workos 0.9.1 → 0.10.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +5 -1
- data/Gemfile.lock +2 -2
- data/README.md +15 -15
- data/docs/WorkOS/SSO.html +235 -235
- data/docs/file.README.html +20 -20
- data/lib/workos.rb +1 -0
- data/lib/workos/audit_trail.rb +1 -0
- data/lib/workos/client.rb +22 -1
- data/lib/workos/connection.rb +0 -2
- data/lib/workos/organization.rb +0 -2
- data/lib/workos/passwordless.rb +0 -2
- data/lib/workos/portal.rb +1 -7
- data/lib/workos/profile.rb +2 -4
- data/lib/workos/sso.rb +142 -17
- data/lib/workos/types/intent_enum.rb +1 -0
- data/lib/workos/version.rb +1 -1
- data/spec/lib/workos/audit_trail_spec.rb +0 -8
- data/spec/lib/workos/directory_sync_spec.rb +0 -8
- data/spec/lib/workos/passwordless_spec.rb +0 -8
- data/spec/lib/workos/portal_spec.rb +18 -11
- data/spec/lib/workos/sso_spec.rb +224 -29
- data/spec/spec_helper.rb +1 -0
- data/spec/support/fixtures/vcr_cassettes/audit_trail/get_events.yml +2 -2
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories_with_domain_param.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/portal/generate_link_dsync.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/portal/{generate_link.yml → generate_link_sso.yml} +1 -1
- data/spec/support/fixtures/vcr_cassettes/sso/delete_connection_with_invalid_id.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/delete_connection_with_valid_id.yml +70 -0
- data/spec/support/fixtures/vcr_cassettes/sso/get_connection_with_invalid_id.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/get_connection_with_valid_id.yml +74 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_after_param.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_before_param.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_connection_type_param.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_domain_param.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_limit_param.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_organization_id_param.yml +72 -0
- metadata +29 -5
data/docs/file.README.html
CHANGED
@@ -5,9 +5,9 @@
|
|
5
5
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
6
6
|
<title>
|
7
7
|
File: README
|
8
|
-
|
8
|
+
|
9
9
|
— Documentation by YARD 0.9.22
|
10
|
-
|
10
|
+
|
11
11
|
</title>
|
12
12
|
|
13
13
|
<link rel="stylesheet" href="css/style.css" type="text/css" />
|
@@ -35,14 +35,14 @@
|
|
35
35
|
<div id="main" tabindex="-1">
|
36
36
|
<div id="header">
|
37
37
|
<div id="menu">
|
38
|
-
|
39
|
-
<a href="_index.html">Index</a> »
|
38
|
+
|
39
|
+
<a href="_index.html">Index</a> »
|
40
40
|
<span class="title">File: README</span>
|
41
|
-
|
41
|
+
|
42
42
|
</div>
|
43
43
|
|
44
44
|
<div id="search">
|
45
|
-
|
45
|
+
|
46
46
|
<a class="full_list_link" id="class_list_link"
|
47
47
|
href="class_list.html">
|
48
48
|
|
@@ -52,7 +52,7 @@
|
|
52
52
|
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
|
53
53
|
</svg>
|
54
54
|
</a>
|
55
|
-
|
55
|
+
|
56
56
|
</div>
|
57
57
|
<div class="clear"></div>
|
58
58
|
</div>
|
@@ -139,7 +139,7 @@
|
|
139
139
|
|
140
140
|
<p>See our Ruby SSO example app for a <a href="https://github.com/workos-inc/ruby-sso-example">complete example</a>.</p>
|
141
141
|
|
142
|
-
<pre class="code ruby"><code class="ruby">WorkOS::SSO.authorization_url(domain:,
|
142
|
+
<pre class="code ruby"><code class="ruby">WorkOS::SSO.authorization_url(domain:, client_id:, redirect_uri:, state: {})
|
143
143
|
</code></pre>
|
144
144
|
|
145
145
|
<blockquote>
|
@@ -150,27 +150,27 @@
|
|
150
150
|
<ul><li>
|
151
151
|
<p><code>domain</code> (string) — the authenticating user's company domain, without protocol (ex. <code>example.com</code>)</p>
