workos 5.27.0 → 5.29.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d4c13739c752d0a39953650ceaa9ce3b11975333deaee4c3308e68aaf498a81b
-  data.tar.gz: 0d1e38dab645be1e74296de37deeb02115e1ef8528c7a2d96a751b0ec8586312
+  metadata.gz: 65fed812ccb7c97df25793369c07af5024b6cb7e1a12675c125bbdf4f3fd5730
+  data.tar.gz: b38903b53ed0bad99605ba619453f7fab5653d67baefa0313b6768a81faf0cd6
 SHA512:
-  metadata.gz: f4b7db5351ad49b0c388213769e7d5fb32121eed25999ba75476691c41bc5bd1ce792910912843869440d7ae28734405233cca551d324fb5507d9dabd9c3c04d
-  data.tar.gz: d4fba87cbf558a37b3e563f189aeb00e93fad7bfe58fd93473fa615d190c5180756c5de19aa9a0510fc95bf3feb9719c7994d4cdb85b1e405679639d23e85e6b
+  metadata.gz: 3a06ceb94077a433ac395d1f979209df0a3473f201843c09dc622ebbf389817fc05377556a84ce363d5d9eecf69a8dba9182581ff1b78450cff22cdef4aaf520
+  data.tar.gz: 7a746ec3b9930327ad6961da2132be517735f204cc548c4c8c8a36f88db1b85d177daf6225ee947cb90a6b27cc6a0121ba37dd1fea4976f28ad84d11cda84f16

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (5.27.0)
+    workos (5.29.0)
       encryptor (~> 3.0)
       jwt (~> 2.8)
 

data/lib/workos/session.rb

@@ -29,9 +29,10 @@ module WorkOS
     end
 
     # Authenticates the user based on the session data
+    # @param include_expired [Boolean] If true, returns decoded token data even when expired (default: false)
     # @return [Hash] A hash containing the authentication response and a reason if the authentication failed
-    # rubocop:disable Metrics/AbcSize
-    def authenticate
+    # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
+    def authenticate(include_expired: false)
       return { authenticated: false, reason: 'NO_SESSION_COOKIE_PROVIDED' } if @session_data.nil?
 
       begin
@@ -41,23 +42,41 @@ module WorkOS
       end
 
       return { authenticated: false, reason: 'INVALID_SESSION_COOKIE' } unless session[:access_token]
-      return { authenticated: false, reason: 'INVALID_JWT' } unless is_valid_jwt(session[:access_token])
-
-      decoded = JWT.decode(session[:access_token], nil, true, algorithms: @jwks_algorithms, jwks: @jwks).first
-
-      {
-        authenticated: true,
-        session_id: decoded['sid'],
-        organization_id: decoded['org_id'],
-        role: decoded['role'],
-        roles: decoded['roles'],
-        permissions: decoded['permissions'],
-        entitlements: decoded['entitlements'],
-        feature_flags: decoded['feature_flags'],
-        user: session[:user],
-        impersonator: session[:impersonator],
-        reason: nil,
-      }
+
+      begin
+        decoded = JWT.decode(
+          session[:access_token],
+          nil,
+          true,
+          algorithms: @jwks_algorithms,
+          jwks: @jwks,
+          verify_expiration: false,
+        ).first
+
+        expired = decoded['exp'] && decoded['exp'] < Time.now.to_i
+
+        # Early return for expired tokens when not including expired data (backward compatible)
+        return { authenticated: false, reason: 'INVALID_JWT' } if expired && !include_expired
+
+        # Return full data for valid tokens or when include_expired is true
+        {
+          authenticated: !expired,
+          session_id: decoded['sid'],
+          organization_id: decoded['org_id'],
+          role: decoded['role'],
+          roles: decoded['roles'],
+          permissions: decoded['permissions'],
+          entitlements: decoded['entitlements'],
+          feature_flags: decoded['feature_flags'],
+          user: session[:user],
+          impersonator: session[:impersonator],
+          reason: expired ? 'INVALID_JWT' : nil,
+        }
+      rescue JWT::DecodeError
+        { authenticated: false, reason: 'INVALID_JWT' }
+      rescue StandardError => e
+        { authenticated: false, reason: e.message }
+      end
     end
 
     # Refreshes the session data using the refresh token stored in the session data
@@ -66,7 +85,6 @@ module WorkOS
     # @option options [String] :organization_id The organization ID to use for refreshing the session
     # @return [Hash] A hash containing a new sealed session, the authentication response,
     # and a reason if the refresh failed
-    # rubocop:disable Metrics/PerceivedComplexity
     def refresh(options = nil)
       cookie_password = options.nil? || options[:cookie_password].nil? ? @cookie_password : options[:cookie_password]
 
