npm - @workos-inc/node - Versions diffs - 8.0.0-rc.9 → 8.1.0 - Mend

@workos-inc/node 8.0.0-rc.9 → 8.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1331) hide show

package/lib/user-management/user-management.cjs CHANGED Viewed

@@ -1,533 +1,5 @@
-const require_common_utils_pagination = require('../common/utils/pagination.cjs');
-const require_user_management_serializers_authenticate_with_code_options_serializer = require('./serializers/authenticate-with-code-options.serializer.cjs');
-const require_user_management_serializers_authenticate_with_code_and_verifier_options_serializer = require('./serializers/authenticate-with-code-and-verifier-options.serializer.cjs');
-const require_user_management_serializers_authenticate_with_magic_auth_options_serializer = require('./serializers/authenticate-with-magic-auth-options.serializer.cjs');
-const require_user_management_serializers_authenticate_with_password_options_serializer = require('./serializers/authenticate-with-password-options.serializer.cjs');
-const require_user_management_serializers_authenticate_with_refresh_token_options_serializer = require('./serializers/authenticate-with-refresh-token.options.serializer.cjs');
-const require_user_management_serializers_authenticate_with_refresh_token_public_client_options_serializer = require('./serializers/authenticate-with-refresh-token-public-client-options.serializer.cjs');
-const require_user_management_serializers_authenticate_with_totp_options_serializer = require('./serializers/authenticate-with-totp-options.serializer.cjs');
-const require_user_management_serializers_user_serializer = require('./serializers/user.serializer.cjs');
-const require_user_management_serializers_authentication_response_serializer = require('./serializers/authentication-response.serializer.cjs');
-const require_user_management_serializers_create_magic_auth_options_serializer = require('./serializers/create-magic-auth-options.serializer.cjs');
-const require_user_management_serializers_create_password_reset_options_serializer = require('./serializers/create-password-reset-options.serializer.cjs');
-const require_user_management_serializers_email_verification_serializer = require('./serializers/email-verification.serializer.cjs');
-const require_user_management_serializers_enroll_auth_factor_options_serializer = require('./serializers/enroll-auth-factor-options.serializer.cjs');
-const require_user_management_serializers_factor_serializer = require('./serializers/factor.serializer.cjs');
-const require_user_management_serializers_invitation_serializer = require('./serializers/invitation.serializer.cjs');
-const require_user_management_serializers_list_sessions_options_serializer = require('./serializers/list-sessions-options.serializer.cjs');
-const require_user_management_serializers_magic_auth_serializer = require('./serializers/magic-auth.serializer.cjs');
-const require_user_management_serializers_password_reset_serializer = require('./serializers/password-reset.serializer.cjs');
-const require_user_management_serializers_reset_password_options_serializer = require('./serializers/reset-password-options.serializer.cjs');
-const require_user_management_serializers_session_serializer = require('./serializers/session.serializer.cjs');
-const require_user_management_serializers_create_user_options_serializer = require('./serializers/create-user-options.serializer.cjs');
-const require_user_management_serializers_update_user_options_serializer = require('./serializers/update-user-options.serializer.cjs');
-const require_user_management_serializers_organization_membership_serializer = require('./serializers/organization-membership.serializer.cjs');
-const require_common_utils_fetch_and_deserialize = require('../common/utils/fetch-and-deserialize.cjs');
-const require_feature_flags_serializers_feature_flag_serializer = require('../feature-flags/serializers/feature-flag.serializer.cjs');
-const require_common_utils_query_string = require('../common/utils/query-string.cjs');
-const require_mfa_serializers_challenge_serializer = require('../mfa/serializers/challenge.serializer.cjs');
-const require_common_crypto_seal = require('../common/crypto/seal.cjs');
-const require_common_utils_env = require('../common/utils/env.cjs');
-const require_user_management_interfaces_authenticate_with_session_cookie_interface = require('./interfaces/authenticate-with-session-cookie.interface.cjs');
-const require_user_management_interfaces_revoke_session_options_interface = require('./interfaces/revoke-session-options.interface.cjs');
-const require_user_management_serializers_authenticate_with_email_verification_serializer = require('./serializers/authenticate-with-email-verification.serializer.cjs');
-const require_user_management_serializers_authenticate_with_organization_selection_options_serializer = require('./serializers/authenticate-with-organization-selection-options.serializer.cjs');
-const require_user_management_serializers_create_organization_membership_options_serializer = require('./serializers/create-organization-membership-options.serializer.cjs');
-const require_user_management_serializers_identity_serializer = require('./serializers/identity.serializer.cjs');
