workos 4.0.0 → 4.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +37 -0
- data/.github/workflows/release.yml +43 -0
- data/.rubocop.yml +8 -1
- data/Gemfile.lock +22 -69
- data/lib/workos/audit_log_export.rb +8 -31
- data/lib/workos/audit_logs.rb +0 -26
- data/lib/workos/authentication_factor_and_challenge.rb +0 -3
- data/lib/workos/authentication_response.rb +12 -5
- data/lib/workos/challenge.rb +9 -28
- data/lib/workos/client.rb +0 -41
- data/lib/workos/configuration.rb +0 -1
- data/lib/workos/connection.rb +11 -35
- data/lib/workos/directory.rb +10 -37
- data/lib/workos/directory_group.rb +9 -36
- data/lib/workos/directory_sync.rb +0 -21
- data/lib/workos/directory_user.rb +17 -51
- data/lib/workos/errors.rb +0 -16
- data/lib/workos/event.rb +5 -26
- data/lib/workos/events.rb +0 -7
- data/lib/workos/factor.rb +9 -28
- data/lib/workos/hash_provider.rb +0 -1
- data/lib/workos/impersonator.rb +23 -0
- data/lib/workos/invitation.rb +12 -37
- data/lib/workos/mfa.rb +0 -42
- data/lib/workos/organization.rb +8 -31
- data/lib/workos/organization_membership.rb +8 -27
- data/lib/workos/organizations.rb +0 -26
- data/lib/workos/passwordless.rb +0 -14
- data/lib/workos/portal.rb +1 -13
- data/lib/workos/profile.rb +12 -39
- data/lib/workos/profile_and_token.rb +1 -4
- data/lib/workos/refresh_authentication_response.rb +24 -0
- data/lib/workos/sso.rb +1 -43
- data/lib/workos/types/intent.rb +16 -0
- data/lib/workos/types/list_struct.rb +8 -5
- data/lib/workos/types/passwordless_session_struct.rb +10 -9
- data/lib/workos/types/provider.rb +15 -0
- data/lib/workos/types.rb +5 -23
- data/lib/workos/user.rb +10 -31
- data/lib/workos/user_and_token.rb +1 -4
- data/lib/workos/user_management.rb +108 -219
- data/lib/workos/user_response.rb +0 -3
- data/lib/workos/verify_challenge.rb +4 -18
- data/lib/workos/version.rb +1 -2
- data/lib/workos/webhook.rb +5 -26
- data/lib/workos/webhooks.rb +1 -38
- data/lib/workos.rb +2 -2
- data/spec/lib/workos/audit_logs_spec.rb +2 -3
- data/spec/lib/workos/configuration_spec.rb +0 -1
- data/spec/lib/workos/directory_sync_spec.rb +0 -1
- data/spec/lib/workos/directory_user_spec.rb +0 -1
- data/spec/lib/workos/event_spec.rb +0 -1
- data/spec/lib/workos/mfa_spec.rb +0 -1
- data/spec/lib/workos/organizations_spec.rb +0 -1
- data/spec/lib/workos/passwordless_spec.rb +0 -1
- data/spec/lib/workos/portal_spec.rb +0 -1
- data/spec/lib/workos/sso_spec.rb +0 -1
- data/spec/lib/workos/user_management_spec.rb +59 -10
- data/spec/lib/workos/webhooks_spec.rb +0 -1
- data/spec/spec_helper.rb +6 -9
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid_with_impersonator.yml +80 -0
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_email_verification/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml +81 -0
