workos 0.11.2 → 0.12.0-beta.1

package/dist/emulate/workos/routes/pipes.js

@@ -0,0 +1,86 @@
+import { notFound, validationError, parseJsonBody } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatPipeConnection, parseListParams } from '../helpers.js';
+const VALID_PROVIDERS = ['github', 'slack', 'google', 'salesforce'];
+export function pipeRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    app.post('/pipes/connections', async (c) => {
+        const body = await parseJsonBody(c);
+        const userId = body.user_id;
+        const provider = body.provider;
+        const scopes = body.scopes ?? [];
+        if (!userId) {
+            throw validationError('user_id is required', [{ field: 'user_id', code: 'required' }]);
+        }
+        if (!provider) {
+            throw validationError('provider is required', [{ field: 'provider', code: 'required' }]);
+        }
+        if (!VALID_PROVIDERS.includes(provider)) {
+            throw validationError(`provider must be one of: ${VALID_PROVIDERS.join(', ')}`, [
+                { field: 'provider', code: 'invalid' },
+            ]);
+        }
+        const conn = ws.pipeConnections.insert({
+            object: 'pipe_connection',
+            user_id: userId,
+            provider,
+            scopes,
+            status: 'connected',
+            external_account_id: body.external_account_id ?? null,
+        });
+        return c.json(formatPipeConnection(conn), 201);
+    });
+    app.get('/pipes/connections', (c) => {
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const userIdFilter = url.searchParams.get('user_id') ?? undefined;
+        const providerFilter = url.searchParams.get('provider') ?? undefined;
+        const result = ws.pipeConnections.list({
+            ...params,
+            filter: (pc) => {
+                if (userIdFilter && pc.user_id !== userIdFilter)
+                    return false;
+                if (providerFilter && pc.provider !== providerFilter)
+                    return false;
+                return true;
+            },
+        });
+        return c.json({
+            object: 'list',
+            data: result.data.map(formatPipeConnection),
+            list_metadata: result.list_metadata,
+        });
+    });
+    app.get('/pipes/connections/:id', (c) => {
+        const conn = ws.pipeConnections.get(c.req.param('id'));
+        if (!conn)
+            throw notFound('Pipe connection');
+        return c.json(formatPipeConnection(conn));
+    });
+    app.delete('/pipes/connections/:id', (c) => {
+        const conn = ws.pipeConnections.get(c.req.param('id'));
+        if (!conn)
+            throw notFound('Pipe connection');
+        ws.pipeConnections.delete(conn.id);
+        return c.body(null, 204);
+    });
+    app.post('/pipes/connections/:id/access_token', (c) => {
+        const conn = ws.pipeConnections.get(c.req.param('id'));
+        if (!conn)
+            throw notFound('Pipe connection');
+        if (conn.status !== 'connected') {
+            return c.json({
+                error: 'connection_inactive',
+                message: `Connection is ${conn.status}`,
+            }, 400);
+        }
+        return c.json({
+            access_token: `pipes_mock_${conn.provider}_${conn.user_id}`,
+            token_type: 'bearer',
+            scopes: conn.scopes,
+            expires_in: 3600,
+        });
+    });
+}
+//# sourceMappingURL=pipes.js.map

