workos 5.8.0 → 5.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0afe2a59cbc6559cee74fe894ad0ed632b6788955377949f87c641a3550fff92
-  data.tar.gz: 1725783e695045041a65334679db26c2fb396f1e79a3c4d18d7491d91d479756
+  metadata.gz: 47230d64b8cf21f97c3c7d0e9d0c7e90fa7c4f73071744532c6f41d10a27cde3
+  data.tar.gz: afe55ccfecaccf2685f6317b7e5d1131e7f92450f41419ab564f6e69faea1876
 SHA512:
-  metadata.gz: 626069aef80ea5cf1b3254679fb7f7c9054fe7f908c464521e42c566186c21170f5a3187e98c59d6f1f209d107e53995facb58763965042ce257d2e4cd8f5d63
-  data.tar.gz: 0f941008d87d91b19bbd5829cf79580df7cabb9e3d37891aa3016fca9e4af844ecd8a30f3b4e6e567d6a47ece9249b6e6da02eda157928bd2ee8c5d45c6404d2
+  metadata.gz: cd786ea513509e1a1a692143c4af0ae2db289a4ef62bcdea139f854b735334e7768324b4ed8f5fbd1317648149a10bdcf69fc99547cf62c3282e183e4108215f
+  data.tar.gz: 295e13fab2ab3d3adcf6828f0259387de68b50256d575e737c5d00343fad62ee2c3096e235cc0cd687582f6f20076b3666e908f2313772e5b4a2160abd788a81

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (5.8.0)
+    workos (5.9.0)
       encryptor (~> 3.0)
       jwt (~> 2.8)
 

data/lib/workos/types/widget_scope.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module WorkOS
+  module Types
+    # The WidgetScope constants are declarations of a fixed set of values for
+    # scopes while generating a widget token.
+    module WidgetScope
+      USERS_TABLE_MANAGE = 'widgets:users-table:manage'
+
+      ALL = [USERS_TABLE_MANAGE].freeze
+    end
+  end
+end

data/lib/workos/types.rb

@@ -7,5 +7,6 @@ module WorkOS
     autoload :Intent, 'workos/types/intent'
     autoload :ListStruct, 'workos/types/list_struct'
     autoload :PasswordlessSessionStruct, 'workos/types/passwordless_session_struct'
+    autoload :WidgetScope, 'workos/types/widget_scope'
   end
 end

data/lib/workos/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WorkOS
-  VERSION = '5.8.0'
+  VERSION = '5.9.0'
 end

data/lib/workos/widgets.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'net/http'
+
+module WorkOS
+  # The Widgets module provides resource methods for working with the Widgets APIs
+  module Widgets
+    class << self
+      include Client
+
+      WIDGET_SCOPES = WorkOS::Types::WidgetScope::ALL
+
+      # Generate a widget token.
+      #
+      # @param [String] organization_id The ID of the organization to generate the token for.
+      # @param [String] user_id The ID of the user to generate the token for.
+      # @param [WidgetScope[]] The scopes to generate the token for.
+      def get_token(organization_id:, user_id:, scopes:)
+        validate_scopes(scopes)
+
+        request = post_request(
+          auth: true,
+          body: {
+            organization_id: organization_id,
+            user_id: user_id,
+            scopes: scopes,
+          },
+          path: '/widgets/token',
+        )
+
+        response = execute_request(request: request)
+
+        JSON.parse(response.body)['token']
+      end
+
+      private
+
+      def validate_scopes(scopes)
+        return if scopes.all? { |scope| WIDGET_SCOPES.include?(scope) }
+
+        raise ArgumentError, 'scopes contains an invalid value.' \
+        " Every item in `scopes` must be in #{WIDGET_SCOPES}"
+      end
+    end
+  end
+end

data/lib/workos.rb

@@ -81,6 +81,7 @@ module WorkOS
   autoload :VerifyChallenge, 'workos/verify_challenge'
   autoload :Webhook, 'workos/webhook'
   autoload :Webhooks, 'workos/webhooks'
+  autoload :Widgets, 'workos/widgets'
 
