RubyGems - workos - Versions diffs - 4.0.0 → 4.2.0 - Mend

workos 4.0.0 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (139) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +37 -0
data/.github/workflows/release.yml +43 -0
data/.rubocop.yml +8 -1
data/Gemfile.lock +22 -69
data/lib/workos/audit_log_export.rb +8 -31
data/lib/workos/audit_logs.rb +0 -26
data/lib/workos/authentication_factor_and_challenge.rb +0 -3
data/lib/workos/authentication_response.rb +12 -5
data/lib/workos/challenge.rb +9 -28
data/lib/workos/client.rb +0 -41
data/lib/workos/configuration.rb +0 -1
data/lib/workos/connection.rb +11 -35
data/lib/workos/directory.rb +10 -37
data/lib/workos/directory_group.rb +9 -36
data/lib/workos/directory_sync.rb +0 -21
data/lib/workos/directory_user.rb +17 -51
data/lib/workos/errors.rb +0 -16
data/lib/workos/event.rb +5 -26
data/lib/workos/events.rb +0 -7
data/lib/workos/factor.rb +9 -28
data/lib/workos/hash_provider.rb +0 -1
data/lib/workos/impersonator.rb +23 -0
data/lib/workos/invitation.rb +12 -37
data/lib/workos/mfa.rb +0 -42
data/lib/workos/organization.rb +8 -31
data/lib/workos/organization_membership.rb +8 -27
data/lib/workos/organizations.rb +0 -26
data/lib/workos/passwordless.rb +0 -14
data/lib/workos/portal.rb +1 -13
data/lib/workos/profile.rb +12 -39
data/lib/workos/profile_and_token.rb +1 -4
data/lib/workos/refresh_authentication_response.rb +24 -0
data/lib/workos/sso.rb +1 -43
data/lib/workos/types/intent.rb +16 -0
data/lib/workos/types/list_struct.rb +8 -5
data/lib/workos/types/passwordless_session_struct.rb +10 -9
data/lib/workos/types/provider.rb +15 -0
data/lib/workos/types.rb +5 -23
data/lib/workos/user.rb +10 -31
data/lib/workos/user_and_token.rb +1 -4
data/lib/workos/user_management.rb +108 -219
data/lib/workos/user_response.rb +0 -3
data/lib/workos/verify_challenge.rb +4 -18
data/lib/workos/version.rb +1 -2
data/lib/workos/webhook.rb +5 -26
data/lib/workos/webhooks.rb +1 -38
data/lib/workos.rb +2 -2
data/spec/lib/workos/audit_logs_spec.rb +2 -3
data/spec/lib/workos/configuration_spec.rb +0 -1
data/spec/lib/workos/directory_sync_spec.rb +0 -1
data/spec/lib/workos/directory_user_spec.rb +0 -1
data/spec/lib/workos/event_spec.rb +0 -1
data/spec/lib/workos/mfa_spec.rb +0 -1
data/spec/lib/workos/organizations_spec.rb +0 -1
data/spec/lib/workos/passwordless_spec.rb +0 -1
data/spec/lib/workos/portal_spec.rb +0 -1
data/spec/lib/workos/sso_spec.rb +0 -1
data/spec/lib/workos/user_management_spec.rb +59 -10
data/spec/lib/workos/webhooks_spec.rb +0 -1
data/spec/spec_helper.rb +6 -9
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid_with_impersonator.yml +80 -0
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_email_verification/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml +81 -0
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml +81 -0
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_totp/valid.yml +1 -1
data/spec/support/shared_examples/client_spec.rb +0 -1
data/workos.gemspec +1 -6
metadata +19 -129
data/.semaphore/rubygems.yml +0 -24
