workos 2.0.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 739e4734f5caa4b4c8180e125a206106242fea489c1dccc19f1bc45ad514bc7e
-  data.tar.gz: '029c0a8ef19f9b9b933a73eec53a9770851ea2a338a81060c040b72a06e39189'
+  metadata.gz: 983d578de3e27144af8a7947eebfb770ad7ee640954511586617505c520ee657
+  data.tar.gz: 92cb0b75234f56a1e18c47d9cb339b2f389e17463798141bc7a3a2977f5f9372
 SHA512:
-  metadata.gz: 18631e0e0cdc5033b7df32d3ff95e2eeadcd7babd6c3b11063e174006ed3e8abd7769bfe4b0c828967e79b724ce0d8a79243960b5f2922eeb242051b56395b41
-  data.tar.gz: 2a2b2d48b1410ad0fc86943a168d584234fd5c01ca5ee3e3b4b3117f9924ddc4199d55d10d338b1f07daa193edc0144312ec6271a68c65b89ec8fa2243064aa0
+  metadata.gz: 1143a28ee95755c80fe36aa5fba02e069143ebdb96e67f909d566bbf091928176ac29f23ccfa7764da163a248268f7a882616e0db7bd73612eda060c78cf8515
+  data.tar.gz: a2e279f2f2427dd8089eddcc692e677d21978fdd16f3918ffe162822d116b7904f1dbc6826d151f583ba1c60cd5c0e8fbe8b825fb78212f772d7a1aa11faa6da

data/.semaphore/semaphore.yml

@@ -31,45 +31,19 @@ blocks:
         - name: codecov-workos-ruby
       jobs:
         - name: Ruby 1.9.3
-          commands:
-            - checkout
-            - sem-version ruby 1.9.3-p551
-            - bundle install
-            - bundle exec rspec
-        - name: Ruby 2.0.0
-          commands:
-            - checkout
-            - sem-version ruby 2.0.0-p648
-            - bundle install
-            - bundle exec rspec
-        - name: Ruby 2.3.4
-          commands:
-            - checkout
-            - sem-version ruby 2.3.4
-            - bundle install
-            - bundle exec rspec
-        - name: Ruby 2.5.7
-          commands:
-            - checkout
-            - sem-version ruby 2.5.7
-            - bundle install
-            - bundle exec rspec
-        - name: Ruby 2.6.5
-          commands:
-            - checkout
-            - sem-version ruby 2.6.5
-            - bundle install
-            - bundle exec rspec
-        - name: Ruby 2.7.3
-          commands:
-            - checkout
-            - sem-version ruby 2.7.3
-            - bundle install
-            - bundle exec rspec
-        - name: Ruby 3.0.2
-          commands:
-            - checkout
-            - sem-version ruby 3.0.2
+          matrix:
+            - env_var: RUBY_VERSION
+              values:
+                - 1.9.3-p551
+                - 2.0.0-p648
+                - 2.3.4
+                - 2.5.7
+                - 2.6.5
+                - 2.7.3
+                - 3.0.2
+          commands:
+            - checkout
+            - sem-version ruby $RUBY_VERSION
             - bundle install
             - bundle exec rspec
 promotions:

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (2.0.0)
+    workos (2.2.0)
       sorbet-runtime (~> 0.5)
 
 GEM
@@ -93,4 +93,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   2.2.22
+   2.2.33

data/README.md

@@ -38,6 +38,10 @@ Or, you may set the key yourself, such as in an initializer in your application
 WorkOS.key = '[your api key]'
 ```
 
+## SDK Versioning
+
+For our SDKs WorkOS follows a Semantic Versioning ([SemVer](https://semver.org/)) process where all releases will have a version X.Y.Z (like 1.0.0) pattern wherein Z would be a bug fix (e.g., 1.0.1), Y would be a minor release (1.1.0) and X would be a major release (2.0.0). We permit any breaking changes to only be released in major versions and strongly recommend reading changelogs before making any major version upgrades.
