remove class wrapper for public interface

nicknisi · nicknisi · commit ecddda70d660 · 2025-09-03T11:50:25.000-05:00
diff --git a/src/index.public.spec.ts b/src/index.public.spec.ts
@@ -1,153 +1,83 @@
-import { WorkOS } from './index.public';
+import { userManagement, sso, webhooks, actions } from './index.public';
 
-describe('WorkOS Public API', () => {
-  let workosPublic: WorkOS;
-
-  beforeEach(() => {
-    workosPublic = new WorkOS({
-      clientId: 'client_123',
-      apiHostname: 'api.workos.dev',
-    });
-  });
-
-  describe('instantiation', () => {
-    it('should instantiate without requiring an API key', () => {
-      expect(() => new WorkOS()).not.toThrow();
-    });
-
-    it('should accept public configuration options', () => {
-      const client = new WorkOS({
-        clientId: 'test_client',
-        apiHostname: 'test.api.com',
-        https: false,
-        port: 3000,
-      });
-
-      expect(client).toBeDefined();
-      expect(client.version).toBeDefined();
-    });
-  });
-
-  describe('exposed services', () => {
-    it('should expose webhooks service', () => {
-      expect(workosPublic.webhooks).toBeDefined();
-      expect(workosPublic.webhooks.verifyHeader).toBeDefined();
-      expect(workosPublic.webhooks.computeSignature).toBeDefined();
-      expect(workosPublic.webhooks.constructEvent).toBeDefined();
-    });
-
-    it('should expose actions service', () => {
-      expect(workosPublic.actions).toBeDefined();
-      expect(workosPublic.actions.verifyHeader).toBeDefined();
-      expect(workosPublic.actions.signResponse).toBeDefined();
-      expect(workosPublic.actions.constructAction).toBeDefined();
+describe('Public Exports', () => {
+  describe('userManagement exports', () => {
+    it('should expose getAuthorizationUrl', () => {
+      expect(userManagement.getAuthorizationUrl).toBeDefined();
+      expect(typeof userManagement.getAuthorizationUrl).toBe('function');
     });
 
-    it('should expose client-safe user management methods', () => {
-      expect(workosPublic.userManagement).toBeDefined();
-      expect(
-        workosPublic.userManagement.authenticateWithCodeAndVerifier,
-      ).toBeDefined();
-      expect(workosPublic.userManagement.getAuthorizationUrl).toBeDefined();
-      expect(workosPublic.userManagement.getLogoutUrl).toBeDefined();
-      expect(workosPublic.userManagement.getJwksUrl).toBeDefined();
+    it('should expose getLogoutUrl', () => {
+      expect(userManagement.getLogoutUrl).toBeDefined();
+      expect(typeof userManagement.getLogoutUrl).toBe('function');
     });
 
-    it('should expose client-safe SSO methods', () => {
-      expect(workosPublic.sso).toBeDefined();
-      expect(workosPublic.sso.getAuthorizationUrl).toBeDefined();
+    it('should expose getJwksUrl', () => {
+      expect(userManagement.getJwksUrl).toBeDefined();
+      expect(typeof userManagement.getJwksUrl).toBe('function');
     });
 
-    it('should expose version', () => {
-      expect(workosPublic.version).toBeDefined();
-      expect(typeof workosPublic.version).toBe('string');
-    });
-  });
-
-  describe('method behavior', () => {
-    it('should be able to call URL generation methods', () => {
-      const authUrl = workosPublic.userManagement.getAuthorizationUrl({
+    it('should generate authorization URLs correctly', () => {
+      const url = userManagement.getAuthorizationUrl({
         clientId: 'client_123',
         redirectUri: 'https://example.com/callback',
-        provider: 'GoogleOAuth',
+        provider: 'authkit',
       });
 
-      expect(authUrl).toContain('api.workos.dev');
-      expect(authUrl).toContain('client_id=client_123');
-      expect(authUrl).toContain('provider=GoogleOAuth');
-    });
-
-    it('should be able to call JWKS URL generation', () => {
-      const jwksUrl = workosPublic.userManagement.getJwksUrl('client_123');
-      expect(jwksUrl).toBe('https://api.workos.dev/sso/jwks/client_123');
+      expect(url).toContain('client_id=client_123');
+      expect(url).toContain('redirect_uri=https%3A%2F%2Fexample.com%2Fcallback');
+      expect(url).toContain('provider=authkit');
     });
 
