workos 3.1.0 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ad84077c20052b97407464d2d226f58f15633fc075ad94da6072e60258ffb89
-  data.tar.gz: 8d740970f9e7def49c1faeb4f3eddf7da2e8289a6ad8d7e6f1f9e2f730899a7e
+  metadata.gz: '0828780b58051c7e4da7d76717a9eb71209803a508c71ca287a99dabcb0cc55a'
+  data.tar.gz: 5da4147318e6c1f9947b50f69e8bf37dfbed7fd936deda7c46c9a072abfed99f
 SHA512:
-  metadata.gz: cff690a42ec04e6ff9ebfe23564573165d0ac39764ed0c8f6b62abb7b19365b1e86d8fe86e19d405cc4529f9104d64f2c6526ec053d8d536037eff9088c1edfc
-  data.tar.gz: 4afff676be0ba3eed8c6c5ce657d9fb6944a55eda0c165e027f34e9362f6ffd5a6cb17363b010682b702f5223e478687bdefa7cd3fa3440cd3d7677584d79a48
+  metadata.gz: '0916ae54fc3f1e30edf8f03dab9a75382062122a5b554aeefbaea26b39edc2e4d6415a9bdda25e53f19c5b82e6bb6e5e675c7c4ba1bc971a689346e6af997935'
+  data.tar.gz: 232a18c18b3c58181dd3f3a16c8c8f16a9f7aa7d1dc5ac088dbda986b9fd86347fe41def6a27d3d19ca7ff2867f03353daefa611c6df175ad5b9464539cadfff

data/.semaphore/semaphore.yml

@@ -4,7 +4,7 @@ name: Ruby
 agent:
   machine:
     type: e1-standard-2
-    os_image: ubuntu1804
+    os_image: ubuntu2004
 
 blocks:
   - name: Run Sorbet 🍦

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (3.1.0)
+    workos (4.1.0)
       sorbet-runtime (~> 0.5)
 
 GEM

data/lib/workos/authentication_response.rb

@@ -8,19 +8,29 @@ module WorkOS
     include HashProvider
     extend T::Sig
 
-    attr_accessor :user, :organization_id
+    attr_accessor :user, :organization_id, :impersonator, :access_token, :refresh_token
 
     sig { params(authentication_response_json: String).void }
     def initialize(authentication_response_json)
       json = JSON.parse(authentication_response_json, symbolize_names: true)
       @user = WorkOS::User.new(json[:user].to_json)
       @organization_id = T.let(json[:organization_id], T.nilable(String))
+      @impersonator =
+        if (impersonator_json = json[:impersonator])
+          Impersonator.new(email: impersonator_json[:email],
+                           reason: impersonator_json[:reason],)
+        end
+      @access_token = T.let(json[:access_token], String)
+      @refresh_token = T.let(json[:refresh_token], String)
     end
 
     def to_json(*)
       {
         user: user.to_json,
         organization_id: organization_id,
+        impersonator: impersonator.to_json,
+        access_token: access_token,
+        refresh_token: refresh_token,
       }
     end
   end

data/lib/workos/directory_sync.rb

@@ -35,6 +35,7 @@ module WorkOS
         ).returns(WorkOS::Types::ListStruct)
       end
       def list_directories(options = {})
+        options[:order] ||= 'desc'
         response = execute_request(
           request: get_request(
             path: '/directories',
@@ -104,6 +105,7 @@ module WorkOS
         ).returns(WorkOS::Types::ListStruct)
       end
       def list_groups(options = {})
+        options[:order] ||= 'desc'
         response = execute_request(
           request: get_request(
             path: '/directory_groups',
@@ -144,6 +146,7 @@ module WorkOS
         ).returns(WorkOS::Types::ListStruct)
       end
       def list_users(options = {})
+        options[:order] ||= 'desc'
         response = execute_request(
           request: get_request(
             path: '/directory_users',

data/lib/workos/impersonator.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOS
+  # Contains information about a WorkOS Dashboard user impersonating
+  # a User Management user.
+  class Impersonator
+    include HashProvider
+    extend T::Sig
+
+    attr_accessor :email, :reason
+
+    sig { params(email: String, reason: T.nilable(String)).void }
+    def initialize(email:, reason:)
+      @email = email
+      @reason = reason
+    end
+
+    def to_json(*)
+      {
+        email: email,
+        reason: reason,
+      }
+    end
+  end
+end

