@workos-inc/node - npm Package Compare versions

Comparing version 7.14.0 to 7.15.0

lib/common/interfaces/workos-options.interface.d.ts

@@ -9,2 +9,3 @@ import { AppInfo } from './app-info.interface';
     fetchFn?: typeof fetch;
+    clientId?: string;
 }

lib/common/net/node-client.d.ts

@@ -1,2 +0,1 @@
-/// <reference types="node" />
 import { HttpClient, HttpClientResponse } from './http-client';
@@ -3,0 +2,0 @@ import { HttpClientInterface, HttpClientResponseInterface, RequestOptions } from '../interfaces/http-client.interface';

lib/user-management/interfaces/authenticate-with-options-base.interface.d.ts

@@ -0,1 +1,5 @@
+export interface AuthenticateWithSessionOptions {
+    cookiePassword?: string;
+    sealSession: boolean;
+}
 export interface AuthenticateWithOptionsBase {
@@ -5,2 +9,3 @@ clientId: string;
     userAgent?: string;
+    session?: AuthenticateWithSessionOptions;
 }
@@ -7,0 +12,0 @@ export interface SerializedAuthenticateWithOptionsBase {

lib/user-management/interfaces/authentication-response.interface.d.ts

@@ -11,2 +11,3 @@ import { Impersonator, ImpersonatorResponse } from './impersonator.interface';
     authenticationMethod?: AuthenticationMethod;
+    sealedSession?: string;
 }
@@ -13,0 +14,0 @@ export interface AuthenticationResponseResponse {

lib/user-management/interfaces/index.d.ts

@@ -10,2 +10,3 @@ export * from './authenticate-with-magic-auth-options.interface';
 export * from './authenticate-with-refresh-token-options.interface';
+export * from './authenticate-with-session-cookie.interface';
 export * from './authenticate-with-totp-options.interface';
@@ -29,2 +30,3 @@ export * from './authentication-response.interface';
 export * from './password-reset.interface';
+export * from './refresh-and-seal-session-data.interface';
 export * from './reset-password-options.interface';
@@ -31,0 +33,0 @@ export * from './revoke-session-options.interface';

lib/user-management/interfaces/index.js

@@ -26,2 +26,3 @@ "use strict";
 __exportStar(require("./authenticate-with-refresh-token-options.interface"), exports);
+__exportStar(require("./authenticate-with-session-cookie.interface"), exports);
 __exportStar(require("./authenticate-with-totp-options.interface"), exports);
@@ -45,2 +46,3 @@ __exportStar(require("./authentication-response.interface"), exports);
 __exportStar(require("./password-reset.interface"), exports);
+__exportStar(require("./refresh-and-seal-session-data.interface"), exports);
 __exportStar(require("./reset-password-options.interface"), exports);
@@ -47,0 +49,0 @@ __exportStar(require("./revoke-session-options.interface"), exports);

