workos 5.8.0 → 5.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0afe2a59cbc6559cee74fe894ad0ed632b6788955377949f87c641a3550fff92
-  data.tar.gz: 1725783e695045041a65334679db26c2fb396f1e79a3c4d18d7491d91d479756
+  metadata.gz: 83c350d6c017c0cf423adb02925391b3a5e11d622479d76073c3c6372e526105
+  data.tar.gz: 83a8e5700dc7a3d47d37a84de01f866997a260eeaf96c55fd40318a30195a7d7
 SHA512:
-  metadata.gz: 626069aef80ea5cf1b3254679fb7f7c9054fe7f908c464521e42c566186c21170f5a3187e98c59d6f1f209d107e53995facb58763965042ce257d2e4cd8f5d63
-  data.tar.gz: 0f941008d87d91b19bbd5829cf79580df7cabb9e3d37891aa3016fca9e4af844ecd8a30f3b4e6e567d6a47ece9249b6e6da02eda157928bd2ee8c5d45c6404d2
+  metadata.gz: 48bcc853e186de15ce9e71e98415d801e412540a43fe1711ab97264b3419ce7dc7c1ec6095411cc7093bcb788b02ab51efe4689c0a79993f921e037ce0a7954c
+  data.tar.gz: f52aec8320aa98bb11ec114ffccb51a82218c7581cac202f74facfe943e96633b90262a67c37ed0677c73f4f73bb3bdd77760a67471c80a18ca878e0d7dffb55

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (5.8.0)
+    workos (5.10.0)
       encryptor (~> 3.0)
       jwt (~> 2.8)
 

data/lib/workos/client.rb

@@ -109,6 +109,14 @@ module WorkOS
           http_status: http_status,
           request_id: response['x-request-id'],
         )
+      when 403
+        raise ForbiddenRequestError.new(
+          message: json['message'],
+          http_status: http_status,
+          request_id: response['x-request-id'],
+          code: json['code'],
+          data: json,
+        )
       when 404
         raise NotFoundError.new(
           message: json['message'],

data/lib/workos/errors.rb

@@ -64,6 +64,10 @@ module WorkOS
   # parameters.
   class InvalidRequestError < WorkOSError; end
 
+  # ForbiddenError is raised when a request is forbidden, likely due to missing a step
+  # (i.e. verifying email ownership before authenticating).
+  class ForbiddenRequestError < WorkOSError; end
+
   # SignatureVerificationError is raised when the signature verification for a
   # webhook fails
   class SignatureVerificationError < WorkOSError; end

data/lib/workos/organizations.rb

@@ -180,6 +180,32 @@ module WorkOS
         response.is_a? Net::HTTPSuccess
       end
 
+      # Retrieve a list of roles for the given organization.
+      #
+      # @param [String] organizationId The ID of the organization to fetch roles for.
+      def list_organization_roles(organization_id:)
+        response = execute_request(
+          request: get_request(
+            path: "/organizations/#{organization_id}/roles",
+            auth: true,
+          ),
+        )
+
+        parsed_response = JSON.parse(response.body)
+
+        roles = parsed_response['data'].map do |role|
+          WorkOS::Role.new(role.to_json)
+        end
+
+        WorkOS::Types::ListStruct.new(
+          data: roles,
+          list_metadata: {
+            after: nil,
+            before: nil,
+          },
+        )
+      end
+
       private
 
       def check_and_raise_organization_error(response:)

data/lib/workos/role.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module WorkOS
+  # The Role class provides a lightweight wrapper around
+  # a WorkOS Role resource. This class is not meant to be instantiated
+  # in user space, and is instantiated internally but exposed.
+  class Role
+    include HashProvider
+
+    attr_accessor :id, :name, :slug, :description, :type, :created_at, :updated_at
+
+    def initialize(json)
+      hash = JSON.parse(json, symbolize_names: true)
+
+      @id = hash[:id]
+      @name = hash[:name]
+      @slug = hash[:slug]
+      @description = hash[:description]
+      @type = hash[:type]
+      @created_at = hash[:created_at]
+      @updated_at = hash[:updated_at]
+    end
+
+    def to_json(*)
+      {
+        id: id,
+        name: name,
+        slug: slug,
+        description: description,
+        type: type,
+        created_at: created_at,
+        updated_at: updated_at,
+      }
+    end
+  end
+end