+
 ## More Information
 
 * [Single Sign-On Guide](https://workos.com/docs/sso/guide)

data/lib/workos/challenge.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+# typed: false
+
+module WorkOS
+  # The Challnge class provides a lightweight wrapper around
+  # a WorkOS DirectoryUser resource. This class is not meant to be instantiated
+  # in DirectoryUser space, and is instantiated internally but exposed.
+  class Challenge
+    extend T::Sig
+
+    attr_accessor :id, :object, :expires_at, :code, :authentication_factor_id, :updated_at, :created_at
+
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+      @id = T.let(raw.id, String)
+      @object = T.let(raw.object, String)
+      @expires_at = raw.expires_at
+      @code = raw.code
+      @authentication_factor_id = T.let(raw.authentication_factor_id, String)
+      @created_at = T.let(raw.created_at, String)
+      @updated_at = T.let(raw.updated_at, String)
+    end
+
+    def to_json(*)
+      {
+        id: id,
+        object: object,
+        expires_at: expires_at,
+        code: code,
+        authentication_factor_id: authentication_factor_id,
+        created_at: created_at,
+        updated_at: updated_at,
+      }
+    end
+
+    private
+
+    sig { params(json_string: String).returns(WorkOS::Types::ChallengeStruct) }
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOS::Types::ChallengeStruct.new(
+        id: hash[:id],
+        object: hash[:object],
+        expires_at: hash[:expires_at],
+        code: hash[:code],
+        authentication_factor_id: hash[:authentication_factor_id],
+        created_at: hash[:created_at],
+        updated_at: hash[:updated_at],
+      )
+    end
+  end
+end

data/lib/workos/client.rb

@@ -144,6 +144,7 @@ module WorkOS
         )
       when 422
         message = json['message']
+        code = json['code']
         errors = extract_error(json['errors']) if json['errors']
         message += " (#{errors})" if errors
 
@@ -151,6 +152,7 @@ module WorkOS
           message: message,
           http_status: http_status,
           request_id: response['x-request-id'],
+          code: code,
         )
       end
     end

data/lib/workos/directory_sync.rb

@@ -26,6 +26,7 @@ module WorkOS
       #  before a provided Directory ID.
       # @option options [String] after Pagination cursor to receive records
       #  before a provided Directory ID.
+      # @option options [String] organization_id The ID for an Organization configured on WorkOS.
       #
       # @return [Hash]
       sig do

data/lib/workos/errors.rb

@@ -17,14 +17,16 @@ module WorkOS
         error_description: T.nilable(String),
         http_status: T.nilable(Integer),
         request_id: T.nilable(String),
+        code: T.nilable(String),
       ).void
     end
-    def initialize(message: nil, error: nil, error_description: nil, http_status: nil, request_id: nil)
+    def initialize(message: nil, error: nil, error_description: nil, http_status: nil, request_id: nil, code: nil)
       @message = message
       @error = error
       @error_description = error_description
       @http_status = http_status
       @request_id = request_id
+      @code = code
     end
 
     sig { returns(String) }

data/lib/workos/factor.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+# typed: false
+
+module WorkOS
+  # The Factor class provides a lightweight wrapper around
+  # a WorkOS DirectoryUser resource. This class is not meant to be instantiated
+  # in DirectoryUser space, and is instantiated internally but exposed.
