npm - @workos-inc/node - Versions diffs - 8.1.0 → 8.3.0 - Mend

@workos-inc/node 8.1.0 → 8.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1571) hide show

package/lib/session.interface-zszewQtk.d.cts ADDED Viewed

@@ -0,0 +1,38 @@
+import { t as Impersonator } from "./impersonator.interface-BLJ5uqT4.cjs";
+//#region src/user-management/interfaces/session.interface.d.ts
+type AuthMethod = 'external_auth' | 'impersonation' | 'magic_code' | 'migrated_session' | 'oauth' | 'passkey' | 'password' | 'sso' | 'unknown';
+type SessionStatus = 'active' | 'expired' | 'revoked';
+interface Session {
+  object: 'session';
+  id: string;
+  userId: string;
+  ipAddress: string | null;
+  userAgent: string | null;
+  organizationId?: string;
+  impersonator?: Impersonator;
+  authMethod: AuthMethod;
+  status: SessionStatus;
+  expiresAt: string;
+  endedAt: string | null;
+  createdAt: string;
+  updatedAt: string;
+}
+interface SessionResponse {
+  object: 'session';
+  id: string;
+  user_id: string;
+  ip_address: string | null;
+  user_agent: string | null;
+  organization_id?: string;
+  impersonator?: Impersonator;
+  auth_method: AuthMethod;
+  status: SessionStatus;
+  expires_at: string;
+  ended_at: string | null;
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+export { SessionStatus as i, Session as n, SessionResponse as r, AuthMethod as t };
+//# sourceMappingURL=session.interface-zszewQtk.d.cts.map

package/lib/session.serializer-DAUllV3H.d.cts ADDED Viewed

@@ -0,0 +1,7 @@
+import { n as Session, r as SessionResponse } from "./session.interface-zszewQtk.cjs";
+//#region src/user-management/serializers/session.serializer.d.ts
+declare const deserializeSession: (session: SessionResponse) => Session;
+//#endregion
+export { deserializeSession as t };
+//# sourceMappingURL=session.serializer-DAUllV3H.d.cts.map

package/lib/set-environment-role-permissions-options.interface-C04yO7oE.cjs ADDED Viewed

File without changes

package/lib/set-environment-role-permissions-options.interface-CJm4G5CM.d.cts ADDED Viewed

@@ -0,0 +1,7 @@
+//#region src/authorization/interfaces/set-environment-role-permissions-options.interface.d.ts
+interface SetEnvironmentRolePermissionsOptions {
+  permissions: string[];
+}
+//#endregion
+export { SetEnvironmentRolePermissionsOptions as t };
+//# sourceMappingURL=set-environment-role-permissions-options.interface-CJm4G5CM.d.cts.map

package/lib/set-organization-role-permissions-options.interface-Dsm86677.cjs ADDED Viewed

File without changes

package/lib/set-organization-role-permissions-options.interface-F54jbJ3q.d.cts ADDED Viewed

@@ -0,0 +1,7 @@
+//#region src/authorization/interfaces/set-organization-role-permissions-options.interface.d.ts
+interface SetOrganizationRolePermissionsOptions {
+  permissions: string[];
+}
+//#endregion
+export { SetOrganizationRolePermissionsOptions as t };
+//# sourceMappingURL=set-organization-role-permissions-options.interface-F54jbJ3q.d.cts.map

package/lib/signature-provider-CdkJsGc8.cjs ADDED Viewed

@@ -0,0 +1,38 @@
+const require_signature_verification_exception = require('./signature-verification.exception-Dc1gSCYD.cjs');
+//#region src/common/crypto/signature-provider.ts
+var SignatureProvider = class {
+	cryptoProvider;
+	constructor(cryptoProvider) {
+		this.cryptoProvider = cryptoProvider;
+	}
+	async verifyHeader({ payload, sigHeader, secret, tolerance = 18e4 }) {
+		const [timestamp, signatureHash] = this.getTimestampAndSignatureHash(sigHeader);
+		if (!signatureHash || Object.keys(signatureHash).length === 0) throw new require_signature_verification_exception.SignatureVerificationException("No signature hash found with expected scheme v1");
+		if (parseInt(timestamp, 10) < Date.now() - tolerance) throw new require_signature_verification_exception.SignatureVerificationException("Timestamp outside the tolerance zone");
+		const expectedSig = await this.computeSignature(timestamp, payload, secret);
+		if (await this.cryptoProvider.secureCompare(expectedSig, signatureHash) === false) throw new require_signature_verification_exception.SignatureVerificationException("Signature hash does not match the expected signature hash for payload");
+		return true;
+	}
+	getTimestampAndSignatureHash(sigHeader) {
+		const [t, v1] = sigHeader.split(",");
+		if (typeof t === "undefined" || typeof v1 === "undefined") throw new require_signature_verification_exception.SignatureVerificationException("Signature or timestamp missing");
+		const { 1: timestamp } = t.split("=");
+		const { 1: signatureHash } = v1.split("=");
+		return [timestamp, signatureHash];
+	}
+	async computeSignature(timestamp, payload, secret) {
+		payload = JSON.stringify(payload);
+		const signedPayload = `${timestamp}.${payload}`;
+		return await this.cryptoProvider.computeHMACSignatureAsync(signedPayload, secret);
+	}
+};
+//#endregion
+Object.defineProperty(exports, 'SignatureProvider', {
+  enumerable: true,
+  get: function () {
+    return SignatureProvider;
+  }
+});
+//# sourceMappingURL=signature-provider-CdkJsGc8.cjs.map