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml +81 -0
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_totp/valid.yml +1 -1
- data/spec/support/shared_examples/client_spec.rb +0 -1
- data/workos.gemspec +1 -6
- metadata +19 -129
- data/.semaphore/rubygems.yml +0 -24
- data/.semaphore/semaphore.yml +0 -51
- data/bin/tapioca +0 -29
- data/codecov.yml +0 -12
- data/devbox.json +0 -18
- data/devbox.lock +0 -11
- data/lib/workos/types/audit_log_export_struct.rb +0 -17
- data/lib/workos/types/challenge_struct.rb +0 -18
- data/lib/workos/types/connection_struct.rb +0 -20
- data/lib/workos/types/directory_group_struct.rb +0 -19
- data/lib/workos/types/directory_struct.rb +0 -19
- data/lib/workos/types/directory_user_struct.rb +0 -26
- data/lib/workos/types/event_struct.rb +0 -15
- data/lib/workos/types/factor_struct.rb +0 -18
- data/lib/workos/types/intent_enum.rb +0 -17
- data/lib/workos/types/invitation_struct.rb +0 -20
- data/lib/workos/types/magic_auth_challenge_struct.rb +0 -12
- data/lib/workos/types/organization_membership_struct.rb +0 -16
- data/lib/workos/types/organization_struct.rb +0 -17
- data/lib/workos/types/profile_struct.rb +0 -21
- data/lib/workos/types/provider_enum.rb +0 -16
- data/lib/workos/types/user_struct.rb +0 -18
- data/lib/workos/types/verify_challenge_struct.rb +0 -13
- data/lib/workos/types/webhook_struct.rb +0 -15
- data/sorbet/config +0 -2
- data/sorbet/rbi/gems/addressable@2.8.0.rbi +0 -290
- data/sorbet/rbi/gems/ast@2.4.2.rbi +0 -54
- data/sorbet/rbi/gems/codecov@0.2.12.rbi +0 -55
- data/sorbet/rbi/gems/coderay@1.1.3.rbi +0 -8
- data/sorbet/rbi/gems/crack@0.4.5.rbi +0 -57
- data/sorbet/rbi/gems/diff-lcs@1.4.4.rbi +0 -185
- data/sorbet/rbi/gems/docile@1.3.5.rbi +0 -54
- data/sorbet/rbi/gems/hashdiff@1.0.1.rbi +0 -82
- data/sorbet/rbi/gems/json@2.5.1.rbi +0 -109
- data/sorbet/rbi/gems/method_source@1.0.0.rbi +0 -8
- data/sorbet/rbi/gems/parallel@1.20.1.rbi +0 -113
- data/sorbet/rbi/gems/parser@3.0.1.0.rbi +0 -1187
- data/sorbet/rbi/gems/pry@0.14.2.rbi +0 -8
- data/sorbet/rbi/gems/public_suffix@4.0.6.rbi +0 -146
- data/sorbet/rbi/gems/rainbow@3.0.0.rbi +0 -153
- data/sorbet/rbi/gems/rake@13.0.3.rbi +0 -807
- data/sorbet/rbi/gems/rbi@0.0.16.rbi +0 -2118
- data/sorbet/rbi/gems/regexp_parser@2.1.1.rbi +0 -1117
- data/sorbet/rbi/gems/rexml@3.2.5.rbi +0 -709
- data/sorbet/rbi/gems/rspec-core@3.9.3.rbi +0 -2467
- data/sorbet/rbi/gems/rspec-expectations@3.9.4.rbi +0 -1569
- data/sorbet/rbi/gems/rspec-mocks@3.9.1.rbi +0 -1493
- data/sorbet/rbi/gems/rspec-support@3.9.4.rbi +0 -511
- data/sorbet/rbi/gems/rspec@3.9.0.rbi +0 -38
- data/sorbet/rbi/gems/rubocop-ast@1.4.1.rbi +0 -1881
- data/sorbet/rbi/gems/rubocop@0.93.1.rbi +0 -11497
- data/sorbet/rbi/gems/ruby-progressbar@1.11.0.rbi +0 -405
- data/sorbet/rbi/gems/simplecov-html@0.12.3.rbi +0 -89
- data/sorbet/rbi/gems/simplecov@0.21.2.rbi +0 -577
- data/sorbet/rbi/gems/simplecov_json_formatter@0.1.2.rbi +0 -8
- data/sorbet/rbi/gems/spoom@1.1.15.rbi +0 -1549
- data/sorbet/rbi/gems/tapioca@0.7.3.rbi +0 -1718
- data/sorbet/rbi/gems/thor@1.2.1.rbi +0 -844
- data/sorbet/rbi/gems/unicode-display_width@1.7.0.rbi +0 -22
- data/sorbet/rbi/gems/unparser@0.6.2.rbi +0 -8
- data/sorbet/rbi/gems/vcr@5.0.0.rbi +0 -699
- data/sorbet/rbi/gems/webmock@3.12.2.rbi +0 -662
- data/sorbet/rbi/gems/yard-sorbet@0.8.0.rbi +0 -268
- data/sorbet/rbi/gems/yard@0.9.26.rbi +0 -4048
- data/sorbet/tapioca/config.yml +0 -13
- data/sorbet/tapioca/require.rb +0 -4
data/lib/workos/user.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: true
|
3
2
|
