workos 0.11.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +2 -0
  3. data/.semaphore/semaphore.yml +2 -2
  4. data/Gemfile.lock +2 -2
  5. data/LICENSE +1 -1
  6. data/README.md +13 -230
  7. data/lib/workos.rb +2 -0
  8. data/lib/workos/client.rb +21 -3
  9. data/lib/workos/connection.rb +5 -1
  10. data/lib/workos/directory_user.rb +4 -1
  11. data/lib/workos/organizations.rb +171 -0
  12. data/lib/workos/passwordless.rb +4 -0
  13. data/lib/workos/portal.rb +0 -80
  14. data/lib/workos/profile.rb +8 -10
  15. data/lib/workos/profile_and_token.rb +28 -0
  16. data/lib/workos/sso.rb +25 -100
  17. data/lib/workos/types/connection_struct.rb +1 -0
  18. data/lib/workos/types/directory_user_struct.rb +1 -0
  19. data/lib/workos/version.rb +1 -1
  20. data/spec/lib/workos/organizations_spec.rb +191 -0
  21. data/spec/lib/workos/portal_spec.rb +0 -113
  22. data/spec/lib/workos/sso_spec.rb +35 -115
  23. data/spec/support/fixtures/vcr_cassettes/organization/delete.yml +72 -0
  24. data/spec/support/fixtures/vcr_cassettes/organization/delete_invalid.yml +72 -0
  25. data/spec/support/fixtures/vcr_cassettes/organization/get.yml +73 -0
  26. data/spec/support/fixtures/vcr_cassettes/{sso/create_connection_with_invalid_source.yml → organization/get_invalid.yml} +26 -12
  27. data/spec/support/fixtures/vcr_cassettes/organization/update.yml +73 -0
  28. data/spec/support/fixtures/vcr_cassettes/organization/update_invalid.yml +73 -0
  29. data/spec/support/fixtures/vcr_cassettes/sso/profile.yml +74 -0
  30. data/workos.gemspec +1 -1
  31. metadata +23 -9
  32. data/spec/support/fixtures/vcr_cassettes/sso/create_connection_with_valid_source.yml +0 -63
@@ -0,0 +1,171 @@
1
+ # frozen_string_literal: true
2
+ # typed: true
3
+
4
+ require 'net/http'
5
+
6
+ module WorkOS
7
+ # The Organizations module provides resource methods for working with Organizations
8
+ module Organizations
9
+ class << self
10
+ extend T::Sig
11
+ include Base
12
+ include Client
13
+
14
+ # Retrieve a list of organizations that have connections configured
15
+ # within your WorkOS dashboard.
16
+ #
17
+ # @param [Array<String>] domains Filter organizations to only return those
18
+ # that are associated with the provided domains.
19
+ # @param [String] before A pagination argument used to request
20
+ # organizations before the provided Organization ID.
21
+ # @param [String] after A pagination argument used to request
22
+ # organizations after the provided Organization ID.
23
+ # @param [Integer] limit A pagination argument used to limit the number
24
+ # of listed Organizations that are returned.
25
+ sig do
26
+ params(
27
+ options: T::Hash[Symbol, String],
28
+ ).returns(WorkOS::Types::ListStruct)
29
+ end
30
+ def list_organizations(options = {})
31
+ response = execute_request(
32
+ request: get_request(
33
+ path: '/organizations',
34
+ auth: true,
35
+ params: options,
36
+ ),
37
+ )
38
+
39
+ parsed_response = JSON.parse(response.body)
40
+
41
+ organizations = parsed_response['data'].map do |organization|
42
+ ::WorkOS::Organization.new(organization.to_json)
43
+ end
44
+
45
+ WorkOS::Types::ListStruct.new(
46
+ data: organizations,
47
+ list_metadata: parsed_response['listMetadata'],
48
+ )
49
+ end
50
+
51
+ # Get an Organization
52
+ #
53
+ # @param [String] id Organization unique identifier
54
+ #
55
+ # @example
56
+ # WorkOS::Portal.get_organization(id: 'org_02DRA1XNSJDZ19A31F183ECQW9')
57
+ # => #<WorkOS::Organization:0x00007fb6e4193d20
58
+ # @id="org_02DRA1XNSJDZ19A31F183ECQW9",
59
+ # @name="Foo Corp",
60
+ # @domains=
61
+ # [{:object=>"organization_domain",
62
+ # :id=>"org_domain_01E6PK9N3XMD8RHWF7S66380AR",
63
+ # :domain=>"foo-corp.com"}]>
64
+ #
65
+ # @return [WorkOS::Organization]
66
+ sig { params(id: String).returns(WorkOS::Organization) }
