workos 1.4.0 → 2.0.0

data/lib/workos/webhooks.rb

@@ -0,0 +1,168 @@
+# frozen_string_literal: true
+# typed: true
+
+require 'openssl'
+
+module WorkOS
+  # The Webhooks module provides convenience methods for working with the WorkOS webhooks.
+  # You'll need to extract the signature header and payload from the webhook request
+  # sig_header = request.headers['WorkOS-Signature']
+  # payload = request.body.read
+  #
+  # The secret is the Webhook Secret from your WorkOS Dashboard
+  # The tolerance is for the timestamp validation
+  #
+  module Webhooks
+    class << self
+      extend T::Sig
+
+      DEFAULT_TOLERANCE = 180
+
+      # Initializes an Event object from a JSON payload
+      # rubocop:disable Layout/LineLength
+      #
+      # @param [String] payload The payload from the webhook sent by WorkOS. This is the RAW_POST_DATA of the request.
+      # @param [String] sig_header The signature from the webhook sent by WorkOS.
+      # @param [String] secret The webhook secret from the WorkOS dashboard.
+      # @param [Integer] tolerance The time tolerance in seconds for the webhook.
+      #
+      # @example
+      #   WorkOS::Webhooks.construct_event(
+      #     payload: "{"id": "wh_123","data":{"id":"directory_user_01FAEAJCR3ZBZ30D8BD1924TVG","state":"active","emails":[{"type":"work","value":"blair@foo-corp.com","primary":true}],"idp_id":"00u1e8mutl6wlH3lL4x7","object":"directory_user","username":"blair@foo-corp.com","last_name":"Lunceford","first_name":"Blair","directory_id":"directory_01F9M7F68PZP8QXP8G7X5QRHS7","raw_attributes":{"name":{"givenName":"Blair","familyName":"Lunceford","middleName":"Elizabeth","honorificPrefix":"Ms."},"title":"Developer Success Engineer","active":true,"emails":[{"type":"work","value":"blair@foo-corp.com","primary":true}],"groups":[],"locale":"en-US","schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"userName":"blair@foo-corp.com","addresses":[{"region":"CO","primary":true,"locality":"Steamboat Springs","postalCode":"80487"}],"externalId":"00u1e8mutl6wlH3lL4x7","displayName":"Blair Lunceford","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"2","displayName":"Kathleen Chung"},"division":"Engineering","department":"Customer Success"}}},"event":"dsync.user.created"}",
+      #     sig_header: 't=1626125972272, v1=80f7ab7efadc306eb5797c588cee9410da9be4416782b497bf1e1bf4175fb928',
+      #     secret: 'LJlTiC19GmCKWs8AE0IaOQcos',
+      #   )
+      #
+      #   => #<WorkOS::Webhook:0x00007fa64b980910 @event="dsync.user.created", @data={:id=>"directory_user_01FAEAJCR3ZBZ30D8BD1924TVG", :state=>"active", :emails=>[{:type=>"work", :value=>"blair@foo-corp.com", :primary=>true}], :idp_id=>"00u1e8mutl6wlH3lL4x7", :object=>"directory_user", :username=>"blair@foo-corp.com", :last_name=>"Lunceford", :first_name=>"Blair", :directory_id=>"directory_01F9M7F68PZP8QXP8G7X5QRHS7", :raw_attributes=>{:name=>{:givenName=>"Blair", :familyName=>"Lunceford", :middleName=>"Elizabeth", :honorificPrefix=>"Ms."}, :title=>"Developer Success Engineer", :active=>true, :emails=>[{:type=>"work", :value=>"blair@foo-corp.com", :primary=>true}], :groups=>[], :locale=>"en-US", :schemas=>["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], :userName=>"blair@foo-corp.com", :addresses=>[{:region=>"CO", :primary=>true, :locality=>"Steamboat Springs", :postalCode=>"80487"}], :externalId=>"00u1e8mutl6wlH3lL4x7", :displayName=>"Blair Lunceford", :"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"=>{:manager=>{:value=>"2", :displayName=>"Kathleen Chung"}, :division=>"Engineering", :department=>"Customer Success"}}}>
+      #
+      # @return [WorkOS::Webhook]