@@ -168,17 +186,5 @@ module WorkOS
 
       jwks
     end
-
-    # Validates a JWT token using the JWKS set
-    # @param token [String] The JWT token to validate
-    # @return [Boolean] True if the token is valid, false otherwise
-    # rubocop:disable Naming/PredicateName
-    def is_valid_jwt(token)
-      JWT.decode(token, nil, true, algorithms: @jwks_algorithms, jwks: @jwks)
-      true
-    rescue StandardError
-      false
-    end
-    # rubocop:enable Naming/PredicateName
   end
 end

data/lib/workos/user_management.rb

@@ -869,7 +869,7 @@ module WorkOS
           ),
         )
 
-        WorkOS::User.new(response.body)
+        WorkOS::UserResponse.new(response.body).user
       end
 
       # Get an Organization Membership
@@ -1139,6 +1139,22 @@ module WorkOS
         WorkOS::Invitation.new(response.body)
       end
 
+      # Resends an existing Invitation.
+      #
+      # @param [String] id The unique ID of the Invitation.
+      #
+      # @return WorkOS::Invitation
+      def resend_invitation(id:)
+        request = post_request(
+          path: "/user_management/invitations/#{id}/resend",
+          auth: true,
+        )
+
+        response = execute_request(request: request)
+
+        WorkOS::Invitation.new(response.body)
+      end
+
       private
 
       def validate_session(session)

data/lib/workos/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WorkOS
-  VERSION = '5.27.0'
+  VERSION = '5.29.0'
 end

data/spec/lib/workos/session_spec.rb

@@ -160,6 +160,44 @@ describe WorkOS::Session do
       expect(result).to eq({ authenticated: false, reason: 'INVALID_JWT' })
     end
 
+    it 'returns INVALID_JWT without token data when session is expired' do
+      session = WorkOS::Session.new(
+        user_management: user_management,
+        client_id: client_id,
+        session_data: session_data,
+        cookie_password: cookie_password,
+      )
+      allow_any_instance_of(JWT::Decode).to receive(:verify_signature).and_return(true)
+      allow(Time).to receive(:now).and_return(Time.at(9_999_999_999))
+      result = session.authenticate
+      expect(result).to eq({ authenticated: false, reason: 'INVALID_JWT' })
+    end
+
+    it 'returns INVALID_JWT with full token data when session is expired and include_expired is true' do
+      session = WorkOS::Session.new(
+        user_management: user_management,
+        client_id: client_id,
+        session_data: session_data,
+        cookie_password: cookie_password,
+      )
+      allow_any_instance_of(JWT::Decode).to receive(:verify_signature).and_return(true)
+      allow(Time).to receive(:now).and_return(Time.at(9_999_999_999))
+      result = session.authenticate(include_expired: true)
+      expect(result).to eq({
+                             authenticated: false,
+                             session_id: 'session_id',
+                             organization_id: 'org_id',
+                             role: 'role',
+                             roles: ['role'],
+                             permissions: ['read'],
+                             feature_flags: nil,
+                             entitlements: nil,
+                             user: 'user',
+                             impersonator: 'impersonator',
+                             reason: 'INVALID_JWT',
+                           })
+    end
+
     it 'authenticates successfully with valid session_data' do
       session = WorkOS::Session.new(
         user_management: user_management,

