workos 5.20.0 → 5.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc1f97c76fdf489cb3be51bd9026dc515195c34aaf9810379bfe4773029aafc1
-  data.tar.gz: 2176f6680ae6a7c46ca77824c7dcf2fbe91ca244986a05f7039a1d40265db881
+  metadata.gz: 44c2f0a70f0a653685d6e7a8ca2601b64c4a1ff43276680ff52d0fcd2c80f5b3
+  data.tar.gz: 1d3aa7e958196efbe79018014e2ffd5be229dc93812a60725d05a958afcd1c20
 SHA512:
-  metadata.gz: 6bda209314485831a8237e381566472c5815dea3b727db277e2a06c3db1c06191da54dc59292ec37bd4415291ca78c7593ae4a78cad82775ce6ffb8eae6d0931
-  data.tar.gz: fd199d57bd3e29e0bea6b21840597ae255db869c9815b6a06348a90c3d70532606732c999c8bef3caa2ba2900914c20b222b526c7e1a9b61c836f30f5e55d694
+  metadata.gz: f51ad812297b13109f943a23d15592991b14f2d1c18ba91505c4227fffc64c2ac7912c32df163e974eb95a1f8069b3289f33b1bf783c18e757ba56e7869717d7
+  data.tar.gz: 5a5428749ac62c22f4fa33db0ad5a491e262c01e445a8318210d09e654e6123a17dec582e9d8b54f09913f123679f1ebe8bc57a2fec7d032f690acf28d77b8a4

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (5.20.0)
+    workos (5.21.0)
       encryptor (~> 3.0)
       jwt (~> 2.8)
 

data/lib/workos/organizations.rb

@@ -185,7 +185,14 @@ module WorkOS
 
       # Retrieve a list of roles for the given organization.
       #
-      # @param [String] organizationId The ID of the organization to fetch roles for.
+      # @param [String] organization_id The ID of the organization to fetch roles for.
+      #
+      # @example
+      #   WorkOS::Organizations.list_organization_roles(organization_id: 'org_01EHZNVPK3SFK441A1RGBFSHRT')
+      #   => #<WorkOS::Types::ListStruct data=[#<WorkOS::Role id="role_123" name="Admin" slug="admin"
+      #                                         permissions=["admin:all"] ...>] ...>
+      #
+      # @return [WorkOS::Types::ListStruct] - Collection of Role objects, each including permissions array
       def list_organization_roles(organization_id:)
         response = execute_request(
           request: get_request(

data/lib/workos/role.rb

@@ -7,7 +7,7 @@ module WorkOS
   class Role
     include HashProvider
 
-    attr_accessor :id, :name, :slug, :description, :type, :created_at, :updated_at
+    attr_accessor :id, :name, :slug, :description, :permissions, :type, :created_at, :updated_at
 
     def initialize(json)
       hash = JSON.parse(json, symbolize_names: true)
@@ -16,6 +16,7 @@ module WorkOS
       @name = hash[:name]
       @slug = hash[:slug]
       @description = hash[:description]
+      @permissions = hash[:permissions] || []
       @type = hash[:type]
       @created_at = hash[:created_at]
       @updated_at = hash[:updated_at]
@@ -27,6 +28,7 @@ module WorkOS
         name: name,
         slug: slug,
         description: description,
+        permissions: permissions,
         type: type,
         created_at: created_at,
         updated_at: updated_at,

data/lib/workos/user.rb

@@ -8,7 +8,7 @@ module WorkOS
     include HashProvider
 
     attr_accessor :id, :email, :first_name, :last_name, :email_verified,
-                  :profile_picture_url, :last_sign_in_at, :created_at, :updated_at
+                  :profile_picture_url, :external_id, :last_sign_in_at, :created_at, :updated_at
 
