npm - @workos-inc/node - Versions diffs - 8.6.0 → 8.7.0 - Mend

@workos-inc/node 8.6.0 → 8.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/lib/{permission.interface-DUgNctyv.d.cts → permission.interface-OPWiA8hK.d.cts} RENAMED Viewed

@@ -5,6 +5,7 @@ interface Permission {
   slug: string;
   name: string;
   description: string | null;
+  resourceTypeSlug: string;
   system: boolean;
   createdAt: string;
   updatedAt: string;
@@ -15,6 +16,7 @@ interface PermissionResponse {
   slug: string;
   name: string;
   description: string | null;
+  resource_type_slug: string;
   system: boolean;
   created_at: string;
   updated_at: string;
@@ -37,4 +39,4 @@ interface PermissionListResponse {
 }
 //#endregion
 export { PermissionResponse as i, PermissionList as n, PermissionListResponse as r, Permission as t };
-//# sourceMappingURL=permission.interface-DUgNctyv.d.cts.map
+//# sourceMappingURL=permission.interface-OPWiA8hK.d.cts.map

package/lib/{permission.serializer-GO1NbZki.d.cts → permission.serializer-Bw7vv2Ur.d.cts} RENAMED Viewed

@@ -1,7 +1,7 @@
-import { i as PermissionResponse, t as Permission } from "./permission.interface-DUgNctyv.cjs";
+import { i as PermissionResponse, t as Permission } from "./permission.interface-OPWiA8hK.cjs";
 //#region src/authorization/serializers/permission.serializer.d.ts
 declare const deserializePermission: (permission: PermissionResponse) => Permission;
 //#endregion
 export { deserializePermission as t };
-//# sourceMappingURL=permission.serializer-GO1NbZki.d.cts.map
+//# sourceMappingURL=permission.serializer-Bw7vv2Ur.d.cts.map

package/lib/{permission.serializer-BehT5Z93.cjs → permission.serializer-Cxa376w7.cjs} RENAMED Viewed

@@ -6,6 +6,7 @@ const deserializePermission = (permission) => ({
 	slug: permission.slug,
 	name: permission.name,
 	description: permission.description,
+	resourceTypeSlug: permission.resource_type_slug,
 	system: permission.system,
 	createdAt: permission.created_at,
 	updatedAt: permission.updated_at
@@ -18,4 +19,4 @@ Object.defineProperty(exports, 'deserializePermission', {
     return deserializePermission;
   }
 });
-//# sourceMappingURL=permission.serializer-BehT5Z93.cjs.map
+//# sourceMappingURL=permission.serializer-Cxa376w7.cjs.map

package/lib/permission.serializer-Cxa376w7.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission.serializer-Cxa376w7.cjs","names":[],"sources":["../src/authorization/serializers/permission.serializer.ts"],"sourcesContent":["import {\n Permission,\n PermissionResponse,\n} from '../interfaces/permission.interface';\n\nexport const deserializePermission = (\n permission: PermissionResponse,\n): Permission => ({\n object: permission.object,\n id: permission.id,\n slug: permission.slug,\n name: permission.name,\n description: permission.description,\n resourceTypeSlug: permission.resource_type_slug,\n system: permission.system,\n createdAt: permission.created_at,\n updatedAt: permission.updated_at,\n});\n"],"mappings":";;AAKA,MAAa,yBACX,gBACgB;CAChB,QAAQ,WAAW;CACnB,IAAI,WAAW;CACf,MAAM,WAAW;CACjB,MAAM,WAAW;CACjB,aAAa,WAAW;CACxB,kBAAkB,WAAW;CAC7B,QAAQ,WAAW;CACnB,WAAW,WAAW;CACtB,WAAW,WAAW;CACvB"}

package/lib/pipes/interfaces/access-token.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { n as SerializedAccessToken, t as AccessToken } from "../../access-token.interface-C6LZCoKM.cjs";
+import { n as SerializedAccessToken, t as AccessToken } from "../../access-token.interface-Buok__jV.cjs";
 export { AccessToken, SerializedAccessToken };

package/lib/pipes/interfaces/get-access-token.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { a as SerializedGetAccessTokenFailureResponse, c as SerializedGetAccessTokenSuccessResponse, i as GetAccessTokenSuccessResponse, n as GetAccessTokenOptions, o as SerializedGetAccessTokenOptions, r as GetAccessTokenResponse, s as SerializedGetAccessTokenResponse, t as GetAccessTokenFailureResponse } from "../../get-access-token.interface-COCgEGF_.cjs";
+import { a as SerializedGetAccessTokenFailureResponse, c as SerializedGetAccessTokenSuccessResponse, i as GetAccessTokenSuccessResponse, n as GetAccessTokenOptions, o as SerializedGetAccessTokenOptions, r as GetAccessTokenResponse, s as SerializedGetAccessTokenResponse, t as GetAccessTokenFailureResponse } from "../../get-access-token.interface-CC9W-m-U.cjs";
 export { GetAccessTokenFailureResponse, GetAccessTokenOptions, GetAccessTokenResponse, GetAccessTokenSuccessResponse, SerializedGetAccessTokenFailureResponse, SerializedGetAccessTokenOptions, SerializedGetAccessTokenResponse, SerializedGetAccessTokenSuccessResponse };

package/lib/pipes/pipes.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { x as Pipes } from "../api-keys-CSDwj0TW.cjs";
+import { x as Pipes } from "../api-keys-FoD7rQEa.cjs";
 export { Pipes };

package/lib/pipes/serializers/access-token.serializer.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as SerializedAccessToken, t as AccessToken } from "../../access-token.interface-C6LZCoKM.cjs";
+import { n as SerializedAccessToken, t as AccessToken } from "../../access-token.interface-Buok__jV.cjs";
 //#region src/pipes/serializers/access-token.serializer.d.ts
 declare function deserializeAccessToken(serialized: SerializedAccessToken): AccessToken;

package/lib/pipes/serializers/get-access-token.serializer.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as GetAccessTokenOptions, o as SerializedGetAccessTokenOptions, r as GetAccessTokenResponse, s as SerializedGetAccessTokenResponse } from "../../get-access-token.interface-COCgEGF_.cjs";
+import { n as GetAccessTokenOptions, o as SerializedGetAccessTokenOptions, r as GetAccessTokenResponse, s as SerializedGetAccessTokenResponse } from "../../get-access-token.interface-CC9W-m-U.cjs";
 //#region src/pipes/serializers/get-access-token.serializer.d.ts
 declare function serializeGetAccessTokenOptions(options: GetAccessTokenOptions): SerializedGetAccessTokenOptions;

package/lib/pkce/pkce.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { n as PKCEPair, t as PKCE } from "../pkce-CkDcEdoo.cjs";
+import { n as PKCEPair, t as PKCE } from "../pkce-BNs390-T.cjs";
 export { PKCE, PKCEPair };

package/lib/{pkce-CkDcEdoo.d.cts → pkce-BNs390-T.d.cts} RENAMED Viewed

@@ -35,4 +35,4 @@ declare class PKCE {
 }
 //#endregion
 export { PKCEPair as n, PKCE as t };
-//# sourceMappingURL=pkce-CkDcEdoo.d.cts.map
+//# sourceMappingURL=pkce-BNs390-T.d.cts.map

package/lib/portal/interfaces/generate-portal-link-intent.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as GeneratePortalLinkIntent } from "../../generate-portal-link-intent.interface-DM9FRX0P.cjs";
+import { t as GeneratePortalLinkIntent } from "../../generate-portal-link-intent.interface-C2mac0-y.cjs";
 export { GeneratePortalLinkIntent };

package/lib/portal/interfaces/index.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as GeneratePortalLinkIntent } from "../../generate-portal-link-intent.interface-DM9FRX0P.cjs";
+import { t as GeneratePortalLinkIntent } from "../../generate-portal-link-intent.interface-C2mac0-y.cjs";
 export { GeneratePortalLinkIntent };

package/lib/portal/portal.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { b as Portal } from "../api-keys-CSDwj0TW.cjs";
+import { b as Portal } from "../api-keys-FoD7rQEa.cjs";
 export { Portal };

package/lib/{post-options.interface-D8yUBVGr.d.cts → post-options.interface-BR5jQA4x.d.cts} RENAMED Viewed