-    it('should be able to call logout URL generation', () => {
-      const logoutUrl = workosPublic.userManagement.getLogoutUrl({
+    it('should generate logout URLs correctly', () => {
+      const url = userManagement.getLogoutUrl({
         sessionId: 'session_123',
         returnTo: 'https://example.com',
       });
 
-      expect(logoutUrl).toContain('api.workos.dev');
-      expect(logoutUrl).toContain('session_id=session_123');
+      expect(url).toContain('session_id=session_123');
+      expect(url).toContain('return_to=https%3A%2F%2Fexample.com');
     });
 
-    it('should be able to call SSO authorization URL generation', () => {
-      const authUrl = workosPublic.sso.getAuthorizationUrl({
-        clientId: 'client_123',
-        redirectUri: 'https://example.com/callback',
-        provider: 'GoogleOAuth',
-      });
-
-      expect(authUrl).toContain('api.workos.dev');
-      expect(authUrl).toContain('client_id=client_123');
+    it('should generate JWKS URLs correctly', () => {
+      const url = userManagement.getJwksUrl('client_123');
+      expect(url).toBe('https://api.workos.com/sso/jwks/client_123');
     });
   });
 
-  describe('server-only methods should not be exposed', () => {
-    it('should not expose getUser on userManagement', () => {
-      expect((workosPublic.userManagement as any).getUser).toBeUndefined();
-    });
-
-    it('should not expose createUser on userManagement', () => {
-      expect((workosPublic.userManagement as any).createUser).toBeUndefined();
+  describe('sso exports', () => {
+    it('should expose getAuthorizationUrl', () => {
+      expect(sso.getAuthorizationUrl).toBeDefined();
+      expect(typeof sso.getAuthorizationUrl).toBe('function');
     });
 
-    it('should not expose listUsers on userManagement', () => {
-      expect((workosPublic.userManagement as any).listUsers).toBeUndefined();
-    });
+    it('should generate SSO authorization URLs correctly', () => {
+      const url = sso.getAuthorizationUrl({
+        clientId: 'client_123',
+        redirectUri: 'https://example.com/callback',
+        provider: 'GoogleOAuth',
+      });
 
-    it('should not expose updateUser on userManagement', () => {
-      expect((workosPublic.userManagement as any).updateUser).toBeUndefined();
+      expect(url).toContain('client_id=client_123');
+      expect(url).toContain('provider=GoogleOAuth');
     });
+  });
 
-    it('should not expose server-only authentication methods', () => {
-      expect(
-        (workosPublic.userManagement as any).authenticateWithPassword,
-      ).toBeUndefined();
-      expect(
-        (workosPublic.userManagement as any).authenticateWithMagicAuth,
-      ).toBeUndefined();
-      expect(
-        (workosPublic.userManagement as any).authenticateWithRefreshToken,
-      ).toBeUndefined();
+  describe('webhooks exports', () => {
+    it('should expose webhooks service', () => {
+      expect(webhooks).toBeDefined();
+      expect(webhooks.verifyHeader).toBeDefined();
+      expect(webhooks.computeSignature).toBeDefined();
+      expect(webhooks.constructEvent).toBeDefined();
     });
   });
 
-  describe('type safety', () => {
-    it('should provide proper TypeScript types for exposed methods', () => {
-      // These should compile without errors
-      const authUrl: string = workosPublic.userManagement.getAuthorizationUrl({
-        clientId: 'test',
-        redirectUri: 'https://example.com',
-        provider: 'GoogleOAuth',
-      });
-
-      const jwksUrl: string =
-        workosPublic.userManagement.getJwksUrl('client_id');
-
-      expect(typeof authUrl).toBe('string');
-      expect(typeof jwksUrl).toBe('string');
+  describe('actions exports', () => {
+    it('should expose actions service', () => {
+      expect(actions).toBeDefined();
+      expect(actions.verifyHeader).toBeDefined();
+      expect(actions.signResponse).toBeDefined();
+      expect(actions.constructAction).toBeDefined();
     });
   });
-});
+});
diff --git a/src/index.public.ts b/src/index.public.ts
@@ -1,10 +1,21 @@
-import { WorkOSBase } from './workos';
-import { WorkOSOptions } from './common/interfaces';
+/**
+ * Public methods that can be safely used without an API key.
+ * These are primarily URL builders and cryptographic utilities.
+ */
 