     def initialize(json)
       hash = JSON.parse(json, symbolize_names: true)
@@ -19,6 +19,7 @@ module WorkOS
       @last_name = hash[:last_name]
       @email_verified = hash[:email_verified]
       @profile_picture_url = hash[:profile_picture_url]
+      @external_id = hash[:external_id]
       @last_sign_in_at = hash[:last_sign_in_at]
       @created_at = hash[:created_at]
       @updated_at = hash[:updated_at]
@@ -32,6 +33,7 @@ module WorkOS
         last_name: last_name,
         email_verified: email_verified,
         profile_picture_url: profile_picture_url,
+        external_id: external_id,
         last_sign_in_at: last_sign_in_at,
         created_at: created_at,
         updated_at: updated_at,

data/lib/workos/user_management.rb

@@ -222,6 +222,7 @@ module WorkOS
       # @param [String] first_name The user's first name.
       # @param [String] last_name The user's last name.
       # @param [Boolean] email_verified Whether the user's email address was previously verified.
+      # @param [String] external_id The users's external ID
       # @param [String] password The user's password.
       # @param [String] password_hash The user's hashed password.
       # @option [String] password_hash_type The algorithm originally used to hash the password.
@@ -234,6 +235,7 @@ module WorkOS
         first_name: nil,
         last_name: nil,
         email_verified: nil,
+        external_id: nil,
         password: nil,
         password_hash: nil,
         password_hash_type: nil
@@ -245,6 +247,7 @@ module WorkOS
             first_name: first_name,
             last_name: last_name,
             email_verified: email_verified,
+            external_id: external_id,
             password: password,
             password_hash: password_hash,
             password_hash_type: password_hash_type,

data/lib/workos/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WorkOS
-  VERSION = '5.20.0'
+  VERSION = '5.21.0'
 end

data/spec/lib/workos/organizations_spec.rb

@@ -354,6 +354,48 @@ describe WorkOS::Organizations do
           expect(roles.list_metadata).to eq(expected_metadata)
         end
       end
+
+      it 'returns properly initialized Role objects with all attributes' do
+        VCR.use_cassette 'organization/list_organization_roles' do
+          roles = described_class.list_organization_roles(organization_id: 'org_01JEXP6Z3X7HE4CB6WQSH9ZAFE')
+
+          first_role = roles.data.first
+          expect(first_role).to be_a(WorkOS::Role)
+          expect(first_role.id).to eq('role_01HS1C7GRJE08PBR3M6Y0ZYGDZ')
+          expect(first_role.name).to eq('Admin')
+          expect(first_role.slug).to eq('admin')
+          expect(first_role.description).to eq('Write access to every resource available')
+          expect(first_role.permissions).to eq(['admin:all', 'read:users', 'write:users', 'manage:roles'])
+          expect(first_role.type).to eq('EnvironmentRole')
+          expect(first_role.created_at).to eq('2024-03-15T15:38:29.521Z')
+          expect(first_role.updated_at).to eq('2024-11-14T17:08:00.556Z')
+        end
+      end
+
+      it 'handles roles with empty permissions arrays' do
+        VCR.use_cassette 'organization/list_organization_roles' do
+          roles = described_class.list_organization_roles(organization_id: 'org_01JEXP6Z3X7HE4CB6WQSH9ZAFE')
+
+          platform_manager_role = roles.data.find { |role| role.slug == 'org-platform-manager' }
+          expect(platform_manager_role).to be_a(WorkOS::Role)
+          expect(platform_manager_role.permissions).to eq([])
+        end
+      end
+
+      it 'properly serializes Role objects including permissions' do
+        VCR.use_cassette 'organization/list_organization_roles' do
+          roles = described_class.list_organization_roles(organization_id: 'org_01JEXP6Z3X7HE4CB6WQSH9ZAFE')
+
+          billing_role = roles.data.find { |role| role.slug == 'billing' }
+          serialized = billing_role.to_json
+
+          expect(serialized[:id]).to eq('role_01JA8GJZRDSZEB9289DQXJ3N9Z')
+          expect(serialized[:name]).to eq('Billing Manager')
+          expect(serialized[:slug]).to eq('billing')
+          expect(serialized[:permissions]).to eq(['read:billing', 'write:billing'])
+          expect(serialized[:type]).to eq('EnvironmentRole')
+        end
+      end
     end
   end
 end