data/lib/workos/organization_membership.rb

@@ -9,7 +9,7 @@ module WorkOS
     include HashProvider
     extend T::Sig
 
-    attr_accessor :id, :user_id, :organization_id, :created_at, :updated_at
+    attr_accessor :id, :user_id, :organization_id, :status, :created_at, :updated_at
 
     sig { params(json: String).void }
     def initialize(json)
@@ -18,6 +18,7 @@ module WorkOS
       @id = T.let(raw.id, String)
       @user_id = T.let(raw.user_id, String)
       @organization_id = raw.organization_id
+      @status = T.let(raw.status, String)
       @created_at = T.let(raw.created_at, String)
       @updated_at = T.let(raw.updated_at, String)
     end
@@ -27,6 +28,7 @@ module WorkOS
         id: id,
         user_id: user_id,
         organization_id: organization_id,
+        status: status,
         created_at: created_at,
         updated_at: updated_at,
       }
@@ -42,6 +44,7 @@ module WorkOS
         id: hash[:id],
         user_id: hash[:user_id],
         organization_id: hash[:organization_id],
+        status: hash[:status],
         created_at: hash[:created_at],
         updated_at: hash[:updated_at],
       )

data/lib/workos/organizations.rb

@@ -28,6 +28,7 @@ module WorkOS
         ).returns(WorkOS::Types::ListStruct)
       end
       def list_organizations(options = {})
+        options[:order] ||= 'desc'
         response = execute_request(
           request: get_request(
             path: '/organizations',

data/lib/workos/refresh_authentication_response.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOS
+  # The RefreshAuthenticationResponse contains response data from a successful
+  # `UserManagement.authenticate_with_refresh_token` call
+  class RefreshAuthenticationResponse
+    include HashProvider
+    extend T::Sig
+
+    attr_accessor :access_token, :refresh_token
+
+    sig { params(authentication_response_json: String).void }
+    def initialize(authentication_response_json)
+      json = JSON.parse(authentication_response_json, symbolize_names: true)
+      @access_token = T.let(json[:access_token], String)
+      @refresh_token = T.let(json[:refresh_token], String)
+    end
+
+    def to_json(*)
+      {
+        access_token: access_token,
+        refresh_token: refresh_token,
+      }
+    end
+  end
+end

data/lib/workos/sso.rb

@@ -175,6 +175,7 @@ module WorkOS
         ).returns(WorkOS::Types::ListStruct)
       end
       def list_connections(options = {})
+        options[:order] ||= 'desc'
         response = execute_request(
           request: get_request(
             path: '/connections',

data/lib/workos/types/organization_membership_struct.rb

@@ -7,7 +7,8 @@ module WorkOS
     class OrganizationMembershipStruct < T::Struct
       const :id, String
       const :user_id, String
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
+      const :status, String
       const :created_at, String
       const :updated_at, String
     end

data/lib/workos/user_management.rb

@@ -157,6 +157,7 @@ module WorkOS
         ).returns(WorkOS::Types::ListStruct)
       end
       def list_users(options = {})
+        options[:order] ||= 'desc'
         response = execute_request(
           request: get_request(
             path: '/user_management/users',
@@ -365,6 +366,46 @@ module WorkOS
         WorkOS::AuthenticationResponse.new(response.body)
       end
 
+      # Authenticate a user using a refresh token.
+      #
+      # @param [String] refresh_token The refresh token previously obtained from a successful authentication call
+      # @param [String] client_id The WorkOS client ID for the environment
+      # @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
+      # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      #
+      # @return WorkOS::RefreshAuthenticationResponse
+
+      sig do
+        params(
+          refresh_token: String,
+          client_id: String,
+          ip_address: T.nilable(String),
+          user_agent: T.nilable(String),
+        ).returns(WorkOS::RefreshAuthenticationResponse)
+      end
+      def authenticate_with_refresh_token(
+        refresh_token:,
+        client_id:,
+        ip_address: nil,
+        user_agent: nil
+      )
+        response = execute_request(
+          request: post_request(
+            path: '/user_management/authenticate',
+            body: {
+              refresh_token: refresh_token,
+              client_id: client_id,
+              client_secret: WorkOS.config.key!,
+              ip_address: ip_address,
+              user_agent: user_agent,
+              grant_type: 'refresh_token',
+            },
+          ),
+        )
+
+        WorkOS::RefreshAuthenticationResponse.new(response.body)
+      end
+
       # Authenticate user by Magic Auth Code.
       #
       # @param [String] code The one-time code that was emailed to the user.
@@ -553,6 +594,66 @@ module WorkOS
         WorkOS::AuthenticationResponse.new(response.body)
       end
 
