OAAM,IAAI,UACR,wDACD;EAIH,MAAM,OAAO,MAAM,KAAK,OAAO,KAAK,UAAU;EAG9C,MAAM,QAAQ,KAAK,OAAO,KAAK,qBAAqB,GAAG;EAEvD,MAAM,QAAQA,gDAAc;GAC1B,eAAe;GACf,gBAAgB,KAAK;GACrB,uBAAuB;GACvB,iBAAiB;GACjB,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB;GACA,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACA,aAAa;GACd,CAAC;AAIF,SAAO;GAAE,KAFG,GAAG,KAAK,OAAO,QAAQ,6BAA6B;GAElD;GAAO,cAAc,KAAK;GAAc;;CAGxD,aAAa,SAAmC;EAC9C,MAAM,EAAE,WAAW,aAAa;AAEhC,MAAI,CAAC,UACH,OAAM,IAAI,UAAU,qDAAqD;EAG3E,MAAM,MAAM,IAAI,IACd,oCACA,KAAK,OAAO,QACb;AAED,MAAI,aAAa,IAAI,cAAc,UAAU;AAC7C,MAAI,SACF,KAAI,aAAa,IAAI,aAAa,SAAS;AAG7C,SAAO,IAAI,UAAU;;CAGvB,WAAW,UAA0B;AACnC,MAAI,CAAC,SACH,OAAM,IAAI,UAAU,oCAAoC;AAG1D,SAAO,GAAG,KAAK,OAAO,QAAQ,YAAY"}

package/lib/utils/jose.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"jose.cjs","names":["_josePromise: Promise<typeof import('jose')> | undefined"],"sources":["../../src/utils/jose.ts"],"sourcesContent":["let _josePromise: Promise<typeof import('jose')> | undefined;\n\n/**\n * Dynamically imports the jose library using import() to support Node.js 20.0-20.18.\n *\n * The jose library is ESM-only and cannot be loaded via require() in Node.js versions\n * before 20.19.0. This wrapper uses dynamic import() which works in both ESM and CJS\n * across all Node.js 20+ versions.\n *\n * This workaround can be removed when Node.js 20 reaches end-of-life (April 2026),\n * at which point we can bump to Node.js 22+ and use direct imports.\n *\n * @returns Promise that resolves to the jose module\n */\nexport function getJose() {\n return (_josePromise ??= import('jose'));\n}\n"],"mappings":";;AAAA,IAAIA;;;;;;;;;;;;;AAcJ,SAAgB,UAAU;AACxB,QAAQ,iBAAiB,OAAO"}

package/lib/vault/serializers/vault-key.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"vault-key.serializer.cjs","names":[],"sources":["../../../src/vault/serializers/vault-key.serializer.ts"],"sourcesContent":["import { CreateDataKeyResponse } from '../interfaces/key/create-data-key.interface';\nimport { DecryptDataKeyResponse } from '../interfaces/key/decrypt-data-key.interface';\nimport { DataKey, DataKeyPair } from '../interfaces/key.interface';\n\nexport const deserializeCreateDataKeyResponse = (\n key: CreateDataKeyResponse,\n): DataKeyPair => ({\n context: key.context,\n dataKey: {\n key: key.data_key,\n id: key.id,\n },\n encryptedKeys: key.encrypted_keys,\n});\n\nexport const deserializeDecryptDataKeyResponse = (\n key: DecryptDataKeyResponse,\n): DataKey => ({\n key: key.data_key,\n id: key.id,\n});\n"],"mappings":";;AAIA,MAAa,oCACX,SACiB;CACjB,SAAS,IAAI;CACb,SAAS;EACP,KAAK,IAAI;EACT,IAAI,IAAI;EACT;CACD,eAAe,IAAI;CACpB;AAED,MAAa,qCACX,SACa;CACb,KAAK,IAAI;CACT,IAAI,IAAI;CACT"}

package/lib/vault/serializers/vault-object.serializer.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"vault-object.serializer.cjs","names":[],"sources":["../../../src/vault/serializers/vault-object.serializer.ts"],"sourcesContent":["import { List, ListResponse } from '../../common/interfaces';\nimport {\n ReadObjectMetadataResponse,\n ReadObjectResponse,\n UpdateObjectOptions,\n UpdateObjectEntity,\n ObjectMetadata,\n VaultObject,\n ObjectVersionResponse,\n ObjectVersion,\n CreateObjectOptions,\n CreateObjectEntity,\n ObjectDigestResponse,\n ObjectDigest,\n ListObjectVersionsResponse,\n} from '../interfaces';\n\nexport const deserializeObjectMetadata = (\n metadata: ReadObjectMetadataResponse,\n): ObjectMetadata => ({\n context: metadata.context,\n environmentId: metadata.environment_id,\n id: metadata.id,\n keyId: metadata.key_id,\n updatedAt: new Date(Date.parse(metadata.updated_at)),\n updatedBy: metadata.updated_by,\n versionId: metadata.version_id,\n});\n\nexport const deserializeObject = (object: ReadObjectResponse): VaultObject => ({\n id: object.id,\n name: object.name,\n value: object.value,\n metadata: deserializeObjectMetadata(object.metadata),\n});\n\nconst deserializeObjectDigest = (\n digest: ObjectDigestResponse,\n): ObjectDigest => ({\n id: digest.id,\n name: digest.name,\n updatedAt: new Date(Date.parse(digest.updated_at)),\n});\n\nexport const deserializeListObjects = (\n list: ListResponse<ObjectDigestResponse>,\n): List<ObjectDigest> => ({\n object: 'list',\n data: list.data.map(deserializeObjectDigest),\n listMetadata: {\n after: list.list_metadata.after ?? undefined,\n before: list.list_metadata.before ?? undefined,\n },\n});\n\nexport const desrializeListObjectVersions = (\n list: ListObjectVersionsResponse,\n): ObjectVersion[] => list.data.map(deserializeObjectVersion);\n\nconst deserializeObjectVersion = (\n version: ObjectVersionResponse,\n): ObjectVersion => ({\n createdAt: new Date(Date.parse(version.created_at)),\n currentVersion: version.current_version,\n id: version.id,\n});\n\nexport const serializeCreateObjectEntity = (\n options: CreateObjectOptions,\n): CreateObjectEntity => ({\n name: options.name,\n value: options.value,\n key_context: options.context,\n});\n\nexport const serializeUpdateObjectEntity = (\n options: UpdateObjectOptions,\n): UpdateObjectEntity => ({\n value: options.value,\n version_check: options.versionCheck,\n});\n"],"mappings":";;AAiBA,MAAa,6BACX,cACoB;CACpB,SAAS,SAAS;CAClB,eAAe,SAAS;CACxB,IAAI,SAAS;CACb,OAAO,SAAS;CAChB,WAAW,IAAI,KAAK,KAAK,MAAM,SAAS,WAAW,CAAC;CACpD,WAAW,SAAS;CACpB,WAAW,SAAS;CACrB;AAED,MAAa,qBAAqB,YAA6C;CAC7E,IAAI,OAAO;CACX,MAAM,OAAO;CACb,OAAO,OAAO;CACd,UAAU,0BAA0B,OAAO,SAAS;CACrD;AAED,MAAM,2BACJ,YACkB;CAClB,IAAI,OAAO;CACX,MAAM,OAAO;CACb,WAAW,IAAI,KAAK,KAAK,MAAM,OAAO,WAAW,CAAC;CACnD;AAED,MAAa,0BACX,UACwB;CACxB,QAAQ;CACR,MAAM,KAAK,KAAK,IAAI,wBAAwB;CAC5C,cAAc;EACZ,OAAO,KAAK,cAAc,SAAS;EACnC,QAAQ,KAAK,cAAc,UAAU;EACtC;CACF;AAED,MAAa,gCACX,SACoB,KAAK,KAAK,IAAI,yBAAyB;AAE7D,MAAM,4BACJ,aACmB;CACnB,WAAW,IAAI,KAAK,KAAK,MAAM,QAAQ,WAAW,CAAC;CACnD,gBAAgB,QAAQ;CACxB,IAAI,QAAQ;CACb;AAED,MAAa,+BACX,aACwB;CACxB,MAAM,QAAQ;CACd,OAAO,QAAQ;CACf,aAAa,QAAQ;CACtB;AAED,MAAa,+BACX,aACwB;CACxB,OAAO,QAAQ;CACf,eAAe,QAAQ;CACxB"}

package/lib/vault/vault.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"vault.cjs","names":["workos: WorkOS","base64ToUint8Array","decodeUInt32","uint8ArrayToBase64","serializeCreateObjectEntity","deserializeObjectMetadata","deserializeListObjects","desrializeListObjectVersions","deserializeObject","serializeUpdateObjectEntity","deserializeCreateDataKeyResponse","deserializeDecryptDataKeyResponse","encodeUInt32"],"sources":["../../src/vault/vault.ts"],"sourcesContent":["import { decodeUInt32, encodeUInt32 } from '../common/utils/leb128';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { List, ListResponse } from '../common/interfaces';\nimport { PaginationOptions } from '../index.worker';\nimport { base64ToUint8Array, uint8ArrayToBase64 } from '../common/utils/base64';\nimport type { WorkOS } from '../workos';\nimport {\n CreateDataKeyOptions,\n CreateDataKeyResponse,\n CreateObjectOptions,\n DataKey,\n DataKeyPair,\n DecryptDataKeyOptions,\n DecryptDataKeyResponse,\n DeleteObjectOptions,\n KeyContext,\n ListObjectVersionsResponse,\n ObjectDigest,\n ObjectDigestResponse,\n ObjectMetadata,\n ObjectVersion,\n ReadObjectMetadataResponse,\n ReadObjectOptions,\n ReadObjectResponse,\n UpdateObjectOptions,\n VaultObject,\n} from './interfaces';\nimport {\n deserializeCreateDataKeyResponse,\n deserializeDecryptDataKeyResponse,\n} from './serializers/vault-key.serializer';\nimport {\n deserializeListObjects,\n deserializeObject,\n deserializeObjectMetadata,\n desrializeListObjectVersions,\n serializeCreateObjectEntity,\n serializeUpdateObjectEntity,\n} from './serializers/vault-object.serializer';\n\ninterface Decoded {\n iv: Uint8Array;\n tag: Uint8Array;\n keys: string;\n ciphertext: Uint8Array;\n}\n\nexport class Vault {\n private cryptoProvider: CryptoProvider;\n\n constructor(private readonly workos: WorkOS) {\n this.cryptoProvider = workos.getCryptoProvider();\n }\n\n private decode(payload: string): Decoded {\n const inputData = base64ToUint8Array(payload);\n // Use 12 bytes for IV (standard for AES-GCM)\n const iv = new Uint8Array(inputData.subarray(0, 12));\n const tag = new Uint8Array(inputData.subarray(12, 28));\n const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);\n\n // Use subarray instead of slice and convert directly to base64\n const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);\n const keys = uint8ArrayToBase64(keysBuffer);\n\n const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));\n\n return {\n iv,\n tag,\n keys,\n ciphertext,\n };\n }\n\n async createObject(options: CreateObjectOptions): Promise<ObjectMetadata> {\n const { data } = await this.workos.post<ReadObjectMetadataResponse>(\n `/vault/v1/kv`,\n serializeCreateObjectEntity(options),\n );\n return