data/spec/lib/workos/user_management_spec.rb

@@ -1693,6 +1693,81 @@ describe WorkOS::UserManagement do
     end
   end
 
+  describe '.resend_invitation' do
+    context 'with valid payload' do
+      it 'resends invitation' do
+        VCR.use_cassette 'user_management/resend_invitation/valid' do
+          invitation = described_class.resend_invitation(
+            id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
+          )
+
+          expect(invitation.id).to eq('invitation_01H5JQDV7R7ATEYZDEG0W5PRYS')
+          expect(invitation.email).to eq('test@workos.com')
+        end
+      end
+    end
+
+    context 'with an invalid id' do
+      it 'returns an error' do
+        VCR.use_cassette 'user_management/resend_invitation/invalid' do
+          expect do
+            described_class.resend_invitation(
+              id: 'invalid_id',
+            )
+          end.to raise_error(
+            WorkOS::NotFoundError,
+            /Invitation not found/,
+          )
+        end
+      end
+    end
+
+    context 'when invitation has expired' do
+      it 'returns an error' do
+        VCR.use_cassette 'user_management/resend_invitation/expired' do
+          expect do
+            described_class.resend_invitation(
+              id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
+            )
+          end.to raise_error(
+            WorkOS::InvalidRequestError,
+            /Invite has expired/,
+          )
+        end
+      end
+    end
+
+    context 'when invitation has been revoked' do
+      it 'returns an error' do
+        VCR.use_cassette 'user_management/resend_invitation/revoked' do
+          expect do
+            described_class.resend_invitation(
+              id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
+            )
+          end.to raise_error(
+            WorkOS::InvalidRequestError,
+            /Invite has been revoked/,
+          )
+        end
+      end
+    end
+
+    context 'when invitation has already been accepted' do
+      it 'returns an error' do
+        VCR.use_cassette 'user_management/resend_invitation/accepted' do
+          expect do
+            described_class.resend_invitation(
+              id: 'invitation_01H5JQDV7R7ATEYZDEG0W5PRYS',
+            )
+          end.to raise_error(
+            WorkOS::InvalidRequestError,
+            /Invite has already been accepted/,
+          )
+        end
+      end
+    end
+  end
+
   describe '.revoke_session' do
     context 'with valid payload' do
       it 'revokes session' do

data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/accepted.yml

@@ -0,0 +1,83 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/user_management/invitations/invitation_01H5JQDV7R7ATEYZDEG0W5PRYS/resend
+    body:
+      encoding: UTF-8
+      string: ''
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.0.2; arm64-darwin22; v2.16.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Date:
+      - Mon, 17 Nov 2025 18:28:05 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 7fa4ef0eeafe8c12-EWR
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"56-2Auj80JGmZ1uWGCY950ud8v4KLQ"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Via:
+      - 1.1 spaces-router (devel)
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - f5f06564-2f73-4b73-989b-b577cfbdaa9a
+      X-Xss-Protection:
+      - '0'
+      Set-Cookie:
+      - __cf_bm=v55WlV2dq1rXkfx9668LFtglSD5c9292fFLKsviMegY-1692642485-0-AWmCDzQSIwCjWvanffzmFA5KJT/nWucOWyv7i3fyyXeH+i5iM9ZusABSbNOUR6zO2mcugNYr/TRj6ltRmm8eC3M=;
+        path=/; expires=Mon, 21-Aug-23 18:58:05 GMT; domain=.workos.com; HttpOnly;
+        Secure; SameSite=None
+      - __cfruid=bea6b3e4c8ea6479881eb565b1ab9a0b6deabae9-1692642485; path=/; domain=.workos.com;
+        HttpOnly; Secure; SameSite=None
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"code":"invite_accepted","message":"Invite has already been accepted."}'
+    http_version:
+  recorded_at: Mon, 17 Nov 2025 18:28:05 GMT
+recorded_with: VCR 5.0.0
+

data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/expired.yml

@@ -0,0 +1,83 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/user_management/invitations/invitation_01H5JQDV7R7ATEYZDEG0W5PRYS/resend
+    body:
+      encoding: UTF-8
+      string: ''
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.0.2; arm64-darwin22; v2.16.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Date:
+      - Mon, 17 Nov 2025 18:28:05 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 7fa4ef0eeafe8c12-EWR
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"56-2Auj80JGmZ1uWGCY950ud8v4KLQ"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Via:
+      - 1.1 spaces-router (devel)
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - f5f06564-2f73-4b73-989b-b577cfbdaa9a
+      X-Xss-Protection:
+      - '0'
+      Set-Cookie:
+      - __cf_bm=v55WlV2dq1rXkfx9668LFtglSD5c9292fFLKsviMegY-1692642485-0-AWmCDzQSIwCjWvanffzmFA5KJT/nWucOWyv7i3fyyXeH+i5iM9ZusABSbNOUR6zO2mcugNYr/TRj6ltRmm8eC3M=;
+        path=/; expires=Mon, 21-Aug-23 18:58:05 GMT; domain=.workos.com; HttpOnly;
+        Secure; SameSite=None
+      - __cfruid=bea6b3e4c8ea6479881eb565b1ab9a0b6deabae9-1692642485; path=/; domain=.workos.com;
+        HttpOnly; Secure; SameSite=None
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"code":"invite_expired","message":"Invite has expired."}'
+    http_version:
+  recorded_at: Mon, 17 Nov 2025 18:28:05 GMT
+recorded_with: VCR 5.0.0
+