package/lib/signature-provider-CdkJsGc8.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"signature-provider-CdkJsGc8.cjs","names":["SignatureVerificationException"],"sources":["../src/common/crypto/signature-provider.ts"],"sourcesContent":["import { SignatureVerificationException } from '../exceptions';\nimport { CryptoProvider } from './crypto-provider';\n\nexport class SignatureProvider {\n private cryptoProvider: CryptoProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.cryptoProvider = cryptoProvider;\n }\n\n async verifyHeader({\n payload,\n sigHeader,\n secret,\n tolerance = 180000,\n }: {\n payload: any;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<boolean> {\n const [timestamp, signatureHash] =\n this.getTimestampAndSignatureHash(sigHeader);\n\n if (!signatureHash || Object.keys(signatureHash).length === 0) {\n throw new SignatureVerificationException(\n 'No signature hash found with expected scheme v1',\n );\n }\n\n if (parseInt(timestamp, 10) < Date.now() - tolerance) {\n throw new SignatureVerificationException(\n 'Timestamp outside the tolerance zone',\n );\n }\n\n const expectedSig = await this.computeSignature(timestamp, payload, secret);\n if (\n (await this.cryptoProvider.secureCompare(expectedSig, signatureHash)) ===\n false\n ) {\n throw new SignatureVerificationException(\n 'Signature hash does not match the expected signature hash for payload',\n );\n }\n return true;\n }\n\n getTimestampAndSignatureHash(sigHeader: string): [string, string] {\n const signature = sigHeader;\n const [t, v1] = signature.split(',');\n if (typeof t === 'undefined' || typeof v1 === 'undefined') {\n throw new SignatureVerificationException(\n 'Signature or timestamp missing',\n );\n }\n const { 1: timestamp } = t.split('=');\n const { 1: signatureHash } = v1.split('=');\n\n return [timestamp, signatureHash];\n }\n\n async computeSignature(\n timestamp: any,\n payload: any,\n secret: string,\n ): Promise<string> {\n payload = JSON.stringify(payload);\n const signedPayload = `${timestamp}.${payload}`;\n\n return await this.cryptoProvider.computeHMACSignatureAsync(\n signedPayload,\n secret,\n );\n }\n}\n"],"mappings":";;;AAGA,IAAa,oBAAb,MAA+B;CAC7B,AAAQ;CAER,YAAY,gBAAgC;AAC1C,OAAK,iBAAiB;;CAGxB,MAAM,aAAa,EACjB,SACA,WACA,QACA,YAAY,QAMO;EACnB,MAAM,CAAC,WAAW,iBAChB,KAAK,6BAA6B,UAAU;AAE9C,MAAI,CAAC,iBAAiB,OAAO,KAAK,cAAc,CAAC,WAAW,EAC1D,OAAM,IAAIA,wEACR,kDACD;AAGH,MAAI,SAAS,WAAW,GAAG,GAAG,KAAK,KAAK,GAAG,UACzC,OAAM,IAAIA,wEACR,uCACD;EAGH,MAAM,cAAc,MAAM,KAAK,iBAAiB,WAAW,SAAS,OAAO;AAC3E,MACG,MAAM,KAAK,eAAe,cAAc,aAAa,cAAc,KACpE,MAEA,OAAM,IAAIA,wEACR,wEACD;AAEH,SAAO;;CAGT,6BAA6B,WAAqC;EAEhE,MAAM,CAAC,GAAG,MADQ,UACQ,MAAM,IAAI;AACpC,MAAI,OAAO,MAAM,eAAe,OAAO,OAAO,YAC5C,OAAM,IAAIA,wEACR,iCACD;EAEH,MAAM,EAAE,GAAG,cAAc,EAAE,MAAM,IAAI;EACrC,MAAM,EAAE,GAAG,kBAAkB,GAAG,MAAM,IAAI;AAE1C,SAAO,CAAC,WAAW,cAAc;;CAGnC,MAAM,iBACJ,WACA,SACA,QACiB;AACjB,YAAU,KAAK,UAAU,QAAQ;EACjC,MAAM,gBAAgB,GAAG,UAAU,GAAG;AAEtC,SAAO,MAAM,KAAK,eAAe,0BAC/B,eACA,OACD"}

package/lib/signature-verification.exception-D2-xkCRS.d.cts ADDED Viewed

@@ -0,0 +1,8 @@
+//#region src/common/exceptions/signature-verification.exception.d.ts
+declare class SignatureVerificationException extends Error {
+  readonly name = "SignatureVerificationException";
+  constructor(message: string);
+}
+//#endregion
+export { SignatureVerificationException as t };
+//# sourceMappingURL=signature-verification.exception-D2-xkCRS.d.cts.map

package/lib/sms.interface-f_7eFA1B.d.cts ADDED Viewed

@@ -0,0 +1,10 @@
+//#region src/mfa/interfaces/sms.interface.d.ts
+interface Sms {
+  phoneNumber: string;
+}
+interface SmsResponse {
+  phone_number: string;
+}
+//#endregion
+export { SmsResponse as n, Sms as t };
+//# sourceMappingURL=sms.interface-f_7eFA1B.d.cts.map

package/lib/sms.serializer-DH2jsPuC.cjs ADDED Viewed

@@ -0,0 +1,12 @@
+//#region src/mfa/serializers/sms.serializer.ts
+const deserializeSms = (sms) => ({ phoneNumber: sms.phone_number });
+//#endregion
+Object.defineProperty(exports, 'deserializeSms', {
+  enumerable: true,
+  get: function () {
+    return deserializeSms;
+  }
+});
+//# sourceMappingURL=sms.serializer-DH2jsPuC.cjs.map

package/lib/sms.serializer-DH2jsPuC.cjs.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sms.serializer-DH2jsPuC.cjs","names":[],"sources":["../src/mfa/serializers/sms.serializer.ts"],"sourcesContent":["import { Sms, SmsResponse } from '../interfaces';\n\nexport const deserializeSms = (sms: SmsResponse): Sms => ({\n phoneNumber: sms.phone_number,\n});\n"],"mappings":";;AAEA,MAAa,kBAAkB,SAA2B,EACxD,aAAa,IAAI,cAClB"}

package/lib/sso/interfaces/authorization-url-options.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-Cs9dWC8D.cjs";
+import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-C5ABtdiE.cjs";
 export { SSOAuthorizationURLOptions, SSOPKCEAuthorizationURLResult };

package/lib/sso/interfaces/connection-type.enum.cjs CHANGED Viewed

@@ -1,3 +1,3 @@
-const require_connection_type_enum = require('../../connection-type.enum-DPs-QB7_.cjs');
+const require_connection_type_enum = require('../../connection-type.enum-CQncLVbr.cjs');
 exports.ConnectionType = require_connection_type_enum.ConnectionType;

package/lib/sso/interfaces/connection-type.enum.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as ConnectionType } from "../../connection-type.enum-Cu3iqCqL.cjs";
+import { t as ConnectionType } from "../../connection-type.enum-BCSkvlg6.cjs";
 export { ConnectionType };

package/lib/sso/interfaces/connection.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-DvRENQyW.cjs";
+import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-D1HP4q90.cjs";
 export { Connection, ConnectionDomain, ConnectionResponse };

package/lib/sso/interfaces/get-profile-and-token-options.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as GetProfileAndTokenOptions } from "../../get-profile-and-token-options.interface-Cc1l5_d-.cjs";
+import { t as GetProfileAndTokenOptions } from "../../get-profile-and-token-options.interface-B4HEexcv.cjs";
 export { GetProfileAndTokenOptions };