lib/user-management/user-management.d.ts

@@ -1,20 +0,24 @@
-import { WorkOS } from '../workos';
 import { AutoPaginatable } from '../common/utils/pagination';
-import { AuthenticateWithCodeOptions, AuthenticateWithMagicAuthOptions, AuthenticateWithPasswordOptions, AuthenticateWithTotpOptions, AuthenticationResponse, ResetPasswordOptions, SendPasswordResetEmailOptions, CreateUserOptions, EnrollAuthFactorOptions, ListAuthFactorsOptions, ListUsersOptions, SendMagicAuthCodeOptions, SendVerificationEmailOptions, UpdateUserOptions, User, VerifyEmailOptions, AuthenticateWithRefreshTokenOptions, MagicAuth, CreateMagicAuthOptions, EmailVerification, PasswordReset, CreatePasswordResetOptions } from './interfaces';
 import { Challenge } from '../mfa/interfaces';
-import { OrganizationMembership } from './interfaces/organization-membership.interface';
-import { ListOrganizationMembershipsOptions } from './interfaces/list-organization-memberships-options.interface';
+import { WorkOS } from '../workos';
+import { AuthenticateWithCodeOptions, AuthenticateWithMagicAuthOptions, AuthenticateWithPasswordOptions, AuthenticateWithRefreshTokenOptions, AuthenticateWithTotpOptions, AuthenticationResponse, CreateMagicAuthOptions, CreatePasswordResetOptions, CreateUserOptions, EmailVerification, EnrollAuthFactorOptions, ListAuthFactorsOptions, ListUsersOptions, MagicAuth, PasswordReset, ResetPasswordOptions, SendMagicAuthCodeOptions, SendPasswordResetEmailOptions, SendVerificationEmailOptions, UpdateUserOptions, User, VerifyEmailOptions } from './interfaces';
+import { AuthenticateWithEmailVerificationOptions } from './interfaces/authenticate-with-email-verification-options.interface';
+import { AuthenticateWithOrganizationSelectionOptions } from './interfaces/authenticate-with-organization-selection.interface';
+import { AuthenticateWithSessionCookieFailedResponse, AuthenticateWithSessionCookieSuccessResponse, SessionCookieData } from './interfaces/authenticate-with-session-cookie.interface';
+import { AuthorizationURLOptions } from './interfaces/authorization-url-options.interface';
 import { CreateOrganizationMembershipOptions } from './interfaces/create-organization-membership-options.interface';
+import { Factor, FactorWithSecrets } from './interfaces/factor.interface';
+import { Identity } from './interfaces/identity.interface';
 import { Invitation } from './interfaces/invitation.interface';
 import { ListInvitationsOptions } from './interfaces/list-invitations-options.interface';
+import { ListOrganizationMembershipsOptions } from './interfaces/list-organization-memberships-options.interface';
+import { OrganizationMembership } from './interfaces/organization-membership.interface';
+import { RefreshAndSealSessionDataResponse } from './interfaces/refresh-and-seal-session-data.interface';
+import { RevokeSessionOptions } from './interfaces/revoke-session-options.interface';
 import { SendInvitationOptions } from './interfaces/send-invitation-options.interface';
-import { AuthorizationURLOptions } from './interfaces/authorization-url-options.interface';
-import { AuthenticateWithEmailVerificationOptions } from './interfaces/authenticate-with-email-verification-options.interface';
-import { AuthenticateWithOrganizationSelectionOptions } from './interfaces/authenticate-with-organization-selection.interface';
-import { Factor, FactorWithSecrets } from './interfaces/factor.interface';
-import { RevokeSessionOptions } from './interfaces/revoke-session-options.interface';
+import { SessionHandlerOptions } from './interfaces/session-handler-options.interface';
 import { UpdateOrganizationMembershipOptions } from './interfaces/update-organization-membership-options.interface';
-import { Identity } from './interfaces/identity.interface';
 export declare class UserManagement {
     private readonly workos;
+    private jwks;
     constructor(workos: WorkOS);
@@ -31,2 +35,8 @@ getUser(userId: string): Promise<User>;
     authenticateWithOrganizationSelection(payload: AuthenticateWithOrganizationSelectionOptions): Promise<AuthenticationResponse>;
+    authenticateWithSessionCookie({ sessionData, cookiePassword, }: SessionHandlerOptions): Promise<AuthenticateWithSessionCookieSuccessResponse | AuthenticateWithSessionCookieFailedResponse>;
+    private isValidJwt;
+    refreshAndSealSessionData({ sessionData, cookiePassword, }: SessionHandlerOptions): Promise<RefreshAndSealSessionDataResponse>;
+    private prepareAuthenticationResponse;
+    private sealSessionDataFromAuthenticationResponse;
+    getSessionFromCookie({ sessionData, cookiePassword, }: SessionHandlerOptions): Promise<SessionCookieData | undefined>;
     getEmailVerification(emailVerificationId: string): Promise<EmailVerification>;
@@ -33,0 +43,0 @@ sendVerificationEmail({ userId, }: SendVerificationEmailOptions): Promise<{

