workos 0.7.0 → 0.9.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +5 -0
- data/Gemfile.lock +2 -2
- data/README.md +108 -44
- data/lib/workos.rb +1 -0
- data/lib/workos/audit_trail.rb +1 -0
- data/lib/workos/connection.rb +0 -2
- data/lib/workos/organization.rb +0 -2
- data/lib/workos/passwordless.rb +3 -0
- data/lib/workos/portal.rb +5 -1
- data/lib/workos/profile.rb +8 -6
- data/lib/workos/types/profile_struct.rb +1 -0
- data/lib/workos/version.rb +1 -1
- data/spec/lib/workos/passwordless_spec.rb +1 -0
- data/spec/lib/workos/sso_spec.rb +1 -0
- data/spec/support/profile.txt +1 -1
- metadata +4 -4
- data/CODEOWNERS +0 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f72ed378ff8e20a866b38dae789600e327a166d8278cff389a7f6475f4846404
|
4
|
+
data.tar.gz: 55f0f218dc1d01745bff80b142ea13a96dd016a228cbd492483d15e6a84d77a2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5c291aa09e469c0ed3d39ed421f3ea1061b6d45edcdbc6dab6525ea01b5568063818ea5bcfc16e54a76286afe427380710da4d51300f087fded2932138c24648
|
7
|
+
data.tar.gz: 9b3d79b06bdb13aba050c3bf4ed11c6970f5ccffcc5fe14c6fcceb70ea0bcd98860f7d228fa04333df0b38045f5b407fccad2d7ab139f9f2f39a10611a602ef1
|
data/.github/CODEOWNERS
ADDED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
workos (0.
|
4
|
+
workos (0.9.2)
|
5
5
|
sorbet-runtime (~> 0.5)
|
6
6
|
|
7
7
|
GEM
|
@@ -54,7 +54,7 @@ GEM
|
|
54
54
|
simplecov-html (0.12.2)
|
55
55
|
sorbet (0.5.5560)
|
56
56
|
sorbet-static (= 0.5.5560)
|
57
|
-
sorbet-runtime (0.5.
|
57
|
+
sorbet-runtime (0.5.6140)
|
58
58
|
sorbet-static (0.5.5560-universal-darwin-14)
|
59
59
|
unicode-display_width (1.6.0)
|
60
60
|
vcr (5.0.0)
|
data/README.md
CHANGED
@@ -42,50 +42,9 @@ Alternatively, you may set the key yourself, such as in an initializer in your a
|
|
42
42
|
WorkOS.key = '[your api key]'
|
43
43
|
```
|
44
44
|
|
45
|
-
## The Audit Trail Module
|
46
|
-
|
47
|
-
The Audit Trail Module provides methods for creating Audit Trail events on
|
48
|
-
WorkOS.
|
49
|
-
|
50
|
-
See our [Audit Trail
|
51
|
-
Overview](https://docs.workos.com/audit-trail/overview) for
|
52
|
-
more information.
|
53
|
-
|
54
|
-
```ruby
|
55
|
-
payload = {
|
56
|
-
group: 'Foo Corp',
|
57
|
-
location: '127.0.0.1',
|
58
|
-
action: 'user.created',
|
59
|
-
action_type: 'C',
|
60
|
-
actor_name: 'Foo',
|
61
|
-
actor_id: 'user_12345',
|
62
|
-
target_name: 'Bar',
|
63
|
-
target_id: 'user_67890',
|
64
|
-
occurred_at: '2020-01-10T15:30:00-05:00',
|
65
|
-
metadata: {
|
66
|
-
source: 'Email',
|
67
|
-
}
|
68
|
-
}
|
69
|
-
|
70
|
-
WorkOS::AuditTrail.create_event(event: payload)
|
71
|
-
```
|
72
|
-
|
73
|
-
### Idempotency
|
74
|
-
|
75
|
-
To perform an idempotent request, provide an additional idempotency_key
|
76
|
-
parameter to the `create_event` options.