+      # rubocop:enable Layout/LineLength
+      sig do
+        params(
+          payload: String,
+          sig_header: String,
+          secret: String,
+          tolerance: Integer,
+        ).returns(WorkOS::Webhook)
+      end
+      def construct_event(
+        payload:,
+        sig_header:,
+        secret:,
+        tolerance: DEFAULT_TOLERANCE
+      )
+        verify_header(payload: payload, sig_header: sig_header, secret: secret, tolerance: tolerance)
+        WorkOS::Webhook.new(payload)
+      end
+
+      private
+
+      sig do
+        params(
+          payload: String,
+          sig_header: String,
+          secret: String,
+          tolerance: Integer,
+        ).returns(T::Boolean)
+      end
+      # rubocop:disable Metrics/MethodLength
+      def verify_header(
+        payload:,
+        sig_header:,
+        secret:,
+        tolerance: DEFAULT_TOLERANCE
+      )
+        begin
+          timestamp, signature_hash = get_timestamp_and_signature_hash(sig_header: sig_header)
+        rescue StandardError
+          raise WorkOS::SignatureVerificationError.new(
+            message: 'Unable to extract timestamp and signature hash from header',
+          )
+        end
+
+        if signature_hash.empty?
+          raise WorkOS::SignatureVerificationError.new(
+            message: 'No signature hash found with expected scheme v1',
+          )
+        end
+
+        if timestamp < Time.now - tolerance
+          raise WorkOS::SignatureVerificationError.new(
+            message: 'Timestamp outside the tolerance zone',
+          )
+        end
+
+        expected_sig = compute_signature(timestamp: timestamp, payload: payload, secret: secret)
+        unless secure_compare(str_a: expected_sig, str_b: signature_hash)
+          raise WorkOS::SignatureVerificationError.new(
+            message: 'Signature hash does not match the expected signature hash for payload',
+          )
+        end
+
+        true
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      sig do
+        params(
+          sig_header: String,
+        ).returns(T::Array[T.untyped])
+      end
+      def get_timestamp_and_signature_hash(
+        sig_header:
+      )
+        timestamp, signature_hash = sig_header.split(', ')
+
+        if timestamp.nil? || signature_hash.nil?
+          raise WorkOS::SignatureVerificationError.new(
+            message: 'Unable to extract timestamp and signature hash from header',
+          )
+        end
+
+        timestamp = timestamp.sub('t=', '')
+        signature_hash = signature_hash.sub('v1=', '')
+
+        [Time.at(timestamp.to_i), signature_hash]
+      end
+
+      sig do
+        params(
+          timestamp: Time,
+          payload: String,
+          secret: String,
+        ).returns(String)
+      end
+      def compute_signature(
+        timestamp:,
+        payload:,
+        secret:
+      )
+        unhashed_string = "#{timestamp.to_i}.#{payload}"
+        digest = OpenSSL::Digest.new('sha256')
+        OpenSSL::HMAC.hexdigest(digest, secret, unhashed_string)
+      end
+
+      # Constant time string comparison to prevent timing attacks
+      # Code borrowed from ActiveSupport
+      sig do
+        params(
+          str_a: String,
+          str_b: String,
+        ).returns(T::Boolean)
+      end
+      def secure_compare(
+        str_a:,
+        str_b:
+      )
+        return false unless str_a.bytesize == str_b.bytesize
+
+        l = T.unsafe(str_a.unpack("C#{str_a.bytesize}"))
+
+        res = 0
+        str_b.each_byte { |byte| res |= byte ^ l.shift }
+
+        res.zero?
+      end
+    end
+  end
+end