data/spec/lib/workos/role_spec.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+describe WorkOS::Role do
+  describe '.initialize' do
+    context 'with full role data including permissions' do
+      it 'initializes all attributes correctly' do
+        role_json = {
+          id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
+          name: 'Admin',
+          slug: 'admin',
+          description: 'Administrator role with full access',
+          permissions: ['read:users', 'write:users', 'admin:all'],
+          type: 'system',
+          created_at: '2022-05-13T17:45:31.732Z',
+          updated_at: '2022-07-13T17:45:42.618Z',
+        }.to_json
+
+        role = described_class.new(role_json)
+
+        expect(role.id).to eq('role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY')
+        expect(role.name).to eq('Admin')
+        expect(role.slug).to eq('admin')
+        expect(role.description).to eq('Administrator role with full access')
+        expect(role.permissions).to eq(['read:users', 'write:users', 'admin:all'])
+        expect(role.type).to eq('system')
+        expect(role.created_at).to eq('2022-05-13T17:45:31.732Z')
+        expect(role.updated_at).to eq('2022-07-13T17:45:42.618Z')
+      end
+    end
+
+    context 'with role data without permissions' do
+      it 'initializes permissions as empty array' do
+        role_json = {
+          id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
+          name: 'User',
+          slug: 'user',
+          description: 'Basic user role',
+          type: 'custom',
+          created_at: '2022-05-13T17:45:31.732Z',
+          updated_at: '2022-07-13T17:45:42.618Z',
+        }.to_json
+
+        role = described_class.new(role_json)
+
+        expect(role.id).to eq('role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY')
+        expect(role.name).to eq('User')
+        expect(role.slug).to eq('user')
+        expect(role.description).to eq('Basic user role')
+        expect(role.permissions).to eq([])
+        expect(role.type).to eq('custom')
+        expect(role.created_at).to eq('2022-05-13T17:45:31.732Z')
+        expect(role.updated_at).to eq('2022-07-13T17:45:42.618Z')
+      end
+    end
+
+    context 'with role data with null permissions' do
+      it 'initializes permissions as empty array' do
+        role_json = {
+          id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
+          name: 'User',
+          slug: 'user',
+          description: 'Basic user role',
+          permissions: nil,
+          type: 'custom',
+          created_at: '2022-05-13T17:45:31.732Z',
+          updated_at: '2022-07-13T17:45:42.618Z',
+        }.to_json
+
+        role = described_class.new(role_json)
+
+        expect(role.permissions).to eq([])
+      end
+    end
+
+    context 'with role data with empty permissions array' do
+      it 'preserves empty permissions array' do
+        role_json = {
+          id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
+          name: 'User',
+          slug: 'user',
+          description: 'Basic user role',
+          permissions: [],
+          type: 'custom',
+          created_at: '2022-05-13T17:45:31.732Z',
+          updated_at: '2022-07-13T17:45:42.618Z',
+        }.to_json
+
+        role = described_class.new(role_json)
+
+        expect(role.permissions).to eq([])
+      end
+    end
+  end
+
+  describe '.to_json' do
+    context 'with role that has permissions' do
+      it 'includes permissions in serialized output' do
+        role_json = {
+          id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
+          name: 'Admin',
+          slug: 'admin',
+          description: 'Administrator role',
+          permissions: ['read:all', 'write:all'],
+          type: 'system',
+          created_at: '2022-05-13T17:45:31.732Z',
+          updated_at: '2022-07-13T17:45:42.618Z',
+        }.to_json
+
+        role = described_class.new(role_json)
+        serialized = role.to_json
+
+        expect(serialized[:id]).to eq('role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY')
+        expect(serialized[:name]).to eq('Admin')
+        expect(serialized[:slug]).to eq('admin')
+        expect(serialized[:description]).to eq('Administrator role')
+        expect(serialized[:permissions]).to eq(['read:all', 'write:all'])
+        expect(serialized[:type]).to eq('system')
+        expect(serialized[:created_at]).to eq('2022-05-13T17:45:31.732Z')
+        expect(serialized[:updated_at]).to eq('2022-07-13T17:45:42.618Z')
+      end
+    end
+
+    context 'with role that has no permissions' do
+      it 'includes empty permissions array in serialized output' do
+        role_json = {
+          id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
+          name: 'User',
+          slug: 'user',
+          description: 'Basic user role',
+          type: 'custom',
+          created_at: '2022-05-13T17:45:31.732Z',
+          updated_at: '2022-07-13T17:45:42.618Z',
+        }.to_json
+
+        role = described_class.new(role_json)
+        serialized = role.to_json
+
+        expect(serialized[:permissions]).to eq([])
+      end
+    end
+  end
+end

