workos 0.9.1 → 0.10.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +5 -1
- data/Gemfile.lock +2 -2
- data/README.md +15 -15
- data/docs/WorkOS/SSO.html +235 -235
- data/docs/file.README.html +20 -20
- data/lib/workos.rb +1 -0
- data/lib/workos/audit_trail.rb +1 -0
- data/lib/workos/client.rb +22 -1
- data/lib/workos/connection.rb +0 -2
- data/lib/workos/organization.rb +0 -2
- data/lib/workos/passwordless.rb +0 -2
- data/lib/workos/portal.rb +1 -7
- data/lib/workos/profile.rb +2 -4
- data/lib/workos/sso.rb +142 -17
- data/lib/workos/types/intent_enum.rb +1 -0
- data/lib/workos/version.rb +1 -1
- data/spec/lib/workos/audit_trail_spec.rb +0 -8
- data/spec/lib/workos/directory_sync_spec.rb +0 -8
- data/spec/lib/workos/passwordless_spec.rb +0 -8
- data/spec/lib/workos/portal_spec.rb +18 -11
- data/spec/lib/workos/sso_spec.rb +224 -29
- data/spec/spec_helper.rb +1 -0
- data/spec/support/fixtures/vcr_cassettes/audit_trail/get_events.yml +2 -2
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories_with_domain_param.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/portal/generate_link_dsync.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/portal/{generate_link.yml → generate_link_sso.yml} +1 -1
- data/spec/support/fixtures/vcr_cassettes/sso/delete_connection_with_invalid_id.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/delete_connection_with_valid_id.yml +70 -0
- data/spec/support/fixtures/vcr_cassettes/sso/get_connection_with_invalid_id.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/get_connection_with_valid_id.yml +74 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_after_param.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_before_param.yml +73 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_connection_type_param.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_domain_param.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_limit_param.yml +72 -0
- data/spec/support/fixtures/vcr_cassettes/sso/list_connections_with_organization_id_param.yml +72 -0
- metadata +29 -5
data/docs/file.README.html
CHANGED
@@ -5,9 +5,9 @@
|
|
5
5
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
6
6
|
<title>
|
7
7
|
File: README
|
8
|
-
|
8
|
+
|
9
9
|
— Documentation by YARD 0.9.22
|
10
|
-
|
10
|
+
|
11
11
|
</title>
|
12
12
|
|
13
13
|
<link rel="stylesheet" href="css/style.css" type="text/css" />
|
@@ -35,14 +35,14 @@
|
|
35
35
|
<div id="main" tabindex="-1">
|
36
36
|
<div id="header">
|
37
37
|
<div id="menu">
|
38
|
-
|
39
|
-
<a href="_index.html">Index</a> »
|
38
|
+
|
39
|
+
<a href="_index.html">Index</a> »
|
40
40
|
<span class="title">File: README</span>
|
41
|
-
|
41
|
+
|
42
42
|
</div>
|
43
43
|
|
44
44
|
<div id="search">
|
45
|
-
|
45
|
+
|
46
46
|
<a class="full_list_link" id="class_list_link"
|
47
47
|
href="class_list.html">
|
48
48
|
|
@@ -52,7 +52,7 @@
|
|
52
52
|
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
|
53
53
|
</svg>
|
54
54
|
</a>
|
55
|
-
|
55
|
+
|
56
56
|
</div>
|
57
57
|
<div class="clear"></div>
|
58
58
|
</div>
|
@@ -139,7 +139,7 @@
|
|
139
139
|
|
140
140
|
<p>See our Ruby SSO example app for a <a href="https://github.com/workos-inc/ruby-sso-example">complete example</a>.</p>
|
141
141
|
|
142
|
-
<pre class="code ruby"><code class="ruby">WorkOS::SSO.authorization_url(domain:,
|
142
|
+
<pre class="code ruby"><code class="ruby">WorkOS::SSO.authorization_url(domain:, client_id:, redirect_uri:, state: {})
|
143
143
|
</code></pre>
|
144
144
|
|
145
145
|
<blockquote>
|
@@ -150,27 +150,27 @@
|
|
150
150
|
<ul><li>
|
151
151
|
