@workos-inc/node 8.3.1 → 8.4.0

package/lib/send-invitation-options.interface-DtIC4uoS.d.cts

@@ -0,0 +1,22 @@
+import { t as Locale } from "./locale.interface-BDuI7VXX.cjs";
+
+//#region src/user-management/interfaces/send-invitation-options.interface.d.ts
+interface SendInvitationOptions {
+  email: string;
+  organizationId?: string;
+  expiresInDays?: number;
+  inviterUserId?: string;
+  roleSlug?: string;
+  locale?: Locale;
+}
+interface SerializedSendInvitationOptions {
+  email: string;
+  organization_id?: string;
+  expires_in_days?: number;
+  inviter_user_id?: string;
+  role_slug?: string;
+  locale?: Locale;
+}
+//#endregion
+export { SerializedSendInvitationOptions as n, SendInvitationOptions as t };
+//# sourceMappingURL=send-invitation-options.interface-DtIC4uoS.d.cts.map

package/lib/send-invitation-options.serializer-DoSLFoca.cjs

@@ -0,0 +1,19 @@
+
+//#region src/user-management/serializers/send-invitation-options.serializer.ts
+const serializeSendInvitationOptions = (options) => ({
+	email: options.email,
+	organization_id: options.organizationId,
+	expires_in_days: options.expiresInDays,
+	inviter_user_id: options.inviterUserId,
+	role_slug: options.roleSlug,
+	locale: options.locale
+});
+
+//#endregion
+Object.defineProperty(exports, 'serializeSendInvitationOptions', {
+  enumerable: true,
+  get: function () {
+    return serializeSendInvitationOptions;
+  }
+});
+//# sourceMappingURL=send-invitation-options.serializer-DoSLFoca.cjs.map

package/lib/send-invitation-options.serializer-DoSLFoca.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"send-invitation-options.serializer-DoSLFoca.cjs","names":[],"sources":["../src/user-management/serializers/send-invitation-options.serializer.ts"],"sourcesContent":["import {} from '../interfaces';\nimport {\n  SendInvitationOptions,\n  SerializedSendInvitationOptions,\n} from '../interfaces/send-invitation-options.interface';\n\nexport const serializeSendInvitationOptions = (\n  options: SendInvitationOptions,\n): SerializedSendInvitationOptions => ({\n  email: options.email,\n  organization_id: options.organizationId,\n  expires_in_days: options.expiresInDays,\n  inviter_user_id: options.inviterUserId,\n  role_slug: options.roleSlug,\n  locale: options.locale,\n});\n"],"mappings":";;AAMA,MAAa,kCACX,aACqC;CACrC,OAAO,QAAQ;CACf,iBAAiB,QAAQ;CACzB,iBAAiB,QAAQ;CACzB,iBAAiB,QAAQ;CACzB,WAAW,QAAQ;CACnB,QAAQ,QAAQ;CACjB"}

package/lib/send-session-response.interface-Bu76CdzC.d.cts

@@ -0,0 +1,8 @@
+//#region src/passwordless/interfaces/send-session-response.interface.d.ts
+interface SendSessionResponse {
+  message?: string;
+  success?: boolean;
+}
+//#endregion
+export { SendSessionResponse as t };
+//# sourceMappingURL=send-session-response.interface-Bu76CdzC.d.cts.map

package/lib/send-verification-email-options.interface-IMaY7OHw.d.cts

@@ -0,0 +1,7 @@
+//#region src/user-management/interfaces/send-verification-email-options.interface.d.ts
+interface SendVerificationEmailOptions {
+  userId: string;
+}
+//#endregion
+export { SendVerificationEmailOptions as t };
+//# sourceMappingURL=send-verification-email-options.interface-IMaY7OHw.d.cts.map

