workos 0.9.1 → 0.10.3

data/docs/file.README.html

@@ -5,9 +5,9 @@
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>
   File: README
-  
+
     &mdash; Documentation by YARD 0.9.22
-  
+
 </title>
 
   <link rel="stylesheet" href="css/style.css" type="text/css" />
@@ -35,14 +35,14 @@
     <div id="main" tabindex="-1">
       <div id="header">
         <div id="menu">
-  
-    <a href="_index.html">Index</a> &raquo; 
+
+    <a href="_index.html">Index</a> &raquo;
     <span class="title">File: README</span>
-  
+
 </div>
 
         <div id="search">
-  
+
     <a class="full_list_link" id="class_list_link"
         href="class_list.html">
 
@@ -52,7 +52,7 @@
           <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
         </svg>
     </a>
-  
+
 </div>
         <div class="clear"></div>
       </div>
@@ -139,7 +139,7 @@
 
 <p>See our Ruby SSO example app for a <a href="https://github.com/workos-inc/ruby-sso-example">complete example</a>.</p>
 
-<pre class="code ruby"><code class="ruby">WorkOS::SSO.authorization_url(domain:, project_id:, redirect_uri:, state: {})
+<pre class="code ruby"><code class="ruby">WorkOS::SSO.authorization_url(domain:, client_id:, redirect_uri:, state: {})
 </code></pre>
 
 <blockquote>
@@ -150,27 +150,27 @@
 <ul><li>
 <p><code>domain</code> (string) — the authenticating user&#39;s company domain, without protocol (ex. <code>example.com</code>)</p>
 </li><li>
-<p><code>project_id</code> (string) — your application&#39;s WorkOS <a href="https://dashboard.workos.com/sso/configuration">Project ID</a> (ex. <code>project_01JG3BCPTRTSTTWQR4VSHXGWCQ</code>)</p>
+<p><code>client_id</code> (string) — your application&#39;s WorkOS <a href="https://dashboard.workos.com/sso/configuration">Client ID</a> (ex. <code>project_01JG3BCPTRTSTTWQR4VSHXGWCQ</code>)</p>
 </li><li>
 <p><code>state</code> (optional, hash) — an optional hash used to manage state across authorization transactions (ex. <code>{ next_page: &#39;/docs&#39;}</code>)</p>
 </li><li>
-<p><code>redirect_uri</code> (string) — a callback URL where your application redirects the user-agent after an authorization code is granted (ex. <code>workos.dev/callback</code>). This must match one of your configured callback URLs for the associated project on your WorkOS dashboard.</p>
+<p><code>redirect_uri</code> (string) — a callback URL where your application redirects the user-agent after an authorization code is granted (ex. <code>workos.dev/callback</code>). This must match one of your configured callback URLs for the associated environment on your WorkOS dashboard.</p>
 </li></ul>
 
 <p>This method will return an OAuth2 query string of the form:</p>
 
-<p><code>https://${domain}/sso/authorize?response_type=code&client_id=${projectID}&redirect_uri=${redirectURI}&state=${state}</code></p>
+<p><code>https://${domain}/sso/authorize?response_type=code&client_id=${clientID}&redirect_uri=${redirectURI}&state=${state}</code></p>
 
 <p>For example, when used in a <a href="http://sinatrarb.com/">Sinatra app</a>:</p>
 
 <pre class="code ruby"><code class="ruby"><span class='const'>DOMAIN</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>example.com</span><span class='tstring_end'>&#39;</span></span>
-<span class='const'>PROJECT_ID</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>{projectId}</span><span class='tstring_end'>&#39;</span></span>
+<span class='const'>CLIENT_ID</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>{clientId}</span><span class='tstring_end'>&#39;</span></span>
 <span class='const'>REDIRECT_URI</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>http://localhost:4567/callback</span><span class='tstring_end'>&#39;</span></span>
 
 <span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/auth</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>do</span>
   <span class='id identifier rubyid_authorization_url'>authorization_url</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_authorization_url'><span class='object_link'><a href="WorkOS/SSO.html#authorization_url-class_method" title="WorkOS::SSO.authorization_url (method)">authorization_url</a></span></span><span class='lparen'>(</span>
     <span class='label'>domain:</span> <span class='const'>DOMAIN</span><span class='comma'>,</span>
-    <span class='label'>project_id:</span> <span class='const'>PROJECT_ID</span><span class='comma'>,</span>
+    <span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
     <span class='label'>redirect_uri:</span> <span class='const'>REDIRECT_URI</span><span class='comma'>,</span>
   <span class='rparen'>)</span>
 
