workos 6.0.0 → 6.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f0ac87a768fc79fa7ffbc77d0bf4a1ba30cbf6c1f5b96f8574c40bd2b61d296
-  data.tar.gz: eb05af387d9c1c40e5de4fb830e4ce83e7baf94a2d9bcb428d97032208688780
+  metadata.gz: c9c6ccd08e504b94efe3d05a9d17efdd7cb6aa51d6b967fc501795c8c3436ac7
+  data.tar.gz: 20387dad535d45bbb77f91fad656227ab22a7488c0450d96c7ef275ffdd5bbdd
 SHA512:
-  metadata.gz: 5f82d97362d7063dcc970313794671ca7f8c2c8892ae9728179e3c22a980b1d7e3d238959eb875d4a20629f13c00a56053347a70dfcb2214cf769979fc704151
-  data.tar.gz: 5954446fc2d3c6fbad2542c7d377bb7eb8361e514d1d099f01c052085aebc6952277fd15efe7e3cf9683fc2a9dbf4976240098d48e9305607ab3233978b23f21
+  metadata.gz: 19b1c44a201a6f7a991d140e05530807019b239d7781587aad85edae61a35cce2456c812b659ec75679f5667327fc42f64455b152b6ca3bcfcccedeb01431e36
+  data.tar.gz: dfcac436c3f95c90412a0122c241a5e48b90fdf1d5ec0bcfd2974b73819a9731cc2172e697861d9c14f9a5c66fcbc0d30bed3d56f62cd23a8782dc7effee46db

data/.github/CODEOWNERS

@@ -1,5 +1,5 @@
 # See GitHub's docs for more details:
 # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
 
-# Rubyist Team
-* @workos/ruby
+# Rubyist and DX Teams
+* @workos/ruby @workos/dx

data/.github/workflows/ci.yml

@@ -20,7 +20,7 @@ jobs:
           - '3.1'
           - '3.2'
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - uses: ruby/setup-ruby@675dd7ba1b06c8786a1480d89c384f5620a42647 # v1.281.0
         with:
           ruby-version: ${{ matrix.ruby }}

data/.github/workflows/lint-pr-title.yml

@@ -0,0 +1,20 @@
+name: Lint PR Title
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

data/.github/workflows/release-please.yml

@@ -0,0 +1,25 @@
+name: Release Please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ vars.SDK_BOT_APP_ID }}
+          private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }}
+
+      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
+        with:
+          token: ${{ steps.generate-token.outputs.token }}

data/.github/workflows/release.yml

@@ -1,68 +1,31 @@
 name: Release
 
 on:
-  pull_request:
-    types: [closed]
-    branches: [main]
+  release:
+    types: [published]
 
 defaults:
   run:
     shell: bash
 
 jobs:
-  create-release:
-    name: Create GitHub Release
-    if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'version-bump')
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    outputs:
-      version: ${{ steps.get-version.outputs.version }}
-    steps:
-      - name: Generate token
-        id: generate-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.SDK_BOT_APP_ID }}
-          private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-
-      - name: Get version from version.rb
-        id: get-version
-        run: |
-          VERSION=$(grep "VERSION = " lib/workos/version.rb | sed "s/.*VERSION = '\(.*\)'/\1/")
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
-
-      - name: Create Release
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: v${{ steps.get-version.outputs.version }}
-          name: v${{ steps.get-version.outputs.version }}
-          generate_release_notes: true
-          token: ${{ steps.generate-token.outputs.token }}
-
   publish:
     name: Publish to RubyGems
-    needs: create-release
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
     steps:
       - name: Configure RubyGems credentials
-        uses: rubygems/configure-rubygems-credentials@main
+        uses: rubygems/configure-rubygems-credentials@88679b3ac821ffda0116bf098443db9ac7822e40
         with:
           role-to-assume: rg_oidc_akr_fn8dx45asckvmsnd2kka
 
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
         with:
           ruby-version: "3.2"
           bundler-cache: true
@@ -72,5 +35,6 @@ jobs:
 