package/lib/session-Beigw6Nc.cjs

@@ -0,0 +1,144 @@
+const require_oauth_exception = require('./oauth.exception-BJAv3tg-.cjs');
+const require_seal = require('./seal-BDnUayLx.cjs');
+const require_authenticate_with_session_cookie_interface = require('./authenticate-with-session-cookie.interface-jDv8x_VH.cjs');
+const require_refresh_and_seal_session_data_interface = require('./refresh-and-seal-session-data.interface-BQRY5jDN.cjs');
+const require_jose = require('./jose-BhyqkBqW.cjs');
+
+//#region src/user-management/session.ts
+var CookieSession = class {
+	userManagement;
+	cookiePassword;
+	sessionData;
+	constructor(userManagement, sessionData, cookiePassword) {
+		if (!cookiePassword) throw new Error("cookiePassword is required");
+		this.userManagement = userManagement;
+		this.cookiePassword = cookiePassword;
+		this.sessionData = sessionData;
+	}
+	/**
+	* Authenticates a user with a session cookie.
+	*
+	* @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.
+	*/
+	async authenticate() {
+		if (!this.sessionData) return {
+			authenticated: false,
+			reason: require_authenticate_with_session_cookie_interface.AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED
+		};
+		const session = await require_seal.unsealData(this.sessionData, { password: this.cookiePassword });
+		if (!session.accessToken) return {
+			authenticated: false,
+			reason: require_authenticate_with_session_cookie_interface.AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE
+		};
+		if (!await this.isValidJwt(session.accessToken)) return {
+			authenticated: false,
+			reason: require_authenticate_with_session_cookie_interface.AuthenticateWithSessionCookieFailureReason.INVALID_JWT
+		};
+		const { decodeJwt } = await require_jose.getJose();
+		const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags } = decodeJwt(session.accessToken);
+		return {
+			authenticated: true,
+			sessionId,
+			organizationId,
+			role,
+			roles,
+			permissions,
+			entitlements,
+			featureFlags,
+			user: session.user,
+			authenticationMethod: session.authenticationMethod,
+			impersonator: session.impersonator,
+			accessToken: session.accessToken
+		};
+	}
+	/**
+	* Refreshes the user's session.
+	*
+	* @param options - Optional options for refreshing the session.
+	* @param options.cookiePassword - The password to use for the new session cookie.
+	* @param options.organizationId - The organization ID to use for the new session cookie.
+	* @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.
+	*/
+	async refresh(options = {}) {
+		const { decodeJwt } = await require_jose.getJose();
+		const session = await require_seal.unsealData(this.sessionData, { password: this.cookiePassword });
+		if (!session.refreshToken || !session.user) return {
+			authenticated: false,
+			reason: require_refresh_and_seal_session_data_interface.RefreshSessionFailureReason.INVALID_SESSION_COOKIE
+		};
+		const { org_id: organizationIdFromAccessToken } = decodeJwt(session.accessToken);
+		try {
+			const cookiePassword = options.cookiePassword ?? this.cookiePassword;
+			const authenticationResponse = await this.userManagement.authenticateWithRefreshToken({
+				clientId: this.userManagement.clientId,
+				refreshToken: session.refreshToken,
+				organizationId: options.organizationId ?? organizationIdFromAccessToken,
+				session: {
+					sealSession: true,
+					cookiePassword
+				}
+			});
+			if (options.cookiePassword) this.cookiePassword = options.cookiePassword;
+			this.sessionData = authenticationResponse.sealedSession;
+			const { sid: sessionId, org_id: organizationId, role, roles, permissions, entitlements, feature_flags: featureFlags } = decodeJwt(authenticationResponse.accessToken);
+			return {
+				authenticated: true,
+				sealedSession: authenticationResponse.sealedSession,
+				session: authenticationResponse,
+				authenticationMethod: authenticationResponse.authenticationMethod,
+				sessionId,
+				organizationId,
+				role,
+				roles,
+				permissions,
+				entitlements,
+				featureFlags,
+				user: session.user,
+				impersonator: session.impersonator
+			};
+		} catch (error) {
+			if (error instanceof require_oauth_exception.OauthException && (error.error === require_refresh_and_seal_session_data_interface.RefreshSessionFailureReason.INVALID_GRANT || error.error === require_refresh_and_seal_session_data_interface.RefreshSessionFailureReason.MFA_ENROLLMENT || error.error === require_refresh_and_seal_session_data_interface.RefreshSessionFailureReason.SSO_REQUIRED)) return {
+				authenticated: false,
+				reason: error.error
+			};
+			throw error;
+		}
+	}
+	/**
+	* Gets the URL to redirect the user to for logging out.
+	*
+	* @returns The URL to redirect the user to for logging out.
+	*/
+	async getLogoutUrl({ returnTo } = {}) {
+		const authenticationResponse = await this.authenticate();
+		if (!authenticationResponse.authenticated) {
+			const { reason } = authenticationResponse;
+			throw new Error(`Failed to extract session ID for logout URL: ${reason}`);
+		}
+		return this.userManagement.getLogoutUrl({
+			sessionId: authenticationResponse.sessionId,
+			returnTo
+		});
+	}
+	async isValidJwt(accessToken) {
+		const { jwtVerify } = await require_jose.getJose();
+		const jwks = await this.userManagement.getJWKS();
+		if (!jwks) throw new Error("Missing client ID. Did you provide it when initializing WorkOS?");
+		try {
+			await jwtVerify(accessToken, jwks);
+			return true;
+		} catch (e) {
+			if (e instanceof Error && "code" in e && typeof e.code === "string" && (e.code.startsWith("ERR_JWT_") || e.code.startsWith("ERR_JWS_"))) return false;
+			throw e;
+		}
+	}
+};
+
+//#endregion
+Object.defineProperty(exports, 'CookieSession', {
+  enumerable: true,
+  get: function () {
+    return CookieSession;
+  }
+});
+//# sourceMappingURL=session-Beigw6Nc.cjs.map