lib/user-management/user-management.js

@@ -24,19 +24,24 @@ "use strict";
 exports.UserManagement = void 0;
+const iron_session_1 = require("iron-session");
+const jose_1 = require("jose");
+const oauth_exception_1 = require("../common/exceptions/oauth.exception");
+const fetch_and_deserialize_1 = require("../common/utils/fetch-and-deserialize");
 const pagination_1 = require("../common/utils/pagination");
-const serializers_1 = require("./serializers");
-const fetch_and_deserialize_1 = require("../common/utils/fetch-and-deserialize");
-const serializers_2 = require("../mfa/serializers");
-const organization_membership_serializer_1 = require("./serializers/organization-membership.serializer");
-const list_organization_memberships_options_serializer_1 = require("./serializers/list-organization-memberships-options.serializer");
+const serializers_1 = require("../mfa/serializers");
+const authenticate_with_session_cookie_interface_1 = require("./interfaces/authenticate-with-session-cookie.interface");
+const refresh_and_seal_session_data_interface_1 = require("./interfaces/refresh-and-seal-session-data.interface");
+const revoke_session_options_interface_1 = require("./interfaces/revoke-session-options.interface");
+const serializers_2 = require("./serializers");
+const authenticate_with_email_verification_serializer_1 = require("./serializers/authenticate-with-email-verification.serializer");
+const authenticate_with_organization_selection_options_serializer_1 = require("./serializers/authenticate-with-organization-selection-options.serializer");
 const create_organization_membership_options_serializer_1 = require("./serializers/create-organization-membership-options.serializer");
+const factor_serializer_1 = require("./serializers/factor.serializer");
+const identity_serializer_1 = require("./serializers/identity.serializer");
 const invitation_serializer_1 = require("./serializers/invitation.serializer");
 const list_invitations_options_serializer_1 = require("./serializers/list-invitations-options.serializer");
+const list_organization_memberships_options_serializer_1 = require("./serializers/list-organization-memberships-options.serializer");
+const list_users_options_serializer_1 = require("./serializers/list-users-options.serializer");
+const organization_membership_serializer_1 = require("./serializers/organization-membership.serializer");
 const send_invitation_options_serializer_1 = require("./serializers/send-invitation-options.serializer");
-const list_users_options_serializer_1 = require("./serializers/list-users-options.serializer");
-const authenticate_with_email_verification_serializer_1 = require("./serializers/authenticate-with-email-verification.serializer");
-const authenticate_with_organization_selection_options_serializer_1 = require("./serializers/authenticate-with-organization-selection-options.serializer");
-const factor_serializer_1 = require("./serializers/factor.serializer");
-const revoke_session_options_interface_1 = require("./interfaces/revoke-session-options.interface");
 const update_organization_membership_options_serializer_1 = require("./serializers/update-organization-membership-options.serializer");
-const identity_serializer_1 = require("./serializers/identity.serializer");
 const toQueryString = (options) => {
@@ -56,2 +61,7 @@ const searchParams = new URLSearchParams();
         this.workos = workos;
+        const { clientId } = workos.options;
+        // Set the JWKS URL. This is used to verify if the JWT is still valid
+        this.jwks = clientId
+            ? (0, jose_1.createRemoteJWKSet)(new URL(this.getJwksUrl(clientId)))
+            : undefined;
     }
@@ -61,3 +71,3 @@ getUser(userId) {
             const { data } = yield this.workos.get(`/user_management/users/${userId}`);
-            return (0, serializers_1.deserializeUser)(data);
+            return (0, serializers_2.deserializeUser)(data);
         });
@@ -67,3 +77,3 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            return new pagination_1.AutoPaginatable(yield (0, fetch_and_deserialize_1.fetchAndDeserialize)(this.workos, '/user_management/users', serializers_1.deserializeUser, options ? (0, list_users_options_serializer_1.serializeListUsersOptions)(options) : undefined), (params) => (0, fetch_and_deserialize_1.fetchAndDeserialize)(this.workos, '/user_management/users', serializers_1.deserializeUser, params), options ? (0, list_users_options_serializer_1.serializeListUsersOptions)(options) : undefined);
