remove class wrapper for client interface

Author: nicknisi

package.json

@@ -103,14 +103,14 @@
       "require": "./lib/cjs/index.cjs",
       "default": "./lib/esm/index.js"
     },
-    "./public": {
+    "./client": {
       "types": {
-        "require": "./lib/cjs/index.public.d.cts",
-        "import": "./lib/esm/index.public.d.ts"
+        "require": "./lib/cjs/index.client.d.cts",
+        "import": "./lib/esm/index.client.d.ts"
       },
-      "import": "./lib/esm/index.public.js",
-      "require": "./lib/cjs/index.public.cjs",
-      "default": "./lib/esm/index.public.js"
+      "import": "./lib/esm/index.client.js",
+      "require": "./lib/cjs/index.client.cjs",
+      "default": "./lib/esm/index.client.js"
     },
     "./worker": {
       "types": {

src/public/index.ts src/client/index.tssrc/public/index.ts renamed to src/client/index.ts

@@ -1,11 +1,12 @@
 /**
- * Public methods that can be safely used in without an API key.
+ * Client methods that can be used without a WorkOS API key.
+ * These are OAuth client operations suitable for PKCE flows.
  */
 
-// User Management public methods and types
+// User Management client methods and types
 export * as userManagement from './user-management';
 
-// SSO public methods and types
+// SSO client methods and types
 export * as sso from './sso';
 
 // Re-export specific types for convenience

src/public/sso.spec.ts src/client/sso.spec.tssrc/public/sso.spec.ts renamed to src/client/sso.spec.ts

@@ -15,7 +15,7 @@ export interface SSOAuthorizationURLOptions {
 
 /**
  * Generates the authorization URL for SSO authentication.
- * This method is safe to use in browser environments as it doesn't require an API key.
+ * Does not require an API key, suitable for OAuth client operations.
  *
  * @param options - SSO authorization URL options
  * @returns The authorization URL as a string

src/public/sso.ts src/client/sso.tssrc/public/sso.ts renamed to src/client/sso.ts

@@ -1,6 +1,6 @@
 import { toQueryString } from './utils';
 
-// Re-export necessary interfaces for public use
+// Re-export necessary interfaces for client use
 export interface AuthorizationURLOptions {
   clientId: string;
   codeChallenge?: string;
@@ -29,8 +29,8 @@ export interface LogoutURLOptions {
 }
 
 /**
- * Generates the authorization URL for user authentication.
- * This method is safe to use in browser environments as it doesn't require an API key.
+ * Generates the authorization URL for OAuth client authentication.
+ * Suitable for PKCE flows and other OAuth client operations that don't require an API key.
  *
  * @param options - Authorization URL options
  * @returns The authorization URL as a string
@@ -128,7 +128,7 @@ export function getLogoutUrl(
 
 /**
  * Gets the JWKS (JSON Web Key Set) URL for a given client ID.
- * This method is safe to use in browser environments as it doesn't require an API key.
+ * Does not require an API key, returns the public JWKS endpoint.
  *
  * @param clientId - The WorkOS client ID
  * @param baseURL - Optional base URL for the API (defaults to https://api.workos.com)
@@ -140,7 +140,7 @@ export function getJwksUrl(
   baseURL = 'https://api.workos.com',
 ): string {
   if (!clientId) {
-    throw TypeError('clientId must be a valid clientId');
+    throw new TypeError('clientId must be a valid clientId');
   }
 
   return `${baseURL}/sso/jwks/${clientId}`;

src/public/user-management.spec.ts src/client/user-management.spec.tssrc/public/user-management.spec.ts renamed to src/client/user-management.spec.ts

@@ -0,0 +1,47 @@
+import { userManagement, sso } from './index.client';
+
+describe('Client Exports', () => {
+  describe('userManagement exports', () => {
+    it('should generate authorization URLs correctly', () => {
+      const url = userManagement.getAuthorizationUrl({
+        clientId: 'client_123',
+        redirectUri: 'https://example.com/callback',
+        provider: 'authkit',
+      });
+
+      expect(url).toContain('client_id=client_123');
+      expect(url).toContain(
+        'redirect_uri=https%3A%2F%2Fexample.com%2Fcallback',
+      );
+      expect(url).toContain('provider=authkit');
+    });
+
+    it('should generate logout URLs correctly', () => {
+      const url = userManagement.getLogoutUrl({
+        sessionId: 'session_123',
+        returnTo: 'https://example.com',
+      });
+
+      expect(url).toContain('session_id=session_123');
+      expect(url).toContain('return_to=https%3A%2F%2Fexample.com');
+    });
+
+    it('should generate JWKS URLs correctly', () => {
+      const url = userManagement.getJwksUrl('client_123');
+      expect(url).toBe('https://api.workos.com/sso/jwks/client_123');
+    });
+  });
+
+  describe('sso exports', () => {
+    it('should generate SSO authorization URLs correctly', () => {
+      const url = sso.getAuthorizationUrl({
+        clientId: 'client_123',
+        redirectUri: 'https://example.com/callback',
+        provider: 'GoogleOAuth',
+      });
+
+      expect(url).toContain('client_id=client_123');
+      expect(url).toContain('provider=GoogleOAuth');
+    });
+  });
+});

src/public/user-management.ts src/client/user-management.tssrc/public/user-management.ts renamed to src/client/user-management.ts

@@ -0,0 +1,19 @@
+/**
+ * Client methods that can be used without a WorkOS API key.
+ * These are OAuth client operations and URL builders suitable for PKCE flows.
+ */
+
+// Export client methods directly - this is the recommended approach
+export * as userManagement from './client/user-management';
+export * as sso from './client/sso';
+
+// Re-export types for convenience
+export type {
+  AuthorizationURLOptions as UserManagementAuthorizationURLOptions,
+  LogoutURLOptions,
+} from './client/user-management';
+
+export type { SSOAuthorizationURLOptions } from './client/sso';
+
+// Note: If you need authenticateWithCodeAndVerifier, use the full WorkOS SDK
+// as it requires server-side API key authentication