workos 0.10.2 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/.ruby-version +1 -1
- data/.semaphore/semaphore.yml +8 -2
- data/Gemfile.lock +49 -36
- data/LICENSE +1 -1
- data/README.md +13 -230
- data/lib/workos.rb +5 -0
- data/lib/workos/client.rb +21 -4
- data/lib/workos/connection.rb +12 -1
- data/lib/workos/directory.rb +53 -0
- data/lib/workos/directory_group.rb +44 -0
- data/lib/workos/directory_sync.rb +63 -7
- data/lib/workos/directory_user.rb +63 -0
- data/lib/workos/organizations.rb +150 -0
- data/lib/workos/passwordless.rb +4 -0
- data/lib/workos/portal.rb +0 -80
- data/lib/workos/profile.rb +1 -2
- data/lib/workos/profile_and_token.rb +28 -0
- data/lib/workos/sso.rb +37 -104
- data/lib/workos/types.rb +3 -0
- data/lib/workos/types/connection_struct.rb +3 -0
- data/lib/workos/types/directory_group_struct.rb +13 -0
- data/lib/workos/types/directory_struct.rb +16 -0
- data/lib/workos/types/directory_user_struct.rb +19 -0
- data/lib/workos/version.rb +1 -1
- data/sorbet/rbi/gems/addressable.rbi +199 -0
- data/sorbet/rbi/gems/ast.rbi +49 -0
- data/sorbet/rbi/gems/codecov.rbi +37 -0
- data/sorbet/rbi/gems/crack.rbi +62 -0
- data/sorbet/rbi/gems/docile.rbi +36 -0
- data/sorbet/rbi/gems/hashdiff.rbi +66 -0
- data/sorbet/rbi/gems/parallel.rbi +83 -0
- data/sorbet/rbi/gems/parser.rbi +1429 -0
- data/sorbet/rbi/gems/public_suffix.rbi +104 -0
- data/sorbet/rbi/gems/rainbow.rbi +118 -0
- data/sorbet/rbi/gems/rake.rbi +644 -0
- data/sorbet/rbi/gems/regexp_parser.rbi +926 -0
- data/sorbet/rbi/gems/rexml.rbi +628 -0
- data/sorbet/rbi/gems/rspec-core.rbi +1898 -0
- data/sorbet/rbi/gems/rspec-expectations.rbi +1127 -0
- data/sorbet/rbi/gems/rspec-mocks.rbi +1099 -0
- data/sorbet/rbi/gems/rspec-support.rbi +280 -0
- data/sorbet/rbi/gems/rspec.rbi +15 -0
- data/sorbet/rbi/gems/rubocop-ast.rbi +1355 -0
- data/sorbet/rbi/gems/rubocop.rbi +7253 -0
- data/sorbet/rbi/gems/ruby-progressbar.rbi +304 -0
- data/sorbet/rbi/gems/simplecov-html.rbi +35 -0
- data/sorbet/rbi/gems/simplecov.rbi +406 -0
- data/sorbet/rbi/gems/unicode-display_width.rbi +17 -0
- data/sorbet/rbi/gems/vcr.rbi +572 -0
- data/sorbet/rbi/gems/webmock.rbi +556 -0
- data/sorbet/rbi/gems/yard.rbi +1165 -0
- data/sorbet/rbi/sorbet-typed/lib/rake/all/rake.rbi +645 -0
- data/sorbet/rbi/sorbet-typed/lib/rspec-core/all/rspec-core.rbi +1891 -0
- data/sorbet/rbi/sorbet-typed/lib/rubocop/~>0.85/rubocop.rbi +2072 -0
- data/sorbet/rbi/sorbet-typed/lib/yard/all/yard.rbi +1214 -0
- data/sorbet/rbi/todo.rbi +1 -3
- data/spec/lib/workos/audit_trail_spec.rb +0 -8
- data/spec/lib/workos/directory_sync_spec.rb +347 -40
- data/spec/lib/workos/organizations_spec.rb +164 -0
- data/spec/lib/workos/passwordless_spec.rb +0 -8
- data/spec/lib/workos/portal_spec.rb +0 -121
- data/spec/lib/workos/sso_spec.rb +141 -187
- data/spec/spec_helper.rb +2 -1
- data/spec/support/fixtures/vcr_cassettes/directory_sync/delete_directory.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/{sso/list_connections.yml → directory_sync/list_directories/with_after.yml} +7 -7
- data/spec/support/fixtures/vcr_cassettes/{sso/list_connections_with_limit_param.yml → directory_sync/list_directories/with_before.yml} +8 -8
- data/spec/support/fixtures/vcr_cassettes/{sso/list_connections_with_connection_type_param.yml → directory_sync/list_directories/with_domain.yml} +11 -10
- data/spec/support/fixtures/vcr_cassettes/{sso/list_connections_with_after_param.yml → directory_sync/list_directories/with_limit.yml} +12 -10
- data/spec/support/fixtures/vcr_cassettes/directory_sync/{list_directories.yml → list_directories/with_no_options.yml} +1 -1
