@workos-inc/node 8.13.0 → 9.1.0

package/lib/{factory-HM2NchXm.mjs → factory-B7cG7pDB.mjs}

@@ -140,7 +140,7 @@ var HttpClient = class HttpClient {
 		return JSON.stringify(entity);
 	}
 	static isPathRetryable(path) {
-		return path.startsWith("/fga/") || path.startsWith("/vault/") || path.startsWith("/audit_logs/events");
+		return path.startsWith("/vault/") || path.startsWith("/audit_logs/events");
 	}
 	getSleepTimeInMilliseconds(retryAttempt) {
 		return this.MINIMUM_SLEEP_TIME_IN_MILLISECONDS * Math.pow(this.BACKOFF_MULTIPLIER, retryAttempt) * (Math.random() + .5);
@@ -385,12 +385,36 @@ var ApiKeyRequiredException = class extends Error {
 var GenericServerException = class extends Error {
 	name = "GenericServerException";
 	message = "The request could not be completed.";
+	code;
 	constructor(status, message, rawData, requestID) {
 		super();
 		this.status = status;
 		this.rawData = rawData;
 		this.requestID = requestID;
 		if (message) this.message = message;
+		this.code = rawData.code;
+	}
+};
+//#endregion
+//#region src/common/exceptions/authentication.exception.ts
+const AUTHENTICATION_ERROR_CODES = new Set([
+	"email_verification_required",
+	"organization_selection_required",
+	"mfa_enrollment",
+	"mfa_challenge",
+	"mfa_verification",
+	"sso_required"
+]);
+function isAuthenticationErrorData(data) {
+	return typeof data.code === "string" && AUTHENTICATION_ERROR_CODES.has(data.code);
+}
+var AuthenticationException = class extends GenericServerException {
+	name = "AuthenticationException";
+	pendingAuthenticationToken;
+	constructor(status, rawData, requestID) {
+		super(status, rawData.message, rawData, requestID);
+		this.rawData = rawData;
+		this.pendingAuthenticationToken = rawData.pending_authentication_token;
 	}
 };
 //#endregion
@@ -411,6 +435,22 @@ var BadRequestException = class extends Error {
 	}
 };
 //#endregion
+//#region src/common/exceptions/conflict.exception.ts
+var ConflictException = class extends Error {
+	status = 409;
+	name = "ConflictException";
+	requestID;
+	code;
+	constructor({ error, message, requestID, code }) {
+		super();
+		this.requestID = requestID;
+		if (message) this.message = message;
+		else if (error) this.message = `Error: ${error}`;
+		else this.message = `A conflict has occurred on the server.`;
+		this.code = code;
+	}
+};
+//#endregion
 //#region src/common/exceptions/no-api-key-provided.exception.ts
 var NoApiKeyProvidedException = class extends Error {
 	status = 500;
@@ -743,7 +783,7 @@ const serializeEnrollAuthFactorOptions = (options) => ({
 	totp_secret: options.totpSecret
 });
 //#endregion
-//#region src/mfa/serializers/totp.serializer.ts
+//#region src/multi-factor-auth/serializers/totp.serializer.ts
 const deserializeTotp = (totp) => {
 	return {
 		issuer: totp.issuer,
@@ -792,6 +832,7 @@ const deserializeInvitation = (invitation) => ({
 	organizationId: invitation.organization_id,
 	inviterUserId: invitation.inviter_user_id,
 	acceptedUserId: invitation.accepted_user_id,
+	roleSlug: invitation.role_slug,
 	token: invitation.token,
 	acceptInvitationUrl: invitation.accept_invitation_url,
 	createdAt: invitation.created_at,
@@ -808,6 +849,7 @@ const deserializeInvitationEvent = (invitation) => ({
 	organizationId: invitation.organization_id,
 	inviterUserId: invitation.inviter_user_id,
 	acceptedUserId: invitation.accepted_user_id,
+	roleSlug: invitation.role_slug,
 	createdAt: invitation.created_at,
 	updatedAt: invitation.updated_at
 });
@@ -1230,7 +1272,7 @@ function deserializeApiKey(apiKey) {
 }
 //#endregion
 //#region src/authorization/serializers/organization-role.serializer.ts
-const deserializeRole$1 = (role) => ({
+const deserializeRole = (role) => ({
 	object: role.object,
 	id: role.id,
 	name: role.name,
@@ -1293,6 +1335,32 @@ const deserializeFeatureFlag = (featureFlag) => ({
 	updatedAt: featureFlag.updated_at
 });
 //#endregion
+//#region src/groups/serializers/add-group-organization-membership-options.serializer.ts
+const serializeAddGroupOrganizationMembershipOptions = (options) => ({ organization_membership_id: options.organizationMembershipId });
+//#endregion
+//#region src/groups/serializers/create-group-options.serializer.ts
+const serializeCreateGroupOptions = (options) => ({
+	name: options.name,
+	description: options.description
+});
+//#endregion
+//#region src/groups/serializers/group.serializer.ts
+const deserializeGroup = (group) => ({
+	object: group.object,
+	id: group.id,
+	organizationId: group.organization_id,
+	name: group.name,
+	description: group.description,
+	createdAt: group.created_at,
+	updatedAt: group.updated_at
+});
+//#endregion
+//#region src/groups/serializers/update-group-options.serializer.ts
+const serializeUpdateGroupOptions = (options) => ({
+	name: options.name,
+	description: options.description
+});
+//#endregion
 //#region src/vault/serializers/vault-event.serializer.ts
 const deserializeVaultActor = (actor) => ({
 	actorId: actor.actor_id,
@@ -1528,6 +1596,22 @@ const deserializeEvent = (event) => {
 			event: event.event,
 			data: deserializeFeatureFlag(event.data)
 		};
+		case "group.created":
+		case "group.updated":
+		case "group.deleted": return {
+			...eventBase,
+			event: event.event,
+			data: deserializeGroup(event.data)
+		};
+		case "group.member_added":
+		case "group.member_removed": return {
+			...eventBase,
+			event: event.event,
+			data: {
+				groupId: event.data.group_id,
+				organizationMembershipId: event.data.organization_membership_id
+			}
+		};
 		case "vault.data.created": return {
 			...eventBase,
 			event: event.event,
@@ -1578,6 +1662,11 @@ const deserializeEvent = (event) => {
 			event: event.event,
 			data: deserializeVaultByokKeyVerificationCompletedEvent(event.data)
 		};
+		default: return {
+			...eventBase,
+			event: event.event,
+			data: event.data
+		};
 	}
 };
 //#endregion
@@ -1673,25 +1762,6 @@ var PKCE = class {
 	}
 };
 //#endregion
-//#region src/api-keys/serializers/validate-api-key.serializer.ts
-function deserializeValidateApiKeyResponse(response) {
-	return { apiKey: response.api_key ? deserializeApiKey(response.api_key) : null };
-}
-//#endregion
-//#region src/api-keys/api-keys.ts
-var ApiKeys = class {
-	constructor(workos) {
-		this.workos = workos;
-	}
-	async validateApiKey(payload) {
-		const { data } = await this.workos.post("/api_keys/validations", payload);
-		return deserializeValidateApiKeyResponse(data);
-	}
-	async deleteApiKey(id) {
-		await this.workos.delete(`/api_keys/${id}`);
-	}
-};
-//#endregion
 //#region src/common/utils/pagination.ts
 var AutoPaginatable = class {
 	object = "list";
@@ -1731,6 +1801,35 @@ var AutoPaginatable = class {
 	}
 };
 //#endregion
+//#region src/api-keys/serializers/create-organization-api-key-options.serializer.ts
+function serializeCreateOrganizationApiKeyOptions(options) {
+	return {
+		name: options.name,
+		permissions: options.permissions
+	};
+}
+//#endregion
+//#region src/api-keys/serializers/created-api-key.serializer.ts
+function deserializeCreatedApiKey(apiKey) {
+	return {
+		object: apiKey.object,
+		id: apiKey.id,
+		owner: apiKey.owner,
+		name: apiKey.name,
+		obfuscatedValue: apiKey.obfuscated_value,
+		value: apiKey.value,
+		lastUsedAt: apiKey.last_used_at,
+		permissions: apiKey.permissions,
+		createdAt: apiKey.created_at,
+		updatedAt: apiKey.updated_at
+	};
+}
+//#endregion
+//#region src/api-keys/serializers/validate-api-key.serializer.ts
+function deserializeValidateApiKeyResponse(response) {
+	return { apiKey: response.api_key ? deserializeApiKey(response.api_key) : null };
+}
+//#endregion
 //#region src/common/utils/fetch-and-deserialize.ts
 const setDefaultOptions = (options) => {
 	return {
@@ -1746,31 +1845,181 @@ const fetchAndDeserialize = async (workos, endpoint, deserializeFn, options, req
 	return deserializeList(data, deserializeFn);
 };
 //#endregion
+//#region src/api-keys/api-keys.ts
+var ApiKeys = class {
+	constructor(workos) {
+		this.workos = workos;
+	}
+	/**
+	* Validate API key
+	*
+	* Validate an API key value and return the API key object if valid.
+	* @param payload - Object containing value.
+	* @returns {Promise<ApiKeyValidationResponse>}
+	* @throws {UnauthorizedException} 401
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createValidation(payload) {
+		const { data } = await this.workos.post("/api_keys/validations", payload);
+		return deserializeValidateApiKeyResponse(data);
+	}
+	/**
+	* Delete an API key
+	*
+	* Permanently deletes an API key. This action cannot be undone. Once deleted, any requests using this API key will fail authentication.
+	* @param id - The unique ID of the API key.
+	*
+	* @example
+	* "api_key_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	*/
+	async deleteApiKey(id) {
+		await this.workos.delete(`/api_keys/${id}`);
+	}
+	/**
+	* List API keys for an organization
+	*
+	* Get a list of all API keys for an organization.
+	* @param organizationId - Unique identifier of the Organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<ApiKey>>}
+	* @throws {NotFoundException} 404
+	*/
+	async listOrganizationApiKeys(options) {
+		const { organizationId, ...paginationOptions } = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${organizationId}/api_keys`, deserializeApiKey, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${organizationId}/api_keys`, deserializeApiKey, params), paginationOptions);
+	}
+	/**
+	* Create an API key for an organization
+	*
+	* Create a new API key for an organization.
+	* @param organizationId - Unique identifier of the Organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param options - Object containing name.
+	* @returns {Promise<ApiKeyWithValue>}
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createOrganizationApiKey(options, requestOptions = {}) {
+		const { organizationId } = options;
+		const { data } = await this.workos.post(`/organizations/${organizationId}/api_keys`, serializeCreateOrganizationApiKeyOptions(options), requestOptions);
+		return deserializeCreatedApiKey(data);
+	}
+};
+//#endregion
 //#region src/directory-sync/directory-sync.ts
 var DirectorySync = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
+	/**
+	* List Directories
+	*
+	* Get a list of all of your existing directories matching the criteria specified.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>}
+	* @throws 403 response from the API.
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listDirectories(options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/directories", deserializeDirectory, options ? serializeListDirectoriesOptions(options) : void 0), (params) => fetchAndDeserialize(this.workos, "/directories", deserializeDirectory, params), options ? serializeListDirectoriesOptions(options) : void 0);
 	}
+	/**
+	* Get a Directory
+	*
+	* Get the details of an existing directory.
+	* @param id - Unique identifier for the Directory.
+	*
+	* @example
+	* "directory_01ECAZ4NV9QMV47GW873HDCX74"
+	*
+	* @returns {Promise<Directory>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async getDirectory(id) {
 		const { data } = await this.workos.get(`/directories/${id}`);
 		return deserializeDirectory(data);
 	}
+	/**
+	* Delete a Directory
+	*
+	* Permanently deletes an existing directory. It cannot be undone.
+	* @param id - Unique identifier for the Directory.
+	*
+	* @example
+	* "directory_01ECAZ4NV9QMV47GW873HDCX74"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	*/
 	async deleteDirectory(id) {
 		await this.workos.delete(`/directories/${id}`);
 	}
+	/**
+	* List Directory Groups
+	*
+	* Get a list of all of existing directory groups matching the criteria specified.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listGroups(options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/directory_groups", deserializeDirectoryGroup, options), (params) => fetchAndDeserialize(this.workos, "/directory_groups", deserializeDirectoryGroup, params), options);
 	}
+	/**
+	* List Directory Users
+	*
+	* Get a list of all of existing Directory Users matching the criteria specified.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	* @throws {RateLimitExceededException} 429
+	*/
 	async listUsers(options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/directory_users", deserializeDirectoryUserWithGroups, options), (params) => fetchAndDeserialize(this.workos, "/directory_users", deserializeDirectoryUserWithGroups, params), options);
 	}
+	/**
+	* Get a Directory User
+	*
+	* Get the details of an existing Directory User.