-const require_user_management_serializers_list_invitations_options_serializer = require('./serializers/list-invitations-options.serializer.cjs');
-const require_user_management_serializers_list_organization_memberships_options_serializer = require('./serializers/list-organization-memberships-options.serializer.cjs');
-const require_user_management_serializers_list_users_options_serializer = require('./serializers/list-users-options.serializer.cjs');
-const require_user_management_serializers_send_invitation_options_serializer = require('./serializers/send-invitation-options.serializer.cjs');
-const require_user_management_serializers_update_organization_membership_options_serializer = require('./serializers/update-organization-membership-options.serializer.cjs');
-const require_utils_jose = require('../utils/jose.cjs');
-const require_user_management_session = require('./session.cjs');
+require('../jose-D4-VExnk.cjs');
+require('../session-BspC-lF9.cjs');
+const require_user_management = require('../user-management-DCbkjgk8.cjs');
-//#region src/user-management/user-management.ts
-var UserManagement = class {
-	_jwks;
-	clientId;
-	constructor(workos) {
-		this.workos = workos;
-		const { clientId } = workos.options;
-		this.clientId = clientId;
-	}
-	/**
-	* Resolve clientId from method options or fall back to constructor-provided value.
-	* @throws TypeError if clientId is not available from either source
-	*/
-	resolveClientId(clientId) {
-		const resolved = clientId ?? this.clientId;
-		if (!resolved) throw new TypeError("clientId is required. Provide it in method options or when initializing WorkOS.");
-		return resolved;
-	}
-	async getJWKS() {
-		const { createRemoteJWKSet } = await require_utils_jose.getJose();
-		if (!this.clientId) return;
-		this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), { cooldownDuration: 1e3 * 60 * 5 });
-		return this._jwks;
-	}
-	/**
-	* Loads a sealed session using the provided session data and cookie password.
-	*
-	* @param options - The options for loading the sealed session.
-	* @param options.sessionData - The sealed session data.
-	* @param options.cookiePassword - The password used to encrypt the session data.
-	* @returns The session class.
-	*/
-	loadSealedSession(options) {
-		return new require_user_management_session.CookieSession(this, options.sessionData, options.cookiePassword);
-	}
-	async getUser(userId) {
-		const { data } = await this.workos.get(`/user_management/users/${userId}`);
-		return require_user_management_serializers_user_serializer.deserializeUser(data);
-	}
-	async getUserByExternalId(externalId) {
-		const { data } = await this.workos.get(`/user_management/users/external_id/${externalId}`);
-		return require_user_management_serializers_user_serializer.deserializeUser(data);
-	}
-	async listUsers(options) {
-		return new require_common_utils_pagination.AutoPaginatable(await require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, "/user_management/users", require_user_management_serializers_user_serializer.deserializeUser, options ? require_user_management_serializers_list_users_options_serializer.serializeListUsersOptions(options) : void 0), (params) => require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, "/user_management/users", require_user_management_serializers_user_serializer.deserializeUser, params), options ? require_user_management_serializers_list_users_options_serializer.serializeListUsersOptions(options) : void 0);
-	}
-	async createUser(payload) {
-		const { data } = await this.workos.post("/user_management/users", require_user_management_serializers_create_user_options_serializer.serializeCreateUserOptions(payload));
-		return require_user_management_serializers_user_serializer.deserializeUser(data);
-	}
-	async authenticateWithMagicAuth(payload) {
-		const { session, clientId, ...remainingPayload } = payload;
-		const resolvedClientId = this.resolveClientId(clientId);
-		const { data } = await this.workos.post("/user_management/authenticate", require_user_management_serializers_authenticate_with_magic_auth_options_serializer.serializeAuthenticateWithMagicAuthOptions({
-			...remainingPayload,
-			clientId: resolvedClientId,
-			clientSecret: this.workos.key
-		}));
-		return this.prepareAuthenticationResponse({
-			authenticationResponse: require_user_management_serializers_authentication_response_serializer.deserializeAuthenticationResponse(data),
-			session
-		});
-	}
-	async authenticateWithPassword(payload) {
-		const { session, clientId, ...remainingPayload } = payload;
-		const resolvedClientId = this.resolveClientId(clientId);
-		const { data } = await this.workos.post("/user_management/authenticate", require_user_management_serializers_authenticate_with_password_options_serializer.serializeAuthenticateWithPasswordOptions({
-			...remainingPayload,
-			clientId: resolvedClientId,
-			clientSecret: this.workos.key
-		}));
-		return this.prepareAuthenticationResponse({
-			authenticationResponse: require_user_management_serializers_authentication_response_serializer.deserializeAuthenticationResponse(data),
-			session
-		});
-	}
-	/**
-	* Exchange an authorization code for tokens.