@@ -10,4 +10,4 @@ interface PostOptions {
 }
 //#endregion
 export { PostOptions as t };
-//# sourceMappingURL=post-options.interface-D8yUBVGr.d.cts.map
+//# sourceMappingURL=post-options.interface-BR5jQA4x.d.cts.map

package/lib/{profile-and-token.serializer-BrOalmOt.d.cts → profile-and-token.serializer-Zr1vKJjC.d.cts} RENAMED Viewed

@@ -1,8 +1,8 @@
-import { Bn as ProfileAndToken, Vn as ProfileAndTokenResponse } from "./index-DYVTG9fR.cjs";
+import { Xn as ProfileAndTokenResponse, Yn as ProfileAndToken } from "./index-zd2lGEmr.cjs";
 import { t as UnknownRecord } from "./unknown-record.interface-KDwjwNHM.cjs";
 //#region src/sso/serializers/profile-and-token.serializer.d.ts
 declare const deserializeProfileAndToken: <CustomAttributesType extends UnknownRecord>(profileAndToken: ProfileAndTokenResponse<CustomAttributesType>) => ProfileAndToken<CustomAttributesType>;
 //#endregion
 export { deserializeProfileAndToken as t };
-//# sourceMappingURL=profile-and-token.serializer-BrOalmOt.d.cts.map
+//# sourceMappingURL=profile-and-token.serializer-Zr1vKJjC.d.cts.map

package/lib/{profile.serializer-EDpJlY-r.d.cts → profile.serializer-BjxW-2CT.d.cts} RENAMED Viewed

@@ -1,8 +1,8 @@
-import { Hn as Profile, Un as ProfileResponse } from "./index-DYVTG9fR.cjs";
+import { Qn as ProfileResponse, Zn as Profile } from "./index-zd2lGEmr.cjs";
 import { t as UnknownRecord } from "./unknown-record.interface-KDwjwNHM.cjs";
 //#region src/sso/serializers/profile.serializer.d.ts
 declare const deserializeProfile: <CustomAttributesType extends UnknownRecord>(profile: ProfileResponse<CustomAttributesType>) => Profile<CustomAttributesType>;
 //#endregion
 export { deserializeProfile as t };
-//# sourceMappingURL=profile.serializer-EDpJlY-r.d.cts.map
+//# sourceMappingURL=profile.serializer-BjxW-2CT.d.cts.map

package/lib/{put-options.interface-JSNS5evI.d.cts → put-options.interface-VXax1_sR.d.cts} RENAMED Viewed

@@ -9,4 +9,4 @@ interface PutOptions {
 }
 //#endregion
 export { PutOptions as t };
-//# sourceMappingURL=put-options.interface-JSNS5evI.d.cts.map
+//# sourceMappingURL=put-options.interface-VXax1_sR.d.cts.map

package/lib/{query-options.serializer-DrRDm7He.d.cts → query-options.serializer-DffmenXK.d.cts} RENAMED Viewed

@@ -1,7 +1,7 @@
-import { a as SerializedQueryOptions, t as QueryOptions } from "./query.interface-DvI8OOX6.cjs";
+import { a as SerializedQueryOptions, t as QueryOptions } from "./query.interface-Bn03fUFS.cjs";
 //#region src/fga/serializers/query-options.serializer.d.ts
 declare const serializeQueryOptions: (options: QueryOptions) => SerializedQueryOptions;
 //#endregion
 export { serializeQueryOptions as t };
-//# sourceMappingURL=query-options.serializer-DrRDm7He.d.cts.map
+//# sourceMappingURL=query-options.serializer-DffmenXK.d.cts.map

package/lib/{query-result.serializer-CJnHUV8v.d.cts → query-result.serializer-DFKCaIAe.d.cts} RENAMED Viewed

@@ -1,6 +1,6 @@
-import { n as ListResponse } from "./list.interface-D2Q6nKBO.cjs";
-import { r as Warning } from "./warning.interface-D8U1ON2d.cjs";
-import { i as QueryResultResponse, r as QueryResult } from "./query.interface-DvI8OOX6.cjs";
+import { n as ListResponse } from "./list.interface-I2r4xhuH.cjs";
+import { r as Warning } from "./warning.interface-9qt63wBc.cjs";
+import { i as QueryResultResponse, r as QueryResult } from "./query.interface-Bn03fUFS.cjs";
 //#region src/fga/serializers/query-result.serializer.d.ts
 interface QueryResultListResponse extends ListResponse<QueryResultResponse> {
@@ -9,4 +9,4 @@ interface QueryResultListResponse extends ListResponse<QueryResultResponse> {
 declare const deserializeQueryResult: (queryResult: QueryResultResponse) => QueryResult;
 //#endregion
 export { deserializeQueryResult as n, QueryResultListResponse as t };
-//# sourceMappingURL=query-result.serializer-CJnHUV8v.d.cts.map
+//# sourceMappingURL=query-result.serializer-DFKCaIAe.d.cts.map

package/lib/{query.interface-DvI8OOX6.d.cts → query.interface-Bn03fUFS.d.cts} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { t as PaginationOptions } from "./pagination-options.interface-BzIEA3yY.cjs";
-import { t as GetOptions } from "./get-options.interface-DoL0T9e1.cjs";
-import { c as Warrant, l as WarrantResponse, r as PolicyContext } from "./warrant.interface-DgQN4yxm.cjs";
+import { t as GetOptions } from "./get-options.interface-BsU2gWu0.cjs";
+import { c as Warrant, l as WarrantResponse, r as PolicyContext } from "./warrant.interface-5GMD1PlN.cjs";
 //#region src/fga/interfaces/query.interface.d.ts
 interface QueryOptions extends PaginationOptions {
@@ -32,4 +32,4 @@ interface QueryResultResponse {
 type QueryRequestOptions = Pick<GetOptions, 'warrantToken'>;
 //#endregion
 export { SerializedQueryOptions as a, QueryResultResponse as i, QueryRequestOptions as n, QueryResult as r, QueryOptions as t };
-//# sourceMappingURL=query.interface-DvI8OOX6.d.cts.map
+//# sourceMappingURL=query.interface-Bn03fUFS.d.cts.map

package/lib/{rate-limit-exceeded.exception-LIdF3qZq.d.cts → rate-limit-exceeded.exception-BkM54IsX.d.cts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { t as GenericServerException } from "./generic-server.exception-C_jhVvki.cjs";
+import { t as GenericServerException } from "./generic-server.exception-oSIJnqHy.cjs";
 //#region src/common/exceptions/rate-limit-exceeded.exception.d.ts
 declare class RateLimitExceededException extends GenericServerException {
@@ -15,4 +15,4 @@ declare class RateLimitExceededException extends GenericServerException {
 }
 //#endregion
 export { RateLimitExceededException as t };
-//# sourceMappingURL=rate-limit-exceeded.exception-LIdF3qZq.d.cts.map
+//# sourceMappingURL=rate-limit-exceeded.exception-BkM54IsX.d.cts.map

package/lib/{read-object.interface-bYptR15L.d.cts → read-object.interface-iqgpJxLj.d.cts} RENAMED Viewed