+	* @param user - Unique identifier for the Directory User.
+	*
+	* @example
+	* "directory_user_01E1JG7J09H96KYP8HM9B0G5SJ"
+	* @returns {Promise<DirectoryUserWithGroups<TCustomAttributes>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async getUser(user) {
 		const { data } = await this.workos.get(`/directory_users/${user}`);
 		return deserializeDirectoryUserWithGroups(data);
 	}
+	/**
+	* Get a Directory Group
+	*
+	* Get the details of an existing Directory Group.
+	* @param group - Unique identifier for the Directory Group.
+	*
+	* @example
+	* "directory_group_01E1JJS84MFPPQ3G655FHTKX6Z"
+	* @returns {Promise<DirectoryGroup>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async getGroup(group) {
 		const { data } = await this.workos.get(`/directory_groups/${group}`);
 		return deserializeDirectoryGroup(data);
@@ -1793,99 +2042,115 @@ var Events = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
+	/**
+	* List events
+	*
+	* List events for the current environment.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<List<Event>>}
+	* @throws {BadRequestException} 400
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listEvents(options) {
 		const { data } = await this.workos.get(`/events`, { query: options ? serializeListEventOptions(options) : void 0 });
 		return deserializeList(data, deserializeEvent);
 	}
 };
 //#endregion
-//#region src/roles/serializers/role.serializer.ts
-const deserializeRole = (role) => ({
-	object: role.object,
-	id: role.id,
-	name: role.name,
-	slug: role.slug,
-	description: role.description,
-	permissions: role.permissions,
-	resourceTypeSlug: role.resource_type_slug,
-	type: role.type,
-	createdAt: role.created_at,
-	updatedAt: role.updated_at
-});
-//#endregion
-//#region src/api-keys/serializers/create-organization-api-key-options.serializer.ts
-function serializeCreateOrganizationApiKeyOptions(options) {
-	return {
-		name: options.name,
-		permissions: options.permissions
-	};
-}
-//#endregion
-//#region src/api-keys/serializers/created-api-key.serializer.ts
-function deserializeCreatedApiKey(apiKey) {
-	return {
-		object: apiKey.object,
-		id: apiKey.id,
-		owner: apiKey.owner,
-		name: apiKey.name,
-		obfuscatedValue: apiKey.obfuscated_value,
-		value: apiKey.value,
-		lastUsedAt: apiKey.last_used_at,
-		permissions: apiKey.permissions,
-		createdAt: apiKey.created_at,
-		updatedAt: apiKey.updated_at
-	};
-}
-//#endregion
 //#region src/organizations/organizations.ts
 var Organizations = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
+	/**
+	* List Organizations
+	*
+	* Get a list of all of your existing organizations matching the criteria specified.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<Organization, ListOrganizationsOptions>>}
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listOrganizations(options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/organizations", deserializeOrganization, options), (params) => fetchAndDeserialize(this.workos, "/organizations", deserializeOrganization, params), options);
 	}
+	/**
+	* Create an Organization
+	*
+	* Creates a new organization in the current environment.
+	* @param payload - Object containing name.
+	* @returns {Promise<Organization>}
+	* @throws {BadRequestException} 400
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async createOrganization(payload, requestOptions = {}) {
 		const { data } = await this.workos.post("/organizations", serializeCreateOrganizationOptions(payload), requestOptions);
 		return deserializeOrganization(data);
 	}
+	/**
+	* Delete an Organization
+	*
+	* Permanently deletes an organization in the current environment. It cannot be undone.
+	* @param id - Unique identifier of the Organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	*/
 	async deleteOrganization(id) {
 		await this.workos.delete(`/organizations/${id}`);
 	}
+	/**
+	* Get an Organization
+	*
+	* Get the details of an existing organization.
+	* @param id - Unique identifier of the Organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @returns {Promise<Organization>}
+	* @throws {NotFoundException} 404
+	*/
 	async getOrganization(id) {
 		const { data } = await this.workos.get(`/organizations/${id}`);
 		return deserializeOrganization(data);
 	}
+	/**
+	* Get an Organization by External ID
+	*
+	* Get the details of an existing organization by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).
+	* @param externalId - The external ID of the Organization.
+	*
+	* @example
+	* "2fe01467-f7ea-4dd2-8b79-c2b4f56d0191"
+	*
+	* @returns {Promise<Organization>}
+	* @throws {NotFoundException} 404
+	*/
 	async getOrganizationByExternalId(externalId) {
 		const { data } = await this.workos.get(`/organizations/external_id/${externalId}`);
 		return deserializeOrganization(data);
 	}
+	/**
+	* Update an Organization
+	*
+	* Updates an organization in the current environment.
+	* @param payload - The request body.
+	* @returns {Promise<Organization>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async updateOrganization(options) {
 		const { organization: organizationId, ...payload } = options;
 		const { data } = await this.workos.put(`/organizations/${organizationId}`, serializeUpdateOrganizationOptions(payload));
 		return deserializeOrganization(data);
 	}
-	async listOrganizationRoles(options) {
-		const { organizationId } = options;
-		const { data: response } = await this.workos.get(`/organizations/${organizationId}/roles`);
-		return {
-			object: "list",
-			data: response.data.map((role) => deserializeRole(role))
-		};
-	}
-	async listOrganizationFeatureFlags(options) {
-		const { organizationId, ...paginationOptions } = options;
-		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${organizationId}/feature-flags`, deserializeFeatureFlag, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${organizationId}/feature-flags`, deserializeFeatureFlag, params), paginationOptions);
-	}
-	async listOrganizationApiKeys(options) {
-		const { organizationId, ...paginationOptions } = options;
-		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${organizationId}/api_keys`, deserializeApiKey, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${organizationId}/api_keys`, deserializeApiKey, params), paginationOptions);
-	}
-	async createOrganizationApiKey(options, requestOptions = {}) {
-		const { organizationId } = options;
-		const { data } = await this.workos.post(`/organizations/${organizationId}/api_keys`, serializeCreateOrganizationApiKeyOptions(options), requestOptions);
-		return deserializeCreatedApiKey(data);
-	}
 };
 //#endregion
 //#region src/organization-domains/serializers/create-organization-domain-options.serializer.ts
@@ -1899,19 +2164,63 @@ var OrganizationDomains = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
-	async get(id) {
+	/**
+	* Get an Organization Domain
+	*
+	* Get the details of an existing organization domain.
+	* @param id - Unique identifier of the organization domain.
+	*
+	* @example
+	* "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+	*
+	* @returns {Promise<OrganizationDomain>}
+	* @throws {NotFoundException} 404
+	*/
+	async getOrganizationDomain(id) {
 		const { data } = await this.workos.get(`/organization_domains/${id}`);
 		return deserializeOrganizationDomain(data);
 	}
-	async verify(id) {
-		const { data } = await this.workos.post(`/organization_domains/${id}/verify`, {});
+	/**
+	* Verify an Organization Domain
+	*
+	* Initiates verification process for an Organization Domain.
+	* @param id - Unique identifier of the organization domain.
+	*
+	* @example
+	* "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+	*
+	* @returns {Promise<OrganizationDomain>}
+	* @throws {BadRequestException} 400
+	*/
+	async verifyOrganizationDomain(id) {
+		const { data } = await this.workos.post(`/organization_domains/${id}/verify`, {});
 		return deserializeOrganizationDomain(data);
 	}
-	async create(payload) {
+	/**
+	* Create an Organization Domain
+	*
+	* Creates a new Organization Domain.
+	* @param payload - Object containing domain, organizationId.
+	* @returns {Promise<OrganizationDomain>}
+	* @throws {ConflictException} 409
+	*/
+	async createOrganizationDomain(payload) {
 		const { data } = await this.workos.post(`/organization_domains`, serializeCreateOrganizationDomainOptions(payload));
 		return deserializeOrganizationDomain(data);
 	}
-	async delete(id) {
+	/**
+	* Delete an Organization Domain
+	*
+	* Permanently deletes an organization domain. It cannot be undone.
+	* @param id - Unique identifier of the organization domain.
+	*
+	* @example
+	* "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+	*
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	*/
+	async deleteOrganizationDomain(id) {
 		await this.workos.delete(`/organization_domains/${id}`);
 	}
 };
@@ -1984,17 +2293,33 @@ var Pipes = class {
 	}
 };
 //#endregion
-//#region src/portal/portal.ts
-var Portal = class {
+//#region src/admin-portal/admin-portal.ts
+var AdminPortal = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
-	async generateLink({ intent, organization, returnUrl, successUrl }) {
+	/**
+	* Generate a Portal Link
+	*
+	* Generate a Portal Link scoped to an Organization.
+	* @param payload - Object containing organization.
+	* @returns {Promise<{ link: string; }>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async generateLink({ intent, organization, returnUrl, successUrl, intentOptions, adminEmails }) {
 		const { data } = await this.workos.post("/portal/generate_link", {
 			intent,
 			organization,
 			return_url: returnUrl,
-			success_url: successUrl
+			success_url: successUrl,
+			intent_options: intentOptions ? { sso: {
+				bookmark_slug: intentOptions.sso.bookmarkSlug,
+				provider_type: intentOptions.sso.providerType
+			} } : void 0,
+			admin_emails: adminEmails
 		});
 		return data;
 	}
@@ -2036,9 +2361,31 @@ var SSO = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
+	/**
+	* List Connections
+	*
+	* Get a list of all of your existing connections matching the criteria specified.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>>}
+	* @throws 403 response from the API.
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listConnections(options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/connections", deserializeConnection, options ? serializeListConnectionsOptions(options) : void 0), (params) => fetchAndDeserialize(this.workos, "/connections", deserializeConnection, params), options ? serializeListConnectionsOptions(options) : void 0);
 	}
+	/**
+	* Delete a Connection
+	*
+	* Permanently deletes an existing connection. It cannot be undone.
+	* @param id - Unique identifier for the Connection.
+	*
+	* @example
+	* "conn_01E4ZCR3C56J083X43JQXF3JK5"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async deleteConnection(id) {
 		await this.workos.delete(`/connections/${id}`);
 	}
@@ -2112,6 +2459,19 @@ var SSO = class {
 			codeVerifier: pkce.codeVerifier
 		};
 	}
+	/**
+	* Get a Connection
+	*
+	* Get the details of an existing connection.
+	* @param id - Unique identifier for the Connection.
+	*
+	* @example
+	* "conn_01E4ZCR3C56J083X43JQXF3JK5"
+	*
+	* @returns {Promise<Connection>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async getConnection(id) {
 		const { data } = await this.workos.get(`/connections/${id}`);
 		return deserializeConnection(data);
@@ -2144,13 +2504,21 @@ var SSO = class {
 		const { data } = await this.workos.post("/sso/token", form, { skipApiKeyCheck: !hasApiKey });
 		return deserializeProfileAndToken(data);
 	}
+	/**
+	* Get a User Profile
+	*
+	* Exchange an access token for a user's [Profile](https://workos.com/docs/reference/sso/profile). Because this profile is returned in the [Get a Profile and Token endpoint](https://workos.com/docs/reference/sso/profile/get-profile-and-token) your application usually does not need to call this endpoint. It is available for any authentication flows that require an additional endpoint to retrieve a user's profile.
+	* @returns {Promise<Profile<CustomAttributesType>>}
+	* @throws {UnauthorizedException} 401
+	* @throws {NotFoundException} 404
+	*/
 	async getProfile({ accessToken }) {
 		const { data } = await this.workos.get("/sso/profile", { accessToken });
 		return deserializeProfile(data);
 	}
 };
 //#endregion
-//#region src/mfa/serializers/challenge.serializer.ts
+//#region src/multi-factor-auth/serializers/challenge.serializer.ts
 const deserializeChallenge = (challenge) => ({
 	object: challenge.object,
 	id: challenge.id,
@@ -2161,10 +2529,10 @@ const deserializeChallenge = (challenge) => ({
 	authenticationFactorId: challenge.authentication_factor_id
 });
 //#endregion
-//#region src/mfa/serializers/sms.serializer.ts
+//#region src/multi-factor-auth/serializers/sms.serializer.ts
 const deserializeSms = (sms) => ({ phoneNumber: sms.phone_number });
 //#endregion
-//#region src/mfa/serializers/factor.serializer.ts
+//#region src/multi-factor-auth/serializers/factor.serializer.ts
 const deserializeFactor = (factor) => ({
 	object: factor.object,
 	id: factor.id,
@@ -2184,24 +2552,56 @@ const deserializeFactorWithSecrets = (factor) => ({
 	...factor.totp ? { totp: deserializeTotpWithSecrets(factor.totp) } : {}
 });
 //#endregion
-//#region src/mfa/serializers/verify-response.serializer.ts
+//#region src/multi-factor-auth/serializers/verify-response.serializer.ts
 const deserializeVerifyResponse = (verifyResponse) => ({
 	challenge: deserializeChallenge(verifyResponse.challenge),
 	valid: verifyResponse.valid
 });
 //#endregion
-//#region src/mfa/mfa.ts
-var Mfa = class {
+//#region src/multi-factor-auth/multi-factor-auth.ts
+var MultiFactorAuth = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
+	/**
+	* Delete Factor
+	*
+	* Permanently deletes an Authentication Factor. It cannot be undone.