-	*
-	* Auto-detects public vs confidential client mode:
-	* - If codeVerifier is provided: Uses PKCE flow (public client)
-	* - If no codeVerifier: Uses client_secret from API key (confidential client)
-	* - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)
-	*
-	* Using PKCE with confidential clients is recommended by OAuth 2.1 for defense
-	* in depth and provides additional CSRF protection on the authorization flow.
-	*
-	* @throws Error if neither codeVerifier nor API key is available
-	*/
-	async authenticateWithCode(payload) {
-		const { session, clientId, codeVerifier, ...remainingPayload } = payload;
-		const resolvedClientId = this.resolveClientId(clientId);
-		if (codeVerifier !== void 0 && codeVerifier.trim() === "") throw new TypeError("codeVerifier cannot be an empty string. Generate a valid PKCE pair using workos.pkce.generate().");
-		const hasApiKey = !!this.workos.key;
-		if (!!!codeVerifier && !hasApiKey) throw new TypeError("authenticateWithCode requires either a codeVerifier (for public clients) or an API key configured on the WorkOS instance (for confidential clients).");
-		const { data } = await this.workos.post("/user_management/authenticate", require_user_management_serializers_authenticate_with_code_options_serializer.serializeAuthenticateWithCodeOptions({
-			...remainingPayload,
-			clientId: resolvedClientId,
-			codeVerifier,
-			clientSecret: hasApiKey ? this.workos.key : void 0
-		}), { skipApiKeyCheck: !hasApiKey });
-		return this.prepareAuthenticationResponse({
-			authenticationResponse: require_user_management_serializers_authentication_response_serializer.deserializeAuthenticationResponse(data),
-			session
-		});
-	}
-	/**
-	* Exchange an authorization code for tokens using PKCE (public client flow).
-	* Use this instead of authenticateWithCode() when the client cannot securely
-	* store a client_secret (browser, mobile, CLI, desktop apps).
-	*
-	* @param payload.clientId - Your WorkOS client ID
-	* @param payload.code - The authorization code from the OAuth callback
-	* @param payload.codeVerifier - The PKCE code verifier used to generate the code challenge
-	*/
-	async authenticateWithCodeAndVerifier(payload) {
-		const { session, clientId, ...remainingPayload } = payload;
-		const resolvedClientId = this.resolveClientId(clientId);
-		const { data } = await this.workos.post("/user_management/authenticate", require_user_management_serializers_authenticate_with_code_and_verifier_options_serializer.serializeAuthenticateWithCodeAndVerifierOptions({
-			...remainingPayload,
-			clientId: resolvedClientId
-		}), { skipApiKeyCheck: true });
-		return this.prepareAuthenticationResponse({
-			authenticationResponse: require_user_management_serializers_authentication_response_serializer.deserializeAuthenticationResponse(data),
-			session
-		});
-	}
-	/**
-	* Refresh an access token using a refresh token.
-	* Automatically detects public client mode - if no API key is configured,
-	* omits client_secret from the request.