data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/invalid.yml

@@ -0,0 +1,83 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/user_management/invitations/invalid_id/resend
+    body:
+      encoding: UTF-8
+      string: ''
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.0.2; arm64-darwin22; v2.16.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Date:
+      - Mon, 17 Nov 2025 18:28:05 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 7fa4ef0eeafe8c12-EWR
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"56-2Auj80JGmZ1uWGCY950ud8v4KLQ"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Via:
+      - 1.1 spaces-router (devel)
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - f5f06564-2f73-4b73-989b-b577cfbdaa9a
+      X-Xss-Protection:
+      - '0'
+      Set-Cookie:
+      - __cf_bm=v55WlV2dq1rXkfx9668LFtglSD5c9292fFLKsviMegY-1692642485-0-AWmCDzQSIwCjWvanffzmFA5KJT/nWucOWyv7i3fyyXeH+i5iM9ZusABSbNOUR6zO2mcugNYr/TRj6ltRmm8eC3M=;
+        path=/; expires=Mon, 21-Aug-23 18:58:05 GMT; domain=.workos.com; HttpOnly;
+        Secure; SameSite=None
+      - __cfruid=bea6b3e4c8ea6479881eb565b1ab9a0b6deabae9-1692642485; path=/; domain=.workos.com;
+        HttpOnly; Secure; SameSite=None
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"message":"Invitation not found: ''invalid_id''.","code":"entity_not_found","entity_id":"bad_id"}'
+    http_version:
+  recorded_at: Mon, 17 Nov 2025 18:28:05 GMT
+recorded_with: VCR 5.0.0
+

data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/revoked.yml

@@ -0,0 +1,83 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/user_management/invitations/invitation_01H5JQDV7R7ATEYZDEG0W5PRYS/resend
+    body:
+      encoding: UTF-8
+      string: ''
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.0.2; arm64-darwin22; v2.16.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Date:
+      - Mon, 17 Nov 2025 18:28:05 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 7fa4ef0eeafe8c12-EWR
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"56-2Auj80JGmZ1uWGCY950ud8v4KLQ"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Via:
+      - 1.1 spaces-router (devel)
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - f5f06564-2f73-4b73-989b-b577cfbdaa9a
+      X-Xss-Protection:
+      - '0'
+      Set-Cookie:
+      - __cf_bm=v55WlV2dq1rXkfx9668LFtglSD5c9292fFLKsviMegY-1692642485-0-AWmCDzQSIwCjWvanffzmFA5KJT/nWucOWyv7i3fyyXeH+i5iM9ZusABSbNOUR6zO2mcugNYr/TRj6ltRmm8eC3M=;
+        path=/; expires=Mon, 21-Aug-23 18:58:05 GMT; domain=.workos.com; HttpOnly;
+        Secure; SameSite=None
+      - __cfruid=bea6b3e4c8ea6479881eb565b1ab9a0b6deabae9-1692642485; path=/; domain=.workos.com;
+        HttpOnly; Secure; SameSite=None
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"code":"invite_revoked","message":"Invite has been revoked."}'
+    http_version:
+  recorded_at: Mon, 17 Nov 2025 18:28:05 GMT
+recorded_with: VCR 5.0.0
+