package/lib/sso/interfaces/get-profile-options.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as GetProfileOptions } from "../../get-profile-options.interface-DpfzZ2dN.cjs";
+import { t as GetProfileOptions } from "../../get-profile-options.interface-BTqozSx_.cjs";
 export { GetProfileOptions };

package/lib/sso/interfaces/index.cjs CHANGED Viewed

@@ -1,3 +1,3 @@
-const require_connection_type_enum = require('../../connection-type.enum-DPs-QB7_.cjs');
+const require_connection_type_enum = require('../../connection-type.enum-CQncLVbr.cjs');
 exports.ConnectionType = require_connection_type_enum.ConnectionType;

package/lib/sso/interfaces/index.d.cts CHANGED Viewed

@@ -1,9 +1,8 @@
-import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-Cs9dWC8D.cjs";
-import { t as ConnectionType } from "../../connection-type.enum-Cu3iqCqL.cjs";
-import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-DvRENQyW.cjs";
-import { t as GetProfileOptions } from "../../get-profile-options.interface-DpfzZ2dN.cjs";
-import { t as GetProfileAndTokenOptions } from "../../get-profile-and-token-options.interface-Cc1l5_d-.cjs";
-import { n as SerializedListConnectionsOptions, t as ListConnectionsOptions } from "../../list-connections-options.interface-C7cH8ONj.cjs";
-import { n as ProfileResponse, t as Profile } from "../../profile.interface-CiNXzRbL.cjs";
-import { n as ProfileAndTokenResponse, t as ProfileAndToken } from "../../profile-and-token.interface-D8SOsn-s.cjs";
+import { Fn as ProfileAndTokenResponse, In as Profile, Ln as ProfileResponse, Pn as ProfileAndToken } from "../../index-DHEILHGo.cjs";
+import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-C5ABtdiE.cjs";
+import { t as ConnectionType } from "../../connection-type.enum-BCSkvlg6.cjs";
+import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-D1HP4q90.cjs";
+import { t as GetProfileOptions } from "../../get-profile-options.interface-BTqozSx_.cjs";
+import { t as GetProfileAndTokenOptions } from "../../get-profile-and-token-options.interface-B4HEexcv.cjs";
+import { n as SerializedListConnectionsOptions, t as ListConnectionsOptions } from "../../list-connections-options.interface-zYzKu8PV.cjs";
 export { Connection, ConnectionDomain, ConnectionResponse, ConnectionType, GetProfileAndTokenOptions, GetProfileOptions, ListConnectionsOptions, Profile, ProfileAndToken, ProfileAndTokenResponse, ProfileResponse, SSOAuthorizationURLOptions, SSOPKCEAuthorizationURLResult, SerializedListConnectionsOptions };

package/lib/sso/interfaces/list-connections-options.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { n as SerializedListConnectionsOptions, t as ListConnectionsOptions } from "../../list-connections-options.interface-C7cH8ONj.cjs";
+import { n as SerializedListConnectionsOptions, t as ListConnectionsOptions } from "../../list-connections-options.interface-zYzKu8PV.cjs";
 export { ListConnectionsOptions, SerializedListConnectionsOptions };

package/lib/sso/interfaces/profile-and-token.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { n as ProfileAndTokenResponse, t as ProfileAndToken } from "../../profile-and-token.interface-D8SOsn-s.cjs";
+import { Fn as ProfileAndTokenResponse, Pn as ProfileAndToken } from "../../index-DHEILHGo.cjs";
 export { ProfileAndToken, ProfileAndTokenResponse };

package/lib/sso/interfaces/profile.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { n as ProfileResponse, t as Profile } from "../../profile.interface-CiNXzRbL.cjs";
+import { In as Profile, Ln as ProfileResponse } from "../../index-DHEILHGo.cjs";
 export { Profile, ProfileResponse };

package/lib/sso/serializers/connection.serializer.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as deserializeConnection } from "../../connection.serializer-B_sjMnG8.cjs";
+import { t as deserializeConnection } from "../../connection.serializer-B47qKsDN.cjs";
 export { deserializeConnection };

package/lib/sso/serializers/index.d.cts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { t as deserializeConnection } from "../../connection.serializer-B_sjMnG8.cjs";
-import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-olslE-Fg.cjs";
-import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-DgfsqiF_.cjs";
-import { t as deserializeProfile } from "../../profile.serializer-BOeHpcqS.cjs";
+import { t as deserializeConnection } from "../../connection.serializer-B47qKsDN.cjs";
+import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-BQ887b-b.cjs";
+import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-Bpr1CB7T.cjs";
+import { t as deserializeProfile } from "../../profile.serializer-QeTKhj3R.cjs";
 export { deserializeConnection, deserializeProfile, deserializeProfileAndToken, serializeListConnectionsOptions };

package/lib/sso/serializers/list-connections-options.serializer.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-olslE-Fg.cjs";
+import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-BQ887b-b.cjs";
 export { serializeListConnectionsOptions };

package/lib/sso/serializers/profile-and-token.serializer.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-DgfsqiF_.cjs";
+import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-Bpr1CB7T.cjs";
 export { deserializeProfileAndToken };

package/lib/sso/serializers/profile.serializer.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as deserializeProfile } from "../../profile.serializer-BOeHpcqS.cjs";
+import { t as deserializeProfile } from "../../profile.serializer-QeTKhj3R.cjs";
 export { deserializeProfile };

package/lib/sso/sso.cjs CHANGED Viewed

@@ -1,3 +1,3 @@
-const require_sso = require('../sso-BGdbsFSR.cjs');
+const require_sso = require('../sso-DgPiUuie.cjs');
 exports.SSO = require_sso.SSO;

package/lib/sso/sso.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { v as SSO } from "../api-keys-DMUGmsZs.cjs";
+import { y as SSO } from "../api-keys-CrR113By.cjs";
 export { SSO };