-	*/
-	async authenticateWithRefreshToken(payload) {
-		const { session, clientId, ...remainingPayload } = payload;
-		const resolvedClientId = this.resolveClientId(clientId);
-		const isPublicClient = !this.workos.key;
-		const body = isPublicClient ? require_user_management_serializers_authenticate_with_refresh_token_public_client_options_serializer.serializeAuthenticateWithRefreshTokenPublicClientOptions({
-			...remainingPayload,
-			clientId: resolvedClientId
-		}) : require_user_management_serializers_authenticate_with_refresh_token_options_serializer.serializeAuthenticateWithRefreshTokenOptions({
-			...remainingPayload,
-			clientId: resolvedClientId,
-			clientSecret: this.workos.key
-		});
-		const { data } = await this.workos.post("/user_management/authenticate", body, { skipApiKeyCheck: isPublicClient });
-		return this.prepareAuthenticationResponse({
-			authenticationResponse: require_user_management_serializers_authentication_response_serializer.deserializeAuthenticationResponse(data),
-			session
-		});
-	}
-	async authenticateWithTotp(payload) {
-		const { session, clientId, ...remainingPayload } = payload;
-		const resolvedClientId = this.resolveClientId(clientId);
-		const { data } = await this.workos.post("/user_management/authenticate", require_user_management_serializers_authenticate_with_totp_options_serializer.serializeAuthenticateWithTotpOptions({
-			...remainingPayload,
-			clientId: resolvedClientId,
-			clientSecret: this.workos.key
-		}));
-		return this.prepareAuthenticationResponse({
-			authenticationResponse: require_user_management_serializers_authentication_response_serializer.deserializeAuthenticationResponse(data),
-			session
-		});
-	}
-	async authenticateWithEmailVerification(payload) {
-		const { session, clientId, ...remainingPayload } = payload;
-		const resolvedClientId = this.resolveClientId(clientId);
-		const { data } = await this.workos.post("/user_management/authenticate", require_user_management_serializers_authenticate_with_email_verification_serializer.serializeAuthenticateWithEmailVerificationOptions({
-			...remainingPayload,
-			clientId: resolvedClientId,
-			clientSecret: this.workos.key
-		}));
-		return this.prepareAuthenticationResponse({
-			authenticationResponse: require_user_management_serializers_authentication_response_serializer.deserializeAuthenticationResponse(data),
-			session
-		});
-	}
-	async authenticateWithOrganizationSelection(payload) {
-		const { session, clientId, ...remainingPayload } = payload;
-		const resolvedClientId = this.resolveClientId(clientId);
-		const { data } = await this.workos.post("/user_management/authenticate", require_user_management_serializers_authenticate_with_organization_selection_options_serializer.serializeAuthenticateWithOrganizationSelectionOptions({
-			...remainingPayload,
-			clientId: resolvedClientId,
-			clientSecret: this.workos.key
-		}));
-		return this.prepareAuthenticationResponse({
-			authenticationResponse: require_user_management_serializers_authentication_response_serializer.deserializeAuthenticationResponse(data),
-			session
-		});
-	}
-	async authenticateWithSessionCookie({ sessionData, cookiePassword = require_common_utils_env.getEnv("WORKOS_COOKIE_PASSWORD") }) {
-		if (!cookiePassword) throw new Error("Cookie password is required");
-		if (!await this.getJWKS()) throw new Error("Must provide clientId to initialize JWKS");
-		const { decodeJwt } = await require_utils_jose.getJose();
-		if (!sessionData) return {
-			authenticated: false,
-			reason: require_user_management_interfaces_authenticate_with_session_cookie_interface.AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED
-		};
-		const session = await require_common_crypto_seal.unsealData(sessionData, { password: cookiePassword });
-		if (!session.accessToken) return {
-			authenticated: false,
-			reason: require_user_management_interfaces_authenticate_with_session_cookie_interface.AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE
-		};
-		if (!await this.isValidJwt(session.accessToken)) return {
-			authenticated: false,
-			reason: require_user_management_interfaces_authenticate_with_session_cookie_interface.AuthenticateWithSessionCookieFailureReason.INVALID_JWT
-		};
-		const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags } = decodeJwt(session.accessToken);
-		return {
-			authenticated: true,
-			sessionId,
-			organizationId,
-			role,
-			roles,
-			user: session.user,