|
152
152
|
</li><li>
|
153
|
-
<p><code>
|
153
|
+
<p><code>client_id</code> (string) — your application's WorkOS <a href="https://dashboard.workos.com/sso/configuration">Client ID</a> (ex. <code>project_01JG3BCPTRTSTTWQR4VSHXGWCQ</code>)</p>
|
154
154
|
</li><li>
|
155
155
|
<p><code>state</code> (optional, hash) — an optional hash used to manage state across authorization transactions (ex. <code>{ next_page: '/docs'}</code>)</p>
|
156
156
|
</li><li>
|
157
|
-
<p><code>redirect_uri</code> (string) — a callback URL where your application redirects the user-agent after an authorization code is granted (ex. <code>workos.dev/callback</code>). This must match one of your configured callback URLs for the associated
|
157
|
+
<p><code>redirect_uri</code> (string) — a callback URL where your application redirects the user-agent after an authorization code is granted (ex. <code>workos.dev/callback</code>). This must match one of your configured callback URLs for the associated environment on your WorkOS dashboard.</p>
|
158
158
|
</li></ul>
|
159
159
|
|
160
160
|
<p>This method will return an OAuth2 query string of the form:</p>
|
161
161
|
|
162
|
-
<p><code>https://${domain}/sso/authorize?response_type=code&client_id=${
|
162
|
+
<p><code>https://${domain}/sso/authorize?response_type=code&client_id=${clientID}&redirect_uri=${redirectURI}&state=${state}</code></p>
|
163
163
|
|
164
164
|
<p>For example, when used in a <a href="http://sinatrarb.com/">Sinatra app</a>:</p>
|
165
165
|
|
166
166
|
<pre class="code ruby"><code class="ruby"><span class='const'>DOMAIN</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>example.com</span><span class='tstring_end'>'</span></span>
|
167
|
-
<span class='const'>
|
167
|
+
<span class='const'>CLIENT_ID</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>{clientId}</span><span class='tstring_end'>'</span></span>
|
168
168
|
<span class='const'>REDIRECT_URI</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>http://localhost:4567/callback</span><span class='tstring_end'>'</span></span>
|
169
169
|
|
170
170
|
<span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>/auth</span><span class='tstring_end'>'</span></span> <span class='kw'>do</span>
|
171
171
|
<span class='id identifier rubyid_authorization_url'>authorization_url</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_authorization_url'><span class='object_link'><a href="WorkOS/SSO.html#authorization_url-class_method" title="WorkOS::SSO.authorization_url (method)">authorization_url</a></span></span><span class='lparen'>(</span>
|
172
172
|
<span class='label'>domain:</span> <span class='const'>DOMAIN</span><span class='comma'>,</span>
|
173
|
-
<span class='label'>
|
173
|
+
<span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
|
174
174
|
<span class='label'>redirect_uri:</span> <span class='const'>REDIRECT_URI</span><span class='comma'>,</span>
|
175
175
|
<span class='rparen'>)</span>
|
176
176
|
|
@@ -180,11 +180,11 @@
|
|
180
180
|
|
181
181
|
<p>The user would be redirected to:</p>
|
182
182
|
|
183
|
-
<p><code>https://api.workos.com/sso/authorize?response_type=code&client_id={
|
183
|
+
<p><code>https://api.workos.com/sso/authorize?response_type=code&client_id={clientID}&redirect_uri=http://localhost:4567/callback</code></p>
|
184
184
|
|
185
185
|
<p>WorkOS takes over from here, sending the user to authenticate with their IDP, and on successful login, returns the user to your callback URL with a <code>code</code> parameter. You'll use <code>WorkOS::SSO.profile</code> to exchange the code for a <code>WorkOS::Profile</code>.</p>