package/lib/sso-DgPiUuie.cjs ADDED Viewed

@@ -0,0 +1,135 @@
+const require_pagination = require('./pagination-BG1uBuL4.cjs');
+const require_connection_serializer = require('./connection.serializer-phS0D1t9.cjs');
+const require_list_connections_options_serializer = require('./list-connections-options.serializer-B9jyhBCh.cjs');
+const require_profile_serializer = require('./profile.serializer-BDlm0TRU.cjs');
+const require_profile_and_token_serializer = require('./profile-and-token.serializer-CUFdGpX3.cjs');
+const require_fetch_and_deserialize = require('./fetch-and-deserialize-B6lbfouV.cjs');
+const require_query_string = require('./query-string-B9WibUJl.cjs');
+//#region src/sso/sso.ts
+var SSO = class {
+	constructor(workos) {
+		this.workos = workos;
+	}
+	async listConnections(options) {
+		return new require_pagination.AutoPaginatable(await require_fetch_and_deserialize.fetchAndDeserialize(this.workos, "/connections", require_connection_serializer.deserializeConnection, options ? require_list_connections_options_serializer.serializeListConnectionsOptions(options) : void 0), (params) => require_fetch_and_deserialize.fetchAndDeserialize(this.workos, "/connections", require_connection_serializer.deserializeConnection, params), options ? require_list_connections_options_serializer.serializeListConnectionsOptions(options) : void 0);
+	}
+	async deleteConnection(id) {
+		await this.workos.delete(`/connections/${id}`);
+	}
+	getAuthorizationUrl(options) {
+		const { codeChallenge, codeChallengeMethod, connection, clientId, domainHint, loginHint, organization, provider, providerQueryParams, providerScopes, redirectUri, state } = options;
+		if (!provider && !connection && !organization) throw new TypeError(`Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`);
+		const query = require_query_string.toQueryString({
+			code_challenge: codeChallenge,
+			code_challenge_method: codeChallengeMethod,
+			connection,
+			organization,
+			domain_hint: domainHint,
+			login_hint: loginHint,
+			provider,
+			provider_query_params: providerQueryParams,
+			provider_scopes: providerScopes,
+			client_id: clientId,
+			redirect_uri: redirectUri,
+			response_type: "code",
+			state
+		});
+		return `${this.workos.baseURL}/sso/authorize?${query}`;
+	}
+	/**
+	* Generates an authorization URL with PKCE parameters automatically generated.
+	* Use this for public clients (CLI apps, Electron, mobile) that cannot
+	* securely store a client secret.
+	*
+	* @returns Object containing url, state, and codeVerifier
+	*
+	* @example
+	* ```typescript
+	* const { url, state, codeVerifier } = await workos.sso.getAuthorizationUrlWithPKCE({
+	*   connection: 'conn_123',
+	*   clientId: 'client_123',
+	*   redirectUri: 'myapp://callback',
+	* });
+	*
+	* // Store state and codeVerifier securely, then redirect user to url
+	* // After callback, exchange the code:
+	* const { profile, accessToken } = await workos.sso.getProfileAndToken({
+	*   code: authorizationCode,
+	*   codeVerifier,
+	*   clientId: 'client_123',
+	* });
+	* ```
+	*/
+	async getAuthorizationUrlWithPKCE(options) {
+		const { connection, clientId, domainHint, loginHint, organization, provider, providerQueryParams, providerScopes, redirectUri } = options;
+		if (!provider && !connection && !organization) throw new TypeError(`Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`);
+		const pkce = await this.workos.pkce.generate();
+		const state = this.workos.pkce.generateCodeVerifier(43);
+		const query = require_query_string.toQueryString({
+			code_challenge: pkce.codeChallenge,
+			code_challenge_method: "S256",
+			connection,
+			organization,
+			domain_hint: domainHint,
+			login_hint: loginHint,
+			provider,
+			provider_query_params: providerQueryParams,
+			provider_scopes: providerScopes,
+			client_id: clientId,
+			redirect_uri: redirectUri,
+			response_type: "code",
+			state
+		});
+		return {
+			url: `${this.workos.baseURL}/sso/authorize?${query}`,
+			state,
+			codeVerifier: pkce.codeVerifier
+		};
+	}
+	async getConnection(id) {
+		const { data } = await this.workos.get(`/connections/${id}`);
+		return require_connection_serializer.deserializeConnection(data);
+	}
+	/**
+	* Exchange an authorization code for a profile and access token.
+	*
+	* Auto-detects public vs confidential client mode:
+	* - If codeVerifier is provided: Uses PKCE flow (public client)
+	* - If no codeVerifier: Uses client_secret from API key (confidential client)
+	* - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)
+	*
+	* Using PKCE with confidential clients is recommended by OAuth 2.1 for defense
+	* in depth and provides additional CSRF protection on the authorization flow.
+	*
+	* @throws Error if neither codeVerifier nor API key is available
+	*/
+	async getProfileAndToken({ code, clientId, codeVerifier }) {
+		if (codeVerifier !== void 0 && codeVerifier.trim() === "") throw new TypeError("codeVerifier cannot be an empty string. Generate a valid PKCE pair using workos.pkce.generate().");
+		const hasApiKey = !!this.workos.key;
+		const hasPKCE = !!codeVerifier;
+		if (!hasPKCE && !hasApiKey) throw new TypeError("getProfileAndToken requires either a codeVerifier (for public clients) or an API key configured on the WorkOS instance (for confidential clients).");
+		const form = new URLSearchParams({
+			client_id: clientId,
+			grant_type: "authorization_code",
+			code
+		});
+		if (hasPKCE) form.set("code_verifier", codeVerifier);
+		if (hasApiKey) form.set("client_secret", this.workos.key);
+		const { data } = await this.workos.post("/sso/token", form, { skipApiKeyCheck: !hasApiKey });
+		return require_profile_and_token_serializer.deserializeProfileAndToken(data);
+	}
+	async getProfile({ accessToken }) {
+		const { data } = await this.workos.get("/sso/profile", { accessToken });
+		return require_profile_serializer.deserializeProfile(data);
+	}
+};
+//#endregion
+Object.defineProperty(exports, 'SSO', {
+  enumerable: true,
+  get: function () {
+    return SSO;
+  }
+});
+//# sourceMappingURL=sso-DgPiUuie.cjs.map

