workos 1.6.0 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd493c247c202074fa3d93d6f4db6f1cb4cffb19b63f140eeb37a3236255be1a
-  data.tar.gz: a266a358383a5242299a2df002b04486d6ef1203f0d3448736b6d5904d657643
+  metadata.gz: e98cbe7f34c4d550972ac7b4dc734e17ed9b2390b08898d2b20fdf5e69da71ea
+  data.tar.gz: c998bf772be7cc75e1730debd7efefa764d87676c62b325daf45784846ce3a12
 SHA512:
-  metadata.gz: d05f397238b7e94d6f8e7e513523de96c87da44042c65638dbe8ce947076b5383f38491997a887a30e05a0c47e4193178dd39f0e4c62b5f14ebb1fcfb40b3299
-  data.tar.gz: 28158f92efaff774bbfaaf02e9be76552dd94bfebb996515824e278faf4011b4996846990074e30694f4306ba26c2cb76440294a020e5832b8bf25c3c504ccb3
+  metadata.gz: 01d4bcee2864d6a8b58e8cd3ffef78d77e11028bfbcd9005c4a2cecafaabe0cec97856f94b70aa9391dee50d08502ed8d7afa9456763d16a44f0fcc78a912694
+  data.tar.gz: ae83d9e5e204771f3d261a2f3135e077cc8b19d700ccf7984447e5536297ba65fba3779c3988daf612ce2c9624c9a825b8dd9b0e633e47c8839f3466a6837440

data/.ruby-version

@@ -1 +1 @@
-3.0.1
+3.0.2

data/.semaphore/semaphore.yml

@@ -66,10 +66,10 @@ blocks:
             - sem-version ruby 2.7.3
             - bundle install
             - bundle exec rspec
-        - name: Ruby 3.0.1
+        - name: Ruby 3.0.2
           commands:
             - checkout
-            - sem-version ruby 3.0.1
+            - sem-version ruby 3.0.2
             - bundle install
             - bundle exec rspec
 promotions:

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (1.6.0)
+    workos (2.1.1)
       sorbet-runtime (~> 0.5)
 
 GEM
@@ -60,7 +60,7 @@ GEM
     simplecov_json_formatter (0.1.2)
     sorbet (0.5.6388)
       sorbet-static (= 0.5.6388)
-    sorbet-runtime (0.5.9094)
+    sorbet-runtime (0.5.9528)
     sorbet-static (0.5.6388-universal-darwin-14)
     sorbet-static (0.5.6388-universal-darwin-15)
     sorbet-static (0.5.6388-universal-darwin-16)
@@ -93,4 +93,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   2.2.16
+   2.2.33

data/lib/workos/connection.rb

@@ -21,7 +21,7 @@ module WorkOS
       @name = T.let(raw.name, String)
       @connection_type = T.let(raw.connection_type, String)
       @domains = T.let(raw.domains, Array)
-      @organization_id = T.let(raw.organization_id, String)
+      @organization_id = raw.organization_id
       @state = T.let(raw.state, String)
       @status = T.let(raw.status, String)
       @created_at = T.let(raw.created_at, String)

data/lib/workos/directory.rb

@@ -17,10 +17,10 @@ module WorkOS
 
       @id = T.let(raw.id, String)
       @name = T.let(raw.name, String)
-      @domain = T.let(raw.domain, String)
+      @domain = raw.domain
       @type = T.let(raw.type, String)
       @state = T.let(raw.state, String)
-      @organization_id = T.let(raw.organization_id, String)
+      @organization_id = raw.organization_id
       @created_at = T.let(raw.created_at, String)
       @updated_at = T.let(raw.updated_at, String)
     end

