workos 1.5.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5aecf9fa40a85a4623e12f1ba6804c87fde006931bed9a443327f6851d714df1
-  data.tar.gz: 63d0daa095bf705643906247371d36a15f7ec9aac2b9d5b04293fb7e135a1d57
+  metadata.gz: 0500b789496692e53bc6d47d80a21a0b8b802325e1e0f876fe0b94a775aa4f05
+  data.tar.gz: a7e8e350e7fb1336496e9a09ee7543a120e1b6ed62cc60dffbe1b4ccd2dd4712
 SHA512:
-  metadata.gz: f6c47e8d64139d4e3452dca04e6466b177b8c029b97779e58b93407d5e08f9c886076a0101a9b272376fe33e9ee16c180464e25b3be42a6089b921108187eeb1
-  data.tar.gz: 577c4b464439eed2216d1011d637d619cd0af9c69f985f5d56f56ce58f6c72deb71f0d2dc66efc1014daa7d973cd2c1d3e95a2f729627658d4235ce2da683184
+  metadata.gz: 549c9210c2d765b2d6f264e62f285f7b96c9225e53724798216eb08167be5451825a729f36273fbda7fb713b9a1db49025b3cc6a308a98b969ca0a3631c8ffd9
+  data.tar.gz: 4a3fdf8d50681db812a0de37c56d93b03c6bb194a892280cfc9d287612ba7494a1bd777f92b28538b12d978b0a1dc354ca7c82e12fd1707c440643c7215685cb

data/.rubocop.yml

@@ -9,7 +9,7 @@ Layout/LineLength:
     - 'VCR\.use_cassette'
     - '(\A|\s)/.*?/'
 Metrics/BlockLength:
-  ExcludedMethods: ['describe', 'context']
+  ExcludedMethods: ['describe', 'context', 'before']
 Metrics/MethodLength:
   Max: 15
 Metrics/ModuleLength:

data/.ruby-version

@@ -1 +1 @@
-3.0.1
+3.0.2

data/.semaphore/semaphore.yml

@@ -66,10 +66,10 @@ blocks:
             - sem-version ruby 2.7.3
             - bundle install
             - bundle exec rspec
-        - name: Ruby 3.0.1
+        - name: Ruby 3.0.2
           commands:
             - checkout
-            - sem-version ruby 3.0.1
+            - sem-version ruby 3.0.2
             - bundle install
             - bundle exec rspec
 promotions:

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (1.5.1)
+    workos (2.1.0)
       sorbet-runtime (~> 0.5)
 
 GEM
@@ -60,7 +60,7 @@ GEM
     simplecov_json_formatter (0.1.2)
     sorbet (0.5.6388)
       sorbet-static (= 0.5.6388)
-    sorbet-runtime (0.5.9094)
+    sorbet-runtime (0.5.9300)
     sorbet-static (0.5.6388-universal-darwin-14)
     sorbet-static (0.5.6388-universal-darwin-15)
     sorbet-static (0.5.6388-universal-darwin-16)
@@ -93,4 +93,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   2.2.16
+   2.2.33

data/lib/workos/connection.rb

@@ -21,7 +21,7 @@ module WorkOS
       @name = T.let(raw.name, String)
       @connection_type = T.let(raw.connection_type, String)
       @domains = T.let(raw.domains, Array)
-      @organization_id = T.let(raw.organization_id, String)
+      @organization_id = raw.organization_id
       @state = T.let(raw.state, String)
       @status = T.let(raw.status, String)
       @created_at = T.let(raw.created_at, String)

data/lib/workos/directory.rb

@@ -17,10 +17,10 @@ module WorkOS
 
       @id = T.let(raw.id, String)
       @name = T.let(raw.name, String)
-      @domain = T.let(raw.domain, String)
+      @domain = raw.domain
       @type = T.let(raw.type, String)
       @state = T.let(raw.state, String)
-      @organization_id = T.let(raw.organization_id, String)
+      @organization_id = raw.organization_id
       @created_at = T.let(raw.created_at, String)
       @updated_at = T.let(raw.updated_at, String)
     end