67
+ def get_organization(id:)
68
+ request = get_request(
69
+ auth: true,
70
+ path: "/organizations/#{id}",
71
+ )
72
+
73
+ response = execute_request(request: request)
74
+
75
+ WorkOS::Organization.new(response.body)
76
+ end
77
+
78
+ # Create an organization
79
+ #
80
+ # @param [Array<String>] domains List of domains that belong to the
81
+ # organization
82
+ # @param [String] name A unique, descriptive name for the organization
83
+ sig do
84
+ params(
85
+ domains: T::Array[String],
86
+ name: String,
87
+ ).returns(WorkOS::Organization)
88
+ end
89
+ def create_organization(domains:, name:)
90
+ request = post_request(
91
+ auth: true,
92
+ body: { domains: domains, name: name },
93
+ path: '/organizations',
94
+ )
95
+
96
+ response = execute_request(request: request)
97
+ check_and_raise_organization_error(response: response)
98
+
99
+ WorkOS::Organization.new(response.body)
100
+ end
101
+
102
+ # Update an organization
103
+ #
104
+ # @param [String] organization Organization unique identifier
105
+ # @param [Array<String>] domains List of domains that belong to the
106
+ # organization
107
+ # @param [String] name A unique, descriptive name for the organization
108
+ sig do
109
+ params(
110
+ organization: String,
111
+ domains: T::Array[String],
112
+ name: String,
113
+ ).returns(WorkOS::Organization)
114
+ end
115
+ def update_organization(organization:, domains:, name:)
116
+ request = put_request(
117
+ auth: true,
118
+ body: { domains: domains, name: name },
119
+ path: "/organizations/#{organization}",
120
+ )
121
+
122
+ response = execute_request(request: request)
123
+ check_and_raise_organization_error(response: response)
124
+
125
+ WorkOS::Organization.new(response.body)
126
+ end
127
+
128
+ # Delete an Organization
129
+ #
130
+ # @param [String] id Organization unique identifier
131
+ #
132
+ # @example
133
+ # WorkOS::SSO.delete_organization(id: 'org_01EHZNVPK3SFK441A1RGBFSHRT')
134
+ # => true
135
+ #
136
+ # @return [Bool] - returns `true` if successful
137
+ sig { params(id: String).returns(T::Boolean) }
138
+ def delete_organization(id:)
139
+ request = delete_request(
140
+ auth: true,
141
+ path: "/organizations/#{id}",
142
+ )
143
+
144
+ response = execute_request(request: request)
145
+
146
+ response.is_a? Net::HTTPSuccess
147
+ end
148
+
149
+ private
150
+
151
+ sig { params(response: Net::HTTPResponse).void }
152
+ def check_and_raise_organization_error(response:)
153
+ begin
154
+ body = JSON.parse(response.body)
155
+ return unless body['message']
156
+
157
+ message = body['message']
158
+ request_id = response['x-request-id']
159
+ rescue StandardError
160
+ message = 'Something went wrong'
161
+ end
162
+
163
+ raise APIError.new(
164
+ message: message,
165
+ http_status: nil,
166
+ request_id: request_id,
167
+ )
168
+ end
169
+ end
170
+ end
171
+ end
@@ -23,6 +23,10 @@ module WorkOS
23
23
  # received from WorkOS will contain. The state parameter can be used to
24
24
  # encode arbitrary information to help restore application state between
25
25
  # redirects.
26
+ # @option options [String] connection Optional parameter for the ID of a
27
+ # specific connection. This can be used to create a Passwordless Session
28
+ # for a specific connection rather than using the domain from the email
29
+ # to determine the Organization and Connection.
26
30
  # @option options [String] type The type of Passwordless Session to
27
31
  # create. Currently, the only supported value is 'MagicLink'.
28
32
  # @option options [String] redirect_uri The URI where users are directed
data/lib/workos/portal.rb CHANGED
@@ -15,30 +15,6 @@ module WorkOS
15
15
  GENERATE_LINK_INTENTS = WorkOS::Types::Intent.values.map(&:serialize).
16
16
  freeze
17
17
 