+  class Factor
+    # rubocop:disable Metrics/AbcSize
+    extend T::Sig
+    attr_accessor :id, :environment_id, :object, :type, :sms, :totp, :updated_at, :created_at
+
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+      @id = T.let(raw.id, String)
+      @environment_id = T.let(raw.environment_id, String)
+      @object = T.let(raw.object, String)
+      @type = T.let(raw.type, String)
+      @created_at = T.let(raw.created_at, String)
+      @updated_at = T.let(raw.updated_at, String)
+      @totp = raw.totp
+      @sms = raw.sms
+    end
+
+    def to_json(*)
+      {
+        id: id,
+        environment_id: environment_id,
+        object: object,
+        type: type,
+        totp: totp,
+        sms: sms,
+        created_at: created_at,
+        updated_at: updated_at,
+      }
+    end
+
+    private
+
+    sig { params(json_string: String).returns(WorkOS::Types::FactorStruct) }
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOS::Types::FactorStruct.new(
+        id: hash[:id],
+        environment_id: hash[:environment_id],
+        object: hash[:object],
+        type: hash[:type],
+        totp: hash[:totp],
+        sms: hash[:sms],
+        created_at: hash[:created_at],
+        updated_at: hash[:updated_at],
+      )
+    end
+    # rubocop:enable Metrics/AbcSize
+  end
+end

data/lib/workos/mfa.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+# typed: true
+
+
+require 'net/http'
+require 'uri'
+
+module WorkOS
+  # The MFA module provides convenience methods for working with the WorkOS
+  # MFA platform. You'll need a valid API key
+  module MFA
+    class << self
+      extend T::Sig
+      include Base
+      include Client
+      sig { params(id: String).returns(T::Boolean) }
+      def delete_factor(id:)
+        response = execute_request(
+          request: delete_request(
+            path: "/auth/factors/#{id}",
+            auth: true,
+          ),
+        )
+        response.is_a? Net::HTTPSuccess
+      end
+
+      sig do
+        params(id: String).returns(WorkOS::Factor)
+      end
+      def get_factor(
+        id:
+      )
+        response = execute_request(
+          request: get_request(
+            path: "/auth/factors/#{id}",
+            auth: true,
+          ),
+        )
+        WorkOS::Factor.new(response.body)
+      end
+
+      sig do
+        params(
+          type: String,
+          totp_issuer: T.nilable(String),
+          totp_user: T.nilable(String),
+          phone_number: T.nilable(String),
+        ).void
+      end
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
+
+      def validate_args(
+        type:,
+        totp_issuer: nil,
+        totp_user: nil,
+        phone_number: nil
+      )
+        if type != 'sms' && type != 'totp' && type != 'generic_otp'
+          raise ArgumentError, "Type argument must be either 'sms' or 'totp'"
+        end
+        if (type == 'totp' && totp_issuer.nil?) || (type == 'totp' && totp_user.nil?)
+          raise ArgumentError, 'Incomplete arguments. Need to specify both totp_issuer and totp_user when type is totp'
+        end
+        return unless type == 'sms' && phone_number.nil?
+
+        raise ArgumentError, 'Incomplete arguments. Need to specify phone_number when type is sms'
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
+
+      sig do
+        params(
+          type: String,
+          totp_issuer: T.nilable(String),
+          totp_user: T.nilable(String),
+          phone_number: T.nilable(String),
+        ).returns(WorkOS::Factor)
+      end
+      # rubocop:disable Metrics/MethodLength
+      def enroll_factor(
+        type:,
+        totp_issuer: nil,
+        totp_user: nil,
+        phone_number: nil
+      )
+        validate_args(
+          type: type,
+          totp_issuer: totp_issuer,
+          totp_user: totp_user,
+          phone_number: phone_number,
+        )
+        response = execute_request(request: post_request(
+          auth: true,
+          body: {
+            type: type,
+            totp_issuer: totp_issuer,
+            totp_user: totp_user,
+            phone_number: phone_number,
+          },
+          path: '/auth/factors/enroll',
+        ))
+        WorkOS::Factor.new(response.body)
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      sig do
+        params(
+          authentication_factor_id: T.nilable(String),
+          sms_template: T.nilable(String),
+        ).returns(WorkOS::Challenge)
+      end
+      def challenge_factor(
+        authentication_factor_id: nil,
+        sms_template: nil
+      )
+        if authentication_factor_id.nil?
+          raise ArgumentError, "Incomplete arguments: 'authentication_factor_id' is a required argument"
+        end
+
+        request = post_request(
+          auth: true,
+          body: {
+            sms_template: sms_template,
+            authentication_factor_id: authentication_factor_id,
+          },
+          path: '/auth/factors/challenge',
+        )
+
+        response = execute_request(request: request)
+        WorkOS::Challenge.new(response.body)
+      end
+
+      sig do
+        params(
+          authentication_challenge_id: T.nilable(String),
+          code: T.nilable(String),
+        ).returns(WorkOS::VerifyFactor)
+      end
+      def verify_factor(
+        authentication_challenge_id: nil,
+        code: nil
+      )
+
+        if authentication_challenge_id.nil? || code.nil?