package/lib/sso-DgPiUuie.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sso-DgPiUuie.cjs","names":["workos: WorkOS","AutoPaginatable","fetchAndDeserialize","deserializeConnection","serializeListConnectionsOptions","toQueryString","deserializeProfileAndToken","deserializeProfile"],"sources":["../src/sso/sso.ts"],"sourcesContent":["import { UnknownRecord } from '../common/interfaces/unknown-record.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { toQueryString } from '../common/utils/query-string';\nimport { WorkOS } from '../workos';\nimport {\n Connection,\n ConnectionResponse,\n GetProfileAndTokenOptions,\n GetProfileOptions,\n ListConnectionsOptions,\n Profile,\n ProfileAndToken,\n ProfileAndTokenResponse,\n ProfileResponse,\n SSOAuthorizationURLOptions,\n SSOPKCEAuthorizationURLResult,\n SerializedListConnectionsOptions,\n} from './interfaces';\nimport {\n deserializeConnection,\n deserializeProfile,\n deserializeProfileAndToken,\n serializeListConnectionsOptions,\n} from './serializers';\n\nexport class SSO {\n constructor(private readonly workos: WorkOS) {}\n\n async listConnections(\n options?: ListConnectionsOptions,\n ): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n options ? serializeListConnectionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n params,\n ),\n options ? serializeListConnectionsOptions(options) : undefined,\n );\n }\n async deleteConnection(id: string) {\n await this.workos.delete(`/connections/${id}`);\n }\n\n getAuthorizationUrl(options: SSOAuthorizationURLOptions): string {\n const {\n codeChallenge,\n codeChallengeMethod,\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n state,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n const query = toQueryString({\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n return `${this.workos.baseURL}/sso/authorize?${query}`;\n }\n\n /**\n * Generates an authorization URL with PKCE parameters automatically generated.\n * Use this for public clients (CLI apps, Electron, mobile) that cannot\n * securely store a client secret.\n *\n * @returns Object containing url, state, and codeVerifier\n *\n * @example\n * ```typescript\n * const { url, state, codeVerifier } = await workos.sso.getAuthorizationUrlWithPKCE({\n * connection: 'conn_123',\n * clientId: 'client_123',\n * redirectUri: 'myapp://callback',\n * });\n *\n * // Store state and codeVerifier securely, then redirect user to url\n * // After callback, exchange the code:\n * const { profile, accessToken } = await workos.sso.getProfileAndToken({\n * code: authorizationCode,\n * codeVerifier,\n * clientId: 'client_123',\n * });\n * ```\n */\n async getAuthorizationUrlWithPKCE(\n options: Omit<\n SSOAuthorizationURLOptions,\n 'codeChallenge' | 'codeChallengeMethod' | 'state'\n >,\n ): Promise<SSOPKCEAuthorizationURLResult> {\n const {\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n // Generate PKCE parameters\n const pkce = await this.workos.pkce.generate();\n\n // Generate secure random state\n const state = this.workos.pkce.generateCodeVerifier(43);\n\n const query = toQueryString({\n code_challenge: pkce.codeChallenge,\n code_challenge_method: 'S256',\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n const url = `${this.workos.baseURL}/sso/authorize?${query}`;\n\n return { url, state, codeVerifier: pkce.codeVerifier };\n }\n\n async getConnection(id: string): Promise<Connection> {\n const { data } = await this.workos.get<ConnectionResponse>(\n `/connections/${id}`,\n );\n\n return deserializeConnection(data);\n }\n\n /**\n * Exchange an authorization code for a profile and access token.\n *\n * Auto-detects public vs confidential client mode:\n * - If codeVerifier is provided: Uses PKCE flow (public client)\n * - If no codeVerifier: Uses client_secret from API key (confidential client)\n * - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)\n *\n * Using PKCE with confidential clients is recommended by OAuth 2.1 for defense\n * in depth and provides additional CSRF protection on the authorization flow.\n *\n * @throws Error if neither codeVerifier nor API key is available\n */\n async getProfileAndToken<\n CustomAttributesType extends UnknownRecord = UnknownRecord,\n >({\n code,\n clientId,\n codeVerifier,\n }: GetProfileAndTokenOptions): Promise<\n ProfileAndToken<CustomAttributesType>\n > {\n // Validate codeVerifier is not an empty string (common mistake)\n if (codeVerifier !== undefined && codeVerifier.trim() === '') {\n throw new TypeError(\n 'codeVerifier cannot be an empty string. ' +\n 'Generate a valid PKCE pair using workos.pkce.generate().',\n );\n }\n\n const hasApiKey = !!this.workos.key;\n const hasPKCE = !!codeVerifier;\n\n if (!hasPKCE && !hasApiKey) {\n throw new TypeError(\n 'getProfileAndToken requires either a codeVerifier (for public clients) ' +\n 'or an API key configured on the WorkOS instance (for confidential clients).',\n );\n }\n\n const form = new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n code,\n });\n\n // Support PKCE with confidential clients (OAuth 2.1 best practice)\n // Both can be sent together for defense in depth\n if (hasPKCE) {\n form.set('code_verifier', codeVerifier);\n }\n if (hasApiKey) {\n form.set('client_secret', this.workos.key as string);\n }\n\n const { data } = await this.workos.post<\n ProfileAndTokenResponse<CustomAttributesType>\n >('/sso/token', form, { skipApiKeyCheck: !hasApiKey });\n\n return deserializeProfileAndToken(data);\n }\n\n async getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({\n accessToken,\n }: GetProfileOptions): Promise<Profile<CustomAttributesType>> {\n const { data } = await this.workos.get<\n ProfileResponse<CustomAttributesType>\n >('/sso/profile', {\n accessToken,\n });\n\n return deserializeProfile(data);\n }\n}\n"],"mappings":";;;;;;;;;AA0BA,IAAa,MAAb,MAAiB;CACf,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAIC,mCACT,MAAMC,kDACJ,KAAK,QACL,gBACAC,qDACA,UAAUC,4EAAgC,QAAQ,GAAG,OACtD,GACA,WACCF,kDACE,KAAK,QACL,gBACAC,qDACA,OACD,EACH,UAAUC,4EAAgC,QAAQ,GAAG,OACtD;;CAEH,MAAM,iBAAiB,IAAY;AACjC,QAAM,KAAK,OAAO,OAAO,gBAAgB,KAAK;;CAGhD,oBAAoB,SAA6C;EAC/D,MAAM,EACJ,eACA,qBACA,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,aACA,UACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAGH,MAAM,QAAQC,mCAAc;GAC1B,gBAAgB;GAChB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAEF,SAAO,GAAG,KAAK,OAAO,QAAQ,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BjD,MAAM,4BACJ,SAIwC;EACxC,MAAM,EACJ,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,gBACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAIH,MAAM,OAAO,MAAM,KAAK,OAAO,KAAK,UAAU;EAG9C,MAAM,QAAQ,KAAK,OAAO,KAAK,qBAAqB,GAAG;EAEvD,MAAM,QAAQA,mCAAc;GAC1B,gBAAgB,KAAK;GACrB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAIF,SAAO;GAAE,KAFG,GAAG,KAAK,OAAO,QAAQ,iBAAiB;GAEtC;GAAO,cAAc,KAAK;GAAc;;CAGxD,MAAM,cAAc,IAAiC;EACnD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,KACjB;AAED,SAAOF,oDAAsB,KAAK;;;;;;;;;;;;;;;CAgBpC,MAAM,mBAEJ,EACA,MACA,UACA,gBAGA;AAEA,MAAI,iBAAiB,UAAa,aAAa,MAAM,KAAK,GACxD,OAAM,IAAI,UACR,mGAED;EAGH,MAAM,YAAY,CAAC,CAAC,KAAK,OAAO;EAChC,MAAM,UAAU,CAAC,CAAC;AAElB,MAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,UACR,qJAED;EAGH,MAAM,OAAO,IAAI,gBAAgB;GAC/B,WAAW;GACX,YAAY;GACZ;GACD,CAAC;AAIF,MAAI,QACF,MAAK,IAAI,iBAAiB,aAAa;AAEzC,MAAI,UACF,MAAK,IAAI,iBAAiB,KAAK,OAAO,IAAc;EAGtD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAEjC,cAAc,MAAM,EAAE,iBAAiB,CAAC,WAAW,CAAC;AAEtD,SAAOG,gEAA2B,KAAK;;CAGzC,MAAM,WAAuE,EAC3E,eAC4D;EAC5D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAEjC,gBAAgB,EAChB,aACD,CAAC;AAEF,SAAOC,8CAAmB,KAAK"}