18
- # Create an organization
19
- #
20
- # @param [Array<String>] domains List of domains that belong to the
21
- # organization
22
- # @param [String] name A unique, descriptive name for the organization
23
- sig do
24
- params(
25
- domains: T::Array[String],
26
- name: String,
27
- ).returns(WorkOS::Organization)
28
- end
29
- def create_organization(domains:, name:)
30
- request = post_request(
31
- auth: true,
32
- body: { domains: domains, name: name },
33
- path: '/organizations',
34
- )
35
-
36
- response = execute_request(request: request)
37
- check_and_raise_organization_error(response: response)
38
-
39
- WorkOS::Organization.new(response.body)
40
- end
41
-
42
18
  # Generate a link to grant access to an organization's Admin Portal
43
19
  #
44
20
  # @param [String] intent The access scope for the generated Admin Portal
@@ -73,64 +49,8 @@ module WorkOS
73
49
  JSON.parse(response.body)['link']
74
50
  end
75
51
 
76
- # Retrieve a list of organizations that have connections configured
77
- # within your WorkOS dashboard.
78
- #
79
- # @param [Array<String>] domains Filter organizations to only return those
80
- # that are associated with the provided domains.
81
- # @param [String] before A pagination argument used to request
82
- # organizations before the provided Organization ID.
83
- # @param [String] after A pagination argument used to request
84
- # organizations after the provided Organization ID.
85
- # @param [Integer] limit A pagination argument used to limit the number
86
- # of listed Organizations that are returned.
87
- sig do
88
- params(
89
- options: T::Hash[Symbol, String],
90
- ).returns(WorkOS::Types::ListStruct)
91
- end
92
- def list_organizations(options = {})
93
- response = execute_request(
94
- request: get_request(
95
- path: '/organizations',
96
- auth: true,
97
- params: options,
98
- ),
99
- )
100
-
101
- parsed_response = JSON.parse(response.body)
102
-
103
- organizations = parsed_response['data'].map do |organization|
104
- ::WorkOS::Organization.new(organization.to_json)
105
- end
106
-
107
- WorkOS::Types::ListStruct.new(
108
- data: organizations,
109
- list_metadata: parsed_response['listMetadata'],
110
- )
111
- end
112
-
113
52
  private
114
53
 
115
- sig { params(response: Net::HTTPResponse).void }
116
- def check_and_raise_organization_error(response:)
117
- begin
118
- body = JSON.parse(response.body)
119
- return unless body['message']
120
-
121
- message = body['message']
122
- request_id = response['x-request-id']
123
- rescue StandardError
124
- message = 'Something went wrong'
125
- end
126
-
127
- raise APIError.new(
128
- message: message,
129
- http_status: nil,
130
- request_id: request_id,
131
- )
132
- end
133
-
134
54
  sig { params(intent: String).void }
135
55
  def validate_intent(intent)
136
56
  return if GENERATE_LINK_INTENTS.include?(intent)
@@ -48,22 +48,20 @@ module WorkOS
48
48
 
49
49
  private
50
50
 
51
- # rubocop:disable Metrics/AbcSize
52
51
  sig { params(json_string: String).returns(WorkOS::Types::ProfileStruct) }
53
52
  def parse_json(json_string)
54
53
  hash = JSON.parse(json_string, symbolize_names: true)
55
54
 