|
186
186
|
|
187
|
-
<pre class="code ruby"><code class="ruby">WorkOS::SSO.profile(code:,
|
187
|
+
<pre class="code ruby"><code class="ruby">WorkOS::SSO.profile(code:, client_id:)</h4>
|
188
188
|
</code></pre>
|
189
189
|
|
190
190
|
<blockquote>
|
@@ -195,7 +195,7 @@
|
|
195
195
|
<ul><li>
|
196
196
|
<p><code>code</code> (string) — an opaque string provided by the authorization server; will be exchanged for an Access Token when the user's profile is sent</p>
|
197
197
|
</li><li>
|
198
|
-
<p><code>
|
198
|
+
<p><code>client_id</code> (string) — your application's WorkOS <a href="https://dashboard.workos.com/sso/configuration">Client ID</a> (ex. <code>project_01JG3BCPTRTSTTWQR4VSHXGWCQ</code>)</p>
|
199
199
|
</li></ul>
|
200
200
|
|
201
201
|
<p>This method will return an instance of a <code>WorkOS::Profile</code> with the following attributes:</p>
|
@@ -213,13 +213,13 @@
|
|
213
213
|
<p>Our Sintatra app can be extended to use this method:</p>
|
214
214
|
|
215
215
|
<pre class="code ruby"><code class="ruby"><span class='const'>DOMAIN</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>example.com</span><span class='tstring_end'>'</span></span>
|
216
|
-
<span class='const'>
|
216
|
+
<span class='const'>CLIENT_ID</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>{clientId}</span><span class='tstring_end'>'</span></span>
|
217
217
|
<span class='const'>REDIRECT_URI</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>http://localhost:4567/callback</span><span class='tstring_end'>'</span></span>
|
218
218
|
|
219
219
|
<span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>/auth</span><span class='tstring_end'>'</span></span> <span class='kw'>do</span>
|
220
220
|
<span class='id identifier rubyid_authorization_url'>authorization_url</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_authorization_url'><span class='object_link'><a href="WorkOS/SSO.html#authorization_url-class_method" title="WorkOS::SSO.authorization_url (method)">authorization_url</a></span></span><span class='lparen'>(</span>
|
221
221
|
<span class='label'>domain:</span> <span class='const'>DOMAIN</span><span class='comma'>,</span>
|
222
|
-
<span class='label'>
|
222
|
+
<span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
|
223
223
|
<span class='label'>redirect_uri:</span> <span class='const'>REDIRECT_URI</span><span class='comma'>,</span>
|
224
224
|
<span class='rparen'>)</span>
|
225
225
|
|
@@ -229,7 +229,7 @@
|
|
229
229
|
<span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>/callback</span><span class='tstring_end'>'</span></span> <span class='kw'>do</span>
|
230
230
|
<span class='id identifier rubyid_profile'>profile</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_profile'><span class='object_link'><a href="WorkOS/SSO.html#profile-class_method" title="WorkOS::SSO.profile (method)">profile</a></span></span><span class='lparen'>(</span>
|
231
231
|
<span class='label'>code:</span> <span class='id identifier rubyid_params'>params</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>code</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
232
|
-
<span class='label'>
|
232
|
+
<span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
|
233
233
|
<span class='rparen'>)</span>
|
234
234
|
|
235
235
|
<span class='id identifier rubyid_session'>session</span><span class='lbracket'>[</span><span class='symbol'>:user</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_to_json'>to_json</span>
|
@@ -249,4 +249,4 @@
|
|
249
249
|
|
250
250
|
</div>
|
251
251
|
</body>
|
252
|
-
</html>