|
4
3
|
module WorkOS
|
5
4
|
# The User class provides a lightweight wrapper around a WorkOS User
|
@@ -7,23 +6,21 @@ module WorkOS
|
|
7
6
|
# and is instantiated internally but exposed.
|
8
7
|
class User
|
9
8
|
include HashProvider
|
10
|
-
extend T::Sig
|
11
9
|
|
12
10
|
attr_accessor :id, :email, :first_name, :last_name, :email_verified,
|
13
11
|
:profile_picture_url, :created_at, :updated_at
|
14
12
|
|
15
|
-
sig { params(json: String).void }
|
16
13
|
def initialize(json)
|
17
|
-
|
18
|
-
|
19
|
-
@id =
|
20
|
-
@email =
|
21
|
-
@first_name =
|
22
|
-
@last_name =
|
23
|
-
@email_verified =
|
24
|
-
@profile_picture_url =
|
25
|
-
@created_at =
|
26
|
-
@updated_at =
|
14
|
+
hash = JSON.parse(json, symbolize_names: true)
|
15
|
+
|
16
|
+
@id = hash[:id]
|
17
|
+
@email = hash[:email]
|
18
|
+
@first_name = hash[:first_name]
|
19
|
+
@last_name = hash[:last_name]
|
20
|
+
@email_verified = hash[:email_verified]
|
21
|
+
@profile_picture_url = hash[:profile_picture_url]
|
22
|
+
@created_at = hash[:created_at]
|
23
|
+
@updated_at = hash[:updated_at]
|
27
24
|
end
|
28
25
|
|
29
26
|
def to_json(*)
|
@@ -38,23 +35,5 @@ module WorkOS
|
|
38
35
|
updated_at: updated_at,
|
39
36
|
}
|
40
37
|
end
|
41
|
-
|
42
|
-
private
|
43
|
-
|
44
|
-
sig { params(json_string: String).returns(WorkOS::Types::UserStruct) }
|
45
|
-
def parse_json(json_string)
|
46
|
-
hash = JSON.parse(json_string, symbolize_names: true)
|
47
|
-
|
48
|
-
WorkOS::Types::UserStruct.new(
|
49
|
-
id: hash[:id],
|
50
|
-
email: hash[:email],
|
51
|
-
first_name: hash[:first_name],
|
52
|
-
last_name: hash[:last_name],
|
53
|
-
email_verified: hash[:email_verified],
|
54
|
-
profile_picture_url: hash[:profile_picture_url],
|
55
|
-
created_at: hash[:created_at],
|
56
|
-
updated_at: hash[:updated_at],
|
57
|
-
)
|
58
|
-
end
|
59
38
|
end
|
60
39
|
end
|
@@ -1,5 +1,4 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: true
|
3
2
|
|
4
3
|
module WorkOS
|
5
4
|
# The UserAndToken class represents a User and a corresponding Token. This
|
@@ -7,15 +6,13 @@ module WorkOS
|
|
7
6
|
# internally but exposed.
|
8
7
|
class UserAndToken
|
9
8
|
include HashProvider
|
10
|
-
extend T::Sig
|
11
9
|
|
12
10
|
attr_accessor :token, :user
|
13
11
|
|
14
|
-
sig { params(user_and_token_json: String).void }
|
15
12
|
def initialize(user_and_token_json)
|
16
13
|
json = JSON.parse(user_and_token_json, symbolize_names: true)
|
17
14
|
|
18
|
-
@token =
|
15
|
+
@token = json[:token]
|
19
16
|
@user = WorkOS::User.new(json[:user].to_json)
|
20
17
|
end
|
21
18
|
|
@@ -1,5 +1,4 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: true
|
3
2
|
|
4
3
|
require 'net/http'
|
5
4
|
require 'uri'
|
@@ -11,32 +10,31 @@ module WorkOS
|
|
11
10
|
# rubocop:disable Metrics/ModuleLength
|
12
11
|
module UserManagement
|
13
12
|
module Types
|
14
|
-
# The ProviderEnum is
|
13
|
+
# The ProviderEnum is a declaration of a
|
15
14
|
# fixed set of values for User Management Providers.
|
16
|
-
class Provider
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
15
|
+
class Provider
|
16
|
+
GitHub = 'GitHubOAuth'
|
17
|
+
Google = 'GoogleOAuth'
|
18
|
+
Microsoft = 'MicrosoftOAuth'
|
19
|
+
AuthKit = 'authkit'
|
20
|
+
|
21
|
+
ALL = [GitHub, Google, Microsoft, AuthKit].freeze
|
23
22
|
end
|
24
23
|
|
25
|
-
# The AuthFactorType is
|
24
|
+
# The AuthFactorType is a declaration of a
|
26
25
|
# fixed set of factor values to enroll
|
27
|
-
class AuthFactorType
|
28
|
-
|
29
|
-
|
30
|
-
|
26
|
+
class AuthFactorType
|
27
|
+
Totp = 'totp'