+	* @param id - The unique ID of the Factor.
+	*
+	* @example
+	* "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"
+	*
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	*/
 	async deleteFactor(id) {
 		await this.workos.delete(`/auth/factors/${id}`);
 	}
+	/**
+	* Get Factor
+	*
+	* Gets an Authentication Factor.
+	* @param id - The unique ID of the Factor.
+	*
+	* @example
+	* "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"
+	*
+	* @returns {Promise<Factor>}
+	* @throws {NotFoundException} 404
+	*/
 	async getFactor(id) {
 		const { data } = await this.workos.get(`/auth/factors/${id}`);
 		return deserializeFactor(data);
 	}
+	/**
+	* Enroll Factor
+	*
+	* Enrolls an Authentication Factor to be used as an additional factor of authentication. The returned ID should be used to create an authentication Challenge.
+	* @param options - Object containing type.
+	* @returns {Promise<FactorWithSecrets>}
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async enrollFactor(options) {
 		const { data } = await this.workos.post("/auth/factors/enroll", {
 			type: options.type,
@@ -2218,14 +2618,60 @@ var Mfa = class {
 		});
 		return deserializeFactorWithSecrets(data);
 	}
+	/**
+	* Challenge Factor
+	*
+	* Creates a Challenge for an Authentication Factor.
+	* @param options - The request body.
+	* @returns {Promise<Challenge>}
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async challengeFactor(options) {
 		const { data } = await this.workos.post(`/auth/factors/${options.authenticationFactorId}/challenge`, { sms_template: "smsTemplate" in options ? options.smsTemplate : void 0 });
 		return deserializeChallenge(data);
 	}
+	/**
+	* Verify Challenge
+	*
+	* Verifies an Authentication Challenge.
+	* @param options - Object containing code.
+	* @returns {Promise<VerifyResponse>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async verifyChallenge(options) {
 		const { data } = await this.workos.post(`/auth/challenges/${options.authenticationChallengeId}/verify`, { code: options.code });
 		return deserializeVerifyResponse(data);
 	}
+	/**
+	* Enroll an authentication factor
+	*
+	* Enrolls a user in a new [authentication factor](https://workos.com/docs/reference/authkit/mfa/authentication-factor).
+	* @param payload - Object containing type.
+	* @returns {Promise<{authenticationFactor: UMFactorWithSecrets; authenticationChallenge: Challenge}>}
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createUserAuthFactor(payload) {
+		const { data } = await this.workos.post(`/user_management/users/${payload.userId}/auth_factors`, serializeEnrollAuthFactorOptions(payload));
+		return {
+			authenticationFactor: deserializeFactorWithSecrets$1(data.authentication_factor),
+			authenticationChallenge: deserializeChallenge(data.authentication_challenge)
+		};
+	}
+	/**
+	* List authentication factors
+	*
+	* Lists the [authentication factors](https://workos.com/docs/reference/authkit/mfa/authentication-factor) for a user.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<UMFactor, PaginationOptions>>}
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async listUserAuthFactors(options) {
+		const { userId, ...restOfOptions } = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/user_management/users/${userId}/auth_factors`, deserializeFactor$1, restOfOptions), (params) => fetchAndDeserialize(this.workos, `/user_management/users/${userId}/auth_factors`, deserializeFactor$1, params), restOfOptions);
+	}
 };
 //#endregion
 //#region src/audit-logs/serializers/audit-log-export.serializer.ts
@@ -2304,13 +2750,11 @@ function deserializeMetadata(metadata) {
 const deserializeAuditLogSchema = (auditLogSchema) => ({
 	object: auditLogSchema.object,
 	version: auditLogSchema.version,
-	targets: auditLogSchema.targets.map((target) => {
-		return {
-			type: target.type,
-			metadata: target.metadata ? deserializeMetadata(target.metadata) : void 0
-		};
-	}),
-	actor: { metadata: deserializeMetadata(auditLogSchema.actor?.metadata) },
+	targets: auditLogSchema.targets.map((target) => ({
+		type: target.type,
+		metadata: target.metadata ? deserializeMetadata(target.metadata) : void 0
+	})),
+	actor: auditLogSchema.actor ? { metadata: deserializeMetadata(auditLogSchema.actor.metadata) } : void 0,
 	metadata: auditLogSchema.metadata ? deserializeMetadata(auditLogSchema.metadata) : void 0,
 	createdAt: auditLogSchema.created_at
 });
@@ -2320,6 +2764,23 @@ var AuditLogs = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
+	/**
+	* Create Event
+	*
+	* Create an Audit Log Event.
+	*
+	* This API supports idempotency which guarantees that performing the same operation multiple times will have the same result as if the operation were performed only once. This is handy in situations where you may need to retry a request due to a failure or prevent accidental duplicate requests from creating more than one resource.
+	*
+	* To achieve idempotency, you can add `Idempotency-Key` request header to a Create Event request with a unique string as the value. Each subsequent request matching this unique string will return the same response. We suggest using [v4 UUIDs](https://en.wikipedia.org/wiki/Universally_unique_identifier) for idempotency keys to avoid collisions.
+	*
+	* Idempotency keys expire after 24 hours. The API will generate a new response if you submit a request with an expired key.
+	* @param payload - Object containing organizationId, event.
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	* @throws {RateLimitExceededException} 429
+	*/
 	async createEvent(organization, event, options = {}) {
 		const optionsWithIdempotency = {
 			...options,
@@ -2330,18 +2791,50 @@ var AuditLogs = class {
 			organization_id: organization
 		}, optionsWithIdempotency);
 	}
+	/**
+	* Create Export
+	*
+	* Create an Audit Log Export. Exports are scoped to a single organization within a specified date range.
+	* @param payload - Object containing organizationId, rangeStart, rangeEnd.
+	* @returns {Promise<AuditLogExport>}
+	* @throws {BadRequestException} 400
+	*/
 	async createExport(options) {
 		const { data } = await this.workos.post("/audit_logs/exports", serializeAuditLogExportOptions(options));
 		return deserializeAuditLogExport(data);
 	}
+	/**
+	* Get Export
+	*
+	* Get an Audit Log Export. The URL will expire after 10 minutes. If the export is needed again at a later time, refetching the export will regenerate the URL.
+	* @param auditLogExportId - The unique ID of the Audit Log Export.
+	*
+	* @example
+	* "audit_log_export_01GBZK5MP7TD1YCFQHFR22180V"
+	*
+	* @returns {Promise<AuditLogExport>}
+	* @throws {NotFoundException} 404
+	*/
 	async getExport(auditLogExportId) {
 		const { data } = await this.workos.get(`/audit_logs/exports/${auditLogExportId}`);
 		return deserializeAuditLogExport(data);
 	}
+	/**
+	* Create Schema
+	*
+	* Creates a new Audit Log schema used to validate the payload of incoming Audit Log Events. If the `action` does not exist, it will also be created.
+	* @param payload - Object containing targets.
+	* @returns {Promise<AuditLogSchema>}
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async createSchema(schema, options = {}) {
 		const { data } = await this.workos.post(`/audit_logs/actions/${schema.action}/schemas`, serializeCreateAuditLogSchemaOptions(schema), options);
 		return deserializeAuditLogSchema(data);
 	}
+	async listSchemas(action, options) {
+		const endpoint = `/audit_logs/actions/${action}/schemas`;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeAuditLogSchema, options), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeAuditLogSchema, params), options);
+	}
 };
 //#endregion
 //#region node_modules/uint8array-extras/index.js
@@ -2730,12 +3223,16 @@ const serializeCreateOrganizationMembershipOptions = (options) => ({
 });
 //#endregion
 //#region src/user-management/serializers/identity.serializer.ts
+const normalizeProvider = (provider) => {
+	if (provider === "GithubOAuth") return "GitHubOAuth";
+	return provider;
+};
 const deserializeIdentities = (identities) => {
 	return identities.map((identity) => {
 		return {
 			idpId: identity.idp_id,
 			type: identity.type,
-			provider: identity.provider
+			provider: normalizeProvider(identity.provider)
 		};
 	});
 };
@@ -2983,21 +3480,60 @@ var UserManagement = class {
 	loadSealedSession(options) {
 		return new CookieSession(this, options.sessionData, options.cookiePassword);
 	}
+	/**
+	* Get a user
+	*
+	* Get the details of an existing user.
+	* @param userId - The unique ID of the user.
+	* @returns {Promise<User>}
+	* @throws {NotFoundException} 404
+	*/
 	async getUser(userId) {
 		const { data } = await this.workos.get(`/user_management/users/${userId}`);
 		return deserializeUser(data);
 	}
+	/**
+	* Get a user by external ID
+	*
+	* Get the details of an existing user by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).
+	* @param externalId - The external ID of the user.
+	*
+	* @example
+	* "f1ffa2b2-c20b-4d39-be5c-212726e11222"
+	*
+	* @returns {Promise<User>}
+	* @throws {NotFoundException} 404
+	*/
 	async getUserByExternalId(externalId) {
 		const { data } = await this.workos.get(`/user_management/users/external_id/${externalId}`);
 		return deserializeUser(data);
 	}
+	/**
+	* List users
+	*
+	* Get a list of all of your existing users matching the criteria specified.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<User, SerializedListUsersOptions>>}
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listUsers(options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/user_management/users", deserializeUser, options ? serializeListUsersOptions(options) : void 0), (params) => fetchAndDeserialize(this.workos, "/user_management/users", deserializeUser, params), options ? serializeListUsersOptions(options) : void 0);
 	}
+	/**
+	* Create a user
+	*
+	* Create a new user in the current environment.
+	* @param payload - Object containing email.
+	* @returns {Promise<User>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async createUser(payload) {
 		const { data } = await this.workos.post("/user_management/users", serializeCreateUserOptions(payload));
 		return deserializeUser(data);
 	}
+	/** Authenticate with magic auth. */
 	async authenticateWithMagicAuth(payload) {
 		const { session, clientId, ...remainingPayload } = payload;
 		const resolvedClientId = this.resolveClientId(clientId);
@@ -3011,6 +3547,7 @@ var UserManagement = class {
 			session
 		});
 	}
+	/** Authenticate with password. */
 	async authenticateWithPassword(payload) {
 		const { session, clientId, ...remainingPayload } = payload;
 		const resolvedClientId = this.resolveClientId(clientId);
@@ -3098,6 +3635,7 @@ var UserManagement = class {
 			session
 		});
 	}
+	/** Authenticate with totp. */
 	async authenticateWithTotp(payload) {
 		const { session, clientId, ...remainingPayload } = payload;
 		const resolvedClientId = this.resolveClientId(clientId);
@@ -3111,6 +3649,7 @@ var UserManagement = class {
 			session
 		});
 	}
+	/** Authenticate with email verification. */
 	async authenticateWithEmailVerification(payload) {
 		const { session, clientId, ...remainingPayload } = payload;
 		const resolvedClientId = this.resolveClientId(clientId);
@@ -3124,6 +3663,7 @@ var UserManagement = class {
 			session
 		});
 	}
+	/** Authenticate with organization selection. */
 	async authenticateWithOrganizationSelection(payload) {
 		const { session, clientId, ...remainingPayload } = payload;
 		const resolvedClientId = this.resolveClientId(clientId);
@@ -3211,26 +3751,76 @@ var UserManagement = class {
 		if (!cookiePassword) throw new Error("Cookie password is required");
 		if (sessionData) return unsealData(sessionData, { password: cookiePassword });
 	}
+	/**
+	* Get an email verification code
+	*
+	* Get the details of an existing email verification code that can be used to send an email to a user for verification.
+	* @returns {Promise<EmailVerification>}
+	* @throws {NotFoundException} 404
+	*/
 	async getEmailVerification(emailVerificationId) {
 		const { data } = await this.workos.get(`/user_management/email_verification/${emailVerificationId}`);
 		return deserializeEmailVerification(data);
 	}
+	/**
+	* Send verification email
+	*
+	* Sends an email that contains a one-time code used to verify a user’s email address.