data/lib/workos.rb

@@ -42,11 +42,14 @@ module WorkOS
   autoload :ProfileAndToken, 'workos/profile_and_token'
   autoload :SSO, 'workos/sso'
   autoload :DirectoryUser, 'workos/directory_user'
+  autoload :Webhook, 'workos/webhook'
+  autoload :Webhooks, 'workos/webhooks'
 
   # Errors
   autoload :APIError, 'workos/errors'
   autoload :AuthenticationError, 'workos/errors'
   autoload :InvalidRequestError, 'workos/errors'
+  autoload :SignatureVerificationError, 'workos/errors'
 
   # Remove WORKOS_KEY at some point in the future. Keeping it here now for
   # backwards compatibility.

data/spec/lib/workos/audit_trail_spec.rb

@@ -2,6 +2,8 @@
 # typed: false
 
 describe WorkOS::AuditTrail do
+  it_behaves_like 'client'
+
   describe '.create_event' do
     context 'with valid event payload' do
       let(:valid_event) do

data/spec/lib/workos/directory_sync_spec.rb

@@ -2,6 +2,8 @@
 # typed: false
 
 describe WorkOS::DirectorySync do
+  it_behaves_like 'client'
+
   describe '.list_directories' do
     context 'with no options' do
       it 'returns directories and metadata' do
@@ -13,7 +15,7 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_directories/with_no_options' do
           directories = described_class.list_directories
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(10)
           expect(directories.list_metadata).to eq(expected_metadata)
         end
       end
@@ -44,7 +46,7 @@ describe WorkOS::DirectorySync do
     context 'with search option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?search=Foo',
+          '/directories?search=Testing',
           'Content-Type' => 'application/json'
         ]
 
@@ -55,10 +57,11 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_directories/with_search' do
           directories = described_class.list_directories(
-            search: 'Foo',
+            search: 'Testing',
           )
 
-          expect(directories.data.size).to eq(1)
+          expect(directories.data.size).to eq(2)
+          expect(directories.data[0].name).to include('Testing')
         end
       end
     end
@@ -66,7 +69,7 @@ describe WorkOS::DirectorySync do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?before=before-id',
+          '/directories?before=directory_01FGCPNV312FHFRCX0BYWHVSE1',
           'Content-Type' => 'application/json'
         ]
 
@@ -77,10 +80,10 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_directories/with_before' do
           directories = described_class.list_directories(
-            before: 'before-id',
+            before: 'directory_01FGCPNV312FHFRCX0BYWHVSE1',
           )
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(6)
         end
       end
     end
@@ -88,7 +91,7 @@ describe WorkOS::DirectorySync do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?after=after-id',
+          '/directories?after=directory_01FGCPNV312FHFRCX0BYWHVSE1',
           'Content-Type' => 'application/json'
         ]
 
@@ -98,9 +101,9 @@ describe WorkOS::DirectorySync do
           and_return(expected_request)
 
         VCR.use_cassette 'directory_sync/list_directories/with_after' do
-          directories = described_class.list_directories(after: 'after-id')
+          directories = described_class.list_directories(after: 'directory_01FGCPNV312FHFRCX0BYWHVSE1')
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(4)
         end
       end
     end
@@ -140,6 +143,38 @@ describe WorkOS::DirectorySync do
     end
   end
 
+  describe '.get_directory' do
+    context 'with a valid id' do
+      it 'gets the directory details' do
+        VCR.use_cassette('directory_sync/get_directory_with_valid_id') do
+          directory = WorkOS::DirectorySync.get_directory(
+            id: 'directory_01FK17DWRHH7APAFXT5B52PV0W',
+          )
+
+          expect(directory.id).to eq('directory_01FK17DWRHH7APAFXT5B52PV0W')
+          expect(directory.name).to eq('Testing Active Attribute')
+          expect(directory.domain).to eq('example.me')
+          expect(directory.type).to eq('azure scim v2.0')
+          expect(directory.state).to eq('linked')
+          expect(directory.organization_id).to eq('org_01F6Q6TFP7RD2PF6J03ANNWDKV')
+        end
+      end
+    end
+
+    context 'with an invalid id' do
+      it 'raises an error' do
+        VCR.use_cassette('directory_sync/get_directory_with_invalid_id') do
+          expect do
+            WorkOS::DirectorySync.get_directory(id: 'invalid')
+          end.to raise_error(
+            WorkOS::APIError,
+            "Status 404, Directory not found: 'invalid'. - request ID: ",
+          )
+        end
+      end
+    end
+  end
+
   describe '.list_groups' do
     context 'with no options' do
       it 'raises an error' do
@@ -282,7 +317,7 @@ describe WorkOS::DirectorySync do
     context 'with directory option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_users?directory=directory_01FAZYMST676QMTFN1DDJZZX87',
           'Content-Type' => 'application/json'
         ]
 