package/dist/emulate/workos/routes/pipes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pipes.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/pipes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAGtE,MAAM,eAAe,GAAmB,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;AAEpF,MAAM,UAAU,UAAU,CAAC,GAAiB;IAC1C,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACzC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,OAA6B,CAAC;QAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAoC,CAAC;QAC3D,MAAM,MAAM,GAAI,IAAI,CAAC,MAAmB,IAAI,EAAE,CAAC;QAE/C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,eAAe,CAAC,qBAAqB,EAAE,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACzF,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,eAAe,CAAC,sBAAsB,EAAE,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,MAAM,eAAe,CAAC,4BAA4B,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;gBAC9E,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;aACvC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC;YACrC,MAAM,EAAE,iBAAiB;YACzB,OAAO,EAAE,MAAM;YACf,QAAQ;YACR,MAAM;YACN,MAAM,EAAE,WAAW;YACnB,mBAAmB,EAAG,IAAI,CAAC,mBAA8B,IAAI,IAAI;SAClE,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,CAAC,EAAE,EAAE;QAClC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC;QAClE,MAAM,cAAc,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC;QAErE,MAAM,MAAM,GAAG,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;YACrC,GAAG,MAAM;YACT,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE;gBACb,IAAI,YAAY,IAAI,EAAE,CAAC,OAAO,KAAK,YAAY;oBAAE,OAAO,KAAK,CAAC;gBAC9D,IAAI,cAAc,IAAI,EAAE,CAAC,QAAQ,KAAK,cAAc;oBAAE,OAAO,KAAK,CAAC;gBACnE,OAAO,IAAI,CAAC;YACd,CAAC;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC;YAC3C,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC,CAAC,EAAE,EAAE;QACtC,MAAM,IAAI,GAAG,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QAC7C,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC,CAAC,EAAE,EAAE;QACzC,MAAM,IAAI,GAAG,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QAC7C,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAChC,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE,qBAAqB;gBAC5B,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,EAAE;aACxC,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,YAAY,EAAE,cAAc,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,EAAE;YAC3D,UAAU,EAAE,QAAQ;YACpB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatPipeConnection, parseListParams } from '../helpers.js';\nimport type { PipeProvider } from '../entities.js';\n\nconst VALID_PROVIDERS: PipeProvider[] = ['github', 'slack', 'google', 'salesforce'];\n\nexport function pipeRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  app.post('/pipes/connections', async (c) => {\n    const body = await parseJsonBody(c);\n    const userId = body.user_id as string | undefined;\n    const provider = body.provider as PipeProvider | undefined;\n    const scopes = (body.scopes as string[]) ?? [];\n\n    if (!userId) {\n      throw validationError('user_id is required', [{ field: 'user_id', code: 'required' }]);\n    }\n    if (!provider) {\n      throw validationError('provider is required', [{ field: 'provider', code: 'required' }]);\n    }\n    if (!VALID_PROVIDERS.includes(provider)) {\n      throw validationError(`provider must be one of: ${VALID_PROVIDERS.join(', ')}`, [\n        { field: 'provider', code: 'invalid' },\n      ]);\n    }\n\n    const conn = ws.pipeConnections.insert({\n      object: 'pipe_connection',\n      user_id: userId,\n      provider,\n      scopes,\n      status: 'connected',\n      external_account_id: (body.external_account_id as string) ?? null,\n    });\n\n    return c.json(formatPipeConnection(conn), 201);\n  });\n\n  app.get('/pipes/connections', (c) => {\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n    const userIdFilter = url.searchParams.get('user_id') ?? undefined;\n    const providerFilter = url.searchParams.get('provider') ?? undefined;\n\n    const result = ws.pipeConnections.list({\n      ...params,\n      filter: (pc) => {\n        if (userIdFilter && pc.user_id !== userIdFilter) return false;\n        if (providerFilter && pc.provider !== providerFilter) return false;\n        return true;\n      },\n    });\n\n    return c.json({\n      object: 'list',\n      data: result.data.map(formatPipeConnection),\n      list_metadata: result.list_metadata,\n    });\n  });\n\n  app.get('/pipes/connections/:id', (c) => {\n    const conn = ws.pipeConnections.get(c.req.param('id'));\n    if (!conn) throw notFound('Pipe connection');\n    return c.json(formatPipeConnection(conn));\n  });\n\n  app.delete('/pipes/connections/:id', (c) => {\n    const conn = ws.pipeConnections.get(c.req.param('id'));\n    if (!conn) throw notFound('Pipe connection');\n    ws.pipeConnections.delete(conn.id);\n    return c.body(null, 204);\n  });\n\n  app.post('/pipes/connections/:id/access_token', (c) => {\n    const conn = ws.pipeConnections.get(c.req.param('id'));\n    if (!conn) throw notFound('Pipe connection');\n    if (conn.status !== 'connected') {\n      return c.json(\n        {\n          error: 'connection_inactive',\n          message: `Connection is ${conn.status}`,\n        },\n        400,\n      );\n    }\n\n    return c.json({\n      access_token: `pipes_mock_${conn.provider}_${conn.user_id}`,\n      token_type: 'bearer',\n      scopes: conn.scopes,\n      expires_in: 3600,\n    });\n  });\n}\n"]}

package/dist/emulate/workos/routes/portal.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function portalRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/portal.js

@@ -0,0 +1,18 @@
+import { parseJsonBody, validationError } from '../../core/index.js';
+export function portalRoutes(ctx) {
+    const { app } = ctx;
+    app.post('/portal/generate_link', async (c) => {
+        const body = await parseJsonBody(c);
+        const intent = body.intent;
+        const organization = body.organization;
+        if (!intent) {
+            throw validationError('intent is required', [{ field: 'intent', code: 'required' }]);
+        }
+        if (!organization) {
+            throw validationError('organization is required', [{ field: 'organization', code: 'required' }]);
+        }
+        const baseUrl = new URL(c.req.url).origin;
+        return c.json({ link: `${baseUrl}/portal/${intent}/${organization}` });
+    });
+}
+//# sourceMappingURL=portal.js.map

package/dist/emulate/workos/routes/portal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/portal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,aAAa,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAExF,MAAM,UAAU,YAAY,CAAC,GAAiB;IAC5C,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAEpB,GAAG,CAAC,IAAI,CAAC,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5C,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAA4B,CAAC;QACjD,MAAM,YAAY,GAAG,IAAI,CAAC,YAAkC,CAAC;QAE7D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,eAAe,CAAC,oBAAoB,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACvF,CAAC;QACD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,0BAA0B,EAAE,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACnG,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QAC1C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,OAAO,WAAW,MAAM,IAAI,YAAY,EAAE,EAAE,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, parseJsonBody, validationError } from '../../core/index.js';\n\nexport function portalRoutes(ctx: RouteContext): void {\n  const { app } = ctx;\n\n  app.post('/portal/generate_link', async (c) => {\n    const body = await parseJsonBody(c);\n    const intent = body.intent as string | undefined;\n    const organization = body.organization as string | undefined;\n\n    if (!intent) {\n      throw validationError('intent is required', [{ field: 'intent', code: 'required' }]);\n    }\n    if (!organization) {\n      throw validationError('organization is required', [{ field: 'organization', code: 'required' }]);\n    }\n\n    const baseUrl = new URL(c.req.url).origin;\n    return c.json({ link: `${baseUrl}/portal/${intent}/${organization}` });\n  });\n}\n"]}

package/dist/emulate/workos/routes/radar.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function radarRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/radar.js