|
77
|
-
|
78
|
-
```ruby
|
79
|
-
WorkOS::AuditTrail.create_event(event: payload, idempotency_key: 'key123456')
|
80
|
-
```
|
81
|
-
|
82
|
-
See our [API
|
83
|
-
Reference](https://docs.workos.com/audit-trail/api-reference#idempotency)
|
84
|
-
for more information on idempotency keys.
|
85
|
-
|
86
45
|
## The SSO Module
|
87
46
|
|
88
|
-
The SSO Module provides
|
47
|
+
The SSO Module provides convenient methods for authenticating a Single Sign On (SSO) user via WorkOS. WorkOS SSO follows the OAuth 2.0 specification.
|
89
48
|
|
90
49
|
First, you'll direct your SSO users to an `authorization_url`. They will sign in to their SSO account with their Identity Provider, and be redirected to a
|
91
50
|
callback URL that you set in your WorkOS Dashboard. The user will be redirected with a `code` URL parameter, which you can then exchange for a WorkOS::Profile
|
@@ -137,7 +96,7 @@ the user to your callback URL with a `code` parameter. You'll use `WorkOS::SSO.p
|
|
137
96
|
code for a `WorkOS::Profile`.
|
138
97
|
|
139
98
|
```ruby
|
140
|
-
WorkOS::SSO.profile(code:, project_id:)
|
99
|
+
WorkOS::SSO.profile(code:, project_id:)
|
141
100
|
```
|
142
101
|
|
143
102
|
> Fetch a WorkOS::Profile for an authorized user.
|
@@ -154,6 +113,7 @@ This method will return an instance of a `WorkOS::Profile` with the following at
|
|
154
113
|
@id="prof_01DRA1XNSJDZ19A31F183ECQW5",
|
155
114
|
@email="demo@workos-okta.com",
|
156
115
|
@first_name="WorkOS",
|
116
|
+
@connection_id="conn_01EMH8WAK20T42N2NBMNBCYHAG",
|
157
117
|
@connection_type="OktaSAML",
|
158
118
|
@last_name="Demo",
|
159
119
|
@idp_id="00u1klkowm8EGah2H357",
|
@@ -167,7 +127,7 @@ This method will return an instance of a `WorkOS::Profile` with the following at
|
|
167
127
|
>
|
168
128
|
```
|
169
129
|
|
170
|
-
Our
|
130
|
+
Our Sinatra app can be extended to use this method:
|
171
131
|
|
172
132
|
```ruby
|
173
133
|
DOMAIN = 'example.com'
|
@@ -197,3 +157,107 @@ end
|
|
197
157
|
```
|
198
158
|
|
199
159
|
Given the `WorkOS::Profile`, you can now sign the user in according to your own authentication setup.
|
160
|
+
|
161
|
+
## The Magic Link Module
|
162
|
+
|
163
|
+
The Magic Link Module provides methods for authenticating a Passwordless user via WorkOS.
|
164
|
+
|
165
|
+
First, you'll create a Passwordless Session for a Magic Link connection.
|
166
|
+
Then, using the session ID, you'll email a user the Magic Link confirmation URL.
|
167
|
+
The user can then click on that link to be authenticated to your application.
|
168
|
+
|
169
|
+
> Create a Passwordless Session for a Magic Link Connection.
|
170
|
+
|
171
|
+
`WorkOS::Passwordless.create_session` accepts four arguments:
|
172
|
+
|
173
|
+
- `email` (string) - the email of the user to authenticate.
|
174
|
+
- `type` (string) - The type of Passwordless Session to create. Currently, the only supported value is `MagicLink`.
|
175
|
+
- `state` (optional, string) - Optional parameter that a Developer can choose to include in their authorization URL. If included, then the redirect URI received from WorkOS will contain the exact `state` that was passed in the authorization URL.
|
176
|
+
- `redirect_uri` (string) - a callback URL where your application redirects the user-agent after an authorization code is granted (ex. `workos.dev/callback`). This must match one of your configured callback URLs for the associated project on your WorkOS dashboard.