package/lib/session-Beigw6Nc.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-Beigw6Nc.cjs","names":["AuthenticateWithSessionCookieFailureReason","unsealData","getJose","RefreshSessionFailureReason","OauthException"],"sources":["../src/user-management/session.ts"],"sourcesContent":["import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n  AccessToken,\n  AuthenticateWithSessionCookieFailedResponse,\n  AuthenticateWithSessionCookieFailureReason,\n  AuthenticateWithSessionCookieSuccessResponse,\n  AuthenticationResponse,\n  RefreshSessionFailureReason,\n  RefreshSessionResponse,\n  SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from '../common/crypto/seal';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n  cookiePassword?: string;\n  organizationId?: string;\n};\n\nexport class CookieSession {\n  private userManagement: UserManagement;\n  private cookiePassword: string;\n  private sessionData: string;\n\n  constructor(\n    userManagement: UserManagement,\n    sessionData: string,\n    cookiePassword: string,\n  ) {\n    if (!cookiePassword) {\n      throw new Error('cookiePassword is required');\n    }\n\n    this.userManagement = userManagement;\n    this.cookiePassword = cookiePassword;\n    this.sessionData = sessionData;\n  }\n\n  /**\n   * Authenticates a user with a session cookie.\n   *\n   * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n   */\n  async authenticate(): Promise<\n    | AuthenticateWithSessionCookieSuccessResponse\n    | AuthenticateWithSessionCookieFailedResponse\n  > {\n    if (!this.sessionData) {\n      return {\n        authenticated: false,\n        reason:\n          AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n      };\n    }\n\n    // unsealData returns {} for known seal errors (expired, bad hmac, etc.)\n    // Unknown errors propagate - don't catch them as \"invalid session\"\n    const session = await unsealData<SessionCookieData>(this.sessionData, {\n      password: this.cookiePassword,\n    });\n\n    if (!session.accessToken) {\n      return {\n        authenticated: false,\n        reason:\n          AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n      };\n    }\n\n    if (!(await this.isValidJwt(session.accessToken))) {\n      return {\n        authenticated: false,\n        reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n      };\n    }\n\n    const { decodeJwt } = await getJose();\n\n    const {\n      sid: sessionId,\n      org_id: organizationId,\n      role,\n      roles,\n      permissions,\n      entitlements,\n      feature_flags: featureFlags,\n    } = decodeJwt<AccessToken>(session.accessToken);\n\n    return {\n      authenticated: true,\n      sessionId,\n      organizationId,\n      role,\n      roles,\n      permissions,\n      entitlements,\n      featureFlags,\n      user: session.user,\n      authenticationMethod: session.authenticationMethod,\n      impersonator: session.impersonator,\n      accessToken: session.accessToken,\n    };\n  }\n\n  /**\n   * Refreshes the user's session.\n   *\n   * @param options - Optional options for refreshing the session.\n   * @param options.cookiePassword - The password to use for the new session cookie.\n   * @param options.organizationId - The organization ID to use for the new session cookie.\n   * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n   */\n  async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n    const { decodeJwt } = await getJose();\n    const session = await unsealData<SessionCookieData>(this.sessionData, {\n      password: this.cookiePassword,\n    });\n\n    if (!session.refreshToken || !session.user) {\n      return {\n        authenticated: false,\n        reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n      };\n    }\n\n    const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n      session.accessToken,\n    );\n\n    try {\n      const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n      const authenticationResponse =\n        await this.userManagement.authenticateWithRefreshToken({\n          clientId: this.userManagement.clientId as string,\n          refreshToken: session.refreshToken,\n          organizationId:\n            options.organizationId ?? organizationIdFromAccessToken,\n          session: {\n            // We want to store the new sealed session in this class instance, so this always needs to be true\n            sealSession: true,\n            cookiePassword,\n          },\n        });\n\n      // Update the password if a new one was provided\n      if (options.cookiePassword) {\n        this.cookiePassword = options.cookiePassword;\n      }\n\n      this.sessionData = authenticationResponse.sealedSession as string;\n\n      const {\n        sid: sessionId,\n        org_id: organizationId,\n        role,\n        roles,\n        permissions,\n        entitlements,\n        feature_flags: featureFlags,\n      } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n      // TODO: Returning `session` here means there's some duplicated data.