-			permissions,
-			entitlements,
-			featureFlags,
-			accessToken: session.accessToken,
-			authenticationMethod: session.authenticationMethod
-		};
-	}
-	async isValidJwt(accessToken) {
-		const jwks = await this.getJWKS();
-		const { jwtVerify } = await require_utils_jose.getJose();
-		if (!jwks) throw new Error("Must provide clientId to initialize JWKS");
-		try {
-			await jwtVerify(accessToken, jwks);
-			return true;
-		} catch (e) {
-			if (e instanceof Error && "code" in e && typeof e.code === "string" && (e.code.startsWith("ERR_JWT_") || e.code.startsWith("ERR_JWS_"))) return false;
-			throw e;
-		}
-	}
-	async prepareAuthenticationResponse({ authenticationResponse, session }) {
-		if (session?.sealSession) {
-			if (!this.workos.key) throw new Error("Session sealing requires server-side usage with an API key. Public clients should store tokens directly (e.g., secure storage on mobile, keychain on desktop).");
-			return {
-				...authenticationResponse,
-				sealedSession: await this.sealSessionDataFromAuthenticationResponse({
-					authenticationResponse,
-					cookiePassword: session.cookiePassword
-				})
-			};
-		}
-		return authenticationResponse;
-	}
-	async sealSessionDataFromAuthenticationResponse({ authenticationResponse, cookiePassword }) {
-		if (!cookiePassword) throw new Error("Cookie password is required");
-		const { decodeJwt } = await require_utils_jose.getJose();
-		const { org_id: organizationIdFromAccessToken } = decodeJwt(authenticationResponse.accessToken);
-		return require_common_crypto_seal.sealData({
-			organizationId: organizationIdFromAccessToken,
-			user: authenticationResponse.user,
-			accessToken: authenticationResponse.accessToken,
-			refreshToken: authenticationResponse.refreshToken,
-			authenticationMethod: authenticationResponse.authenticationMethod,
-			impersonator: authenticationResponse.impersonator
-		}, { password: cookiePassword });
-	}
-	async getSessionFromCookie({ sessionData, cookiePassword = require_common_utils_env.getEnv("WORKOS_COOKIE_PASSWORD") }) {
-		if (!cookiePassword) throw new Error("Cookie password is required");
-		if (sessionData) return require_common_crypto_seal.unsealData(sessionData, { password: cookiePassword });
-	}
-	async getEmailVerification(emailVerificationId) {
-		const { data } = await this.workos.get(`/user_management/email_verification/${emailVerificationId}`);
-		return require_user_management_serializers_email_verification_serializer.deserializeEmailVerification(data);
-	}
-	async sendVerificationEmail({ userId }) {
-		const { data } = await this.workos.post(`/user_management/users/${userId}/email_verification/send`, {});
-		return { user: require_user_management_serializers_user_serializer.deserializeUser(data.user) };
-	}
-	async getMagicAuth(magicAuthId) {
-		const { data } = await this.workos.get(`/user_management/magic_auth/${magicAuthId}`);
-		return require_user_management_serializers_magic_auth_serializer.deserializeMagicAuth(data);
-	}
-	async createMagicAuth(options) {
-		const { data } = await this.workos.post("/user_management/magic_auth", require_user_management_serializers_create_magic_auth_options_serializer.serializeCreateMagicAuthOptions({ ...options }));
-		return require_user_management_serializers_magic_auth_serializer.deserializeMagicAuth(data);
-	}
-	async verifyEmail({ code, userId }) {
-		const { data } = await this.workos.post(`/user_management/users/${userId}/email_verification/confirm`, { code });
-		return { user: require_user_management_serializers_user_serializer.deserializeUser(data.user) };
-	}
-	async getPasswordReset(passwordResetId) {
-		const { data } = await this.workos.get(`/user_management/password_reset/${passwordResetId}`);
-		return require_user_management_serializers_password_reset_serializer.deserializePasswordReset(data);
-	}
-	async createPasswordReset(options) {
-		const { data } = await this.workos.post("/user_management/password_reset", require_user_management_serializers_create_password_reset_options_serializer.serializeCreatePasswordResetOptions({ ...options }));
-		return require_user_management_serializers_password_reset_serializer.deserializePasswordReset(data);
-	}
-	async resetPassword(payload) {
-		const { data } = await this.workos.post("/user_management/password_reset/confirm", require_user_management_serializers_reset_password_options_serializer.serializeResetPasswordOptions(payload));