   # Errors
   autoload :APIError, 'workos/errors'

data/spec/lib/workos/widgets_spec.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+describe WorkOS::Widgets do
+  it_behaves_like 'client'
+
+  describe '.get_token' do
+    let(:organization_id) { 'org_01JCP9G67MNAH0KC4B72XZ67M7' }
+    let(:user_id) { 'user_01JCP9H4SHS4N3J6XTKDT7JNPE' }
+
+    describe 'with a valid organization_id and user_id and scopes' do
+      it 'returns a widget token' do
+        VCR.use_cassette 'widgets/get_token' do
+          token = described_class.get_token(
+            organization_id: organization_id,
+            user_id: user_id,
+            scopes: ['widgets:users-table:manage'],
+          )
+
+          expect(token).to start_with('eyJhbGciOiJSUzI1NiIsImtpZ')
+        end
+      end
+    end
+
+    describe 'with an invalid organization_id' do
+      it 'raises an error' do
+        VCR.use_cassette 'widgets/get_token_invalid_organization_id' do
+          expect do
+            described_class.get_token(
+              organization_id: 'bogus-id',
+              user_id: user_id,
+              scopes: ['widgets:users-table:manage'],
+            )
+          end.to raise_error(
+            WorkOS::NotFoundError,
+            /Organization not found: 'bogus-id'/,
+          )
+        end
+      end
+    end
+
+    describe 'with an invalid user_id' do
+      it 'raises an error' do
+        VCR.use_cassette 'widgets/get_token_invalid_user_id' do
+          expect do
+            described_class.get_token(
+              organization_id: organization_id,
+              user_id: 'bogus-id',
+              scopes: ['widgets:users-table:manage'],
+            )
+          end.to raise_error(
+            WorkOS::NotFoundError,
+            /User not found: 'bogus-id'/,
+          )
+        end
+      end
+    end
+
+    describe 'with invalid scopes' do
+      it 'raises an error' do
+        expect do
+          described_class.get_token(
+            organization_id: organization_id,
+            user_id: user_id,
+            scopes: ['bogus-scope'],
+          )
+        end.to raise_error(
+          ArgumentError,
+          /scopes contains an invalid value/,
+        )
+      end
+    end
+  end
+end

data/spec/support/fixtures/vcr_cassettes/widgets/get_token.yml

@@ -0,0 +1,82 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/widgets/token
+    body:
+      encoding: UTF-8
+      string: '{"organization_id":"org_01JCP9G67MNAH0KC4B72XZ67M7","user_id":"user_01JCP9H4SHS4N3J6XTKDT7JNPE","scopes":["widgets:users-table:manage"]}'
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.3.6; arm64-darwin23; v5.8.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 201
+      message: Created
+    headers:
+      Date:
+      - Thu, 14 Nov 2024 21:51:34 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Content-Length:
+      - '791'
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 8e2a394198f8c9b8-IAD
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"317-Nylo8f8lWbsA0UUWqqV59mFy5jo"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - bf98d35e-d9ca-437f-b937-150e937af0f1
+      X-Xss-Protection:
+      - '0'
+      Set-Cookie:
+      - __cf_bm=GsR9Veicl9ZRIR1pUSamJ5m95HmklSbWNwtyp_fSpB4-1731621094-1.0.1.1-VW09qjPlT4T.AGwnsHxe7p_A.Onr9Oe7YnxumCz7B9XmzqYbLz9fx7cF6Qtw3KW0PIshpAVkluIsGWSCJQ5AjQ;
+        path=/; expires=Thu, 14-Nov-24 22:21:34 GMT; domain=.workos.com; HttpOnly;
+        Secure; SameSite=None
+      - __cfruid=022c638e9216cb6be687ace27cb356d48cbd4256-1731621094; path=/; domain=.workos.com;
+        HttpOnly; Secure; SameSite=None
+      - _cfuvid=kczJ.JXlRroyPs5B7UjNUynSmsUjYTWP_jcLNj2iiuM-1731621094755-0.0.1.1-604800000;
+        path=/; domain=.workos.com; HttpOnly; Secure; SameSite=None
+      Server:
+      - cloudflare
+    body:
+      encoding: UTF-8
+      string: '{"token":"eyJhbGciOiJSUzI1NiIsImtpZCI6InNzb19vaWRjX2tleV9wYWlyXzAxSFY3SlpGWEtQOVhCQjc2NjY0TkdUQlpYIn0.eyJhdWQiOiJodHRwczovL2FwaS53b3Jrb3MuY29tIiwiaXNzIjoiaHR0cHM6Ly9hcGkud29ya29zLmNvbSIsInN1YiI6InVzZXJfMDFKQ1A5SDRTSFM0TjNKNlhUS0RUN0pOUEUiLCJqdGkiOiIwMUpDUEFKMUFHWDVESzFNM0hDQTk5MFM1SiIsIm9yZ19pZCI6Im9yZ18wMUpDUDlHNjdNTkFIMEtDNEI3MlhaNjdNNyIsInBlcm1pc3Npb25zIjpbInVzZXJzOm1hbmFnZSIsInVzZXJzOnZpZXciXSwiZXhwIjoxNzMxNjI0Njk0LCJpYXQiOjE3MzE2MjEwOTR9.CTYliFAGFjw-_Lyla-yVBOUAn1ZqU-J7aOdWhAW8fiEsNMz73Fb5nRACa0PFWBE3HK1a8waV-S5lBCGHyxgYOaew5URNnlYXVwlgpKwujHDrW47FrYpxkyxVovY9z9SqDDNRHWBqJM3mH_4Fn9jaHwAVT0SPJrJ7Q4-jxfTc0_sZMR7RVJaBIXPEU8og6Zwc84Gx-9A-mBUA3PPUXfaa8JrCr5OGc482vbD1rF5sjk0jx_FovHrlI3qRo5nkQ3_5WEi7LzdxSPviITxY1-dtm0HbeULz8IL7Ic5O4Ok4lB2c8s8XoZT1JqUMmEHfugkWyQ4juN5aHpmf6ux8cJSJWg"}'
+    http_version:
+  recorded_at: Thu, 14 Nov 2024 21:51:34 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_organization_id.yml