data/lib/workos/directory_sync.rb

@@ -53,6 +53,35 @@ module WorkOS
         )
       end
 
+      # Retrieve directory.
+      #
+      # @param [String] id Directory unique identifier
+      #
+      # @example
+      #   WorkOS::SSO.get_directory(id: 'directory_01FK17DWRHH7APAFXT5B52PV0W')
+      #   => #<WorkOS::Directory:0x00007fb6e4193d20
+      #         @id="directory_01FK17DWRHH7APAFXT5B52PV0W",
+      #         @name="Foo Corp",
+      #         @domain="foo-corp.com",
+      #         @type="okta scim v2.0",
+      #         @state="linked",
+      #         @organization_id="org_01F6Q6TFP7RD2PF6J03ANNWDKV",
+      #         @created_at="2021-10-27T15:55:47.856Z",
+      #         @updated_at="2021-10-27T16:03:43.990Z"
+      #
+      # @return [WorkOS::Directory]
+      sig { params(id: String).returns(WorkOS::Directory) }
+      def get_directory(id:)
+        request = get_request(
+          auth: true,
+          path: "/directories/#{id}",
+        )
+
+        response = execute_request(request: request)
+
+        WorkOS::Directory.new(response.body)
+      end
+
       # Retrieve directory groups.
       #
       # @param [Hash] options An options hash

data/lib/workos/errors.rb

@@ -55,4 +55,8 @@ module WorkOS
   # InvalidRequestError is raised when a request is initiated with invalid
   # parameters.
   class InvalidRequestError < WorkOSError; end
+
+  # SignatureVerificationError is raised when the signature verification for a
+  # webhook fails
+  class SignatureVerificationError < WorkOSError; end
 end

data/lib/workos/organization.rb

@@ -8,7 +8,7 @@ module WorkOS
   class Organization
     extend T::Sig
 
-    attr_accessor :id, :domains, :name, :created_at, :updated_at
+    attr_accessor :id, :domains, :name, :allow_profiles_outside_organization, :created_at, :updated_at
 
     sig { params(json: String).void }
     def initialize(json)
@@ -16,6 +16,7 @@ module WorkOS
 
       @id = T.let(raw.id, String)
       @name = T.let(raw.name, String)
+      @allow_profiles_outside_organization = T.let(raw.allow_profiles_outside_organization, T::Boolean)
       @domains = T.let(raw.domains, Array)
       @created_at = T.let(raw.created_at, String)
       @updated_at = T.let(raw.updated_at, String)
@@ -25,6 +26,7 @@ module WorkOS
       {
         id: id,
         name: name,
+        allow_profiles_outside_organization: allow_profiles_outside_organization,
         domains: domains,
         created_at: created_at,
         updated_at: updated_at,
@@ -44,6 +46,7 @@ module WorkOS
       WorkOS::Types::OrganizationStruct.new(
         id: hash[:id],
         name: hash[:name],
+        allow_profiles_outside_organization: hash[:allow_profiles_outside_organization],
         domains: hash[:domains],
         created_at: hash[:created_at],
         updated_at: hash[:updated_at],

data/lib/workos/organizations.rb

@@ -80,16 +80,23 @@ module WorkOS
       # @param [Array<String>] domains List of domains that belong to the
       #  organization
       # @param [String] name A unique, descriptive name for the organization
+      # @param [Boolean, nil] allow_profiles_outside_organization Whether Connections
+      #  within the Organization allow profiles that are outside of the Organization's configured User Email Domains.
       sig do
         params(
           domains: T::Array[String],
           name: String,
+          allow_profiles_outside_organization: T.nilable(T::Boolean),
         ).returns(WorkOS::Organization)
       end
-      def create_organization(domains:, name:)
+      def create_organization(domains:, name:, allow_profiles_outside_organization: nil)
         request = post_request(
           auth: true,
-          body: { domains: domains, name: name },
+          body: {
+            domains: domains,
+            name: name,
+            allow_profiles_outside_organization: allow_profiles_outside_organization,
+          },
           path: '/organizations',
         )
 
@@ -105,17 +112,24 @@ module WorkOS
       # @param [Array<String>] domains List of domains that belong to the
       #  organization
       # @param [String] name A unique, descriptive name for the organization
+      # @param [Boolean, nil] allow_profiles_outside_organization Whether Connections
+      #  within the Organization allow profiles that are outside of the Organization's configured User Email Domains.
       sig do
         params(
           organization: String,
           domains: T::Array[String],
           name: String,
+          allow_profiles_outside_organization: T.nilable(T::Boolean),
         ).returns(WorkOS::Organization)
       end
-      def update_organization(organization:, domains:, name:)
+      def update_organization(organization:, domains:, name:, allow_profiles_outside_organization: nil)
         request = put_request(
           auth: true,
-          body: { domains: domains, name: name },
+          body: {
+            domains: domains,
+            name: name,
+            allow_profiles_outside_organization: allow_profiles_outside_organization,
+          },
           path: "/organizations/#{organization}",
         )
 

data/lib/workos/profile.rb

@@ -11,9 +11,10 @@ module WorkOS
     extend T::Sig
 
     sig { returns(String) }
-    attr_accessor :id, :email, :first_name, :last_name, :connection_id,
-                  :connection_type, :idp_id, :raw_attributes
+    attr_accessor :id, :email, :first_name, :last_name, :organization_id,
+                  :connection_id, :connection_type, :idp_id, :raw_attributes
 