data/spec/lib/workos/user_management_spec.rb

@@ -362,10 +362,12 @@ describe WorkOS::UserManagement do
             first_name: 'Jane',
             last_name: 'Doe',
             email_verified: false,
+            external_id: '123',
           )
           expect(user.first_name).to eq('Jane')
           expect(user.last_name).to eq('Doe')
           expect(user.email_verified).to eq(false)
+          expect(user.external_id).to eq('123')
         end
       end
 

data/spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml

@@ -70,13 +70,13 @@ http_interactions:
         encoding: ASCII-8BIT
         string:
           '{"object":"list","data":[{"object":"role","id":"role_01HS1C7GRJE08PBR3M6Y0ZYGDZ","description":"Write
-          access to every resource available","name":"Admin","slug":"admin","type":"EnvironmentRole","created_at":"2024-03-15T15:38:29.521Z","updated_at":"2024-11-14T17:08:00.556Z"},{"object":"role","id":"role_01JA8GJZRDSZEB9289DQXJ3N9Z","description":"","name":"Billing
-          Manager","slug":"billing","type":"EnvironmentRole","created_at":"2024-10-15T16:36:11.653Z","updated_at":"2024-12-19T21:27:01.286Z"},{"object":"role","id":"role_01HSBH4R6RX0V86S3R590NNZW2","description":"Developer
-          role","name":"Developer","slug":"developer","type":"EnvironmentRole","created_at":"2024-03-19T14:16:46.038Z","updated_at":"2024-03-19T14:16:46.038Z"},{"object":"role","id":"role_01HS4GDWJ8T6NQPTX2D0R5KBHN","description":"Edit
-          and view access to non-critical resources","name":"Editor","slug":"editor","type":"EnvironmentRole","created_at":"2024-03-16T20:49:35.815Z","updated_at":"2024-03-16T20:52:19.410Z"},{"object":"role","id":"role_01HRFZE22WS2MGX6EWAG2JX6NW","description":"The
-          default user role","name":"Member","slug":"member","type":"EnvironmentRole","created_at":"2024-03-08T21:27:47.034Z","updated_at":"2024-08-14T00:27:46.265Z"},{"object":"role","id":"role_01JEYJ2Z5MYG0TZYTDF02MW11N","description":"Manage
-          billing for organization.","name":"Billing manager","slug":"org-billing-manager","type":"OrganizationRole","created_at":"2024-12-12T23:08:28.712Z","updated_at":"2024-12-12T23:08:28.712Z"},{"object":"role","id":"role_01JF0B7MQ9X414WQRAQMQYE1GS","description":"","name":"Platform
-          Manager","slug":"org-platform-manager","type":"OrganizationRole","created_at":"2024-12-13T15:47:10.692Z","updated_at":"2024-12-13T15:47:10.692Z"}]}'
+          access to every resource available","name":"Admin","slug":"admin","permissions":["admin:all","read:users","write:users","manage:roles"],"type":"EnvironmentRole","created_at":"2024-03-15T15:38:29.521Z","updated_at":"2024-11-14T17:08:00.556Z"},{"object":"role","id":"role_01JA8GJZRDSZEB9289DQXJ3N9Z","description":"","name":"Billing
+          Manager","slug":"billing","permissions":["read:billing","write:billing"],"type":"EnvironmentRole","created_at":"2024-10-15T16:36:11.653Z","updated_at":"2024-12-19T21:27:01.286Z"},{"object":"role","id":"role_01HSBH4R6RX0V86S3R590NNZW2","description":"Developer
+          role","name":"Developer","slug":"developer","permissions":["read:code","write:code","deploy:apps"],"type":"EnvironmentRole","created_at":"2024-03-19T14:16:46.038Z","updated_at":"2024-03-19T14:16:46.038Z"},{"object":"role","id":"role_01HS4GDWJ8T6NQPTX2D0R5KBHN","description":"Edit
+          and view access to non-critical resources","name":"Editor","slug":"editor","permissions":["read:content","write:content","publish:content"],"type":"EnvironmentRole","created_at":"2024-03-16T20:49:35.815Z","updated_at":"2024-03-16T20:52:19.410Z"},{"object":"role","id":"role_01HRFZE22WS2MGX6EWAG2JX6NW","description":"The
+          default user role","name":"Member","slug":"member","permissions":["read:basic"],"type":"EnvironmentRole","created_at":"2024-03-08T21:27:47.034Z","updated_at":"2024-08-14T00:27:46.265Z"},{"object":"role","id":"role_01JEYJ2Z5MYG0TZYTDF02MW11N","description":"Manage
+          billing for organization.","name":"Billing manager","slug":"org-billing-manager","permissions":["read:org:billing","write:org:billing"],"type":"OrganizationRole","created_at":"2024-12-12T23:08:28.712Z","updated_at":"2024-12-12T23:08:28.712Z"},{"object":"role","id":"role_01JF0B7MQ9X414WQRAQMQYE1GS","description":"","name":"Platform
+          Manager","slug":"org-platform-manager","permissions":[],"type":"OrganizationRole","created_at":"2024-12-13T15:47:10.692Z","updated_at":"2024-12-13T15:47:10.692Z"}]}'
       http_version:
     recorded_at: Mon, 23 Dec 2024 20:23:07 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/update_user/valid.yml