@@ -1,5 +1,5 @@
-import { r as KeyContext } from "./key.interface-DWikImzG.cjs";
-import { r as ObjectUpdateBy } from "./object.interface-C0gQ84EY.cjs";
+import { r as KeyContext } from "./key.interface-YLV_plqn.cjs";
+import { r as ObjectUpdateBy } from "./object.interface-Do9xg7Zv.cjs";
 //#region src/vault/interfaces/object/read-object.interface.d.ts
 interface ReadObjectOptions {
@@ -22,4 +22,4 @@ interface ReadObjectResponse {
 }
 //#endregion
 export { ReadObjectOptions as n, ReadObjectResponse as r, ReadObjectMetadataResponse as t };
-//# sourceMappingURL=read-object.interface-bYptR15L.d.cts.map
+//# sourceMappingURL=read-object.interface-iqgpJxLj.d.cts.map

package/lib/{remove-flag-target-options.interface-BlZtU4Qf.d.cts → remove-flag-target-options.interface-D4j_miMD.d.cts} RENAMED Viewed

@@ -5,4 +5,4 @@ interface RemoveFlagTargetOptions {
 }
 //#endregion
 export { RemoveFlagTargetOptions as t };
-//# sourceMappingURL=remove-flag-target-options.interface-BlZtU4Qf.d.cts.map
+//# sourceMappingURL=remove-flag-target-options.interface-D4j_miMD.d.cts.map

package/lib/{remove-role-options.serializer-Cq-gQ6eh.d.cts → remove-role-options.serializer-MXH-zTEQ.d.cts} RENAMED Viewed

@@ -4,4 +4,4 @@ import { a as SerializedRemoveRoleOptions, n as RemoveRoleOptions } from "./remo
 declare const serializeRemoveRoleOptions: (options: RemoveRoleOptions) => SerializedRemoveRoleOptions;
 //#endregion
 export { serializeRemoveRoleOptions as t };
-//# sourceMappingURL=remove-role-options.serializer-Cq-gQ6eh.d.cts.map
+//# sourceMappingURL=remove-role-options.serializer-MXH-zTEQ.d.cts.map

package/lib/{request-exception.interface-DXrL5xJL.d.cts → request-exception.interface-CuuezHgg.d.cts} RENAMED Viewed

@@ -6,4 +6,4 @@ interface RequestException {
 }
 //#endregion
 export { RequestException as t };
-//# sourceMappingURL=request-exception.interface-DXrL5xJL.d.cts.map
+//# sourceMappingURL=request-exception.interface-CuuezHgg.d.cts.map

package/lib/{reset-password-options.serializer-B9Dv28B5.d.cts → reset-password-options.serializer-B-yKukZL.d.cts} RENAMED Viewed

@@ -4,4 +4,4 @@ import { n as SerializedResetPasswordOptions, t as ResetPasswordOptions } from "
 declare const serializeResetPasswordOptions: (options: ResetPasswordOptions) => SerializedResetPasswordOptions;
 //#endregion
 export { serializeResetPasswordOptions as t };
-//# sourceMappingURL=reset-password-options.serializer-B9Dv28B5.d.cts.map
+//# sourceMappingURL=reset-password-options.serializer-B-yKukZL.d.cts.map

package/lib/{resource-op.enum-CNibFpd3.d.cts → resource-op.enum-DpcuVeOX.d.cts} RENAMED Viewed

@@ -5,4 +5,4 @@ declare enum ResourceOp {
 }
 //#endregion
 export { ResourceOp as t };
-//# sourceMappingURL=resource-op.enum-CNibFpd3.d.cts.map
+//# sourceMappingURL=resource-op.enum-DpcuVeOX.d.cts.map

package/lib/{resource.interface-DSxkG9Jg.d.cts → resource.interface-DdilIYi7.d.cts} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { t as PaginationOptions } from "./pagination-options.interface-BzIEA3yY.cjs";
-import { t as ResourceOp } from "./resource-op.enum-CNibFpd3.cjs";
+import { t as ResourceOp } from "./resource-op.enum-DpcuVeOX.cjs";
 //#region src/fga/interfaces/resource.interface.d.ts
 interface ResourceInterface {
@@ -74,4 +74,4 @@ interface BatchWriteResourcesResponse {
 }
 //#endregion
 export { GetResourceOptions as a, ResourceInterface as c, SerializedBatchWriteResourcesOptions as d, SerializedCreateResourceOptions as f, UpdateResourceOptions as g, SerializedResourceOptions as h, DeleteResourceOptions as i, ResourceOptions as l, SerializedListResourcesOptions as m, BatchWriteResourcesResponse as n, ListResourcesOptions as o, SerializedDeleteResourceOptions as p, CreateResourceOptions as r, Resource as s, BatchWriteResourcesOptions as t, ResourceResponse as u };
-//# sourceMappingURL=resource.interface-DSxkG9Jg.d.cts.map
+//# sourceMappingURL=resource.interface-DdilIYi7.d.cts.map

package/lib/{resource.serializer-DbjYmqjL.d.cts → resource.serializer-Das8RBBH.d.cts} RENAMED Viewed

@@ -1,8 +1,8 @@
-import { n as BatchWriteResourcesResponse, s as Resource, u as ResourceResponse } from "./resource.interface-DSxkG9Jg.cjs";
+import { n as BatchWriteResourcesResponse, s as Resource, u as ResourceResponse } from "./resource.interface-DdilIYi7.cjs";
 //#region src/fga/serializers/resource.serializer.d.ts
 declare const deserializeResource: (response: ResourceResponse) => Resource;
 declare const deserializeBatchWriteResourcesResponse: (response: BatchWriteResourcesResponse) => Resource[];
 //#endregion
 export { deserializeResource as n, deserializeBatchWriteResourcesResponse as t };
-//# sourceMappingURL=resource.serializer-DbjYmqjL.d.cts.map
+//# sourceMappingURL=resource.serializer-Das8RBBH.d.cts.map

package/lib/{response-payload.interface-DwFDDgXN.d.cts → response-payload.interface-BxqIcrma.d.cts} RENAMED Viewed