       - name: Publish to RubyGems
         run: |
+          VERSION="${GITHUB_REF_NAME#v}"
           bundle exec rake build
-          gem push pkg/workos-${{ needs.create-release.outputs.version }}.gem --host https://rubygems.org
+          gem push pkg/workos-${VERSION}.gem --host https://rubygems.org

data/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "6.2.0"
+}

data/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+## [6.2.0](https://github.com/workos/workos-ruby/compare/v6.1.0...v6.2.0) (2026-03-06)
+
+
+### Features
+
+* **user-management:** add directory_managed to OrganizationMembership ([#446](https://github.com/workos/workos-ruby/issues/446)) ([914d824](https://github.com/workos/workos-ruby/commit/914d824668b70950905d5db666978e9609c9f706))
+* **user-management:** add invitation accept endpoint ([#448](https://github.com/workos/workos-ruby/issues/448)) ([b5b4da1](https://github.com/workos/workos-ruby/commit/b5b4da1c031bc5f688562fdc33506e03b769f650))
+
+
+### Bug Fixes
+
+* update renovate rules ([#443](https://github.com/workos/workos-ruby/issues/443)) ([f156c79](https://github.com/workos/workos-ruby/commit/f156c799e88269493104628760f94b8abaebf542))
+
+## [6.1.0](https://github.com/workos/workos-ruby/compare/workos-v6.0.0...workos/v6.1.0) (2026-02-10)
+
+
+### Features
+
+* add support for totp_secret ([#300](https://github.com/workos/workos-ruby/issues/300)) ([c0a26bf](https://github.com/workos/workos-ruby/commit/c0a26bf745fb49ebaac7c5241e99d51188b886bb))
+* Include Feature Flags decoded from the JWT in the payload of a Session ([#386](https://github.com/workos/workos-ruby/issues/386)) ([31a0e79](https://github.com/workos/workos-ruby/commit/31a0e7901247652182dcaad95e131357b93d0d71))
+* **workos-ruby:** Add `connection` to `authorization_url` ([#78](https://github.com/workos/workos-ruby/issues/78)) ([c3a0e8e](https://github.com/workos/workos-ruby/commit/c3a0e8e4031a3ee888d925c11f1fd2fb152f0a16))
+
+
+### Bug Fixes
+
+* add `invitation_token` parameter to authentication methods ([#438](https://github.com/workos/workos-ruby/issues/438)) ([d24e3dc](https://github.com/workos/workos-ruby/commit/d24e3dc2995de26970415e4570a7ed810d432715))

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (6.0.0)
+    workos (6.2.0)
       encryptor (~> 3.0)
       jwt (~> 3.1)
 

data/lib/workos/organization_membership.rb

@@ -7,7 +7,8 @@ module WorkOS
   class OrganizationMembership
     include HashProvider
 
-    attr_accessor :id, :user_id, :organization_id, :status, :role, :roles, :custom_attributes, :created_at, :updated_at
+    attr_accessor :id, :user_id, :organization_id, :status, :role, :roles, :custom_attributes, :directory_managed,
+                  :created_at, :updated_at
 
     def initialize(json)
       hash = JSON.parse(json, symbolize_names: true)
@@ -19,6 +20,7 @@ module WorkOS
       @role = hash[:role]
       @roles = hash[:roles]
       @custom_attributes = hash[:custom_attributes]
+      @directory_managed = hash[:directory_managed]
       @created_at = hash[:created_at]
       @updated_at = hash[:updated_at]
     end
@@ -32,6 +34,7 @@ module WorkOS
         role: role,
         roles: roles,
         custom_attributes: custom_attributes,
+        directory_managed: directory_managed,
         created_at: created_at,
         updated_at: updated_at,
       }

data/lib/workos/user_management.rb

@@ -298,16 +298,19 @@ module WorkOS
       # @param [String] client_id The WorkOS client ID for the environment
       # @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
       # @return WorkOS::AuthenticationResponse
+      # rubocop:disable Metrics/ParameterLists
       def authenticate_with_password(
         email:,
         password:,
         client_id:,
         ip_address: nil,
         user_agent: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -322,6 +325,7 @@ module WorkOS
               password: password,
               ip_address: ip_address,
               user_agent: user_agent,
+              invitation_token: invitation_token,
               grant_type: 'password',
             },
           ),
@@ -329,6 +333,7 @@ module WorkOS
 
         WorkOS::AuthenticationResponse.new(response.body, session)
       end
+      # rubocop:enable Metrics/ParameterLists
 