+    # rubocop:disable Metrics/AbcSize
     sig { params(profile_json: String).void }
     def initialize(profile_json)
       raw = parse_json(profile_json)
@@ -22,11 +23,13 @@ module WorkOS
       @email = T.let(raw.email, String)
       @first_name = raw.first_name
       @last_name = raw.last_name
+      @organization_id = raw.organization_id
       @connection_id = T.let(raw.connection_id, String)
       @connection_type = T.let(raw.connection_type, String)
       @idp_id = raw.idp_id
       @raw_attributes = raw.raw_attributes
     end
+    # rubocop:enable Metrics/AbcSize
 
     sig { returns(String) }
     def full_name
@@ -39,6 +42,7 @@ module WorkOS
         email: email,
         first_name: first_name,
         last_name: last_name,
+        organization_id: organization_id,
         connection_id: connection_id,
         connection_type: connection_type,
         idp_id: idp_id,
@@ -57,6 +61,7 @@ module WorkOS
         email: hash[:email],
         first_name: hash[:first_name],
         last_name: hash[:last_name],
+        organization_id: hash[:organization_id],
         connection_id: hash[:connection_id],
         connection_type: hash[:connection_type],
         idp_id: hash[:idp_id],

data/lib/workos/sso.rb

@@ -21,23 +21,27 @@ module WorkOS
       # Generate an Oauth2 authorization URL where your users will
       # authenticate using the configured SSO Identity Provider.
       #
+      # @param [String] redirect_uri The URI where users are directed
+      #  after completing the authentication step. Must match a
+      #  configured redirect URI on your WorkOS dashboard.
+      # @param [String] client_id The WorkOS client ID for the environment
+      #  where you've configured your SSO connection.
       # @param [String] domain The domain for the relevant SSO Connection
-      #  configured on your WorkOS dashboard. One of provider or domain is
-      #  required
+      #  configured on your WorkOS dashboard. One of provider, domain,
+      #  connection, or organization is required.
+      #  The domain is deprecated.
       # @param [String] provider A provider name for an Identity Provider
-      #  configured on your WorkOS dashboard. Only 'Google' is supported.
+      #  configured on your WorkOS dashboard. Only 'GoogleOAuth' and
+      #  'MicrosoftOAuth' are supported.
       # @param [String] connection The ID for a Connection configured on
       #  WorkOS.
-      # @param [String] client_id The WorkOS client ID for the environment
-      #  where you've configured your SSO connection.
-      # @param [String] redirect_uri The URI where users are directed
-      #  after completing the authentication step. Must match a
-      #  configured redirect URI on your WorkOS dashboard.
-      # @param [String] state An aribtrary state object
+      # @param [String] organization The ID for an Organization configured
+      #  on WorkOS.
+      # @param [String] state An arbitrary state object
       #  that is preserved and available to the client in the response.
       # @example
       #   WorkOS::SSO.authorization_url(
-      #     domain: 'acme.com',
+      #     connection: 'conn_123',
       #     client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
       #     redirect_uri: 'https://workos.com/callback',
       #     state: {
@@ -45,19 +49,23 @@ module WorkOS
       #     }.to_s
       #   )
       #
-      #   => "https://api.workos.com/sso/authorize?domain=acme.com" \
+      #   => "https://api.workos.com/sso/authorize?connection=conn_123" \
       #      "&client_id=project_01DG5TGK363GRVXP3ZS40WNGEZ" \
       #      "&redirect_uri=https%3A%2F%2Fworkos.com%2Fcallback&" \
       #      "response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdocs%22%7D"
       #
       # @return [String]
+      # rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
       sig do
         params(
           redirect_uri: String,
           client_id: T.nilable(String),
           domain: T.nilable(String),
+          domain_hint: T.nilable(String),
+          login_hint: T.nilable(String),
           provider: T.nilable(String),
           connection: T.nilable(String),
+          organization: T.nilable(String),
           state: T.nilable(String),
         ).returns(String)
       end
@@ -65,14 +73,23 @@ module WorkOS
         redirect_uri:,
         client_id: nil,
         domain: nil,
+        domain_hint: nil,
+        login_hint: nil,
         provider: nil,
         connection: nil,
+        organization: nil,
         state: ''
       )
+        if domain
+          warn '[DEPRECATION] `domain` is deprecated.
+          Please use `organization` instead.'
+        end
+
         validate_authorization_url_arguments(
           provider: provider,
           domain: domain,
           connection: connection,
+          organization: organization,
         )
 