@@ -0,0 +1,45 @@
+import { notFound, parseJsonBody } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatRadarAttempt, parseListParams } from '../helpers.js';
+export function radarRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    // List attempts
+    app.get('/radar/attempts', (c) => {
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const result = ws.radarAttempts.list({ ...params });
+        return c.json({
+            object: 'list',
+            data: result.data.map(formatRadarAttempt),
+            list_metadata: result.list_metadata,
+        });
+    });
+    // Get attempt
+    app.get('/radar/attempts/:id', (c) => {
+        const attempt = ws.radarAttempts.get(c.req.param('id'));
+        if (!attempt)
+            throw notFound('RadarAttempt');
+        return c.json(formatRadarAttempt(attempt));
+    });
+    // Manage allow/deny lists
+    app.post('/radar/lists/:type/:action', async (c) => {
+        const listType = c.req.param('type');
+        const action = c.req.param('action');
+        const body = await parseJsonBody(c);
+        const entries = body.entries ?? [];
+        const key = `radar_${listType}_list`;
+        const existing = store.getData(key) ?? new Set();
+        if (action === 'add') {
+            for (const entry of entries)
+                existing.add(entry);
+        }
+        else if (action === 'remove') {
+            for (const entry of entries)
+                existing.delete(entry);
+        }
+        store.setData(key, existing);
+        return c.json({ success: true });
+    });
+}
+//# sourceMappingURL=radar.js.map

package/dist/emulate/workos/routes/radar.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"radar.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/radar.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEpE,MAAM,UAAU,WAAW,CAAC,GAAiB;IAC3C,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,gBAAgB;IAChB,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC,EAAE,EAAE;QAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;YACzC,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,cAAc;IACd,GAAG,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC,CAAC,EAAE,EAAE;QACnC,MAAM,OAAO,GAAG,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO;YAAE,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC7C,OAAO,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAC1B,GAAG,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjD,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAAI,IAAI,CAAC,OAAoB,IAAI,EAAE,CAAC;QAEjD,MAAM,GAAG,GAAG,SAAS,QAAQ,OAAO,CAAC;QACrC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAc,GAAG,CAAC,IAAI,IAAI,GAAG,EAAU,CAAC;QAEtE,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrB,KAAK,MAAM,KAAK,IAAI,OAAO;gBAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,KAAK,MAAM,KAAK,IAAI,OAAO;gBAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtD,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, parseJsonBody } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatRadarAttempt, parseListParams } from '../helpers.js';\n\nexport function radarRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  // List attempts\n  app.get('/radar/attempts', (c) => {\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n    const result = ws.radarAttempts.list({ ...params });\n    return c.json({\n      object: 'list',\n      data: result.data.map(formatRadarAttempt),\n      list_metadata: result.list_metadata,\n    });\n  });\n\n  // Get attempt\n  app.get('/radar/attempts/:id', (c) => {\n    const attempt = ws.radarAttempts.get(c.req.param('id'));\n    if (!attempt) throw notFound('RadarAttempt');\n    return c.json(formatRadarAttempt(attempt));\n  });\n\n  // Manage allow/deny lists\n  app.post('/radar/lists/:type/:action', async (c) => {\n    const listType = c.req.param('type');\n    const action = c.req.param('action');\n    const body = await parseJsonBody(c);\n    const entries = (body.entries as string[]) ?? [];\n\n    const key = `radar_${listType}_list`;\n    const existing = store.getData<Set<string>>(key) ?? new Set<string>();\n\n    if (action === 'add') {\n      for (const entry of entries) existing.add(entry);\n    } else if (action === 'remove') {\n      for (const entry of entries) existing.delete(entry);\n    }\n\n    store.setData(key, existing);\n    return c.json({ success: true });\n  });\n}\n"]}

package/dist/emulate/workos/routes/sessions.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function sessionRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/sessions.js

@@ -0,0 +1,51 @@
+import { notFound, parseJsonBody, WorkOSApiError } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatSession, assertLocalRedirectUri } from '../helpers.js';
+export function sessionRoutes(ctx) {
+    const { app, store, jwt } = ctx;
+    const ws = getWorkOSStore(store);
+    app.get('/user_management/users/:id/sessions', (c) => {
+        const user = ws.users.get(c.req.param('id'));
+        if (!user)
+            throw notFound('User');
+        const sessions = ws.sessions.findBy('user_id', user.id);
+        return c.json({
+            object: 'list',
+            data: sessions.map(formatSession),
+            list_metadata: { before: null, after: null },
+        });
+    });
+    app.post('/user_management/sessions/revoke', async (c) => {
+        const body = await parseJsonBody(c);
+        const sessionId = body.session_id;
+        if (!sessionId) {
+            throw new WorkOSApiError(400, 'session_id is required', 'invalid_request');
+        }
+        const session = ws.sessions.get(sessionId);
+        if (!session)
+            throw notFound('Session');
+        ws.sessions.delete(session.id);
+        return c.json({ success: true });
+    });
+    // Public endpoint — no auth required (security: [])
+    app.get('/user_management/sessions/logout', (c) => {
+        const url = new URL(c.req.url);
+        const sessionId = url.searchParams.get('session_id');
+        const returnTo = url.searchParams.get('return_to');
+        if (!sessionId) {
+            throw new WorkOSApiError(422, 'session_id is required', 'invalid_request');
+        }
+        const session = ws.sessions.get(sessionId);
+        if (session)
+            ws.sessions.delete(session.id);
+        if (returnTo) {
+            assertLocalRedirectUri(returnTo);
+            return c.redirect(returnTo);
+        }
+        return c.json({ success: true });
+    });
+    app.get('/user_management/sessions/jwks/:clientId', (c) => {
+        return c.json(jwt.getJWKS());
+    });
+}
+//# sourceMappingURL=sessions.js.map