<p><code>domain</code> (string) — the authenticating user's company domain, without protocol (ex. <code>example.com</code>)</p>
|
152
152
|
</li><li>
|
153
|
-
<p><code>
|
153
|
+
<p><code>client_id</code> (string) — your application's WorkOS <a href="https://dashboard.workos.com/sso/configuration">Client ID</a> (ex. <code>project_01JG3BCPTRTSTTWQR4VSHXGWCQ</code>)</p>
|
154
154
|
</li><li>
|
155
155
|
<p><code>state</code> (optional, hash) — an optional hash used to manage state across authorization transactions (ex. <code>{ next_page: '/docs'}</code>)</p>
|
156
156
|
</li><li>
|
157
|
-
<p><code>redirect_uri</code> (string) — a callback URL where your application redirects the user-agent after an authorization code is granted (ex. <code>workos.dev/callback</code>). This must match one of your configured callback URLs for the associated
|
157
|
+
<p><code>redirect_uri</code> (string) — a callback URL where your application redirects the user-agent after an authorization code is granted (ex. <code>workos.dev/callback</code>). This must match one of your configured callback URLs for the associated environment on your WorkOS dashboard.</p>
|
158
158
|
</li></ul>
|
159
159
|
|
160
160
|
<p>This method will return an OAuth2 query string of the form:</p>
|
161
161
|
|
162
|
-
<p><code>https://${domain}/sso/authorize?response_type=code&client_id=${
|
162
|
+
<p><code>https://${domain}/sso/authorize?response_type=code&client_id=${clientID}&redirect_uri=${redirectURI}&state=${state}</code></p>
|
163
163
|
|
164
164
|
<p>For example, when used in a <a href="http://sinatrarb.com/">Sinatra app</a>:</p>
|
165
165
|
|
166
166
|
<pre class="code ruby"><code class="ruby"><span class='const'>DOMAIN</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>example.com</span><span class='tstring_end'>'</span></span>
|
167
|
-
<span class='const'>
|
167
|
+
<span class='const'>CLIENT_ID</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>{clientId}</span><span class='tstring_end'>'</span></span>
|
168
168
|
<span class='const'>REDIRECT_URI</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>http://localhost:4567/callback</span><span class='tstring_end'>'</span></span>
|
169
169
|
|
170
170
|
<span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>/auth</span><span class='tstring_end'>'</span></span> <span class='kw'>do</span>
|
171
171
|
<span class='id identifier rubyid_authorization_url'>authorization_url</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_authorization_url'><span class='object_link'><a href="WorkOS/SSO.html#authorization_url-class_method" title="WorkOS::SSO.authorization_url (method)">authorization_url</a></span></span><span class='lparen'>(</span>
|
172
172
|
<span class='label'>domain:</span> <span class='const'>DOMAIN</span><span class='comma'>,</span>
|
173
|
-
<span class='label'>
|
173
|
+
<span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
|
174
174
|
<span class='label'>redirect_uri:</span> <span class='const'>REDIRECT_URI</span><span class='comma'>,</span>
|
175
175
|
<span class='rparen'>)</span>
|
176
176
|
|
@@ -180,11 +180,11 @@
|
|
180
180
|
|
181
181
|
<p>The user would be redirected to:</p>
|
182
182
|
|
183
|
-
<p><code>https://api.workos.com/sso/authorize?response_type=code&client_id={
|
183
|
+
<p><code>https://api.workos.com/sso/authorize?response_type=code&client_id={clientID}&redirect_uri=http://localhost:4567/callback</code></p>
|
184
184
|
|
185
185
|
<p>WorkOS takes over from here, sending the user to authenticate with their IDP, and on successful login, returns the user to your callback URL with a <code>code</code> parameter. You'll use <code>WorkOS::SSO.profile</code> to exchange the code for a <code>WorkOS::Profile</code>.</p>