+      # Get the logout URL for a session
+      #
+      # The user's browser should be navigated to this URL
+      #
+      # @param [String] session_id The session ID can be found in the `sid`
+      #   claim of the access token
+      #
+      # @return String
+      sig do
+        params(
+          session_id: String,
+        ).returns(String)
+      end
+      def get_logout_url(session_id:)
+        URI::HTTPS.build(
+          host: WorkOS.config.api_hostname,
+          path: '/user_management/sessions/logout',
+          query: "session_id=#{session_id}",
+        ).to_s
+      end
+
+      # Revokes a session
+      #
+      # @param [String] session_id The session ID can be found in the `sid`
+      #   claim of the access token
+      sig do
+        params(
+          session_id: String,
+        ).void
+      end
+      def revoke_session(session_id:)
+        execute_request(
+          request: post_request(
+            path: '/user_management/sessions/revoke',
+            body: {
+              session_id: session_id,
+            },
+          ),
+        )
+      end
+
+      # Get the JWKS URL
+      #
+      # The JWKS can be used to validate the access token returned upon successful authentication
+      #
+      # @param [String] client_id The WorkOS client ID for the environment
+      #
+      # @return String
+      sig do
+        params(
+          client_id: String,
+        ).returns(String)
+      end
+      def get_jwks_url(client_id)
+        URI::HTTPS.build(
+          host: WorkOS.config.api_hostname,
+          path: "/sso/jwks/#{client_id}",
+        ).to_s
+      end
+
       # Create a one-time Magic Auth code and emails it to the user.
       #
       # @param [String] email The email address the one-time code will be sent to.
@@ -783,6 +884,7 @@ module WorkOS
         ).returns(WorkOS::Types::ListStruct)
       end
       def list_organization_memberships(options = {})
+        options[:order] ||= 'desc'
         response = execute_request(
           request: get_request(
             path: '/user_management/organization_memberships',
@@ -889,6 +991,7 @@ module WorkOS
         ).returns(WorkOS::Types::ListStruct)
       end
       def list_invitations(options = {})
+        options[:order] ||= 'desc'
         response = execute_request(
           request: get_request(
             path: '/user_management/invitations',

data/lib/workos/version.rb

@@ -2,5 +2,5 @@
 # typed: strong
 
 module WorkOS
-  VERSION = '3.1.0'
+  VERSION = '4.1.0'
 end

data/lib/workos.rb

@@ -58,6 +58,7 @@ module WorkOS
   autoload :Event, 'workos/event'
   autoload :Events, 'workos/events'
   autoload :Factor, 'workos/factor'
+  autoload :Impersonator, 'workos/impersonator'
   autoload :Invitation, 'workos/invitation'
   autoload :MFA, 'workos/mfa'
   autoload :Organization, 'workos/organization'
@@ -67,6 +68,7 @@ module WorkOS
   autoload :Portal, 'workos/portal'
   autoload :Profile, 'workos/profile'
   autoload :ProfileAndToken, 'workos/profile_and_token'
+  autoload :RefreshAuthenticationResponse, 'workos/refresh_authentication_response'
   autoload :SSO, 'workos/sso'
   autoload :Types, 'workos/types'
   autoload :User, 'workos/user'