package/dist/emulate/workos/routes/sessions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/sessions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AAEtE,MAAM,UAAU,aAAa,CAAC,GAAiB;IAC7C,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAChC,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,GAAG,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE,EAAE;QACnD,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,aAAa,CAAC;YACjC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACvD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAgC,CAAC;QACxD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,wBAAwB,EAAE,iBAAiB,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO;YAAE,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC;QAExC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,GAAG,CAAC,GAAG,CAAC,kCAAkC,EAAE,CAAC,CAAC,EAAE,EAAE;QAChD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAEnD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,wBAAwB,EAAE,iBAAiB,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,OAAO;YAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE5C,IAAI,QAAQ,EAAE,CAAC;YACb,sBAAsB,CAAC,QAAQ,CAAC,CAAC;YACjC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,0CAA0C,EAAE,CAAC,CAAC,EAAE,EAAE;QACxD,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, parseJsonBody, WorkOSApiError } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatSession, assertLocalRedirectUri } from '../helpers.js';\n\nexport function sessionRoutes(ctx: RouteContext): void {\n  const { app, store, jwt } = ctx;\n  const ws = getWorkOSStore(store);\n\n  app.get('/user_management/users/:id/sessions', (c) => {\n    const user = ws.users.get(c.req.param('id'));\n    if (!user) throw notFound('User');\n\n    const sessions = ws.sessions.findBy('user_id', user.id);\n    return c.json({\n      object: 'list',\n      data: sessions.map(formatSession),\n      list_metadata: { before: null, after: null },\n    });\n  });\n\n  app.post('/user_management/sessions/revoke', async (c) => {\n    const body = await parseJsonBody(c);\n    const sessionId = body.session_id as string | undefined;\n    if (!sessionId) {\n      throw new WorkOSApiError(400, 'session_id is required', 'invalid_request');\n    }\n\n    const session = ws.sessions.get(sessionId);\n    if (!session) throw notFound('Session');\n\n    ws.sessions.delete(session.id);\n    return c.json({ success: true });\n  });\n\n  // Public endpoint — no auth required (security: [])\n  app.get('/user_management/sessions/logout', (c) => {\n    const url = new URL(c.req.url);\n    const sessionId = url.searchParams.get('session_id');\n    const returnTo = url.searchParams.get('return_to');\n\n    if (!sessionId) {\n      throw new WorkOSApiError(422, 'session_id is required', 'invalid_request');\n    }\n\n    const session = ws.sessions.get(sessionId);\n    if (session) ws.sessions.delete(session.id);\n\n    if (returnTo) {\n      assertLocalRedirectUri(returnTo);\n      return c.redirect(returnTo);\n    }\n    return c.json({ success: true });\n  });\n\n  app.get('/user_management/sessions/jwks/:clientId', (c) => {\n    return c.json(jwt.getJWKS());\n  });\n}\n"]}

package/dist/emulate/workos/routes/sso.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function ssoRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/sso.js