56
55
  WorkOS::Types::ProfileStruct.new(
57
- id: hash[:profile][:id],
58
- email: hash[:profile][:email],
59
- first_name: hash[:profile][:first_name],
60
- last_name: hash[:profile][:last_name],
61
- connection_id: hash[:profile][:connection_id],
62
- connection_type: hash[:profile][:connection_type],
63
- idp_id: hash[:profile][:idp_id],
64
- raw_attributes: hash[:profile][:raw_attributes],
56
+ id: hash[:id],
57
+ email: hash[:email],
58
+ first_name: hash[:first_name],
59
+ last_name: hash[:last_name],
60
+ connection_id: hash[:connection_id],
61
+ connection_type: hash[:connection_type],
62
+ idp_id: hash[:idp_id],
63
+ raw_attributes: hash[:raw_attributes],
65
64
  )
66
65
  end
67
- # rubocop:enable Metrics/AbcSize
68
66
  end
69
67
  end
@@ -0,0 +1,28 @@
1
+ # frozen_string_literal: true
2
+ # typed: true
3
+
4
+ module WorkOS
5
+ # The ProfileAndToken class represents a Profile and a corresponding
6
+ # Access Token. This class is not meant to be instantiated in user space, and
7
+ # is instantiated internally but exposed.
8
+ class ProfileAndToken
9
+ extend T::Sig
10
+
11
+ attr_accessor :access_token, :profile
12
+
13
+ sig { params(profile_and_token_json: String).void }
14
+ def initialize(profile_and_token_json)
15
+ json = JSON.parse(profile_and_token_json, symbolize_names: true)
16
+
17
+ @access_token = T.let(json[:access_token], String)
18
+ @profile = WorkOS::Profile.new(json[:profile].to_json)
19
+ end
20
+
21
+ def to_json(*)
22
+ {
23
+ access_token: access_token,
24
+ profile: profile.to_json,
25
+ }
26
+ end
27
+ end
28
+ end
data/lib/workos/sso.rb CHANGED
@@ -30,8 +30,6 @@ module WorkOS
30
30
  # WorkOS.
31
31
  # @param [String] client_id The WorkOS client ID for the environment
32
32
  # where you've configured your SSO connection.
33
- # @param [String] project_id The WorkOS project ID for the project.
34
- # The project_id is deprecated in Dashboard2.
35
33
  # @param [String] redirect_uri The URI where users are directed
36
34
  # after completing the authentication step. Must match a
37
35
  # configured redirect URI on your WorkOS dashboard.
@@ -56,7 +54,6 @@ module WorkOS
56
54
  sig do
57
55
  params(
58
56
  redirect_uri: String,
59
- project_id: T.nilable(String),
60
57
  client_id: T.nilable(String),
61
58
  domain: T.nilable(String),
62
59
  provider: T.nilable(String),
@@ -64,22 +61,14 @@ module WorkOS
64
61
  state: T.nilable(String),
65
62
  ).returns(String)
66
63
  end
67
- # rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
68
64
  def authorization_url(
69
65
  redirect_uri:,
70
- project_id: nil,
71
66
  client_id: nil,
72
67
  domain: nil,
73
68
  provider: nil,
74
69
  connection: nil,
75
70
  state: ''
76
71
  )
77
- if project_id
78
- warn '[DEPRECATION] `project_id` is deprecated.
79
- Please use `client_id` instead.'
80
- client_id = project_id
81
- end
82
-
83
72
  validate_authorization_url_arguments(
84
73
  provider: provider,
85
74
  domain: domain,
@@ -98,46 +87,38 @@ module WorkOS
98
87
 
99
88
  "https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
100
89
  end
101
- # rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
90
+
91
+ sig do
92
+ params(
93
+ access_token: String,
94
+ ).returns(WorkOS::Profile)
95
+ end
96
+ def get_profile(access_token:)
97
+ response = execute_request(
98
+ request: get_request(
99
+ path: '/sso/profile',
100
+ auth: true,
101
+ access_token: access_token,
102
+ ),
103
+ )
104
+
105
+ WorkOS::Profile.new(response.body)
106
+ end
102
107
 