+            return new pagination_1.AutoPaginatable(yield (0, fetch_and_deserialize_1.fetchAndDeserialize)(this.workos, '/user_management/users', serializers_2.deserializeUser, options ? (0, list_users_options_serializer_1.serializeListUsersOptions)(options) : undefined), (params) => (0, fetch_and_deserialize_1.fetchAndDeserialize)(this.workos, '/user_management/users', serializers_2.deserializeUser, params), options ? (0, list_users_options_serializer_1.serializeListUsersOptions)(options) : undefined);
         });
@@ -73,4 +83,4 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/users', (0, serializers_1.serializeCreateUserOptions)(payload));
-            return (0, serializers_1.deserializeUser)(data);
+            const { data } = yield this.workos.post('/user_management/users', (0, serializers_2.serializeCreateUserOptions)(payload));
+            return (0, serializers_2.deserializeUser)(data);
         });
@@ -80,4 +90,8 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_1.serializeAuthenticateWithMagicAuthOptions)(Object.assign(Object.assign({}, payload), { clientSecret: this.workos.key })));
-            return (0, serializers_1.deserializeAuthenticationResponse)(data);
+            const { session } = payload, remainingPayload = __rest(payload, ["session"]);
+            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_2.serializeAuthenticateWithMagicAuthOptions)(Object.assign(Object.assign({}, remainingPayload), { clientSecret: this.workos.key })));
+            return this.prepareAuthenticationResponse({
+                authenticationResponse: (0, serializers_2.deserializeAuthenticationResponse)(data),
+                session,
+            });
         });
@@ -87,4 +101,8 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_1.serializeAuthenticateWithPasswordOptions)(Object.assign(Object.assign({}, payload), { clientSecret: this.workos.key })));
-            return (0, serializers_1.deserializeAuthenticationResponse)(data);
+            const { session } = payload, remainingPayload = __rest(payload, ["session"]);
+            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_2.serializeAuthenticateWithPasswordOptions)(Object.assign(Object.assign({}, remainingPayload), { clientSecret: this.workos.key })));
+            return this.prepareAuthenticationResponse({
+                authenticationResponse: (0, serializers_2.deserializeAuthenticationResponse)(data),
+                session,
+            });
         });
@@ -94,4 +112,8 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_1.serializeAuthenticateWithCodeOptions)(Object.assign(Object.assign({}, payload), { clientSecret: this.workos.key })));
-            return (0, serializers_1.deserializeAuthenticationResponse)(data);
+            const { session } = payload, remainingPayload = __rest(payload, ["session"]);
+            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_2.serializeAuthenticateWithCodeOptions)(Object.assign(Object.assign({}, remainingPayload), { clientSecret: this.workos.key })));
+            return this.prepareAuthenticationResponse({
+                authenticationResponse: (0, serializers_2.deserializeAuthenticationResponse)(data),
+                session,
+            });
         });
@@ -101,4 +123,8 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_1.serializeAuthenticateWithRefreshTokenOptions)(Object.assign(Object.assign({}, payload), { clientSecret: this.workos.key })));
-            return (0, serializers_1.deserializeAuthenticationResponse)(data);
+            const { session } = payload, remainingPayload = __rest(payload, ["session"]);
+            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_2.serializeAuthenticateWithRefreshTokenOptions)(Object.assign(Object.assign({}, remainingPayload), { clientSecret: this.workos.key })));
+            return this.prepareAuthenticationResponse({
+                authenticationResponse: (0, serializers_2.deserializeAuthenticationResponse)(data),
+                session,
+            });
         });
@@ -108,4 +134,8 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_1.serializeAuthenticateWithTotpOptions)(Object.assign(Object.assign({}, payload), { clientSecret: this.workos.key })));
-            return (0, serializers_1.deserializeAuthenticationResponse)(data);
+            const { session } = payload, remainingPayload = __rest(payload, ["session"]);