+          raise ArgumentError, "Incomplete arguments: 'authentication_challenge_id' and 'code' are required arguments"
+        end
+
+        options = {
+          "authentication_challenge_id": authentication_challenge_id,
+          "code": code,
+        }
+
+        response = execute_request(
+          request: post_request(
+            path: '/auth/factors/verify',
+            auth: true,
+            body: options,
+          ),
+        )
+        WorkOS::VerifyFactor.new(response.body)
+      end
+    end
+  end
+end

data/lib/workos/sso.rb

@@ -21,23 +21,27 @@ module WorkOS
       # Generate an Oauth2 authorization URL where your users will
       # authenticate using the configured SSO Identity Provider.
       #
+      # @param [String] redirect_uri The URI where users are directed
+      #  after completing the authentication step. Must match a
+      #  configured redirect URI on your WorkOS dashboard.
+      # @param [String] client_id The WorkOS client ID for the environment
+      #  where you've configured your SSO connection.
       # @param [String] domain The domain for the relevant SSO Connection
-      #  configured on your WorkOS dashboard. One of provider or domain is
-      #  required
+      #  configured on your WorkOS dashboard. One of provider, domain,
+      #  connection, or organization is required.
+      #  The domain is deprecated.
       # @param [String] provider A provider name for an Identity Provider
-      #  configured on your WorkOS dashboard. Only 'Google' is supported.
+      #  configured on your WorkOS dashboard. Only 'GoogleOAuth' and
+      #  'MicrosoftOAuth' are supported.
       # @param [String] connection The ID for a Connection configured on
       #  WorkOS.
-      # @param [String] client_id The WorkOS client ID for the environment
-      #  where you've configured your SSO connection.
-      # @param [String] redirect_uri The URI where users are directed
-      #  after completing the authentication step. Must match a
-      #  configured redirect URI on your WorkOS dashboard.
-      # @param [String] state An aribtrary state object
+      # @param [String] organization The ID for an Organization configured
+      #  on WorkOS.
+      # @param [String] state An arbitrary state object
       #  that is preserved and available to the client in the response.
       # @example
       #   WorkOS::SSO.authorization_url(
-      #     domain: 'acme.com',
+      #     connection: 'conn_123',
       #     client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
       #     redirect_uri: 'https://workos.com/callback',
       #     state: {
@@ -45,19 +49,23 @@ module WorkOS
       #     }.to_s
       #   )
       #
-      #   => "https://api.workos.com/sso/authorize?domain=acme.com" \
+      #   => "https://api.workos.com/sso/authorize?connection=conn_123" \
       #      "&client_id=project_01DG5TGK363GRVXP3ZS40WNGEZ" \
       #      "&redirect_uri=https%3A%2F%2Fworkos.com%2Fcallback&" \
       #      "response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdocs%22%7D"
       #
       # @return [String]
+      # rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
       sig do
         params(
           redirect_uri: String,
           client_id: T.nilable(String),
           domain: T.nilable(String),
+          domain_hint: T.nilable(String),
+          login_hint: T.nilable(String),
           provider: T.nilable(String),
           connection: T.nilable(String),
+          organization: T.nilable(String),
           state: T.nilable(String),
         ).returns(String)
       end
@@ -65,14 +73,23 @@ module WorkOS
         redirect_uri:,
         client_id: nil,
         domain: nil,
+        domain_hint: nil,
+        login_hint: nil,
         provider: nil,
         connection: nil,
+        organization: nil,
         state: ''
       )
+        if domain
+          warn '[DEPRECATION] `domain` is deprecated.
+          Please use `organization` instead.'