package/lib/subtle-crypto-provider-BMf63Lhz.cjs ADDED Viewed

@@ -0,0 +1,99 @@
+const require_crypto_provider = require('./crypto-provider-Bg3tRE2P.cjs');
+//#region src/common/crypto/subtle-crypto-provider.ts
+/**
+* `CryptoProvider which uses the SubtleCrypto interface of the Web Crypto API.
+*
+* This only supports asynchronous operations.
+*/
+var SubtleCryptoProvider = class extends require_crypto_provider.CryptoProvider {
+	subtleCrypto;
+	constructor(subtleCrypto) {
+		super();
+		this.subtleCrypto = subtleCrypto || crypto.subtle;
+	}
+	computeHMACSignature(_payload, _secret) {
+		throw new Error("SubleCryptoProvider cannot be used in a synchronous context.");
+	}
+	/** @override */
+	async computeHMACSignatureAsync(payload, secret) {
+		const encoder = new TextEncoder();
+		const key = await this.subtleCrypto.importKey("raw", encoder.encode(secret), {
+			name: "HMAC",
+			hash: { name: "SHA-256" }
+		}, false, ["sign"]);
+		const signatureBuffer = await this.subtleCrypto.sign("hmac", key, encoder.encode(payload));
+		const signatureBytes = new Uint8Array(signatureBuffer);
+		const signatureHexCodes = new Array(signatureBytes.length);
+		for (let i = 0; i < signatureBytes.length; i++) signatureHexCodes[i] = byteHexMapping[signatureBytes[i]];
+		return signatureHexCodes.join("");
+	}
+	/** @override */
+	async secureCompare(stringA, stringB) {
+		const bufferA = this.encoder.encode(stringA);
+		const bufferB = this.encoder.encode(stringB);
+		if (bufferA.length !== bufferB.length) return false;
+		const algorithm = {
+			name: "HMAC",
+			hash: "SHA-256"
+		};
+		const key = await crypto.subtle.generateKey(algorithm, false, ["sign", "verify"]);
+		const hmac = await crypto.subtle.sign(algorithm, key, bufferA);
+		return await crypto.subtle.verify(algorithm, key, hmac, bufferB);
+	}
+	async encrypt(plaintext, key, iv, aad) {
+		const actualIv = iv || crypto.getRandomValues(new Uint8Array(32));
+		const cryptoKey = await this.subtleCrypto.importKey("raw", key, { name: "AES-GCM" }, false, ["encrypt"]);
+		const encryptParams = {
+			name: "AES-GCM",
+			iv: actualIv
+		};
+		if (aad) encryptParams.additionalData = aad;
+		const encryptedData = await this.subtleCrypto.encrypt(encryptParams, cryptoKey, plaintext);
+		const encryptedBytes = new Uint8Array(encryptedData);
+		const tagStart = encryptedBytes.length - 16;
+		const tag = encryptedBytes.slice(tagStart);
+		return {
+			ciphertext: encryptedBytes.slice(0, tagStart),
+			iv: actualIv,
+			tag
+		};
+	}
+	async decrypt(ciphertext, key, iv, tag, aad) {
+		const combinedData = new Uint8Array(ciphertext.length + tag.length);
+		combinedData.set(ciphertext, 0);
+		combinedData.set(tag, ciphertext.length);
+		const cryptoKey = await this.subtleCrypto.importKey("raw", key, { name: "AES-GCM" }, false, ["decrypt"]);
+		const decryptParams = {
+			name: "AES-GCM",
+			iv
+		};
+		if (aad) decryptParams.additionalData = aad;
+		const decryptedData = await this.subtleCrypto.decrypt(decryptParams, cryptoKey, combinedData);
+		return new Uint8Array(decryptedData);
+	}
+	randomBytes(length) {
+		const bytes = new Uint8Array(length);
+		crypto.getRandomValues(bytes);
+		return bytes;
+	}
+	randomUUID() {
+		if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") return crypto.randomUUID();
+		const bytes = this.randomBytes(16);
+		bytes[6] = bytes[6] & 15 | 64;
+		bytes[8] = bytes[8] & 63 | 128;
+		const hex = Array.from(bytes, (b) => byteHexMapping[b]).join("");
+		return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+	}
+};
+const byteHexMapping = new Array(256);
+for (let i = 0; i < byteHexMapping.length; i++) byteHexMapping[i] = i.toString(16).padStart(2, "0");
+//#endregion
+Object.defineProperty(exports, 'SubtleCryptoProvider', {
+  enumerable: true,
+  get: function () {
+    return SubtleCryptoProvider;
+  }
+});
+//# sourceMappingURL=subtle-crypto-provider-BMf63Lhz.cjs.map