data/lib/workos/types/widget_scope.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module WorkOS
+  module Types
+    # The WidgetScope constants are declarations of a fixed set of values for
+    # scopes while generating a widget token.
+    module WidgetScope
+      USERS_TABLE_MANAGE = 'widgets:users-table:manage'
+
+      ALL = [USERS_TABLE_MANAGE].freeze
+    end
+  end
+end

data/lib/workos/types.rb

@@ -7,5 +7,6 @@ module WorkOS
     autoload :Intent, 'workos/types/intent'
     autoload :ListStruct, 'workos/types/list_struct'
     autoload :PasswordlessSessionStruct, 'workos/types/passwordless_session_struct'
+    autoload :WidgetScope, 'workos/types/widget_scope'
   end
 end

data/lib/workos/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WorkOS
-  VERSION = '5.8.0'
+  VERSION = '5.10.0'
 end

data/lib/workos/widgets.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'net/http'
+
+module WorkOS
+  # The Widgets module provides resource methods for working with the Widgets APIs
+  module Widgets
+    class << self
+      include Client
+
+      WIDGET_SCOPES = WorkOS::Types::WidgetScope::ALL
+
+      # Generate a widget token.
+      #
+      # @param [String] organization_id The ID of the organization to generate the token for.
+      # @param [String] user_id The ID of the user to generate the token for.
+      # @param [WidgetScope[]] The scopes to generate the token for.
+      def get_token(organization_id:, user_id:, scopes:)
+        validate_scopes(scopes)
+
+        request = post_request(
+          auth: true,
+          body: {
+            organization_id: organization_id,
+            user_id: user_id,
+            scopes: scopes,
+          },
+          path: '/widgets/token',
+        )
+
+        response = execute_request(request: request)
+
+        JSON.parse(response.body)['token']
+      end
+
+      private
+
+      def validate_scopes(scopes)
+        return if scopes.all? { |scope| WIDGET_SCOPES.include?(scope) }
+
+        raise ArgumentError, 'scopes contains an invalid value.' \
+        " Every item in `scopes` must be in #{WIDGET_SCOPES}"
+      end
+    end
+  end
+end

data/lib/workos.rb

@@ -71,6 +71,7 @@ module WorkOS
   autoload :Profile, 'workos/profile'
   autoload :ProfileAndToken, 'workos/profile_and_token'
   autoload :RefreshAuthenticationResponse, 'workos/refresh_authentication_response'
+  autoload :Role, 'workos/role'
   autoload :Session, 'workos/session'
   autoload :SSO, 'workos/sso'
   autoload :Types, 'workos/types'
@@ -81,11 +82,13 @@ module WorkOS
   autoload :VerifyChallenge, 'workos/verify_challenge'
   autoload :Webhook, 'workos/webhook'
   autoload :Webhooks, 'workos/webhooks'
+  autoload :Widgets, 'workos/widgets'
 
   # Errors
   autoload :APIError, 'workos/errors'
   autoload :AuthenticationError, 'workos/errors'
   autoload :InvalidRequestError, 'workos/errors'
+  autoload :ForbiddenRequestError, 'workos/errors'
   autoload :SignatureVerificationError, 'workos/errors'
   autoload :TimeoutError, 'workos/errors'
   autoload :NotFoundError, 'workos/errors'

data/spec/lib/workos/organizations_spec.rb

@@ -323,4 +323,22 @@ describe WorkOS::Organizations do
       end
     end
   end
+
+  describe '.list_organization_roles' do
+    context 'with no options' do
+      it 'returns roles for organization' do
+        expected_metadata = {
+          after: nil,
+          before: nil,
+        }
+
+        VCR.use_cassette 'organization/list_organization_roles' do
+          roles = described_class.list_organization_roles(organization_id: 'org_01JEXP6Z3X7HE4CB6WQSH9ZAFE')
+
+          expect(roles.data.size).to eq(7)
+          expect(roles.list_metadata).to eq(expected_metadata)
+        end
+      end
+    end
+  end
 end