103
108
  # Fetch the profile details for the authenticated SSO user.
104
109
  #
105
110
  # @param [String] code The authorization code provided in the callback URL
106
111
  # @param [String] client_id The WorkOS client ID for the environment
107
- # where you've configured your SSO connection
108
- # @param [String] project_id The WorkOS project ID for the project.
109
- # The project_id is deprecated in Dashboard2.
112
+ # where you've configured your SSO connection
110
113
  #
111
- # @example
112
- # WorkOS::SSO.profile(
113
- # code: 'acme.com',
114
- # client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ'
115
- # )
116
- # => #<WorkOS::Profile:0x00007fb6e4193d20
117
- # @id="prof_01DRA1XNSJDZ19A31F183ECQW5",
118
- # @email="demo@workos-okta.com",
119
- # @first_name="WorkOS",
120
- # @connection_type="OktaSAML",
121
- # @last_name="Demo",
122
- # @idp_id="00u1klkowm8EGah2H357",
123
- # @access_token="01DVX6QBS3EG6FHY2ESAA5Q65X"
124
- # >
125
- #
126
- # @return [WorkOS::Profile]
114
+ # @return [WorkOS::ProfileAndToken]
127
115
  sig do
128
116
  params(
129
117
  code: String,
130
- project_id: T.nilable(String),
131
118
  client_id: T.nilable(String),
132
- ).returns(WorkOS::Profile)
119
+ ).returns(WorkOS::ProfileAndToken)
133
120
  end
134
- def profile(code:, project_id: nil, client_id: nil)
135
- if project_id
136
- warn '[DEPRECATION] `project_id` is deprecated.
137
- Please use `client_id` instead.'
138
- client_id = project_id
139
- end
140
-
121
+ def profile_and_token(code:, client_id: nil)
141
122
  body = {
142
123
  client_id: client_id,
143
124
  client_secret: WorkOS.key!,
@@ -146,65 +127,9 @@ module WorkOS
146
127
  }
147
128
 
148
129
  response = client.request(post_request(path: '/sso/token', body: body))
149
- check_and_raise_profile_error(response: response)
130
+ check_and_raise_profile_and_token_error(response: response)
150
131
 
151
- WorkOS::Profile.new(response.body)
152
- end
153
-
154
- # Promote a DraftConnection created via the WorkOS.js embed such that the
155
- # Enterprise users can begin signing into your application.
156
- #
157
- # @param [String] token The Draft Connection token that's been provided to
158
- # you by the WorkOS.js
159
- #
160
- # @example
161
- # WorkOS::SSO.promote_draft_connection(
162
- # token: 'draft_conn_429u59js',
163
- # )
164
- # => true
165
- #
166
- # @return [Bool] - returns `true` if successful, `false` otherwise.
167
- # @see https://github.com/workos-inc/ruby-idp-link-example
168
- sig { params(token: String).returns(T::Boolean) }
169
- def promote_draft_connection(token:)
170
- request = post_request(
171
- auth: true,
172
- path: "/draft_connections/#{token}/activate",
173
- )
174
-
175
- response = client.request(request)
176
-
177
- response.is_a? Net::HTTPSuccess
178
- end
179
-
180
- # Create a Connection
181
- #
182
- # @param [String] source The Draft Connection token that's been provided
183
- # to you by WorkOS.js
184
- #
185
- # @example
186
- # WorkOS::SSO.create_connection(source: 'draft_conn_429u59js')
187
- # => #<WorkOS::Connection:0x00007fb6e4193d20
188
- # @id="conn_02DRA1XNSJDZ19A31F183ECQW9",
189
- # @name="Foo Corp",
190
- # @connection_type="OktaSAML",
191
- # @domains=
192
- # [{:object=>"connection_domain",
193
- # :id=>"domain_01E6PK9N3XMD8RHWF7S66380AR",
194
- # :domain=>"example.com"}]>
195
- #
196
- # @return [WorkOS::Connection]
197
- sig { params(source: String).returns(WorkOS::Connection) }
198
- def create_connection(source:)
199
- request = post_request(
200
- auth: true,
201
- path: '/connections',
202
- body: { source: source },
203
- )
204
-
205
- response = execute_request(request: request)
206
-
207
- WorkOS::Connection.new(response.body)
132
+ WorkOS::ProfileAndToken.new(response.body)
208
133
  end
209
134
 
210
135
  # Retrieve connections.
@@ -323,10 +248,10 @@ module WorkOS
323
248
  end
324
249
 
325
250
  sig { params(response: Net::HTTPResponse).void }
326
- def check_and_raise_profile_error(response:)
251
+ def check_and_raise_profile_and_token_error(response:)
327
252
  begin
328
253
  body = JSON.parse(response.body)
329
- return if body['profile']
254
+ return if body['access_token'] && body['profile']
330
255
 
331
256
  message = body['message']
332
257
  request_id = response['x-request-id']