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_search.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_after.yml +76 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_before.yml +74 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_directory.yml +78 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_limit.yml +74 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/{list_groups.yml → list_groups/with_no_options.yml} +16 -6
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups/with_user.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_after.yml +86 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_before.yml +75 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_directory.yml +93 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_group.yml +76 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users/with_limit.yml +75 -0
- data/spec/support/fixtures/vcr_cassettes/directory_sync/{list_users.yml → list_users/with_no_options.yml} +16 -6
- data/spec/support/fixtures/vcr_cassettes/organization/get.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/organization/get_invalid.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/organization/update.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/organization/update_invalid.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_after.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_before.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_connection_type.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/sso/{list_connections_with_domain_param.yml → list_connections/with_domain.yml} +6 -6
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_limit.yml +74 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections/with_no_options.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/sso/{list_connections_with_organization_id_param.yml → list_connections/with_organization_id.yml} +6 -6
- data/workos.gemspec +2 -0
- metadata +109 -44
- data/sorbet/rbi/hidden-definitions/errors.txt +0 -24896
- data/sorbet/rbi/hidden-definitions/hidden.rbi +0 -38411
- data/sorbet/rbi/sorbet-typed/lib/bundler/all/bundler.rbi +0 -8684
- data/sorbet/rbi/sorbet-typed/lib/ruby/all/gem.rbi +0 -4222
- data/sorbet/rbi/sorbet-typed/lib/ruby/all/open3.rbi +0 -111
- data/sorbet/rbi/sorbet-typed/lib/ruby/all/resolv.rbi +0 -543
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories_with_domain_param.yml +0 -63
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_groups_with_directory_param.yml +0 -62
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_users_with_directory_param.yml +0 -62
- data/spec/support/fixtures/vcr_cassettes/sso/create_connection_with_invalid_source.yml +0 -58
- data/spec/support/fixtures/vcr_cassettes/sso/create_connection_with_valid_source.yml +0 -63
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_before_param.yml +0 -73
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f8a9f985318b4480c50a4d0528cf5036018235833585746e3ed632020fca3d00
|
4
|
+
data.tar.gz: bc75b64c4a4ffa8b32ee2b841af1c6bdb39df729bda95cc59d9ad36206cab387
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 56d3896fd8bb4194cbb50464759c9babfe2421e56148827fe282af956fa4fb9f38eb308363e30427bed0ef3596e5c1ba99150f108208835ecdb40921e99bf67e
|
7
|
+
data.tar.gz: e5f09155ab5a7e92dc0ccd6a10af885d5802925a7db1fdaf21cbeb9902b231642284ed06aa1ce0806271fceab5f42209d1c3c1c5442c6ea42a780a6264670ce4
|
data/.rubocop.yml
CHANGED
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
3.0.1
|
data/.semaphore/semaphore.yml
CHANGED
@@ -60,10 +60,16 @@ blocks:
|
|
60
60
|
- sem-version ruby 2.6.5
|
61
61
|
- bundle install
|
62
62
|
- bundle exec rspec
|
63
|
-
- name: Ruby 2.7.
|
63
|
+
- name: Ruby 2.7.3
|
64
64
|
commands:
|
65
65
|
- checkout
|
66
|
-
- sem-version ruby 2.7.