+	* @returns {Promise<{ user: User; }>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {RateLimitExceededException} 429
+	*/
 	async sendVerificationEmail({ userId }) {
 		const { data } = await this.workos.post(`/user_management/users/${userId}/email_verification/send`, {});
 		return { user: deserializeUser(data.user) };
 	}
+	/**
+	* Get Magic Auth code details
+	*
+	* Get the details of an existing [Magic Auth](https://workos.com/docs/reference/authkit/magic-auth) code that can be used to send an email to a user for authentication.
+	* @returns {Promise<MagicAuth>}
+	* @throws {NotFoundException} 404
+	*/
 	async getMagicAuth(magicAuthId) {
 		const { data } = await this.workos.get(`/user_management/magic_auth/${magicAuthId}`);
 		return deserializeMagicAuth(data);
 	}
+	/**
+	* Create a Magic Auth code
+	*
+	* Creates a one-time authentication code that can be sent to the user's email address. The code expires in 10 minutes. To verify the code, [authenticate the user with Magic Auth](https://workos.com/docs/reference/authkit/authentication/magic-auth).
+	* @param options - Object containing email.
+	* @returns {Promise<MagicAuth>}
+	* @throws {BadRequestException} 400
+	* @throws {UnprocessableEntityException} 422
+	* @throws {RateLimitExceededException} 429
+	*/
 	async createMagicAuth(options) {
 		const { data } = await this.workos.post("/user_management/magic_auth", serializeCreateMagicAuthOptions({ ...options }));
 		return deserializeMagicAuth(data);
 	}
+	/**
+	* Verify email
+	*
+	* Verifies an email address using the one-time code received by the user.
+	* @param options - Object containing code.
+	* @returns {Promise<{ user: User; }>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async verifyEmail({ code, userId }) {
 		const { data } = await this.workos.post(`/user_management/users/${userId}/email_verification/confirm`, { code });
 		return { user: deserializeUser(data.user) };
 	}
+	/**
+	* Get a password reset token
+	*
+	* Get the details of an existing password reset token that can be used to reset a user's password.
+	* @returns {Promise<PasswordReset>}
+	* @throws {NotFoundException} 404
+	*/
 	async getPasswordReset(passwordResetId) {
 		const { data } = await this.workos.get(`/user_management/password_reset/${passwordResetId}`);
 		return deserializePasswordReset(data);
@@ -3239,94 +3829,260 @@ var UserManagement = class {
 		const { data } = await this.workos.post("/user_management/password_reset", serializeCreatePasswordResetOptions({ ...options }));
 		return deserializePasswordReset(data);
 	}
+	/**
+	* Reset the password
+	*
+	* Sets a new password using the `token` query parameter from the link that
+	* the user received. Successfully resetting the password will verify a
+	* user's email, if it hasn't been verified yet.
+	* @param payload - Object containing the reset token and new password.
+	* @returns {Promise<{ user: User; }>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	* @throws {RateLimitExceededException} 429
+	*/
 	async resetPassword(payload) {
 		const { data } = await this.workos.post("/user_management/password_reset/confirm", serializeResetPasswordOptions(payload));
 		return { user: deserializeUser(data.user) };
 	}
+	/**
+	* Update a user
+	*
+	* Updates properties of a user. The omitted properties will be left unchanged.
+	* @param payload - The request body.
+	* @returns {Promise<User>}
+	* @throws {BadRequestException} 400
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async updateUser(payload) {
 		const { data } = await this.workos.put(`/user_management/users/${payload.userId}`, serializeUpdateUserOptions(payload));
 		return deserializeUser(data);
 	}
-	async enrollAuthFactor(payload) {
-		const { data } = await this.workos.post(`/user_management/users/${payload.userId}/auth_factors`, serializeEnrollAuthFactorOptions(payload));
-		return {
-			authenticationFactor: deserializeFactorWithSecrets$1(data.authentication_factor),
-			authenticationChallenge: deserializeChallenge(data.authentication_challenge)
-		};
-	}
-	async listAuthFactors(options) {
-		const { userId, ...restOfOptions } = options;
-		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/user_management/users/${userId}/auth_factors`, deserializeFactor$1, restOfOptions), (params) => fetchAndDeserialize(this.workos, `/user_management/users/${userId}/auth_factors`, deserializeFactor$1, params), restOfOptions);
-	}
-	async listUserFeatureFlags(options) {
-		const { userId, ...paginationOptions } = options;
-		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/user_management/users/${userId}/feature-flags`, deserializeFeatureFlag, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/user_management/users/${userId}/feature-flags`, deserializeFeatureFlag, params), paginationOptions);
-	}
+	/**
+	* List sessions
+	*
+	* Get a list of all active sessions for a specific user.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<Session, SerializedListSessionsOptions>>}
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listSessions(userId, options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/user_management/users/${userId}/sessions`, deserializeSession, options ? serializeListSessionsOptions(options) : void 0), (params) => fetchAndDeserialize(this.workos, `/user_management/users/${userId}/sessions`, deserializeSession, params), options ? serializeListSessionsOptions(options) : void 0);
 	}
+	/**
+	* Delete a user
+	*
+	* Permanently deletes a user in the current environment. It cannot be undone.
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	*/
 	async deleteUser(userId) {
 		await this.workos.delete(`/user_management/users/${userId}`);
 	}
+	/**
+	* Get user identities
+	*
+	* Get a list of identities associated with the user. A user can have multiple associated identities after going through [identity linking](https://workos.com/docs/authkit/identity-linking). Currently only OAuth identities are supported. More provider types may be added in the future.
+	* @returns {Promise<Identity[]>}
+	* @throws {NotFoundException} 404
+	*/
 	async getUserIdentities(userId) {
 		if (!userId) throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);
 		const { data } = await this.workos.get(`/user_management/users/${userId}/identities`);
 		return deserializeIdentities(data);
 	}
+	/**
+	* Get an organization membership
+	*
+	* Get the details of an existing organization membership.
+	* @returns {Promise<OrganizationMembership>}
+	* @throws {NotFoundException} 404
+	*/
 	async getOrganizationMembership(organizationMembershipId) {
 		const { data } = await this.workos.get(`/user_management/organization_memberships/${organizationMembershipId}`);
 		return deserializeOrganizationMembership(data);
 	}
+	/**
+	* List organization memberships
+	*
+	* Get a list of all organization memberships matching the criteria specified. At least one of `user_id` or `organization_id` must be provided. By default only active memberships are returned. Use the `statuses` parameter to filter by other statuses.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<OrganizationMembership, SerializedListOrganizationMembershipsOptions>>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listOrganizationMemberships(options) {
 		const serializedOptions = serializeListOrganizationMembershipsOptions(options);
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/user_management/organization_memberships", deserializeOrganizationMembership, serializedOptions), (params) => fetchAndDeserialize(this.workos, "/user_management/organization_memberships", deserializeOrganizationMembership, params), serializedOptions);
 	}
+	/**
+	* Create an organization membership
+	*
+	* Creates a new `active` organization membership for the given organization and user.
+	*
+	* Calling this API with an organization and user that match an `inactive` organization membership will activate the membership with the specified role(s).
+	* @param options - Object containing userId, organizationId.
+	* @returns {Promise<OrganizationMembership>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async createOrganizationMembership(options) {
 		const { data } = await this.workos.post("/user_management/organization_memberships", serializeCreateOrganizationMembershipOptions(options));
 		return deserializeOrganizationMembership(data);
 	}
+	/**
+	* Update an organization membership
+	*
+	* Update the details of an existing organization membership.
+	* @param options - The request body.
+	* @returns {Promise<OrganizationMembership>}
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async updateOrganizationMembership(organizationMembershipId, options) {
 		const { data } = await this.workos.put(`/user_management/organization_memberships/${organizationMembershipId}`, serializeUpdateOrganizationMembershipOptions(options));
 		return deserializeOrganizationMembership(data);
 	}
+	/**
+	* Delete an organization membership
+	*
+	* Permanently deletes an existing organization membership. It cannot be undone.
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	*/
 	async deleteOrganizationMembership(organizationMembershipId) {
 		await this.workos.delete(`/user_management/organization_memberships/${organizationMembershipId}`);
 	}
+	/**
+	* Deactivate an organization membership
+	*
+	* Deactivates an `active` organization membership. Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful deactivation.
+	*
+	* - Deactivating an `inactive` membership is a no-op and does not emit an event.
+	* - Deactivating a `pending` membership returns an error. This membership should be [deleted](https://workos.com/docs/reference/authkit/organization-membership/delete) instead.
+	*
+	* See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.
+	* @returns {Promise<OrganizationMembership>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async deactivateOrganizationMembership(organizationMembershipId) {
 		const { data } = await this.workos.put(`/user_management/organization_memberships/${organizationMembershipId}/deactivate`, {});
 		return deserializeOrganizationMembership(data);
 	}
+	/**
+	* Reactivate an organization membership
+	*
+	* Reactivates an `inactive` organization membership, retaining the pre-existing role(s). Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful reactivation.
+	*
+	* - Reactivating an `active` membership is a no-op and does not emit an event.
+	* - Reactivating a `pending` membership returns an error. The user needs to [accept the invitation](https://workos.com/docs/authkit/invitations) instead.
+	*
+	* See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.
+	* @returns {Promise<OrganizationMembership>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async reactivateOrganizationMembership(organizationMembershipId) {
 		const { data } = await this.workos.put(`/user_management/organization_memberships/${organizationMembershipId}/reactivate`, {});
 		return deserializeOrganizationMembership(data);
 	}
+	async listGroupsForOrganizationMembership(options) {
+		const { organizationMembershipId, ...paginationOptions } = options;
+		const endpoint = `/user_management/organization_memberships/${organizationMembershipId}/groups`;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeGroup, paginationOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeGroup, params), paginationOptions);
+	}
 	async getInvitation(invitationId) {
 		const { data } = await this.workos.get(`/user_management/invitations/${invitationId}`);
 		return deserializeInvitation(data);
 	}
+	/**
+	* Find an invitation by token
+	*
+	* Retrieve an existing invitation using the token.
+	* @returns {Promise<Invitation>}
+	* @throws {NotFoundException} 404
+	*/
 	async findInvitationByToken(invitationToken) {
 		const { data } = await this.workos.get(`/user_management/invitations/by_token/${invitationToken}`);
 		return deserializeInvitation(data);
 	}
+	/**
+	* List invitations
+	*
+	* Get a list of all of invitations matching the criteria specified.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>>}
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listInvitations(options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/user_management/invitations", deserializeInvitation, options ? serializeListInvitationsOptions(options) : void 0), (params) => fetchAndDeserialize(this.workos, "/user_management/invitations", deserializeInvitation, params), options ? serializeListInvitationsOptions(options) : void 0);
 	}
+	/**
+	* Send an invitation
+	*
+	* Sends an invitation email to the recipient.
+	* @param payload - Object containing email.
+	* @returns {Promise<Invitation>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async sendInvitation(payload) {
 		const { data } = await this.workos.post("/user_management/invitations", serializeSendInvitationOptions({ ...payload }));
 		return deserializeInvitation(data);
 	}
+	/**
+	* Accept an invitation
+	*
+	* Accepts an invitation and, if linked to an organization, activates the user's membership in that organization.
+	* @returns {Promise<Invitation>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	*/
 	async acceptInvitation(invitationId) {
 		const { data } = await this.workos.post(`/user_management/invitations/${invitationId}/accept`, null);
 		return deserializeInvitation(data);
 	}
+	/**
+	* Revoke an invitation
+	*
+	* Revokes an existing invitation.
+	* @returns {Promise<Invitation>}
+	* @throws {BadRequestException} 400
+	*/
 	async revokeInvitation(invitationId) {
 		const { data } = await this.workos.post(`/user_management/invitations/${invitationId}/revoke`, null);
 		return deserializeInvitation(data);
 	}
+	/**
+	* Resend an invitation
+	*
+	* Resends an invitation email to the recipient. The invitation must be in a pending state.
+	* @param options - The request body.
+	* @returns {Promise<Invitation>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async resendInvitation(invitationId, options) {
 		const { data } = await this.workos.post(`/user_management/invitations/${invitationId}/resend`, options ? serializeResendInvitationOptions(options) : {});
 		return deserializeInvitation(data);
 	}
+	/**
+	* Revoke Session
+	*
+	* Revoke a [user session](https://workos.com/docs/reference/authkit/session).
+	* @param payload - Object containing sessionId.
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	*/
 	async revokeSession(payload) {
 		await this.workos.post("/user_management/sessions/revoke", serializeRevokeSessionOptions(payload));
 	}
@@ -3421,6 +4177,23 @@ var UserManagement = class {
 			codeVerifier: pkce.codeVerifier
 		};
 	}
+	/**
+	* Logout
+	*
+	* Logout a user from the current [session](https://workos.com/docs/reference/authkit/session).
