workos 2.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -2
- data/lib/workos/sso.rb +38 -15
- data/lib/workos/version.rb +1 -1
- data/spec/lib/workos/sso_spec.rb +140 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0500b789496692e53bc6d47d80a21a0b8b802325e1e0f876fe0b94a775aa4f05
|
4
|
+
data.tar.gz: a7e8e350e7fb1336496e9a09ee7543a120e1b6ed62cc60dffbe1b4ccd2dd4712
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 549c9210c2d765b2d6f264e62f285f7b96c9225e53724798216eb08167be5451825a729f36273fbda7fb713b9a1db49025b3cc6a308a98b969ca0a3631c8ffd9
|
7
|
+
data.tar.gz: 4a3fdf8d50681db812a0de37c56d93b03c6bb194a892280cfc9d287612ba7494a1bd777f92b28538b12d978b0a1dc354ca7c82e12fd1707c440643c7215685cb
|
data/Gemfile.lock
CHANGED
data/lib/workos/sso.rb
CHANGED
@@ -21,23 +21,27 @@ module WorkOS
|
|
21
21
|
# Generate an Oauth2 authorization URL where your users will
|
22
22
|
# authenticate using the configured SSO Identity Provider.
|
23
23
|
#
|
24
|
+
# @param [String] redirect_uri The URI where users are directed
|
25
|
+
# after completing the authentication step. Must match a
|
26
|
+
# configured redirect URI on your WorkOS dashboard.
|
27
|
+
# @param [String] client_id The WorkOS client ID for the environment
|
28
|
+
# where you've configured your SSO connection.
|
24
29
|
# @param [String] domain The domain for the relevant SSO Connection
|
25
|
-
# configured on your WorkOS dashboard. One of provider
|
26
|
-
# required
|
30
|
+
# configured on your WorkOS dashboard. One of provider, domain,
|
31
|
+
# connection, or organization is required.
|
32
|
+
# The domain is deprecated.
|
27
33
|
# @param [String] provider A provider name for an Identity Provider
|
28
|
-
# configured on your WorkOS dashboard. Only '
|
34
|
+
# configured on your WorkOS dashboard. Only 'GoogleOAuth' and
|
35
|
+
# 'MicrosoftOAuth' are supported.
|
29
36
|
# @param [String] connection The ID for a Connection configured on
|
30
37
|
# WorkOS.
|
31
|
-
# @param [String]
|
32
|
-
#
|
33
|
-
# @param [String]
|
34
|
-
# after completing the authentication step. Must match a
|
35
|
-
# configured redirect URI on your WorkOS dashboard.
|
36
|
-
# @param [String] state An aribtrary state object
|
38
|
+
# @param [String] organization The ID for an Organization configured
|
39
|
+
# on WorkOS.
|
40
|
+
# @param [String] state An arbitrary state object
|
37
41
|
# that is preserved and available to the client in the response.
|
38
42
|
# @example
|
39
43
|
# WorkOS::SSO.authorization_url(
|
40
|
-
#
|
44
|
+
# connection: 'conn_123',
|
41
45
|
# client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
|
42
46
|
# redirect_uri: 'https://workos.com/callback',
|
43
47
|
# state: {
|
@@ -45,19 +49,23 @@ module WorkOS
|
|
45
49
|
# }.to_s
|
46
50
|
# )
|
47
51
|
#
|
48
|
-
# => "https://api.workos.com/sso/authorize?
|
52
|
+
# => "https://api.workos.com/sso/authorize?connection=conn_123" \
|
49
53
|
# "&client_id=project_01DG5TGK363GRVXP3ZS40WNGEZ" \
|
50
54
|
# "&redirect_uri=https%3A%2F%2Fworkos.com%2Fcallback&" \
|
51
55
|
# "response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdocs%22%7D"
|
52
56
|
#
|
53
57
|
# @return [String]
|
58
|
+
# rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
|
54
59
|
sig do
|
55
60
|
params(
|
56
61
|
redirect_uri: String,
|
57
62
|
client_id: T.nilable(String),
|
58
63
|
domain: T.nilable(String),
|
64
|
+
domain_hint: T.nilable(String),
|
65
|
+
login_hint: T.nilable(String),
|
59
66
|
provider: T.nilable(String),
|
60
67
|
connection: T.nilable(String),
|
68
|
+
organization: T.nilable(String),
|
61
69
|
state: T.nilable(String),
|
62
70
|
).returns(String)
|
63
71
|
end
|
@@ -65,14 +73,23 @@ module WorkOS
|
|
65
73
|
redirect_uri:,
|
66
74
|
client_id: nil,
|
67
75
|
domain: nil,
|
76
|
+
domain_hint: nil,
|
77
|
+
login_hint: nil,
|
68
78
|
provider: nil,
|
69
79
|
connection: nil,
|
80
|
+
organization: nil,
|
70
81
|
state: ''
|
71
82
|
)
|
83
|
+
if domain
|
84
|
+
warn '[DEPRECATION] `domain` is deprecated.