@@ -180,11 +180,11 @@
 
 <p>The user would be redirected to:</p>
 
-<p><code>https://api.workos.com/sso/authorize?response_type=code&client_id={projectID}&redirect_uri=http://localhost:4567/callback</code></p>
+<p><code>https://api.workos.com/sso/authorize?response_type=code&client_id={clientID}&redirect_uri=http://localhost:4567/callback</code></p>
 
 <p>WorkOS takes over from here, sending the user to authenticate with their IDP, and on successful login, returns the user to your callback URL with a <code>code</code> parameter. You&#39;ll use <code>WorkOS::SSO.profile</code> to exchange the code for a <code>WorkOS::Profile</code>.</p>
 
-<pre class="code ruby"><code class="ruby">WorkOS::SSO.profile(code:, project_id:)&lt;/h4&gt;
+<pre class="code ruby"><code class="ruby">WorkOS::SSO.profile(code:, client_id:)&lt;/h4&gt;
 </code></pre>
 
 <blockquote>
@@ -195,7 +195,7 @@
 <ul><li>
 <p><code>code</code> (string) — an opaque string provided by the authorization server; will be exchanged for an Access Token when the user&#39;s profile is sent</p>
 </li><li>
-<p><code>project_id</code> (string) — your application&#39;s WorkOS <a href="https://dashboard.workos.com/sso/configuration">Project ID</a> (ex. <code>project_01JG3BCPTRTSTTWQR4VSHXGWCQ</code>)</p>
+<p><code>client_id</code> (string) — your application&#39;s WorkOS <a href="https://dashboard.workos.com/sso/configuration">Client ID</a> (ex. <code>project_01JG3BCPTRTSTTWQR4VSHXGWCQ</code>)</p>
 </li></ul>
 
 <p>This method will return an instance of a <code>WorkOS::Profile</code> with the following attributes:</p>
@@ -213,13 +213,13 @@
 <p>Our Sintatra app can be extended to use this method:</p>
 
 <pre class="code ruby"><code class="ruby"><span class='const'>DOMAIN</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>example.com</span><span class='tstring_end'>&#39;</span></span>
-<span class='const'>PROJECT_ID</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>{projectId}</span><span class='tstring_end'>&#39;</span></span>
+<span class='const'>CLIENT_ID</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>{clientId}</span><span class='tstring_end'>&#39;</span></span>
 <span class='const'>REDIRECT_URI</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>http://localhost:4567/callback</span><span class='tstring_end'>&#39;</span></span>
 
 <span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/auth</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>do</span>
   <span class='id identifier rubyid_authorization_url'>authorization_url</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_authorization_url'><span class='object_link'><a href="WorkOS/SSO.html#authorization_url-class_method" title="WorkOS::SSO.authorization_url (method)">authorization_url</a></span></span><span class='lparen'>(</span>
     <span class='label'>domain:</span> <span class='const'>DOMAIN</span><span class='comma'>,</span>
-    <span class='label'>project_id:</span> <span class='const'>PROJECT_ID</span><span class='comma'>,</span>
+    <span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
     <span class='label'>redirect_uri:</span> <span class='const'>REDIRECT_URI</span><span class='comma'>,</span>
   <span class='rparen'>)</span>
 
@@ -229,7 +229,7 @@
 <span class='id identifier rubyid_get'>get</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/callback</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>do</span>
   <span class='id identifier rubyid_profile'>profile</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="WorkOS.html" title="WorkOS (module)">WorkOS</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="WorkOS/SSO.html" title="WorkOS::SSO (module)">SSO</a></span></span><span class='period'>.</span><span class='id identifier rubyid_profile'><span class='object_link'><a href="WorkOS/SSO.html#profile-class_method" title="WorkOS::SSO.profile (method)">profile</a></span></span><span class='lparen'>(</span>
     <span class='label'>code:</span> <span class='id identifier rubyid_params'>params</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>code</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
-    <span class='label'>project_id:</span> <span class='const'>PROJECT_ID</span><span class='comma'>,</span>
+    <span class='label'>client_id:</span> <span class='const'>CLIENT_ID</span><span class='comma'>,</span>
   <span class='rparen'>)</span>
 
   <span class='id identifier rubyid_session'>session</span><span class='lbracket'>[</span><span class='symbol'>:user</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_to_json'>to_json</span>
@@ -249,4 +249,4 @@
 