|
28
|
+
|
29
|
+
ALL = [Totp].freeze
|
31
30
|
end
|
32
31
|
end
|
33
32
|
|
34
33
|
class << self
|
35
|
-
extend T::Sig
|
36
34
|
include Client
|
37
35
|
|
38
|
-
PROVIDERS = WorkOS::UserManagement::Types::Provider
|
39
|
-
AUTH_FACTOR_TYPES = WorkOS::UserManagement::Types::AuthFactorType
|
36
|
+
PROVIDERS = WorkOS::UserManagement::Types::Provider::ALL
|
37
|
+
AUTH_FACTOR_TYPES = WorkOS::UserManagement::Types::AuthFactorType::ALL
|
40
38
|
|
41
39
|
# Generate an OAuth 2.0 authorization URL that automatically directs a user
|
42
40
|
# to their Identity Provider.
|
@@ -74,18 +72,6 @@ module WorkOS
|
|
74
72
|
#
|
75
73
|
# @return [String]
|
76
74
|
# rubocop:disable Metrics/ParameterLists
|
77
|
-
sig do
|
78
|
-
params(
|
79
|
-
redirect_uri: String,
|
80
|
-
client_id: T.nilable(String),
|
81
|
-
domain_hint: T.nilable(String),
|
82
|
-
login_hint: T.nilable(String),
|
83
|
-
provider: T.nilable(String),
|
84
|
-
connection_id: T.nilable(String),
|
85
|
-
organization_id: T.nilable(String),
|
86
|
-
state: T.nilable(String),
|
87
|
-
).returns(String)
|
88
|
-
end
|
89
75
|
def authorization_url(
|
90
76
|
redirect_uri:,
|
91
77
|
client_id: nil,
|
@@ -124,9 +110,6 @@ module WorkOS
|
|
124
110
|
# @param [String] id The unique ID of the User.
|
125
111
|
#
|
126
112
|
# @return WorkOS::User
|
127
|
-
sig do
|
128
|
-
params(id: String).returns(WorkOS::User)
|
129
|
-
end
|
130
113
|
def get_user(id:)
|
131
114
|
response = execute_request(
|
132
115
|
request: get_request(
|
@@ -151,11 +134,6 @@ module WorkOS
|
|
151
134
|
# before a provided User ID.
|
152
135
|
#
|
153
136
|
# @return [WorkOS::User]
|
154
|
-
sig do
|
155
|
-
params(
|
156
|
-
options: T::Hash[Symbol, String],
|
157
|
-
).returns(WorkOS::Types::ListStruct)
|
158
|
-
end
|
159
137
|
def list_users(options = {})
|
160
138
|
options[:order] ||= 'desc'
|
161
139
|
response = execute_request(
|
@@ -185,18 +163,20 @@ module WorkOS
|
|
185
163
|
# @param [String] first_name The user's first name.
|
186
164
|
# @param [String] last_name The user's last name.
|
187
165
|
# @param [Boolean] email_verified Whether the user's email address was previously verified.
|
166
|
+
# @param [String] password_hash The user's hashed password.
|
167
|
+
# @option [String] password_hash_type The algorithm originally used to hash the password.
|
188
168
|
#
|
189
169
|
# @return [WorkOS::User]
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
170
|
+
# rubocop:disable Metrics/ParameterLists
|
171
|
+
def create_user(
|
172
|
+
email:,
|
173
|
+
password: nil,
|
174
|
+
first_name: nil,
|
175
|
+
last_name: nil,
|
176
|
+
email_verified: nil,
|
177
|
+
password_hash: nil,
|
178
|
+
password_hash_type: nil
|
179
|
+
)
|
200
180
|
request = post_request(
|
201
181
|
path: '/user_management/users',
|
202
182
|
body: {
|
@@ -205,6 +185,8 @@ module WorkOS
|
|
205
185
|
first_name: first_name,
|
206
186
|
last_name: last_name,
|
207
187
|
email_verified: email_verified,
|
188
|
+
password_hash: password_hash,
|
189
|
+
password_hash_type: password_hash_type,
|
208
190
|
},
|
209
191
|
auth: true,
|
210
192
|
)
|
@@ -226,18 +208,6 @@ module WorkOS
|
|
226
208
|
# Valid values are bcrypt.
|
227
209
|
#
|
228
210
|
# @return [WorkOS::User]
|
229
|
-
# rubocop:disable Metrics/ParameterLists
|
230
|
-
sig do
|
231
|
-
params(
|
232
|
-
id: String,
|
233
|
-
first_name: T.nilable(String),
|
234
|
-
last_name: T.nilable(String),
|
235
|
-
email_verified: T.nilable(T::Boolean),
|
236
|
-
password: T.nilable(String),
|
237
|
-
password_hash: T.nilable(String),
|
238
|
-
password_hash_type: T.nilable(String),
|
239
|
-
).returns(WorkOS::User)
