workos 0.0.1

data/lib/workos.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+# typed: true
+
+
+require 'workos/version'
+require 'sorbet-runtime'
+
+# Use the WorkOS module to authenticate your
+# requests to the WorkOS API. The gem will read
+# your API key automatically from the ENV var `WORKOS_KEY`.
+# Alternatively, you can set the key yourself with
+# `WorkOS.key = [your api key]` somewhere in the load path of
+# your application, such as an initializer.
+module WorkOS
+  API_HOSTNAME = 'api.workos.com'
+
+  def self.key=(value)
+    Base.key = value
+  end
+
+  def self.key
+    Base.key
+  end
+
+  def self.key!
+    key || raise('WorkOS.key not set')
+  end
+
+  autoload :Types, 'workos/types'
+  autoload :Base, 'workos/base'
+  autoload :Profile, 'workos/profile'
+  autoload :RequestError, 'workos/request_error'
+  autoload :SSO, 'workos/sso'
+
+  WorkOS.key = ENV['WORKOS_KEY'] unless ENV['WORKOS_KEY'].nil?
+end

data/lib/workos/base.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+# typed: true
+# rubocop:disable Style/Documentation
+
+
+module WorkOS
+  class Base
+    attr_accessor :key
+    class << self
+      attr_writer :key
+    end
+
+    class << self
+      attr_reader :key
+    end
+  end
+end
+# rubocop:enable Style/Documentation

data/lib/workos/profile.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+# typed: true
+
+
+require 'json'
+
+module WorkOS
+  # The Profile class provides a lighweight wrapper around
+  # a normalized response from the various IDPs WorkOS
+  # supports as part of the SSO integration. This class
+  # is not meant ot be instantiated in user space, and
+  # is instantiated internally but exposed.
+  class Profile
+    extend T::Sig
+
+    sig { returns(String) }
+    attr_accessor :id, :email, :first_name, :last_name,
+                  :connection_type, :idp_id
+
+    sig { params(profile_json: String).void }
+    def initialize(profile_json)
+      raw = parse_json(profile_json)
+
+      @id              = T.let(raw.id, String)
+      @email           = T.let(raw.email, String)
+      @first_name      = T.let(raw.first_name, String)
+      @last_name       = T.let(raw.last_name, String)
+      @connection_type = T.let(raw.connection_type, String)
+      @idp_id          = T.let(raw.idp_id, String)
+    end
+
+    sig { returns(String) }
+    def full_name
+      [first_name, last_name].compact.join(' ')
+    end
+
+    private
+
+    sig { params(json_string: String).returns(WorkOS::Types::ProfileStruct) }
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOS::Types::ProfileStruct.new(
+        id: hash[:profile][:id],
+        email: hash[:profile][:email],
+        first_name: hash[:profile][:first_name],
+        last_name: hash[:profile][:last_name],
+        connection_type: hash[:profile][:connection_type],
+        idp_id: hash[:profile][:idp_id],
+      )
+    end
+  end
+end

data/lib/workos/request_error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+module WorkOS
+  # Raised when an API request is unsuccessful
+  class RequestError < StandardError; end
+end