     </div>
   </body>
-</html>
+</html>

data/lib/workos.rb

@@ -3,6 +3,7 @@
 
 require 'workos/version'
 require 'sorbet-runtime'
+require 'json'
 
 # Use the WorkOS module to authenticate your
 # requests to the WorkOS API. The gem will read

data/lib/workos/audit_trail.rb

@@ -51,6 +51,7 @@ module WorkOS
       def create_event(event:, idempotency_key: nil)
         request = post_request(
           path: '/events',
+          auth: true,
           idempotency_key: idempotency_key,
           body: event,
         )

data/lib/workos/client.rb

@@ -19,7 +19,7 @@ module WorkOS
 
     sig do
       params(
-        request: T.any(Net::HTTP::Get, Net::HTTP::Post),
+        request: T.any(Net::HTTP::Get, Net::HTTP::Post, Net::HTTP::Delete),
       ).returns(::T.untyped)
     end
     def execute_request(request:)
@@ -69,6 +69,27 @@ module WorkOS
       request
     end
 
+    sig do
+      params(
+        path: String,
+        auth: T.nilable(T::Boolean),
+        params: T.nilable(Hash),
+      ).returns(Net::HTTP::Delete)
+    end
+    def delete_request(path:, auth: false, params: {})
+      uri = URI(path)
+      uri.query = URI.encode_www_form(params) if params
+
+      request = Net::HTTP::Delete.new(
+        uri.to_s,
+        'Content-Type' => 'application/json',
+      )
+
+      request['Authorization'] = "Bearer #{WorkOS.key!}" if auth
+      request['User-Agent'] = user_agent
+      request
+    end
+
     sig { returns(String) }
     def user_agent
       engine = defined?(::RUBY_ENGINE) ? ::RUBY_ENGINE : 'Ruby'

data/lib/workos/connection.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 # typed: true
 
-require 'json'
-
 module WorkOS
   # The Connection class provides a lightweight wrapper around
   # a WorkOS Connection resource. This class is not meant to be instantiated

data/lib/workos/organization.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 # typed: true
 
-require 'json'
-
 module WorkOS
   # The Organization class provides a lightweight wrapper around
   # a WorkOS Organization resource. This class is not meant to be instantiated

data/lib/workos/passwordless.rb

@@ -36,7 +36,6 @@ module WorkOS
         ).returns(WorkOS::Types::PasswordlessSessionStruct)
       end
 
-      # rubocop:disable Metrics/MethodLength
       def create_session(options)
         response = execute_request(
           request: post_request(
@@ -55,7 +54,6 @@ module WorkOS
           link: hash['link'],
         )
       end
-      # rubocop:enable Metrics/MethodLength
 
       # Send a Passwordless Session via email.
       #

data/lib/workos/portal.rb

@@ -42,7 +42,7 @@ module WorkOS
       # Generate a link to grant access to an organization's Admin Portal
       #
       # @param [String] intent The access scope for the generated Admin Portal
-      #  link. Valid values are: ["sso"]
+      #  link. Valid values are: ["sso", "dsync"]
       # @param [String] organization The ID of the organization the Admin
       #  Portal link will be generated for.
       # @param [String] The URL that the end user will be redirected to upon
@@ -55,7 +55,6 @@ module WorkOS
           return_url: T.nilable(String),
         ).returns(String)
       end
-      # rubocop:disable Metrics/MethodLength
       def generate_link(intent:, organization:, return_url: nil)
         validate_intent(intent)
 
@@ -73,7 +72,6 @@ module WorkOS
 
         JSON.parse(response.body)['link']
       end
-      # rubocop:enable Metrics/MethodLength
 
       # Retrieve a list of organizations that have connections configured
       # within your WorkOS dashboard.
@@ -91,7 +89,6 @@ module WorkOS
           options: T::Hash[Symbol, String],
         ).returns(WorkOS::Types::ListStruct)
       end
-      # rubocop:disable Metrics/MethodLength
       def list_organizations(options = {})
         response = execute_request(
           request: get_request(
@@ -112,12 +109,10 @@ module WorkOS
           list_metadata: parsed_response['listMetadata'],
         )
       end
-      # rubocop:enable Metrics/MethodLength
 
       private
 
       sig { params(response: Net::HTTPResponse).void }
-      # rubocop:disable Metrics/MethodLength
       def check_and_raise_organization_error(response:)
         begin
           body = JSON.parse(response.body)
@@ -135,7 +130,6 @@ module WorkOS
           request_id: request_id,
         )
       end
-      # rubocop:enable Metrics/MethodLength
 
       sig { params(intent: String).void }
       def validate_intent(intent)

data/lib/workos/profile.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 # typed: true
 
