feat: add rate limit policies, group/org role management, and user effective roles/permissions

package.json

@@ -73,7 +73,7 @@
     "dependencies": {
         "uuid": "^11.1.1",
         "jose": "^4.13.2",
-        "auth0-legacy": "npm:auth0@^4.27.0"
+        "auth0-legacy": "npm:auth0@^4.37.1"
     },
     "devDependencies": {
         "webpack": "^5.105.4",
@@ -84,7 +84,7 @@
         "ts-jest": "^29.3.4",
         "jest-environment-jsdom": "^29.7.0",
         "msw": "2.11.2",
-        "@types/node": "^18.19.70",
+        "@types/node": "^20.0.0",
         "typescript": "~5.9.3",
         "prettier": "3.8.1",
         "typedoc": "^0.28.7",

pr-1348-description.md

@@ -0,0 +1,65 @@
+feat: add rate limit policies, group/org role management, and user effective roles/permissions
+
+### Changes
+
+#### New Endpoints & Resources
+
+- **Rate Limit Policies** (`client.rateLimitPolicies.*`) — full CRUD: `list`, `create`, `get`, `update`, `delete`
+- **Group Roles** (`client.groups.roles.*`) — `list`, `create`, `delete` roles assigned to a group
+- **Roles Groups** (`client.roles.groups.*`) — list and manage groups associated with a role
+- **Organization Groups** (`client.organizations.groups.*`) — list groups within an organization
+- **Organization Group Roles** (`client.organizations.groups.roles.*`) — `list`, `create`, `delete` roles for an org group
+- **Organization Member Effective Roles** (`client.organizations.members.effectiveRoles.*`) — list effective roles for an org member, including group-sourced roles via `client.organizations.members.effectiveRoles.sources.groups.*`
+- **User Effective Permissions** (`client.users.effectivePermissions.*`) — list effective permissions for a user, with role-source drill-down via `client.users.effectivePermissions.sources.roles.*`
+- **User Effective Roles** (`client.users.effectiveRoles.*`) — list effective roles for a user, with group-source drill-down via `client.users.effectiveRoles.sources.groups.*`
+
+#### New Fields
+
+- **FedCM Login** (`fedcm_login`) — new field on client create/update to configure the Google FedCM prompt on New Universal Login
+
+#### Usage: Rate Limit Policies
+
+```typescript
+// List rate limit policies (paginated)
+const page = await client.rateLimitPolicies.list({ page: 0, per_page: 20 });
+
+// Create a new policy
+await client.rateLimitPolicies.create({
+    /* policy params */
+});
+
+// Get, update, delete by ID
+await client.rateLimitPolicies.get("id");
+await client.rateLimitPolicies.update("id", {
+    /* updated params */
+});
+await client.rateLimitPolicies.delete("id");
+```
+
+#### Usage: User Effective Roles & Permissions
+
+```typescript
+// List effective roles for a user
+const roles = await client.users.effectiveRoles.list("user_id", { page: 0 });
+
+// Drill down into group-sourced roles
+const groups = await client.users.effectiveRoles.sources.groups.list("user_id", { page: 0 });
+
+// List effective permissions
+const perms = await client.users.effectivePermissions.list("user_id", { page: 0 });
+
+// Drill into role sources of those permissions
+const roleSources = await client.users.effectivePermissions.sources.roles.list("user_id", { page: 0 });
+```
+
+#### Usage: Organization Groups
+
+```typescript
+// List groups in an organization
+const groups = await client.organizations.groups.list("org_id", { page: 0 });
+
+// Manage roles assigned to an org group
+await client.organizations.groups.roles.list("org_id", "group_id");
+await client.organizations.groups.roles.create("org_id", "group_id", { roles: ["role_id"] });
+await client.organizations.groups.roles.delete("org_id", "group_id", { roles: ["role_id"] });
+```

src/management/BaseClient.ts

@@ -5,6 +5,12 @@ import * as core from "./core/index.js";
 import type { AuthProvider } from "./core/auth/index.js";
 import * as environments from "./environments.js";
 
+export type AuthOption =
+    | false
+    | core.AuthProvider["getAuthRequest"]
+    | core.AuthProvider
+    | BearerAuthProvider.AuthOptions;
+
 export type BaseClientOptions = {
     environment?: core.Supplier<environments.ManagementEnvironment | string>;
     /** Specify a custom URL to connect the client to. */
@@ -20,6 +26,8 @@ export type BaseClientOptions = {
     fetcher?: core.FetchFunction;
     /** Configure logging for the client. */
     logging?: core.logging.LogConfig | core.logging.Logger;
+    /** Override auth. Pass false to disable, a function returning auth headers, an AuthProvider, or auth options. */
+    auth?: AuthOption;
 } & BearerAuthProvider.AuthOptions;
 
 export interface BaseRequestOptions {
@@ -58,6 +66,23 @@ export function normalizeClientOptionsWithAuth<T extends BaseClientOptions = Bas
     options: T,
 ): NormalizedClientOptionsWithAuth<T> {
     const normalized = normalizeClientOptions(options) as NormalizedClientOptionsWithAuth<T>;
+
+    if (options.auth === false) {
+        normalized.authProvider = new core.NoOpAuthProvider();
+        return normalized;
+    }
+    if (options.auth != null) {
+        if (typeof options.auth === "function") {
+            normalized.authProvider = { getAuthRequest: options.auth };
+            return normalized;
+        }
+        if (core.isAuthProvider(options.auth)) {
+            normalized.authProvider = options.auth;
+            return normalized;
+        }
+        Object.assign(normalized, options.auth);
+    }
+
     const normalizedWithNoOpAuthProvider = withNoOpAuthProvider(normalized);
     normalized.authProvider ??= new BearerAuthProvider(normalizedWithNoOpAuthProvider);
     return normalized;

src/management/Client.ts

@@ -26,6 +26,7 @@ import { LogStreamsClient } from "./api/resources/logStreams/client/Client.js";
 import { NetworkAclsClient } from "./api/resources/networkAcls/client/Client.js";
 import { OrganizationsClient } from "./api/resources/organizations/client/Client.js";
 import { PromptsClient } from "./api/resources/prompts/client/Client.js";
+import { RateLimitPoliciesClient } from "./api/resources/rateLimitPolicies/client/Client.js";
 import { RefreshTokensClient } from "./api/resources/refreshTokens/client/Client.js";
 import { ResourceServersClient } from "./api/resources/resourceServers/client/Client.js";
 import { RiskAssessmentsClient } from "./api/resources/riskAssessments/client/Client.js";
@@ -79,6 +80,7 @@ export class ManagementClient {
     protected _networkAcls: NetworkAclsClient | undefined;
     protected _organizations: OrganizationsClient | undefined;
     protected _prompts: PromptsClient | undefined;
+    protected _rateLimitPolicies: RateLimitPoliciesClient | undefined;
     protected _refreshTokens: RefreshTokensClient | undefined;
     protected _resourceServers: ResourceServersClient | undefined;
     protected _roles: RolesClient | undefined;
@@ -194,6 +196,10 @@ export class ManagementClient {
         return (this._prompts ??= new PromptsClient(this._options));
     }
 
+    public get rateLimitPolicies(): RateLimitPoliciesClient {
+        return (this._rateLimitPolicies ??= new RateLimitPoliciesClient(this._options));
+    }
+
     public get refreshTokens(): RefreshTokensClient {
         return (this._refreshTokens ??= new RefreshTokensClient(this._options));
     }