|
66
|
+
- sem-version ruby 2.7.3
|
67
|
+
- bundle install
|
68
|
+
- bundle exec rspec
|
69
|
+
- name: Ruby 3.0.1
|
70
|
+
commands:
|
71
|
+
- checkout
|
72
|
+
- sem-version ruby 3.0.1
|
67
73
|
- bundle install
|
68
74
|
- bundle exec rspec
|
69
75
|
promotions:
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
workos (0.
|
4
|
+
workos (1.0.0)
|
5
5
|
sorbet-runtime (~> 0.5)
|
6
6
|
|
7
7
|
GEM
|
@@ -9,60 +9,73 @@ GEM
|
|
9
9
|
specs:
|
10
10
|
addressable (2.7.0)
|
11
11
|
public_suffix (>= 2.0.2, < 5.0)
|
12
|
-
ast (2.4.
|
13
|
-
codecov (0.2.
|
12
|
+
ast (2.4.2)
|
13
|
+
codecov (0.2.12)
|
14
14
|
json
|
15
15
|
simplecov
|
16
|
-
crack (0.4.
|
17
|
-
|
18
|
-
diff-lcs (1.
|
19
|
-
docile (1.3.
|
20
|
-
hashdiff (1.0.
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
public_suffix (4.0.2)
|
16
|
+
crack (0.4.5)
|
17
|
+
rexml
|
18
|
+
diff-lcs (1.4.4)
|
19
|
+
docile (1.3.5)
|
20
|
+
hashdiff (1.0.1)
|
21
|
+
json (2.5.1)
|
22
|
+
parallel (1.20.1)
|
23
|
+
parser (3.0.1.0)
|
24
|
+
ast (~> 2.4.1)
|
25
|
+
public_suffix (4.0.6)
|
27
26
|
rainbow (3.0.0)
|
28
|
-
rake (13.0.
|
27
|
+
rake (13.0.3)
|
28
|
+
regexp_parser (2.1.1)
|
29
|
+
rexml (3.2.5)
|
29
30
|
rspec (3.9.0)
|
30
31
|
rspec-core (~> 3.9.0)
|
31
32
|
rspec-expectations (~> 3.9.0)
|
32
33
|
rspec-mocks (~> 3.9.0)
|
33
|
-
rspec-core (3.9.
|
34
|
-
rspec-support (~> 3.9.
|
35
|
-
rspec-expectations (3.9.
|
34
|
+
rspec-core (3.9.3)
|
35
|
+
rspec-support (~> 3.9.3)
|
36
|
+
rspec-expectations (3.9.4)
|
36
37
|
diff-lcs (>= 1.2.0, < 2.0)
|
37
38
|
rspec-support (~> 3.9.0)
|
38
|
-
rspec-mocks (3.9.
|
39
|
+
rspec-mocks (3.9.1)
|
39
40
|
diff-lcs (>= 1.2.0, < 2.0)
|
40
41
|
rspec-support (~> 3.9.0)
|
41
|
-
rspec-support (3.9.
|
42
|
-
rubocop (0.
|
43
|
-
jaro_winkler (~> 1.5.1)
|
42
|
+
rspec-support (3.9.4)
|
43
|
+
rubocop (0.93.1)
|
44
44
|
parallel (~> 1.10)
|
45
|
-
parser (>= 2.