@@ -293,10 +328,10 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_users/with_directory' do
           users = described_class.list_users(
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            directory: 'directory_01FAZYMST676QMTFN1DDJZZX87',
           )
 
-          expect(users.data.size).to eq(10)
+          expect(users.data.size).to eq(4)
         end
       end
     end
@@ -304,7 +339,7 @@ describe WorkOS::DirectorySync do
     context 'with group option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?group=directory_group_01EQ7V7C6Y4RPMCH3KNB9853FF',
+          '/directory_users?group=directory_group_01FBXGP79EJAYKW0WS9JCK1V6E',
           'Content-Type' => 'application/json'
         ]
 
@@ -315,10 +350,10 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_users/with_group' do
           users = described_class.list_users(
-            group: 'directory_group_01EQ7V7C6Y4RPMCH3KNB9853FF',
+            group: 'directory_group_01FBXGP79EJAYKW0WS9JCK1V6E',
           )
 
-          expect(users.data.size).to eq(2)
+          expect(users.data.size).to eq(1)
         end
       end
     end
@@ -326,8 +361,8 @@ describe WorkOS::DirectorySync do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?before=before-id&'\
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_users?before=directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF&'\
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
           'Content-Type' => 'application/json'
         ]
 
@@ -338,8 +373,8 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_users/with_before' do
           users = described_class.list_users(
-            before: 'before-id',
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            before: 'directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF',
+            directory: 'directory_01FAZYMST676QMTFN1DDJZZX87',
           )
 
           expect(users.data.size).to eq(2)
@@ -350,8 +385,8 @@ describe WorkOS::DirectorySync do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?after=after-id&' \
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_users?after=directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF&' \
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
           'Content-Type' => 'application/json'
         ]
 
@@ -362,11 +397,11 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_users/with_after' do
           users = described_class.list_users(
-            after: 'after-id',
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            after: 'directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF',
+            directory: 'directory_01FAZYMST676QMTFN1DDJZZX87',
           )
 
-          expect(users.data.size).to eq(10)
+          expect(users.data.size).to eq(1)
         end
       end
     end
@@ -375,7 +410,7 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_users?limit=2&' \
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
           'Content-Type' => 'application/json'
         ]
 
@@ -387,7 +422,7 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_users/with_limit' do
           users = described_class.list_users(
             limit: 2,
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            directory: 'directory_01FAZYMST676QMTFN1DDJZZX87',
           )
 
           expect(users.data.size).to eq(2)
@@ -425,10 +460,10 @@ describe WorkOS::DirectorySync do
       it 'returns a user' do
         VCR.use_cassette('directory_sync/get_user') do
           user = WorkOS::DirectorySync.get_user(
-            'directory_usr_01E64QS50EAY48S0XJ1AA4WX4D',
+            'directory_user_01FAZYNPC8M0HRYTKFP2GNX852',
           )
 
-          expect(user['first_name']).to eq('Mark')
+          expect(user['first_name']).to eq('Logan')
         end
       end
     end

data/spec/lib/workos/organizations_spec.rb

@@ -2,18 +2,20 @@
 # typed: false
 
 describe WorkOS::Organizations do
+  it_behaves_like 'client'
+
   describe '.create_organization' do
     context 'with valid payload' do
       it 'creates an organization' do
         VCR.use_cassette 'organization/create' do
           organization = described_class.create_organization(
-            domains: ['example.com'],
+            domains: ['example.io'],
             name: 'Test Organization',
           )
 
-          expect(organization.id).to eq('org_01EHT88Z8J8795GZNQ4ZP1J81T')
+          expect(organization.id).to eq('org_01FCPEJXEZR4DSBA625YMGQT9N')
           expect(organization.name).to eq('Test Organization')
-          expect(organization.domains.first[:domain]).to eq('example.com')
+          expect(organization.domains.first[:domain]).to eq('example.io')
         end
       end
     end
@@ -46,7 +48,7 @@ describe WorkOS::Organizations do
         VCR.use_cassette 'organization/list' do
           organizations = described_class.list_organizations
 