data/.semaphore/semaphore.yml +0 -51
data/bin/tapioca +0 -29
data/codecov.yml +0 -12
data/devbox.json +0 -18
data/devbox.lock +0 -11
data/lib/workos/types/audit_log_export_struct.rb +0 -17
data/lib/workos/types/challenge_struct.rb +0 -18
data/lib/workos/types/connection_struct.rb +0 -20
data/lib/workos/types/directory_group_struct.rb +0 -19
data/lib/workos/types/directory_struct.rb +0 -19
data/lib/workos/types/directory_user_struct.rb +0 -26
data/lib/workos/types/event_struct.rb +0 -15
data/lib/workos/types/factor_struct.rb +0 -18
data/lib/workos/types/intent_enum.rb +0 -17
data/lib/workos/types/invitation_struct.rb +0 -20
data/lib/workos/types/magic_auth_challenge_struct.rb +0 -12
data/lib/workos/types/organization_membership_struct.rb +0 -16
data/lib/workos/types/organization_struct.rb +0 -17
data/lib/workos/types/profile_struct.rb +0 -21
data/lib/workos/types/provider_enum.rb +0 -16
data/lib/workos/types/user_struct.rb +0 -18
data/lib/workos/types/verify_challenge_struct.rb +0 -13
data/lib/workos/types/webhook_struct.rb +0 -15
data/sorbet/config +0 -2
data/sorbet/rbi/gems/addressable@2.8.0.rbi +0 -290
data/sorbet/rbi/gems/ast@2.4.2.rbi +0 -54
data/sorbet/rbi/gems/codecov@0.2.12.rbi +0 -55
data/sorbet/rbi/gems/coderay@1.1.3.rbi +0 -8
data/sorbet/rbi/gems/crack@0.4.5.rbi +0 -57
data/sorbet/rbi/gems/diff-lcs@1.4.4.rbi +0 -185
data/sorbet/rbi/gems/docile@1.3.5.rbi +0 -54
data/sorbet/rbi/gems/hashdiff@1.0.1.rbi +0 -82
data/sorbet/rbi/gems/json@2.5.1.rbi +0 -109
data/sorbet/rbi/gems/method_source@1.0.0.rbi +0 -8
data/sorbet/rbi/gems/parallel@1.20.1.rbi +0 -113
data/sorbet/rbi/gems/parser@3.0.1.0.rbi +0 -1187
data/sorbet/rbi/gems/pry@0.14.2.rbi +0 -8
data/sorbet/rbi/gems/public_suffix@4.0.6.rbi +0 -146
data/sorbet/rbi/gems/rainbow@3.0.0.rbi +0 -153
data/sorbet/rbi/gems/rake@13.0.3.rbi +0 -807
data/sorbet/rbi/gems/rbi@0.0.16.rbi +0 -2118
data/sorbet/rbi/gems/regexp_parser@2.1.1.rbi +0 -1117
data/sorbet/rbi/gems/rexml@3.2.5.rbi +0 -709
data/sorbet/rbi/gems/rspec-core@3.9.3.rbi +0 -2467
data/sorbet/rbi/gems/rspec-expectations@3.9.4.rbi +0 -1569
data/sorbet/rbi/gems/rspec-mocks@3.9.1.rbi +0 -1493
data/sorbet/rbi/gems/rspec-support@3.9.4.rbi +0 -511
data/sorbet/rbi/gems/rspec@3.9.0.rbi +0 -38
data/sorbet/rbi/gems/rubocop-ast@1.4.1.rbi +0 -1881
data/sorbet/rbi/gems/rubocop@0.93.1.rbi +0 -11497
data/sorbet/rbi/gems/ruby-progressbar@1.11.0.rbi +0 -405
data/sorbet/rbi/gems/simplecov-html@0.12.3.rbi +0 -89
data/sorbet/rbi/gems/simplecov@0.21.2.rbi +0 -577
data/sorbet/rbi/gems/simplecov_json_formatter@0.1.2.rbi +0 -8
data/sorbet/rbi/gems/spoom@1.1.15.rbi +0 -1549
data/sorbet/rbi/gems/tapioca@0.7.3.rbi +0 -1718
data/sorbet/rbi/gems/thor@1.2.1.rbi +0 -844
data/sorbet/rbi/gems/unicode-display_width@1.7.0.rbi +0 -22
data/sorbet/rbi/gems/unparser@0.6.2.rbi +0 -8
data/sorbet/rbi/gems/vcr@5.0.0.rbi +0 -699
data/sorbet/rbi/gems/webmock@3.12.2.rbi +0 -662
data/sorbet/rbi/gems/yard-sorbet@0.8.0.rbi +0 -268
data/sorbet/rbi/gems/yard@0.9.26.rbi +0 -4048
data/sorbet/tapioca/config.yml +0 -13
data/sorbet/tapioca/require.rb +0 -4