|
186
186
|
|
187
|
-
<pre class="code ruby"><code class="ruby">WorkOS::SSO.profile(code:,
|
187
|
+
<pre class="code ruby"><code class="ruby">WorkOS::SSO.profile(code:, client_id:)</h4>
|
188
188
|
</code></pre>
|
189
189
|
|
190
190
|
<blockquote>
|
@@ -195,7 +195,7 @@
|
|
195
195
|
<ul><li>
|
196
196
|
<p><code>code</code> (string) — an opaque string provided by the authorization server; will be exchanged for an Access Token when the user's profile is sent</p>
|
197
197
|
</li><li>
|
198
|
-
<p><code>
|
198
|
+
<p><code>client_id</code> (string) — your application's WorkOS <a href="https://dashboard.workos.com/sso/configuration">Client ID</a> (ex. <code>project_01JG3BCPTRTSTTWQR4VSHXGWCQ</code>)</p>
|
199
199
|
</li></ul>
|
200
200
|
|
201
201
|
<p>This method will return an instance of a <code>WorkOS::Profile</code> with the following attributes:</p>
|
@@ -213,13 +213,13 @@
|
|
213
213
|
<p>Our Sintatra app can be extended to use this method:</p>
|
214
214
|
|
215
215
|
<pre class="code ruby"><code class="ruby"><span class='const'>DOMAIN</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>example.com</span><span class='tstring_end'>'</span></span>
|
216
|
-
<span class='const'>
|
216
|
+
<span class='const'>CLIENT_ID</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>{clientId}</span><span class='tstring_end'>'</span></span>
|
217
217
|
<span class='const'>REDIRECT_URI</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>http://localhost:4567/callback</span><span class='tstring_end'>'</span></span>
|
218
218
|
|
219
219
|
<span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>/auth</span><span class='tstring_end'>'</span></span> <span class='kw'>do</span>
|
220
220
|
<span class='id identifier rubyid_authorization_url'>authorization_url</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_authorization_url'><span class='object_link'><a href="WorkOS/SSO.html#authorization_url-class_method" title="WorkOS::SSO.authorization_url (method)">authorization_url</a></span></span><span class='lparen'>(</span>
|
221
221
|
<span class='label'>domain:</span> <span class='const'>DOMAIN</span><span class='comma'>,</span>
|
222
|
-
<span class='label'>
|
222
|
+
<span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
|
223
223
|
<span class='label'>redirect_uri:</span> <span class='const'>REDIRECT_URI</span><span class='comma'>,</span>
|
224
224
|
<span class='rparen'>)</span>
|
225
225
|
|
@@ -229,7 +229,7 @@
|
|
229
229
|
<span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>/callback</span><span class='tstring_end'>'</span></span> <span class='kw'>do</span>
|
230
230
|
<span class='id identifier rubyid_profile'>profile</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_profile'><span class='object_link'><a href="WorkOS/SSO.html#profile-class_method" title="WorkOS::SSO.profile (method)">profile</a></span></span><span class='lparen'>(</span>
|
231
231
|
<span class='label'>code:</span> <span class='id identifier rubyid_params'>params</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>code</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
232
|
-
<span class='label'>
|
232
|
+
<span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
|
233
233
|
<span class='rparen'>)</span>
|
234
234
|
|
235
235
|
<span class='id identifier rubyid_session'>session</span><span class='lbracket'>[</span><span class='symbol'>:user</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_to_json'>to_json</span>
|
@@ -249,4 +249,4 @@
|
|
249
249
|
|
250
250
|
</div>
|
251
251
|
</body>
|