|
240
|
-
end
|
241
211
|
def update_user(
|
242
212
|
id:,
|
243
213
|
first_name: nil,
|
@@ -271,11 +241,6 @@ module WorkOS
|
|
271
241
|
# @param [String] id The unique ID of the User.
|
272
242
|
#
|
273
243
|
# @return [Bool] - returns `true` if successful
|
274
|
-
sig do
|
275
|
-
params(
|
276
|
-
id: String,
|
277
|
-
).returns(T::Boolean)
|
278
|
-
end
|
279
244
|
def delete_user(id:)
|
280
245
|
response = execute_request(
|
281
246
|
request: delete_request(
|
@@ -296,16 +261,6 @@ module WorkOS
|
|
296
261
|
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
|
297
262
|
#
|
298
263
|
# @return WorkOS::AuthenticationResponse
|
299
|
-
|
300
|
-
sig do
|
301
|
-
params(
|
302
|
-
email: String,
|
303
|
-
password: String,
|
304
|
-
client_id: String,
|
305
|
-
ip_address: T.nilable(String),
|
306
|
-
user_agent: T.nilable(String),
|
307
|
-
).returns(WorkOS::AuthenticationResponse)
|
308
|
-
end
|
309
264
|
def authenticate_with_password(email:, password:, client_id:, ip_address: nil, user_agent: nil)
|
310
265
|
response = execute_request(
|
311
266
|
request: post_request(
|
@@ -334,15 +289,6 @@ module WorkOS
|
|
334
289
|
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
|
335
290
|
#
|
336
291
|
# @return WorkOS::AuthenticationResponse
|
337
|
-
|
338
|
-
sig do
|
339
|
-
params(
|
340
|
-
code: String,
|
341
|
-
client_id: String,
|
342
|
-
ip_address: T.nilable(String),
|
343
|
-
user_agent: T.nilable(String),
|
344
|
-
).returns(WorkOS::AuthenticationResponse)
|
345
|
-
end
|
346
292
|
def authenticate_with_code(
|
347
293
|
code:,
|
348
294
|
client_id:,
|
@@ -366,6 +312,37 @@ module WorkOS
|
|
366
312
|
WorkOS::AuthenticationResponse.new(response.body)
|
367
313
|
end
|
368
314
|
|
315
|
+
# Authenticate a user using a refresh token.
|
316
|
+
#
|
317
|
+
# @param [String] refresh_token The refresh token previously obtained from a successful authentication call
|
318
|
+
# @param [String] client_id The WorkOS client ID for the environment
|
319
|
+
# @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
|
320
|
+
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
|
321
|
+
#
|
322
|
+
# @return WorkOS::RefreshAuthenticationResponse
|
323
|
+
def authenticate_with_refresh_token(
|
324
|
+
refresh_token:,
|
325
|
+
client_id:,
|
326
|
+
ip_address: nil,
|
327
|
+
user_agent: nil
|
328
|
+
)
|
329
|
+
response = execute_request(
|
330
|
+
request: post_request(
|
331
|
+
path: '/user_management/authenticate',
|
332
|
+
body: {
|
333
|
+
refresh_token: refresh_token,
|
334
|
+
client_id: client_id,
|
335
|
+
client_secret: WorkOS.config.key!,
|
336
|
+
ip_address: ip_address,
|
337
|
+
user_agent: user_agent,
|
338
|
+
grant_type: 'refresh_token',
|
339
|
+
},
|
340
|
+
),
|
341
|
+
)
|
342
|
+
|
343
|
+
WorkOS::RefreshAuthenticationResponse.new(response.body)
|
344
|
+
end
|
345
|
+
|
369
346
|
# Authenticate user by Magic Auth Code.
|
370
347
|
#
|
371
348
|
# @param [String] code The one-time code that was emailed to the user.
|
@@ -377,17 +354,6 @@ module WorkOS
|
|
377
354
|
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
|
378
355
|
#
|
379
356
|
# @return WorkOS::AuthenticationResponse
|
380
|
-
|
381
|
-
sig do
|
382
|
-
params(
|
383
|
-
code: String,
|
384
|
-
email: String,
|
385
|
-
client_id: String,
|
386
|
-
ip_address: T.nilable(String),
|
387
|
-
user_agent: T.nilable(String),
|
388
|
-
link_authorization_code: T.nilable(String),
|
389
|
-
).returns(WorkOS::AuthenticationResponse)
|
390
|
-
end
|
391
357
|
def authenticate_with_magic_auth(
|
392
358
|
code:,
|
393
359
|
email:,
|
@@ -415,7 +381,6 @@ module WorkOS
|
|
415
381
|
WorkOS::AuthenticationResponse.new(response.body)