+	* @param options.sessionId - The ID of the session to revoke. This can be extracted from the `sid` claim of the access token.
+	*
+	* @example
+	* "session_01H93ZY4F80QPBEZ1R5B2SHQG8"
+	*
+	* @param options.returnTo - The URL to redirect the user to after session revocation.
+	*
+	* @example
+	* "https://example.com"
+	*
+	* @returns {string}
+	* @throws {UnprocessableEntityException} 422
+	*/
 	getLogoutUrl(options) {
 		const { sessionId, returnTo } = options;
 		if (!sessionId) throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);
@@ -3435,374 +4208,20 @@ var UserManagement = class {
 	}
 };
 //#endregion
-//#region src/fga/interfaces/check-op.enum.ts
-let CheckOp = /* @__PURE__ */ function(CheckOp) {
-	CheckOp["AllOf"] = "all_of";
-	CheckOp["AnyOf"] = "any_of";
-	return CheckOp;
-}({});
-//#endregion
-//#region src/fga/utils/interface-check.ts
-function isSubject(resource) {
-	return Object.prototype.hasOwnProperty.call(resource, "resourceType") && Object.prototype.hasOwnProperty.call(resource, "resourceId");
-}
-function isResourceInterface(resource) {
-	return !!resource && typeof resource === "object" && "getResouceType" in resource && "getResourceId" in resource;
-}
-//#endregion
-//#region src/fga/serializers/check-options.serializer.ts
-const serializeCheckOptions = (options) => ({
-	op: options.op,
-	checks: options.checks.map(serializeCheckWarrantOptions),
-	debug: options.debug
-});
-const serializeCheckBatchOptions = (options) => ({
-	op: "batch",
-	checks: options.checks.map(serializeCheckWarrantOptions),
-	debug: options.debug
-});
-const serializeCheckWarrantOptions = (warrant) => {
-	return {
-		resource_type: isResourceInterface(warrant.resource) ? warrant.resource.getResourceType() : warrant.resource.resourceType,
-		resource_id: isResourceInterface(warrant.resource) ? warrant.resource.getResourceId() : warrant.resource.resourceId ? warrant.resource.resourceId : "",
-		relation: warrant.relation,
-		subject: isSubject(warrant.subject) ? {
-			resource_type: warrant.subject.resourceType,
-			resource_id: warrant.subject.resourceId
-		} : {
-			resource_type: warrant.subject.getResourceType(),
-			resource_id: warrant.subject.getResourceId()
-		},
-		context: warrant.context ?? {}
-	};
-};
-const deserializeDecisionTreeNode = (response) => {
-	return {
-		check: {
-			resource: {
-				resourceType: response.check.resource_type,
-				resourceId: response.check.resource_id
-			},
-			relation: response.check.relation,
-			subject: {
-				resourceType: response.check.subject.resource_type,
-				resourceId: response.check.subject.resource_id
-			},
-			context: response.check.context
-		},
-		policy: response.policy,
-		decision: response.decision,
-		processingTime: response.processing_time,
-		children: response.children.map(deserializeDecisionTreeNode)
-	};
-};
-//#endregion
-//#region src/fga/interfaces/check.interface.ts
-const CHECK_RESULT_AUTHORIZED = "authorized";
-var CheckResult = class {
-	result;
-	isImplicit;
-	warrantToken;
-	debugInfo;
-	warnings;
-	constructor(json) {
-		this.result = json.result;
-		this.isImplicit = json.is_implicit;
-		this.warrantToken = json.warrant_token;
-		this.debugInfo = json.debug_info ? {
-			processingTime: json.debug_info.processing_time,
-			decisionTree: deserializeDecisionTreeNode(json.debug_info.decision_tree)
-		} : void 0;
-		this.warnings = json.warnings;
-	}
-	isAuthorized() {
-		return this.result === CHECK_RESULT_AUTHORIZED;
-	}
-};
-//#endregion
-//#region src/fga/interfaces/resource-op.enum.ts
-let ResourceOp = /* @__PURE__ */ function(ResourceOp) {
-	ResourceOp["Create"] = "create";
-	ResourceOp["Delete"] = "delete";
-	return ResourceOp;
-}({});
-//#endregion
-//#region src/fga/interfaces/warrant-op.enum.ts
-let WarrantOp = /* @__PURE__ */ function(WarrantOp) {
-	WarrantOp["Create"] = "create";
-	WarrantOp["Delete"] = "delete";
-	return WarrantOp;
-}({});
-//#endregion
-//#region src/fga/serializers/create-resource-options.serializer.ts
-const serializeCreateResourceOptions$1 = (options) => ({
-	resource_type: isResourceInterface(options.resource) ? options.resource.getResourceType() : options.resource.resourceType,
-	resource_id: isResourceInterface(options.resource) ? options.resource.getResourceId() : options.resource.resourceId ? options.resource.resourceId : "",
-	meta: options.meta
-});
-//#endregion
-//#region src/fga/serializers/delete-resource-options.serializer.ts
-const serializeDeleteResourceOptions = (options) => ({
-	resource_type: isResourceInterface(options) ? options.getResourceType() : options.resourceType,
-	resource_id: isResourceInterface(options) ? options.getResourceId() : options.resourceId ? options.resourceId : ""
-});
-//#endregion
-//#region src/fga/serializers/batch-write-resources-options.serializer.ts
-const serializeBatchWriteResourcesOptions = (options) => {
-	let serializedResources = [];
-	if (options.op === ResourceOp.Create) serializedResources = options.resources.map((options) => serializeCreateResourceOptions$1(options));
-	else if (options.op === ResourceOp.Delete) serializedResources = options.resources.map((options) => serializeDeleteResourceOptions(options));
-	return {
-		op: options.op,
-		resources: serializedResources
-	};
-};
-//#endregion
-//#region src/fga/serializers/list-resources-options.serializer.ts
-const serializeListResourceOptions = (options) => ({
-	resource_type: options.resourceType,
-	search: options.search,
-	limit: options.limit,
-	before: options.before,
-	after: options.after,
-	order: options.order
-});
-//#endregion
-//#region src/fga/serializers/list-warrants-options.serializer.ts
-const serializeListWarrantsOptions = (options) => ({
-	resource_type: options.resourceType,
-	resource_id: options.resourceId,
-	relation: options.relation,
-	subject_type: options.subjectType,
-	subject_id: options.subjectId,
-	subject_relation: options.subjectRelation,
-	limit: options.limit,
-	after: options.after
-});
-//#endregion
-//#region src/fga/serializers/query-options.serializer.ts
-const serializeQueryOptions = (options) => ({
-	q: options.q,
-	context: JSON.stringify(options.context),
-	limit: options.limit,
-	before: options.before,
-	after: options.after,
-	order: options.order
-});
-//#endregion
-//#region src/fga/serializers/query-result.serializer.ts
-const deserializeQueryResult = (queryResult) => ({
-	resourceType: queryResult.resource_type,
-	resourceId: queryResult.resource_id,
-	relation: queryResult.relation,
-	warrant: {
-		resourceType: queryResult.warrant.resource_type,
-		resourceId: queryResult.warrant.resource_id,
-		relation: queryResult.warrant.relation,
-		subject: {
-			resourceType: queryResult.warrant.subject.resource_type,
-			resourceId: queryResult.warrant.subject.resource_id,
-			relation: queryResult.warrant.subject.relation
-		}
-	},
-	isImplicit: queryResult.is_implicit,
-	meta: queryResult.meta
-});
-//#endregion
-//#region src/fga/serializers/resource.serializer.ts
-const deserializeResource = (response) => ({
-	resourceType: response.resource_type,
-	resourceId: response.resource_id,
-	meta: response.meta
-});
-const deserializeBatchWriteResourcesResponse = (response) => {
-	return response.data.map((resource) => deserializeResource(resource));
-};
-//#endregion
-//#region src/fga/serializers/warrant-token.serializer.ts
-const deserializeWarrantToken = (warrantToken) => ({ warrantToken: warrantToken.warrant_token });
-//#endregion
-//#region src/fga/serializers/warrant.serializer.ts
-const deserializeWarrant = (warrant) => ({
-	resourceType: warrant.resource_type,
-	resourceId: warrant.resource_id,
-	relation: warrant.relation,
-	subject: {
-		resourceType: warrant.subject.resource_type,
-		resourceId: warrant.subject.resource_id,
-		relation: warrant.subject.relation
-	},
-	policy: warrant.policy
-});
-//#endregion
-//#region src/fga/serializers/write-warrant-options.serializer.ts
-const serializeWriteWarrantOptions = (warrant) => ({
-	op: warrant.op,
-	resource_type: isResourceInterface(warrant.resource) ? warrant.resource.getResourceType() : warrant.resource.resourceType,
-	resource_id: isResourceInterface(warrant.resource) ? warrant.resource.getResourceId() : warrant.resource.resourceId ? warrant.resource.resourceId : "",
-	relation: warrant.relation,
-	subject: isSubject(warrant.subject) ? {
-		resource_type: warrant.subject.resourceType,
-		resource_id: warrant.subject.resourceId
-	} : {
-		resource_type: warrant.subject.getResourceType(),
-		resource_id: warrant.subject.getResourceId()
-	},
-	policy: warrant.policy
-});
-//#endregion
-//#region src/fga/serializers/list.serializer.ts
-const deserializeFGAList = (response, deserializeFn) => ({
-	object: "list",
-	data: response.data.map(deserializeFn),
-	listMetadata: response.list_metadata,
-	warnings: response.warnings
-});
-//#endregion
-//#region src/fga/utils/fga-paginatable.ts
-var FgaPaginatable = class extends AutoPaginatable {
-	list;
-	constructor(list, apiCall, options) {
-		super(list, apiCall, options);
-		this.list = list;
-	}
-	get warnings() {
-		return this.list.warnings;
-	}
-};
-//#endregion
-//#region src/fga/utils/fetch-and-deserialize-list.ts
-const fetchAndDeserializeFGAList = async (workos, endpoint, deserializeFn, options, requestOptions) => {
-	const { data: response } = await workos.get(endpoint, {
-		query: options,
-		...requestOptions
-	});
-	return deserializeFGAList(response, deserializeFn);
-};
-//#endregion
-//#region src/fga/fga.ts
-/**
-* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-* @see src/authorization/authorization.ts
-*/
-var FGA = class {
-	constructor(workos) {
-		this.workos = workos;
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async check(checkOptions, options = {}) {
-		const { data } = await this.workos.post(`/fga/v1/check`, serializeCheckOptions(checkOptions), options);
-		return new CheckResult(data);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async checkBatch(checkOptions, options = {}) {
-		const { data } = await this.workos.post(`/fga/v1/check`, serializeCheckBatchOptions(checkOptions), options);
-		return data.map((checkResult) => new CheckResult(checkResult));
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async createResource(resource) {
-		const { data } = await this.workos.post("/fga/v1/resources", serializeCreateResourceOptions$1(resource));
-		return deserializeResource(data);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async getResource(resource) {
-		const resourceType = isResourceInterface(resource) ? resource.getResourceType() : resource.resourceType;
-		const resourceId = isResourceInterface(resource) ? resource.getResourceId() : resource.resourceId;
-		const { data } = await this.workos.get(`/fga/v1/resources/${resourceType}/${resourceId}`);
-		return deserializeResource(data);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async listResources(options) {
-		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/fga/v1/resources", deserializeResource, options ? serializeListResourceOptions(options) : void 0), (params) => fetchAndDeserialize(this.workos, "/fga/v1/resources", deserializeResource, params), options ? serializeListResourceOptions(options) : void 0);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async updateResource(options) {
-		const resourceType = isResourceInterface(options.resource) ? options.resource.getResourceType() : options.resource.resourceType;
-		const resourceId = isResourceInterface(options.resource) ? options.resource.getResourceId() : options.resource.resourceId;
-		const { data } = await this.workos.put(`/fga/v1/resources/${resourceType}/${resourceId}`, { meta: options.meta });
-		return deserializeResource(data);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async deleteResource(resource) {
-		const resourceType = isResourceInterface(resource) ? resource.getResourceType() : resource.resourceType;
-		const resourceId = isResourceInterface(resource) ? resource.getResourceId() : resource.resourceId;
-		await this.workos.delete(`/fga/v1/resources/${resourceType}/${resourceId}`);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async batchWriteResources(options) {
-		const { data } = await this.workos.post("/fga/v1/resources/batch", serializeBatchWriteResourcesOptions(options));
-		return deserializeBatchWriteResourcesResponse(data);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async writeWarrant(options) {
-		const { data } = await this.workos.post("/fga/v1/warrants", serializeWriteWarrantOptions(options));
-		return deserializeWarrantToken(data);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async batchWriteWarrants(options) {
-		const { data: warrantToken } = await this.workos.post("/fga/v1/warrants", options.map(serializeWriteWarrantOptions));
-		return deserializeWarrantToken(warrantToken);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async listWarrants(options, requestOptions) {
-		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/fga/v1/warrants", deserializeWarrant, options ? serializeListWarrantsOptions(options) : void 0, requestOptions), (params) => fetchAndDeserialize(this.workos, "/fga/v1/warrants", deserializeWarrant, params, requestOptions), options ? serializeListWarrantsOptions(options) : void 0);
-	}
-	/**
-	* @deprecated The FGA module is deprecated. Use the Authorization module instead.