       # Authenticate a user using OAuth or an organization's SSO connection.
       #
@@ -337,6 +342,7 @@ module WorkOS
       # @param [String] client_id The WorkOS client ID for the environment
       # @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
@@ -346,6 +352,7 @@ module WorkOS
         client_id:,
         ip_address: nil,
         user_agent: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -359,6 +366,7 @@ module WorkOS
               client_secret: WorkOS.config.key!,
               ip_address: ip_address,
               user_agent: user_agent,
+              invitation_token: invitation_token,
               grant_type: 'authorization_code',
             },
           ),
@@ -415,6 +423,7 @@ module WorkOS
       # @param [String] link_authorization_code Used to link an OAuth profile to an existing user,
       # after having completed a Magic Code challenge.
       # @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
+      # @param [String] invitation_token The token of an Invitation, if required.
       # @param [Hash] session An optional hash that determines whether the session should be sealed and
       # the optional cookie password.
       #
@@ -427,6 +436,7 @@ module WorkOS
         ip_address: nil,
         user_agent: nil,
         link_authorization_code: nil,
+        invitation_token: nil,
         session: nil
       )
         validate_session(session)
@@ -443,6 +453,7 @@ module WorkOS
               user_agent: user_agent,
               grant_type: 'urn:workos:oauth:grant-type:magic-auth:code',
               link_authorization_code: link_authorization_code,
+              invitation_token: invitation_token,
             },
           ),
         )
@@ -1161,6 +1172,22 @@ module WorkOS
         WorkOS::Invitation.new(response.body)
       end
 
+      # Accepts an existing Invitation.
+      #
+      # @param [String] id The unique ID of the Invitation.
+      #
+      # @return WorkOS::Invitation
+      def accept_invitation(id:)
+        request = post_request(
+          path: "/user_management/invitations/#{id}/accept",
+          auth: true,
+        )
+
+        response = execute_request(request: request)
+
+        WorkOS::Invitation.new(response.body)
+      end
+
       # Revokes an existing Invitation.
       #
       # @param [String] id The unique ID of the Invitation.

data/lib/workos/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WorkOS
-  VERSION = '6.0.0'
+  VERSION = '6.2.0'
 end

data/release-please-config.json

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "packages": {
+    ".": {
+      "release-type": "ruby",
+      "package-name": "workos",
+      "version-file": "lib/workos/version.rb",
+      "changelog-path": "CHANGELOG.md",
+      "include-component-in-tag": false
+    }
+  }
+}

data/renovate.json

@@ -0,0 +1,32 @@
+{
+  "extends": [
+    "config:recommended"
+  ],
+  "schedule": [
+    "on the 15th day of the month before 12pm"
+  ],
+  "timezone": "UTC",
+  "rebaseWhen": "conflicted",
+  "packageRules": [
+    {
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "automerge": true,
+      "groupName": "minor and patch updates"
+    },
+    {
+      "matchUpdateTypes": [
+        "major"
+      ],
+      "automerge": false
+    },
+    {
+      "matchUpdateTypes": [
+        "digest"
+      ],
+      "automerge": false
+    }
+  ]
+}

data/spec/lib/workos/user_management_spec.rb

@@ -588,6 +588,28 @@ describe WorkOS::UserManagement do
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_password(
+          email: 'test@workos.app',
+          password: 'password123',
+          client_id: 'client_123',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_code' do
@@ -671,6 +693,27 @@ describe WorkOS::UserManagement do
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_code(
+          code: '01H93ZZHA0JBHFJH9RR11S83YN',
+          client_id: 'client_123',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_refresh_token' do
@@ -735,6 +778,28 @@ describe WorkOS::UserManagement do
         end
       end
     end
+
+    context 'with an invitation_token' do
+      it 'includes invitation_token in the request body' do
+        expect(described_class).to receive(:post_request) do |options|
+          body = options[:body]
+          expect(body[:invitation_token]).to eq('invitation_token_123')
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: '{"user": {"id": "user_123"}, "access_token": "token", "refresh_token": "refresh"}'),
+        )
+
+        described_class.authenticate_with_magic_auth(
+          code: '452079',
+          client_id: 'client_123',
+          email: 'test@workos.com',
+          invitation_token: 'invitation_token_123',
+        )
+      end
+    end
   end
 
   describe '.authenticate_with_organization_selection' do
@@ -1663,6 +1728,81 @@ describe WorkOS::UserManagement do
     end
   end
 