data/lib/workos/verify_challenge.rb CHANGED Viewed

@@ -1,20 +1,18 @@
 # frozen_string_literal: true
-# typed: false
 module WorkOS
   # The VerifyChallenge class provides a lightweight wrapper around
   # a WorkOS Authentication Challenge resource.
   class VerifyChallenge
     include HashProvider
-    extend T::Sig
     attr_accessor :challenge, :valid
-    sig { params(json: String).void }
     def initialize(json)
-      raw = parse_json(json)
-      @challenge = T.let(raw.challenge, Hash)
-      @valid = raw.valid
+      hash = JSON.parse(json, symbolize_names: true)
+      @challenge = hash[:challenge]
+      @valid = hash[:valid]
     end
     def to_json(*)
@@ -23,17 +21,5 @@ module WorkOS
         valid: valid,
       }
     end
-    private
-    sig { params(json_string: String).returns(WorkOS::Types::VerifyChallengeStruct) }
-    def parse_json(json_string)
-      hash = JSON.parse(json_string, symbolize_names: true)
-      WorkOS::Types::VerifyChallengeStruct.new(
-        challenge: hash[:challenge],
-        valid: hash[:valid],
-      )
-    end
   end
 end

data/lib/workos/version.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-# typed: strong
 module WorkOS
-  VERSION = '4.0.0'
+  VERSION = '4.2.0'
 end

data/lib/workos/webhook.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: true
 module WorkOS
   # The Webhook class provides a lightweight wrapper around
@@ -7,18 +6,16 @@ module WorkOS
   # in user space, and is instantiated internally but exposed.
   class Webhook
     include HashProvider
-    extend T::Sig
     attr_accessor :id, :event, :data, :created_at
-    sig { params(json: String).void }
     def initialize(json)
-      raw = parse_json(json)
+      hash = JSON.parse(json, symbolize_names: true)
-      @id = T.let(raw.id, String)
-      @event = T.let(raw.event, String)
-      @data = raw.data
-      @created_at = T.let(raw.created_at, String)
+      @id = hash[:id]
+      @event = hash[:event]
+      @data = hash[:data]
+      @created_at = hash[:created_at]
     end
     def to_json(*)
@@ -29,23 +26,5 @@ module WorkOS
         created_at: created_at,
       }
     end
-    private
-    sig do
-      params(
-        json_string: String,
-      ).returns(WorkOS::Types::WebhookStruct)
-    end
-    def parse_json(json_string)
-      hash = JSON.parse(json_string, symbolize_names: true)
-      WorkOS::Types::WebhookStruct.new(
-        id: hash[:id],
-        event: hash[:event],
-        data: hash[:data],
-        created_at: hash[:created_at],
-      )
-    end
   end
 end

data/lib/workos/webhooks.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: true
 require 'openssl'
@@ -14,8 +13,6 @@ module WorkOS
   #
   module Webhooks
     class << self
-      extend T::Sig
       DEFAULT_TOLERANCE = 180
       # Initializes an Event object from a JSON payload
@@ -37,14 +34,6 @@ module WorkOS
       #
       # @return [WorkOS::Webhook]
       # rubocop:enable Layout/LineLength
-      sig do
-        params(
-          payload: String,
-          sig_header: String,
-          secret: String,
-          tolerance: Integer,
-        ).returns(WorkOS::Webhook)
-      end
       def construct_event(
         payload:,
         sig_header:,
@@ -74,14 +63,6 @@ module WorkOS
       #
       # @return Boolean
       # rubocop:enable Layout/LineLength
-      sig do
-        params(
-          payload: String,
-          sig_header: String,
-          secret: String,
-          tolerance: Integer,
-        ).returns(T::Boolean)
-      end
       # rubocop:disable Metrics/AbcSize
       def verify_header(
         payload:,
@@ -134,11 +115,6 @@ module WorkOS
       #   => ['1626125972272', '80f7ab7efadc306eb5797c588cee9410da9be4416782b497bf1e1bf4175fb928']
       #
       # @return Array
-      sig do
-        params(
-          sig_header: String,
-        ).returns([String, String])
-      end
       def get_timestamp_and_signature_hash(
         sig_header:
       )
@@ -174,13 +150,6 @@ module WorkOS
       #
       # @return String
       # rubocop:enable Layout/LineLength
-      sig do
-        params(
-          timestamp: String,
-          payload: String,
-          secret: String,
-        ).returns(String)
-      end
       def compute_signature(
         timestamp:,
         payload:,
@@ -193,19 +162,13 @@ module WorkOS
       # Constant time string comparison to prevent timing attacks
       # Code borrowed from ActiveSupport
-      sig do
-        params(
-          str_a: String,
-          str_b: String,
-        ).returns(T::Boolean)
-      end
       def secure_compare(
         str_a:,
         str_b:
       )
         return false unless str_a.bytesize == str_b.bytesize
-        l = T.unsafe(str_a.unpack("C#{str_a.bytesize}"))
+        l = str_a.unpack("C#{str_a.bytesize}")
         res = 0
         str_b.each_byte { |byte| res |= byte ^ l.shift }