deserializeObjectMetadata(data);\n }\n\n async listObjects(\n options?: PaginationOptions | undefined,\n ): Promise<List<ObjectDigest>> {\n const url = new URL('/vault/v1/kv', this.workos.baseURL);\n if (options?.after) {\n url.searchParams.set('after', options.after);\n }\n if (options?.limit) {\n url.searchParams.set('limit', options.limit.toString());\n }\n\n const { data } = await this.workos.get<ListResponse<ObjectDigestResponse>>(\n url.toString(),\n );\n return deserializeListObjects(data);\n }\n\n async listObjectVersions(\n options: ReadObjectOptions,\n ): Promise<ObjectVersion[]> {\n const { data } = await this.workos.get<ListObjectVersionsResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/versions`,\n );\n return desrializeListObjectVersions(data);\n }\n\n async readObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n );\n return deserializeObject(data);\n }\n\n async readObjectByName(name: string): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/name/${encodeURIComponent(name)}`,\n );\n return deserializeObject(data);\n }\n\n async describeObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`,\n );\n return deserializeObject(data);\n }\n\n async updateObject(options: UpdateObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.put<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n serializeUpdateObjectEntity(options),\n );\n return deserializeObject(data);\n }\n\n async deleteObject(options: DeleteObjectOptions): Promise<void> {\n return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);\n }\n\n async createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair> {\n const { data } = await this.workos.post<CreateDataKeyResponse>(\n `/vault/v1/keys/data-key`,\n options,\n );\n return deserializeCreateDataKeyResponse(data);\n }\n\n async decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey> {\n const { data } = await this.workos.post<DecryptDataKeyResponse>(\n `/vault/v1/keys/decrypt`,\n options,\n );\n return deserializeDecryptDataKeyResponse(data);\n }\n\n async encrypt(\n data: string,\n context: KeyContext,\n associatedData?: string,\n ): Promise<string> {\n const keyPair = await this.createDataKey({\n context,\n });\n\n // Convert base64 key to Uint8Array\n const encoder = new TextEncoder();\n\n // Use our cross-runtime base64 utility\n const key = base64ToUint8Array(keyPair.dataKey.key);\n const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);\n\n const prefixLenBuffer = encodeUInt32(keyBlob.length);\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n // Use a 12-byte IV for AES-GCM (industry standard)\n const iv = this.cryptoProvider.randomBytes(12);\n\n const {\n ciphertext,\n iv: resultIv,\n tag,\n } = await this.cryptoProvider.encrypt(\n encoder.encode(data),\n key,\n iv,\n aadBuffer,\n );\n\n // Concatenate all parts into a single array\n const resultArray = new Uint8Array(\n resultIv.length +\n tag.length +\n prefixLenBuffer.length +\n keyBlob.length +\n ciphertext.length,\n );\n\n let offset = 0;\n resultArray.set(resultIv, offset);\n offset += resultIv.length;\n\n resultArray.set(tag, offset);\n offset += tag.length;\n\n resultArray.set(new Uint8Array(prefixLenBuffer), offset);\n offset += prefixLenBuffer.length;\n\n resultArray.set(keyBlob, offset);\n offset += keyBlob.length;\n\n resultArray.set(ciphertext, offset);\n\n // Convert to base64 using our cross-runtime utility\n return uint8ArrayToBase64(resultArray);\n }\n\n async decrypt(\n encryptedData: string,\n associatedData?: string,\n ): Promise<string> {\n const decoded = this.decode(encryptedData);\n const dataKey = await this.decryptDataKey({ keys: decoded.keys });\n\n // Convert base64 key to Uint8Array using our cross-runtime utility\n const key = base64ToUint8Array(dataKey.key);\n\n const encoder = new TextEncoder();\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n const decrypted = await this.cryptoProvider.decrypt(\n decoded.ciphertext,\n key,\n decoded.iv,\n decoded.tag,\n aadBuffer,\n );\n\n return new TextDecoder().decode(decrypted);\n }\n}\n"],"mappings":";;;;;;AA+CA,IAAa,QAAb,MAAmB;CACjB,AAAQ;CAER,YAAY,AAAiBA,QAAgB;EAAhB;AAC3B,OAAK,iBAAiB,OAAO,mBAAmB;;CAGlD,AAAQ,OAAO,SAA0B;EACvC,MAAM,YAAYC,+CAAmB,QAAQ;EAE7C,MAAM,KAAK,IAAI,WAAW,UAAU,SAAS,GAAG,GAAG,CAAC;EACpD,MAAM,MAAM,IAAI,WAAW,UAAU,SAAS,IAAI,GAAG,CAAC;EACtD,MAAM,EAAE,OAAO,QAAQ,cAAcC,yCAAa,WAAW,GAAG;AAQhE,SAAO;GACL;GACA;GACA,MAPWC,+CADM,UAAU,SAAS,WAAW,YAAY,OAAO,CACzB;GAQzC,YANiB,IAAI,WAAW,UAAU,SAAS,YAAY,OAAO,CAAC;GAOxE;;CAGH,MAAM,aAAa,SAAuD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gBACAC,8EAA4B,QAAQ,CACrC;AACD,SAAOC,4EAA0B,KAAK;;CAGxC,MAAM,YACJ,SAC6B;EAC7B,MAAM,MAAM,IAAI,IAAI,gBAAgB,KAAK,OAAO,QAAQ;AACxD,MAAI,SAAS,MACX,KAAI,aAAa,IAAI,SAAS,QAAQ,MAAM;AAE9C,MAAI,SAAS,MACX,KAAI,aAAa,IAAI,SAAS,QAAQ,MAAM,UAAU,CAAC;EAGzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,IAAI,UAAU,CACf;AACD,SAAOC,yEAAuB,KAAK;;CAGrC,MAAM,mBACJ,SAC0B;EAC1B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,CAAC,WAChD;AACD,SAAOC,+EAA6B,KAAK;;CAG3C,MAAM,WAAW,SAAkD;EACjE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,GAC/C;AACD,SAAOC,oEAAkB,KAAK;;CAGhC,MAAM,iBAAiB,MAAoC;EACzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,qBAAqB,mBAAmB,KAAK,GAC9C;AACD,SAAOA,oEAAkB,KAAK;;CAGhC,MAAM,eAAe,SAAkD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,CAAC,WAChD;AACD,SAAOA,oEAAkB,KAAK;;CAGhC,MAAM,aAAa,SAAoD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,IAC9CC,8EAA4B,QAAQ,CACrC;AACD,SAAOD,oEAAkB,KAAK;;CAGhC,MAAM,aAAa,SAA6C;AAC9D,SAAO,KAAK,OAAO,OAAO,gBAAgB,mBAAmB,QAAQ,GAAG,GAAG;;CAG7E,MAAM,cAAc,SAAqD;EACvE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,2BACA,QACD;AACD,SAAOE,gFAAiC,KAAK;;CAG/C,MAAM,eAAe,SAAkD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BACA,QACD;AACD,SAAOC,iFAAkC,KAAK;;CAGhD,MAAM,QACJ,MACA,SACA,gBACiB;EACjB,MAAM,UAAU,MAAM,KAAK,cAAc,EACvC,SACD,CAAC;EAGF,MAAM,UAAU,IAAI,aAAa;EAGjC,MAAM,MAAMV,+CAAmB,QAAQ,QAAQ,IAAI;EACnD,MAAM,UAAUA,+CAAmB,QAAQ,cAAc;EAEzD,MAAM,kBAAkBW,yCAAa,QAAQ,OAAO;EACpD,MAAM,YAAY,iBACd,QAAQ,OAAO,eAAe,GAC9B;EAGJ,MAAM,KAAK,KAAK,eAAe,YAAY,GAAG;EAE9C,MAAM,EACJ,YACA,IAAI,UACJ,QACE,MAAM,KAAK,eAAe,QAC5B,QAAQ,OAAO,KAAK,EACpB,KACA,IACA,UACD;EAGD,MAAM,cAAc,IAAI,WACtB,SAAS,SACP,IAAI,SACJ,gBAAgB,SAChB,QAAQ,SACR,WAAW,OACd;EAED,IAAI,SAAS;AACb,cAAY,IAAI,UAAU,OAAO;AACjC,YAAU,SAAS;AAEnB,cAAY,IAAI,KAAK,OAAO;AAC5B,YAAU,IAAI;AAEd,cAAY,IAAI,IAAI,WAAW,gBAAgB,EAAE,OAAO;AACxD,YAAU,gBAAgB;AAE1B,cAAY,IAAI,SAAS,OAAO;AAChC,YAAU,QAAQ;AAElB,cAAY,IAAI,YAAY,OAAO;AAGnC,SAAOT,+CAAmB,YAAY;;CAGxC,MAAM,QACJ,eACA,gBACiB;EACjB,MAAM,UAAU,KAAK,OAAO,cAAc;EAI1C,MAAM,MAAMF,gDAHI,MAAM,KAAK,eAAe,EAAE,MAAM,QAAQ,MAAM,CAAC,EAG1B,IAAI;EAE3C,MAAM,UAAU,IAAI,aAAa;EACjC,MAAM,YAAY,iBACd,QAAQ,OAAO,eAAe,GAC9B;EAEJ,MAAM,YAAY,MAAM,KAAK,eAAe,QAC1C,QAAQ,YACR,KACA,QAAQ,IACR,QAAQ,KACR,UACD;AAED,SAAO,IAAI,aAAa,CAAC,OAAO,UAAU"}

package/lib/webhooks/webhooks.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"webhooks.cjs","names":["SignatureProvider","deserializeEvent"],"sources":["../../src/webhooks/webhooks.ts"],"sourcesContent":["import { deserializeEvent } from '../common/serializers';\nimport { Event, EventResponse } from '../common/interfaces';\nimport { SignatureProvider } from '../common/crypto/signature-provider';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\n\nexport class Webhooks {\n private signatureProvider: SignatureProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.signatureProvider = new SignatureProvider(cryptoProvider);\n }\n\n get verifyHeader() {\n return this.signatureProvider.verifyHeader.bind(this.signatureProvider);\n }\n\n get computeSignature() {\n return this.signatureProvider.computeSignature.bind(this.signatureProvider);\n }\n\n get getTimestampAndSignatureHash() {\n return this.signatureProvider.getTimestampAndSignatureHash.bind(\n this.signatureProvider,\n );\n }\n\n async constructEvent({\n payload,\n sigHeader,\n secret,\n tolerance = 180000,\n }: {\n payload: Record<string, unknown>;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<Event> {\n const options = { payload, sigHeader, secret, tolerance };\n await this.verifyHeader(options);\n\n const webhookPayload = payload as unknown as EventResponse;\n\n return deserializeEvent(webhookPayload);\n }\n}\n"],"mappings":";;;;AAKA,IAAa,WAAb,MAAsB;CACpB,AAAQ;CAER,YAAY,gBAAgC;AAC1C,OAAK,oBAAoB,IAAIA,2DAAkB,eAAe;;CAGhE,IAAI,eAAe;AACjB,SAAO,KAAK,kBAAkB,aAAa,KAAK,KAAK,kBAAkB;;CAGzE,IAAI,mBAAmB;AACrB,SAAO,KAAK,kBAAkB,iBAAiB,KAAK,KAAK,kBAAkB;;CAG7E,IAAI,+BAA+B;AACjC,SAAO,KAAK,kBAAkB,6BAA6B,KACzD,KAAK,kBACN;;CAGH,MAAM,eAAe,EACnB,SACA,WACA,QACA,YAAY,QAMK;EACjB,MAAM,UAAU;GAAE;GAAS;GAAW;GAAQ;GAAW;AACzD,QAAM,KAAK,aAAa,QAAQ;AAIhC,SAAOC,6DAFgB,QAEgB"}