\n      // Slim down the return type in a future major version.\n      return {\n        authenticated: true,\n        sealedSession: authenticationResponse.sealedSession,\n        session: authenticationResponse as AuthenticationResponse,\n        authenticationMethod: authenticationResponse.authenticationMethod,\n        sessionId,\n        organizationId,\n        role,\n        roles,\n        permissions,\n        entitlements,\n        featureFlags,\n        user: session.user,\n        impersonator: session.impersonator,\n      };\n    } catch (error) {\n      if (\n        error instanceof OauthException &&\n        // TODO: Add additional known errors and remove re-throw\n        (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n          error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n          error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n      ) {\n        return {\n          authenticated: false,\n          reason: error.error,\n        };\n      }\n\n      throw error;\n    }\n  }\n\n  /**\n   * Gets the URL to redirect the user to for logging out.\n   *\n   * @returns The URL to redirect the user to for logging out.\n   */\n  async getLogoutUrl({\n    returnTo,\n  }: { returnTo?: string } = {}): Promise<string> {\n    const authenticationResponse = await this.authenticate();\n\n    if (!authenticationResponse.authenticated) {\n      const { reason } = authenticationResponse;\n      throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n    }\n\n    return this.userManagement.getLogoutUrl({\n      sessionId: authenticationResponse.sessionId,\n      returnTo,\n    });\n  }\n\n  private async isValidJwt(accessToken: string): Promise<boolean> {\n    const { jwtVerify } = await getJose();\n    const jwks = await this.userManagement.getJWKS();\n    if (!jwks) {\n      throw new Error(\n        'Missing client ID. Did you provide it when initializing WorkOS?',\n      );\n    }\n\n    try {\n      await jwtVerify(accessToken, jwks);\n      return true;\n    } catch (e) {\n      // Only treat as invalid JWT if it's an actual JWT/JWS error from jose\n      // Network errors, crypto failures, etc. should propagate\n      if (\n        e instanceof Error &&\n        'code' in e &&\n        typeof e.code === 'string' &&\n        (e.code.startsWith('ERR_JWT_') || e.code.startsWith('ERR_JWS_'))\n      ) {\n        return false;\n      }\n      throw e;\n    }\n  }\n}\n"],"mappings":";;;;;;;AAoBA,IAAa,gBAAb,MAA2B;CACzB,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,gBACA,aACA,gBACA;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,6BAA6B;AAG/C,OAAK,iBAAiB;AACtB,OAAK,iBAAiB;AACtB,OAAK,cAAc;;;;;;;CAQrB,MAAM,eAGJ;AACA,MAAI,CAAC,KAAK,YACR,QAAO;GACL,eAAe;GACf,QACEA,8FAA2C;GAC9C;EAKH,MAAM,UAAU,MAAMC,wBAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACED,8FAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQA,8FAA2C;GACpD;EAGH,MAAM,EAAE,cAAc,MAAME,sBAAS;EAErC,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd,sBAAsB,QAAQ;GAC9B,cAAc,QAAQ;GACtB,aAAa,QAAQ;GACtB;;;;;;;;;;CAWH,MAAM,QAAQ,UAA0B,EAAE,EAAmC;EAC3E,MAAM,EAAE,cAAc,MAAMA,sBAAS;EACrC,MAAM,UAAU,MAAMD,wBAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,KACpC,QAAO;GACL,eAAe;GACf,QAAQE,4EAA4B;GACrC;EAGH,MAAM,EAAE,QAAQ,kCAAkC,UAChD,QAAQ,YACT;AAED,MAAI;GACF,MAAM,iBAAiB,QAAQ,kBAAkB,KAAK;GAEtD,MAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;IACrD,UAAU,KAAK,eAAe;IAC9B,cAAc,QAAQ;IACtB,gBACE,QAAQ,kBAAkB;IAC5B,SAAS;KAEP,aAAa;KACb;KACD;IACF,CAAC;AAGJ,OAAI,QAAQ,eACV,MAAK,iBAAiB,QAAQ;AAGhC,QAAK,cAAc,uBAAuB;GAE1C,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,uBAAuB,YAAY;AAI9D,UAAO;IACL,eAAe;IACf,eAAe,uBAAuB;IACtC,SAAS;IACT,sBAAsB,uBAAuB;IAC7C;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,QAAQ;IACd,cAAc,QAAQ;IACvB;WACM,OAAO;AACd,OACE,iBAAiBC,2CAEhB,MAAM,UAAUD,4EAA4B,iBAC3C,MAAM,UAAUA,4EAA4B,kBAC5C,MAAM,UAAUA,4EAA4B,cAE9C,QAAO;IACL,eAAe;IACf,QAAQ,MAAM;IACf;AAGH,SAAM;;;;;;;;CASV,MAAM,aAAa,EACjB,aACyB,EAAE,EAAmB;EAC9C,MAAM,yBAAyB,MAAM,KAAK,cAAc;AAExD,MAAI,CAAC,uBAAuB,eAAe;GACzC,MAAM,EAAE,WAAW;AACnB,SAAM,IAAI,MAAM,gDAAgD,SAAS;;AAG3E,SAAO,KAAK,eAAe,aAAa;GACtC,WAAW,uBAAuB;GAClC;GACD,CAAC;;CAGJ,MAAc,WAAW,aAAuC;EAC9D,MAAM,EAAE,cAAc,MAAMD,sBAAS;EACrC,MAAM,OAAO,MAAM,KAAK,eAAe,SAAS;AAChD,MAAI,CAAC,KACH,OAAM,IAAI,MACR,kEACD;AAGH,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AAGV,OACE,aAAa,SACb,UAAU,KACV,OAAO,EAAE,SAAS,aACjB,EAAE,KAAK,WAAW,WAAW,IAAI,EAAE,KAAK,WAAW,WAAW,EAE/D,QAAO;AAET,SAAM"}