+            const { data } = yield this.workos.post('/user_management/authenticate', (0, serializers_2.serializeAuthenticateWithTotpOptions)(Object.assign(Object.assign({}, remainingPayload), { clientSecret: this.workos.key })));
+            return this.prepareAuthenticationResponse({
+                authenticationResponse: (0, serializers_2.deserializeAuthenticationResponse)(data),
+                session,
+            });
         });
@@ -115,4 +145,8 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/authenticate', (0, authenticate_with_email_verification_serializer_1.serializeAuthenticateWithEmailVerificationOptions)(Object.assign(Object.assign({}, payload), { clientSecret: this.workos.key })));
-            return (0, serializers_1.deserializeAuthenticationResponse)(data);
+            const { session } = payload, remainingPayload = __rest(payload, ["session"]);
+            const { data } = yield this.workos.post('/user_management/authenticate', (0, authenticate_with_email_verification_serializer_1.serializeAuthenticateWithEmailVerificationOptions)(Object.assign(Object.assign({}, remainingPayload), { clientSecret: this.workos.key })));
+            return this.prepareAuthenticationResponse({
+                authenticationResponse: (0, serializers_2.deserializeAuthenticationResponse)(data),
+                session,
+            });
         });
@@ -122,10 +156,154 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/authenticate', (0, authenticate_with_organization_selection_options_serializer_1.serializeAuthenticateWithOrganizationSelectionOptions)(Object.assign(Object.assign({}, payload), { clientSecret: this.workos.key })));
-            return (0, serializers_1.deserializeAuthenticationResponse)(data);
+            const { session } = payload, remainingPayload = __rest(payload, ["session"]);
+            const { data } = yield this.workos.post('/user_management/authenticate', (0, authenticate_with_organization_selection_options_serializer_1.serializeAuthenticateWithOrganizationSelectionOptions)(Object.assign(Object.assign({}, remainingPayload), { clientSecret: this.workos.key })));
+            return this.prepareAuthenticationResponse({
+                authenticationResponse: (0, serializers_2.deserializeAuthenticationResponse)(data),
+                session,
+            });
         });
     }
+    authenticateWithSessionCookie({ sessionData, cookiePassword = process.env.WORKOS_COOKIE_PASSWORD, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!cookiePassword) {
+                throw new Error('Cookie password is required');
+            }
+            if (!this.jwks) {
+                throw new Error('Must provide clientId to initialize JWKS');
+            }
+            if (!sessionData) {
+                return {
+                    authenticated: false,
+                    reason: authenticate_with_session_cookie_interface_1.AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,
+                };
+            }
+            const session = yield (0, iron_session_1.unsealData)(sessionData, {
+                password: cookiePassword,
+            });
+            if (!session.accessToken) {
+                return {
+                    authenticated: false,
+                    reason: authenticate_with_session_cookie_interface_1.AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,
+                };
+            }
+            if (!(yield this.isValidJwt(session.accessToken))) {
+                return {
+                    authenticated: false,
+                    reason: authenticate_with_session_cookie_interface_1.AuthenticateWithSessionCookieFailureReason.INVALID_JWT,
+                };
+            }
+            const { sid: sessionId, org_id: organizationId, role, permissions, } = (0, jose_1.decodeJwt)(session.accessToken);
+            return {
+                authenticated: true,
+                sessionId,
+                organizationId,
+                role,
+                permissions,
+            };
+        });
+    }
+    isValidJwt(accessToken) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.jwks) {
+                throw new Error('Must provide clientId to initialize JWKS');
+            }
+            try {
+                yield (0, jose_1.jwtVerify)(accessToken, this.jwks);
+                return true;
+            }
+            catch (e) {
+                return false;
+            }
+        });
+    }
+    refreshAndSealSessionData({ sessionData, cookiePassword = process.env.WORKOS_COOKIE_PASSWORD, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!cookiePassword) {