|
416
382
|
end
|
417
383
|
|
418
|
-
|
419
384
|
# Authenticate a user into an organization they are a member of.
|
420
385
|
#
|
421
386
|
# @param [String] client_id The WorkOS client ID for the environment.
|
@@ -425,15 +390,6 @@ module WorkOS
|
|
425
390
|
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
|
426
391
|
#
|
427
392
|
# @return WorkOS::AuthenticationResponse
|
428
|
-
sig do
|
429
|
-
params(
|
430
|
-
client_id: String,
|
431
|
-
organization_id: String,
|
432
|
-
pending_authentication_token: String,
|
433
|
-
ip_address: T.nilable(String),
|
434
|
-
user_agent: T.nilable(String),
|
435
|
-
).returns(WorkOS::AuthenticationResponse)
|
436
|
-
end
|
437
393
|
def authenticate_with_organization_selection(
|
438
394
|
client_id:,
|
439
395
|
organization_id:,
|
@@ -471,17 +427,6 @@ module WorkOS
|
|
471
427
|
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
|
472
428
|
#
|
473
429
|
# @return WorkOS::AuthenticationResponse
|
474
|
-
|
475
|
-
sig do
|
476
|
-
params(
|
477
|
-
code: String,
|
478
|
-
client_id: String,
|
479
|
-
pending_authentication_token: String,
|
480
|
-
authentication_challenge_id: String,
|
481
|
-
ip_address: T.nilable(String),
|
482
|
-
user_agent: T.nilable(String),
|
483
|
-
).returns(WorkOS::AuthenticationResponse)
|
484
|
-
end
|
485
430
|
def authenticate_with_totp(
|
486
431
|
code:,
|
487
432
|
client_id:,
|
@@ -519,16 +464,6 @@ module WorkOS
|
|
519
464
|
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
|
520
465
|
#
|
521
466
|
# @return WorkOS::AuthenticationResponse
|
522
|
-
|
523
|
-
sig do
|
524
|
-
params(
|
525
|
-
code: String,
|
526
|
-
client_id: String,
|
527
|
-
pending_authentication_token: String,
|
528
|
-
ip_address: T.nilable(String),
|
529
|
-
user_agent: T.nilable(String),
|
530
|
-
).returns(WorkOS::AuthenticationResponse)
|
531
|
-
end
|
532
467
|
def authenticate_with_email_verification(
|
533
468
|
code:,
|
534
469
|
client_id:,
|
@@ -554,16 +489,56 @@ module WorkOS
|
|
554
489
|
WorkOS::AuthenticationResponse.new(response.body)
|
555
490
|
end
|
556
491
|
|
492
|
+
# Get the logout URL for a session
|
493
|
+
#
|
494
|
+
# The user's browser should be navigated to this URL
|
495
|
+
#
|
496
|
+
# @param [String] session_id The session ID can be found in the `sid`
|
497
|
+
# claim of the access token
|
498
|
+
#
|
499
|
+
# @return String
|
500
|
+
def get_logout_url(session_id:)
|
501
|
+
URI::HTTPS.build(
|
502
|
+
host: WorkOS.config.api_hostname,
|
503
|
+
path: '/user_management/sessions/logout',
|
504
|
+
query: "session_id=#{session_id}",
|
505
|
+
).to_s
|
506
|
+
end
|
507
|
+
|
508
|
+
# Revokes a session
|
509
|
+
#
|
510
|
+
# @param [String] session_id The session ID can be found in the `sid`
|
511
|
+
# claim of the access token
|
512
|
+
def revoke_session(session_id:)
|
513
|
+
execute_request(
|
514
|
+
request: post_request(
|
515
|
+
path: '/user_management/sessions/revoke',
|
516
|
+
body: {
|
517
|
+
session_id: session_id,
|
518
|
+
},
|
519
|
+
),
|
520
|
+
)
|
521
|
+
end
|
522
|
+
|
523
|
+
# Get the JWKS URL
|
524
|
+
#
|
525
|
+
# The JWKS can be used to validate the access token returned upon successful authentication
|
526
|
+
#
|
527
|
+
# @param [String] client_id The WorkOS client ID for the environment
|
528
|
+
#
|
529
|
+
# @return String
|
530
|
+
def get_jwks_url(client_id)
|
531
|
+
URI::HTTPS.build(
|
532
|
+
host: WorkOS.config.api_hostname,
|
533
|
+
path: "/sso/jwks/#{client_id}",
|
534
|
+
).to_s
|
535
|
+
end
|
536
|
+
|
557
537
|
# Create a one-time Magic Auth code and emails it to the user.
|
558
538
|
#
|
559
539
|
# @param [String] email The email address the one-time code will be sent to.
|
560
540
|
#
|
561
541
|
# @return Boolean
|
562
|
-
sig do
|
563
|
-
params(
|
564
|
-
email: String,
|
565
|
-
).returns(T::Boolean)
|
566
|
-
end
|
567
542
|
def send_magic_auth_code(email:)
|
568
543
|
response = execute_request(
|
569
544
|
request: post_request(
|
@@ -587,14 +562,6 @@ module WorkOS
|
|
587
562
|
# @param [String] totp_user For totp factors. Used as the account name in authenticator apps.
|
588
563
|
#
|
589
564
|
# @return WorkOS::AuthenticationFactorAndChallenge
|
590
|
-
sig do
|
591
|
-
params(
|
592
|
-
user_id: String,
|
593
|
-
type: String,
|
594
|
-
totp_issuer: T.nilable(String),
|
595
|
-
totp_user: T.nilable(String),
|
596
|
-
).returns(WorkOS::AuthenticationFactorAndChallenge)
|
597
|
-
end
|
598
565
|
def enroll_auth_factor(user_id:, type:, totp_issuer: nil, totp_user: nil)