|
252
|
+
</html>
|
data/lib/workos.rb
CHANGED
data/lib/workos/audit_trail.rb
CHANGED
data/lib/workos/client.rb
CHANGED
@@ -19,7 +19,7 @@ module WorkOS
|
|
19
19
|
|
20
20
|
sig do
|
21
21
|
params(
|
22
|
-
request: T.any(Net::HTTP::Get, Net::HTTP::Post),
|
22
|
+
request: T.any(Net::HTTP::Get, Net::HTTP::Post, Net::HTTP::Delete),
|
23
23
|
).returns(::T.untyped)
|
24
24
|
end
|
25
25
|
def execute_request(request:)
|
@@ -69,6 +69,27 @@ module WorkOS
|
|
69
69
|
request
|
70
70
|
end
|
71
71
|
|
72
|
+
sig do
|
73
|
+
params(
|
74
|
+
path: String,
|
75
|
+
auth: T.nilable(T::Boolean),
|
76
|
+
params: T.nilable(Hash),
|
77
|
+
).returns(Net::HTTP::Delete)
|
78
|
+
end
|
79
|
+
def delete_request(path:, auth: false, params: {})
|
80
|
+
uri = URI(path)
|
81
|
+
uri.query = URI.encode_www_form(params) if params
|
82
|
+
|
83
|
+
request = Net::HTTP::Delete.new(
|
84
|
+
uri.to_s,
|
85
|
+
'Content-Type' => 'application/json',
|
86
|
+
)
|
87
|
+
|
88
|
+
request['Authorization'] = "Bearer #{WorkOS.key!}" if auth
|
89
|
+
request['User-Agent'] = user_agent
|
90
|
+
request
|
91
|
+
end
|
92
|
+
|
72
93
|
sig { returns(String) }
|
73
94
|
def user_agent
|
74
95
|
engine = defined?(::RUBY_ENGINE) ? ::RUBY_ENGINE : 'Ruby'
|
data/lib/workos/connection.rb
CHANGED
data/lib/workos/organization.rb
CHANGED
data/lib/workos/passwordless.rb
CHANGED
@@ -36,7 +36,6 @@ module WorkOS
|
|
36
36
|
).returns(WorkOS::Types::PasswordlessSessionStruct)
|
37
37
|
end
|
38
38
|
|
39
|
-
# rubocop:disable Metrics/MethodLength
|
40
39
|
def create_session(options)
|
41
40
|
response = execute_request(
|
42
41
|
request: post_request(
|
@@ -55,7 +54,6 @@ module WorkOS
|
|
55
54
|
link: hash['link'],
|
56
55
|
)
|
57
56
|
end
|
58
|
-
# rubocop:enable Metrics/MethodLength
|
59
57
|
|
60
58
|
# Send a Passwordless Session via email.
|
61
59
|
#
|
data/lib/workos/portal.rb
CHANGED
@@ -42,7 +42,7 @@ module WorkOS
|
|
42
42
|
# Generate a link to grant access to an organization's Admin Portal
|
43
43
|
#
|
44
44
|
# @param [String] intent The access scope for the generated Admin Portal
|
45
|
-
# link. Valid values are: ["sso"]
|
45
|
+
# link. Valid values are: ["sso", "dsync"]
|
46
46
|
# @param [String] organization The ID of the organization the Admin
|
47
47
|
# Portal link will be generated for.
|
48
48
|
# @param [String] The URL that the end user will be redirected to upon
|
@@ -55,7 +55,6 @@ module WorkOS
|
|
55
55
|
return_url: T.nilable(String),
|
56
56
|
).returns(String)
|
57
57
|
end
|
58
|
-
# rubocop:disable Metrics/MethodLength
|
59
58
|
def generate_link(intent:, organization:, return_url: nil)
|
60
59
|
validate_intent(intent)
|
61
60
|
|
@@ -73,7 +72,6 @@ module WorkOS
|
|
73
72
|
|
74
73
|
JSON.parse(response.body)['link']
|
75
74
|
end
|
76
|
-
# rubocop:enable Metrics/MethodLength
|
77
75
|
|
78
76
|
# Retrieve a list of organizations that have connections configured
|
79
77
|
# within your WorkOS dashboard.
|
@@ -91,7 +89,6 @@ module WorkOS
|
|
91
89
|
options: T::Hash[Symbol, String],
|
92
90
|
).returns(WorkOS::Types::ListStruct)
|
93
91
|
end
|
94
|
-
# rubocop:disable Metrics/MethodLength
|
95
92
|
def list_organizations(options = {})
|
96
93
|
response = execute_request(
|
97
94
|
request: get_request(
|
@@ -112,12 +109,10 @@ module WorkOS
|
|
112
109
|
list_metadata: parsed_response['listMetadata'],
|
113
110
|
)
|
114
111
|
end
|
115
|
-
# rubocop:enable Metrics/MethodLength
|
116
112
|
|
117
113
|
private
|
118
114
|
|
119
115
|
sig { params(response: Net::HTTPResponse).void }
|
120
|
-
# rubocop:disable Metrics/MethodLength
|
121
116
|