+  describe '.accept_invitation' do
+    context 'with a valid id' do
+      it 'accepts invitation' do
+        expect(described_class).to receive(:post_request) do |options|
+          expect(options[:path]).to eq('/user_management/invitations/invitation_123/accept')
+          expect(options[:auth]).to be true
+
+          double('request')
+        end.and_return(double('request'))
+
+        response_body = {
+          id: 'invitation_123',
+          email: 'test@workos.com',
+          state: 'accepted',
+        }.to_json
+
+        expect(described_class).to receive(:execute_request).and_return(
+          double('response', body: response_body),
+        )
+
+        invitation = described_class.accept_invitation(
+          id: 'invitation_123',
+        )
+
+        expect(invitation.id).to eq('invitation_123')
+        expect(invitation.email).to eq('test@workos.com')
+        expect(invitation.state).to eq('accepted')
+      end
+    end
+
+    context 'with an invalid id' do
+      it 'returns an error' do
+        expect(described_class).to receive(:post_request) do |options|
+          expect(options[:path]).to eq('/user_management/invitations/invalid_id/accept')
+          expect(options[:auth]).to be true
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_raise(
+          WorkOS::NotFoundError.new(message: 'Invitation not found'),
+        )
+
+        expect do
+          described_class.accept_invitation(id: 'invalid_id')
+        end.to raise_error(
+          WorkOS::NotFoundError,
+          /Invitation not found/,
+        )
+      end
+    end
+
+    context 'when invitation has already been accepted' do
+      it 'returns an error' do
+        expect(described_class).to receive(:post_request) do |options|
+          expect(options[:path]).to eq('/user_management/invitations/invitation_123/accept')
+          expect(options[:auth]).to be true
+
+          double('request')
+        end.and_return(double('request'))
+
+        expect(described_class).to receive(:execute_request).and_raise(
+          WorkOS::InvalidRequestError.new(message: 'Invite has already been accepted'),
+        )
+
+        expect do
+          described_class.accept_invitation(id: 'invitation_123')
+        end.to raise_error(
+          WorkOS::InvalidRequestError,
+          /Invite has already been accepted/,
+        )
+      end
+    end
+  end
+
   describe '.revoke_invitation' do
     context 'with valid payload' do
       it 'revokes invitation' do

data/spec/support/fixtures/vcr_cassettes/user_management/create_organization_membership/valid.yml

@@ -76,7 +76,7 @@ http_interactions:
       - cloudflare
     body:
       encoding: UTF-8
-      string: '{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status":"active","role":{"slug":"member"},"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
+      string: '{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status":"active","role":{"slug":"member"},"directory_managed":false,"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
     http_version:
   recorded_at: Thu, 17 Aug 2023 14:20:07 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/create_organization_membership/valid_multiple_roles.yml

@@ -71,6 +71,6 @@ http_interactions:
         path=/; domain=.workos.com; HttpOnly; Secure; SameSite=None
     body:
       encoding: UTF-8
-      string: '{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status":"active","role":{"slug":"member"}, "roles":[{"slug":"member"}, {"slug":"admin"}], "created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
+      string: '{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status":"active","role":{"slug":"member"}, "roles":[{"slug":"member"}, {"slug":"admin"}], "directory_managed":false,"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
   recorded_at: Mon, 06 Oct 2025 19:57:34 GMT
 recorded_with: VCR 6.3.1

data/spec/support/fixtures/vcr_cassettes/user_management/deactivate_organization_membership.yml

@@ -58,7 +58,7 @@ http_interactions:
           - "0"
       body:
         encoding: ASCII-8BIT
-        string: '{"object":"organization_membership","id":"om_01HXYT0G3H5QG9YTSHSHFZQE6D","organization_id":"org_01HRCVHACPY05V2FP0KEBQZYD3","user_id":"user_01HXYSZBKQE2N3NHBKZHDP1X5X","status":"inactive","role":{"slug":"member"},"created_at":"2024-05-15T19:00:05.359Z","updated_at":"2024-05-15T19:13:06.259Z"}'
+        string: '{"object":"organization_membership","id":"om_01HXYT0G3H5QG9YTSHSHFZQE6D","organization_id":"org_01HRCVHACPY05V2FP0KEBQZYD3","user_id":"user_01HXYSZBKQE2N3NHBKZHDP1X5X","status":"inactive","role":{"slug":"member"},"directory_managed":false,"created_at":"2024-05-15T19:00:05.359Z","updated_at":"2024-05-15T19:13:06.259Z"}'
       http_version:
     recorded_at: Wed, 15 May 2024 19:13:06 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/get_organization_membership.yml