@@ -0,0 +1,160 @@
+import { parseJsonBody, WorkOSApiError, generateId } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatSSOProfile, expiresIn, isExpired, assertLocalRedirectUri } from '../helpers.js';
+export function ssoRoutes(ctx) {
+    const { app, store, jwt } = ctx;
+    const ws = getWorkOSStore(store);
+    app.get('/sso/authorize', (c) => {
+        const url = new URL(c.req.url);
+        const redirectUri = url.searchParams.get('redirect_uri');
+        const state = url.searchParams.get('state');
+        const connectionId = url.searchParams.get('connection');
+        const organizationId = url.searchParams.get('organization');
+        const domainHint = url.searchParams.get('domain_hint');
+        const loginHint = url.searchParams.get('login_hint');
+        if (!redirectUri) {
+            throw new WorkOSApiError(400, 'Missing required parameter: redirect_uri', 'invalid_request');
+        }
+        assertLocalRedirectUri(redirectUri);
+        let connection;
+        if (connectionId) {
+            connection = ws.connections.get(connectionId);
+        }
+        else if (organizationId) {
+            connection = ws.connections.findBy('organization_id', organizationId).find((c) => c.state === 'active');
+        }
+        else if (domainHint) {
+            connection = ws.connections
+                .all()
+                .find((c) => c.state === 'active' && c.domains.some((d) => d.domain === domainHint));
+        }
+        if (!connection || connection.state !== 'active') {
+            throw new WorkOSApiError(404, 'No active connection found', 'connection_not_found');
+        }
+        const email = loginHint ?? `user@${connection.domains[0]?.domain ?? 'example.com'}`;
+        let profile = ws.ssoProfiles.findOneBy('email', email);
+        if (!profile || profile.connection_id !== connection.id) {
+            profile = ws.ssoProfiles.insert({
+                object: 'profile',
+                connection_id: connection.id,
+                connection_type: connection.connection_type,
+                organization_id: connection.organization_id,
+                idp_id: `idp_${generateId('usr')}`,
+                email,
+                first_name: email.split('@')[0],
+                last_name: null,
+                groups: [],
+                raw_attributes: { email },
+            });
+        }
+        const authCode = ws.ssoAuthorizations.insert({
+            code: generateId('sso_code'),
+            connection_id: connection.id,
+            organization_id: connection.organization_id,
+            profile_id: profile.id,
+            redirect_uri: redirectUri,
+            state,
+            expires_at: expiresIn(10),
+        });
+        const redirect = new URL(redirectUri);
+        redirect.searchParams.set('code', authCode.code);
+        if (state)
+            redirect.searchParams.set('state', state);
+        return c.redirect(redirect.toString());
+    });
+    app.post('/sso/token', async (c) => {
+        const body = await parseJsonBody(c);
+        const grantType = body.grant_type;
+        const code = body.code;
+        if (grantType !== 'authorization_code') {
+            throw new WorkOSApiError(400, 'Unsupported grant_type', 'invalid_request');
+        }
+        if (!code) {
+            throw new WorkOSApiError(400, 'code is required', 'invalid_request');
+        }
+        const auth = ws.ssoAuthorizations.all().find((a) => a.code === code);
+        if (!auth) {
+            throw new WorkOSApiError(400, 'Invalid authorization code', 'invalid_code');
+        }
+        if (isExpired(auth.expires_at)) {
+            ws.ssoAuthorizations.delete(auth.id);
+            throw new WorkOSApiError(400, 'Authorization code has expired', 'expired_code');
+        }
+        const profile = ws.ssoProfiles.get(auth.profile_id);
+        if (!profile) {
+            throw new WorkOSApiError(500, 'Profile not found', 'server_error');
+        }
+        ws.ssoAuthorizations.delete(auth.id);
+        const accessToken = jwt.sign({
+            sub: profile.id,
+            aud: body.client_id ?? 'workos-emulate',
+            org_id: auth.organization_id,
+        });
+        store.setData(`sso_token:${accessToken}`, profile.id);
+        return c.json({
+            profile: formatSSOProfile(profile),
+            access_token: accessToken,
+        });
+    });
+    app.get('/sso/profile', (c) => {
+        const authHeader = c.req.header('Authorization');
+        if (!authHeader) {
+            throw new WorkOSApiError(401, 'Unauthorized', 'unauthorized');
+        }
+        const token = authHeader.replace(/^Bearer\s+/i, '').trim();
+        const profileId = store.getData(`sso_token:${token}`);
+        if (!profileId) {
+            try {
+                const payload = jwt.verify(token);
+                const profile = ws.ssoProfiles.get(payload.sub);
+                if (profile)
+                    return c.json(formatSSOProfile(profile));
+            }
+            catch {
+                // fall through
+            }
+            throw new WorkOSApiError(401, 'Invalid access token', 'unauthorized');
+        }
+        const profile = ws.ssoProfiles.get(profileId);
+        if (!profile) {
+            throw new WorkOSApiError(404, 'Profile not found', 'not_found');
+        }
+        return c.json(formatSSOProfile(profile));
+    });
+    app.get('/sso/jwks', (c) => {
+        return c.json(jwt.getJWKS());
+    });
+    // SSO Single Logout — generate logout token
+    app.post('/sso/logout/authorize', async (c) => {
+        const body = await parseJsonBody(c);
+        const profileId = body.profile_id;
+        if (!profileId) {
+            throw new WorkOSApiError(400, 'profile_id is required', 'invalid_request');
+        }
+        const profile = ws.ssoProfiles.get(profileId);
+        if (!profile) {
+            throw new WorkOSApiError(404, 'Profile not found', 'not_found');
+        }
+        const logoutToken = generateId('sso_logout');
+        store.setData(`sso_logout:${logoutToken}`, profile.id);
+        return c.json({
+            logout_token: logoutToken,
+            logout_url: `${ctx.baseUrl}/sso/logout?logout_token=${logoutToken}`,
+        });
+    });
+    // SSO Single Logout — redirect (public, no auth)
+    app.get('/sso/logout', (c) => {
+        const url = new URL(c.req.url);
+        const logoutToken = url.searchParams.get('logout_token');
+        if (!logoutToken) {
+            throw new WorkOSApiError(400, 'logout_token is required', 'invalid_request');
+        }
+        const profileId = store.getData(`sso_logout:${logoutToken}`);
+        if (!profileId) {
+            throw new WorkOSApiError(400, 'Invalid logout token', 'invalid_logout_token');
+        }
+        store.setData(`sso_logout:${logoutToken}`, undefined);
+        return c.json({ success: true });
+    });
+}
+//# sourceMappingURL=sso.js.map