         query = URI.encode_www_form({
@@ -81,12 +98,16 @@ module WorkOS
           response_type: 'code',
           state: state,
           domain: domain,
+          domain_hint: domain_hint,
+          login_hint: login_hint,
           provider: provider,
           connection: connection,
+          organization: organization,
         }.compact)
 
         "https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
       end
+      # rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
 
       sig do
         params(
@@ -229,16 +250,18 @@ module WorkOS
           domain: T.nilable(String),
           provider: T.nilable(String),
           connection: T.nilable(String),
+          organization: T.nilable(String),
         ).void
       end
       def validate_authorization_url_arguments(
         domain:,
         provider:,
-        connection:
+        connection:,
+        organization:
       )
-        if [domain, provider, connection].all?(&:nil?)
-          raise ArgumentError, 'Either connection, domain, or ' \
-            'provider is required.'
+        if [domain, provider, connection, organization].all?(&:nil?)
+          raise ArgumentError, 'Either connection, domain, ' \
+            'provider, or organization is required.'
         end
 
         return unless provider && !PROVIDERS.include?(provider)

data/lib/workos/types/connection_struct.rb

@@ -10,7 +10,7 @@ module WorkOS
       const :name, String
       const :connection_type, String
       const :domains, T::Array[T.untyped]
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
       const :state, String
       const :status, String
       const :created_at, String

data/lib/workos/types/directory_struct.rb

@@ -8,10 +8,10 @@ module WorkOS
     class DirectoryStruct < T::Struct
       const :id, String
       const :name, String
-      const :domain, String
+      const :domain, T.nilable(String)
       const :type, String
       const :state, String
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
       const :created_at, String
       const :updated_at, String
     end

data/lib/workos/types/organization_struct.rb

@@ -8,6 +8,7 @@ module WorkOS
     class OrganizationStruct < T::Struct
       const :id, String
       const :name, String
+      const :allow_profiles_outside_organization, T::Boolean
       const :domains, T::Array[T.untyped]
       const :created_at, String
       const :updated_at, String

data/lib/workos/types/profile_struct.rb

@@ -10,6 +10,7 @@ module WorkOS
       const :email, String
       const :first_name, T.nilable(String)
       const :last_name, T.nilable(String)
+      const :organization_id, T.nilable(String)
       const :connection_id, String
       const :connection_type, String
       const :idp_id, T.nilable(String)

data/lib/workos/types/webhook_struct.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+# typed: strict
+
+module WorkOS
+  module Types
+    # This WebhookStruct acts as a typed interface
+    # for the Webhook class
+    class WebhookStruct < T::Struct
+      const :id, String
+      const :event, String
+      const :data, T::Hash[Symbol, Object]
+    end
+  end
+end

data/lib/workos/types.rb

@@ -15,5 +15,6 @@ module WorkOS
     require_relative 'types/profile_struct'
     require_relative 'types/provider_enum'
     require_relative 'types/directory_user_struct'
+    require_relative 'types/webhook_struct'
   end
 end

data/lib/workos/version.rb

@@ -2,5 +2,5 @@
 # typed: strong
 
 module WorkOS
-  VERSION = '1.5.1'
+  VERSION = '2.1.0'
 end

data/lib/workos/webhook.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOS
+  # The Webhook class provides a lightweight wrapper around
+  # a WorkOS Webhook resource. This class is not meant to be instantiated
+  # in user space, and is instantiated internally but exposed.
+  class Webhook
+    extend T::Sig
+
+    attr_accessor :id, :event, :data
+
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+
+      @id = T.let(raw.id, String)
+      @event = T.let(raw.event, String)
+      @data = raw.data
+    end
+
+    def to_json(*)
+      {
+        id: id,
+        event: event,
+        data: data,
+      }
+    end
+
+    private
+
+    sig do
+      params(
+        json_string: String,
+      ).returns(WorkOS::Types::WebhookStruct)
+    end
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOS::Types::WebhookStruct.new(
+        id: hash[:id],
+        event: hash[:event],
+        data: hash[:data],
+      )
+    end
+  end
+end