data/spec/lib/workos/user_management_spec.rb

@@ -404,6 +404,20 @@ describe WorkOS::UserManagement do
         end
       end
     end
+
+    context 'with an unverified user' do
+      it 'raises a ForbiddenRequestError' do
+        VCR.use_cassette('user_management/authenticate_with_password/unverified') do
+          expect do
+            WorkOS::UserManagement.authenticate_with_password(
+              email: 'unverified@workos.app',
+              password: '7YtYic00VWcXatPb',
+              client_id: 'client_123',
+            )
+          end.to raise_error(WorkOS::ForbiddenRequestError, /Email ownership must be verified before authentication/)
+        end
+      end
+    end
   end
 
   describe '.authenticate_with_code' do

data/spec/lib/workos/widgets_spec.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+describe WorkOS::Widgets do
+  it_behaves_like 'client'
+
+  describe '.get_token' do
+    let(:organization_id) { 'org_01JCP9G67MNAH0KC4B72XZ67M7' }
+    let(:user_id) { 'user_01JCP9H4SHS4N3J6XTKDT7JNPE' }
+
+    describe 'with a valid organization_id and user_id and scopes' do
+      it 'returns a widget token' do
+        VCR.use_cassette 'widgets/get_token' do
+          token = described_class.get_token(
+            organization_id: organization_id,
+            user_id: user_id,
+            scopes: ['widgets:users-table:manage'],
+          )
+
+          expect(token).to start_with('eyJhbGciOiJSUzI1NiIsImtpZ')
+        end
+      end
+    end
+
+    describe 'with an invalid organization_id' do
+      it 'raises an error' do
+        VCR.use_cassette 'widgets/get_token_invalid_organization_id' do
+          expect do
+            described_class.get_token(
+              organization_id: 'bogus-id',
+              user_id: user_id,
+              scopes: ['widgets:users-table:manage'],
+            )
+          end.to raise_error(
+            WorkOS::NotFoundError,
+            /Organization not found: 'bogus-id'/,
+          )
+        end
+      end
+    end
+
+    describe 'with an invalid user_id' do
+      it 'raises an error' do
+        VCR.use_cassette 'widgets/get_token_invalid_user_id' do
+          expect do
+            described_class.get_token(
+              organization_id: organization_id,
+              user_id: 'bogus-id',
+              scopes: ['widgets:users-table:manage'],
+            )
+          end.to raise_error(
+            WorkOS::NotFoundError,
+            /User not found: 'bogus-id'/,
+          )
+        end
+      end
+    end
+
+    describe 'with invalid scopes' do
+      it 'raises an error' do
+        expect do
+          described_class.get_token(
+            organization_id: organization_id,
+            user_id: user_id,
+            scopes: ['bogus-scope'],
+          )
+        end.to raise_error(
+          ArgumentError,
+          /scopes contains an invalid value/,
+        )
+      end
+    end
+  end
+end