package/dist/emulate/workos/routes/sso.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/sso.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,aAAa,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACnG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AAG/F,MAAM,UAAU,SAAS,CAAC,GAAiB;IACzC,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAChC,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5D,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAErD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,0CAA0C,EAAE,iBAAiB,CAAC,CAAC;QAC/F,CAAC;QACD,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAEpC,IAAI,UAAwC,CAAC;QAE7C,IAAI,YAAY,EAAE,CAAC;YACjB,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChD,CAAC;aAAM,IAAI,cAAc,EAAE,CAAC;YAC1B,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC;QAC1G,CAAC;aAAM,IAAI,UAAU,EAAE,CAAC;YACtB,UAAU,GAAG,EAAE,CAAC,WAAW;iBACxB,GAAG,EAAE;iBACL,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACjD,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,4BAA4B,EAAE,sBAAsB,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,KAAK,GAAG,SAAS,IAAI,QAAQ,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,aAAa,EAAE,CAAC;QACpF,IAAI,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,aAAa,KAAK,UAAU,CAAC,EAAE,EAAE,CAAC;YACxD,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;gBAC9B,MAAM,EAAE,SAAS;gBACjB,aAAa,EAAE,UAAU,CAAC,EAAE;gBAC5B,eAAe,EAAE,UAAU,CAAC,eAAe;gBAC3C,eAAe,EAAE,UAAU,CAAC,eAAe;gBAC3C,MAAM,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC,EAAE;gBAClC,KAAK;gBACL,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC/B,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,EAAE;gBACV,cAAc,EAAE,EAAE,KAAK,EAAE;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC;YAC3C,IAAI,EAAE,UAAU,CAAC,UAAU,CAAC;YAC5B,aAAa,EAAE,UAAU,CAAC,EAAE;YAC5B,eAAe,EAAE,UAAU,CAAC,eAAe;YAC3C,UAAU,EAAE,OAAO,CAAC,EAAE;YACtB,YAAY,EAAE,WAAW;YACzB,KAAK;YACL,UAAU,EAAE,SAAS,CAAC,EAAE,CAAC;SAC1B,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACtC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,KAAK;YAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACrD,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAoB,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAc,CAAC;QAEjC,IAAI,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACvC,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,wBAAwB,EAAE,iBAAiB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,4BAA4B,EAAE,cAAc,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrC,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,gCAAgC,EAAE,cAAc,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,mBAAmB,EAAE,cAAc,CAAC,CAAC;QACrE,CAAC;QAED,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAErC,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC;YAC3B,GAAG,EAAE,OAAO,CAAC,EAAE;YACf,GAAG,EAAG,IAAI,CAAC,SAAoB,IAAI,gBAAgB;YACnD,MAAM,EAAE,IAAI,CAAC,eAAe;SAC7B,CAAC,CAAC;QAEH,KAAK,CAAC,OAAO,CAAC,aAAa,WAAW,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAEtD,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC;YAClC,YAAY,EAAE,WAAW;SAC1B,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAE3D,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAS,aAAa,KAAK,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAClC,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAChD,IAAI,OAAO;oBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe;YACjB,CAAC;YACD,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,sBAAsB,EAAE,cAAc,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,mBAAmB,EAAE,WAAW,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE;QACzB,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,4CAA4C;IAC5C,GAAG,CAAC,IAAI,CAAC,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5C,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAoB,CAAC;QAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,wBAAwB,EAAE,iBAAiB,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,mBAAmB,EAAE,WAAW,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,WAAW,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;QAC7C,KAAK,CAAC,OAAO,CAAC,cAAc,WAAW,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAEvD,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,GAAG,GAAG,CAAC,OAAO,4BAA4B,WAAW,EAAE;SACpE,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,iDAAiD;IACjD,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE;QAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAEzD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,0BAA0B,EAAE,iBAAiB,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAS,cAAc,WAAW,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,cAAc,WAAW,EAAE,EAAE,SAAS,CAAC,CAAC;QACtD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, parseJsonBody, WorkOSApiError, generateId } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatSSOProfile, expiresIn, isExpired, assertLocalRedirectUri } from '../helpers.js';\nimport type { WorkOSConnection } from '../entities.js';\n\nexport function ssoRoutes(ctx: RouteContext): void {\n  const { app, store, jwt } = ctx;\n  const ws = getWorkOSStore(store);\n\n  app.get('/sso/authorize', (c) => {\n    const url = new URL(c.req.url);\n    const redirectUri = url.searchParams.get('redirect_uri');\n    const state = url.searchParams.get('state');\n    const connectionId = url.searchParams.get('connection');\n    const organizationId = url.searchParams.get('organization');\n    const domainHint = url.searchParams.get('domain_hint');\n    const loginHint = url.searchParams.get('login_hint');\n\n    if (!redirectUri) {\n      throw new WorkOSApiError(400, 'Missing required parameter: redirect_uri', 'invalid_request');\n    }\n    assertLocalRedirectUri(redirectUri);\n\n    let connection: WorkOSConnection | undefined;\n\n    if (connectionId) {\n      connection = ws.connections.get(connectionId);\n    } else if (organizationId) {\n      connection = ws.connections.findBy('organization_id', organizationId).find((c) => c.state === 'active');\n    } else if (domainHint) {\n      connection = ws.connections\n        .all()\n        .find((c) => c.state === 'active' && c.domains.some((d) => d.domain === domainHint));\n    }\n\n    if (!connection || connection.state !