|
45
|
+
parser (>= 2.7.1.5)
|
46
46
|
rainbow (>= 2.2.2, < 4.0)
|
47
|
+
regexp_parser (>= 1.8)
|
48
|
+
rexml
|
49
|
+
rubocop-ast (>= 0.6.0)
|
47
50
|
ruby-progressbar (~> 1.7)
|
48
|
-
unicode-display_width (>= 1.4.0, <
|
49
|
-
|
50
|
-
|
51
|
-
|
51
|
+
unicode-display_width (>= 1.4.0, < 2.0)
|
52
|
+
rubocop-ast (1.4.1)
|
53
|
+
parser (>= 2.7.1.5)
|
54
|
+
ruby-progressbar (1.11.0)
|
55
|
+
simplecov (0.21.2)
|
52
56
|
docile (~> 1.1)
|
53
57
|
simplecov-html (~> 0.11)
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
sorbet
|
58
|
-
|
59
|
-
|
58
|
+
simplecov_json_formatter (~> 0.1)
|
59
|
+
simplecov-html (0.12.3)
|
60
|
+
simplecov_json_formatter (0.1.2)
|
61
|
+
sorbet (0.5.6388)
|
62
|
+
sorbet-static (= 0.5.6388)
|
63
|
+
sorbet-runtime (0.5.6403)
|
64
|
+
sorbet-static (0.5.6388-universal-darwin-14)
|
65
|
+
sorbet-static (0.5.6388-universal-darwin-15)
|
66
|
+
sorbet-static (0.5.6388-universal-darwin-16)
|
67
|
+
sorbet-static (0.5.6388-universal-darwin-17)
|
68
|
+
sorbet-static (0.5.6388-universal-darwin-18)
|
69
|
+
sorbet-static (0.5.6388-universal-darwin-19)
|
70
|
+
sorbet-static (0.5.6388-universal-darwin-20)
|
71
|
+
sorbet-static (0.5.6388-x86_64-linux)
|
72
|
+
unicode-display_width (1.7.0)
|
60
73
|
vcr (5.0.0)
|
61
|
-
webmock (3.
|
74
|
+
webmock (3.12.2)
|
62
75
|
addressable (>= 2.3.6)
|
63
76
|
crack (>= 0.3.2)
|
64
77
|
hashdiff (>= 0.4.0, < 2.0.0)
|
65
|
-
yard (0.9.
|
78
|
+
yard (0.9.26)
|
66
79
|
|
67
80
|
PLATFORMS
|
68
81
|
ruby
|
@@ -80,4 +93,4 @@ DEPENDENCIES
|
|
80
93
|
yard
|
81
94
|
|
82
95
|
BUNDLED WITH
|
83
|
-
2.
|
96
|
+
2.2.16
|
data/LICENSE
CHANGED
data/README.md
CHANGED
@@ -1,22 +1,22 @@
|
|
1
|
-
#
|
1
|
+
# WorkOS Ruby Library
|
2
2
|
|
3
|
-
WorkOS
|
3
|
+
The WorkOS library for Ruby provides convenient access to the WorkOS API from applications written in Ruby.
|
4
4
|
|
5
5
|
## Documentation
|
6
6
|
|
7
|
-
|
7
|
+
See the [API Reference](https://workos.com/docs/reference/client-libraries) for Ruby usage examples.
|
8
8
|
|
9
9
|
## Installation
|
10
10
|
|
11
|
-
|
11
|
+
Install the package with:
|
12
12
|
|
13
|
-
```
|
13
|
+
```
|
14
14
|
gem install workos
|
15
15
|
```
|
16
16
|
|
17
17
|
If you're using Bundler to manage your application's gems, add the WorkOS gem to your Gemfile:
|
18
18
|
|
19
|
-
```
|
19
|
+
```
|
20
20
|
source 'https://rubygems.org'
|
21
21
|
|
22
22
|
gem 'workos'
|
@@ -24,17 +24,13 @@ gem 'workos'
|
|
24
24
|
|
25
25
|
## Configuration
|
26
26
|
|
27
|
-
To use the
|
28
|
-
|
29
|
-
You can do this through the `WORKOS_API_KEY` environment variable or by calling `WorkOS.key = [your API key]`.
|
30
|
-
|
31
|
-
The WorkOS Gem will read the environment variable `WORKOS_API_KEY`:
|
27
|
+
To use the library you must provide an API key, located in the WorkOS dashboard, as an environment variable `WORKOS_API_KEY`:
|
32
28
|
|
33
29
|
```sh
|
34
30
|
$ WORKOS_API_KEY=[your api key] ruby app.rb
|
35
31
|
```
|
36
32
|
|
37
|
-
|
33
|
+
Or, you may set the key yourself, such as in an initializer in your application load path:
|
38
34
|
|
39
35
|
```ruby
|
40
36
|
# /config/initializers/workos.rb
|
@@ -42,222 +38,9 @@ Alternatively, you may set the key yourself, such as in an initializer in your a
|
|
42
38
|
WorkOS.key = '[your api key]'
|
43
39
|
```
|
44
40
|
|
45
|
-
##
|
46
|
-
|
47
|
-
The SSO Module provides convenient methods for authenticating a Single Sign On (SSO) user via WorkOS. WorkOS SSO follows the OAuth 2.0 specification.