@@ -23,4 +23,4 @@ type UserRegistrationActionResponseData = (AllowResponseData & {
 });
 //#endregion
 export { ResponsePayload as n, UserRegistrationActionResponseData as r, AuthenticationActionResponseData as t };
-//# sourceMappingURL=response-payload.interface-DwFDDgXN.d.cts.map
+//# sourceMappingURL=response-payload.interface-BxqIcrma.d.cts.map

package/lib/{role-assignment.serializer-ddyzkw8N.d.cts → role-assignment.serializer-CNEsj7hN.d.cts} RENAMED Viewed

@@ -4,4 +4,4 @@ import { o as RoleAssignmentResponse, t as RoleAssignment } from "./role-assignm
 declare const deserializeRoleAssignment: (response: RoleAssignmentResponse) => RoleAssignment;
 //#endregion
 export { deserializeRoleAssignment as t };
-//# sourceMappingURL=role-assignment.serializer-ddyzkw8N.d.cts.map
+//# sourceMappingURL=role-assignment.serializer-CNEsj7hN.d.cts.map

package/lib/{role.serializer-BJE162aA.cjs → role.serializer-BmSjBq3i.cjs} RENAMED Viewed

@@ -19,4 +19,4 @@ Object.defineProperty(exports, 'deserializeRole', {
     return deserializeRole;
   }
 });
-//# sourceMappingURL=role.serializer-BJE162aA.cjs.map
+//# sourceMappingURL=role.serializer-BmSjBq3i.cjs.map

package/lib/{role.serializer-BJE162aA.cjs.map → role.serializer-BmSjBq3i.cjs.map} RENAMED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"role.serializer-~~BJE162aA~~.cjs","names":[],"sources":["../src/roles/serializers/role.serializer.ts"],"sourcesContent":["import { OrganizationRoleResponse, Role } from '../interfaces';\n\nexport const deserializeRole = (role: OrganizationRoleResponse): Role => ({\n object: role.object,\n id: role.id,\n name: role.name,\n slug: role.slug,\n description: role.description,\n permissions: role.permissions,\n type: role.type,\n createdAt: role.created_at,\n updatedAt: role.updated_at,\n});\n"],"mappings":";;AAEA,MAAa,mBAAmB,UAA0C;CACxE,QAAQ,KAAK;CACb,IAAI,KAAK;CACT,MAAM,KAAK;CACX,MAAM,KAAK;CACX,aAAa,KAAK;CAClB,aAAa,KAAK;CAClB,MAAM,KAAK;CACX,WAAW,KAAK;CAChB,WAAW,KAAK;CACjB"}
1	+ {"version":3,"file":"role.serializer-BmSjBq3i.cjs","names":[],"sources":["../src/roles/serializers/role.serializer.ts"],"sourcesContent":["import { OrganizationRoleResponse, Role } from '../interfaces';\n\nexport const deserializeRole = (role: OrganizationRoleResponse): Role => ({\n object: role.object,\n id: role.id,\n name: role.name,\n slug: role.slug,\n description: role.description,\n permissions: role.permissions,\n type: role.type,\n createdAt: role.created_at,\n updatedAt: role.updated_at,\n});\n"],"mappings":";;AAEA,MAAa,mBAAmB,UAA0C;CACxE,QAAQ,KAAK;CACb,IAAI,KAAK;CACT,MAAM,KAAK;CACX,MAAM,KAAK;CACX,aAAa,KAAK;CAClB,aAAa,KAAK;CAClB,MAAM,KAAK;CACX,WAAW,KAAK;CAChB,WAAW,KAAK;CACjB"}

package/lib/roles/interfaces/index.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { $n as Role, Qn as OrganizationRoleResponse, Xn as OrganizationRoleEvent, Yn as ListOrganizationRolesResponse, Zn as OrganizationRoleEventResponse, er as RoleEvent, nr as RoleList, rr as RoleResponse, tr as RoleEventResponse } from "../../index-DYVTG9fR.cjs";
+import { ar as OrganizationRoleEvent, cr as Role, dr as RoleList, fr as RoleResponse, ir as ListOrganizationRolesResponse, lr as RoleEvent, or as OrganizationRoleEventResponse, sr as OrganizationRoleResponse, ur as RoleEventResponse } from "../../index-zd2lGEmr.cjs";
 export { ListOrganizationRolesResponse, OrganizationRoleEvent, OrganizationRoleEventResponse, OrganizationRoleResponse, Role, RoleEvent, RoleEventResponse, RoleList, RoleResponse };

package/lib/roles/interfaces/role.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { $n as Role, Qn as OrganizationRoleResponse, Xn as OrganizationRoleEvent, Yn as ListOrganizationRolesResponse, Zn as OrganizationRoleEventResponse, er as RoleEvent, nr as RoleList, rr as RoleResponse, tr as RoleEventResponse } from "../../index-DYVTG9fR.cjs";
+import { ar as OrganizationRoleEvent, cr as Role, dr as RoleList, fr as RoleResponse, ir as ListOrganizationRolesResponse, lr as RoleEvent, or as OrganizationRoleEventResponse, sr as OrganizationRoleResponse, ur as RoleEventResponse } from "../../index-zd2lGEmr.cjs";
 export { ListOrganizationRolesResponse, OrganizationRoleEvent, OrganizationRoleEventResponse, OrganizationRoleResponse, Role, RoleEvent, RoleEventResponse, RoleList, RoleResponse };

package/lib/roles/interfaces/role.interface.d.ts CHANGED Viewed

@@ -52,6 +52,7 @@ interface OrganizationRoleResponse {
   slug: string;
   description: string | null;
   permissions: string[];
+  resource_type_slug: string;
   type: 'EnvironmentRole' | 'OrganizationRole';
   created_at: string;
   updated_at: string;

package/lib/roles/serializers/role.serializer.cjs CHANGED Viewed

@@ -1,3 +1,3 @@
-const require_role_serializer = require('../../role.serializer-BJE162aA.cjs');
+const require_role_serializer = require('../../role.serializer-BmSjBq3i.cjs');
 exports.deserializeRole = require_role_serializer.deserializeRole;

package/lib/roles/serializers/role.serializer.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { $n as Role, Qn as OrganizationRoleResponse } from "../../index-DYVTG9fR.cjs";
+import { cr as Role, sr as OrganizationRoleResponse } from "../../index-zd2lGEmr.cjs";
 //#region src/roles/serializers/role.serializer.d.ts
 declare const deserializeRole: (role: OrganizationRoleResponse) => Role;

package/lib/{send-session-response.interface-Bu76CdzC.d.cts → send-session-response.interface-DrY_UidP.d.cts} RENAMED Viewed

@@ -5,4 +5,4 @@ interface SendSessionResponse {
 }
 //#endregion
 export { SendSessionResponse as t };
-//# sourceMappingURL=send-session-response.interface-Bu76CdzC.d.cts.map
+//# sourceMappingURL=send-session-response.interface-DrY_UidP.d.cts.map

package/lib/{session-handler-options.interface-DJRJes_5.d.cts → session-handler-options.interface-i1Q3y3CN.d.cts} RENAMED Viewed

@@ -6,4 +6,4 @@ interface SessionHandlerOptions {
 }
 //#endregion
 export { SessionHandlerOptions as t };
-//# sourceMappingURL=session-handler-options.interface-DJRJes_5.d.cts.map
+//# sourceMappingURL=session-handler-options.interface-i1Q3y3CN.d.cts.map

package/lib/{session.serializer-BL-7BJfq.d.cts → session.serializer-Cw08JZKf.d.cts} RENAMED Viewed