-		return { user: require_user_management_serializers_user_serializer.deserializeUser(data.user) };
-	}
-	async updateUser(payload) {
-		const { data } = await this.workos.put(`/user_management/users/${payload.userId}`, require_user_management_serializers_update_user_options_serializer.serializeUpdateUserOptions(payload));
-		return require_user_management_serializers_user_serializer.deserializeUser(data);
-	}
-	async enrollAuthFactor(payload) {
-		const { data } = await this.workos.post(`/user_management/users/${payload.userId}/auth_factors`, require_user_management_serializers_enroll_auth_factor_options_serializer.serializeEnrollAuthFactorOptions(payload));
-		return {
-			authenticationFactor: require_user_management_serializers_factor_serializer.deserializeFactorWithSecrets(data.authentication_factor),
-			authenticationChallenge: require_mfa_serializers_challenge_serializer.deserializeChallenge(data.authentication_challenge)
-		};
-	}
-	async listAuthFactors(options) {
-		const { userId, ...restOfOptions } = options;
-		return new require_common_utils_pagination.AutoPaginatable(await require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/user_management/users/${userId}/auth_factors`, require_user_management_serializers_factor_serializer.deserializeFactor, restOfOptions), (params) => require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/user_management/users/${userId}/auth_factors`, require_user_management_serializers_factor_serializer.deserializeFactor, params), restOfOptions);
-	}
-	async listUserFeatureFlags(options) {
-		const { userId, ...paginationOptions } = options;
-		return new require_common_utils_pagination.AutoPaginatable(await require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/user_management/users/${userId}/feature-flags`, require_feature_flags_serializers_feature_flag_serializer.deserializeFeatureFlag, paginationOptions), (params) => require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/user_management/users/${userId}/feature-flags`, require_feature_flags_serializers_feature_flag_serializer.deserializeFeatureFlag, params), paginationOptions);
-	}
-	async listSessions(userId, options) {
-		return new require_common_utils_pagination.AutoPaginatable(await require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/user_management/users/${userId}/sessions`, require_user_management_serializers_session_serializer.deserializeSession, options ? require_user_management_serializers_list_sessions_options_serializer.serializeListSessionsOptions(options) : void 0), (params) => require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, `/user_management/users/${userId}/sessions`, require_user_management_serializers_session_serializer.deserializeSession, params), options ? require_user_management_serializers_list_sessions_options_serializer.serializeListSessionsOptions(options) : void 0);
-	}
-	async deleteUser(userId) {
-		await this.workos.delete(`/user_management/users/${userId}`);
-	}
-	async getUserIdentities(userId) {
-		if (!userId) throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);
-		const { data } = await this.workos.get(`/user_management/users/${userId}/identities`);
-		return require_user_management_serializers_identity_serializer.deserializeIdentities(data);
-	}
-	async getOrganizationMembership(organizationMembershipId) {
-		const { data } = await this.workos.get(`/user_management/organization_memberships/${organizationMembershipId}`);
-		return require_user_management_serializers_organization_membership_serializer.deserializeOrganizationMembership(data);
-	}
-	async listOrganizationMemberships(options) {
-		const serializedOptions = require_user_management_serializers_list_organization_memberships_options_serializer.serializeListOrganizationMembershipsOptions(options);
-		return new require_common_utils_pagination.AutoPaginatable(await require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, "/user_management/organization_memberships", require_user_management_serializers_organization_membership_serializer.deserializeOrganizationMembership, serializedOptions), (params) => require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, "/user_management/organization_memberships", require_user_management_serializers_organization_membership_serializer.deserializeOrganizationMembership, params), serializedOptions);
-	}
-	async createOrganizationMembership(options) {