|
48
|
-
|
49
|
-
First, you'll direct your SSO users to an `authorization_url`. They will sign in to their SSO account with their Identity Provider, and be redirected to a
|
50
|
-
callback URL that you set in your WorkOS Dashboard. The user will be redirected with a `code` URL parameter, which you can then exchange for a WorkOS::Profile
|
51
|
-
using the `WorkOS::SSO.get_profile` method.
|
52
|
-
|
53
|
-
See our Ruby SSO example app for a [complete example](https://github.com/workos-inc/ruby-sso-example).
|
54
|
-
|
55
|
-
```ruby
|
56
|
-
WorkOS::SSO.authorization_url(domain:, client_id:, redirect_uri:, state: {})
|
57
|
-
```
|
58
|
-
|
59
|
-
> Generate an authorization URL to intitiate the WorkOS OAuth2 workflow.
|
60
|
-
|
61
|
-
`WorkOS::SSO.authorization_url` accepts four arguments:
|
62
|
-
|
63
|
-
- `domain` (string) — the authenticating user's company domain, without protocol (ex. `example.com`)
|
64
|
-
- `client_id` (string) — your application's WorkOS [Client ID](https://dashboard.workos.com/sso/configuration) (ex. `project_01JG3BCPTRTSTTWQR4VSHXGWCQ`)
|
65
|
-
- `state` (optional, hash) — an optional hash used to manage state across authorization transactions (ex. `{ next_page: '/docs'}`)
|
66
|
-
- `redirect_uri` (string) — a callback URL where your application redirects the user-agent after an authorization code is granted (ex. `workos.dev/callback`). This must match one of your configured callback URLs for the associated environment on your WorkOS dashboard.
|
67
|
-
|
68
|
-
This method will return an OAuth2 query string of the form:
|
69
|
-
|
70
|
-
`https://${domain}/sso/authorize?response_type=code&client_id=${clientID}&redirect_uri=${redirectURI}&state=${state}`
|
71
|
-
|
72
|
-
For example, when used in a [Sinatra app](http://sinatrarb.com/):
|
73
|
-
|
74
|
-
```ruby
|
75
|
-
DOMAIN = 'example.com'
|
76
|
-
CLIENT_ID = '{clientId}'
|
77
|
-
REDIRECT_URI = 'http://localhost:4567/callback'
|
78
|
-
|
79
|
-
get '/auth' do
|
80
|
-
authorization_url = WorkOS::SSO.authorization_url(
|
81
|
-
domain: DOMAIN,
|
82
|
-
client_id: CLIENT_ID,
|
83
|
-
redirect_uri: REDIRECT_URI,
|
84
|
-
)
|
85
|
-
|
86
|
-
redirect authorization_url
|
87
|
-
end
|
88
|
-
```
|
89
|
-
|
90
|
-
The user would be redirected to:
|
91
|
-
|
92
|
-
`https://api.workos.com/sso/authorize?response_type=code&client_id={clientID}&redirect_uri=http://localhost:4567/callback`
|
93
|
-
|
94
|
-
WorkOS takes over from here, sending the user to authenticate with their IDP, and on successful login, returns
|
95
|
-
the user to your callback URL with a `code` parameter. You'll use `WorkOS::SSO.profile` to exchange the
|
96
|
-
code for a `WorkOS::Profile`.
|
97
|
-
|
98
|
-
```ruby
|
99
|
-
WorkOS::SSO.profile(code:, client_id:)
|
100
|
-
```
|
101
|
-
|
102
|
-
> Fetch a WorkOS::Profile for an authorized user.