def check_and_raise_organization_error(response:)
|
122
117
|
begin
|
123
118
|
body = JSON.parse(response.body)
|
@@ -135,7 +130,6 @@ module WorkOS
|
|
135
130
|
request_id: request_id,
|
136
131
|
)
|
137
132
|
end
|
138
|
-
# rubocop:enable Metrics/MethodLength
|
139
133
|
|
140
134
|
sig { params(intent: String).void }
|
141
135
|
def validate_intent(intent)
|
data/lib/workos/profile.rb
CHANGED
@@ -1,8 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
# typed: true
|
3
3
|
|
4
|
-
require 'json'
|
5
|
-
|
6
4
|
module WorkOS
|
7
5
|
# The Profile class provides a lighweight wrapper around
|
8
6
|
# a normalized response from the various IDPs WorkOS
|
@@ -51,7 +49,7 @@ module WorkOS
|
|
51
49
|
|
52
50
|
private
|
53
51
|
|
54
|
-
# rubocop:disable Metrics/AbcSize
|
52
|
+
# rubocop:disable Metrics/AbcSize
|
55
53
|
sig { params(json_string: String).returns(WorkOS::Types::ProfileStruct) }
|
56
54
|
def parse_json(json_string)
|
57
55
|
hash = JSON.parse(json_string, symbolize_names: true)
|
@@ -67,6 +65,6 @@ module WorkOS
|
|
67
65
|
raw_attributes: hash[:profile][:raw_attributes],
|
68
66
|
)
|
69
67
|
end
|
70
|
-
# rubocop:enable Metrics/AbcSize
|
68
|
+
# rubocop:enable Metrics/AbcSize
|
71
69
|
end
|
72
70
|
end
|
data/lib/workos/sso.rb
CHANGED
@@ -6,7 +6,7 @@ require 'uri'
|
|
6
6
|
|
7
7
|
module WorkOS
|
8
8
|
# The SSO module provides convenience methods for working with the WorkOS
|
9
|
-
# SSO platform. You'll need a valid API key, a
|
9
|
+
# SSO platform. You'll need a valid API key, a client ID, and to have
|
10
10
|
# created an SSO connection on your WorkOS dashboard.
|
11
11
|
#
|
12
12
|
# @see https://docs.workos.com/sso/overview
|
@@ -26,8 +26,12 @@ module WorkOS
|
|
26
26
|
# required
|
27
27
|
# @param [String] provider A provider name for an Identity Provider
|
28
28
|
# configured on your WorkOS dashboard. Only 'Google' is supported.
|
29
|
-
# @param [String]
|
29
|
+
# @param [String] connection The ID for a Connection configured on
|
30
|
+
# WorkOS.
|
31
|
+
# @param [String] client_id The WorkOS client ID for the environment
|
30
32
|
# where you've configured your SSO connection.
|
33
|
+
# @param [String] project_id The WorkOS project ID for the project.
|
34
|
+
# The project_id is deprecated in Dashboard2.
|
31
35
|
# @param [String] redirect_uri The URI where users are directed
|
32
36
|
# after completing the authentication step. Must match a
|
33
37
|
# configured redirect URI on your WorkOS dashboard.
|
@@ -36,7 +40,7 @@ module WorkOS
|
|
36
40
|
# @example
|
37
41
|
# WorkOS::SSO.authorization_url(
|
38
42
|
# domain: 'acme.com',
|
39
|
-
#
|
43
|
+
# client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
|
40
44
|
# redirect_uri: 'https://workos.com/callback',
|
41
45
|
# state: {
|
42
46
|
# next_page: '/docs'
|
@@ -51,40 +55,63 @@ module WorkOS
|
|
51
55
|
# @return [String]
|
52
56
|
sig do
|
53
57
|
params(
|
54
|
-
project_id: String,
|
55
58
|
redirect_uri: String,
|
59
|
+
project_id: T.nilable(String),
|
60
|
+
client_id: T.nilable(String),
|
56
61
|
domain: T.nilable(String),
|
57
62
|
provider: T.nilable(String),
|
63
|
+
connection: T.nilable(String),
|
58
64
|
state: T.nilable(String),
|
59
65
|
).returns(String)
|
60
66
|
end
|
67
|
+
# rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
|
61
68
|
def authorization_url(
|
62
|
-
|
69
|
+
redirect_uri:,
|
70
|
+
project_id: nil,
|
71
|
+
client_id: nil,
|
72
|
+
domain: nil,
|
73
|
+
provider: nil,
|
74
|
+
connection: nil,
|
75
|
+
state: ''
|
63
76
|
)
|
64
|
-
|
77
|
+
if project_id
|
78
|
+
warn '[DEPRECATION] `project_id` is deprecated.