data/lib/workos/directory_sync.rb

@@ -53,6 +53,35 @@ module WorkOS
         )
       end
 
+      # Retrieve directory.
+      #
+      # @param [String] id Directory unique identifier
+      #
+      # @example
+      #   WorkOS::SSO.get_directory(id: 'directory_01FK17DWRHH7APAFXT5B52PV0W')
+      #   => #<WorkOS::Directory:0x00007fb6e4193d20
+      #         @id="directory_01FK17DWRHH7APAFXT5B52PV0W",
+      #         @name="Foo Corp",
+      #         @domain="foo-corp.com",
+      #         @type="okta scim v2.0",
+      #         @state="linked",
+      #         @organization_id="org_01F6Q6TFP7RD2PF6J03ANNWDKV",
+      #         @created_at="2021-10-27T15:55:47.856Z",
+      #         @updated_at="2021-10-27T16:03:43.990Z"
+      #
+      # @return [WorkOS::Directory]
+      sig { params(id: String).returns(WorkOS::Directory) }
+      def get_directory(id:)
+        request = get_request(
+          auth: true,
+          path: "/directories/#{id}",
+        )
+
+        response = execute_request(request: request)
+
+        WorkOS::Directory.new(response.body)
+      end
+
       # Retrieve directory groups.
       #
       # @param [Hash] options An options hash

data/lib/workos/profile.rb

@@ -23,7 +23,7 @@ module WorkOS
       @email = T.let(raw.email, String)
       @first_name = raw.first_name
       @last_name = raw.last_name
-      @organization_id = T.let(raw.organization_id, String)
+      @organization_id = raw.organization_id
       @connection_id = T.let(raw.connection_id, String)
       @connection_type = T.let(raw.connection_type, String)
       @idp_id = raw.idp_id

data/lib/workos/sso.rb

@@ -21,23 +21,27 @@ module WorkOS
       # Generate an Oauth2 authorization URL where your users will
       # authenticate using the configured SSO Identity Provider.
       #
+      # @param [String] redirect_uri The URI where users are directed
+      #  after completing the authentication step. Must match a
+      #  configured redirect URI on your WorkOS dashboard.
+      # @param [String] client_id The WorkOS client ID for the environment
+      #  where you've configured your SSO connection.
       # @param [String] domain The domain for the relevant SSO Connection
-      #  configured on your WorkOS dashboard. One of provider or domain is
-      #  required
+      #  configured on your WorkOS dashboard. One of provider, domain,
+      #  connection, or organization is required.
+      #  The domain is deprecated.
       # @param [String] provider A provider name for an Identity Provider
-      #  configured on your WorkOS dashboard. Only 'Google' is supported.
+      #  configured on your WorkOS dashboard. Only 'GoogleOAuth' and
+      #  'MicrosoftOAuth' are supported.
       # @param [String] connection The ID for a Connection configured on
       #  WorkOS.
-      # @param [String] client_id The WorkOS client ID for the environment
-      #  where you've configured your SSO connection.
-      # @param [String] redirect_uri The URI where users are directed
-      #  after completing the authentication step. Must match a
-      #  configured redirect URI on your WorkOS dashboard.
-      # @param [String] state An aribtrary state object
+      # @param [String] organization The ID for an Organization configured
+      #  on WorkOS.
+      # @param [String] state An arbitrary state object
       #  that is preserved and available to the client in the response.
       # @example
       #   WorkOS::SSO.authorization_url(
-      #     domain: 'acme.com',
+      #     connection: 'conn_123',
       #     client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
       #     redirect_uri: 'https://workos.com/callback',
       #     state: {
@@ -45,19 +49,23 @@ module WorkOS
       #     }.to_s
       #   )
       #
-      #   => "https://api.workos.com/sso/authorize?domain=acme.com" \
+      #   => "https://api.workos.com/sso/authorize?connection=conn_123" \
       #      "&client_id=project_01DG5TGK363GRVXP3ZS40WNGEZ" \
       #      "&redirect_uri=https%3A%2F%2Fworkos.com%2Fcallback&" \
       #      "response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdocs%22%7D"
       #
       # @return [String]
+      # rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
       sig do
         params(
           redirect_uri: String,
           client_id: T.nilable(String),
           domain: T.nilable(String),
+          domain_hint: T.nilable(String),
+          login_hint: T.nilable(String),
           provider: T.nilable(String),
           connection: T.nilable(String),
+          organization: T.nilable(String),
           state: T.nilable(String),
         ).returns(String)
       end
@@ -65,14 +73,23 @@ module WorkOS
         redirect_uri:,
         client_id: nil,
         domain: nil,
+        domain_hint: nil,
+        login_hint: nil,
         provider: nil,
         connection: nil,
+        organization: nil,
         state: ''
       )
+        if domain
+          warn '[DEPRECATION] `domain` is deprecated.
+          Please use `organization` instead.'
+        end
+
         validate_authorization_url_arguments(
           provider: provider,
           domain: domain,
           connection: connection,
+          organization: organization,
         )
 