@@ -0,0 +1,74 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/widgets/token
+    body:
+      encoding: UTF-8
+      string: '{"organization_id":"bogus-id","user_id":"user_01JCP9H4SHS4N3J6XTKDT7JNPE","scopes":["widgets:users-table:manage"]}'
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.3.6; arm64-darwin23; v5.8.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Date:
+      - Thu, 14 Nov 2024 22:02:40 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 8e2a49858b5a7fa2-IAD
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"62-XNhANyOqo4doKt47ORHxpVuFTYg"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - 3d383216-51fe-42cd-87e2-7fee32719353
+      X-Xss-Protection:
+      - '0'
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"message":"Organization not found: ''bogus-id''.","code":"entity_not_found","entity_id":"bogus-id"}'
+    http_version:
+  recorded_at: Thu, 14 Nov 2024 22:02:40 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_user_id.yml

@@ -0,0 +1,74 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/widgets/token
+    body:
+      encoding: UTF-8
+      string: '{"organization_id":"org_01JCP9G67MNAH0KC4B72XZ67M7","user_id":"bogus-id","scopes":["widgets:users-table:manage"]}'
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.3.6; arm64-darwin23; v5.8.0
+      Authorization:
+      - Bearer <API_KEY>
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Date:
+      - Thu, 14 Nov 2024 22:02:46 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 8e2a49a82b31c54f-IAD
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"5a-TOigA+IvFyAtHvUdIXFXZWRdn8I"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - 0aeb3b90-0fd7-4de9-8d76-3d0e340ed583
+      X-Xss-Protection:
+      - '0'
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"message":"User not found: ''bogus-id''.","code":"entity_not_found","entity_id":"bogus-id"}'
+    http_version:
+  recorded_at: Thu, 14 Nov 2024 22:02:46 GMT
+recorded_with: VCR 5.0.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workos
 version: !ruby/object:Gem::Version
-  version: 5.8.0
+  version: 5.9.0
 platform: ruby
 authors:
 - WorkOS
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-10-16 00:00:00.000000000 Z
+date: 2024-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -172,6 +172,7 @@ files:
 - lib/workos/types/list_struct.rb
 - lib/workos/types/passwordless_session_struct.rb
 - lib/workos/types/provider.rb
+- lib/workos/types/widget_scope.rb
 - lib/workos/user.rb
 - lib/workos/user_and_token.rb
 - lib/workos/user_management.rb
@@ -180,6 +181,7 @@ files:
 - lib/workos/version.rb
 - lib/workos/webhook.rb
 - lib/workos/webhooks.rb
+- lib/workos/widgets.rb
 - spec/lib/workos/audit_logs_spec.rb
 - spec/lib/workos/client.rb
 - spec/lib/workos/configuration_spec.rb
@@ -194,6 +196,7 @@ files:
 - spec/lib/workos/sso_spec.rb
 - spec/lib/workos/user_management_spec.rb
 - spec/lib/workos/webhooks_spec.rb
+- spec/lib/workos/widgets_spec.rb
 - spec/spec_helper.rb
 - spec/support/fixtures/vcr_cassettes/audit_logs/create_event.yml
 - spec/support/fixtures/vcr_cassettes/audit_logs/create_event_custom_idempotency_key.yml
@@ -364,6 +367,9 @@ files:
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_code.yml
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_magic_auth_challenge.yml
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/valid.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_organization_id.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_user_id.yml
 - spec/support/profile.txt
 - spec/support/shared_examples/client.rb
 - spec/support/webhook_payload.txt
@@ -407,6 +413,7 @@ test_files:
 - spec/lib/workos/sso_spec.rb
 - spec/lib/workos/user_management_spec.rb
 - spec/lib/workos/webhooks_spec.rb
+- spec/lib/workos/widgets_spec.rb
 - spec/spec_helper.rb
 - spec/support/fixtures/vcr_cassettes/audit_logs/create_event.yml
 - spec/support/fixtures/vcr_cassettes/audit_logs/create_event_custom_idempotency_key.yml
@@ -577,6 +584,9 @@ test_files:
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_code.yml
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/invalid_magic_auth_challenge.yml
 - spec/support/fixtures/vcr_cassettes/user_management/verify_email/valid.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_organization_id.yml
+- spec/support/fixtures/vcr_cassettes/widgets/get_token_invalid_user_id.yml
 - spec/support/profile.txt
 - spec/support/shared_examples/client.rb
 - spec/support/webhook_payload.txt