@@ -4,4 +4,4 @@ import { n as Session, r as SessionResponse } from "./session.interface-DEkXnpLu
 declare const deserializeSession: (session: SessionResponse) => Session;
 //#endregion
 export { deserializeSession as t };
-//# sourceMappingURL=session.serializer-BL-7BJfq.d.cts.map
+//# sourceMappingURL=session.serializer-Cw08JZKf.d.cts.map

package/lib/{signature-verification.exception-DDuwGSbj.d.cts → signature-verification.exception-BGEX3tOK.d.cts} RENAMED Viewed

@@ -5,4 +5,4 @@ declare class SignatureVerificationException extends Error {
 }
 //#endregion
 export { SignatureVerificationException as t };
-//# sourceMappingURL=signature-verification.exception-DDuwGSbj.d.cts.map
+//# sourceMappingURL=signature-verification.exception-BGEX3tOK.d.cts.map

package/lib/{sms.interface-yD1fgT7s.d.cts → sms.interface-CmOBSCNB.d.cts} RENAMED Viewed

@@ -7,4 +7,4 @@ interface SmsResponse {
 }
 //#endregion
 export { SmsResponse as n, Sms as t };
-//# sourceMappingURL=sms.interface-yD1fgT7s.d.cts.map
+//# sourceMappingURL=sms.interface-CmOBSCNB.d.cts.map

package/lib/sso/interfaces/index.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Bn as ProfileAndToken, Hn as Profile, Un as ProfileResponse, Vn as ProfileAndTokenResponse } from "../../index-DYVTG9fR.cjs";
+import { Qn as ProfileResponse, Xn as ProfileAndTokenResponse, Yn as ProfileAndToken, Zn as Profile } from "../../index-zd2lGEmr.cjs";
 import { n as SSOPKCEAuthorizationURLResult, t as SSOAuthorizationURLOptions } from "../../authorization-url-options.interface-jpmqnJeg.cjs";
 import { t as ConnectionType } from "../../connection-type.enum-5NICh5Uu.cjs";
 import { n as ConnectionDomain, r as ConnectionResponse, t as Connection } from "../../connection.interface-CYEbF9mD.cjs";

package/lib/sso/interfaces/profile-and-token.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { Bn as ProfileAndToken, Vn as ProfileAndTokenResponse } from "../../index-DYVTG9fR.cjs";
+import { Xn as ProfileAndTokenResponse, Yn as ProfileAndToken } from "../../index-zd2lGEmr.cjs";
 export { ProfileAndToken, ProfileAndTokenResponse };

package/lib/sso/interfaces/profile.interface.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { Hn as Profile, Un as ProfileResponse } from "../../index-DYVTG9fR.cjs";
+import { Qn as ProfileResponse, Zn as Profile } from "../../index-zd2lGEmr.cjs";
 export { Profile, ProfileResponse };

package/lib/sso/serializers/connection.serializer.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as deserializeConnection } from "../../connection.serializer-CrL-OTu7.cjs";
+import { t as deserializeConnection } from "../../connection.serializer-CGJCBj9L.cjs";
 export { deserializeConnection };

package/lib/sso/serializers/index.d.cts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { t as deserializeConnection } from "../../connection.serializer-CrL-OTu7.cjs";
-import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-CrF1Ymfh.cjs";
-import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-BrOalmOt.cjs";
-import { t as deserializeProfile } from "../../profile.serializer-EDpJlY-r.cjs";
+import { t as deserializeConnection } from "../../connection.serializer-CGJCBj9L.cjs";
+import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-C2ETSFny.cjs";
+import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-Zr1vKJjC.cjs";
+import { t as deserializeProfile } from "../../profile.serializer-BjxW-2CT.cjs";
 export { deserializeConnection, deserializeProfile, deserializeProfileAndToken, serializeListConnectionsOptions };

package/lib/sso/serializers/list-connections-options.serializer.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-CrF1Ymfh.cjs";
+import { t as serializeListConnectionsOptions } from "../../list-connections-options.serializer-C2ETSFny.cjs";
 export { serializeListConnectionsOptions };

package/lib/sso/serializers/profile-and-token.serializer.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-BrOalmOt.cjs";
+import { t as deserializeProfileAndToken } from "../../profile-and-token.serializer-Zr1vKJjC.cjs";
 export { deserializeProfileAndToken };

package/lib/sso/serializers/profile.serializer.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { t as deserializeProfile } from "../../profile.serializer-EDpJlY-r.cjs";
+import { t as deserializeProfile } from "../../profile.serializer-BjxW-2CT.cjs";
 export { deserializeProfile };

package/lib/sso/sso.cjs CHANGED Viewed

@@ -1,3 +1,3 @@
-const require_sso = require('../sso-CagxPT-U.cjs');
+const require_sso = require('../sso-D_9tMqlC.cjs');
 exports.SSO = require_sso.SSO;

package/lib/sso/sso.d.cts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { y as SSO } from "../api-keys-CSDwj0TW.cjs";
+import { y as SSO } from "../api-keys-FoD7rQEa.cjs";
 export { SSO };

package/lib/{sso-CagxPT-U.cjs → sso-D_9tMqlC.cjs} RENAMED Viewed

@@ -3,7 +3,7 @@ const require_connection_serializer = require('./connection.serializer-sFgaPd28.
 const require_list_connections_options_serializer = require('./list-connections-options.serializer-B9jyhBCh.cjs');
 const require_profile_serializer = require('./profile.serializer-DM0Zpbrc.cjs');
 const require_profile_and_token_serializer = require('./profile-and-token.serializer-DfWI_L92.cjs');
-const require_fetch_and_deserialize = require('./fetch-and-deserialize-Ba2wR4ur.cjs');
+const require_fetch_and_deserialize = require('./fetch-and-deserialize-wAuupni3.cjs');
 const require_query_string = require('./query-string-DJDFy7sp.cjs');
 //#region src/sso/sso.ts
@@ -132,4 +132,4 @@ Object.defineProperty(exports, 'SSO', {
     return SSO;
   }
 });
-//# sourceMappingURL=sso-CagxPT-U.cjs.map
+//# sourceMappingURL=sso-D_9tMqlC.cjs.map