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"object": "organization_membership", "id": "om_01H5JQDV7R7ATEYZDEG0W5PRYS", "user_id": "user_01H5JQDV7R7ATEYZDEG0W5PRYS", "organization_id": "organization_01H5JQDV7R7ATEYZDEG0W5PRYS", "status": "active", "role": {"slug": "member"}, "created_at": "2023-07-18T02:07:19.911Z", "updated_at": "2023-07-18T02:07:19.911Z"}'
+        string: '{"object": "organization_membership", "id": "om_01H5JQDV7R7ATEYZDEG0W5PRYS", "user_id": "user_01H5JQDV7R7ATEYZDEG0W5PRYS", "organization_id": "organization_01H5JQDV7R7ATEYZDEG0W5PRYS", "status": "active", "role": {"slug": "member"}, "directory_managed": false, "created_at": "2023-07-18T02:07:19.911Z", "updated_at": "2023-07-18T02:07:19.911Z"}'
       http_version:
     recorded_at: Mon, 14 Aug 2023 21:42:04 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/list_organization_memberships/no_options.yml

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"object":"list","data":[{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status": "active","role":{"slug":"member"},"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}, {"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status": "active","role":{"slug":"member"},"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}],"list_metadata":{"before":"before-id","after":null}}'
+        string: '{"object":"list","data":[{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status": "active","role":{"slug":"member"},"directory_managed":false,"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}, {"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status": "active","role":{"slug":"member"},"directory_managed":false,"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}],"list_metadata":{"before":"before-id","after":null}}'
       http_version:
     recorded_at: Tue, 15 Aug 2023 14:12:43 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/list_organization_memberships/with_options.yml

@@ -76,7 +76,7 @@ http_interactions:
       - cloudflare
     body:
       encoding: ASCII-8BIT
-      string: '{"object":"list","data":[{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status": "active","role":{"slug":"member"},"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}],"list_metadata":{"before":null,"after":null}}'
+      string: '{"object":"list","data":[{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status": "active","role":{"slug":"member"},"directory_managed":false,"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}],"list_metadata":{"before":null,"after":null}}'
     http_version:
   recorded_at: Tue, 15 Aug 2023 16:37:20 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/list_organization_memberships/with_statuses_option.yml

@@ -58,7 +58,7 @@ http_interactions:
           - "0"
       body:
         encoding: ASCII-8BIT
-        string: '{"object":"list","data":[{"object":"organization_membership","id":"om_01HXYT0G3H5QG9YTSHSHFZQE6D","organization_id":"org_01HRCVHACPY05V2FP0KEBQZYD3","user_id":"user_01HXYSZBKQE2N3NHBKZHDP1X5X","status":"active","role":{"slug":"member"},"created_at":"2024-05-15T19:00:05.359Z","updated_at":"2024-05-15T19:13:06.427Z"}],"list_metadata":{"before":null,"after":null}}'
+        string: '{"object":"list","data":[{"object":"organization_membership","id":"om_01HXYT0G3H5QG9YTSHSHFZQE6D","organization_id":"org_01HRCVHACPY05V2FP0KEBQZYD3","user_id":"user_01HXYSZBKQE2N3NHBKZHDP1X5X","status":"active","role":{"slug":"member"},"directory_managed":false,"created_at":"2024-05-15T19:00:05.359Z","updated_at":"2024-05-15T19:13:06.427Z"}],"list_metadata":{"before":null,"after":null}}'
       http_version:
     recorded_at: Wed, 15 May 2024 19:14:44 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/reactivate_organization_membership.yml

@@ -58,7 +58,7 @@ http_interactions:
           - "0"
       body:
         encoding: ASCII-8BIT
-        string: '{"object":"organization_membership","id":"om_01HXYT0G3H5QG9YTSHSHFZQE6D","organization_id":"org_01HRCVHACPY05V2FP0KEBQZYD3","user_id":"user_01HXYSZBKQE2N3NHBKZHDP1X5X","status":"active","role":{"slug":"member"},"created_at":"2024-05-15T19:00:05.359Z","updated_at":"2024-05-15T19:13:06.427Z"}'
+        string: '{"object":"organization_membership","id":"om_01HXYT0G3H5QG9YTSHSHFZQE6D","organization_id":"org_01HRCVHACPY05V2FP0KEBQZYD3","user_id":"user_01HXYSZBKQE2N3NHBKZHDP1X5X","status":"active","role":{"slug":"member"},"directory_managed":false,"created_at":"2024-05-15T19:00:05.359Z","updated_at":"2024-05-15T19:13:06.427Z"}'
       http_version:
     recorded_at: Wed, 15 May 2024 19:13:06 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/update_organization_membership/valid.yml