data/lib/workos.rb CHANGED Viewed

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
-# typed: true
 require 'workos/version'
-require 'sorbet-runtime'
 require 'json'
 require 'workos/hash_provider'
 require 'workos/configuration'
@@ -58,6 +56,7 @@ module WorkOS
   autoload :Event, 'workos/event'
   autoload :Events, 'workos/events'
   autoload :Factor, 'workos/factor'
+  autoload :Impersonator, 'workos/impersonator'
   autoload :Invitation, 'workos/invitation'
   autoload :MFA, 'workos/mfa'
   autoload :Organization, 'workos/organization'
@@ -67,6 +66,7 @@ module WorkOS
   autoload :Portal, 'workos/portal'
   autoload :Profile, 'workos/profile'
   autoload :ProfileAndToken, 'workos/profile_and_token'
+  autoload :RefreshAuthenticationResponse, 'workos/refresh_authentication_response'
   autoload :SSO, 'workos/sso'
   autoload :Types, 'workos/types'
   autoload :User, 'workos/user'

data/spec/lib/workos/audit_logs_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::AuditLogs do
   it_behaves_like 'client'
@@ -48,7 +47,7 @@ describe WorkOS::AuditLogs do
               idempotency_key: 'idempotency_key',
             )
-            expect(response).to eq T::Private::Types::Void::VOID
+            expect(response.code).to eq '201'
           end
         end
       end
@@ -61,7 +60,7 @@ describe WorkOS::AuditLogs do
               event: valid_event,
             )
-            expect(response).to eq T::Private::Types::Void::VOID
+            expect(response.code).to eq '201'
           end
         end
       end

data/spec/lib/workos/configuration_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS do
   describe '.configure' do

data/spec/lib/workos/directory_sync_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::DirectorySync do
   it_behaves_like 'client'

data/spec/lib/workos/directory_user_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::DirectoryUser do
   # rubocop:disable Layout/LineLength

data/spec/lib/workos/event_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::Events do
   it_behaves_like 'client'

data/spec/lib/workos/mfa_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::MFA do
   it_behaves_like 'client'

data/spec/lib/workos/organizations_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::Organizations do
   it_behaves_like 'client'

data/spec/lib/workos/passwordless_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::Passwordless do
   it_behaves_like 'client'

data/spec/lib/workos/portal_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::Portal do
   it_behaves_like 'client'

data/spec/lib/workos/sso_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 require 'securerandom'