package/lib/widgets/interfaces/get-token.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"get-token.cjs","names":[],"sources":["../../../src/widgets/interfaces/get-token.ts"],"sourcesContent":["export type WidgetScope =\n | 'widgets:users-table:manage'\n | 'widgets:sso:manage'\n | 'widgets:domain-verification:manage'\n | 'widgets:api-keys:manage';\nexport interface GetTokenOptions {\n organizationId: string;\n userId?: string;\n scopes?: WidgetScope[];\n}\n\nexport interface SerializedGetTokenOptions {\n organization_id: string;\n user_id?: string;\n scopes?: WidgetScope[];\n}\n\nexport const serializeGetTokenOptions = (\n options: GetTokenOptions,\n): SerializedGetTokenOptions => ({\n organization_id: options.organizationId,\n user_id: options.userId,\n scopes: options.scopes,\n});\n\nexport interface GetTokenResponse {\n token: string;\n}\n\nexport interface GetTokenResponseResponse {\n token: string;\n}\n\nexport const deserializeGetTokenResponse = (\n data: GetTokenResponseResponse,\n): GetTokenResponse => ({\n token: data.token,\n});\n"],"mappings":";;AAiBA,MAAa,4BACX,aAC+B;CAC/B,iBAAiB,QAAQ;CACzB,SAAS,QAAQ;CACjB,QAAQ,QAAQ;CACjB;AAUD,MAAa,+BACX,UACsB,EACtB,OAAO,KAAK,OACb"}

package/lib/widgets/widgets.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"widgets.cjs","names":["workos: WorkOS","serializeGetTokenOptions","deserializeGetTokenResponse"],"sources":["../../src/widgets/widgets.ts"],"sourcesContent":["import { WorkOS } from '../workos';\nimport {\n deserializeGetTokenResponse,\n GetTokenOptions,\n GetTokenResponseResponse,\n SerializedGetTokenOptions,\n serializeGetTokenOptions,\n} from './interfaces/get-token';\n\nexport class Widgets {\n constructor(private readonly workos: WorkOS) {}\n\n async getToken(payload: GetTokenOptions): Promise<string> {\n const { data } = await this.workos.post<\n GetTokenResponseResponse,\n SerializedGetTokenOptions\n >('/widgets/token', serializeGetTokenOptions(payload));\n\n return deserializeGetTokenResponse(data).token;\n }\n}\n"],"mappings":";;;AASA,IAAa,UAAb,MAAqB;CACnB,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,SAAS,SAA2C;EACxD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,kBAAkBC,8DAAyB,QAAQ,CAAC;AAEtD,SAAOC,iEAA4B,KAAK,CAAC"}

package/lib/workos.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"workos.cjs","names":["ApiKeys","AuditLogs","DirectorySync","Events","FeatureFlags","FGA","Mfa","Organizations","OrganizationDomains","Passwordless","Pipes","Portal","SSO","Vault","Widgets","getEnv","protocol: string","apiHostname: string","port: number | undefined","PKCE","UserManagement","userAgent: string","getRuntimeInfo","Webhooks","Actions","SubtleCryptoProvider","headers: Record<string, string>","FetchHttpClient","ApiKeyRequiredException","requestHeaders: Record<string, string>","res: HttpClientResponseInterface","ParseError","HttpClientError","UnauthorizedException","ConflictException","UnprocessableEntityException","NotFoundException","RateLimitExceededException","error","OauthException","BadRequestException","GenericServerException"],"sources":["../src/workos.ts"],"sourcesContent":["import {\n ApiKeyRequiredException,\n GenericServerException,\n NotFoundException,\n UnauthorizedException,\n UnprocessableEntityException,\n OauthException,\n RateLimitExceededException,\n} from './common/exceptions';\nimport { PKCE } from './pkce/pkce';\nimport {\n GetOptions,\n HttpClientResponseInterface,\n PostOptions,\n PutOptions,\n WorkOSOptions,\n WorkOSResponseError,\n} from './common/interfaces';\nimport { ApiKeys } from './api-keys/api-keys';\nimport { DirectorySync } from './directory-sync/directory-sync';\nimport { Events } from './events/events';\nimport { Organizations } from './organizations/organizations';\nimport { OrganizationDomains } from './organization-domains/organization-domains';\nimport { Passwordless } from './passwordless/passwordless';\nimport { Pipes } from './pipes/pipes';\nimport { Portal } from './portal/portal';\nimport { SSO } from './sso/sso';\nimport { Webhooks } from './webhooks/webhooks';\nimport { Mfa } from './mfa/mfa';\nimport { AuditLogs } from './audit-logs/audit-logs';\nimport { UserManagement } from './user-management/user-management';\nimport { FGA } from './fga/fga';\nimport { BadRequestException } from './common/exceptions/bad-request.exception';\nimport { FeatureFlags } from './feature-flags/feature-flags';\n\nimport { HttpClient, HttpClientError } from './common/net/http-client';\nimport { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';\nimport { FetchHttpClient } from './common/net/fetch-client';\nimport { Widgets } from './widgets/widgets';\nimport { Actions } from './actions/actions';\nimport { Vault } from './vault/vault';\nimport { ConflictException } from './common/exceptions/conflict.exception';\nimport { CryptoProvider } from './common/crypto/crypto-provider';\nimport { ParseError } from './common/exceptions/parse-error';\nimport { getEnv } from './common/utils/env';\nimport { getRuntimeInfo } from './common/utils/runtime-info';\n\nconst VERSION = '8.0.0-rc.8';\n\nconst DEFAULT_HOSTNAME = 'api.workos.com';\n\nconst HEADER_AUTHORIZATION = 'Authorization';\nconst HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';\nconst HEADER_WARRANT_TOKEN = 'Warrant-Token';\n\nexport class WorkOS {\n readonly baseURL: string;\n readonly client: HttpClient;\n readonly clientId?: string;\n readonly key?: string;\n readonly options: WorkOSOptions;\n readonly pkce: PKCE;\n\n private readonly hasApiKey: boolean;\n\n readonly actions: Actions;\n readonly apiKeys = new ApiKeys(this);\n readonly auditLogs = new AuditLogs(this);\n readonly directorySync = new DirectorySync(this);\n readonly events = new Events(this);\n readonly featureFlags = new FeatureFlags(this);\n readonly fga = new FGA(this);\n readonly mfa = new Mfa(this);\n readonly organizations = new Organizations(this);\n readonly organizationDomains = new OrganizationDomains(this);\n readonly passwordless = new Passwordless(this);\n readonly pipes = new Pipes(this);\n readonly portal = new Portal(this);\n readonly sso = new SSO(this);\n readonly userManagement: UserManagement;\n readonly vault = new Vault(this);\n readonly webhooks: Webhooks;\n readonly widgets = new Widgets(this);\n\n /**\n * Create a new WorkOS client.\n *\n * @param keyOrOptions - API key string, or options object\n * @param maybeOptions - Options when first argument is API key\n *\n * @example\n * // Server-side with API key (string)\n * const workos = new WorkOS('sk_...');\n *\n * @example\n * // Server-side with API key (object)\n * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });\n *\n * @example\n * // PKCE/public client (no API key)\n * const workos = new WorkOS({ clientId: 'client_...' });\n */\n constructor(\n keyOrOptions?: string | WorkOSOptions,\n maybeOptions?: WorkOSOptions,\n ) {\n if (typeof keyOrOptions === 'object') {\n this.key = keyOrOptions.apiKey;\n this.options = keyOrOptions;\n } else {\n this.key = keyOrOptions;\n this.options = maybeOptions ?? {};\n }\n\n if (!this.key) {\n this.key = getEnv('WORKOS_API_KEY');\n }\n\n this.hasApiKey = !!this.key;\n\n if (this.options.https === undefined) {\n this.options.https = true;\n }\n\n this.clientId = this.options.clientId;\n if (!this.clientId) {\n this.clientId = getEnv('WORKOS_CLIENT_ID');\n }\n\n if (!this.hasApiKey && !this.clientId) {\n throw new Error(\n 'WorkOS requires either an API key or a clientId. ' +\n 'For server-side: new WorkOS(\"sk_...\") or new WorkOS({ apiKey: \"sk_...\" }). ' +\n 'For PKCE/public clients: new WorkOS({ clientId: \"client_...\" })',\n );\n }\n\n const protocol: string = this.options.https ? 'https' : 'http';\n const apiHostname: string = this.options.apiHostname || DEFAULT_HOSTNAME;\n const port: number | undefined = this.options.port;\n this.baseURL = `${protocol}://${apiHostname}`;\n\n if (port) {\n this.baseURL = this.baseURL + `:${port}`;\n }\n\n this.pkce = new PKCE();\n\n this.webhooks = this.createWebhookClient();\n this.actions = this.createActionsClient();\n\n // Must initialize UserManagement after baseURL is configured\n this.userManagement = new UserManagement(this);\n\n const userAgent = this.createUserAgent(this.options);\n\n this.client = this.createHttpClient(this.options, userAgent);\n }\n\n private createUserAgent(options: WorkOSOptions): string {\n let userAgent: string = `workos-node/${VERSION}`;\n\n const { name: runtimeName, version: runtimeVersion } = getRuntimeInfo();\n userAgent += ` (${runtimeName}${runtimeVersion ? `/${runtimeVersion}` : ''})`;\n\n if (options.appInfo) {\n const { name, version } = options.appInfo;\n userAgent += ` ${name}: ${version}`;\n }\n\n return userAgent;\n }\n\n createWebhookClient() {\n return new Webhooks(this.getCryptoProvider());\n }\n\n createActionsClient() {\n return new Actions(this.getCryptoProvider());\n }\n\n getCryptoProvider(): CryptoProvider {\n return new SubtleCryptoProvider();\n }\n\n createHttpClient(options: WorkOSOptions, userAgent: string) {\n const headers: Record<string, string> = {\n 'User-Agent': userAgent,\n };\n\n const configHeaders = options.config?.headers;\n if (\n configHeaders &&\n typeof configHeaders === 'object' &&\n !Array.isArray(configHeaders) &&\n !