/** * WorkOS Directory Sync integration for automated user provisioning via SCIM. * * This class handles SCIM webhook events from WorkOS, enabling automated * user and group management when integrated with identity providers. */ import type { WorkOS, Directory, DirectoryUser, DirectoryGroup } from '@workos-inc/node'; import type { WorkOSDirectorySyncOptions } from './types.js'; /** * WorkOSDirectorySync handles SCIM webhook events from WorkOS for automated * user provisioning and deprovisioning. * * @example * ```typescript * import { WorkOS } from '@workos-inc/node'; * import { WorkOSDirectorySync } from '@mastra/auth-workos'; * * const workos = new WorkOS(process.env.WORKOS_API_KEY); * * const directorySync = new WorkOSDirectorySync(workos, { * webhookSecret: process.env.WORKOS_WEBHOOK_SECRET, * handlers: { * onUserCreated: async (user) => { * await db.users.create({ email: user.emails[0]?.value }); * }, * onUserDeleted: async (user) => { * await db.users.delete({ id: user.id }); * }, * }, * }); * * // In your webhook endpoint: * app.post('/webhooks/workos', async (req, res) => { * const signature = req.headers['workos-signature'] as string; * await directorySync.handleWebhook(req.body, signature); * res.status(200).send('OK'); * }); * ``` */ export declare class WorkOSDirectorySync { private workos; private webhookSecret; private handlers; /** * Creates a new WorkOSDirectorySync instance. * * @param workos - WorkOS client instance * @param options - Configuration options including webhook secret and event handlers * @throws Error if webhook secret is not provided */ constructor(workos: WorkOS, options: WorkOSDirectorySyncOptions); /** * Handles incoming webhook events from WorkOS Directory Sync. * * This method verifies the webhook signature for security, parses the event, * and routes it to the appropriate handler based on the event type. * * @param payload - Raw webhook payload (string or object) * @param signature - WorkOS signature header for verification * @throws Error if signature verification fails */ handleWebhook(payload: string | object, signature: string): Promise; /** * Routes a directory sync event to the appropriate handler. * * @param event - The verified webhook event */ private routeEvent; /** * Maps raw webhook user data to the DirectorySyncUserData type. * * @param data - Raw user data from webhook * @returns Typed user data */ private mapUserData; /** * Maps raw webhook group data to the DirectorySyncGroupData type. * * @param data - Raw group data from webhook * @returns Typed group data */ private mapGroupData; /** * Lists all directories for an organization. * * @param organizationId - The WorkOS organization ID * @returns Array of directories * * @example * ```typescript * const directories = await directorySync.listDirectories('org_123'); * for (const dir of directories) { * console.log(`Directory: ${dir.name} (${dir.type})`); * } * ``` */ listDirectories(organizationId: string): Promise; /** * Lists all users in a directory. * * @param directoryId - The directory ID * @returns Array of directory users * * @example * ```typescript * const users = await directorySync.listDirectoryUsers('directory_123'); * for (const user of users) { * console.log(`User: ${user.firstName} ${user.lastName}`); * } * ``` */ listDirectoryUsers(directoryId: string): Promise; /** * Lists all groups in a directory. * * @param directoryId - The directory ID * @returns Array of directory groups * * @example * ```typescript * const groups = await directorySync.listDirectoryGroups('directory_123'); * for (const group of groups) { * console.log(`Group: ${group.name}`); * } * ``` */ listDirectoryGroups(directoryId: string): Promise; } //# sourceMappingURL=directory-sync.d.ts.map