-// Export public methods directly (new approach)
+// Export public methods directly - this is the recommended approach
 export * as userManagement from './public/user-management';
 export * as sso from './public/sso';
 
+// Export webhooks and actions (these don't need API keys)
+import { Webhooks } from './webhooks/webhooks';
+import { Actions } from './actions/actions';
+import { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';
+
+const cryptoProvider = new SubtleCryptoProvider();
+export const webhooks = new Webhooks(cryptoProvider);
+export const actions = new Actions(cryptoProvider);
+
 // Re-export types for convenience
 export type {
   AuthorizationURLOptions as UserManagementAuthorizationURLOptions,
@@ -13,78 +24,5 @@ export type {
 
 export type { SSOAuthorizationURLOptions } from './public/sso';
 
-interface WorkOSPublicOptions {
-  clientId?: string;
-  apiHostname?: string;
-  https?: boolean;
-  port?: number;
-}
-
-/**
- * WorkOS public-safe SDK for browser environments.
- * Only exposes methods that are safe to use without API keys.
- * @deprecated Use the direct method imports instead:
- * import { userManagement, sso } from '@workos-inc/node/public';
- */
-export class WorkOS {
-  private _base: WorkOSBase;
-
-  // Client-safe services
-  readonly userManagement: {
-    authenticateWithCodeAndVerifier: typeof WorkOSBase.prototype.userManagement.authenticateWithCodeAndVerifier;
-    getAuthorizationUrl: typeof WorkOSBase.prototype.userManagement.getAuthorizationUrl;
-    getLogoutUrl: typeof WorkOSBase.prototype.userManagement.getLogoutUrl;
-    getJwksUrl: typeof WorkOSBase.prototype.userManagement.getJwksUrl;
-  };
-
-  readonly sso: {
-    getAuthorizationUrl: typeof WorkOSBase.prototype.sso.getAuthorizationUrl;
-  };
-
-  readonly webhooks: typeof WorkOSBase.prototype.webhooks;
-  readonly actions: typeof WorkOSBase.prototype.actions;
-
-  constructor(options: WorkOSPublicOptions = {}) {
-    // Convert public options to base WorkOS options format
-    const baseOptions: WorkOSOptions = {
-      clientId: options.clientId,
-      apiHostname: options.apiHostname,
-      https: options.https,
-      port: options.port,
-    };
-
-    // Create base instance without API key
-    this._base = new WorkOSBase(undefined, baseOptions);
-
-    // Initialize public-safe service methods
-    this.userManagement = {
-      authenticateWithCodeAndVerifier:
-        this._base.userManagement.authenticateWithCodeAndVerifier.bind(
-          this._base.userManagement,
-        ),
-      getAuthorizationUrl: this._base.userManagement.getAuthorizationUrl.bind(
-        this._base.userManagement,
-      ),
-      getLogoutUrl: this._base.userManagement.getLogoutUrl.bind(
-        this._base.userManagement,
-      ),
-      getJwksUrl: this._base.userManagement.getJwksUrl.bind(
-        this._base.userManagement,
-      ),
-    };
-
-    this.sso = {
-      getAuthorizationUrl: this._base.sso.getAuthorizationUrl.bind(
-        this._base.sso,
-      ),
-    };
-
-    // These services are fully public-safe - expose entirely
-    this.webhooks = this._base.webhooks;
-    this.actions = this._base.actions;
-  }
-
-  get version() {
-    return this._base.version;
-  }
-}
+// Note: If you need authenticateWithCodeAndVerifier, use the full WorkOS SDK
+// as it requires server-side API key authentication
