Use /users/sessions/token and password grant type (#790)

mthadley · web-flow · commit 5d539716f25a · 2023-08-04T15:39:17.000-07:00
## Description `/users/sessions/token?grant_type=password` is the endpoint for password-based sessions going forward. ## Documentation Does this require changes to the WorkOS Docs? E.g. the [API Reference](https://workos.com/docs/reference) or code snippets need updates. ``` [ ] Yes ``` If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.
diff --git a/src/users/interfaces/authenticate-user-with-password-options.interface.ts b/src/users/interfaces/authenticate-user-with-password-options.interface.ts
@@ -1,17 +1,23 @@
 export interface AuthenticateUserWithPasswordOptions {
+  clientId: string;
   email: string;
   password: string;
   ipAddress?: string;
   userAgent?: string;
-  startSession?: boolean;
   expiresIn?: number;
 }
 
+export interface AuthenticateUserWithPasswordCredentials {
+  clientSecret: string | undefined;
+}
+
 export interface SerializedAuthenticateUserWithPasswordOptions {
+  grant_type: 'password';
+  client_id: string;
+  client_secret: string | undefined;
   email: string;
   password: string;
   ip_address?: string;
   user_agent?: string;
-  start_session?: boolean;
   expires_in?: number;
 }
diff --git a/src/users/interfaces/authenticate-user-with-token-options.interface.ts b/src/users/interfaces/authenticate-user-with-token-options.interface.ts
@@ -1,20 +1,17 @@
 export interface AuthenticateUserWithTokenOptions {
   clientId: string;
   code: string;
-  startSession?: boolean;
   expiresIn?: number;
 }
 
 export interface AuthenticateUserWithTokenCredentials {
   clientSecret: string | undefined;
-  grantType: string;
 }
 
 export interface SerializedAuthenticateUserWithTokenOptions {
+  grant_type: 'authorization_code';
   client_id: string;
   client_secret: string | undefined;
   code: string;
-  grant_type: string;
-  start_session?: boolean;
   expires_in?: number;
 }
diff --git a/src/users/serializers/authenticate-user-with-password-options.serializer.ts b/src/users/serializers/authenticate-user-with-password-options.serializer.ts
@@ -1,15 +1,19 @@
 import {
+  AuthenticateUserWithPasswordCredentials,
   AuthenticateUserWithPasswordOptions,
   SerializedAuthenticateUserWithPasswordOptions,
 } from '../interfaces';
 
 export const serializeAuthenticateUserWithPasswordOptions = (
-  options: AuthenticateUserWithPasswordOptions,
+  options: AuthenticateUserWithPasswordOptions &
+    AuthenticateUserWithPasswordCredentials,
 ): SerializedAuthenticateUserWithPasswordOptions => ({
+  grant_type: 'password',
+  client_id: options.clientId,
+  client_secret: options.clientSecret,
   email: options.email,
   password: options.password,
   ip_address: options.ipAddress,
   user_agent: options.userAgent,
-  start_session: options.startSession,
   expires_in: options.expiresIn,
 });
diff --git a/src/users/serializers/authenticate-user-with-token-options.serializer.ts b/src/users/serializers/authenticate-user-with-token-options.serializer.ts
@@ -8,10 +8,9 @@ export const serializeAuthenticateUserWithTokenOptions = (
   options: AuthenticateUserWithTokenOptions &
     AuthenticateUserWithTokenCredentials,
 ): SerializedAuthenticateUserWithTokenOptions => ({
+  grant_type: 'authorization_code',
   client_id: options.clientId,
   client_secret: options.clientSecret,
   code: options.code,
-  grant_type: options.grantType,
-  start_session: options.startSession,
   expires_in: options.expiresIn,
 });
diff --git a/src/users/users.spec.ts b/src/users/users.spec.ts
@@ -98,16 +98,17 @@ describe('UserManagement', () => {
 
   describe('authenticateUserWithPassword', () => {
     it('sends an password authentication request', async () => {
-      mock.onPost('/users/authentications').reply(200, {
+      mock.onPost('/users/sessions/token').reply(200, {
         user: userFixture,
         session: sessionFixture,
       });
       const resp = await workos.users.authenticateUserWithPassword({
+        clientId: 'proj_whatever',
         email: 'test01@example.com',
         password: 'extra-secure',
       });
 
-      expect(mock.history.post[0].url).toEqual('/users/authentications');
+      expect(mock.history.post[0].url).toEqual('/users/sessions/token');
       expect(resp).toMatchObject({
         user: {
           email: 'test01@example.com',
diff --git a/src/users/users.ts b/src/users/users.ts
@@ -83,8 +83,11 @@ export class Users {
       any,
       SerializedAuthenticateUserWithPasswordOptions
     >(
-      '/users/authentications',
-      serializeAuthenticateUserWithPasswordOptions(payload),
+      '/users/sessions/token',
+      serializeAuthenticateUserWithPasswordOptions({
+        ...payload,
+        clientSecret: this.workos.key,
+      }),
     );
 
     return deserializeAuthenticationResponse(data);
@@ -102,7 +105,6 @@ export class Users {
       serializeAuthenticateUserWithTokenOptions({
         ...payload,
         clientSecret: this.workos.key,
-        grantType: 'authorization_code',
       }),
     );
 