data/spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml

@@ -0,0 +1,82 @@
+---
+http_interactions:
+  - request:
+      method: get
+      uri: https://api.workos.com/organizations/org_01JEXP6Z3X7HE4CB6WQSH9ZAFE/roles
+      body:
+        encoding: US-ASCII
+        string: ""
+      headers:
+        Content-Type:
+          - application/json
+        Accept-Encoding:
+          - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+        Accept:
+          - "*/*"
+        User-Agent:
+          - WorkOS; ruby/3.3.6; arm64-darwin23; v5.9.0
+        Authorization:
+          - Bearer <API_KEY>
+    response:
+      status:
+        code: 200
+        message: OK
+      headers:
+        Date:
+          - Mon, 23 Dec 2024 20:23:07 GMT
+        Content-Type:
+          - application/json; charset=utf-8
+        Transfer-Encoding:
+          - chunked
+        Connection:
+          - keep-alive
+        Cf-Ray:
+          - 8f6b114e5e60c96a-IAD
+        Cf-Cache-Status:
+          - DYNAMIC
+        Etag:
+          - W/"6b6-bZ2pS5djCBrbcATBSFlbZ90PHB8"
+        Strict-Transport-Security:
+          - max-age=15552000; includeSubDomains
+        Vary:
+          - Origin, Accept-Encoding
+        Access-Control-Allow-Credentials:
+          - "true"
+        Content-Security-Policy:
+          - "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self'
+            https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src
+            'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
+        Expect-Ct:
+          - max-age=0
+        Referrer-Policy:
+          - no-referrer
+        X-Content-Type-Options:
+          - nosniff
+        X-Dns-Prefetch-Control:
+          - "off"
+        X-Download-Options:
+          - noopen
+        X-Frame-Options:
+          - SAMEORIGIN
+        X-Permitted-Cross-Domain-Policies:
+          - none
+        X-Request-Id:
+          - a8db37d7-9244-4e2a-b183-b5e2a67d8104
+        X-Xss-Protection:
+          - "0"
+        Server:
+          - cloudflare
+      body:
+        encoding: ASCII-8BIT
+        string:
+          '{"object":"list","data":[{"object":"role","id":"role_01HS1C7GRJE08PBR3M6Y0ZYGDZ","description":"Write
+          access to every resource available","name":"Admin","slug":"admin","type":"EnvironmentRole","created_at":"2024-03-15T15:38:29.521Z","updated_at":"2024-11-14T17:08:00.556Z"},{"object":"role","id":"role_01JA8GJZRDSZEB9289DQXJ3N9Z","description":"","name":"Billing
+          Manager","slug":"billing","type":"EnvironmentRole","created_at":"2024-10-15T16:36:11.653Z","updated_at":"2024-12-19T21:27:01.286Z"},{"object":"role","id":"role_01HSBH4R6RX0V86S3R590NNZW2","description":"Developer
+          role","name":"Developer","slug":"developer","type":"EnvironmentRole","created_at":"2024-03-19T14:16:46.038Z","updated_at":"2024-03-19T14:16:46.038Z"},{"object":"role","id":"role_01HS4GDWJ8T6NQPTX2D0R5KBHN","description":"Edit
+          and view access to non-critical resources","name":"Editor","slug":"editor","type":"EnvironmentRole","created_at":"2024-03-16T20:49:35.815Z","updated_at":"2024-03-16T20:52:19.410Z"},{"object":"role","id":"role_01HRFZE22WS2MGX6EWAG2JX6NW","description":"The
+          default user role","name":"Member","slug":"member","type":"EnvironmentRole","created_at":"2024-03-08T21:27:47.034Z","updated_at":"2024-08-14T00:27:46.265Z"},{"object":"role","id":"role_01JEYJ2Z5MYG0TZYTDF02MW11N","description":"Manage
+          billing for organization.","name":"Billing manager","slug":"org-billing-manager","type":"OrganizationRole","created_at":"2024-12-12T23:08:28.712Z","updated_at":"2024-12-12T23:08:28.712Z"},{"object":"role","id":"role_01JF0B7MQ9X414WQRAQMQYE1GS","description":"","name":"Platform
+          Manager","slug":"org-platform-manager","type":"OrganizationRole","created_at":"2024-12-13T15:47:10.692Z","updated_at":"2024-12-13T15:47:10.692Z"}]}'
+      http_version:
+    recorded_at: Mon, 23 Dec 2024 20:23:07 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/unverified.yml