+                throw new Error('Cookie password is required');
+            }
+            if (!sessionData) {
+                return {
+                    authenticated: false,
+                    reason: refresh_and_seal_session_data_interface_1.RefreshAndSealSessionDataFailureReason.NO_SESSION_COOKIE_PROVIDED,
+                };
+            }
+            const session = yield (0, iron_session_1.unsealData)(sessionData, {
+                password: cookiePassword,
+            });
+            if (!session.refreshToken || !session.user) {
+                return {
+                    authenticated: false,
+                    reason: refresh_and_seal_session_data_interface_1.RefreshAndSealSessionDataFailureReason.INVALID_SESSION_COOKE,
+                };
+            }
+            try {
+                const { sealedSession } = yield this.authenticateWithRefreshToken({
+                    clientId: this.workos.clientId,
+                    refreshToken: session.refreshToken,
+                    session: { sealSession: true, cookiePassword },
+                });
+                if (!sealedSession) {
+                    return {
+                        authenticated: false,
+                        reason: refresh_and_seal_session_data_interface_1.RefreshAndSealSessionDataFailureReason.INVALID_SESSION_COOKE,
+                    };
+                }
+                return { authenticated: true, sealedSession };
+            }
+            catch (error) {
+                if (error instanceof oauth_exception_1.OauthException &&
+                    // TODO: Add additional known errors and remove re-throw
+                    (error.error === refresh_and_seal_session_data_interface_1.RefreshAndSealSessionDataFailureReason.INVALID_GRANT ||
+                        error.error ===
+                            refresh_and_seal_session_data_interface_1.RefreshAndSealSessionDataFailureReason.ORGANIZATION_NOT_AUTHORIZED)) {
+                    return {
+                        authenticated: false,
+                        reason: error.error,
+                    };
+                }
+                throw error;
+            }
+        });
+    }
+    prepareAuthenticationResponse({ authenticationResponse, session, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (session) {
+                return Object.assign(Object.assign({}, authenticationResponse), { sealedSession: yield this.sealSessionDataFromAuthenticationResponse({
+                        authenticationResponse,
+                        cookiePassword: session.cookiePassword,
+                    }) });
+            }
+            return authenticationResponse;
+        });
+    }
+    sealSessionDataFromAuthenticationResponse({ authenticationResponse, cookiePassword, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!cookiePassword) {
+                throw new Error('Cookie password is required');
+            }
+            const sessionData = {
+                user: authenticationResponse.user,
+                accessToken: authenticationResponse.accessToken,
+                refreshToken: authenticationResponse.refreshToken,
+                impersonator: authenticationResponse.impersonator,
+            };
+            return (0, iron_session_1.sealData)(sessionData, { password: cookiePassword });
+        });
+    }
+    getSessionFromCookie({ sessionData, cookiePassword = process.env.WORKOS_COOKIE_PASSWORD, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!cookiePassword) {
+                throw new Error('Cookie password is required');
+            }
+            if (sessionData) {
+                return (0, iron_session_1.unsealData)(sessionData, {
+                    password: cookiePassword,
+                });
+            }
+            return undefined;
+        });
+    }
     getEmailVerification(emailVerificationId) {
         return __awaiter(this, void 0, void 0, function* () {
             const { data } = yield this.workos.get(`/user_management/email_verification/${emailVerificationId}`);
-            return (0, serializers_1.deserializeEmailVerification)(data);
+            return (0, serializers_2.deserializeEmailVerification)(data);
         });
@@ -136,3 +314,3 @@ }
             const { data } = yield this.workos.post(`/user_management/users/${userId}/email_verification/send`, {});
-            return { user: (0, serializers_1.deserializeUser)(data.user) };