data/spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/valid.yml

@@ -0,0 +1,83 @@
+---
+http_interactions:
+  - request:
+      method: post
+      uri: https://api.workos.com/user_management/invitations/invitation_01H5JQDV7R7ATEYZDEG0W5PRYS/resend
+      body:
+        encoding: UTF-8
+        string: ""
+      headers:
+        Content-Type:
+          - application/json
+        Accept-Encoding:
+          - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+        Accept:
+          - "*/*"
+        User-Agent:
+          - WorkOS; ruby/3.0.2; arm64-darwin21; v2.16.0
+        Authorization:
+          - Bearer <API_KEY>
+    response:
+      status:
+        code: 200
+        message: OK
+      headers:
+        Date:
+          - Mon, 17 Nov 2025 18:28:05 GMT
+        Content-Type:
+          - application/json; charset=utf-8
+        Content-Length:
+          - "376"
+        Connection:
+          - keep-alive
+        Cf-Ray:
+          - 7ff6b9122b60f8dd-SEA
+        Cf-Cache-Status:
+          - DYNAMIC
+        Etag:
+          - W/"178-SVaSEtrIczZQlwnTK57+aDrxt/g"
+        Strict-Transport-Security:
+          - max-age=15552000; includeSubDomains
+        Vary:
+          - Origin, Accept-Encoding
+        Via:
+          - 1.1 spaces-router (devel)
+        Access-Control-Allow-Credentials:
+          - "true"
+        Content-Security-Policy:
+          - "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self'
+            https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src
+            'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
+        Expect-Ct:
+          - max-age=0
+        Referrer-Policy:
+          - no-referrer
+        X-Content-Type-Options:
+          - nosniff
+        X-Dns-Prefetch-Control:
+          - "off"
+        X-Download-Options:
+          - noopen
+        X-Frame-Options:
+          - SAMEORIGIN
+        X-Permitted-Cross-Domain-Policies:
+          - none
+        X-Request-Id:
+          - df30b890-b6d9-494f-b59c-317e85b5b5f0
+        X-Xss-Protection:
+          - "0"
+        Set-Cookie:
+          - __cf_bm=9k_hHql8o3VCr_ugrzhVkuvFJBIFO5rLKq88Tg1FQzI-1693500106-0-AWUpQpsgsfMWdRySOy7cT3NmqbANvylwBZn7ontxTsDKPijdiGDVMsPih2HAbK3+ldKDe9A1Ul6Mf2+9mfyLrjQ=;
+            path=/; expires=Thu, 31-Aug-23 17:11:46 GMT; domain=.workos.com; HttpOnly;
+            Secure; SameSite=None
+          - __cfruid=40a4c5b06423ba61b4c78144e7e0eddc58e13ff4-1693500106; path=/; domain=.workos.com;
+            HttpOnly; Secure; SameSite=None
+        Server:
+          - cloudflare
+      body:
+        encoding: UTF-8
+        string: '{"object":"invitation","id":"invitation_01H5JQDV7R7ATEYZDEG0W5PRYS","email":"test@workos.com","state":"pending","accepted_at":null,"revoked_at":null,"expires_at":"2023-07-25T02:07:19.911Z","organization_id":"org_01H5JQDV7R7ATEYZDEG0W5PRYS","token":"Z1uX3RbwcIl5fIGJJJCXXisdI","accept_invitation_url":"https://myauthkit.com/invite?invitation_token=Z1uX3RbwcIl5fIGJJJCXXisdI","created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
+      http_version:
+    recorded_at: Mon, 17 Nov 2025 18:28:05 GMT
+recorded_with: VCR 5.0.0
+

data/spec/support/fixtures/vcr_cassettes/user_management/reset_password/valid.yml

@@ -76,7 +76,7 @@ http_interactions:
       - cloudflare
     body:
       encoding: UTF-8
-      string: '{"object":"user","id":"user_01H7WRJBPAAHX1BYRQHEK7QC4A","email":"lucy.lawless@example.com","first_name":"Lucy","last_name":"Lawless","created_at":"2023-08-15T14:11:04.519Z","updated_at":"2023-08-22T20:34:49.277Z","email_verified":false}'
+      string: '{"user":{"object":"user","id":"user_01H7WRJBPAAHX1BYRQHEK7QC4A","email":"lucy.lawless@example.com","first_name":"Lucy","last_name":"Lawless","created_at":"2023-08-15T14:11:04.519Z","updated_at":"2023-08-22T20:34:49.277Z","email_verified":false}}'
     http_version:
   recorded_at: Tue, 22 Aug 2023 20:35:40 GMT
 recorded_with: VCR 5.0.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workos
 version: !ruby/object:Gem::Version
-  version: 5.27.0
+  version: 5.29.0
 platform: ruby
 authors:
 - WorkOS
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-10-27 00:00:00.000000000 Z
+date: 2025-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -363,6 +363,11 @@ files:
 - spec/support/fixtures/vcr_cassettes/user_management/list_users/no_options.yml
 - spec/support/fixtures/vcr_cassettes/user_management/list_users/with_options.yml
 - spec/support/fixtures/vcr_cassettes/user_management/reactivate_organization_membership.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/accepted.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/expired.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/invalid.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/revoked.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/reset_password/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/reset_password/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/revoke_invitation/invalid.yml
@@ -597,6 +602,11 @@ test_files:
 - spec/support/fixtures/vcr_cassettes/user_management/list_users/no_options.yml
 - spec/support/fixtures/vcr_cassettes/user_management/list_users/with_options.yml
 - spec/support/fixtures/vcr_cassettes/user_management/reactivate_organization_membership.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/accepted.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/expired.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/invalid.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/revoked.yml
+- spec/support/fixtures/vcr_cassettes/user_management/resend_invitation/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/reset_password/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/reset_password/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/revoke_invitation/invalid.yml