package/lib/{sso-CagxPT-U.cjs.map → sso-D_9tMqlC.cjs.map} RENAMED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"sso-~~CagxPT-U~~.cjs","names":["workos: WorkOS","AutoPaginatable","fetchAndDeserialize","deserializeConnection","serializeListConnectionsOptions","toQueryString","deserializeProfileAndToken","deserializeProfile"],"sources":["../src/sso/sso.ts"],"sourcesContent":["import { UnknownRecord } from '../common/interfaces/unknown-record.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { toQueryString } from '../common/utils/query-string';\nimport { WorkOS } from '../workos';\nimport {\n Connection,\n ConnectionResponse,\n GetProfileAndTokenOptions,\n GetProfileOptions,\n ListConnectionsOptions,\n Profile,\n ProfileAndToken,\n ProfileAndTokenResponse,\n ProfileResponse,\n SSOAuthorizationURLOptions,\n SSOPKCEAuthorizationURLResult,\n SerializedListConnectionsOptions,\n} from './interfaces';\nimport {\n deserializeConnection,\n deserializeProfile,\n deserializeProfileAndToken,\n serializeListConnectionsOptions,\n} from './serializers';\n\nexport class SSO {\n constructor(private readonly workos: WorkOS) {}\n\n async listConnections(\n options?: ListConnectionsOptions,\n ): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n options ? serializeListConnectionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n params,\n ),\n options ? serializeListConnectionsOptions(options) : undefined,\n );\n }\n async deleteConnection(id: string) {\n await this.workos.delete(`/connections/${id}`);\n }\n\n getAuthorizationUrl(options: SSOAuthorizationURLOptions): string {\n const {\n codeChallenge,\n codeChallengeMethod,\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n state,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n const query = toQueryString({\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n return `${this.workos.baseURL}/sso/authorize?${query}`;\n }\n\n /*\n Generates an authorization URL with PKCE parameters automatically generated.\n * Use this for public clients (CLI apps, Electron, mobile) that cannot\n * securely store a client secret.\n \n @returns Object containing url, state, and codeVerifier\n \n @example\n * ```typescript\n * const { url, state, codeVerifier } = await workos.sso.getAuthorizationUrlWithPKCE({\n * connection: 'conn_123',\n * clientId: 'client_123',\n * redirectUri: 'myapp://callback',\n * });\n \n // Store state and codeVerifier securely, then redirect user to url\n * // After callback, exchange the code:\n * const { profile, accessToken } = await workos.sso.getProfileAndToken({\n * code: authorizationCode,\n * codeVerifier,\n * clientId: 'client_123',\n * });\n * ```\n /\n async getAuthorizationUrlWithPKCE(\n options: Omit<\n SSOAuthorizationURLOptions,\n 'codeChallenge' \| 'codeChallengeMethod' \| 'state'\n >,\n ): Promise<SSOPKCEAuthorizationURLResult> {\n const {\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n // Generate PKCE parameters\n const pkce = await this.workos.pkce.generate();\n\n // Generate secure random state\n const state = this.workos.pkce.generateCodeVerifier(43);\n\n const query = toQueryString({\n code_challenge: pkce.codeChallenge,\n code_challenge_method: 'S256',\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n const url = `${this.workos.baseURL}/sso/authorize?${query}`;\n\n return { url, state, codeVerifier: pkce.codeVerifier };\n }\n\n async getConnection(id: string): Promise<Connection> {\n const { data } = await this.workos.get<ConnectionResponse>(\n `/connections/${id}`,\n );\n\n return deserializeConnection(data);\n }\n\n /\n Exchange an authorization code for a profile and access token.\n \n Auto-detects public vs confidential client mode:\n * - If codeVerifier is provided: Uses PKCE flow (public client)\n * - If no codeVerifier: Uses client_secret from API key (confidential client)\n * - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)\n \n Using PKCE with confidential clients is recommended by OAuth 2.1 for defense\n * in depth and provides additional CSRF protection on the authorization flow.\n \n @throws Error if neither codeVerifier nor API key is available\n */\n async getProfileAndToken<\n CustomAttributesType extends UnknownRecord = UnknownRecord,\n >({\n code,\n clientId,\n codeVerifier,\n }: GetProfileAndTokenOptions): Promise<\n ProfileAndToken<CustomAttributesType>\n > {\n // Validate codeVerifier is not an empty string (common mistake)\n if (codeVerifier !== undefined && codeVerifier.trim() === '') {\n throw new TypeError(\n 'codeVerifier cannot be an empty string. ' +\n 'Generate a valid PKCE pair using workos.pkce.generate().',\n );\n }\n\n const hasApiKey = !!this.workos.key;\n const hasPKCE = !!codeVerifier;\n\n if (!hasPKCE && !hasApiKey) {\n throw new TypeError(\n 'getProfileAndToken requires either a codeVerifier (for public clients) ' +\n 'or an API key configured on the WorkOS instance (for confidential clients).',\n );\n }\n\n const form = new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n code,\n });\n\n // Support PKCE with confidential clients (OAuth 2.1 best practice)\n // Both can be sent together for defense in depth\n if (hasPKCE) {\n form.set('code_verifier', codeVerifier);\n }\n if (hasApiKey) {\n form.set('client_secret', this.workos.key as string);\n }\n\n const { data } = await this.workos.post<\n ProfileAndTokenResponse<CustomAttributesType>\n >('/sso/token', form, { skipApiKeyCheck: !hasApiKey });\n\n return deserializeProfileAndToken(data);\n }\n\n async getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({\n accessToken,\n }: GetProfileOptions): Promise<Profile<CustomAttributesType>> {\n const { data } = await this.workos.get<\n ProfileResponse<CustomAttributesType>\n >('/sso/profile', {\n accessToken,\n });\n\n return deserializeProfile(data);\n }\n}\n"],"mappings":";;;;;;;;;AA0BA,IAAa,MAAb,MAAiB;CACf,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAIC,mCACT,MAAMC,kDACJ,KAAK,QACL,gBACAC,qDACA,UAAUC,4EAAgC,QAAQ,GAAG,OACtD,GACA,WACCF,kDACE,KAAK,QACL,gBACAC,qDACA,OACD,EACH,UAAUC,4EAAgC,QAAQ,GAAG,OACtD;;CAEH,MAAM,iBAAiB,IAAY;AACjC,QAAM,KAAK,OAAO,OAAO,gBAAgB,KAAK;;CAGhD,oBAAoB,SAA6C;EAC/D,MAAM,EACJ,eACA,qBACA,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,aACA,UACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAGH,MAAM,QAAQC,mCAAc;GAC1B,gBAAgB;GAChB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAEF,SAAO,GAAG,KAAK,OAAO,QAAQ,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BjD,MAAM,4BACJ,SAIwC;EACxC,MAAM,EACJ,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,gBACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAIH,MAAM,OAAO,MAAM,KAAK,OAAO,KAAK,UAAU;EAG9C,MAAM,QAAQ,KAAK,OAAO,KAAK,qBAAqB,GAAG;EAEvD,MAAM,QAAQA,mCAAc;GAC1B,gBAAgB,KAAK;GACrB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAIF,SAAO;GAAE,KAFG,GAAG,KAAK,OAAO,QAAQ,iBAAiB;GAEtC;GAAO,cAAc,KAAK;GAAc;;CAGxD,MAAM,cAAc,IAAiC;EACnD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,KACjB;AAED,SAAOF,oDAAsB,KAAK;;;;;;;;;;;;;;;CAgBpC,MAAM,mBAEJ,EACA,MACA,UACA,gBAGA;AAEA,MAAI,iBAAiB,UAAa,aAAa,MAAM,KAAK,GACxD,OAAM,IAAI,UACR,mGAED;EAGH,MAAM,YAAY,CAAC,CAAC,KAAK,OAAO;EAChC,MAAM,UAAU,CAAC,CAAC;AAElB,MAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,UACR,qJAED;EAGH,MAAM,OAAO,IAAI,gBAAgB;GAC/B,WAAW;GACX,YAAY;GACZ;GACD,CAAC;AAIF,MAAI,QACF,MAAK,IAAI,iBAAiB,aAAa;AAEzC,MAAI,UACF,MAAK,IAAI,iBAAiB,KAAK,OAAO,IAAc;EAGtD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAEjC,cAAc,MAAM,EAAE,iBAAiB,CAAC,WAAW,CAAC;AAEtD,SAAOG,gEAA2B,KAAK;;CAGzC,MAAM,WAAuE,EAC3E,eAC4D;EAC5D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAEjC,gBAAgB,EAChB,aACD,CAAC;AAEF,SAAOC,8CAAmB,KAAK"}