package/lib/subtle-crypto-provider-BMf63Lhz.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"subtle-crypto-provider-BMf63Lhz.cjs","names":["CryptoProvider","encryptParams: AesGcmParams","decryptParams: AesGcmParams"],"sources":["../src/common/crypto/subtle-crypto-provider.ts"],"sourcesContent":["import { CryptoProvider } from './crypto-provider';\n\n/**\n * `CryptoProvider which uses the SubtleCrypto interface of the Web Crypto API.\n *\n * This only supports asynchronous operations.\n */\nexport class SubtleCryptoProvider extends CryptoProvider {\n subtleCrypto: SubtleCrypto;\n\n constructor(subtleCrypto?: SubtleCrypto) {\n super();\n\n // If no subtle crypto is interface, default to the global namespace. This\n // is to allow custom interfaces (eg. using the Node webcrypto interface in\n // tests).\n this.subtleCrypto = subtleCrypto || crypto.subtle;\n }\n\n computeHMACSignature(_payload: string, _secret: string): string {\n throw new Error(\n 'SubleCryptoProvider cannot be used in a synchronous context.',\n );\n }\n\n /** @override */\n async computeHMACSignatureAsync(\n payload: string,\n secret: string,\n ): Promise<string> {\n const encoder = new TextEncoder();\n\n const key = await this.subtleCrypto.importKey(\n 'raw',\n encoder.encode(secret),\n {\n name: 'HMAC',\n hash: { name: 'SHA-256' },\n },\n false,\n ['sign'],\n );\n\n const signatureBuffer = await this.subtleCrypto.sign(\n 'hmac',\n key,\n encoder.encode(payload),\n );\n\n // crypto.subtle returns the signature in base64 format. This must be\n // encoded in hex to match the CryptoProvider contract. We map each byte in\n // the buffer to its corresponding hex octet and then combine into a string.\n const signatureBytes = new Uint8Array(signatureBuffer);\n const signatureHexCodes = new Array(signatureBytes.length);\n\n for (let i = 0; i < signatureBytes.length; i++) {\n signatureHexCodes[i] = byteHexMapping[signatureBytes[i]];\n }\n\n return signatureHexCodes.join('');\n }\n\n /** @override */\n async secureCompare(stringA: string, stringB: string): Promise<boolean> {\n const bufferA = this.encoder.encode(stringA);\n const bufferB = this.encoder.encode(stringB);\n\n if (bufferA.length !== bufferB.length) {\n return false;\n }\n\n const algorithm = { name: 'HMAC', hash: 'SHA-256' };\n const key = (await crypto.subtle.generateKey(algorithm, false, [\n 'sign',\n 'verify',\n ])) as CryptoKey;\n const hmac = await crypto.subtle.sign(algorithm, key, bufferA);\n const equal = await crypto.subtle.verify(algorithm, key, hmac, bufferB);\n\n return equal;\n }\n\n async encrypt(\n plaintext: Uint8Array,\n key: Uint8Array,\n iv?: Uint8Array,\n aad?: Uint8Array,\n ): Promise<{\n ciphertext: Uint8Array;\n iv: Uint8Array;\n tag: Uint8Array;\n }> {\n const actualIv = iv || crypto.getRandomValues(new Uint8Array(32));\n\n const cryptoKey = await this.subtleCrypto.importKey(\n 'raw',\n key as BufferSource,\n { name: 'AES-GCM' },\n false,\n ['encrypt'],\n );\n\n const encryptParams: AesGcmParams = {\n name: 'AES-GCM',\n iv: actualIv as BufferSource,\n };\n\n if (aad) {\n encryptParams.additionalData = aad as BufferSource;\n }\n\n const encryptedData = await this.subtleCrypto.encrypt(\n encryptParams,\n cryptoKey,\n plaintext as BufferSource,\n );\n\n const encryptedBytes = new Uint8Array(encryptedData);\n\n // Extract tag (last 16 bytes)\n const tagSize = 16;\n const tagStart = encryptedBytes.length - tagSize;\n const tag = encryptedBytes.slice(tagStart);\n const ciphertext = encryptedBytes.slice(0, tagStart);\n\n return {\n ciphertext,\n iv: actualIv,\n tag,\n };\n }\n\n async decrypt(\n ciphertext: Uint8Array,\n key: Uint8Array,\n iv: Uint8Array,\n tag: Uint8Array,\n aad?: Uint8Array,\n ): Promise<Uint8Array> {\n // SubtleCrypto expects tag to be appended to ciphertext for AES-GCM\n const combinedData = new Uint8Array(ciphertext.length + tag.length);\n combinedData.set(ciphertext, 0);\n combinedData.set(tag, ciphertext.length);\n\n const cryptoKey = await this.subtleCrypto.importKey(\n 'raw',\n key as BufferSource,\n { name: 'AES-GCM' },\n false,\n ['decrypt'],\n );\n\n const decryptParams: AesGcmParams = {\n name: 'AES-GCM',\n iv: iv as BufferSource,\n };\n\n if (aad) {\n decryptParams.additionalData = aad as BufferSource;\n }\n\n const decryptedData = await this.subtleCrypto.decrypt(\n decryptParams,\n cryptoKey,\n combinedData,\n );\n\n return new Uint8Array(decryptedData);\n }\n\n randomBytes(length: number): Uint8Array {\n const bytes = new Uint8Array(length);\n crypto.getRandomValues(bytes);\n return bytes;\n }\n\n randomUUID(): string {\n if (\n typeof crypto !== 'undefined' &&\n typeof crypto.randomUUID === 'function'\n ) {\n return crypto.randomUUID();\n }\n\n // Fallback for environments without crypto.randomUUID\n const bytes = this.randomBytes(16);\n // tslint:disable-next-line:no-bitwise\n bytes[6] = (bytes[6] & 0x0f) | 0x40; // version 4\n // tslint:disable-next-line:no-bitwise\n bytes[8] = (bytes[8] & 0x3f) | 0x80; // variant\n\n const hex = Array.from(bytes, (b) => byteHexMapping[b]).join('');\n return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(\n 12,\n 16,\n )}-${hex.slice(16, 20)}-${hex.slice(20)}`;\n }\n}\n\n// Cached mapping of byte to hex representation. We do this once to avoid re-\n// computing every time we need to convert the result of a signature to hex.\nconst byteHexMapping = new Array(256);\nfor (let i = 0; i < byteHexMapping.length; i++) {\n byteHexMapping[i] = i.toString(16).padStart(2, '0');\n}\n"],"mappings":";;;;;;;;AAOA,IAAa,uBAAb,cAA0CA,uCAAe;CACvD;CAEA,YAAY,cAA6B;AACvC,SAAO;AAKP,OAAK,eAAe,gBAAgB,OAAO;;CAG7C,qBAAqB,UAAkB,SAAyB;AAC9D,QAAM,IAAI,MACR,+DACD;;;CAIH,MAAM,0BACJ,SACA,QACiB;EACjB,MAAM,UAAU,IAAI,aAAa;EAEjC,MAAM,MAAM,MAAM,KAAK,aAAa,UAClC,OACA,QAAQ,OAAO,OAAO,EACtB;GACE,MAAM;GACN,MAAM,EAAE,MAAM,WAAW;GAC1B,EACD,OACA,CAAC,OAAO,CACT;EAED,MAAM,kBAAkB,MAAM,KAAK,aAAa,KAC9C,QACA,KACA,QAAQ,OAAO,QAAQ,CACxB;EAKD,MAAM,iBAAiB,IAAI,WAAW,gBAAgB;EACtD,MAAM,oBAAoB,IAAI,MAAM,eAAe,OAAO;AAE1D,OAAK,IAAI,IAAI,GAAG,IAAI,eAAe,QAAQ,IACzC,mBAAkB,KAAK,eAAe,eAAe;AAGvD,SAAO,kBAAkB,KAAK,GAAG;;;CAInC,MAAM,cAAc,SAAiB,SAAmC;EACtE,MAAM,UAAU,KAAK,QAAQ,OAAO,QAAQ;EAC5C,MAAM,UAAU,KAAK,QAAQ,OAAO,QAAQ;AAE5C,MAAI,QAAQ,WAAW,QAAQ,OAC7B,QAAO;EAGT,MAAM,YAAY;GAAE,MAAM;GAAQ,MAAM;GAAW;EACnD,MAAM,MAAO,MAAM,OAAO,OAAO,YAAY,WAAW,OAAO,CAC7D,QACA,SACD,CAAC;EACF,MAAM,OAAO,MAAM,OAAO,OAAO,KAAK,WAAW,KAAK,QAAQ;AAG9D,SAFc,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK,MAAM,QAAQ;;CAKzE,MAAM,QACJ,WACA,KACA,IACA,KAKC;EACD,MAAM,WAAW,MAAM,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC;EAEjE,MAAM,YAAY,MAAM,KAAK,aAAa,UACxC,OACA,KACA,EAAE,MAAM,WAAW,EACnB,OACA,CAAC,UAAU,CACZ;EAED,MAAMC,gBAA8B;GAClC,MAAM;GACN,IAAI;GACL;AAED,MAAI,IACF,eAAc,iBAAiB;EAGjC,MAAM,gBAAgB,MAAM,KAAK,aAAa,QAC5C,eACA,WACA,UACD;EAED,MAAM,iBAAiB,IAAI,WAAW,cAAc;EAIpD,MAAM,WAAW,eAAe,SADhB;EAEhB,MAAM,MAAM,eAAe,MAAM,SAAS;AAG1C,SAAO;GACL,YAHiB,eAAe,MAAM,GAAG,SAAS;GAIlD,IAAI;GACJ;GACD;;CAGH,MAAM,QACJ,YACA,KACA,IACA,KACA,KACqB;EAErB,MAAM,eAAe,IAAI,WAAW,WAAW,SAAS,IAAI,OAAO;AACnE,eAAa,IAAI,YAAY,EAAE;AAC/B,eAAa,IAAI,KAAK,WAAW,OAAO;EAExC,MAAM,YAAY,MAAM,KAAK,aAAa,UACxC,OACA,KACA,EAAE,MAAM,WAAW,EACnB,OACA,CAAC,UAAU,CACZ;EAED,MAAMC,gBAA8B;GAClC,MAAM;GACF;GACL;AAED,MAAI,IACF,eAAc,iBAAiB;EAGjC,MAAM,gBAAgB,MAAM,KAAK,aAAa,QAC5C,eACA,WACA,aACD;AAED,SAAO,IAAI,WAAW,cAAc;;CAGtC,YAAY,QAA4B;EACtC,MAAM,QAAQ,IAAI,WAAW,OAAO;AACpC,SAAO,gBAAgB,MAAM;AAC7B,SAAO;;CAGT,aAAqB;AACnB,MACE,OAAO,WAAW,eAClB,OAAO,OAAO,eAAe,WAE7B,QAAO,OAAO,YAAY;EAI5B,MAAM,QAAQ,KAAK,YAAY,GAAG;AAElC,QAAM,KAAM,MAAM,KAAK,KAAQ;AAE/B,QAAM,KAAM,MAAM,KAAK,KAAQ;EAE/B,MAAM,MAAM,MAAM,KAAK,QAAQ,MAAM,eAAe,GAAG,CAAC,KAAK,GAAG;AAChE,SAAO,GAAG,IAAI,MAAM,GAAG,EAAE,CAAC,GAAG,IAAI,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,MACnD,IACA,GACD,CAAC,GAAG,IAAI,MAAM,IAAI,GAAG,CAAC,GAAG,IAAI,MAAM,GAAG;;;AAM3C,MAAM,iBAAiB,IAAI,MAAM,IAAI;AACrC,KAAK,IAAI,IAAI,GAAG,IAAI,eAAe,QAAQ,IACzC,gBAAe,KAAK,EAAE,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI"}