|
103
|
-
|
104
|
-
`WorkOS::SSO.profile` accepts two arguments:
|
105
|
-
|
106
|
-
- `code` (string) — an opaque string provided by the authorization server; will be exchanged for an Access Token when the user's profile is sent
|
107
|
-
- `client_id` (string) — your application's WorkOS [Client ID](https://dashboard.workos.com/sso/configuration) (ex. `project_01JG3BCPTRTSTTWQR4VSHXGWCQ`)
|
108
|
-
|
109
|
-
This method will return an instance of a `WorkOS::Profile` with the following attributes:
|
110
|
-
|
111
|
-
```ruby
|
112
|
-
<WorkOS::Profile:0x00007fb6e4193d20
|
113
|
-
@id="prof_01DRA1XNSJDZ19A31F183ECQW5",
|
114
|
-
@email="demo@workos-okta.com",
|
115
|
-
@first_name="WorkOS",
|
116
|
-
@connection_id="conn_01EMH8WAK20T42N2NBMNBCYHAG",
|
117
|
-
@connection_type="OktaSAML",
|
118
|
-
@last_name="Demo",
|
119
|
-
@idp_id="00u1klkowm8EGah2H357",
|
120
|
-
@raw_attributes={
|
121
|
-
:id=>"prof_01DRA1XNSJDZ19A31F183ECQW5",
|
122
|
-
:email=>"demo@workos-okta.com",
|
123
|
-
:first_name=>"WorkOS",
|
124
|
-
:last_name=>"Demo",
|
125
|
-
:idp_id=>"00u1klkowm8EGah2H357"
|
126
|
-
},
|
127
|
-
>
|
128
|
-
```
|
129
|
-
|
130
|
-
Our Sinatra app can be extended to use this method:
|
131
|
-
|
132
|
-
```ruby
|
133
|
-
DOMAIN = 'example.com'
|
134
|
-
CLIENT_ID = '{clientId}'
|
135
|
-
REDIRECT_URI = 'http://localhost:4567/callback'
|
136
|
-
|
137
|
-
get '/auth' do
|
138
|
-
authorization_url = WorkOS::SSO.authorization_url(
|
139
|
-
domain: DOMAIN,
|
140
|
-
client_id: CLIENT_ID,
|
141
|
-
redirect_uri: REDIRECT_URI,
|
142
|
-
)
|
143
|
-
|
144
|
-
redirect authorization_url
|
145
|
-
end
|
146
|
-
|
147
|
-
get '/callback' do
|
148
|
-
profile = WorkOS::SSO.profile(
|
149
|
-
code: params['code'],
|
150
|
-
client_id: CLIENT_ID,
|
151
|
-
)
|
152
|
-
|
153
|
-
session[:user] = profile.to_json
|
154
|
-
|
155
|
-
redirect '/'
|
156
|
-
end
|
157
|
-
```
|
158
|
-
|
159
|
-
Given the `WorkOS::Profile`, you can now sign the user in according to your own authentication setup.
|
160
|
-
|
161
|
-
## The Magic Link Module
|
162
|
-
|
163
|
-
The Magic Link Module provides methods for authenticating a Passwordless user via WorkOS.
|
164
|
-
|
165
|
-
First, you'll create a Passwordless Session for a Magic Link connection.
|
166
|
-
Then, using the session ID, you'll email a user the Magic Link confirmation URL.
|
167
|
-
The user can then click on that link to be authenticated to your application.
|
168
|
-
|
169
|
-
> Create a Passwordless Session for a Magic Link Connection.
|
170
|
-
|
171
|
-
`WorkOS::Passwordless.create_session` accepts four arguments:
|
172
|
-
|
173
|
-
- `email` (string) - the email of the user to authenticate.
|
174
|
-
- `type` (string) - The type of Passwordless Session to create. Currently, the only supported value is `MagicLink`.
|
175
|
-
- `state` (optional, string) - Optional parameter that a Developer can choose to include in their authorization URL. If included, then the redirect URI received from WorkOS will contain the exact `state` that was passed in the authorization URL.
|
176
|
-
- `redirect_uri` (string) - a callback URL where your application redirects the user-agent after an authorization code is granted (ex. `workos.dev/callback`). This must match one of your configured callback URLs for the associated environment on your WorkOS dashboard.
|
177
|
-
|
178
|
-
This method will return a Passwordless Session object, containing the following attributes:
|
179
|
-
|
180
|
-
- `id` (string) - the unique ID of the session.