data/spec/lib/workos/user_management_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::UserManagement do
   it_behaves_like 'client'
@@ -377,7 +376,7 @@ describe WorkOS::UserManagement do
   describe '.authenticate_with_password' do
     context 'with a valid password' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_password/valid') do
+        VCR.use_cassette('user_management/authenticate_with_password/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_password(
             email: 'test@workos.app',
             password: '7YtYic00VWcXatPb',
@@ -418,6 +417,24 @@ describe WorkOS::UserManagement do
             user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
           )
           expect(authentication_response.user.id).to eq('user_01H93ZY4F80YZRRS6N59Z2HFVS')
+          expect(authentication_response.access_token).to eq('<ACCESS_TOKEN>')
+          expect(authentication_response.refresh_token).to eq('<REFRESH_TOKEN>')
+        end
+      end
+      context 'when the user is being impersonated' do
+        it 'contains the impersonator metadata' do
+          VCR.use_cassette('user_management/authenticate_with_code/valid_with_impersonator') do
+            authentication_response = WorkOS::UserManagement.authenticate_with_code(
+              code: '01HRX85ATQB2MN40K4FZ9C2HFR',
+              client_id: 'client_01GS91XFB2YPR1C0NR5SH758Q0',
+            )
+            expect(authentication_response.impersonator).to have_attributes(
+              email: 'admin@foocorp.com',
+              reason: 'For testing.',
+            )
+          end
         end
       end
     end
@@ -438,10 +455,42 @@ describe WorkOS::UserManagement do
     end
   end
+  describe '.authenticate_with_refresh_token' do
+    context 'with a valid refresh_token' do
+      it 'returns user' do
+        VCR.use_cassette('user_management/authenticate_with_refresh_token/valid', tag: :token) do
+          authentication_response = WorkOS::UserManagement.authenticate_with_refresh_token(
+            refresh_token: 'some_refresh_token',
+            client_id: 'client_123',
+            ip_address: '200.240.210.16',
+            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
+          )
+          expect(authentication_response.access_token).to eq('<ACCESS_TOKEN>')
+          expect(authentication_response.refresh_token).to eq('<REFRESH_TOKEN>')
+        end
+      end
+    end
+    context 'with an invalid refresh_token' do
+      it 'raises an error' do
+        VCR.use_cassette('user_management/authenticate_with_refresh_code/invalid', tag: :token) do
+          expect do
+            WorkOS::UserManagement.authenticate_with_refresh_token(
+              refresh_token: 'invalid',
+              client_id: 'client_123',
+              ip_address: '200.240.210.16',
+              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
+            )
+          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
+        end
+      end
+    end
+  end
   describe '.authenticate_with_magic_auth' do
     context 'with a valid code' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_magic_auth/valid') do
+        VCR.use_cassette('user_management/authenticate_with_magic_auth/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_magic_auth(
             code: '452079',
             client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
@@ -456,7 +505,7 @@ describe WorkOS::UserManagement do
     context 'with an invalid code' do
       it 'returns an error' do
-        VCR.use_cassette('user_management/authenticate_with_magic_auth/invalid') do
+        VCR.use_cassette('user_management/authenticate_with_magic_auth/invalid', tag: :token) do
           expect do
             WorkOS::UserManagement.authenticate_with_magic_auth(
               code: 'invalid',
@@ -472,7 +521,7 @@ describe WorkOS::UserManagement do
   describe '.authenticate_with_organization_selection' do
     context 'with a valid code' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_organization_selection/valid') do
+        VCR.use_cassette('user_management/authenticate_with_organization_selection/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_organization_selection(
             client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
             organization_id: 'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
@@ -488,7 +537,7 @@ describe WorkOS::UserManagement do
     context 'with an invalid token' do
       it 'returns an error' do
-        VCR.use_cassette('user_management/authenticate_with_organization_selection/invalid') do
+        VCR.use_cassette('user_management/authenticate_with_organization_selection/invalid', tag: :token) do
           expect do
             WorkOS::UserManagement.authenticate_with_organization_selection(
               organization_id: 'invalid_org_id',
@@ -504,7 +553,7 @@ describe WorkOS::UserManagement do
   describe '.authenticate_with_totp' do
     context 'with a valid code' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_totp/valid') do
+        VCR.use_cassette('user_management/authenticate_with_totp/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_totp(
             code: '01H93ZZHA0JBHFJH9RR11S83YN',
             client_id: 'client_123',
@@ -520,7 +569,7 @@ describe WorkOS::UserManagement do
     context 'with an invalid code' do
       it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_totp/invalid') do
+        VCR.use_cassette('user_management/authenticate_with_totp/invalid', tag: :token) do
           expect do
             WorkOS::UserManagement.authenticate_with_totp(
               code: 'invalid',
@@ -539,7 +588,7 @@ describe WorkOS::UserManagement do
   describe '.authenticate_with_email_verification' do
     context 'with a valid code' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_email_verification/valid') do
+        VCR.use_cassette('user_management/authenticate_with_email_verification/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_email_verification(
             code: '01H93ZZHA0JBHFJH9RR11S83YN',
             client_id: 'client_123',
@@ -554,7 +603,7 @@ describe WorkOS::UserManagement do
     context 'with an invalid code' do
       it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_email_verification/invalid') do
+        VCR.use_cassette('user_management/authenticate_with_email_verification/invalid', tag: :token) do
           expect do
             WorkOS::UserManagement.authenticate_with_email_verification(
               code: 'invalid',

data/spec/lib/workos/webhooks_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 require 'json'
 require 'openssl'