|
79
|
+
Please use `client_id` instead.'
|
80
|
+
client_id = project_id
|
81
|
+
end
|
82
|
+
|
83
|
+
validate_authorization_url_arguments(
|
84
|
+
provider: provider,
|
85
|
+
domain: domain,
|
86
|
+
connection: connection,
|
87
|
+
)
|
65
88
|
|
66
89
|
query = URI.encode_www_form({
|
67
|
-
client_id:
|
90
|
+
client_id: client_id,
|
68
91
|
redirect_uri: redirect_uri,
|
69
92
|
response_type: 'code',
|
70
93
|
state: state,
|
71
94
|
domain: domain,
|
72
95
|
provider: provider,
|
96
|
+
connection: connection,
|
73
97
|
}.compact)
|
74
98
|
|
75
99
|
"https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
|
76
100
|
end
|
101
|
+
# rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
|
77
102
|
|
78
103
|
# Fetch the profile details for the authenticated SSO user.
|
79
104
|
#
|
80
105
|
# @param [String] code The authorization code provided in the callback URL
|
81
|
-
# @param [String]
|
106
|
+
# @param [String] client_id The WorkOS client ID for the environment
|
82
107
|
# where you've configured your SSO connection
|
108
|
+
# @param [String] project_id The WorkOS project ID for the project.
|
109
|
+
# The project_id is deprecated in Dashboard2.
|
83
110
|
#
|
84
111
|
# @example
|
85
112
|
# WorkOS::SSO.profile(
|
86
113
|
# code: 'acme.com',
|
87
|
-
#
|
114
|
+
# client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ'
|
88
115
|
# )
|
89
116
|
# => #<WorkOS::Profile:0x00007fb6e4193d20
|
90
117
|
# @id="prof_01DRA1XNSJDZ19A31F183ECQW5",
|
@@ -97,10 +124,22 @@ module WorkOS
|
|
97
124
|
# >
|
98
125
|
#
|
99
126
|
# @return [WorkOS::Profile]
|
100
|
-
sig
|
101
|
-
|
127
|
+
sig do
|
128
|
+
params(
|
129
|
+
code: String,
|
130
|
+
project_id: T.nilable(String),
|
131
|
+
client_id: T.nilable(String),
|
132
|
+
).returns(WorkOS::Profile)
|
133
|
+
end
|
134
|
+
def profile(code:, project_id: nil, client_id: nil)
|
135
|
+
if project_id
|
136
|
+
warn '[DEPRECATION] `project_id` is deprecated.
|
137
|
+
Please use `client_id` instead.'
|
138
|
+
client_id = project_id
|
139
|
+
end
|
140
|
+
|
102
141
|
body = {
|
103
|
-
client_id:
|
142
|
+
client_id: client_id,
|
104
143
|
client_secret: WorkOS.key!,
|
105
144
|
grant_type: 'authorization_code',
|
106
145
|
code: code,
|
@@ -168,17 +207,105 @@ module WorkOS
|
|
168
207
|
WorkOS::Connection.new(response.body)