(configHeaders instanceof Headers)\n ) {\n Object.assign(headers, configHeaders);\n }\n\n if (this.key) {\n headers['Authorization'] = `Bearer ${this.key}`;\n }\n\n return new FetchHttpClient(this.baseURL, {\n ...options.config,\n timeout: options.timeout,\n headers,\n }) as HttpClient;\n }\n\n get version() {\n return VERSION;\n }\n\n /**\n * Require API key for methods that need it.\n * @param methodName - Name of the method requiring API key (for error message)\n * @throws ApiKeyRequiredException if no API key was provided\n */\n requireApiKey(methodName: string): void {\n if (!this.hasApiKey) {\n throw new ApiKeyRequiredException(methodName);\n }\n }\n\n async post<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PostOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.post<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async get<Result = any>(\n path: string,\n options: GetOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.accessToken) {\n requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n try {\n res = await this.client.get(path, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async put<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PutOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.put<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async delete(path: string, query?: any): Promise<void> {\n this.requireApiKey(path);\n\n try {\n await this.client.delete(path, {\n params: query,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n emitWarning(warning: string) {\n // tslint:disable-next-line:no-console\n console.warn(`WorkOS: ${warning}`);\n }\n\n private async handleParseError(\n error: unknown,\n res: HttpClientResponseInterface,\n ) {\n if (error instanceof SyntaxError) {\n const rawResponse = res.getRawResponse() as Response;\n const requestID = rawResponse.headers.get('X-Request-ID') ?? '';\n const rawStatus = rawResponse.status;\n const rawBody = await rawResponse.text();\n throw new ParseError({\n message: error.message,\n rawBody,\n rawStatus,\n requestID,\n });\n }\n }\n\n private handleHttpError({ path, error }: { path: string; error: unknown }) {\n if (!(error instanceof HttpClientError)) {\n throw new Error(`Unexpected error: ${error}`, { cause: error });\n }\n\n const { response } = error as HttpClientError<WorkOSResponseError>;\n\n if (response) {\n const { status, data, headers } = response;\n\n const requestID = headers['X-Request-ID'] ?? '';\n const {\n code,\n error_description: errorDescription,\n error,\n errors,\n message,\n } = data;\n\n switch (status) {\n case 401: {\n throw new UnauthorizedException(requestID);\n }\n case 409: {\n throw new ConflictException({ requestID, message, error });\n }\n case 422: {\n throw new UnprocessableEntityException({\n code,\n errors,\n message,\n requestID,\n });\n }\n case 404: {\n throw new NotFoundException({\n code,\n message,\n path,\n requestID,\n });\n }\n case 429: {\n const retryAfter = headers.get('Retry-After');\n\n throw new RateLimitExceededException(\n data.message,\n requestID,\n retryAfter ? Number(retryAfter) : null,\n );\n }\n default: {\n if (error || errorDescription) {\n throw new OauthException(\n status,\n requestID,\n error,\n errorDescription,\n data,\n );\n } else if (code && errors) {\n // Note: ideally this should be mapped directly with a `400` status code.\n // However, this would break existing logic for the `OauthException` exception.