         query = URI.encode_www_form({
@@ -81,12 +98,16 @@ module WorkOS
           response_type: 'code',
           state: state,
           domain: domain,
+          domain_hint: domain_hint,
+          login_hint: login_hint,
           provider: provider,
           connection: connection,
+          organization: organization,
         }.compact)
 
         "https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
       end
+      # rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
 
       sig do
         params(
@@ -229,16 +250,18 @@ module WorkOS
           domain: T.nilable(String),
           provider: T.nilable(String),
           connection: T.nilable(String),
+          organization: T.nilable(String),
         ).void
       end
       def validate_authorization_url_arguments(
         domain:,
         provider:,
-        connection:
+        connection:,
+        organization:
       )
-        if [domain, provider, connection].all?(&:nil?)
-          raise ArgumentError, 'Either connection, domain, or ' \
-            'provider is required.'
+        if [domain, provider, connection, organization].all?(&:nil?)
+          raise ArgumentError, 'Either connection, domain, ' \
+            'provider, or organization is required.'
         end
 
         return unless provider && !PROVIDERS.include?(provider)

data/lib/workos/types/connection_struct.rb

@@ -10,7 +10,7 @@ module WorkOS
       const :name, String
       const :connection_type, String
       const :domains, T::Array[T.untyped]
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
       const :state, String
       const :status, String
       const :created_at, String

data/lib/workos/types/directory_struct.rb

@@ -8,10 +8,10 @@ module WorkOS
     class DirectoryStruct < T::Struct
       const :id, String
       const :name, String
-      const :domain, String
+      const :domain, T.nilable(String)
       const :type, String
       const :state, String
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
       const :created_at, String
       const :updated_at, String
     end

data/lib/workos/types/profile_struct.rb

@@ -10,7 +10,7 @@ module WorkOS
       const :email, String
       const :first_name, T.nilable(String)
       const :last_name, T.nilable(String)
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
       const :connection_id, String
       const :connection_type, String
       const :idp_id, T.nilable(String)

data/lib/workos/version.rb

@@ -2,5 +2,5 @@
 # typed: strong
 
 module WorkOS
-  VERSION = '1.6.0'
+  VERSION = '2.1.1'
 end

data/lib/workos/webhooks.rb

@@ -65,7 +65,7 @@ module WorkOS
           tolerance: Integer,
         ).returns(T::Boolean)
       end
-      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       def verify_header(
         payload:,
         sig_header:,
@@ -86,7 +86,9 @@ module WorkOS
           )
         end
 
-        if timestamp < Time.now - tolerance
+        timestamp_to_time = Time.at(timestamp.to_i / 1000)
+
+        if timestamp_to_time < Time.now - tolerance
           raise WorkOS::SignatureVerificationError.new(
             message: 'Timestamp outside the tolerance zone',
           )
@@ -101,7 +103,7 @@ module WorkOS
 
         true
       end
-      # rubocop:enable Metrics/MethodLength
+      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
 
       sig do
         params(
@@ -122,12 +124,12 @@ module WorkOS
         timestamp = timestamp.sub('t=', '')
         signature_hash = signature_hash.sub('v1=', '')
 