data/spec/lib/workos/directory_sync_spec.rb

@@ -24,7 +24,8 @@ describe WorkOS::DirectorySync do
     context 'with domain option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?domain=foo-corp.com',
+          '/directories?domain=foo-corp.com&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -46,7 +47,8 @@ describe WorkOS::DirectorySync do
     context 'with search option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?search=Testing',
+          '/directories?search=Testing&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -69,7 +71,8 @@ describe WorkOS::DirectorySync do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?before=directory_01FGCPNV312FHFRCX0BYWHVSE1',
+          '/directories?before=directory_01FGCPNV312FHFRCX0BYWHVSE1&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -91,7 +94,8 @@ describe WorkOS::DirectorySync do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?after=directory_01FGCPNV312FHFRCX0BYWHVSE1',
+          '/directories?after=directory_01FGCPNV312FHFRCX0BYWHVSE1&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -111,7 +115,8 @@ describe WorkOS::DirectorySync do
     context 'with the limit option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?limit=2',
+          '/directories?limit=2&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -189,7 +194,8 @@ describe WorkOS::DirectorySync do
     context 'with directory option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_groups?directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
+          '/directory_groups?directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -212,7 +218,8 @@ describe WorkOS::DirectorySync do
     context 'with user option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_groups?user=directory_user_01G2Z8D4FDB28ZNSRRBVCF2E0P',
+          '/directory_groups?user=directory_user_01G2Z8D4FDB28ZNSRRBVCF2E0P&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -235,7 +242,8 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_groups?before=directory_group_01G2Z8D4ZR8RJ03Y1W7P9K8NMG&' \
-          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
+          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -259,7 +267,8 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_groups?after=directory_group_01G2Z8D4ZR8RJ03Y1W7P9K8NMG&' \
-          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
+          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -283,7 +292,8 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_groups?limit=2&' \
-          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
+          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -318,7 +328,8 @@ describe WorkOS::DirectorySync do
     context 'with directory option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?directory=directory_01FAZYMST676QMTFN1DDJZZX87',
+          '/directory_users?directory=directory_01FAZYMST676QMTFN1DDJZZX87&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -341,7 +352,8 @@ describe WorkOS::DirectorySync do
     context 'with group option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?group=directory_group_01FBXGP79EJAYKW0WS9JCK1V6E',
+          '/directory_users?group=directory_group_01FBXGP79EJAYKW0WS9JCK1V6E&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -364,7 +376,8 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_users?before=directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF&'\
-          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -388,7 +401,8 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_users?after=directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF&' \
-          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -412,7 +426,8 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_users?limit=2&' \
-          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 

data/spec/lib/workos/organizations_spec.rb

@@ -121,7 +121,8 @@ describe WorkOS::Organizations do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/organizations?before=before-id',
+          '/organizations?before=before-id&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -143,7 +144,8 @@ describe WorkOS::Organizations do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/organizations?after=after-id',
+          '/organizations?after=after-id&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -163,7 +165,8 @@ describe WorkOS::Organizations do
     context 'with the limit option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/organizations?limit=10',
+          '/organizations?limit=10&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 

data/spec/lib/workos/sso_spec.rb

@@ -457,7 +457,8 @@ describe WorkOS::SSO do
     context 'with connection_type option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?connection_type=OktaSAML',
+          '/connections?connection_type=OktaSAML&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -480,7 +481,8 @@ describe WorkOS::SSO do
     context 'with domain option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?domain=foo-corp.com',
+          '/connections?domain=foo-corp.com&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -502,7 +504,8 @@ describe WorkOS::SSO do
     context 'with organization_id option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?organization_id=org_01F9293WD2PDEEV4Y625XPZVG7',
+          '/connections?organization_id=org_01F9293WD2PDEEV4Y625XPZVG7&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -527,7 +530,8 @@ describe WorkOS::SSO do
     context 'with limit option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?limit=2',
+          '/connections?limit=2&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -549,7 +553,8 @@ describe WorkOS::SSO do
     context 'with before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?before=conn_01FA3WGCWPCCY1V2FGES2FDNP7',
+          '/connections?before=conn_01FA3WGCWPCCY1V2FGES2FDNP7&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]
 
@@ -571,7 +576,8 @@ describe WorkOS::SSO do
     context 'with after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?after=conn_01FA3WGCWPCCY1V2FGES2FDNP7',
+          '/connections?after=conn_01FA3WGCWPCCY1V2FGES2FDNP7&'\
+          'order=desc',
           'Content-Type' => 'application/json'
         ]