252
|
-
</html>
|
252
|
+
</html>
|
data/lib/workos.rb
CHANGED
data/lib/workos/audit_trail.rb
CHANGED
data/lib/workos/client.rb
CHANGED
@@ -19,7 +19,7 @@ module WorkOS
|
|
19
19
|
|
20
20
|
sig do
|
21
21
|
params(
|
22
|
-
request: T.any(Net::HTTP::Get, Net::HTTP::Post),
|
22
|
+
request: T.any(Net::HTTP::Get, Net::HTTP::Post, Net::HTTP::Delete),
|
23
23
|
).returns(::T.untyped)
|
24
24
|
end
|
25
25
|
def execute_request(request:)
|
@@ -69,6 +69,27 @@ module WorkOS
|
|
69
69
|
request
|
70
70
|
end
|
71
71
|
|
72
|
+
sig do
|
73
|
+
params(
|
74
|
+
path: String,
|
75
|
+
auth: T.nilable(T::Boolean),
|
76
|
+
params: T.nilable(Hash),
|
77
|
+
).returns(Net::HTTP::Delete)
|
78
|
+
end
|
79
|
+
def delete_request(path:, auth: false, params: {})
|
80
|
+
uri = URI(path)
|
81
|
+
uri.query = URI.encode_www_form(params) if params
|
82
|
+
|
83
|
+
request = Net::HTTP::Delete.new(
|
84
|
+
uri.to_s,
|
85
|
+
'Content-Type' => 'application/json',
|
86
|
+
)
|
87
|
+
|
88
|
+
request['Authorization'] = "Bearer #{WorkOS.key!}" if auth
|
89
|
+
request['User-Agent'] = user_agent
|
90
|
+
request
|
91
|
+
end
|
92
|
+
|
72
93
|
sig { returns(String) }
|
73
94
|
def user_agent
|
74
95
|
engine = defined?(::RUBY_ENGINE) ? ::RUBY_ENGINE : 'Ruby'
|
data/lib/workos/connection.rb
CHANGED
data/lib/workos/organization.rb
CHANGED
data/lib/workos/passwordless.rb
CHANGED
@@ -36,7 +36,6 @@ module WorkOS
|
|
36
36
|
).returns(WorkOS::Types::PasswordlessSessionStruct)
|
37
37
|
end
|
38
38
|
|
39
|
-
# rubocop:disable Metrics/MethodLength
|
40
39
|
def create_session(options)
|
41
40
|
response = execute_request(
|
42
41
|
request: post_request(
|
@@ -55,7 +54,6 @@ module WorkOS
|
|
55
54
|
link: hash['link'],
|
56
55
|
)
|
57
56
|
end
|
58
|
-
# rubocop:enable Metrics/MethodLength
|
59
57
|
|
60
58
|
# Send a Passwordless Session via email.
|
61
59
|
#
|
data/lib/workos/portal.rb
CHANGED
@@ -42,7 +42,7 @@ module WorkOS
|
|
42
42
|
# Generate a link to grant access to an organization's Admin Portal
|
43
43
|
#
|
44
44
|
# @param [String] intent The access scope for the generated Admin Portal
|
45
|
-
# link. Valid values are: ["sso"]
|
45
|
+
# link. Valid values are: ["sso", "dsync"]
|
46
46
|
# @param [String] organization The ID of the organization the Admin
|
47
47
|
# Portal link will be generated for.
|
48
48
|
# @param [String] The URL that the end user will be redirected to upon
|
@@ -55,7 +55,6 @@ module WorkOS
|
|
55
55
|
return_url: T.nilable(String),
|
56
56
|
).returns(String)
|
57
57
|
end
|
58
|
-
# rubocop:disable Metrics/MethodLength
|
59
58
|
def generate_link(intent:, organization:, return_url: nil)
|
60
59
|
validate_intent(intent)
|
61
60
|
|
@@ -73,7 +72,6 @@ module WorkOS
|
|
73
72
|
|
74
73
|
JSON.parse(response.body)['link']
|
75
74
|
end
|
76
|
-
# rubocop:enable Metrics/MethodLength
|
77
75
|
|
78
76
|
# Retrieve a list of organizations that have connections configured
|
79
77
|
# within your WorkOS dashboard.
|
@@ -91,7 +89,6 @@ module WorkOS
|
|
91
89
|
options: T::Hash[Symbol, String],
|
92
90
|
).returns(WorkOS::Types::ListStruct)
|
93
91
|
end
|
94
|
-
# rubocop:disable Metrics/MethodLength
|
95
92
|
def list_organizations(options = {})
|
96
93
|
response = execute_request(
|
97
94
|
request: get_request(
|
@@ -112,12 +109,10 @@ module WorkOS
|
|
112
109
|
list_metadata: parsed_response['listMetadata'],
|
113
110
|
)
|
114
111
|
end
|
115
|
-
# rubocop:enable Metrics/MethodLength
|
116
112
|
|
117
113
|
private
|
118
114
|
|
119
115
|
sig { params(response: Net::HTTPResponse).void }
|
120
|
-
# rubocop:disable Metrics/MethodLength
|
121
116
|