1	+ {"version":3,"file":"sso-D_9tMqlC.cjs","names":["workos: WorkOS","AutoPaginatable","fetchAndDeserialize","deserializeConnection","serializeListConnectionsOptions","toQueryString","deserializeProfileAndToken","deserializeProfile"],"sources":["../src/sso/sso.ts"],"sourcesContent":["import { UnknownRecord } from '../common/interfaces/unknown-record.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { toQueryString } from '../common/utils/query-string';\nimport { WorkOS } from '../workos';\nimport {\n Connection,\n ConnectionResponse,\n GetProfileAndTokenOptions,\n GetProfileOptions,\n ListConnectionsOptions,\n Profile,\n ProfileAndToken,\n ProfileAndTokenResponse,\n ProfileResponse,\n SSOAuthorizationURLOptions,\n SSOPKCEAuthorizationURLResult,\n SerializedListConnectionsOptions,\n} from './interfaces';\nimport {\n deserializeConnection,\n deserializeProfile,\n deserializeProfileAndToken,\n serializeListConnectionsOptions,\n} from './serializers';\n\nexport class SSO {\n constructor(private readonly workos: WorkOS) {}\n\n async listConnections(\n options?: ListConnectionsOptions,\n ): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n options ? serializeListConnectionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n params,\n ),\n options ? serializeListConnectionsOptions(options) : undefined,\n );\n }\n async deleteConnection(id: string) {\n await this.workos.delete(`/connections/${id}`);\n }\n\n getAuthorizationUrl(options: SSOAuthorizationURLOptions): string {\n const {\n codeChallenge,\n codeChallengeMethod,\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n state,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n const query = toQueryString({\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n return `${this.workos.baseURL}/sso/authorize?${query}`;\n }\n\n /*\n Generates an authorization URL with PKCE parameters automatically generated.\n * Use this for public clients (CLI apps, Electron, mobile) that cannot\n * securely store a client secret.\n \n @returns Object containing url, state, and codeVerifier\n \n @example\n * ```typescript\n * const { url, state, codeVerifier } = await workos.sso.getAuthorizationUrlWithPKCE({\n * connection: 'conn_123',\n * clientId: 'client_123',\n * redirectUri: 'myapp://callback',\n * });\n \n // Store state and codeVerifier securely, then redirect user to url\n * // After callback, exchange the code:\n * const { profile, accessToken } = await workos.sso.getProfileAndToken({\n * code: authorizationCode,\n * codeVerifier,\n * clientId: 'client_123',\n * });\n * ```\n /\n async getAuthorizationUrlWithPKCE(\n options: Omit<\n SSOAuthorizationURLOptions,\n 'codeChallenge' \| 'codeChallengeMethod' \| 'state'\n >,\n ): Promise<SSOPKCEAuthorizationURLResult> {\n const {\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n // Generate PKCE parameters\n const pkce = await this.workos.pkce.generate();\n\n // Generate secure random state\n const state = this.workos.pkce.generateCodeVerifier(43);\n\n const query = toQueryString({\n code_challenge: pkce.codeChallenge,\n code_challenge_method: 'S256',\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n const url = `${this.workos.baseURL}/sso/authorize?${query}`;\n\n return { url, state, codeVerifier: pkce.codeVerifier };\n }\n\n async getConnection(id: string): Promise<Connection> {\n const { data } = await this.workos.get<ConnectionResponse>(\n `/connections/${id}`,\n );\n\n return deserializeConnection(data);\n }\n\n /\n Exchange an authorization code for a profile and access token.\n \n Auto-detects public vs confidential client mode:\n * - If codeVerifier is provided: Uses PKCE flow (public client)\n * - If no codeVerifier: Uses client_secret from API key (confidential client)\n * - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)\n \n Using PKCE with confidential clients is recommended by OAuth 2.1 for defense\n * in depth and provides additional CSRF protection on the authorization flow.\n \n @throws Error if neither codeVerifier nor API key is available\n */\n async getProfileAndToken<\n CustomAttributesType extends UnknownRecord = UnknownRecord,\n >({\n code,\n clientId,\n codeVerifier,\n }: GetProfileAndTokenOptions): Promise<\n ProfileAndToken<CustomAttributesType>\n > {\n // Validate codeVerifier is not an empty string (common mistake)\n if (codeVerifier !== undefined && codeVerifier.trim() === '') {\n throw new TypeError(\n 'codeVerifier cannot be an empty string. ' +\n 'Generate a valid PKCE pair using workos.pkce.generate().',\n );\n }\n\n const hasApiKey = !!this.workos.key;\n const hasPKCE = !!codeVerifier;\n\n if (!hasPKCE && !hasApiKey) {\n throw new TypeError(\n 'getProfileAndToken requires either a codeVerifier (for public clients) ' +\n 'or an API key configured on the WorkOS instance (for confidential clients).',\n );\n }\n\n const form = new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n code,\n });\n\n // Support PKCE with confidential clients (OAuth 2.1 best practice)\n // Both can be sent together for defense in depth\n if (hasPKCE) {\n form.set('code_verifier', codeVerifier);\n }\n if (hasApiKey) {\n form.set('client_secret', this.workos.key as string);\n }\n\n const { data } = await this.workos.post<\n ProfileAndTokenResponse<CustomAttributesType>\n >('/sso/token', form, { skipApiKeyCheck: !hasApiKey });\n\n return deserializeProfileAndToken(data);\n }\n\n async getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({\n accessToken,\n }: GetProfileOptions): Promise<Profile<CustomAttributesType>> {\n const { data } = await this.workos.get<\n ProfileResponse<CustomAttributesType>\n >('/sso/profile', {\n accessToken,\n });\n\n return deserializeProfile(data);\n }\n}\n"],"mappings":";;;;;;;;;AA0BA,IAAa,MAAb,MAAiB;CACf,YAAY,AAAiBA,QAAgB;EAAhB;;CAE7B,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAIC,mCACT,MAAMC,kDACJ,KAAK,QACL,gBACAC,qDACA,UAAUC,4EAAgC,QAAQ,GAAG,OACtD,GACA,WACCF,kDACE,KAAK,QACL,gBACAC,qDACA,OACD,EACH,UAAUC,4EAAgC,QAAQ,GAAG,OACtD;;CAEH,MAAM,iBAAiB,IAAY;AACjC,QAAM,KAAK,OAAO,OAAO,gBAAgB,KAAK;;CAGhD,oBAAoB,SAA6C;EAC/D,MAAM,EACJ,eACA,qBACA,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,aACA,UACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAGH,MAAM,QAAQC,mCAAc;GAC1B,gBAAgB;GAChB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAEF,SAAO,GAAG,KAAK,OAAO,QAAQ,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BjD,MAAM,4BACJ,SAIwC;EACxC,MAAM,EACJ,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,gBACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAIH,MAAM,OAAO,MAAM,KAAK,OAAO,KAAK,UAAU;EAG9C,MAAM,QAAQ,KAAK,OAAO,KAAK,qBAAqB,GAAG;EAEvD,MAAM,QAAQA,mCAAc;GAC1B,gBAAgB,KAAK;GACrB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAIF,SAAO;GAAE,KAFG,GAAG,KAAK,OAAO,QAAQ,iBAAiB;GAEtC;GAAO,cAAc,KAAK;GAAc;;CAGxD,MAAM,cAAc,IAAiC;EACnD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,KACjB;AAED,SAAOF,oDAAsB,KAAK;;;;;;;;;;;;;;;CAgBpC,MAAM,mBAEJ,EACA,MACA,UACA,gBAGA;AAEA,MAAI,iBAAiB,UAAa,aAAa,MAAM,KAAK,GACxD,OAAM,IAAI,UACR,mGAED;EAGH,MAAM,YAAY,CAAC,CAAC,KAAK,OAAO;EAChC,MAAM,UAAU,CAAC,CAAC;AAElB,MAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,UACR,qJAED;EAGH,MAAM,OAAO,IAAI,gBAAgB;GAC/B,WAAW;GACX,YAAY;GACZ;GACD,CAAC;AAIF,MAAI,QACF,MAAK,IAAI,iBAAiB,aAAa;AAEzC,MAAI,UACF,MAAK,IAAI,iBAAiB,KAAK,OAAO,IAAc;EAGtD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAEjC,cAAc,MAAM,EAAE,iBAAiB,CAAC,WAAW,CAAC;AAEtD,SAAOG,gEAA2B,KAAK;;CAGzC,MAAM,WAAuE,EAC3E,eAC4D;EAC5D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAEjC,gBAAgB,EAChB,aACD,CAAC;AAEF,SAAOC,8CAAmB,KAAK"}