+            return { user: (0, serializers_2.deserializeUser)(data.user) };
         });
@@ -143,3 +321,3 @@ }
             const { data } = yield this.workos.get(`/user_management/magic_auth/${magicAuthId}`);
-            return (0, serializers_1.deserializeMagicAuth)(data);
+            return (0, serializers_2.deserializeMagicAuth)(data);
         });
@@ -149,4 +327,4 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/magic_auth', (0, serializers_1.serializeCreateMagicAuthOptions)(Object.assign({}, options)));
-            return (0, serializers_1.deserializeMagicAuth)(data);
+            const { data } = yield this.workos.post('/user_management/magic_auth', (0, serializers_2.serializeCreateMagicAuthOptions)(Object.assign({}, options)));
+            return (0, serializers_2.deserializeMagicAuth)(data);
         });
@@ -159,3 +337,3 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            yield this.workos.post('/user_management/magic_auth/send', (0, serializers_1.serializeSendMagicAuthCodeOptions)(options));
+            yield this.workos.post('/user_management/magic_auth/send', (0, serializers_2.serializeSendMagicAuthCodeOptions)(options));
         });
@@ -168,3 +346,3 @@ }
             });
-            return { user: (0, serializers_1.deserializeUser)(data.user) };
+            return { user: (0, serializers_2.deserializeUser)(data.user) };
         });
@@ -175,3 +353,3 @@ }
             const { data } = yield this.workos.get(`/user_management/password_reset/${passwordResetId}`);
-            return (0, serializers_1.deserializePasswordReset)(data);
+            return (0, serializers_2.deserializePasswordReset)(data);
         });
@@ -181,4 +359,4 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/password_reset', (0, serializers_1.serializeCreatePasswordResetOptions)(Object.assign({}, options)));
-            return (0, serializers_1.deserializePasswordReset)(data);
+            const { data } = yield this.workos.post('/user_management/password_reset', (0, serializers_2.serializeCreatePasswordResetOptions)(Object.assign({}, options)));
+            return (0, serializers_2.deserializePasswordReset)(data);
         });
@@ -191,3 +369,3 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            yield this.workos.post('/user_management/password_reset/send', (0, serializers_1.serializeSendPasswordResetEmailOptions)(payload));
+            yield this.workos.post('/user_management/password_reset/send', (0, serializers_2.serializeSendPasswordResetEmailOptions)(payload));
         });
@@ -197,4 +375,4 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post('/user_management/password_reset/confirm', (0, serializers_1.serializeResetPasswordOptions)(payload));
-            return { user: (0, serializers_1.deserializeUser)(data.user) };
+            const { data } = yield this.workos.post('/user_management/password_reset/confirm', (0, serializers_2.serializeResetPasswordOptions)(payload));
+            return { user: (0, serializers_2.deserializeUser)(data.user) };
         });
@@ -204,4 +382,4 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.put(`/user_management/users/${payload.userId}`, (0, serializers_1.serializeUpdateUserOptions)(payload));
-            return (0, serializers_1.deserializeUser)(data);
+            const { data } = yield this.workos.put(`/user_management/users/${payload.userId}`, (0, serializers_2.serializeUpdateUserOptions)(payload));
+            return (0, serializers_2.deserializeUser)(data);
         });
@@ -211,6 +389,6 @@ }
         return __awaiter(this, void 0, void 0, function* () {
-            const { data } = yield this.workos.post(`/user_management/users/${payload.userId}/auth_factors`, (0, serializers_1.serializeEnrollAuthFactorOptions)(payload));
+            const { data } = yield this.workos.post(`/user_management/users/${payload.userId}/auth_factors`, (0, serializers_2.serializeEnrollAuthFactorOptions)(payload));
             return {
-                authenticationFactor: (0, serializers_1.deserializeFactorWithSecrets)(data.authentication_factor),
-                authenticationChallenge: (0, serializers_2.deserializeChallenge)(data.authentication_challenge),
+                authenticationFactor: (0, serializers_2.deserializeFactorWithSecrets)(data.authentication_factor),
+                authenticationChallenge: (0, serializers_1.deserializeChallenge)(data.authentication_challenge),
             };
@@ -217,0 +395,0 @@ });