data/lib/workos/sso.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+# typed: true
+
+
+require 'net/http'
+require 'rack/utils'
+require 'uri'
+
+module WorkOS
+  # The SSO module provides convenience methods for working with the WorkOS
+  # SSO service. You'll need a valid API key, a project ID, and to have
+  # created an SSO connection on your WorkOS dashboard.
+  #
+  # @see https://dashboard.workos.com/docs/sso/what-is-sso
+  module SSO
+    class << self
+      extend T::Sig
+
+      sig do
+        params(
+          domain: String,
+          project_id: String,
+          redirect_uri: String,
+          state: Hash,
+        ).returns(String)
+      end
+
+      # Generate an Oauth2 authorization URL where your users will
+      # authenticate using the configured SSO Identity Provider.
+      #
+      # @param [String] domain The domain for the relevant SSO Connection
+      #  configured on your WorkOS dashboard
+      # @param [String] project_id The WorkOS project ID for the project
+      #  where you've  configured your SSO connection
+      # @param [String] redirect_uri The URI where users are directed
+      #  after completing the authentication step. Must match a
+      #  configured redirect URI on your WorkOS dashboard
+      # @param [Hash] state An aribtrary state object
+      #  that is preserved and available to the client in the response.
+      # @example
+      #   WorkOS::SSO.authorization_url(
+      #     domain: 'acme.com',
+      #     project_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
+      #     redirect_uri: 'https://workos.com/callback',
+      #     state: {
+      #       next_page: '/docs'
+      #     }
+      #   )
+      #
+      #   => "https://api.workos.com/sso/authorize?domain=acme.com" \
+      #      "&client_id=project_01DG5TGK363GRVXP3ZS40WNGEZ" \
+      #      "&redirect_uri=https%3A%2F%2Fworkos.com%2Fcallback&" \
+      #      "response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdocs%22%7D"
+      #
+      # @return [String]
+      def authorization_url(domain:, project_id:, redirect_uri:, state: {})
+        query = Rack::Utils.build_query(
+          domain: domain,
+          client_id: project_id,
+          redirect_uri: redirect_uri,
+          response_type: 'code',
+          state: state,
+        )
+
+        "https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
+      end
+
+      sig do
+        params(
+          code: String,
+          project_id: String,
+          redirect_uri: String,
+        ).returns(WorkOS::Profile)
+      end
+
+      # Fetch the profile details for the authenticated SSO user.
+      #
+      # @param [String] code The authorization code provided in the callback URL
+      # @param [String] project_id The WorkOS project ID for the project
+      #  where you've  configured your SSO connection
+      # @param [String] redirect_uri The URI where the user was directed
+      #  after completing the authentication step.
+      #
+      # @example
+      #   WorkOS::SSO.profile(
+      #     code: 'acme.com',
+      #     project_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
+      #     redirect_uri: 'https://workos.com/callback',
+      #   )
+      #   => #<WorkOS::Profile:0x00007fb6e4193d20
+      #         @id="prof_01DRA1XNSJDZ19A31F183ECQW5",
+      #         @email="demo@workos-okta.com",
+      #         @first_name="WorkOS",
+      #         @connection_type="OktaSAML",
+      #         @last_name="Demo",
+      #         @idp_id="00u1klkowm8EGah2H357",
+      #         @access_token="01DVX6QBS3EG6FHY2ESAA5Q65X"
+      #        >
+      #
+      # @return [WorkOS::Profile]
+      def profile(code:, project_id:, redirect_uri:)
+        query = Rack::Utils.build_query(
+          client_id: project_id,
+          client_secret: WorkOS.key!,
+          redirect_uri: redirect_uri,
+          grant_type: 'authorization_code',
+          code: code,
+        )
+
+        response = client.request(Net::HTTP::Post.new("/sso/token?#{query}"))
+        check_and_raise_error(response: response)
+
+        WorkOS::Profile.new(response.body)
+      end
+
+      private
+
+      sig { returns(Net::HTTP) }
+      def client
+        return @client if defined?(@client)
+
+        @client = Net::HTTP.new(WorkOS::API_HOSTNAME, 443)
+        @client.use_ssl = true
+
+        @client
+      end
+
+      sig { params(response: Net::HTTPResponse).void }
+      def check_and_raise_error(response:)
+        return if response.is_a? Net::HTTPOK
+
+        begin
+          message = JSON.parse(response.body)['message']
+        rescue StandardError
+          message = 'Something went wrong'
+        end
+
+        raise WorkOS::RequestError, message
+      end
+    end
+  end
+end

data/lib/workos/types.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+# typed: true
+
+
+module WorkOS
+  # WorkOS believes strongly in typed languages,
+  # so we're using Sorbet throughout this Ruby gem.
+  module Types
+    require_relative 'types/profile_struct'
+  end
+end

data/lib/workos/types/profile_struct.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+# typed: strict
+
+
+module WorkOS
+  module Types
+    # The ProfileStruct acts as a typed interface
+    # for the Profile class
+    class ProfileStruct < T::Struct
+      const :id, String
+      const :email, String
+      const :first_name, String
+      const :last_name, String
+      const :connection_type, String
+      const :idp_id, String
+    end
+  end
+end

data/lib/workos/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+# typed: true
+
+
+module WorkOS
+  VERSION = '0.0.1'
+end

data/sorbet/config

@@ -0,0 +1,2 @@
+--dir
+.