+        end
+
         validate_authorization_url_arguments(
           provider: provider,
           domain: domain,
           connection: connection,
+          organization: organization,
         )
 
         query = URI.encode_www_form({
@@ -81,12 +98,16 @@ module WorkOS
           response_type: 'code',
           state: state,
           domain: domain,
+          domain_hint: domain_hint,
+          login_hint: login_hint,
           provider: provider,
           connection: connection,
+          organization: organization,
         }.compact)
 
         "https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
       end
+      # rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
 
       sig do
         params(
@@ -229,16 +250,18 @@ module WorkOS
           domain: T.nilable(String),
           provider: T.nilable(String),
           connection: T.nilable(String),
+          organization: T.nilable(String),
         ).void
       end
       def validate_authorization_url_arguments(
         domain:,
         provider:,
-        connection:
+        connection:,
+        organization:
       )
-        if [domain, provider, connection].all?(&:nil?)
-          raise ArgumentError, 'Either connection, domain, or ' \
-            'provider is required.'
+        if [domain, provider, connection, organization].all?(&:nil?)
+          raise ArgumentError, 'Either connection, domain, ' \
+            'provider, or organization is required.'
         end
 
         return unless provider && !PROVIDERS.include?(provider)

data/lib/workos/types/challenge_struct.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+# typed: strict
+
+module WorkOS
+  module Types
+    # This ChallgengeStruct acts as a typed interface
+    # for the Factor class
+    class ChallengeStruct < T::Struct
+      const :id, String
+      const :object, String
+      const :expires_at, T.nilable(String)
+      const :code, T.nilable(String)
+      const :authentication_factor_id, String
+      const :created_at, String
+      const :updated_at, String
+    end
+  end
+end

data/lib/workos/types/factor_struct.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+# typed: strict
+
+module WorkOS
+  module Types
+    # This FactorStruct acts as a typed interface
+    # for the Factor class
+    class FactorStruct < T::Struct
+      const :id, String
+      const :environment_id, String
+      const :object, String
+      const :type, String
+      const :totp, T.nilable(T::Hash[Symbol, Object])
+      const :sms, T.nilable(T::Hash[Symbol, Object])
+      const :created_at, String
+      const :updated_at, String
+    end
+  end
+end

data/lib/workos/types/verify_factor_struct.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+# typed: strict
+
+module WorkOS
+  module Types
+    # This VerifyFactorStruct acts as a typed interface
+    # for the Factor class
+    class VerifyFactorStruct < T::Struct
+      const :challenge, T.nilable(T::Hash[Symbol, Object])
+      const :valid, T.nilable(TrueClass)
+      const :code, T.nilable(String)
+      const :message, T.nilable(String)
+    end
+  end
+end

data/lib/workos/types.rb

@@ -16,5 +16,8 @@ module WorkOS
     require_relative 'types/provider_enum'
     require_relative 'types/directory_user_struct'
     require_relative 'types/webhook_struct'
+    require_relative 'types/factor_struct'
+    require_relative 'types/challenge_struct'
+    require_relative 'types/verify_factor_struct'
   end
 end

data/lib/workos/verify_factor.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+# typed: false
+
+module WorkOS
+  # The VerifyFactor class provides a lightweight wrapper around
+  # a WorkOS DirectoryUser resource. This class is not meant to be instantiated
+  # in DirectoryUser space, and is instantiated internally but exposed.
+  class VerifyFactor
+    extend T::Sig
+
+    attr_accessor :challenge, :valid
+
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+      @challenge = T.let(raw.challenge, Hash)
+      @valid = raw.valid
+    end
+
+    def to_json(*)
+      {
+        challenge: challenge,
+        valid: valid,
+      }
+    end
+
+    private
+
+    sig { params(json_string: String).returns(WorkOS::Types::VerifyFactorStruct) }
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOS::Types::VerifyFactorStruct.new(
+        challenge: hash[:challenge],
+        valid: hash[:valid],
+      )
+    end
+  end
+end

data/lib/workos/version.rb

@@ -2,5 +2,5 @@
 # typed: strong
 
 module WorkOS
-  VERSION = '2.0.0'
+  VERSION = '2.2.0'
 end