@@ -0,0 +1,82 @@
+---
+http_interactions:
+  - request:
+      method: post
+      uri: https://api.workos.com/user_management/authenticate
+      body:
+        encoding: UTF-8
+        string:
+          '{"client_id":"client_123","client_secret":"<API_KEY>","email":"unverified@workos.app","password":"7YtYic00VWcXatPb","ip_address":"200.240.210.16","user_agent":"Mozilla/5.0
+          (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36","grant_type":"password"}'
+      headers:
+        Content-Type:
+          - application/json
+        Accept-Encoding:
+          - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+        Accept:
+          - '*/*'
+        User-Agent:
+          - WorkOS; ruby/3.0.2; arm64-darwin21; v2.16.0
+    response:
+      status:
+        code: 403
+        message: Email ownership must be verified before authentication.
+      headers:
+        Date:
+          - Tue, 29 Aug 2023 00:24:25 GMT
+        Content-Type:
+          - application/json; charset=utf-8
+        Transfer-Encoding:
+          - chunked
+        Connection:
+          - keep-alive
+        Cf-Ray:
+          - 7fe0a6a27b0bc39c-SEA
+        Cf-Cache-Status:
+          - DYNAMIC
+        Etag:
+          - W/"16e-hoaHaR0EhmAH7TaNBOF8B2OHJq4"
+        Strict-Transport-Security:
+          - max-age=15552000; includeSubDomains
+        Vary:
+          - Origin, Accept-Encoding
+        Via:
+          - 1.1 spaces-router (devel)
+        Access-Control-Allow-Credentials:
+          - 'true'
+        Content-Security-Policy:
+          - "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self'
+            https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src
+            'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
+        Expect-Ct:
+          - max-age=0
+        Referrer-Policy:
+          - no-referrer
+        X-Content-Type-Options:
+          - nosniff
+        X-Dns-Prefetch-Control:
+          - 'off'
+        X-Download-Options:
+          - noopen
+        X-Frame-Options:
+          - SAMEORIGIN
+        X-Permitted-Cross-Domain-Policies:
+          - none
+        X-Request-Id:
+          - 62990367-ddaf-46b3-a32f-38fc4f29d581
+        X-Xss-Protection:
+          - '0'
+        Set-Cookie:
+          - __cf_bm=IiwoT1XAlPdVWj334oRTocU7zZyvKgYw61o0UoA7GtE-1693268665-0-AZTn/iGDfGV6R5j3aj7lcPod7FB9P3cbHc9pD1oN/U5ZmnUYvpCecp6AL+8p/+/bMuwwGqXGNMSa/eIpa0TVm+I=;
+            path=/; expires=Tue, 29-Aug-23 00:54:25 GMT; domain=.workos.com; HttpOnly;
+            Secure; SameSite=None
+          - __cfruid=beafd87202de7b7d34fd4a1af55696cb5d19364d-1693268665; path=/; domain=.workos.com;
+            HttpOnly; Secure; SameSite=None
+        Server:
+          - cloudflare
+      body:
+        encoding: ASCII-8BIT
+        string: '{"code":"email_verification_required", "message":"Email ownership must be verified before authentication.", "email":"unverified@workos.app", "pending_authentication_token":"RWx94aFHwanPOebv7tKbBkJm0", "email_verification_id":"email_verification_01JG43A0WYAFAPHMNBV5XF2R4M"}'
+      http_version:
+    recorded_at: Tue, 29 Aug 2023 00:24:25 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/widgets/get_token.yml