-          expect(organizations.data.size).to eq(7)
+          expect(organizations.data.size).to eq(6)
           expect(organizations.list_metadata).to eq(expected_metadata)
         end
       end
@@ -69,7 +71,7 @@ describe WorkOS::Organizations do
             before: 'before-id',
           )
 
-          expect(organizations.data.size).to eq(7)
+          expect(organizations.data.size).to eq(6)
         end
       end
     end
@@ -89,7 +91,7 @@ describe WorkOS::Organizations do
         VCR.use_cassette 'organization/list', match_requests_on: [:path] do
           organizations = described_class.list_organizations(after: 'after-id')
 
-          expect(organizations.data.size).to eq(7)
+          expect(organizations.data.size).to eq(6)
         end
       end
     end
@@ -109,7 +111,7 @@ describe WorkOS::Organizations do
         VCR.use_cassette 'organization/list', match_requests_on: [:path] do
           organizations = described_class.list_organizations(limit: 10)
 
-          expect(organizations.data.size).to eq(7)
+          expect(organizations.data.size).to eq(6)
         end
       end
     end
@@ -120,10 +122,10 @@ describe WorkOS::Organizations do
       it 'gets the organization details' do
         VCR.use_cassette('organization/get') do
           organization = described_class.get_organization(
-            id: 'org_01EZDF20TZEJXKPSX2BJRN6TV6',
+            id: 'org_01F9293WD2PDEEV4Y625XPZVG7',
           )
 
-          expect(organization.id).to eq('org_01EZDF20TZEJXKPSX2BJRN6TV6')
+          expect(organization.id).to eq('org_01F9293WD2PDEEV4Y625XPZVG7')
           expect(organization.name).to eq('Foo Corp')
           expect(organization.domains.first[:domain]).to eq('foo-corp.com')
         end
@@ -149,12 +151,12 @@ describe WorkOS::Organizations do
       it 'creates an organization' do
         VCR.use_cassette 'organization/update' do
           organization = described_class.update_organization(
-            organization: 'org_01F29YJ068E52HGEB8ZQGC9MJG',
+            organization: 'org_01F6Q6TFP7RD2PF6J03ANNWDKV',
             domains: ['example.me'],
             name: 'Test Organization',
           )
 
-          expect(organization.id).to eq('org_01F29YJ068E52HGEB8ZQGC9MJG')
+          expect(organization.id).to eq('org_01F6Q6TFP7RD2PF6J03ANNWDKV')
           expect(organization.name).to eq('Test Organization')
           expect(organization.domains.first[:domain]).to eq('example.me')
         end

data/spec/lib/workos/passwordless_spec.rb

@@ -2,6 +2,8 @@
 # typed: false
 
 describe WorkOS::Passwordless do
+  it_behaves_like 'client'
+
   describe '.create_session' do
     context 'with valid options payload' do
       let(:valid_options) do

data/spec/lib/workos/portal_spec.rb

@@ -2,6 +2,8 @@
 # typed: false
 
 describe WorkOS::Portal do
+  it_behaves_like 'client'
+
   describe '.generate_link' do
     let(:organization) { 'org_01EHQMYV6MBK39QC5PZXHY59C3' }
 

data/spec/lib/workos/sso_spec.rb

@@ -4,6 +4,8 @@
 require 'securerandom'
 