-	* @see src/authorization/authorization.ts
-	*/
-	async query(options, requestOptions = {}) {
-		return new FgaPaginatable(await fetchAndDeserializeFGAList(this.workos, "/fga/v1/query", deserializeQueryResult, serializeQueryOptions(options), requestOptions), (params) => fetchAndDeserializeFGAList(this.workos, "/fga/v1/query", deserializeQueryResult, params, requestOptions), serializeQueryOptions(options));
-	}
-};
-//#endregion
-//#region src/feature-flags/in-memory-store.ts
-var InMemoryStore = class {
-	flags = {};
-	swap(newFlags) {
-		this.flags = { ...newFlags };
-	}
-	get(slug) {
-		return this.flags[slug];
-	}
-	getAll() {
-		return { ...this.flags };
-	}
-	get size() {
-		return Object.keys(this.flags).length;
+//#region src/feature-flags/in-memory-store.ts
+var InMemoryStore = class {
+	flags = {};
+	swap(newFlags) {
+		this.flags = { ...newFlags };
+	}
+	get(slug) {
+		return this.flags[slug];
+	}
+	getAll() {
+		return { ...this.flags };
+	}
+	get size() {
+		return Object.keys(this.flags).length;
 	}
 };
 //#endregion
@@ -4028,34 +4447,167 @@ var FeatureFlags = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
+	/**
+	* List feature flags
+	*
+	* Get a list of all of your existing feature flags matching the criteria specified.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<FeatureFlag>>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listFeatureFlags(options) {
 		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/feature-flags", deserializeFeatureFlag, options), (params) => fetchAndDeserialize(this.workos, "/feature-flags", deserializeFeatureFlag, params), options);
 	}
+	/**
+	* Get a feature flag
+	*
+	* Get the details of an existing feature flag by its slug.
+	* @param slug - A unique key to reference the Feature Flag.
+	*
+	* @example
+	* "advanced-analytics"
+	*
+	* @returns {Promise<FeatureFlag>}
+	* @throws {NotFoundException} 404
+	*/
 	async getFeatureFlag(slug) {
 		const { data } = await this.workos.get(`/feature-flags/${slug}`);
 		return deserializeFeatureFlag(data);
 	}
+	/**
+	* Enable a feature flag
+	*
+	* Enables a feature flag in the current environment.
+	* @param slug - A unique key to reference the Feature Flag.
+	*
+	* @example
+	* "advanced-analytics"
+	*
+	* @returns {Promise<FeatureFlag>}
+	* @throws {NotFoundException} 404
+	*/
 	async enableFeatureFlag(slug) {
 		const { data } = await this.workos.put(`/feature-flags/${slug}/enable`, {});
 		return deserializeFeatureFlag(data);
 	}
+	/**
+	* Disable a feature flag
+	*
+	* Disables a feature flag in the current environment.
+	* @param slug - A unique key to reference the Feature Flag.
+	*
+	* @example
+	* "advanced-analytics"
+	*
+	* @returns {Promise<FeatureFlag>}
+	* @throws {NotFoundException} 404
+	*/
 	async disableFeatureFlag(slug) {
 		const { data } = await this.workos.put(`/feature-flags/${slug}/disable`, {});
 		return deserializeFeatureFlag(data);
 	}
+	/**
+	* Add a feature flag target
+	*
+	* Enables a feature flag for a specific target in the current environment. Currently, supported targets include users and organizations.
+	* @params options - Object containing slug and targetId.
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async addFlagTarget(options) {
 		const { slug, targetId } = options;
 		await this.workos.post(`/feature-flags/${slug}/targets/${targetId}`, {});
 	}
+	/**
+	* Remove a feature flag target
+	*
+	* Removes a target from the feature flag's target list in the current environment. Currently, supported targets include users and organizations.
+	* @params options - Object containing slug and targetId.
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async removeFlagTarget(options) {
 		const { slug, targetId } = options;
 		await this.workos.delete(`/feature-flags/${slug}/targets/${targetId}`);
 	}
+	/**
+	* List enabled feature flags for an organization
+	*
+	* Get a list of all enabled feature flags for an organization.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<FeatureFlag>>}
+	* @throws {NotFoundException} 404
+	*/
+	async listOrganizationFeatureFlags(options) {
+		const { organizationId, ...paginationOptions } = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${organizationId}/feature-flags`, deserializeFeatureFlag, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${organizationId}/feature-flags`, deserializeFeatureFlag, params), paginationOptions);
+	}
+	/**
+	* List enabled feature flags for a user
+	*
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<Flag>>}
+	* @throws {NotFoundException} 404
+	*/
+	async listUserFeatureFlags(options) {
+		const { userId, ...paginationOptions } = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/user_management/users/${userId}/feature-flags`, deserializeFeatureFlag, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/user_management/users/${userId}/feature-flags`, deserializeFeatureFlag, params), paginationOptions);
+	}
 	createRuntimeClient(options) {
 		return new FeatureFlagsRuntimeClient(this.workos, options);
 	}
 };
 //#endregion
+//#region src/groups/groups.ts
+var Groups = class {
+	constructor(workos) {
+		this.workos = workos;
+	}
+	async createGroup(options) {
+		const { organizationId, ...payload } = options;
+		const { data } = await this.workos.post(`/organizations/${organizationId}/groups`, serializeCreateGroupOptions(payload));
+		return deserializeGroup(data);
+	}
+	async listGroups(options) {
+		const { organizationId, ...paginationOptions } = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${organizationId}/groups`, deserializeGroup, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${organizationId}/groups`, deserializeGroup, params), paginationOptions);
+	}
+	async getGroup(options) {
+		const { organizationId, groupId } = options;
+		const { data } = await this.workos.get(`/organizations/${organizationId}/groups/${groupId}`);
+		return deserializeGroup(data);
+	}
+	async updateGroup(options) {
+		const { organizationId, groupId, ...payload } = options;
+		const { data } = await this.workos.patch(`/organizations/${organizationId}/groups/${groupId}`, serializeUpdateGroupOptions(payload));
+		return deserializeGroup(data);
+	}
+	async deleteGroup(options) {
+		const { organizationId, groupId } = options;
+		await this.workos.delete(`/organizations/${organizationId}/groups/${groupId}`);
+	}
+	async addOrganizationMembership(options) {
+		const { organizationId, groupId, ...payload } = options;
+		const { data } = await this.workos.post(`/organizations/${organizationId}/groups/${groupId}/organization-memberships`, serializeAddGroupOrganizationMembershipOptions(payload));
+		return deserializeGroup(data);
+	}
+	async listOrganizationMemberships(options) {
+		const { organizationId, groupId, ...paginationOptions } = options;
+		const endpoint = `/organizations/${organizationId}/groups/${groupId}/organization-memberships`;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, paginationOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, params), paginationOptions);
+	}
+	async removeOrganizationMembership(options) {
+		const { organizationId, groupId, organizationMembershipId } = options;
+		await this.workos.delete(`/organizations/${organizationId}/groups/${groupId}/organization-memberships/${organizationMembershipId}`);
+	}
+};
+//#endregion
 //#region src/widgets/interfaces/get-token.ts
 const serializeGetTokenOptions = (options) => ({
 	organization_id: options.organizationId,
@@ -4069,9 +4621,19 @@ var Widgets = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
-	async getToken(payload) {
+	/**
+	* Generate a widget token
+	*
+	* Generate a widget token scoped to an organization and user with the specified scopes.
+	* @param payload - Object containing organizationId.
+	* @returns {Promise<GetTokenResponse>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createToken(payload) {
 		const { data } = await this.workos.post("/widgets/token", serializeGetTokenOptions(payload));
-		return deserializeGetTokenResponse(data).token;
+		return deserializeGetTokenResponse(data);
 	}
 };
 //#endregion
@@ -4244,15 +4806,37 @@ const serializeRemoveRoleOptions = (options) => ({
 	}
 });
 //#endregion
+//#region src/authorization/serializers/list-effective-permissions-options.serializer.ts
+const serializeListEffectivePermissionsOptions = (options) => ({ ...serializePaginationOptions(options) });
+//#endregion
 //#region src/authorization/authorization.ts
 var Authorization = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
+	/**
+	* Create an environment role
+	*
+	* Create a new environment role.
+	* @param options - Object containing slug, name.
+	* @returns {Promise<EnvironmentRole>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async createEnvironmentRole(options) {
 		const { data } = await this.workos.post("/authorization/roles", serializeCreateEnvironmentRoleOptions(options));
 		return deserializeEnvironmentRole(data);
 	}
+	/**
+	* List environment roles
+	*
+	* List all environment roles in priority order.
+	* @returns {Promise<EnvironmentRoleList>}
+	* @throws 403 response from the API.
+	*/
 	async listEnvironmentRoles() {
 		const { data } = await this.workos.get("/authorization/roles");
 		return {
@@ -4260,185 +4844,713 @@ var Authorization = class {
 			data: data.data.map(deserializeEnvironmentRole)
 		};
 	}
+	/**
+	* Get an environment role
+	*
+	* Get an environment role by its slug.
+	* @param slug - The slug of the environment role.
+	*
+	* @example
+	* "admin"
+	*
+	* @returns {Promise<EnvironmentRole>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async getEnvironmentRole(slug) {
 		const { data } = await this.workos.get(`/authorization/roles/${slug}`);
 		return deserializeEnvironmentRole(data);
 	}
+	/**
+	* Update an environment role
+	*
+	* Update an existing environment role.
+	* @param slug - The slug of the environment role.
+	*
+	* @example
+	* "admin"
+	*
+	* @param options - The request body.
+	* @returns {Promise<EnvironmentRole>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async updateEnvironmentRole(slug, options) {
 		const { data } = await this.workos.patch(`/authorization/roles/${slug}`, serializeUpdateEnvironmentRoleOptions(options));
 		return deserializeEnvironmentRole(data);
 	}
+	/**
+	* Set permissions for an environment role
+	*
+	* Replace all permissions on an environment role with the provided list.
+	* @param slug - The slug of the environment role.
+	*
+	* @example
+	* "admin"
+	*
+	* @param options - Object containing permissions.
+	* @returns {Promise<EnvironmentRole>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async setEnvironmentRolePermissions(slug, options) {
 		const { data } = await this.workos.put(`/authorization/roles/${slug}/permissions`, { permissions: options.permissions });
 		return deserializeEnvironmentRole(data);
 	}
+	/**
+	* Add a permission to an environment role
+	*
+	* Add a single permission to an environment role. If the permission is already assigned to the role, this operation has no effect.
+	* @param slug - The slug of the environment role.
+	*
+	* @example
+	* "admin"
+	*
+	* @param options - Object containing slug.
+	* @returns {Promise<EnvironmentRole>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async addEnvironmentRolePermission(slug, options) {
 		const { data } = await this.workos.post(`/authorization/roles/${slug}/permissions`, { slug: options.permissionSlug });
 		return deserializeEnvironmentRole(data);
 	}
+	/**
+	* Create a custom role
+	*
+	* Create a new custom role for this organization.
+	* @param organizationId - The ID of the organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param options - Object containing name.
+	* @returns {Promise<OrganizationRole>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async createOrganizationRole(organizationId, options) {
 		const { data } = await this.workos.post(`/authorization/organizations/${organizationId}/roles`, serializeCreateOrganizationRoleOptions(options));
 		return deserializeOrganizationRole(data);
 	}
+	/**
+	* List custom roles
+	*
+	* Get a list of all roles that apply to an organization. This includes both environment roles and custom roles, returned in priority order.
+	* @param organizationId - The ID of the organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @returns {Promise<RoleList>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async listOrganizationRoles(organizationId) {
 		const { data } = await this.workos.get(`/authorization/organizations/${organizationId}/roles`);
 		return {
 			object: "list",
-			data: data.data.map(deserializeRole$1)
+			data: data.data.map(deserializeRole)
 		};
 	}
+	/**
+	* Get a custom role
+	*
+	* Retrieve a role that applies to an organization by its slug. This can return either an environment role or a custom role.