package/lib/session-handler-options.interface-DJRJes_5.d.cts

@@ -0,0 +1,9 @@
+//#region src/user-management/interfaces/session-handler-options.interface.d.ts
+interface SessionHandlerOptions {
+  sessionData: string;
+  cookiePassword?: string;
+  organizationId?: string;
+}
+//#endregion
+export { SessionHandlerOptions as t };
+//# sourceMappingURL=session-handler-options.interface-DJRJes_5.d.cts.map

package/lib/session.interface-DEkXnpLu.d.cts

@@ -0,0 +1,38 @@
+import { t as Impersonator } from "./impersonator.interface-CGlMZ9vr.cjs";
+
+//#region src/user-management/interfaces/session.interface.d.ts
+type AuthMethod = 'external_auth' | 'impersonation' | 'magic_code' | 'migrated_session' | 'oauth' | 'passkey' | 'password' | 'sso' | 'unknown';
+type SessionStatus = 'active' | 'expired' | 'revoked';
+interface Session {
+  object: 'session';
+  id: string;
+  userId: string;
+  ipAddress: string | null;
+  userAgent: string | null;
+  organizationId?: string;
+  impersonator?: Impersonator;
+  authMethod: AuthMethod;
+  status: SessionStatus;
+  expiresAt: string;
+  endedAt: string | null;
+  createdAt: string;
+  updatedAt: string;
+}
+interface SessionResponse {
+  object: 'session';
+  id: string;
+  user_id: string;
+  ip_address: string | null;
+  user_agent: string | null;
+  organization_id?: string;
+  impersonator?: Impersonator;
+  auth_method: AuthMethod;
+  status: SessionStatus;
+  expires_at: string;
+  ended_at: string | null;
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+export { SessionStatus as i, Session as n, SessionResponse as r, AuthMethod as t };
+//# sourceMappingURL=session.interface-DEkXnpLu.d.cts.map

package/lib/session.serializer-BL-7BJfq.d.cts

@@ -0,0 +1,7 @@
+import { n as Session, r as SessionResponse } from "./session.interface-DEkXnpLu.cjs";
+
+//#region src/user-management/serializers/session.serializer.d.ts
+declare const deserializeSession: (session: SessionResponse) => Session;
+//#endregion
+export { deserializeSession as t };
+//# sourceMappingURL=session.serializer-BL-7BJfq.d.cts.map

package/lib/set-environment-role-permissions-options.interface-BZKVKr61.d.cts

@@ -0,0 +1,7 @@
+//#region src/authorization/interfaces/set-environment-role-permissions-options.interface.d.ts
+interface SetEnvironmentRolePermissionsOptions {
+  permissions: string[];
+}
+//#endregion
+export { SetEnvironmentRolePermissionsOptions as t };
+//# sourceMappingURL=set-environment-role-permissions-options.interface-BZKVKr61.d.cts.map

package/lib/set-organization-role-permissions-options.interface-B5ETA0fj.d.cts

@@ -0,0 +1,7 @@
+//#region src/authorization/interfaces/set-organization-role-permissions-options.interface.d.ts
+interface SetOrganizationRolePermissionsOptions {
+  permissions: string[];
+}
+//#endregion
+export { SetOrganizationRolePermissionsOptions as t };
+//# sourceMappingURL=set-organization-role-permissions-options.interface-B5ETA0fj.d.cts.map

package/lib/signature-provider-DBHzmT8N.cjs

@@ -0,0 +1,38 @@
+const require_signature_verification_exception = require('./signature-verification.exception-Dc1gSCYD.cjs');
+
+//#region src/common/crypto/signature-provider.ts
+var SignatureProvider = class {
+	cryptoProvider;
+	constructor(cryptoProvider) {
+		this.cryptoProvider = cryptoProvider;
+	}
+	async verifyHeader({ payload, sigHeader, secret, tolerance = 18e4 }) {
+		const [timestamp, signatureHash] = this.getTimestampAndSignatureHash(sigHeader);
+		if (!signatureHash || Object.keys(signatureHash).length === 0) throw new require_signature_verification_exception.SignatureVerificationException("No signature hash found with expected scheme v1");
+		if (parseInt(timestamp, 10) < Date.now() - tolerance) throw new require_signature_verification_exception.SignatureVerificationException("Timestamp outside the tolerance zone");
+		const expectedSig = await this.computeSignature(timestamp, payload, secret);
+		if (await this.cryptoProvider.secureCompare(expectedSig, signatureHash) === false) throw new require_signature_verification_exception.SignatureVerificationException("Signature hash does not match the expected signature hash for payload");
+		return true;
+	}
+	getTimestampAndSignatureHash(sigHeader) {
+		const [t, v1] = sigHeader.split(",");
+		if (typeof t === "undefined" || typeof v1 === "undefined") throw new require_signature_verification_exception.SignatureVerificationException("Signature or timestamp missing");
+		const { 1: timestamp } = t.split("=");
+		const { 1: signatureHash } = v1.split("=");
+		return [timestamp, signatureHash];
+	}
+	async computeSignature(timestamp, payload, secret) {
+		payload = JSON.stringify(payload);
+		const signedPayload = `${timestamp}.${payload}`;
+		return await this.cryptoProvider.computeHMACSignatureAsync(signedPayload, secret);
+	}
+};
+
+//#endregion
+Object.defineProperty(exports, 'SignatureProvider', {
+  enumerable: true,
+  get: function () {
+    return SignatureProvider;
+  }
+});
+//# sourceMappingURL=signature-provider-DBHzmT8N.cjs.map