-		const { data } = await this.workos.post("/user_management/organization_memberships", require_user_management_serializers_create_organization_membership_options_serializer.serializeCreateOrganizationMembershipOptions(options));
-		return require_user_management_serializers_organization_membership_serializer.deserializeOrganizationMembership(data);
-	}
-	async updateOrganizationMembership(organizationMembershipId, options) {
-		const { data } = await this.workos.put(`/user_management/organization_memberships/${organizationMembershipId}`, require_user_management_serializers_update_organization_membership_options_serializer.serializeUpdateOrganizationMembershipOptions(options));
-		return require_user_management_serializers_organization_membership_serializer.deserializeOrganizationMembership(data);
-	}
-	async deleteOrganizationMembership(organizationMembershipId) {
-		await this.workos.delete(`/user_management/organization_memberships/${organizationMembershipId}`);
-	}
-	async deactivateOrganizationMembership(organizationMembershipId) {
-		const { data } = await this.workos.put(`/user_management/organization_memberships/${organizationMembershipId}/deactivate`, {});
-		return require_user_management_serializers_organization_membership_serializer.deserializeOrganizationMembership(data);
-	}
-	async reactivateOrganizationMembership(organizationMembershipId) {
-		const { data } = await this.workos.put(`/user_management/organization_memberships/${organizationMembershipId}/reactivate`, {});
-		return require_user_management_serializers_organization_membership_serializer.deserializeOrganizationMembership(data);
-	}
-	async getInvitation(invitationId) {
-		const { data } = await this.workos.get(`/user_management/invitations/${invitationId}`);
-		return require_user_management_serializers_invitation_serializer.deserializeInvitation(data);
-	}
-	async findInvitationByToken(invitationToken) {
-		const { data } = await this.workos.get(`/user_management/invitations/by_token/${invitationToken}`);
-		return require_user_management_serializers_invitation_serializer.deserializeInvitation(data);
-	}
-	async listInvitations(options) {
-		return new require_common_utils_pagination.AutoPaginatable(await require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, "/user_management/invitations", require_user_management_serializers_invitation_serializer.deserializeInvitation, options ? require_user_management_serializers_list_invitations_options_serializer.serializeListInvitationsOptions(options) : void 0), (params) => require_common_utils_fetch_and_deserialize.fetchAndDeserialize(this.workos, "/user_management/invitations", require_user_management_serializers_invitation_serializer.deserializeInvitation, params), options ? require_user_management_serializers_list_invitations_options_serializer.serializeListInvitationsOptions(options) : void 0);
-	}
-	async sendInvitation(payload) {
-		const { data } = await this.workos.post("/user_management/invitations", require_user_management_serializers_send_invitation_options_serializer.serializeSendInvitationOptions({ ...payload }));
-		return require_user_management_serializers_invitation_serializer.deserializeInvitation(data);
-	}
-	async acceptInvitation(invitationId) {
-		const { data } = await this.workos.post(`/user_management/invitations/${invitationId}/accept`, null);
-		return require_user_management_serializers_invitation_serializer.deserializeInvitation(data);
-	}
-	async revokeInvitation(invitationId) {
-		const { data } = await this.workos.post(`/user_management/invitations/${invitationId}/revoke`, null);
-		return require_user_management_serializers_invitation_serializer.deserializeInvitation(data);
-	}
-	async resendInvitation(invitationId) {
-		const { data } = await this.workos.post(`/user_management/invitations/${invitationId}/resend`, null);
-		return require_user_management_serializers_invitation_serializer.deserializeInvitation(data);
-	}
-	async revokeSession(payload) {
-		await this.workos.post("/user_management/sessions/revoke", require_user_management_interfaces_revoke_session_options_interface.serializeRevokeSessionOptions(payload));
-	}
-	/**
-	* Generate an OAuth 2.0 authorization URL.
-	*
-	* For public clients (browser, mobile, CLI), include PKCE parameters:
-	* - Generate PKCE using workos.pkce.generate()
-	* - Pass codeChallenge and codeChallengeMethod here
-	* - Store codeVerifier and pass to authenticateWithCode() later
-	*
-	* Or use getAuthorizationUrlWithPKCE() which handles PKCE automatically.