@@ -0,0 +1,82 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/widgets/token
+    body:
+      encoding: UTF-8
+      string: '{"organization_id":"org_01JCP9G67MNAH0KC4B72XZ67M7","user_id":"user_01JCP9H4SHS4N3J6XTKDT7JNPE","scopes":["widgets:users-table:manage"]}'
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.3.6; arm64-darwin23; v5.8.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 201
+      message: Created
+    headers:
+      Date:
+      - Thu, 14 Nov 2024 21:51:34 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Content-Length:
+      - '791'
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 8e2a394198f8c9b8-IAD
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"317-Nylo8f8lWbsA0UUWqqV59mFy5jo"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - bf98d35e-d9ca-437f-b937-150e937af0f1
+      X-Xss-Protection:
+      - '0'
+      Set-Cookie:
+      - __cf_bm=GsR9Veicl9ZRIR1pUSamJ5m95HmklSbWNwtyp_fSpB4-1731621094-1.0.1.1-VW09qjPlT4T.AGwnsHxe7p_A.Onr9Oe7YnxumCz7B9XmzqYbLz9fx7cF6Qtw3KW0PIshpAVkluIsGWSCJQ5AjQ;
+        path=/; expires=Thu, 14-Nov-24 22:21:34 GMT; domain=.workos.com; HttpOnly;
+        Secure; SameSite=None
+      - __cfruid=022c638e9216cb6be687ace27cb356d48cbd4256-1731621094; path=/; domain=.workos.com;
+        HttpOnly; Secure; SameSite=None
+      - _cfuvid=kczJ.JXlRroyPs5B7UjNUynSmsUjYTWP_jcLNj2iiuM-1731621094755-0.0.1.1-604800000;
+        path=/; domain=.workos.com; HttpOnly; Secure; SameSite=None
+      Server:
+      - cloudflare
+    body:
+      encoding: UTF-8
+      string: '{"token":"eyJhbGciOiJSUzI1NiIsImtpZCI6InNzb19vaWRjX2tleV9wYWlyXzAxSFY3SlpGWEtQOVhCQjc2NjY0TkdUQlpYIn0.eyJhdWQiOiJodHRwczovL2FwaS53b3Jrb3MuY29tIiwiaXNzIjoiaHR0cHM6Ly9hcGkud29ya29zLmNvbSIsInN1YiI6InVzZXJfMDFKQ1A5SDRTSFM0TjNKNlhUS0RUN0pOUEUiLCJqdGkiOiIwMUpDUEFKMUFHWDVESzFNM0hDQTk5MFM1SiIsIm9yZ19pZCI6Im9yZ18wMUpDUDlHNjdNTkFIMEtDNEI3MlhaNjdNNyIsInBlcm1pc3Npb25zIjpbInVzZXJzOm1hbmFnZSIsInVzZXJzOnZpZXciXSwiZXhwIjoxNzMxNjI0Njk0LCJpYXQiOjE3MzE2MjEwOTR9.CTYliFAGFjw-_Lyla-yVBOUAn1ZqU-J7aOdWhAW8fiEsNMz73Fb5nRACa0PFWBE3HK1a8waV-S5lBCGHyxgYOaew5URNnlYXVwlgpKwujHDrW47FrYpxkyxVovY9z9SqDDNRHWBqJM3mH_4Fn9jaHwAVT0SPJrJ7Q4-jxfTc0_sZMR7RVJaBIXPEU8og6Zwc84Gx-9A-mBUA3PPUXfaa8JrCr5OGc482vbD1rF5sjk0jx_FovHrlI3qRo5nkQ3_5WEi7LzdxSPviITxY1-dtm0HbeULz8IL7Ic5O4Ok4lB2c8s8XoZT1JqUMmEHfugkWyQ4juN5aHpmf6ux8cJSJWg"}'
+    http_version:
+  recorded_at: Thu, 14 Nov 2024 21:51:34 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_organization_id.yml

@@ -0,0 +1,74 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/widgets/token
+    body:
+      encoding: UTF-8
+      string: '{"organization_id":"bogus-id","user_id":"user_01JCP9H4SHS4N3J6XTKDT7JNPE","scopes":["widgets:users-table:manage"]}'
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.3.6; arm64-darwin23; v5.8.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Date:
+      - Thu, 14 Nov 2024 22:02:40 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 8e2a49858b5a7fa2-IAD
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"62-XNhANyOqo4doKt47ORHxpVuFTYg"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - 3d383216-51fe-42cd-87e2-7fee32719353
+      X-Xss-Protection:
+      - '0'
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"message":"Organization not found: ''bogus-id''.","code":"entity_not_found","entity_id":"bogus-id"}'
+    http_version:
+  recorded_at: Thu, 14 Nov 2024 22:02:40 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_user_id.yml