package/lib/signature-provider-DBHzmT8N.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature-provider-DBHzmT8N.cjs","names":["SignatureVerificationException"],"sources":["../src/common/crypto/signature-provider.ts"],"sourcesContent":["import { SignatureVerificationException } from '../exceptions';\nimport { CryptoProvider } from './crypto-provider';\n\nexport class SignatureProvider {\n  private cryptoProvider: CryptoProvider;\n\n  constructor(cryptoProvider: CryptoProvider) {\n    this.cryptoProvider = cryptoProvider;\n  }\n\n  async verifyHeader({\n    payload,\n    sigHeader,\n    secret,\n    tolerance = 180000,\n  }: {\n    payload: any;\n    sigHeader: string;\n    secret: string;\n    tolerance?: number;\n  }): Promise<boolean> {\n    const [timestamp, signatureHash] =\n      this.getTimestampAndSignatureHash(sigHeader);\n\n    if (!signatureHash || Object.keys(signatureHash).length === 0) {\n      throw new SignatureVerificationException(\n        'No signature hash found with expected scheme v1',\n      );\n    }\n\n    if (parseInt(timestamp, 10) < Date.now() - tolerance) {\n      throw new SignatureVerificationException(\n        'Timestamp outside the tolerance zone',\n      );\n    }\n\n    const expectedSig = await this.computeSignature(timestamp, payload, secret);\n    if (\n      (await this.cryptoProvider.secureCompare(expectedSig, signatureHash)) ===\n      false\n    ) {\n      throw new SignatureVerificationException(\n        'Signature hash does not match the expected signature hash for payload',\n      );\n    }\n    return true;\n  }\n\n  getTimestampAndSignatureHash(sigHeader: string): [string, string] {\n    const signature = sigHeader;\n    const [t, v1] = signature.split(',');\n    if (typeof t === 'undefined' || typeof v1 === 'undefined') {\n      throw new SignatureVerificationException(\n        'Signature or timestamp missing',\n      );\n    }\n    const { 1: timestamp } = t.split('=');\n    const { 1: signatureHash } = v1.split('=');\n\n    return [timestamp, signatureHash];\n  }\n\n  async computeSignature(\n    timestamp: any,\n    payload: any,\n    secret: string,\n  ): Promise<string> {\n    payload = JSON.stringify(payload);\n    const signedPayload = `${timestamp}.${payload}`;\n\n    return await this.cryptoProvider.computeHMACSignatureAsync(\n      signedPayload,\n      secret,\n    );\n  }\n}\n"],"mappings":";;;AAGA,IAAa,oBAAb,MAA+B;CAC7B,AAAQ;CAER,YAAY,gBAAgC;AAC1C,OAAK,iBAAiB;;CAGxB,MAAM,aAAa,EACjB,SACA,WACA,QACA,YAAY,QAMO;EACnB,MAAM,CAAC,WAAW,iBAChB,KAAK,6BAA6B,UAAU;AAE9C,MAAI,CAAC,iBAAiB,OAAO,KAAK,cAAc,CAAC,WAAW,EAC1D,OAAM,IAAIA,wEACR,kDACD;AAGH,MAAI,SAAS,WAAW,GAAG,GAAG,KAAK,KAAK,GAAG,UACzC,OAAM,IAAIA,wEACR,uCACD;EAGH,MAAM,cAAc,MAAM,KAAK,iBAAiB,WAAW,SAAS,OAAO;AAC3E,MACG,MAAM,KAAK,eAAe,cAAc,aAAa,cAAc,KACpE,MAEA,OAAM,IAAIA,wEACR,wEACD;AAEH,SAAO;;CAGT,6BAA6B,WAAqC;EAEhE,MAAM,CAAC,GAAG,MADQ,UACQ,MAAM,IAAI;AACpC,MAAI,OAAO,MAAM,eAAe,OAAO,OAAO,YAC5C,OAAM,IAAIA,wEACR,iCACD;EAEH,MAAM,EAAE,GAAG,cAAc,EAAE,MAAM,IAAI;EACrC,MAAM,EAAE,GAAG,kBAAkB,GAAG,MAAM,IAAI;AAE1C,SAAO,CAAC,WAAW,cAAc;;CAGnC,MAAM,iBACJ,WACA,SACA,QACiB;AACjB,YAAU,KAAK,UAAU,QAAQ;EACjC,MAAM,gBAAgB,GAAG,UAAU,GAAG;AAEtC,SAAO,MAAM,KAAK,eAAe,0BAC/B,eACA,OACD"}