== 'active') {\n      throw new WorkOSApiError(404, 'No active connection found', 'connection_not_found');\n    }\n\n    const email = loginHint ?? `user@${connection.domains[0]?.domain ?? 'example.com'}`;\n    let profile = ws.ssoProfiles.findOneBy('email', email);\n    if (!profile || profile.connection_id !== connection.id) {\n      profile = ws.ssoProfiles.insert({\n        object: 'profile',\n        connection_id: connection.id,\n        connection_type: connection.connection_type,\n        organization_id: connection.organization_id,\n        idp_id: `idp_${generateId('usr')}`,\n        email,\n        first_name: email.split('@')[0],\n        last_name: null,\n        groups: [],\n        raw_attributes: { email },\n      });\n    }\n\n    const authCode = ws.ssoAuthorizations.insert({\n      code: generateId('sso_code'),\n      connection_id: connection.id,\n      organization_id: connection.organization_id,\n      profile_id: profile.id,\n      redirect_uri: redirectUri,\n      state,\n      expires_at: expiresIn(10),\n    });\n\n    const redirect = new URL(redirectUri);\n    redirect.searchParams.set('code', authCode.code);\n    if (state) redirect.searchParams.set('state', state);\n    return c.redirect(redirect.toString());\n  });\n\n  app.post('/sso/token', async (c) => {\n    const body = await parseJsonBody(c);\n    const grantType = body.grant_type as string;\n    const code = body.code as string;\n\n    if (grantType !== 'authorization_code') {\n      throw new WorkOSApiError(400, 'Unsupported grant_type', 'invalid_request');\n    }\n    if (!code) {\n      throw new WorkOSApiError(400, 'code is required', 'invalid_request');\n    }\n\n    const auth = ws.ssoAuthorizations.all().find((a) => a.code === code);\n    if (!auth) {\n      throw new WorkOSApiError(400, 'Invalid authorization code', 'invalid_code');\n    }\n    if (isExpired(auth.expires_at)) {\n      ws.ssoAuthorizations.delete(auth.id);\n      throw new WorkOSApiError(400, 'Authorization code has expired', 'expired_code');\n    }\n\n    const profile = ws.ssoProfiles.get(auth.profile_id);\n    if (!profile) {\n      throw new WorkOSApiError(500, 'Profile not found', 'server_error');\n    }\n\n    ws.ssoAuthorizations.delete(auth.id);\n\n    const accessToken = jwt.sign({\n      sub: profile.id,\n      aud: (body.client_id as string) ?? 'workos-emulate',\n      org_id: auth.organization_id,\n    });\n\n    store.setData(`sso_token:${accessToken}`, profile.id);\n\n    return c.json({\n      profile: formatSSOProfile(profile),\n      access_token: accessToken,\n    });\n  });\n\n  app.get('/sso/profile', (c) => {\n    const authHeader = c.req.header('Authorization');\n    if (!authHeader) {\n      throw new WorkOSApiError(401, 'Unauthorized', 'unauthorized');\n    }\n    const token = authHeader.replace(/^Bearer\\s+/i, '').trim();\n\n    const profileId = store.getData<string>(`sso_token:${token}`);\n    if (!profileId) {\n      try {\n        const payload = jwt.verify(token);\n        const profile = ws.ssoProfiles.get(payload.sub);\n        if (profile) return c.json(formatSSOProfile(profile));\n      } catch {\n        // fall through\n      }\n      throw new WorkOSApiError(401, 'Invalid access token', 'unauthorized');\n    }\n\n    const profile = ws.ssoProfiles.get(profileId);\n    if (!profile) {\n      throw new WorkOSApiError(404, 'Profile not found', 'not_found');\n    }\n\n    return c.json(formatSSOProfile(profile));\n  });\n\n  app.get('/sso/jwks', (c) => {\n    return c.json(jwt.getJWKS());\n  });\n\n  // SSO Single Logout — generate logout token\n  app.post('/sso/logout/authorize', async (c) => {\n    const body = await parseJsonBody(c);\n    const profileId = body.profile_id as string;\n    if (!profileId) {\n      throw new WorkOSApiError(400, 'profile_id is required', 'invalid_request');\n    }\n\n    const profile = ws.ssoProfiles.get(profileId);\n    if (!profile) {\n      throw new WorkOSApiError(404, 'Profile not found', 'not_found');\n    }\n\n    const logoutToken = generateId('sso_logout');\n    store.setData(`sso_logout:${logoutToken}`, profile.id);\n\n    return c.json({\n      logout_token: logoutToken,\n      logout_url: `${ctx.baseUrl}/sso/logout?logout_token=${logoutToken}`,\n    });\n  });\n\n  // SSO Single Logout — redirect (public, no auth)\n  app.get('/sso/logout', (c) => {\n    const url = new URL(c.req.url);\n    const logoutToken = url.searchParams.get('logout_token');\n\n    if (!logoutToken) {\n      throw new WorkOSApiError(400, 'logout_token is required', 'invalid_request');\n    }\n\n    const profileId = store.getData<string>(`sso_logout:${logoutToken}`);\n    if (!profileId) {\n      throw new WorkOSApiError(400, 'Invalid logout token', 'invalid_logout_token');\n    }\n\n    store.setData(`sso_logout:${logoutToken}`, undefined);\n    return c.json({ success: true });\n  });\n}\n"]}