-	*/
-	getAuthorizationUrl(options) {
-		const { connectionId, codeChallenge, codeChallengeMethod, clientId, domainHint, loginHint, organizationId, provider, providerQueryParams, providerScopes, prompt, redirectUri, state, screenHint } = options;
-		const resolvedClientId = this.resolveClientId(clientId);
-		if (!provider && !connectionId && !organizationId) throw new TypeError(`Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`);
-		if (provider !== "authkit" && screenHint) throw new TypeError(`'screenHint' is only supported for 'authkit' provider`);
-		const query = require_common_utils_query_string.toQueryString({
-			connection_id: connectionId,
-			code_challenge: codeChallenge,
-			code_challenge_method: codeChallengeMethod,
-			organization_id: organizationId,
-			domain_hint: domainHint,
-			login_hint: loginHint,
-			provider,
-			provider_query_params: providerQueryParams,
-			provider_scopes: providerScopes,
-			prompt,
-			client_id: resolvedClientId,
-			redirect_uri: redirectUri,
-			response_type: "code",
-			state,
-			screen_hint: screenHint
-		});
-		return `${this.workos.baseURL}/user_management/authorize?${query}`;
-	}
-	/**
-	* Generate an OAuth 2.0 authorization URL with automatic PKCE.
-	*
-	* This method generates PKCE parameters internally and returns them along with
-	* the authorization URL. Use this for public clients (CLI apps, Electron, mobile)
-	* that cannot securely store a client secret.
-	*
-	* @returns Object containing url, state, and codeVerifier
-	*
-	* @example
-	* ```typescript
-	* const { url, state, codeVerifier } = await workos.userManagement.getAuthorizationUrlWithPKCE({
-	*   provider: 'authkit',
-	*   clientId: 'client_123',
-	*   redirectUri: 'myapp://callback',
-	* });
-	*
-	* // Store state and codeVerifier securely, then redirect user to url
-	* // After callback, exchange the code:
-	* const response = await workos.userManagement.authenticateWithCode({
-	*   code: authorizationCode,
-	*   codeVerifier,
-	*   clientId: 'client_123',
-	* });
-	* ```
-	*/
-	async getAuthorizationUrlWithPKCE(options) {
-		const { clientId, connectionId, domainHint, loginHint, organizationId, provider, providerQueryParams, providerScopes, prompt, redirectUri, screenHint } = options;
-		const resolvedClientId = this.resolveClientId(clientId);
-		if (!provider && !connectionId && !organizationId) throw new TypeError(`Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`);
-		if (provider !== "authkit" && screenHint) throw new TypeError(`'screenHint' is only supported for 'authkit' provider`);
-		const pkce = await this.workos.pkce.generate();
-		const state = this.workos.pkce.generateCodeVerifier(43);
-		const query = require_common_utils_query_string.toQueryString({
-			connection_id: connectionId,
-			code_challenge: pkce.codeChallenge,
-			code_challenge_method: "S256",
-			organization_id: organizationId,
-			domain_hint: domainHint,
-			login_hint: loginHint,
-			provider,
-			provider_query_params: providerQueryParams,
-			provider_scopes: providerScopes,
-			prompt,
-			client_id: resolvedClientId,
-			redirect_uri: redirectUri,
-			response_type: "code",
-			state,
-			screen_hint: screenHint
-		});
-		return {
-			url: `${this.workos.baseURL}/user_management/authorize?${query}`,
-			state,
-			codeVerifier: pkce.codeVerifier
-		};
-	}
-	getLogoutUrl(options) {
-		const { sessionId, returnTo } = options;
-		if (!sessionId) throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);
-		const url = new URL("/user_management/sessions/logout", this.workos.baseURL);
-		url.searchParams.set("session_id", sessionId);
-		if (returnTo) url.searchParams.set("return_to", returnTo);
-		return url.toString();
-	}
-	getJwksUrl(clientId) {
-		if (!clientId) throw new TypeError("clientId must be a valid clientId");
-		return `${this.workos.baseURL}/sso/jwks/${clientId}`;
-	}
-};
-//#endregion
-exports.UserManagement = UserManagement;
-//# sourceMappingURL=user-management.cjs.map
+exports.UserManagement = require_user_management.UserManagement;