-        [Time.at(timestamp.to_i), signature_hash]
+        [timestamp, signature_hash]
       end
 
       sig do
         params(
-          timestamp: Time,
+          timestamp: String,
           payload: String,
           secret: String,
         ).returns(String)
@@ -137,7 +139,7 @@ module WorkOS
         payload:,
         secret:
       )
-        unhashed_string = "#{timestamp.to_i}.#{payload}"
+        unhashed_string = "#{timestamp}.#{payload}"
         digest = OpenSSL::Digest.new('sha256')
         OpenSSL::HMAC.hexdigest(digest, secret, unhashed_string)
       end

data/spec/lib/workos/directory_sync_spec.rb

@@ -15,7 +15,7 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_directories/with_no_options' do
           directories = described_class.list_directories
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(10)
           expect(directories.list_metadata).to eq(expected_metadata)
         end
       end
@@ -46,7 +46,7 @@ describe WorkOS::DirectorySync do
     context 'with search option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?search=Foo',
+          '/directories?search=Testing',
           'Content-Type' => 'application/json'
         ]
 
@@ -57,10 +57,11 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_directories/with_search' do
           directories = described_class.list_directories(
-            search: 'Foo',
+            search: 'Testing',
           )
 
-          expect(directories.data.size).to eq(1)
+          expect(directories.data.size).to eq(2)
+          expect(directories.data[0].name).to include('Testing')
         end
       end
     end
@@ -68,7 +69,7 @@ describe WorkOS::DirectorySync do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?before=before-id',
+          '/directories?before=directory_01FGCPNV312FHFRCX0BYWHVSE1',
           'Content-Type' => 'application/json'
         ]
 
@@ -79,10 +80,10 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_directories/with_before' do
           directories = described_class.list_directories(
-            before: 'before-id',
+            before: 'directory_01FGCPNV312FHFRCX0BYWHVSE1',
           )
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(6)
         end
       end
     end
@@ -90,7 +91,7 @@ describe WorkOS::DirectorySync do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?after=after-id',
+          '/directories?after=directory_01FGCPNV312FHFRCX0BYWHVSE1',
           'Content-Type' => 'application/json'
         ]
 
@@ -100,9 +101,9 @@ describe WorkOS::DirectorySync do
           and_return(expected_request)
 
         VCR.use_cassette 'directory_sync/list_directories/with_after' do
-          directories = described_class.list_directories(after: 'after-id')
+          directories = described_class.list_directories(after: 'directory_01FGCPNV312FHFRCX0BYWHVSE1')
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(4)
         end
       end
     end
@@ -142,6 +143,38 @@ describe WorkOS::DirectorySync do
     end
   end
 
+  describe '.get_directory' do
+    context 'with a valid id' do
+      it 'gets the directory details' do
+        VCR.use_cassette('directory_sync/get_directory_with_valid_id') do
+          directory = WorkOS::DirectorySync.get_directory(
+            id: 'directory_01FK17DWRHH7APAFXT5B52PV0W',
+          )
+
+          expect(directory.id).to eq('directory_01FK17DWRHH7APAFXT5B52PV0W')
+          expect(directory.name).to eq('Testing Active Attribute')
+          expect(directory.domain).to eq('example.me')
+          expect(directory.type).to eq('azure scim v2.0')
+          expect(directory.state).to eq('linked')
+          expect(directory.organization_id).to eq('org_01F6Q6TFP7RD2PF6J03ANNWDKV')
+        end
+      end
+    end
+
+    context 'with an invalid id' do
+      it 'raises an error' do
+        VCR.use_cassette('directory_sync/get_directory_with_invalid_id') do
+          expect do
+            WorkOS::DirectorySync.get_directory(id: 'invalid')
+          end.to raise_error(
+            WorkOS::APIError,
+            "Status 404, Directory not found: 'invalid'. - request ID: ",
+          )
+        end
+      end
+    end
+  end
+
   describe '.list_groups' do
     context 'with no options' do
       it 'raises an error' do