package/lib/totp.interface-4Tn9mcvR.d.cts ADDED Viewed

@@ -0,0 +1,22 @@
+//#region src/mfa/interfaces/totp.interface.d.ts
+interface Totp {
+  issuer: string;
+  user: string;
+}
+interface TotpWithSecrets extends Totp {
+  qrCode: string;
+  secret: string;
+  uri: string;
+}
+interface TotpResponse {
+  issuer: string;
+  user: string;
+}
+interface TotpWithSecretsResponse extends TotpResponse {
+  qr_code: string;
+  secret: string;
+  uri: string;
+}
+//#endregion
+export { TotpWithSecretsResponse as i, TotpResponse as n, TotpWithSecrets as r, Totp as t };
+//# sourceMappingURL=totp.interface-4Tn9mcvR.d.cts.map

package/lib/unauthorized.exception-B0Ma7wJ5.d.cts ADDED Viewed

@@ -0,0 +1,13 @@
+import { t as RequestException } from "./request-exception.interface-DahTOGID.cjs";
+//#region src/common/exceptions/unauthorized.exception.d.ts
+declare class UnauthorizedException extends Error implements RequestException {
+  readonly requestID: string;
+  readonly status = 401;
+  readonly name = "UnauthorizedException";
+  readonly message: string;
+  constructor(requestID: string);
+}
+//#endregion
+export { UnauthorizedException as t };
+//# sourceMappingURL=unauthorized.exception-B0Ma7wJ5.d.cts.map

package/lib/unknown-record.interface-DSMWbzCc.d.cts ADDED Viewed

@@ -0,0 +1,5 @@
+//#region src/common/interfaces/unknown-record.interface.d.ts
+type UnknownRecord = Record<string, unknown>;
+//#endregion
+export { UnknownRecord as t };
+//# sourceMappingURL=unknown-record.interface-DSMWbzCc.d.cts.map

package/lib/unprocessable-entity-error.interface-B2dNTbj0.cjs ADDED Viewed

File without changes

package/lib/unprocessable-entity-error.interface-CGfXN5Ma.d.cts ADDED Viewed

@@ -0,0 +1,8 @@
+//#region src/common/interfaces/unprocessable-entity-error.interface.d.ts
+interface UnprocessableEntityError {
+  field: string;
+  code: string;
+}
+//#endregion
+export { UnprocessableEntityError as t };
+//# sourceMappingURL=unprocessable-entity-error.interface-CGfXN5Ma.d.cts.map