+	* @param organizationId - The ID of the organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param slug - The slug of the role.
+	*
+	* @example
+	* "org-billing-admin"
+	*
+	* @returns {Promise<Role>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async getOrganizationRole(organizationId, slug) {
 		const { data } = await this.workos.get(`/authorization/organizations/${organizationId}/roles/${slug}`);
-		return deserializeRole$1(data);
+		return deserializeRole(data);
 	}
+	/**
+	* Update a custom role
+	*
+	* Update an existing custom role. Only the fields provided in the request body will be updated.
+	* @param organizationId - The ID of the organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param slug - The slug of the role.
+	*
+	* @example
+	* "org-billing-admin"
+	*
+	* @param options - The request body.
+	* @returns {Promise<OrganizationRole>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async updateOrganizationRole(organizationId, slug, options) {
 		const { data } = await this.workos.patch(`/authorization/organizations/${organizationId}/roles/${slug}`, serializeUpdateOrganizationRoleOptions(options));
 		return deserializeOrganizationRole(data);
 	}
+	/**
+	* Delete a custom role
+	*
+	* Delete an existing custom role.
+	* @param organizationId - The ID of the organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param slug - The slug of the role.
+	*
+	* @example
+	* "org-admin"
+	*
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	*/
 	async deleteOrganizationRole(organizationId, slug) {
 		await this.workos.delete(`/authorization/organizations/${organizationId}/roles/${slug}`);
 	}
-	async setOrganizationRolePermissions(organizationId, slug, options) {
+	/**
+	* Set permissions for a custom role
+	*
+	* Replace all permissions on a custom role with the provided list.
+	* @param organizationId - The ID of the organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param slug - The slug of the role.
+	*
+	* @example
+	* "org-admin"
+	*
+	* @param options - Object containing permissions.
+	* @returns {Promise<Role>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async updateRolePermissions(organizationId, slug, options) {
 		const { data } = await this.workos.put(`/authorization/organizations/${organizationId}/roles/${slug}/permissions`, { permissions: options.permissions });
 		return deserializeOrganizationRole(data);
 	}
-	async addOrganizationRolePermission(organizationId, slug, options) {
+	/**
+	* Add a permission to a custom role
+	*
+	* Add a single permission to a custom role. If the permission is already assigned to the role, this operation has no effect.
+	* @param organizationId - The ID of the organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param slug - The slug of the role.
+	*
+	* @example
+	* "org-admin"
+	*
+	* @param options - Object containing slug.
+	* @returns {Promise<Role>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createRolePermission(organizationId, slug, options) {
 		const { data } = await this.workos.post(`/authorization/organizations/${organizationId}/roles/${slug}/permissions`, { slug: options.permissionSlug });
 		return deserializeOrganizationRole(data);
 	}
-	async removeOrganizationRolePermission(organizationId, slug, options) {
+	/**
+	* Remove a permission from a custom role
+	*
+	* Remove a single permission from a custom role by its slug.
+	* @param organizationId - The ID of the organization.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param slug - The slug of the role.
+	*
+	* @example
+	* "org-admin"
+	*
+	* @param permissionSlug - The slug of the permission to remove.
+	*
+	* @example
+	* "documents:read"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async deleteRolePermission(organizationId, slug, options) {
 		await this.workos.delete(`/authorization/organizations/${organizationId}/roles/${slug}/permissions/${options.permissionSlug}`);
 	}
+	/**
+	* Create a permission
+	*
+	* Create a new permission in your WorkOS environment. The permission can then be assigned to environment roles and custom roles.
+	* @param options - Object containing slug, name.
+	* @returns {Promise<Permission>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async createPermission(options) {
 		const { data } = await this.workos.post("/authorization/permissions", serializeCreatePermissionOptions(options));
 		return deserializePermission(data);
 	}
+	/**
+	* List permissions
+	*
+	* Get a list of all permissions in your WorkOS environment.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<Permission, PaginationOptions>>}
+	* @throws {NotFoundException} 404
+	*/
 	async listPermissions(options) {
-		const { data } = await this.workos.get("/authorization/permissions", { query: options });
-		return {
-			object: "list",
-			data: data.data.map(deserializePermission),
-			listMetadata: {
-				before: data.list_metadata.before,
-				after: data.list_metadata.after
-			}
-		};
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/authorization/permissions", deserializePermission, options), (params) => fetchAndDeserialize(this.workos, "/authorization/permissions", deserializePermission, params), options);
 	}
+	/**
+	* Get a permission
+	*
+	* Retrieve a permission by its unique slug.
+	* @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
+	*
+	* @example
+	* "documents:read"
+	*
+	* @returns {Promise<Permission>}
+	* @throws {NotFoundException} 404
+	*/
 	async getPermission(slug) {
 		const { data } = await this.workos.get(`/authorization/permissions/${slug}`);
 		return deserializePermission(data);
 	}
+	/**
+	* Update a permission
+	*
+	* Update an existing permission. Only the fields provided in the request body will be updated.
+	* @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
+	*
+	* @example
+	* "documents:read"
+	*
+	* @param options - The request body.
+	* @returns {Promise<Permission>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async updatePermission(slug, options) {
 		const { data } = await this.workos.patch(`/authorization/permissions/${slug}`, serializeUpdatePermissionOptions(options));
 		return deserializePermission(data);
 	}
+	/**
+	* Delete a permission
+	*
+	* Delete an existing permission. System permissions cannot be deleted.
+	* @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
+	*
+	* @example
+	* "documents:read"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
 	async deletePermission(slug) {
 		await this.workos.delete(`/authorization/permissions/${slug}`);
 	}
+	/**
+	* Get a resource
+	*
+	* Retrieve the details of an authorization resource by its ID.
+	* @param resourceId - The ID of the authorization resource.
+	*
+	* @example
+	* "authz_resource_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @returns {Promise<AuthorizationResource>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async getResource(resourceId) {
 		const { data } = await this.workos.get(`/authorization/resources/${resourceId}`);
 		return deserializeAuthorizationResource(data);
 	}
+	/**
+	* Create an authorization resource
+	*
+	* Create a new authorization resource.
+	* @param options - Object containing externalId, name, resourceTypeSlug, organizationId.
+	* @returns {Promise<AuthorizationResource>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async createResource(options) {
 		const { data } = await this.workos.post("/authorization/resources", serializeCreateResourceOptions(options));
 		return deserializeAuthorizationResource(data);
 	}
+	/**
+	* Update a resource
+	*
+	* Update an existing authorization resource.
+	* @param options - The request body.
+	* @returns {Promise<AuthorizationResource>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async updateResource(options) {
 		const { data } = await this.workos.patch(`/authorization/resources/${options.resourceId}`, serializeUpdateResourceOptions(options));
 		return deserializeAuthorizationResource(data);
 	}
+	/**
+	* Delete an authorization resource
+	*
+	* Delete an authorization resource and all its descendants.
+	* @param options.cascadeDelete - If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
+	* @default false
+	* @param options - Additional query options.
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	*/
 	async deleteResource(options) {
 		const { resourceId, cascadeDelete } = options;
 		const query = cascadeDelete !== void 0 ? { cascade_delete: cascadeDelete.toString() } : void 0;
 		await this.workos.delete(`/authorization/resources/${resourceId}`, query);
 	}
+	/**
+	* List resources
+	*
+	* Get a paginated list of authorization resources.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<AuthorizationResource, PaginationOptions>>}
+	* @throws 403 response from the API.
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listResources(options = {}) {
-		const { data } = await this.workos.get("/authorization/resources", { query: serializeListAuthorizationResourcesOptions(options) });
-		return {
-			object: "list",
-			data: data.data.map(deserializeAuthorizationResource),
-			listMetadata: {
-				before: data.list_metadata.before,
-				after: data.list_metadata.after
-			}
-		};
+		const serializedOptions = serializeListAuthorizationResourcesOptions(options);
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/authorization/resources", deserializeAuthorizationResource, serializedOptions), (params) => fetchAndDeserialize(this.workos, "/authorization/resources", deserializeAuthorizationResource, params), serializedOptions);
 	}
-	async getResourceByExternalId(options) {
+	/**
+	* Get a resource by external ID
+	*
+	* Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details.
+	* @param organizationId - The ID of the organization that owns the resource.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param resourceTypeSlug - The slug of the resource type.
+	*
+	* @example
+	* "project"
+	*
+	* @param externalId - An identifier you provide to reference the resource in your system.
+	*
+	* @example
+	* "proj-456"
+	*
+	* @returns {Promise<AuthorizationResource>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async getOrganizationResource(options) {
 		const { organizationId, resourceTypeSlug, externalId } = options;
 		const { data } = await this.workos.get(`/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`);
 		return deserializeAuthorizationResource(data);
 	}
-	async updateResourceByExternalId(options) {
+	/**
+	* Update a resource by external ID
+	*
+	* Update an existing authorization resource using its external ID.
+	* @param organizationId - The ID of the organization that owns the resource.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param resourceTypeSlug - The slug of the resource type.
+	*
+	* @example
+	* "project"
+	*
+	* @param externalId - An identifier you provide to reference the resource in your system.
+	*
+	* @example
+	* "proj-456"
+	*
+	* @param options - The request body.
+	* @returns {Promise<AuthorizationResource>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async updateOrganizationResource(options) {
 		const { organizationId, resourceTypeSlug, externalId } = options;
 		const { data } = await this.workos.patch(`/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`, serializeUpdateResourceByExternalIdOptions(options));
 		return deserializeAuthorizationResource(data);
 	}
-	async deleteResourceByExternalId(options) {
+	/**
+	* Delete an authorization resource by external ID
+	*
+	* Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources.
+	* @param organizationId - The ID of the organization that owns the resource.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param resourceTypeSlug - The slug of the resource type.
+	*
+	* @example
+	* "project"
+	*
+	* @param externalId - An identifier you provide to reference the resource in your system.
+	*
+	* @example
+	* "proj-456"
+	*
+	* @param options - Additional query options.
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	*/
+	async deleteOrganizationResource(options) {
 		const { organizationId, resourceTypeSlug, externalId, cascadeDelete } = options;
 		const query = cascadeDelete !== void 0 ? { cascade_delete: cascadeDelete.toString() } : void 0;
 		await this.workos.delete(`/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`, query);
 	}
+	/**
+	* Check authorization
+	*
+	* Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug.
+	* @param options - Object containing permissionSlug.
+	* @returns {Promise<AuthorizationCheckResult>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async check(options) {
 		const { data } = await this.workos.post(`/authorization/organization_memberships/${options.organizationMembershipId}/check`, serializeAuthorizationCheckOptions(options));
 		return data;
 	}
-	async listRoleAssignments(options) {
+	/**
+	* List role assignments
+	*
+	* List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles.
+	* @param organizationMembershipId - The ID of the organization membership.
+	*
+	* @example
+	* "om_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<RoleAssignment>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async listOrganizationMembershipRoleAssignments(options) {
 		const { organizationMembershipId, ...queryOptions } = options;
-		const { data } = await this.workos.get(`/authorization/organization_memberships/${organizationMembershipId}/role_assignments`, { query: queryOptions });
-		return {
-			object: "list",
-			data: data.data.map(deserializeRoleAssignment),
-			listMetadata: {
-				before: data.list_metadata.before,
-				after: data.list_metadata.after
-			}
-		};
+		const endpoint = `/authorization/organization_memberships/${organizationMembershipId}/role_assignments`;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeRoleAssignment, queryOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeRoleAssignment, params), queryOptions);
 	}
+	/**
+	* Assign a role
+	*
+	* Assign a role to an organization membership on a specific resource.
+	* @param options - Object containing roleSlug.
+	* @returns {Promise<RoleAssignment>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async assignRole(options) {
 		const { data } = await this.workos.post(`/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments`, serializeAssignRoleOptions(options));
 		return deserializeRoleAssignment(data);
 	}
+	/**
+	* Remove a role assignment
+	*
+	* Remove a role assignment by role slug and resource.
+	* @param options - Object containing roleSlug.
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async removeRole(options) {
 		await this.workos.deleteWithBody(`/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments`, serializeRemoveRoleOptions(options));
 	}
-	async removeRoleAssignment(options) {
+	/**
+	* Remove a role assignment by ID
+	*
+	* Remove a role assignment using its ID.
+	* @param organizationMembershipId - The ID of the organization membership.
+	*
+	* @example
+	* "om_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param roleAssignmentId - The ID of the role assignment to remove.