package/lib/{unauthorized.exception-DJ5xylS-.d.cts → unauthorized.exception-D6PAzuDw.d.cts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { t as RequestException } from "./request-exception.interface-DXrL5xJL.cjs";
+import { t as RequestException } from "./request-exception.interface-CuuezHgg.cjs";
 //#region src/common/exceptions/unauthorized.exception.d.ts
 declare class UnauthorizedException extends Error implements RequestException {
@@ -10,4 +10,4 @@ declare class UnauthorizedException extends Error implements RequestException {
 }
 //#endregion
 export { UnauthorizedException as t };
-//# sourceMappingURL=unauthorized.exception-DJ5xylS-.d.cts.map
+//# sourceMappingURL=unauthorized.exception-D6PAzuDw.d.cts.map

package/lib/{unprocessable-entity-error.interface-Cz6BURFm.d.cts → unprocessable-entity-error.interface-sHivwO3Z.d.cts} RENAMED Viewed

@@ -5,4 +5,4 @@ interface UnprocessableEntityError {
 }
 //#endregion
 export { UnprocessableEntityError as t };
-//# sourceMappingURL=unprocessable-entity-error.interface-Cz6BURFm.d.cts.map
+//# sourceMappingURL=unprocessable-entity-error.interface-sHivwO3Z.d.cts.map

package/lib/{unprocessable-entity.exception-C-wX8JBR.d.cts → unprocessable-entity.exception-B6blaqq0.d.cts} RENAMED Viewed

@@ -1,5 +1,5 @@
-import { t as UnprocessableEntityError } from "./unprocessable-entity-error.interface-Cz6BURFm.cjs";
-import { t as RequestException } from "./request-exception.interface-DXrL5xJL.cjs";
+import { t as UnprocessableEntityError } from "./unprocessable-entity-error.interface-sHivwO3Z.cjs";
+import { t as RequestException } from "./request-exception.interface-CuuezHgg.cjs";
 //#region src/common/exceptions/unprocessable-entity.exception.d.ts
 declare class UnprocessableEntityException extends Error implements RequestException {
@@ -22,4 +22,4 @@ declare class UnprocessableEntityException extends Error implements RequestExcep
 }
 //#endregion
 export { UnprocessableEntityException as t };
-//# sourceMappingURL=unprocessable-entity.exception-C-wX8JBR.d.cts.map
+//# sourceMappingURL=unprocessable-entity.exception-B6blaqq0.d.cts.map

package/lib/{update-authorization-resource-by-external-id-options.serializer-mJfmRL1W.d.cts → update-authorization-resource-by-external-id-options.serializer-CKKinNuy.d.cts} RENAMED Viewed

@@ -5,4 +5,4 @@ import { t as UpdateAuthorizationResourceByExternalIdOptions } from "./update-au
 declare const serializeUpdateResourceByExternalIdOptions: (options: UpdateAuthorizationResourceByExternalIdOptions) => SerializedUpdateAuthorizationResourceOptions;
 //#endregion
 export { serializeUpdateResourceByExternalIdOptions as t };
-//# sourceMappingURL=update-authorization-resource-by-external-id-options.serializer-mJfmRL1W.d.cts.map
+//# sourceMappingURL=update-authorization-resource-by-external-id-options.serializer-CKKinNuy.d.cts.map

package/lib/{update-authorization-resource-options.serializer-DXLx8new.d.cts → update-authorization-resource-options.serializer-BGRYW1ci.d.cts} RENAMED Viewed

@@ -4,4 +4,4 @@ import { l as SerializedUpdateAuthorizationResourceOptions, u as UpdateAuthoriza
 declare const serializeUpdateResourceOptions: (options: UpdateAuthorizationResourceOptions) => SerializedUpdateAuthorizationResourceOptions;
 //#endregion
 export { serializeUpdateResourceOptions as t };
-//# sourceMappingURL=update-authorization-resource-options.serializer-DXLx8new.d.cts.map
+//# sourceMappingURL=update-authorization-resource-options.serializer-BGRYW1ci.d.cts.map

package/lib/{update-environment-role-options.serializer-BaPLpNDa.d.cts → update-environment-role-options.serializer-2Ov89Yww.d.cts} RENAMED Viewed

@@ -4,4 +4,4 @@ import { n as UpdateEnvironmentRoleOptions, t as SerializedUpdateEnvironmentRole
 declare const serializeUpdateEnvironmentRoleOptions: (options: UpdateEnvironmentRoleOptions) => SerializedUpdateEnvironmentRoleOptions;
 //#endregion
 export { serializeUpdateEnvironmentRoleOptions as t };
-//# sourceMappingURL=update-environment-role-options.serializer-BaPLpNDa.d.cts.map
+//# sourceMappingURL=update-environment-role-options.serializer-2Ov89Yww.d.cts.map

package/lib/{update-object.interface-C8y9e8Lt.d.cts → update-object.interface-EhYczOkX.d.cts} RENAMED Viewed

@@ -10,4 +10,4 @@ interface UpdateObjectOptions {
 }
 //#endregion
 export { UpdateObjectOptions as n, UpdateObjectEntity as t };
-//# sourceMappingURL=update-object.interface-C8y9e8Lt.d.cts.map
+//# sourceMappingURL=update-object.interface-EhYczOkX.d.cts.map