|
85
|
+
Please use `organization` instead.'
|
86
|
+
end
|
87
|
+
|
72
88
|
validate_authorization_url_arguments(
|
73
89
|
provider: provider,
|
74
90
|
domain: domain,
|
75
91
|
connection: connection,
|
92
|
+
organization: organization,
|
76
93
|
)
|
77
94
|
|
78
95
|
query = URI.encode_www_form({
|
@@ -81,12 +98,16 @@ module WorkOS
|
|
81
98
|
response_type: 'code',
|
82
99
|
state: state,
|
83
100
|
domain: domain,
|
101
|
+
domain_hint: domain_hint,
|
102
|
+
login_hint: login_hint,
|
84
103
|
provider: provider,
|
85
104
|
connection: connection,
|
105
|
+
organization: organization,
|
86
106
|
}.compact)
|
87
107
|
|
88
108
|
"https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
|
89
109
|
end
|
110
|
+
# rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
|
90
111
|
|
91
112
|
sig do
|
92
113
|
params(
|
@@ -229,16 +250,18 @@ module WorkOS
|
|
229
250
|
domain: T.nilable(String),
|
230
251
|
provider: T.nilable(String),
|
231
252
|
connection: T.nilable(String),
|
253
|
+
organization: T.nilable(String),
|
232
254
|
).void
|
233
255
|
end
|
234
256
|
def validate_authorization_url_arguments(
|
235
257
|
domain:,
|
236
258
|
provider:,
|
237
|
-
connection
|
259
|
+
connection:,
|
260
|
+
organization:
|
238
261
|
)
|
239
|
-
if [domain, provider, connection].all?(&:nil?)
|
240
|
-
raise ArgumentError, 'Either connection, domain,
|
241
|
-
'provider is required.'
|
262
|
+
if [domain, provider, connection, organization].all?(&:nil?)
|
263
|
+
raise ArgumentError, 'Either connection, domain, ' \
|
264
|
+
'provider, or organization is required.'
|
242
265
|
end
|
243
266
|
|
244
267
|
return unless provider && !PROVIDERS.include?(provider)
|
data/lib/workos/version.rb
CHANGED
data/spec/lib/workos/sso_spec.rb
CHANGED
@@ -109,7 +109,145 @@ describe WorkOS::SSO do
|
|
109
109
|
end
|
110
110
|
end
|
111
111
|
|
112
|
-
context 'with
|
112
|
+
context 'with a domain' do
|
113
|
+
let(:args) do
|
114
|
+
{
|
115
|
+
domain: 'foo.com',
|
116
|
+
client_id: 'workos-proj-123',
|
117
|
+
redirect_uri: 'foo.com/auth/callback',
|
118
|
+
state: {
|
119
|
+
next_page: '/dashboard/edit',
|
120
|
+
}.to_s,
|
121
|
+
}
|
122
|
+
end
|
123
|
+
it 'returns a valid URL' do
|
124
|
+
authorization_url = described_class.authorization_url(**args)
|
125
|
+
|
126
|
+
expect(URI.parse(authorization_url)).to be_a URI
|
127
|
+
end
|
128
|
+
|
129
|
+
it 'returns the expected hostname' do
|
130
|
+
authorization_url = described_class.authorization_url(**args)
|
131
|
+
|
132
|
+
expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
|
133
|
+
end
|
134
|
+
|
135
|
+
it 'returns the expected query string' do
|
136
|
+
authorization_url = described_class.authorization_url(**args)
|
137
|
+
|
138
|
+
expect(URI.parse(authorization_url).query).to eq(
|
139
|
+
'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
|
140
|
+
'&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
|
141
|
+
'edit%22%7D&domain=foo.com',
|
142
|
+
)
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
context 'with a domain_hint' do
|
147
|
+
let(:args) do
|
148
|
+
{
|
149
|
+
connection: 'connection_123',
|
150
|
+
domain_hint: 'foo.com',
|
151
|
+
client_id: 'workos-proj-123',
|
152
|
+
redirect_uri: 'foo.com/auth/callback',
|
153
|
+
state: {
|
154
|
+
next_page: '/dashboard/edit',
|
155
|
+
}.to_s,
|
156
|
+
}
|
157
|
+
end
|
158
|
+
it 'returns a valid URL' do
|
159
|
+
authorization_url = described_class.authorization_url(**args)
|
160
|
+
|
161
|
+
expect(URI.parse(authorization_url)).to be_a URI
|
162
|
+
end
|
163
|
+
|
164
|
+
it 'returns the expected hostname' do
|
165
|
+
authorization_url = described_class.authorization_url(**args)
|
166
|
+
|
167
|
+
expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
|
168
|
+
end
|
169
|
+
|
170
|
+
it 'returns the expected query string' do
|
171