lib/workos.d.ts

@@ -19,2 +19,3 @@ import { GetOptions, PostOptions, PutOptions, WorkOSOptions } from './common/interfaces';
     readonly client: HttpClient;
+    readonly clientId?: string;
     readonly auditLogs: AuditLogs;
@@ -21,0 +22,0 @@ readonly directorySync: DirectorySync;

lib/workos.js

@@ -29,6 +29,7 @@ "use strict";
 const fetch_client_1 = require("./common/net/fetch-client");
-const VERSION = '7.14.0';
+const VERSION = '7.15.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 class WorkOS {
     constructor(key, options = {}) {
+        var _a;
         this.key = key;
@@ -45,3 +46,2 @@ this.options = options;
         this.events = new events_1.Events(this);
-        this.userManagement = new user_management_1.UserManagement(this);
         if (!key) {
@@ -57,2 +57,3 @@ // process might be undefined in some environments
         }
+        this.clientId = (_a = this.options.clientId) !== null && _a !== void 0 ? _a : process === null || process === void 0 ? void 0 : process.env.WORKOS_CLIENT_ID;
         const protocol = this.options.https ? 'https' : 'http';
@@ -71,2 +72,4 @@ const apiHostname = this.options.apiHostname || DEFAULT_HOSTNAME;
         this.webhooks = this.createWebhookClient();
+        // Must initialize UserManagement after baseURL is configured
+        this.userManagement = new user_management_1.UserManagement(this);
         this.client = this.createHttpClient(options, userAgent);
@@ -73,0 +76,0 @@ }

package.json

 {
-  "version": "7.14.0",
+  "version": "7.15.0",
   "name": "@workos-inc/node",
@@ -40,2 +40,4 @@ "author": "WorkOS",
   "dependencies": {
+    "iron-session": "~6.3.1",
+    "jose": "~5.6.3",
     "pluralize": "8.0.0"
@@ -67,2 +69,2 @@ },
   }
-}
+}

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

512404

increased by8.28%

Number of package files

470

increased by1.29%

Lines of code

10946

increased by7.56%

Worsened metrics

Dependency count

3

increased by200%

Number of low supply chain risk alerts

11

increased by57.14%

Dependency changes

• + Addediron-session@~6.3.1

• + Addedjose@~5.6.3

• + Added@peculiar/asn1-schema@2.3.13(transitive)

• + Added@peculiar/json-schema@1.1.12(transitive)

• + Added@peculiar/webcrypto@1.5.0(transitive)

• + Added@types/accepts@1.3.7(transitive)

• + Added@types/body-parser@1.19.5(transitive)

• + Added@types/connect@3.4.38(transitive)

• + Added@types/content-disposition@0.5.8(transitive)

• + Added@types/cookie@0.5.4(transitive)

• + Added@types/cookies@0.9.0(transitive)

• + Added@types/express@4.17.21(transitive)

• + Added@types/express-serve-static-core@4.19.5(transitive)

• + Added@types/http-assert@1.5.5(transitive)

• + Added@types/http-errors@2.0.4(transitive)

• + Added@types/keygrip@1.0.6(transitive)

• + Added@types/koa@2.15.0(transitive)

• + Added@types/koa-compose@3.2.8(transitive)

• + Added@types/mime@1.3.5(transitive)

• + Added@types/node@17.0.45(transitive)

• + Added@types/qs@6.9.16(transitive)

• + Added@types/range-parser@1.2.7(transitive)

• + Added@types/send@0.17.4(transitive)

• + Added@types/serve-static@1.15.7(transitive)

• + Addedasn1js@3.0.5(transitive)

• + Addedbase64-js@1.5.1(transitive)

• + Addedbuffer@6.0.3(transitive)

• + Addedcookie@0.5.0(transitive)

• + Addedieee754@1.2.1(transitive)

• + Addediron-session@6.3.1(transitive)

• + Addediron-webcrypto@0.2.8(transitive)

• + Addedjose@5.6.3(transitive)

• + Addedpvtsutils@1.3.5(transitive)

• + Addedpvutils@1.1.3(transitive)

• + Addedtslib@2.7.0(transitive)

• + Addedwebcrypto-core@1.8.0(transitive)