|
599
566
|
validate_auth_factor_type(
|
600
567
|
type: type,
|
@@ -620,11 +587,6 @@ module WorkOS
|
|
620
587
|
# @param [String] user_id The id for the user.
|
621
588
|
#
|
622
589
|
# @return WorkOS::ListStruct
|
623
|
-
sig do
|
624
|
-
params(
|
625
|
-
user_id: String,
|
626
|
-
).returns(WorkOS::Types::ListStruct)
|
627
|
-
end
|
628
590
|
def list_auth_factors(user_id:)
|
629
591
|
response = execute_request(
|
630
592
|
request: get_request(
|
@@ -650,11 +612,6 @@ module WorkOS
|
|
650
612
|
# @param [String] user_id The unique ID of the User whose email address will be verified.
|
651
613
|
#
|
652
614
|
# @return WorkOS::UserResponse
|
653
|
-
sig do
|
654
|
-
params(
|
655
|
-
user_id: String,
|
656
|
-
).returns(WorkOS::UserResponse)
|
657
|
-
end
|
658
615
|
def send_verification_email(user_id:)
|
659
616
|
response = execute_request(
|
660
617
|
request: post_request(
|
@@ -672,12 +629,6 @@ module WorkOS
|
|
672
629
|
# @param [String] code The one-time code emailed to the user.
|
673
630
|
#
|
674
631
|
# @return WorkOS::UserResponse
|
675
|
-
sig do
|
676
|
-
params(
|
677
|
-
user_id: String,
|
678
|
-
code: String,
|
679
|
-
).returns(WorkOS::UserResponse)
|
680
|
-
end
|
681
632
|
def verify_email(user_id:, code:)
|
682
633
|
response = execute_request(
|
683
634
|
request: post_request(
|
@@ -698,12 +649,6 @@ module WorkOS
|
|
698
649
|
# @param [String] password_reset_url The URL that will be linked to in the email.
|
699
650
|
#
|
700
651
|
# @return [Bool] - returns `true` if successful
|
701
|
-
sig do
|
702
|
-
params(
|
703
|
-
email: String,
|
704
|
-
password_reset_url: String,
|
705
|
-
).returns(T::Boolean)
|
706
|
-
end
|
707
652
|
def send_password_reset_email(email:, password_reset_url:)
|
708
653
|
request = post_request(
|
709
654
|
path: '/user_management/password_reset/send',
|
@@ -725,12 +670,6 @@ module WorkOS
|
|
725
670
|
# @param [String] new_password The new password to set for the user.
|
726
671
|
#
|
727
672
|
# @return WorkOS::User
|
728
|
-
sig do
|
729
|
-
params(
|
730
|
-
token: String,
|
731
|
-
new_password: String,
|
732
|
-
).returns(WorkOS::User)
|
733
|
-
end
|
734
673
|
def reset_password(token:, new_password:)
|
735
674
|
response = execute_request(
|
736
675
|
request: post_request(
|
@@ -751,9 +690,6 @@ module WorkOS
|
|
751
690
|
# @param [String] id The unique ID of the Organization Membership.
|
752
691
|
#
|
753
692
|
# @return WorkOS::OrganizationMembership
|
754
|
-
sig do
|
755
|
-
params(id: String).returns(WorkOS::OrganizationMembership)
|
756
|
-
end
|
757
693
|
def get_organization_membership(id:)
|
758
694
|
response = execute_request(
|
759
695
|
request: get_request(
|
@@ -778,11 +714,6 @@ module WorkOS
|
|
778
714
|
# before a provided User ID.
|
779
715
|
#
|
780
716
|
# @return [WorkOS::OrganizationMembership]
|
781
|
-
sig do
|
782
|
-
params(
|
783
|
-
options: T::Hash[Symbol, String],
|
784
|
-
).returns(WorkOS::Types::ListStruct)
|
785
|
-
end
|
786
717
|
def list_organization_memberships(options = {})
|
787
718
|
options[:order] ||= 'desc'
|
788
719
|
response = execute_request(
|
@@ -811,12 +742,6 @@ module WorkOS
|
|
811
742
|
# @param [String] organization_id The ID of the Organization to which the user belongs to.
|
812
743
|
#
|
813
744
|
# @return [WorkOS::OrganizationMembership]
|
814
|
-
sig do
|
815
|
-
params(
|
816
|
-
user_id: String,
|
817
|
-
organization_id: String,
|
818
|
-
).returns(WorkOS::OrganizationMembership)
|
819
|
-
end
|
820
745
|
def create_organization_membership(user_id:, organization_id:)
|
821
746
|
request = post_request(
|
822
747
|
path: '/user_management/organization_memberships',
|
@@ -837,11 +762,6 @@ module WorkOS
|
|
837
762
|
# @param [String] id The unique ID of the Organization Membership.
|
838
763
|
#
|
839
764
|
# @return [Bool] - returns `true` if successful
|
840
|
-
sig do
|
841
|
-
params(
|
842
|
-
id: String,
|
843
|
-
).returns(T::Boolean)
|
844
|
-
end
|
845
765
|
def delete_organization_membership(id:)