@@ -0,0 +1,74 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/widgets/token
+    body:
+      encoding: UTF-8
+      string: '{"organization_id":"org_01JCP9G67MNAH0KC4B72XZ67M7","user_id":"bogus-id","scopes":["widgets:users-table:manage"]}'
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.3.6; arm64-darwin23; v5.8.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Date:
+      - Thu, 14 Nov 2024 22:02:46 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 8e2a49a82b31c54f-IAD
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"5a-TOigA+IvFyAtHvUdIXFXZWRdn8I"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - 0aeb3b90-0fd7-4de9-8d76-3d0e340ed583
+      X-Xss-Protection:
+      - '0'
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"message":"User not found: ''bogus-id''.","code":"entity_not_found","entity_id":"bogus-id"}'
+    http_version:
+  recorded_at: Thu, 14 Nov 2024 22:02:46 GMT
+recorded_with: VCR 5.0.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workos
 version: !ruby/object:Gem::Version
-  version: 5.8.0
+  version: 5.10.0
 platform: ruby
 authors:
 - WorkOS
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-10-16 00:00:00.000000000 Z
+date: 2025-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -165,6 +165,7 @@ files:
 - lib/workos/profile.rb
 - lib/workos/profile_and_token.rb
 - lib/workos/refresh_authentication_response.rb
+- lib/workos/role.rb
 - lib/workos/session.rb
 - lib/workos/sso.rb
 - lib/workos/types.rb
@@ -172,6 +173,7 @@ files:
 - lib/workos/types/list_struct.rb
 - lib/workos/types/passwordless_session_struct.rb
 - lib/workos/types/provider.rb
+- lib/workos/types/widget_scope.rb
 - lib/workos/user.rb
 - lib/workos/user_and_token.rb
 - lib/workos/user_management.rb
@@ -180,6 +182,7 @@ files:
 - lib/workos/version.rb
 - lib/workos/webhook.rb
 - lib/workos/webhooks.rb
+- lib/workos/widgets.rb
 - spec/lib/workos/audit_logs_spec.rb
 - spec/lib/workos/client.rb
 - spec/lib/workos/configuration_spec.rb
@@ -194,6 +197,7 @@ files:
 - spec/lib/workos/sso_spec.rb
 - spec/lib/workos/user_management_spec.rb
 - spec/lib/workos/webhooks_spec.rb
+- spec/lib/workos/widgets_spec.rb
 - spec/spec_helper.rb
 - spec/support/fixtures/vcr_cassettes/audit_logs/create_event.yml
 - spec/support/fixtures/vcr_cassettes/audit_logs/create_event_custom_idempotency_key.yml
@@ -264,6 +268,7 @@ files:
 - spec/support/fixtures/vcr_cassettes/organization/get.yml
 - spec/support/fixtures/vcr_cassettes/organization/get_invalid.yml
 - spec/support/fixtures/vcr_cassettes/organization/list.yml
+- spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml
 - spec/support/fixtures/vcr_cassettes/organization/update.yml
 - spec/support/fixtures/vcr_cassettes/organization/update_without_name.yml
 - spec/support/fixtures/vcr_cassettes/passwordless/create_session.yml
@@ -297,6 +302,7 @@ files:
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/invalid.yml
+- spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/unverified.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml
@@ -364,6 +370,9 @@ files:
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_code.yml
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_magic_auth_challenge.yml
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/valid.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_organization_id.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_user_id.yml
 - spec/support/profile.txt
 - spec/support/shared_examples/client.rb
 - spec/support/webhook_payload.txt
@@ -407,6 +416,7 @@ test_files:
 - spec/lib/workos/sso_spec.rb
 - spec/lib/workos/user_management_spec.rb
 - spec/lib/workos/webhooks_spec.rb
+- spec/lib/workos/widgets_spec.rb
 - spec/spec_helper.rb
 - spec/support/fixtures/vcr_cassettes/audit_logs/create_event.yml
 - spec/support/fixtures/vcr_cassettes/audit_logs/create_event_custom_idempotency_key.yml
@@ -477,6 +487,7 @@ test_files:
 - spec/support/fixtures/vcr_cassettes/organization/get.yml
 - spec/support/fixtures/vcr_cassettes/organization/get_invalid.yml
 - spec/support/fixtures/vcr_cassettes/organization/list.yml
+- spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml
 - spec/support/fixtures/vcr_cassettes/organization/update.yml
 - spec/support/fixtures/vcr_cassettes/organization/update_without_name.yml
 - spec/support/fixtures/vcr_cassettes/passwordless/create_session.yml
@@ -510,6 +521,7 @@ test_files:
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/invalid.yml
+- spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/unverified.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml
@@ -577,6 +589,9 @@ test_files:
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_code.yml
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_magic_auth_challenge.yml
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/valid.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_organization_id.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_user_id.yml
 - spec/support/profile.txt
 - spec/support/shared_examples/client.rb
 - spec/support/webhook_payload.txt