-require 'json'
-
 module WorkOS
   # The Profile class provides a lighweight wrapper around
   # a normalized response from the various IDPs WorkOS
@@ -51,7 +49,7 @@ module WorkOS
 
     private
 
-    # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+    # rubocop:disable Metrics/AbcSize
     sig { params(json_string: String).returns(WorkOS::Types::ProfileStruct) }
     def parse_json(json_string)
       hash = JSON.parse(json_string, symbolize_names: true)
@@ -67,6 +65,6 @@ module WorkOS
         raw_attributes: hash[:profile][:raw_attributes],
       )
     end
-    # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
+    # rubocop:enable Metrics/AbcSize
   end
 end

data/lib/workos/sso.rb

@@ -6,7 +6,7 @@ require 'uri'
 
 module WorkOS
   # The SSO module provides convenience methods for working with the WorkOS
-  # SSO platform. You'll need a valid API key, a project ID, and to have
+  # SSO platform. You'll need a valid API key, a client ID, and to have
   # created an SSO connection on your WorkOS dashboard.
   #
   # @see https://docs.workos.com/sso/overview
@@ -26,8 +26,12 @@ module WorkOS
       #  required
       # @param [String] provider A provider name for an Identity Provider
       #  configured on your WorkOS dashboard. Only 'Google' is supported.
-      # @param [String] project_id The WorkOS project ID for the project
+      # @param [String] connection The ID for a Connection configured on
+      #  WorkOS.
+      # @param [String] client_id The WorkOS client ID for the environment
       #  where you've configured your SSO connection.
+      # @param [String] project_id The WorkOS project ID for the project.
+      # The project_id is deprecated in Dashboard2.
       # @param [String] redirect_uri The URI where users are directed
       #  after completing the authentication step. Must match a
       #  configured redirect URI on your WorkOS dashboard.
@@ -36,7 +40,7 @@ module WorkOS
       # @example
       #   WorkOS::SSO.authorization_url(
       #     domain: 'acme.com',
-      #     project_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
+      #     client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
       #     redirect_uri: 'https://workos.com/callback',
       #     state: {
       #       next_page: '/docs'
@@ -51,40 +55,63 @@ module WorkOS
       # @return [String]
       sig do
         params(
-          project_id: String,
           redirect_uri: String,
+          project_id: T.nilable(String),
+          client_id: T.nilable(String),
           domain: T.nilable(String),
           provider: T.nilable(String),
+          connection: T.nilable(String),
           state: T.nilable(String),
         ).returns(String)
       end
+      # rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
       def authorization_url(
-        project_id:, redirect_uri:, domain: nil, provider: nil, state: ''
+        redirect_uri:,
+        project_id: nil,
+        client_id: nil,
+        domain: nil,
+        provider: nil,
+        connection: nil,
+        state: ''
       )
-        validate_domain_and_provider(provider: provider, domain: domain)
+        if project_id
+          warn '[DEPRECATION] `project_id` is deprecated.
+          Please use `client_id` instead.'
+          client_id = project_id
+        end
+
+        validate_authorization_url_arguments(
+          provider: provider,
+          domain: domain,
+          connection: connection,
+        )
 
         query = URI.encode_www_form({
-          client_id: project_id,
+          client_id: client_id,
           redirect_uri: redirect_uri,
           response_type: 'code',
           state: state,
           domain: domain,
           provider: provider,
+          connection: connection,
         }.compact)
 
         "https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
       end
+      # rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
 
       # Fetch the profile details for the authenticated SSO user.
       #
       # @param [String] code The authorization code provided in the callback URL
-      # @param [String] project_id The WorkOS project ID for the project
+      # @param [String] client_id The WorkOS client ID for the environment
       #  where you've  configured your SSO connection
+      # @param [String] project_id The WorkOS project ID for the project.
+      # The project_id is deprecated in Dashboard2.
       #
       # @example
       #   WorkOS::SSO.profile(
       #     code: 'acme.com',
-      #     project_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ'
+      #     client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ'
       #   )
       #   => #<WorkOS::Profile:0x00007fb6e4193d20
       #         @id="prof_01DRA1XNSJDZ19A31F183ECQW5",
@@ -97,10 +124,22 @@ module WorkOS
       #        >
       #
       # @return [WorkOS::Profile]
-      sig { params(code: String, project_id: String).returns(WorkOS::Profile) }
-      def profile(code:, project_id:)
+      sig do
+        params(
+          code: String,
+          project_id: T.nilable(String),
+          client_id: T.nilable(String),
+        ).returns(WorkOS::Profile)
+      end
+      def profile(code:, project_id: nil, client_id: nil)
+        if project_id
+          warn '[DEPRECATION] `project_id` is deprecated.
+          Please use `client_id` instead.'
+          client_id = project_id
+        end
+
         body = {
-          client_id: project_id,
+          client_id: client_id,
           client_secret: WorkOS.key!,
           grant_type: 'authorization_code',
           code: code,
@@ -168,17 +207,105 @@ module WorkOS
         WorkOS::Connection.new(response.body)
       end
 