package/dist/emulate/workos/routes/user-features.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function userFeatureRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/user-features.js

@@ -0,0 +1,50 @@
+import { notFound } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatAuthorizedApplication, formatConnectedAccount, formatPipeConnection } from '../helpers.js';
+export function userFeatureRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    app.get('/user_management/users/:user_id/authorized_applications', (c) => {
+        const user = ws.users.get(c.req.param('user_id'));
+        if (!user)
+            throw notFound('User');
+        const apps = ws.authorizedApplications.findBy('user_id', user.id);
+        return c.json({
+            object: 'list',
+            data: apps.map(formatAuthorizedApplication),
+            list_metadata: { before: null, after: null },
+        });
+    });
+    app.delete('/user_management/users/:user_id/authorized_applications/:application_id', (c) => {
+        const user = ws.users.get(c.req.param('user_id'));
+        if (!user)
+            throw notFound('User');
+        const appItem = ws.authorizedApplications.get(c.req.param('application_id'));
+        if (!appItem || appItem.user_id !== user.id)
+            throw notFound('Authorized Application');
+        ws.authorizedApplications.delete(appItem.id);
+        return c.body(null, 204);
+    });
+    app.get('/user_management/users/:user_id/connected_accounts/:slug', (c) => {
+        const user = ws.users.get(c.req.param('user_id'));
+        if (!user)
+            throw notFound('User');
+        const slug = c.req.param('slug');
+        const account = ws.connectedAccounts.findBy('user_id', user.id).find((a) => a.provider === slug);
+        if (!account)
+            throw notFound('Connected Account');
+        return c.json(formatConnectedAccount(account));
+    });
+    app.get('/user_management/users/:user_id/data_providers', (c) => {
+        const user = ws.users.get(c.req.param('user_id'));
+        if (!user)
+            throw notFound('User');
+        const pipes = ws.pipeConnections.findBy('user_id', user.id);
+        return c.json({
+            object: 'list',
+            data: pipes.map(formatPipeConnection),
+            list_metadata: { before: null, after: null },
+        });
+    });
+}
+//# sourceMappingURL=user-features.js.map

package/dist/emulate/workos/routes/user-features.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-features.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/user-features.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,2BAA2B,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAE1G,MAAM,UAAU,iBAAiB,CAAC,GAAiB;IACjD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,GAAG,CAAC,GAAG,CAAC,yDAAyD,EAAE,CAAC,CAAC,EAAE,EAAE;QACvE,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,IAAI,GAAG,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAClE,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,2BAA2B,CAAC;YAC3C,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,yEAAyE,EAAE,CAAC,CAAC,EAAE,EAAE;QAC1F,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,OAAO,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAC7E,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,KAAK,IAAI,CAAC,EAAE;YAAE,MAAM,QAAQ,CAAC,wBAAwB,CAAC,CAAC;QAEtF,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,0DAA0D,EAAE,CAAC,CAAC,EAAE,EAAE;QACxE,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC;QAEjG,IAAI,CAAC,OAAO;YAAE,MAAM,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,gDAAgD,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9D,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,KAAK,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC;YACrC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatAuthorizedApplication, formatConnectedAccount, formatPipeConnection } from '../helpers.js';\n\nexport function userFeatureRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  app.get('/user_management/users/:user_id/authorized_applications', (c) => {\n    const user = ws.users.get(c.req.param('user_id'));\n    if (!user) throw notFound('User');\n\n    const apps = ws.authorizedApplications.findBy('user_id', user.id);\n    return c.json({\n      object: 'list',\n      data: apps.map(formatAuthorizedApplication),\n      list_metadata: { before: null, after: null },\n    });\n  });\n\n  app.delete('/user_management/users/:user_id/authorized_applications/:application_id', (c) => {\n    const user = ws.users.get(c.req.param('user_id'));\n    if (!user) throw notFound('User');\n\n    const appItem = ws.authorizedApplications.get(c.req.param('application_id'));\n    if (!appItem || appItem.user_id !== user.id) throw notFound('Authorized Application');\n\n    ws.authorizedApplications.delete(appItem.id);\n    return c.body(null, 204);\n  });\n\n  app.get('/user_management/users/:user_id/connected_accounts/:slug', (c) => {\n    const user = ws.users.get(c.req.param('user_id'));\n    if (!user) throw notFound('User');\n\n    const slug = c.req.param('slug');\n    const account = ws.connectedAccounts.findBy('user_id', user.id).find((a) => a.provider === slug);\n\n    if (!account) throw notFound('Connected Account');\n    return c.json(formatConnectedAccount(account));\n  });\n\n  app.get('/user_management/users/:user_id/data_providers', (c) => {\n    const user = ws.users.get(c.req.param('user_id'));\n    if (!user) throw notFound('User');\n\n    const pipes = ws.pipeConnections.findBy('user_id', user.id);\n    return c.json({\n      object: 'list',\n      data: pipes.map(formatPipeConnection),\n      list_metadata: { before: null, after: null },\n    });\n  });\n}\n"]}

package/dist/emulate/workos/routes/users.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function userRoutes(ctx: RouteContext): void;