|
177
|
+
|
178
|
+
This method will return a Passwordless Session object, containing the following attributes:
|
179
|
+
|
180
|
+
- `id` (string) - the unique ID of the session.
|
181
|
+
- `email` (string) - the email address of the user for the session.
|
182
|
+
- `expires_at` (date) - the ISO-8601 datetime at which the session expires.
|
183
|
+
- `link` (string) - the link for the user to authenticate with. You can use this link to send a custom email to the user, or send an email using the `WorkOS::Passwordless.send_session` method, described below.
|
184
|
+
|
185
|
+
> Email a user the Magic Link confirmation URL.
|
186
|
+
|
187
|
+
`WorkOS::Passwordless.send_session` accepts one argument:
|
188
|
+
|
189
|
+
- `id` (string) - the unique identifier of the Passwordless Session to send an email for.
|
190
|
+
|
191
|
+
This method will return a boolean confirming the Magic Link was sent.
|
192
|
+
|
193
|
+
> Example with Sinatra application
|
194
|
+
|
195
|
+
Our Sinatra app can be altered to use Magic Link:
|
196
|
+
|
197
|
+
```ruby
|
198
|
+
PROJECT_ID = '{projectId}'
|
199
|
+
REDIRECT_URI = 'http://localhost:4567/callback'
|
200
|
+
|
201
|
+
post '/passwordless-auth' do
|
202
|
+
session = WorkOS::Passwordless.create_session(
|
203
|
+
email: params[:email],
|
204
|
+
type: 'MagicLink',
|
205
|
+
redirect_uri: REDIRECT_URI
|
206
|
+
)
|
207
|
+
WorkOS::Passwordless.send_session(session.id)
|
208
|
+
|
209
|
+
redirect '/check-email'
|
210
|
+
end
|
211
|
+
|
212
|
+
get '/callback' do
|
213
|
+
profile = WorkOS::SSO.profile(
|
214
|
+
code: params['code'],
|
215
|
+
project_id: PROJECT_ID,
|
216
|
+
)
|
217
|
+
|
218
|
+
session[:user] = profile.to_json
|
219
|
+
|
220
|
+
redirect '/'
|
221
|
+
end
|
222
|
+
```
|
223
|
+
|
224
|
+
## The Audit Trail Module
|
225
|
+
|
226
|
+
The Audit Trail Module provides methods for creating Audit Trail events on
|
227
|
+
WorkOS.
|
228
|
+
|
229
|
+
See our [Audit Trail
|
230
|
+
Overview](https://docs.workos.com/audit-trail/overview) for
|
231
|
+
more information.
|
232
|
+
|
233
|
+
```ruby
|
234
|
+
payload = {
|
235
|
+
group: 'Foo Corp',
|
236
|
+
location: '127.0.0.1',
|
237
|
+
action: 'user.created',
|
238
|
+
action_type: 'C',
|
239
|
+
actor_name: 'Foo',
|
240
|
+
actor_id: 'user_12345',
|
241
|
+
target_name: 'Bar',
|
242
|
+
target_id: 'user_67890',
|
243
|
+
occurred_at: '2020-01-10T15:30:00-05:00',
|
244
|
+
metadata: {
|
245
|
+
source: 'Email',
|
246
|
+
}
|
247
|
+
}
|
248
|
+
|
249
|
+
WorkOS::AuditTrail.create_event(event: payload)
|
250
|
+
```
|
251
|
+
|
252
|
+
### Idempotency
|
253
|
+
|
254
|
+
To perform an idempotent request, provide an additional idempotency_key
|
255
|
+
parameter to the `create_event` options.
|
256
|
+
|
257
|
+
```ruby
|
258
|
+
WorkOS::AuditTrail.create_event(event: payload, idempotency_key: 'key123456')
|
259
|
+
```
|
260
|
+
|
261
|
+
See our [API
|
262
|
+
Reference](https://docs.workos.com/audit-trail/api-reference#idempotency)
|
263
|
+
for more information on idempotency keys.