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,13 +1,4 @@
 # frozen_string_literal: true
-# typed: false
-require 'simplecov'
-SimpleCov.start
-if ENV['CI'] == 'true'
-  require 'codecov'
-  SimpleCov.formatter = SimpleCov::Formatter::Codecov
-end
 $LOAD_PATH << File.join(File.dirname(__FILE__), '..', 'lib')
 $LOAD_PATH << File.join(File.dirname(__FILE__))
@@ -26,6 +17,12 @@ SPEC_ROOT = File.dirname __FILE__
 VCR.configure do |config|
   config.cassette_library_dir = 'spec/support/fixtures/vcr_cassettes'
   config.filter_sensitive_data('<API_KEY>') { WorkOS.config.key }
+  config.filter_sensitive_data('<ACCESS_TOKEN>', :token) do |interaction|
+    JSON.parse(interaction.response.body)['access_token']
+  end
+  config.filter_sensitive_data('<REFRESH_TOKEN>', :token) do |interaction|
+    JSON.parse(interaction.response.body)['refresh_token']
+  end
   config.hook_into :webmock
 end

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid.yml CHANGED Viewed

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"}}'
+        string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Wed, 30 Aug 2023 19:51:51 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid_with_impersonator.yml ADDED Viewed

@@ -0,0 +1,80 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/user_management/authenticate
+    body:
+      encoding: UTF-8
+      string: '{"code":"01HRX85ATQB2MN40K4FZ9C2HFR","client_id":"client_01GS91XFB2YPR1C0NR5SH758Q0","client_secret":"<API_KEY>","ip_address":null,"user_agent":null,"grant_type":"authorization_code"}'
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.1.1; arm64-darwin21; v4.0.0
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Date:
+      - Thu, 14 Mar 2024 01:10:34 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Content-Length:
+      - '875'
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 8640628169fa0d54-LAX
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"47c-66YSPNMN47PZx4ahCgTQvmryR90"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Via:
+      - 1.1 spaces-router (devel)
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - f22ea52f-bf1a-4d5e-acb1-10b2e99ffbe5
+      X-Xss-Protection:
+      - '0'
+      Set-Cookie:
+      - __cf_bm=pYiV6zsrN3V8vd8vKA_bp0qN2LYd1HUQAIVHcevLYw4-1710378634-1.0.1.1-wNPVRK6jpySHc7bqiAVCtM6T64oKxFAjrcvJNJAPU.RhZFRgPfQRGWYbC4l0ckcsyhZ2_I7GTu17yNowC.smHA;
+        path=/; expires=Thu, 14-Mar-24 01:40:34 GMT; domain=.workos.com; HttpOnly;
+        Secure; SameSite=None
+      - __cfruid=914cc38ede83520e897d1eaef25a8e5daa4975d0-1710378634; path=/; domain=.workos.com;
+        HttpOnly; Secure; SameSite=None
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"user":{"object":"user","id":"user_01HP0B4ZV2FWWVY0BF16GFDAER","email":"bob@example.com","email_verified":false,"first_name":"Bob","last_name":"Loblaw","profile_picture_url":null,"created_at":"2024-02-06T23:13:18.137Z","updated_at":"2024-02-06T23:13:36.946Z"},"impersonator":{"email":"admin@foocorp.com","reason":"For testing."},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
+    http_version:
+  recorded_at: Thu, 14 Mar 2024 01:10:34 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_email_verification/valid.yml CHANGED Viewed

@@ -75,7 +75,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"}}'
+        string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Wed, 30 Aug 2023 19:51:51 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/valid.yml CHANGED Viewed

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
+        string: '{"user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Wed, 30 Aug 2023 18:58:00 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml CHANGED Viewed

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: UTF-8
-        string: '{"organization_id":"org_01H5JQDV7R7ATEYZDEG0W5PRYS","user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
+        string: '{"organization_id":"org_01H5JQDV7R7ATEYZDEG0W5PRYS","user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Wed, 20 Dec 2023 22:00:12 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml CHANGED Viewed

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"user":{"object":"user","id":"user_01H7TVSKS45SDHN5V9XPSM6H44","email":"test@workos.app","email_verified":true,"first_name":null,"last_name":null,"created_at":"2023-08-14T20:28:58.929Z","updated_at":"2023-08-28T15:56:19.798Z","user_type":"unmanaged","email_verified_at":"2023-08-22T11:18:01.850Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
+        string: '{"user":{"object":"user","id":"user_01H7TVSKS45SDHN5V9XPSM6H44","email":"test@workos.app","email_verified":true,"first_name":null,"last_name":null,"created_at":"2023-08-14T20:28:58.929Z","updated_at":"2023-08-28T15:56:19.798Z","user_type":"unmanaged","email_verified_at":"2023-08-22T11:18:01.850Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Tue, 29 Aug 2023 00:24:25 GMT
 recorded_with: VCR 5.0.0