def check_and_raise_organization_error(response:)
|
122
117
|
begin
|
123
118
|
body = JSON.parse(response.body)
|
@@ -135,7 +130,6 @@ module WorkOS
|
|
135
130
|
request_id: request_id,
|
136
131
|
)
|
137
132
|
end
|
138
|
-
# rubocop:enable Metrics/MethodLength
|
139
133
|
|
140
134
|
sig { params(intent: String).void }
|
141
135
|
def validate_intent(intent)
|
data/lib/workos/profile.rb
CHANGED
@@ -1,8 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
# typed: true
|
3
3
|
|
4
|
-
require 'json'
|
5
|
-
|
6
4
|
module WorkOS
|
7
5
|
# The Profile class provides a lighweight wrapper around
|
8
6
|
# a normalized response from the various IDPs WorkOS
|
@@ -51,7 +49,7 @@ module WorkOS
|
|
51
49
|
|
52
50
|
private
|
53
51
|
|
54
|
-
# rubocop:disable Metrics/AbcSize
|
52
|
+
# rubocop:disable Metrics/AbcSize
|
55
53
|
sig { params(json_string: String).returns(WorkOS::Types::ProfileStruct) }
|
56
54
|
def parse_json(json_string)
|
57
55
|
hash = JSON.parse(json_string, symbolize_names: true)
|
@@ -67,6 +65,6 @@ module WorkOS
|
|
67
65
|
raw_attributes: hash[:profile][:raw_attributes],
|
68
66
|
)
|
69
67
|
end
|
70
|
-
# rubocop:enable Metrics/AbcSize
|
68
|
+
# rubocop:enable Metrics/AbcSize
|
71
69
|
end
|
72
70
|
end
|
data/lib/workos/sso.rb
CHANGED
@@ -6,7 +6,7 @@ require 'uri'
|
|
6
6
|
|
7
7
|
module WorkOS
|
8
8
|
# The SSO module provides convenience methods for working with the WorkOS
|
9
|
-
# SSO platform. You'll need a valid API key, a
|
9
|
+
# SSO platform. You'll need a valid API key, a client ID, and to have
|
10
10
|
# created an SSO connection on your WorkOS dashboard.
|
11
11
|
#
|
12
12
|
# @see https://docs.workos.com/sso/overview
|
@@ -26,8 +26,12 @@ module WorkOS
|
|
26
26
|
# required
|
27
27
|
# @param [String] provider A provider name for an Identity Provider
|
28
28
|
# configured on your WorkOS dashboard. Only 'Google' is supported.
|
29
|
-
# @param [String]
|
29
|
+
# @param [String] connection The ID for a Connection configured on
|
30
|
+
# WorkOS.
|
31
|
+
# @param [String] client_id The WorkOS client ID for the environment
|
30
32
|
# where you've configured your SSO connection.
|
33
|
+
# @param [String] project_id The WorkOS project ID for the project.
|
34
|
+
# The project_id is deprecated in Dashboard2.
|
31
35
|
# @param [String] redirect_uri The URI where users are directed
|
32
36
|
# after completing the authentication step. Must match a
|
33
37
|
# configured redirect URI on your WorkOS dashboard.
|
@@ -36,7 +40,7 @@ module WorkOS
|
|
36
40
|
# @example
|
37
41
|
# WorkOS::SSO.authorization_url(
|
38
42
|
# domain: 'acme.com',
|
39
|
-
#
|
43
|
+
# client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
|
40
44
|
# redirect_uri: 'https://workos.com/callback',
|
41
45
|
# state: {
|
42
46
|
# next_page: '/docs'
|
@@ -51,40 +55,63 @@ module WorkOS
|
|
51
55
|
# @return [String]
|
52
56
|
sig do
|
53
57
|
params(
|
54
|
-
project_id: String,
|
55
58
|
redirect_uri: String,
|
59
|
+
project_id: T.nilable(String),
|
60
|
+
client_id: T.nilable(String),
|
56
61
|
domain: T.nilable(String),
|
57
62
|
provider: T.nilable(String),
|
63
|
+
connection: T.nilable(String),
|
58
64
|
state: T.nilable(String),
|
59
65
|
).returns(String)
|
60
66
|
end
|
67
|
+
# rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
|
61
68
|
def authorization_url(
|
62
|
-
|
69
|
+
redirect_uri:,
|
70
|
+
project_id: nil,
|
71
|
+
client_id: nil,
|
72
|
+
domain: nil,
|
73
|
+
provider: nil,
|
74
|
+
connection: nil,
|
75
|
+
state: ''
|
63
76
|
)
|
64
|
-
|
77
|
+
if project_id
|
78
|
+
warn '[DEPRECATION] `project_id` is deprecated.