|
+
authorization_url = described_class.authorization_url(**args)
|
172
|
+
|
173
|
+
expect(URI.parse(authorization_url).query).to eq(
|
174
|
+
'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
|
175
|
+
'&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2' \
|
176
|
+
'Fedit%22%7D&domain_hint=foo.com&connection=connection_123',
|
177
|
+
)
|
178
|
+
end
|
179
|
+
end
|
180
|
+
|
181
|
+
context 'with a login_hint' do
|
182
|
+
let(:args) do
|
183
|
+
{
|
184
|
+
connection: 'connection_123',
|
185
|
+
login_hint: 'foo@workos.com',
|
186
|
+
client_id: 'workos-proj-123',
|
187
|
+
redirect_uri: 'foo.com/auth/callback',
|
188
|
+
state: {
|
189
|
+
next_page: '/dashboard/edit',
|
190
|
+
}.to_s,
|
191
|
+
}
|
192
|
+
end
|
193
|
+
it 'returns a valid URL' do
|
194
|
+
authorization_url = described_class.authorization_url(**args)
|
195
|
+
|
196
|
+
expect(URI.parse(authorization_url)).to be_a URI
|
197
|
+
end
|
198
|
+
|
199
|
+
it 'returns the expected hostname' do
|
200
|
+
authorization_url = described_class.authorization_url(**args)
|
201
|
+
|
202
|
+
expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
|
203
|
+
end
|
204
|
+
|
205
|
+
it 'returns the expected query string' do
|
206
|
+
authorization_url = described_class.authorization_url(**args)
|
207
|
+
|
208
|
+
expect(URI.parse(authorization_url).query).to eq(
|
209
|
+
'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
|
210
|
+
'&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2' \
|
211
|
+
'Fedit%22%7D&login_hint=foo%40workos.com&connection=connection_123',
|
212
|
+
)
|
213
|
+
end
|
214
|
+
end
|
215
|
+
|
216
|
+
context 'with an organization' do
|
217
|
+
let(:args) do
|
218
|
+
{
|
219
|
+
organization: 'org_123',
|
220
|
+
client_id: 'workos-proj-123',
|
221
|
+
redirect_uri: 'foo.com/auth/callback',
|
222
|
+
state: {
|
223
|
+
next_page: '/dashboard/edit',
|
224
|
+
}.to_s,
|
225
|
+
}
|
226
|
+
end
|
227
|
+
it 'returns a valid URL' do
|
228
|
+
authorization_url = described_class.authorization_url(**args)
|
229
|
+
|
230
|
+
expect(URI.parse(authorization_url)).to be_a URI
|
231
|
+
end
|
232
|
+
|
233
|
+
it 'returns the expected hostname' do
|
234
|
+
authorization_url = described_class.authorization_url(**args)
|
235
|
+
|
236
|
+
expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
|
237
|
+
end
|
238
|
+
|
239
|
+
it 'returns the expected query string' do
|
240
|
+
authorization_url = described_class.authorization_url(**args)
|
241
|
+
|
242
|
+
expect(URI.parse(authorization_url).query).to eq(
|
243
|
+
'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
|
244
|
+
'&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
|
245
|
+
'edit%22%7D&organization=org_123',
|
246
|
+
)
|
247
|
+
end
|
248
|
+
end
|
249
|
+
|
250
|
+
context 'with neither connection, domain, provider, or organization' do
|
113
251
|
let(:args) do
|
114
252
|
{
|
115
253
|
client_id: 'workos-proj-123',
|
@@ -124,7 +262,7 @@ describe WorkOS::SSO do
|
|
124
262
|
described_class.authorization_url(**args)
|
125
263
|
end.to raise_error(
|
126
264
|
ArgumentError,
|
127
|
-
'Either connection, domain, or
|
265
|
+
'Either connection, domain, provider, or organization is required.',
|
128
266
|
)
|
129
267
|
end
|
130
268
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: workos
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WorkOS
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-12-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sorbet-runtime
|
@@ -364,7 +364,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
364
364
|
- !ruby/object:Gem::Version
|
365
365
|
version: '0'
|
366
366
|
requirements: []
|
367
|
-
rubygems_version: 3.2.
|
367
|
+
rubygems_version: 3.2.33
|
368
368
|
signing_key:
|
369
369
|
specification_version: 4
|
370
370
|
summary: API client for WorkOS
|