 describe WorkOS::SSO do
+  it_behaves_like 'client'
+
   describe '.authorization_url' do
     context 'with a domain' do
       let(:args) do
@@ -162,6 +164,7 @@ describe WorkOS::SSO do
           id: 'prof_01EEJTY9SZ1R350RB7B73SNBKF',
           idp_id: '116485463307139932699',
           last_name: 'Loblaw',
+          organization_id: 'org_01FG53X8636WSNW2WEKB2C31ZB',
           raw_attributes: {
             email: 'bob.loblaw@workos.com',
             family_name: 'Loblaw',
@@ -231,6 +234,7 @@ describe WorkOS::SSO do
           id: 'prof_01DRA1XNSJDZ19A31F183ECQW5',
           idp_id: '00u1klkowm8EGah2H357',
           last_name: 'Demo',
+          organization_id: 'org_01FG53X8636WSNW2WEKB2C31ZB',
           raw_attributes: {
             email: 'demo@workos-okta.com',
             first_name: 'WorkOS',
@@ -303,7 +307,7 @@ describe WorkOS::SSO do
         VCR.use_cassette 'sso/list_connections/with_no_options' do
           connections = described_class.list_connections
 
-          expect(connections.data.size).to eq(3)
+          expect(connections.data.size).to eq(6)
           expect(connections.list_metadata).to eq(expected_metadata)
         end
       end
@@ -326,7 +330,7 @@ describe WorkOS::SSO do
             connection_type: 'OktaSAML',
           )
 
-          expect(connections.data.size).to eq(3)
+          expect(connections.data.size).to eq(10)
           expect(connections.data.first.connection_type).to eq('OktaSAML')
         end
       end
@@ -357,7 +361,7 @@ describe WorkOS::SSO do
     context 'with organization_id option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?organization_id=org_01EGS4P7QR31EZ4YWD1Z1XA176',
+          '/connections?organization_id=org_01F9293WD2PDEEV4Y625XPZVG7',
           'Content-Type' => 'application/json'
         ]
 
@@ -368,12 +372,12 @@ describe WorkOS::SSO do
 
         VCR.use_cassette 'sso/list_connections/with_organization_id' do
           connections = described_class.list_connections(
-            organization_id: 'org_01EGS4P7QR31EZ4YWD1Z1XA176',
+            organization_id: 'org_01F9293WD2PDEEV4Y625XPZVG7',
           )
 
           expect(connections.data.size).to eq(1)
           expect(connections.data.first.organization_id).to eq(
-            'org_01EGS4P7QR31EZ4YWD1Z1XA176',
+            'org_01F9293WD2PDEEV4Y625XPZVG7',
           )
         end
       end
@@ -404,7 +408,7 @@ describe WorkOS::SSO do
     context 'with before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?before=conn_01EQKPMQAPV02H270HKVNS4CTA',
+          '/connections?before=conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           'Content-Type' => 'application/json'
         ]
 
@@ -415,7 +419,7 @@ describe WorkOS::SSO do
 
         VCR.use_cassette 'sso/list_connections/with_before' do
           connections = described_class.list_connections(
-            before: 'conn_01EQKPMQAPV02H270HKVNS4CTA',
+            before: 'conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           )
 
           expect(connections.data.size).to eq(3)
@@ -426,7 +430,7 @@ describe WorkOS::SSO do
     context 'with after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?after=conn_01EQKPMQAPV02H270HKVNS4CTA',
+          '/connections?after=conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           'Content-Type' => 'application/json'
         ]
 
@@ -437,10 +441,10 @@ describe WorkOS::SSO do
 
         VCR.use_cassette 'sso/list_connections/with_after' do
           connections = described_class.list_connections(
-            after: 'conn_01EQKPMQAPV02H270HKVNS4CTA',
+            after: 'conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           )
 
-          expect(connections.data.size).to eq(3)
+          expect(connections.data.size).to eq(2)
         end
       end
     end
@@ -451,10 +455,10 @@ describe WorkOS::SSO do
       it 'gets the connection details' do
         VCR.use_cassette('sso/get_connection_with_valid_id') do
           connection = WorkOS::SSO.get_connection(
-            id: 'conn_01EX00NB050H354WKGC7990AR2',
+            id: 'conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           )
 
-          expect(connection.id).to eq('conn_01EX00NB050H354WKGC7990AR2')
+          expect(connection.id).to eq('conn_01FA3WGCWPCCY1V2FGES2FDNP7')
           expect(connection.connection_type).to eq('OktaSAML')
           expect(connection.name).to eq('Foo Corp')
           expect(connection.domains.first[:domain]).to eq('foo-corp.com')