|
79
|
+
Please use `client_id` instead.'
|
80
|
+
client_id = project_id
|
81
|
+
end
|
82
|
+
|
83
|
+
validate_authorization_url_arguments(
|
84
|
+
provider: provider,
|
85
|
+
domain: domain,
|
86
|
+
connection: connection,
|
87
|
+
)
|
65
88
|
|
66
89
|
query = URI.encode_www_form({
|
67
|
-
client_id:
|
90
|
+
client_id: client_id,
|
68
91
|
redirect_uri: redirect_uri,
|
69
92
|
response_type: 'code',
|
70
93
|
state: state,
|
71
94
|
domain: domain,
|
72
95
|
provider: provider,
|
96
|
+
connection: connection,
|
73
97
|
}.compact)
|
74
98
|
|
75
99
|
"https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
|
76
100
|
end
|
101
|
+
# rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
|
77
102
|
|
78
103
|
# Fetch the profile details for the authenticated SSO user.
|
79
104
|
#
|
80
105
|
# @param [String] code The authorization code provided in the callback URL
|
81
|
-
# @param [String]
|
106
|
+
# @param [String] client_id The WorkOS client ID for the environment
|
82
107
|
# where you've configured your SSO connection
|
108
|
+
# @param [String] project_id The WorkOS project ID for the project.
|
109
|
+
# The project_id is deprecated in Dashboard2.
|
83
110
|
#
|
84
111
|
# @example
|
85
112
|
# WorkOS::SSO.profile(
|
86
113
|
# code: 'acme.com',
|
87
|
-
#
|
114
|
+
# client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ'
|
88
115
|
# )
|
89
116
|
# => #<WorkOS::Profile:0x00007fb6e4193d20
|
90
117
|
# @id="prof_01DRA1XNSJDZ19A31F183ECQW5",
|
@@ -97,10 +124,22 @@ module WorkOS
|
|
97
124
|
# >
|
98
125
|
#
|
99
126
|
# @return [WorkOS::Profile]
|
100
|
-
sig
|
101
|
-
|
127
|
+
sig do
|
128
|
+
params(
|
129
|
+
code: String,
|
130
|
+
project_id: T.nilable(String),
|
131
|
+
client_id: T.nilable(String),
|
132
|
+
).returns(WorkOS::Profile)
|
133
|
+
end
|
134
|
+
def profile(code:, project_id: nil, client_id: nil)
|
135
|
+
if project_id
|
136
|
+
warn '[DEPRECATION] `project_id` is deprecated.
|
137
|
+
Please use `client_id` instead.'
|
138
|
+
client_id = project_id
|
139
|
+
end
|
140
|
+
|
102
141
|
body = {
|
103
|
-
client_id:
|
142
|
+
client_id: client_id,
|
104
143
|
client_secret: WorkOS.key!,
|
105
144
|
grant_type: 'authorization_code',
|
106
145
|
code: code,
|
@@ -168,17 +207,105 @@ module WorkOS
|
|
168
207
|
WorkOS::Connection.new(response.body)