@@ -5,7 +5,7 @@ http_interactions:
     uri: https://api.workos.com/user_management/users/user_01H7TVSKS45SDHN5V9XPSM6H44
     body:
       encoding: UTF-8
-      string: '{"first_name":"Jane","last_name":"Doe","email_verified":false}'
+      string: '{"first_name":"Jane","last_name":"Doe","email_verified":false,"external_id":"123"}'
     headers:
       Content-Type:
       - application/json
@@ -76,7 +76,7 @@ http_interactions:
       - cloudflare
     body:
       encoding: ASCII-8BIT
-      string: '{"object":"user","id":"user_01H7TVSKS45SDHN5V9XPSM6H44","email":"willman@blips.app","email_verified":false,"first_name":"Jane","last_name":"Doe","created_at":"2023-08-14T20:28:58.929Z","updated_at":"2023-08-25T22:57:44.262Z","user_type":"unmanaged","email_verified_at":null,"google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}'
+      string: '{"object":"user","id":"user_01H7TVSKS45SDHN5V9XPSM6H44","email":"willman@blips.app","email_verified":false,"first_name":"Jane","last_name":"Doe","external_id":"123","created_at":"2023-08-14T20:28:58.929Z","updated_at":"2023-08-25T22:57:44.262Z","user_type":"unmanaged","email_verified_at":null,"google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}'
     http_version:
   recorded_at: Fri, 25 Aug 2023 23:37:04 GMT
 recorded_with: VCR 5.0.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workos
 version: !ruby/object:Gem::Version
-  version: 5.20.0
+  version: 5.21.0
 platform: ruby
 authors:
 - WorkOS
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-06-23 00:00:00.000000000 Z
+date: 2025-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -197,6 +197,7 @@ files:
 - spec/lib/workos/organizations_spec.rb
 - spec/lib/workos/passwordless_spec.rb
 - spec/lib/workos/portal_spec.rb
+- spec/lib/workos/role_spec.rb
 - spec/lib/workos/session_spec.rb
 - spec/lib/workos/sso_spec.rb
 - spec/lib/workos/user_management_spec.rb
@@ -421,6 +422,7 @@ test_files:
 - spec/lib/workos/organizations_spec.rb
 - spec/lib/workos/passwordless_spec.rb
 - spec/lib/workos/portal_spec.rb
+- spec/lib/workos/role_spec.rb
 - spec/lib/workos/session_spec.rb
 - spec/lib/workos/sso_spec.rb
 - spec/lib/workos/user_management_spec.rb