package/lib/signature-verification.exception-DDuwGSbj.d.cts

@@ -0,0 +1,8 @@
+//#region src/common/exceptions/signature-verification.exception.d.ts
+declare class SignatureVerificationException extends Error {
+  readonly name = "SignatureVerificationException";
+  constructor(message: string);
+}
+//#endregion
+export { SignatureVerificationException as t };
+//# sourceMappingURL=signature-verification.exception-DDuwGSbj.d.cts.map

package/lib/sms.interface-yD1fgT7s.d.cts

@@ -0,0 +1,10 @@
+//#region src/mfa/interfaces/sms.interface.d.ts
+interface Sms {
+  phoneNumber: string;
+}
+interface SmsResponse {
+  phone_number: string;
+}
+//#endregion
+export { SmsResponse as n, Sms as t };
+//# sourceMappingURL=sms.interface-yD1fgT7s.d.cts.map

package/lib/sms.serializer-D2a3LAEN.cjs

@@ -0,0 +1,12 @@
+
+//#region src/mfa/serializers/sms.serializer.ts
+const deserializeSms = (sms) => ({ phoneNumber: sms.phone_number });
+
+//#endregion
+Object.defineProperty(exports, 'deserializeSms', {
+  enumerable: true,
+  get: function () {
+    return deserializeSms;
+  }
+});
+//# sourceMappingURL=sms.serializer-D2a3LAEN.cjs.map

package/lib/sms.serializer-D2a3LAEN.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms.serializer-D2a3LAEN.cjs","names":[],"sources":["../src/mfa/serializers/sms.serializer.ts"],"sourcesContent":["import { Sms, SmsResponse } from '../interfaces';\n\nexport const deserializeSms = (sms: SmsResponse): Sms => ({\n  phoneNumber: sms.phone_number,\n});\n"],"mappings":";;AAEA,MAAa,kBAAkB,SAA2B,EACxD,aAAa,IAAI,cAClB"}

package/lib/sso/interfaces/authorization-url-options.interface.d.cts

@@ -1,2 +1,2 @@
-import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-C5ABtdiE.cjs";
+import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-jpmqnJeg.cjs";
 export { SSOAuthorizationURLOptions, SSOPKCEAuthorizationURLResult };

package/lib/sso/interfaces/connection-type.enum.cjs

@@ -1,3 +1,3 @@
-const require_connection_type_enum = require('../../connection-type.enum-CQncLVbr.cjs');
+const require_connection_type_enum = require('../../connection-type.enum-blH7z4Tf.cjs');
 
 exports.ConnectionType = require_connection_type_enum.ConnectionType;

package/lib/sso/interfaces/connection-type.enum.d.cts

@@ -1,2 +1,2 @@
-import { t as ConnectionType } from "../../connection-type.enum-BCSkvlg6.cjs";
+import { t as ConnectionType } from "../../connection-type.enum-5NICh5Uu.cjs";
 export { ConnectionType };

package/lib/sso/interfaces/connection.interface.d.cts

@@ -1,2 +1,2 @@
-import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-D1HP4q90.cjs";
+import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-CYEbF9mD.cjs";
 export { Connection, ConnectionDomain, ConnectionResponse };

package/lib/sso/interfaces/get-profile-and-token-options.interface.d.cts

@@ -1,2 +1,2 @@
-import { t as GetProfileAndTokenOptions } from "../../get-profile-and-token-options.interface-B4HEexcv.cjs";
+import { t as GetProfileAndTokenOptions } from "../../get-profile-and-token-options.interface-BTmM6245.cjs";
 export { GetProfileAndTokenOptions };

package/lib/sso/interfaces/get-profile-options.interface.d.cts

@@ -1,2 +1,2 @@
-import { t as GetProfileOptions } from "../../get-profile-options.interface-BTqozSx_.cjs";
+import { t as GetProfileOptions } from "../../get-profile-options.interface-BJLekz2p.cjs";
 export { GetProfileOptions };

package/lib/sso/interfaces/index.cjs

@@ -1,3 +1,3 @@
-const require_connection_type_enum = require('../../connection-type.enum-CQncLVbr.cjs');
+const require_connection_type_enum = require('../../connection-type.enum-blH7z4Tf.cjs');
 
 exports.ConnectionType = require_connection_type_enum.ConnectionType;