data/spec/lib/workos/sso_spec.rb

@@ -109,7 +109,145 @@ describe WorkOS::SSO do
       end
     end
 
-    context 'with neither connection, domain, or provider' do
+    context 'with a domain' do
+      let(:args) do
+        {
+          domain: 'foo.com',
+          client_id: 'workos-proj-123',
+          redirect_uri: 'foo.com/auth/callback',
+          state: {
+            next_page: '/dashboard/edit',
+          }.to_s,
+        }
+      end
+      it 'returns a valid URL' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url)).to be_a URI
+      end
+
+      it 'returns the expected hostname' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
+      end
+
+      it 'returns the expected query string' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url).query).to eq(
+          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
+          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
+          'edit%22%7D&domain=foo.com',
+        )
+      end
+    end
+
+    context 'with a domain_hint' do
+      let(:args) do
+        {
+          connection: 'connection_123',
+          domain_hint: 'foo.com',
+          client_id: 'workos-proj-123',
+          redirect_uri: 'foo.com/auth/callback',
+          state: {
+            next_page: '/dashboard/edit',
+          }.to_s,
+        }
+      end
+      it 'returns a valid URL' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url)).to be_a URI
+      end
+
+      it 'returns the expected hostname' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
+      end
+
+      it 'returns the expected query string' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url).query).to eq(
+          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
+          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2' \
+          'Fedit%22%7D&domain_hint=foo.com&connection=connection_123',
+        )
+      end
+    end
+
+    context 'with a login_hint' do
+      let(:args) do
+        {
+          connection: 'connection_123',
+          login_hint: 'foo@workos.com',
+          client_id: 'workos-proj-123',
+          redirect_uri: 'foo.com/auth/callback',
+          state: {
+            next_page: '/dashboard/edit',
+          }.to_s,
+        }
+      end
+      it 'returns a valid URL' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url)).to be_a URI
+      end
+
+      it 'returns the expected hostname' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
+      end
+
+      it 'returns the expected query string' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url).query).to eq(
+          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
+          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2' \
+          'Fedit%22%7D&login_hint=foo%40workos.com&connection=connection_123',
+        )
+      end
+    end
+
+    context 'with an organization' do
+      let(:args) do
+        {
+          organization: 'org_123',
+          client_id: 'workos-proj-123',
+          redirect_uri: 'foo.com/auth/callback',
+          state: {
+            next_page: '/dashboard/edit',
+          }.to_s,
+        }
+      end
+      it 'returns a valid URL' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url)).to be_a URI
+      end
+
+      it 'returns the expected hostname' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
+      end
+
+      it 'returns the expected query string' do
+        authorization_url = described_class.authorization_url(**args)
+
+        expect(URI.parse(authorization_url).query).to eq(
+          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
+          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
+          'edit%22%7D&organization=org_123',
+        )
+      end
+    end
+
+    context 'with neither connection, domain, provider, or organization' do
       let(:args) do
         {
           client_id: 'workos-proj-123',
@@ -124,7 +262,7 @@ describe WorkOS::SSO do
           described_class.authorization_url(**args)
         end.to raise_error(
           ArgumentError,
-          'Either connection, domain, or provider is required.',
+          'Either connection, domain, provider, or organization is required.',
         )
       end
     end

data/spec/lib/workos/webhooks_spec.rb

@@ -177,7 +177,7 @@ describe WorkOS::Webhooks do
         expect do
           described_class.construct_event(
             payload: @payload,
-            sig_header: "t=9999, v1=#{@signature_hash}",
+            sig_header: "t=#{@timestamp.to_i - (200 * 1000)}, v1=#{@signature_hash}",
             secret: @secret,
           )
         end.to raise_error(