\n throw new BadRequestException({\n code,\n errors,\n message,\n requestID,\n });\n } else {\n throw new GenericServerException(\n status,\n data.message,\n data,\n requestID,\n );\n }\n }\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CA,MAAM,UAAU;AAEhB,MAAM,mBAAmB;AAEzB,MAAM,uBAAuB;AAC7B,MAAM,yBAAyB;AAC/B,MAAM,uBAAuB;AAE7B,IAAa,SAAb,MAAoB;CAClB,AAAS;CACT,AAAS;CACT,AAAS;CACT,AAAS;CACT,AAAS;CACT,AAAS;CAET,AAAiB;CAEjB,AAAS;CACT,AAAS,UAAU,IAAIA,kCAAQ,KAAK;CACpC,AAAS,YAAY,IAAIC,wCAAU,KAAK;CACxC,AAAS,gBAAgB,IAAIC,oDAAc,KAAK;CAChD,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS,eAAe,IAAIC,iDAAa,KAAK;CAC9C,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS,gBAAgB,IAAIC,kDAAc,KAAK;CAChD,AAAS,sBAAsB,IAAIC,sEAAoB,KAAK;CAC5D,AAAS,eAAe,IAAIC,+CAAa,KAAK;CAC9C,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAChC,AAAS,SAAS,IAAIC,6BAAO,KAAK;CAClC,AAAS,MAAM,IAAIC,oBAAI,KAAK;CAC5B,AAAS;CACT,AAAS,QAAQ,IAAIC,0BAAM,KAAK;CAChC,AAAS;CACT,AAAS,UAAU,IAAIC,gCAAQ,KAAK;;;;;;;;;;;;;;;;;;;CAoBpC,YACE,cACA,cACA;AACA,MAAI,OAAO,iBAAiB,UAAU;AACpC,QAAK,MAAM,aAAa;AACxB,QAAK,UAAU;SACV;AACL,QAAK,MAAM;AACX,QAAK,UAAU,gBAAgB,EAAE;;AAGnC,MAAI,CAAC,KAAK,IACR,MAAK,MAAMC,gCAAO,iBAAiB;AAGrC,OAAK,YAAY,CAAC,CAAC,KAAK;AAExB,MAAI,KAAK,QAAQ,UAAU,OACzB,MAAK,QAAQ,QAAQ;AAGvB,OAAK,WAAW,KAAK,QAAQ;AAC7B,MAAI,CAAC,KAAK,SACR,MAAK,WAAWA,gCAAO,mBAAmB;AAG5C,MAAI,CAAC,KAAK,aAAa,CAAC,KAAK,SAC3B,OAAM,IAAI,MACR,oMAGD;EAGH,MAAMC,WAAmB,KAAK,QAAQ,QAAQ,UAAU;EACxD,MAAMC,cAAsB,KAAK,QAAQ,eAAe;EACxD,MAAMC,OAA2B,KAAK,QAAQ;AAC9C,OAAK,UAAU,GAAG,SAAS,KAAK;AAEhC,MAAI,KACF,MAAK,UAAU,KAAK,UAAU,IAAI;AAGpC,OAAK,OAAO,IAAIC,wBAAM;AAEtB,OAAK,WAAW,KAAK,qBAAqB;AAC1C,OAAK,UAAU,KAAK,qBAAqB;AAGzC,OAAK,iBAAiB,IAAIC,uDAAe,KAAK;EAE9C,MAAM,YAAY,KAAK,gBAAgB,KAAK,QAAQ;AAEpD,OAAK,SAAS,KAAK,iBAAiB,KAAK,SAAS,UAAU;;CAG9D,AAAQ,gBAAgB,SAAgC;EACtD,IAAIC,YAAoB,eAAe;EAEvC,MAAM,EAAE,MAAM,aAAa,SAAS,mBAAmBC,kDAAgB;AACvE,eAAa,KAAK,cAAc,iBAAiB,IAAI,mBAAmB,GAAG;AAE3E,MAAI,QAAQ,SAAS;GACnB,MAAM,EAAE,MAAM,YAAY,QAAQ;AAClC,gBAAa,IAAI,KAAK,IAAI;;AAG5B,SAAO;;CAGT,sBAAsB;AACpB,SAAO,IAAIC,mCAAS,KAAK,mBAAmB,CAAC;;CAG/C,sBAAsB;AACpB,SAAO,IAAIC,gCAAQ,KAAK,mBAAmB,CAAC;;CAG9C,oBAAoC;AAClC,SAAO,IAAIC,mEAAsB;;CAGnC,iBAAiB,SAAwB,WAAmB;EAC1D,MAAMC,UAAkC,EACtC,cAAc,WACf;EAED,MAAM,gBAAgB,QAAQ,QAAQ;AACtC,MACE,iBACA,OAAO,kBAAkB,YACzB,CAAC,MAAM,QAAQ,cAAc,IAC7B,EAAE,yBAAyB,SAE3B,QAAO,OAAO,SAAS,cAAc;AAGvC,MAAI,KAAK,IACP,SAAQ,mBAAmB,UAAU,KAAK;AAG5C,SAAO,IAAIC,gDAAgB,KAAK,SAAS;GACvC,GAAG,QAAQ;GACX,SAAS,QAAQ;GACjB;GACD,CAAC;;CAGJ,IAAI,UAAU;AACZ,SAAO;;;;;;;CAQT,cAAc,YAA0B;AACtC,MAAI,CAAC,KAAK,UACR,OAAM,IAAIC,6EAAwB,WAAW;;CAIjD,MAAM,KACJ,MACA,QACA,UAAuB,EAAE,EACE;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAMC,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;AAGnD,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,KAAa,MAAM,QAAQ;IACjD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AACrC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,UAAsB,EAAE,EACG;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,YACV,gBAAe,wBAAwB,UAAU,QAAQ;AAG3D,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAIC;AACJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAI,MAAM;IAChC,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,QACA,UAAsB,EAAE,EACG;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAMD,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAIC;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAY,MAAM,QAAQ;IAChD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,OAAO,MAAc,OAA4B;AACrD,OAAK,cAAc,KAAK;AAExB,MAAI;AACF,SAAM,KAAK,OAAO,OAAO,MAAM,EAC7B,QAAQ,OACT,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,YAAY,SAAiB;AAE3B,UAAQ,KAAK,WAAW,UAAU;;CAGpC,MAAc,iBACZ,OACA,KACA;AACA,MAAI,iBAAiB,aAAa;GAChC,MAAM,cAAc,IAAI,gBAAgB;GACxC,MAAM,YAAY,YAAY,QAAQ,IAAI,eAAe,IAAI;GAC7D,MAAM,YAAY,YAAY;GAC9B,MAAM,UAAU,MAAM,YAAY,MAAM;AACxC,SAAM,IAAIC,iDAAW;IACnB,SAAS,MAAM;IACf;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,gBAAgB,EAAE,MAAM,SAA2C;AACzE,MAAI,EAAE,iBAAiBC,gDACrB,OAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE,OAAO,OAAO,CAAC;EAGjE,MAAM,EAAE,aAAa;AAErB,MAAI,UAAU;GACZ,MAAM,EAAE,QAAQ,MAAM,YAAY;GAElC,MAAM,YAAY,QAAQ,mBAAmB;GAC7C,MAAM,EACJ,MACA,mBAAmB,kBACnB,gBACA,QACA,YACE;AAEJ,WAAQ,QAAR;IACE,KAAK,IACH,OAAM,IAAIC,uEAAsB,UAAU;IAE5C,KAAK,IACH,OAAM,IAAIC,+DAAkB;KAAE;KAAW;KAAS;KAAO,CAAC;IAE5D,KAAK,IACH,OAAM,IAAIC,sFAA6B;KACrC;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,IACH,OAAM,IAAIC,gEAAkB;KAC1B;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,KAAK;KACR,MAAM,aAAa,QAAQ,IAAI,cAAc;AAE7C,WAAM,IAAIC,mFACR,KAAK,SACL,WACA,aAAa,OAAO,WAAW,GAAG,KACnC;;IAEH,QACE,KAAIC,WAAS,iBACX,OAAM,IAAIC,yDACR,QACA,WACAD,SACA,kBACA,KACD;aACQ,QAAQ,OAGjB,OAAM,IAAIE,oEAAoB;KAC5B;KACA;KACA;KACA;KACD,CAAC;QAEF,OAAM,IAAIC,0EACR,QACA,KAAK,SACL,MACA,UACD"}