package/lib/sso/interfaces/index.d.cts

@@ -1,8 +1,8 @@
-import { Fn as ProfileAndTokenResponse, In as Profile, Ln as ProfileResponse, Pn as ProfileAndToken } from "../../index-BkSnDb9g.cjs";
-import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-C5ABtdiE.cjs";
-import { t as ConnectionType } from "../../connection-type.enum-BCSkvlg6.cjs";
-import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-D1HP4q90.cjs";
-import { t as GetProfileOptions } from "../../get-profile-options.interface-BTqozSx_.cjs";
-import { t as GetProfileAndTokenOptions } from "../../get-profile-and-token-options.interface-B4HEexcv.cjs";
-import { n as SerializedListConnectionsOptions, t as ListConnectionsOptions } from "../../list-connections-options.interface-zYzKu8PV.cjs";
+import { Bn as ProfileAndToken, Hn as Profile, Un as ProfileResponse, Vn as ProfileAndTokenResponse } from "../../index-BDMqzUe6.cjs";
+import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-jpmqnJeg.cjs";
+import { t as ConnectionType } from "../../connection-type.enum-5NICh5Uu.cjs";
+import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-CYEbF9mD.cjs";
+import { t as GetProfileOptions } from "../../get-profile-options.interface-BJLekz2p.cjs";
+import { t as GetProfileAndTokenOptions } from "../../get-profile-and-token-options.interface-BTmM6245.cjs";
+import { n as SerializedListConnectionsOptions, t as ListConnectionsOptions } from "../../list-connections-options.interface-DVXp4re1.cjs";
 export { Connection, ConnectionDomain, ConnectionResponse, ConnectionType, GetProfileAndTokenOptions, GetProfileOptions, ListConnectionsOptions, Profile, ProfileAndToken, ProfileAndTokenResponse, ProfileResponse, SSOAuthorizationURLOptions, SSOPKCEAuthorizationURLResult, SerializedListConnectionsOptions };

package/lib/sso/interfaces/list-connections-options.interface.d.cts

@@ -1,2 +1,2 @@
-import { n as SerializedListConnectionsOptions, t as ListConnectionsOptions } from "../../list-connections-options.interface-zYzKu8PV.cjs";
+import { n as SerializedListConnectionsOptions, t as ListConnectionsOptions } from "../../list-connections-options.interface-DVXp4re1.cjs";
 export { ListConnectionsOptions, SerializedListConnectionsOptions };

package/lib/sso/interfaces/profile-and-token.interface.d.cts

@@ -1,2 +1,2 @@
-import { Fn as ProfileAndTokenResponse, Pn as ProfileAndToken } from "../../index-BkSnDb9g.cjs";
+import { Bn as ProfileAndToken, Vn as ProfileAndTokenResponse } from "../../index-BDMqzUe6.cjs";
 export { ProfileAndToken, ProfileAndTokenResponse };

package/lib/sso/interfaces/profile.interface.d.cts

@@ -1,2 +1,2 @@
-import { In as Profile, Ln as ProfileResponse } from "../../index-BkSnDb9g.cjs";
+import { Hn as Profile, Un as ProfileResponse } from "../../index-BDMqzUe6.cjs";
 export { Profile, ProfileResponse };

package/lib/sso/serializers/connection.serializer.d.cts

@@ -1,2 +1,2 @@
-import { t as deserializeConnection } from "../../connection.serializer-B47qKsDN.cjs";
+import { t as deserializeConnection } from "../../connection.serializer-CrL-OTu7.cjs";
 export { deserializeConnection };

package/lib/sso/serializers/index.d.cts

@@ -1,5 +1,5 @@
-import { t as deserializeConnection } from "../../connection.serializer-B47qKsDN.cjs";
-import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-BQ887b-b.cjs";
-import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-B4TVJ1rX.cjs";
-import { t as deserializeProfile } from "../../profile.serializer-DQhnLRm3.cjs";
+import { t as deserializeConnection } from "../../connection.serializer-CrL-OTu7.cjs";
+import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-oZKaQIbM.cjs";
+import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-93o4nX7v.cjs";
+import { t as deserializeProfile } from "../../profile.serializer-D9q7gLof.cjs";
 export { deserializeConnection, deserializeProfile, deserializeProfileAndToken, serializeListConnectionsOptions };

package/lib/sso/serializers/list-connections-options.serializer.d.cts

@@ -1,2 +1,2 @@
-import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-BQ887b-b.cjs";
+import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-oZKaQIbM.cjs";
 export { serializeListConnectionsOptions };

package/lib/sso/serializers/profile-and-token.serializer.d.cts

@@ -1,2 +1,2 @@
-import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-B4TVJ1rX.cjs";
+import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-93o4nX7v.cjs";
 export { deserializeProfileAndToken };

package/lib/sso/serializers/profile.serializer.d.cts

@@ -1,2 +1,2 @@
-import { t as deserializeProfile } from "../../profile.serializer-DQhnLRm3.cjs";
+import { t as deserializeProfile } from "../../profile.serializer-D9q7gLof.cjs";
 export { deserializeProfile };

package/lib/sso/sso.cjs

@@ -1,3 +1,3 @@
-const require_sso = require('../sso-DgPiUuie.cjs');
+const require_sso = require('../sso-FWyObHDp.cjs');
 
 exports.SSO = require_sso.SSO;

package/lib/sso/sso.d.cts

@@ -1,2 +1,2 @@
-import { y as SSO } from "../api-keys-dib2861v.cjs";
+import { y as SSO } from "../api-keys-5t7nLnb5.cjs";
 export { SSO };