+	*
+	* @example
+	* "role_assignment_01HXYZ123456789ABCDEFGH"
+	*
+	* @returns {Promise<void>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	*/
+	async deleteOrganizationMembershipRoleAssignment(options) {
 		await this.workos.delete(`/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments/${options.roleAssignmentId}`);
 	}
-	async listResourcesForMembership(options) {
+	/**
+	* List resources for organization membership
+	*
+	* Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?"
+	*
+	* You must provide either `parent_resource_id` or both `parent_resource_external_id` and `parent_resource_type_slug` to identify the parent resource.
+	* @param organizationMembershipId - The ID of the organization membership.
+	*
+	* @example
+	* "om_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<AuthorizationResource>>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async listOrganizationMembershipResources(options) {
 		const { organizationMembershipId } = options;
-		const { data } = await this.workos.get(`/authorization/organization_memberships/${organizationMembershipId}/resources`, { query: serializeListResourcesForMembershipOptions(options) });
-		return {
-			object: "list",
-			data: data.data.map(deserializeAuthorizationResource),
-			listMetadata: {
-				before: data.list_metadata.before,
-				after: data.list_metadata.after
-			}
-		};
+		const endpoint = `/authorization/organization_memberships/${organizationMembershipId}/resources`;
+		const serializedOptions = serializeListResourcesForMembershipOptions(options);
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationResource, serializedOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationResource, params), serializedOptions);
 	}
+	/**
+	* List organization memberships for resource
+	*
+	* Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?".
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<BaseOrganizationMembership, PaginationOptions>>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async listMembershipsForResource(options) {
 		const { resourceId } = options;
-		const { data } = await this.workos.get(`/authorization/resources/${resourceId}/organization_memberships`, { query: serializeListMembershipsForResourceOptions(options) });
-		return {
-			object: "list",
-			data: data.data.map(deserializeAuthorizationOrganizationMembership),
-			listMetadata: {
-				before: data.list_metadata.before,
-				after: data.list_metadata.after
-			}
-		};
+		const endpoint = `/authorization/resources/${resourceId}/organization_memberships`;
+		const serializedOptions = serializeListMembershipsForResourceOptions(options);
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, serializedOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, params), serializedOptions);
 	}
-	async listMembershipsForResourceByExternalId(options) {
+	/**
+	* List memberships for a resource by external ID
+	*
+	* Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID.
+	* @param organizationId - The ID of the organization that owns the resource.
+	*
+	* @example
+	* "org_01EHZNVPK3SFK441A1RGBFSHRT"
+	*
+	* @param resourceTypeSlug - The slug of the resource type this resource belongs to.
+	*
+	* @example
+	* "project"
+	*
+	* @param externalId - An identifier you provide to reference the resource in your system.
+	*
+	* @example
+	* "proj-456"
+	*
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<UserOrganizationMembershipBaseListData>>}
+	* @throws {BadRequestException} 400
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async listResourceOrganizationMemberships(options) {
 		const { organizationId, resourceTypeSlug, externalId } = options;
-		const { data } = await this.workos.get(`/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}/organization_memberships`, { query: serializeListMembershipsForResourceOptions(options) });
-		return {
-			object: "list",
-			data: data.data.map(deserializeAuthorizationOrganizationMembership),
-			listMetadata: {
-				before: data.list_metadata.before,
-				after: data.list_metadata.after
-			}
-		};
+		const endpoint = `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}/organization_memberships`;
+		const serializedOptions = serializeListMembershipsForResourceOptions(options);
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, serializedOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, params), serializedOptions);
+	}
+	/**
+	* List effective permissions for an organization membership on a resource
+	*
+	* Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources.
+	* @param organizationMembershipId - The ID of the organization membership.
+	*
+	* @example
+	* "om_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param resourceId - The ID of the authorization resource.
+	*
+	* @example
+	* "authz_resource_01HXYZ123456789ABCDEFGHIJ"
+	*
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<AuthorizationPermission>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async listResourcePermissions(options) {
+		const { organizationMembershipId, resourceId } = options;
+		const endpoint = `/authorization/resources/${resourceId}/organization_memberships/${organizationMembershipId}/permissions`;
+		const serializedOptions = serializeListEffectivePermissionsOptions(options);
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializePermission, serializedOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializePermission, params), serializedOptions);
+	}
+	/**
+	* List effective permissions for an organization membership on a resource by external ID
+	*
+	* Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<Permission, PaginationOptions>>}
+	* @throws 403 response from the API.
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async listEffectivePermissionsByExternalId(options) {
+		const { organizationMembershipId, organizationId, resourceTypeSlug, externalId } = options;
+		const endpoint = `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}/organization_memberships/${organizationMembershipId}/permissions`;
+		const serializedOptions = serializeListEffectivePermissionsOptions(options);
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializePermission, serializedOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializePermission, params), serializedOptions);
 	}
 };
 //#endregion
@@ -4692,20 +5804,6 @@ var Vault = class {
 	}
 };
 //#endregion
-//#region src/common/exceptions/conflict.exception.ts
-var ConflictException = class extends Error {
-	status = 409;
-	name = "ConflictException";
-	requestID;
-	constructor({ error, message, requestID }) {
-		super();
-		this.requestID = requestID;
-		if (message) this.message = message;
-		else if (error) this.message = `Error: ${error}`;
-		else this.message = `An conflict has occurred on the server.`;
-	}
-};
-//#endregion
 //#region src/common/utils/runtime-info.ts
 /**
 * Get runtime information including name and version.
@@ -4749,13 +5847,14 @@ function extractBunVersionFromUserAgent() {
 }
 //#endregion
 //#region package.json
-var version = "8.13.0";
+var version = "9.1.0";
 //#endregion
 //#region src/workos.ts
 const DEFAULT_HOSTNAME = "api.workos.com";
 const HEADER_AUTHORIZATION = "Authorization";
 const HEADER_IDEMPOTENCY_KEY = "Idempotency-Key";
 const HEADER_WARRANT_TOKEN = "Warrant-Token";
+/** WorkOS REST API */
 var WorkOS = class {
 	baseURL;
 	client;
@@ -4771,13 +5870,13 @@ var WorkOS = class {
 	directorySync = new DirectorySync(this);
 	events = new Events(this);
 	featureFlags = new FeatureFlags(this);
-	fga = new FGA(this);
-	mfa = new Mfa(this);
+	groups = new Groups(this);
+	multiFactorAuth = new MultiFactorAuth(this);
 	organizations = new Organizations(this);
 	organizationDomains = new OrganizationDomains(this);
 	passwordless = new Passwordless(this);
 	pipes = new Pipes(this);
-	portal = new Portal(this);
+	adminPortal = new AdminPortal(this);
 	sso = new SSO(this);
 	userManagement;
 	vault = new Vault(this);
@@ -5019,7 +6118,8 @@ var WorkOS = class {
 				case 409: throw new ConflictException({
 					requestID,
 					message,
-					error
+					error,
+					code
 				});
 				case 422: throw new UnprocessableEntityException({
 					code,
@@ -5044,12 +6144,24 @@ var WorkOS = class {
 					message,
 					requestID
 				});
+				else if (isAuthenticationErrorData(data)) throw new AuthenticationException(status, data, requestID);
 				else throw new GenericServerException(status, data.message, data, requestID);
 			}
 		}
 	}
 };
 //#endregion
+//#region src/common/interfaces/generate-link-intent.interface.ts
+const GenerateLinkIntent = {
+	SSO: "sso",
+	DSync: "dsync",
+	AuditLogs: "audit_logs",
+	LogStreams: "log_streams",
+	DomainVerification: "domain_verification",
+	CertificateRenewal: "certificate_renewal",
+	BringYourOwnKey: "bring_your_own_key"
+};
+//#endregion
 //#region src/organizations/interfaces/domain-data.interface.ts
 let DomainDataState = /* @__PURE__ */ function(DomainDataState) {
 	DomainDataState["Verified"] = "verified";
@@ -5070,18 +6182,6 @@ let OrganizationDomainVerificationStrategy = /* @__PURE__ */ function(Organizati
 	return OrganizationDomainVerificationStrategy;
 }({});
 //#endregion
-//#region src/portal/interfaces/generate-portal-link-intent.interface.ts
-let GeneratePortalLinkIntent = /* @__PURE__ */ function(GeneratePortalLinkIntent) {
-	GeneratePortalLinkIntent["AuditLogs"] = "audit_logs";
-	GeneratePortalLinkIntent["DomainVerification"] = "domain_verification";
-	GeneratePortalLinkIntent["DSync"] = "dsync";
-	GeneratePortalLinkIntent["LogStreams"] = "log_streams";
-	GeneratePortalLinkIntent["SSO"] = "sso";
-	GeneratePortalLinkIntent["CertificateRenewal"] = "certificate_renewal";
-	GeneratePortalLinkIntent["BringYourOwnKey"] = "bring_your_own_key";
-	return GeneratePortalLinkIntent;
-}({});
-//#endregion
 //#region src/sso/interfaces/connection-type.enum.ts
 let ConnectionType = /* @__PURE__ */ function(ConnectionType) {
 	ConnectionType["ADFSSAML"] = "ADFSSAML";
@@ -5090,10 +6190,12 @@ let ConnectionType = /* @__PURE__ */ function(ConnectionType) {
 	ConnectionType["Auth0SAML"] = "Auth0SAML";
 	ConnectionType["AzureSAML"] = "AzureSAML";
 	ConnectionType["CasSAML"] = "CasSAML";
+	ConnectionType["CleverOIDC"] = "CleverOIDC";
 	ConnectionType["ClassLinkSAML"] = "ClassLinkSAML";
 	ConnectionType["CloudflareSAML"] = "CloudflareSAML";
 	ConnectionType["CyberArkSAML"] = "CyberArkSAML";
 	ConnectionType["DuoSAML"] = "DuoSAML";
+	ConnectionType["EntraIdOIDC"] = "EntraIdOIDC";
 	ConnectionType["GenericOIDC"] = "GenericOIDC";
 	ConnectionType["GenericSAML"] = "GenericSAML";
 	ConnectionType["GitHubOAuth"] = "GitHubOAuth";
@@ -5107,6 +6209,7 @@ let ConnectionType = /* @__PURE__ */ function(ConnectionType) {
 	ConnectionType["MicrosoftOAuth"] = "MicrosoftOAuth";
 	ConnectionType["MiniOrangeSAML"] = "MiniOrangeSAML";
 	ConnectionType["NetIqSAML"] = "NetIqSAML";
+	ConnectionType["OktaOIDC"] = "OktaOIDC";
 	ConnectionType["OktaSAML"] = "OktaSAML";
 	ConnectionType["OneLoginSAML"] = "OneLoginSAML";
 	ConnectionType["OracleSAML"] = "OracleSAML";
@@ -5127,6 +6230,6 @@ function createWorkOS(options) {
 	return new WorkOS(options);
 }
 //#endregion
-export { ApiKeyRequiredException as A, SignatureVerificationException as C, NoApiKeyProvidedException as D, NotFoundException as E, SubtleCryptoProvider as M, BadRequestException as O, UnauthorizedException as S, OauthException as T, AutoPaginatable as _, OrganizationDomainVerificationStrategy as a, Actions as b, FeatureFlagsRuntimeClient as c, CheckResult as d, CheckOp as f, AuthenticateWithSessionCookieFailureReason as g, serializeRevokeSessionOptions as h, OrganizationDomainState as i, FetchHttpClient as j, GenericServerException as k, WarrantOp as l, RefreshSessionFailureReason as m, ConnectionType as n, DomainDataState as o, CookieSession as p, GeneratePortalLinkIntent as r, WorkOS as s, createWorkOS as t, ResourceOp as u, PKCE as v, RateLimitExceededException as w, UnprocessableEntityException as x, Webhooks as y };
+export { FetchHttpClient as A, NoApiKeyProvidedException as C, isAuthenticationErrorData as D, AuthenticationException as E, GenericServerException as O, NotFoundException as S, BadRequestException as T, UnprocessableEntityException as _, DomainDataState as a, RateLimitExceededException as b, FeatureFlagsRuntimeClient as c, serializeRevokeSessionOptions as d, AuthenticateWithSessionCookieFailureReason as f, Actions as g, Webhooks as h, OrganizationDomainVerificationStrategy as i, SubtleCryptoProvider as j, ApiKeyRequiredException as k, CookieSession as l, PKCE as m, ConnectionType as n, GenerateLinkIntent as o, AutoPaginatable as p, OrganizationDomainState as r, WorkOS as s, createWorkOS as t, RefreshSessionFailureReason as u, UnauthorizedException as v, ConflictException as w, OauthException as x, SignatureVerificationException as y };
 
-//# sourceMappingURL=factory-HM2NchXm.mjs.map
+//# sourceMappingURL=factory-B7cG7pDB.mjs.map