|
846
766
|
response = execute_request(
|
847
767
|
request: delete_request(
|
@@ -858,9 +778,6 @@ module WorkOS
|
|
858
778
|
# @param [String] id The unique ID of the Invitation.
|
859
779
|
#
|
860
780
|
# @return WorkOS::Invitation
|
861
|
-
sig do
|
862
|
-
params(id: String).returns(WorkOS::Invitation)
|
863
|
-
end
|
864
781
|
def get_invitation(id:)
|
865
782
|
response = execute_request(
|
866
783
|
request: get_request(
|
@@ -885,11 +802,6 @@ module WorkOS
|
|
885
802
|
# before a provided User ID.
|
886
803
|
#
|
887
804
|
# @return [WorkOS::Invitation]
|
888
|
-
sig do
|
889
|
-
params(
|
890
|
-
options: T::Hash[Symbol, String],
|
891
|
-
).returns(WorkOS::Types::ListStruct)
|
892
|
-
end
|
893
805
|
def list_invitations(options = {})
|
894
806
|
options[:order] ||= 'desc'
|
895
807
|
response = execute_request(
|
@@ -919,17 +831,10 @@ module WorkOS
|
|
919
831
|
# @param [Integer] expires_in_days The number of days the invitations will be valid for.
|
920
832
|
# Must be between 1 and 30, defaults to 7 if not specified.
|
921
833
|
# @param [String] inviter_user_id The ID of the User sending the invitation.
|
834
|
+
# @param [String] role_slug The slug of the role to assign to the user upon invitation.
|
922
835
|
#
|
923
836
|
# @return WorkOS::Invitation
|
924
|
-
|
925
|
-
params(
|
926
|
-
email: String,
|
927
|
-
organization_id: T.nilable(String),
|
928
|
-
expires_in_days: T.nilable(Integer),
|
929
|
-
inviter_user_id: T.nilable(String),
|
930
|
-
).returns(WorkOS::Invitation)
|
931
|
-
end
|
932
|
-
def send_invitation(email:, organization_id: nil, expires_in_days: nil, inviter_user_id: nil)
|
837
|
+
def send_invitation(email:, organization_id: nil, expires_in_days: nil, inviter_user_id: nil, role_slug: nil)
|
933
838
|
response = execute_request(
|
934
839
|
request: post_request(
|
935
840
|
path: '/user_management/invitations',
|
@@ -938,6 +843,7 @@ module WorkOS
|
|
938
843
|
organization_id: organization_id,
|
939
844
|
expires_in_days: expires_in_days,
|
940
845
|
inviter_user_id: inviter_user_id,
|
846
|
+
role_slug: role_slug,
|
941
847
|
},
|
942
848
|
auth: true,
|
943
849
|
),
|
@@ -951,9 +857,6 @@ module WorkOS
|
|
951
857
|
# @param [String] id The unique ID of the Invitation.
|
952
858
|
#
|
953
859
|
# @return WorkOS::Invitation
|
954
|
-
sig do
|
955
|
-
params(id: String).returns(WorkOS::Invitation)
|
956
|
-
end
|
957
860
|
def revoke_invitation(id:)
|
958
861
|
request = post_request(
|
959
862
|
path: "/user_management/invitations/#{id}/revoke",
|
@@ -967,14 +870,6 @@ module WorkOS
|
|
967
870
|
|
968
871
|
private
|
969
872
|
|
970
|
-
sig do
|
971
|
-
params(
|
972
|
-
provider: T.nilable(String),
|
973
|
-
connection_id: T.nilable(String),
|
974
|
-
organization_id: T.nilable(String),
|
975
|
-
).void
|
976
|
-
end
|
977
|
-
|
978
873
|
def validate_authorization_url_arguments(
|
979
874
|
provider:,
|
980
875
|
connection_id:,
|
@@ -991,12 +886,6 @@ module WorkOS
|
|
991
886
|
" `provider` must be in #{PROVIDERS}"
|
992
887
|
end
|
993
888
|
|
994
|
-
sig do
|
995
|
-
params(
|
996
|
-
type: String,
|
997
|
-
).void
|
998
|
-
end
|
999
|
-
|
1000
889
|
def validate_auth_factor_type(
|
1001
890
|
type:
|
1002
891
|
)
|
data/lib/workos/user_response.rb
CHANGED
@@ -1,16 +1,13 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: true
|
3
2
|
|
4
3
|
module WorkOS
|
5
4
|
# The UserResponse class represents a User as well as an corresponding
|
6
5
|
# response data that can later be appended on.
|
7
6
|
class UserResponse
|
8
7
|
include HashProvider
|
9
|
-
extend T::Sig
|
10
8
|
|
11
9
|
attr_accessor :user
|
12
10
|
|
13
|
-
sig { params(user_response_json: String).void }
|
14
11
|
def initialize(user_response_json)
|
15
12
|
json = JSON.parse(user_response_json, symbolize_names: true)
|
16
13
|
@user = WorkOS::User.new(json[:user].to_json)
|