|
data/lib/workos.rb
CHANGED
data/lib/workos/audit_trail.rb
CHANGED
data/lib/workos/connection.rb
CHANGED
data/lib/workos/organization.rb
CHANGED
data/lib/workos/passwordless.rb
CHANGED
@@ -25,6 +25,9 @@ module WorkOS
|
|
25
25
|
# redirects.
|
26
26
|
# @option options [String] type The type of Passwordless Session to
|
27
27
|
# create. Currently, the only supported value is 'MagicLink'.
|
28
|
+
# @option options [String] redirect_uri The URI where users are directed
|
29
|
+
# after completing the authentication step. Must match a
|
30
|
+
# configured redirect URI on your WorkOS dashboard.
|
28
31
|
#
|
29
32
|
# @return Hash
|
30
33
|
sig do
|
data/lib/workos/portal.rb
CHANGED
@@ -103,8 +103,12 @@ module WorkOS
|
|
103
103
|
|
104
104
|
parsed_response = JSON.parse(response.body)
|
105
105
|
|
106
|
+
organizations = parsed_response['data'].map do |organization|
|
107
|
+
::WorkOS::Organization.new(organization.to_json)
|
108
|
+
end
|
109
|
+
|
106
110
|
WorkOS::Types::ListStruct.new(
|
107
|
-
data:
|
111
|
+
data: organizations,
|
108
112
|
list_metadata: parsed_response['listMetadata'],
|
109
113
|
)
|
110
114
|
end
|
data/lib/workos/profile.rb
CHANGED
@@ -1,8 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
# typed: true
|
3
3
|
|
4
|
-
require 'json'
|
5
|
-
|
6
4
|
module WorkOS
|
7
5
|
# The Profile class provides a lighweight wrapper around
|
8
6
|
# a normalized response from the various IDPs WorkOS
|
@@ -13,9 +11,9 @@ module WorkOS
|
|
13
11
|
extend T::Sig
|
14
12
|
|
15
13
|
sig { returns(String) }
|
16
|
-
attr_accessor :id, :email, :first_name, :last_name,
|
14
|
+
attr_accessor :id, :email, :first_name, :last_name, :connection_id,
|
17
15
|
:connection_type, :idp_id, :raw_attributes
|
18
|
-
|
16
|
+
# rubocop:disable Metrics/AbcSize
|
19
17
|
sig { params(profile_json: String).void }
|
20
18
|
def initialize(profile_json)
|
21
19
|
raw = parse_json(profile_json)
|
@@ -24,10 +22,12 @@ module WorkOS
|
|
24
22
|
@email = T.let(raw.email, String)
|
25
23
|
@first_name = raw.first_name
|
26
24
|
@last_name = raw.last_name
|
25
|
+
@connection_id = T.let(raw.connection_id, String)
|
27
26
|
@connection_type = T.let(raw.connection_type, String)
|
28
27
|
@idp_id = raw.idp_id
|
29
28
|
@raw_attributes = raw.raw_attributes
|
30
29
|
end
|
30
|
+
# rubocop:enable Metrics/AbcSize
|
31
31
|
|
32
32
|
sig { returns(String) }
|
33
33
|
def full_name
|
@@ -40,6 +40,7 @@ module WorkOS
|
|
40
40
|
email: email,
|
41
41
|
first_name: first_name,
|
42
42
|
last_name: last_name,
|
43
|
+
connection_id: connection_id,
|
43
44
|
connection_type: connection_type,
|
44
45
|
idp_id: idp_id,
|
45
46
|
raw_attributes: raw_attributes,
|
@@ -48,7 +49,7 @@ module WorkOS
|
|
48
49
|
|
49
50
|
private
|
50
51
|
|
51
|
-
# rubocop:disable Metrics/AbcSize
|
52
|
+
# rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
52
53
|
sig { params(json_string: String).returns(WorkOS::Types::ProfileStruct) }
|
53
54
|
def parse_json(json_string)
|
54
55
|
hash = JSON.parse(json_string, symbolize_names: true)
|
@@ -58,11 +59,12 @@ module WorkOS