data/sorbet/rbi/gems/addressable.rbi

@@ -0,0 +1,198 @@
+# This file is autogenerated. Do not edit it by hand. Regenerate it with:
+#   srb rbi gems
+
+# typed: strong
+#
+# If you would like to make changes to this file, great! Please create the gem's shim here:
+#
+#   https://github.com/sorbet/sorbet-typed/new/master?filename=lib/addressable/all/addressable.rbi
+#
+# addressable-2.7.0
+module Addressable
+end
+module Addressable::VERSION
+end
+module Addressable::IDNA
+  def self.lookup_unicode_combining_class(codepoint); end
+  def self.lookup_unicode_compatibility(codepoint); end
+  def self.lookup_unicode_composition(unpacked); end
+  def self.lookup_unicode_lowercase(codepoint); end
+  def self.punycode_adapt(delta, numpoints, firsttime); end
+  def self.punycode_basic?(codepoint); end
+  def self.punycode_decode(punycode); end
+  def self.punycode_decode_digit(codepoint); end
+  def self.punycode_delimiter?(codepoint); end
+  def self.punycode_encode(unicode); end
+  def self.punycode_encode_digit(d); end
+  def self.to_ascii(input); end
+  def self.to_unicode(input); end
+  def self.unicode_compose(unpacked); end
+  def self.unicode_compose_pair(ch_one, ch_two); end
+  def self.unicode_decompose(unpacked); end
+  def self.unicode_decompose_hangul(codepoint); end
+  def self.unicode_downcase(input); end
+  def self.unicode_normalize_kc(input); end
+  def self.unicode_sort_canonical(unpacked); end
+end
+class Addressable::IDNA::PunycodeBadInput < StandardError
+end
+class Addressable::IDNA::PunycodeBigOutput < StandardError
+end
+class Addressable::IDNA::PunycodeOverflow < StandardError
+end
+class Addressable::URI
+  def +(uri); end
+  def ==(uri); end
+  def ===(uri); end
+  def absolute?; end
+  def authority; end
+  def authority=(new_authority); end
+  def basename; end
+  def default_port; end
+  def defer_validation; end
+  def display_uri; end
+  def domain; end
+  def dup; end
+  def empty?; end
+  def eql?(uri); end
+  def extname; end
+  def fragment; end
+  def fragment=(new_fragment); end
+  def freeze; end
+  def hash; end
+  def host; end
+  def host=(new_host); end
+  def hostname; end
+  def hostname=(new_hostname); end
+  def inferred_port; end
+  def initialize(options = nil); end
+  def inspect; end
+  def ip_based?; end
+  def join!(uri); end
+  def join(uri); end
+  def merge!(uri); end
+  def merge(hash); end
+  def normalize!; end
+  def normalize; end
+  def normalized_authority; end
+  def normalized_fragment; end
+  def normalized_host; end
+  def normalized_password; end
+  def normalized_path; end
+  def normalized_port; end
+  def normalized_query(*flags); end
+  def normalized_scheme; end
+  def normalized_site; end
+  def normalized_user; end
+  def normalized_userinfo; end
+  def omit!(*components); end
+  def omit(*components); end
+  def origin; end
+  def origin=(new_origin); end
+  def password; end
+  def password=(new_password); end
+  def path; end
+  def path=(new_path); end
+  def port; end
+  def port=(new_port); end
+  def query; end
+  def query=(new_query); end
+  def query_values(return_type = nil); end
+  def query_values=(new_query_values); end
+  def relative?; end
+  def remove_composite_values; end
+  def replace_self(uri); end
+  def request_uri; end
+  def request_uri=(new_request_uri); end
+  def route_from(uri); end
+  def route_to(uri); end
+  def scheme; end
+  def scheme=(new_scheme); end
+  def self.convert_path(path); end
+  def self.encode(uri, return_type = nil); end
+  def self.encode_component(component, character_class = nil, upcase_encoded = nil); end
+  def self.escape(uri, return_type = nil); end
+  def self.form_encode(form_values, sort = nil); end
+  def self.form_unencode(encoded_value); end
+  def self.heuristic_parse(uri, hints = nil); end
+  def self.ip_based_schemes; end
+  def self.join(*uris); end
+  def self.normalize_component(component, character_class = nil, leave_encoded = nil); end
+  def self.normalize_path(path); end
+  def self.normalized_encode(uri, return_type = nil); end
+  def self.parse(uri); end
+  def self.port_mapping; end
+  def self.unencode(uri, return_type = nil, leave_encoded = nil); end
+  def self.unencode_component(uri, return_type = nil, leave_encoded = nil); end
+  def self.unescape(uri, return_type = nil, leave_encoded = nil); end
+  def self.unescape_component(uri, return_type = nil, leave_encoded = nil); end
+  def site; end
+  def site=(new_site); end
+  def split_path(path); end
+  def tld; end
+  def tld=(new_tld); end
+  def to_hash; end
+  def to_s; end
+  def to_str; end
+  def user; end
+  def user=(new_user); end
+  def userinfo; end
+  def userinfo=(new_userinfo); end
+  def validate; end
+end
+class Addressable::URI::InvalidURIError < StandardError
+end
+module Addressable::URI::CharacterClasses
+end
+class Addressable::Template
+  def ==(template); end
+  def eql?(template); end
+  def expand(mapping, processor = nil, normalize_values = nil); end
+  def extract(uri, processor = nil); end
+  def freeze; end
+  def generate(params = nil, recall = nil, options = nil); end
+  def initialize(pattern); end
+  def inspect; end
+  def join_values(operator, return_value); end
+  def keys; end
+  def match(uri, processor = nil); end
+  def named_captures; end
+  def names; end
+  def normalize_keys(mapping); end
+  def normalize_value(value); end
+  def ordered_variable_defaults; end
+  def parse_template_pattern(pattern, processor = nil); end
+  def partial_expand(mapping, processor = nil, normalize_values = nil); end
+  def pattern; end
+  def source; end
+  def to_regexp; end
+  def transform_capture(mapping, capture, processor = nil, normalize_values = nil); end
+  def transform_partial_capture(mapping, capture, processor = nil, normalize_values = nil); end
+  def variable_defaults; end
+  def variables; end
+end
+class Addressable::Template::InvalidTemplateValueError < StandardError
+end
+class Addressable::Template::InvalidTemplateOperatorError < StandardError
+end
+class Addressable::Template::TemplateOperatorAbortedError < StandardError
+end
+class Addressable::Template::MatchData
+  def [](key, len = nil); end
+  def captures; end
+  def initialize(uri, template, mapping); end
+  def inspect; end
+  def keys; end
+  def mapping; end
+  def names; end
+  def post_match; end
+  def pre_match; end
+  def string; end
+  def template; end
+  def to_a; end
+  def to_s; end
+  def uri; end
+  def values; end
+  def values_at(*indexes); end
+  def variables; end
+end