|
169
208
|
end
|
170
209
|
|
210
|
+
# Retrieve connections.
|
211
|
+
#
|
212
|
+
# @param [Hash] options An options hash
|
213
|
+
# @option options [String] connection_type Authentication service
|
214
|
+
# provider descriptor.
|
215
|
+
# @option options [String] domain The domain of the connection to be
|
216
|
+
# retrieved.
|
217
|
+
# @option options [String] organization_id The id of the organization
|
218
|
+
# of the connections to be retrieved.
|
219
|
+
# @option options [String] limit Maximum number of records to return.
|
220
|
+
# @option options [String] before Pagination cursor to receive records
|
221
|
+
# before a provided Connection ID.
|
222
|
+
# @option options [String] after Pagination cursor to receive records
|
223
|
+
# before a provided Connection ID.
|
224
|
+
#
|
225
|
+
# @return [Hash]
|
226
|
+
sig do
|
227
|
+
params(
|
228
|
+
options: T::Hash[Symbol, String],
|
229
|
+
).returns(T::Array[T::Hash[String, T.nilable(String)]])
|
230
|
+
end
|
231
|
+
def list_connections(options = {})
|
232
|
+
response = execute_request(
|
233
|
+
request: get_request(
|
234
|
+
path: '/connections',
|
235
|
+
auth: true,
|
236
|
+
params: options,
|
237
|
+
),
|
238
|
+
)
|
239
|
+
|
240
|
+
JSON.parse(response.body)['data']
|
241
|
+
end
|
242
|
+
|
243
|
+
# Get a Connection
|
244
|
+
#
|
245
|
+
# @param [String] id Connection unique identifier
|
246
|
+
#
|
247
|
+
# @example
|
248
|
+
# WorkOS::SSO.get_connection(id: 'conn_02DRA1XNSJDZ19A31F183ECQW9')
|
249
|
+
# => #<WorkOS::Connection:0x00007fb6e4193d20
|
250
|
+
# @id="conn_02DRA1XNSJDZ19A31F183ECQW9",
|
251
|
+
# @name="Foo Corp",
|
252
|
+
# @connection_type="OktaSAML",
|
253
|
+
# @domains=
|
254
|
+
# [{:object=>"connection_domain",
|
255
|
+
# :id=>"domain_01E6PK9N3XMD8RHWF7S66380AR",
|
256
|
+
# :domain=>"example.com"}]>
|
257
|
+
#
|
258
|
+
# @return [WorkOS::Connection]
|
259
|
+
sig { params(id: String).returns(WorkOS::Connection) }
|
260
|
+
def get_connection(id:)
|
261
|
+
request = get_request(
|
262
|
+
auth: true,
|
263
|
+
path: "/connections/#{id}",
|
264
|
+
)
|
265
|
+
|
266
|
+
response = execute_request(request: request)
|
267
|
+
|
268
|
+
WorkOS::Connection.new(response.body)
|
269
|
+
end
|
270
|
+
|
271
|
+
# Delete a Connection
|
272
|
+
#
|
273
|
+
# @param [String] id Connection unique identifier
|
274
|
+
#
|
275
|
+
# @example
|
276
|
+
# WorkOS::SSO.delete_connection(id: 'conn_02DRA1XNSJDZ19A31F183ECQW9')
|
277
|
+
# => true
|
278
|
+
#
|
279
|
+
# @return [Bool] - returns `true` if successful
|
280
|
+
sig { params(id: String).returns(T::Boolean) }
|
281
|
+
def delete_connection(id:)
|
282
|
+
request = delete_request(
|
283
|
+
auth: true,
|
284
|
+
path: "/connections/#{id}",
|
285
|
+
)
|
286
|
+
|
287
|
+
response = execute_request(request: request)
|
288
|
+
|
289
|
+
response.is_a? Net::HTTPSuccess
|
290
|
+
end
|
291
|
+
|
171
292
|
private
|
172
293
|
|
173
294
|
sig do
|
174
295
|
params(
|
175
296
|
domain: T.nilable(String),
|
176
297
|
provider: T.nilable(String),
|
298
|
+
connection: T.nilable(String),
|
177
299
|
).void
|
178
300
|
end
|
179
|
-
def
|
180
|
-
|
181
|
-
|
301
|
+
def validate_authorization_url_arguments(
|
302
|
+
domain:,
|
303
|
+
provider:,
|
304
|
+
connection:
|
305
|
+
)
|
306
|
+
if [domain, provider, connection].all?(&:nil?)
|
307
|
+
raise ArgumentError, 'Either connection, domain, or ' \
|
308
|
+
'provider is required.'
|
182
309
|
end
|
183
310
|
|
184
311
|
return unless provider && !PROVIDERS.include?(provider)
|
@@ -187,7 +314,6 @@ module WorkOS
|
|
187
314
|
" `provider` must be in #{PROVIDERS}"
|
188
315
|
end
|
189
316
|
|
190
|
-
# rubocop:disable Metrics/MethodLength
|
191
317
|
sig { params(response: Net::HTTPResponse).void }
|
192
318
|
def check_and_raise_profile_error(response:)
|
193
319
|
begin
|
@@ -206,7 +332,6 @@ module WorkOS
|
|
206
332
|
request_id: request_id,
|
207
333
|
)
|
208
334
|
end
|
209
|
-
# rubocop:enable Metrics/MethodLength
|
210
335
|
end
|
211
336
|
end
|
212
337
|
end
|