@@ -76,7 +76,7 @@
         - cloudflare
       body:
         encoding: UTF-8
-        string: '{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status":"active","role":{"slug":"admin"},"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
+        string: '{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status":"active","role":{"slug":"admin"},"directory_managed":false,"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
       http_version:
     recorded_at: Wed, 15 May 2024 19:13:06 GMT
   recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/update_organization_membership/valid_multiple_roles.yml

@@ -71,6 +71,6 @@ http_interactions:
         path=/; domain=.workos.com; HttpOnly; Secure; SameSite=None
     body:
       encoding: UTF-8
-      string: '{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status":"active","role":{"slug":"admin"},"roles":[{"slug":"admin"},{"slug":"editor"}],"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
+      string: '{"object":"organization_membership","id":"om_01H5JQDV7R7ATEYZDEG0W5PRYS","user_id":"user_01H5JQDV7R7ATEYZDEG0W5PRYS","organization_id":"organization_01H5JQDV7R7ATEYZDEG0W5PRYS","status":"active","role":{"slug":"admin"},"roles":[{"slug":"admin"},{"slug":"editor"}],"directory_managed":false,"created_at":"2023-07-18T02:07:19.911Z","updated_at":"2023-07-18T02:07:19.911Z"}'
   recorded_at: Tue, 07 Oct 2025 14:22:26 GMT
 recorded_with: VCR 6.3.1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workos
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.2.0
 platform: ruby
 authors:
 - WorkOS
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-02-04 00:00:00.000000000 Z
+date: 2026-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -131,15 +131,17 @@ extra_rdoc_files: []
 files:
 - ".github/CODEOWNERS"
 - ".github/pull_request_template.md"
-- ".github/renovate.json"
 - ".github/workflows/ci.yml"
+- ".github/workflows/lint-pr-title.yml"
+- ".github/workflows/release-please.yml"
 - ".github/workflows/release.yml"
-- ".github/workflows/version-bump.yml"
 - ".gitignore"
+- ".release-please-manifest.json"
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
 - ".ruby-version"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -207,6 +209,8 @@ files:
 - lib/workos/webhook.rb
 - lib/workos/webhooks.rb
 - lib/workos/widgets.rb
+- release-please-config.json
+- renovate.json
 - spec/lib/workos/audit_logs_spec.rb
 - spec/lib/workos/cache_spec.rb
 - spec/lib/workos/client.rb

data/.github/renovate.json

@@ -1,5 +0,0 @@
-{
-  "extends": [
-    "config:base"
-  ]
-}

data/.github/workflows/version-bump.yml

@@ -1,80 +0,0 @@
-name: Version Bump
-
-on:
-  workflow_dispatch:
-    inputs:
-      bump_type:
-        description: "Version bump type"
-        required: true
-        type: choice
-        options:
-          - patch
-          - minor
-          - major
-
-jobs:
-  bump-version:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-      - name: Generate token
-        id: generate-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.SDK_BOT_APP_ID }}
-          private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-
-      - name: Configure Git
-        run: |
-          git config user.name "workos-bot[bot]"
-          git config user.email "workos-bot[bot]@users.noreply.github.com"
-
-      - name: Read current version
-        id: current-version
-        run: |
-          CURRENT_VERSION=$(grep "VERSION = " lib/workos/version.rb | sed "s/.*VERSION = '\(.*\)'/\1/")
-          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
-
-      - name: Bump version
-        id: bump-version
-        run: |
-          CURRENT_VERSION="${{ steps.current-version.outputs.version }}"
-          IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
-
-          case "${{ github.event.inputs.bump_type }}" in
-            major)
-              NEW_VERSION="$((MAJOR + 1)).0.0"
-              ;;
-            minor)
-              NEW_VERSION="$MAJOR.$((MINOR + 1)).0"
-              ;;
-            patch)
-              NEW_VERSION="$MAJOR.$MINOR.$((PATCH + 1))"
-              ;;
-          esac
-
-          echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
-
-      - name: Update version in version.rb
-        run: |
-          sed -i "s/VERSION = '.*'/VERSION = '${{ steps.bump-version.outputs.new_version }}'/" lib/workos/version.rb
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v8
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          commit-message: "v${{ steps.bump-version.outputs.new_version }}"
-          title: "v${{ steps.bump-version.outputs.new_version }}"
-          body: |
-            Bumps version from ${{ steps.current-version.outputs.version }} to ${{ steps.bump-version.outputs.new_version }}.
-
-            This PR was automatically created by the version-bump workflow.
-          branch: version-bump-${{ steps.bump-version.outputs.new_version }}
-          labels: version-bump