|
169
208
|
end
|
170
209
|
|
210
|
+
# Retrieve connections.
|
211
|
+
#
|
212
|
+
# @param [Hash] options An options hash
|
213
|
+
# @option options [String] connection_type Authentication service
|
214
|
+
# provider descriptor.
|
215
|
+
# @option options [String] domain The domain of the connection to be
|
216
|
+
# retrieved.
|
217
|
+
# @option options [String] organization_id The id of the organization
|
218
|
+
# of the connections to be retrieved.
|
219
|
+
# @option options [String] limit Maximum number of records to return.
|
220
|
+
# @option options [String] before Pagination cursor to receive records
|
221
|
+
# before a provided Connection ID.
|
222
|
+
# @option options [String] after Pagination cursor to receive records
|
223
|
+
# before a provided Connection ID.
|
224
|
+
#
|
225
|
+
# @return [Hash]
|
226
|
+
sig do
|
227
|
+
params(
|
228
|
+
options: T::Hash[Symbol, String],
|
229
|
+
).returns(T::Array[T::Hash[String, T.nilable(String)]])
|
230
|
+
end
|
231
|
+
def list_connections(options = {})
|
232
|
+
response = execute_request(
|
233
|
+
request: get_request(
|
234
|
+
path: '/connections',
|
235
|
+
auth: true,
|
236
|
+
params: options,
|
237
|
+
),
|
238
|
+
)
|
239
|
+
|
240
|
+
JSON.parse(response.body)['data']
|
241
|
+
end
|
242
|
+
|
243
|
+
# Get a Connection
|
244
|
+
#
|
245
|
+
# @param [String] id Connection unique identifier
|
246
|
+
#
|
247
|
+
# @example
|
248
|
+
# WorkOS::SSO.get_connection(id: 'conn_02DRA1XNSJDZ19A31F183ECQW9')
|
249
|
+
# => #<WorkOS::Connection:0x00007fb6e4193d20
|
250
|
+
# @id="conn_02DRA1XNSJDZ19A31F183ECQW9",
|
251
|
+
# @name="Foo Corp",
|
252
|
+
# @connection_type="OktaSAML",
|
253
|
+
# @domains=
|
254
|
+
# [{:object=>"connection_domain",
|
255
|
+
# :id=>"domain_01E6PK9N3XMD8RHWF7S66380AR",
|
256
|
+
# :domain=>"example.com"}]>
|
257
|
+
#
|
258
|
+
# @return [WorkOS::Connection]
|
259
|
+
sig { params(id: String).returns(WorkOS::Connection) }
|
260
|
+
def get_connection(id:)
|
261
|
+
request = get_request(
|
262
|
+
auth: true,
|
263
|
+
path: "/connections/#{id}",
|
264
|
+
)
|
265
|
+
|
266
|
+
response = execute_request(request: request)
|
267
|
+
|
268
|
+
WorkOS::Connection.new(response.body)
|
269
|
+
end
|
270
|
+
|
271
|
+
# Delete a Connection
|
272
|
+
#
|
273
|
+
# @param [String] id Connection unique identifier
|
274
|
+
#
|
275
|
+
# @example
|
276
|
+
# WorkOS::SSO.delete_connection(id: 'conn_02DRA1XNSJDZ19A31F183ECQW9')
|
277
|
+
# => true
|
278
|
+
#
|
279
|
+
# @return [Bool] - returns `true` if successful
|
280
|
+
sig { params(id: String).returns(T::Boolean) }
|
281
|
+
def delete_connection(id:)
|
282
|
+
request = delete_request(
|
283
|
+
auth: true,
|
284
|
+
path: "/connections/#{id}",
|
285
|
+
)
|
286
|
+
|
287
|
+
response = execute_request(request: request)
|
288
|
+
|
289
|
+
response.is_a? Net::HTTPSuccess
|
290
|
+
end
|
291
|
+
|
171
292
|
private
|
172
293
|
|
173
294
|
sig do
|
174
295
|
params(
|
175
296
|
domain: T.nilable(String),
|
176
297
|
provider: T.nilable(String),
|
298
|
+
connection: T.nilable(String),
|
177
299
|
).void
|
178
300
|
end
|
179
|
-
def
|
180
|
-
|
181
|
-
|
301
|
+
def validate_authorization_url_arguments(
|
302
|
+
domain:,
|
303
|
+
provider:,
|
304
|
+
connection:
|
305
|
+
)
|
306
|
+
if [domain, provider, connection].all?(&:nil?)
|
307
|
+
raise ArgumentError, 'Either connection, domain, or ' \
|
308
|
+
'provider is required.'
|
182
309
|
end
|
183
310
|
|
184
311
|
return unless provider && !PROVIDERS.include?(provider)
|
@@ -187,7 +314,6 @@ module WorkOS
|
|
187
314
|
" `provider` must be in #{PROVIDERS}"
|
188
315
|
end
|
189
316
|
|
190
|
-
# rubocop:disable Metrics/MethodLength
|
191
317
|
sig { params(response: Net::HTTPResponse).void }
|
192
318
|
def check_and_raise_profile_error(response:)
|
193
319
|
begin
|
@@ -206,7 +332,6 @@ module WorkOS
|
|
206
332
|
request_id: request_id,
|
207
333
|
)
|
208
334
|
end
|
209
|
-
# rubocop:enable Metrics/MethodLength
|
210
335
|
end
|
211
336
|
end
|
212
337
|
end
|