|
|
58
59
|
email: hash[:profile][:email],
|
59
60
|
first_name: hash[:profile][:first_name],
|
60
61
|
last_name: hash[:profile][:last_name],
|
62
|
+
connection_id: hash[:profile][:connection_id],
|
61
63
|
connection_type: hash[:profile][:connection_type],
|
62
64
|
idp_id: hash[:profile][:idp_id],
|
63
65
|
raw_attributes: hash[:profile][:raw_attributes],
|
64
66
|
)
|
65
67
|
end
|
66
|
-
# rubocop:enable Metrics/AbcSize
|
68
|
+
# rubocop:enable Metrics/AbcSize, Metrics/MethodLength
|
67
69
|
end
|
68
70
|
end
|
@@ -10,6 +10,7 @@ module WorkOS
|
|
10
10
|
const :email, String
|
11
11
|
const :first_name, T.nilable(String)
|
12
12
|
const :last_name, T.nilable(String)
|
13
|
+
const :connection_id, String
|
13
14
|
const :connection_type, String
|
14
15
|
const :idp_id, T.nilable(String)
|
15
16
|
const :raw_attributes, T::Hash[Symbol, Object]
|
data/lib/workos/version.rb
CHANGED
data/spec/lib/workos/sso_spec.rb
CHANGED
data/spec/support/profile.txt
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"profile":{"object":"profile","id":"prof_01DRA1XNSJDZ19A31F183ECQW5","email":"demo@workos-okta.com","first_name":"WorkOS","connection_type":"OktaSAML","last_name":"Demo","idp_id":"00u1klkowm8EGah2H357","raw_attributes":{"id":"prof_01DRA1XNSJDZ19A31F183ECQW5","email":"demo@workos-okta.com","first_name":"WorkOS","last_name":"Demo","idp_id":"00u1klkowm8EGah2H357"}},"access_token":"01DVX6QBS3EG6FHY2ESAA5Q65X"}
|
1
|
+
{"profile":{"object":"profile","id":"prof_01DRA1XNSJDZ19A31F183ECQW5","email":"demo@workos-okta.com","first_name":"WorkOS","connection_id":"conn_01EMH8WAK20T42N2NBMNBCYHAG","connection_type":"OktaSAML","last_name":"Demo","idp_id":"00u1klkowm8EGah2H357","raw_attributes":{"id":"prof_01DRA1XNSJDZ19A31F183ECQW5","email":"demo@workos-okta.com","first_name":"WorkOS","last_name":"Demo","idp_id":"00u1klkowm8EGah2H357"}},"access_token":"01DVX6QBS3EG6FHY2ESAA5Q65X"}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: workos
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WorkOS
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09
|
11
|
+
date: 2020-12-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sorbet-runtime
|
@@ -161,6 +161,7 @@ executables:
|
|
161
161
|
extensions: []
|
162
162
|
extra_rdoc_files: []
|
163
163
|
files:
|
164
|
+
- ".github/CODEOWNERS"
|
164
165
|
- ".github/renovate.json"
|
165
166
|
- ".gitignore"
|
166
167
|
- ".rspec"
|
@@ -168,7 +169,6 @@ files:
|
|
168
169
|
- ".ruby-version"
|
169
170
|
- ".semaphore/rubygems.yml"
|
170
171
|
- ".semaphore/semaphore.yml"
|
171
|
-
- CODEOWNERS
|
172
172
|
- Gemfile
|
173
173
|
- Gemfile.lock
|
174
174
|
- LICENSE
|
@@ -293,7 +293,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
293
293
|
- !ruby/object:Gem::Version
|
294
294
|
version: '0'
|
295
295
|
requirements: []
|
296
|
-
rubygems_version: 3.1.
|
296
|
+
rubygems_version: 3.1.5
|
297
297
|
signing_key:
|
298
298
|
specification_version: 4
|
299
299
|
summary: API client for WorkOS
|
data/CODEOWNERS
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
@marktran
|