+      # Retrieve connections.
+      #
+      # @param [Hash] options An options hash
+      # @option options [String] connection_type Authentication service
+      #  provider descriptor.
+      # @option options [String] domain The domain of the connection to be
+      #  retrieved.
+      # @option options [String] organization_id The id of the organization
+      #  of the connections to be retrieved.
+      # @option options [String] limit Maximum number of records to return.
+      # @option options [String] before Pagination cursor to receive records
+      #  before a provided Connection ID.
+      # @option options [String] after Pagination cursor to receive records
+      #  before a provided Connection ID.
+      #
+      # @return [Hash]
+      sig do
+        params(
+          options: T::Hash[Symbol, String],
+        ).returns(T::Array[T::Hash[String, T.nilable(String)]])
+      end
+      def list_connections(options = {})
+        response = execute_request(
+          request: get_request(
+            path: '/connections',
+            auth: true,
+            params: options,
+          ),
+        )
+
+        JSON.parse(response.body)['data']
+      end
+
+      # Get a Connection
+      #
+      # @param [String] id Connection unique identifier
+      #
+      # @example
+      #   WorkOS::SSO.get_connection(id: 'conn_02DRA1XNSJDZ19A31F183ECQW9')
+      #   => #<WorkOS::Connection:0x00007fb6e4193d20
+      #         @id="conn_02DRA1XNSJDZ19A31F183ECQW9",
+      #         @name="Foo Corp",
+      #         @connection_type="OktaSAML",
+      #         @domains=
+      #          [{:object=>"connection_domain",
+      #            :id=>"domain_01E6PK9N3XMD8RHWF7S66380AR",
+      #            :domain=>"example.com"}]>
+      #
+      # @return [WorkOS::Connection]
+      sig { params(id: String).returns(WorkOS::Connection) }
+      def get_connection(id:)
+        request = get_request(
+          auth: true,
+          path: "/connections/#{id}",
+        )
+
+        response = execute_request(request: request)
+
+        WorkOS::Connection.new(response.body)
+      end
+
+      # Delete a Connection
+      #
+      # @param [String] id Connection unique identifier
+      #
+      # @example
+      #   WorkOS::SSO.delete_connection(id: 'conn_02DRA1XNSJDZ19A31F183ECQW9')
+      #   => true
+      #
+      # @return [Bool] - returns `true` if successful
+      sig { params(id: String).returns(T::Boolean) }
+      def delete_connection(id:)
+        request = delete_request(
+          auth: true,
+          path: "/connections/#{id}",
+        )
+
+        response = execute_request(request: request)
+
+        response.is_a? Net::HTTPSuccess
+      end
+
       private
 
       sig do
         params(
           domain: T.nilable(String),
           provider: T.nilable(String),
+          connection: T.nilable(String),
         ).void
       end
-      def validate_domain_and_provider(domain:, provider:)
-        if [domain, provider].all?(&:nil?)
-          raise ArgumentError, 'Either domain or provider is required.'
+      def validate_authorization_url_arguments(
+        domain:,
+        provider:,
+        connection:
+      )
+        if [domain, provider, connection].all?(&:nil?)
+          raise ArgumentError, 'Either connection, domain, or ' \
+            'provider is required.'
         end
 
         return unless provider && !PROVIDERS.include?(provider)
@@ -187,7 +314,6 @@ module WorkOS
           " `provider` must be in #{PROVIDERS}"
       end
 
-      # rubocop:disable Metrics/MethodLength
       sig { params(response: Net::HTTPResponse).void }
       def check_and_raise_profile_error(response:)
         begin
@@ -206,7 +332,6 @@ module WorkOS
           request_id: request_id,
         )
       end
-      # rubocop:enable Metrics/MethodLength
     end
   end
 end