|
181
|
-
- `email` (string) - the email address of the user for the session.
|
182
|
-
- `expires_at` (date) - the ISO-8601 datetime at which the session expires.
|
183
|
-
- `link` (string) - the link for the user to authenticate with. You can use this link to send a custom email to the user, or send an email using the `WorkOS::Passwordless.send_session` method, described below.
|
184
|
-
|
185
|
-
> Email a user the Magic Link confirmation URL.
|
186
|
-
|
187
|
-
`WorkOS::Passwordless.send_session` accepts one argument:
|
188
|
-
|
189
|
-
- `id` (string) - the unique identifier of the Passwordless Session to send an email for.
|
190
|
-
|
191
|
-
This method will return a boolean confirming the Magic Link was sent.
|
192
|
-
|
193
|
-
> Example with Sinatra application
|
194
|
-
|
195
|
-
Our Sinatra app can be altered to use Magic Link:
|
196
|
-
|
197
|
-
```ruby
|
198
|
-
CLIENT_ID = '{clientId}'
|
199
|
-
REDIRECT_URI = 'http://localhost:4567/callback'
|
200
|
-
|
201
|
-
post '/passwordless-auth' do
|
202
|
-
session = WorkOS::Passwordless.create_session(
|
203
|
-
email: params[:email],
|
204
|
-
type: 'MagicLink',
|
205
|
-
redirect_uri: REDIRECT_URI
|
206
|
-
)
|
207
|
-
WorkOS::Passwordless.send_session(session.id)
|
208
|
-
|
209
|
-
redirect '/check-email'
|
210
|
-
end
|
211
|
-
|
212
|
-
get '/callback' do
|
213
|
-
profile = WorkOS::SSO.profile(
|
214
|
-
code: params['code'],
|
215
|
-
client_id: CLIENT_ID,
|
216
|
-
)
|
217
|
-
|
218
|
-
session[:user] = profile.to_json
|
219
|
-
|
220
|
-
redirect '/'
|
221
|
-
end
|
222
|
-
```
|
223
|
-
|
224
|
-
## The Audit Trail Module
|
225
|
-
|
226
|
-
The Audit Trail Module provides methods for creating Audit Trail events on
|
227
|
-
WorkOS.
|
228
|
-
|
229
|
-
See our [Audit Trail
|
230
|
-
Overview](https://docs.workos.com/audit-trail/overview) for
|
231
|
-
more information.
|
232
|
-
|
233
|
-
```ruby
|
234
|
-
payload = {
|
235
|
-
group: 'Foo Corp',
|
236
|
-
location: '127.0.0.1',
|
237
|
-
action: 'user.created',
|
238
|
-
action_type: 'C',
|
239
|
-
actor_name: 'Foo',
|
240
|
-
actor_id: 'user_12345',
|
241
|
-
target_name: 'Bar',
|
242
|
-
target_id: 'user_67890',
|
243
|
-
occurred_at: '2020-01-10T15:30:00-05:00',
|
244
|
-
metadata: {
|
245
|
-
source: 'Email',
|
246
|
-
}
|
247
|
-
}
|
248
|
-
|
249
|
-
WorkOS::AuditTrail.create_event(event: payload)
|
250
|
-
```
|
251
|
-
|
252
|
-
### Idempotency
|
253
|
-
|
254
|
-
To perform an idempotent request, provide an additional idempotency_key
|
255
|
-
parameter to the `create_event` options.
|
256
|
-
|
257
|
-
```ruby
|
258
|
-
WorkOS::AuditTrail.create_event(event: payload, idempotency_key: 'key123456')
|
259
|
-
```
|
41
|
+
## More Information
|
260
42
|
|
261
|
-
|
262
|
-
|
263
|
-
|
43
|
+
* [Single Sign-On Guide](https://workos.com/docs/sso/guide)
|
44
|
+
* [Directory Sync Guide](https://workos.com/docs/directory-sync/guide)
|
45
|
+
* [Admin Portal Guide](https://workos.com/docs/admin-portal/guide)
|
46
|
+
* [Magic Link Guide](https://workos.com/docs/magic-link/guide)
|